OnlyAuthorizedSenderPolicy
The OnlyAuthorizedSenderPolicy restricts who can call a protected function based on the transaction sender. Unlike the AllowPolicy and RejectPolicy (which check addresses extracted from the transaction parameters), this policy checks msg.sender directly and rejects if the sender is not on the authorized list.
Configuration
Authorized sender list
The authorized sender list defines which addresses can call the protected function. The list starts empty at deployment and must be populated afterward — until you add at least one address, every transaction will be rejected.
Each address is added or removed individually.
Runtime behavior
This policy does not use extracted parameters. It checks msg.sender directly.
run()— Reverts if the sender is not on the authorized list. ReturnsContinueotherwise.postRun()— No state changes.
API reference
Setter functions
authorizeSender(address account)— Adds an address to the authorized list. Reverts if the address is already authorized.unauthorizeSender(address account)— Removes an address from the authorized list. Reverts if the address is not authorized.
View functions
senderAuthorized(address account)— Returnstrueif the address is authorized.
Use cases
- Restricted operations — Limit who can call specific contract functions regardless of the function arguments.