Skip to main content

Caveat enforcers

Caveat enforcers are used to apply specific conditions or restrictions (caveats) to a delegation, ensuring that delegated actions are only performed under predefined circumstances. When creating a delegation, users can include caveats to enforce custom rules, such as spending limits, time constraints, or authorized recipient addresses.

Important

Without caveat enforcers, a delegation has infinite and unbounded permissions to make any action the original account can make. We strongly recommend using caveat enforcers.

Caveat enforcers are solidity contracts that extend the ICaveatEnforcer.sol interface. You can restrict a delegation using caveat enforcers that the MetaMask Delegation Toolkit provides out-of-the-box. For more granular or custom control, you can also create custom caveat enforcers.

Out-of-the-box caveat enforcers

The MetaMask Delegation Toolkit provides the following caveat enforcers out-of-the-box:

  • AllowedCalldataEnforcer.sol - Enables the delegator to limit the calldata that is executed.

  • AllowedMethodsEnforcer.sol - Enables the delegator to limit what methods the delegate can call.

  • AllowedTargetsEnforcer.sol - Enables the delegator to limit what addresses the delegate can call.

  • BlockNumberEnforcer.sol - Enables the delegator to specify a range of blocks through which the delegation will be valid.

  • DeployedEnforcer.sol - Enables the delegator to make sure a contract is deployed, and if not, deploys the contract.

  • ERC20TransferAmountEnforcer.sol - Enables the delegator to limit the transfer of ERC-20 tokens.

  • ERC20BalanceGteEnforcer.sol - Enables the delegator to make sure their ERC-20 balance has increased by at least a specified amount after the action has been executed, regardless of what the action is.

  • NonceEnforcer.sol - Enables the delegator to add a nonce to a delegation, and revoke previous delegations by incrementing the current nonce.

  • LimitedCallsEnforcer.sol - Enables the delegator to limit the number of times the delegate can perform actions on the delegator's behalf.

  • IdEnforcer.sol - Enables the delegator to specify an ID for multiple delegations. Once one of them is redeemed, the other delegations with the same ID are revoked.

  • TimestampEnforcer.sol - Enables the delegator to specify a range of timestamps through which the delegation will be valid.

  • ValueLteEnforcer.sol - Enables the delegator to limit the value of native tokens that the delegate can spend.

Last updated on by jeffsmale90