Keyring Guard

Ready for use.
Highly customisable yet simple to integrate.
Includes all necessary safeguards.
Maintained by Keyring.

Description

The Keyring Guard is created by Keyring but deployed and owned by you, like a drag-and-drop solution ready to be used on the functions you want to gate.

Integration

Wrap your contract in the Guard interface and use the modifier to guard relevant functions.

// Extend your contract with KeyringGuard and initialize it in the constructor
constructor(...) KeyringGuard(config, policyId, maximumConsentPeriod) {}

// Then call isAuthorized in each function you need to gate or create a modifier for
modifier isAuthorized(address user) {
    if(!IKeyringGuard(addr).isAuthorized(address(this), msg.sender)) revert Unauthorized();
    _;
}

It is recommended to query Keyring live vs. storing data in a local mapping as a wallet/user could become red-flagged at any point in time and keeping the local storage in sync with Keyring's one would result in a bigger gas expense.

Illustration

Schematically, it works like this (expanding from Step 8️⃣ in the Data Flow):

Integration Example

We showcase an example of Keyring Guard integration into a Uniswap V4 permissioned pool.

See the repository here.

https://github.com/Keyring-Network/keyring-integration-examples/blob/master/src/KeyringGuardedPool.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

import {BaseHook} from "v4-periphery/BaseHook.sol";
import {Hooks} from "@uniswap/v4-core/contracts/libraries/Hooks.sol";
import {IPoolManager} from "@uniswap/v4-core/contracts/interfaces/IPoolManager.sol";
import {PoolId, PoolIdLibrary} from "@uniswap/v4-core/contracts/libraries/PoolId.sol";
import {IKeyringGuard} from "./interfaces/IKeyringGuard.sol";

/// @title A Keyring-guarded Uniswap V4 pool
/// @dev This contract overrides entry hooks of the pool lifecycle to stop unauthorized swaps
contract KeyringGuardedPool is BaseHook {
    using PoolIdLibrary for IPoolManager.PoolKey;

    IKeyringGuard public immutable keyringGuard;

    constructor(IPoolManager _poolManager, address _keyringGuard) BaseHook(_poolManager) {
        assert(_keyringGuard != address(0));

        keyringGuard = IKeyringGuard(_keyringGuard);
    }

    function getHooksCalls() public pure override returns (Hooks.Calls memory) {
        return Hooks.Calls({
            beforeInitialize: false,
            afterInitialize: false,
            beforeModifyPosition: false, // TODO: TRUE prevent position retracing
            afterModifyPosition: false,
            beforeSwap: true, // prevent swaps
            afterSwap: false,
            beforeDonate: false, // prevent unguarded transfers
            afterDonate: false
        });
    }

    function beforeSwap(address, IPoolManager.PoolKey calldata, IPoolManager.SwapParams calldata)
        external
        override
        returns (bytes4)
    {
        if (!keyringGuard.isAuthorized(address(this), msg.sender)) revert("Unauthorized user");

        return BaseHook.beforeSwap.selector;
    }
}

Firstly, import the relevant contracts and libraries from both Uniswap V4 and .

Then, extend the contract to inherit from the KeyringGuard interface.

During the initialisation phase within the constructor, the contract needs to store the address of the KeyringGuard deployed on the local chain.

Finally, the contract has to update (or override) any function to be permissioned, the getHooksCalls function in this case. In the Uniswap V4 context, this override is necessary to specify which lifecycle hooks the contract intends to intercept. For example, the beforeSwap hook is activated to impose restrictions on swap operations, effectively guarding the hook system to enforce authorisation checks.

Lastly, the authorisation logic is implemented within the updated/overridden function. By invoking the keyringGuard.isAuthorized function, the contract verifies whether the caller is authorised to perform a swap operation. This mechanism ensures that unverified users are prevented from executing swaps.

PreviousToken Wrapper NextKeyring Cache

Last updated 2 months ago