Allowlist Breakdown (Admin, Manager, Enabled)

Understand the AllowList interface used by many Avalanche L1 precompiles and how its roles work.

Overview

Avalanche L1s ship multiple default precompiles that need access control. Rather than inventing a new permission model for each feature, many of them reuse the same audited permission interface: the AllowList interface.

This matters because once you understand Admin / Manager / Enabled, you can reason about (and safely operate) a large set of precompiles with the same mental model.

The AllowList interface

Reference: https://build.avax.network/docs/avalanche-l1s/precompiles/allowlist-interface

The AllowList interface exposes a small set of functions to manage roles for addresses:

Functions (brief)

  • setAdmin(address addr): give addr Admin role.
  • setManager(address addr): give addr Manager role.
  • setEnabled(address addr): give addr Enabled role.
  • setNone(address addr): remove any role from addr (back to None).
  • readAllowList(address addr) -> uint256: read the current role value.

Permission levels

The roles are:

  • Admin: can manage all roles (Admin, Manager, Enabled).
  • Manager: can manage Enabled addresses only.
  • Enabled: can use the precompile’s functionality (what that means depends on the specific precompile).
  • None: no access.

This is a role-based access control pattern, implemented consistently across precompiles that opt into it.

Precompiles that use AllowList

Several default Avalanche L1 precompiles implement this interface (examples):

Note on stateful precompiles

Many precompiles are stateful (they can read/write chain state at the VM layer). If you haven’t seen this concept yet, review the Stateful Precompiles section in Customizing the EVM:

  • /academy/avalanche-l1/customizing-evm/09-stateful-precompiles

Summary

Key points:

  • AllowList is a shared permission interface reused across multiple Avalanche L1 precompiles.
  • The role model is consistent: Admin (full), Manager (manage Enabled), Enabled (use), None (no access).
  • Understanding AllowList once helps you operate many precompiles safely.

Is this guide helpful?

Introduction to Precompiles

A quick refresher on precompiles and why Avalanche L1s use them for privileged features.

Access Control Use-cases

Why institutions and regulated businesses need transaction and contract deployment controls.

On this page

Overview
The AllowList interface
Functions (brief)
Permission levels
Precompiles that use AllowList
Note on stateful precompiles
Summary

Page Actions

Edit on GitHubReport Issue
Instructors:
Join Telegram Course Chat