Security
Access Control
System for restricting who can call specific smart contract functions based on permissions.
Last Updated
2026-03-19
Related Concepts
What is Access Control?
Access control is a security framework that restricts who can execute specific functions within a smart contract. It ensures that sensitive actions, such as minting tokens or upgrading code, are only performed by authorized entities.
How does Access Control work?
- Developers define roles (e.g., Admin, Minter) or an Owner address.
- Functions are protected by modifiers that check the caller's identity.
- When a function is called, the contract verifies the caller's permissions.
- If authorized, the transaction proceeds; otherwise, it reverts.
- Roles can often be granted or revoked by an administrative account.
Why does Access Control matter?
Proper access control prevents unauthorized users from draining funds, stealing assets, or hijacking a protocol. It is a fundamental pillar of smart contract security and protocol integrity.
Key features of Access Control
- Role-based permissions
- Ownership-based restrictions
- Use of modifiers (e.g., onlyOwner)
- Ability to grant/revoke roles
- Essential for administrative tasks
Examples of Access Control
- An NFT contract where only the Minter role can create new tokens.
- A DeFi protocol where only the Governor can pause the contract.
- A multisig wallet that acts as the Owner of a treasury contract.