Coming from EVM, what are some ways I can add access control to Move method calls?

Move
1

Question from Discord:

another question on shared_objects

we are creating a package that interacts with a different already deployed package (x)
to interact with x from our package we need to create a public shared object so that the data can be updated by x as needed on interactions

the issue is that because anyone can update this shared object, this opens it up to attack vectors, how can we limit it so that it is only editable by the x package.

and a similar query:

Hi, everyone, I have a question. If sui move has the ability to implement package-to-package access control ? In Ethereum solidity, if a contract B need to be accessed only by whitelisted contract A, We just need to set a whitelist in contract B, and regist contract A’s address. When cross-contract behavior occurs, we can get the contract A’s address in contract B through msg.sender and check whether it exists in the whitelist of the contract B. How does sui move implement similar ability?

2

In general there are a few patterns that can help you limit interactions but they are based on sender / capability gating. So you can gate based on someone owning an object (this is the capability pattern) or you can gate specific addresses from interacting with a package method by creating an ACL (this is similar to CLT denylist rule). You can also check the deny_list module

In Sui access control works quite differently than EVM chains. You will never see a contract calling another contract directly. What you will see is methods of various contracts being called inside the same Programmable Transactions Block. You can utilize a few Move features for access control patterns. I would suggest you take a look at the Move Overview to get a rough understanding of some key features and differences. Another great resource is the move-book that can let you get deeper into Move primitives and more advanced patterns. You can also combine patterns like hot potato and the capability pattern to allow for flexible, per PTB access of resources.

1 Like