BypassPolicy
The BypassPolicy gives privileged addresses a fast path through the policy chain. If all addresses extracted from the transaction are on the bypass list, the policy immediately allows the transaction and skips every remaining policy in the chain. If any address is not on the list, the policy returns Continue and lets subsequent policies decide.
This is the only built-in policy that returns Allowed.
Configuration
Address allowlist
The bypass list defines which addresses can skip the rest of the policy chain. The list starts empty at deployment and must be populated afterward.
Each address is added or removed individually. When a protected function is called, the extractor provides one or more addresses from the transaction. Which addresses the policy receives depends on the mapper configuration. All of those addresses must be on the bypass list for the fast path to activate — if even one address is missing, the policy returns Continue and normal policy evaluation continues.
Runtime behavior
The policy expects a variable number of parameters from the extractor, each an address.
run()— ReturnsAllowedif all provided addresses are on the bypass list, skipping all subsequent policies. ReturnsContinueotherwise.postRun()— No state changes.
API reference
Setter functions
allowAddress(address account)— Adds an address to the bypass list. Reverts if the address is already listed.disallowAddress(address account)— Removes an address from the bypass list. Reverts if the address is not listed.
View functions
addressAllowed(address account)— Returnstrueif the address is on the bypass list.
Use cases
- Privileged access — Let administrators or system contracts bypass compliance checks entirely.
- Layered permissions — Place at the top of a policy chain so that listed addresses skip volume limits, identity checks, and other restrictions.