Allowlist
The allowlist is an opt-in security feature that lets NFT owners restrict which contracts can be called through their CommissionRoad NFT ID.
WHEN TO USE
Use the allowlist when you want to lock down which protocols can be used with your NFT ID.
- Example: "Only allow Uniswap and Aave as call targets."
- Example: "Prevent anyone from routing unknown contracts through my ID."
If you don't enable the allowlist, all targets are allowed — the same behavior as before.
How It Works
- Enable — The NFT owner calls
setAllowlistEnabled(nftId, true). - Add targets — The NFT owner calls
setAllowlist(nftId, targetAddress, true)for each allowed contract. - Enforce — When anyone calls
commissionCallorcommissionPlanwith thatnftId, every call target is checked against the allowlist. If a target isn't allowlisted, the transaction reverts. - Disable (optional) — The NFT owner can call
setAllowlistEnabled(nftId, false)to turn it off again.
Implementation
1. Enable the Allowlist
// Only the NFT owner can enable/disable
await commissionRoad.write.setAllowlistEnabled([nftId, true]);2. Add Allowed Targets
// Allowlist Uniswap router
await commissionRoad.write.setAllowlist([
nftId,
uniswapRouterAddress,
true,
]);
// Allowlist Aave lending pool
await commissionRoad.write.setAllowlist([
nftId,
aaveLendingPoolAddress,
true,
]);3. Remove a Target
// Remove a previously allowlisted address
await commissionRoad.write.setAllowlist([
nftId,
oldContractAddress,
false,
]);4. Disable the Allowlist
// Disable entirely — all targets allowed again
await commissionRoad.write.setAllowlistEnabled([nftId, false]);Scope
The allowlist is enforced in both execution paths:
| Method | Where enforced |
|---|---|
commissionCall | CommissionRoad.checkCallTargets — checks each BatchCallData.target |
commissionPlan | CommissionRoad.checkPlanTargets — extracts the target from the lower 20 bytes of each weiroll command |
EIP-7702 / CommissionRoadExecutor
The CommissionRoadExecutor used for EIP-7702 flows also enforces the allowlist. The Executor reads isCallTargetAllowlisted and isAllowlistEnabled directly from the CommissionRoad contract — NFT owners only need to manage their allowlist in one place.
NOTE
The Executor's execute and batchCall functions accept an nftId parameter so the correct allowlist is applied.
Events
Two events are emitted when allowlist state changes:
| Event | Emitted by | Parameters |
|---|---|---|
AllowlistUpdated | setAllowlist | nftId (indexed), target (indexed), allowed |
AllowlistEnabledUpdated | setAllowlistEnabled | nftId (indexed), enabled |
These events enable indexers and UIs to track allowlist configuration in real time.
⚠️ Gotchas
- Disabled by default — After minting, the allowlist is off. All targets are allowed until you explicitly enable it.
- Owner only — Only the NFT owner can call
setAllowlistandsetAllowlistEnabled. Attempting to call from another address reverts withNotNftOwner. - Remember to allowlist sweeps — If your integration uses
sweepERC20TokenorsweepERC1155Token, the CommissionRoad contract address itself must be allowlisted as a target.