Othentic
  • Introduction
    • Introducing Othentic Stack
    • Use Cases
  • AVS Framework
    • Abstract
    • Quick Start
    • Othentic CLI
      • Key Management
      • Contracts Deployment
      • Operator Registration
      • AVS Logic Implementation
      • Operator Deposit
      • Node Operators
      • Rewards Distribution
      • P2P Config
        • Custom P2P Messaging
        • P2P Auth Layer
        • Metrics and Monitoring
        • Logging
        • Persistent storage
        • Latency
      • CLI Command Reference
    • Smart Contracts
      • AVS Governance
      • Attestation Center
      • Hooks
        • Task Logic
        • Operator Management
        • Rewards Fee Calculator
      • OBLS
      • Othentic Registry
      • Message Handlers
    • Othentic Consensus
      • Abstract
      • Task & Task Definitions
      • Leader Election
      • Proof of Task
      • Execution Service
      • Validation Service
      • Voting Power
      • Rewards and Penalties
      • Internal Tasks
    • FAQ
    • Supported Networks
    • Explainers
      • Networking
      • Multichain
      • Production Guidelines
      • Operator Allowlisting
      • Governance Multisig
  • External
    • AVS Examples
  • GitHub
  • Othentic Hub
Powered by GitBook
On this page
  • Overview
  • Usage
  • Using CLI
  • Using scripts
  1. AVS Framework
  2. Explainers

Operator Allowlisting

PreviousProduction GuidelinesNextGovernance Multisig

Last updated 1 month ago

Overview

Allowlisting is an access control mechanism used to manage Operator participation in the AVS network. AVSs can selectively add Operators to the allowlist based on their requirements, creating a permissioned network.

Key Features

  • Access Control: Only Operators on the allowlist can register to the AVS network, ensuring that access is restricted to approved participants.

  • Security: Helps protect AVS against unauthorized access and spam by ensuring that only vetted Operators can participate.


Usage

You can integrate allowlisting into AVS using either the or custom , depending on the operational needs.

When using the CLI, the allowlisting authentication token is generated internally. If registering via scripts, you'll need to generate the token manually.

Using CLI

  1. Enable Allowlisting

    • Use the function in the AVS governance contract

    • Set the parameter to true

  2. Register Your AVS

    • Visit the allowlister platform:

    • Complete the registration with your email

  3. Share Governance Address

    • Share the AVS governance address through Telegram group

    • This links the AVS to the allowlisting system

  4. Add Operators

    • Important: Add operators to the allowlist before registration

    • Only approved operators will have registration access once allowlisting is enabled


Using scripts

1

Generate Signature for Allowlist Service

If registration requires allowlisting, use this script to generate the required signature.

ts-node scripts/allowlist/generateSignature.ts \
<SIGNER_PRIVATE_KEY> <WALLET_ADDRESS> <AVS_GOVERNANCE_ADDRESS>

Parameters:

  • SIGNER_PRIVATE_KEY: Operator private key or Private key of the Operator's signer (for smart wallets and multisigs)

  • WALLET_ADDRESS: Address of the smart wallet or multisig

  • AVS_GOVERNANCE_ADDRESS: Address of the AVS governance contract

Example:

ts-node scripts/allowlist/generateSignature.ts 6212d241a920a6d5d9841af933411d8d6141638c8f7d21a6b32594014ef0006e 0x7F2a575015946D06284E130b00944c5755c351f2 0x02c13D68F7194F9741DBfDdC65e6a58979A9dfcd

Output will be stored in .othentic/othentic-allowlist-request-signature.json.

2

Validate Allowlist Signature (Optional)

Verify that your allowlist signature is valid before submitting to the allowlist service.

ts-node scripts/allowlist/validateSignature.ts <JSON_FILE> <RPC>

Parameters:

  • JSON_FILE: Path to the allowlist signature JSON from step 3

  • RPC: URL of the Ethereum RPC endpoint

Example:

ts-node scripts/allowlist/validateSignature.ts \
.othentic/othentic-allowlist-request-signature.json \
https://holesky.gateway.tenderly.co
3

Submit Signature to the Allowlist Service

After generating the allowlist signature, submit it to the allowlist service:

http://allowlist-signer.othentic.xyz/signer/sign

Request Payload Format

{
   "wallet": "",
   "avsGovernanceAddress": "",
   "signature": ""
}

Example (Using curl):

curl --location 'http://allowlist-signer.othentic.xyz/signer/sign' \
--header 'Content-Type: application/json' \
--data '.othentic/othentic-allowlist-request-signature.json'

The returned token can be used as the AUTH_TOKEN parameter.

You can generate the AUTH_TOKEN using :

Operator registration scripts
setIsAllowListed
https://allowlister.othentic.xyz/
CLI
scripts