Safe, simple, flexible building-blocks for smart-contract systems.

ds-auth ds-guard ds-roles
ds-token ds-vault
ds-cache ds-value
ds-exec ds-math ds-note ds-proxy ds-stop ds-thing


Permissions whitelist with address-level granularity

Manages an Access Control List which maps source and destination addresses to function signatures. Intended to be used as an authority for ds-auth where it acts as a lookup table for the canCall function to provide boolean answers as to whether a particular address is authorized to call agiven function at another address.

The acl is a mapping of [src][dst][sig] => boolean where an address src can be either permitted or forbidden access to a function sig at address dst according to the boolean value. When used as an authority by DSAuth the src is considered to be the msg.sender, the dst is the including contract and sig is the function which invoked the auth modifier.

// Permit a specific address to call a specific function on a specific contract
src = '0011111111111111111111111111111111111111'
dst = '0022222222222222222222222222222222222222'
guard.permit(src, dst, bytes4(sha3('mint(address,uint256)')));

The ANY constant can be stored in place of src, dst or sig where it will act as a wildcard and be considered to match any item in that position.

// Permit ANY address to call a specific function on a specific contract
guard.permit(ANY, dst, bytes4(sha3('mint(address,uint256)')));

// Permit ANY address to call a ANY function on a specific contract
guard.permit(ANY, dst, ANY);

Warning: Statements in the access control list are evaluated with the OR operator, meaning that the most open permission will take precedence. If all of the the above 3 examples were in place for example, it is the last that would take precedence, regardless of the more restrictive permissions defined prior. Developers are encouraged to think carefully before using ANY.



permit an address to call a function at a contract (requires auth)


forbid an address from calling a function at a contract (requires auth)

  // guard.sol -- simple whitelist implementation of DSAuthority

// Copyright (C) 2017  DappHub, LLC

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

pragma solidity ^0.4.13;

import "ds-auth/auth.sol";

contract DSGuardEvents {
    event LogPermit(
        bytes32 indexed src,
        bytes32 indexed dst,
        bytes32 indexed sig

    event LogForbid(
        bytes32 indexed src,
        bytes32 indexed dst,
        bytes32 indexed sig

contract DSGuard is DSAuth, DSAuthority, DSGuardEvents {
    bytes32 constant public ANY = bytes32(uint(-1));

    mapping (bytes32 => mapping (bytes32 => mapping (bytes32 => bool))) acl;

    function canCall(
        address src_, address dst_, bytes4 sig
    ) public view returns (bool) {
        var src = bytes32(src_);
        var dst = bytes32(dst_);

        return acl[src][dst][sig]
            || acl[src][dst][ANY]
            || acl[src][ANY][sig]
            || acl[src][ANY][ANY]
            || acl[ANY][dst][sig]
            || acl[ANY][dst][ANY]
            || acl[ANY][ANY][sig]
            || acl[ANY][ANY][ANY];

    function permit(bytes32 src, bytes32 dst, bytes32 sig) public auth {
        acl[src][dst][sig] = true;
        LogPermit(src, dst, sig);

    function forbid(bytes32 src, bytes32 dst, bytes32 sig) public auth {
        acl[src][dst][sig] = false;
        LogForbid(src, dst, sig);

    function permit(address src, address dst, bytes32 sig) public {
        permit(bytes32(src), bytes32(dst), sig);
    function forbid(address src, address dst, bytes32 sig) public {
        forbid(bytes32(src), bytes32(dst), sig);


contract DSGuardFactory {
    mapping (address => bool)  public  isGuard;

    function newGuard() public returns (DSGuard guard) {
        guard = new DSGuard();
        isGuard[guard] = true;

Tools for dapps

We believe that the free software movement is the most important cultural predecessor to the modern-day renaissance in decentralized technologies.

To catalyze the growth of this ecosystem, and to empower hackers to participate, we’re building a comprehensive suite of blockchain-oriented developer tools in the spirit of the Unix philosophy.

Dapp is all you need to start developing for Ethereum. It creates new dapps, runs Solidity unit tests, debugs, deploys, launches testnets, and more.

Seth is a handy tool for slicing and dicing transactions, querying the blockchain, converting between data formats, performing remote calls, and other everyday tasks.

Hevm is our own EVM implementation with a nimble terminal-based Solidity debugger. It’s used for dapp test and dapp debug.

Evmdis is an EVM disassembler written and maintained by Nick Johnson. It’s useful to make sense of EVM bytecode, especially when developing contracts at the assembly or raw bytecode level.

Dappsys - smart contract building blocks

We also maintain Dappsys, an audited collection of smart contract building blocks designed to complement each other. They include;

Using these proven parts lets us focus on the novel features of the systems we develop. We share Dappsys to benefit the smart contract ecosystem.