Account Restriction

Accounts may configure a set of smart rules to block announcing or receiving transactions given a series of restrictions.

The account owners—plural in case of multisig accounts—can edit the account restrictions at a later time announcing the specific AccountRestrictionTransaction.

Restriction types
Restriction Incoming Transactions Outgoing Transactions
AccountAddressRestriction ✔️ ✔️
AccountMosaicRestriction ✔️
AccountOperationRestriction ✔️

Address restriction

An account can decide to only receive transactions from a list of allowed addresses. Alternatively, the account can define a list of blocked addresses.

Restricting incoming transactions is useful when the account will be only receiving transactions from known addresses, or when the account wants to block transactions coming from unknown senders.

../_images/account-restrictions-address.png

Address restriction diagram

Note

Allow and block restrictions are mutually exclusive. In other words, an account can only configure a block or an allow list per type of restriction.

By default, when there are no restrictions set, all the accounts in the network can announce transactions to the unrestricted account.

Additionally, an account can decide to apply address restrictions to the outgoing transactions, limiting the accounts allowed that are valid recipients.

Mosaic restriction

Similar to address restrictions, an account can configure a restriction to permit incoming transactions only if all the mosaics attached are allowed. On the other hand, the account can refuse to accept transactions containing a mosaic listed as blocked.

Account mosaic restrictions are generally used to prevent accounts being tagged with mosaics not associated to their activity.

Operation restriction

An account can allow/block announcing outgoing transactions with a determined operation type. By doing so, the account increases its security, preventing the announcement by mistake of undesired transactions.

Examples

Blocking spam transactions

A pharmaceutical company is using the public chain to certify the quality of their products.

When the quality verification process concludes, an operator sends a quality seal to the product account.

The final customers can review the product mosaics scanning a QR code. For that reason, the company only wants to show related transactions, avoiding that others spam their products with non-related information.

../_images/account-restrictions-spam.png

Blocking spam transactions

The company opts to configure their product accounts restrictions, enabling only to receive transactions containing pharmaceutical.quality.seal mosaics.

Enhancing the account security

Lately, Alice is only using her main account to cosign aggregate transactions where she is a cosignatory for the multisig account.

As a temporary security measure, Alice opts to disable announcing transfer transactions from her main account. Doing so, Alice double-checks that the funds held in the main account are not going to be transferred by mistake.

Guides

Transaction schemas

AccountAddressRestrictionTransaction

Configure restrictions to prevent receiving or sending transactions from/to undesired addresses.

Version: 0x01

EntityType: 0x4150

Inlines:

Property Type Description
restrictionType AccountRestrictionFlags Type of the account restriction.
restrictionAdditionsCount uint8 number of account restriction additions.
restrictionDeletionsCount uint8 Number of account restriction deletions.
accountRestrictionTransactionBody_Reserved1 uint32 Reserved padding to align restrictionAdditions on 8-byte boundary.
restrictionAdditions array(UnresolvedAddress, restrictionAdditionsCount) Account restriction additions.
restrictionDeletions array(UnresolvedAddress, restrictionDeletionsCount) Account restriction deletions.

AccountMosaicRestrictionTransaction

Configure restrictions to prevent receiving transactions containing a specific mosaic.

Version: 0x01

EntityType: 0x4250

Inlines:

Property Type Description
restrictionType AccountRestrictionFlags Type of the account restriction.
restrictionAdditionsCount uint8 number of account restriction additions.
restrictionDeletionsCount uint8 Number of account restriction deletions.
accountRestrictionTransactionBody_Reserved1 uint32 Reserved padding to align restrictionAdditions on 8-byte boundary.
restrictionAdditions array(UnresolvedMosaicId, restrictionAdditionsCount) Account restriction additions.
restrictionDeletions array(UnresolvedMosaicId, restrictionDeletionsCount) Account restriction deletions.

AccountOperationRestrictionTransaction

Configure restrictions to prevent announcing transactions by type.

Version: 0x01

EntityType: 0x4350

Inlines:

Property Type Description
restrictionType AccountRestrictionFlags Type of the account restriction.
restrictionAdditionsCount uint8 number of account restriction additions.
restrictionDeletionsCount uint8 Number of account restriction deletions.
accountRestrictionTransactionBody_Reserved1 uint32 Reserved padding to align restrictionAdditions on 8-byte boundary.
restrictionAdditions array(EntityType, restrictionAdditionsCount) Account restriction additions.
restrictionDeletions array(EntityType, restrictionDeletionsCount) Account restriction deletions.

AccountRestrictionFlags

Enumeration: uint16

Id Description
0x0001 Restriction type is an address.
0x0002 Restriction type is a mosaic identifier.
0x0004 Restriction type is a transaction type.
0x4000 Restriction is interpreted as outgoing.
0x8000 Restriction is interpreted as blocking operation.

Continue: Mosaic Restrictions.