METHOD_WHITELIST: Restrict Your AI Agent to Specific Smart Contract Functions

Smart contracts are powerful, but letting an AI agent call arbitrary functions without restrictions is like handing over the keys to your entire DeFi portfolio. When your trading bot can interact with any method on any contract, one malicious prompt or coding error could drain your wallet in seconds.

This isn't theoretical risk—it's a fundamental security challenge. AI agents need wallet access to execute DeFi strategies, but unrestricted contract interactions create massive attack surfaces. A compromised agent could call dangerous functions like transferFrom, emergency withdrawals, or governance proposals that you never intended to authorize.

Why Contract Function Control Matters

Every smart contract exposes multiple functions, but your AI agent rarely needs access to all of them. A Jupiter swap bot only needs the swap function—it shouldn't be able to call administrative methods or token approvals. A lending agent might need supply and withdraw, but not liquidate or setPriceOracle.

Without function-level restrictions, you're trusting your AI agent with administrator-level permissions. That's not just poor security—it's unnecessary risk that can be eliminated with proper guardrails.

METHOD_WHITELIST: Function-Level Security

WAIaaS provides METHOD_WHITELIST policies that restrict AI agents to specific smart contract functions. This policy works at the transaction level, analyzing the function selector (first 4 bytes of calldata) before execution.

Here's how to create a METHOD_WHITELIST policy that only allows Jupiter swap functions:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "METHOD_WHITELIST",
    "rules": {
      "allowed_methods": [
        {
          "contract": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
          "selector": "0xf0ca2b8c",
          "name": "swap",
          "description": "Jupiter swap function"
        }
      ]
    }
  }'

The policy enforces default-deny: any contract call with an unlisted function selector gets blocked immediately. Your agent can only execute the exact functions you've explicitly approved.

Combining METHOD_WHITELIST with CONTRACT_WHITELIST

For maximum security, combine METHOD_WHITELIST with CONTRACT_WHITELIST to create a bulletproof security layer. First, restrict which contracts your agent can interact with:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {
          "address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
          "name": "Jupiter",
          "chain": "solana"
        },
        {
          "address": "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D",
          "name": "Uniswap V2 Router",
          "chain": "ethereum"
        }
      ]
    }
  }'

Then add METHOD_WHITELIST to restrict which functions can be called on those approved contracts. This creates a double-barrier: wrong contract OR wrong function = transaction denied.

Real-World Example: DeFi Lending Agent

Let's secure a lending agent that should only supply assets to Aave and withdraw them—nothing else. Here's the complete METHOD_WHITELIST configuration:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "METHOD_WHITELIST",
    "rules": {
      "allowed_methods": [
        {
          "contract": "0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9",
          "selector": "0xe8eda9df",
          "name": "supply",
          "description": "Aave V2 supply"
        },
        {
          "contract": "0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9",
          "selector": "0x69328dec",
          "name": "withdraw",
          "description": "Aave V2 withdraw"
        }
      ],
      "default_tier": "APPROVAL"
    }
  }'

Now your lending agent can supply and withdraw, but it cannot:

• Call liquidationCall to liquidate other users
• Execute flashLoan for flash loan attacks
• Invoke setReserveInterestRateStrategyAddress for governance
• Use any other administrative functions

How Function Selectors Work

WAIaaS analyzes the first 4 bytes of transaction calldata to identify the function being called. For Ethereum contracts, this is the standard function selector. For Solana programs, WAIaaS uses the instruction discriminator.

You can find function selectors using:

• Ethereum: web3.eth.abi.encodeFunctionSignature("functionName(type1,type2)")
• Etherscan: Contract page → "Contract" tab → "Write Contract" shows selectors
• Solana: Program IDLs contain instruction discriminators

The METHOD_WHITELIST policy checks this selector against your approved list before the transaction reaches the blockchain.

Advanced Configuration Options

METHOD_WHITELIST supports several advanced features for complex use cases:

Per-contract method limits:

{
  "allowed_methods": [
    {
      "contract": "0x...",
      "selector": "0x...",
      "name": "swap",
      "max_calls_per_hour": 10,
      "tier_override": "NOTIFY"
    }
  ]
}

Wildcard selectors for function families:

{
  "allowed_methods": [
    {
      "contract": "0x...",
      "selector_pattern": "0xa9059cbb*",
      "name": "transfer_family",
      "description": "ERC20 transfer functions"
    }
  ]
}

Emergency override permissions:

{
  "emergency_methods": [
    {
      "selector": "0x...",
      "tier": "APPROVAL",
      "description": "Emergency withdrawal - requires owner approval"
    }
  ]
}

Three-Layer Defense in Depth

METHOD_WHITELIST is part of WAIaaS's 3-layer security model:

1. Session auth → Your agent gets limited JWT tokens, not raw private keys
2. Policy engine → METHOD_WHITELIST, CONTRACT_WHITELIST, and SPENDING_LIMIT policies create multiple barriers
3. Human approval → High-risk transactions require your signature via WalletConnect or Telegram

Even if an attacker compromises your AI agent, they still can't call unauthorized functions, exceed spending limits, or approve transactions without your explicit permission.

Quick Start: Secure Your Agent in 5 Minutes

1. Install WAIaaS CLI:

   npm install -g @waiaas/cli
   waiaas init && waiaas start
   

2. Create a wallet:

   waiaas wallet create --name "restricted-agent" --chain ethereum
   

3. Add CONTRACT_WHITELIST policy:

   curl -X POST http://localhost:3100/v1/policies \
     -H 'X-Master-Password: <password>' \
     -d '{"walletId": "<uuid>", "type": "CONTRACT_WHITELIST", "rules": {"contracts": [{"address": "0x...", "name": "Uniswap"}]}}'
   

4. Add METHOD_WHITELIST policy:

   curl -X POST http://localhost:3100/v1/policies \
     -H 'X-Master-Password: <password>' \
     -d '{"walletId": "<uuid>", "type": "METHOD_WHITELIST", "rules": {"allowed_methods": [{"selector": "0x...", "name": "swapExactTokensForTokens"}]}}'
   

5. Test with a restricted session: Your agent can now only call approved functions on approved contracts.

For more security configurations, check out ERC-4337 Account Abstraction: Gasless Transactions for AI Agents and Default-Deny Security: How WAIaaS Protects Your AI Agent's Wallet.

What's Next

METHOD_WHITELIST gives you surgical control over your AI agent's smart contract interactions. Combined with WAIaaS's other 20 policy types, you can create precisely the security boundaries your use case requires—no more, no less.

Ready to secure your AI agent? Get started at GitHub or learn more at waiaas.ai.