%22%3E%3Cstop%20offset%3D%220%25%22%20stop-color%3D%22%23052e16%22%2F%3E%3Cstop%20offset%3D%22100%25%22%20stop-color%3D%22%23059669%22%20stop-opacity%3D%220.6%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D%22800%22%20height%3D%22200%22%20fill%3D%22url(%23bg)%22%2F%3E%3Ccircle%20cx%3D%22744%22%20cy%3D%2236%22%20r%3D%22114%22%20fill%3D%22%23059669%22%20opacity%3D%220.15%22%2F%3E%3Ccircle%20cx%3D%2218%22%20cy%3D%229%22%20r%3D%22103%22%20fill%3D%22%23059669%22%20opacity%3D%220.34%22%2F%3E%3Ccircle%20cx%3D%22434%22%20cy%3D%22165%22%20r%3D%22133%22%20fill%3D%22%23059669%22%20opacity%3D%220.30%22%2F%3E%3Ccircle%20cx%3D%22446%22%20cy%3D%2224%22%20r%3D%2238%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.24%22%2F%3E%3Cpolygon%20points%3D%22500%2C155%20477%2C144%20488%2C147%22%20fill%3D%22%23059669%22%20opacity%3D%220.35%22%2F%3E%3Ccircle%20cx%3D%22260%22%20cy%3D%22153%22%20r%3D%2233%22%20fill%3D%22none%22%20stroke%3D%22%236ee7b7%22%20stroke-width%3D%223.3%22%20opacity%3D%220.26%22%2F%3E%3Cpolygon%20points%3D%22627%2C110%20645%2C100%20619%2C103%22%20fill%3D%22%23059669%22%20opacity%3D%220.15%22%2F%3E%3Cpolygon%20points%3D%22449%2C70%20453%2C68%20447%2C82%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.36%22%2F%3E%3Ccircle%20cx%3D%22282%22%20cy%3D%2224%22%20r%3D%2230%22%20fill%3D%22none%22%20stroke%3D%22%23059669%22%20stroke-width%3D%222.1%22%20opacity%3D%220.33%22%2F%3E%3Crect%20x%3D%2232%22%20y%3D%22146%22%20width%3D%2239%22%20height%3D%2244%22%20rx%3D%229%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.33%22%20transform%3D%22rotate(3%2032%20146)%22%2F%3E%3Ccircle%20cx%3D%2218%22%20cy%3D%2295%22%20r%3D%225%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.41%22%2F%3E%3Ccircle%20cx%3D%22380%22%20cy%3D%2219%22%20r%3D%226%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.73%22%2F%3E%3Ccircle%20cx%3D%22648%22%20cy%3D%2237%22%20r%3D%224%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.54%22%2F%3E%3Ccircle%20cx%3D%22366%22%20cy%3D%22189%22%20r%3D%223%22%20fill%3D%22%236ee7b7%22%20opacity%3D%220.42%22%2F%3E%3C%2Fsvg%3E)
Introduction
In most smart contract platforms, access control is based on the caller's address — a pattern that leads to fragile permission systems and common exploits like reentrancy. Radix takes a fundamentally different approach: access is gated by badges, which are standard resources (fungible or non-fungible) that serve as unforgeable credentials. A caller is authorised not because of who they are but because of what they hold.
This pattern is central to Scrypto development and appears in virtually every non-trivial dApp on Radix.
How It Works
Access Rules
When a component is instantiated, its methods can be protected with access rules that specify which badge(s) must be present for a call to succeed. The Radix Engine checks these rules automatically before executing any method — there is no manual require(msg.sender == owner) logic.
enable_method_auth! {
roles {
admin => updatable_by: [];
minter => updatable_by: [admin];
},
methods {
mint_tokens => restrict_to: [minter, admin];
update_price => restrict_to: [admin];
buy => PUBLIC;
}
}Proofs and the Auth Zone
When a method requires a badge, the caller provides a Proof — a cryptographic attestation that a resource exists in the caller's possession without transferring it. Proofs can be placed on the Auth Zone (a transaction-scoped container) so that multiple method calls within the same transaction can share the same authorisation context.
# Transaction manifest: create proof and call restricted method
CREATE_PROOF_FROM_ACCOUNT_OF_AMOUNT
Address("account_rdx...")
Address("resource_rdx...admin_badge...")
Decimal("1")
;
CALL_METHOD
Address("component_rdx...")
"update_price"
Decimal("1.50")
;Common Badge Patterns
Admin Badge
The most basic pattern: mint a single non-fungible badge at instantiation and return it to the deployer. Methods like withdraw_fees, update_config, or pause are gated behind this badge.
User Badge
The User Badge Pattern issues a non-fungible badge to each user when they register. The badge's non-fungible data stores user-specific state (balances, permissions, membership tier). Methods read the caller's badge data to personalise behaviour without maintaining a separate user registry.
Multi-Signature
Access rules support boolean logic: require_n_of(2, [badge_a, badge_b, badge_c]) creates a 2-of-3 multi-sig gate. This is useful for treasury management, protocol upgrades, or any high-stakes operation.
Soulbound Badges
By creating a non-transferable resource (restrict Deposit and Withdraw actions), a badge becomes soulbound to the original recipient's account. This is ideal for identity credentials, certificates, or membership tokens that should not change hands.