Secure Upkeeps Using the Forwarder

This tutorial explains how to use the Forwarder to add additional security to your Automation upkeeps. To learn how other Chainlink Automation contracts work, click here.

What is a Forwarder? When is it used?

Starting with Automation 2.0, each registered upkeep under the Chainlink Automation network will have its own unique Forwarder contract. The Forwarder address will only be known after registration, as we deploy a new forwarder for each upkeep. The Forwarder contract is the intermediary between the Automation Registry and your Upkeep contract. The Forwarder will always be the msg.Sender for your upkeep.

If your performUpkeep function is open and callable by anyone without risk of accepting unintentional external data, you don't need to use the Forwarder.

Securing your upkeep

If your upkeep's perform function needs to be permissioned, please consider adding msg.sender = forwarder at the top of your performUpkeep function.

To make this work you will need to:

• Create forwarder as a mutable address variable on your contract that only you can update. forwarder is a unique value that cannot change for your upkeep.
• Create setForwarder function so you can update the forwarder address
• After registration run setForwarder with the forwarder address in your UI, or programatically fetch it using registry.getForwarder(upkeepID) using the Registry interface.