Require tx.origin equals msg.sender

contracts/AccessControl.sol

@@ -0,0 +1,39 @@
+pragma solidity 0.6.4;
+
+import "./Ownable.sol";
+import {AccessControlStorage as ACStorage} from "./storage/AccessControlStorage.sol"; 
+
+contract AccessControl is Ownable {
+    modifier onlyAllowed() {
+        ACStorage.StorageStruct storage s = ACStorage.load();
+
+        if (s.contractAccessControlEnabled) {
+            require(tx.origin == msg.sender, "onlyEOA: ONLY_EOA_ALLOWED");
+        }
+
+        if (s.blacklistControlEnabled) {
+            require(!s.isBlacklisted[msg.sender], "onlyEOA: BLACKLISTED");
+        }
+
+        _;
+    }
+
+    event Blacklisted(address indexed who, bool blacklist);
+
+    function setBlacklisted(address who, bool blacklist) external onlyOwner {
+        ACStorage.StorageStruct storage s = ACStorage.load();
+        s.isBlacklisted[who] = blacklist;
+
+        emit Blacklisted(who, blacklist);
+    }
+
+    event AccessControlChanged(bool contractAccess, bool blacklist);
+
+    function setAccessControl(bool contractAccess, bool blacklist) external onlyOwner {
+        ACStorage.StorageStruct storage s = ACStorage.load();
+        s.contractAccessControlEnabled = blacklist;
+        s.blacklistControlEnabled = blacklist;
+
+        emit AccessControlChanged(contractAccess, blacklist);
+    }
+}

contracts/smart-pools/PV2SmartPool.sol

@@ -17,8 +17,9 @@ import {PBasicSmartPoolStorage as PBStorage} from "../storage/PBasicSmartPoolSto
 import {PCTokenStorage as PCStorage} from "../storage/PCTokenStorage.sol";
 import {PCappedSmartPoolStorage as PCSStorage} from "../storage/PCappedSmartPoolStorage.sol";
 import {PV2SmartPoolStorage as P2Storage} from "../storage/PV2SmartPoolStorage.sol";
+import {AccessControl} from "../AccessControl.sol";
 
-contract PV2SmartPool is IPV2SmartPool, PCToken, ReentryProtection {
+contract PV2SmartPool is IPV2SmartPool, PCToken, AccessControl, ReentryProtection {
   using LibSafeApprove for IERC20;
 
   event TokensApproved();
@@ -143,6 +144,7 @@ contract PV2SmartPool is IPV2SmartPool, PCToken, ReentryProtection {
   function exitPoolTakingloss(uint256 _amount, address[] calldata _lossTokens)
     external
     override
+    onlyAllowed
     ready
     noReentry
     onlyJoinExitEnabled
@@ -154,7 +156,7 @@ contract PV2SmartPool is IPV2SmartPool, PCToken, ReentryProtection {
         @notice Burns pool shares and sends back the underlying assets
         @param _amount Amount of pool tokens to burn
     */
-  function exitPool(uint256 _amount) external override ready noReentry onlyJoinExitEnabled {
+  function exitPool(uint256 _amount) external override ready onlyAllowed noReentry onlyJoinExitEnabled {
     LibPoolEntryExit.exitPool(_amount);
   }
 
@@ -167,6 +169,7 @@ contract PV2SmartPool is IPV2SmartPool, PCToken, ReentryProtection {
     external
     override
     ready
+    onlyAllowed
     noReentry
     onlyJoinExitEnabled
   {

contracts/storage/AccessControlStorage.sol

@@ -0,0 +1,18 @@
+pragma solidity ^0.6.4;
+
+library AccessControlStorage {
+  bytes32 public constant acSlot = keccak256("AccessControl.storage.location");
+
+  struct StorageStruct {
+      bool blacklistControlEnabled; // if false, blacklist protection is on 
+      bool contractAccessControlEnabled; // if false, contract access protection is on (only eoa can call)
+
+      mapping(address => bool) isBlacklisted; // if address entry is true, the address is blacklisted
+  }
+  function load() internal pure returns (StorageStruct storage s) {
+    bytes32 loc = acSlot;
+    assembly {
+      s_slot := loc
+    }
+  }
+}