Authorization keys
- Overview
- Creating authorization keys
- User authorization keys
Quorum approvals
Example policies
Check out some example policies below.
Allow list a specific smart contract or program interaction
{
version: '1.0',
name: 'Allowlisted contracts',
chain_type: 'ethereum',
rules: [
{
name: 'Allow list the USDC address',
method: 'eth_sendTransaction',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
]
},
{
name: 'Allow list for Base specifically',
method: 'eth_signTypedData_v4',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_typed_data_message',
field: 'chain_id',
operator: 'eq',
value: '8453'
}
]
}
],
}
Configure a max transfer value of the native token (ETH, SOL)
{
version: '1.0',
name: 'Native token transfer maximums',
chain_type: 'ethereum',
rules: [{
name: 'Restrict ETH transfers to a maximum value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'value',
operator: 'lte',
value: '500000000'
},
],
action: 'ALLOW'
}]
}
Configure a max transfer value of an ERC20 or SPL token
{
version: '1.0',
name: 'ERC20 maximums'
chain_type: 'ethereum',
rules: [
{
name: 'Restrict USDC transfers on Base to be less than or equal to some value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
{
field_source: 'ethereum_calldata',
field: 'transfer.amount',
abi: [{
"inputs": [
{
"internalType": "address",
"name": "recipient",
"type": "address"
},
{
"internalType": "uint256",
"name": "amount",
"type": "uint256"
}
],
"name": "transfer",
"outputs": [
{
"internalType": "bool",
"name": "",
"type": "bool"
}
],
"stateMutability": "nonpayable",
"type": "function"
}],
operator: 'lte',
value: '500000000'
}
],
action: 'ALLOW'
},
{
name: 'Specify chain',
method: 'eth_signTypedData_v4',
conditions: [{
field_source: 'ethereum_typed_data_domain',
field: 'chain_id',
operator: 'eq',
value: '8453'
}],
}
]
}
Denylist recipients of a transaction
{
version: '1.0',
name: 'Deny listed addresses',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}]
}
Enforce policies across multiple RPC methods
{
version: '1.0',
name: 'Example policy with multiple RPC methods',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}, {
name: 'Only allow certain messages to be signed',
method: 'personal_sign',
conditions: [
{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: 'Hello world'
},
],
action: 'ALLOW'
}]
}
Allow all requests for a given RPC method
{
version: '1.0',
name: 'Example policy to allow all personal_sign requests',
chain_type: 'ethereum',
rules: [{
name: 'Allow all EIP191 messages to be signed',
method: 'ethereum_message',
conditions: [{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: '*' // Allow all
}],
action: 'ALLOW'
}]
}
Restrict typed data domains to a specific chain ID and verifying contract
{
version: '1.0',
name: 'Example policy to allow a specific signing domain',
chain_type: 'ethereum',
method_rules: [{
method: 'eth_signTypedData_v4',
rules: [{
name: 'Allow specific domain to sign messages',
conditions: [
{
field_source: 'ethereum_typed_data_domain',
field: 'chain_id',
operator: 'eq',
value: '8453'
},
{
field_source: 'ethereum_typed_data_domain',
field: 'verifying_contract',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
}
],
action: 'ALLOW'
}],
}],
}
Restrict parameters of a typed data message
{
version: '1.0',
name: 'Allow ERC20 Permits for known owners, max value',
chain_type: 'ethereum',
rules: [{
name: 'Allow specific owner addresses and a max value',
method: 'eth_signTypedData_v4',
conditions: [
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'owner.wallet', // dot-separated path to primitive 'address' type that 'value' will be compared against.
operator: 'in',
value: ['0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', '0x123589fCD6eDb6E08f4c7C32D4f71b54bdA02911'],
},
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'value',
operator: 'lte',
value: '500000000'
},
],
action: 'ALLOW'
}],
}
Was this page helpful?
On this page
- Allow list a specific smart contract or program interaction
- Configure a max transfer value of the native token (ETH, SOL)
- Configure a max transfer value of an ERC20 or SPL token
- Denylist recipients of a transaction
- Enforce policies across multiple RPC methods
- Allow all requests for a given RPC method
- Restrict typed data domains to a specific chain ID and verifying contract
- Restrict parameters of a typed data message