Authorization keys
- Overview
- Creating authorization keys
- User authorization keys
Quorum approvals
Policies
Solana examples
Allowlist specific Solana Programs
{
version: '1.0',
name: 'Allowlisted programs'
chain_type: 'solana',
rules: [{
name: 'Allowlist the Compute Budget Program and System Program',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used only to allowlist Solana Programs.
field_source: 'solana_program_instruction',
field: 'programId',
operator: 'in',
value: ['ComputeBudget111111111111111111111111111111', '11111111111111111111111111111111']
}
],
action: 'ALLOW'
}]
}
Allow a SOL Transfer instruction with a max value
{
version: '1.0',
name: 'SOL transfer maximums'
chain_type: 'solana',
rules: [{
name: 'Restrict SOL transfers to a maximum value',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'Transfer.lamports',
operator: 'lte',
value: '1000000000' // 1 SOL
},
],
action: 'ALLOW'
}]
}
Allow a SOL Transfer instruction with a max value to allowlisted recipients
{
version: '1.0',
name: 'Restrict SOL transfers to a specific recipient'
chain_type: 'solana',
rules: [{
name: 'Restrict SOL transfers to a maximum value to a specific recipient',
method: 'signAndSendTransaction',
conditions: [
{
// This condition restricts the value of all SOL transfers to <= 1 SOL.
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'Transfer.lamports',
operator: 'lte',
value: '1000000000' // 1 SOL
},
{
// This additional condition restricts Transfer recipients to a list of allowed addresses.
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'Transfer.to',
operator: 'in',
value: ['4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA', '4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA']
}
],
action: 'ALLOW'
}]
}
Allow a Solana Transaction that has a Create and Transfer instruction, while limiting Transfers to 1 SOL
{
version: '1.0',
name: 'SOL transfer maximums'
chain_type: 'solana',
rules: [
{
// This rule restricts the value of all SOL transfer instructions to <= 1 SOL.
name: 'Restrict SOL transfers to a maximum value',
method: 'signAndSendTransaction',
conditions: [{
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'Transfer.lamports',
operator: 'lte',
value: '1000000000' // 1 SOL
}],
action: 'ALLOW'
},
{
// This rule allows the Create instruction to be present in the transaction.
name: 'Allow the Create instruction',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'instructionName',
operator: 'eq',
value: 'Create'
}
],
action: 'ALLOW'
}
]
}
Allow a TransferChecked instruction with a max value of a USDC token
{
version: '1.0',
name: 'Restrict USDC transfers to a maximum value',
chain_type: 'solana',
rules: [{
name: 'Restrict transfers to be less than or equal to 5 USDC',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all Token Program instructions.
field_source: 'solana_token_program_instruction',
field: 'TransferChecked.mint',
operator: 'eq',
// This is the USDC mint address on the Solana mainnet.
value: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v'
},
{
// This field_source is used for all Token Program instructions.
field_source: 'solana_token_program_instruction',
field: 'TransferChecked.amount',
operator: 'lte',
value: '5000000' // 5 USDC assuming 6 decimals
},
],
action: 'ALLOW'
}]
}
Denylist recipients of a transaction
{
version: '1.0',
name: 'Denylist recipients of SOL transfer',
chain_type: 'solana',
rules: [{
name: 'Deny SOL transfers to a list of addresses',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'Transfer.to',
operator: 'in',
value: ['4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA', '4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA']
},
],
action: 'DENY'
}]
}
Allowlist some System Program instructions and some Token Program instructions
{
version: '1.0',
name: 'Allowlist all System Program instructions and some Token Program instructions',
chain_type: 'solana',
rules: [
{
name: 'Allowlist System Program instructions',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all System Program instructions.
field_source: 'solana_system_program_instruction',
field: 'instructionName',
operator: 'in',
value: ['Create', 'Transfer']
}
],
action: 'ALLOW'
},
{
name: 'Allowlist Token Program instructions',
method: 'signAndSendTransaction',
conditions: [
{
// This field_source is used for all Token Program instructions.
field_source: 'solana_token_program_instruction',
field: 'instructionName',
operator: 'in',
value: ['TransferChecked', 'CloseAccount']
}
],
action: 'ALLOW'
}
]
}
Allowlist some Solana Programs and restrict SOL transfers
{
version: '1.0',
name: 'Allowlist some Solana Programs and restrict SOL transfers',
chain_type: 'solana',
rules: [
{
name: 'Allowlist Programs',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'solana_program_instruction',
field: 'programId',
operator: 'in',
value: [
'ComputeBudget111111111111111111111111111111', // Compute Budget Program
'JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4' // Jupiter v6 Swap Program
]
}
],
action: 'ALLOW'
},
{
name: 'Restrict SOL transfers',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'solana_system_program_instruction',
field: 'Transfer.lamports',
operator: 'lte',
value: '1000000000' // 1 SOL
}
],
action: 'ALLOW'
}
]
}
Prevent private key exports while allowing other actions
{
version: '1.0',
name: 'Prevent private key exports',
chain_type: 'solana',
rules: [
{
name: 'Block private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'DENY'
},
{
name: 'Allow all other actions',
method: '*',
conditions: [],
action: 'ALLOW'
}
]
}
Only permit private key exports
{
version: '1.0',
name: 'Only allow private key exports',
chain_type: 'solana',
rules: [
{
name: 'Allow private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'ALLOW'
},
{
name: 'Block all other actions',
method: '*',
conditions: [],
action: 'DENY'
}
]
}
Anti patterns
Avoid adding rules that may override other rules
{
version: '1.0',
name: 'Allowlist the System Program Transfer instruction and restrict SOL transfers',
chain_type: 'solana',
rules: [
{
// This rule restricts the value of all SOL transfers.
name: 'Restrict SOL transfers',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'solana_system_program_instruction',
field: 'Transfer.lamports',
operator: 'lte',
value: '1000000000' // 1 SOL
}
],
action: 'ALLOW'
},
{
name: 'Allowlist System Program Transfer instruction',
method: 'signAndSendTransaction',
conditions: [
// This rule will override the previous rule by allowing all Transfer instructions via the System Program.
{
field_source: 'solana_system_program_instruction',
field: 'instructionName',
operator: 'eq',
value: 'Transfer'
}
],
action: 'ALLOW'
}
]
}
On this page
- Allowlist specific Solana Programs
- Allow a SOL Transfer instruction with a max value
- Allow a SOL Transfer instruction with a max value to allowlisted recipients
- Allow a Solana Transaction that has a Create and Transfer instruction, while limiting Transfers to 1 SOL
- Allow a TransferChecked instruction with a max value of a USDC token
- Denylist recipients of a transaction
- Allowlist some System Program instructions and some Token Program instructions
- Allowlist some Solana Programs and restrict SOL transfers
- Prevent private key exports while allowing other actions
- Only permit private key exports
- Anti patterns
- Avoid adding rules that may override other rules