Set Policies

Policies automate the process of approvals for allowing transactions, blocking transactions, or sending transactions.

Suggest Edits

Policies provide organizations with essential protection by enabling it to specify who is allowed to move funds, perform transactions, set amount limitations, and more.

For example, an organization may want to automatically block a transaction that exceeds a specific amount, review transactions according to their origin, or block specific users from making transactions.

Learn more by studying these sample policies.

Workflow for policy rule creation

The creation of a new policy follows this workflow:

  1. A draft of the new policy rules is created in the Fordefi web console.
  2. The draft of the new policy rules is submitted to the Admin Quorum for their approval.
  3. The Admin Quorum are notified on their mobile devices about the draft of the new policy rules.
  4. When the required number of admins approve the draft, the new policy rules are created and added to the system.

πŸ“˜

Note

  • For security reasons, only admins are permitted to create or discard policy rules.
  • Only one draft of policy rules is permitted at any time.

Policy rules and conditions

A policy rule is made up of conditions. When all the conditions are met, the policy rule is applied to the transaction.

Example

Assume a condition within a policy rule declares that any transactions over $1000 are blocked. If an attempt is made to make a transaction exceeding $1000, the system establishes that the condition is met, the policy rule is applied, and the transaction is blocked.

When you create a rule, you add conditions to any of the following:

ConditionMeaningLimitations
UserThe user initiating the transaction.
OriginThe vault the transaction is sent from.
Transaction typeCan be one of the following:

- Transfer: Sending funds directly to another recipient using the platform.
- Contract call: Interaction using a smart contract or application.
- Allowance: A token approval.
- Message signature: One of two types: personal message or typed message.
- Black-box signature: Signing any arbitrary blob, subject to the client's transaction policy, in a distributed way, without exposing the private key.		With respect to message signatures, be aware of the following limitations:

- If you specify an amount during the creation of the rule, it is ignored.
- If you combine rules of both message signature and transfer/contract call with an amount, the message signature element is ignored.
- Certain messages that have a recipient can be matched by the policy, while others cannot. Specifically:
a. EVM personal messages cannot have a recipient.
b. Sometimes, in typed data messages, the message holds the recipient in the verifying_contract field. If so, Fordefi is able to match it as the recipient.
c. Messages on Cosmos and Solana have no recipient.
RecipientFor transfers, this is the recipient of the transfer. For allowances, this is the address that receives the token allowance (that is, the spender). For contract calls, this is the destination address of the contract call. You can specify the recipient as an address, a name in the Address Book, a vault, or the name of a DApp from the given list.
TokenThe token or tokens that the transaction is sending. For a rule to match a transaction, each of the outgoing (that is, sent) tokens in the transaction must appear in the list of tokens in the rule. For example, when swapping MATIC for USDC (that is, send 1 MATIC, get back 1.5 USDC), a rule that specifies MATIC would match the transaction, whereas a rule that specifies USDC would not.
Max amountThe amount of funds that the transaction is sending. When the rule lists only one token, you can denominate the amount in either units of the token or in fiat (USD). If the rule lists multiple tokens, you can only specify the amount in fiat (USD).

Actions

After you set up a rule's conditions, specify the action that should be taken if all the conditions of the rule are fulfilled.

There are three action options:

  1. Approve a transaction.
  2. Block a transaction.
  3. Require a transaction be approved by the relevant admin before proceeding.

πŸ“˜

Note

If a policy has multiple rules, they are applied in the order in which they appear in the list of rules.

Updated about 2 months ago