Set Policy Rules for Message Signatures
The policy allows to control the approval process for signing messages, but not all conditions apply to messages. Moreover, the behavior differs between different types of messages on different chains.
Personal messages and messages on non-EVM chains
Personal messages on EVM chains and any messages on non-EVM chains do not have an associated recipient. Therefore, to apply a policy rule to such message signatures, the recipient matcher in the rule must be left as "Any". The rationale is that such messages do not explicitly specify their recipient in a standard way, and we therefore cannot reliably match them to a recipient in the policy.
Personal messages on EVM chains and any messages on non-EVM chains are treated as if their amount is 0. Therefore, they will match any transaction amount condition.
Permit and Permit2 messages
These important security-sensitive message, used for token allowances, are supported as "first-class objects". These include EIP-2612 Permit messages and messages using Uniswap's Permit2 standard. Such messages are classified as "Allowance" transactions and are subject to the same handling as token allowances. Specifically, the recipient of the message is the spender contract that is granted the allowance, the amount is the dollar value of the amount of the token that is being approved, and the Asset condition can be used to specify the token that is being approved.
Typed data messages
The recipient of Typed Data messages on EVM chains is the contract address that is specified in the verifyingContract field of the Typed Data message. Therefore, to apply a policy rule to such message signatures, the recipient matcher in the rule must be set to the address of the contract that is being called.
Typed Data messages have no amount associated with them. However, since those messages are often used for transferring funds, the amount is treated as unknown rather than 0. This means that a rule with an amount condition will not match Typed Data messages.
The EVM Typed Message condition lets admins create policies that restrict or allow specific actions on EVM typed messages transactions. This condition allows specifying the domain name and matching object type.
The following are examples of using the EVM Typed Message condition to match specific EVM typed messages.
A 1inch Order message can be matched by a rule with the domain name "1inch Aggregation Router" and the matching object type "Order". Additionally, it can be matched more tightly by specifying the recipient of the rule to be the verifyingContract address.
{
"primaryType": "Order", //
"domain": {
"name": "1inch Aggregation Router", //
"version": "6",
"chainId": 1,
"verifyingContract": "0x111111125421ca6dc452d289314280a0f8842a65" //
},
"message": {
"maker": "0x1788124e29feb72eecae5c08b5ac16932a607063",
"makerAsset": "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2",
"takerAsset": "0xc4441c2be5d8fa8126822b9929ca0b81ea0de38e",
"makerTraits": "62419173104490761595518734106350460423624858895588428857840128814335647547392",
"salt": "102412815612101317841011027302898044182118311605090620840156673102513625049742",
"makingAmount": "2000000000000000",
"takingAmount": "15273044570528616665",
"receiver": "0x8bfcf9e2764bc84de4bbd0a0f5aaf19f47027a73"
}
}Summary
The following table summarizes the behavior of message signatures for different types of messages on different chains.
| Message Type | Amount | Recipient |
|---|---|---|
| Personal Message | 0 | N/A (must be Any) |
| Typed Data Message | Unknown (must be Any) | verifyingContract field |
| Non-EVM Message | 0 | N/A (must be Any) |
| Permit and Permit2 Messages | Amount of the token being approved | Recipient of the message (spender contract) |