# Sample Hyperliquid Policies This page guides you through configuring [policy](/user-guide/policies) to create transaction rules for Hyperliquid (sometimes called HyperCore). For more general examples, see [Sample Policies](/user-guide/policies/sample-policies). These examples cover the basic rules needed for common Hyperliquid interactions. If you need more help, feel free to reach out to Fordefi Customer Service. ## Important concepts Users of Hyperliquid can interact with the exchange through Fordefi, mainly by signing EVM typed messages, but some specific actions — such as depositing USDC from Arbitrum — require a "transfer". This means no single rule covers all Hyperliquid transactions; instead, a comprehensive policy will require multiple rules, each handling a specific kind of interaction with Hyperliquid. The sections below describe those rules and provide minimal templates you can adapt for your own policy. ## Deposit rules ### Legacy deposits using Arbitrum This simple rule covers the case of depositing USDC into Hyperliquid's [bridge contract on Arbitrum](https://arbiscan.io/address/0x2df1c51e09aecf9cacb7bc98cb1742757f163df7) using the legacy deposit flow on Hyperliquid. #### Settings - **Transaction type**: "Allowance" and "Transfer" - **Recipient**: Hyperliquid (Arbitrum One) DApp option - **Transaction amount**: less than or equal to $100,000 USD (this condition is optional and can be removed or the amount changed) image.png #### Notes The transaction is of type "Transfer" because the deposit technically involves moving and locking your tokens into the bridge contract and crediting the amount to Hyperliquid. We have also added the "Allowance" transaction type, which is technically not required when depositing using the Hyperliquid web app but is required when depositing USDC with Fordefi over API. We have selected the Hyperliquid (Arbitrum) DApp "bundle" as the "Recipient" in our rule because this bundle includes the bridge contract for convenience. legacy-deposit-hyperliquid-dapp.png ### CCTP deposits with Arbitrum This rule captures deposits to Hyperliquid through Circle's CCTP on Arbitrum. The CCTP flow is technically embedded in the [USDC contract on Arbitrum](https://arbiscan.io/token/0xaf88d065e77c8cc2239327c5edb3a432268e5831#writeProxyContract), which is included in the Circle CCTP (Arbitrum) DApp bundle for convenience. #### Settings - **Transaction type**: "EVM typed data message" - **Recipient**: Circle CCTP (Arbitrum One) DApp option - **EVM typed message**: - Domain: USD Coin - Primary type: ReceiveWithAuthorization hyperliquid-deposits-cctp.png #### Notes Since this transaction involves signing an EVM typed message, that is what we have selected as the transaction type, and we have added an extra "EVM typed message" condition with the domain and type of the message we are expecting. Importantly, note that you must NOT add an extra amount or asset check to this rule. Fordefi's policy engine [cannot check an amount or asset when the transaction type is an EVM message](https://docs.fordefi.com/user-guide/policies/policy-rules-conditions-and-actions#matchers-and-transaction-types), except in special circumstances where this message is handled by Fordefi as a transfer (more on this in the next section). hyperliquid-deposits-cctp-dapp.png ## Asset transfer rule from within Hyperliquid This rule is meant as a "catch-all" that can match any of the following actions on Hyperliquid: - Transfers from Spot to Perps - Transfers from Perps to Spot - Transfers to a third-party address on Hyperliquid - Withdrawals from Hyperliquid to your wallet on Arbitrum #### Settings - **Origin**: The vault or vaults that will sign transactions on Hyperliquid - **Transaction type**: "Transfer" - **Recipient**: "Origin vault" hyperliquid-send-assets.png #### Notes Although all these actions technically involve signing messages, Fordefi is able to "handle" them as transfers — which has the advantage of allowing us to use "Origin vault" as the "Recipient" condition. This is important because it ensures that the destination of the funds is always the initiating Fordefi wallet. If a malicious actor ever tried to transfer or withdraw assets from your Hyperliquid account to an unauthorized third-party wallet, this rule will NOT match. ## Approve and revoke API wallets Although [API wallets](https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets?q=agent+wallet#api-wallets) are not required to use Hyperliquid with Fordefi, they can be used for some programmatic use cases. This rule will match any transaction that attempts to approve or revoke an API wallet on Hyperliquid. #### Settings - **Transaction type**: "EVM typed data message" - **EVM typed message**: - Domain: HyperliquidSignTransaction - Primary type: HyperliquidTransaction:ApproveAgent - **Recipient**: "0x0000000000000000000000000000000000000000" as a custom address hyperliquid-api-wallets-rule.png #### Notes The verifying contract here is the [0x0 address](https://arbiscan.io/address/0x0000000000000000000000000000000000000000) (also known as the burn or null address) — this is simply a convention by which Hyperliquid uses this address as its verifying contract. The reason we are not adding the 0x0 address to our Address book is that we do not want it to appear as a destination option when doing a transfer in the Fordefi web app that is unrelated to Hyperliquid. approve-api-wallets-dapp.png ## Convert to multi-sig account As with API wallets, converting your Hyperliquid account to a multi-sig is optional but [can be set up for additional security](https://hyperliquid.gitbook.io/hyperliquid-docs/hypercore/multi-sig). However, it comes at the cost of added complexity and the risk of losing access to your Hyperliquid account if you can no longer meet the threshold. As such, it is best practice to gate the use of this action to make sure it does not present security risks or is activated accidentally. #### Settings - **Transaction type**: "EVM typed data message" - **Recipient**: "0x0000000000000000000000000000000000000000" as a custom address - **EVM typed message**: - Domain: HyperliquidSignTransaction - Primary type: HyperliquidTransaction:ConvertToMultiSigUser convert-to-multisig.png #### Notes As with API wallets, the 0x0 address is also needed as a placeholder for the verifying contract, per Hyperliquid's convention. convert-to-multisig-dapp.png