rules
with defined criteria.action
, operation
, and criteria
:
action
can either accept
or reject
a transaction if the criteria in the rule are met.criteria
is an array of logical expressions. All parameters must evaluate to true for the action to be applied.operation
corresponds to a CDP v2 API:
signEvmTransaction
or signSolTransaction
for signing transactions (to set a transaction limit).sendEvmTransaction
for signing a transaction, and sending it to a supported network.signEvmHash
for signing an arbitrary 32 byte hash.signEvmMessage
for signing an EIP-191 message.prepareUserOperation
for preparing user operations on a smart account.sendUserOperation
for sending user operations using a smart account.project
-level policy applies to all accounts in a CDP Project. Only one project-level policy can be applied to accounts within a CDP Project at any given time.account
-level policy applies to one or more accounts. An account
can have at most one account-level policy at any given time.scope
field of a policy:
rules
array:
criteria
(processed as a logical AND operation applied to a list of independently evaluated boolean expressions) are met, accept
or reject
behavior is applied immediately and the engine stops further evaluation of the policy.criteria
are met, the engine moves to processing the next policy (i.e., an account
-level policy).signEvmTransaction
request, accept the request if the transaction is less than or equal to 1000000000000000000 wei ORsignEvmTransaction
request, accept the request if the transaction is less than or equal to 2000000000000000000 wei AND the request is made to the address 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE
.account
-level policy (if one exists).deletePolicy
operation.
Account-level policies can be applied in two ways:
accountPolicy
field in the request body of the createEvmAccount
and
createSolAccount
operations.
accountPolicy
field in the request body of the updateEvmAccount
and
updateSolanaAccount
operations.
value
field is compared to the criterion’s ethValue
field using the operator
field.
to
field is compared to the criterion’s addresses
field using the operator
field.
string
, bool
, uint(8,16,32,64,256)
, int(8,16,32,64,256)
, address
, and both fixed and dynamic length bytes
.
ERC20
, ERC721
, and ERC1155
tokens. The sum total USD amount of assets being transferred and exposed is compared to the criterion’s changeCents
field using the operator
field. If signing a testnet transaction, then this criterion configuration will be ignored.
value
field is compared to the criterion’s ethValue
field using the operator
field.
to
field is compared to the criterion’s addresses
field using the operator
field.
network
field in the sendEvmTransaction
request body is compared to the criterion’s networks
field using the operator
field.
Valid networks for this criterion include:
base
base-sepolia
ethereum
ethereum-sepolia
avalanche
polygon
optimism
arbitrum
string
, bool
, uint(8,16,32,64,256)
, int(8,16,32,64,256)
, address
, and both fixed and dynamic length bytes
.
ERC20
, ERC721
, and ERC1155
tokens. The sum total USD amount of assets being transferred and exposed is compared to the criterion’s changeCents
field using the operator
field. If sending a testnet transaction, then this criterion configuration will be ignored.
value
fields are compared to the criterion’s ethValue
field using the operator
field.
to
fields are compared to the criterion’s addresses
field using the operator
field.
string
, bool
, uint(8,16,32,64,256)
, int(8,16,32,64,256)
, address
, and both fixed and dynamic length bytes
.
value
fields are compared to the criterion’s ethValue
field using the operator
field.
to
fields are compared to the criterion’s addresses
field using the operator
field.
network
field in the prepareUserOperation
request body is compared to the criterion’s networks
field using the operator
field.
Valid networks for this criterion include:
base-sepolia
base
arbitrum
optimism
zora
polygon
bnb
avalanche
ethereum
ethereum-sepolia
string
, bool
, uint(8,16,32,64,256)
, int(8,16,32,64,256)
, address
, and both fixed and dynamic length bytes
.
signEvmHash
operation does not accept any criteria. To prevent this operation from being executed by any account, specify a rule with signEvmHash
as the operation, and reject
as its action.
match
field in the criteria is a RE2 compliant regular expression that will be executed against the message in the API request.
address
field is compared to the list of addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
solValue
field is compared to the transaction’s value
, which is the amount of SOL in lamports being transferred, using the operator
field.
addresses
field is compared to the list of SPL token transfer recipient addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
splValue
field is compared to the transaction instruction’s value
field, which is the amount of the SPL token being transferred, using the operator
field.
addresses
field is compared to the list of token mint addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
address
field is compared to the list of addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
solValue
field is compared to the transaction’s value
, which is the amount of SOL in lamports being transferred, using the operator
field.
addresses
field is compared to the list of SPL token transfer recipient addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
splValue
field is compared to the transaction instruction’s value
field, which is the amount of the SPL token being transferred, using the operator
field.
addresses
field is compared to the list of token mint addresses in the transaction’s accountKeys
(for legacy transactions) or staticAccountKeys
(for V0 transactions) array using the operator
field.
evmData
criterion for the signEvmTransaction
, and sendEvmTransaction
operations.ERC20
, ERC721
, and ERC1155
tokens calculated using current market prices.