Skip to main content
Policies are “if-then” rules that dictate which transactions can be executed and by whom. Example policies:
  • “if a transaction is sending more than $10,000, then require approval from 2 out of 3 members of the Finance team”
  • “if a transaction is sending less than $10,000, then require approval from 1 out of 3 members of the Finance team”
  • “if a transaction is sending less than $1,000 from the Accounts Payable Account, then automatically approve the transaction”

Policy types

There are two types of policies:
  1. Auto-approval policies If a transaction is governed by an Auto-approval policy, then it is automatically approved and can be executed.
  2. Manual approval policies If a transaction is governed by a Manual approval policy, then it must be manually approved by a Member or Group before it can be executed. Similarly, if a transaction is governed by a Manual approval policy, then it must be manually rejected by a Member or Group before it is discarded. Manual approval policies must specify a Member or Group that is responsible for manually reviewing transactions. If a Group is specified, a voting threshold must also be specified (e.g. 2 out of 3 members of the group must approve or reject).

Policy filters for matching transactions

Policies have the following configurable fields that can be used to determine which types of transactions they govern:
  • Source Account The account from which the transaction is sent. This value can be set to “any source account” or a custom user-defined list of accounts.
  • Transaction Initiator The Member or Group who initiated the transaction. This field can be set to one of the following values:
    • “Any Member”
    • A specific Member
    • A specific Group
    If the value for the Transaction Initiator field is a group, then the policy applies to any transactions where the initiator is any of the Members in the Group.
  • Transaction Type This field can be set to one of the following values:
    • “Any type of transaction”
    • “Token transfers”
    • “Contract interactions”
  • Token (only available if Transaction Type is “Token transfers”) The token being transferred in the transaction. This can be either “any token” or a specific token, e.g. USDC.
  • Token Transfer Recipient (only available if Transaction Type is “Token transfers”) To whom the token is being sent to. This value can be one of the following:
    • “Any recipient”
    • Any address in a custom list defined by the user
  • Token Amount Threshold (only available if Transaction Type is “Token transfers”) A threshold value for the amount of the token being transferred. If this value is set, then the policy only applies to transactions that are transferring an amount less than or equal to this value.
  • Contracts (only available if Transaction Type is “Contract interactions”) The contract that the transaction is interacting with. This value can be one of the following:
    • “Any contract”
    • A specific contract defined by the user
  • Functions (only available if Transaction Type is “Contract interactions”) The function being called in the contract interaction. This value can be one of the following:
    • “Any function”
    • Any function in a custom list defined by the user
  • Function arguments (only available if Transaction Type is “Contract interactions” and Functions is set to a custom list) You can filter on specific argument values or leave them as “any” depending on the argument type. If function arguments are specified, a policy will only match transactions that call the function with the specified arguments. Supported argument types and filters:
    • Bool: exact match (true or false).
    • Uint (including enums): exact match or range (min/max).
    • Int: exact match or range (min/max).
    • Address: exact match or “one of” a list of allowed addresses.
    • Fixed bytes (bytes1–bytes32): exact match.
    • Bytes / String: exact match (by content).

Policy limitations

Policies can be limited to either a single transaction at a time, or multiple transactions within a time interval. For example, a time-based limitation on a Policy can be used to craft a policy that only allows a certain amount of tokens to be transferred every month. User interface for editing a Policy's limitation The user interface for editing a Policy’s limitation in the Multi-Layer Security Wallet web application

Selecting a policy

When creating a transaction, the initiator selects the policy that will govern it. The transaction is evaluated against that policy’s filters and requirements. If the transaction does not match the selected policy, or if its approval requirements are not met, the transaction can not be executed.

Demo of Policies

We highly recommend viewing the demo web application for Multi-Layer Security Wallet to understand how policies are defined from the web application. To view a demo of Multi-Layer Security Wallet’s user interface for modifying Policies, visit: https://onchain-custody-demo.onchainden.com/policies To view the demo, please request a username and password from the Den team.