Policy
Policies govern how transactions are submitted to approval nodes. Each policy consists two parts:
- Triggering Condition: A collection of rules based on multiple parameters of a transaction that correspond to a specific type of transaction.
- Approval Process: A process for approving a transaction that matches trigger conditions.
Safeheron has two types of transaction policies: Basic Policies and Advanced Policies, where the Advanced Policies includes transfer policies, MPC Sign policies, and Web3 Sign policies.
The policies supported by various types of transactions are listed in the table below:
Policy | Transfer Tasks (Asset Wallet) | Web3 Sign Tasks (Web3 Wallet) | MPC Sign Tasks(Asset Wallet) |
---|---|---|---|
Basic Policies | Supported | Supported | Not Supported |
Transfer Policies | Supported | Not Supported | Not Supported |
MPC Sign Policies | Not Supported | Not Supported | Supported |
Basic policies can be viewed in the Safeheron Mobile App, while advanced policies can be viewed in the Safeheron Web Console.
At this time, advanced policies cannot be configured independently. Click here to learn how to configure advanced policies.
Approval Process
Before describing the different policy models, let's first cover the Approval Process of each policy. The triggering conditions are different for each policy model, but the approval processes are basically the same.The approval process is designed to accommodate various business settings of our clients while also providing flexibility and security for team collaboration.
The approval process currently includes up to 3 approval nodes, with each approval node having two components.
- Approver (API Co-Signer included)
- Approval Threshold
Each approval node has the ability to configure approvers and approval thresholds. For example, if Approval Node 1 requires approval from 2 out of 3 members (A, B, and C), the approval node configuration would be as follows:
- Approval Node 1
- Approvers: A, B, C
- Approval Threshold: 2/3
If a business setting requires an approval sequence, multiple approval nodes can be utilized. For instance, member A approves first, followed by members B and C. The approval node would then be configured as follows:
- Approval Node 1
- Approver: A
- Approval Threshold: 1/1
- Approval Node 2
- Approver: B, C
- Approval Threshold: 1/2
An MPC Sign will be executed for the transaction once the final approval node of the approval process has been completed. Note that the approval process employs a one-vote veto system, i. e., if one member of any approval node rejects a request, the entire approval process is terminated..
Basic Policy
When you create a team for the first time using the Safeheron Mobile App, default basic policies are automatically configured for you. The admin of the team can view and modify the basic policies, allowing you to configure the appropriate approval process based on the needs of your organization.
The basic policy allows team members with Create Transactions permission to initiate a transfer transaction or a Web3 Sign task, but it does not support inputting custom parameters such as initiator, triggering conditions, source wallet, and so on.
Simply put, the triggering condition of the basic policy is not customizable and is the same for all transfer tasks and Web3 Sign tasks in the team. The approval process can be configured by the team administrator in the Safeheron mobile app.
Transfer Policy
If a basic policy does not meet the needs of your business, you can use an advanced policy.
You can improve risk management practices of your business by setting up multiple transfer policies. For example, you can establish conditions that meet the following criteria:
- Wallet 1: Sending BTC requires approval from either Member A or Member B, while sending ETH requires approval from both Members A and B.
- Wallet 2: Transactions with values less than $1,000,000 USD requires approval from either Member A or Member B, while transactions with values exceeding $1,000,000 USD requires approval from both Members A and B.
- Wallet 3: Transactions with values less than $1,000,000 USD are automatically approved by API Co-Signer 1, while transactions with values exceeding $1,000,000 USD requires approval from both Members A and B.
- Wallet 4: Only Member C is permitted to initiate transfer transactions. The destination address must be one that is on the whitelist. Any transfer transaction requires the approval of either member A or member B.
The approval process conditions are configured in the same way as Transfer Policies. Triggering conditions can be customized and combined to fit your business setting.
Dimension | Description |
---|---|
Initiator | Limit transaction initiators. An initiator can be any team member with the permission to Create Transactions or an API Key. Define transaction initiators through the use of the following options: 1. Any member with the permission 2. Designate one or more members with the permission |
From | Define wallets to be used for transfers using the following two options: 1. Any, which means transferring assets from any asset wallet 2. Designate 1 or more asset wallets |
To | Define the destination address for any transfer through any of the following options: 1. Any, which means transferring assets to any destination address 2. Any asset wallet in your team 3. Designate one or more asset wallets in your team 4. Any whitelisted address 5. Designate one or more whitelisted addresses 6. An unknown address |
Value | Convert the amount transferred into U. S. dollars based on the current exchange rate, and set a transfer limit using the following options: 1. Transfer value is greater than 'x' USD. 2. Transfer value is less than 'x' USD; Number of transfers within 24 hours is less than 'y' times. 3. Transfer value is less than 'x' USD; Cumulative assets transferred within 24 hours are less than 'y' USD. |
Amount | Limit the number of transfers for a specified currency through the use of the following options: 1. Transfer amount is greater than 'x' value. 2. Transfer amount is less than 'x' value; Number of transfers within 24 hours is less than 'y' value. |
Priority | Define the priority of policy matching. A larger value indicates a higher priority. When policies conflict, the policy with a larger value takes precedence. |
Approval Process | Define the action for duplicate transactions through the following options: 1. Reject 2. Enter a set approval process |
Only 1 selection can be made between value dimension and quantity dimension for each of the above parameters.
Once a transfer policy is set, a transfer transaction is prioritized using the advanced policy. If the advanced policy does not meet the transaction's triggering conditions but does meet the basic policy's triggering conditions, the transaction will then proceed using the basic policy approval process.
MPC Sign Policy
The approval process of the MPC Sign policy is the same as described above. Triggering conditions consist of multiple parameters that can be combined with each other:
Dimension | Description |
---|---|
Initiator | Specify the API Key for initiating transactions using the following options: 1. Any authorized API keys 2. Assign one or more authorized API Keys |
From | Define wallets to be used for transfers using the following two options: 1. Any, which means transferring assets from any asset wallet 2. Designate 1 or more asset wallets |
Priority | Define the priority of policy matching. A larger value indicates a higher priority. When policies conflict, the policy with a larger value takes precedence. |
Approval Process | Define the action for duplicate signature tasks through the following options: 1. Reject 2. Enter a set approval process |
Configure Advanced Policies
If you need to add an advanced policy, please contact Safeheron's Support team. The Support team will assist you in configuring an advanced policy based on the specifics of your business.
You can use the following template to send an email to support@safeheron.com.
Transaction Policy Email Template
Subject
Transfer Policy Request
Content
Team ID: <Your Team ID (You can find your Team ID by navigating to: App -> Me -> Team Name) >
Description of Business Setting: <Describe your business settings where you use advanced policies, so that Safeheron's support team can verify whether the policy settings are reasonable and safe>
Examples of policy requested to add:
Initiator | From | To | Value/Amount Limit | Priority | Approval Node 1 | Approval Node 2 | Approval Node 3 |
---|---|---|---|---|---|---|---|
Any member with permission | Any | Any whitelisted address | Transfer value < $10,000 USD | 100 | Node name: Admin Approval Approvers: A, B, C Approval Threshold: 2/3 | None | None |
Member A | Wallet 1 | Any whitelisted address | Transfer ETH < 100 | 200 | Node name: Finance Approval Approvers: A, B, C Approval Threshold: 2/3 | Node name: Risk Control Approval Approvers: A, B Approval Threshold: 1/2 | None |
Member A | Wallet 2 | Any | Transfer BTC > 100 | 300 | Node name: Executive Approval Approvers: B, C Approval Threshold: 2/2 | None | None |
... | ... | ... | ... | ... | ... |
MPC Sign Policy Email Template
Subject
MPC Sign Policy Request
Content
Team ID: <Your Team ID (You can find your Team ID by navigating to: App -> Me -> Team Name) >
Description of Business Setting: <Describe your business settings where you use advanced policies, so that Safeheron's support team can verify whether the policy settings are reasonable and safe>
Examples of policy requested to add:
Initiator | Source Wallet | Priority | Approval Node 1 | Approval Node 2 | Approval Node 3 |
---|---|---|---|---|---|
API Key 1 | Wallet 1, Wallet 2 | 100 | Node name: Auto Approval Approvers: API Co-Signer Approval Threshold: 1/1 | None | None |
API Key 2 | Wallet 3 | 200 | Node name: Admin Approval Approvers: A, B Approval Threshold: 1/2 | None | None |
... | ... | ... |