Policy
The features on this page refer to the old policy version, which will be phased out soon. For more flexible configurations and enhanced features, we recommend using the new advanced policies.
Policies govern how transactions are submitted to approval nodes. Each policy consists two parts:
- Triggering Condition: A collection of rules based on multiple parameters of a transaction that correspond to a specific type of transaction.
- Approval Process: A process for approving a transaction that matches trigger conditions.
Safeheron has two types of transaction policies: Basic Policy and Advanced Policies, where the Advanced Policies includes transfer policy, MPC Sign policy, and Web3 Sign policy.
The policies supported by various types of transactions are listed in the table below:
| Policy | Transfer Tasks (Asset Wallet) | Web3 Sign Tasks (Web3 Wallet) | MPC Sign Tasks(Asset Wallet) |
|---|---|---|---|
| Basic Policy | Supported | Supported | Not Supported |
| Transfer Policy | Supported | Not Supported | Not Supported |
| MPC Sign Policy | Not Supported | Not Supported | Supported |
| Web3 Sign Policy | Not Supported | Supported | Not Supported |
Basic policy can be viewed in the Safeheron Mobile App, while advanced policies can be viewed in the Safeheron Web Console.
At this time, advanced policies cannot be configured independently. Click here to learn how to configure advanced policies.
Approval Process
Before describing the different policy models, let's first cover the Approval Process of each policy. The triggering conditions are different for each policy model, but the approval processes are basically the same.The approval process is designed to accommodate various business settings of our clients while also providing flexibility and security for team collaboration.
The approval process currently includes up to 3 approval nodes, with each approval node having two components.
- Approver (API Co-Signer included)
- Approval Threshold
Each approval node has the ability to configure approvers and approval thresholds. For example, if Approval Node 1 requires approval from 2 out of 3 members (A, B, and C), the approval node configuration would be as follows:
- Approval Node 1
- Approvers: A, B, C
- Approval Threshold: 2/3
If a business setting requires an approval sequence, multiple approval nodes can be utilized. For instance, member A approves first, followed by members B and C. The approval node would then be configured as follows:
- Approval Node 1
- Approver: A
- Approval Threshold: 1/1
- Approval Node 2
- Approver: B, C
- Approval Threshold: 1/2
An MPC Sign will be executed for the transaction once the final approval node of the approval process has been completed. Note that the approval process employs a one-vote veto system, i. e., if one member of any approval node rejects a request, the entire approval process is terminated..
Basic Policy
When you create a team for the first time using the Safeheron Mobile App, default basic policy is automatically configured for you. The admin of the team can view and modify the basic policy, allowing you to configure the appropriate approval process based on the needs of your organization.
The basic policy allows team members with Create Transactions permission to initiate a transfer transaction or a Web3 Sign task, but it does not support inputting custom parameters such as initiator, triggering conditions, source wallet, and so on.
Simply put, the triggering condition of the basic policy is not customizable and is the same for all transfer tasks and Web3 Sign tasks in the team. The approval process can be configured by the team administrator in the Safeheron mobile app.
Transfer Policy
If a basic policy does not meet the needs of your business, you can use an advanced policy.
You can improve risk management practices of your business by setting up multiple transfer policies. For example, you can establish conditions that meet the following criteria:
- Wallet 1: Sending BTC requires approval from either Member A or Member B, while sending ETH requires approval from both Members A and B.
- Wallet 2: Transactions with values less than $1,000,000 USD requires approval from either Member A or Member B, while transactions with values exceeding $1,000,000 USD requires approval from both Members A and B.
- Wallet 3: Transactions with values less than $1,000,000 USD are automatically approved by API Co-Signer 1, while transactions with values exceeding $1,000,000 USD requires approval from both Members A and B.
- Wallet 4: Only Member C is permitted to initiate transfer transactions. The destination address must be one that is on the whitelist. Any transfer transaction requires the approval of either member A or member B.
The approval process conditions are configured in the same way as Transfer Policies. The triggering conditions encompass multiple dimensions, which can be combined to fit your business setting.
| Dimension | Description |
|---|---|
| Initiator | Limit transaction initiators. An initiator can be any team member with the permission to Create Transactions or an API Key. Define transaction initiators through the use of the following options: 1. Any member with the permission 2. Designate one or more members with the permission |
| From | Define wallets to be used for transfers using the following two options: 1. Any, which means transferring assets from any asset wallet 2. Designate 1 or more asset wallets |
| To | Define the destination address for any transfer through any of the following options: 1. Any, which means transferring assets to any destination address 2. Any asset wallet in your team 3. Designate one or more asset wallets in your team 4. Any whitelisted address 5. Designate one or more whitelisted addresses 6. An unknown address |
| Value | Convert the amount transferred into U. S. dollars based on the current exchange rate, and set a transfer limit using the following options: 1. Transfer value is greater than 'x' USD. 2. Transfer value is less than 'x' USD; Number of transfers within 24 hours is less than 'y' times. 3. Transfer value is less than 'x' USD; Cumulative assets transferred within 24 hours are less than 'y' USD. |
| Amount | Limit the number of transfers for a specified currency through the use of the following options: 1. Transfer amount is greater than 'x' value. 2. Transfer amount is less than 'x' value; Number of transfers within 24 hours is less than 'y' times. |
| Priority | Define the priority of policy matching. A larger value indicates a higher priority. When policies conflict, the policy with a larger value takes precedence. |
| Approval Process | Define the action for duplicate transactions through the following options: 1. Reject 2. Enter a set approval process |
Only 1 selection can be made between value dimension and quantity dimension for each of the above parameters.
Once a transfer policy is set, a transfer transaction is prioritized using the advanced policy. If the advanced policy does not meet the transaction's triggering conditions but does meet the basic policy's triggering conditions, the transaction will then proceed using the basic policy approval process.
MPC Sign Policy
The approval process of the MPC Sign policy is the same as described above. The triggering conditions encompass multiple dimensions, which can be combined to fit your business setting.
| Dimension | Description |
|---|---|
| Initiator | Specify the API Key for initiating transactions using the following options: 1. Any authorized API keys 2. Assign one or more authorized API Keys |
| From | Define wallets to be used for transfers using the following two options: 1. Any, which means transferring assets from any asset wallet 2. Designate 1 or more asset wallets |
| Priority | Define the priority of policy matching. A larger value indicates a higher priority. When policies conflict, the policy with a larger value takes precedence. |
| Approval Process | Define the action for duplicate signature tasks through the following options: 1. Reject 2. Enter a set approval process |
Web3 Sign Policy
When the Basic Policy cannot meet the approval requirements for Web3 Sign tasks, such as using a Web3 wallet for token transfers, token approval, contract method calls, NFT transfers, NFT authorization, and other business scenarios involving interactions with smart contracts, it is necessary to strictly limit which contracts the Web3 wallet can interact with. In this case, the Web3 Sign Policy can be used to achieve flexible and secure approval control.
For other non-smart contract interaction scenarios with Web3 wallets, such as using methods like personal_sign, eth_signTypedData (v1 to v4), and eth_sign, approval control is currently only supported through the basic policy.
The approval process for the Web3 Sign Policy is consistent with the description above. The triggering conditions encompass multiple dimensions, which can be combined to fit your business setting.
| Dimension | Description |
|---|---|
| Initiator | Limit transaction initiators. An initiator can be any team member with the permission to Create Transactions or an API Key. Define transaction initiators through the use of the following options: 1. Any member with the permission or API Key 2. Designate one or more members with the permission or API Keys |
| From | Define Web3 wallets to be used for transfers using the following two options: 1. Any, which means transferring assets from any Web3 wallet 2. Designate 1 or more Web3 wallets |
| To | Limit smart contract addresses, and the maximum is 50 addresses per policy. |
| Priority | Define the priority of policy matching. A larger value indicates a higher priority. When policies conflict, the policy with a larger value takes precedence. |
| Approval Process | Define the action for duplicate signature tasks through the following options: 1. Reject 2. Enter a set approval process |
Configure Advanced Policies
If you need to add an advanced policy, please contact Safeheron's Support team. The Support team will assist you in configuring an advanced policy based on the specifics of your business.
You can use the following template to send an email to support@safeheron.com.
Transaction Policy Email Template
Subject
Transfer Policy Request
Content
Team ID: <Your Team ID (You can find your Team ID by navigating to: App -> Me -> Team Name) >
Description of Business Setting: <Describe your business settings where you use advanced policies, so that Safeheron's support team can verify whether the policy settings are reasonable and safe>
Examples of policies requested to add:
| Initiator | From | To | Value/Amount Limit | Priority | Approval Node 1 | Approval Node 2 | Approval Node 3 |
|---|---|---|---|---|---|---|---|
| Any member with permission | Any | Any whitelisted address | Transfer value < $10,000 USD; Cumulative assets transferred within 24 hours are less than $200,000 USD | 100 | Node name: Admin Approval Approvers: A, B, C Approval Threshold: 2/3 | None | None |
| Member A | Wallet 1 | Whitelisted address A, Whitelisted address B | Transfer ETH < 100; Number of transfers within 24 hours is less than 50 times | 200 | Node name: Finance Approval Approvers: A, B, C Approval Threshold: 2/3 | Node name: Risk Control Approval Approvers: A, B Approval Threshold: 1/2 | None |
| Member A | Wallet 2 | Any | Transfer BTC > 100 | 300 | Node name: Executive Approval Approvers: B, C Approval Threshold: 2/2 | None | None |
| ... | ... | ... | ... | ... | ... | ... | ... |
MPC Sign Policy Email Template
Subject
MPC Sign Policy Request
Content
Team ID: <Your Team ID (You can find your Team ID by navigating to: App -> Me -> Team Name) >
Description of Business Setting: <Describe your business settings where you use advanced policies, so that Safeheron's support team can verify whether the policy settings are reasonable and safe>
Examples of policies requested to add:
| Initiator | Source Wallet | Priority | Approval Node 1 | Approval Node 2 | Approval Node 3 |
|---|---|---|---|---|---|
| API Key 1 | Wallet 1, Wallet 2 | 100 | Node name: Auto Approval Approvers: API Co-Signer Approval Threshold: 1/1 | None | None |
| API Key 2 | Wallet 3 | 200 | Node name: Admin Approval Approvers: A, B Approval Threshold: 1/2 | None | None |
| ... | ... | ... | ... | ... | ... |
Web3 Sign Policy Email Template
Subject
Web3 Sign Policy Request
Content
Team ID: <Your Team ID (You can find your Team ID by navigating to: App -> Me -> Team Name) >
Description of Business Setting: <Describe your business settings where you use advanced policies, so that Safeheron's support team can verify whether the policy settings are reasonable and safe>
Examples of policies requested to add:
| Initiator | From | To (Smart Contract Address) | Priority | Approval Node 1 | Approval Node 2 | Approval Node 3 |
|---|---|---|---|---|---|---|
| API Key 1 | Any | 0x694b...4008 0x795e...F7A6 0x3bF6...3038 | 100 | Node name: Auto Approval Approvers: API Co-Signer Approval Threshold: 1/1 | None | None |
| Member A | Web3 Wallet 1 | Any | 200 | Node name: Finance Approval Approvers: B, C Approval Threshold: 1/2 | Node name: Risk Control Approval Approvers: E, F Approval Threshold: 1/2 | None |
| ... | ... | ... | ... | ... | ... | ... |