Note: see the language section for more details.
Allow ABI-specific contract call parameters
See here for more information and examples.
Allow ERC-20 transfers for a specific token smart contract
{
"policyName": "Enable ERC-20 transfers for <CONTRACT_ADDRESS>",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.to == '<CONTRACT_ADDRESS>' && eth.tx.data[0..10] == '0xa9059cbb'"
}
Allow anyone to sign transactions for testnet (Sepolia)
{
"policyName": "Allow signing ethereum sepolia transactions",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.chain_id == 11155111"
}
Allow ETH transactions with a specific nonce range
{
"policyName": "Allow signing Ethereum transactions with an early nonce",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.nonce <= 3"
}
Allow signing of EIP-712 payloads for Hyperliquid ApproveAgent operations
{
"policyName": "Allow signing of EIP-712 Payloads for Hyperliquid `ApproveAgent` operations",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'HyperliquidSignTransaction' && eth.eip_712.primary_type == 'HyperliquidTransaction:ApproveAgent' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Inspect nested fields in EIP-712 message payloads
The eth.eip_712.message map supports nested field access using bracket notation, allowing policies to inspect typed data contents beyond just the domain and primary type.
Syntax:
- Nested struct fields:
eth.eip_712.message['outerField']['innerField']
- Array element fields:
eth.eip_712.message['arrayField'][0]['innerField']
Example: Restrict Hyperliquid orders to a specific asset
Hyperliquid’s HyperliquidTransaction:Order message contains an orders array of Order structs. Each Order uses short field names: a (asset index), b (isBuy), p (price), s (size), r (reduceOnly).
{
"primaryType": "HyperliquidTransaction:Order",
"domain": { "name": "HyperliquidSignTransaction", ... },
"message": {
"orders": [
{ "a": 3, "b": true, "p": "1800.0", "s": "0.1", "r": false, ... }
],
"grouping": "normalTpsl"
}
}
3):
{
"policyName": "Allow Hyperliquid orders for ETH only",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'HyperliquidSignTransaction' && eth.eip_712.primary_type == 'HyperliquidTransaction:Order' && eth.eip_712.message['orders'][0]['a'] == '3' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Array access is index-based ([0], [1], etc.). The condition message['orders'][0]['a'] == '3' only checks the first order — any additional orders in the array are not evaluated. To restrict all orders in a known-size batch, add a condition for each index: message['orders'][0]['a'] == '3' && message['orders'][1]['a'] == '3'.
Deny signing of NO_OP keccak256 payloads
{
"policyName": "Deny NO_OP hash signing",
"effect": "EFFECT_DENY",
"condition": "activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2' && activity.params.hash_function == 'HASH_FUNCTION_NO_OP' && activity.params.encoding != 'PAYLOAD_ENCODING_EIP712'"
}
Allow signing of EIP-712 payloads for EIP-3009 Transfers
{
"policyName": "Allow signing of EIP-712 payloads for EIP-3009 Transfers for USD Coin",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'USD Coin' && eth.eip_712.primary_type == 'TransferWithAuthorization' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Allow signing of EIP-712 payloads for EIP-2612 Permits for USD Coin
{
"policyName": "Allow signing of EIP-712 payloads for EIP-2612 Permits for USD Coin",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'USD Coin' && eth.eip_712.primary_type == 'Permit' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Allow signing of EIP-7702 Authorizations
{
"policyName": "Allow signing of EIP-7702 Authorizations",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_7702_authorization.address == '<ADDRESS>' && eth.eip_7702_authorization.chain_id == '<CHAIN_ID>' && eth.eip_7702_authorization.nonce == '<NONCE>' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
