This feature is available for all Dynamic v3 embedded wallets (TSS-MPC). Upgrade is required if you are on v2 or earlier.
Overview
Policy and Rules gives developers fine-grained control over how wallets interact. Policies are enforced before a transaction is signed ensuring there is validation before execution. This allows you to:- Block malicious or unauthorized counterparties
- Create custom workflows around wallet interactions
- Ensure transactions are simulated and verified before execution
Security Model
Dynamic’s policy system is designed with security and transparency at its core:- Tamper Resistance: Policies are created and enforced in a trusted execution environment, ensuring they cannot be bypassed at the client level. Only administrators and those with permissions can update and modify rules
- Auditability: Every policy update is logged and traceable.
- Transaction Simulation: Before a transaction is signed, it is simulated against your rules. Non-compliant requests are automatically rejected.
- Malicious Transaction Detection: Before a transaction is signed, all transactions will be validated to ensure they are not being sent to a malicious address.
- Pre-Signing Enforcement: Rules apply at signing time, not just after execution. This means developers can trust that no transaction leaves the wallet unless it passes policy checks.
Allowlist Mode
When you configure an allowlist, only addresses included in your allow rules are permitted. Everything not on the list is blocked.Address Evaluation
Policies evaluate all participant addresses involved in a transaction’s execution path. If a transaction calls contract A that then calls contract B, every touched address (A and B) is considered a participant for evaluation. When using an allowlist (only listed addresses are permitted), ensure you include all relevant contract addresses, including proxies and their underlying implementations, to avoid unintended rejections.Value Limits
You can add a value limit to any rule to restrict the maximum amount that can be transferred in a single transaction. When a value limit is set, the policy will evaluate the transaction amount and automatically block any transaction that exceeds the specified limit. Value limits work for both EVM and Solana (SVM) chains, and can be applied to native tokens (like ETH or SOL) as well as custom tokens (such as ERC-20 or SPL tokens). To set a value limit for the native token of the chain, simply leave the address field for the value limit blank.Creating a Rule
Step 1: Navigate to the Policies Tab
On the developer dashboard, navigate to the Policies tab under the Wallets section. Click on Create your first rule to get started.
Step 2: Configure the Rule
In Basic Settings, you can configure the following for the rule:- Rule Name: A descriptive name for the rule
- Rule Description: A description of the rule
- Rule Type: The type of rule to create. You can choose between:
- Allow: This rule allows the operation to proceed
- Deny: This rule blocks the operation
- Network/Environment: The specific network or environment, such as Sepolia, Base Sepolia, etc.
- Addresses: The addresses the rule applies to
Step 3: Add/Update a Rule
There are two ways to add/update a rule: you can either update using the dashboard or send an API request with your authorized token.Creating a Rule
- Click on Save Rule to create a rule by clicking on Add Rule in Basic Settings once you have configured the rule.
- You can also send an API request with your authorized token to create/update a rule. The payload can be found in the JSON tab of the Rule creation page.
Update a Rule
If you have active rules, you will see the Policy & Rules Management tab in the Policies tab.- Click on the rule you want to update, which will expand to the Edit Rule page
- Update the rule configuration and click on Save Rule to update the rule
Step 4: Verifying Policy
To confirm that your policy rule is enforced, attempt to send a transaction that matches or violates the rule you configured. We recommend performing these tests on a testnet within a sandbox environment. Expected Behavior:- If the transaction complies with the policy, it will be processed as normal.
- If the transaction violates the policy, the SDK or wallet connector will return an error indicating that the operation is not permitted.
Step 5: Deleting a Rule
If you have active rules, you will see the Policy & Rules Management tab in the Policies tab.- Click
...next to the rule you want to delete, which will expand a dropdown menu with the option to delete the rule - Check the box to confirm you want to delete the rule and click on Delete Rule button
Creating, Updating, and Deleting Rules in Bulk
You can programmatically create or update multiple policy rules at once using the API. To do this, provide an array of rules in therulesToAdd, rulesToUpdate, or ruleIdsToDelete fields of your request payload.
Here is an example of how to create multiple rules using a POST request (SDKs or HTTP clients):
USDC allowlist example (Ethereum mainnet, proxy + implementation) to a single address:
USDC on Ethereum mainnet uses a proxy pattern. To allow interactions, add both the proxy and the current implementation addresses to your allowlist, on this example we are allowing interactions to a single address (0x5f09B2caaafD345EaE7B711A32CcBdf59befB4bB):Value Limit Example (Ethereum mainnet):
On this example we are allowing interactions to a single address (0x5f09B2caaafD345EaE7B711A32CcBdf59befB4bB) with a value limit of 100 USDC:Additional Notes
- The list of available chains in the dashboard depends on your configuration settings. Some networks may not be available for policy validation.
- Policies and rules are currently supported only for most EVM and Solana chains, including their respective testnets.
- Sui embedded wallets are not supported at this time.