Changelog
Back to All
added

Scoped wallet limits

3 months ago by Manthan Dave

Overview

Limits now allow you to scope a subject or a resource. This changes how the limits are applied and enforced.

Previously, limits were applicable to everything that was interacting with a wallet. While this was inflexible, combining it with access control facilitated physically segregated wallets, each with discrete purpose.

The new model with limit scopes allows greater flexibility and enables multi-purpose wallets. This means that a single wallet can have limits that restrict the spend by users or api credentials, to specific counterparties, via specific transaction types.

In order to make the limits as flexible as possible, the scopes are implemented using a mechanism called matchers. Matchers define what the limit must match in order to be applicable. Today, we have four types of matchers:

  1. Initiator
    1. User
    2. API Credential
  2. Counterparty
  3. Transaction Type
  4. Sign For

Initiator

A limit can have at most one initiator matcher at a time. An initiator can be a User or API credential. A limit with an initiator will only apply to that specific initiator.

UI Examples

Example limit configuration with User as initiator

Example limit configuration with API Credential as initiator

API Examples

{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "USER",
        "value": "121d0242-02f3-4fa4-b907-a5ce54b68ba3"
    }
  ]
}

{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "API_CREDENTIAL",
        "value": "b89b0060-7d8b-4944-9eb7-62e45e5cce46"
    }
  ]
}

Counterparty

A limit can have at most one counterparty at a time. A limit with a counterparty will enforce the rule on transactions to that counterparty.

UI Examples

API Examples

{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "COUNTERPARTY",
        "value": "rNDvqWSvarYhvFsezgBE7jfJbqdAGXRRio"
    }
  ]
}

Transaction Type

A limit can have at most one transaction type at a time. A limit with a transaction type will enforce the rule on transactions of that specific type.

UI Examples

API Examples

{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "TRANSACTION_TYPE",
        "value": "OfferCreate"
    }
  ]
}

Sign For

Sign For limit type is useful when the wallet is a signer on another multisig wallet. This limit type allows you to restrict who the wallet is able to sign for.

For example: Wallet A is a signer on a multisig Wallet M. In order to sign multisig transactions for where the sender is Wallet M, Wallet A needs a limit with matcher type sign_for with blockchain address of Wallet M.

API Examples

{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "SIGN_FOR",
        "value": "rNDvqWSvarYhvFsezgBE7jfJbqdAGXRRio"
    }
  ]
}

Usage

Limit scope matchers are an incredibly powerful way to manage risk. You can mix the matchers to create configurations that allow very specific transactions, reducing your risk surface.

Here is an example usage:

The base policy allowing maximum of 1 XRP spend applies to all transactions across the board, regardless of who the initiator is, where the transaction is going or what the transaction type is. This is effectively enabling fee spend in XRP on this wallet.

The second policy is a specific policy, using all the scoped matchers. It enables this wallet to send maximum of 100 million PUSD tokens in total into the treasury wallet when the Payment transaction type is initiated by the user Manthan Dave.

As you can see, combining the matchers and the two policies severely limits the spend on this wallet, thereby reducing the risk of unauthorized transactions.

Migration

While migration is not strictly required in all cases, we recommend updating all wallet limits using the new scoped limit matchers in order to improve your risk management and security posture.

Migration is required in cases where one or more of Palisade keys is a signer on a multisig wallet. In this case, you will need to migrate using the “Sign For” limit matchers. You can use the following curl command to migrate:

curl --location --request PUT 'https://api.sandbox.palisade.co/v2/vaults/{{vaultID}}/wallets/{{walletID}}/policy-rules/limits' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'Authorization: Bearer {{access_token}}' \
--data '{
  "limitType": "PER_TX",
  "limitQty": "0.1",
  "symbol": "XRP",
  "matchers": [
    {
        "type": "SIGN_FOR",
        "value": "rNDvqWSvarYhvFsezgBE7jfJbqdAGXRRio"
    }
  ]
}'