Documentation Index
Fetch the complete documentation index at: https://turnkey-0e7c1f5b-am-fix-broken-links.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Note: see the language section for more details.
Allow ABI-specific contract call parameters
For contract interactions, use
Smart Contract Interfaces (ABI upload) rather than
raw calldata slicing. ABI-based policies use named arguments
(eth.tx.contract_call_args['arg_name']) instead of byte offsets — they’re more readable, less
error-prone, and won’t silently break if the contract encoding changes. Raw eth.tx.data[...]
slicing is a fallback for contracts where no ABI is available.
Restrict a transfer call to a maximum amount and a specific recipient:
{
"policyName": "Limit WETH transfers",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.contract_call_args['wad'] < 1000000000000000000 && eth.tx.contract_call_args['dst'] == '0x08d2b0a37F869FF76BACB5Bab3278E26ab7067B7'"
}
{
"policyName": "Allow only transfer calls to a contract",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.to == '<CONTRACT_ADDRESS>' && eth.tx.function_name == 'transfer'"
}
Allow ERC-20 transfers for a specific token smart contract (raw calldata fallback)
Use this pattern only when an ABI is unavailable. The selector 0xa9059cbb is the 4-byte keccak256
hash of transfer(address,uint256).
{
"policyName": "Enable ERC-20 transfers for <CONTRACT_ADDRESS>",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.to == '<CONTRACT_ADDRESS>' && eth.tx.data[0..10] == '0xa9059cbb'"
}
Allow anyone to sign transactions for testnet (Sepolia)
{
"policyName": "Allow signing ethereum sepolia transactions",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.chain_id == 11155111"
}
Allow ETH transactions with a specific nonce range
{
"policyName": "Allow signing Ethereum transactions with an early nonce",
"effect": "EFFECT_ALLOW",
"condition": "eth.tx.nonce <= 3"
}
Allow signing of EIP-712 payloads for Hyperliquid ApproveAgent operations
{
"policyName": "Allow signing of EIP-712 Payloads for Hyperliquid `ApproveAgent` operations",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'HyperliquidSignTransaction' && eth.eip_712.primary_type == 'HyperliquidTransaction:ApproveAgent' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Inspect nested fields in EIP-712 message payloads
The eth.eip_712.message map supports nested field access using bracket notation, allowing policies
to inspect typed data contents beyond just the domain and primary type.
Syntax:
- Nested struct fields:
eth.eip_712.message['outerField']['innerField']
- Array element fields:
eth.eip_712.message['arrayField'][0]['innerField']
Example: Restrict Hyperliquid orders to a specific asset
Hyperliquid’s HyperliquidTransaction:Order message contains an orders array of Order structs.
Each Order uses short field names: a (asset index), b (isBuy), p (price), s (size), r
(reduceOnly).
{
"primaryType": "HyperliquidTransaction:Order",
"domain": { "name": "HyperliquidSignTransaction", ... },
"message": {
"orders": [
{ "a": 3, "b": true, "p": "1800.0", "s": "0.1", "r": false, ... }
],
"grouping": "normalTpsl"
}
}
3):
{
"policyName": "Allow Hyperliquid orders for ETH only",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'HyperliquidSignTransaction' && eth.eip_712.primary_type == 'HyperliquidTransaction:Order' && eth.eip_712.message['orders'][0]['a'] == '3' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Array access is index-based ([0], [1], etc.). The condition message['orders'][0]['a'] == '3'
only checks the first order — any additional orders in the array are not evaluated. To restrict
all orders in a known-size batch, add a condition for each index: message['orders'][0]['a'] == '3' && message['orders'][1]['a'] == '3'.
Deny signing of NO_OP keccak256 payloads
{
"policyName": "Deny NO_OP hash signing",
"effect": "EFFECT_DENY",
"condition": "activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2' && activity.params.hash_function == 'HASH_FUNCTION_NO_OP' && activity.params.encoding != 'PAYLOAD_ENCODING_EIP712'"
}
Allow signing of EIP-712 payloads for EIP-3009 transfers
{
"policyName": "Allow signing of EIP-712 payloads for EIP-3009 Transfers for USD Coin",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'USD Coin' && eth.eip_712.primary_type == 'TransferWithAuthorization' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Allow signing of EIP-712 payloads for EIP-2612 permits for USD Coin
{
"policyName": "Allow signing of EIP-712 payloads for EIP-2612 Permits for USD Coin",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_712.domain.name == 'USD Coin' && eth.eip_712.primary_type == 'Permit' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Allow signing of EIP-7702 authorizations
{
"policyName": "Allow signing of EIP-7702 Authorizations",
"effect": "EFFECT_ALLOW",
"condition": "eth.eip_7702_authorization.address == '<ADDRESS>' && eth.eip_7702_authorization.chain_id == '<CHAIN_ID>' && eth.eip_7702_authorization.nonce == '<NONCE>' && activity.type == 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2'"
}
Home