Skip to main content

About transaction policies

Overview

This guide explains how transactions work in the keyless wallet. It covers the transaction flow, transaction policies, and the two types of policies: app-specific and global user policies.

Key points

  • Transactions are initiated through the Lockbox SDK.
  • Your app can send transactions only to pre-registered smart contracts.
  • New users have default payment thresholds for specific ERC-20 tokens and RON token.
  • Users can increase their payment limits by implementing additional security measures.

Transaction flow

Every transaction in a keyless wallet is initiated through a Lockbox SDK call. The SDK generates a transaction JSON object that is sent to the Gateway. The Gateway checks the transaction policies and, if the transaction meets the requirements, sends the transaction to the backend for signing. The backend signs the transaction using MPC and sends the signed transaction to Ronin. Ronin then sends the transaction hash back to the app.

Transaction policies

Transaction policies are a set of requirements that must be met before a transaction can be signed by MPC.

Two groups of transaction policies exist:

  • App-specific policies
  • Global user policies

App-specific policies

An app-specific policy defines a list of smart contracts that an app ID can interact with. The app developer must register the smart contract addresses with Sky Mavis as part of the getting started process.

When a user interacts with the app, the app sends its app ID and the access token to the gateway. The gateway verifies the app-specific policy to ensure that the user can interact with the specified smart contracts.

For example, the policy may look like this:

{
  "appID": "12a34...",
  "AllowlistContract" : ["0xabc...", "0xdef..."]
}
info

Apps using ERC-721 and ERC-1155 token contracts should use a Proxy model for contract deployment.

Global policies

The global user policy defines the payment limits for each user. The policy is divided into two levels:

Default payment limitation (level 1)

When a user creates a new account, a level 1 payment limit applies by default.

TokenLimit per transactionDaily accumulated limit
AXS50300
RON10005000
USDC10005000
WETH0.10.3

Advanced payment limitation (level 2)

When a user takes additional security measures, such as turning on MFA (multi-factor authentication), their payment limit is raised to level 2, which allows policy customization.