Read Time 3 mins | Written by: Uri Eden
Welcome to the second part of our blog series on securing your assets with Fordefi's Transaction Policy!
In the first blog, we discussed how Fordefi's dApp directory allows you to easily whitelist DeFi protocols. We also explored how Fordefi’s simulation-based policy engine enables you to set amount limits on all types of transactions. In this second blog, we will delve deeper into our policy engine and provide additional tips on using groups to simplify your policy and limiting allowances. Let's get started!
Effectively use groups to simplify your policy:
- Address book groups - Fordefi enables users to save addresses and their aliases in a verifiable storage. All addresses are signed by the customer's device keys to prevent tampering. Users can also group addresses together and set policies for each group. Once a policy rule is defined for a specific group, any additional addresses added to the group will be subject to the same policy. Any changes to the address book require an approval of a quorum of administrators.
- User and Vault groups - similarly to address groups, you can group users or vaults and apply policies on the group as well as on the individual object. Using groups keeps your policy cleaner and easier to understand. It also simplifies the process of adding users or vaults to your workspace, by allowing you to instantly attach policies to newly created vaults and users by assigning them to the appropriate groups at creation time. In contrast, for security reasons, moving existing vaults between groups always requires an admin quorum approval.
Limit token allowances:
On EVM chains, a token allowance (or a token approval) is a permission to a smart contracts to transfer tokens from your wallet. Token allowances are an essential mechanism for applications such as Decentralized Exchanges or lending protocols. That said, this mechanism introduces risk since a malicious or compromised contract can abuse the allowance and steal funds. Therefore, setting an amount limit on an allowances is very important, and specifically its best to avoid unlimited allowances, which unfortunately some DApps still request (for gas efficiency reasons).
Fordefi’s transaction policy helps to mitigate the risk of token allowances by setting limits on the allowed tokens, the recipient (or spender) of the allowance, and the allowed amount. This enables customers to balance security and operational efficiency based on their risk and internal controls. In addition to the transaction policy, Fordefi offers several other “allowance hygiene” features:
- Edit allowances at creation time - many DApps require you to set an unlimited amount to your tokens. You can change this amount in Fordefi’s extension at the time of creation.
- Fordefi Allowance Manager - is a dashboard showing all your outstanding token allowances across different chains, and give you an easy way to revoke those allowances It is best practice to regularly review this screen revoke unused or unnecessary allowances.
- Fordefi supports the recent Permit2 standard, which is is a new gasless allowance mechanism developed by Uniswap. With Permit2, allowances can be expressed as Message Signatures instead of regular transactions. Fordefi detects Permit2 allowances and allows enforcing a policy on them similar to traditional allowances.
