Fortify Your Assets: A Guide to Fordefi's Transaction Policy Engine [Part 3/3]

Read Time 2 mins | Written by: Uri Eden

Welcome to the final part of our blog series on securing your assets with Fordefi's Transaction Policy!

In this blog series, we provide insights on how to effectively use Fordefi's Transaction Policy to protect your organization’s assets. Part one discussed two of the main unique features of Fordefi’s policy engine, the transaction simulation and the dApp directory. Part two explored tips on using groups and limiting token allowances. In this final part, we will discuss how to leverage the Policy Engine to protect your programmatic transactions.

How to Protect Your Programmatic Transactions

  • Limit your trading applications: Organizations that transact programmatically face risks such as bugs in the transacting application, or compromise of the server that runs the application. If such an applications has blanket access to your assets, the the result of a bug or an attack could lead to loss of funds. Fordefi’s Transaction Policy helps limit the damage in these cases. We recommend giving each application the minimal set of trading permissions needed for its operation, and limit the wallets, chains, protocols, and amount the application can use in its transactions. 

Creating Rules for Programmatic Signers

  • Use Programmatic Approvers: To increase security, organizations can run programmatic approvers. A programmatic approver is a a custom application, written and run by the customer that can apply custom validation logic on the transaction to make sure it falls within the expected behavior of the program (for example it could cross-validate the transaction against other data in the system). To set up such a workflow, create a separate API User for the approver application and specify it as a required approver in policy rules. Also register the application’s endpoint to receive webhook notifications from Fordefi for every newly created transaction. To approve the transaction the, application needs to call the Approve Transaction API call. The approver application can use the transaction simulation results provided by Fordefi for every transaction.
  • Set policy on black-box signatures: A black-box vault is a vault for which Fordefi provides only the MPC-based key management layer, wheras the blockchain layer is left to the customer. Such vaults are used to rapidly support programmatic transactions on custom blockchains that Fordefi does not yet fully support. Since the blockchain layer is not available for such black-box transactions, customer do not benefit from the full power of the policy (like the DApp Directory, the transaction simulation, etc.) That said, Fordefi’s Transaction Policy can help secure black-box transactions as well. Specifically, you can still require multiple approvers for such transactions, and those approvers, whether humans or programmatic, can verify custom conditions on the message being signed.
Thank you for following along with our Transaction Policy Engine blog series. We hope you found this content to be actionable and informative. Please don't hesitate to reach out to our team if you have further questions regarding our Transaction Policy Engine. You can email us at to learn more. 

Connect with us!

Learn how Fordefi's MPC wallet platform can help you unlock your digital asset strategies.
Uri Eden

Uri Eden is a Director of Product Management at Fordefi. Joining Fordefi in 2022, Uri brings with him over a decade of experience in product management and engineering.