You can tailor your Prime Onchain approval process using our policy engine to enhance your workflow efficiency. Depending on the security sensitivity of an activity, you might choose to increase the number of approvers required, or reduce them for activities that are less sensitive or demand quicker execution.
Access the policy engine through: Settings > Onchain > Policy Engine.
The Onchain policy engine allows you to establish rules based on specific conditions, dictating the required approvals for different transactions.
Default Setting: By default, the policy engine adopts the number of approvers required across your entire Prime portfolio.
Example Setup for Policy Engine:
Use Case 1: Simple Asset Storage for Long-Term Holding
For high-value long-term holdings, which require maximum security, set the default rules to include a higher number of approvers (e.g., at least two approvers plus a Onchain signer).
Use Case 2: Asset Storage and Interaction with DeFi (e.g., DEX Trading)
To mitigate risks, use separate wallet addresses for different activities. Customize your approval process based on the risk associated with each activity or the urgency of transaction processing.
Creating Flexible Rules:
Designate Wallets for Specific Activities: You might create a wallet specifically for DEX trading to isolate funds and limit risk exposure.
Adjust Approver Requirements: Implement rules that reduce the number of approvers for transactions from a designated "source wallet" to a specific "destination," such as a smart contract address of a DEX. This flexibility is crucial for operations that require timely on-chain processing, like DEX transactions with expiry times.
Specify User Permissions and Destinations: Ensure that only authorized personnel (e.g., a senior trader) can initiate and sign transactions from that wallet, which should only interact with the specified smart contracts
Use Case 3: High Manual Throughput of Transactions
To streamline the processing of numerous daily transactions while adhering to the four-eyes principle (requiring two distinct users to process a transaction), consider the following configuration:
Define a Rule for a Specific Source Wallet: Similar to the approach in Use Case 2 for Trading, assign a designated wallet or group of wallets for these transactions.
Specify the Destination: Limit the interaction of this wallet to certain addresses.
Initiator and Approver Settings:
Initiator: Designate who can initiate the transaction.
Approval: Set the number of approvers to zero (signer only), and designate a signer different from the initiator to sign the transaction.
This setup eliminates the need to use a YubiKey for each transaction, requiring it only for logging in (with a session valid for 24 hours). Post-login, the initiator can start the transaction, and the signer completes it using mobile biometric authentication instead of both a YubiKey and biometric authentication for each transaction. By specifying different individuals for the initiator and signer roles, the four-eyes principle is maintained. Alternatively, for wallets managed by a single user, the same person can serve as both initiator and signer.
Session Validity and Security:
Login Sessions: Remain valid for 24 hours. After this period, users must re-login using their credentials and YubiKey to obtain another valid session.
Sign-Out Option: Users can manually sign out of the app to end the session.
This configuration reduces the security level for that specific wallet—YubiKey is needed only at login once every 24 hours—but also decreases transaction friction for users comfortable with this approach.
You can continuously refine and expand the rules to meet your evolving operational requirements, including governance, various DeFi interactions, and standard send/receive operations. Facilitate this by creating trusted address groups accessible via Settings > Onchain > Address Book. These groups help define rule conditions, such as Source Wallet and Destination specifics. For detailed guidance on utilizing the Onchain address book, please visit our Help Center.