Universal Action Policy
The universal action policy allows for controlled access to specific contract functions with optional parameter-based rules. Below is an example that restricts a function call to a specific parameter value.
⚠️ Security Consideration: Always set appropriate time bounds and carefully consider which contract functions to expose.
universalAction.ts
import { usersNexusClient } from "./client.ts";
import { parseUnits, toFunctionSelector } from "viem";
const createSessionsResponse = await usersNexusClient.grantPermission({
sessionRequestedInfo: [
{
sessionPublicKey,
actionPoliciesInfo: [
{
functionSelector: toFunctionSelector("transfer(address,uint256)"),
contractAddress: USDC_ADDRESS,
rules: [
{
condition: ParamCondition.EQUAL,
offsetIndex: 0, // recipient parameter
isLimited: false,
ref: WHITELISTED_ADDRESS
},
{
condition: ParamCondition.LESS_THAN,
offsetIndex: 1, // amount parameter
isLimited: true,
ref: parseUnits("1000", 6), // 1000 USDC per tx
usage: {
limit: parseUnits("5000", 6), // 5000 USDC total
used: 0n
}
}
],
}
]
}
]
});Common Use Cases
- Token Allowances: Set maximum spending limits for ERC20 tokens
- Whitelisted Transfers: Restrict transfers to approved addresses only
- Budget Management: Implement departmental spending controls
- DeFi Risk Management: Limit exposure in DeFi protocols
- Automated Payments: Control recurring token payments
- Treasury Operations: Manage organizational token distributions
Best Practices
- Whitelist Recipients: Always specify allowed recipient addresses
- Dual Limits: Implement both per-transaction and cumulative limits
- Token Decimals: Carefully account for token decimal places when setting limits
- Usage Tracking: Monitor cumulative usage against total limits
- Multiple Tokens: Set appropriate limits for each token type
- Regular Reviews: Periodically audit spending patterns and adjust limits
- Combine Policies: Use with time-based restrictions for enhanced security