Transaction policies are an important security measure for your organization. It is recommended to strictly configure these policies, especially for large withdrawal scenarios, to avoid high-risk situations such as having no transaction policies, having transactions that are not covered by a transaction policy, automatically approving all transactions, or allowing the same role to both withdraw and approve transactions.
The following documentation explains how to set up message signing policies with the Initiators or Message Types conditions. For Safe{Wallet} message signing policies, see Risk controls for Safe{Wallet} message signing.

Create a message signing policy

  1. Log into Cobo Portal.
  2. Click > Transaction Policies in the main menu on the left-hand side.
  3. Click Create Policy > Message Signing.
  1. Enter a Policy Name. The name should not exceed 30 characters.
  2. Select applicable networks.
  3. Select the wallets under Applicable Wallets that are applicable to the policy you are about to create. Select addresses. The following wallet types support message signing policies:
    • Custodial Wallets
      • Web3 Wallets
    • MPC Wallets
      • Organization-Controlled Wallets
      • User-Controlled Wallets
  4. Under If, click + Add Condition to select a condition template. You can add one or more conditions to each policy. If multiple conditions are applied, the policy will be triggered only if the transaction satisfies all conditions. To learn more about conditions, see Select condition template.
    • You have the option to skip setting any conditions and proceed directly to the next step. This means that any message signing requests associated with the applicable wallets will trigger this policy.
  5. Under Then, Select the action to be taken if the policy is triggered (i.e., Auto Approval, Auto Rejection, and Approval Quorum), then click Next. To learn more about approval actions, see Set approval action.
  6. Review the policy you just configured, then click Next.
  7. Review the order of your policies. Transactions will be matched with policies in the list based on their priority order.
    • Once a higher-priority policy is triggered, subsequent policies will no longer be triggered.
    • By default, the newly created policy will be placed at the top of the policy list and highlighted. You can change the order by dragging and dropping.
  8. Click Submit and complete the 2FA verification.

Select condition template

Initiators: The policy will be triggered only if the transaction is initiated by selected entities.

  • Cobo Connect: Message signing initiated using Cobo Connect.
  • API Keys: Message signing initiated via any API Keys or specified API Keys.

Message Types: The policy will be triggered only if the transaction only if the message type is selected.

  • Typed Message: The message to be signed is a typed message, such as EIP-191 or EIP-712.
  • Raw Message: The message to be signed is a raw message.
For the condition ** Safe{Wallet} message signing**, see Risk controls for Safe{Wallet} message signing.

Set approval action

Currently, Cobo Portal supports three types of approval actions:

  • Auto Approval: Transactions meeting the above conditions will be automatically approved.
  • Auto Rejection: Transactions meeting the above conditions will be automatically rejected.
  • Approval Quorum: Transactions meeting the above conditions will require a specified number of approvals to proceed. Please click + Select Approvers to add one or more team members as approvers. You can select by User Roles or Users. Then, set the approval quorum.
Feel free to share your feedback to improve our documentation!