Understanding transaction policies

Each organization manages a list of off-chain and/or on-chain transaction policies. When a transaction is initiated, it undergoes a matching process against the ordered policies in the list. If a matching policy is identified, the corresponding approval action will be automatically executed.

Transaction policies in Cobo Portal come in two main types:

  • On-chain transaction policies
  • Off-chain transaction policies

On-chain transaction policies

On-chain transaction policies are governed by smart contracts on the blockchain networks and are specifically designed for Smart Contract Wallets. These policies provide:

  • Delegate management for single-signature operations
  • Token approval controls
  • Token transfer controls
  • Custom contract call controls

Once created, modifications to on-chain transaction policies require multi-signature confirmation from Safe signers.

Off-chain transaction policies

Off-chain transaction policies are managed by Cobo Portal’s backend system. They offer:

  • Flexibility: Easy to modify and update as needed
  • Compatibility: Works with multiple wallet types
  • Immediate effect: Changes take effect instantly without blockchain transactions

Off-chain transaction policies include the following types:

Policy TypeMain PurposeKey Controls
General PolicyApplicable to all transaction types• Condition is fixed to Any Transaction
Token transferControl token movements and limits• Initiators
• Amounts
• Receiving addresses
• Token types
Contract callManage smart contract interactions• Initiators
• Token approvals
• Token transfers
• Contract addresses, methods, and parameters
Message signingControl transaction signing• Initiators
• Message types
• Safe message signing controls
Emergency policyImmediate risk control for contingencyEnforcing auto rejection or auto quorum for all transactions

To simplify the initial setup process, Cobo Portal pre-configures a set of default transaction policies for new organizations, designed to provide foundational security. You can adjust these default policies according to your organization’s specific needs.

Smart Contract Wallet policy guide

Smart Contract Wallets can use both on-chain and off-chain transaction policies. Here’s when to use each:

Use on-chain transaction policies when:

  • Setting up delegate permissions that need to be enforced at the smart contract level
  • Implementing permanent or long-term rules that shouldn’t be easily changed
  • Configuring rules that must be executed on-chain for security
  • Changes require multi-signature approval from Safe signers

Use off-chain transaction policies when:

  • Need quick policy updates without requiring multi-sig approval
  • Want additional control layers beyond on-chain rules
  • Managing temporary or frequently changing rules
  • Controlling specific transaction initiators or API access

For maximum security, you can combine both:

  1. Use on-chain transaction policies for core security rules
  2. Add off-chain transaction policies for flexible, day-to-day control

Setting up transaction policies

Prerequisite: Please assign the Operator role to the designated team members who will set up transaction policies.
Transaction policies are an important security measure for your organization. It is recommended to strictly configure these policies, especially for large withdrawal scenarios, to avoid high-risk situations such as having no transaction policies, having transactions that are not covered by a transaction policy, automatically approving all transactions, or allowing the same role to both withdraw and approve transactions.

For detailed setup instructions, see:

Feel free to share your feedback to improve our documentation!