AuthenticationAccount managementPolicies

Overview

Smart Wallet Policies are in private beta. Please contact us if you would like to build with Policies. Beta features may change.

Smart Wallets enable seamless crypto experiences with gas sponsorship, batched transactions, and chain abstraction. Secured by non-custodial Trusted Execution Environments (TEEs) and enterprise-grade audited smart contract accounts, smart wallets protect user assets with both offchain and onchain safeguards.

Policies allow you to set rules and constraints governing how smart wallets operate, ensuring security and control over onchain actions. Using the policy dashboard, you can easily configure rules such as spending limits, contract allowlists, or denylists. This overview explains how you can leverage policies to further secure your smart wallet.

Key Features:

  • Granular control: Define allowable actions, such as approved contracts or maximum transfer amounts.
  • Scalability: Policies are built on Alchemy’s high-performance RPC and gas sponsorship systems, ensuring seamless operation at scale.
  • Composable Security: Policies can be defined onchain or offchain and seamlessly composed to authorize smart wallet operations to multi-layer beyond standard authentication mechanisms.
smart wallet transaction policies

Offchain Policies (EVM & Solana)

Offchain policies shift rule enforcement to Alchemy’s offchain infrastructure. In EVM, these policies can also be composed with the onchain policies to provide multi-layered security.

Offchain policies support many rules including:

  • Transaction Limits: Restrict the value of transfers (e.g., cap at 1 ETH per transaction or 10 ETH daily) to prevent overspending or unauthorized large moves.
  • Contract Allowlists: Limit interactions to approved smart contracts (e.g., Uniswap, Aave), enhancing security by blocking untrusted protocols.
  • Multi-factor Authentication: Add an extra layer of security by requiring multiple authentication factors to sign a transaction.
  • Chain Restrictions: Limit transactions to only certain chains
  • Gas Sponsorship Rules: Define custom conditions for gas sponsorship (e.g. sponsor up to $10 in gas, or first 10 transactions, allowlist/blocklist senders for sponsorship, custom rules, etc.).

Onchain Policies (EVM only)

Onchain policies lock in trust, transparency, and developer right to exit — rules baked into smart contracts enforce security and consistency without relying on fragile offchain servers or middlemen. Because the rules are defined onchain, they remain consistent regardless of which key provider is used.

  • Transaction Limits: Use onchain modules to restrict the value of transfers (e.g., cap at 1 ETH per transaction or 10 ETH daily) to prevent overspending or unauthorized large moves.
  • Contract Allowlists: Use onchain modules to limit interactions to approved smart contracts (e.g., Uniswap, Aave), enhancing security by blocking untrusted protocols.
  • Multi-Signature Requirements: Enforce quorum rules (e.g., 2-of-3 signers for high-value transactions), ideal for shared custody, treasury management, or onchain multi-factor authentication.
  • Time Restrictions: Allow transactions only within specific time windows (e.g., within the next 24 hours), enabling scheduled operations.
  • Gas Sponsorship Rules: Define requirements for paymaster definitions (e.g., require your token is used for gas or that transactions are sponsored under certain conditions).
  • Asset-Specific Caps: Use onchain session keys to set limits on ERC-20 token transfers (e.g., max 1000 USDC per action) or native assets.
  • Deny Lists: Block interactions with flagged addresses or contracts, mitigating risks from known vulnerabilities.

What Are Session Keys?

Session Keys allow you to add multiple signers to smart wallet with scoped permissions that are validated onchain. This unlocks:

  • Multiple owners for wallets
  • Automated tasks like claiming rewards or recurring payments
  • Stronger security by limiting exposure of the main account key

They’re ideal for reducing UX friction while maintaining onchain guarantees.

Skip duplicate confirmations

With session keys, users don’t need to approve every dapp interaction using their main wallet. Instead, a dapp can use a session key to perform follow-up actions — fast and frictionless — all within a defined scope.

Example: Enabling auto-approval for repeated steps like claiming testnet tokens or submitting votes to reduce user friction of having to sign many transactions.

Session keys unlock a simplified authentication process by allowing users to interact with apps without needing to confirm each action using their primary key. Instead, users create a session key with permissions specific to the app, then the app can use that key for future actions from the apps server or client. This speeds up the user interaction and provides a smoother experience and allows apps to have secure server side wallet control.

Automate actions

Use session keys to run workflows without needing user input each time. Automate:

  • Claim flows
  • Token approvals
  • Recurring transactions

By granting only the necessary permissions, session keys ensure automation stays secure.

Users and apps can automate actions within predefined limits using specific on-chain permissions. Session keys can be used to streamline processes like recurring payments, contract interactions, or any activity that benefits from automation.

Securely delegate access

Session keys reduce exposure of the main private key by creating temporary or restricted alternatives. Even if compromised, session keys limit damage because they’re restricted to only the permissions you defined, not your entire account.

Session keys reduce risk by limiting access:

  • They’re scoped to specific actions
  • Can expire after a set time
  • Can be revoked independently of the main account key

By delegating authorization to a separate key, the exposure of the main private key is minimized.

Build with granular permissions

Session keys are safe because they’re built on a flexible permission system. You control exactly what a session key can do, when it can act, and how much it can spend.

Modular Account V2 includes a growing library of permission types — from spending limits and time windows to contract allowlists and function restrictions. You can also build custom permission modules for specialized use cases.

This granular control lets you create session keys that are perfectly scoped for each use case, whether that’s a one-time NFT mint, recurring DeFi interactions, or complex multi-step workflows.

Want to build your own permission system? Let us know — Modular Account V2 is designed to plug in custom modules easily.