Policies: Make allowed recipients and amount fields optional (#103)

alberto-crossmint · web-flow · commit 0449db158dc6 · 2026-03-16T19:20:35.000+01:00
* Policies: Make the allowed recipients field optional

* Amount too
diff --git a/contracts/smart-account-interfaces/src/auth/types.rs b/contracts/smart-account-interfaces/src/auth/types.rs
@@ -14,11 +14,12 @@ pub struct TokenTransferPolicy {
     /// The SAC token contract address this signer is allowed to call `transfer` on.
     pub token: Address,
     /// Maximum cumulative amount (in token's smallest unit) allowed per window.
-    pub limit: i128,
+    /// None = no amount restriction; other checks (expiration, token, recipients) still apply.
+    pub limit: Option<i128>,
     /// Number of seconds after which the spent amount resets. 0 = no reset (lifetime limit).
     pub reset_window_secs: u64,
-    /// Allowed recipient addresses. Empty = any recipient is allowed.
-    pub allowed_recipients: Vec<Address>,
+    /// Allowed recipient addresses. None = any recipient is allowed; Some([]) = no recipient allowed (deny all).
+    pub allowed_recipients: Option<Vec<Address>>,
     /// Unix timestamp after which this policy expires. 0 = no expiration.
     pub expiration: u64,
 }
diff --git a/contracts/smart-account/README.md b/contracts/smart-account/README.md
@@ -354,7 +354,7 @@ classDiagram
         +token: Address
         +limit: i128
         +reset_window_secs: u64
-        +allowed_recipients: Vec~Address~
+        +allowed_recipients: Option~Vec~Address~~
         +expiration: u64
     }
 
@@ -681,7 +681,7 @@ let spend_policy = TokenTransferPolicy {
     token: usdc_token_address,
     limit: 1000_0000000,            // 1000 tokens (7-decimal)
     reset_window_secs: 86400,       // resets daily
-    allowed_recipients: vec![&env, treasury_address],
+    allowed_recipients: Some(vec![&env, treasury_address]),
     expiration: 0,                  // no policy-level expiration
 };
 
diff --git a/contracts/smart-account/src/auth/policy/token_transfer.rs b/contracts/smart-account/src/auth/policy/token_transfer.rs
@@ -48,9 +48,9 @@ impl AuthorizationCheck for TokenTransferPolicy {
                     }
 
                     // Check recipient allowlist if configured
-                    if !self.allowed_recipients.is_empty() {
+                    if let Some(recipients) = &self.allowed_recipients {
                         if let Ok(recipient) = Address::try_from_val(env, &args.get(1).unwrap()) {
-                            if !self.allowed_recipients.iter().any(|a| a == recipient) {
+                            if !recipients.iter().any(|a| a == recipient) {
                                 return false;
                             }
                         } else {
@@ -75,69 +75,76 @@ impl AuthorizationCheck for TokenTransferPolicy {
             }
         }
 
-        // 3. Load spending tracker
-        let tracker_key = SpendTrackerKey::TokenSpend(self.policy_id.clone(), signer_key.clone());
-        let mut tracker: SpendingTracker =
-            env.storage()
+        // 3. Enforce cumulative limit if configured
+        if let Some(limit) = self.limit {
+            // Load spending tracker
+            let tracker_key =
+                SpendTrackerKey::TokenSpend(self.policy_id.clone(), signer_key.clone());
+            let mut tracker: SpendingTracker = env
+                .storage()
                 .persistent()
                 .get(&tracker_key)
                 .unwrap_or(SpendingTracker {
                     spent: 0,
                     window_start: now,
                 });
 
-        // 4. Check if the spending window should reset
-        if self.reset_window_secs > 0
-            && now.saturating_sub(tracker.window_start) >= self.reset_window_secs
-        {
-            tracker.spent = 0;
-            tracker.window_start = now;
-        }
+            // Check if the spending window should reset
+            if self.reset_window_secs > 0
+                && now.saturating_sub(tracker.window_start) >= self.reset_window_secs
+            {
+                tracker.spent = 0;
+                tracker.window_start = now;
+            }
 
-        // 5. Check cumulative limit
-        let new_total = tracker.spent.checked_add(total_amount).unwrap_or(i128::MAX);
-        if new_total > self.limit {
-            return false;
-        }
+            // Check cumulative limit
+            let new_total = tracker.spent.checked_add(total_amount).unwrap_or(i128::MAX);
+            if new_total > limit {
+                return false;
+            }
 
-        // 6. Update spending tracker
-        tracker.spent = new_total;
-        env.storage().persistent().set(&tracker_key, &tracker);
-        env.storage().persistent().extend_ttl(
-            &tracker_key,
-            PERSISTENT_TTL_THRESHOLD,
-            PERSISTENT_EXTEND_TO,
-        );
+            // Update spending tracker
+            tracker.spent = new_total;
+            env.storage().persistent().set(&tracker_key, &tracker);
+            env.storage().persistent().extend_ttl(
+                &tracker_key,
+                PERSISTENT_TTL_THRESHOLD,
+                PERSISTENT_EXTEND_TO,
+            );
+        }
 
         true
     }
 }
 
 impl PolicyCallback for TokenTransferPolicy {
     fn on_add(&self, env: &Env, signer_key: &SignerKey) -> Result<(), SmartAccountError> {
-        // Validate policy parameters
-        if self.limit <= 0 {
-            return Err(SmartAccountError::InvalidPolicy);
+        // Validate limit if configured
+        if let Some(limit) = self.limit {
+            if limit <= 0 {
+                return Err(SmartAccountError::InvalidPolicy);
+            }
+
+            // Initialize spending tracker
+            let tracker_key =
+                SpendTrackerKey::TokenSpend(self.policy_id.clone(), signer_key.clone());
+            let tracker = SpendingTracker {
+                spent: 0,
+                window_start: env.ledger().timestamp(),
+            };
+            env.storage().persistent().set(&tracker_key, &tracker);
+            env.storage().persistent().extend_ttl(
+                &tracker_key,
+                PERSISTENT_TTL_THRESHOLD,
+                PERSISTENT_EXTEND_TO,
+            );
         }
 
         // If expiration is set, it must be in the future
         if self.expiration > 0 && self.expiration <= env.ledger().timestamp() {
             return Err(SmartAccountError::InvalidNotAfterTime);
         }
 
-        // Initialize spending tracker
-        let tracker_key = SpendTrackerKey::TokenSpend(self.policy_id.clone(), signer_key.clone());
-        let tracker = SpendingTracker {
-            spent: 0,
-            window_start: env.ledger().timestamp(),
-        };
-        env.storage().persistent().set(&tracker_key, &tracker);
-        env.storage().persistent().extend_ttl(
-            &tracker_key,
-            PERSISTENT_TTL_THRESHOLD,
-            PERSISTENT_EXTEND_TO,
-        );
-
         Ok(())
     }
 
diff --git a/contracts/smart-account/src/tests/token_transfer_policy_test.rs b/contracts/smart-account/src/tests/token_transfer_policy_test.rs
