DENYLIST_POLICY
Block all transactions from a configured list of addresses. Used for sanctions enforcement and frozen-account routing.
The simplest policy template — checks the transaction sender (and, in some configurations, the recipient) against a static list of blocked addresses. The denylist is governance-controlled and updated through the Legal Oracle when sanctions lists change.
Parameter schema
``
json
{
"denylist": ["<address>", "<address>", ...]
}
`
Addresses are EVM-style hex (Evaluation
The validator checks if the transaction sender's address is present in the
denylist array. If yes → reject. Some Maroo deployments also check the recipient; this depends on the UnitPolicy configuration.ReasonCode on rejection
InDenylist — surfaced to wallets and middleware so they can render terminal-failure UX (no retry should be offered).Typical usage
- OFAC/FIU sanctions list enforcement.
- Per-contract admin freezes (using a
ContractPolicyConfiginstead ofGlobalPolicyConfigto scope the deny only to that contract). - Composability: pair with another denylist instance on the recipient side for two-sided block lists.