EAS_POLICY
Require the transaction sender to hold a valid EAS attestation under a specified schema. The KYC/KYB enforcement gate.
Gates a transaction on whether the sender holds a valid (non-expired, non-revoked) attestation issued under a specific EAS schema. The canonical primitive for KYC, KYB, accreditation, and any credential-based gate. Resolves attestations through the EAS precompile so lookups are cheap during AnteHandler evaluation.
Parameter schema
``
json
{
"eas_contract": "<address>",
"index_contract": "<address>",
"schema_uid": "<bytes32>"
}
`
— address of the EAS deployment to query (typically the canonical Maroo EAS).index_contract — the indexer contract address. Used by the EAS precompile to make attestation lookups O(1).schema_uid` — the specific schema the sender must have an attestation under. Encoded as a 32-byte hex value.Evaluation
1. Read the policy parameters → schema UID, EAS contract, index contract.
2. Call
3. For each UID returned by
2. Call
EAS.getReceivedUIDCount(sender, schemaUid) (via the EAS precompile). If 0 → reject with EasAttestationRequired.3. For each UID returned by
EAS.getReceivedUIDs(sender, schemaUid), fetch via EAS.getAttestation(uid) and check: revocationTime == 0 AND (expirationTime == 0 OR expirationTime > block.timestamp). If any UID is valid → admit. If all are revoked or expired → reject with EasAttestationRequired.ReasonCode on rejection
EasAttestationRequired — wallet UX: trigger your KYC/KYB onboarding partner so the user can obtain the attestation. Once they receive a fresh attestation, the same transaction will succeed.Typical usage
- KYC gate at the global level (
GlobalPolicyConfig): "only KYC-attested accounts can use the regulated path". - Higher-tier features: a
ContractPolicyConfigrequiring an institutional KYB schema for DeFi pool access. - Tiered models: combine with
OKRW_EAS_TRANSFER_LIMIT_POLICYto allow un-attested users limited access while attested users get higher limits.