OKRW_EAS_TRANSFER_LIMIT_POLICY
Per-transaction OKRW transfer cap that only applies when the sender is not attested under a given EAS schema. The KYC-tiered access primitive.
Combines the EAS attestation check with a per-transaction OKRW cap that only fires for un-attested senders. Attested senders are admitted regardless of amount (subject to whatever other policies apply). The most common production pattern for KYC-tiered access — un-attested users can transact small amounts; attested users get unrestricted (or otherwise-bounded) transfers.
Solidity struct + ABI
From
IPcl.sol:struct OkrwEasTransferLimitPolicy {
address easContract; // EAS deployment
address indexContract; // EAS Indexer
bytes32 schemaUid; // schema that exempts the sender from the cap
uint256 transferLimitAmount; // cap that applies to UN-attested senders
}ABI tuple shorthand:
Encode for
(address easContract, address indexContract, bytes32 schemaUid, uint256 transferLimitAmount).Encode for
PolicySet.policy:OkrwEasTransferLimitPolicy memory p = OkrwEasTransferLimitPolicy({
easContract: 0x1000000000000000000000000000000000000007,
indexContract: 0x1000000000000000000000000000000000000008,
schemaUid: 0xabcd...,
transferLimitAmount: 1_000_000 ether // 1,000,000 OKRW cap for un-attested senders
});
bytes memory policyBytes = abi.encode(p);
// PolicySet.templateId = "OKRW_EAS_TRANSFER_LIMIT_POLICY"Evaluation
For each OKRW transfer:
1. Check whether the sender holds a valid attestation under
2. Attested → admit (this template alone imposes no cap on attested senders).
3. Un-attested → check
The un-attested path is not compliance-free — it just allows small amounts. Combine with
1. Check whether the sender holds a valid attestation under
schemaUid (same lookup as EAS_POLICY — Indexer + revocation/expiration check).2. Attested → admit (this template alone imposes no cap on attested senders).
3. Un-attested → check
value <= transferLimitAmount. Pass → admit. Exceeds → reject with ExceededAgentTransferLimit (the chain reuses this code for the OKRW-EAS variant).The un-attested path is not compliance-free — it just allows small amounts. Combine with
OKRW_EAS_PERIODIC_VOLUME_LIMIT_POLICY to also cap cumulative volume for un-attested senders.ReasonCode on rejection
ExceededAgentTransferLimit(uint256 maxLimit, uint256 value)— un-attested sender exceededtransferLimitAmount. Wallet UX: "this amount requires verification — complete KYC or send a smaller amount". Drive the user into the KYC onboarding flow.- An attestation-shaped failure (e.g.
EasAttestationRevoked,EasAttestationExpired) only surfaces if the attestation lookup itself fails for an attested-looking sender; pure un-attested users never hit those codes from this template.
Typical usage
- KYC-tiered transfer caps: e.g. un-attested cap of 1,000,000 OKRW (
1_000_000 etheraokrw) per transfer. New users can transact small amounts before completing KYC; verified users transact normally. - Onboarding ramps: let users try the network with small transfers before committing to KYC. Once they obtain the attestation, limits disappear (or move to other policies).
- Pair with
OKRW_EAS_PERIODIC_VOLUME_LIMIT_POLICYfor daily/monthly cumulative caps layered on top of the per-transaction cap.