Introduction

Shield3 provides automated security & compliance tools for developers to protect user transactions through a customizable policy engine delivered as a custom RPC.

Dynamic provides onboarding and login flows with a high level of customization and a focus on developer tooling.

With a couple of simple steps, customers of Dynamic can add custom rules to all transactions that are facilitated by their application through Shield3.

Here’s a short video walkthrough of the process and the result!.

Tutorial

Step 1 - Get an API Key

Option 1. (Recommended)

Sign up at https://www.shield3.com/auth/sign-in to get a free API key & RPC URL

Get your API Key & Configure Policies

Option 2.

Use this public shared key to test it out: https://rpc.shield3.com/v3/UlihwLJtYY9bWgkuLA6KS6liL6iTpXKqhWvPBl80/0x01/rpc

Step 2 - Change the RPC URL

On the Dynamic.xyz dashboard go to the EVM Configuration tab.

Toggle on Ethereum Mainnet, then click the down arrow on the far right.

The section will expand to show you the current RPC URL used and you can paste in the RPC URL you received in step 1 here.

to test our Goerli change the 0x01 in the URL to 0x05, or select Goerli on the Shield3 Dashboard

Step 3 - Test it out!

You can now run your Dynamic Implementation normally and send a transaction while connected to Ethereum.

The easiest way to get up and running if you haven’t already integrated Dynamic already is via the Quickstart or the Sample Apps. You should just make sure you have the EthereumWalletConnector implemented.

The transaction should succeed if there are no violations and will show up on your Shield3 Dashboard. If any issues cause the transaction to be blocked or flagged you will receive an error message which you can learn more about here.

Tell us how it went! Survey Link Telegram or email [email protected]

All about policies

1 - Unverified Contracts (Block | Flag | Alert) If enabled, interactions with unverified contracts that cannot be decoded are forbidden. User can configure this policy to result in block, flag for MFA, or permit with an alert.

2 - OFAC SDN Block Native and ERC20 Transactions Block native transfers, ERC20 transfers, and ERC20 approvals to OFAC addresses. As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called “Specially Designated Nationals” or “SDNs.” Their assets are blocked and U.S. persons are generally prohibited from dealing with them.

3 - Native Transfers Spending Limits (Block | MFA) If enabled, transactions with native values (ex. ETH) over a customizable threshold are forbidden. Users can configure this policy to result in a block, or flag for MFA.

4 - ERC20 Stablecoin Transfers Spending Limits (Block | MFA) If enabled, transfers and approvals with verified stablecoins (ex. USDC, DAI, USDT) over a customizable threshold are forbidden. Users can configure this policy to result in a block, or flag for MFA.

5 - DEX Token Swap Protection If enabled, token swaps are permitted with verified token pairs. Users can customize which pairs are allowed, and set a slippage limit to prevent trades that might result in MEV exploitation.

If you have additional requests for policies or custom use cases reach out to Shield3 at [email protected], join the Support Telegram or fill out the Survey

Custom Error Codes

When Shield3 blocks or flags a transaction the RPC url returns a custom error message. The format is as follows:

{
  "jsonrpc": "2.0",
  "error": {
    "code": "-XXXXXX",
    "message": "ERROR MESSAGE HERE"
  },
  "id": XX
}

These include:

Transaction Blocked [code -9999982]

  • Raised when policy engine results in block.

Transaction Flagged for MFA [code -9999981]

  • Raised when MFA result from policy engine.
  • Webhook is sent to user’s configured webhook.

RPC Call Failed [code -9999980]

  • Raised when proxy call to user’s RPC fails.

Invalid API Key [code -9999979]

  • Raised when API key does not match any account.

Invalid Node [code -9999977]

  • Raised when network in RPC url does not match a valid network (0x01, 0x05, etc).

Uncaught Error in Shield3 [code -9999976]

  • Something went wrong, raises alert at Shield3 internally as well.