Issue description
The Transaction Authorization Policy ("TAP") is a set of rules that govern the outflow of assets from your Fireblocks Vault and integrated connections. Based on the TAP you define, the Fireblocks Policy Engine will block some transactions. Rejected transactions due to TAP rules that you created will show with the rejection reason “Blocked by Policy”. Learn more about TAP.
However, you may also experience rejected transactions with the reason type "Blocked by Policy" which are not rejected due to specific TAP rules that you created, but due to global policies. In the section below you will find the common scenarios where your transactions may be unexpectedly blocked due to the rejection reason “Blocked by Policy" and how to address them.
Common reasons transactions can be "Blocked by Policy"
Transactions can fail with the transaction sub-status "BLOCKED_BY_POLICY" if:
- The selected destination is a "One Time Address" (OTA), while the "One-time Address” setting is disabled on your workspace in the Fireblocks Console.
- The Transaction matched a TAP policy rule that lists “Block” as the required Action type.
- The Transaction didn't match any policy rule, so it was Blocked by the "Catch-All" rule.
- The Raw Signing, Mint, or Burn transactions match a policy rule, but the premium feature is off (by default).
Resolutions
- One Time Address
- If you want to receive transfers from one-time addresses, include "One-time Address" in the Destination parameter of your TAP rules.
- Make sure "One-time Address" is enabled in your Firbelocks Console Settings:
Settings > General: Under One-time Address, select Enable and Confirm.
Learn more about the One-Time Address feature.
- There are two common scenarios where transactions will hit "Block" action rules:
- The Transaction matched a "Block" action rule.
-
Time Period and Accumulation rule parameters
-
The policy might block a transaction that exceeded the threshold $ amount of a time-based rule if the rule’s action is “Block”. Similar to point A, trace the rule in your Active Transfers sidebar and check if the applied rule was time-based.
- Suggested solution:
-
Increase the amount threshold of this rule.
- Extend the time frame.
- Update the rule or add a new one with the “Approved by” action.
- Trace and review the relevant rule, and make any adjustments if needed:
- Select Settings > Transaction Policy > Active Transfers (Open the pop-up sidebar. Transaction cards clear from the sidebar about 24 hours after their final state.)
- Find the blocked transaction.
- Select "Blocked by policy (#N)” on the transaction to highlight the rule in your TAP.
-
-
-
Note
Assuming rules were not re-ordered as part of a TAP update after the block occurred:
- Click around the "Blocked by policy (#N)" for extended transaction information.
- Review the Rule.
- Check if the rule serves your business needs or if you should change it to allow similar transactions in the future. After you update and publish your TAP, select Retry" to process the transaction via Active Transfers.
- The transaction did not match any TAP rule. It was blocked by the "Catch-All" Block rule.
Follow these steps to ensure the policy is configured as intended:
-
Note
The TAP operates according to the first-match principle. Thus, having your rules in the proper order is also essential when creating your TAP. The order of your rules can affect whether or not specific rule parameters are enforced.
-
Ensure all the blocked transaction’s parameters are included in a TAP rule:
-
Initiator (can be a specific initiator, or the user is part of a user group), **Transaction Type** (CONTRACT_CALL, TRANSFER, TYPED_MESSAGE, Etc.), Source and Destination (Whitelisted / OTA), Amount, and Time Period (Single Transactions / Accumulation), Asset, and an Action.
-
-
-
*Raw signing, Mint, and Burn are premium features that are off by default. Please contact your Customer Success Manager to enable them.*
If you still cannot explain the "Blocked" transaction after performing the above steps or need more assistance, contact Fireblocks Support.