Input Fields

Every policy decision has access to request data through the input object. This page documents all available fields you can use in your policies.

Network

These fields identify the blockchain network and RPC method being called, allowing you to create chain-specific policies or restrict certain operations.

input.chain

The blockchain network identifier for the request. Use this field to restrict access to specific chains, apply different policies per network, or block certain chains entirely.

Example

# Only allow transactions on Polygon and Base
allowed_chains := {"polygon", "base"}
 
deny if {
    not input.chain in allowed_chains
}
 
# Apply stricter limits on Ethereum mainnet
deny if {
    input.chain == "ethereum"
    input.usd_value > 1000
}

input.rpc_method

The JSON-RPC method name from the request. Use this to allow or block specific operations. For example, you might allow read operations (eth_call, eth_getBalance) while restricting write operations (eth_sendTransaction).

Note that some methods are restricted at the platform level and cannot be enabled via policy.

Example

# Only allow read-only methods
allowed_methods := {
    "eth_call",
    "eth_getBalance",
    "eth_getTransactionCount",
    "eth_getCode",
    "eth_getLogs"
}
 
deny if {
    not input.rpc_method in allowed_methods
}
 
# Block signing methods
deny if {
    input.rpc_method in {"eth_sign", "personal_sign", "eth_signTypedData"}
}

Request Origins

These fields provide location information about the request origin, enabling geo-based access controls and compliance with regional regulations.

input.source_ip

The IP address of the client making the request. Use this for IP-based allowlists/blocklists or to implement rate limiting based on source.

IP Resolution

By default, 256 Blocks uses the connecting client's IP address. If your requests are proxied through your own infrastructure, you can pass the original client IP via the X-Forwarded-For header - 256 Blocks will use the first IP address from that header.

This is useful when:

• Requests are proxied through your backend servers
• You need to pass through the end user's real IP address
• Testing policies with different IP addresses in development

Example

# Block specific IP addresses
blocked_ips := {"192.168.1.100", "10.0.0.50"}
 
deny if {
    input.source_ip in blocked_ips
}
 
# Only allow requests from known infrastructure
allowed_ips := {"203.0.113.10", "203.0.113.11"}
 
deny if {
    not input.source_ip in allowed_ips
}

input.source_country

The two-letter ISO 3166-1 alpha-2 country code derived from source_ip. Use this for geographic restrictions, regulatory compliance, or region-specific policies.

Country mappings are refreshed daily. Accuracy is typically 95%+ for public IP addresses.

Special Values

For non-public IP addresses, the following values are returned instead of country codes:

Example

# Block sanctioned countries
blocked_countries := {"KP", "IR", "CU", "SY", "RU"}
 
deny if {
    input.source_country in blocked_countries
}
 
# Only allow requests from specific regions
allowed_countries := {"US", "CA", "GB", "DE", "FR"}
 
deny if {
    not input.source_country in allowed_countries
    input.source_country != "PRIVATE"  # Allow internal/development traffic
}

Transaction Parameters

These fields are extracted from the JSON-RPC request parameters. All addresses are normalized to lowercase with the 0x prefix for consistent comparison.

input.from_address

The sender's wallet address. This identifies who is initiating the transaction or signing request. Use this field to implement allowlists/blocklists for specific wallets, or to apply different policy rules based on the sender.

Source by RPC Method

Example

# Only allow transactions from approved wallets
allowed_senders := {
    "0x742d35cc6634c0532925a3b844bc9e7595f...",
    "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606..."
}
 
deny if {
    not input.from_address in allowed_senders
}

input.to_address

The recipient or target address of the transaction. This could be a wallet address for simple transfers, or a contract address for contract interactions. The value is null when deploying a new contract (contract creation transactions have no recipient).

Source by RPC Method

Example

# Block transactions to known malicious addresses
blocked_addresses := {
    "0x000000000000000000000000000000000000dead",
    "0x1234567890abcdef..."
}
 
deny if {
    input.to_address in blocked_addresses
}

input.contract_addresses

An array of smart contract addresses involved in the request. This is particularly useful for controlling which contracts your users can interact with. The array may contain multiple addresses for methods like eth_getLogs that can query multiple contracts.

Source by RPC Method

Example

# Only allow interactions with approved contracts (e.g., USDT and USDC)
approved_contracts := {
    "0xdac17f958d2ee523a2206206994597c13d831ec7",
    "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"
}
 
deny if {
    some addr in input.contract_addresses
    not addr in approved_contracts
}

input.value_wei

The native token value being transferred, expressed in wei as a hexadecimal string. Wei is the smallest unit of ETH (1 ETH = 10^18 wei). This is the raw on-chain value - for USD-based policies, use input.usd_value instead.

Source by RPC Method

Example

# Block transactions transferring more than 10 ETH (in wei)
# 10 ETH = 10 * 10^18 wei = 0x8ac7230489e80000
deny if {
    input.value_wei != null
    to_number(input.value_wei) > 10000000000000000000
}
 
# Block zero-value transactions to specific contracts
deny if {
    input.value_wei == "0x0"
    some addr in input.contract_addresses
    addr == "0x..."
}

input.gas_limit

The maximum amount of gas units the transaction is allowed to consume, as a hexadecimal string. A simple ETH transfer uses 21,000 gas, while contract interactions typically require more.

Source by RPC Method

Example

# Block transactions with excessive gas limits (potential spam/abuse)
# 1,000,000 gas = 0xf4240
deny if {
    input.gas_limit != null
    to_number(input.gas_limit) > 1000000
}
 
# Don't sponsor high-gas transactions
denyGasSponsor if {
    input.gas_limit != null
    to_number(input.gas_limit) > 500000
}

input.gas_price

The gas price for legacy (pre-EIP-1559) transactions, expressed in wei as a hexadecimal string. This field is null for EIP-1559 transactions which use max_fee_per_gas instead.

Source by RPC Method

Example

# Block legacy transactions with extremely high gas prices
# 500 gwei = 500 * 10^9 = 0x746a528800
deny if {
    input.gas_price != null
    to_number(input.gas_price) > 500000000000
}
 
# Don't sponsor legacy transactions (prefer EIP-1559)
denyGasSponsor if {
    input.gas_price != null
    input.max_fee_per_gas == null
}

input.max_fee_per_gas

The maximum total fee per gas unit for EIP-1559 transactions, as a hexadecimal string. This is the absolute maximum the sender is willing to pay (base fee + priority fee). Only present for EIP-1559 transaction types.

Source by RPC Method

Example

# Block transactions willing to pay excessive gas fees
# 1000 gwei = 1000 * 10^9 = 0xe8d4a51000
deny if {
    input.max_fee_per_gas != null
    to_number(input.max_fee_per_gas) > 1000000000000
}
 
# Only sponsor transactions with reasonable max fees
# 50 gwei = 50 * 10^9 = 0xba43b7400
denyGasSponsor if {
    input.max_fee_per_gas != null
    to_number(input.max_fee_per_gas) > 50000000000
}

input.max_priority_fee_per_gas

The maximum priority fee (tip) per gas unit for EIP-1559 transactions, as a hexadecimal string. This is the portion that goes to the block producer as an incentive. Only present for EIP-1559 transaction types.

Source by RPC Method

Example

# Block transactions with excessive priority fees (potential MEV manipulation)
# 10 gwei = 10 * 10^9 = 0x2540be400
deny if {
    input.max_priority_fee_per_gas != null
    to_number(input.max_priority_fee_per_gas) > 10000000000
}
 
# Require reasonable priority fees for sponsored transactions
# 2 gwei = 2 * 10^9 = 0x77359400
denyGasSponsor if {
    input.max_priority_fee_per_gas != null
    to_number(input.max_priority_fee_per_gas) > 2000000000
}

Enriched Data

These fields are computed by 256 Blocks to provide additional context beyond what's in the raw request.

input.usd_value

The USD equivalent of the transaction's native token value (value_wei), calculated using current market prices. This is the most common field for implementing spending limits and sponsorship controls.

Prices are fetched every minute from reliable price feeds (such as Chainlink). The value may be null if the transaction has no value (e.g., a pure contract call).

Example

# Block transactions over $10,000
deny if {
    input.usd_value > 10000
}
 
# Don't sponsor transactions over $100
denyGasSponsor if {
    input.usd_value > 100
}
 
# Handle null values safely
deny if {
    input.usd_value != null
    input.usd_value > 50000
}

Raw Data

For advanced use cases where the structured fields above don't provide what you need.

input.raw_params

The complete, unmodified JSON-RPC params array from the original request. Use this when you need to access fields that aren't exposed through the structured input properties, such as:

• Contract call data (data field) for function signature detection
• Access lists for EIP-2930 transactions
• Custom or non-standard fields

Example

# Block ERC-20 transfer function calls
# Function signature: transfer(address,uint256) = 0xa9059cbb
deny if {
    params := input.raw_params[0]
    params.data != null
    startswith(params.data, "0xa9059cbb")
}
 
# Block ERC-20 approve function (0x095ea7b3)
deny if {
    params := input.raw_params[0]
    params.data != null
    startswith(params.data, "0x095ea7b3")
}