Sponsor Policy
The facilitator doesn't blindly sign whatever transactions come in. Every payment is validated against a strict policy before the facilitator sponsors fees and submits it on-chain.
Solana Policy
Allowed Programs
Only these programs may appear in a sponsored transaction:
| Program | Address |
|---|---|
| ComputeBudget | ComputeBudget111111111111111111111111111111 |
| SPL Token | TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA |
| Token-2022 | TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb |
| Phantom Lighthouse | L2TExMFKdjpN9kozasaurPirfHy9P8sbXoAN1qA3S95 |
| Memo V2 | MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr |
| Memo V1 | Memo1UhkJRfHyvLMcVucJwxXeuD728EqVDDwQDxFMNo |
System Program, Associated Token Program, and all other programs are rejected. This prevents the facilitator from being tricked into signing arbitrary transactions.
Compute and Fee Caps
| Limit | Default Value |
|---|---|
| Max compute units | 200,000 CU |
| Max priority fee | 50,000 microlamports |
| Max transfers per transaction | 1 |
| Max memo size | 566 bytes |
Smart wallet transactions get a higher compute budget (400,000 CU).
Asset Allowlist
Only USDC is accepted by default:
| Token | Mint Address |
|---|---|
| USDC (Mainnet) | EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v |
Configurable via ALLOWED_ASSETS environment variable (comma-separated mint addresses).
Minimum Payment
| Limit | Value |
|---|---|
| Minimum payment (atomic units) | 10,000 (= 0.01 USDC) |
Payments below this amount are rejected.
Other Restrictions
- Address lookup tables are not supported (
policy:address_lookup_table_not_supported) - Recipient must match the
payToaddress in payment requirements - Mint must match the
assetin payment requirements - Amount must be >= the required
amount
EVM Policy
EVM payments use EIP-3009 transferWithAuthorization. The facilitator validates:
| Check | Rule | Error if violated |
|---|---|---|
| Recipient | authorization.to must match requirements.payTo (case-insensitive) | invalid_exact_evm_payload_recipient_mismatch |
| Token | Uses the ERC-20 contract from requirements.asset | Implicit |
| Amount | authorization.value must be at least requirements.amount | invalid_exact_evm_payload_authorization_value |
| Balance | Sender must hold sufficient tokens | insufficient_funds |
| Timing | validBefore must be at least now + 6 seconds | invalid_exact_evm_payload_authorization_valid_before |
| Timing | validAfter must be at or before now | invalid_exact_evm_payload_authorization_valid_after |
Debugging Policy Rejections
If a payment is rejected, the facilitator returns an errorCode in the response. Common codes:
policy:program_not_allowed— transaction contains an instruction for a disallowed programpolicy:compute_units_exceeded— requested more than 200,000 CUpolicy:priority_fee_exceeded— priority fee above 50,000 microlamportspolicy:asset_not_allowed— token mint not in the allowlistpolicy:amount_below_min— payment below 0.01 USDC
See Facilitator Error Codes for the full list.