Introducing the Spend Limit Authenticator

The Spend Limit Authenticator is the first CosmWasm authenticator for Osmosis’s Smart Accounts functionality, offering enhanced security and control. As we continue to innovate, features like these will provide users with a seamless and secure trading experience.

The Spend Limit Authenticator lets users set a spend limit on their account.

When implemented in applications, spend limit authenticators should only be used as part of an AllOf authenticator with a SignatureVerification authenticator.


Each Spend Limit Authenticator utilizes specific parameters called SpendLimitParams. These parameters are stored in the module state and passed to hooks to enforce the spend limit.

Global configurations and states are maintained in the contract state.

Tokens that have high liquidity will not reduce the spend limit total. (e.g OSMO ≤≥ ATOM) These tokens are decided when the contract is instantiated.

Transaction Process

The authenticator checks if transaction amounts are within the spend limit. If the amount exceeds the limit, the transaction is rejected. Here’s how it works:

  1. Authentication: Always marked as Authenticated in the Authenticate hook, with spend limit checks in the ConfirmExecution hook.
  2. Tracking Pre-Execution Balances: The Track hook records pre-execution balances.
  3. Confirming Execution: The ConfirmExecution hook checks post-execution balances, determining the transaction amount by the difference.
  4. Converting Spent Amount: Amounts spent are converted into quoted denominations using TWAP prices.
  5. Enforcing Limits: Transactions exceeding the spend limit are rejected; otherwise, they are accepted and spending is accumulated.

Upload path

The spend limit authenticator contract will be uploaded using the Osmosis foundation key approved in Proposal 775.


For more details, visit our GitHub repository and join the discussion in this forum.

Feel free to ask any questions or provide feedback below!

1 Like

Sounds like a nice feature!

However, this part is confusing:

Why would high liquidity assets be excluded from reducing the spend limit total? Is the limit not meant for people to limit the allowed activity on their account?
And as such, meaning that every trade should be included in the total?

The spend limit isn’t a direct cap on flows, but a change in the net value of a wallet.
I.e. You could trade $1000, incur a 0.2% fee ($2) and have $4998 left of a $5000 spend cap rather than $4000.

The main purpose of this is to avoid value leaving a user’s account through fees, high slippage and transfers - which swaps between high liquidity assets would barely impact.


Aaaaah, is there still the option to rename the feature?
Since it is a bit confusing hahahaa

It is more a Fee-Limit Authenticator.
Whereas a 5k swap with 20% fees / slippage and a 500k swap with 0.2% fee are treated the same if I understand the principle correct. Since in both cases there will be a $1k spend on fees/slippage, right?

Although I think the limit on fees paid is interesting, I think it is also have a feature which limits the tradeable amount of an address in general, because that would also be a feature which helps people to limit their exposure through trades (self protection in some cases) as well as an additional hurdle in case a wallet is compromised.

Thanks for your input :heart:

We’re renaming the feature loss protection.

1 Like