VENUE_WHITELIST Policy: Lock Your Trading Bot to Trusted DeFi Protocols Only

Your trading bot is making profitable moves across Jupiter, Uniswap, and Hyperliquid—but what happens when it accidentally connects to a malicious DEX clone or experimental protocol that drains your funds? The VENUE_WHITELIST policy in WAIaaS gives you bulletproof control over exactly which DeFi protocols your automated trading strategies can access, preventing costly mistakes while maintaining execution speed.

Why Venue Control Matters for Trading Bots

Trading bots operate at machine speed across dozens of protocols. A single misconfigured route or compromised frontend can redirect your bot to a honeypot contract that looks identical to the real protocol. Unlike manual trading where you verify each transaction, bots execute hundreds of trades per day—making venue security critical.

Traditional wallet solutions either give you full control (manual approval for every transaction) or no control (bot has unlimited access). You need granular restrictions that let your bot trade freely on trusted protocols while blocking suspicious venues entirely.

The VENUE_WHITELIST Solution

WAIaaS includes 15 DeFi protocol providers: aave-v3, across, dcent-swap, drift, erc8004, hyperliquid, jito-staking, jupiter-swap, kamino, lido-staking, lifi, pendle, polymarket, xrpl-dex, zerox-swap. The VENUE_WHITELIST policy lets you restrict bot access to only the venues you trust.

Here's how to lock your trading bot to specific protocols:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "VENUE_WHITELIST",
    "rules": {
      "venues": [
        {"name": "jupiter-swap", "chain": "solana"},
        {"name": "drift", "chain": "solana"},
        {"name": "hyperliquid", "chain": "arbitrum"},
        {"name": "lifi", "chain": "ethereum"}
      ]
    }
  }'

This policy blocks all DeFi actions except swaps on Jupiter, perp trading on Drift and Hyperliquid, and bridging via LI.FI. Your bot can execute at full speed on these venues while being completely protected from other protocols.

Multi-Venue Arbitrage Example

Here's how your bot can execute a cross-protocol arbitrage using only whitelisted venues:

# Step 1: Swap SOL → USDC on Jupiter
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

# Step 2: Open leveraged position on Drift
curl -X POST http://127.0.0.1:3100/v1/actions/drift/place-order \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "market": "SOL-PERP",
    "side": "long",
    "amount": "10.0",
    "leverage": 5
  }'

# Step 3: Bridge profits to Ethereum via LI.FI
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/bridge \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "solana",
    "toChain": "ethereum",
    "token": "USDC",
    "amount": "500.0",
    "recipient": "<ethereum-address>"
  }'

Each action executes instantly because jupiter-swap, drift, and lifi are in your venue whitelist. If your bot tried to use a non-whitelisted protocol, the transaction would be blocked immediately.

Combining with Other Trading Bot Policies

VENUE_WHITELIST works perfectly with other bot-focused policies. Here's a complete trading bot security setup:

# VENUE_WHITELIST — only trusted protocols
{
  "type": "VENUE_WHITELIST",
  "rules": {
    "venues": [
      {"name": "jupiter-swap", "chain": "solana"},
      {"name": "hyperliquid", "chain": "arbitrum"}
    ]
  }
}

# SPENDING_LIMIT — instant execution up to limits
{
  "type": "SPENDING_LIMIT",
  "rules": {
    "instant_max_usd": 1000,
    "daily_limit_usd": 50000
  }
}

# RATE_LIMIT — prevent runaway bots
{
  "type": "RATE_LIMIT",
  "rules": {
    "maxTransactions": 100,
    "period": "hourly"
  }
}

This configuration gives you high-frequency trading capability with built-in safety rails.

Gas Conditional Execution for Profitable Trading

WAIaaS includes gas conditional execution—transactions only execute when gas prices meet your threshold. Perfect for MEV bots that need profitable execution:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "gasCondition": {
      "maxGasPrice": "20",
      "timeoutSeconds": 300
    }
  }'

Your arbitrage only executes when gas costs don't eat your profits.

Dynamic Venue Management

You can update your venue whitelist programmatically as market conditions change:

# Add new venue to existing policy
curl -X PATCH http://localhost:3100/v1/policies/<policy-id> \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "rules": {
      "venues": [
        {"name": "jupiter-swap", "chain": "solana"},
        {"name": "drift", "chain": "solana"},
        {"name": "polymarket", "chain": "polygon"}
      ]
    }
  }'

This lets you adapt to new opportunities while maintaining security.

Monitoring and Alerts

WAIaaS provides real-time monitoring for blocked venue attempts:

# Check recent policy denials
curl http://127.0.0.1:3100/v1/policies/<policy-id>/violations \
  -H "Authorization: Bearer wai_sess_<token>"

You'll see exactly which protocols your bot tried to access and when they were blocked.

Quick Start: Secure Your Trading Bot

1. Install WAIaaS CLI:

   npm install -g @waiaas/cli
   waiaas init
   waiaas start
   

2. Create a trading wallet:

   waiaas wallet create --name trading-bot --chain solana
   

3. Set up venue whitelist:

   curl -X POST http://localhost:3100/v1/policies \
     -H 'Content-Type: application/json' \
     -H 'X-Master-Password: <password>' \
     -d '{
       "walletId": "<wallet-uuid>",
       "type": "VENUE_WHITELIST",
       "rules": {
         "venues": [
           {"name": "jupiter-swap", "chain": "solana"},
           {"name": "hyperliquid", "chain": "arbitrum"}
         ]
       }
     }'
   

4. Create bot session:

   curl -X POST http://127.0.0.1:3100/v1/sessions \
     -H "Content-Type: application/json" \
     -H "X-Master-Password: <password>" \
     -d '{"walletId": "<wallet-uuid>"}'
   

5. Start trading:

   import { WAIaaSClient } from '@waiaas/sdk';
   
   const client = new WAIaaSClient({
     baseUrl: 'http://127.0.0.1:3100',
     sessionToken: 'wai_sess_<token>',
   });
   
   // This will work (jupiter-swap is whitelisted)
   await client.executeAction('jupiter-swap', 'swap', {
     inputMint: 'So11111111111111111111111111111111111111112',
     outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v',
     amount: '1000000'
   });
   

Your trading bot now has bulletproof venue security with zero latency overhead.

What's Next

Ready to build secure, high-performance trading bots? Check out the full WAIaaS documentation at GitHub and explore the complete policy system at waiaas.ai. Your profits are only as safe as your wallet infrastructure—make it bulletproof.