Multisig Security Framework
Engineer/DeveloperSecurity SpecialistMultisig Security
Authored by:
How to use this guide
Quick start: New to multisigs? Start with Section 1 for the essentials, then jump to your role:
- Setting up a new multisig? → Section 3 (Multisig Administration)
- Joining as a signer? → Section 4 (For Signers)
- Need to sign a transaction? → Section 4.4 (Transaction Verification)
- Emergency situation? → Section 4.5 (Emergency procedures)
Reference use: Each section is designed to stand alone. Use the table of contents to jump directly to what you need.
Core principles
- Security first: Every multisig must meet minimum security standards
- Operational readiness: Procedures that work under pressure
- Clear accountability: Everyone knows their role and responsibilities
- Emergency preparedness: Plans for when things go wrong
Framework Structure
1. Foundation
- General Rules - Core requirements for all multisigs
2. Multisig Administration
- Planning & Classification - Assess requirements and classify risk
- Setup & Configuration - Deploy and configure multisigs
- Registration & Documentation - Document and verify setup
- Communication Setup - Establish secure communication channels
- Ongoing Management - Maintain and update multisigs
- Use Case Specific Requirements - Special requirements by type
- Backup Infrastructure - Prepare for UI and infrastructure failures
- Timelock Configuration - Add staged execution for sensitive operations
3. For Signers
- Hardware Wallet Setup - Secure device configuration
- Seed Phrase Security - Protect your recovery keys
- Joining a Multisig - Verification and onboarding process
- Transaction Verification & Signing - Safely verify and sign transactions
- Emergency Procedures - Handle key compromise and emergencies
- Signing When UI is Down - Use backup interfaces
- Personal Security (OpSec) - Protect your accounts and devices
- Incident Reporting - Report security issues and incidents
- Offboarding - Safely leave a multisig role
4. Reference
- Implementation Checklist - Verify readiness for multisig operations
Emergency Contacts
For critical security incidents, see Incident Reporting