Advanced Security Best Practices

Here are some key security measures that can significantly enhance your defence against potential attacks while using Squads:

General Guidelines

Squads Multisig Configuration

• Higher approval threshold: Increasing the threshold to 4/6 or higher ensures that more signers are required to approve a transaction, adding layers of security.

• Time Lock on transactions: A time lock introduces a delay before a transaction becomes executable, allowing signers to cancel the transaction during this period if something seems wrong. Learn more about Time Locks here.

• Key Rotation: Regularly rotating keys helps maintain the integrity of your multisig setup over time, reducing the risk of compromised keys being used for malicious transactions.

Signing Transactions

• Diversify hardware wallet vendors: Use hardware wallets from different vendors, such as Ledger, Trezor, and Keystone. Larger devices like Ledger Stax or Ledger Flex help review transactions better with bigger screens.

• Diversify signing interfaces and devices: Employ signers using both mobile and desktop with hardware wallets to enhance security through diversity. Consider using a secondary device dedicated solely to signing transactions.

• Separate Approval and Execution: Always approve and execute transactions in separate steps. Avoid using the "Approve + Execute" feature for maximum security.

• Live communication: When approving transactions, maintain live communication with other signers ensuring that each signer’s approval has been properly registered before proceeding.

• Transaction simulation and inspection: Simulate transactions and check the results using Explorer Inspector to ensure that the transaction behaves as expected before executing it.

Guidelines on Simulating Transactions:

When reviewing a simulated transaction, check the simulation details in the Explorer Inspector. This step ensures that the transaction will perform as intended before executing it.

Here are specific elements to watch out for and how to handle them:

• BPFLoaderUpgradeab1e11111111111111111111111:

  • "New authority Some(XXX)": When you see this message, it means you are changing the buffer/program authority to a different wallet. Confirm that changing the authority is your intended action, and verify that the new wallet address (XXX) is correct.

  • "Upgraded program XXX": This message indicates that program XXX is being upgraded. Review the transaction details to ensure that this upgrade is expected and intended as part of the transaction.

• Token Program (TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA):

  • "Instruction: Approve": This means that you are delegating funds to another wallet. Confirm that this delegation is intended, as any misconfiguration can lead to a loss of funds. If delegation is not intended, take immediate action to correct it.

In addition, double-check the tokens and amounts that will be moved by any transaction. In cases where swaps are involved, be aware that other tokens may be moved as part of the swap, but the total USD value should still align with what you intended.