Key aspects of using a multisig

By using a multisig, it is important to acknowledge certain concepts. Here are some points to have in mind when using a multisig:

  • Loss of Private Keys. Always keep a backup of your private keys added as members to your multisig. If a key is lost, it could impact the multisig operations if a specific number of signatures are needed to reach the threshold.

  • Single Point of Failure with Keys. For added security, consider storing keys in different secure locations. Otherwise a single breach can compromise the whole set up.

  • Threshold. Be sure everyone in the multisig understands the number of signatures required for transactions, so you always have the needed approvals.

  • No Succession Planning. If keyholders become unavailable (e.g., due to accident, death), without a plan for transition, funds may be locked forever.

  • Transfer of Funds to Wrong Address. Funds should always be sent to the multisig vault account, and not the multisig account address. Due to the design of the Squads Protocol program, funds deposited to the multisig account may not be recovered.

  • Config Authority. If the config_authority of a multisig is compromised, an attacker can change multisig settings, potentially reducing the required threshold for transaction execution or instantly being able to remove and add new members (changing config_authority ownership is only possible programatically and is subject to threshold requirements).

  • SVM Forks. If the underlying SVM compatible blockchain undergoes a fork and a user had sent funds to the orphaned chain, the state of the blockchain may not interpret the owner of funds to be original one.

  • Time Locks. While setting time locks be certain of the duration you are comfortable with so your funds remain accessible when needed.

  • SOL for Network Fees. Always ensure multisig participants maintain a minimum balance of the native token needed for transaction fees.

Last updated