Authorities

Authority PDAs are responsible for signing the underlying CPIs executed by the multisig. Generally they should be seeded by a u32 starting from the default of 1 (the authorityIndex). The authorityIndex of a Transaction account will be used to generate the seeds necessary to perform the CPI. Most often you can simply use the authorityIndex of 1. For example, the Squads client uses an authorityIndex of 1 for all default PDAs (the vault, program upgrade authorities, etc).

Transactions must specify this authorityIndex upon creation, and all instructions attached to the Transaction should use the same authority PDA for any account that is designated as a signer.

The authorityIndex of 0 is reserved for internal multisig instructions, and should generally be avoided.

The Authority PDAs are derived as such:

await anchor.web3.PublicKey.findProgramAddress([
    anchor.utils.bytes.utf8.encode("squad"),
    multisig.toBuffer(),
    authorityIndex.toBuffer("le", 4),  // note authority index is an u32 (4 byte)
    anchor.utils.bytes.utf8.encode("authority")
], programId);

Note that the authorityIndex should be supplied to the function as a 4 byte little-endian buffer.

The format of deriving an authority is:

["squad", multisig, authorityIndex, "authority"]