Registration & Documentation
Engineer/DeveloperSecurity SpecialistMultisig Security
Authored by:
Proper documentation is essential for multisig security and accountability. This page covers the registration process and required documentation.
Protocol Documentation
Fill out the registration template and send as a PDF to protocol security team. They will create a dedicated section in protocol docs for your multisig with the registration information.
Registration Template
Multisig Name: [Name]
Address: [Checksummed address]
Network: [Ethereum/Solana/etc]
Threshold: [X of Y signers]
Classification: [Impact Level] / [Operational Type]
Purpose: [Brief description]
Signers:
- [Handle/Entity]: [Address] - [Verification signature]
- [Handle/Entity]: [Address] - [Verification signature]
Controlled contracts: [List contract addresses and purposes]
On-chain roles: [Describe roles like ownable, Access Control roles (PAUSER_ROLE)]
Impact assessment:
- Financial exposure: $[amount] ([reasoning])
- Protocol impact: [description]
- Classification: [Low/Medium/High/Critical]
Operational classification: [Routine/Time-Sensitive/Emergency]
Constraining factors:
- [Smart contract limits, governance controls, etc.]
Attestation: This multisig [meets/deviates from] security standards.
[If deviation: Justification and compensating controls]
Last updated: [Date]
Updated by: [Name/Handle]Signer Verification Process
Each signer must provide a verification signature linking their identity to their address:
- Sign message: "[handle/entity] intends to join [multisig address] with signer [address]"
- Share signature with multisig team
- Update registration with verified information
Detailed steps for collecting this information are provided in Joining a Multisig.
Note: Entity affiliations are acceptable - the goal is accountability, not doxing.
Roles & Accountability
Accountability Structure
| Role | Responsibilities |
|---|---|
| Multisig Operations Lead | Policy maintenance, signer coordination, documentation, periodic reviews, incident escalation |
| Security Contact | Security incident response, signer verification, emergency coordination |
Multisig-Specific Roles
For each multisig, assign:
| Role | Responsibility |
|---|---|
| Admin | Setup, configuration, signer management, documentation |
| Transaction Proposer | Prepares and proposes transactions (may be delegated non-signer) |
| Signers | Review, verify, and sign transactions |
Signer Responsibilities
Every signer should:
- Use a hardware wallet for all multisig operations
- Maintain a backup hardware wallet with the same seed
- Store the seed phrase securely
- Verify every transaction before signing
- Respond within SLA based on multisig classification
- Report incidents immediately
- Complete training and participate in drills
Response Time SLAs
| Classification | Response Time |
|---|---|
| Emergency | <2 hours |
| Time-Sensitive | 2-12 hours |
| Routine | 24-48 hours |
Admin Responsibilities
Multisig admins should:
- Ensure the multisig is properly documented
- Maintain an up-to-date signer list with verified addresses
- Set up primary and backup communication channels
- Coordinate signer onboarding and offboarding
- Schedule and conduct periodic reviews (quarterly minimum)
- Ensure backup infrastructure is configured and tested
Operational Lead Responsibilities
- Maintain the playbook and keep documentation current
- Coordinate across all multisigs
- Conduct periodic audits of multisig configurations
- Escalate security concerns to the security contact
- Report on operational status
Review Schedule
| Review Type | Frequency | Owner |
|---|---|---|
| Signer access review | Quarterly | Multisig Admin |
| Classification review | Quarterly or after major changes | Ops Lead |
| Emergency contact verification | Every 6 months | Ops Lead |
| Full policy review | Annually | Ops Lead + Security |
Update Template
Use this template when making changes to signer composition:
Multisig Signer Update
Multisig Name: [Name]
Address: [Checksummed address]
Network: [Ethereum/Solana/etc]
Updated by: [Name/Handle]
Update Date: [Date]
Threshold Changes:
Previous: [X of Y signers]
New: [X of Y signers]
Signer Changes:
Additions:
- [Handle/Entity]: [Address] - [Verification signature]
Removals:
- [Handle/Entity]: [Address]
Current Signer Set:
- [Handle/Entity]: [Address]
- [Handle/Entity]: [Address]
- [Handle/Entity]: [Address]
Transaction: [Link to executed transaction]Documentation Requirements
Initial Registration
- Complete registration template with all required fields
- Verification signatures from all signers
- Classification assessment from Planning & Classification
- Submit to protocol security team
Ongoing Maintenance
- Update documentation when signers change
- Record rationale for any threshold changes
- Update classification if operational patterns change
- Maintain current contact information
Transaction Review Records
Maintain audit trails for:
- Transaction reviews and approvals
- Execution and post-execution confirmation
- Verification evidence
- Issues encountered
Retention: 3 years minimum
Transaction records should capture:
Transaction: [Brief Description]
Date: [YYYY-MM-DD]
Multisig: [Name]
Status: Proposed / Signing / Executed / Rejected
Transaction Details
- Network
- Safe or Squad address
- Nonce
- Transaction type
What This Transaction Does
- Plain language description of what the transaction accomplishes
Initiation
- Proposed by
- Proposed date
- Reason or justification
- Runbook followed
Verification & Signing
- Signer
- Verified
- Signed
- Date
- Notes
Verification Checklist
- Correct multisig address
- Correct network
- Expected nonce
- Target address verified
- Calldata or amount verified
- Simulation performed
- Hash matched hardware wallet
Simulation Results
- Tool used
- Result
- Expected behavior confirmed
- Link
Execution
- Executed by
- Execution date
- Transaction hash
- Block explorer link
- Gas used
Post-Execution Verification
- Transaction confirmed on-chain
- Expected state change verified
- Registration updated if applicable
- Team notified
Issues Encountered
- Document any issues, delays, or anomalies
Attachments
- Screenshot of simulation
- Screenshot of hardware wallet confirmation
- Communication thread link
Sign-Off
- Proposer
- Final executorOngoing Management
Regular reviews
Set periodic reminders to keep documentation current:
- Quarterly: Review and update protocol documentation if needed
- After major changes: Update when operational patterns or financial exposure changes significantly
- Protocol updates: Reassess if significant protocol changes affect the multisig's role
Signer changes
Follow these procedures for adding, removing, or replacing signers:
Adding/Removing signers
- Maintain or increase total signer count and threshold
- Document rationale for any changes that reduce signers or threshold
- Update all documentation immediately after change
Replacing signers
Follow steps in Signer Rotation
Documentation updates
After any signer change:
- Record change rationale and date
- Communicate changes to protocol security team
- Update communication channel memberships
Update Template
Use the template in Registration & Documentation → Update Template.
Related Documents
- Planning & Classification - How to classify your multisig
- Joining a Multisig - Signer verification process
- Operational Runbooks - Example procedures for common operations