Multisig Best Practices
A summary of the best practices to follow when using a multisig
While powerful, a multisig should always be used with due diligence, as it protects valuable assets:
Threshold It is not recommended to set the threshold at 1/x signatures as it gives full control over the assets to any one of the members.
Also, avoid setting the threshold at maximum capacity (e.g. 5/5) as it can result in losing access to all assets if a member loses his private key.
Time Locks When setting a time lock ensure you are comfortable with its duration so your funds remain accessible when needed.
Avoid a too long period (e.g. 1 month) if you expect to manage your assets regularly.
Lost or Compromised Private Key of Members Always ensure each members keeps a backup of their private keys used for the multisig and that the threshold allows for easy replacement of a lost/compromised key. Recommend members to use cold wallets to protect their private keys.
Spending Limits Monitor active spending limits to ensure they still make sense for your operations. They should be reserved for trusted members only. They should be frequently updated to align with changing organizational needs or if a member is no longer part of the project.
Permissions Ensure you always have enough members with all three roles, so you can always perform transactions to access your assets. Leaving only one member with the executor role could affect the assets stored within the multisig if this member loses his private key.
Test Before Use
Lastly, there is no better way to learn multisig best practices than by setting up a multisig for testing. Test with a small amount first and before adding more funds ensure:
all members understand the process,
your multisig setup works as expected.
Last updated