The most widely known example of a smart contract wallet is a multisig. They have been around since the early days of Bitcoin and are widely used for the purposes of self-custody of crypto assets across blockchains.
A multisig is a non-custodial solution where control over assets is not exercised by a single private key, but rather by multiple private keys. It can be thought of as a safe that requires multiple unique keys to open it and move the assets. That means that even if one of the keys is compromised, the assets remain secure (no single point of failure).
Every Squad is a multisig at its core, which ensures that any transaction or action taken within Squads requires the approval of multiple members of the team. As a result, the risk of unauthorized or malicious activity is greatly reduced, as it becomes impossible for a single member to access and manipulate funds or trigger harmful transactions to the funds held within the multisig. On top of that, multi-signature technology serves as a consensus mechanism allowing teams to make decisions over core team assets together in a decentralized manner.
A Squad is a programmable multisig wallet, which allows teams to jointly manage their treasury (fungible tokens, NFTs) and developer assets (programs, tokens, validators, NFT collections).
- Members are added to a Squad with their wallet addresses (public keys). You can add up to 10 initial members upon creation and add additional members after deploying your Squad.
- Each Squad has a Treasury section with accounts where users can receive, send, and store assets as well as perform various operations with them. Each Squad can have multiple sub-accounts (available Squads Pro subscribers);
- Each Squad has a Program section where programs can be added and upgraded;
- Each Squad has a Token manager section where token mint authorities can be added, minted and burned;
- Each Squad has a Validator section where validator withdraw authority keys can be managed;
- Each Squad has a TX Builder section, which allows for creation of arbitrary instructions;
- Every action in the Squad triggers a transaction that needs to be approved and executed by the members of a Squad;
- Squad deployment costs approx. 0.0025 - 0.0045 SOL (Solana network fees) depending on the amount of the initial members. Adding a member to a Squad costs ~0.0037 SOL (Solana network fees).
We will observe the best practices in utility of our multisig treasury for storage of the digital platform asset. While powerful, a multisig should always be used with due diligence, as it protects valuable assets:
- It is not recommended to set the threshold at 1/x signatures as it gives full control over the assets to any one of the members. Also, avoid setting the threshold at maximum capacity (e.g. 5/5) as it can result in losing access to all assets if a member loses his private key.
- When setting a time lock ensure you are comfortable with its duration so your funds remain accessible when needed. Avoid a too long period (e.g. 1 month) if you expect to manage your assets regularly.
- Always ensure each members keeps a backup of their private keys used for the multisig and that the threshold allows for easy replacement of a lost/compromised key. Recommend members to use cold wallets to protect their private keys.
- Monitor active spending limits to ensure they still make sense for your operations. They should be reserved for trusted members only. They should be frequently updated to align with changing organizational needs or if a member is no longer part of the project.
- Ensure you always have enough members with all three roles, so you can always perform transactions to access your assets. Leaving only one member with the executor role could affect the assets stored within the multisig if this member loses his private key.
- Lastly, there is no better way to learn multisig best practices than by setting up a multisig for testing. Test with a small amount first and before adding more funds ensure:
- all members understand the process,
- your multisig setup works as expected.
Squads Labs is a company that is the main contributor to Squads Protocol and is responsible for developing the Squads platform. Squads Labs has been developing Squads Protocol since May 2021. Squads Protocol v3 was the first multisig program on Solana made immutable. Squads Protocol v4, launched in October 2023, will also be made immutable in the coming months. They are trusted and used by over 100 teams in the ecosystem such as Jupiter, Pyth, Raydium, Marginfi, Drift, Helius, Kamino, Jito, Frakt, Helium and many others. Their partners and investors include Multicoin Capital, Placeholder, 6th Man Ventures, Jump Crypto, L1 Digital, Collab+Currency, Delphi Digital, Reciprocal Ventures, Solana Ventures.
In the unlikely event that the Squads app would be unavailable for a long period, they have put in place multiple options to allow users to access their assets:
This is an open-source interface that allows you to interact with the Squads program where your assets sit. You can fork it and host it locally to access your Squads account(s) and then, for instance, withdraw your assets. The Squads minimal UI can be found on our official GitHub: https://github.com/Squads-Protocol/squads-v4-public-ui Note that this UI primarily focuses on emergency actions (e.g. withdrawing funds or programs) in case the Squads main app is inaccessible for too long. We do not encourage using it as your main app as it is not optimized and far from the experience you get on app.squads.so . Another way to interact with your Squads account(s) is through the Command-line interface (CLI) we have built. The Squads CLI has exactly the same wallet support as the Solana CLI, which means it supports file system wallets as well as Ledger hardware wallets. This CLI can be used from any computer terminal to access your assets stored on Squads.
Additionally, we also have an SDK for those ready to build their own simple UI to interact with the Squads program and access their assets that way rather than via the official Squads app.
The Squads SDK can be found here: https://www.npmjs.com/package/@sqds/multisig. Interacting with an SDK requires developer knowledge and is best suited for technical users. If you have limited technical skills or need quick access to your assets, we recommend using the Squads minimal UI or the CLI tool. We will be abstracting the Squads functionality we require in the future, into our own custom site and app companion, to be called, DPA Manager.