Integrating W3OSC's Multisig content into Frameworks #303
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduced a new section for Multisig, including links to Overview, Signing & Verification, Private Key & Seed Phrase Management, and Tools & Resources. - Enhanced navigation structure to improve user access to multisig-related content.
- Updated navigation links to reflect new structure for the Multisig section. - Added detailed subsections including General Rules, Multisig Administration, and For Signers with specific links for better user guidance. - Improved overall organization to facilitate easier access to multisig-related content.
- Enhanced the Multisig for Protocols section by adding detailed subsections and improving navigation links for better user experience. - Updated links in various documents to ensure consistency and accessibility, including links to related topics such as Emergency Procedures, General Rules, and Hardware Wallet Setup. - Added frontmatter tags and contributor information to relevant documents for better categorization and attribution.
- Corrected links in offboarding, ongoing management, planning and classification, and setup and configuration documents to ensure they point to the correct sections. - Enhanced clarity and accessibility of documentation by standardizing link formats.
- Updated the formatting of "Safe{Wallet}" to "Safe\{Wallet\}" for consistency across the backup infrastructure and signing when UI is down documentation.
- Ensured uniformity in documentation presentation to enhance clarity.
- Updated the financial exposure thresholds in the planning and classification section to use escape characters for less than and greater than symbols for improved clarity. - Ensured consistent formatting across the documentation to enhance readability and maintain standards.
- Replaced local image paths with direct links to hosted images for better accessibility and consistency across the documentation. - Removed obsolete image files to streamline the asset management.
- Added new contributor profiles for Isaac Patka, Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella, including their roles, company affiliations, and social media links. - Enhanced the contributors.json file to reflect the expanded contributor base and improve attribution in documentation.
…tion - Reformatted the list of prohibited practices for better clarity and emphasis. - Ensured consistent presentation of security guidelines to enhance user understanding.
…mplementation Checklist' - Changed references in the vocs.config.ts, general-rules.mdx, and overview.mdx files to reflect the new 'Implementation Checklist' terminology. - Deleted the outdated 'training-checklist.mdx' file to streamline documentation and avoid confusion.
- Updated the profiles of Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella to set their GitHub and Twitter links to null, reflecting a change in their social media presence. - Ensured the contributors.json file remains accurate and up-to-date for proper attribution in documentation.
…w documentation - Deleted the Emergency Contacts subsection to streamline the content and focus on essential information. - Ensured the overview remains concise and relevant for users seeking guidance on multisig operations.
…tation - Updated the Quick Start section to provide clearer guidance for new users, including direct links to relevant subsections for setup, signing, and emergency procedures. - Enhanced the structure to improve navigation and accessibility of essential information for multisig operations.
…view documentation - Revised the reference to minimum security standards to include a direct link for better accessibility. - Ensured clarity in the core principles section to enhance user understanding of security requirements.
…isig documentation - Adjusted the order of entries in the use case table for better logical flow and readability. - Ensured that the table maintains clarity in presenting impact, operational needs, and standard thresholds for multisig operations.
…fication section of Multisig documentation. Ensured consistent presentation to enhance clarity and readability for users.
…ion to direct users to the Registration & Documentation page for improved navigation and clarity.
…on by replacing the detailed template with a direct link to the new template location in the Registration & Documentation page, enhancing user navigation and clarity.
…ocumentation in the multisig for protocols guide to streamline content and focus on essential classification guidance.
…anning and classification documentation by specifying higher thresholds for upgrades (7/9+), enhancing guidance for users on operational assessments.
…protocols to enhance clarity and readability.
…uidance - Removed the 'Seed Phrase Security' page and integrated its content into the 'Private Key Management' section for improved clarity and accessibility. - Updated links across various documentation pages to reflect the new structure, ensuring users are directed to the consolidated guidance on seed phrase and private key management. - Enhanced the overall organization of multisig protocols documentation to streamline user navigation and understanding.
…ith 'Seed Phrase Management' - Renamed all instances of 'Private Key & Seed Phrase Management' to 'Seed Phrase Management' across various documentation pages for consistency and clarity. - Removed the 'private-key-management.mdx' file as its content has been integrated into the updated structure, streamlining the documentation for wallet security. - Updated links in the multisig protocols documentation to direct users to the new seed phrase management guidance.
…d signatures - Included additional steps for users to publish verified signatures on Etherscan, improving the clarity of the verification process. - Emphasized the importance of entering plain text messages and ensuring the signature includes the 0x prefix for successful verification.
- Added 'pinalikefruit' as a reviewer alongside 'dickson' in multiple documentation pages to enhance the review process and ensure comprehensive oversight. - This change applies to various sections including administration, backup infrastructure, communication setup, and more, improving the collaborative aspect of documentation maintenance.
…ences - Removed the 'Backup Infrastructure' section and replaced it with 'Backup Signing & Infrastructure' across multiple documentation pages for clarity and consistency. - Deleted the outdated 'backup-infrastructure.mdx' and 'signing-when-ui-is-down.mdx' files, consolidating their content into the new structure. - Updated links and checklist items to reflect the new terminology, ensuring users have access to the most relevant and accurate information regarding backup procedures.
- Deleted the 'Ongoing Management' page and integrated its content into the 'Registration & Documentation' section for improved clarity and organization. - Updated references across multiple documentation pages to reflect this change, ensuring users have access to consolidated management procedures. - Enhanced the overall structure of the documentation to streamline user navigation and understanding.
…erences with 'Use Case Specific Requirements → Timelock Configuration' - Removed direct links to the 'Timelock Configuration' page and updated them to point to the relevant section within 'Use Case Specific Requirements' for better context and navigation. - Enhanced clarity by adding a dedicated 'Timelock Configuration' section within the 'Use Case Specific Requirements' page, providing detailed guidance on its implementation and considerations. - Updated multiple documentation pages to reflect these changes, ensuring consistency and improved user experience.
- Removed duplicate 'Registration & Documentation' entry for clarity and conciseness. - Deleted the 'Backup Signing & Infrastructure' link to simplify the overview and focus on essential topics. - Updated the structure of the overview section to enhance user navigation and understanding of multisig protocols.
- Removed empty 'Overview' entries in the table of contents for 'Multisig Administration' and 'For Signers' sections to enhance readability. - Updated links in various sections to provide clearer references, such as changing 'Section 2.3' to 'Signer Rotation' and 'Section 2.1' to 'Thresholds & Configuration'. - Streamlined documentation by ensuring consistent terminology and improving user guidance throughout the multisig protocols.
Collaborator
Author
|
moving to draft now since we're waiting for some reviews |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
|
||
| **Secure Distribution** | ||
|
|
||
| Give shards to trusted family members, put in bank safe deposit boxes, and keep hidden around your house. |
Contributor
There was a problem hiding this comment.
I would tend to disagree here. At least for self custody it's considered bad practice to keep physical hardware devices or backup recovery phrases at your house.
Now, maybe you can make the argument that this isn't self custody because it's for a DAO/company/institution, but I would think that best practices for private key storage whether it's your or someone else's money apply in both cases.
Collaborator
Author
There was a problem hiding this comment.
Hmmmm like it's not good practice to keep any shards of the seed phrase at home? A bit paranoid but I can remove the "and keep hidden around your house". Imo if it's just a shard it's not too bad though
Contributor
There was a problem hiding this comment.
I guess it depends on your threat model. If kidnapping is considered a real risk for an individual, then they should absolutely not keep backup shards in their house since in a kidnapping scenario they want it to be as hard as possible to recover their private keys.
docs/pages/wallet-security/intermediates-&-medium-funds.mdx
Outdated
Show resolved
Hide resolved
Co-authored-by: Elliot <[email protected]>
- Improved formatting by breaking long sentences into shorter, clearer statements. - Enhanced readability of the simulation notes section regarding timelocks by adjusting line breaks. - Ensured consistency in the presentation of critical signing steps and verification processes.
- Added a warning about the potential for simulation spoofing across multiple documentation pages, emphasizing the need for critical thinking and good judgment during transaction reviews. - Ensured consistency in the presentation of simulation notes to improve user awareness of risks associated with transaction simulations.
… guidelines - Removed the section on supply chain integrity to streamline content and focus on essential physical security measures for hardware wallets. - Improved clarity by emphasizing the importance of physical security in asset storage.
…lines - Reformatted the list of prohibited practices for better clarity and emphasis. - Added a note to avoid storing seed phrases in password managers, reinforcing security best practices. - Clarified the importance of using trusted devices and avoiding untrusted sources for seed phrase management.
…security warnings - Added a section on advanced contract-level controls, emphasizing the importance of thorough research, auditing, extensive testing, and understanding risks before implementation. - Provided guidelines to ensure users are aware of the potential consequences of incorrect configurations or incompatible guards.
- Introduced a new section on hardware wallets, highlighting their security benefits and the importance of keeping private keys offline. - Included a link to a comprehensive review of the top cryptocurrency hardware wallets for 2025, detailing security features and usability recommendations.
Co-authored-by: Elliot <[email protected]>
Co-authored-by: Elliot <[email protected]>
- Added a warning about the risks associated with custom encryption schemes, emphasizing the potential for permanent inaccessibility of funds if the method is forgotten. - Clarified that seed phrases should never be stored in plain text or on internet-connected devices, and provided optional encryption methods for additional protection.
… documentation - Added a note on the risks of unencrypted seed phrases, highlighting the permanent compromise of wallets if discovered. - Emphasized the potential for forgetting encryption methods when restoring wallets, while noting the low likelihood of discovery if stored securely.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Frameworks PR Checklist
Integrating W3OSC's Multisig content into Frameworks.
From: https://github.com/W3OSC/web3-opsec-standard/blob/main/requirements/01-wallet-multisig.md
And: https://github.com/W3OSC/web3-opsec-standard/blob/main/guides/multisig-ideal-setup.md#transaction-review-process
vocs.config.tsadding thedev: trueparameter