Here are our guideline for self-custody of project or DAO funds. Always use Gnosis Safe with multiple people and different wallets and separate devices (2FA with OTP) for $10K+ funds. No need for hardware wallets, but Google Authenticator.
- Minimum 3-out-of-6 multisignature setup:
- three people, each with two separate wallets on different devices
- non-overlapping passwords or authenticators
- freshly-created passwords and brand-new addresses without history
- Support Wallet Connect for Gnosis Safe
- Support Two-Factor or Multi-Factor Authentication (2FA or MFA) using One-Time-Password (OTP) like Google Authenticator
- Support low-fee and decentralized networks like Harmony, Polygon and Arbitrum
Gnosis Safe Setup
- Three persons (A, B, C), each setups 2 wallets (1 and 2)
- To diversify risks, use both 1Wallet and MetaMask
- To diversify risks, use both desktop and mobile devices
- For Gnosis Tx Signing on mobile, use Chrome or disable "Block Pop-ups" for Safari on iPhone's settings
- For Polygon networks, use MetaMask on desktop and use imToken on mobile devices with 2FA
- Store the login password for MetaMask using 1Password manager
- Use this uncommon setup to avoid the theft of the seed phrase: Do NOT backup the seed phrase. These wallets store trivial amounts of funds for gas fees only. In our 3-out-of-6 multisig Gnosis Safe here, the loss of a single MetaMask wallet has minimal impact – compared to a hacker gaining one third of access. The lost wallet can be easily replaced by a new one in the Gnosis Safe with approvals.
- To surpass the "Protect Your Wallet" reminder, you may go through the backup process but destroy the copy of the seed phrase right away. Do NOT use "Back up again" or "Reveal Recovery Secret Phrase" under "Security & Privacy".
- Copy addresses in Ethereum format and 1wallet's label on Authenticator to the section below
- Copy URLs of Gnosis's transactions (T1-T4) and final funding tx (T5) below
- Person A funds 10 ONE tokens to all 6 addresses for the gas fees of approvals
- T1: Person A creates a fresh Gnosis Safe with all 6 addresses. (Note that creating a safe then adding 5 additional addresses as owners create a known backdoor. Owners are responsible for all transactions hereafter.)
- T1x: A funds the new Safe with 10 ONE tokens
- T2: C1 sends 1 ONE to Address A2 via approvals by A1 and B1
- T3: B1 sends 1 ONE to C1 via approvals by A2 and C2
- T4: A1 sends 1 ONE to B2 via approvals by A2 and B2
- T5: A funds with $25K or more ONEs
- If necessary, configure "New Spending Limit" for USD $1K daily in ONE tokens. Unlike Argent, Gnosis Safe has no tools for capping the total wallet spend per day.
- Repeat test runs of T2 & T3 & T4 as audit every month (or every quarter for <$50K)
MetaMask Setup for Harmony (only Firefox/Brave/Edge, no Safari)
(Or, search and click "Connect Wallet" for "Harmony Mainnet Shard 0" on https://chainlist.org. Use MetaMask's builtin browser for mobile.)
- Network Name: Harmony Mainnet
- New RPC URL: https://api.harmony.one
- Chain ID: 1666600000
- Currency Symbol: ONE
- Block Explorer URL: https://explorer.harmony.one/
- Security & Privacy: Participate in MetaMetrics: OFF
- Network Name: Polygon Mainnet
- New RPC URL: https://polygon-rpc.com
- Chain ID: 137
- Currency Symbol: MATIC
- Block Explorer URL: https://polygonscan.com
MetaMask & Gnosis Safe on Mobile
- Open the full URL inside MetaMask's browser (NOT Safari Mobile).
- Click the left top menu bar, pick "Browser" (right above "Wallet" and "Trasnaction History")
- Enter Safe's URL such as https://multisig.harmony.one/#/safes/0x1cd1c10cB980E6ce4C02de3241dda037361e1dE7
imToken on Mobile
- Click "Wallet" icon on the lower left corner
- Click the network pulldown menu (default: Ethereum) below "Wallet" at the top middle
- Click the "Setting" icon at the top on the right side of "Network switch"
- Click the "Plus" icon at the top on the right side of "Ethereum Node Settings"
- Select "Adding Quickly", then search under "EVM Box"
- Add for "Harmony Mainnet Shard 0" mainnet
Sushi Swap via Gnosis Safe
- Click “New Transaction” then “Contract Interaction”
- Contract address: 0x1b02dA8Cb0d097eB8D57A175b88c7D8b47997506
- Contract data in hex: 0x7ff36ab500000000000000000000000000000000000000000000000000000000014966db000000000000000000000000000000000000000000000000000000000000008000000000000000000000000044b41f1e72b2d6c7f6429724e4dde9609e3b9e1f000000000000000000000000000000000000000000000000000000006165d6dd0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000cf664087a5bb0237a0bad6742852ec6c8d69a27a0000000000000000000000003c2b8be99c50593081eaa2a724f0b8285f5aba8f
- The user should save 1wallet to home screen. When they do, the data will be retained indefinitely. Otherwise, Safari mobile will automatically wipe the storage if the user uses Safari mobile for 7 days without ever interacting with 1wallet. See primarily https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/ “7-Day Cap on All Script-Writeable Storage” and “A Note On Web Applications Added to the Home Screen” See also similar concern raised in nearwallet but left unresolved https://github.com/near/near-wallet/issues/479. See also discussions in https://news.ycombinator.com/item?id=22686602
- Potential points of vulnerabilities are (1) how GnosisSafe::setup is called at the client (a backdoor
fallbackHandlercan be set there) (2) whether any malicious modules are activated by default (they skip owner authorization) (3) how the client interacts with ProxyFactory (a hacked singleton can be deployed there)
Sushi Swap via Gnosis Safe