← Back to Home

Security

Last updated: December 17, 2024

Our Commitment to Security

At MultiSub, security is our top priority. We implement multiple layers of security controls to protect your assets and data. Our framework combines multisig security with delegated operations, ensuring you never have to compromise between security and usability.

Smart Contract Security

Audited Contracts

All MultiSub smart contracts undergo rigorous security audits by reputable third-party firms. We follow industry best practices and continuously monitor for vulnerabilities.

Built on Zodiac

MultiSub is built as a custom Zodiac module, leveraging the battle-tested Safe multisig infrastructure. This ensures that your assets remain under the control of your Safe at all times.

On-Chain Enforcement

All security controls are enforced on-chain, including:

  • Spending limits with rolling time windows
  • Protocol allowlists per sub-account
  • Selector-based operation classification
  • Calldata verification for all transactions

Emergency Controls

Multiple emergency mechanisms are available to Safe owners:

  • Pause: Freeze all module operations instantly
  • Revoke Roles: Remove sub-account permissions immediately
  • Unregister Selectors: Block specific operation types
  • Remove Allowlists: Disable protocols from whitelist

Oracle Security

Our Chainlink Runtime Environment oracle provides additional security features:

  • Oracle freshness checks prevent stale data execution
  • Hard safety caps limit maximum spending even if oracle is compromised
  • Stateless design ensures verifiable and decentralized operation
  • Event-based state reconstruction for transparency

Data Privacy & Protection

We implement industry-standard security measures:

  • End-to-end encryption for sensitive data
  • Secure key management practices
  • Regular security assessments and penetration testing
  • Minimal data collection and retention policies

Best Practices for Users

To maximize your security when using MultiSub:

  • Never share your private keys or recovery phrases
  • Use hardware wallets for Safe signers
  • Set conservative spending limits for sub-accounts
  • Regularly review and audit sub-account permissions
  • Keep your browser extension and software up to date
  • Enable all available security features in Safe
  • Monitor transaction notifications and alerts

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email us at security@multisubs.xyz
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not exploit the vulnerability or access user data

We appreciate responsible disclosure and will acknowledge security researchers who help keep MultiSub secure.

Incident Response

In the event of a security incident, we have a comprehensive response plan that includes:

  • Immediate assessment and containment
  • User notification and guidance
  • Transparent communication about the issue and resolution
  • Post-incident analysis and improvements

Contact Us

For security-related inquiries, please contact security@multisubs.xyz

For general questions, reach out to contact@multisubs.xyz