Threshold Change Runbook
Engineer/DeveloperSecurity SpecialistMultisig Security
This is an example runbook. Review and customize it for your protocol before use. Adjust threshold requirements to match your organization's policies.
Quick Reference
| Field | Value |
|---|---|
| Typical Severity | Routine |
| Required Threshold | Current threshold |
| Owner | Multisig Admin |
| Last Updated | Date |
When to Use
- Increasing threshold for higher security
- Decreasing threshold for operational efficiency
- Adjusting after signer count changes
Prerequisites
- Justification documented
- New threshold meets policy requirements:
- Minimum 50% of signers
- Avoid
N of Nconfigurations
- If decreasing: approval from security contact
- All signers notified of change
Policy Requirements
| Multisig Type | Minimum Threshold |
|---|---|
| Standard | 50%+ |
| Treasury ($1M+) | 50%+ with 7+ signers |
| Emergency | Can be lower (2/4 typical) |
| Smart Contract Upgrades | Consider 7/9+ |
EVM (Safe) Procedure
1. Create Transaction
Proposer:
- Go to Safe
- Settings > Setup > Owners
- Click "Change threshold"
- Select new threshold from dropdown
- Create transaction
2. Verify Transaction
Each signer must:
[ ] Transaction is ONLY changing threshold (no other changes)
[ ] New threshold value is correct
[ ] New threshold meets policy requirements
[ ] No signers being added or removed in same transaction
[ ] Message hash matches hardware walletSimulation check:
- Should show
changeThresholdcall to Safe - New threshold value matches intended
3. Sign and Execute
- Verify hash on hardware wallet
- Sign immediately after verification
- Message: "Signed - [X/Y] - [your name]"
- Stay available until executed
- Last signer executes once threshold is reached
4. Verify
- Check Safe settings show new threshold
- Test that the next transaction requires new threshold
Solana (Squads) Procedure
1. Create Proposal
- Go to Squads Multisig
- Configuration > Change Threshold
- Select new threshold
- Create proposal
2. Verify Proposal
[ ] Proposal is ONLY changing threshold (no other changes)
[ ] New threshold value is correct
[ ] New threshold meets policy requirements
[ ] No members being added or removed in the same proposal
[ ] Hardware wallet display matches expected threshold change3. Sign and Execute
- Verify proposal details on hardware wallet
- Sign immediately after verification
- Message: "Signed - [X/Y] - [your name]"
- Stay available until executed
- Last signer executes once threshold is reached
4. Verify
- Check Squads settings show new threshold
- Test that the next transaction requires new threshold
Post-Change
- Update registration or internal documentation with new threshold
- Notify all signers of new threshold
- Update any documentation referencing old threshold
Common Scenarios
Adding Signer + Adjusting Threshold
When adding a signer, it is often appropriate to increase threshold.
Option 1: Two transactions
- Add signer (threshold stays same)
- Increase threshold
Option 2: Single batch transaction (EVM)
- Use Transaction Builder
- Batch
addOwnerWithThreshold(sets new threshold automatically)
Removing Signer + Adjusting Threshold
When removing a signer, plan final signer count and threshold together:
- If needed, reduce threshold first or in the same change window
- Ensure the final configuration still meets policy requirements and avoids
N of N