Multisig for Protocols #239
Conversation
- Introduced a new section for Multisig, including links to Overview, Signing & Verification, Private Key & Seed Phrase Management, and Tools & Resources. - Enhanced navigation structure to improve user access to multisig-related content.
- Updated navigation links to reflect new structure for the Multisig section. - Added detailed subsections including General Rules, Multisig Administration, and For Signers with specific links for better user guidance. - Improved overall organization to facilitate easier access to multisig-related content.
- Enhanced the Multisig for Protocols section by adding detailed subsections and improving navigation links for better user experience. - Updated links in various documents to ensure consistency and accessibility, including links to related topics such as Emergency Procedures, General Rules, and Hardware Wallet Setup. - Added frontmatter tags and contributor information to relevant documents for better categorization and attribution.
- Corrected links in offboarding, ongoing management, planning and classification, and setup and configuration documents to ensure they point to the correct sections. - Enhanced clarity and accessibility of documentation by standardizing link formats.
- Updated the formatting of "Safe{Wallet}" to "Safe\{Wallet\}" for consistency across the backup infrastructure and signing when UI is down documentation.
- Ensured uniformity in documentation presentation to enhance clarity.
- Updated the financial exposure thresholds in the planning and classification section to use escape characters for less than and greater than symbols for improved clarity. - Ensured consistent formatting across the documentation to enhance readability and maintain standards.
- Replaced local image paths with direct links to hosted images for better accessibility and consistency across the documentation. - Removed obsolete image files to streamline the asset management.
|
@DicksonWu654 is attempting to deploy a commit to the Security Alliance Team on Vercel. A member of the Team first needs to authorize it. |
|
Used to be #220 but now it's here |
- Added new contributor profiles for Isaac Patka, Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella, including their roles, company affiliations, and social media links. - Enhanced the contributors.json file to reflect the expanded contributor base and improve attribution in documentation.
…tion - Reformatted the list of prohibited practices for better clarity and emphasis. - Ensured consistent presentation of security guidelines to enhance user understanding.
…mplementation Checklist' - Changed references in the vocs.config.ts, general-rules.mdx, and overview.mdx files to reflect the new 'Implementation Checklist' terminology. - Deleted the outdated 'training-checklist.mdx' file to streamline documentation and avoid confusion.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Hi @DicksonWu654 . Excellent contribution, This PR is under review, as soon as I have any feedback to provide, I will let you know ASAP. |
There was a problem hiding this comment.
This review calls for two main changes: structurally, the content needs to be unified by removing duplicate sections and relying on internal references while ensuring the guidelines are generic and not tied to specific products (like Safe or Solana), tools that help are welcome .
However, the most critical concern is the security section on alternative/backup UIs for signing, which must be reviewed by others to address how this practice enlarges the attack surface and if it is a good idea to recommend.
|
damn thankx for the detailed review! Will implement! |
- Updated the profiles of Geoffrey Arone, Louis Marquenet, and Pablo Sabbatella to set their GitHub and Twitter links to null, reflecting a change in their social media presence. - Ensured the contributors.json file remains accurate and up-to-date for proper attribution in documentation.
…w documentation - Deleted the Emergency Contacts subsection to streamline the content and focus on essential information. - Ensured the overview remains concise and relevant for users seeking guidance on multisig operations.
…tation - Updated the Quick Start section to provide clearer guidance for new users, including direct links to relevant subsections for setup, signing, and emergency procedures. - Enhanced the structure to improve navigation and accessibility of essential information for multisig operations.
…view documentation - Revised the reference to minimum security standards to include a direct link for better accessibility. - Ensured clarity in the core principles section to enhance user understanding of security requirements.
…isig documentation - Adjusted the order of entries in the use case table for better logical flow and readability. - Ensured that the table maintains clarity in presenting impact, operational needs, and standard thresholds for multisig operations.
…fication section of Multisig documentation. Ensured consistent presentation to enhance clarity and readability for users.
…ion to direct users to the Registration & Documentation page for improved navigation and clarity.
…on by replacing the detailed template with a direct link to the new template location in the Registration & Documentation page, enhancing user navigation and clarity.
…ocumentation in the multisig for protocols guide to streamline content and focus on essential classification guidance.
…anning and classification documentation by specifying higher thresholds for upgrades (7/9+), enhancing guidance for users on operational assessments.
…ferences and enhance security guidance - Deleted the 'General Rules' page and replaced references throughout the documentation with links to 'Secure Multisig Best Practices' for improved clarity and consistency. - Updated various sections to ensure all links point to the new best practices resource, enhancing user access to current security guidelines. - Streamlined documentation by removing redundant content and ensuring all references align with the latest security protocols.
|
Hey @DicksonWu654, pls dont forget to add the
Thanks a lot 🙏 |
…ed formatting - Reformatted import statements for consistency and readability. - Added access options for 'Eternal Safe' and 'Squads Public Client' with GitHub links for user convenience. - Improved clarity by adjusting formatting in various sections, including the use of italics for emphasis. - Updated fetched tags to include relevant categories for new documentation sections, ensuring accurate tagging and improved resource organization.
…ed clarity - Added 'dev: true' flags to various sections and items in the multisig documentation to indicate development status. - Updated links for 'Safe Multisig' and 'Squads Multisig' verification processes to reflect their development status. - Enhanced the 'Multisig for Protocols' section by marking all items as development-related, improving clarity for users regarding the current state of the documentation.
|
Ah oops let me add them! |
…and verification processes - Added detailed signing guidelines emphasizing the use of hardware wallets, secure environments, and communication protocols among signers. - Expanded sections on transaction verification for both SOL and USDS transfers, including step-by-step instructions and example interpretations of instruction data. - Improved clarity by restructuring content and adding links to relevant transaction simulation tools and resources. - Updated the signing process documentation to reinforce best practices and ensure signers are well-informed before executing transactions.
|
This is going to take a while to review. I think @pinalikefruit is already at it. But it is a pretty big PR, so give us time please 🙏🏽 |
|
fs no worries! |
docs/pages/multisig-for-protocols/backup-signing-and-infrastructure.mdx
Outdated
Show resolved
Hide resolved
- Updated the travel considerations section to improve clarity by removing emoji indicators and presenting the information in a straightforward list format. - Enhanced the organization of what to bring and what not to bring, ensuring users have clear and concise travel security recommendations.
…criptions - Centered the image for the Eternal Safe network selection and added a descriptive caption to enhance user understanding. - Improved visual presentation of the setup instructions for better clarity and engagement.
|
Hi again @DicksonWu654 , see that after implementing many changes, although sections were removed, changes were added to the Wallets section that were not included in the initial PR. I suggest opening another PR just for these specific changes in the Wallet Security section, as it can be overwhelming for reviewers since there are now more files to review and let this one only focuses on Multisig for Protocols. |
|
Okay I'm going to split the baby |
There was a problem hiding this comment.
Hi @DicksonWu654.
This PR is almost ready 🙌🏻. I just left a few comments, but nothing important.
I just left my comment stating that I disagree with recommending UI Alternatives. However, this recommendation comes from Shield3 and Opsec.
https://github.com/security-alliance/frameworks/pull/239/files?short_path=1394424#r2383375364
|
Hey @pinalikefruit thank you so much for the review! I went through it and I think it looks good now... Yeah for the UI recommendations you can ask Isaac or Pablo about that directly 😅 . I am but a messenger. |
|
I think for the other stuff we can resolve it in the other half of the child :) |
4 participants
Frameworks PR Checklist
Added a shitload of content from the technical document "Multisig best practices and Operation Security guide" that Shield3 and Opsek created. They are their own section as this multisig guide is for protocols. This guide will also be referenced in the multisig cert
Updated VOC Migration:
Now migrated and working with VOCs
Editted a bunch of small stuff for it to work now
The images which used to be in assets/ are now in AWS thanks to Sara!
Describe your changes, substitute this text with the information
If you are touching an existing piece of content, tag current contributors from the attribution list
If there is a steward for that framework, ask the steward to review it
If you're modifying the general outline, make sure to use
src/config/SUMMARY.developand notsrc/SUMMARY.md(I did it in both so I can see it)If you need feedback for your content from the wider community, share the PR in our Discord
Review changes to ensure there are no typos, see instructions below