security best practices
Snow-Fall is designed to be non-custodial, but safe multisig operations also depend on user behavior.
Use this checklist before signing or broadcasting transactions.
Never share secrets
Never share:
Snow-Fall never needs those secrets.
Verify every transaction field
Before signing, review:
Use trusted communication channels
When coordinating signatures, use known team channels.
Confirm unusual requests through a second channel, especially for high-value transactions or urgent requests.
Avoid pressure signing
Do not sign because someone says it is urgent.
A common attack pattern is to create pressure and reduce review time. Slow down, verify details, and ask another signer to review.
Prefer hardware wallets
When possible, use hardware wallets for signer accounts.
Hardware wallets help keep private keys away from everyday computers and browsers.
Separate signer roles
Avoid having all signers controlled by the same person, same machine, or same browser profile.
A multisig is strongest when signer access is separated.
Review payload hash
The payload hash helps verify that signers are approving the same transaction.
If the payload hash changes unexpectedly, stop and investigate.
Keep audit logs
Audit logs help answer:
Review audit logs after important operations.
Test before large operations
For a new multisig or new chain, make a small test transaction first.
Stop when uncertain
If a field is unclear, do not sign. Ask the team to verify the transaction details.