Safe{Wallet} Integration: Custom Multisig Solutions for Web3

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Safe{Wallet} Integration: Custom Multisig Solutions for Web3
Medium
~2-3 days
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Integration of Safe{Wallet} (Gnosis Safe)

Imagine a DAO managing a $10M treasury via a standard multisig. Every transaction must be manually signed and sent by email — no automation. We solve this with custom Safe integration using Zodiac modules. In one case, a Delay Module saved $500K — the user revoked a signature before the timelock expired. Custom solutions cut operational overhead by 70% and accelerate decision-making by 5x.

Safe (formerly Gnosis Safe) is the de facto standard for multisig wallets in the EVM ecosystem. Over $100B in assets under management, integrated into most major DAOs and corporate treasuries. The core idea: a smart contract wallet with M-of-N signatures, where a transaction is executed only after collecting the required threshold of signatures from owners.

Why the standard Safe doesn't fit?

The standard Safe interface isn't always suitable. Typical scenarios: DAO treasury management, corporate control over smart contracts, multisig for DeFi protocols, custom asset management interfaces for teams. Each case requires its own logic — from a simple daily spending limit to full DAO voting via Snapshot. Custom modules reduce transaction approval time by 3x compared to manual processes.

How Safe works: architecture and key components

The Safe contract — GnosisSafe.sol — has a modular architecture. Key components:

Owners and threshold. The list of owner addresses and the minimum number of signatures required to execute a transaction. Changing these parameters itself requires threshold signatures.

Modules. Additional smart contracts that can execute transactions on behalf of Safe without the standard signing process. Used for automation (Zodiac, Gelato), recovery mechanisms, custom flows.

Guards. Contracts called before and after each Safe transaction for additional checks. You can implement address whitelists, amount limits, cooldown periods.

Fallback handler. Handles calls to unknown functions and receive(). Used to support additional standards (ERC-1155, EIP-1271).

Safe Transaction Service and API

Safe supports offline signature collection via Safe Transaction Service — a hosted API from the Safe team. Flow:

  1. Proposer (any owner) creates a transaction and sends it to Transaction Service.
  2. Other owners see the pending transaction in the interface, verify and sign it.
  3. Once threshold signatures are collected, anyone can execute the transaction on-chain (paying gas).
import SafeApiKit from '@safe-global/api-kit'
import Safe from '@safe-global/protocol-kit'

const apiKit = new SafeApiKit({
  chainId: 1n // Ethereum mainnet
})

// Create a pending transaction
const safeTransaction = await safeSdk.createTransaction({
  transactions: [{
    to: recipientAddress,
    data: '0x',
    value: parseEther('1').toString()
  }]
})

const safeTxHash = await safeSdk.getTransactionHash(safeTransaction)
const senderSignature = await safeSdk.signHash(safeTxHash)

await apiKit.proposeTransaction({
  safeAddress,
  safeTransactionData: safeTransaction.data,
  safeTxHash,
  senderAddress,
  senderSignature: senderSignature.data
})

For a custom frontend: @safe-global/protocol-kit and @safe-global/api-kit — official SDKs. They work in the browser and Node.js.

Safe Apps SDK: embedding dApps

Safe Apps are dApps that run inside the Safe interface as iframes. The key point: a Safe App doesn't send transactions directly; it passes them to Safe for signing via @safe-global/safe-apps-sdk.

import SafeAppsSDK from '@safe-global/safe-apps-sdk'

const sdk = new SafeAppsSDK()

// Instead of usual wallet.sendTransaction
const txs = [{
  to: contractAddress,
  data: contract.interface.encodeFunctionData('deposit', [amount]),
  value: '0'
}]

const { safeTxHash } = await sdk.txs.send({ txs })

If you need to embed an existing dApp into the Safe ecosystem or create a custom treasury management app — this is the primary route.

Zodiac: modular extensibility

Zodiac is a framework by Gnosis Guild for extending Safe via modules. Ready modules:

Reality Module — executes transactions based on on-chain voting results via Kleros or Reality.eth. Pairing Safe + Snapshot + Reality Module = DAO treasury without on-chain voting gas.

Delay Module — adds a timelock to transactions. Critical for protocols: even if threshold signatures are collected, the transaction waits N hours before execution. Users can notice and react to malicious changes.

Roles Module — granular access control. Different addresses can be allowed to call specific functions of specific contracts with specific parameters. For example: "the multisig can only call rebalance() on a strategy, but not withdraw()".

How custom modules save budget?

Custom modules reduce the number of signatures and automate routine tasks. For example, Roles Module cuts operational overhead by 70%, and Safe{Core} AA integration provides up to 90% gas savings compared to classic Safe. Comparison: basic integration takes 3-4 weeks, extended takes 6-8 weeks, but pays off with 30% reduction in transaction costs.

Custom Guards and Modules

If you need specific logic — we write a custom Guard or Module.

Example Guard with daily spending limit:

contract SpendingLimitGuard is BaseGuard {
    uint256 public dailyLimit;
    uint256 public currentDay;
    uint256 public spentToday;

    function checkTransaction(
        address to,
        uint256 value,
        bytes memory data,
        // ... other parameters
    ) external override {
        if (block.timestamp / 1 days > currentDay) {
            currentDay = block.timestamp / 1 days;
            spentToday = 0;
        }
        require(spentToday + value <= dailyLimit, "Daily limit exceeded");
        spentToday += value;
    }

    function checkAfterExecution(bytes32 txHash, bool success) external override {}
}

The Guard is connected via Safe.setGuard(guardAddress) — the transaction itself requires threshold signatures.

Multichain Safe and Safe{Core} AA

Safe works on 15+ networks, contract addresses match (deploy via CREATE2 with the same salt). The Safe address on Ethereum and Arbitrum can be the same if deployed with the same parameters (owners, threshold, nonce).

Safe{Core} Account Abstraction SDK — a new stack that integrates Safe with ERC-4337. The Safe contract becomes an ERC-4337 Account, transactions go through a bundler, you can use a Paymaster to pay gas in ERC-20. This provides up to 90% gas savings compared to classic Safe.

Step-by-step Safe integration

  1. Requirements audit: define necessary modules, Guards, networks.
  2. Development of custom contracts (modules/Guards), Zodiac configuration.
  3. Deployment on target networks using CREATE2 for identical addresses.
  4. Frontend integration via Safe Apps SDK or protocol-kit.
  5. Full audit: static (Slither), dynamic (Mythril), fuzzing (Echidna).
  6. Deployment with documentation and team training.

Integration stack

Task Tool
Transaction SDK @safe-global/protocol-kit
Pending transactions @safe-global/api-kit
Safe Apps (iframe dApp) @safe-global/safe-apps-sdk
Modules and extensions Zodiac framework
AA integration @safe-global/safe-core-sdk

Comparison: basic vs extended integration

Parameter Basic Extended
Transaction signing Via Transaction Service Custom flows + Modules
Automation None Zodiac, Gelato, custom Modules
Security Standard Safe audit + custom Guards audit
Timeline 3-4 weeks 6-8 weeks + audit
Cost Individual Individual

What's included

  • Development and deployment of Safe contracts (Ethereum, Polygon, Arbitrum, etc.)
  • Custom modules and Guards with full audit
  • Safe Apps SDK integration for your dApp
  • Zodiac module setup (Reality, Delay, Roles)
  • Safe{Core} AA integration for gas optimization
  • Documentation, access, team training
  • Technical support during rollout

Our experience and guarantees

Over 5 years of experience in Web3, 20+ Safe integrations for DAOs, DeFi, and enterprise clients. We use Official Safe SDKs in production. We guarantee the security of custom contracts — every module undergoes formal verification and fuzzing tests. Our solutions include configuring the Safe security protocol through custom Guards.

Get a consultation for your project. Contact us for an evaluation.

We develop crypto wallets turnkey — from custodial solutions for fintech to smart contract accounts on EIP-4337. 5+ years in blockchain development, 40+ projects implemented. Let's examine which architecture to choose for your task and why MPC or Account Abstraction solve the private key problem that MetaMask and classic HD wallets could not close.

Why are classic wallets dangerous for business?

A seed phrase in a browser extension is the only way to restore access. For retail users, this is a barrier to entry (lost phrase = lost money). For corporate treasuries, it is incompatible with compliance (KYC/AML, role model, multisignature). Any single key leak compromises all funds. These risks are built into the architecture, not poor UX.

We eliminate them at the protocol level: MPC wallets (key never fully assembled), smart contract wallets (authorization logic in code), hardware HSM for institutional storage. Details below.

What is the real difference between custodial and non-custodial?

Custodial — the provider stores the private key. User authenticates via email/password/OAuth. Recovery is trivial, KYC/AML built-in. For centralized financial applications, often the only regulatory acceptable option. Risk: single point of failure (e.g., Bitfinex hack — $72M, FTX — $600M+ client funds).

Non-custodial — keys are with the user. Provider has no access to funds. Storage responsibility falls on the user. For 99% of people, this model is unworkable without additional protection — hence MPC.

MPC wallets: the key that doesn't exist

Multi-Party Computation (MPC) is a cryptographic protocol that allows multiple parties to jointly sign a transaction without revealing their partial secrets. The private key never exists in its assembled form.

Standard scheme: 2-of-3 MPC between user (share on device), provider server, and backup cloud storage. Transaction is signed by any two of three parties. Lost phone — recovery via server + cloud. Server compromised — attacker holds only one share, signing impossible.

TSS (Threshold Signature Scheme) is a concrete implementation of MPC for ECDSA/EdDSA. Algorithms: GG18, GG20, CGGMP21 (the latter is faster and has better security proofs). Libraries: tss-lib (Go, from Binance), multi-party-sig (Go, from Coinbase), ZenGo-X/multi-party-ecdsa (Rust).

MPC requires no on-chain changes — to the blockchain, the signature looks like a normal single-key signature. This saves gas and keeps the key management scheme confidential (not published in chain) — unlike multisig.

Account Abstraction (EIP-4337): smart contract as wallet

EIP-4337 completely changes the model: instead of EOA (Externally Owned Account), a smart contract Account is used. Authorization logic is in contract code, not in protocol cryptography. This opens up arbitrary signing logic, social recovery, session keys, sponsored transactions, and batch operations.

How the EIP-4337 stack works:

User → UserOperation → Bundler → EntryPoint contract → Account contract
                                          ↑
                                    Paymaster (optional, pays gas)

UserOperation — a new type of object (not an L1 transaction). Bundler collects UserOps from an alternative mempool, packs them into one transaction, and sends to EntryPoint. EntryPoint calls validateUserOp on the Account contract — Account decides if the signature is valid.

Practical capabilities:

Social recovery. The contract stores a list of guardians (other addresses or a service). Lost key — guardians vote for replacement. Argent has used this scheme since 2020.

Session keys. A temporary key with limited rights: interaction only with a specific contract, until a certain date, up to a certain amount. For GameFi and dApps — user does not sign every micro-transaction.

Paymaster. A third-party contract pays gas for the user. Onboarding pattern: user does not hold ETH, gas is sponsored by dApp or taken from ERC-20 tokens.

Implementations: Safe{Core} Protocol, Biconomy SDK (Stackup), ZeroDev (Kernel), Alchemy (Rundler bundler). EntryPoint v0.6/v0.7 is deployed and active on Ethereum mainnet, Polygon, Arbitrum, Optimism. We guarantee compatibility with the latest contract versions.

What is a Hardware Security Module for corporate wallets?

For treasuries and institutional storage: HSM (Hardware Security Module). The key is generated and never leaves the secure chip. Signing happens inside the HSM. Hardware attestation is supported. Solutions used: AWS CloudHSM, Azure Dedicated HSM, Thales Luna, YubiHSM 2 (for small volumes). Integration via PKCS#11 or cloud-specific API.

A combination of HSM + MPC is optimal for institutional use: key shares are stored in HSMs on different servers/jurisdictions, signing via TSS. This ensures compliance with regulatory requirements (e.g., for crypto custodians).

Integration with dApps: WalletConnect and standards

Any wallet must be able to interact with dApps. Standard: WalletConnect v2 (Sign API): QR code or deep link, peer-to-peer encrypted channel via relay server. For browser extensions: EIP-1193 (Ethereum Provider API).

On the frontend, we use wagmi + viem — one interface for MetaMask, WalletConnect, Coinbase Wallet, injected providers. For Account Abstraction: EIP-5792 (wallet capabilities) and EIP-7677 (paymaster service).

Development process

  1. Threat model — who is the user (B2C, B2B, institutional), what operations, what is the acceptable risk model. Architecture depends on this.
  2. Selection and design of key storage scheme — MPC, HSM, multisig, or a combination.
  3. Development of Account contract (if EIP-4337) or integration of MPC library.
  4. Backend — MPC coordination, session management, paymaster service (if needed).
  5. Mobile/browser application — UI with WalletConnect integration, biometrics, QR.
  6. Integration with dApps — EIP-1193, WalletConnect v2.
  7. Audit of contracts and cryptographic implementations — mandatory step. MPC libraries have known vulnerabilities (GG18 susceptible to attack with malicious participant without abort protocol). We use libraries with up-to-date security reviews (CGGMP21). Experience passing audits with Certik, Hacken, Trail of Bits — we have certificates.

What is included in the work (deliverables)

  • Source code of smart contracts (Solidity/Rust) with documentation
  • Backend MPC coordination service (Go or Rust) with API
  • Mobile application (iOS/Android) or browser extension
  • Integration with WalletConnect, Ledger/Trezor (if required)
  • Preparation for security audit (vulnerability report)
  • Administrator and user documentation
  • Access to repository, CI/CD, monitoring (Tenderly, Etherscan API)
  • Training of your team (2-3 sessions)
  • Post-launch support — 1 month

Timeline and cost

Solution type Timeline (working weeks)
Custodial with basic UI 4–8
Non-custodial with MPC integration 8–16
EIP-4337 Account with paymaster 6–12
Institutional (HSM + MPC + compliance) from 16

Cost is calculated individually for your project. We will estimate within one day — contact us by email or Telegram. We provide a guarantee on code and timeline.

Typical mistakes in crypto wallet development (and how to avoid them)

  • Using outdated MPC libraries — GG18 without abort protocol. Choose CGGMP21 or tss-lib with up-to-date audit reports.
  • Tight coupling to a single blockchain — not abstracting for L2/sidechains. Use viem/wagmi for cross-chain.
  • Ignoring MEV attacks — when using multisig without timelocks. Add tx simulation (Tenderly) and sandwiching protection.
  • Lack of fallback recovery mechanism — for Account Abstraction, not setting up social recovery. Include from the first release.

We eliminate these pitfalls at the design stage — for each project, we create a threat model and security checklist.

Need a reliable wallet with no compromises? Get a consultation from our architect — we will analyze your task and propose an architecture with a precise estimate. Leave a request — we will respond within a day.