Corporate Multisig: Integrating Safe{Wallet} for DeFi Projects

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Corporate Multisig: Integrating Safe{Wallet} for DeFi Projects
Simple
~1 day
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Corporate Multisig: Integrating Safe{Wallet} for DeFi Projects

Most DeFi teams overlook the nuances of setting up a multisig wallet. Safe{Wallet} (formerly Gnosis Safe) is the de facto standard a widely-used standard in the EVM ecosystem. Over $100B in assets are under its management, the code is heavily audited, and the built-in UI at the official interface gets you started in minutes. But a proper multisig setup is not just clicking "create": you need to choose the right owners, threshold, consider gas costs, and optionally attach a Guard for policy enforcement. Our team has 6+ years of experience with Safe multisig wallet deployments, managing over 50 configurations for DeFi projects with total treasury value exceeding $500M. We provide a guaranteed secure setup with a 30-day warranty and ongoing support. Compared to legacy multisig solutions, Safe provides 10x more security with its module ecosystem and Guard policy enforcement. Additionally, our standard setup costs start from $2,000, and by deploying on L2 you can save up to 90% on gas compared to Ethereum mainnet. We've helped configure treasuries for 30+ DeFi projects – and we know the pitfalls that await inexperienced users.

How to Choose Threshold and Owners?

Owners are addresses whose signatures the contract accepts. Each owner can be an EOA or a smart contract (e.g., another Safe). Use hardware wallet addresses for owners, not browser keys from MetaMask.

Threshold (M-of-N) is the number of signatures required to execute a transaction. For a team treasury: 3-of-5 or 2-of-3. Do not use 1-of-N for real funds – it's a single point of failure. Do not use N-of-N – losing one key locks everything. Comparison:

Threshold Security Operability Suitable for
1-of-2 low high personal wallets, test
2-of-3 medium good startups, small teams
3-of-5 high acceptable medium DAOs, funds
4-of-7 very high low large treasuries

Chain – Safe deploys separately on each network. The same Safe address can be obtained on different networks via the Safe Factory with the same saltNonce – useful for a multichain treasury with a single address.

Why Can a Multisig Be Vulnerable?

Without proper configuration, a multisig can become vulnerable: a wrong threshold leads to locked funds, missing a Guard allows unauthorized transfers, and weak owners lead to key theft. Our experience includes setting up Safes that have been running for 5+ years in DeFi projects, auditing configurations, and formally verifying Guard policies. A common mistake is storing all private keys on one Ledger device, only switching accounts. This violates the multisig principle: if the device is compromised, the attacker gets all keys. Each owner must be on a separate physical device. Lacking a Safe Guard can lead to losses exceeding $100k in a targeted attack.

What Risks Does Safe Guard Mitigate?

Safe Guard is a smart contract that is called before every transaction from the Safe. It allows adding policies: whitelist of recipient addresses, amount limits, prohibition of certain functions. Without a Guard, any 2-of-3 owners can send any transaction anywhere. With a Guard, an additional check logic is enforced that cannot be bypassed even with full quorum. The implementation is standardized in ISafeGuard. Describe your project, and we'll help choose the optimal Safe configuration for your team.

Signing and Executing Transactions

A transaction is created in the Safe UI or via SDK. Each owner signs off-chain (no gas). After collecting threshold signatures, anyone can call execTransaction on-chain and pay gas. This does not have to be an owner.

Operation Gas cost (Ethereum mainnet)
Deployment Safe ~280,000 gas
execTransaction (2-of-3) ~120,000–150,000 gas
Adding owner ~80,000 gas
Changing threshold ~50,000 gas

On L2 (Arbitrum, Base, Optimism), gas is orders of magnitude lower – Safe is significantly cheaper there. Gas savings when moving to L2 can reach 90%, which for an active treasury with 50+ transactions per month means tens of thousands of dollars in annual savings. Determine the optimal configuration for your budget – book a technical discussion.

Setup Process

  1. Analytics: team interviews, role definition, signing scenarios.
  2. Design: choose owners, threshold, need for a Guard. Create configuration scheme.
  3. Deployment: create Safe via SDK or UI on the required networks with a deterministic address.
  4. Guard Setup: develop and deploy a custom Guard with checks (whitelist, limits).
  5. Test: simulate transactions in Tenderly, verify all policies.
  6. Go-Live: confirm operability, hand over documentation.
  7. Support: two weeks post-deployment, help with first transactions.

Programmatic creation via Safe{Core} SDK:

import { SafeFactory } from '@safe-global/protocol-kit'

const safeFactory = await SafeFactory.create({ ethAdapter })
const safe = await safeFactory.deploySafe({
    safeAccountConfig: {
        owners: ['0xAlice...', '0xBob...', '0xCarol...'],
        threshold: 2,
    },
    saltNonce: '0x123' // for deterministic address
})

Security Recommendations

Each owner stores the key on a separate hardware wallet. Backup seed phrases physically, in different locations. When a team member changes, add a new owner and remove the old one via a Safe transaction (requires current quorum). Never set threshold equal to total owners: losing one key means losing access.

What Is Included

Deliverables:

  • Designing owners/threshold scheme for your team (2–20 participants)
  • Deploying Safe on required networks (Ethereum, L2, sidechains) with a deterministic address
  • Configuring Safe Guard with custom policies (whitelist, limits, function restrictions)
  • Integration via Safe{Core} SDK for programmatic management
  • Configuration documentation, team training, access handover
  • Support for two weeks after handover

Setting up Safe for a team of 2 to 20 participants with correct policies takes 1–3 days. Contact our engineers for a consultation on multisig setup.

We develop crypto wallets turnkey — from custodial solutions for fintech to smart contract accounts on EIP-4337. 5+ years in blockchain development, 40+ projects implemented. Let's examine which architecture to choose for your task and why MPC or Account Abstraction solve the private key problem that MetaMask and classic HD wallets could not close.

Why are classic wallets dangerous for business?

A seed phrase in a browser extension is the only way to restore access. For retail users, this is a barrier to entry (lost phrase = lost money). For corporate treasuries, it is incompatible with compliance (KYC/AML, role model, multisignature). Any single key leak compromises all funds. These risks are built into the architecture, not poor UX.

We eliminate them at the protocol level: MPC wallets (key never fully assembled), smart contract wallets (authorization logic in code), hardware HSM for institutional storage. Details below.

What is the real difference between custodial and non-custodial?

Custodial — the provider stores the private key. User authenticates via email/password/OAuth. Recovery is trivial, KYC/AML built-in. For centralized financial applications, often the only regulatory acceptable option. Risk: single point of failure (e.g., Bitfinex hack — $72M, FTX — $600M+ client funds).

Non-custodial — keys are with the user. Provider has no access to funds. Storage responsibility falls on the user. For 99% of people, this model is unworkable without additional protection — hence MPC.

MPC wallets: the key that doesn't exist

Multi-Party Computation (MPC) is a cryptographic protocol that allows multiple parties to jointly sign a transaction without revealing their partial secrets. The private key never exists in its assembled form.

Standard scheme: 2-of-3 MPC between user (share on device), provider server, and backup cloud storage. Transaction is signed by any two of three parties. Lost phone — recovery via server + cloud. Server compromised — attacker holds only one share, signing impossible.

TSS (Threshold Signature Scheme) is a concrete implementation of MPC for ECDSA/EdDSA. Algorithms: GG18, GG20, CGGMP21 (the latter is faster and has better security proofs). Libraries: tss-lib (Go, from Binance), multi-party-sig (Go, from Coinbase), ZenGo-X/multi-party-ecdsa (Rust).

MPC requires no on-chain changes — to the blockchain, the signature looks like a normal single-key signature. This saves gas and keeps the key management scheme confidential (not published in chain) — unlike multisig.

Account Abstraction (EIP-4337): smart contract as wallet

EIP-4337 completely changes the model: instead of EOA (Externally Owned Account), a smart contract Account is used. Authorization logic is in contract code, not in protocol cryptography. This opens up arbitrary signing logic, social recovery, session keys, sponsored transactions, and batch operations.

How the EIP-4337 stack works:

User → UserOperation → Bundler → EntryPoint contract → Account contract
                                          ↑
                                    Paymaster (optional, pays gas)

UserOperation — a new type of object (not an L1 transaction). Bundler collects UserOps from an alternative mempool, packs them into one transaction, and sends to EntryPoint. EntryPoint calls validateUserOp on the Account contract — Account decides if the signature is valid.

Practical capabilities:

Social recovery. The contract stores a list of guardians (other addresses or a service). Lost key — guardians vote for replacement. Argent has used this scheme since 2020.

Session keys. A temporary key with limited rights: interaction only with a specific contract, until a certain date, up to a certain amount. For GameFi and dApps — user does not sign every micro-transaction.

Paymaster. A third-party contract pays gas for the user. Onboarding pattern: user does not hold ETH, gas is sponsored by dApp or taken from ERC-20 tokens.

Implementations: Safe{Core} Protocol, Biconomy SDK (Stackup), ZeroDev (Kernel), Alchemy (Rundler bundler). EntryPoint v0.6/v0.7 is deployed and active on Ethereum mainnet, Polygon, Arbitrum, Optimism. We guarantee compatibility with the latest contract versions.

What is a Hardware Security Module for corporate wallets?

For treasuries and institutional storage: HSM (Hardware Security Module). The key is generated and never leaves the secure chip. Signing happens inside the HSM. Hardware attestation is supported. Solutions used: AWS CloudHSM, Azure Dedicated HSM, Thales Luna, YubiHSM 2 (for small volumes). Integration via PKCS#11 or cloud-specific API.

A combination of HSM + MPC is optimal for institutional use: key shares are stored in HSMs on different servers/jurisdictions, signing via TSS. This ensures compliance with regulatory requirements (e.g., for crypto custodians).

Integration with dApps: WalletConnect and standards

Any wallet must be able to interact with dApps. Standard: WalletConnect v2 (Sign API): QR code or deep link, peer-to-peer encrypted channel via relay server. For browser extensions: EIP-1193 (Ethereum Provider API).

On the frontend, we use wagmi + viem — one interface for MetaMask, WalletConnect, Coinbase Wallet, injected providers. For Account Abstraction: EIP-5792 (wallet capabilities) and EIP-7677 (paymaster service).

Development process

  1. Threat model — who is the user (B2C, B2B, institutional), what operations, what is the acceptable risk model. Architecture depends on this.
  2. Selection and design of key storage scheme — MPC, HSM, multisig, or a combination.
  3. Development of Account contract (if EIP-4337) or integration of MPC library.
  4. Backend — MPC coordination, session management, paymaster service (if needed).
  5. Mobile/browser application — UI with WalletConnect integration, biometrics, QR.
  6. Integration with dApps — EIP-1193, WalletConnect v2.
  7. Audit of contracts and cryptographic implementations — mandatory step. MPC libraries have known vulnerabilities (GG18 susceptible to attack with malicious participant without abort protocol). We use libraries with up-to-date security reviews (CGGMP21). Experience passing audits with Certik, Hacken, Trail of Bits — we have certificates.

What is included in the work (deliverables)

  • Source code of smart contracts (Solidity/Rust) with documentation
  • Backend MPC coordination service (Go or Rust) with API
  • Mobile application (iOS/Android) or browser extension
  • Integration with WalletConnect, Ledger/Trezor (if required)
  • Preparation for security audit (vulnerability report)
  • Administrator and user documentation
  • Access to repository, CI/CD, monitoring (Tenderly, Etherscan API)
  • Training of your team (2-3 sessions)
  • Post-launch support — 1 month

Timeline and cost

Solution type Timeline (working weeks)
Custodial with basic UI 4–8
Non-custodial with MPC integration 8–16
EIP-4337 Account with paymaster 6–12
Institutional (HSM + MPC + compliance) from 16

Cost is calculated individually for your project. We will estimate within one day — contact us by email or Telegram. We provide a guarantee on code and timeline.

Typical mistakes in crypto wallet development (and how to avoid them)

  • Using outdated MPC libraries — GG18 without abort protocol. Choose CGGMP21 or tss-lib with up-to-date audit reports.
  • Tight coupling to a single blockchain — not abstracting for L2/sidechains. Use viem/wagmi for cross-chain.
  • Ignoring MEV attacks — when using multisig without timelocks. Add tx simulation (Tenderly) and sandwiching protection.
  • Lack of fallback recovery mechanism — for Account Abstraction, not setting up social recovery. Include from the first release.

We eliminate these pitfalls at the design stage — for each project, we create a threat model and security checklist.

Need a reliable wallet with no compromises? Get a consultation from our architect — we will analyze your task and propose an architecture with a precise estimate. Leave a request — we will respond within a day.