Skip to main content
This is a suggested baseline for monitoring multisig wallets — a sensible starting point you can adopt as-is or tune. Thresholds, voter sets, and destinations are configured per workspace during setup, so treat the numbers here as recommended defaults rather than fixed values. The rules below build on the Multisig and Governance catalogue and apply to each Safe (EVM) or Squads (Solana) wallet in scope. Wallets on different chains or addresses are monitored as separate units.

What’s covered

Multisig wallet

Each Safe or Squads address gets the standard wallet rule pack: proposals, configuration changes, value thresholds, and balance monitoring.

Derived voters

Range reads the signer addresses from the multisig configuration and applies voter rules to those wallets. A compromised signer key can enable a malicious approval or execution even without direct treasury access.

Suggested wallet rules

Applied to each multisig wallet in scope.
RuleWhat it monitors
Proposal TrackerThe full proposal lifecycle — new proposal creation/submission and successful execution.
Config TrackerStructural changes: member/owner add and remove, threshold modifications, permission changes, modules, and guards. Can indicate compromise or unauthorised access.
High-Value Governance ActionAn executed proposal or transaction above the high-value threshold (suggested $1k).
Large-Value Governance ActionAn execution above the larger threshold (suggested $10k) — worth a formal acknowledgment.
New Contract InteractionA monitored wallet interacts with a contract it has never transacted with before — a common phishing and malicious-approval vector.
Balance DropBalance falls below an absolute floor, or below 20% of its 30-day rolling average.

Suggested voter rules

Derived from the multisig — applied to the signer addresses Range reads from the wallet configuration.
RuleWhat it monitors
Non-Multisig Tx MonitoringAny transaction by a monitored signer that’s unrelated to the multisig — activity outside governance may indicate key compromise.
Timezone Tx MonitoringSigner transactions outside the configured core timezone or operating window.

Suggested thresholds

ThresholdSuggested default
High-value governance action$1,000
Large-value governance action$10,000
Balance dropBelow an absolute floor or 20% of the 30-day rolling average
Voter timezone windowYour defined core hours

How an alert flows

Each alert is routed to any destination your workspace has connected — see Supported destinations. You choose where each alert goes; the rule just decides when one fires.

Setting it up

Configured with you during onboarding:
1

Share your wallets

Provide the multisig addresses (Safe and/or Squads), chains, and signer list.
2

We configure the pack

Range sets up the standard rule pack and destination routing in your workspace.
3

Validate delivery

Confirm alerts arrive as expected in a staging or dry-run period.
4

Go live

Production monitoring is enabled.
What you can tune at setup or later: the wallet inventory, the voter set, value thresholds, balance floors, timezone windows, and destinations. See How alerting works for the general model.
Last modified on June 16, 2026