> ## Documentation Index
> Fetch the complete documentation index at: https://docs.range.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Multisig monitoring guidelines

> The standard alerting setup Range suggests for Safe and Squads multisig wallets.

This is a suggested baseline for monitoring multisig wallets, a sensible starting
point you can adopt as-is or tune. Thresholds, voter sets, and destinations are
configured per workspace during setup, so treat the numbers here as recommended
defaults rather than fixed values.

The rules below build on the [Multisig and Governance](/alerting/catalogue/multisig-governance)
catalogue and apply to **each Safe (EVM) or Squads (Solana) wallet** in scope.
Wallets on different chains or addresses are monitored as separate units.

## What's covered

<CardGroup cols={2}>
  <Card title="Multisig wallet" icon="vault">
    Each Safe or Squads address gets the standard wallet rule pack: proposals,
    configuration changes, value thresholds, and balance monitoring.
  </Card>

  <Card title="Derived voters" icon="users">
    Range reads the signer addresses from the multisig configuration and applies
    voter rules to those wallets. A compromised signer key can enable a malicious
    approval or execution even without direct treasury access.
  </Card>
</CardGroup>

## Suggested wallet rules

Applied to each multisig wallet in scope.

| Rule                          | What it monitors                                                                                                                                                   |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Proposal Tracker              | The full proposal lifecycle — new proposal creation/submission and successful execution.                                                                           |
| Config Tracker                | Structural changes: member/owner add and remove, threshold modifications, permission changes, modules, and guards. Can indicate compromise or unauthorised access. |
| High-Value Governance Action  | An executed proposal or transaction above the high-value threshold (suggested \$1k).                                                                               |
| Large-Value Governance Action | An execution above the larger threshold (suggested \$10k) — worth a formal acknowledgment.                                                                         |
| New Contract Interaction      | A monitored wallet interacts with a contract it has never transacted with before — a common phishing and malicious-approval vector.                                |
| Balance Drop                  | Balance falls below an absolute floor, or below 20% of its 30-day rolling average.                                                                                 |

## Suggested voter rules

Derived from the multisig, applied to the signer addresses Range reads from the
wallet configuration.

| Rule                       | What it monitors                                                                                                                  |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| Non-Multisig Tx Monitoring | Any transaction by a monitored signer that's unrelated to the multisig — activity outside governance may indicate key compromise. |
| Timezone Tx Monitoring     | Signer transactions outside the configured core timezone or operating window.                                                     |

## Suggested thresholds

| Threshold                     | Suggested default                                                |
| ----------------------------- | ---------------------------------------------------------------- |
| High-value governance action  | \$1,000                                                          |
| Large-value governance action | \$10,000                                                         |
| Balance drop                  | Below an absolute floor **or** 20% of the 30-day rolling average |
| Voter timezone window         | Your defined core hours                                          |

## How an alert flows

```mermaid theme={null}
flowchart LR
  A[On-chain event] --> B[Rule match] --> C[Alert raised] --> D[Your destinations]
```

Each alert is routed to any destination your workspace has connected, see
[Supported destinations](/alerting/supported-destinations). You choose where each
alert goes; the rule just decides when one fires.

## Setting it up

Configured with you during onboarding:

<Steps>
  <Step title="Share your wallets">
    Provide the multisig addresses (Safe and/or Squads), chains, and signer list.
  </Step>

  <Step title="We configure the pack">
    Range sets up the standard rule pack and destination routing in your workspace.
  </Step>

  <Step title="Validate delivery">
    Confirm alerts arrive as expected in a staging or dry-run period.
  </Step>

  <Step title="Go live">
    Production monitoring is enabled.
  </Step>
</Steps>

What you can tune at setup or later: the wallet inventory, the voter set, value
thresholds, balance floors, timezone windows, and destinations. See
[How alerting works](/alerting/how-alerting-works) for the general model.
