Documentation

Treasury Managers

Security Best Practices

Keep your funds safe

Your organization's money and shared assets are protected by multiple layers of security. Here's how to keep them safe.

Approval threshold

Like requiring 2-of-3 board members to sign a check, your treasury requires multiple Approvers to sign off on every transaction. Even if one account is compromised, funds stay safe.

  • 2-of-3.

    Any 2 of 3 Approvers can approve (recommended for small groups).

  • 3-of-5.

    Any 3 of 5 Approvers can approve (recommended for larger treasuries).


Approver best practices

  • Use multiple Approvers.

    Never rely on just one person. If they're unavailable, funds are stuck.

  • Geographic distribution.

    Approvers in different locations reduces single-point-of- failure risk.

  • Backup contact methods.

    Know how to reach Approvers outside of the platform.

  • Regular Approver reviews.

    Remove Approvers who are no longer active. Add new trusted members.


Transaction verification

  • Double-check addresses.

    Verify the first AND last characters of recipient addresses. Scammers use similar-looking addresses.

  • Verify through a second channel.

    For large amounts, confirm the request through a different communication method.

  • Question unusual requests.

    Urgency is a red flag. Legitimate transactions can wait for proper verification.


Emergency procedures

  • Treasury freeze.

    Admins can pause all transactions if suspicious activity is detected. Better safe than sorry.

  • Approver removal.

    If an account is compromised, other Approvers can remove it. This requires the usual threshold of approvals.

  • Incident response.

    Know who to contact if something goes wrong. Document your procedures.


Regular audits

  • Review transaction history monthly.
  • Verify all transactions have proper documentation.
  • Confirm the Approver list is current.
  • Check that threshold settings are appropriate for your treasury size.

Still have questions? Check the FAQ or contact us.

Security Best Practices | EnDAO Documentation