Treasury ops #247
Open
Treasury ops #247
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…and security protocols - Streamlined address verification steps and clarified requirements for test transactions. - Updated security protocols for large transfers, including anti-social-engineering measures. - Improved formatting and consistency throughout the document for better readability.
|
@DicksonWu654 is attempting to deploy a commit to the Security Alliance Team on Vercel. A member of the Team first needs to authorize it. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
💡 Enable Vercel Agent with $100 free credit for automated AI reviews |
|
Hi there! Check your deployment locally, because it appears to be failing! |
- Introduced a new section in the vocs.config.ts for Treasury Operations, including a guide on transaction verification for large transfers. - Created a comprehensive documentation file for Treasury Transaction Verification, detailing security protocols, verification steps, and best practices for handling significant cryptocurrency movements. - Updated fetched-tags.json to include relevant tags for the new guide.
|
oops sorry - should be fixed now |
|
still happening! ask Sara to help you troubleshoot it or try to solve it yourself locally to see if anything is wrong. |
|
Ah yeah - it's all good this is a draft PR so not ready to merge yet! |
|
(it's linking to multisigs for protocols which isn't merged into main yet) |
…nd best practices - Revised sections on deposit address selection for both institutional custody and self-custody multisigs, emphasizing the importance of using established addresses. - Enhanced address verification protocols, including detailed steps for verifying multisig configurations. - Clarified critical instructions for address confirmation during transactions, ensuring security against phishing and address poisoning. - Improved overall formatting and consistency for better readability.
Yes, i’d suggest commenting out the link at line 335 so this can be deployed without errors, and then restore it once the PR on Multisigs for protocols is merged |
…path - Enhanced clarity and formatting throughout the transaction verification guide, including detailed steps for address verification and test transactions. - Updated the tag path in fetched-tags.json to reflect the correct directory structure for the transaction verification documentation. - Added additional best practices for security during large cryptocurrency transfers, ensuring comprehensive coverage of verification protocols.
|
ah true - fixed! |
…Operations - Introduced a new item in the Treasury Operations guide, linking to the Custodial Inventory & Controls documentation for enhanced resource accessibility.
relotnek
reviewed
Oct 7, 2025
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Show resolved
Hide resolved
docs/pages/treasury-operations/classification-registration-and-documentation.mdx
Show resolved
Hide resolved
…ation documentation - Changed the confirmation requirement for Ethereum from 12 confirmations (~2.5 minutes) to 2 epochs (~12.8 minutes) for improved accuracy.
…sments and operational classifications - Added sections on financial, operational, and regulatory impacts for account unavailability. - Updated impact classification table to include regulatory considerations and adjusted financial exposure metrics. - Revised operational assessment notes to reflect changes in account value thresholds and approval requirements for transactions.
…cumentation - Added extra line breaks in the classification registration and documentation section to enhance visual clarity and separation of content.
…ecture and security monitoring guidelines - Added a new section on Zero Trust Architecture alternatives, detailing bastion host and cloud workspace isolation approaches for enhanced security. - Introduced security monitoring and logging recommendations for organizations managing critical accounts, emphasizing the use of SIEM and audit logs for effective oversight.
…ns documentation - Removed redundant header for the Security Monitoring & Logging section to improve clarity and flow. - Maintained focus on centralized security monitoring recommendations for critical and high impact accounts.
…entation - Included a link to the DeFi Risk Assessment Guide for recommended procedures related to DeFi interactions. - Enhanced the documentation to provide clearer guidance for security measures in decentralized finance contexts.
- Added a new section titled "Custodial Treasury Security: Inventory & Controls Framework" to enhance guidance on custodial account management. - Included tags and contributor information for better resource categorization and attribution. - Integrated components for improved documentation structure and user engagement.
…ns documentation - Revised the description of Zero Trust architecture to emphasize continuous verification of users, devices, and context. - Enhanced clarity in the bastion host and cloud workspace isolation approaches, including specific security measures and risk reduction strategies. - Improved overall readability and consistency in the documentation.
…ntributor details - Reintroduced the "Guide: Large Cryptocurrency Transfers" link in the Treasury Operations configuration for better resource accessibility. - Added a new contributor role for review in the transaction verification documentation to enhance attribution. - Updated fetched-tags.json to include relevant tags for the custodial inventory and transaction verification sections.
…s for account classifications - Updated the impact and operational classification table to include comprehensive controls for each account type, emphasizing security measures and specific requirements. - Added detailed descriptions for low, medium, and high-risk accounts, including transaction limits, monitoring, and approval processes. - Revised device security and access protocols to strengthen custody access and ensure compliance with best practices.
- Modified the link for "Custodial Inventory & Controls" to point to the new classification page. - Added new entries for "Registration Documents" and "Enhanced Controls for High-Risk Accounts" in the Treasury Operations configuration. - Deleted the outdated "Custodial Treasury Security: Inventory & Controls Framework" documentation to streamline resources and improve clarity.
…cy thresholds and engine rules - Added a new section detailing custody/MPC policy thresholds, including approver requirements and suggested thresholds for various treasury operations. - Introduced core rule elements for custody policy engines, outlining transaction rules and actions. - Expanded on the definitions of policy scope to clarify operational contexts and approval processes.
- Modified existing classification paths and added new entries for "Classification" and "Enhanced Controls" under Treasury Operations. - Improved categorization of tags to better reflect operational roles and risk management strategies.
|
Integrated Relotnek & Ben from ToB's suggestions & looked into Fireblock and looked into their docs and played around with their sandbox to add some more content |
|
I think this section in general needs to be improved to end up in the end state of what the multisig for protocols section looks like, but I think it's a good start |
Comment on lines
+126
to
+127
| | Secondary Reserve (10-25%) | Critical | Cold Vault | 4-5 | Hardware mandatory | 48 hours | All Low/Medium/High controls + geographic distribution of approvers, MPC recommended | | ||
| | Primary Reserve (>25% assets) | Critical | Cold Vault | 5-7 | Hardware mandatory | 72 hours | All Low/Medium/High controls + geographic distribution of approvers, MPC recommended | |
There was a problem hiding this comment.
Genuinely curious why MPC is preferred over a multisig?
There was a problem hiding this comment.
Hmm I wrote this doc with the intention of trying to cover institutional custody solutions (multisigs have a huge PR incoming with lots of content) - tbh I'm not an expert in treasury ops, but my impression is that there aren't any institutional multisigs, but rather MPCs for them? lol not sure
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
Co-authored-by: Elliot <34463580+ElliotFriedman@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Frameworks PR Checklist
Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read information for contributors and take a look at the following checklist:
Adding Treasury Operations documents to help provide context for it's Certification
vocs.config.tsadding thedev: trueparameter