Skip to content

Token Transfer Runbook

Engineer/DeveloperSecurity SpecialistMultisig Security

Authored by:

Isaac Patka
Isaac Patka
SEAL | Shield3
Geoffrey Arone
Geoffrey Arone
Shield3
Louis Marquenet
Louis Marquenet
Opsek
Pablo Sabbatella
Pablo Sabbatella
SEAL | Opsek
Dickson Wu
Dickson Wu
SEAL

This is an example runbook. Review and customize it for your protocol before use. Add your specific multisig addresses, token details, and verification procedures.

Quick Reference

FieldValue
Typical SeverityRoutine / Time-Sensitive
Required ThresholdStandard
OwnerTreasury Admin
Last UpdatedDate

When to Use

Sending tokens (ETH, ERC20, SOL, SPL tokens) from a multisig to another address.

Prerequisites

  • Recipient address verified via independent source (not just chat message)
  • Amount confirmed
  • Reason for transfer documented or approved

EVM (Safe) Procedure

1. Create Transaction

Proposer:

  1. Go to Safe
  2. Select correct Safe and network
  3. Click "New Transaction" > "Send tokens"
  4. Enter recipient address (use checksummed format)
  5. Select token and enter amount
  6. Review and create transaction

2. Verify Transaction

Each signer must:

[ ] Correct Safe address
[ ] Correct network (Ethereum/Base/etc.)
[ ] Expected nonce
[ ] Recipient address matches independent source
[ ] Token is correct
[ ] Amount is correct
[ ] Simulation shows expected transfer
[ ] Message hash matches hardware wallet

Hash verification:

./safe_hashes.sh --network mainnet --address [SAFE_ADDRESS] --nonce [NONCE]

Or use OpenZeppelin Safe Utils.

Simulation check:

  • Click "Simulate" in Safe UI
  • Verify token transfer event shows correct recipient and amount
  • No unexpected transfers or approvals

3. Sign

  • Review transaction on hardware wallet
  • Verify message hash matches tool output
  • Sign
  • Communicate: "Verified and signed, X more needed"

4. Execute

  • Last signer clicks "Execute" (or designated executor)
  • Confirm transaction on-chain via block explorer
  • Communicate: "Executed - [tx hash]"

Solana (Squads) Procedure

1. Create Transaction

Proposer:

  1. Go to Squads Multisig
  2. Select correct Squad
  3. Click "Send" > Select token
  4. Enter recipient address and amount
  5. Create proposal

2. Verify Transaction

Each signer must:

[ ] Correct Squad address
[ ] Recipient address matches independent source
[ ] Token is correct
[ ] Amount is correct
[ ] Simulation shows expected transfer

Simulation check:

  • Click "Simulate" after first signature
  • For SOL: Find "System Program Instruction", verify destination and amount
  • For tokens: Find "Token Program Instruction", verify destination, mint, and amount

3. Sign

  • Click "Approve"
  • Verify hash in Squads UI matches Ledger display
  • Sign on Ledger
  • Communicate: "Verified and signed, X more needed"

4. Execute

  • Last signer executes
  • Verify on Solana Explorer
  • Communicate: "Executed - [tx signature]"

Verification Details

Recipient Address

Always verify recipient via independent source:

  • Direct communication with recipient (video call or verified channel)
  • Published address in official documentation
  • On-chain verification (existing relationship)

Never trust an address shared only via chat message.

Amount Verification

For ERC20 or SPL tokens, verify decimals:

  • USDC or USDS: 6 decimals (1,000,000 = 1 token)
  • Most ERC20: 18 decimals

Common Issues

IssueSolution
Simulation failsCheck token balance, gas estimation
Wrong networkReject and recreate on correct network
Nonce mismatchClear pending transactions first
Recipient can't receiveVerify address is correct type (EOA vs contract)

Related Documents

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!