Native assets
Hold and move SAF alongside IBC tokens and Token Factory denoms from one interface.
Threshold
multisig
for teams.
Shared custody on Safrochain. Collect partial signatures, simulate, and broadcast when your quorum is ready.
K
N
Configure any K-of-N quorum. Cosmos SDK legacy amino multisig, compatible with Keplr and Leap.
About
Off-chain coordination.
On-chain custody.
A multisig on Cosmos is an address derived from member public keys and a threshold. Safro Multisig keeps drafts, signatures, roles, and metadata in a private collaboration layer while wallets hold the only private keys.
Teams get a Keplr-style queue, transaction detail, token balances, and member management without giving up self-custody.
- Native SDK threshold pubkey (LegacyAmino)
- Sequence-ordered transaction queue
- Member-only access with wallet sign-in
Safrochain
The chain your
treasury runs on.
Safrochain is a Cosmos SDK network for teams building in the ecosystem. Multisig accounts on Safrochain hold native SAF, bridged assets, and factory tokens under the same threshold rules you configure.
Cosmos SDK 0.50
Built on the same stack as the wider Cosmos ecosystem, with familiar wallet and signing flows.
Mainnet and testnet
Switch networks in one app. Ship on testnet, then promote the same workflow to mainnet.
Community-first
Designed for teams, DAOs, and builders operating on Safrochain, not as a generic chain adapter.
Why our multisig
Not a port.
A product for Safrochain operators.
Generic multisig tools treat every chain the same. SMultisig is tuned for how Safrochain accounts, assets, and signers actually work in production.
I
Purpose-built for Safrochain
Every screen, asset resolver, and signing path targets Safrochain accounts and denoms out of the box.
II
Keplr-grade workflow
Queue, history, tokens, members, simulation, and execute follow the multisig patterns teams already trust.
III
Self-custody by design
Partial signatures are collected from member wallets. The app coordinates; it never holds keys.
IV
Security-first operations
SignDoc verification, outflow classification, hardened sessions, and role-based access for every account.
Features
Built for operators.
Everything you need to run treasury, DAO, or org wallets on Safrochain.
01
Queue and sign
Draft transactions with titles, memos, and fees. Each signer approves the same SignDoc in Keplr or Leap.
02
Simulate and execute
Run simulation before broadcast. Combine partial signatures and submit when threshold is met.
03
Every asset
Native SAF, IBC tokens, and Token Factory denoms with auto-resolved symbols and icons.
04
Realtime sync
Signers see new drafts, signatures, and broadcasts instantly across the team without reloading.
Security
P0
Hardening aligned with our threat model: credentials, transport, signing integrity, and operator safety.
Self-hosted ยท No custodial keys
A
Wallet-native auth
Sign in with ADR-036. Keys never leave the extension. No passwords, no custodial storage.
B
SignDoc binding
Every signature is verified against the canonical Amino SignDoc before it is stored or broadcast.
C
Outflow awareness
External sends are classified and surfaced before sign. Unknown recipients require explicit confirmation.
D
Transport hardening
HttpOnly session cookies, HSTS in production, hashed session tokens, and fail-closed JWT configuration.
E
Integrity checks
Local transaction hash verification after broadcast. Encrypted backups with integrity validation.
F
Role-based access
Managers, signers, and viewers with granular permissions. Compromised members can be blocked from signing.
FAQ
Frequently asked questions
Quick answers about SMultisig, Safrochain multisig workflows, and team custody.
SMultisig is a web application for operating threshold multisignature accounts on Safrochain. Teams configure a K-of-N signer set, draft transactions off-chain, collect compatible partial signatures from member wallets, and broadcast when the threshold is satisfied. The app never holds private keys.
Start
Create or recover.
Fund it. Sign together.
Connect with Keplr, Leap, or Cosmostation. Sign a one-time message to authenticate, then create or join shared wallets.