Native assets
Hold and move SAF alongside IBC tokens and Token Factory denoms from one interface.
Shared custody on Safrochain. Collect partial signatures, simulate, and broadcast when your quorum is ready.
Configure any K-of-N quorum. Cosmos SDK legacy amino multisig, compatible with Keplr and Leap.
About
A multisig on Cosmos is an address derived from member public keys and a threshold. Safro Multisig keeps drafts, signatures, roles, and metadata in a private collaboration layer while wallets hold the only private keys.
Teams get a Keplr-style queue, transaction detail, token balances, and member management without giving up self-custody.
Safrochain
Safrochain is a Cosmos SDK network for teams building in the ecosystem. Multisig accounts on Safrochain hold native SAF, bridged assets, and factory tokens under the same threshold rules you configure.
Native assets
Hold and move SAF alongside IBC tokens and Token Factory denoms from one interface.
Cosmos SDK 0.50
Built on the same stack as the wider Cosmos ecosystem, with familiar wallet and signing flows.
Mainnet and testnet
Switch networks in one app. Ship on testnet, then promote the same workflow to mainnet.
Community-first
Designed for teams, DAOs, and builders operating on Safrochain, not as a generic chain adapter.
Why our multisig
Generic multisig tools treat every chain the same. SMultisig is tuned for how Safrochain accounts, assets, and signers actually work in production.
I
Every screen, asset resolver, and signing path targets Safrochain accounts and denoms out of the box.
II
Queue, history, tokens, members, simulation, and execute follow the multisig patterns teams already trust.
III
Partial signatures are collected from member wallets. The app coordinates; it never holds keys.
IV
SignDoc verification, outflow classification, hardened sessions, and role-based access for every account.
Features
Everything you need to run treasury, DAO, or org wallets on Safrochain.
01
Draft transactions with titles, memos, and fees. Each signer approves the same SignDoc in Keplr or Leap.
02
Run simulation before broadcast. Combine partial signatures and submit when threshold is met.
03
Native SAF, IBC tokens, and Token Factory denoms with auto-resolved symbols and icons.
04
Signers see new drafts, signatures, and broadcasts instantly across the team without reloading.
Security
P0
Hardening aligned with our threat model: credentials, transport, signing integrity, and operator safety.
A
Sign in with ADR-036. Keys never leave the extension. No passwords, no custodial storage.
B
Every signature is verified against the canonical Amino SignDoc before it is stored or broadcast.
C
External sends are classified and surfaced before sign. Unknown recipients require explicit confirmation.
D
HttpOnly session cookies, HSTS in production, hashed session tokens, and fail-closed JWT configuration.
E
Local transaction hash verification after broadcast. Encrypted backups with integrity validation.
F
Managers, signers, and viewers with granular permissions. Compromised members can be blocked from signing.
FAQ
Quick answers about SMultisig, Safrochain multisig workflows, and team custody.
Start
Connect with Keplr, Leap, or Cosmostation. Sign a one-time message to authenticate, then create or join shared wallets.