Monad co-founders release a 10-item protocol security self-inspection checklist, emphasizing key risks in multi-signature and permission management

ME News reports that on April 3rd (UTC+8), Monad co-founder Keone Hon published a protocol security self-inspection checklist on the X platform, focusing on core issues such as management permissions, fund security, and multi-signature mechanism design. The checklist mainly includes ten points: 1. Clarify which administrator functions could lead to fund loss; 2. Ensure related operations are all set with time locks; 3. Establish real-time monitoring mechanisms; 4. Provide timely alerts when administrator functions are invoked; 5. Review all privileged accounts and adopt multi-signature (k-of-n) structures where possible; 6. Define signature threshold parameters clearly; 7. Multi-signature signers should use independent cold devices solely for signing operations and follow best practices (such as independently verifying transaction hashes); 8. Set rate limits on withdrawals and avoid control by the same multi-signature; 9. Ensure employees’ devices have malware detection and management capabilities; 10. Predefine extreme scenarios where multi-signature signers are compromised, reverse-engineer potential attack paths from an attacker’s perspective, and optimize system design accordingly to increase attack costs and complexity. Previously, it was reported that Drift Protocol, one week before suffering a $285 million hack, adjusted its multi-signature mechanism to “2/5” (one old signer + four new signers) and did not set a timelock. The attacker subsequently gained administrator privileges, forged CVT tokens, manipulated oracles, disabled security mechanisms, and transferred high-value assets from the fund pool. (Source: PANews)