Wallet security checklist
Use this checklist before giving a wallet identity real authority.
Before use
- Use a dedicated test phrase during devnet.
- Record the account index and scheme for each member.
- Register Falcon keys before assigning Falcon members.
- Confirm Winternitz state starts where expected.
- Confirm you have a Solana fee-payer identity.
Before signing
- Check the requesting app.
- Check the selected identity.
- Check proposal details.
- Check whether the vote is approve or reject.
- Check whether the signature consumes Winternitz state.
- Reject prompts that do not show enough context.
During migration planning
- Do not treat one mnemonic as making every signer quantum-safe.
- Do not treat Ed25519 or Secp256k1 as post-quantum.
- Use
pq_thresholdin the multisig policy when PQ approval must be required.
App post-quantum policies
Turn wallet identities into enforceable multisig policy.