Migrate treasury authority to multi-sig (Squads / Realms) pre-mainnet

## Problem

Today, the `config.treasury` authority and the program upgrade authority on all 4 deployed devnet programs are pinned to a **single keypair** (`64XM177Vm6zirzQnjU1juQ9TLqDsZVsCcZzfgEgVCffm`). For mainnet with real USDC, this is a single point of compromise.

## What this blocks

[`MAINNET_READINESS.md`](../MAINNET_READINESS.md) §3.6 (upgrade authority) + §3.7 (treasury authority) — both marked `🔵⛔` hard mainnet blockers.

## Proposed solution

Pre-mainnet:

1. **Select multi-sig platform** — Squads Protocol (Solana-native, well-audited) is the primary candidate; Realms / Mean Finance are alternatives
2. **Configure a 3-of-5 multi-sig** for treasury authority + upgrade authority — signers split across:
   - 1 founder
   - 1 technical lead
   - 1 security advisor / external
   - 2 board members or backup
3. **Migrate `config.treasury`** — propose new treasury via existing 7-day timelock pattern from PR #122; commit via `commit_new_treasury` to the multi-sig PDA
4. **Migrate upgrade authority** — `solana program set-upgrade-authority` from current single key to the multi-sig PDA on all 4 deployed programs
5. **Refresh OtterSec verify-build attestation PDAs** — same signer rotation
6. **Operational runbook** — `docs/operations/multisig-recovery.md` (key-loss procedure, signer-rotation procedure, emergency-pause-via-multisig procedure)

## Acceptance criteria

- [ ] Squads/Realms multi-sig deployed on devnet first (smoke test)
- [ ] `config.treasury` migrated via timelock → multi-sig PDA on devnet
- [ ] Upgrade authority rotated on all 4 programs (devnet)
- [ ] Repeat for mainnet on launch day
- [ ] OtterSec attestation PDAs refreshed
- [ ] `docs/operations/multisig-recovery.md` shipped
- [ ] `MAINNET_READINESS.md` §3.6/§3.7 moved from `🔵⛔` to `✅`

## Estimated scope

**Medium** — multi-sig setup is well-trodden but the authority rotation is one-way; needs careful staging on devnet first.

## References

- [`MAINNET_READINESS.md` §3.6 + §3.7](../MAINNET_READINESS.md)
- [`docs/operations/key-rotation.md`](../docs/operations/key-rotation.md)
- PR #122 — treasury timelock pattern (reused here)
- [Squads Protocol](https://squads.so/)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Migrate treasury authority to multi-sig (Squads / Realms) pre-mainnet #266

Problem

What this blocks

Proposed solution

Acceptance criteria

Estimated scope

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Migrate treasury authority to multi-sig (Squads / Realms) pre-mainnet #266

Description

Problem

What this blocks

Proposed solution

Acceptance criteria

Estimated scope

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions