GM, my fellow crypto frens! Welcome back to another one of our project deep dives. When dabbling in crypto, one of the first things you learn is the importance of security over your wallet. After all, it holds all your precious digital assets like BTC, ETH, or whatever meme coin you believe will go to the moon. We all know not to share our seedphrases to anyone, but that doesn’t mean we’re not prone to any attacks.
If you’re just a regular joe, a normal hot wallet that only requires a single signature is faster and easier for one person to use. But it’s a different story for DAOs or startups that manage digital assets on a much grander scale. The solution to this is multi-signature wallets like Cashmere Wallet!
You might be scratching your head now, but fear not! This week we’ve partnered up with Cashmere Wallet for this piece to bring you the inside scoop and what you need to know about multi-sigs. As usual, this is not financial advice but only educational content. Please don’t be dumb and always DYOR on any crypto projects.
Table of Contents
2. Overview of Cashmere Wallet
3. Multi-signature explained
4. Technical Features
7. Concluding Thoughts
The TL;DR for all you lazy bums
While there are already many multi-sig solutions on Ethereum, I can’t say the same for Solana. We’re seeing a trend of more and more DAOs choosing to build on Solana for its network features, however the available DAO tools remain lacklustre. Multi-signature wallet on Solana is a massive unmet need, which is the inspiration behind creating Cashmere Wallet.
Cashmere is a multi-signature wallet on Solana, its main use case is to enable organizations to manage their funds securely and with ease. Their goal is to create a Phantom-like experience for managing treasuries with shared ownership.
One of the biggest challenges the team faced was ramping up to the Solana & Rust ecosystem. Solana has a couple of key differences from Ethereum that makes it more challenging. Outside of writing smart contracts in Rust, Solana separates state from logic. Without getting into any technical stuff that most of us can’t comprehend, it means that the team has to allocate all the space for the data they store on the blockchain upfront and then pay for it. Fortunately, they were able to find guidance in the Project Serum Discord and at the Chicago Hacker House.
The team behind Cashmere are 3 young talents who each have very impressive backgrounds and experiences. Shashank aka hyypeman used to work at SoFi and Amazon. (You know that feature where you tell Alexa to buy something for you? Yeah, he was on the team that built that) Rebecca comes from a software engineering background, previously worked at Affirm doing full stack development and moved on to Retool before creating Cashmere. Charlotte also comes from a software engineering background, she previously worked at Tesla doing data pipelining and building out applications in the vehicles.
Cashmere won 5th place in the latest Convergence hackathon hosted by Serum and Wormhole. The team built 75% of Cashmere during the Chicago Hacker House and deployed to mainnet by the end of the week.
What is multi-sig?
Multi-signature, or multi-sig if you’re cooler, basically means that spending whatever crypto assets the wallet holds will require more than one approval or sign-off for the transaction to go through.
Let me give you an example. Imagine that you and your partner own a shared credit card that your kid also has access to. Your kid is able to buy whatever they want with that credit card, with you or your partner unaware of the transactions until you see the credit card bill at the end of the month. By that time it’s too late, the money has been spent already. Kids are the worst, I know.
If you use a multi-sig wallet instead, 2 out of the 3 people with wallet access will need to approve before the transaction can be sent out. This solves the problem of any reckless spending. (unless it’s approved of course)
How exactly does multi-sig work?
So now you have an understanding of what multi-sig is, let’s dig a little deeper and figure out how exactly multi-sig works. As you already know, two or more keys are required in order to spend from a specific address. This creates an additional layer of security around the funds.
Normally, crypto is held in a single-key address that only requires one signature to validate transactions. This is the common wallet that most people use. By having a single key, you have a single point of failure acting as your protection, in the event that you fall victim to a phishing or hacking attack then your funds can easily be transferred and stolen.
A multi-sig can be configured in many different combinations. 2-of-3 is the most common where only 2 signatures are required to access the funds of a 3-signature address. Other variations are possible too, like 2-of-2, 3-of-3, 3-of-4, etc.
Multi-sig use cases
By creating a 2-of-3 multi-sig wallet, an escrow account is created. The two entrusted parties (eg. buyer and seller), and a third party (eg. realtor) as a mutually trusted arbiter.
Let’s say the buyer deposits funds into the account. At this point, the funds are “locked” and neither the buyer nor the seller can withdraw any assets. Once the seller has provided the agreed services, then they can both use their keys to sign and complete the transaction. If any issue should arrive, the realtor will become the arbiter that reviews the situation and decide whether they want to sign off on the transaction.
2FA (Two-factor authentication)
When creating a multi-sig wallet that requires two keys, you can enable two-factor authentication. This way, you could hold one key on your laptop, and the other on your phone.
In the event that your laptop is hacked and one of the private keys is hacked, they still don’t have the other private key so won’t be able to harm your funds. But this also means that if you’re a scatterbrain and lost one of the private keys, you won’t be able to access your funds unless you find it.
A multi-sig is useful for the decision-making process amongst the directors of a company. In the example of a 6-of-8 multi-sig wallet, not one individual member has the power to misuse the funds. This also means that only decisions regarding the funds that are agreed by the general consensus can be executed. This is what most DAOs use to manage their treasury fund.
Cashmere supports SOL and all SPL tokens, it’s also integrated with all Solana wallets, including hardware wallets. If you have the Phantom app, you can approve multi-sig transactions directly from your phone.
Internally, Cashmere’s multi-sig uses a concept called PDA, but not the type that you’re thinking of. PDA, or Program Derived Addresses, is a program that may be given the authority over an account and later transfer that authority to another.
When you’re interacting with a smart contract, you want to be able to send them stuff to handle (like SOL, NFTs, or any other tokens). In other words, you’re trusting the contract with whatever you’re sending it. When you’re doing that, you wanna be sure who has control over your stuff.
Let’s say I’m bidding on an NFT on a marketplace and I bid 1 SOL. I need to store that SOL so that when my bid is accepted, it’s automatically sent. This capability is necessary for many DeFi applications since they require assets to be transferred to an escrow agent until some event occurs that determines the new owner. (I recommend checking out https://paulx.dev/blog/2021/01/14/programming-on-solana-an-introduction/ if you wanna understand the more technical parts of what PDA is.)
Cashmere just announced their integration with Bonfida, and on their most popular product too! If you’ve read our recent Bonfida deep dive, you’ll know what I’m talking about — SNS.
With this integration, users can transfer SPL tokens from a .sol domain on Cashmere’s web based platform. Cashmere is the first multi-sig wallet that SNS is integrating with, so this is pretty cool!
Cashmere has secured a spot in Y Combinator’s W22 batch. On top of that, they are also composing alongside Goki Protocol. In case you don’t know what Goki Protocol is, it’s currently the largest multisig protocol by TVL on Solana. Goki is a composable primitive for multisig, however, it’s not useful without a good UI built on top of it. This is where Cashmere comes in, they have strong product backgrounds that can help build the next generation of multisig wallets.
There are a couple features that the team is currently working on, although not fully integrated yet so I’m not spilling the beans here. But I’m sure users can expect more features to be announced in the near future.
Cashmere’s goal is to become the only wallet that startups and DAOs need to manage their treasuries. In the near term, they will be building out NFT support, cross-chain compatibility with Wormhole, and a native integration with Wallet Adapter.
The team also has a roster of new features planned down the road that users can keep an eye out for:
• Token vesting
• Ability to do NFT airdrops
• DeFi integrations
Soon, Cashmere will be utilized for:
• Startups with multiple founders who share a treasury
• Syndicates who’ve been investing together
• Groups of friends buying NFTs together
Shoutout to Shashank and the rest of the Cashmere team for agreeing to do this and for answering some of our questions.
Q: How did you begin this journey of creating Cashmere?
A: Shashank talked to NFT artist collectives and crypto startups at DCentral asking them what they needed. The overwhelming response was a multi-sig on Solana.
Q: What is the maximum number of m-and-n allowed in Cashmere’s multi-sig?
A: You can have any number of owners when you’re creating the wallet but after you’ve created it you can add up to 5 more than your original owners.
Q: In the future in addition to the amount of wallet owners, do you plan on exploring more customization?
A: So we want to build an App Store for any crypto business function you’d do. For example, if you do an NFT airdrop you’ll have an app within cashmere to do that. Or let’s say you want your investors to vest tokens or have Coachella sell tickets as NFTs.
The other big feature we’re coming up with is this concept of a budget, where I have a customer support budget that I don’t need other signers to approve but for big ticket items I do.
Q: What was the process of entering the Convergence hackathon like?
A: Oh we just submitted on dev post and didn’t think twice of it. Somehow we got lucky!
Q: What does winning the Convergence hackathon mean to moving Cashmere Wallet forward?
A: We love the exposure and the people we’re getting to meet! We’re also going to be a part of the serum accelerator so we’re super excited for that!
Q: How has the whole journey been building on the Solana ecosystem?
A: Solana ecosystem is still small so the community is still super helpful and welcoming to developers. It’s harder to ramp up on Solana but once you make it past the threshold it’s better than Ethereum!
Cashmere Wallet first caught my eye after they won 5th place in the recent Convergence hackathon. Prior to this I actually wanted to write a piece about DAO governance and multi-sig treasury solutions on Solana but after doing some research I quickly realized the lack of options out there. So Cashmere Wallet is definitely giving the people what they want!
The team’s long term vision for the project doesn’t just stop at being a multi-sig wallet. They have plans to scale the project into something bigger that will enhance the growth of the Solana ecosystem and help new projects build on Solana more easily. I also think it’s pretty impressive that the team just decided to submit on devpost and ended up winning.
The project is still in the very early stages so a lot needs to be worked out, but this also means that there are lots of things to look forward to. They have some pretty exciting things planned and the team is super passionate about building out Cashmere to the fullest. I’m excited to see how Cashmere will continue to build out their vision and I have no doubt that they will become a strong contender on Solana.
That’s all for this week, hope y’all enjoyed this project collab piece. Disclaimer: this deep dive is done in collaboration with Cashmere Wallet, however I’m not affiliated with Cashmere Wallet in any way. This article is written with the sole purpose of providing a more in-depth understanding of this project to more users.
As always, this is not financial advice but merely my own honest opinion. I’m not a financial expert so always DYOR on any crypto projects.