Home / Blog / How to Monitor Your DAO Treasury

How to Monitor Your DAO Treasury — A Governance Lead's Guide

Your DAO treasury never stops moving. Payroll disburses every two weeks. Vesting schedules release on schedule. Grants get approved and distributed. The problem isn't that your treasury moves — it's that naive monitoring turns all of that into noise, and when a real threat hits, you're already numb to the alerts. This guide shows you how to set up wei threshold monitoring that filters routine transactions and catches unauthorized movements before they become incidents.

Why Standard Monitoring Drowns You in Alerts

If you've set up naive Transfer event monitoring on your Gnosis Safe or multisig treasury, you already know the problem: every payroll run fires an alert. Every vesting release fires an alert. Every gas top-up for an operational wallet fires an alert. Within a few days, your team starts ignoring the alerts — and that's when the real threat arrives.

The noise comes from the volume and frequency of legitimate treasury operations. A DAO with an active grants program, a team of 20 part-time contributors, and recurring operational expenses can produce dozens of Transfer events per day. Most of them are authorized. Most of them are small. The monitoring system treats them all the same way, so the signal gets lost in the noise.

Wei threshold filtering solves this. Instead of alerting on every Transfer event, you configure a floor — a minimum amount in wei that must be crossed before an alert fires. Routine payroll at 0.5 MATIC doesn't trigger. A 10,000 MATIC unauthorized transfer to an unknown address does. The threshold cuts through the noise while keeping the signal.

Setting Wei Thresholds That Actually Work

Calibrating a threshold isn't a one-time exercise — it's a process. Start with these guidelines:

• Calibrate to your treasury's normal activity. Review three months of on-chain history for your treasury address. Identify the 95th percentile of transfer sizes. Set your threshold just above that, so routine operations don't fire alerts but genuinely large transfers do.
• Separate asset classes. Gas costs (MATIC, ETH) are orders of magnitude smaller than token transfers. Consider setting a lower threshold for native gas token movements and a higher threshold for ERC-20 transfers.
• Account for vesting and payroll cycles. If your team gets paid on the 1st and 15th, schedule your threshold tuning around those dates. You'll get a burst of false positives, then you can raise the threshold once you confirm those are legitimate.
• Review and tune after 24–48 hours. After you first configure monitoring, check how many alerts you're getting. If you're being alerted more than once per day on average, your threshold is too low. If you haven't gotten any alerts in a week and you're sure your treasury has moved, the threshold is too high.

Worked Example: Monitoring a Gnosis Safe on Polygon

Here's a step-by-step walkthrough of setting up wei threshold monitoring for a Gnosis Safe treasury on Polygon. This example assumes you've already created a Sentinel account and have access to the dashboard.

1. Add your Gnosis Safe address in Sentinel. In the Sentinel dashboard, click "Add Contract" and paste your Gnosis Safe's main address (the Safe itself, not a specific module). Sentinel will auto-detect the contract type and surface relevant event signatures.
2. Select Polygon as the network. Choose Polygon from the network selector. Gnosis Safe supports multichain deployment — make sure you're monitoring the specific chain where your treasury holds the majority of assets. For most DAOs, that's Polygon or Ethereum mainnet.
3. Choose Transfer events to monitor. Sentinel will show you the available event signatures for your contract. Select Transfer (the ERC-20 Transfer event emitted by most token contracts) and any custom events your specific token contracts emit. Gnosis Safe emits ExecutionSuccess and ExecutionFailure for every transaction — you can optionally monitor those for additional visibility.
4. Set your wei threshold. For a MATIC treasury on Polygon, a good starting threshold is 10000000000000000000 wei (10 MATIC). This filters routine gas top-ups (typically 0.1–1 MATIC) while catching transfers above 10 MATIC. For larger token transfers (USDC, DAI, governance tokens), set a separate threshold calibrated to your grant and payroll sizes.
5. Configure your alert destination. Go to Settings → Alert Destinations and add your team's Slack channel or email distribution list. For DAO ops, a dedicated #treasury-alerts Slack channel with a @channel or @here trigger for high-value thresholds is standard practice.
6. Validate with a test alert. Sentinel includes a "Send Test Alert" button on every monitor. Use it. Send a test to your Slack channel and confirm the message format, the link to the transaction on Polygonscan, and the threshold value are all correct. Test alerts don't cost anything and they catch misconfiguration before real money moves.
7. Review after 24 hours and tune. Come back after your first full day of monitoring. Check the alert history. Are you getting alerts for legitimate operations? Are you missing transfers you expected to see? Adjust the threshold up or down accordingly. After a week of tuning, you'll have a threshold that catches real threats without screaming at every payroll run.

What to Watch For Beyond Transfers

Wei threshold monitoring on Transfer events is the foundation — but it's not enough on its own. Here are the event signatures that matter for DAO treasury security:

• OwnershipTransferred — fires when the Safe's owner list changes. A new owner appearing in your Safe is a governance-critical event. It could be a legitimate multisig threshold change or it could be an attacker who compromised an owner's key. Either way, you need to know immediately.
• Paused / Unpaused — some DAO protocols include pause functionality that can freeze all operations. If your DAO holds governance tokens in a protocol that can be paused, monitor for pause events. An unexpected pause during a market exploit could mean the protocol is under attack and your funds are at risk.
• RoleGranted / RoleRevoked — if your DAO uses a role-based access control system (as many Snapshot governance frameworks do), any change to role assignments should trigger an immediate review. Roles control who can execute treasury transactions, upgrade contracts, or modify governance parameters.
• Custom token events — some DAOs issue their own tokens with custom logic. If your DAO's token has minting capability, monitor for Mint events — an unexpected mint to an unknown address is a catastrophic event. If your token has a governance threshold, monitor for events that signal a proposal being created or a vote being cast.

Sentinel lets you configure monitors for any ERC-20 event signature or custom event your contracts emit. The key is to cover your threat model, not everything possible.

The 24-Hour Check-In

After your first day of monitoring, ask yourself these questions:

• How many alerts did I get? (If it's more than 5, lower the threshold.)
• Were any alerts unexpected? (An unexpected alert means either a team member made a transfer you didn't know about, or something is wrong.)
• Did any legitimate large transfers NOT fire an alert? (If so, raise the threshold.)
• Is the Slack channel getting attention from the right people? (If alerts are going to #general and nobody is reading them, route them to a dedicated channel.)

Treasury monitoring is a living system. It takes a week to calibrate and it needs periodic re-calibration as your DAO's operations evolve. The good news: once it's tuned, it runs itself. You get a slack ping when something real happens, and silence the rest of the time.

Related reading: Migrating from OpenZeppelin Defender to Sentinel if you're setting up monitoring for the first time, and how Sentinel compares to Defender for teams with existing monitoring infrastructure.