Multisig

An m-of-n multi-signature account that can act as any authority on a Mint or Token Account. Up to 11 signers; m signatures required to authorize an action.

Token Program 355 bytes

Sample: USDC Mint Authority

(cached; refreshes hourly · mainnet only)

M (Threshold) N (Total Signers) Is Initialized Signer #1 Signer Slot #5 (empty)

	0	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
0000	02	04	01	2c	f6	e4	33	2b	e1	95	6f	cd	63	f5	0c	2c
0010	25	f8	20	0e	83	ac	30	d1	bb	95	26	86	2b	58	64	3a
0020	8f	34	ec	a2	93	93	cc	86	33	a9	9a	66	b3	48	5a	95
0030	87	f5	6f	e6	1d	f5	5d	0f	2d	a9	ed	cc	46	c1	a9	c4
0040	54	93	36	02	fc	6e	52	0c	08	e9	0c	f4	a3	b6	8a	be
0050	19	bc	96	60	a1	76	19	ad	9f	c6	b0	d7	e8	25	ad	84
0060	05	ee	e0	fb	7c	47	78	58	6c	34	ee	7f	1b	7b	10	ca
0070	4a	ae	c8	f6	b3	64	29	6c	3e	6e	9d	64	be	08	83	6c
0080	2a	1e	2d	00	00	00	00	00	00	00	00	00	00	00	00	00
0090	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00a0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00b0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00c0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00d0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00e0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
00f0	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0100	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0110	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0120	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0130	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0140	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0150	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00	00
0160	00	00	00

View full hex

What it is

An SPL Token Multisig is a 355-byte account that can stand in for any single authority on a Mint or Token Account — mint authority, freeze authority, account owner, or delegate. It encodes an m-of-n policy: of up to 11 listed signers, any m of them must sign to authorize an action.

Why it exists

A single key controlling a mint or a treasury is a single point of failure. SPL Token bakes in a native multisig so issuers can require, say, 3-of-5 approvals to mint new supply — without deploying a separate multisig program. The multisig account simply takes the place of the authority pubkey.

Byte layout

Offset	Length	Field	Type	Notes
0	1	`m`	`u8`	Required number of signers (the threshold).
1	1	`n`	`u8`	Total number of valid signers currently set.
2	1	`is_initialized`	`bool`	`1` once initialized.
3	352	`signers`	`[Pubkey; 11]`	11 fixed 32-byte signer slots. Unused slots are zeroed; only the first `n` are valid.

Total: 355 bytes (1 + 1 + 1 + 11 × 32).

Where you see it

Treasury mints (a stablecoin issuer requiring multiple approvals to mint), DAO-controlled token accounts, and any setup where the authority must be shared. When a Mint’s mint_authority points at a 355-byte account owned by the Token program, that authority is a multisig.

Common gotchas

Always 11 signer slots, regardless of n. The layout reserves space for 11 pubkeys even in a 2-of-3. Slots beyond n are zeroed — don’t treat a zeroed slot as a real signer.
The multisig replaces the authority, not the account. A multisig-controlled mint still has a normal mint_authority field — it just holds the multisig account’s address. The “m-of-n” logic lives in the multisig account, checked at instruction time.
Signers are passed at transaction time. To act, m of the listed signer keys must sign the transaction; the Token program verifies them against the slots. The account stores who can sign, not signatures.
It’s distinct from program-based multisig (Squads). This is the Token program’s built-in primitive, limited to token authorities and 11 signers. Squads and similar offer richer, program-level multisig for arbitrary instructions.

Sources

SPL Token Multisig struct (program/src/state.rs)