Deployed Multisig Process Improvement discusssion

The Compound Finance community recently voted to improve their multisig process and documentation, improving things for both the signers and the community. Please note this is a process improvement only, no changes to the software. The improvement included proof of distinct humanity, regular testing of the signers, comprehensive documentation for both public and the signers and a history document of all multisig transactions.

DeFiSafety developed this process and is presently marketing it to other DeFi protocols. DeFiSafety has been rating DeFi protocols on their quality processes and transparency for almost 5 years. We used this background in developing this process.

Questions:

  1. Is this something that is already been developed?

  2. Does the DAO want to be involved in the development of such a process in any way?

  3. Any comments on what other DeFi protocols, exchanges, etc. might be interested in implementing such processes?

I am open to any form of comment, question or discussion.

When doing this work, 2 areas of improvement became clear. Please indicate if the DAO might have interest in these ideas such that I could propose them in more detail.

a) A comprehensive multisig best practise document including various types of multisigs (treasury and pause) with how to manage them.

b) A dedicated signing computer with locked down OS, minimal software that includes a hash with each signature such that the proposer can verify all signatures were signed by secure computers before executing.

Thanks for your time

Rex

rex@defisafety.com

Telegram @ShinkaRex

Hey @RexShinka, interesting initiative! What kind of feedback are you looking for, in particular?

SafeDAO does not use a community multi-sig at the moment, so the potential for application of the initiative here is quite limited.

I have 2 big questions with this post.

  1. Do DAO members know of any other individuals or organizations who are doing multisig process efforts?
  2. Does the DAO want to discuss formally supporting this initiative in some way? Safe.Global support would be a massive multiplier for the impact this initiative could have. I understand this is a big ask as it is a scope change for the DAO. However, as recent security incidents (Radiant Capital as just one example) have shown, multisig process weakness is among the biggest security threats in our space right now. No other crypto brand is better positioned to take up the multisig security processes than SAFE.

Do you have a community call? Maybe I could join.

From a process side we have one of the only mobile signing solutions that was supported from a SafeDAO grant.

You can see how it works here; Native voting with Safe on Snapshot — Lighthouse Labs

Please note this is for currently for Voting only. Happy to discuss/explore if you wanted something similar for collecting signatures and notifying signers for txns.

Also heard good things about https://www.onchainden.com/

  1. Do DAO members know of any other individuals or organizations who are doing multisig process efforts?

I co-authored this with Tally and eth limo at DAOstar: DAOIP-8: Applicable Controls for DAOs. Its a light weight first version for a best practices guide / security standard that will become more comprehensive over time. The section on key management is currently under developed. If you are interested in contributing, I would love to chat! DAOIP-8 should eventually get merged with SEAL’s frameworks. Full research here.

  1. Does the DAO want to discuss formally supporting this initiative in some way? Safe.Global support would be a massive multiplier for the impact this initiative could have. I understand this is a big ask as it is a scope change for the DAO. However, as recent security incidents (Radiant Capital as just one example) have shown, multisig process weakness is among the biggest security threats in our space right now. No other crypto brand is better positioned to take up the multisig security processes than SAFE.

Why do you think it’s a scope change for the DAO? In any case, this might be a good application once the grant program is live. Feel free to share the initial idea here to garner community feedback.