The Compound Finance community recently voted to improve their multisig process and documentation, improving things for both the signers and the community. Please note this is a process improvement only, no changes to the software. The improvement included proof of distinct humanity, regular testing of the signers, comprehensive documentation for both public and the signers and a history document of all multisig transactions.
DeFiSafety developed this process and is presently marketing it to other DeFi protocols. DeFiSafety has been rating DeFi protocols on their quality processes and transparency for almost 5 years. We used this background in developing this process.
Questions:
-
Is this something that is already been developed?
-
Does the DAO want to be involved in the development of such a process in any way?
-
Any comments on what other DeFi protocols, exchanges, etc. might be interested in implementing such processes?
I am open to any form of comment, question or discussion.
When doing this work, 2 areas of improvement became clear. Please indicate if the DAO might have interest in these ideas such that I could propose them in more detail.
a) A comprehensive multisig best practise document including various types of multisigs (treasury and pause) with how to manage them.
b) A dedicated signing computer with locked down OS, minimal software that includes a hash with each signature such that the proposer can verify all signatures were signed by secure computers before executing.
Thanks for your time
Rex
rex@defisafety.com
Telegram @ShinkaRex
Hey @RexShinka, interesting initiative! What kind of feedback are you looking for, in particular?
SafeDAO does not use a community multi-sig at the moment, so the potential for application of the initiative here is quite limited.
I have 2 big questions with this post.
- Do DAO members know of any other individuals or organizations who are doing multisig process efforts?
- Does the DAO want to discuss formally supporting this initiative in some way? Safe.Global support would be a massive multiplier for the impact this initiative could have. I understand this is a big ask as it is a scope change for the DAO. However, as recent security incidents (Radiant Capital as just one example) have shown, multisig process weakness is among the biggest security threats in our space right now. No other crypto brand is better positioned to take up the multisig security processes than SAFE.
Do you have a community call? Maybe I could join.
From a process side we have one of the only mobile signing solutions that was supported from a SafeDAO grant.
You can see how it works here; Native voting with Safe on Snapshot — Lighthouse Labs
Please note this is for currently for Voting only. Happy to discuss/explore if you wanted something similar for collecting signatures and notifying signers for txns.
Also heard good things about https://www.onchainden.com/
- Do DAO members know of any other individuals or organizations who are doing multisig process efforts?
I co-authored this with Tally and eth limo at DAOstar: DAOIP-8: Applicable Controls for DAOs. Its a light weight first version for a best practices guide / security standard that will become more comprehensive over time. The section on key management is currently under developed. If you are interested in contributing, I would love to chat! DAOIP-8 should eventually get merged with SEAL’s frameworks. Full research here.
- Does the DAO want to discuss formally supporting this initiative in some way? Safe.Global support would be a massive multiplier for the impact this initiative could have. I understand this is a big ask as it is a scope change for the DAO. However, as recent security incidents (Radiant Capital as just one example) have shown, multisig process weakness is among the biggest security threats in our space right now. No other crypto brand is better positioned to take up the multisig security processes than SAFE.
Why do you think it’s a scope change for the DAO? In any case, this might be a good application once the grant program is live. Feel free to share the initial idea here to garner community feedback.
Thanks for the replies. Sorry for the delay.
Thanks for sharing DAOIP-8. It is a great resource. I am already a contributor to the SEAL Frameworks and multisig process will be my main contribution. I can put links to any drafts here for review and comment. Where can I see the status of the next grant round?
My stretch goal is for approval from Safe Global of the DeFiSafety multisig processes. This would mean I could say some kind of “approved by”. I ask for this as it will improve the number of protocols that would implement better multisig processes. Right now when I propose to DAO’s I mostly get shrugs and move on. Weak processes are the new weakest link in DeFi (because our software processes have become strong). I am open to any conversations on how to make this happen (even before grants).
I will be at Consensus and Futurist next week if anyone wants to chat IRL. Telegram ShinkaRex.