The compound community recently voted (Search Compound Tally, Formalizing the Multisig) to improve their multisig process and documentation, improving transparency and security for both the signers and the community. Many of these improvements could be applicable to Lido. In this post I will describe how. The changes are in operation process and documentation. The code for the multisig remains unchanged. Weak processes are now responsible for most of the losses in DeFi protocol incidents. The processes of Lido appear very strong, but also have room for improvement.
Proof of distinct humanity: while you list many of the signers for the various community multisigs (which is awesome, by the way), the lists don’t really prove that each signer is a distinct human. DeFiSafety has a process that ensures this and documents the results. It also allows signers to remain anonymous, as required, yet still proves each are distinct humans.
Regular testing: the need for multisig signers is immense when an incident is underway. This is the worst time that you want to learn that some of your signers are inactive or no longer affiliated with Lido. Some wallets (such as Emergency Brake) are never used. Regular testing mitigates this. For the active committee multisigs, often a small group sign almost all transactions. Regular testing checks that all signers are actively listening and able to sign. Tests are run maybe once a quarter in a manner that minimizes impact on the signers but assures that they are ready when you need them. The test process can be different for different multisigs.
Signer documentation: the signers should have detailed documentation (Google Doc available upon request) on the effects of multisig transactions on the protocol. Exactly what each action does and it’s impact should be clearly described. The information on your multisig pages is good for the public, but the signers should have more detail. Also, the communication path for multisig signers to converse during an incident should be documented. Backup methods of communication or pager details need to be written and available to all signers. A list of responsibilities for the signers also helps.
History document: a multisig history document (Google Doc available upon request) clearly indicates what each transaction did for the protocol such that the community understands what took place. Without it, understanding the actions of the multisig is quite technical and requires tracing through multiple sites before the information becomes clear. This document gives the community a clear understanding.
All of this can be accomplished by DeFiSafety with minimal support from the signers, the tech team and an admin. DeFiSafety can execute the work or if you prefer most (except for the proof of distinct humanity) can be accomplished by the community. Lido has many multisigs (50 by my count). We could do a couple, let the community see their value and go from there. DeFiSafety can perform the initial work and maintain the docs and testing. It is our way to contribute to improved transparency and security in DeFi.
Is this of interest to the Lido community?