Lido DAO ops multisigs policy

1

Motivation

Day-to-day DAO operations require significant flexibility & safety at the same time. To some extent and use-cases gnosis multisig wallets provide for both and are used widely across different parts of Lido DAO operations. The proposal outlines general rules under which those multisig wallets will be used in operations. Lido DAO can also promote and encourage this policy adoption by other cooperating 3rd parties.

General rules

Generally, every multisig under Lido DAO ops workstream should have (please see Special cases for exceptions or additional rules set):

  1. At least 3 signers.
  2. At least 50%+ threshold.
  3. For multisigs holding $1m+ — at least 7 signers.
  4. For multisigs holding rights and roles — at least 3/5 setup.
  5. Multisigs holding funds should set Lido Agent contract as beneficiary with unlimited allowance on tokens the wallet is funded with.

Public process

Multisig use, while being highly flexible, requires transparency for DAO members & general public.

  1. Every multisig should have a research.lido.fi forum post with stated purpose & “operating rules” of the wallet, along with the 1) address; 2) list of signer addresses.
  2. Address of the multisig must be listed in https://docs.lido.fi/deployed-contracts/#lido-dao-multisigs section.
  3. Signers “apply” by sharing the proof of the address ownership in the forum post’s comments.
  4. Any changes in signers list must be announced in the “multisig forum post” along with another proof of address. Unless it is explicitly specified that signers are fixed, the multisig signers can be rotated, but track record must be made publicly available.
  5. Emergency brake multisigs and LEGO multisig signers list can be changed only after DAO snapshot.
  6. No change in multisig signers should 1) lower the absolute number of signers below DAO-vetted one; 2) lower the signing threshold. If this is required, those changes must be passed through the Lido DAO Snapshot vote.

Special cases

  1. Any LEGO wallet changes are to be approved by the DAO through Snapshot vote.
  2. Any Emergency Multisigs changes are to be approved by the DAO through the Snapshot vote (last Emergency Multisigs update could be found on the forum).
  3. Unless it’s mentioned explicitly, multisigs managed by Lido-on-X (non-Ethereum Lido protocols) teams aren’t subject to this policy.
  4. Lido DAO contributors can employ specific ad-hoc multisigs for operations. In case of not holding any rights and roles and not being funded by the DAO directly such “convenience wallets” need not conform to the above process. The main use-case for such wallets are “gas fund” for dev & ops teams.
4 Likes
2

Does the 7 or more signers rule apply to multisigs that have authority over easy track payments up to $1 mil? DAI Referral Program has 1 mil. for example.

3

Should there perhaps be an additional threshold where after X changes (where X is some number <= N in an N of M multisig) the full signer registry for a multisig needs to be re-ratified by the DAO?

Either that or there should be a consideration for additional multisigs to be included in Point #5, given the amount of funds that go through some of these multisigs.

4

If the MS may have up to $1 mil I would recommend to have MS with 7 signers, yes.
The ET itself may be objected by LDO holders during 72 hours since the start, though, multisig transfers - no.

3 Likes
5

“Changing up to a quorum of signers requires DAO approval” sounds good to me. The clause is to allow for rotating the missed keys mostly. Another part is, for, say, Lido Contributors Group multisigs & entities the purview other signer list is on the said entities — though I’m very confident the thresholds are to be met still (i.e. — would oppose loading $1m to 2/2 ms)

2 Likes
7

Kind of a side tangent. What do we think about this?

Problems:
-Several people are on too many multisigs
-People who aren’t on multisigs don’t want the responsibility becuase there is only liability

possible solution:

-Provide a multisig bonus per month to signer’s pay
-Enough that people will want to step up and become signers
-Enough that people will want to participate
-Structured so that the more multisigs you are on, the less $ earned so it doesn’t encourage people to join too many multisigs

what do y’all think?

1 Like
8

generally I don’t see “multisig signer” as a separate role; motivation so far hadn’t been financial, and I’m not that’s the route with reasonably good returns: the load varies highly from ms to ms, and the risks (sheer sums of tokens flowing through, say, reWARDS) making it extremely difficult to budget from this standpoint. Thinking about incentive structure for signers in general is a good direction, though I don’t have any particular proposals at this time — would be happy to hear yours =))

3 Likes