The compound community recently voted to improve their multisig process and documentation, improving things for both the signers and the community. Many of these improvements could be applicable to Eigen Layer. In this post I will describe how. The changes are in operation process and documentation. The code for the multisig remains unchanged. Weak processes are now responsible for most losses during incidents on DeFi protocols. The processes of Eigen Layer do not appear weak, but also have room for improvement.
Proof of distinct humanity: while you list the signers for the protocol council and community multisigs (which is awesome, by the way), the lists don’t really prove that each signer is a distinct human. DeFiSafety has a process that ensures this and documents the results. It also allows signers to remain anonymous (as in your operations and pauser multisigs) yet still proves each are distinct humans.
Regular testing: the need for multisig signers is immense when an incident is underway. This is the worst time that you want to learn that some of your signers are inactive or no longer affiliated with Eigan Layer. Regular testing mitigates this. Tests are run maybe once a quarter in a manner that minimizes impact on the signers but assures that they are ready when you need them. The test process can be different for different multisigs. The pauser test would be different from the community test because the time requirements for signing are very different.
Is this something of interest to the community?
Signer documentation: the signers should have quite detailed documentation on the effects of multisig transactions on the protocol. Exactly what each action does and it’s impact should be clearly described. The information on your Technical Architecture page is good for the public, but the signers should have more detail. Also, the communication path for multisig signers to converse during an incident should be documented. Backup methods of communication or pager details need to be written and available to all signers. A list of responsibilities for the signers also helps.
History document: a multisig history document clearly indicates what each transaction did for the protocol such that the community understands what took place. Without it, understanding the actions of the multisig is quite technical and requires tracing through multiple sites before the information becomes clear. This document gives the community a clear understanding.
All of this can be accomplished quite quickly with minimal support from the signers, the tech team and an admin. DeFiSafety can execute the work or if you prefer most (except for the proof of distinct humanity) can be accomplished by the community.