The Compound Finance community recently voted to improve their multisig process and documentation, improving things for both the signers and the community. Many of these improvements could be applicable to Euler Finance.
For example, the DAO multisig could have proof of distinct humanity and a history doc for better community clarity of usage. The changes are in operation process and documentation. The code for the multisig remains unchanged. Weak processes are now responsible for most losses during incidents on DeFi protocols. The processes of Euler are strong, but also have room for improvement.
Proof of distinct humanity: I could not find list of signers. Anon addresses for signers make sense. But the community wants assurance that each signer is a distinct human. DeFiSafety has a process that ensures this and documents the results. It allows signers to remain anonymous (as in your operations and pauser multisigs) yet still proves each are distinct humans.
Regular testing: the need for multisig signers is immense when an incident is underway. This is the worst time that you want to learn that some of your signers are inactive or no longer affiliated with Euler. Regular testing mitigates this. Tests are run maybe once a quarter in a manner that minimizes impact on the signers but assures that they are ready when you need them. The test process can be different for different multisigs. The pauser test would be different from the DAO test because the time requirements for signing are very different.
History document: a multisig history document clearly indicates what each transaction did for the protocol such that the community understands what took place. Without it, understanding the actions of the multisig is quite technical and requires tracing through multiple sites before the information becomes clear. This document gives the community a clear understanding.
Signer documentation: the signers should have quite detailed documentation on the effects of multisig transactions on the protocol. Exactly what each action does and it’s impact should be clearly described. Also, the communication path for multisig signers to converse during an incident should be documented. Backup methods of communication or pager details need to be written and available to all signers. A list of responsibilities for the signers also helps.
All of this can be accomplished quite quickly with minimal support from the signers, the tech team and an admin. DeFiSafety can execute the work or if you prefer most (except for the proof of distinct humanity) can be accomplished by the community.
Do you think there is interest in improvement of the multisig process?