Multisig in defi: a marketing gimmick or a real security solution? | Opinion

Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.

Multisig, short for multisignature, is a security feature widely used in decentralized finance projects to enhance the security of digital assets. It requires multiple private keys to authorize a transaction instead of a single key, adding an extra layer of security. Multisigs are regarded as a robust security mechanism to protect the integrity of defi projects, but whether this is the case in practical scenarios is a matter of debate.

You might also like: Web3 urgently needs a paradigm shift in its security approach | Opinion

So, does deploying multisig technology truly guarantee security, or does it merely create a mirage of safety? Let’s find out.

Aspects that make multisig a significant security measure

Multisigs represent a fundamental security practice in the defi space, often acting as indicators of a project’s commitment to robust security measures. By requiring several signatures or approvals before executing transactions, they mitigate the risk of unauthorized access or malicious activities. Such measures signify a project’s dedication to safeguarding users’ assets and maintaining transparency.

In an environment where security concerns are paramount, incorporating multisigs underscores a proactive approach to building trust within the defi community and contributing to the overall integrity of decentralized financial platforms.

However, to ensure this idea works in practice, special attention must be paid to the implementation process and managing the multisigs. If a multisig is achieved by having, say, three out of five signatures among the team that manages the project itself, then this feature is little more than a marketing gimmick. De facto, the team still has 100% of the power to alter any smart contract as they desire.

For this to become an accurate security measure, it makes sense to add time-delay transactions, which means that some time passes between the proposal being offered for governance and the transaction being carried out.

Just as importantly, there should be diversification among the signatories so there is limited scope of one influencing the decision of the other. If 60-70% or more of the signatories belong to a single team managing the project, this multisig raises security concerns and becomes ineffective. To my mind, the best option is when half of the signatures in a multisig belong to non-team members. These could be advisors, active community members, project investors, and so on.

It is worth noting, though, that being a signatory in a multisig is quite a big responsibility because these people need to be quite reactive. It brings me back to my original point—that a lot of forethought has to go into how a project sets up its multisig function and what it oversees.

Decoding the duality: the impact of smart contract upgradeability on security

When discussing defi security and multisigs, it is worth bringing up the topic of smart contract upgradeability.

Upgradeability allows developers to adapt to changing market conditions, promptly facilitate deployment of bug fixes and security patches, and add new functionalities without requiring users to migrate to a new contract. This flexibility and promptness are crucial for the evolving nature of the defi space because migrating to a new contract entails a significant amount of complexity and challenges.

While upgradeability can offer flexibility and the ability to fix bugs or add new features, it also introduces certain considerations and potential security risks. Multisigs can offer a viable solution to this problem, provided all contracts, whether upgradable or not, are overseen by a multisig. Ideally, the contracts would be comprised of diverse teams and community members and would have ironclad communication regarding every action, so there is no scope for unauthorized alterations.

Is it possible to ensure the multisig is genuinely decentralized?

The effectiveness of the multisig is highly dependent on the diversity of the teams. Ensuring that a multisig is genuinely controlled by the community and advisors, beyond just the project team, requires a combination of governance mechanisms, transparency, and security measures.

The projects need to implement a decentralized governance model that allows for the participation of community members, advisors, and other stakeholders in the multisig. This decentralization minimizes the risk of a single point of failure, making it harder for malicious actors to compromise the system through a single target, such as the project team being hacked or doing a rug pull due to having complete control over the system. Like this, the community has a say in verifying the security and integrity of the multisig.

One way of achieving this is by involving key opinion leaders (KOLs) within the project who are interconnected and actively participate in the process. Many KOLs use ENS addresses publicly associated with them (and mention them on Twitter (X) handles that are unique in principle and can be used for multisig. This process works because the KOL technically owns the address and serves as their verification. Unfortunately, this is not a universal method—since not everyone likes ENS, if nothing else. I, personally, have only seen this practice applied in some of the larger projects.

Implementation is the key

Multisig is very popular in defi projects because of its flexibility and risk-mitigating capabilities. However, it all comes down to the implementation part of it. This practice relies on the coordinated efforts of multiple signatories to validate and execute transactions.

If there is a breakdown in communication between them, it can lead to delays, misunderstandings, or even conflicting decisions, leaving the system open to exploitation. All signatories need to be on the same page, understand the intent behind transactions, and be able to respond promptly to any potential security threats or suspicious activities.

Unfortunately, this is not an easy feat to achieve—quite a few issues need to be tackled first, which means that multisignatures are a good security practice; they are not a panacea that can be relied on without reservation.

Kate Kurbanova

Kate Kurbanova is a co-founder of Apostro, a risk management firm focused on economic attacks. She is a professional who leverages established traditional financial practices to enhance defi risk management. Kate’s expertise extends to data analysis, evaluating risk management strategies, and analyzing economic vulnerabilities in web3.

Source