How to Avoid Governance Errors on Blockchain
Alberto Cuesta Ca?ada
Co-Founder & CTO @yield | Co-Author ERC4626 (Tokenized Vaults), ERC3156 (Flash Loans) ERC7266 (Oracles) | Writer @HackerNoon | Judge @ Code4rena, Cantina
Most applications on blockchain have adopted change-by-governance patterns, where changes can be made as long as they are signed off by a multisig or a DAO. However, this pattern is fraught with danger.
Some changes are simple, such as transferring tokens or adjusting a parameter, while others are more complex and involve deploying contracts and orchestrating them.
Obtaining signatures for any change requires a significant amount of effort, so it is common to batch together all steps for ech change, and ask for a single signature for the batch. At Yield, the largest change I've seen included more than three hundred individual calls.
For simpler changes, multisig members might be willing to review the call data and may even have the ability to understand it. As changes become more complex, this becomes impossible. Errors are common, and costly.
Governors approving a change should know which functions are being called, what parameters are being used, and what effects these will have. They should be able to find this information on their own, without help from others.
It is possible to achieve this, and it is easier than it may seem. However, first, we must understand how governance changes are executed by smart contracts.
For a full walkthrough on how to safely execute changes on live blockchain applications, read the full article on Medium.
Founder at TotalSig Wallet
1 年So, if I understood correctly, the problem was that the multisig batched a lot of things together, and that made it harder to review each individual change? But why did you decide to implement such a process in the first place? Was it to save on fees? I'm not asking to blame but to understand the problem. I personally see smart contract-based multisigs as a undesired direction for the industry to move forward with. Smart contract multisigs are often hard to implement correctly and expensive to operate. We provide an MPC multichain multisig wallet, and we support Ethereum there as well. MPC-based multisigs are 10-20 times cheaper to operate than those based on smart contracts, and they are much easier to deal with. I wonder if something like our solution (TotalSig wallet) could have provided a better overview of changes to be applied and hence could have prevented such a situation. Feel free to reach out to me to discuss that; I would really love to know your opinion on this.