MIP47: MakerDAO Multisignature Wallet Management

MIP47: MakerDAO Multisignature Wallet Management


MIP#: 47
Title: MakerDAO Multisignature Wallet Management
Author(s): Payton Rose @prose11
Contributors: @amyjung @LongForWisdom @Elihu
Type: General
Status: Formal Submission
Date Proposed: 2021-02-03
Date Ratified: <yyyy-mm-dd>


Sentence Summary

MIP47 defines the requirements for creating a Multisignature wallet that is owned by Maker Governance and utilized by community members.

Paragraph Summary

MIP47 describes the process and various requirements for any group within MakerDAO to secure approval for a Governance-owned multisignature (Multi-Sig) wallet that can be used for funding and permissions. Additionally, this MIP describes the process for Governance to remove funding or permissions from a previously recognized Multi-Sig.

Component Summary

MIP47c1: Governance Recognition of a Multi-Sig

Documents the minimum requirements for maintaining a Governance-owned Multi-Sig.

MIP47c2: Current Approved Multi-Sig List

Sets up a subsection of this MIP for documenting currently approved Multi-Sigs, to be updated and maintained by the Governance Facilitators.

MIP47c3: Dissolution of Multi-Sig

Covers how a previously approved Multi-Sig can be revoked of permissions or funds.


Creating Multi-Sigs for permissions or funding that are owned by MakerDAO but administered by community members will allow teams the agility to pursue relevant fiscal courses of action and signal their consensus for permissioned changes while being supported by Governance.

These Multi-Sigs would be ideal for a broad range of objectives, from creating budgets for Core Units to delegating consensus for particular working groups.

The process outlined by this MIP is intended to allow Maker Governance the continued confidence to disperse budgets and permissions to various groups that already exist and will form in the future.

In recognition of the various subproposals that must be submitted by working groups to accomplish objectives, this MIP seeks to define when a Multi-Sig can be recognized by Governance Facilitators so that other proposals that involve distributing funds or permissions to a Multi-Sig address do not need an additional vote from Governance.

Specification / Proposal Details

MIP47c1: Governance Recognition of a Multi-Sig

In order for a Multi-Sig to be considered owned by Maker Governance for funding or permissioned consensus, the following minimums must be satisfied by providing a post, or series of posts, on the Maker Forum:

  • Governance must be able to revoke funding and permissions from approved multi-sigs at any time.
  • Signatory requirements providing no less than â…” of listed signatories to sign off on an action.
  • All signers must be tagged on the forum and their willingness to be included in the Multi-Sig publicly confirmed.
  • A representative for the Multi-Sig must be designated as an official point of contact.
  • There must be a clear and public explanation of the purpose and scope of the Multi-Sig.
  • A clearly defined process for onboarding and offboarding signatories.
  • A wallet address to be whitelisted.

Following an approved Governance action that involves a newly recognized Multi-Sig, the information provided will be added to a list of recognized Multi-Sig Wallets.

MIP47c2: Current Approved Multi-Sig List

This listing is to be maintained and updated by the Governance Facilitators. It will serve as an active registry of approved Multi-Sigs.

Entries into this list should follow the following template:

Group Name: The name of the group seeking to utilize a Governance Multi-Sig.
- Contact: The designated contact for the Multi-Sig.
- Address: Public wallet address of Multi-Sig
- Date Added: (yyyy-mm-dd)

MIP47c3: Dissolution of Multi-Sig

Multi-Sig groups may dissolve at any time, provided all unspent funds are returned to Governance and any permissions granted to the Multi-Sig are revoked. If a Multi-Sig decides to dissolve, the owners must fill out a MIP47c3: Dissolution of Multi-Sig Request Subproposal Template.

Likewise, the Maker Community may choose to revoke funding for a Multi-Sig. In order to do so, any community member may submit a MIP47c3: Dissolution of Multi-Sig Request Subproposal Template that will be subject to the following parameters before entering the next Governance cycle:

  • Frozen Period: 2 weeks

Additionally, the Maker Community may utilize the weekly governance cycle to revoke funds or permissions of a Multi-Sig, should an urgent or emergency situation arise.

While the Maker Community may revoke funds for any reason, the following scenarios should encourage action by the community:

  • Loss of keys by Multi-Sig member(s)
  • Fulfillment of Multi-Sig objectives
  • Loss of trust in Multi-Sig member(s)
  • Failure of Multi-Sig to report spending

Hey Prose, thank you for submitting this MIP! In the context of core units, do I understand correctly that a multisig’s ownership is separate from a multisig’s access?

Elaborating…ownership is the protocol because it would be voted in and created by Governance, and access would be the core unit or whoever the core unit decides to assign as signatories.

The implication of the protocol owning the multisig is helpful because it could mean that taxable events occur once funds are received from the multisig instead of when funds are received by the multisig (because the multisig is considered part of the protocol and not some separate entity).

Not sure if this is correct, just thinking aloud here…

Also, again in the context of core units, I think it should be possible for signatories provided by the core unit to be anonymous as per the G&R call yesterday.


Hey @Derek thanks for the feedback! We’ve been working on this behind the scenes so my apologies for not commenting here earlier to let you know my thoughts.

Going to be editing this MIP slightly to clarify that these will be DAO-owned multi-sigs (capable of revoking funds/permissions at any time). This will add clarity while people wishing to have ownership over their Multi-Sig can just create one on their own and request payment there the same way contributors currently give out a wallet on an invoice.

As to the signatories, they will be semi-supportive of anonymous users in that all that needs to be provided is a forum handle and an address for all the signatories. This way the DAO can verify that the person listed is on board with being a signer. I don’t think too much more should need to be done with that as users are welcomed (and in many cases encouraged) to set up a separate wallet for giving permissions. In my mind, that allows for anonymous users to still participate but still gives the DAO enough transparency to see and communicate with the people using Multi-Sigs for official budgets and permissions.


Edits to MIP

I wanted to get these edits in so the MIP can go forward if the community likes them. As such I will be holding off on pushing this to FS for a week in hopes of getting some reflections. Here are the changes made:

  • Added a subsection to maintain active multi-sig list
  • Made the Multi-Sigs explicitly owned by MakerDAO
  • Condensed Motivation section
  • Renamed and added a question to the Dissolution subproposal
  • Made clear requirement for funding/permissions to be revocable
  • Re-worded naming requirements to indicate a forum handle will suffice

Any feedback on the state this MIP would be much appreciated. While ideally I would like to see it go forward as soon as possible, I am happy to delay it if there are some concerns.


Moved to formal submission for March Governance :slight_smile: