Temperature Check - Should the DEF move its assets to a custodial wallet viewable on chain?

The DeFi Education Fund (DEF) proposes to move the organization’s assets to a custodial wallet viewable on chain.

Governance forum thread debating this idea.

This is the right move for the organization for several reasons:

  1. The governance proposal that funded the DEF envisioned the implementation of a security-enhancing product like Tally’s Safeguard onto the multisig, but it’s not ready for implementation. Safeguard would give UNI governance the ability to (i) stop any multisig transaction from taking place, and (ii) request funds sitting in the multisig to be sent back to the Community Treasury. These features would significantly enhance the security of the multisig against unauthorized/coerced/ etc. transactions.
  2. Moving to a custodial wallet likely will present fewer risks to the fund’s assets than relying on a four of seven multisig controlled by the committee’s publicly-identified committee members, each being effectively 1/4 of a $22M bearer asset.
  3. The DEF would only onboard with a custodian that would support an individual wallet for the DEF’s assets, meaning it would offer the same level of transparency as a multisig.

Other details:

  1. Custodian criteria: Security, transparency, and cost. How the custodial wallet would be visible on chain is probably the factor with the most variance across custodians. For example, some use omnibus wallets for multiple clients’ assets, some create a new wallet every time a transaction is completed, etc. A dedicated wallet would be an absolute must in order for the DEF’s funds to be viewable/verifiable on chain, and ideally the wallet wouldn’t change every time there was a transaction in and out of the wallet because that would make viewing/verifying the assets a hassle for the community. When moving assets to the centralized custodian, the DEF would incur a fee based on the dollar value of the assets, which is typically in the range of 25-50 basis points per year. If the DEF moves forward with this proposal, the hope is to work with a custodian sympathetic to the organization’s mission who could offer the DEF a “deal” on cost.
  2. The DEF would directly on-board with a custodian, and the DEF would continue to pre-announce and explain withdrawals from the custodial wallet on its blog. The DEF would only use a custodian that wouldn’t move any of the assets unless four of the seven committee members validate a transaction to vindicate the four of seven requirement of the current multisig. In other words, only consensus among four of the seven committee members would have the power to validate an outgoing transaction.
  3. There has been no security issue to date motivating this proposal.
  4. The DEF initiated this snapshot but will not vote on it.

Thanks all