The Compound community recently voted to improve their multisig process and documentation, improving things for both the signers and the community. Many of these improvements could be applicable to Morpho. In this post I will describe how. The changes are in operation process and documentation. The code for the multisig remains unchanged. Weak processes are now responsible for most losses during incidents on DeFi protocols. The processes of Morpho are quite strong, but also have room for improvement.
Proof of distinct humanity: DeFiSafety has a process that proves each signer is a distinct human and documents the results. It also allows signers to remain anonymous (as in your multisigs) but improves transparency for the community.
Regular testing: the need for multisig signers is immense when an incident is underway. This is the worst time that you want to learn that some of your signers are inactive or no longer affiliated with Morpho. Regular testing mitigates this. Tests are run maybe once a quarter in a manner that minimizes impact on the signers but assures that they are ready when you need them. The test process can be different for different multisigs.
Signer documentation: the signers should have quite detailed documentation on the effects of multisig transactions on the protocol. Exactly what each action does and it’s impact should be clearly described. The information on your DAO Governance page is good for the public, but the signers should have more detail. It documents the communication path for multisig signers to converse during an incident.
History document: a multisig history document clearly indicates what each transaction did for the protocol such that the community understands what took place. Without it, understanding the actions of the multisig is quite technical and requires tracing through multiple sites before the information becomes clear.
Transaction Singing Policies defines minimal security signing steps for signers of big money accounts (such as your DAO multisigs). This could be simply use a hardware wallet or use a dedicated signing computer.
You choose which elements you want to implement. This can be accomplished quite quickly with minimal support from the team. DeFiSafety can execute the work or if you prefer most (except for the proof of distinct humanity) can be accomplished by the community.