At the moment, we can differentiate the powers the yearn multisig has into two different aspects:
- Execution: as a result of a successful vote, the multisig executes an action. Since there’s no binding agreement with multisig signers, there’s nothing impeding them from executing a random action that hasn’t been approved. Legitimate and illegitimate actions look exactly the same for the multisig smart contract.
- Vetoing: the community can vote on something that is too risky for the multisig to enact (e.g. let’s transfer some money from the treasury to terrible people!) or just against the interests of the multisig (e.g. let’s transfer governance over this important contract to a DAO, making the multisig lose power and influence). If multisig singers don’t want to execute something, they just won’t and there’s no recurse.
What we are proposing here is moving to a model in which we remove ‘Execution’ privileges from the multisig, while still keeping ‘Vetoing’ for security. Also note that currently a multisig veto would be passive (if it wants to veto it just doesn’t do anything), while in the proposed DAO model, vetos would need to be active (multisig signers actually need to act to block an action). When we are feeling comfortable about security, the governance process can remove veto rights from the multisig in one vote.
This is a fair concern. To be honest (and trying not to put words on anyone’s mouth), I have just been chatting about Optimistic Snapshot with @andre.cronje as we were building it and he showed appetite for making yearn’s governance binding on-chain in a short timeline, with interest to use it to burn YFI minting permanently if approved.
This motivated me to write this proposal. I also think this is a bit insane, but I think that if implemented progressively it can be done safely.