Multisig
This documentation shows the build 3 which uses 1.4 protocol version. Currently, these are being audited. Even though, contracts are backwards compatible, we do NOT recommend using these latest versions in production until audit is finished. |
Description
Multisig is a governance plugin developed and maintained by the Aragon core team.
It allows users to create proposals that require a configurable subset of approvals (e.g., x out of y) from a list of approvers to pass.
Once a proposal meets the required threshold of approvals, the list of proposed actions can be passed to the associated DAO or executor for execution.
Each approver can individually cast their approval directly on-chain,
unlike traditional multisig solutions that rely on off-chain aggregation of signatures.
Proposal Lifecycle
Creation:
Proposals can be created by users who have the CREATE_PROPOSAL_PERMISSION
or those verified through the ListedCheckCondition
, depending on the plugin’s configuration and how the permission is granted. The creation process includes:
-
Taking a snapshot block (
block.number - 1
) at the time of creation to ensure consistent eligibility for approvers. -
Instantiating a proposal and recording proposal metadata, a list of actions, start and end dates, and approval thresholds based on the snapshot block.
-
Optionally, the proposal creator can immediately cast their approval during the creation process.
Proposal creation settings: - onlyListed: Whether only listed addresses can create a proposal or not. |
Approval:
Approvers listed in the address list can cast their approval. The process includes:
-
Verifying that the proposal is open, the approver is eligible based on the snapshot taken at creation, and the approver hasn’t already approved.
-
Ensuring the proposal has not expired; proposals are considered expired and ineligible for further approval once their end date has passed.
-
Updating the count of approvals and marking the approver as having approved.
-
Optionally, the approver can pass
true
fortryExecution
along with their approval. This prompts the plugin to attempt execution if the proposal meets the necessary conditions.
Execution:
Once the proposal meets the required number of approvals:
-
The
execute
function can be called by users with theEXECUTE_PROPOSAL_PERMISSION
.
Typically, this permission is set to any address, allowing anyone to execute, but it can also be restricted to specific users or conditions if needed.
-
The plugin verifies that the proposal is open, the approval threshold has been met, and then executes the listed actions by passing them to the associated DAO or executor.
-
After execution, the proposal is marked as executed, preventing further approvals or execution attempts.
Proposal execution settings: - minApprovals: The minimal number of approvals required for a proposal to pass. |
Plugin Settings
The Multisig plugin provides three key configuration functions to manage governance settings and approvers. All three functions require the UPDATE_MULTISIG_SETTINGS_PERMISSION
, which is typically granted to the associated DAO.
1. Update Multisig Settings
Modifies the plugin’s configuration, which includes: onlyListed
and minApprovals
.
-
Constraints:
-
minApprovals
must be at least 1 and no greater than the current number of approvers.
-
-
Impact:
-
Changes apply to all proposals created after the settings are updated.
-
2. Add Addresses
Adds new addresses to the list of approvers, allowing them to approve new proposal.
-
Constraints:
-
The total number of addresses cannot exceed
2^16 - 1
(to ensure compatibility withuint16
, the maximal number of approvals).
-
-
Impact:
-
Newly added addresses can approve proposals created after their addition.
-
Reduces the relative weight of approvals required, as the minimum approval threshold remains the same while the total number of approvers increases.
-
3. Remove Addresses
Removes existing addresses from the list of approvers, preventing them from approving new proposals.
-
Constraints:
-
After removal, the number of remaining addresses must not be less than the current minimum approvals threshold (
minApprovals
).
-
-
Impact:
-
Removed addresses lose their approval rights for all proposals created after their removal.
-
Increases the relative weight of approvals required, as the minimum approval threshold remains the same while the total number of approvers decreases.
-
Since each function contains its own independent logic checks, if it is necessary to reduce the number of approvers to below the current
This ensures that the operation is valid and does not violate the plugin’s constraints. |
Plugin Setup
-
Contracts: The MultisigSetup contains the Multisig plugin’s implementation and automatically deploys and prepares the following contracts:
-
Multisig Proxy: The ERC1967Proxy contract pointing to the Multisig plugin’s implementation.
-
ListedCheckCondition: A condition contract used to determine whether a user meets the eligibility criteria for creating proposals. It enforces the
onlyListed
setting from the Multisig plugin, ensuring that only listed members can propose actions if the setting is enabled.
-
-
Permissions: The MultisigSetup establishes the following default permissions to ensure smooth operation and integration with the associated DAO:
Permission ID | Where (Granted By) | Who (Granted To) | Condition | Functions |
---|---|---|---|---|
|
DAO |
Plugin |
None |
|
|
Plugin |
DAO |
None |
|
|
Plugin |
Any Address |
|
|
|
Plugin |
DAO |
None |
|
|
Plugin |
DAO |
None |
|
|
Plugin |
Any Address |
None |
|
This setup ensures that the Multisig plugin is ready for operation immediately after installation, with all required contracts deployed and permissions configured.