Dynamo uses a layered permission model to ensure that no single key or team member can unilaterally alter the protocol. Every sensitive action is gated behind a multi-signature wallet.
Why multisig matters
A multisig (multi-signature) wallet requires a threshold of independent signers to approve a transaction before it can be executed. This means a compromised key, rogue team member, or social engineering attack cannot unilaterally drain treasury funds or change critical parameters, the attacker would need to compromise multiple independent signers simultaneously.
Multisig configuration
All Dynamo multisigs use a threshold signature scheme. The current configuration for each role is:
- Protocol Owner: 4 threshold, signers are independent contributors and core team members
- Risk Manager: 3 threshold, signers include risk committee members and core team
- Guardian: 2 threshold to allow fast emergency response, signers are core team members across time zones
The Guardian role intentionally has a lower signing threshold to enable rapid emergency pauses. Its scope is limited to pausing, it cannot move funds, upgrade contracts, or change parameters.
Verifying on-chain
All privileged addresses are readable directly from the deployed contracts. You can verify:
- The current owner address of each contract
- The multisig wallet address and its signer set
Contract addresses are published in this documentation. Use a block explorer to inspect the multisig configuration and any queued transactions at any time.
Subscribing to on-chain alerts for the Dynamo multisig addresses lets you receive immediate notification of any queued transaction during its timelock window, giving you time to review before execution.
