⭕ [RFC] General Permission to Whitelist Multisigs in Staking V2


This RFC suggests that the ProtocolDAO will be granted permission to whitelist any Multisigs that wants to stake MTA or mBPT in Staking V2.


Staking V2 added a limitation to the contract that only allows EOA (Externally Owned Accounts) to stake. An option to whitelist wrapper contracts was added as well that bypasses this limitation.

Recently, this limitation meant that each Multisig would also need to be whitelisted with an accompanying proposal. This adds a lot of overhead and delays the process. We should allow the ProtocolDAO to whitelist all Multisigs upon request from the Multisig owners immediately without the need to go via governance.

The ProtocolDAO would receive requests from Multisig owners to be whitelist, then check the contract and queue the transaction directly.

Proper transparency should be still preserved and all transactions to whitelist a multisig should be communicated and collected in one place.


This limitation, that only EOA can stake in Staking V2, was added in order to prevent contracts bypassing the mechanics of cooldown period, withdrawal window and the potential recollaterisation. A wrapper contract could circumvent these measures and create a secondary market. Rendering the use-case obsolete.

A Multisig on the other hand does not fit this description. Therefore, the need to create a proposal to whitelist Multisigs is unnecessary and add no value but only delays the whole process.


  • faster process
  • less overhead
  • more attractive to stake from a multisig


  • less communication upfront about a whitelisting, but whitelisting a multisig does now add any risks.

Thanks for posting this, and definitely something we need to adapt in the coming weeks, as more protocols want to use our staking contracts.

I am a bit worried about allowing the ProtocolDAO to be able to whitelist any multisig without any sort of additional clauses or definition within the proposal as to how the decision making process within the ProtocolDAO looks like.

As it stands, we’re simply trusting the DAO to make a decision based on individuals within, and not so much based on a list of points or criteria that was agreed upon.

I’d love to see the whitelisting process defined in a document that lives on IPFS somewhere, and that the ProtocolDAO has to adhere by when going through the process of whitelisting additional multisigs.

This will also ensure that new ProtocolDAO signers that rotate into the DAO will know how to chose whether or not a multisig can be whitelisted or not, and it gives verifiability that the ProtocolDAO is doing their job correctly for the rest of the ecosystem.

I don’t see why we would make it so complicated?

The ONLY reason the whitelisting / blacklisting was coded into the smart contract is for the sole purpose of mitigating contracts that can circumvent the staking mechanics of cooldown and withdrawal and potential recollaterization. That’s it. A Multisig does not fit this schema.

So very simple, the ProtocolDAO checks the contract. If it’s a Gnosis Multisig, then whitelist. I believe any Multisig should be able to stake and we shouldn’t decide which can and which can’t.

As you already said, there is a process to check, and that process should be hard-coded into a document (even if just the actual proposal), so everyone can verify that it’s being done this way on-chain. Whatever happened to “Don’t trust, verify”?

I agree on your point that we shouldn’t decide which multisig can and cannot stake on our contract, but that was never really the question here.

Yeah, will clarify better in the actual MCCP.

Not really process heavy this one, just checking on etherscan the contract and then can whitelist. All signers in the ProtocolDAO can verify and sign. A thread where all the tx are collected should be also created for visibility and kept up to date.

Would that be sufficient? @mZeroNine

1 Like

Awesome, thank you!

Nice and simple, yet transparent and effective, I like it! :blush:

1 Like

This definitely needs to happen!

Fully supportive of making this as easy as possible. Just a thought on how we specify which addresses can be whitelisted by the ProtocolDAO:

  • Does it need to be as specific as “multisig accounts”, or could we specify in terms of what a contract should not be doing. Eg. wrapping staked MTA to circumvent cooldown mechanics? I only ask as I can imagine that there could be other benign use cases of staking from a smart contract in the future.

As a community signer for the ProtocolDAO, I would like the MCCP to emphasize that it is incumbent upon each signer to examine the address being submitted for meeting the whitelisting criteria. Especially for community signers, I don’t want them to get into a rhythm of “Oh, {OG community member X} submitted this, it’s probably fine,” and just signing whatever. Perhaps a screenshot of a valid Gnosis instance on etherscan should accompany the documentation so that a less-technical individual has something tangible to look for.