Credix & Mean — Blog 2: Treasury Management Best Practices:
Credix and Mean have been working closely together for months, implementing best practices regarding security, treasury, product development and compliance. We thought it would be of interest to share our insights with the broader (web3) community. This is the second piece of a three part blog series focused on Treasury Management in collaboration with Mean.
Let’s begin with a case study: The fictitious Protocol XYZ has been studying proper treasury management and, after a successful IDO, has a robust treasury which it has diversified across several asset types with ample liquidity to fund daily operations. The treasury composition and balance is, by all measures, perfectly tailored to XYZ’s structure. Now XYZ has purchased a Nano X, Ledger’s “most advanced, on-the-go hardware wallet”, to store all treasury assets, effect trades, and issue contributor payments. Logically, XYZ’s CFO manages the treasury wallet and is the sole signatory on all transactions. XYZ has perfectly structured its treasury and management, correct? Wrong. Very wrong.
The most perfectly constructed treasury imaginable is worthless if left in the sole control of one individual. In the example above, Protocol XYZ mitigated asset risk vectors by structuring its treasury for “capital preservation, liquidity, and income”, but jeopardized its success by giving the CFO full control. Without an intermediary such as a bank, the assets become effectively owned by the wallet’s private key holder, in this case the CFO and not Protocol XYZ. The phrase “not your keys, not your crypto” rings true. The CFO could easily go rogue, drain the treasury and disappear with millions, leaving XYZ dead in the water with no capital buffer or ability to fund operations. This overemphasis on a single individual is referred to as “key man risk” in the world of traditional finance. So how should Protocol XYZ structure its treasury management to eliminate key man risk?
Enter the multisig wallet. A multi signature wallet (“multisig”) is a non-custodial, smart contract based vault that holds assets and requires more than one private key signatory to execute any transaction. The multisig delivers human diversification and ownership decentralization. Dissecting the need for multisigs further, Mean, “a censorship-resistant, user-friendly, self-custody, permissionless & trustless bank bringing everyday banking workflows and real-time finance to crypto and DeFi”, identifies the cryptocurrency management trilemma as solving for Security, Usability, and Privacy. A protocol’s treasury must be stored and managed to achieve all three key attributes, which can feel like a game of Whack-a-Mole when assessing standard options. Mean summarizes the custody conundrum in the outline below:
- “Good Security + Usability at the cost of Privacy → Coinbase, Kraken, Celsius (all custody solutions)
- Good Security + Privacy at the cost of Usability → All hardware wallets (Trezor, Ledger, etc.), and all web institutional web wallets like Fireblocks, Gnosis, Coinbase Institutional Custody, etc.
- Good Usability + Privacy at the cost of Security → MetaMask, Phantom, and most popular software wallets”
A well-designed multisig whacks all three moles. In simple form, a multisig might have three individuals, each with a private key used to sign transactions for the smart contract wallet. Then, every transaction by the wallet would require two of the three private keys to sign in order to be executed. Defined as a Threshold Multisig, this requires a majority of the individual holders to come to a social consensus that the proposed transaction is valid and appropriate. A stark contrast to the Protocol XYZ example, this multisig eliminates risk from overreliance on any one individual. If key holder #1 tried to funnel the multisig wallet’s assets to a personal account, holders #2 and #3 would presumably refuse to sign the transaction thus nullifying the transaction and preserving the funds.
Each additional required private key signatory further protects the multisig wallet. Olympus DAO, for example, requires a four-of-eight multisig which requires “a quorum of 4 to authorize any transaction like engaging in DAO swaps.” Olympus identifies the public key of each signatory for additional transparency. Some organizations even take the cautious approach of diversifying geographically by separating private key holders across continents. When it comes to treasury management and on-chain decisions, you can never be too safe.
Mean understands the need for safety and takes the traditional, threshold multisig one step further with its innovative SuperSafe. The SuperSafe combines multi-factor authorization and threshold multisigs with smart contracts to solve the ownership trilemma via a layered asset management approach. Let us now investigate how Mean whacks the three moles:
- Security: The SuperSafe uses a threshold multisig with signatories storing their respective private keys on secure devices. Thus, an attacker would need to force a majority of the individuals to sign a proposed transaction and / or break through multiple layers of cryptographic security to steal a majority of the private keys. Unknown, disparate humans are hard to coerce and multi-layered cryptography is challenging to penetrate once let alone multiple times over.
- Usability: In Mean’s SuperSafe, “a set of owners/authorized personnel can configure a set of rules and policies for the SuperSafe, such as expenses, limits, account locking, etc.” similar to a traditional business bank account. This mitigates the risk that any one individual with too much influence could be compromised.
- Privacy: Privacy is the backbone of Mean’s SuperSafe. The technology limits centralization at all points while championing privacy and decentralization. It utilizes multifactor authentication methods such as biometrics (fingerprint, face ID, etc.) or third-party authorization applications. With no KYC / KYB required, the individual key holder’s anonymity is always protected which is essential in deterring bad actors.
Mean’s approach serves as an exemplary treasury asset management model by delivering security, usability, and privacy in a seamless user interface. Protocols must strive to develop or employ solutions such as those offered by Mean to mitigate key man risk and safeguard their community’s assets. The treasury is the core of any protocol; its checking and savings account. Left in the hands of one bad actor, all funds could disappear with a few clicks. At the end of the day, it can all be summarized to “not your keys, not your crypto.”
Credix is a global platform that provides liquidity against novel, tech-enabled, tokenized assets. Credix provides on-chain asset-based financing to innovative non-bank lenders in Emerging Markets, focusing on Latin America.
The team at Credix has built deep expertise within specialty finance, financial technology, and decentralized finance. This has allowed them to create a unique platform for liquidity providers, underwriters, and borrowers, with a standard offering for early-stage companies and more tailored solutions for growth and scale. Credix’s end-to-end process is tech-driven, leveraging the latest data and blockchain-based technologies.
The platform has provided credit against receivables to a tech-enabled SME lender, a multi-tranche facility for car loans, and liquidity against B2B SaaS recurring revenue streams. Credix is moving the $800 billion private credit market into the digital era.
Mean is a censorship-resistant, user-friendly, self-custody, permissionless & trustless bank bringing everyday banking workflows and real-time finance to crypto and DeFi. People and businesses from around the world can create and manage international accounts with thousands of assets like stable coins and tokens, as well as access several capital products like deep liquidity markets, a decentralized exchange, and access to several investment vehicles. DAOs, projects, and organizations have access to asset and risk management tools like multisigs, treasuries, payroll, payments and collections. Learn more about Mean on the official website, or go to the application.
Originally published at https://medium.com on November 7, 2022.