Rari’s Multi-sig and Security Standards

Jai Bhavnani
Rari Capital
Published in
2 min readMar 22, 2021

Security is always top of mind at Rari Capital. This began as far back as our initial safeguarded launch in July of 2020. Inspired by Ken Deeter’s piece on Safeguarded Launches, we began with a $350 limit to protect our users, despite having had multiple security reviews. This commitment to security continued and unfolded across our various products. For this reason, each of our products have been thoroughly audited and tested (by the best firms) before deployment. We are more than happy to limit our growth if it means heightened user security. Over the past few days, a certain individual on Twitter has been questioning our dedication to security so I figured I’d write this blog post to bring transparency and answer some questions, specifically around our use of multi-sigs.

Rari Capital is currently running on a multi-sig with 2/3 owners. The yield aggregation suite was upgraded to the multi-sig after the most recent updates and the Fuse contracts were migrated shortly after deployment. The reason for the delay of the latter was to ensure we could act fast in the case of a critical issue, however, we quickly migrated to mitigate any further risk. Anything that says otherwise, is false.

The account has the ability to shut down the contracts and also upgrade the contracts. The keys are held by various people and stored in different locations. To reveal any more information like who holds the keys or even where they are located would put my team members (and thus the security of the smart contracts) at risk. I am not willing to do this. There was a rumor that a minor was on the multi-sig and let me just say, that is completely false.

We don’t just want to be on a 2/3 multi-sig forever. There are two stages for how we will move forward: larger multi-sig → on-chain governance. We have begun asking around to various members of our community and trusted circle to determine who would like to be on the larger multi-sig. You can expect this change soon. As for on-chain governance, this is something that really excites me and enables a truly unstoppable organization. It will take much longer to develop a DAO that can operate at the speed necessary, but this is something we are working towards.

I’ll end with this: DeFi is meant to be better than TradFi and be a place without discrimination of any means. I will look down on anyone who attempts to bring old stereotypes and attempts to discriminate in this new world we’re trying to build. Me and my team are not only dedicated to building this new world in a better way than the last, but we’re going to do so in the safest way possible. Our age won’t stop us.

One more thing, if you do have honest questions about any of this — please ask! I am more than happy to address any potential concerns. Security is always our #1 priority so if there is anything we can be doing better, please let us know!

--

--

Rari Capital
Rari Capital

Published in Rari Capital

Rari Capital enables individuals everywhere to access financial technologies previously limited to an elite few.

No responses yet