Governance Overview
Multyr contracts are deployed on Arbitrum One. The system is currently in validation phase. Deposits are not open to the public. Behavior described on this page reflects the protocol's designed behavior; some mechanisms are active in shadow testing, others become active at public launch. See the Status page for details.
Multyr is governed on-chain through a combination of multisig authorization and timelock enforcement.
There is no off-chain voting and no single admin key. All protocol changes follow a transparent and time-delayed process.
Governance Architecture
The governance system is structured around three independent entities:
| Entity | Type | Role |
|---|---|---|
| SAFE_GOV | 3/5 multisig | Proposes and executes governance actions |
| SAFE_GUARDIAN | 1/1 multisig | Emergency actions such as pause or strategy degradation |
| SAFE_VETO | 1/1 multisig | Cancels pending governance actions |
These roles are intentionally separated to reduce concentration of power.
Timelock Model
All governance actions are executed through the root timelock contract.
- Minimum timelock delay: 48 hours
- Queued actions: publicly visible on-chain
- Execution: only after the delay expires
This ensures that changes cannot take effect immediately.
Parameter Activation Delay
Certain vault-level parameter changes are subject to an additional internal delay:
All governance actions require minimum 48 hours from scheduling to activation, providing a public visibility window for SAFE_VETO to cancel if needed. Certain vault-level parameters may be subject to an additional activation delay for defense in depth.
Governance Flow
SAFE_GOV → schedule() → ROOT_TIMELOCK (48h) → execute() → activation (+~24h for certain vault params)
During the timelock period:
→ SAFE_VETO may cancel the pending action
Governance Scope
Governance may control:
- strategy activation and removal
- fee parameters
- router and allocation configuration
- buffer and system parameters
- governance role updates
- recovery and reactivation actions
Emergency Powers
Emergency powers are separated from governance execution.
The Guardian may:
- pause the system
- degrade or disable strategies
The Guardian cannot change protocol parameters.
Immutable Elements
The following are not intended to be modifiable through governance:
- core accounting logic
- share-to-asset conversion mechanics
- deposit and withdrawal accounting invariants
- fixed token supply after issuance
- immutable contract parameters set at deployment
Design Principles
The governance system is designed to provide:
- transparency
- delay before activation
- separation of powers
- limited emergency intervention
Governance in Multyr should be understood as a constrained control system, not discretionary management.