# Multisig

# Hierarchical Safe System

As of BIP-882open in new window, Balancer operates through a hierarchical safe system with clear separation of responsibilities. This structure supports the transition of on-chain operations to Balancer Onchain Limited.

# Top-Level Safes

These safes handle governance, treasury management, and high-level operational control.

# Treasury Safe Multi-Chain Deployment

The Treasury Safe is deployed at the same address across multiple chains to hold ecosystem assets and execute DeFi strategies:

# Operational Multisigs

All operational multisigs use a standardized 1/2 threshold configuration with:

• Balancer Onchain Ltd Safe (Foundation Directors)
• Operator Safe (MAXYZ Service Provider)

This configuration enables efficient execution with proper oversight.

# Chain-Specific DAO Multisigs

Per BIP-918open in new window, L2 Authorizer admin permissions were transferred to the Omni-sig (0x9ff471F9f98F42E5151C7855fD1b5aa906b1AF7e). The Ethereum DAO Multisig is excluded from this transfer and retains Authorizer admin on Mainnet due to additional elevated privileges (notably BAL minting) that remain under DAO governance.

Resulting split:

• Ethereum DAO Multisig — Authorizer admin on Mainnet, BAL minting, plus the historical permission set (gauge controller, fee parameter configuration). BAL emissions to gauges were halted by BIP-919open in new window — the gauge controller permission set is retained but no longer routes new BAL emissions.
• L2 DAO Multisigs — Retained for residual governance functions (treasury holdings on-chain, historical roles), but no longer hold Authorizer admin; routine protocol parameter changes on L2s are now executed via the Omni-sig under the core team's operational mandate.

All chain-specific DAO multisigs use the DAO Signer Set with a 6/11 threshold.

# Chain-Specific Operational Multisigs

# Context

Since its inception, the long term vision for the Balancer Protocol is to be fully governed by BAL token holders, while token ownership is aimed to be widely spread across the Balancer community.

Protocol governance is a highly complex and rapidly evolving topic. The Balancer community has taken a thoughtful approach to decentralization, with each step taken with due care and learning from others' experiences.

Balancer V2 contracts allow for some tweaking of core protocol parameters. As a placeholder for future on-chain governance, such limited admin powers have been granted to multisigs. The eventual goal remains moving entire governance and execution on-chain.

# Current State of Operations

As of BIP-882open in new window, all on-chain operational responsibilities have transitioned from the Balancer DAO to Balancer Onchain Limited. This provides:

1. Legal Clarity: A formal entity for on-chain operations helps manage regulatory and legal risks
2. Operational Efficiency: Centralized operations under a dedicated entity with clear service provider relationships
3. Enhanced Oversight: The Treasury Council provides robust checks and balances
4. Risk Management: Proper legal structure and self-insurance fund protect participants

Multisigs do NOT have decision-making power. Their role is to enact on-chain the decisions BAL holders make via off-chain voting and assist community members in the governance process.

All Balancer Multisigs are deployed using Safeopen in new window (formerly Gnosis Safe), the most battle-tested multisig contract on Ethereum.

The Balancer Multisig Ops Repoopen in new window describes all multisigs and operations as well as the external touch-points available.

# Signer Groups

# DAO Multisig Signer Set

The DAO Multisig Signer Set is reserved for major changes to protocol operations and management of treasury funds. Requires 6/11 signers.

As of BIP-907open in new window, the signer set has been updated to reflect current ecosystem participation:

Beyond current signers, BIP-16open in new window established a group of backup signers who can replace current signers without further governance.

# Treasury Council

The Treasury Council oversees the Treasury Safe and administers the self-insurance fund. Established by BIP-882open in new window, it replaces the previous Ecosystem Council. Requires 5/7 signers.

The Treasury Council has authority to:

• Object to Corporate Resolutions or activities not deemed in the ecosystem's best interests
• Oversee distributions, liquidations, or other material actions proposed by Directors
• Ensure alignment with Balancer governance resolutions
• Administer the self-insurance fund

# Foundation Directors

Foundation Directors control the Balancer OpCo Ltd Safe and Balancer Onchain Ltd Safe. Requires 3/4 signers.

The Foundation board consists of:

• Leeward Management Limited - Corporate director appointed per BIP-480open in new window
• Two community directors representing the Balancer ecosystem

# BizDev Team

The BizDev Team manages incentive funds and partnerships through the BizDev Safe. Requires 3/5 signers.

# Operator

The Operator Safe is a 3/5 multisig currently managed by MAXYZopen in new window, a service provider engaged by Balancer Onchain Limited. The Operator executes on-chain operations through the operational multisigs.

Safe Address: 0xBeF27037bC6311b96635E5e9Af3A73EBF6Ca8878 (deployed on all networks where Balancer V3 is active)

The Operator can be exchanged for another service provider if needed—Balancer Onchain Ltd Safe maintains control and can replace the operator through the operational multisig configuration.

# Signer Duties

All signers are expected to sign Ethereum transactions ratifying each decision made by BAL holders through snapshot votes. This signature is expected within two weeks after the snapshot vote concludes. Signers are encouraged to sign open requests even if they have already reached quorum to signal their liveliness.

A signer shall lose their role (by action of the remaining multisig signers) in case they:

• Act against BAL token holders' off-chain voting
• Go through 3 months or 2 votes (whichever takes longer) without performing any signer duties

# Multisig Mandate & Authorizations

Balancer V2 and V3 have different governance models reflecting their maturity and deployment strategies. The following sections describe the on-chain authorizations granted to each multisig and the operational mandate under which they are exercised.

# Core Team Operational Mandate (BIP-918)

BIP-918open in new window grants the core team a defined operational mandate covering day-to-day protocol decisions. The following fall within the core team's discretion and do not require a Snapshot vote:

• Protocol fee parameter changes
• New chain deployments
• Vendor selection and sprint priorities
• Chain deprecation
• Hiring/terminations within approved budget
• Fee-split agreements and direct deal negotiations with partners

The following continue to require a DAO Multisig decision (Snapshot vote):

• New pool factories
• Novel pool types
• New chains (formal approval, in addition to the operational deployment work that may fall under the mandate)
• BAL supply or minting parameter changes

On-chain, this is reflected in the Authorizer admin transfer to the Omni-sig on all chains except Mainnet (which retains BAL minting and elevated privileges under the DAO Multisig). See Chain-Specific DAO Multisigs for the resulting split.

# Balancer V2 Authorizations

V2 smart contracts grant specific authorizations to an "admin" address, which points to the appropriate multisig (typically DAO multisigs on established chains).

These authorizations include:

• Set a share of swap fees to be diverted to the protocol (hard capped at 50% of the swap fee)
• Set a flash loan fee
• Extract from the vault collected protocol fees and/or excess balances (e.g., airdrops), to any destination
• Set the address of the oracle implementation
• Set relayer addresses: relayers are (user opt-in, audited) contracts that can make calls to the vault (with the transaction "sender" being any arbitrary address) and use the sender's ERC20 vault allowance, internal balance or BPTs on their behalf
• Set dynamic-fee controllers: addresses that may change the swap fee for pools created by the dynamic-fee pool factory
• Add and remove gauges in the v2 gauge controller (historical: BAL emissions to gauges have been halted by BIP-919open in new window)

# Balancer V3 Authorizations

V3 deployments use a role-based permission system through the Authorizer contract. Admin authorizations include:

• Configure protocol swap and yield fee percentages
• Set pool creator fee percentages
• Manage pool registration and configuration
• Enable/disable vault query functionality
• Pause/unpause the vault and pools
• Manage hook permissions and configurations

# Established Chains

• Ethereum: the DAO Multisig retains full administrative permissions, including Authorizer admin and BAL minting (the latter remaining under DAO governance due to its elevated risk profile).
• Arbitrum, Base, Gnosis, Avalanche, Optimism: Authorizer admin was transferred to the Omni-sig under BIP-918open in new window; routine V3 protocol parameter changes on these L2s are executed by the Omni-sig under the core team's operational mandate. The chain-specific DAO multisigs remain in place but no longer act as the Authorizer admin for these chains.

# Newer Chain Deployments

For newer V3 deployments on emerging chains, the Omni-sig (0x9ff471F9f98F42E5151C7855fD1b5aa906b1AF7e) holds Authorizer admin permissions and exercises them under the core team's operational mandate (per BIP-918open in new window). This enables fast, low-friction operational responses on emerging chains where the existing operational mandate already covers routine protocol changes.

Chains under this model: Plasma, HyperEVM, Monad, XLayer.

There is no planned hand-off to a chain-specific DAO multisig — these chains remain under Omni-sig admin indefinitely, consistent with the L2 model established by BIP-918. If a deployment fails to gain traction, the DAO can propose to wind down operations on that chain via standard governance.

Example deployment BIPs using this framework:

• BIP-862: Deploy Balancer v3 on HyperEVMopen in new window
• BIP-858: Deploy Balancer v3 on Plasmaopen in new window