Multisigs or Smart Contracts?
Multisigs are a lightweight way to create trust.
A multi-signature wallet, or multisig, is wallet that increases security by requiring multiple people to sign off on transactions like spending money. Many DAOs and working groups within DAOs use multisigs to store their treasuries, increase trust, and reduce reliance on a single individual, who could turn malicious or have their wallet compromised and the funds stolen. Multisigs are a lightweight way to replace smart contracts with social contracts. A DAO could create an elaborate smart contract that specifies that funds will be released to a project upon certain conditions, or it could simply trust a multisig to release funds upon those milestones and save time and money by not writing any code.
Multisigs have existed since the beginning of the blockchain but skyrocketed in popularity after the protocol Gnosis released its Safe product, an audited, easy-to-use multisig. Though many DAOs have thousands of voting members, multisigs usually have fewer members so that hundreds of DAO members don't need to sign transactions manually. Anywhere from 5 to 15 members is usually reasonable, with more members providing increased security but also slowing down the time needed to sign off on transactions. As a rule of thumb, a majority of signers should be able to hop on a call if there is a critical transaction or issue to resolve. The multisig is usually composed of a core team, plus trusted and highly engaged community members. While some DAO members opt to remain anonymous, multisig members are typically doxxed (meaning their identities are known to the community).
DAO purists will rightly critique multisigs as a bandaid solution that should ultimately be replaced by smart contracts and automatic trustless execution. The multisig is a crutch, maybe even a drug, and perhaps for good reason. As we learned from The DAO Hack, automating the system by writing custom smart contracts can be risky. While a multisg introduces some centralization, it also provides a layer of defense against malicious proposals and takeover attempts. For example, Beanstalk DAO had $182 million drained from its treasury after an exploiter put forward a proposal claiming to donate funds to Ukraine, but which really sent himself the entire DAO treasury. Since the DAO was completely algorithmic, the attacker borrowed enough tokens to approve the proposal and snatch the funds, something that a multisig would certainly have prevented.