Background
As a prospective depositor conducting due diligence on Venus Protocol, I have been thoroughly reviewing the governance architecture before committing any capital. I want to say upfront that the technical design of Venus V4 governance is genuinely impressive — the three-tiered VIP system (Normal, Fast-track, Critical), the Access Control Manager (ACM), and the fine-grained pause mechanism all reflect serious security thinking.
However, in the course of this investigation, I have identified a significant transparency gap that I believe the community should address.
What Was Found
The deployed governance contracts on BNB Chain list three separate guardian multisig addresses, each with distinct and non-trivial powers:
- Guardian 1 (
0x7B1AE5Ea599bC56734624b95589e7E8E64C351c9) — Critical risk parameters (collateral factors, supply/borrow caps, liquidation thresholds, etc.) - Guardian 2 (
0x1C2CAc6ec528c20800B2fe734820D87b581eAA6B) — Pause and resume features across all markets - Guardian 3 (
0x3a3284dC0FaFfb0b5F0d074c4C704D14326C98cF) — Oracle configuration (price feeds, data sources, bounds)
These are all documented in the official deployed contracts page. What is not documented anywhere in the official docs, forum, or GitHub is:
- How many signers are required per multisig (the threshold configuration — e.g. 3-of-6, 4-of-6)?
- Who are the actual signers — their names, pseudonyms, or organizational affiliations?
- Are these the same individuals across all three guardians, or are they distinct groups?
- What is the process for rotating signers if one is compromised or goes inactive?
Through on-chain exploration, it appears each multisig may have 6 signers, but this has not been confirmed or explained in any official communication.
Why This Matters
I want to be precise about the concern here, because it is not about doubting the team’s intentions, rather it is about the structural risk these wallets represent.
The guardian multisigs can act without a governance vote. The Critical Risk Parameters guardian (Guardian 1), in particular, has ACM-granted permissions to modify collateral factors, supply caps, and other parameters directly. In the wrong hands, whether through compromise, collusion, or internal disagreement, these wallets represent a meaningful attack surface.
To be direct: a coordinated or coerced set of signers on Guardian 1 could, in theory, drain significant value from the protocol by manipulating risk parameters without triggering any on-chain governance process. The same concern applies to Guardian 2 (selective pausing could be used to trap user funds) and Guardian 3 (a malicious oracle substitution would precede any liquidation-based attack).
This is not a hypothetical. It is the standard threat model that any serious depositor must evaluate.
The Request
I am asking Venus Labs and the core contributors to publicly disclose:
- The signer threshold configuration for each of the three guardian multisigs (e.g. X-of-N).
- The identity or pseudonym of each signer : whether that is a public name, a known community handle, or at minimum a verifiable on-chain identity.
- Whether signers overlap between Guardian 1, 2, and 3, or whether they are fully separated.
- The governance or operational process for adding, removing, or rotating signers , and whether the community has any visibility or vote over that process.
I understand that full doxxing is not always appropriate or safe in the DeFi space, and I am not requesting that. A pseudonymous community handle with a verifiable on-chain history, or confirmation of organizational affiliation (e.g. “employed by Venus Labs” or “independent security researcher”), would be sufficient to establish basic accountability.
Precedent
This level of disclosure is not unusual for protocols of Venus’s scale and TVL. Several leading DeFi protocols publish the organizational or pseudonymous identities of multisig signers in their documentation, governance forums, or annual transparency reports. Venus has clearly invested in decentralization and this disclosure would be a natural next step.
Closing
I am posting this in good faith as someone actively evaluating Venus as a place to deploy heavy capital. The protocol’s architecture deserves to be matched by an equivalent level of social transparency. A protocol can have excellent smart contract security and still carry significant governance risk if the humans holding the keys are unknown.
I would welcome a response from Venus Labs or any core contributor, and I invite other community members , particularly other large depositors, to share whether this concern resonates.
Thank you.