Isaac Patka proposes DeFi protocol safety framework with three separate multisigs

Most DeFi exploits aren’t caused by bad code. They’re caused by bad operations. That’s the core argument from Isaac Patka, certifications lead at the Security Alliance (SEAL) and co-founder of Shield3, who laid out a three-multisig architectural framework designed to give DeFi protocols a more structured approach to security governance.

The proposal, introduced on the Unchained podcast on May 29, arrives just days after OpenZeppelin co-founder Manuel Aráoz publicly declared all DeFi protocols unsafe on May 26. Patka’s framework is a direct response, and it comes with receipts: according to his analysis, over 90% of recent DeFi incidents stem from operational security failures or parameter misconfigurations, not smart contract vulnerabilities.

Three multisigs, three speeds

The first multisig handles emergency pauses. It’s designed to be fast-acting, with minimal delay, because when an exploit is draining millions in real time, you don’t want to wait 48 hours for enough signers to wake up and approve a freeze.

The second multisig covers parameter updates, things like adjusting collateral ratios, fee structures, or interest rate curves. These get a short timelock, enough to give the community visibility into what’s changing without creating the kind of delay that makes protocols unable to respond to shifting market conditions.