Introduction
MultiSub is a custom Zodiac module that lets Safe multisig owners delegate DeFi operations to sub-accounts (hot wallets) while keeping full on-chain control over what those sub-accounts can do.
The Problem
Self-custody in DeFi forces a tradeoff:
- Multisigs are secure but slow — every transaction needs threshold approval.
- Hot wallets are fast but expose your full balance if compromised.
- Delegation frameworks are often all-or-nothing with no fine-grained limits.
The Solution
MultiSub sits between your Safe and your operators. Sub-accounts get precisely scoped permissions — they can only interact with protocols you've whitelisted, only spend within the limits you've set, and only within rolling time windows.
Safe Multisig → DeFiInteractorModule → Sub-Account (hot wallet)
(owner) (Zodiac module) (operator)
Everything is enforced on-chain. If a sub-account tries to exceed a limit or call a non-whitelisted protocol, the transaction reverts.
Key Concepts
| Concept | Description |
|---|---|
| Sub-Account | An EOA (hot wallet) granted permission to act on behalf of the Safe |
| Spending Limit | Max % of portfolio a sub-account can spend per 24h window |
| Allowlist | Per-sub-account list of protocols it can interact with |
| Acquired Balance | Tokens received from DeFi ops — free to reuse without hitting limits |
| Chainlink Oracle | Off-chain component that tracks spending and updates on-chain allowances |
Supported Operations
| Operation | Costs Spending? | Output Acquired? |
|---|---|---|
| Swap | Yes (original tokens only) | Yes |
| Deposit | Yes (original tokens only) | No |
| Withdraw | No (free) | Conditional |
| Claim Rewards | No (free) | Conditional |
| Approve | No (capped) | N/A |
| Transfer Out | Always | N/A |
See Spending Limits for full details.