Open Grant Proposal: Multisubs — Safe Sub-Account OS for Filecoin FVM DeFi
Project Name: Multisubs
Proposal Category: FVM
Individual or Entity Name: Dusa Labs
Project Repo(s): https://github.com/xaviermiel/MultiSub
Do you agree to open source all work you do on behalf of this RFP under the MIT/Apache-2 dual-license?: Yes
Project Summary
Multisubs is a sub-account operating system built on top of Safe multisig wallets. It solves a fundamental tension in DeFi portfolio management: multisigs provide strong security through multi-party signing, but they make day-to-day DeFi operations slow and impractical. Multisubs resolves this by allowing designated sub-accounts (a mobile wallet, an autonomous trading agent, or a trusted delegate) to perform clearly defined DeFi actions (swap, deposit, withdraw, claim) within strict on-chain guardrails, without requiring the full multisig quorum for each transaction.
The system is composed of three components: a DeFiInteractorModule smart contract that acts as a Safe module enforcing spending limits and protocol allowlists; a web interface for managing and monitoring sub-accounts; and a browser wallet extension (forked from Rabby) that routes transactions through the module transparently, making Multisubs compatible with every dApp without any changes on the dApp side.
This grant will fund the integration of one DeFi protocol available on the Filecoin FVM network into Multisubs, bringing the sub-account security model to Filecoin's growing DeFi ecosystem. With autonomous agents increasingly managing on-chain portfolios, the need for trustless guardrails has never been more urgent. Recent incidents where unconstrained agent wallets were tricked into interacting with malicious protocols and drained user funds make this clear.
Impact
The DeFi potential of Filecoin has been recognized at the highest levels of the ecosystem. During Filecoin Liftoff Week, Aave founder Stani Kulechov, Ren Protocol CTO Loong Wang, and ConsenSys Codefi Head of Product Corbin Page each highlighted Filecoin as a catalyst for a new class of DeFi applications, citing large-dataset-driven finance, FIL collateralization for lending markets, and the unique nature of FIL as a functional (not merely financial) asset as defining opportunities. Kulechov explicitly noted that "building tools to support the network is super appreciated — that's how the Ethereum ecosystem has grown so much." Multisubs is precisely that kind of foundational tooling.
Filecoin positions itself as a DeFi-ready chain, yet the tooling required to safely execute DeFi strategies at scale remains underdeveloped. Institutional and power users who hold significant FIL or FVM-based assets in Safe multisigs currently face an impossible choice: either expose funds to operational hot wallets with no limits, or accept the friction of collecting multisig signatures for every routine DeFi action. Neither option is acceptable for serious capital deployment.
Multisubs directly addresses this gap. By enforcing per-sub-account spending limits (e.g., 5% of portfolio per 24-hour rolling window), allowlisting specific protocols and operation types, and verifying all calldata on-chain via registered parsers, it makes it safe to delegate routine DeFi operations without exposing the full Safe balance to a single compromised key or a manipulated agent. A Safe owner can authorize a trading agent to rebalance a portfolio up to a defined limit. If the agent is compromised or manipulated, the blast radius is bounded.
Loong Wang's observation that "DeFi activity will spill over into multiple blockchains" and that "you're going to need interoperability between chains to keep that composable nature of DeFi alive" further underscores the need for a security layer like Multisubs: as capital flows across chains via bridges and cross-chain agents, the risk surface for unconstrained delegated execution grows proportionally. The parser-based architecture of Multisubs is chain-agnostic by design, making this Filecoin integration a template for the multi-chain DeFi future these leaders described.
Without this kind of infrastructure, agentic DeFi on Filecoin FVM will remain a niche experiment confined to small amounts. With it, teams and DAOs can confidently deploy operational wallets for yield strategies, liquidity management, and automated rebalancing against their Filecoin treasury. This unlocks capital that is currently sitting idle due to operational risk concerns.
Outcomes
The deliverable for this grant is a complete, auditable integration of one FVM DeFi protocol into the Multisubs module system. Concretely, this includes:
- A Solidity parser contract for the target protocol, implementing the
IProtocolParser interface and correctly extracting tokenIn, amountIn, and operation type from the protocol's calldata
- Selector registration: all relevant function selectors (deposit, withdraw, swap, claim) registered and classified in the module
- Integration tests: a full test suite covering normal flows, edge cases (acquired-balance transitions, expiry), and adversarial inputs (malformed calldata, selector confusion)
- Web UI update: the Multisubs dashboard updated to display the new protocol as a supported integration, showing current positions and sub-account activity
- Documentation: technical write-up explaining the integration, parser logic, and how other developers can follow the same pattern to add further protocols
Success is measured by: (1) the parser contract passes all integration tests with no known bypass vectors; (2) a sub-account can successfully execute the full lifecycle (deposit → withdraw → claim rewards) against the target protocol through the Multisubs module on FVM testnet and mainnet; (3) the implementation is reviewed and merged to the public repository.
Data Onboarding
Not applicable to this project.
Adoption, Reach, and Growth Strategies
The primary audience is teams and individuals who hold FVM assets in Safe multisigs and want to run active DeFi strategies: yield farmers, protocol treasuries, trading desks, and DAO operational wallets. This group is small today but will grow as Filecoin FVM's DeFi ecosystem matures and as agentic trading becomes standard practice.
For initial users, we are already in contact with several Safe multisig holders on FVM through our existing community. The browser extension (Rabby fork) means users can interact with any supported dApp without changing their workflow, with minimal adoption friction. The first 10 users will be onboarded directly by the team through hands-on walkthroughs. Beyond that, the open-source parser pattern creates a flywheel: every new protocol integration widens the addressable audience and can be contributed by the community.
Corbin Page's framing of DeFi primitives as "money legos" applies directly to the Multisubs architecture: the module, parser contracts, and selector registry are composable building blocks that any protocol team can extend. Developers building on Filecoin FVM can follow the documented integration pattern to add guardrails for their own protocol, making Multisubs shared security infrastructure rather than a single-team product. This aligns with the broader advice from Liftoff Week to "embrace the composable nature of Web3" and build things that are fundamentally better for users rather than erecting moats.
Development Roadmap
Milestone 1 — Protocol Integration on Filecoin FVM ($10,000)
Deliverables:
- Parser contract for one FVM DeFi protocol (implements
IProtocolParser, covers all major selectors)
- Full integration test suite (deposit, withdraw, swap, claim, acquired-balance transitions, adversarial inputs)
- Web UI update displaying the integrated protocol in the Multisubs dashboard
- Deployment and verification on FVM testnet and mainnet
- Developer documentation for the integration pattern
2 engineers (smart contract + frontend). Timeline: 6 weeks from contract signature. Funding: $10,000.
Total Budget Requested
| Milestone # |
Description |
Deliverables |
Completion Date |
Funding |
| 1 |
FVM DeFi Protocol Integration |
Parser contract, tests, UI update, docs, mainnet deployment |
6 weeks post-signature |
$10,000 |
Total: $10,000
Maintenance and Upgrade Plans
The parser contract and selector registry are designed to be extended. Adding a new protocol is a matter of deploying a new parser and registering its selectors, with no changes to the core module. Dusa Labs will maintain the repository, triage issues, and continue adding protocol integrations beyond this grant. We are also exploring a community contribution model where protocol teams can submit parser PRs following the documented pattern, which we will review and merge. Long-term, we plan to pursue a security audit of the full system to support broader adoption.
Team
Team Members
Team Website
https://multisubs.xyz
Relevant Experience
Dusa Labs built and maintains Dusa, a DeFi protocol on Massa Network, giving the team deep experience with smart contract architecture, DeFi protocol design, and production-grade on-chain systems. The team has hands-on experience with Safe's module architecture, EVM-compatible chains, and the specific security challenges of delegated execution in DeFi contexts. The Multisubs project itself emerged from our direct experience observing the risks of unconstrained agent wallets in production DeFi environments.
Team code repositories
Additional Information
We learned about the Filecoin Open Grants Program through the Filecoin Developer Grant documentation and community channels.
Please direct all grant agreement communications to: contact@multisubs.xyz
Multisubs addresses a security gap that will become increasingly critical as autonomous agents manage on-chain capital. The Filecoin FVM is an ideal deployment target given its EVM compatibility and the growing interest in deploying serious capital on the network. This grant covers one concrete, scoped deliverable: a single protocol integration that we can deliver on a defined timeline and that will serve as the foundation for a broader Filecoin FVM integration roadmap.
Open Grant Proposal: Multisubs — Safe Sub-Account OS for Filecoin FVM DeFi
Project Name: Multisubs
Proposal Category: FVM
Individual or Entity Name: Dusa Labs
Project Repo(s): https://github.com/xaviermiel/MultiSub
Do you agree to open source all work you do on behalf of this RFP under the MIT/Apache-2 dual-license?: Yes
Project Summary
Multisubs is a sub-account operating system built on top of Safe multisig wallets. It solves a fundamental tension in DeFi portfolio management: multisigs provide strong security through multi-party signing, but they make day-to-day DeFi operations slow and impractical. Multisubs resolves this by allowing designated sub-accounts (a mobile wallet, an autonomous trading agent, or a trusted delegate) to perform clearly defined DeFi actions (swap, deposit, withdraw, claim) within strict on-chain guardrails, without requiring the full multisig quorum for each transaction.
The system is composed of three components: a
DeFiInteractorModulesmart contract that acts as a Safe module enforcing spending limits and protocol allowlists; a web interface for managing and monitoring sub-accounts; and a browser wallet extension (forked from Rabby) that routes transactions through the module transparently, making Multisubs compatible with every dApp without any changes on the dApp side.This grant will fund the integration of one DeFi protocol available on the Filecoin FVM network into Multisubs, bringing the sub-account security model to Filecoin's growing DeFi ecosystem. With autonomous agents increasingly managing on-chain portfolios, the need for trustless guardrails has never been more urgent. Recent incidents where unconstrained agent wallets were tricked into interacting with malicious protocols and drained user funds make this clear.
Impact
The DeFi potential of Filecoin has been recognized at the highest levels of the ecosystem. During Filecoin Liftoff Week, Aave founder Stani Kulechov, Ren Protocol CTO Loong Wang, and ConsenSys Codefi Head of Product Corbin Page each highlighted Filecoin as a catalyst for a new class of DeFi applications, citing large-dataset-driven finance, FIL collateralization for lending markets, and the unique nature of FIL as a functional (not merely financial) asset as defining opportunities. Kulechov explicitly noted that "building tools to support the network is super appreciated — that's how the Ethereum ecosystem has grown so much." Multisubs is precisely that kind of foundational tooling.
Filecoin positions itself as a DeFi-ready chain, yet the tooling required to safely execute DeFi strategies at scale remains underdeveloped. Institutional and power users who hold significant FIL or FVM-based assets in Safe multisigs currently face an impossible choice: either expose funds to operational hot wallets with no limits, or accept the friction of collecting multisig signatures for every routine DeFi action. Neither option is acceptable for serious capital deployment.
Multisubs directly addresses this gap. By enforcing per-sub-account spending limits (e.g., 5% of portfolio per 24-hour rolling window), allowlisting specific protocols and operation types, and verifying all calldata on-chain via registered parsers, it makes it safe to delegate routine DeFi operations without exposing the full Safe balance to a single compromised key or a manipulated agent. A Safe owner can authorize a trading agent to rebalance a portfolio up to a defined limit. If the agent is compromised or manipulated, the blast radius is bounded.
Loong Wang's observation that "DeFi activity will spill over into multiple blockchains" and that "you're going to need interoperability between chains to keep that composable nature of DeFi alive" further underscores the need for a security layer like Multisubs: as capital flows across chains via bridges and cross-chain agents, the risk surface for unconstrained delegated execution grows proportionally. The parser-based architecture of Multisubs is chain-agnostic by design, making this Filecoin integration a template for the multi-chain DeFi future these leaders described.
Without this kind of infrastructure, agentic DeFi on Filecoin FVM will remain a niche experiment confined to small amounts. With it, teams and DAOs can confidently deploy operational wallets for yield strategies, liquidity management, and automated rebalancing against their Filecoin treasury. This unlocks capital that is currently sitting idle due to operational risk concerns.
Outcomes
The deliverable for this grant is a complete, auditable integration of one FVM DeFi protocol into the Multisubs module system. Concretely, this includes:
IProtocolParserinterface and correctly extractingtokenIn,amountIn, and operation type from the protocol's calldataSuccess is measured by: (1) the parser contract passes all integration tests with no known bypass vectors; (2) a sub-account can successfully execute the full lifecycle (deposit → withdraw → claim rewards) against the target protocol through the Multisubs module on FVM testnet and mainnet; (3) the implementation is reviewed and merged to the public repository.
Data Onboarding
Not applicable to this project.
Adoption, Reach, and Growth Strategies
The primary audience is teams and individuals who hold FVM assets in Safe multisigs and want to run active DeFi strategies: yield farmers, protocol treasuries, trading desks, and DAO operational wallets. This group is small today but will grow as Filecoin FVM's DeFi ecosystem matures and as agentic trading becomes standard practice.
For initial users, we are already in contact with several Safe multisig holders on FVM through our existing community. The browser extension (Rabby fork) means users can interact with any supported dApp without changing their workflow, with minimal adoption friction. The first 10 users will be onboarded directly by the team through hands-on walkthroughs. Beyond that, the open-source parser pattern creates a flywheel: every new protocol integration widens the addressable audience and can be contributed by the community.
Corbin Page's framing of DeFi primitives as "money legos" applies directly to the Multisubs architecture: the module, parser contracts, and selector registry are composable building blocks that any protocol team can extend. Developers building on Filecoin FVM can follow the documented integration pattern to add guardrails for their own protocol, making Multisubs shared security infrastructure rather than a single-team product. This aligns with the broader advice from Liftoff Week to "embrace the composable nature of Web3" and build things that are fundamentally better for users rather than erecting moats.
Development Roadmap
Milestone 1 — Protocol Integration on Filecoin FVM ($10,000)
Deliverables:
IProtocolParser, covers all major selectors)2 engineers (smart contract + frontend). Timeline: 6 weeks from contract signature. Funding: $10,000.
Total Budget Requested
Total: $10,000
Maintenance and Upgrade Plans
The parser contract and selector registry are designed to be extended. Adding a new protocol is a matter of deploying a new parser and registering its selectors, with no changes to the core module. Dusa Labs will maintain the repository, triage issues, and continue adding protocol integrations beyond this grant. We are also exploring a community contribution model where protocol teams can submit parser PRs following the documented pattern, which we will review and merge. Long-term, we plan to pursue a security audit of the full system to support broader adoption.
Team
Team Members
Team Website
https://multisubs.xyz
Relevant Experience
Dusa Labs built and maintains Dusa, a DeFi protocol on Massa Network, giving the team deep experience with smart contract architecture, DeFi protocol design, and production-grade on-chain systems. The team has hands-on experience with Safe's module architecture, EVM-compatible chains, and the specific security challenges of delegated execution in DeFi contexts. The Multisubs project itself emerged from our direct experience observing the risks of unconstrained agent wallets in production DeFi environments.
Team code repositories
Additional Information
We learned about the Filecoin Open Grants Program through the Filecoin Developer Grant documentation and community channels.
Please direct all grant agreement communications to: contact@multisubs.xyz
Multisubs addresses a security gap that will become increasingly critical as autonomous agents manage on-chain capital. The Filecoin FVM is an ideal deployment target given its EVM compatibility and the growing interest in deploying serious capital on the network. This grant covers one concrete, scoped deliverable: a single protocol integration that we can deliver on a defined timeline and that will serve as the foundation for a broader Filecoin FVM integration roadmap.