In terms of architecture, a Safe is always at the core and acts as both the corporate crypto asset account for the company and the authority to trigger most corporate actions. Safe signers are always the legal board members of the company and therefore signatures to approve Safe actions can be assumed to be legal signed board consents.

Building on Safe has several important advantages:

• From a security perspective: All funds and most valuable access control rights stay in a highly battle tested contract which current holds tens of billions of dollars. Firm is used by plugging modules from the protocol into the Safe, which allows to perform actions based on arbitrary logic instead of multisig transactions.

• From a user experience and anti lock-in perspective: Users are always able to just use their Safe directly via all of the available interfaces and it’s compatible with other finance products built on top of Safe. Also, if a company wants to stop using Firm, it’s as easy as removing a couple of modules from their Safe and they will be left with a perfectly working vanilla Safe.

Firm protocol is built with a series of modules that can be added to any Safe. They have been built with these principles in mind:

• Simple primitives, plug in customizability and granularity: the core of Firm protocol is as simple as it could be, but not less. We have built some reasonable defaults that we think are what most companies will need to operate, but because companies might grow different in their structuring, most critical parts can be customized with optional code (e.g. controlling who can transfer shares).

• Module independence: not all modules have to be used, there’s the possibility to just pick some of them. The only shared dependency between all modules is the Safe itself. Even the roles system is opt-in and (although very recommended) it is not enforced that it must be the same between modules.

• Upgradeability: companies are rich in state by definition, so we have opted for allowing upgrades controlled by the Safe using proxies. Companies can optionally freeze all future upgrades and stay with their present code, effectively locking themselves.