Compound's protocol is upgradeable via a single admin key with a 2-day timelock. Compound claims to use an "offline multi-party process" for key security.
Update: Feb 26, 2020 Compound has announced the development of a token-based governance system which would aim to eliminate the need for the admin key described here. Transition date is still TBD.
Timelock: 2 days Multisig: None
"Offline multi-party process"