Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multi-sig signing of ContractUpdate transactions #296

Closed
DOBEN opened this issue Apr 12, 2024 · 5 comments
Closed

Multi-sig signing of ContractUpdate transactions #296

DOBEN opened this issue Apr 12, 2024 · 5 comments
Assignees
Labels
[Type] Task An additional feature or improvement.

Comments

@DOBEN
Copy link
Member

DOBEN commented Apr 12, 2024

Task description

Concordium has support for native multi-sig accounts. The goal is to make this feature easily accessible. In particular, person A should be able to sign (not sign and send) a transaction with concordium-client and person B should be able to append/pass-in its own signature when signing_and_sending a transaction on-chain.

Using the multi-sig accounts feature via SDK is currently possible (a bit hacky):
https://gist.github.com/DOBEN/683fe1a7c82a0551546a7ec242d30cc0

Related to:
#38

@DOBEN DOBEN added the [Type] Task An additional feature or improvement. label Apr 12, 2024
@DOBEN DOBEN self-assigned this Apr 12, 2024
@abizjak
Copy link
Contributor

abizjak commented Apr 12, 2024

I think this is a duplicate of #38 not just related to it.

What I imagined would be simplest and would work reasonably well is to be able to do the following

concordium-client contract update/send --signers 0:1,0:2,0:3 --tx-out output.bin/json

where the client will tell you "we don't have signers 0:2 and 0:3, the output is only a partially signed transaction.

Then we would add an additonal subcommand to transaction, something like

concordium-client transaction add-signature output.bin --signer 0:2 --tx-out signed-tx.bin

This would display the partially signed transaction output.bin and ask the user to sign it.

So this would work generically for any transaction.

@DOBEN
Copy link
Member Author

DOBEN commented Apr 12, 2024

The full flow would be:

Step 1:

I suggest adding an optional --no-submit flag to toggle between sending or NOT sending the transaction on-chain:

concordium-client contract update --signers 0:1,0:2,0:3 --tx-out output.bin/json --no-submit

Alternativly, adding a new sign command to all transaction types that will NOT send the transaction on-chain would also work:

concordium-client contract sign --signers 0:1,0:2,0:3 --tx-out output.bin/json

Step 2:

Adding additional signatures with

concordium-client transaction add-signature output.bin --signer 0:2 --tx-out signed-tx.bin/signed-tx.json

Step 3:

Submitting the fully signed transaction on chain:

concordium-client transaction submit signed-tx.bin

Copy link
Contributor

abizjak commented Apr 12, 2024

So the issue is that you will then need multiple "sign" commands, because the transactions are not all under the "transaction" command, e.g., contract updates are under contract, baker stuff is under baker. I don't think this is a good solution.

We already have almost all the options with the existing commands, so it's better to refine it. It'll also be much more straightforward to implement because all "transaction" command share the same command line parser and options.

@DOBEN
Copy link
Member Author

DOBEN commented Apr 12, 2024

The introduction of the sign command was an alternative solution to avoid using an extra --no-submit flag but it would mean a lot more code (since we need to add an extra subcommand sign for every type of transaction that we have). To simplify the task, let's go with just an optional flag --outFile.

The current flow would be:

Step 1:

Signig the transaction but not sending it on-chain

concordium-client contract update --signers "0:1,0:2,0:3" --outFile signed-tx.json

Step 2:

Adding additional signatures with

concordium-client transaction add-signature signed-tx.json --signer "0:2"

Step 3:

Submitting the fully signed transaction on-chain:

concordium-client transaction submit signed-tx.json

@DOBEN
Copy link
Member Author

DOBEN commented May 29, 2024

closing since it is implemented now

@DOBEN DOBEN closed this as completed May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[Type] Task An additional feature or improvement.
Projects
None yet
Development

No branches or pull requests

2 participants