Extend multisig contract with weights

[husio]

x/multisig extension was updated and now each signature is having a
weight that defines what is the power of that signature.

• each signature power/weight must be greater than 0,

• activation threshold must be less or equal to the sum of all signature
  powers,

• admin threshold can be greater than the sum of all signature powers.
  This can be used to create a contract that can be only activated but
  never changed,

• multisig contract must have at least one participant/signature
  declared,

• maximum number of participants is 100 in order to prevent CPU burning,

• 🔔 Update the CHANGELOG and include the breaking change description.

resolve #285

[ethanfrey]

Is this ready for a review?
I have plenty of other issues to go through, but ping me when you think you are ready (mention here or on slack) and I will give a proper pr review

[husio]

Is this ready for a review?

Almost. I want to write a few more tests and double check that everything is implemented as expected. I will let you know when the code is ready for review.

[codecov-io]

Codecov Report

Merging #416 into master will increase coverage by <.1%.
The diff coverage is 71%.

@@           Coverage Diff            @@
##           master    #416     +/-   ##
========================================
+ Coverage    68.6%   68.6%   +<.1%     
========================================
  Files         141     141             
  Lines        6936    6971     +35     
========================================
+ Hits         4761    4788     +27     
- Misses       1670    1677      +7     
- Partials      505     506      +1

Impacted Files	Coverage Δ
weavetest/handlers.go	100% <ø> (ø)	⬆️
x/multisig/init.go	84.6% <100%> (+4.6%)	⬆️
x/multisig/model.go	59.1% <41.9%> (-6.4%)	⬇️
x/multisig/msg.go	65% <57.5%> (+11.1%)	⬆️
x/multisig/handlers.go	73.1% <84.2%> (+1.4%)	⬆️
x/multisig/decorator.go	94.8% <93.7%> (+4.6%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a849904...65a530b. Read the comment docs.

[ethanfrey]

Nice job here.

I will approve it now, as I am not available to review again for a few hours, but please make a number of the changes I wrote below (or respond with a comment why it is a bad idea), and merge once you feel you addressed them all.

Also, note that this implements the POST approach (as before), not PATCH. So, maybe we will need a new PR to add that. (Just add a comment when closing the issue).

[alpe]

Good work 🌷. Please also take care of the input data validation. A dedicated test file for msg.go may make sense.

[alpe]

req: please move this up before L146 so that you validate the input data before you actually use them

[husio]

I moved it after checking the weights because I want to get ErrUnauthorized before any validation is executed. Otherwise, you can create a transaction without signing that will be validated.
Not sure if that is a bit deal but it feels more appropriate to check permissions before running any functionality.
What do you think?

[alpe]

With other handlers like cash or escrow we do input validation before auth checks. I have not checked the others but it would be nice to be consistent

[ethanfrey]

I agree. We should validate the message first.
But not modify db state until we have auth

[alpe]

pp: would be ok to persist the contract via the bucket directly. This test is about the decorator reading it only. Deliver should be checked in the handler_test

[husio]

Yes, great spot! Done in fd1a9bf

[alpe]

req: you need to check max power <256 as in the spec. Otherwise this can give you an overflow

[husio]

Done in 21a8610