Skip to content

Latest commit

 

History

History
117 lines (106 loc) · 6.29 KB

README.md

File metadata and controls

117 lines (106 loc) · 6.29 KB
Raw

Simple MultiSig contract as Generalized Account

The SimpleGAMultiSig contract can be used to convert a regular, plain-old account (POA) into a MultiSig account using the Generalized Account feature of aeternity.

By performing a GaAttachTx you can convert your POA into a GA by deploying the MultiSig contract that contains a special authorize function. This authorize function will then always be called by the protocol to authorize future transactions of this account.

Features & limitations

  • Provide a set of signers
    • minimum 2
  • Provide the amount of confirmations need for a tx to be authorized
    • minimum 2
    • must not exceed amount of signers
  • It's only possible to propose one tx at the same time & in order to be able to propose a new tx the current tx needs to be:
    • authorized (executed)
    • expired
    • revoked
  • Signers & amount of required confirmations cannot be changed after attaching the GA MultiSig
  • Currently the contract needs to handle fee protection to prevent malicious behavior of miners
    • reasonable default values have been defined by default
    • the values can be changed by any signer
    • it's expected that a future hardfork introduces handling the fee protection on protocol level
      • to prepare for this the fee protection handling on contract level can be disabled later on

Contract entrypoints

Stateful

  • init(int, Set.set)
    • params
      • int is the amount of confirmations required for a tx to be authorized
      • Set.set a set of signers which will be authorized to propose and confirm transactions
    • can be used to initialize the GA
  • authorize(int)
    • params
      • int the nonce to be used for authorizing the tx
    • can only be called in the Auth-Context in a GaMetaTx
    • can only be executed if there is a tx proposed and confirmed by the required amount of signers
  • propose(hash, Chain.ttl)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
      • Chain.ttl the ttl that indicates when the tx-proposal expire
    • can be called to propose a new tx
  • confirm(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called to confirm the currently proposed tx
  • refuse(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called by co-signers to refuse the currently proposed tx
      • once enough signers refused, the tx will automatically be revoked
  • revoke(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called by the proposer only to explicitely revoke the currently proposed tx
  • update_fee_protection(fee_protection)
    • params
      • fee_protection object with int-attributes max_fee and max_gasprice
    • can be called by any signer in order to change the fee protection settings
  • disable_fee_protection()
    • can be called by any signer in order to disable handling the fee protection in the contract
    • Note:
      • we expect fee protection to be handled by the æternity protocol introduced in a future hardfork
      • can only be called once

Read only

These entrypoints are mainly for information purposes and required to build a meaningsful management UI that can handle MultiSig transactions.

  • get_version()
    • returns the version of the GA MultiSig contract
  • is_fee_protection_enabled()
    • returns if the fee protection on contract-level is enabled
  • get_fee_protection()
    • returns the values max_fee and max_gasprice which are used to protect from malicious miners
  • get_signers()
    • returns the list of all signers
  • get_nonce()
    • returns the required nonce to authorize the tx
  • get_consensus_info()
    • returns a record with all information needed for users and interfaces to manage the GA that contains following properties:
      • ga_tx_hash the (optional) hash of the proposed meta-transaction to be authorized
      • confirmations_required the amount of confirmations required to authorize a tx
      • confirmed_by a list of all signers that confirmed the proposed tx
      • refused_by a list of all signers that refused the proposed tx
      • has_consensus bool that indicates if the proposed tx was confirmed by a sufficient amount of signers
      • expiration_height the block height where the proposed tx expires
      • expired bool that indicates if the proposed tx is expired
      • proposed_by refers to the address of the individual who initiated the proposal

Events

Following events are emitted if users perform certain actions on the contract of the GA:

  • TxProposed(hash, address, int) if one of the signers proposes a new transaction
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that proposed the tx
    • int the height where the tx will expire
  • TxConfirmed(hash, address)
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that proposed the tx
  • TxRefused(hash, address)
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that refused the tx
  • TxConsensusReached(hash)
    • hash the tx-hash of the meta transaction that reached consensus (as soon as this event is emitted the tx can be authorized)
  • TxConsensusLost(hash)
    • hash the tx-hash of the meta transaction that lost consensus, e.g. if a signer refuses a previously confirmed tx
  • TxRevoked(hash, address)
    • hash the tx-hash of the meta transaction that has been revoked
    • address the address of the co-signer that revoked the tx
  • TxAuthorized(hash)
    • hash the tx-hash of the meta transaction that has been authorized
  • FeeProtectionDisabled(address)
    • address the signer that disabled the fee protection

Disclaimer

This smart contract has not been security audited yet.

Use it at your own risk!