Skip to content

This contract can be used to convert a regular, plain-old account (POA) into a MultiSig account using the Generalized Account feature of æternity.

License

Notifications You must be signed in to change notification settings

aeternity/ga-multisig-contract

Repository files navigation

Simple MultiSig contract as Generalized Account

The SimpleGAMultiSig contract can be used to convert a regular, plain-old account (POA) into a MultiSig account using the Generalized Account feature of aeternity.

By performing a GaAttachTx you can convert your POA into a GA by deploying the MultiSig contract that contains a special authorize function. This authorize function will then always be called by the protocol to authorize future transactions of this account.

Features & limitations

  • Provide a set of signers
    • minimum 2
  • Provide the amount of confirmations need for a tx to be authorized
    • minimum 2
    • must not exceed amount of signers
  • It's only possible to propose one tx at the same time & in order to be able to propose a new tx the current tx needs to be:
    • authorized (executed)
    • expired
    • revoked
  • Signers & amount of required confirmations cannot be changed after attaching the GA MultiSig
  • Currently the contract needs to handle fee protection to prevent malicious behavior of miners
    • reasonable default values have been defined by default
    • the values can be changed by any signer
    • it's expected that a future hardfork introduces handling the fee protection on protocol level
      • to prepare for this the fee protection handling on contract level can be disabled later on

Contract entrypoints

Stateful

  • init(int, Set.set)
    • params
      • int is the amount of confirmations required for a tx to be authorized
      • Set.set a set of signers which will be authorized to propose and confirm transactions
    • can be used to initialize the GA
  • authorize(int)
    • params
      • int the nonce to be used for authorizing the tx
    • can only be called in the Auth-Context in a GaMetaTx
    • can only be executed if there is a tx proposed and confirmed by the required amount of signers
  • propose(hash, Chain.ttl)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
      • Chain.ttl the ttl that indicates when the tx-proposal expire
    • can be called to propose a new tx
  • confirm(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called to confirm the currently proposed tx
  • refuse(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called by co-signers to refuse the currently proposed tx
      • once enough signers refused, the tx will automatically be revoked
  • revoke(hash)
    • params
      • hash the tx-hash of the meta transaction that should be authorized
    • can be called by the proposer only to explicitely revoke the currently proposed tx
  • update_fee_protection(fee_protection)
    • params
      • fee_protection object with int-attributes max_fee and max_gasprice
    • can be called by any signer in order to change the fee protection settings
  • disable_fee_protection()
    • can be called by any signer in order to disable handling the fee protection in the contract
    • Note:
      • we expect fee protection to be handled by the æternity protocol introduced in a future hardfork
      • can only be called once

Read only

These entrypoints are mainly for information purposes and required to build a meaningsful management UI that can handle MultiSig transactions.

  • get_version()
    • returns the version of the GA MultiSig contract
  • is_fee_protection_enabled()
    • returns if the fee protection on contract-level is enabled
  • get_fee_protection()
    • returns the values max_fee and max_gasprice which are used to protect from malicious miners
  • get_signers()
    • returns the list of all signers
  • get_nonce()
    • returns the required nonce to authorize the tx
  • get_consensus_info()
    • returns a record with all information needed for users and interfaces to manage the GA that contains following properties:
      • ga_tx_hash the (optional) hash of the proposed meta-transaction to be authorized
      • confirmations_required the amount of confirmations required to authorize a tx
      • confirmed_by a list of all signers that confirmed the proposed tx
      • refused_by a list of all signers that refused the proposed tx
      • has_consensus bool that indicates if the proposed tx was confirmed by a sufficient amount of signers
      • expiration_height the block height where the proposed tx expires
      • expired bool that indicates if the proposed tx is expired
      • proposed_by refers to the address of the individual who initiated the proposal

Events

Following events are emitted if users perform certain actions on the contract of the GA:

  • TxProposed(hash, address, int) if one of the signers proposes a new transaction
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that proposed the tx
    • int the height where the tx will expire
  • TxConfirmed(hash, address)
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that proposed the tx
  • TxRefused(hash, address)
    • hash the tx-hash of the meta transaction that should be authorized
    • address the address of the co-signer that refused the tx
  • TxConsensusReached(hash)
    • hash the tx-hash of the meta transaction that reached consensus (as soon as this event is emitted the tx can be authorized)
  • TxConsensusLost(hash)
    • hash the tx-hash of the meta transaction that lost consensus, e.g. if a signer refuses a previously confirmed tx
  • TxRevoked(hash, address)
    • hash the tx-hash of the meta transaction that has been revoked
    • address the address of the co-signer that revoked the tx
  • TxAuthorized(hash)
    • hash the tx-hash of the meta transaction that has been authorized
  • FeeProtectionDisabled(address)
    • address the signer that disabled the fee protection

Disclaimer

This smart contract has not been security audited yet.

Use it at your own risk!

About

This contract can be used to convert a regular, plain-old account (POA) into a MultiSig account using the Generalized Account feature of æternity.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published