Guide to Multisig transactions
Overview
Multisignature accounts are accounts that are generated from multiple public keys. A multisig necessitates that any transaction made on its behalf must be signed by a specified threshold of its members.
A common use case for multisigs is to increase security of a signing account, and/or enable multiple parties to agree on and authorize a transaction.
The first step is to create a multisig signing key by using the public keys of all possible signers and the minimum threshold of addresses that are needed to sign any transaction from the account. The threshold can be the same amount as the total number of addresses comprising the multisig.
Whatever machine is generating the multisig, it should at least have all of the public keys imported into the same keyring.
When you want to create a multisig transaction, you would create the transaction as normal, but instead of signing it with a single account's private key, you would need to sign it with the private keys of the accounts that make up the multisig key.
This is done by signing the transaction multiple times, once with each private key. The order of the signatures matters and must match the order of the public keys in the multisig key.
Once you have a transaction with the necessary signatures, it can be broadcasted to the network. The network will verify that the transaction has the necessary signatures from the accounts in the multisig key before it is executed.
Step by step guide to multisig transactions
This tutorial will use the test keyring which will store the keys in the default home directory ~/.simapp
unless otherwise specified.
Verify which keys are available in the test keyring by running --keyring-backend test
.
In order to specify a consistent keyring for the entirety of the tutorial, set the default keyring by running simd config keyring-backend test
.
simd keys list
If you don't already have accounts listed create the accounts using the below.
simd keys add alice
simd keys add bob
simd keys add recipient
Alternatively the public keys comprising the multisig can be imported into the keyring.
simd keys add alice --pubkey <public key> --keyring backend test
Create the multisig account between bob and alice.
simd keys add alice-bob-multisig --multisig alice,bob --multisig-threshold 2
Before generating any transaction, verify the balance of each account and note the amount. This step is crucial to confirm that the transaction can be processed successfully.
simd query bank balances $(simd keys show my_validator -a)
simd query bank balances $(simd keys show alice-bob-multisig -a)
Ensure that the alice-bob-multisig account is funded with a sufficient balance to complete the transaction (gas included). In our case, the genesis account, my_validator, holds our funds. Therefore, we will transfer funds from the my_validator
account to the alice-bob-multisig
account.
Fund the multisig by sending it stake
from the genesis account.
simd tx bank send $(simd keys show my_validator -a) $(simd keys show alice-bob-multisig -a) "10000stake"
Check both accounts again to see if the funds have transferred.
simd query bank balances $(simd keys show alice-bob-multisig -a)
Initiate the transaction. This command will create a transaction from the multisignature account alice-bob-multisig
to send 1000stake to the recipient account. The transaction will be generated but not broadcasted yet.
simd tx bank send $(simd keys show alice-bob-multisig -a) $(simd keys show recipient -a) 1000stake --generate-only --chain-id my-test-chain > tx.json
Alice signs the transaction using their key and refers to the multisig address. Execute the command below to accomplish this:
simd tx sign --from $(simd keys show alice -a) --multisig=cosmos1re6mg24kvzjzmwmly3dqrqzdkruxwvctw8wwds tx.json --chain-id my-test-chain > tx-signed-alice.json
Let's repeat for Bob.
simd tx sign --from $(simd keys show bob -a) --multisig=cosmos1re6mg24kvzjzmwmly3dqrqzdkruxwvctw8wwds tx.json --chain-id my-test-chain > tx-signed-bob.json
Execute a multisign transaction by using the simd tx multisign
command. This command requires the names and signed transactions of all the participants in the multisig account. Here, Alice and Bob are the participants:
simd tx multisign tx.json alice-bob-multisig tx-signed-alice.json tx-signed-bob.json --chain-id my-test-chain > tx-signed.json
Once the multisigned transaction is generated, it needs to be broadcasted to the network. This is done using the simd tx broadcast command:
simd tx broadcast tx-signed.json --chain-id my-test-chain --gas auto --fees 250stake
Once the transaction is broadcasted, it's a good practice to verify if the transaction was successful. You can query the recipient's account balance again to confirm if the funds were indeed transferred:
simd query bank balances $(simd keys show alice-bob-multisig -a)