This will be little developer log, for this smart contract, i will document everything from designing contract to testing and self audit
Phase 1: Design
Financial contracts are most priority for hackers, cause it exponentialy intesivies em to crack the code and get some cash out.
So as developer you want to make it as secure as possible.
It appears the more code you have, the more bugs and vulnerabilities it potentially can be exposed to.
And auditing alot of code makes it exponentialy harder then less code.
With my implementation of multisig ive tried to keep structure clean and limit functionality to minimum viable.
Ive constantly was revisiting the structure and each time there was some foundings.
After around 7 revisions ive finaly started to code it.
- Create wallet
- Add another signer
- Deposit DERO
- Malicious actor adds another signer, and locks all possible transactions (in case original wallet creator pk is exposed)
In this case, second all participants are locked away of spending any funds
So ive adde a notion of wallet lock (completness)
With ulocked wallet original creator can add any amount of additional signers, but cannot deposit
With locked wallet anyone can deposit any amount, new signers cannot be added
Once locked it cannot be unlocked
So once locked its trustless (trust minimized).
There are three main logical units in this contract
walletinternal account wich hold amount that belongs to this wallet from overall sc balance
walletcontains on one ore more
- any signer can create a
transactionfrom asociated with him internal
walletto DERO address
walletmust sign the
- when last
transactionit eather sending dero to adress or become invalid if amount is larger the
Phase 2: Coding
Describe all limitations, optimizations and tricks to keep code as minimum, readable and bug proof as possible
transactionid = txid, so you can operate with sc entirely without a daemon and log output
AddSignerToWallet(wallet) - where
walletequals to txid of CreateWallet() execution
- cool and clean iterative checkups
- aliases (combining several operations in one function, to minimize interactions (good for blockchain) and good for users less fees
For example instead of 5 transactions
CreateWallet() AddSignerToWallet() AddSignerToWallet() AddSignerToWallet() LockWallet() to =>
Phase 3: Testing and Self audit
Ive found few ways of automating and create cool tests
- Creating test Functions inside of contract that will execute our test cases directly on blockchain
Phase 4: Release and final deploy
Phase 5: Handy frontend to interact with contract
Lightweight html file (css,jquery,html bundled together)
To provide nice wraper for your wallet and daemon output
You can access interface anytime via
(Current limitation, since remote daemon hosted under http, not https hosted version can only access localy hosted daemon. But you can download index html localy and use remote daemon, you still will beed to run local wallet)
or use electron version with no limitations and direct access to wallet
Phase 6: Full Tutorial (from instalation to interaction)
There are 3 possible ways of interactions
Raw CURL cli + daemon output
Web version with CURL cli command builder
Video guide: https://youtu.be/-3wagBUybBI
Finaly released on 03.03.2019 1:22 (+2 GMT)