Dero multisig Smart Contract

This will be little developer log, for this smart contract, i will document everything from designing contract to testing and self audit

Phase 1: Design
Financial contracts are most priority for hackers, cause it exponentialy intesivies em to crack the code and get some cash out.
So as developer you want to make it as secure as possible.
It appears the more code you have, the more bugs and vulnerabilities it potentially can be exposed to.
And auditing alot of code makes it exponentialy harder then less code.
With my implementation of multisig ive tried to keep structure clean and limit functionality to minimum viable.

Ive constantly was revisiting the structure and each time there was some foundings.
After around 7 revisions ive finaly started to code it.

Example:

  1. Create wallet
  2. Add another signer
  3. Deposit DERO
  4. Malicious actor adds another signer, and locks all possible transactions (in case original wallet creator pk is exposed)

In this case, second all participants are locked away of spending any funds

So ive adde a notion of wallet lock (completness)

With ulocked wallet original creator can add any amount of additional signers, but cannot deposit
With locked wallet anyone can deposit any amount, new signers cannot be added
Once locked it cannot be unlocked

So once locked its trustless (trust minimized).

Structure:
There are three main logical units in this contract
wallet, transaction and signer

  1. wallet internal account wich hold amount that belongs to this wallet from overall sc balance
  2. each wallet contains on one ore more signers
  3. any signer can create a transaction from asociated with him internal wallet to DERO address
  4. all signers withing the wallet must sign the transaction
  5. when last signer signs a transaction it eather sending dero to adress or become invalid if amount is larger the wallet balance

Phase 2: Coding
Describe all limitations, optimizations and tricks to keep code as minimum, readable and bug proof as possible

  1. wallet and transaction id = txid, so you can operate with sc entirely without a daemon and log output
    AddSignerToWallet(wallet) - where wallet equals to txid of CreateWallet() execution
  2. cool and clean iterative checkups
  3. aliases (combining several operations in one function, to minimize interactions (good for blockchain) and good for users less fees
    For example instead of 5 transactions
    CreateWallet() AddSignerToWallet() AddSignerToWallet() AddSignerToWallet() LockWallet() to =>
    one
    CreateLockedWalletWith3Signers()

Phase 3: Testing and Self audit
Ive found few ways of automating and create cool tests

  1. Postman
  2. Creating test Functions inside of contract that will execute our test cases directly on blockchain

Phase 4: Release and final deploy
Contract: 4036c7ae3c0be674174d395a8c77fedb859b86e4b8dbe2279ac06d6b38764140

Phase 5: Handy frontend to interact with contract
Lightweight html file (css,jquery,html bundled together)
To provide nice wraper for your wallet and daemon output

You can access interface anytime via
https://plrspro.github.io/dero-sc-multisig/interface/

(Current limitation, since remote daemon hosted under http, not https hosted version can only access localy hosted daemon. But you can download index html localy and use remote daemon, you still will beed to run local wallet)

or use electron version with no limitations and direct access to wallet

Phase 6: Full Tutorial (from instalation to interaction)
There are 3 possible ways of interactions

  1. Raw CURL cli + daemon output
    Tutorial: https://github.com/plrspro/dero-sc-multisig/blob/master/README.md

  2. Web version with CURL cli command builder
    Tutorial: https://github.com/plrspro/dero-sc-multisig/blob/master/README.md

  3. Electron app
    Download: https://github.com/plrspro/dero-sc-multisig/releases/tag/1.0
    Video guide: https://youtu.be/-3wagBUybBI

Finaly released on 03.03.2019 1:22 (+2 GMT)

4 Likes