This will be little developer log, for this smart contract, i will document everything from designing contract to testing and self audit
Phase 1: Design
Financial contracts are most priority for hackers, cause it exponentialy intesivies em to crack the code and get some cash out.
So as developer you want to make it as secure as possible.
It appears the more code you have, the more bugs and vulnerabilities it potentially can be exposed to.
And auditing alot of code makes it exponentialy harder then less code.
With my implementation of multisig ive tried to keep structure clean and limit functionality to minimum viable.
Ive constantly was revisiting the structure and each time there was some foundings.
After around 7 revisions ive finaly started to code it.
Example:
- Create wallet
- Add another signer
- Deposit DERO
- Malicious actor adds another signer, and locks all possible transactions (in case original wallet creator pk is exposed)
In this case, second all participants are locked away of spending any funds
So ive adde a notion of wallet lock (completness)
With ulocked wallet original creator can add any amount of additional signers, but cannot deposit
With locked wallet anyone can deposit any amount, new signers cannot be added
Once locked it cannot be unlocked
So once locked its trustless (trust minimized).
Structure:
There are three main logical units in this contract
wallet
, transaction
and signer
-
wallet
internal account wich hold amount that belongs to this wallet from overall sc balance - each
wallet
contains on one ore moresigners
- any signer can create a
transaction
from asociated with him internalwallet
to DERO address - all
signers
withing thewallet
must sign thetransaction
- when last
signer
signs atransaction
it eather sending dero to adress or become invalid if amount is larger thewallet
balance
Phase 2: Coding
Describe all limitations, optimizations and tricks to keep code as minimum, readable and bug proof as possible
-
wallet
andtransaction
id = txid, so you can operate with sc entirely without a daemon and log output
AddSignerToWallet(wallet) - wherewallet
equals to txid of CreateWallet() execution - cool and clean iterative checkups
- aliases (combining several operations in one function, to minimize interactions (good for blockchain) and good for users less fees
For example instead of 5 transactions
CreateWallet() AddSignerToWallet() AddSignerToWallet() AddSignerToWallet() LockWallet() to =>
one
CreateLockedWalletWith3Signers()
Phase 3: Testing and Self audit
Ive found few ways of automating and create cool tests
- Postman
- Creating test Functions inside of contract that will execute our test cases directly on blockchain
Phase 4: Release and final deploy
Contract: 4036c7ae3c0be674174d395a8c77fedb859b86e4b8dbe2279ac06d6b38764140
Phase 5: Handy frontend to interact with contract
Lightweight html file (css,jquery,html bundled together)
To provide nice wraper for your wallet and daemon output
You can access interface anytime via
https://plrspro.github.io/dero-sc-multisig/interface/
(Current limitation, since remote daemon hosted under http, not https hosted version can only access localy hosted daemon. But you can download index html localy and use remote daemon, you still will beed to run local wallet)
or use electron version with no limitations and direct access to wallet
Phase 6: Full Tutorial (from instalation to interaction)
There are 3 possible ways of interactions
-
Raw CURL cli + daemon output
Tutorial: https://github.com/plrspro/dero-sc-multisig/blob/master/README.md -
Web version with CURL cli command builder
Tutorial: https://github.com/plrspro/dero-sc-multisig/blob/master/README.md -
Electron app
Download: https://github.com/plrspro/dero-sc-multisig/releases/tag/1.0
Video guide: https://youtu.be/-3wagBUybBI
Finaly released on 03.03.2019 1:22 (+2 GMT)