Skip to content

Instantly share code, notes, and snippets.

@andywer
Created July 27, 2019 13:48
Show Gist options
  • Save andywer/516473c587306c426a10d1ea7c4ba34a to your computer and use it in GitHub Desktop.
Save andywer/516473c587306c426a10d1ea7c4ba34a to your computer and use it in GitHub Desktop.
Stellar Pre-Authorized Multi-Signature

Stellar Pre-Authorized Multi-Signature

Abstract

I tried to use pre-authorizeded transactions on Stellar as a replacement for a co-signer signature, but it seems like they don't play terribly well with multi-signature setups.

Scenario

Given:

  • Account A
  • Account M, 2-out-of-2 multi-signature, signers are M and A

Flow:

  1. Create a transaction T with source account M, containing operations with source M only. So it needs to be signed by M and A.
  2. Instead of co-signing the transaction T, A adds T's hash as pre-authorized transaction signer to the account A
  3. M signs the transaction and submits it to the network

T is lacking A's signature, but A already authorized the transaction in advance.

Outcome

Right now the transaction fails with error code tx_bad_auth when submitted to the network.

Since M signed the transaction and A authorized it, too, even though not signing the transaction in place, the transaction should be considered valid and the pre-authorized transaction hash should be removed from A's signers.

What For

Consider the account A to be an m-out-of-n multi-signature account itself, potentially with signers leaving and joining over time. So account A acts as the entity that executes actions on the Stellar network on behalf of its counsel of signers.

In a setup where A acts as a co-signer of other accounts, like M, the account M should not need to care about who is currently signer of A. If m out of A's n signers agree to co-sign M's transaction, there should be a way for A to co-sign M's transaction.

Right now this does not seem to be possible, unless M adds all of A's current signers as co-signers of M. That is impractical at best or does not work for the use case at all if A's signers are likely to change.

Being able to use pre-authorized transactions to authorize co-signing would solve that issue quite elegantly using existing network features.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment