Authored by Thibaut Sardan
Multi-signature accounts have been around since the early days of cryptocurrency. They're used to manage billions in assets securely. On Polkadot, Kusama, and all their parachains, it's also been possible to leverage the power of multi-signature accounts from day one.
While all the lego pieces are available to build complex and flexible multi-signature architectures today, there hasn't (yet) been any easy-to-use interface to create or interact with multisigs. ChainSafe received a grant from the Web3 Foundation to bootstrap the implementation of an enterprise-level solution.
A solution for managing complex multisigs
Let's start by defining the main issues multisig users encounter today. Then tackle how to solve them.
First, creating a multisig requires a lot of off-chain communication between participants. These participants also called "signatories," need to share their address and the threshold of the multisig, then each of them needs to create the multisig on an interface.
Second, once the multisig is created, the crafting of a transaction requires the first signatory to copy a piece of information called
callData. Bear with me, this may be very abstract if you have never interacted with a multisig. This information, the
callData, needs to be shared with other participants for them to read and verify the proposal made by the first signatory. This is shared offline, using a secure messaging app, for instance.
If what you just read is hard to follow and understand, don't worry. The good news is that you won't need to deal with this in the future.
Third, many businesses or DAOs are used to using multisigs. They generally have an address that they communicate with partners or members of the DAO. This address receives a potentially large amount of tokens. For this reason, it should stay the same over the years. Now, because of how multisigs are constructed on Polkadot, if any of the signatories change or if the threshold changes, the address will change too.
This is a problem.
For example, say, Alice, Bob, and Charlie are the signatories of a multisig with a ⅔ threshold, meaning that two signatures out of the three are required for any transaction to be performed. Say Charlie gets his account compromised. This is an emergency situation. They need to remove Charlie's account from the multisig as soon as possible and replace it with a fresh and safe account.
This is possible, but as mentioned previously, the resulting multisig from Alice, Bob, and the new Charlie will have a different address! They'll need to transfer the funds to the new multisig address and tell all their partners not to use the old address anymore. This is pretty annoying.
Fortunately, there are solutions.
At Chainsafe, we deal with these issues ourselves, and we're building a fix for them.
Multix is an easy-to-use interface to manage complex multisigs.
One person creates a multisig, and all the signatories see the multisig right away in the interface.
No need to pass around
callData. This information is retrieved from the blockchain and displayed.
Thanks to a proxy, adding/removing signatories or adjusting the threshold is now possible without changing the external address.
You read that right. While we're not attempting to solve all the problems multisigs could have, Multix does provide an elegant solution to the issues mentioned above by using a so called proxy.
Let's understand how we do this.
How does it work?
While there's no need to understand Multix's architecture deeply, it can't hurt to have a mental model of it. A good metaphor is a vault. This is the address of the proxy that everyone will know; it will remain unchanged. With a proxy account, you can hold funds, vote, and do anything you'd do with a normal account.
This vault has a specific lock that can be opened by combining specific keys. Let's say our vault has a lock called ABC that can only be opened by combining two out of the three keys between Alice (A), Bob (B), and Charlie (C).
This lock can be changed if the vault door is open. So in the previous situation where Charlie's key was compromised, if Alice and Bob combine their key, they can open the vault and change the lock to place a new one, ABC2, with Charlie's new key. The address of the vault (e.g., the proxy) remains the same, and the funds do not need to move.
The architecture of Multix is as trustless as possible while having the best user experience possible. It's standing on the shoulder of giants leveraging the multisig pallet available in Kusama, Polkadot, and most parachains. It's using an indexer based on Subsquid to make flows as smooth as possible. There's no other application-specific server or database. All the code is open source, and any information that‘s displayed in Multix comes from the chain.
Multix is already live! You can test it here: https://multix.chainsafe.io
Note - you can create a multisig, this will take care of the proxy creation as well. You can set names for the accounts or multisigs; they will only be stored locally. And finally, you can make any extrinsic (e.g a transfer) either from the multisig or from the proxy. It is advised to use the proxy address as the externally visible address because this will never change.
ChainSafe is a leading blockchain research and development firm specializing in infrastructure solutions for web3. Alongside its contributions to major ecosystems such as Ethereum, Polkadot, Filecoin, and more, ChainSafe creates solutions for developers and teams across the web3 space utilizing our expertise in gaming, bridging, NFTs, and decentralized storage. As part of its mission to build innovative products for users and improved tooling for developers, ChainSafe embodies an open source and community-oriented ethos to advance the future of the internet. To learn more, click here.