Steem Multisig Wizard: Updates and FAQ from pennsif.witness team

Hi folks! Here at the @pennsif.witness team HQ, we've just pushed out v1.0.2 of the Steem Multisig Wizard.


4i88GgaV8qiFU89taP2MgKXzwntUGAvkoQiKU7VxyD37q94LmqTr5kcRYoPzYLhGqxYESrwPZqKeZcxQ9aLW9MT9Wf1NJ5TaqSSopb8Up2kcBWaMqgAfyE29rN.png

When visiting the Multisig Wizard, make sure you see v1.0.2 in the bottom corner to ensure you're on the latest version (highlighted in red):

102.png

If you don't see v1.0.2, hitting Refresh in your browser should put you on the updated version.

Changes in v1.0.2

  • Amount field fixed for greater mobile compatibility
  • Additional validation added when creating a multisig account, to prevent some potential issues (including trying to add the same signatory twice, trying to add the account to be converted as one of the signatories).
  • Internal build-and-deploy process streamlined, to allow us to roll out updates with no downtime, and without aborting in-progress multisig transactions that have not yet to be fully signed.

Answers to some queries

We've seen a good deal of interest in the Multisig Wizard since we launched, so we thought we'd answer a few queries here rather than have them get lost as comment replies.

Missing Notifications?

@ubongudofot has been helping us with a lot of testing, and noticed that in some circumstances, the @multsigwiz account wasn't sending notifications to other potential signers once a multisig transaction had been proposed.

Because of Steem post frequency limitations (imposed at blockchain level), the Multisig Wizard server will only post at most once every 6 minutes.

If there are multiple open (proposed, but not fully signed) multisig transactions when the Wizard checks, it will make a digest post to notify signatories on all open transactions: Here's an example.

If there's only one open transaction, it gets a post of its own, like this one.

However, if a multisig transaction has been proposed and completed within a 6 minute period, no notification will be posted (because clearly, nobody else needed to be informed for the transaction to complete).

Permanently locked delegations

In our previous update, we discussed an idea from @remlaps that would enable an interesting use-case:

1.) Account A delegates to account B
2.) Account A is provably locked so that the delegation can never be undone
3.) Account B can use the delegation to generate curation rewards, but no one can ever withdraw the STEEM from Account A, or even withdraw the delegation.

Although this is possible, we have not yet enabled creation of these locked accounts via the Wizard, due to the potential for people to accidentally lock their accounts. However, if someone specifically wants this, we can add it -- though with a "I really really know what I'm doing" tickbox.

In the meantime, @bosferi123 asked for a concrete example of this concept in action.

OK, let's go!

First, we created a new steem account: @multisiglock. This will be "Account A" in @remlaps's scenario above. For the purpose of this example, "Account B" which will receive the unremovable delegation will be @pennsif.

We then funded @multisiglock with 5 STEEM from my (@rexthetech) account, and powered it up using @multisiglock's Private Active Key, so that @multisiglock has 5 SP:

msl1.png

Next, again using @multisiglock's Private Active Key, we delegated @multisiglock's 5 SP to @pennsif:

mls2.png

We then converted @multisiglock to a multisig account, but with impossible threshold (again, the Wizard does not yet support this so this was done manually):

Capture.PNG

The delegation to @pennsif is still working, and now we cannot remove it. Any attempt results in a Missing Active Authority error, whether using my @rexthetech active key, the original @multisiglock active key:

remove-1.png

Even creating a multisig-signed transaction with both signatories will not meet the threshold to perform the blockchain operation to remove the delegation.

Malicious Master Key holders

@the-gorilla asks:

Do the Owner and Active authorities remain even if the owner of the Master Key changes it? i.e. users can't do what @ponpase has just done?

In fact, changing the Master Password (which a Steem account's keypairs are derived from) requires the current Private Owner Key.

As the Owner authorities have been changed, the original user cannot change the Master Password, and an attempt (using the original Private Owner Key) will again generate a Missing Active Authority error:

pw.png

Departing signatories

@kouba01 asks:

What if one of the signatories misbahave and left the platform and also not in good terms with the admin..., would there be any provision to change such signatories?

In the case of a normal multisig account (not the perma-locked variation discussed above), it is possible to perform any action which requires the cooperation of multiple signatories, provided those agreeing with the action can, between them, sign with enough weight.

Although the only multisig operation currently supported by the Wizard is a standard STEEM or SBD transaction, we could if needed develop a "change multisig signatories" section. This is definitely possible, but would require significant work.

However, in order to change signatories, the signatories approving the change must between them have enough weight to approve the change.

For that reason, if you think you may find yourself with a misbehaving signatory in the future, it would be wise to set up a (for example) "5 out of 6 must sign" multisig account, so that any 5 members can, between them, eject the 6th (and replace the weights with "4 out of 5 must sign").

Sort:  

It's all good to see the update on those important questions.

if a multisig transaction has been proposed and completed within a 6 minute period, no notification will be posted (because clearly, nobody else needed to be informed for the transaction to complete).

I think this is clear now, thank you for clarifying.

#multisig

If you ever do enable the locking capability, it might be a good idea to hide it as "advanced mode" or something like that, in addition to the "Do you really mean it?" checkbox.

Good idea, thanks!

this is a very perfect explanation. I sometimes have to know about this, so I asked for an explanation yesterday at comment on your post here but this is very clear, thank you for taking the time for all of us here, I appreciate every word in your post, best regards to you.@rexthetech
I apologize if any of my words were wrong in yesterday's comments

Thank you, friend!
I'm @steem.history, who is steem witness.
Thank you for witnessvoting for me.
image.png
please click it!
image.png
(Go to https://steemit.com/~witnesses and type fbslo at the bottom of the page)

The weight is reduced because of the lack of Voting Power. If you vote for me as a witness, you can get my little vote.

Upvoted! Thank you for supporting witness @jswit.