Steem Developer Bounty - 1500 STEEM - Multisignature Transaction Guide (Details Inside)

in #steem6 years ago (edited)

The Steem blockchain supports multisignature transactions. Multisignature transactions are a security feature that requires a transaction to be signed by multiple parties (each with their own key) before they become valid.

Reasons why multisignature transactions are important

A lot of investors will consider multisignature transactions a requirement in order to purchase and hold a coin. Many developers can also use multisignature transactions to add additional layers of security to their applications and tools.

Needed: Better tools / guides

Even though the blockchain supports multisignature transactions, there is very little available in terms of tools and guides on how to use multisignature transactions. The main guide that I am aware of is "[piston] How to use it for multisignature accounts" from @xeroc, but AFAIK it uses a deprecated library that no longer works.

In order to help make multisignature transactions more accessible to investors/developers/users, we need to improve our tools and guides.

1500 STEEM Bounty

@transisto, @elear, @therealwolf, @drakos, @instructor2121, @sorin.cristescu, @clayop, @ausbitbank, @thecryptodrive, @yabapmatt, @aggroed, @cervantes, @upheaver, @lukestokes, and I (@timcliff) have teamed up to offer a bounty for someone to create a multisignature transaction guide. We are each contributing 100 STEEM (15 x 100 = 1500 STEEM). The details on the guide as well as the terms of the bounty are below.

Guide Requirements:

(The guide will have two parts.)

Part 1

  • The first part will guide a user through the process of setting up multisignature authority for the active authority on the account. The guide should be generic enough to support the setup for any authority that allows N keys, each with their own weights W_n, and a threshold of T (for any valid combination of N, W_n, and T).
  • The first part of the guide should also include a brief section on how the steps would be different if the user wanted to setup multisignature authority on the posting authority instead of the active.
  • In addition to the generic instructions, the guide should also include an example that walks through the steps for this scenario: A user wants to have their active authority setup with seven keys. Keys one and two each have a weight of 25%. Keys three, four, five, six, and seven each have a weight of 10%. In order for a transaction to be valid, it must have at least 40% weighted signatures.

Part 2

  • The second part will guide a user through the process of sending STEEM (or SBD) tokens to another user, and signing the transaction with a sufficient number of keys to exceed the threshold on an account that has an active authority with N, W_n, and T.
  • The process that is used needs to include a practical means of acquiring all of the signatures on the transaction before the transaction expires.
  • Continuing with the example from part 1 (using the same account, keys, etc.) part 2 of the guide should also have an example that walks through the steps for this scenario: One of the key holders of the account wants to transfer 5.0 STEEM tokens to another user. The transaction should be signed with keys one, four, and five (which would exceed the 40% threshold).

General

  • The process that is used in the guide needs to easy enough to use that anyone with reasonable technical knowledge can set up a multisignature account and consistently sign transactions by following the guide.
  • The guide should not make any assumptions about the user knowing what to do. The instructions need to be very clear with no uncertainty about what needs to be done in each step.
  • The guide can only use tools and libraries that are open source and actively maintained.
  • The guide can only use tools and libraries that have been audited and accepted by the Steem community as valid tools/libraries (examples: SteemConnect, Beem, DSteem, etc.).
  • If the guide uses reference material from other sources, the sources should be properly referenced within the guide.

Some coding may be needed

It is possible that there isn’t sufficient support within the existing tools and libraries to be able to write a guide based on what is currently there. If existing tools/libraries need to be updated in order to complete the bounty, it may be necessary to make code changes and submit them via pull requests before the guide can be completed.

It will be the responsibility of the person creating the guide to make whatever code changes are needed to whatever repositories need them in order to meet the terms of the bounty. This includes working with the necessary parties to get changes accepted and merged into the official repositories.

Bounty Terms

  • The guide must meet all of the conditions described above.
  • The guide must be created as a post on the Steem blockchain. (If the guide is split up into two posts - part 1 and 2 - with sufficient linking between them, that is OK too.)
  • After the guide has been created, reply to this post with a link to the guide, as well as the name of an account where the process has been successfully used to transfer at least 0.001 STEEM to another account with the seven key multisignature example above. The reply to this post with the post link and account name will be considered the submission.
  • @transisto, @elear, @therealwolf, @drakos, @instructor2121, @sorin.cristescu, @clayop, @ausbitbank, @thecryptodrive, @yabapmatt, @aggroed, @cervantes, @upheaver, @lukestokes, and @timcliff will have "multisignature authority" over the approval of the bounty to determine if the terms are met. We will each have 1/15 voting weight. If at least 12/15 of the parties agree that the terms of the bounty have been met, then the 1500 STEEM bounty will be awarded.
  • If there are multiple submissions, they will be evaluated in the order that they are received. The first submission to receive 12/15 approval will be the winner of the bounty.
  • If a submission does not receive 12/15 approval and significant changes are needed to make it valid, the updated version (with the changes made) should be re-submitted as a new entry.
  • Please allow up to seven days from the time of submission for each of us to review the submission and vote.
  • Each of the 15 contributers will be responsible for paying their bounty to the winner.
  • If no valid submissions have been received by 23:59 (UTC) on March 31, 2019 then the bounty will be void/canceled.

If you have any questions about the terms of the bounty (including whether a particular library is OK to use) please ask :)

Good luck everyone!

[Edit] The bounty is now closed. Thank you everyone who participated!! The results can be found here:
Bounty Mission Success: Multisignature Transaction Guide Complete

Sort:  

Here is my submission to the bounty:
https://steemit.com/steem/@holger80/multisignature-transaction-guide-for-beempy

I used the account @testholger. The 5 Steem were broadcastet signed by the 3 key in this transaction_id:
https://steemd.com/tx/b87bddc02c611de3c6c93161c530561c98a6a6a3

Here's my entry for a guide/POC with python/beem:
Steem Multi-Signature Transaction Guide for Beem/Python

Aw, you're ahead of me. I guess I won't bother to write mine up then. Glad I checked first.

Here s my submission for the bounty, using DSteem:
https://steemit.com/utopian-io/@stoodkev/how-to-set-up-and-use-multisignature-accounts-on-steem-blockchain .
I used the @multisig account to create the example.
If I do get the bounty, I will distribute most of it to projects on Fundition and the rest to other deserving Steemians.

If there is sufficient interest, I ll organize the code and push it to Github.

I have created this repository for reference : https://github.com/stoodkev/multisig

I decided to write mine up anyway, since I think it's way easier than Crokkon's method and probably a worthwhile tutorial to have. https://steemit.com/steem/@tcpolymath/make-multisig-transactions-with-beem-without-spending-all-day-in-the-transaction-builder

My example transaction is here.

I also wrote up a little bit about the philosophical differences in our approaches, because it interested me: https://steemit.com/steem/@tcpolymath/reflections-on-two-methods-of-multisig-transactions

Here is my submission to the bounty https://steemit.com/steem/@jga/msteem-multisignature-transaction-app

I used the account @fulanitodetal.

This is not just a guide but also a webpage to modify the authorities, and sign any type of transactions using multisignatures. It works on the browser, no need to install software.

Awesome, thanks! Unfortunately you did not qualify for the bounty because there were already four submissions ahead of yours, and the bounty was awarded to the first person to submit a valid entry. I did send you 50.0 STEEM from an anonymous donor though as a "thank you" for your contribution :)

Super! Thank you very much!

It would be cool to also make the escrow feature easier to use - we could have put the bounty in escrow from the start for instance.

You can use Steem-bounty for distributing the bounty.

Steem-Bounty takes 10% fee.

Posted using Partiko Android

Oh sorry I forgot that your bounty is high. I thought you might not know so I just recommended.

@kabir88 It might be worth following this project as it get done. This is what you were talking about earlier wasn't it??

Yes! It sounds like exactly what we need.

Well spotted @niallon11

I hope it gets completed soon, @daan might even be able to claim the bounty as he mentioned giving this a go

A pleasure to meet you, I hope that together we improve the platform, and for this we must be united.
Receive an affectionate greeting from a friend in Spain

Hi Tim, sorry to have to reach out to you this way, but Berniesanders and his bots and multiple accounts have left me no choice. He first began massive downvoting of everything I posted a couple weeks ago. These attacks were totally unprovoked, and I never even replied. Gradually, they let up. But, yesterday he started wiping out my posts again, and so I reposted them for a couple hours just to see if he would stop. Then, because he didn't stop, I eventually did, and even replied to a written threat he made to destroy my account for "spam." You've had my vote for witness for several months during which time I went months without ever downvoting anyone, or even arguing with anyone, while gradually building almost a 65 rep score without ever using bots to do it. If you look at my blog this morning you can see Bernie has followed through on his threat. If people can indeed be destroyed on Steemit simply for being conservative and posting about conservative issues, then Steemit will die. We need to hardfork away purely malicious ideologically-driven auto downvoting, and/or massive manual downvoting. Will you work to address this?

We need to hardfork away purely malicious ideologically-driven auto downvoting, and/or massive manual downvoting. Will you work to address this?

Sorry, no. My position on flagging can be found here.

These attacks were totally unprovoked

Stakeholders are allowed to downvote content that they don't believe is deserving of rewards. There doesn't have to be any reason - it is their choice as stakeholders.

.. My suggestion is to reach out to bernie on steem.chat (nextgencrypto) very nicely and politely and try to see if there is a way you can come to an agreement on how to proceed. Do not be an ass; do not try to tell him what he can/can't do; and do not try to tell him he is wrong in his choice to flag you. If you go into the conversation with the right attitude, he is often actually nice to deal with and there is a good chance you will find some type of resolution.

You are a piece of shit spammer and have been flagged accordingly. Enjoy!