Steem Developer Bounty - 1500 STEEM - Multisignature Transaction Guide (Details Inside)

in #steem4 years ago (edited)

The Steem blockchain supports multisignature transactions. Multisignature transactions are a security feature that requires a transaction to be signed by multiple parties (each with their own key) before they become valid.

Reasons why multisignature transactions are important

A lot of investors will consider multisignature transactions a requirement in order to purchase and hold a coin. Many developers can also use multisignature transactions to add additional layers of security to their applications and tools.

Needed: Better tools / guides

Even though the blockchain supports multisignature transactions, there is very little available in terms of tools and guides on how to use multisignature transactions. The main guide that I am aware of is "[piston] How to use it for multisignature accounts" from @xeroc, but AFAIK it uses a deprecated library that no longer works.

In order to help make multisignature transactions more accessible to investors/developers/users, we need to improve our tools and guides.

1500 STEEM Bounty

@transisto, @elear, @therealwolf, @drakos, @instructor2121, @sorin.cristescu, @clayop, @ausbitbank, @thecryptodrive, @yabapmatt, @aggroed, @cervantes, @upheaver, @lukestokes, and I (@timcliff) have teamed up to offer a bounty for someone to create a multisignature transaction guide. We are each contributing 100 STEEM (15 x 100 = 1500 STEEM). The details on the guide as well as the terms of the bounty are below.

Guide Requirements:

(The guide will have two parts.)

Part 1

  • The first part will guide a user through the process of setting up multisignature authority for the active authority on the account. The guide should be generic enough to support the setup for any authority that allows N keys, each with their own weights W_n, and a threshold of T (for any valid combination of N, W_n, and T).
  • The first part of the guide should also include a brief section on how the steps would be different if the user wanted to setup multisignature authority on the posting authority instead of the active.
  • In addition to the generic instructions, the guide should also include an example that walks through the steps for this scenario: A user wants to have their active authority setup with seven keys. Keys one and two each have a weight of 25%. Keys three, four, five, six, and seven each have a weight of 10%. In order for a transaction to be valid, it must have at least 40% weighted signatures.

Part 2

  • The second part will guide a user through the process of sending STEEM (or SBD) tokens to another user, and signing the transaction with a sufficient number of keys to exceed the threshold on an account that has an active authority with N, W_n, and T.
  • The process that is used needs to include a practical means of acquiring all of the signatures on the transaction before the transaction expires.
  • Continuing with the example from part 1 (using the same account, keys, etc.) part 2 of the guide should also have an example that walks through the steps for this scenario: One of the key holders of the account wants to transfer 5.0 STEEM tokens to another user. The transaction should be signed with keys one, four, and five (which would exceed the 40% threshold).


  • The process that is used in the guide needs to easy enough to use that anyone with reasonable technical knowledge can set up a multisignature account and consistently sign transactions by following the guide.
  • The guide should not make any assumptions about the user knowing what to do. The instructions need to be very clear with no uncertainty about what needs to be done in each step.
  • The guide can only use tools and libraries that are open source and actively maintained.
  • The guide can only use tools and libraries that have been audited and accepted by the Steem community as valid tools/libraries (examples: SteemConnect, Beem, DSteem, etc.).
  • If the guide uses reference material from other sources, the sources should be properly referenced within the guide.

Some coding may be needed

It is possible that there isn’t sufficient support within the existing tools and libraries to be able to write a guide based on what is currently there. If existing tools/libraries need to be updated in order to complete the bounty, it may be necessary to make code changes and submit them via pull requests before the guide can be completed.

It will be the responsibility of the person creating the guide to make whatever code changes are needed to whatever repositories need them in order to meet the terms of the bounty. This includes working with the necessary parties to get changes accepted and merged into the official repositories.

Bounty Terms

  • The guide must meet all of the conditions described above.
  • The guide must be created as a post on the Steem blockchain. (If the guide is split up into two posts - part 1 and 2 - with sufficient linking between them, that is OK too.)
  • After the guide has been created, reply to this post with a link to the guide, as well as the name of an account where the process has been successfully used to transfer at least 0.001 STEEM to another account with the seven key multisignature example above. The reply to this post with the post link and account name will be considered the submission.
  • @transisto, @elear, @therealwolf, @drakos, @instructor2121, @sorin.cristescu, @clayop, @ausbitbank, @thecryptodrive, @yabapmatt, @aggroed, @cervantes, @upheaver, @lukestokes, and @timcliff will have "multisignature authority" over the approval of the bounty to determine if the terms are met. We will each have 1/15 voting weight. If at least 12/15 of the parties agree that the terms of the bounty have been met, then the 1500 STEEM bounty will be awarded.
  • If there are multiple submissions, they will be evaluated in the order that they are received. The first submission to receive 12/15 approval will be the winner of the bounty.
  • If a submission does not receive 12/15 approval and significant changes are needed to make it valid, the updated version (with the changes made) should be re-submitted as a new entry.
  • Please allow up to seven days from the time of submission for each of us to review the submission and vote.
  • Each of the 15 contributers will be responsible for paying their bounty to the winner.
  • If no valid submissions have been received by 23:59 (UTC) on March 31, 2019 then the bounty will be void/canceled.

If you have any questions about the terms of the bounty (including whether a particular library is OK to use) please ask :)

Good luck everyone!

[Edit] The bounty is now closed. Thank you everyone who participated!! The results can be found here:
Bounty Mission Success: Multisignature Transaction Guide Complete



Aw, you're ahead of me. I guess I won't bother to write mine up then. Glad I checked first.

Here s my submission for the bounty, using DSteem: .
I used the @multisig account to create the example.
If I do get the bounty, I will distribute most of it to projects on Fundition and the rest to other deserving Steemians.

If there is sufficient interest, I ll organize the code and push it to Github.

I have created this repository for reference :

I decided to write mine up anyway, since I think it's way easier than Crokkon's method and probably a worthwhile tutorial to have.

My example transaction is here.

I also wrote up a little bit about the philosophical differences in our approaches, because it interested me:

Here is my submission to the bounty

I used the account @fulanitodetal.

This is not just a guide but also a webpage to modify the authorities, and sign any type of transactions using multisignatures. It works on the browser, no need to install software.

Awesome, thanks! Unfortunately you did not qualify for the bounty because there were already four submissions ahead of yours, and the bounty was awarded to the first person to submit a valid entry. I did send you 50.0 STEEM from an anonymous donor though as a "thank you" for your contribution :)

Super! Thank you very much!

It would be cool to also make the escrow feature easier to use - we could have put the bounty in escrow from the start for instance.

You can use Steem-bounty for distributing the bounty.

Steem-Bounty takes 10% fee.

Posted using Partiko Android

Oh sorry I forgot that your bounty is high. I thought you might not know so I just recommended.

@kabir88 It might be worth following this project as it get done. This is what you were talking about earlier wasn't it??

Yes! It sounds like exactly what we need.

Well spotted @niallon11

I hope it gets completed soon, @daan might even be able to claim the bounty as he mentioned giving this a go

A pleasure to meet you, I hope that together we improve the platform, and for this we must be united.
Receive an affectionate greeting from a friend in Spain

Hi Tim, sorry to have to reach out to you this way, but Berniesanders and his bots and multiple accounts have left me no choice. He first began massive downvoting of everything I posted a couple weeks ago. These attacks were totally unprovoked, and I never even replied. Gradually, they let up. But, yesterday he started wiping out my posts again, and so I reposted them for a couple hours just to see if he would stop. Then, because he didn't stop, I eventually did, and even replied to a written threat he made to destroy my account for "spam." You've had my vote for witness for several months during which time I went months without ever downvoting anyone, or even arguing with anyone, while gradually building almost a 65 rep score without ever using bots to do it. If you look at my blog this morning you can see Bernie has followed through on his threat. If people can indeed be destroyed on Steemit simply for being conservative and posting about conservative issues, then Steemit will die. We need to hardfork away purely malicious ideologically-driven auto downvoting, and/or massive manual downvoting. Will you work to address this?

We need to hardfork away purely malicious ideologically-driven auto downvoting, and/or massive manual downvoting. Will you work to address this?

Sorry, no. My position on flagging can be found here.

These attacks were totally unprovoked

Stakeholders are allowed to downvote content that they don't believe is deserving of rewards. There doesn't have to be any reason - it is their choice as stakeholders.

.. My suggestion is to reach out to bernie on (nextgencrypto) very nicely and politely and try to see if there is a way you can come to an agreement on how to proceed. Do not be an ass; do not try to tell him what he can/can't do; and do not try to tell him he is wrong in his choice to flag you. If you go into the conversation with the right attitude, he is often actually nice to deal with and there is a good chance you will find some type of resolution.

You are a piece of shit spammer and have been flagged accordingly. Enjoy!

Hi @timcliff, Great! I may not do this, but this reminds me of that I was the first followee of @sisilafamille which requires multisig :) Check it out, there are still only two. I believe that you know that @sisilafamille is a special account. It's a good test account for multisig. I also made @temp follow me, which requires zerosig :)

I deserve some bounty :)

My post (you can see from permlink)

ps. Many thanks to @smitop! I was confused with @temp and @sisilafamille, since it was a while ago.

Technically @temp isn't multisig or normal/singlesig. @temp requires exactly zero signatures.

Sorry, you're right. Thank you so much for pointing out that. Actually it was @sisilafamille You can even see my post there on the top :) I'll edit my first comment including your comment.

So I've done both: multisig and zerosig :)

ps. I thought your id looks quite familiar to me. and the reason was it was you who gave me some hint :)

By the way, how did you suddenly appear? You seem working for Steemit :) Please do this for Ned: I've already made PR for Busy. I left steemit condenser for you :)

Hey @smitop is great too! Actually the first to get followed was @a-0, when I (@smitop) was testing the account. They have been unfollowed now.

Haha :) Thanks and sorry that I didn't check thoroughly at that time. Sure there are many geeks :) By the way, are you talking about @temp? What I meant was @sisilafamille. I already knew I wasn't the first for @temp.

There have already been four previous entries to the bounty contest. It has not been finalized yet, but it is almost certainly going to be paid out to one of the previous entries. Thanks for your submission though.

Hi @timcliff, thanks for your reply. Actually mine isn't a submission :) You thought it was cause it has some links, but they're my very old posts that are multisig or zerosig transactions themselves. @sisilafamille requires multisig, @temp requires zerosig. Anyway they're still good and interesting examples (again the posts are not submissions/tutorials), so just check them out when you have time.

Nice initiative! Multisig is the foundation of many useful technologies like second layer scaling. Just the other day I was reading about a poker ICO that figured out how to shuffle a deck without using a centralized bottleneck. The use cases of multisig haven't even come close to being fully realized.

Well I can't participate in this one, since I have no idea how to do it either. If you ever need instructional materials made where someone can offer the technical knowledge, I am very good at creating instructional materials. I'm just not that technical myself.

Will resteem though.

This is definitely something that would be really beneficial to STEEM.

like the teacher says: SAFETY FIRST


This sounds like a good project for master documenter @inertia to me.

I don't want to discourage the community from taking this on. I don't have any plans to tackle this, specifically. Besides, I'm not up to speed on how the other languages handle it. I have documented ruby specific aspects of this here:

But this assumes you've already established the account, which I have not documented anywhere.

I'm extremely curious to see if a bounty is actionable by the community. If so, this will be a great pattern.

Hey, @timcliff and all the other collaborators!

Thank you for your contribution to the crowd. We are the Steemit project dedicated to empowering The Wisdom of Crowds. You can find more about us on our official website or whitepaper and you can support us by voting for our witness and joining our curation trail on Steemauto . We are also inviting you to join Crowdmind Discord server. Don't forget to use the #crowdmind hashtag and happy crowdsourcing!

Additional comment: Your decision to reach out to the crowd about particular development problem and giving precise details what needs to be done is a perfect example of empowering crowd wisdom.


Thanks for doing this and thanks to everyone that donated towards the cause.

Nice resteemed so if there is a programmer in my followers list to hop in 😂

Posted using Partiko Android

Well, I will see what can I do :)

Posted using Partiko Android

Nice one! I don't have time to WRITE this soon, but I'd love to READ it ;-)
@holger80 would't this be a nice feature for beempy? :)

Yes, already done :)

Hi @timcliff!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 8.480 which ranks you at #5 across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 207 contributions, your post is ranked at #2. Congratulations!

Evaluation of your UA score:
  • Your follower network is great!
  • The readers appreciate your great work!
  • Great user engagement! You rock!

Feel free to join our @steem-ua Discord server

This post has been included in today's SOS Daily News - a digest of all you need to know about the State of Steem.

a good idea)