Workshop -Multi-Signature Deployments

Owned by Medha Parlikar
Last updated: Feb 13, 2020
6 min read

Recording on Youtube:

 

Dial in Information is at: https://casperlabs.atlassian.net/wiki/spaces/REL/pages/136544674/Weekly%2BWorkshops%2BHome

Participants

 

  • @Medha Parlikar

  • @Tom Vasile (Deactivated)

  • Ledger Leap (Stefan & Thomas)

  • @Ashok Ranadive (Unlicensed)

  • @Former user (Deleted)

  • @Mark Greenslade

  • @Former user (Deleted)

  • Thomas

 

 

During this workshop, we will demonstrate CasperLabs' flexible multi-signature functionality within smart contracts. We will demonstrate the ‘threshold’ feature within an account, and how keys with sufficient weight can sign a deploy to meet a threshold, and how deploys can be sent for signature using the CasperLabs client.

Goals

  • Demonstrate the capability of CasperLabs weighted keys

  • Install the client

  • Build the contracts

  • Send the deploy via email to someone for signature

  • Send the deploy once it has the second signature.

 

  • We will record the session.

Step by Step Plan

  1. Create some keys

  2. View the default weights for the key.

  3. Update the key thresholds to 2 using a deployment

  4. Update the deployment thresholds to 2 using a deployment

  5. View the weights.

  6. Create a transfer deployment, sign it and send it to someone.

  7. Other signatory signs the deploy & sends it via the client.

  8. Observe that a single signer cannot complete the deployment (transfer)

 

  1. Clone the repository on your machine

git clone -b dev https://github.com/CasperLabs/CasperLabs.git

2. Install the CasperLabs client using brew, apt, docker or tarball ….

3. Compile contracts

cd execution-engine make setup make build-contracts

4. Let’s look at the weight of Key1 - go to clarity.casperlabs.io and look at GraphQL

Let’s get the latest block:

query { dagSlice(depth: 1) { blockHash } }

 

Now - let’s open a new tab in GraphQL and lets examine the account associated with Key1 : Use Graph QL to see the keys associated with the contract. Obtain your Hex key and replace it in keyBase16 - and the latest block hash in ‘blockHashBase16Prefix’ and then run this graphQL query.

You should see a result that looks like this:

 

To prevent being locked out of the account, you must add a key that has more weight than the key management threshold (which must be increased prior to increasing the deployment threshold)

 

(the path for the contract under CasperLabs is ‘execution-engine/target/wasm32-unknown-unknown/release/keys_manager.wasm’)

7. Now we will update the thresholds for the account of Key1. NOTE: the key_management threshold must be equal or greater to the deployment_threshold. This is a safety measure which prevents the account from being locked out.

Run the deployment:

Confirm the deploy worked.

Check the values in GraphQL - you should see a new key management threshold.

 

8. Now update the deployment thresholds for the account. This will authorize only key2 to perform the token transfer.

Repeat the GraphQL queries by getting the latest block hash.

Upon completing this deployment, Key1 will not be authorized to sign a token transfer.

Let’s export our arguments for the token transfer.

Now we will create the deployment, sign it and send it for a second signature. We will sign this deployment with Key 1

Then send this file via a mechanism (scp, email) to someone else, or input it into the process to sign the deployment. This deploy is signed with 1 key. It will need another key (assuming both keys have a weight of 1) in order to process against the account.

Send the deployment to the second party to sign. You can send the deploy by whatever mechanism you wish.

 

Now the deployment could be sent by party 2 if they wish.

Observe that the token transfer succeeds and token lands in the account3 balance.

Software Version (GitHash)

CasperLabs Client 0.11.0 (5777274434bf8cb676c43b0a0ca28f4e015c683e)

Deployed to DevNet

What you need to know:

  • Key weights work with thresholds. Any number of authorized keys can be used in combination to sign a deployment to meet a deploy threshold.

  • The key_management threshold must be equal or greater to the deployment_threshold. This is a safety measure which prevents the account from being locked out.

  • If the keys signing a deployment lack the sufficient weight to meet the threshold, the deployment fails to run on the node. Users do not get an error message about this. They observe that the transaction never appears in a block.

Notes:

Title

Description

Notes

Title

Description

Notes

Verify pre-requisites

Check that everyone has managed to get through the setup.

Does everyone have keys in Clarity?

Has everyone cloned the repository and built the contracts?

Does everyone have the client installed? What is the version number for the Client?

 

 

 

Outcome:

  • If you want to unwind the change to the thresholds, just repeat the process and reset the weights back to the defaults.

  • You can also attempt to remove the associated key also if you wish, after you have reduced the deployment thresholds and key management thresholds.

Help!

Go to Discord- we will help you there: https://discord.gg/mpZ9AYD

Decisions

  • We need to figure out how users can see that they hit an authorization error. No block is created, because the deploy isn’t authorized, and this presently only shows up on the server logs. App developers may need to check that they don’t send a deploy until the requisite key weights are in place.