Info

Download ZIP (13.6 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

33

Comments

Multisig-wallet.
Accept after check all message.
Signatures are checked only for new and only for those public keys that are in the repository.
Storage and verification that the signature is already exists is very light and compact.
You have not added any comments yet...
by rating

Issues

Magic Python Oct 29, 2019 at 17:11
Sadly it didn't work on our test (n=16, k=10).
Accepts a message without any signature in it.
A lot of required features are not implemented.
10
Keen Rabbit Nov 1, 2019 at 03:55
thx for review and for you posts on tg channel, it helps understand some difficult place.
Magic Python Oct 16, 2019 at 12:44
accept_message() is called after ALL signatures are checked. It is very likely than it won't be enough gas_credit to handle orders with multiple signatures
1
Sorry. I was wrong about that, but there is more serious issue. Within signature check loop msg_order is replaced. So you have dictionary of cells (pubkey, signature, msg_order). You check signatures against their own msg_order (they all might be different), you count them like they are same, and then send last one that was checked.

Is there anything preventing me (who has access to a single key) to add absolutely unrelated order to the list, and pass signature count checks?
1
Keen Rabbit Oct 22, 2019 at 02:00
Hmm, really need more verification

```
;; ckeck may be signature already exists
if ((order_found) & (check_sign & signs)) {
  ;; sign already exists
} else {
  msg_order = signature_message;
  var msg_for_check = signature_message;
  var check_order_id = msg_for_check~load_uint(32);
  throw_unless(64, check_order_id == order_id);
  throw_unless(34, check_signature(slice_hash(signature_message), signature, pubkey));
  sign_count += 1;
  signs += check_sign;
}
```
You try to do garbage collection before accepting message. If there are many pending orders it can potentially lock you out of funds.
Keen Rabbit Oct 21, 2019 at 07:14
You are right, it would be better to make it possible to run cleaning as a separate command in recv_external.
Nobody added any issues yet...