There is a common mistake some devs make when configuring the MultiSig wallet, they either send the incorrect pubkey for the other participants or start the incorrect wallet as multisig.
We should implement some protections on the headless against these mistakes so the user is more informed on why the error is happening.
Solutions
Starting a MultiSig wallet
We can derive the multisig pubkey and check that the seed/privkey of the started wallet is part of the configured multisig.
So the user will receive an error when starting an incorrect wallet.
Protection on /wallet/p2sh/tx-proposal/get-my-signatures
This API receives a transaction (hex encoded) and signs all inputs from the wallet.
We should return an error if no inputs from the wallet are found, meaning the transaction has no impact on the wallet.
Protection on /wallet/p2sh/tx-proposal/sign and /wallet/p2sh/tx-proposal/sign-and-push
These APIs receive the transaction and signatures from the participants and builds the complete transaction.
We should check that the signatures are from the participants of the current multisig wallet, meaning that if the other participants use an incorrect wallet to sign, we can detect it and return an error.
We can also add another protection against sending signatures from the same wallet twice, currently we overwrite the signatures but checking that signatures from the same wallet were sent twice makes it less likely for participants to make mistakes on the number of signatures sent.
Issue description
There is a common mistake some devs make when configuring the MultiSig wallet, they either send the incorrect pubkey for the other participants or start the incorrect wallet as multisig. We should implement some protections on the headless against these mistakes so the user is more informed on why the error is happening.
Solutions
Starting a MultiSig wallet
We can derive the multisig pubkey and check that the seed/privkey of the started wallet is part of the configured multisig. So the user will receive an error when starting an incorrect wallet.
Protection on
/wallet/p2sh/tx-proposal/get-my-signaturesThis API receives a transaction (hex encoded) and signs all inputs from the wallet. We should return an error if no inputs from the wallet are found, meaning the transaction has no impact on the wallet.
Protection on
/wallet/p2sh/tx-proposal/signand/wallet/p2sh/tx-proposal/sign-and-pushThese APIs receive the transaction and signatures from the participants and builds the complete transaction. We should check that the signatures are from the participants of the current multisig wallet, meaning that if the other participants use an incorrect wallet to sign, we can detect it and return an error.
We can also add another protection against sending signatures from the same wallet twice, currently we overwrite the signatures but checking that signatures from the same wallet were sent twice makes it less likely for participants to make mistakes on the number of signatures sent.