Open justinmoon opened 5 years ago
After investigating more, it seems that multisig addresses can't be displayed. Every library display_address
function has a Only supports single-key based addresses
comment. This would be very nice -- hardware wallet multisig is kinda pointless if you can't verify receiving addresses on device display.
All devices handle this differently, either by imo trusting too much, all the way to requiring the user to register multisig wallets on the device first. Going to be difficult to do without a standard.
What about just displaying a multisig address on device display using the displayaddress
HWI command? I know that at least trezor and coldcard can do this in Electrum.
Is this something we could implement here? (I can take a stab at it ...)
That could be a partially-supporting feature yes.
I really want to somehow convince all manufacturers to support registering descriptors so we can have a unified "display address" feature :/
Let's say I have 2/2 multisig. I generate a receiving address on desktop and check it against
hwi displayaddress --desc <desc>
on both devices. Then I know that each device controls a key in the multisig address.But how do I actually verify that the address corresponds to a 2/2 multisig address and not k/k where k > 2 without trusting any UI except the hardware wallet display.
Possible attack: the redeemscript is actually 3/3 with 2 of our keys and a 3rd pubkey that belongs to a ransomer.