Open JeremyRubin opened 6 years ago
robdenison
commented
6 years ago however, this addresses the case where a transaction is signed and then a subsequent setoptions is performed changing the thresholds of a key upwards.
Couldn't this be done by adding an additional signer, which could just be derived from that key? (Of course you might hit the 20-signer limit if you do too many of these).
jedmccaleb
commented
6 years ago When would you want to only sign with part of your weight?
JeremyRubin
commented
6 years ago This allows you to setoptions modulate the thresholds and weights for existing keys without accidentally making a previously invalid transaction valid.
I think a more classic example is the "mom can I have a cookie -> ask your father" scenario. You have a 2 of 2, where either party can authorize payments, but one signals a partial authorization to get consensus with another keyholder.
Perhaps emulable with other things (signing with an invalid prefix), this seems the easiest to reason about & use for contracts though.
Currently a signer may only sign with 100% of their authorization.
Adding a mechanism by which a signer may specify the amount of threshold they are intending to grant would be more flexible, but slightly redundant with existing functionality.
In theory this isn't adding much new functionality: each signer could have keys with 1-to-max allowed threshold keys and choose to sign with one or the other depending on their current intention, however, this addresses the case where a transaction is signed and then a subsequent setoptions is performed changing the thresholds of a key upwards.
To address this, signers should be able to specify a theshold cap. Then the weight of the sig will be min(cap, signer weight). Alternatively, the transaction could be invalid if cap > weight.
Either of these construction enables various types of smart contract where a signer is granted more weight on an account.
There is no need for the signer to specify hi/low/medium because they can see what level a transaction they are signing is by virtue of the transaction it contains.