ProgramCrafter
commented
6 months ago Alternatively, multisig could consist of control contract and executive contract (which would be its displayed address, and would contain minimal amount of code).
Closed ProgramCrafter closed 6 months ago
ProgramCrafter
commented
6 months ago Alternatively, multisig could consist of control contract and executive contract (which would be its displayed address, and would contain minimal amount of code).
hpiri
commented
6 months ago You're right . What interesting ideas!😂
tolya-yanot
commented
6 months ago This has already been pointed out in the README.
⚠️ Multisig does not limit the content of Order actions, so Order can include absolutely any actions, including those that create new multisig orders or approve existing multisg orders or change multisig configuration (e.g. a list of signers).
Order content is stored entirely on the blockchain and is available for all to see. Also, such orders for execution must collect all necessary approves according to all rules.
Signers can approve any outgoing message from multisig, and that makes them able to deploy order corresponding to that same multisig and mark it as approved by any of the signers, even not ones approving the original message - that can break the transparency of who signed what at the very least.
Overcoming this requires powerful emulation so that signer does not see "some random contract deploy" but rather "signing message that deploys order that could (remove her from signers list)/etc".