If you've gone through our Multisig and Permission series, you should know how to craft an account’s permission structure to provide the security that you need, and how to create an msig proposal. We can finally move on to gathering the required signatures over the blockchain.
Defining the Requested Signatures
When crafting the msig proposal, you must specify the requested signatories. To do this, use the flag
--request and then list the accounts that you require signatures from, separated by commas. It will request the
active permission, unless you specify otherwise, by adding
To simplify the signature request process, and to save you from any possible mistakes, we’ve added a few flags to
eosc to automate part of the process. Let’s walk through each of them and give examples of when you may want to utilize them.
Requesting Producer Signatures
One of the most widely seen uses of msig is when a proposal needs to collect the signatures from 15 of the top 21 Block Producers on the chain. This is used to satisfy the
eosio.prods@active permission, which is used by all system level accounts.
eosio.prods is an account with a dynamic permission structure listing all top 21 producers, which changes as votes are constantly being tabulated. Since there is the possibility of seeing a Block Producer move in and out of the production schedule during the time between proposal and execution, each proposal will typically be proposed with a request for signatures from the top 30 Block Producers as seen at the time of proposal. This will save from the need to re-propose should there be a lot of turnover between the Producers at the top. However, to satisfy the permission,
eosio.prods@active will still require 15 signatures of the top 21 at time of execution.
To easily request signatures from the top 30 without the need to add them individually, you can utilize the flag
--request-producers. Once you add this flag and run the command, you will see this list created automatically before entering your passphrase to execute.
Signing From an Account that Has an Msig Structure
Let’s take a look at the
active permission for the EOS Canada producer account,
We have set up a structure like this to ensure that when our team signs something, that multiple people with fresh sets of eyes will have reviewed it. This also means that when
eoscanadacom@active is included within the requested signatures of any proposal, we need to create an internal msig to gather the required signatures to sign that proposal.
We do this by creating a secondary proposal that includes a transaction of us approving the initial proposal, collecting the signatures needed to satisfy the
active permission which was requested. To read a step-by-step walkthrough on how to create this secondary msig, please read through our guide. Rather than inputting each account, we simply run the command:
eosc multisig propose [PROPOSER] [PROPOSAL_NAME] [TRANSACTION_FILE] --request eoscanadacom --with-subaccounts
--with-subaccounts flag will recursively navigate the delegated accounts of the given permission structure and add them to the requested permissions. This will help you save time and the need to re-propose a request caused by mistyping any of the multiple account names.
By default, the
owner permission is omitted from recursion when using
--with-subaccounts as it sometimes adds noise and most teams don't have their
owner keys at hand anyway. You can easily add the request for the
owner permission by adding on the flag
--with-owner. This requires the
--with-subaccounts flag to also be included in the command.
We have now reached the end of our multi-part series on how to understand and utilize the msig function and customizable permission structures within EOSIO chains. If you are left with any further questions, please join the discussion in our Telegram channel. These incredible tools are only just beginning to be utilized to help secure and advance the future of blockchain.