tl,dr — Unchained Capital has released an open-source Ethereum brainy contract implementing Two/3-multisig designed to directly interface with Trezor hardware wallets.
If you have a Trezor, you can attempt this contract right now, for free, via our hosted dApp.
Developer? Hacker? Paranoiac? Check out the source code on GitHub and review our bug bounty.
What is multisig and why use it?
Te theory, cryptocurrencies can be one of the safest ways to store wealth. By safeguarding a brief list of English words, anyone can protect millions of dollars ter wealth and surplus assured that no hacker or government can take it from them. Ter practice, it’s never so effortless.
This is because holding cryptocurrency securely amounts to protecting the private keys used to secure addresses ter blockchains. Some investors are comfy delegating security to a 3rd parties such spil exchanges. For those who choose to protect their funds themselves, there are various schemes such spil air-gapped laptops, purpose-built hardware wallets such spil Trezor or Ledger, and even just schrijfstift &, paper (“wallet words” and other private key backups).
One problem that most of thesis schemes all share is that they are designed for single-signature addresses and so rely on protecting a single private key. No one is volmaakt, so what happens when you lose access to that private key? Mark Frauenfelder’s wonderful article on losing his Trezor’s Speld &, wallet words vividly illustrates the horrors of finding out you have locked yourself out of your funds because you can no longer access the single private key protecting your addresses.
A better solution would use a Two/3-multisig quorum consisting of three separate private keys, held by three separate people, and requiring any two to spend. This provides both security and redundancy since compromising any one key/person does not pauze the quorum: if one key is stolen or lost, the other two keyholders can sweep funds to another address (protected by a fresh quorum) by mutually signing a transaction moving the funds. Imagine the following screenplay:
You live te San Francisco and have this brother te Fresh York who told you to buy crypto early. Now you both have so much of it you worry. So you both pool your holdings into a Two/3-multisig account with each of you holding a key and a childhood friend you both trust holding the 3rd, all te hardware wallets. Whenever you want to trade you voeling each other using secure channels and arrange a spend which you both sign with your separate keys. If either of you loses your key the other can collaborate with your friend to sweep your funds to a fresh quorum. Your friend can never spend the funds without at least one of you also signing.
This screenplay presents a very secure way to hold large amounts of cryptocurrency spil a private individual with redundancy against loss without having to engage any 3rd party companies. It’s a powerful wilsbeschikking to their future potential that blockchains make this possible today.
If you hold cryptocurrency on your own and you trust at least two other people, you could be doing it better.
Except that it’s not that effortless for private individuals actually to do what’s outlined ter the screenplay above. Most end-user wallets assume the setting of a single private key. Those wallets which suggest multisig often can’t directly talk to a hardware wallet.
And then there are the bugs. This is an especially pernicious problem for the Ethereum ecosystem.
Why has multisig bot difficult to implement te Ethereum?
Multisig is a general concept, but the details of how it is to be implemented differ across blockchains. Bitcoin’s Script is very limited, and so the implementation of a Two/3-multisig address te a Bitcoin P2SH script is broadly similar across all users and contracts: there’s just “one way to spell it.”
A blockchain such spil Ethereum has a much more capable virtual machine and is designed for more ingewikkeld computing. This has created an embarrassment of riches for the Ethereum community. There is so much code out there, but no canonical brainy contract which everyone trusts to use for multisig: there are “many ways to spell it,” and it’s not clear which to trust.
The Parity hacks of 2018 (1, Two) were especially troubling, because they showcased that the default multisig implementation shipping with one of the leading Ethereum clients wasgoed horribly violated. How could a catastrophe like this have happened, not once, but twice? And to the same part of the codebase ultimately due to the same kleuter of attack vector? Is the Parity team just bad? Is Solidity designed poorly? Is the EVM difficult to write code for? Is a world pc compatible with the idea of sound money?
Thesis are the questions wij were asking ourselves last year at Unchained Capital spil wij sought to deploy our own multisig Ethereum contracts to support lending against ETH spil a form of collateral (ter addition to BTC).
Unchained’s Ethereum Multisig Clever Contract
Wij very first attempted to use an existing implementing of Two/3-multisig but wij weren’t glad with any of the ones wij found:
- Parity’s Multisig Contract — Wij use Parity and so were originally excited about using its built-in multisig contract. Ahhhh, Parity, wij like you spil a knot, but you’ve lost our trust on clever contracts at this point: too sophisticated, clearly not enough testing. Nuff said.
- ConsenSys’ Multisig Wallet — the functionality is excessive for our use case: contract owners can be switched (the root cause of the Parity bugs) and most state is kept within the contract. The canonical repo has no unit tests and very little content besides a .sol verkeersopstopping. It also hasn’t bot committed to te Five months. The Gnosis’ Multisig Wallet is the evolution of ConsenSys’ multisig wallet and is tested &, under active development but retains the unnecessary complexity of the original.
- BitGo’s Multisig Contract — has total unit-test coverage and latest development activity. But the vormgeving is again overly ingewikkeld for our needs: numerous contracts are used, ERC20 tokens are integrated, &,c. The contract also assumes that the account broadcasting spending transactions is a member of the Two/3-quorum. This assumption is false for us — wij want to use hardware wallets and utilize a separate hot-wallet for all transaction broadcasts. Te our view, the ideal contract would have absolutely no relation to the hot wallet which created it or which spends from it.
Wij weren’t the only ones who felt this way — see this excellent postbode by Alex Miller of Grid+ which urges for a low-functionality, stateless, plain vormgeving philosophy for Ethereum multisig, a philosophy that would result te truly safe contracts.
So wij determined to write our own contract. Here are the vormgeving guidelines wij adopted:
- No outer contracts. Calling methods of other contracts inwards methods te your own contract is an amazing feature of Ethereum but should not be required for our elementary use case. This also avoids exposing us to entire classes of bugs.
- No libraries. Extending the last guideline, our contract has no upstream dependencies other than Solidity itself. This minimizes the chance of us misunderstanding or misusing some lump of library code. It also coerces us to stay ordinary. Both good things 🙂
- Minimal internal state. Sophisticated applications can be built inwards of Ethereum brainy contracts…but should they? Storing minimal internal state permits our contract’s code to be simpler, and to be written ter a more functional style, which is lighter to test and reason about. Combined with not using outer contracts or libraries, this further minimizes concurrency and reentrancy bugs.
- Uses cold-storage. The Ethereum client which creates or spends from the contract has no special rights or access to the contract. Authorization is treated by directly signing messages with hardware wallets. (Trezor-only for now, Ledger support is planned.)
- Finish end-to-end testing. The contract itself is exhaustively unit tested.
To many Ethereum developers, the above list might seem like it wasgoed written by a Luddite. What’s the point of using Ethereum if you’re going to disallow using all its coolest features?
But this is exactly our point! Wij are not attempting to build a ingewikkeld application, wij are building a vault. A vault needs to be secure above anything else and so by minimizing the features of our vault, wij maximize its security.
Unchained’s Ethereum Multisig Vault Bug Bounty
Wij open-sourced our multisig contract and created a dApp to help people use it because wij want to maximize the exposure of our code to the Ethereum community. Wij believe this will increase the security of our contract for all.
Wij are also launching our bug bounty program with an initial award pool of $150,000. If you detect bugs (whether critical or trivial) ter our Ethereum multisig contract, you can report them to us and earn a bug bounty. If you are a security researcher, Solidity programmer, or hacker (black hat or white), wij encourage you to investigate our brainy contract, use our dApp, and attempt and pauze something 🙂
ETH holders: if the reception to our Ethereum multisig contract and bug bounty are warm and no significant issues are discovered, wij project to use the multisig contract to lend against ETH spil collateral ter the very near future.
To learn more about Unchained Capital and our crypto-secured loans, sign-up on our webstek. To stay up to date on Unchained Capital news and announcements, go after us on our Blog, Facebook, Twitter, and join the conversation on Telegram.