Multisig Guide

A guide for creating a 2 of 3 multisig account and sending transactions

To follow this guide you’ll need cyberdcli installed and connected to any cyberd node (refer to our cli guide). A reminder: this guide covers all types of transactions, not only send transactions. This guide is also relevant for Cosmos Hub Gaiacli users, except for the bandwidth params, in Cosmos we pay a fee using tokens.

Do not forget about the --chain-id flag in cyberd, and in the Cosmos Hub networks. You can always get the current <chain-id> in the master branch of the repository.

Creating a multisig

The multisig account creation and sending transactions are simple and clear but can be a little long.

  1. Import or create a thresholder accounts for multisig:
cyberdcli keys add test1
cyberdcli keys add test2
  1. Add pubkeys of remote thresholder accounts:
cyberdcli keys add test3 --pubkey=<thresholder_pub_key>

We now have 3 accounts for multisig account generating: test1 and test2 on a local machine that we have access to. test3 from a remote thresholder that we do not have access to. All the created and imported accounts can be checked with:

cyberdcli keys list
  1. Now, we can create and test the 2-of-3 multisig account, named for example: multitest1 with keys test1,test2 on a local machine and test3 on a remote thresholder:
cyberdcli keys add multitest1 --multisig=test1,test2,test3 --multisig-threshold 2
  1. You should top up the balance of your multisig account. Make sure that you have enough bandwidth to execute transactions later.

Spending out of a multisig account

  1. Create an unsigned transaction from the multisig account and store it in the unsigned.json file:
cyberdcli tx send <recipient_address> <amount>cyb --from=<multisig_address> --chain-id=<chain_id> --generate-only > unsigned.json
  1. Sign this transaction with the following command and then store the signed file in sign1.json:
cyberdcli tx sign unsigned.json --multisig=<multisig_address> --from=<your_account_name> --output-document sign1.json --chain-id=<chain_id>
  1. You need to send the obtained file to a remote thresholders for signing. You can see the content of the file containing the transaction with:
cat unsigned.json

You may now copy the content that is convenient to your .json file and send it.

  1. You should also sign the remote thresholder, just like you did two steps above, and send your signed file back. For example sign2.json

  2. Copy the signed file from the remote thresholder into your cli home directory with the following command:

cp sign2.json $HOME/.cyberdcli

Your cli-home folder should content 3 .json files: unsigned.json, sign1.json, and sign2.json (at least). Those are the necessary and sufficient conditions, because we’ve set up a 2-out-of 3 multisig account.

  1. Generate a multisig transaction with all of the signatures:
cyberdcli tx multisign unsigned.json multitest1 sign1.json sign2.json --chain-id=<chain_id> > signed.json
  1. Finally, we need to broadcast this transaction to the network:
cyberdcli tx broadcast signed.json --chain-id=<chain_id>

If the multisig account has enough bandwidth, the transaction should be broadcasted to the network.