DEV Community

Cover image for Building a Secure Multisig Wallet on Ethereum
Sumana
Sumana

Posted on

Building a Secure Multisig Wallet on Ethereum

Introduction

In the fast-paced world of cryptocurrencies, securing digital assets is crucial. One effective way to enhance security and manage funds with others is by using a multisig (multi-signature) wallet. In this blog post, I'll explain what multisig wallets are and guide you through creating a custom multisig wallet smart contract on the Ethereum. I'll break down the code, explain each function, and show you how to deploy contract in testnet.

What Is Multisig Wallets

A multisig wallet requires multiple private keys to approve transactions, offering enhanced security. Unlike single-key wallets, it needs several signatories to authorize actions, reducing risks like unauthorized access and key person failure. It’s ideal for collective fund management and securing assets.

How It Works

Multisig wallets enhance security by requiring multiple keys for transactions. With a smart contract, each transaction needs a set number of confirmations before it’s executed. For instance, a 2-of-3 wallet needs two out of three owners to approve a transaction. This reduces risks like key person reliance, ensuring no single person controls the funds.

Use Cases for Multisig Wallets

Escrow Protection: Escrow transactions between two parties can use 2-of-3 multisig wallets.

Decentralized Finance: Trading, borrowing, and lending can occur through collective decision-making.

Collaborative Ownership: Ensures that transactions involving shared assets occur only with the agreement of all parties.

Overview of the MultiSignWallet Smart Contract

Purpose

The MultiSignWallet contract is designed to enhance the security of cryptocurrency management by requiring multiple confirmations for transactions, thus implementing a multisignature (multisig) approach. This contract allows multiple owners to manage the wallet and ensures that transactions are only executed if a specified number of owners confirm them.

Key Components

  1. Events

    • Deposit: Logs when ether is deposited into the wallet.
    • SubmitTransaction: Logs when a new transaction is submitted.
    • ConfirmTransaction: Logs when an owner confirms a transaction.
    • RevokeTransaction: Logs when an owner revokes their confirmation of a transaction.
    • ExecuteTransaction: Logs when a transaction is executed.
  2. State Variables

    • owners: Array of addresses representing the wallet owners.
    • isOwner: Mapping to check if an address is an owner.
    • numConfirmationsRequired: Number of confirmations required to execute a transaction.
    • transactions: Array of Transaction structs representing the submitted transactions.
    • isConfirmed: Mapping to track which owners have confirmed a transaction.
  3. Modifiers

    • onlyOwner: Ensures that only an owner can call certain functions.
    • txExists: Ensures the transaction exists.
    • notExecuted: Ensures the transaction has not been executed.
    • notConfirmed: Ensures the transaction has not been confirmed by the caller.
  4. Structs

    • Transaction: Represents a transaction with details such as recipient address, value, data, execution status, and number of confirmations.

Functions

  1. Constructor

    • Initializes the contract with the provided owners and the required number of confirmations.
  2. Transaction Management

    • submitTransaction(address _to, uint256 _value, bytes memory _data): Allows an owner to submit a new transaction.
    • confirmTransaction(uint256 _txIndex): Allows an owner to confirm a submitted transaction.
    • revokeConfirmation(uint256 _txIndex): Allows an owner to revoke their confirmation of a transaction.
    • executeTransaction(uint256 _txIndex): Executes a transaction if the required number of confirmations is met.
  3. Ether Management

    • depositETH(): Allows anyone to deposit ether into the wallet.
    • receive(): Fallback function to receive ether.
  4. View Functions

    • getOwners(): Returns the list of wallet owners.
    • getTransactionCount(): Returns the total number of transactions.
    • getTransaction(uint256 _txIndex): Returns the details of a specific transaction.
    • getBalance(): Returns the current balance of the wallet.

Example Use Case

To submit a transaction, an owner calls submitTransaction, specifying the recipient address, value, and data. Other owners can then confirm the transaction using confirmTransaction. Once the required number of confirmations is reached, any owner can execute the transaction by calling executeTransaction.

Summary

The MultiSignWallet smart contract provides a robust framework for managing cryptocurrency securely by requiring multiple confirmations for transactions, thus reducing the risk associated with single-key wallets. This contract is particularly useful for organizations and groups where collaborative decision-making is essential.

If you're interested in trying out the contract, you can find the complete code on GitHub.

Deploying the Multisig Wallet Smart Contract to Sepolia Testnet

Deploy to Sepolia Testnet:

  • Go to the Deploy & Run Transactions tab and select Injected Provider.

  • MetaMask as the environment.

  • Sign in to MetaMask if prompted and ensure you're on the Sepolia Testnet.

  • Verify that the network is configured properly to Sepolia Testnet.

Select Injected Provider

Adding Owners and Confirmations

  • Add Two Account Addresses as Owners:

    In the Deploy & Run Transactions tab,locate the constructor input fields.

    Enter two account addresses (separated by commas) in the _owners input field.

    For example: ["0xAddress1", "0xAddress2"].

    Enter the required number of confirmations (e.g., 2) in the     _numConfirmationsRequired input field.

Add owners and confirmations

  • Approve Deployment:

   Click Deploy in the Deploy & Run Transactions tab.

   Hit Confirm in the MetaMask notification window to approve and pay
   for the contract deployment transaction.

Approve

  • View Contract Details

  Copy the contract address from the Deployed Contracts window.

Copy contract address

View Contract Details

  • Navigate to Sepolia Explorer:

  • Navigate to the Sepolia network explorer and use the contract address to search for your contract to view the details.

See the contract details

Next Steps: Verify Your Smart Contract

  • Verify Your Contract:

Use the Etherscan Smart Contract Verifier tool to verify your deployed contract.

Go to Etherscan Sepolia.

Locate the "Verify Contract" option, and follow the instructions to verify the source code and deployment details.

Congratulations! 🎉 You have successfully deployed a smart contract on the Sepolia network using Remix IDE.

Top comments (0)