Multisig dedicated tables #5229
Description
The current multisig implementations, which fully utilize metadata for storage, may lead to inconsistencies between roles and account metadata.
Suppose that there are:
- multisig account
msa01whose signatories aresig0andsig1 - accounts
sig0andsig1, each has the multisig role formsa01
They can be inconsistent e.g. multisig account can include/exclude some signatories by democracy without granting/revoking their roles. To prevent this, we should rely on either of them to know the relationship between a multisig account and its signatories:
- multisig account metadata
- multisig roles
One approach needs an complemental implementation to the other:
- e.g.
participates_inkey-value as a multisig account metadata, to know the multisig account from the signatory - new query e.g.
FindAccountsByRole, to know the signatories from the multisig account
Concerns of each approach:
- self-modification:
- by self-modifying
signatories, an account can pretend to be a multisig account and have any signatories- problematic unless multisig accounts are supposed to be able to reorganize its signatories
- needs a way other than checking the
signatoriesexistence to discern a personal and a multisig account
- by self-modifying
participates_in, an account can pretend to be a signatory of any multisig account- not so much harm unless the multisig account recognizes the account as a signatory
- by self-modifying
- the domain owner can break everything as usual, other than that I see no specific problems atm
So my current outlook is 2. -- remove signatories metadata and introduce FindAccountsByRole or something