The problem is that the signed message in this example is always an array of zeroes (which means that the signatures could be reused). The more robust solution for multisigs would’ve been to sign the transaction itself instead of the predefined array.
Is there a way to extract a list of transaction signatures in predicates?
Yeah, predicates are stateless, but I thought that in the predicate code you can introspect the transaction which uses that predicate, isn’t that correct?
In my understanding, it would’ve been possible to implement multi-sig transactions on top of predicates if:
N out of M accounts sign the transaction that aims to spend assets from a predicate;
You can extract these signatures in the predicate’s sway code and verify them
I think that the proper way to do this it to sign the transaction (or transaction hash). If you sign an arbitrary message and pass it as a predicate argument, it’ll be possible to reproduce by anyone in the future.
Also, you cannot pass the signed transaction hash as a predicate argument, because this will change the transaction hash (and you won’t be able to verify the signature in sway). Therefore I have a questions if it’s possible to extract signatures from the transaction
Yes, it is possible to extract a list of transaction signatures within predicates. The exact method of extracting signatures may vary depending on the specific blockchain platform or programming language you are working with. However, I can provide you with a general approach.
When executing a transaction in a blockchain system, the transaction object typically contains a field where signatures can be included. In many cases, this field is an array or a list that can store multiple signatures.
To extract a list of transaction signatures within a predicate, you would typically follow these steps:
Retrieve the transaction object: Obtain the transaction object that contains the signatures you want to extract. This could be done using appropriate blockchain libraries or APIs provided by the blockchain platform.
Access the signature field: Once you have the transaction object, you need to access the field that stores the signatures. The exact field name and structure may vary depending on the blockchain platform and the programming language you are using. For example, in Ethereum, the signature field is usually named v, r, and s, which represent the ECDSA components of the signature.
Extract the signatures: Iterate through the signature field and extract the individual signatures. Depending on the structure of the signature field, you may need to decode or parse each signature to obtain the necessary information.
4.Store the extracted signatures: As you extract each signature, you can store them in a list or an array data structure for further processing or analysis within your predicate.