- Project Title
- Project Description
- Project Vision
- Key Features
- Future Scope
- Technical Architecture
- Installation & Setup
- Usage Guide
- Security Considerations
- Contributing
- License
Multi-Signature Wallet
A decentralized multi-signature wallet smart contract built on Stellar blockchain using Soroban SDK, requiring multiple approvals before executing transactions.
The Multi-Signature Wallet is a secure, decentralized smart contract solution that implements a multi-party approval system for blockchain transactions. This wallet requires multiple designated owners to approve a transaction before it can be executed, significantly enhancing security compared to traditional single-signature wallets.
The wallet operates on a simple yet powerful principle: no single individual can move funds alone. Instead, a predefined number of owners (signatories) must collectively approve each transaction. For example, in a 3-of-5 configuration, at least 3 out of 5 designated owners must approve before a transaction executes.
- Corporate Treasury Management: Companies can secure their digital assets by requiring approval from multiple executives or board members
- DAO Treasuries: Decentralized Autonomous Organizations can manage community funds with transparent, democratic decision-making
- Family Wealth Management: Families can jointly manage inheritance or shared investments with built-in checks and balances
- Partnership Funds: Business partners can ensure mutual consent for all financial transactions
- Escrow Services: Trusted third parties can participate in multi-party agreements with built-in dispute resolution
- High-Value Asset Protection: Individuals can add extra security layers to protect significant holdings
In the crypto ecosystem, losing private keys or falling victim to a single point of compromise can result in irreversible asset loss. Multi-signature wallets distribute trust and risk across multiple parties, making unauthorized transactions virtually impossible without collusion. This smart contract brings enterprise-grade security to blockchain asset management while maintaining the decentralized, trustless nature of blockchain technology.
Our vision extends beyond creating just another wallet—we aim to establish a new standard for secure, collaborative digital asset management in the Web3 era.
1. Security Without Compromise We believe that asset security should never rely on a single point of failure. By distributing control across multiple trusted parties, we eliminate the risk of unilateral bad actors while maintaining operational efficiency.
2. Transparency & Trust Every transaction proposal, approval, and execution is permanently recorded on-chain, creating an immutable audit trail. This transparency builds trust among stakeholders and ensures accountability.
3. Accessibility for All While multi-signature technology has traditionally been complex, we're committed to making it accessible to both technical and non-technical users through intuitive design and comprehensive documentation.
4. Empowering Collaboration Financial decisions in organizations should reflect collective wisdom. Our wallet facilitates democratic decision-making while preventing deadlocks through configurable approval thresholds.
Democratize Institutional-Grade Security Make multi-signature security accessible to individuals, small businesses, and communities—not just large enterprises and institutions.
Build the Infrastructure for DAOs Provide the foundational treasury management tools that enable decentralized organizations to operate efficiently and transparently.
Establish Industry Standards Contribute to the development of best practices and standards for multi-signature wallet implementations across blockchain ecosystems.
Foster Financial Inclusion Enable groups in underbanked regions to collectively manage resources without relying on traditional banking infrastructure.
Create an Ecosystem Develop a comprehensive suite of tools, integrations, and educational resources that make collaborative asset management the norm rather than the exception.
The wallet supports an unlimited number of owners, allowing organizations to scale their security model as they grow.
Benefits:
- Add as many signatories as needed for your security requirements
- Each owner maintains equal authority in the approval process
- Perfect for teams of any size, from small partnerships to large DAOs
- Owner addresses are permanently recorded on-chain for transparency
Example Configuration:
- 2-of-3 setup for small businesses
- 3-of-5 setup for medium-sized organizations
- 5-of-9 setup for large DAOs or foundations
Set the exact number of approvals required to execute transactions, balancing security needs with operational efficiency.
Benefits:
- Tailor security requirements to your specific risk profile
- Prevent both single points of failure and operational deadlocks
- Adjust the threshold to match organizational structure
- Ensures democratic decision-making for critical financial operations
Strategic Considerations:
- Higher thresholds = greater security but slower execution
- Lower thresholds = faster operations but increased risk
- Sweet spot typically between 50-70% of total owners
Any wallet owner can propose transactions, initiating the approval workflow in a democratic manner.
How It Works:
- Owner submits transaction with recipient address and amount
- System assigns unique transaction ID for tracking
- Proposal is immediately visible to all other owners
- Transaction enters pending state awaiting approvals
Benefits:
- Democratic initiation—no single "super admin"
- Complete transparency of all pending transactions
- Easy tracking with unique identifiers
- Prevents unauthorized or secret transaction attempts
Each owner can independently review and approve proposed transactions with built-in safeguards against fraud.
Security Features:
- Authentication required for every approval action
- One approval per owner per transaction (no double-voting)
- Real-time tracking of approval count
- Cannot approve already-executed transactions
- Only designated owners can approve
User Experience:
- Simple approve/reject interface
- View all pending approvals at a glance
- See which owners have already approved
- Get notified when action is required
Transactions automatically become executable once they reach the required approval threshold, but still require explicit execution.
Benefits:
- Prevents premature transaction execution
- Provides final checkpoint before fund movement
- Allows for last-minute cancellation if needed (future feature)
- Creates clear audit trail of execution authorization
Safety Mechanisms:
- Cannot execute without sufficient approvals
- Cannot re-execute already-completed transactions
- Only wallet owners can trigger execution
- Execution action is permanently logged on-chain
Every action—from proposal to execution—is recorded immutably on the Stellar blockchain.
What Gets Recorded:
- Transaction proposals with all details
- Every approval with owner identification
- Execution events with timestamps
- Complete chronological history
Benefits:
- Full audit trail for compliance and accountability
- Dispute resolution through verifiable history
- Regulatory compliance support
- Trust through transparency
- Historical analysis of spending patterns
Robust identity verification ensures only legitimate owners can interact with the wallet.
Security Layers:
- Cryptographic signature verification for each action
- Owner whitelist validation
- Address-based access control
- Prevention of unauthorized access attempts
Optimized data structures minimize costs while maintaining complete functionality.
Technical Excellence:
- Instance storage for configuration and transaction data
- TTL management for long-term persistence (5000 ledgers)
- Efficient key-value storage patterns
- Minimal on-chain footprint reduces fees
Time-Lock Mechanism
- Implement mandatory waiting periods between proposal and execution
- Configurable delay periods (e.g., 24 hours, 7 days)
- Emergency override with super-majority approval
- Protects against rushed or coerced decisions
Emergency Pause Functionality
- Circuit breaker for security incidents
- Requires super-majority to activate
- Freezes all pending transactions
- Time-limited pause with automatic expiry
Dynamic Owner Management
- Add new owners through multi-sig consensus
- Remove compromised or inactive owners
- Update approval thresholds via voting
- Maintain operational continuity during transitions
Approval Revocation
- Allow owners to withdraw their approval before execution
- Prevents irreversible mistakes
- Adjusts approval count in real-time
- Requires re-approval after revocation
Transaction Cancellation
- Vote to cancel pending transactions
- Requires approval threshold to cancel
- Refunds remain in wallet
- Creates permanent record of cancellation reason
Batch Transaction Processing
- Submit multiple transfers in single proposal
- All-or-nothing execution guarantee
- Reduced gas fees through batching
- Simplified management of regular payments
Scheduled Transactions
- Set future execution dates for approved transactions
- Recurring payment support (salaries, subscriptions)
- Automatic execution upon reaching date and approvals
- Calendar integration for planning
Transaction Expiry
- Auto-expire proposals after set period
- Prevents indefinite pending transactions
- Configurable expiry timeframes
- Notification system for approaching expiry
Transaction Metadata
- Add descriptions and labels to proposals
- Attach supporting documents (hash references)
- Category tagging for expense tracking
- Enhanced audit trail and reporting
Multi-Asset Support
- Manage various Stellar assets beyond XLM
- Token portfolio management interface
- Asset-specific approval thresholds
- Cross-asset transaction proposals
DeFi Protocol Integration
- Stake assets in liquidity pools via multi-sig
- Yield farming with collective approval
- Lending/borrowing with risk controls
- Auto-compounding strategies
NFT Management
- Multi-sig control for valuable NFT collections
- Batch NFT transfers
- Marketplace integration
- Fractional NFT ownership support
Cross-Chain Bridge Support
- Multi-sig control for bridged assets
- Secure cross-chain transfers
- Multi-chain deployment (Ethereum, Polygon, etc.)
- Unified interface for all chains
Web Dashboard
- Modern, responsive web application
- Real-time transaction status updates
- Visual approval flow diagrams
- Comprehensive transaction history
- Mobile-responsive design
Mobile Applications
- Native iOS app
- Native Android app
- Push notifications for pending approvals
- Biometric authentication
- Offline transaction signing
Browser Extensions
- Chrome, Firefox, Brave support
- Quick approval interface
- Integration with existing Web3 apps
- Hardware wallet support
Notification System
- Email alerts for new proposals
- SMS notifications for urgent approvals
- In-app notifications
- Configurable alert preferences
- Digest summaries (daily/weekly)
Role-Based Access Control (RBAC)
- Define custom roles (proposer, approver, executor)
- Granular permission management
- Hierarchical approval workflows
- Separation of duties enforcement
Compliance & Reporting Tools
- AML/KYC integration options
- Transaction screening
- Automated compliance reports
- Export to accounting software
- Tax documentation generation
Spending Limits & Controls
- Per-transaction limits
- Daily/monthly spending caps
- Category-based budgets
- Automatic enforcement
- Override mechanisms for emergencies
Advanced Analytics
- Transaction pattern analysis
- Spending trends and forecasts
- Owner participation metrics
- Risk assessment dashboards
- Customizable reports
Multi-Wallet Management
- Manage multiple multi-sig wallets
- Unified dashboard for all wallets
- Cross-wallet analytics
- Organizational structure mapping
RESTful API
- Programmatic wallet interaction
- Webhook support for events
- SDK for popular languages
- GraphQL query interface
- Comprehensive API documentation
Developer Tools
- Testing framework
- Local development environment
- Contract upgrade utilities
- Monitoring and debugging tools
Integration Marketplace
- Pre-built integrations with popular tools
- Zapier/IFTTT connectors
- Accounting software plugins
- Payment processor integration
On-Chain Voting
- Proposal creation and voting system
- Snapshot-based voting
- Quadratic voting options
- Delegation mechanisms
Governance Forum
- Discussion platform for proposals
- Comment and feedback system
- Version control for proposals
- Voting rationale documentation
Weighted Voting
- Stake-weighted approval power
- Reputation-based weighting
- Configurable weight distribution
- Protection against plutocracy
Treasury Management Suite
- Advanced budgeting tools
- Fund allocation tracking
- Grant management system
- Financial planning tools
- Scenario modeling
AI-Powered Insights
- Fraud detection algorithms
- Anomaly detection in spending patterns
- Predictive analytics for cash flow
- Risk scoring for transactions
Smart Automation
- Rule-based auto-approvals for trusted transactions
- Intelligent routing of proposals
- Automated compliance checking
- Smart contract-based conditional execution
Machine Learning
- Pattern recognition for regular expenses
- Predictive maintenance for wallet operations
- Optimization suggestions
- Adaptive security measures
The Multi-Signature Wallet is built on Soroban, Stellar's smart contract platform, leveraging Rust's safety guarantees and Soroban's efficient execution model.
WalletConfig
pub struct WalletConfig {
pub owners: Vec<Address>, // List of wallet owner addresses
pub required_approvals: u32, // Minimum approvals needed
pub total_transactions: u64, // Counter for unique transaction IDs
}- Stores fundamental wallet configuration
- Initialized once during wallet setup
- Persisted in instance storage
Transaction
pub struct Transaction {
pub tx_id: u64, // Unique transaction identifier
pub recipient: Address, // Destination address
pub amount: i128, // Amount to transfer (in stroops)
pub approvals: u32, // Current number of approvals
pub executed: bool, // Execution status flag
}- Represents a proposed transaction
- Tracks approval progress
- Prevents double execution
Storage Keys
WALLET_CONFIG: Stores wallet configurationTX_COUNT: Maintains transaction counterTransactionBook: Maps transaction IDs to Transaction structsApprovalBook: Maps (tx_id, owner_address) to approval status
initialize()
- Purpose: Set up new multi-sig wallet
- Parameters: owners (Vec), required_approvals (u32)
- Validation:
- At least one owner required
- Required approvals ≤ total owners
- Required approvals ≥ 1
- Access: Anyone (one-time initialization)
propose_transaction()
- Purpose: Create new transaction proposal
- Parameters: proposer (Address), recipient (Address), amount (i128)
- Validation:
- Proposer must be an owner
- Authentication required
- Returns: Transaction ID (u64)
- Access: Wallet owners only
approve_transaction()
- Purpose: Record owner's approval
- Parameters: approver (Address), tx_id (u64)
- Validation:
- Approver must be an owner
- Transaction must exist and not be executed
- Owner hasn't already approved
- Authentication required
- Access: Wallet owners only
execute_transaction()
- Purpose: Execute approved transaction
- Parameters: executor (Address), tx_id (u64)
- Validation:
- Executor must be an owner
- Transaction must have sufficient approvals
- Transaction not already executed
- Authentication required
- Access: Wallet owners only
Instance Storage
- All data stored in instance storage for persistence
- TTL set to 5000 ledgers (~7 hours at 5-second ledgers)
- Extended on every operation for continuous availability
- Cost-efficient for long-term storage
Key Design Patterns
- Enumerated storage keys for type safety
- Composite keys for relational data (ApprovalBook)
- Counter-based unique ID generation
- Efficient lookup patterns
Authentication
- Every function requires address authentication via
require_auth() - Cryptographic signature verification
- Protection against replay attacks
Authorization
- Owner whitelist validation
- Role-based function access
- Threshold enforcement
State Validation
- Prevents double-execution
- Validates approval counts
- Checks transaction existence
- Enforces approval uniqueness
- Minimal storage reads/writes
- Efficient data structures
- Batch operations where possible
- TTL management for cost savings
Before you begin, ensure you have the following installed:
Required Tools:
- Rust (1.70 or higher):
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh - Soroban CLI:
cargo install --locked soroban-cli - wasm32 target:
rustup target add wasm32-unknown-unknown
Accounts:
- Stellar testnet account with XLM balance
- Multiple owner accounts for testing
# Create new Soroban project
soroban contract init multisig-wallet
cd multisig-wallet
# Or create manually
mkdir multisig-wallet
cd multisig-wallet
cargo init --lib[package]
name = "multisig-wallet"
version = "0.1.0"
edition = "2021"
[lib]
crate-type = ["cdylib"]
[dependencies]
soroban-sdk = "21.0.0"
[profile.release]
opt-level = "z"
overflow-checks = true
debug = 0
strip = "symbols"
debug-assertions = false
panic = "abort"
codegen-units = 1
lto = true
[profile.release-with-logs]
inherits = "release"
debug-assertions = trueCopy the smart contract code into src/lib.rs.
# Build optimized WASM
cargo build --target wasm32-unknown-unknown --release
# Optimize further (optional)
soroban contract optimize \
--wasm target/wasm32-unknown-unknown/release/multisig_wallet.wasm# Configure network
soroban network add testnet \
--rpc-url https://soroban-testnet.stellar.org \
--network-passphrase "Test SDF Network ; September 2015"
# Generate or import identity
soroban keys generate deployer
# Fund account (use friendbot)
soroban keys address deployer
# Visit: https://laboratory.stellar.org/#account-creator?network=test
# Deploy contract
soroban contract deploy \
--wasm target/wasm32-unknown-unknown/release/multisig_wallet.wasm \
--source deployer \
--network testnet
# Save the returned contract ID
export CONTRACT_ID=<your-contract-id># Generate owner identities
soroban keys generate owner1
soroban keys generate owner2
soroban keys generate owner3
# Get owner addresses
OWNER1=$(soroban keys address owner1)
OWNER2=$(soroban keys address owner2)
OWNER3=$(soroban keys address owner3)
# Initialize wallet (2-of-3 configuration)
soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- initialize \
--owners "[\"$OWNER1\", \"$OWNER2\", \"$OWNER3\"]" \
--required_approvals 2# Verify deployment
soroban contract info --id $CONTRACT_ID --network testnet- Owner proposes a transaction
- Other owners approve the transaction
- Once threshold met, any owner can execute
# Step 1: Propose a transaction (Owner 1)
TX_ID=$(soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- propose_transaction \
--proposer $OWNER1 \
--recipient GCEXAMPLE... \
--amount 10000000)
echo "Transaction ID: $TX_ID"
# Step 2: Approve transaction (Owner 2)
soroban contract invoke \
--id $CONTRACT_ID \
--source owner2 \
--network testnet \
-- approve_transaction \
--approver $OWNER2 \
--tx_id $TX_ID
# Step 3: Execute transaction (any owner)
soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- execute_transaction \
--executor $OWNER1 \
--tx_id $TX_ID# For a 3-of-5 wallet, get three approvals:
# Approval 1
soroban contract invoke \
--id $CONTRACT_ID \
--source owner2 \
--network testnet \
-- approve_transaction \
--approver $OWNER2 \
--tx_id 1
# Approval 2
soroban contract invoke \
--id $CONTRACT_ID \
--source owner3 \
--network testnet \
-- approve_transaction \
--approver $OWNER3 \
--tx_id 1
# Approval 3
soroban contract invoke \
--id $CONTRACT_ID \
--source owner4 \
--network testnet \
-- approve_transaction \
--approver $OWNER4 \
--tx_id 1
# Now execute
soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- execute_transaction \
--executor $OWNER1 \
--tx_id 1# Attempting duplicate approval (will fail)
soroban contract invoke \
--id $CONTRACT_ID \
--source owner2 \
--network testnet \
-- approve_transaction \
--approver $OWNER2 \
--tx_id 1
# Error: "Owner has already approved this transaction"
# Attempting execution without enough approvals (will fail)
soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- execute_transaction \
--executor $OWNER1 \
--tx_id 2
# Error: "Not enough approvals to execute transaction"
# Non-owner attempting to approve (will fail)
soroban contract invoke \
--id $CONTRACT_ID \
--source attacker \
--network testnet \
-- approve_transaction \
--approver $ATTACKER \
--tx_id 1
# Error: "Only owners can approve transactions"Transaction Management:
- Always verify recipient addresses before proposing
- Document the purpose of each transaction
- Use descriptive amounts (include decimals correctly)
- Track transaction IDs systematically
Approval Process:
- Review transaction details before approving
- Coordinate with other owners via off-chain communication
- Don't rush the approval process
- Verify you're approving the correct transaction ID
Security:
- Never share private keys
- Use hardware wallets for owner accounts
- Implement multi-factor authentication for key access
- Regular security audits of owner accounts
Operational:
- Maintain a backup list of all owner addresses
- Document the approval threshold clearly
- Establish clear communication channels
- Create standard operating procedures
Private Key Management:
- Store private keys in hardware wallets (Ledger, Trezor)
- Never store keys in plain text
- Use encrypted key storage solutions
- Implement key rotation policies
Access Control:
- Use separate devices for each owner
- Enable two-factor authentication everywhere possible
- Limit network exposure of signing devices
- Regular security audits of owner devices
Initialization:
- Verify all owner addresses before initialization
- Double-check approval threshold logic
- Cannot be changed after initialization (until upgrade feature)
- Test on testnet extensively before mainnet
Threshold Selection:
- Balance security vs. operational efficiency
- Consider: N = total owners, K = required approvals
- Recommended: K ≥ ⌈N/2⌉ (majority)
- For high security: K ≥ ⌈2N/3⌉ (supermajority)
- Avoid: K = N (creates single point of failure if one owner unavailable)
Before Proposing:
- Triple-check recipient address
- Verify amount (consider decimal places)
- Ensure sufficient wallet balance
- Document transaction purpose
Before Approving:
- Verify transaction details independently
- Confirm with proposer via separate channel
- Check for suspicious patterns
- Review transaction history
Before Executing:
- Final verification of all details
- Confirm sufficient approvals received
- Check for any last-minute concerns
- Ensure recipient is ready to receive
Communication:
- Use encrypted channels for coordination
- Verify identity of other owners
- Establish code words for emergencies
- Document all major decisions
Monitoring:
- Regular audit of transaction history
- Monitor for unauthorized access attempts
- Track approval patterns
- Alert on unusual activity
Incident Response:
- Prepare emergency procedures
- Know how to freeze operations (future feature)
- Maintain contact with all owners
- Document incident response plan
Attack: Attacker impersonates owner to trick others into approving malicious transaction.
Mitigations:
- Verify owner identity through multiple channels
- Establish verification protocols
- Never rush approval process
- Regular security awareness training
Attack: Attacker gains access to one owner's private key.
Mitigations:
- Threshold > 1 prevents single-key compromise
- Quick response: propose owner rotation (future feature)
- Monitor for unusual activity from compromised account
- Hardware wallet usage
Attack: Fake website or contract ID tricks owners into interacting with malicious contract.
Mitigations:
- Always verify contract ID
- Bookmark official interfaces
- Use contract verification tools
- Education on phishing tactics
Attack: Attacker observes pending transaction and submits competing transaction with higher gas.
Mitigations:
- Less relevant on Stellar (deterministic fees)
- Time-locks for sensitive transactions (future feature)
- Private mempools (if available)
Attack: Malicious owner refuses to approve legitimate transactions.
Mitigations:
- Careful selection of trusted owners
- Threshold < N ensures no single veto power
- Owner removal mechanism (future feature)
- Regular review of owner participation
Pre-Deployment:
- Professional smart contract audit recommended
- Formal verification of critical logic
- Extensive testnet testing
- Peer review of code
Post-Deployment:
- Regular security assessments
- Penetration testing
- Code review of any upgrades
- Community bug bounty program
Compliance:
- Understand local regulations
- KYC/AML considerations for institutional use
- Transaction record keeping
- Regulatory reporting as required
If Owner Key Compromised:
- Immediately notify all other owners
- Do not approve any pending transactions
- Monitor wallet for unauthorized proposals
- Prepare for owner rotation (when feature available)
If Vulnerability Discovered:
- Assess severity and impact
- Notify all owners immediately
- Pause operations if necessary
- Contact security professionals
- Plan upgrade or migration
If Funds Stolen:
- Document all evidence
- Contact Stellar validators (if recent)
- Report to relevant authorities
- Community notification
- Post-mortem analysis
We welcome contributions from developers, security researchers, and the community! Whether you're fixing bugs, adding features, improving documentation, or providing feedback, your help makes this project better.
- Code Contributions: Bug fixes, new features, optimizations
- Documentation: Improve guides, add examples, fix typos
- Testing: Write tests, report bugs, test edge cases
- Security: Report vulnerabilities, conduct audits
- Community: Answer questions, help other users
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes
- Write or update tests
- Update documentation
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
Code Style:
- Follow Rust conventions
- Use
cargo fmtbefore committing - Run
cargo clippyand fix warnings - Add comments for complex logic
Testing:
- Write unit tests for new functions
- Ensure all tests pass:
cargo test - Test edge cases and error conditions
- Add integration tests for workflows
Documentation:
- Update README for new features
- Add inline code documentation
- Include usage examples
- Document breaking changes
Commit Messages:
- Use clear, descriptive messages
- Format:
type: description - Types: feat, fix, docs, test, refactor
- Example:
feat: add transaction cancellation
Bug Reports:
- Use the issue template
- Include reproduction steps
- Provide error messages
- Specify environment details
Feature Requests:
- Describe the use case
- Explain expected behavior
- Consider implementation approach
- Discuss potential alternatives
Critical Issues:
- DO NOT open a public issue
- Email: security@multisigwallet.example
- Provide detailed description
- Include proof of concept if possible
- Allow time for patch before disclosure
Reward Program:
- Bug bounties for critical vulnerabilities
- Recognition in contributors list
- Swag and merchandise
- Be respectful and inclusive
- Welcome newcomers
- Focus on constructive feedback
- Collaborate, don't compete
- Follow community guidelines
Contributors will be:
- Listed in CONTRIBUTORS.md
- Mentioned in release notes
- Eligible for contributor NFTs
- Invited to community calls
This project is licensed under the MIT License.
Copyright (c) 2025 Multi-Signature Wallet Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
You are free to:
- ✅ Use the software commercially
- ✅ Modify the source code
- ✅ Distribute the software
- ✅ Use it privately
- ✅ Sublicense the software
Conditions:
- 📄 Include the original license and copyright notice
- 📄 State any significant changes made
Limitations:
- ❌ No warranty provided
- ❌ Authors not liable for damages
- ❌ No trademark rights granted
This project uses the following open-source libraries:
- Soroban SDK: Apache License 2.0
- Rust Standard Library: MIT/Apache 2.0
All dependencies are properly licensed and compatible with this project's MIT License.
Documentation:
- Read this README thoroughly
- Check the Soroban Documentation
- Review Stellar Documentation
Community Support:
- GitHub Discussions: Ask questions and share ideas
- Discord Server: Real-time chat and support
- Telegram Group: Community discussions
- Stack Overflow: Tag questions with
sorobanandstellar
Report Issues:
- GitHub Issues: Bug reports and feature requests
- Security Issues: security@multisigwallet.example (private)
Follow Our Progress:
- ⭐ Star the repository on GitHub
- 👁️ Watch for updates and releases
- 🔔 Subscribe to release notifications
Social Media:
- Twitter: @multisigwallet
- LinkedIn: Multi-Signature Wallet Project
- Blog: blog.multisigwallet.example
- Newsletter: Subscribe for monthly updates
Developer Updates:
- Release Notes: Check for new versions
- Changelog: Track all changes
- Roadmap: See what's coming next
- Developer Blog: Technical deep-dives
For enterprise deployments, custom features, or dedicated support:
- Email: enterprise@multisigwallet.example
- Schedule Consultation: calendly.com/multisigwallet
- Custom Development: Available for specific requirements
- Training & Workshops: Team training sessions available
Special Thanks:
- Stellar Development Foundation for Soroban
- Open-source contributors
- Security researchers
- Early adopters and testers
- Community members
Built With:
- Rust - Systems programming language
- Soroban SDK - Stellar smart contract platform
- Stellar - Blockchain network
Q: What is a multi-signature wallet?
A: A multi-signature (multi-sig) wallet requires multiple parties to approve a transaction before it can be executed. Instead of a single private key controlling funds, multiple designated owners must collectively sign off on each transaction.
Q: Why should I use a multi-sig wallet?
A: Multi-sig wallets provide enhanced security by:
- Eliminating single points of failure
- Preventing unauthorized access even if one key is compromised
- Enabling democratic decision-making for shared funds
- Creating accountability through required approvals
- Providing an audit trail of all transactions
Q: Who should use this wallet?
A: Ideal for:
- Companies managing corporate treasuries
- DAOs handling community funds
- Partnerships requiring mutual consent
- Families managing shared wealth
- High-net-worth individuals seeking extra security
- Escrow services and trustless agreements
Q: What blockchain is this built on?
A: This smart contract is built on Stellar using the Soroban smart contract platform. Stellar offers fast, low-cost transactions with strong security guarantees.
Q: Can I use this on mainnet?
A: Yes, but we strongly recommend:
- Thorough testing on testnet first
- Professional security audit
- Starting with small amounts
- Understanding all risks involved
Q: What are the gas fees?
A: Stellar has very low and predictable fees (typically fractions of a cent). Exact costs depend on:
- Network congestion (usually minimal)
- Transaction complexity
- Storage requirements
Q: Can the contract be upgraded?
A: The current version is immutable once deployed. Future versions may include upgrade mechanisms. For now, migration to a new contract would be required for major changes.
Q: Is the code audited?
A: Community audits are ongoing. For production use with significant funds, we recommend commissioning a professional security audit from a reputable firm.
Q: What happens if I lose one owner's private key?
A: As long as you have enough remaining owners to meet the approval threshold, the wallet remains functional. For example, in a 2-of-3 wallet, losing one key still allows the other two owners to operate the wallet.
Q: Can funds be recovered if all keys are lost?
A: No. Like all blockchain systems, if all private keys are lost, funds cannot be recovered. This is why proper key management and backup procedures are critical.
Q: What if an owner's key is compromised?
A: The multi-sig design means a single compromised key cannot move funds alone. Other owners can refuse to approve malicious transactions. Future versions will include owner rotation features to remove compromised owners.
Q: Is this wallet safe from hacks?
A: While the multi-sig design significantly improves security, no system is 100% hack-proof. Best practices include:
- Using hardware wallets for all owner keys
- Following security guidelines in this README
- Regular security audits
- Staying informed about vulnerabilities
Q: How do I set up the wallet?
A: Follow the Installation & Setup section of this README. You'll need to:
- Deploy the smart contract
- Initialize with owner addresses and approval threshold
- Distribute access to owners
Q: Can I add or remove owners after initialization?
A: Not in the current version. This feature is planned for future releases. For now, you would need to deploy a new wallet and migrate funds.
Q: What happens if owners disagree on a transaction?
A: If insufficient owners approve, the transaction simply won't execute. It will remain in pending state. Consider establishing clear governance procedures for resolving disputes.
Q: How long do transactions take?
A: Once approved, execution is near-instant (5-6 seconds on Stellar). The approval process depends on how quickly owners respond, which could be minutes, hours, or days depending on your coordination.
Q: Can I cancel a transaction after proposing it?
A: Not in the current version. Transaction cancellation is a planned feature. For now, simply don't approve or execute transactions you wish to cancel.
Q: How much does it cost to deploy?
A: Deployment costs include:
- Gas fees for deployment (minimal on Stellar)
- Initialization transaction fee
- Storage rent for contract data (extended TTL) Total: Usually less than $1 USD equivalent
Q: Are there ongoing costs?
A: Storage TTL must be extended periodically. The contract automatically extends TTL on each operation, so as long as the wallet is actively used, storage remains live. Inactive wallets may need manual TTL extension.
Q: How do fees compare to traditional banking?
A: Blockchain fees are typically 99%+ lower than traditional wire transfers or international payments, with faster settlement and 24/7 availability.
Q: Can I use this with hardware wallets?
A: Yes! Hardware wallets like Ledger and Trezor can be used to sign transactions. This is highly recommended for security.
Q: Is there a mobile app?
A: Not yet. Mobile apps are planned for Phase 4 of the roadmap. Currently, use the Soroban CLI or web interfaces.
Q: Can I integrate this with my existing application?
A: Yes, through the Soroban RPC interface. Future versions will include REST APIs for easier integration.
Q: Does this work with other Stellar assets?
A: The current version is designed for XLM. Multi-asset support is planned for Phase 3 of the roadmap.
Symptoms: Getting panic errors when trying to interact with contract
Solution:
# Verify contract is initialized
soroban contract invoke \
--id $CONTRACT_ID \
--network testnet \
-- get_wallet_config
# If not initialized, run initialization
soroban contract invoke \
--id $CONTRACT_ID \
--source owner1 \
--network testnet \
-- initialize \
--owners '["<addr1>", "<addr2>"]' \
--required_approvals 2Symptoms: Error when trying to approve or propose
Cause: The address you're using is not in the owners list
Solution:
# Verify you're using the correct identity
soroban keys address <your-identity>
# Check against the owners list from initialization
# Make sure the address matches exactlySymptoms: Cannot approve transaction you've already approved
Cause: Duplicate approval attempt
Solution:
- This is expected behavior (prevents double-voting)
- Wait for other owners to approve
- Once threshold is met, execute the transaction
Symptoms: Execution fails even though you think you have enough approvals
Solution:
# Check transaction details
soroban contract invoke \
--id $CONTRACT_ID \
--network testnet \
-- get_transaction \
--tx_id <transaction-id>
# Verify approvals count meets required_approvals threshold
# Get additional owner approvals if neededSymptoms: Error when trying to interact with transaction
Causes:
- Transaction ID doesn't exist
- Typo in transaction ID
- Transaction was created on different contract
Solution:
# Verify the transaction ID
# Check which contract you're interacting with
# Use correct transaction counter
# List recent transactions (if helper function added)Symptoms: cargo build fails
Common Solutions:
# Update Rust
rustup update
# Clean and rebuild
cargo clean
cargo build --target wasm32-unknown-unknown --release
# Check Soroban SDK version
cargo update soroban-sdk
# Verify wasm32 target is installed
rustup target add wasm32-unknown-unknownSymptoms: Contract deployment returns error
Solutions:
# Verify you have testnet XLM
soroban keys address deployer
# Fund via friendbot
# Check network configuration
soroban network ls
# Verify WASM file exists
ls -lh target/wasm32-unknown-unknown/release/*.wasm
# Try with explicit source
soroban contract deploy \
--wasm <path-to-wasm> \
--source deployer \
--network testnetSymptoms: "Authentication required" errors
Solutions:
# Ensure you're using --source parameter
soroban contract invoke \
--id $CONTRACT_ID \
--source <owner-identity> \ # Don't forget this!
--network testnet \
-- approve_transaction ...
# Verify the identity exists
soroban keys ls
# Check you have the correct network
soroban network lsSymptoms: Contract data not found, state seems lost
Solution:
# Extend TTL manually
soroban contract extend \
--id $CONTRACT_ID \
--ledgers-to-extend 100000 \
--source owner1 \
--network testnet
# The contract auto-extends on operations,
# but inactive contracts may need manual extensionIf you encounter issues not covered here:
- Check logs: Use
--verboseflag for detailed output - Search issues: Check GitHub for similar problems
- Ask community: Post in Discord or Telegram
- Create issue: Open GitHub issue with full details
Include in issue reports:
- Rust version:
rustc --version - Soroban CLI version:
soroban --version - Full error message
- Steps to reproduce
- Network (testnet/mainnet)
- Contract ID if applicable
Initial Release - January 2025
Features:
- ✅ Multi-owner wallet initialization
- ✅ Configurable approval thresholds
- ✅ Transaction proposal system
- ✅ Multi-party approval mechanism
- ✅ Threshold-based execution
- ✅ Owner authentication and authorization
- ✅ On-chain transaction history
- ✅ Duplicate approval prevention
- ✅ Double-execution prevention
Technical:
- Built on Soroban SDK 21.0.0
- Instance storage with automatic TTL extension
- Gas-optimized operations
- Comprehensive error handling
Known Limitations:
- No owner management after initialization
- No transaction cancellation
- Single asset (XLM) only
- No time-locks or expiry
- CLI-only interface
Version 0.2.0 - Planned Q2 2025
- Transaction cancellation
- Owner management (add/remove)
- Approval revocation
- Enhanced event logging
- View functions for all data
Version 0.3.0 - Planned Q3 2025
- Time-locks for transactions
- Emergency pause functionality
- Batch transaction support
- Transaction expiry
- Initial web interface
Version 1.0.0 - Planned Q4 2025
- Production-ready release
- Full security audit
- Multi-asset support
- Mobile applications
- Complete documentation
- Soroban Documentation
- Stellar Developers Portal
- Rust Programming Language
- Smart Contract Security Best Practices
- Soroban CLI
- Stellar Laboratory
- Stellar Expert - Blockchain explorer
- Freighter Wallet - Browser extension wallet
- Soroban Quest - Interactive tutorials
- Stellar Stack Exchange
- Soroban Examples
- Multi-Signature Wallet Theory
- CWE Top 25 - Common vulnerabilities
- OWASP Smart Contract Top 10
- Consensys Security Audits
- Trail of Bits Security Tools
Multi-Signature (Multi-Sig): A digital signature scheme requiring multiple parties to approve before executing a transaction.
Threshold: The minimum number of approvals required to execute a transaction (e.g., 2-of-3 means 2 approvals out of 3 owners).
Owner: An authorized party with a private key who can propose, approve, or execute transactions.
Proposal: A suggested transaction waiting for approvals.
Approval: An owner's consent to a proposed transaction.
Execution: The final action of carrying out an approved transaction.
TTL (Time To Live): The duration for which contract data remains stored on-chain before requiring extension.
Stroops: The smallest unit of XLM (1 XLM = 10,000,000 stroops).
Instance Storage: Persistent storage in Soroban contracts for long-term data.
WASM: WebAssembly, the compilation target for Soroban smart contracts.
Stellar Testnet:
- RPC URL:
https://soroban-testnet.stellar.org - Horizon URL:
https://horizon-testnet.stellar.org - Network Passphrase:
Test SDF Network ; September 2015 - Friendbot:
https://friendbot.stellar.org
Stellar Mainnet (Pubnet):
- RPC URL:
https://soroban-pubnet.stellar.org - Horizon URL:
https://horizon.stellar.org - Network Passphrase:
Public Global Stellar Network ; September 2015
# Network Management
soroban network add <name> --rpc-url <url> --network-passphrase <phrase>
soroban network ls
soroban network rm <name>
# Identity Management
soroban keys generate <name>
soroban keys address <name>
soroban keys ls
soroban keys rm <name>
# Contract Operations
soroban contract build
soroban contract deploy --wasm <path> --source <identity> --network <network>
soroban contract invoke --id <contract-id> --source <identity> --network <network> -- <function> <args>
soroban contract extend --id <contract-id> --ledgers-to-extend <number> --source <identity>
soroban contract info --id <contract-id> --network <network>
# Optimization
soroban contract optimize --wasm <path>Thank you for choosing the Multi-Signature Wallet! This project represents our commitment to bringing secure, accessible, and transparent asset management to the blockchain ecosystem.
Remember:
- 🔐 Security is paramount - follow best practices
- 📚 Read documentation thoroughly before mainnet use
- 🧪 Test extensively on testnet
- 🤝 Engage with the community
- 🚀 Stay updated on new releases
We're Here to Help: Whether you're a developer integrating this wallet, an organization securing your treasury, or an individual protecting your assets, we're committed to your success.
Join Us: This is an open-source project built by the community, for the community. Your contributions, feedback, and participation make it better for everyone.
Built with ❤️ on Stellar | Powered by Soroban
Last Updated: October 2025 Version: 0.1.0 License: MIT