Description
Critical admin operations (pause, upgrade, token removal) should require multiple signatures to execute, preventing a single compromised key from harming the protocol. Implementing a simple 2-of-3 multi-sig admin guard is essential before mainnet.
Requirements and context
- Replace single admin address with a
MultisigAdmin { signers: Vec<Address>, threshold: u32 } config
- High-security operations require
threshold of signers to sign a MultisigProposal before execution
MultisigProposal expires after MULTISIG_WINDOW_LEDGERS- Implement
propose_admin_action(), sign_admin_action(), execute_admin_action()
- Write tests: 2-of-3 threshold, expired proposal, duplicate signature
Suggested execution
git checkout -b feat/multisig-admin
- Replace admin with multisig struct
- Implement proposal → sign → execute flow
- Write threshold and expiry tests
Example commit message
feat: implement 2-of-3 multi-sig admin for high-security operations
Description
Critical admin operations (pause, upgrade, token removal) should require multiple signatures to execute, preventing a single compromised key from harming the protocol. Implementing a simple 2-of-3 multi-sig admin guard is essential before mainnet.
Requirements and context
MultisigAdmin { signers: Vec<Address>, threshold: u32 }configthresholdofsignersto sign aMultisigProposalbefore executionMultisigProposalexpires afterMULTISIG_WINDOW_LEDGERSpropose_admin_action(),sign_admin_action(),execute_admin_action()Suggested execution
Example commit message
feat: implement 2-of-3 multi-sig admin for high-security operations