Cointoolkit FLOT guide and changelog

Thanks.

… but when you put in an address (happens to be a multisig) it may not work.

Added message if entered incorrectly:

This is a multisig address. You must use the redeem script, not the multisig address!

1 Like

Honestly great work on this tool @ttutdxh even a simpleton like me can use it!

I’m not wowed easily, but the cointoolkit provided by @ttutdxh does that!
I can’t imagine how the FLOT would be able to deal with multisig addresses and transactions in a timely manner without it. I’m not yet sure about the “timely” aspect, but I know that cointoolkit speeds things up - without it, all would definitely last longer!
The improvement compared to coinbin (from which it was forked) is tremendous.

I want to point this out:

It is useful for the FLOT members. Each member (including me!) can consider how much efforts are saved thanks to it (and @ttutdxh’s amazing work).
And the NSR holders should ask themselves whether they find tools that make the FLOT more efficient, valuable.

I don’t know if there’s a fund for things like that:
I want to propose cointoolkit for a reward - and I’m not speaking of a formal praise :wink:

Are there others who feel the same about cointoolkit?

2 Likes

@masterOfDisaster tanks for the encouragement. Glad it helped you.


Today I am adding support for combining signatures in a multi signature transaction.
To understand why this first tool ever :tada: to automate this is useful, please consider this scenario first.

A group of people that controls a multi signature address have to sign transaction 00a0fff…(example of real, hex serialized transaction) from a 3 of 5 multi signature address.

  • Member 1 sign the transaction and results in 11a0fff…

  • Member 2 take 11a0fff… and sign it. He gets 22a0fff…

  • At the same time member 3 take the same tx signed by member 1, 11a0fff… and sign it himself. He gets 33a0ff…
    Member 2 and member 3 publish their correspondent transactions, 22a0fff, 33a0ff.

  • Now we have 3 diferent versions of that tx:

    • 11a0fff… With signature of member 1. (total 1 of 5)
    • 22a0fff… With signature of member 1 and 2. (total 2 of 5)
    • 33a0ff… With signature of member 1 and 3. (total 2 of 5)

They don’t have any transaction with the minimum 3 of 5, and they should since 3 of 5 members signed.
Members already did their corresponding signing and left. What can you do if you need the transaction ASAP?

  • Go to http://ttutdxh-nubits.github.io/cointoolkit/#verify and select the network mode in the top right.
  • Go to the Verify tab, paste the first transaction and click verify.
  • A list of inputs will show up, click on the number of signatures of one of the inputs.
  • The list of required signers will appear, and at the bottom you can paste another version of the transaction.
  • Click “Combine transaction” and a new one will be generated with all the signatures from the different transactions.

Problem solved, deadline met.

4 Likes

@masterOfDisaster made me think:

I though, Cointoolkit should do that.
So after the last update you can now check everything you need from the verify tab, amounts and fee inclusive.

It currently works with BTC, NSR and NBT.

4 Likes

Stunning!
Don’t need much more words to explain how I perceive your cointoolkit :wink:

I have updated git-multisig to save unspent outputs in JSON format. This can help Cointoolkit retreive unspent outputs in case blockexplorer fails.

@masterOfDisaster and @jooize please update your flot-operations folder and repositories, by forking from mine : https://github.com/dc-tcs/flot-operations, as well as the newest git-multisig. The rest of FLOT (NBT group) may also download the newest version of git-multisig.

Cool. Updated. :evergreen_tree:

git clone git@github.com:jooize/flot-operations.git
cd flot-operations
git remote add upstream https://github.com/dc-tcs/flot-operations
git fetch upstream
git checkout master
git merge upstream/master
vi BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent

Is there a way to resolve conflicts without an editor?

git add BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent
git commit -m "Update to upstream"
git push origin master

Removing the entire folder is an option. The script will automatically git clone. Perhaps I should deal with that, though I dared not put something that does “rm -r” in the scripts as it could lead to some pretty bad accidents…

can we seen which FLOT member signed or not?

@huafei yes, just click the signature count when verifying a transaction.


@dysconnect great news, that will avoid blockexplorer.nu availability problems.

Added @dysconnect, @masterOfDisaster and @jooize flot-operations repositories to Cointoolkit.

You can configure Cointoolkit to use these providers under “Unspent outputs” configuration in the Settings tab

Please note dysconect’s git-multisig currently only support FLOT NBT addresses, so right now these three providers only store data for FLOT NBT address BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js. It is still a great backup for urgent FLOT transaction crafting.


Also added script debugging:
http://imgur.com/H3LihCt

and signature position data:
http://imgur.com/1KaDNXU

while verifying transactions. Hope that helps with future troubles.

3 Likes

Feature request: a “current signings” page that lists multisig signings that are not completed (and maybe a history of recent completed ones.) With this FLOT member don’t have to go to nubits.com to click on links to sign incomplete signings. With each signing a remark can be made by the signer to put reason and e.g. URLs to posts.

I think that may be counter-productive. There is risk someone signs that listed signings only because they are there. Any signing requires from FLOT to manually check and verify what and why they are signing it.

Maybe a better approach for that is using a wiki like in the voting hotlist so we can add and remove links to the signing requests on demand, state the reasons why it should be signed with link to the sources, the motions requiring us to do so…

If all required number of FLOT members do this there is little hope they will do their due deligence from a forum post or an email/bitmessage

How about allowing other allowed signers to add remarks even if they don’t sign

That adds a storage layer, identification layer, moderation, etc. That kind of changes would add the risk of attacks such as code injection, and that is a huge trade off.

Cointoolkit is designed so you don’t have to trust me or anyone else. Known identities are the exception because they are hardcoded and easy to audit and crosscheck.

Honestly I don’t see the advantages over a forum wiki with links.

I agree it would not be easy to make a secure off-line page. I was thinking of a convenience tool for online signing.

nubits.com could be taken down by ddos or maybe other ways.

I agree, and that affects way more than signing requests. I think the forum is protected by CloudFare, but that is definitely not a complete solution to attacks.

The ideal solution would be to have something like a bitmessage mailing list, but that opens whole new problems to overcome, like who is authorized to send, what happens if that people is unavailable… And in case it is open, how stop that from becoming a spammy list.

Anyway I think that creating a “contingency plan” for Nu in case something goes wrong is yet a pending task.

A private chatroom/discuss board known only to the FLOTand devs might be good at least for a while.