stellar
soroban-cli: The transaction fails when using a Stellar multisig account
What version are you using?
soroban 0.6.0 (7421c1383beae274d41e503fa44e248b1dbe9b05)
soroban-env 0.0.14 (d06aaddca61f011cc64ec098b464233423197c3a)
soroban-env interface version 29
stellar-xdr 0.0.14 (55f47d302a3bbcd34cf32bfcd28abccfaeffc5e0)
xdr next (df18148747e807618acf4639db41c4fd6f0be9fc)
What did you do?
soroban contract invoke \
--secret-key SBG...API \
--id 10e14c1aa5b4a320068bc05e3406d9bec6f8060f1ea33c1b11621746867e5e16 \
--rpc-url https://horizon-futurenet.stellar.cash:443/soroban/rpc \
--network-passphrase 'Test SDF Future Network ; October 2022' \
--fn increment \
-- \
--user GB3...7LB \
--value 1
The secret key SBG...API belongs to the additional signer of the GB3...7LB account, and has sufficient weight to invoke the contract.
The contract:
pub enum DataKey {
Counter(Address),
}
pub struct IncrementContract;
#[contractimpl]
impl IncrementContract {
pub fn increment(env: Env, user: Address, value: u32) -> u32 {
user.require_auth();
let key = DataKey::Counter(user.clone());
let mut count: u32 = env
.storage()
.get(&key)
.unwrap_or(Ok(0))
.unwrap();
count += value;
env.storage().set(&key, &count);
count
}
}
What did you expect to see?
A successful contract invocation.
What did you see instead?
error: transaction submission failed
@hawthorne-abendsen Thanks for the report, I'll be looking into this.
To be sure the problem is on soroban-cli's side. Have you tried building the transaction through a different means than soroban-cli and submitting it successfully?
Also, a full end-to-end repro (e.g. starting with an empty standalone network and showing all the commands which lead to the problem) would be super helpful.
On our side, and to start with, we should at the very least print more information when there are transaction submission errors. I created https://github.com/stellar/soroban-tools/issues/495
The secret key SBG...API belongs to the additional signer of the GB3...7LB account,
IIUC the CLI currently doesn't know of existence of multisig and simply maps this secret key to a respective public key and treats it as an account. This is bound to fail, because an account with that public key doesn't exist. The secret key interface isn't viable for this case. Instead, the --identity needs to be extended to support multisig properly (to be clear, this is not something that CLI can do right now).
Also, a full end-to-end repro (e.g. starting with an empty standalone network and showing all the commands which lead to the problem) would be super helpful.
Thanks for your response!
Here is the repro:
- Build auth contract from soroban-examples:
cargo build --target wasm32-unknown-unknown --release - Generate and fund an account using Stellar Laboratory (futurenet).
- Deploy the contract using the generated account:
soroban contract deploy \
--wasm ../target/wasm32-unknown-unknown/release/soroban_auth_contract.wasm \
--secret-key SDV...2ZB \
--rpc-url https://horizon-futurenet.stellar.cash:443/soroban/rpc \
--network-passphrase 'Test SDF Future Network ; October 2022'
- Generate two additional accounts using Stellar Laboratory on (futurenet). For the first account, add the second account as a signer with a weight of 1.
- Invoke the contract using the first account as the user argument and sign it with the second account's secret key:
soroban contract invoke \
--secret-key SDA...RGF \
--id 10e...e16 \
--rpc-url https://horizon-futurenet.stellar.cash:443/soroban/rpc \
--network-passphrase 'Test SDF Future Network ; October 2022' \
--fn increment \
-- \
--user GB3...7LB \
--value 1
The invocation fails with the message error: transaction submission failed. However, if I use the first account's secret key, the invocation is successful.
@hawthorne-abendsen Thanks for the report, I'll be looking into this.
To be sure the problem is on soroban-cli's side. Have you tried building the transaction through a different means than
soroban-cliand submitting it successfully?
No, I haven't yet
A relevant question: if all parties of the multisig need to sign, can I still invoke a contract using the cli? If yes, what's the step?
I think the sign command being added in #1180 will address this capability in the CLI. What you'd do is use the invoke command with the --build-only or --sim-only option, and then use the sign command to sign the resulting transaction.
However, in the meantime you should be able to use an SDK such as the js-stellar-sdk to build a transaction and sign it with multisig.
cc @willemneal @fnando
I think the sign command being added in #1180 will address this capability in the CLI. What you'd do is use the invoke command with the
--build-onlyor--sim-onlyoption, and then use the sign command to sign the resulting transaction.However, in the meantime you should be able to use an SDK such as the js-stellar-sdk to build a transaction and sign it with multisig.
cc @willemneal @fnando
Thank you! This is very helpful! However my cli doesn't seem to have soboran tx. These are my current versions:
soroban 20.3.4 (f30a47fc58ace4437b0252919420838550481420)
soroban-env 20.3.0 (befdf4b2b6061bd6da20b0f93d539d6ad8d8be22)
soroban-env interface version 85899345920
stellar-xdr 20.1.0 (8b9d623ef40423a8462442b86997155f2c04d3a1)
xdr curr (b96148cd4acc372cc9af17b909ffe4b12c43ecb6)```
We are updating how signing works and updating secrets as part of that. The issue is the it treats the secret keys corresponding public key as the source account. So really we just need to add you to add --sign-with and then --source would be the account the signer has permissions to sign for.
