Skip to content

Integrate multi-sig governance for admin functions#175

Merged
Mosas2000 merged 3 commits intomainfrom
feature/multisig-governance
Feb 26, 2026
Merged

Integrate multi-sig governance for admin functions#175
Mosas2000 merged 3 commits intomainfrom
feature/multisig-governance

Conversation

@Mosas2000
Copy link
Copy Markdown
Owner

@Mosas2000 Mosas2000 commented Feb 26, 2026

Summary

Integrate the existing tipstream-multisig contract with the core tipstream contract so that admin operations can be executed through multi-signature governance rather than relying solely on a single owner key.

Changes

Core Contract (tipstream.clar)

  • Add is-admin private function that authorizes both direct owner and multisig contract callers
  • Add authorized-multisig data var for storing the authorized governance contract
  • Add set-multisig / get-multisig for managing authorization (owner-only)
  • Update all admin function guards to use is-admin instead of owner-only checks
  • propose-new-owner and set-multisig remain strictly owner-only for security

Multisig Contract (tipstream-multisig.clar)

  • Add dispatch-action private function that routes approved proposals to the core contract
  • Supported action types: set-paused, set-fee, propose-fee, execute-fee, cancel-fee, propose-pause, execute-pause
  • Actions execute before marking transactions complete so failed operations can be retried

Tests

  • 6 new integration tests covering the full governance lifecycle
  • All 29 tests pass

Closes #62

@Mosas2000
feat(contract): add multisig authorization to admin functions
4175b8d 
Introduce is-admin guard that checks if caller is either the
direct contract owner or an authorized multisig contract. Admin
functions (set-paused, set-fee-basis-points, propose/execute/cancel
fee and pause changes) now accept calls from the multisig contract
when authorized.

Add set-multisig and get-multisig for managing the authorized
multisig principal. Only the direct owner can set or revoke
the multisig authorization.
@Mosas2000
feat(multisig): add action dispatch to execute admin operations
86953c6 
Replace no-op execute-tx with dispatch-action that routes multisig
proposals to the core tipstream contract. Supported action types:
set-paused, set-fee, propose-fee, execute-fee, cancel-fee,
propose-pause, execute-pause.

Actions are executed before marking the transaction as completed,
ensuring failed operations can be retried.
@Mosas2000
test: add multisig governance integration tests
d73e2e0 
Cover the full multisig governance lifecycle: authorizing the
multisig contract, pausing via multi-sig proposal/sign/execute,
changing fees through governance, rejecting execution without
sufficient signatures, and revoking multisig authorization.

All 29 tests pass including 6 new multisig governance tests.
@Mosas2000 Mosas2000 merged commit 4dbb66f into main Feb 26, 2026
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

No multi-sig or governance mechanism for admin functions

1 participant

@Mosas2000