docs(multisig): document calling requirements (#292)

cjcobb23 · web-flow · commit da01357382a7 · 2024-03-07T12:18:43.000-05:00
diff --git a/contracts/multisig/src/msg.rs b/contracts/multisig/src/msg.rs
@@ -44,11 +44,11 @@ pub enum ExecuteMsg {
         to sign their own address using the private key */
         signed_sender_address: HexBinary,
     },
-    // Authorizes a contract to call StartSigningSession.
+    // Authorizes a contract to call StartSigningSession. Callable only by governance
     AuthorizeCaller {
         contract_address: Addr,
     },
-    // Unauthorizes a contract, so it can no longer call StartSigningSession.
+    // Unauthorizes a contract, so it can no longer call StartSigningSession. Callable only by governance
     UnauthorizeCaller {
         contract_address: Addr,
     },
diff --git a/doc/src/contracts/multisig.md b/doc/src/contracts/multisig.md
@@ -94,6 +94,11 @@ SignatureVerifier->>Multisig: returns true/false
 deactivate Multisig
 ```
 
+## Authorization
+Prior to calling `StartSigningSession`, the prover contract must first be *authorized*.
+For a contract to become authorized, the governance account needs to call `AuthorizeCaller`, and specify the contract address to authorize.
+Similarly, the governance account can revoke authorization of a particular contract by calling `UnauthorizeCaller`.
+
 ## Interface
 
 ```Rust
@@ -108,9 +113,14 @@ pub enum ExecuteMsg {
         session_id: Uint64,
         signature: HexBinary,
     },
+    RegisterWorkerSet {
+        worker_set: WorkerSet,
+    },
+    // callable only by governance
     AuthorizeCaller {
         contract_address: Addr,
     },
+    // callable only by governance
     UnauthorizeCaller {
         contract_address: Addr,
     },
@@ -161,11 +171,11 @@ pub enum Event {
         worker: Addr,
         public_key: PublicKey,
     },
-    // Emitted when a StartSigningSession caller is authorized
+    // Emitted when a contract is authorized by governance to create signing sessions
     CallerAuthorized {
         contract_address: Addr,
     },
-    // Emitted when a StartSigningSession caller is unauthorized
+    // Emitted when a contract is unauthorized by governance to create signing sessions
     CallerUnauthorized {
         contract_address: Addr,
     },
