[AHM] Use MultiSignature to allow allow ED25519 keys in Multisig (#936)

ggwpez · web-flow · commit 2bf2f71636d9 · 2025-09-26T22:44:51.000+02:00
The simple multisig that we introduced in #929 assumes SR25519 keys. This change now also makes it possible to use ED25519 keys and ECDSA. Video Tut on how to use it https://drive.google.com/file/d/1D5g_EYKMs73XE6lFlU62xOYLEBMp-yb6/view?usp=sharing PS: Also fixing one proxy test. --------- Signed-off-by: Oliver Tale-Yazdi <oliver.tale-yazdi@parity.io>
diff --git a/integration-tests/ahm/src/proxy/basic_still_works.rs b/integration-tests/ahm/src/proxy/basic_still_works.rs
@@ -179,15 +179,6 @@ impl AhMigrationCheck for ProxyBasicWorks {
 		}
 
 		for ((delegatee, delegator), permissions) in pre_and_post.iter() {
-			// Assert storage "Proxy::Proxies::ah_post::correct"
-			let (entry, _) = pallet_proxy::Proxies::<AssetHubRuntime>::get(delegator);
-			if entry.is_empty() {
-				defensive!("Storage entry must exist");
-			}
-
-			let maybe_delay =
-				entry.iter().find(|proxy| proxy.delegate == *delegatee).map(|proxy| proxy.delay);
-
 			let delegatee =
 				pallet_ah_migrator::Pallet::<AssetHubRuntime>::translate_account_rc_to_ah(
 					delegatee.clone(),
@@ -196,6 +187,14 @@ impl AhMigrationCheck for ProxyBasicWorks {
 				pallet_ah_migrator::Pallet::<AssetHubRuntime>::translate_account_rc_to_ah(
 					delegator.clone(),
 				);
+
+			// Assert storage "Proxy::Proxies::ah_post::correct"
+			let (entry, _) = pallet_proxy::Proxies::<AssetHubRuntime>::get(&delegator);
+			assert!(!entry.is_empty(), "Proxies must exist");
+
+			let maybe_delay =
+				entry.iter().find(|proxy| proxy.delegate == delegatee).map(|proxy| proxy.delay);
+
 			Self::check_proxy(&delegatee, &delegator, permissions, maybe_delay.unwrap_or(0));
 		}
 	}
diff --git a/pallets/rc-migrator/src/lib.rs b/pallets/rc-migrator/src/lib.rs
@@ -103,7 +103,7 @@ use runtime_parachains::{
 };
 use sp_core::{crypto::Ss58Codec, H256};
 use sp_runtime::{
-	traits::{BadOrigin, BlockNumberProvider, Dispatchable, Hash, One, Zero},
+	traits::{BadOrigin, BlockNumberProvider, Dispatchable, Hash, IdentifyAccount, One, Zero},
 	AccountId32, Saturating,
 };
 use sp_std::prelude::*;
@@ -628,7 +628,7 @@ pub mod pallet {
 		type AhUmpQueuePriorityPattern: Get<(BlockNumberFor<Self>, BlockNumberFor<Self>)>;
 
 		/// Members of a multisig that can be submit unsigned txs and act as the manager.
-		type MultisigMembers: Get<Vec<sp_core::sr25519::Public>>;
+		type MultisigMembers: Get<Vec<AccountId32>>;
 
 		/// Threshold of `MultisigMembers`.
 		type MultisigThreshold: Get<u32>;
@@ -1315,7 +1315,7 @@ pub mod pallet {
 		pub fn vote_manager_multisig(
 			origin: OriginFor<T>,
 			payload: Box<ManagerMultisigVote<T>>,
-			_sig: sp_core::sr25519::Signature,
+			_sig: sp_runtime::MultiSignature,
 		) -> DispatchResult {
 			let _ = ensure_none(origin);
 
@@ -1364,14 +1364,14 @@ pub mod pallet {
 	)]
 	#[scale_info(skip_type_params(T))]
 	pub struct ManagerMultisigVote<T: Config> {
-		who: sp_core::sr25519::Public,
+		who: sp_runtime::MultiSigner,
 		call: <T as Config>::RuntimeCall,
 		round: u32,
 	}
 
 	impl<T: Config> ManagerMultisigVote<T> {
 		pub fn new(
-			who: sp_core::sr25519::Public,
+			who: sp_runtime::MultiSigner,
 			call: <T as Config>::RuntimeCall,
 			round: u32,
 		) -> Self {
@@ -1389,7 +1389,7 @@ pub mod pallet {
 		_,
 		Twox64Concat,
 		<T as Config>::RuntimeCall,
-		Vec<sp_core::sr25519::Public>,
+		Vec<sp_runtime::MultiSigner>,
 		ValueQuery,
 	>;
 	#[pallet::storage]
@@ -1402,18 +1402,20 @@ pub mod pallet {
 		fn validate_unsigned(_source: TransactionSource, call: &Self::Call) -> TransactionValidity {
 			use sp_runtime::traits::Verify;
 			if let Call::vote_manager_multisig { payload, sig } = call {
-				if !T::MultisigMembers::get().contains(&payload.who) {
+				let account = payload.who.clone().into_account();
+
+				if !T::MultisigMembers::get().contains(&account) {
 					return InvalidTransaction::BadSigner.into()
 				}
-				if !sig.verify(&payload.encode_with_bytes_wrapper()[..], &payload.who) {
+				if !sig.verify(&payload.encode_with_bytes_wrapper()[..], &account) {
 					return InvalidTransaction::BadProof.into()
 				}
 				if ManagerMultisigRound::<T>::get() != payload.round {
 					return InvalidTransaction::Stale.into()
 				}
 				ValidTransaction::with_tag_prefix("AhmMultisig")
 					.priority(sp_runtime::traits::Bounded::max_value())
-					.and_provides(vec![("ahm_multi", payload.who).encode()])
+					.and_provides(vec![("ahm_multi", account).encode()])
 					.propagate(true)
 					.longevity(30)
 					.build()
diff --git a/pallets/rc-migrator/src/types.rs b/pallets/rc-migrator/src/types.rs
@@ -749,7 +749,7 @@ mod xcm_batch_tests {
 
 		// Add messages to multiple batches
 		batch.push(TestMessage::new(10));
-		batch.push(TestMessage::new((MAX_XCM_SIZE - 1) as usize));
+		batch.push(TestMessage::new((MAX_XCM_SIZE - 4) as usize)); // -4 for length prefix
 		batch.push(TestMessage::new(10));
 
 		assert_eq!(batch.len(), 3);
diff --git a/relay/kusama/src/lib.rs b/relay/kusama/src/lib.rs
@@ -52,10 +52,10 @@ use frame_support::{
 	traits::{
 		fungible::HoldConsideration,
 		tokens::{imbalance::ResolveTo, UnityOrOuterConversion},
-		ConstU32, ConstU8, ConstUint, Currency, EitherOf, EitherOfDiverse, EnsureOrigin,
-		EnsureOriginWithArg, Equals, FromContains, InstanceFilter, KeyOwnerProofSystem,
-		LinearStoragePrice, OnUnbalanced, PrivilegeCmp, ProcessMessage, ProcessMessageError,
-		WithdrawReasons,
+		ConstU32, ConstU8, ConstUint, Currency, DefensiveResult, EitherOf, EitherOfDiverse,
+		EnsureOrigin, EnsureOriginWithArg, Equals, FromContains, InstanceFilter,
+		KeyOwnerProofSystem, LinearStoragePrice, OnUnbalanced, PrivilegeCmp, ProcessMessage,
+		ProcessMessageError, WithdrawReasons,
 	},
 	weights::{
 		constants::{WEIGHT_PROOF_SIZE_PER_KB, WEIGHT_REF_TIME_PER_MICROS},
@@ -125,8 +125,8 @@ use sp_runtime::{
 		Get, IdentityLookup, Keccak256, OpaqueKeys, SaturatedConversion, Saturating, Verify,
 	},
 	transaction_validity::{TransactionPriority, TransactionSource, TransactionValidity},
-	ApplyExtrinsicResult, FixedU128, KeyTypeId, OpaqueValue, Perbill, Percent, Permill,
-	RuntimeDebug,
+	AccountId32, ApplyExtrinsicResult, FixedU128, KeyTypeId, OpaqueValue, Perbill, Percent,
+	Permill, RuntimeDebug,
 };
 use sp_staking::{EraIndex, SessionIndex};
 #[cfg(any(feature = "std", test))]
@@ -1908,11 +1908,14 @@ const AH_MAXIMUM_BLOCK_WEIGHT: Weight = Weight::from_parts(
 	polkadot_primitives::MAX_POV_SIZE as u64,
 );
 
-fn multisig_members() -> Vec<sp_core::sr25519::Public> {
-	use sp_core::{crypto::Ss58Codec, ByteArray};
+fn multisig_members() -> Vec<AccountId32> {
+	use sp_core::crypto::Ss58Codec;
 	let addresses = if cfg!(test) {
 		vec![
-			"HNZata7iMYWmk5RvZRTiAsSDhV8366zq2YGb3tLH5Upf74F", // Alice
+			"5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY", // Alice SR25519
+			"5FA9nQDVg267DEd8m1ZypXLBnvN7SFxYwV7ndqSYGiN9TTpu", // Alice ED25519
+			"5C7C2Z5sWbytvHpuLTvzKunnnRwQxft1jiqrLD5rhucQ5S9X", /* Alice ECDSA Address (not SS58
+			                                                     * Public Key) */
 			"FoQJpPyadYccjavVdTWxpxU7rUEaYhfLCPwXgkfD6Zat9QP", // Bob
 			"Fr4NzY1udSFFLzb2R3qxVQkwz9cZraWkyfH4h3mVVk7BK7P", // Charlie
 			"DfnTB4z7eUvYRqcGtTpFsLC69o6tvBSC1pEv8vWPZFtCkaK", // Dave
@@ -1943,9 +1946,7 @@ fn multisig_members() -> Vec<sp_core::sr25519::Public> {
 
 	addresses
 		.into_iter()
-		.filter_map(|ss| sp_runtime::AccountId32::from_ss58check(ss).ok())
-		.map(|acc32| acc32.to_raw_vec())
-		.filter_map(|bytes| sp_core::sr25519::Public::from_slice(&bytes).ok())
+		.filter_map(|ss| sp_runtime::AccountId32::from_ss58check(ss).defensive_ok())
 		.collect()
 }
 
@@ -1959,7 +1960,7 @@ parameter_types! {
 	pub const XcmResponseTimeout: BlockNumber = 30 * DAYS;
 	pub const AhUmpQueuePriorityPattern: (BlockNumber, BlockNumber) = (18, 2);
 
-	pub MultisigMembers: Vec<sp_core::sr25519::Public> = multisig_members();
+	pub MultisigMembers: Vec<AccountId32> = multisig_members();
 
 }
 
@@ -2484,8 +2485,10 @@ mod benches {
 
 		fn alias_origin() -> Result<(Location, Location), BenchmarkError> {
 			let origin = Location::new(0, [Parachain(1000)]);
-			let target =
-				Location::new(0, [Parachain(1000), AccountId32 { id: [128u8; 32], network: None }]);
+			let target = Location::new(
+				0,
+				[Parachain(1000), Junction::AccountId32 { id: [128u8; 32], network: None }],
+			);
 			Ok((origin, target))
 		}
 	}
@@ -3231,12 +3234,15 @@ mod ahm_multisig {
 	use pallet_rc_migrator::ManagerMultisigVote;
 	use sp_core::Pair;
 	use sp_io::TestExternalities;
-	use sp_runtime::traits::{Dispatchable, ValidateUnsigned};
+	use sp_runtime::{
+		traits::{Dispatchable, ValidateUnsigned},
+		MultiSignature, MultiSigner,
+	};
 
 	#[test]
 	fn all_ss58s_decode() {
 		// ensure all non-dev account ids we have are valid ss58s
-		assert_eq!(MultisigMembers::get().len(), 14);
+		assert_eq!(MultisigMembers::get().len(), 16);
 	}
 
 	#[test]
@@ -3257,11 +3263,15 @@ mod ahm_multisig {
 			{
 				// Ferdie is not part of the multisig, will get rejected on validate
 				let ferdie = sp_keyring::Sr25519Keyring::Ferdie.pair();
-				let payload = ManagerMultisigVote::new(ferdie.public(), runtime_call.clone(), 0);
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Sr25519(ferdie.public()),
+					runtime_call.clone(),
+					0,
+				);
 				let sig = ferdie.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
 				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
 					TransactionSource::External,
@@ -3274,30 +3284,37 @@ mod ahm_multisig {
 				// Alice signs a wrong message, rejected
 				let alice = sp_keyring::Sr25519Keyring::Alice.pair();
 				let payload = ManagerMultisigVote::new(
-					sp_keyring::Sr25519Keyring::Bob.pair().public(),
+					MultiSigner::Sr25519(sp_keyring::Sr25519Keyring::Bob.pair().public()),
 					runtime_call.clone(),
 					0,
 				);
 				let sig = alice.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
-				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
-					TransactionSource::External,
-					&call
-				)
-				.is_err());
+				assert!(
+					pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
+						TransactionSource::External,
+						&call
+					)
+					.is_err(),
+					"Alice signs a wrong message, rejected"
+				);
 			}
 
 			let alice_sig_for_first_round = {
 				// Alice signs, not executed yet
 				let alice = sp_keyring::Sr25519Keyring::Alice.pair();
-				let payload = ManagerMultisigVote::new(alice.public(), runtime_call.clone(), 0);
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Sr25519(alice.public()),
+					runtime_call.clone(),
+					0,
+				);
 				let sig = alice.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
 
 				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
@@ -3312,17 +3329,71 @@ mod ahm_multisig {
 					1
 				);
 
-				sig
+				MultiSignature::Sr25519(sig)
 			};
 
+			frame_support::hypothetically!({
+				// Alice ED25519 signs
+				let alice = sp_keyring::Ed25519Keyring::Alice.pair();
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Ed25519(sp_keyring::Ed25519Keyring::Alice.pair().public()),
+					runtime_call.clone(),
+					0,
+				);
+				let sig = alice.sign(payload.encode_with_bytes_wrapper().as_ref());
+				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
+					payload: Box::new(payload),
+					sig: MultiSignature::Ed25519(sig),
+				};
+				assert!(
+					pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
+						TransactionSource::External,
+						&call
+					)
+					.is_ok(),
+					"Alice ED25519 signs"
+				);
+			});
+
+			frame_support::hypothetically!({
+				// Alice ECDSA Address signs
+				let seed = hex_literal::hex!(
+					"cb6df9de1efca7a3998a8ead4e02159d5fa99c3e0d4fd6432667390bb4726854"
+				);
+				let alice = sp_application_crypto::ecdsa::Pair::from_seed_slice(&seed).unwrap();
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Ecdsa(alice.public()),
+					runtime_call.clone(),
+					0,
+				);
+
+				let sig = alice.sign(payload.encode_with_bytes_wrapper().as_ref());
+				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
+					payload: Box::new(payload),
+					sig: MultiSignature::Ecdsa(sig),
+				};
+				assert!(
+					pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
+						TransactionSource::External,
+						&call
+					)
+					.is_ok(),
+					"Alice ECDSA Address signs"
+				);
+			});
+
 			{
 				// Bob signs, still waiting
 				let bob = sp_keyring::Sr25519Keyring::Bob.pair();
-				let payload = ManagerMultisigVote::new(bob.public(), runtime_call.clone(), 0);
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Sr25519(bob.public()),
+					runtime_call.clone(),
+					0,
+				);
 				let sig = bob.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
 				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
 					TransactionSource::External,
@@ -3340,12 +3411,15 @@ mod ahm_multisig {
 			{
 				// charlie signs something else, stored but not used.
 				let charlie = sp_keyring::Sr25519Keyring::Charlie.pair();
-				let payload =
-					ManagerMultisigVote::new(charlie.public(), other_runtime_call.clone(), 0);
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Sr25519(charlie.public()),
+					other_runtime_call.clone(),
+					0,
+				);
 				let sig = charlie.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
 				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
 					TransactionSource::External,
@@ -3372,11 +3446,15 @@ mod ahm_multisig {
 			{
 				// eve signs, dispatched
 				let eve = sp_keyring::Sr25519Keyring::Eve.pair();
-				let payload = ManagerMultisigVote::new(eve.public(), runtime_call.clone(), 0);
+				let payload = ManagerMultisigVote::new(
+					MultiSigner::Sr25519(eve.public()),
+					runtime_call.clone(),
+					0,
+				);
 				let sig = eve.sign(payload.encode_with_bytes_wrapper().as_ref());
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(payload),
-					sig,
+					sig: MultiSignature::Sr25519(sig),
 				};
 				assert!(pallet_rc_migrator::Pallet::<Runtime>::validate_unsigned(
 					TransactionSource::External,
@@ -3400,7 +3478,7 @@ mod ahm_multisig {
 				// Alice's signature from first round cannot be re-used
 				let call = pallet_rc_migrator::Call::<Runtime>::vote_manager_multisig {
 					payload: Box::new(ManagerMultisigVote::new(
-						sp_keyring::Sr25519Keyring::Alice.pair().public(),
+						MultiSigner::Sr25519(sp_keyring::Sr25519Keyring::Alice.pair().public()),
 						runtime_call.clone(),
 						0,
 					)),
