The NEM Team would like to thank Kailin O'Donnell (Telegram: @kodtycoon) for making this project.
Nem multisignature transactions are highly innovative, being the first on-chain multisignature solution. Multisignature transactions are also vital if you want to maintain a high level of security, but can also be a lot of hassle if you perform a lot of these transactions. To make this task simpler, a user deployed bot has been developed, which can be deployed on any Windows server very easily, and configured via the app.config file.
You can even split up a multisig account into many signers and run this app on a different geographically separated servers, essentially making this act as a distributed smart signing contract app.
Why do I need a distributed smart signing app?
XEMsign can give a business an extra layer of security and/or automation. Let's use an asset faucet for example. Let's say a new coin has been built on NEM and the creator wants to give away small amounts. Normally with faucets, the private key is held on the server of the faucet and that servers IP is easily known, meaning... that if that server is hacked, all the funds can be stolen, and this has happened to many faucets in the past. But an asset faucet on NEM can be secured by two, three, or even more geographically distributed servers. A faucet server can initiate a transaction and other servers in other locations can sign, but these other servers will never have their IP exposed at anytime making them almost impossible to hack. Meaning they can safely review the transactions, limits, amounts, accounts, and then sign or not sign based on the rule sets made in the config file.
XEMsign is essentially a 2nd layer distributed smart contract used for transaction authorizations. The other uses for this kind of application are many and include the following:
- Automated swaps for ICOs and token exchanges
- Third party banking services wanting to apply account control, spending limits, google auth 2FA, and white lists to their customers
- Personal security for hot wallets
- Centralized approval for assets associated with company or country assuring certain accounts associated with that country and/or government are operating with in the regulations set by law.
XEMsign is a multisig signing bot that will hopefully promote the use of multisignature accounts, by reducing the amount of time spent using multiple devices to sign transactions, while also enforcing a rule set on account transactions.
The config file allows for a rule set to be applied to the signing of transactions, rules that include a white list of accounts to which transactions can be sent, a blacklist of accounts to which transactions can’t be sent, max and min transaction size, max number of transactions per day, per week, per month, the sum total max transaction value per day, week or month, secret code, and you can set the deadline to be applied to the transaction.
A user of the bot can add as many co-signatories as they wish for different accounts, however the same rule set will be applied to each account. If you choose for some reason to have different rulesets, you can run multiple instances of XEMsign. To run the bot you will need only two things. A Windows machine on which to run the bot, and the bot itself.
Within the config file you will find a number of fields that you can edit. Edit the rule-set to your liking, insert the private key of a cosignatory of the multisig account you wish to monitor and run the XEMSign.exe file.
Do note that the bot will scan all accounts that the co-signatory is a co-signatory on. You should see a notification on the console that the bot is running. If any transactions are performed, it will print out some details about the transaction, whether it was successfully signed, and if not, why it didn’t pass.
Note: The bot is currently only tested on Windows 10. It is known to fail on Windows 7, though it will be updated with a new SDK #soon that should allow it to run smoothly on older systems. The secret message feature will also be swapped out for Google 2FA once enough time permits.
Setting up a server for the bot
To set up a Windows server, you can follow this guide.
Once you have done this, download the bot source files from the repository. Once downloaded, unzip the files to your wherever you like, and open the app.config file with notepad or any other text editor.
Downloading a pre-built bot
You can download a pre-built testnet version of the bot here
Building the bot
To build a XEMsign project from the source you will need to clone the repo or download the source files from github.
Once you have the project source files, you will need to build the project with Visual Studio. You can download visual studio from here. When installing you can go with all the basic install options. Once you have installed visual studio, run it and go to "open existing project."
Find the project folder you downloaded or cloned earlier, and within it, you should find a file called XEMSign.sln. Sln files are Visual Studio Solution files. Choose that file to open the project. Once open we will need to build the project, but first, swap over to release as seen below.
To build the project, go to the build tab and select build.
Wait for it to build, and you should see a message in the output window telling you it was built successfully. If you can't see this window, go to the view tab and select “output”.
After the project has been built, you can go to the project folder |Directory|\SigningBot\XEMSign\bin\Release. All the files to run the bot are contained in this folder.
To edit the app configuration, open the app.config file in a text editor. From there you can add private keys, whitelist or blacklist accounts and modify any of the other rules. The first part of the configuration file should look as follows:
In section 1, enter the private keys for the signatory accounts you wish to monitor. The bot will monitor all multisignature accounts the cosignatory is a signatory on.
In section 2, enter any accounts you wish to white list. If any addresses are included in this section, the bot will only sign transactions for which the recipient is present in this list.
In section 3, enter any accounts you wish to black list. The bot will refuse to sign any transactions to accounts listed here.
The second part of the the config file looks as follows:
Use section 5 to set the minimum and maximum balance range for the multisignature account. If the balance goes outside the bounds of the range, transactions from the multisig account will be refused.
In section 6, you can set the maximum and minimum transaction size for any given transaction. If the transaction amount is outside the bounds of the range, the transaction will be refused.
In section 7, you can set the max number of transactions that can be signed per day, week, or month. Should the account perform more than the specified transactions within this time frame, any subsequent transactions will be refused. The time frames roll over, so the limit for 1 day, is set to include any transactions in the past 24 hours. The weekly and monthly limits behave in the same manner.
Section 8 works in a very similar way to section 7, except that it constrains the total amount of xem transacted rather than the number of transactions.
Section 9 should not technically be included at this time and has be removed. It has been listed here for anyone who may have already downloaded/compiled the bot.
Section 10 allows a user to define the deadline that should be applied to the signature transactions. The default if left unchanged results in a 24 hour deadline, the maximum for multisig signature transactions.
Deploying the bot
To deploy the bot, simply zip the Release folder, move the folder to the machine on which you want to run the bot, unzip it, and run the XEMSign.exe file.
If you wish to clear all transaction history, you can find a folder in the %appdata% folder called XEMSign, and within this folder, there is a single file. You can delete this file if you wish to clear all transaction history. The folder is normally a hidden folder so if the folder cannot be found, go to control panel and show hidden files and folders.