Approve multisig proposals with any local signer, Add keystone support#563
Conversation
When multiple local accounts are members of the same multisig, the approve UX previously keyed only off myMemberAccountId. After that account signed, co-signers on the same device had no path to approve. Detect all local signers, keep Approve available until every local member has signed, and show an account picker when more than one unsigned local signer remains. Closes #562
Multisig approve/execute/cancel assumed a local mnemonic. When the selected signer is a Keystone account, hand off to a shared extrinsic QR sign + scan path (same pattern as transfers) and submit with the external signature. Adds KeystoneExtrinsicSession plus generic sign/scan screens, and hardware submit methods on TransactionSubmissionService.
| return signer; | ||
| } | ||
|
|
||
| bool _isHardwareSigner(Account signer) { |
There was a problem hiding this comment.
I think we already have the extension for checking if account is hardware wallet or high security or other type of account, so we don't need to create new function everytime
There was a problem hiding this comment.
this is a small utility method for debugging, it's ok
| children: [ | ||
| Text( | ||
| account.name, | ||
| style: text.smallParagraph?.copyWith(color: colors.textPrimary, fontWeight: FontWeight.w600), |
There was a problem hiding this comment.
property color is unnecessary since we use textPrimary by default.
| final frame = (size.width - 96).clamp(220.0, 300.0); | ||
| final progress = _expectedParts == null ? null : (_seenSeq.length / _expectedParts!).clamp(0.0, 1.0); | ||
|
|
||
| return Scaffold( |
There was a problem hiding this comment.
I remember we already have this keystone scan like screen, can't we refactor it to be reusable instead of creating totally new screen?
There was a problem hiding this comment.
This is pretty bad.
Fixed.
dewabisma
left a comment
There was a problem hiding this comment.
So, does it mean when we have multiple eligible signers, we have to sign twice in the app now?
Some changes needed.
|
On the multiple eligible signers question: no, one tap on Approve does not make the user sign twice. The picker only chooses which eligible local account performs this approval, and that submits one signature. If the device owns another multisig member and the threshold still needs its approval, the user can deliberately approve again as that second account in a separate action. This PR makes that second local approval possible; it does not combine or automatically request both signatures. |
general architecture improvement, renamed widgets so they make more sense
|
Fixed two DRY violations, please review again, commented on other comments Tested the full hardware flow again, both send and msig approve |
I see, it means, we have to really deliberate even if the signers are both in the mobile app. |
| if (session.primaryDetail != null) | ||
| Text( | ||
| session.primaryDetail!, | ||
| style: text.smallTitle?.copyWith(color: colors.textPrimary), |
There was a problem hiding this comment.
Unnecessary color override.
| style: text.detail?.copyWith( | ||
| color: colors.textMuted, | ||
| fontFamily: AppTextTheme.fontFamilySecondary, | ||
| fontSize: 12, |
There was a problem hiding this comment.
Unnecessary fontSize override
dewabisma
left a comment
There was a problem hiding this comment.
Looking great! Just few nits.
|
Co0l.. I do not think default overrides are an error, they're a feature (maybe we don't wanna rely on "default" and not be boxed in with all the other items who are using default, if any) |




Summary
myMemberAccountId, so after that account signed there was no way for another local co-signer to approve.Mnemonic not found for signing— multisig approve/execute/cancel detect Keystone accounts and use the shared QR sign → scan signature → external submit path (same pattern as transfers).Changes
KeystoneExtrinsicSession+ sign/scan screensTest plan