Building a transaction that will require both payment and stake key?


I was just wondering, is it possible to build a transaction with Cardano Serialization Lib where both payment and stake key will be required without involving any staking operation such as delegating a pool? I need this to prevent the Franken address attack.

Usually, when a build a simple transaction such as making a payment, the transaction usually requires the buyer’s payment key. Here is an example transaction I made with Cardano Serialization Lib.

// Payload from API user
const payload = {
    address: 'addr_test...',
    utxos: [...]

const whitelist = ['stake_test1...', 'stake12']
const paymentAddress = 'addr_test1';
const amount = 10 * 1000000

const buyerStakeAddress =

// Franken address will get pass this
if( !whitelist.includes(buyerStakeAddress.to_address().to_bech32()) )
    return false

const protocol_params = await this.get_protocol_parameters(NetworkInfo.testnet_preprod().network_id())
const linearFee =

const txBuilderCfg =

const txBuilder =;
const inputs =

payload.utxos.forEach(raw => {

    Address.from_bech32(paymentAddress), BigNum.from_str(amount.toString()) )

txBuilder.add_inputs_from(inputs, CoinSelectionStrategyCIP2.RandomImprove)
txBuilder.set_ttl(protocol_params.slot + 3600)

const body =
const witnesses =;
const auxFinal =
const transaction: Transaction = body, witnesses, auxFinal )

return transaction.to_hex()

But this transaction is prone to a Franken address attack as it only requires a payment key signature. How do I build a transaction that will require both payment and staking signatures from the user?


Hey! Were you able to solve this?

how about a withdraw 0 rewards ?

You can’t choose how much you want to withdraw. A withdraw transaction always withdraws everything (and is as far as I remember only possible if there is something to withdraw).

But one can just add required signers to the transaction.

1 Like

it is either 0 or the full amount. :thinking:

For anyone wondering, the solution is quite easy. CSL has built-in support to add any particular key (stake or payment) to be required as a signer.


This is all you need.