Multisig and Orphans


#1

I was directed here after my Welcome to share some questions about Multi Sig. My concern is that due to the rigid nature of the code that some unforeseen problems may arise.

Imagine you have a Million Ada and you have set up multisig with your partner to stop her buying shoes at a whim. Suddenly she dies for whatever reason. Your funds would now be essentially frozen forever. I understand this may be a simplistic example but my point is there would be no higher power to appeal to make things right. you are totally at the mercy of the contract. This is common in complex systems that attempt to cater to 100% of situations. There’s always the 1% that fall through the cracks.

Any higher power that was able to override it would add centralization and any loophole type release would diminish the secure nature of the contract.

As i have been attempting to think of a solution to this I have decided that it’s more about responsible storage of the private keys external to ADA system but it may be able to be implemented on-chain. This has lead me to another consideration for the Cardano team.

With a guaranteed amount of ADA becoming orphaned from lost keys, unclaimed wallets, small amounts and destroyed paper wallets etc, It could be useful to have a timeout for inactive address’ where the ADA just returns to the foundation to be put to use (say 5-10-15? years of inactivity) rather than float in the cloud forever. The wallet will still hold a “IOU” incase it belongs to a long term deep freeze hodler.

it may provide a nice additional stream of funds for the sustainability of the ADA system.

Thoughts and comments appreciated

Cheers all


#2

I don’t know what the team will do to solve this problem, but here is an idea:

When setting up a multisig account the parties agree on a time interval (say 6 months) they are required to periodically refresh the multisig setup with their own private key. In case one of the parties fail to confirm the setup within the agreed period (probably because of the event of death) the other holder will automatically get full ownership of the account unlocking it for him/her.

What do you think?


#3

Good idea @Gabor_Peto…but I would suggest 60-90 days…


#4

I like this solution a lot! We as the user’s of Cardano may need to push to have this incorporated and maybe even fund it if we want it, I think 30 days would be good as so many bills are monthly and that might be when someone would need to access their funds, but I would also incorporate a code for someone that missed the deadline to input a sig to receive full benefit of being a part of a multisig account.
Disclaimer: never put much thought into this until the OP posted in forum, so I am still thinking about it all.


#5

I mentioned 6 months just for the sake of the example. I imagine this could be written in a way that the time interval can be selected upon account setup from different options ranging from days to years.


#6

I mean there would be no problem just letting them sit there, then we all benefit equal from the burn.


#7

We can also equally benefit if the tokens are not burnt, instead transferred to the treasury.


#8

But then the treasury gains. I think we should keep taxes as a minimum… If they get them it is an increase in taxes… When we set a “fee” aka. tax for the treasury, at least we know what it is going to be. We know what we are paying, there is nothing hidden.

I would have to think about this one, there could be advantages to it, but also some disadvantages.

What if someone stole some funds, and lost the key (happened in bitcoin with huge amounts), and this was now distributed to the treasury 10 years later… Then these people who now demand these funds be distributed to them right? We are setting it up for lots of unintended consequences… Or people claiming they lost certain wallets etc… Thinking they could get it back that way around… I just think there will be a lot of mess… and what if a bug takes place? implementing a system that can actually take money out of wallets and giving it to the treasury could perhaps be misused, or some bug could take place?

Here is what I think is better.

What you could add in your smart-contract was just a 2 year period of inactivity and that key wasn’t needed anymore. I think thats the more simple solution, building a transfer system within that single smart-contract. So each contract can have its own rules.

So in case of multi-sign if one died and no real world deal was made to transfer the sign… Then after 2 year inactivity (if this has been written in) it was transferred to one… This way we keep it to individual parties to set up the rules, to what if and what will happen, and not a overall system governing them.

Because again, lost funds is just value distributed to everyone else, so its not like it is free money just sitting there. If it was, then I could definitely see there was a big argument to be made of figuring out how we could put them to good use.


#9

Well again, you are assuming the treasury will put that money to good use, I highly doubt that. Some of it will be put to good use and these will be the most necessary things, but I believe most of the excess funds will be squandered.

Imagine running a company under democracy… and I for dear god hope it will be 1 ADA to one vote and not taking into account per/human…

Another thing you brought up is the IOU, which is a good idea if it had to be done. But again it complicates the system and opens it up to even more systemic risk… What if a big wallet went into the treasury, it was spend, and then suddenly he was back and there is nothing in the treasury… Again new complications to be sorted… I think the best is just sticking to a simple more raw system and transferring the keys to the individuals, but giving them tools that they can use instead.


#10

Yes exactly how it should be solved, but there shouldn’t be any “set” time, the tool should just be given to users, to use it, or not to use it, and set their own rules/limits.


#11

It’s good to see some clever solutions. I hope the Devs take these into account. It would be nice to see in the wallet when setting up such systems as multi sig, some pre canned options to cover these eventualities such as “check this box for rigid immutability of the contract” so people aren’t caught out.

As for orphaned funds - as funds are burnt, value would be spread evenly amongst the users which I’m ok with :+1:


#12

The Cardano Foundation does read through the forum and the CF members do talk with the Developers, I think it helps that we toss different idea’s around,.