Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Multisig

Three multisig flavors ship as first-class script patterns. Pick the one that matches your trust model.

PatternRequired signersTypical use
2-of-2both partiesjoint custody, payment channels, two-party agreement
1-of-2either partyshared account with two key holders, backup access
2-of-3any two of threecommittee governance, 2FA with recovery key

All three use exfer script <pattern>-lock to lock funds and <pattern>-spend to unlock them.

2-of-2

Both signatures required. Use when the two parties must agree.

# Lock
exfer script multisig2of2-lock \
    --wallet    ~/my-wallet.key \
    --pubkey-b  <OTHER_PUBKEY_HEX> \
    --amount    "10 EXFER" \
    --rpc       "$RPC" \
    --json

# Spend (both wallets sign)
exfer script multisig2of2-spend \
    --wallet    ~/wallet-a.key \
    --wallet2   ~/wallet-b.key \
    --tx-id     <LOCK_TX_ID> \
    --to        <DESTINATION_ADDRESS> \
    --rpc       "$RPC" \
    --json

1-of-2

Either signer can unlock. Use when you want a backup keyholder who can recover funds independently.

exfer script multisig1of2-lock \
    --wallet    ~/my-wallet.key \
    --pubkey-b  <OTHER_PUBKEY_HEX> \
    --amount    "10 EXFER" \
    --rpc       "$RPC" \
    --json

exfer script multisig1of2-spend \
    --wallet        ~/my-wallet.key \
    --tx-id         <LOCK_TX_ID> \
    --other-pubkey  <OTHER_PUBKEY_HEX> \
    --path          a \
    --rpc           "$RPC" \
    --json

--path is a if your key was registered first (the --wallet side of multisig1of2-lock), b otherwise. Getting this wrong produces a script-evaluation failure at submit time.

2-of-3

Any two of three signers. Quorum / committee patterns.

exfer script multisig2of3-lock \
    --wallet    ~/my-wallet.key \
    --pubkey-b  <PUBKEY_B_HEX> \
    --pubkey-c  <PUBKEY_C_HEX> \
    --amount    "10 EXFER" \
    --rpc       "$RPC" \
    --json

exfer script multisig2of3-spend \
    --wallet    ~/signer1.key \
    --wallet2   ~/signer2.key \
    --tx-id     <LOCK_TX_ID> \
    --to        <DESTINATION_ADDRESS> \
    --pubkey-a  <PUBKEY_A_HEX> \
    --pubkey-b  <PUBKEY_B_HEX> \
    --pubkey-c  <PUBKEY_C_HEX> \
    --path      ab \
    --rpc       "$RPC" \
    --json

--path selects which pair of the three keys are signing: ab, ac, or bc. The two --wallet files must correspond, in order, to the two positions in --path.

Common pitfalls

  • Wrong --path. The CLI accepts the spend but the network rejects it because the script eval fails. Re-derive the path from your wallet positions at lock time.
  • Pubkey vs address mixup. --pubkey-* flags want the 64-hex public key (from exfer wallet info), not the address. Addresses are derived from pubkeys but are not the same value.
  • Lost cosigner. For 2-of-2, losing one key bricks the funds. For 2-of-3, you can still recover with the remaining two — that's the main reason to choose 2-of-3 over 2-of-2 for any non-trivial value.
  • HTLC payments — hash-based conditional spending.
  • Vault — primary + recovery key combination.
  • Escrow — three-path mutual / arbiter / timeout.