During the Extraordinary General Assembly of Dec. 4th, our members committed to endowing the non-profit treasury with a more significant amount of funds. The objective was twofold:
- ensuring that the participants have "skin in the game" beyond the mere 100€ in membership fees, and so feel more committed to the success of the organization
- allowing the organization to more easily invest in its development
The first step was to ensure that those who pledged to contribute had the HBD in their own accounts.
This was confirmed before mid December.
The second step was to modify the account authorities of our treasury account, @ocl-trez, to give a proportional signing right to the participants.
Here is where things went sideways. The user interface of the Hive Multisig server (multisig.hive-keychain.com) is relatively rudimentary and the rather complex concepts of multisignature are nowhere explained with sufficient clarity.
For the "active auhtorities", one can add both "accounts" and "keys". So I started by adding both account auhtorities and public keys of the (same) accounts. I didn't understand how these were treated, it seemed as the server was adding both account weight and key weight (of the same account) before comparing to the threshold. So I set the threshold accordingly to 18. But then I realized it was very messy and unclear and probably not needed, so I started deleting the keys and keeping just the accounts, because this way the people could still decide to change their passwords (which would change their public active key).
However I didn't realize that, for a strange reason, the weigths associated with the accounts had not been taken into account correctly - the weight of both reload.finance and sorin.offchain were registered as "1" instead of "10". This might have been the result of an interface glitch, but with the keys authorities erased, I ended up locking everybody out of the account, because the remaining account authorities would not, under any circumstance, be able to reach the threshold!
This is a clear bug at several levels:
- the multisig server should check (simple sum) and avoid broadcasting a tx where the sum of authorities is below the desired threshold
- the blockchain itself should do a similar check and reject an "account update" tx where the sum of authorities is below the threshold.
I therefore opened an issue in the Hive repository
Meanwhile, in order to unlock the account, I was advised to resort to the owner key that overrides the active auhtorities. The multisig server interface did not offer any way to sign an account update operation with the owner key though (suggestion for improvement). I've tried using an updated version of msteem, a very versatile multisig interface built years ago for steem by @jga: https://joticajulian.github.io/msteem/#/sign
The graphical user interface is very comprehensive but the Hive blockchain would throw an error and reject the operation. Turns out that the serialization rules are very strictly enforced by the Hive nodes - for instance the accounts need to be sorted in alphabetical order in the JSON (sic!). msteem thus needs a more thorough update to be able to build complex Hive operations
The solution came from @pharesim who wrote a Python script (using beem) that built and signed with the owner key an operation correcting the situation.
All's well that ends well, now the OffChain Luxembourg a.s.b.l. has more than 47 000 HBD (and another 2000 are expected), generating about 600 HBD in monthly interest.