Notifications and Ignoring Multisig Transactions
Blockchain transactions typically involve the transfer of assets or data between parties and include details such as sender and receiver addresses, transaction amount, and timestamp (block).
Tatum’s Decision on Ignoring Multisig Transactions
Tatum Notification service ignores all transactions that involve Multisig (multi-signature) addresses.
- Multisig Addresses: These are addresses that require multiple private keys to authorize a transaction. They are intended to enhance security by requiring approvals from multiple parties before a transaction is executed.
- Policy Rationale: Tatum Notification service ignores Multisig transactions due to the potential for malicious exploitation in certain setups. Specifically, Multisig configurations such as 2/3 variants or other setups where only a subset of private keys is required to authorize a transaction can be exploited maliciously. This measure aims to protect the integrity and security of the notification service.
Additional information about Multisig is available in this tutorial.
Good to Know
- UTXO chains (like Bitcoin, Dogecoin, and others) are targets for Multisig malicious actors.
- Finding unsuspecting addresses belonging to a Multisig address involves a leaked XPUB.
- Tatum strongly encourages redundancy checks on the user side. Examples include:
- Fetching transactions by hash independently, ideally from a third-party provider's node, to eliminate chain split or other possible node issues.
- Parsing the outputs of a transaction—since all UTXO-based transactions consume inputs and produce outputs:
- Find the output(s) related to the recipient's address.
- Verify that the output is directly related only to the recipient's address (not a multisig address, for example).
- Implementing other measures at the user's discretion.
Updated 4 months ago