Upgrade multisig

Signed-off-by: Eval EXEC <[email protected]>

Author: eval-exec

Cargo.lock

@@ -19,7 +19,7 @@ ckb-util = "=0.200.0"
 ckb-error = "=0.200.0"
 ckb-script = "=0.200.0"
 ckb-chain-spec = "=0.200.0"
-ckb-sdk = { version = "3.7.0", features = ["native-tls-vendored"] }
+ckb-sdk = { git="https://github.com/eval-exec/ckb-sdk-rust", branch="exec/upgrade-multisig", features = ["native-tls-vendored"] }
 ckb-mock-tx-types = "=0.200.0"
 ckb-signer = { path = "ckb-signer", version = "0.4.1" }
 plugin-protocol = { path = "plugin-protocol", package = "ckb-cli-plugin-protocol", version = "=1.3.1" }

Cargo.toml

@@ -27,4 +27,4 @@ anyhow = "1.0.63"
 ckb-types = "=0.200.0"
 ckb-hash = "=0.200.0"
 ckb-crypto = { version = "=0.200.0", features = ["secp"] }
-ckb-sdk = { version = "3.7.0", features = ["native-tls-vendored"] }
+ckb-sdk = { git="https://github.com/eval-exec/ckb-sdk-rust", branch="exec/upgrade-multisig", features = ["native-tls-vendored"] }

ckb-signer/Cargo.toml

@@ -2,7 +2,7 @@ use std::collections::HashMap;
 
 use anyhow::{anyhow, Result};
 use ckb_sdk::{
-    constants::{MULTISIG_TYPE_HASH, SIGHASH_TYPE_HASH},
+    constants::{MultisigScript, SIGHASH_TYPE_HASH},
     traits::{
         CellCollector, CellQueryOptions, DefaultCellCollector, DefaultHeaderDepResolver,
         DefaultTransactionDependencyProvider, OffchainTransactionDependencyProvider, Signer,
@@ -79,10 +79,7 @@ pub fn build_tx<T: ChangeInfo>(
         .iter()
         .filter_map(|info| info.build_cell_output(lock_script, first_cell_input))
         .unzip();
-    let mut cell_deps = vec![genesis_info.sighash_dep()];
-    if multisig_config.is_some() {
-        cell_deps.push(genesis_info.multisig_dep());
-    }
+
     let mut unlockers = HashMap::new();
     let signer = DummySigner {
         args: vec![from_address.payload().args()],
@@ -93,10 +90,22 @@ pub fn build_tx<T: ChangeInfo>(
         sighash_script_id,
         Box::new(sighash_unlocker) as Box<dyn ScriptUnlocker>,
     );
+
+    let mut cell_deps = vec![genesis_info.sighash_dep()];
     if let Some(cfg) = multisig_config {
+        let multisig_script =
+            MultisigScript::try_from(cfg.lock_code_hash()).unwrap_or_else(|_err| {
+                panic!(
+                    "Failed to get multisig script from {}",
+                    cfg.lock_code_hash(),
+                )
+            });
+
+        cell_deps.push(genesis_info.multisig_dep(multisig_script));
+
         let multisig_signer = SecpMultisigScriptSigner::new(Box::new(signer), cfg.clone());
         let multisig_unlocker = SecpMultisigUnlocker::new(multisig_signer);
-        let multisig_script_id = ScriptId::new_type(MULTISIG_TYPE_HASH.clone());
+        let multisig_script_id = multisig_script.script_id();
         unlockers.insert(
             multisig_script_id,
             Box::new(multisig_unlocker) as Box<dyn ScriptUnlocker>,

src/subcommands/deploy/tx_builder.rs

@@ -14,6 +14,8 @@ pub mod wallet;
 
 pub use account::AccountSubCommand;
 pub use api_server::ApiServerSubCommand;
+use ckb_sdk::constants::MultisigScript;
+use ckb_types::H256;
 pub use dao::DAOSubCommand;
 pub use deploy::DeploySubCommand;
 pub use mock_tx::MockTxSubCommand;
@@ -26,10 +28,13 @@ pub use tx::TxSubCommand;
 pub use util::UtilSubCommand;
 pub use wallet::{TransferArgs, WalletSubCommand};
 
-use clap::ArgMatches;
+use clap::{Arg, ArgMatches};
 use serde::Serialize;
 
-use crate::utils::printer::{OutputFormat, Printable};
+use crate::utils::{
+    arg_parser::{ArgParser, FixedHashParser},
+    printer::{OutputFormat, Printable},
+};
 
 pub struct Output {
     stdout: Option<serde_json::Value>,
@@ -95,3 +100,29 @@ Key Considerations:
 - Permanent Immutability: Script logic and data will be permanently fixed on-chain.
 - No Recovery Mechanism: If vulnerabilities or defects exist in the script, there is no way to upgrade, patch, or revoke it.
 - Use with Caution: Thoroughly audit and test the script before deployment. This option is recommended only for scenarios requiring absolute finality, where script behavior must remain tamper-proof indefinitely.";
+
+fn arg_multisig_code_hash() -> Arg<'static> {
+    let arg_multisig_code_hash = Arg::with_name("multisig-code-hash")
+            .long("multisig-code-hash")
+            .takes_value(true)
+            .multiple(false)
+            .required(true)
+            .possible_values(&[
+                // legacy code hash
+                "legacy",
+                "0x5c5069eb0857efc65e1bca0c07df34c31663b3622fd3876c876320fc9634e2a8",
+                // V2 code hash
+                "v2",
+                "0x36c971b8d41fbd94aabca77dc75e826729ac98447b46f91e00796155dddb0d29",
+            ])
+        .about("Specifies the multisig code hash to use:\n    - v2(default): `0x36c971b8d41fbd94aabca77dc75e826729ac98447b46f91e00796155dddb0d29`. \n    - legacy(deprecated): `0x5c5069eb0857efc65e1bca0c07df34c31663b3622fd3876c876320fc9634e2a8` is NOT recommended for use.\n\n");
+    arg_multisig_code_hash
+}
+
+fn arg_get_multisig_code_hash(m: &ArgMatches) -> Result<H256, String> {
+    match m.value_of("multisig-code-hash").unwrap() {
+        "legacy" => Ok(MultisigScript::Legacy.script_id().code_hash),
+        "v2" => Ok(MultisigScript::V2.script_id().code_hash),
+        _ => FixedHashParser::<H256>::default().from_matches(m, "multisig-code-hash"),
+    }
+}