Setting Up a THORChain Multisig

PreviousReview and Audit Guide NextMainnet Deployment Guide

Last updated 22 days ago

Setting Up a THORChain Multisig

This guide walks you through the complete process of creating and using a multisig wallet on THORChain, including the installation of thornode, setting up the multisig key, generating and signing transactions, and finally broadcasting them.

This guide has been prepared with love by the team

🍏 Special Instructions for macOS Users

If you're on macOS, you may encounter issues with default versions of tools like awk, sed, and find, which are not GNU-compliant. To fix this:

Install the GNU versions of the required utilities using Homebrew:

brew install coreutils binutils diffutils findutils gnu-tar gnu-sed gawk grep make

Add the GNU versions to your PATH. Add the following lines to your shell config (~/.zshrc or ~/.bash_profile):

# GNU utils for macOS
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gawk/libexec/gnubin:$PATH"

Then run:

source ~/.zshrc  # or source ~/.bash_profile

Update Go to the required version (at least Go 1.23.4):

brew upgrade go

Verify with:

go version

Once all is set up, you're good to go with make install.

🔧 Prerequisites

Each member of the multisig must:

Have access to a local terminal.
Install thornode.
Share their public key with the group.
Be able to sign and submit transactions individually.

📦 Step 1: Install `thornode`

Install the Thorchain CLI binary on your machine:

git clone https://gitlab.com/thorchain/thornode.git
cd thornode
TAG=mainnet make install

This installs the thornode binary in your $GOPATH/bin. Make sure it's in your system path.

Each participant should create a new key (if they don't already have one):

thornode keys add <your-key-name>

Then export your public key:

thornode keys show <your-key-name> -p

Share this public key with all other members.

To import a public key shared by another participant, use:

thornode keys add <other-key-name> --pubkey <their-public-key>

Once you have everyone's pubkeys imported, you can create the multisig key.

🔐 Step 3: Create the Multisig Key

Each participant must locally create the multisig key with the same set of public keys and threshold:

thornode keys add <multisig-key-name> --multisig=<comma-separated-pubkeys> --multisig-threshold=<N>

Example:

thornode keys add multisig-xx --multisig=pubkey1,pubkey2,pubkey3 --multisig-threshold=2

⚠️ This must be done identically by all participants.

📝 Step 4: Generate the Transaction (Only Once)

One participant prepares a transaction to send 1 RUNE and exports it to JSON (leave some RUNE for paying the fee):

thornode tx bank send <multisig-key-name> <destination-address> 1000000000rune --generate-only --chain-id thorchain-1 > tx.json

This transaction file is then shared with all multisig participants.

✍️ Step 5: Each Participant Signs the Transaction

Each participant signs the transaction using their own key and the multisig key:

thornode tx sign tx.json \
  --from <your-key-name> \
  --multisig <multisig-key-name> \
  --node https://rpc.ninerealms.com:443 \
  --chain-id thorchain-1 \
  --output-document sig-<your-name>.json

Everyone sends their sig-<your-name>.json file to the coordinator.

🧷 Step 6: Combine Signatures and Broadcast

One person aggregates the signatures and broadcasts the final signed transaction:

thornode tx multi-sign tx.json <multisig-key-name> sig-1.json sig-2.json ... --chain-id thorchain-1 --node https://rpc.ninerealms.com:443 > signed.json

thornode tx broadcast signed.json --chain-id thorchain-1 --node https://rpc.ninerealms.com:443

✅ Final Step: Test It

Once the multisig address is finalized and funded, you can test the setup by executing a multisig transaction that sends 1 RUNE to a known address as shown above.

🤝 Summary

Every member installs thornode, generates their key, and shares the pubkey.
All members must create the same multisig locally.
One person creates the transaction; everyone signs.
The final signed transaction is broadcast by one member.
The process ensures security and collective review before execution.

PreviousReview and Audit Guide NextMainnet Deployment Guide

Last updated 22 days ago

This guide has been prepared with love by the team

🍏 Special Instructions for macOS Users

If you're on macOS, you may encounter issues with default versions of tools like awk, sed, and find, which are not GNU-compliant. To fix this:

Install the GNU versions of the required utilities using Homebrew:

brew install coreutils binutils diffutils findutils gnu-tar gnu-sed gawk grep make

Add the GNU versions to your PATH. Add the following lines to your shell config (~/.zshrc or ~/.bash_profile):

# GNU utils for macOS
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gawk/libexec/gnubin:$PATH"

Then run:

source ~/.zshrc  # or source ~/.bash_profile

Update Go to the required version (at least Go 1.23.4):

brew upgrade go

Verify with:

go version

Once all is set up, you're good to go with make install.

🔧 Prerequisites

Each member of the multisig must:

Have access to a local terminal.
Install thornode.
Share their public key with the group.
Be able to sign and submit transactions individually.

📦 Step 1: Install `thornode`

Install the Thorchain CLI binary on your machine:

git clone https://gitlab.com/thorchain/thornode.git
cd thornode
TAG=mainnet make install

This installs the thornode binary in your $GOPATH/bin. Make sure it's in your system path.

Each participant should create a new key (if they don't already have one):

thornode keys add <your-key-name>

Then export your public key:

thornode keys show <your-key-name> -p

Share this public key with all other members.

To import a public key shared by another participant, use:

thornode keys add <other-key-name> --pubkey <their-public-key>

Once you have everyone's pubkeys imported, you can create the multisig key.

🔐 Step 3: Create the Multisig Key

Each participant must locally create the multisig key with the same set of public keys and threshold:

thornode keys add <multisig-key-name> --multisig=<comma-separated-pubkeys> --multisig-threshold=<N>

Example:

thornode keys add multisig-xx --multisig=pubkey1,pubkey2,pubkey3 --multisig-threshold=2

⚠️ This must be done identically by all participants.

📝 Step 4: Generate the Transaction (Only Once)

One participant prepares a transaction to send 1 RUNE and exports it to JSON (leave some RUNE for paying the fee):

thornode tx bank send <multisig-key-name> <destination-address> 1000000000rune --generate-only --chain-id thorchain-1 > tx.json

This transaction file is then shared with all multisig participants.

✍️ Step 5: Each Participant Signs the Transaction

Each participant signs the transaction using their own key and the multisig key:

thornode tx sign tx.json \
  --from <your-key-name> \
  --multisig <multisig-key-name> \
  --node https://rpc.ninerealms.com:443 \
  --chain-id thorchain-1 \
  --output-document sig-<your-name>.json

Everyone sends their sig-<your-name>.json file to the coordinator.

🧷 Step 6: Combine Signatures and Broadcast

One person aggregates the signatures and broadcasts the final signed transaction:

thornode tx multi-sign tx.json <multisig-key-name> sig-1.json sig-2.json ... --chain-id thorchain-1 --node https://rpc.ninerealms.com:443 > signed.json

thornode tx broadcast signed.json --chain-id thorchain-1 --node https://rpc.ninerealms.com:443

✅ Final Step: Test It

Once the multisig address is finalized and funded, you can test the setup by executing a multisig transaction that sends 1 RUNE to a known address as shown above.

🤝 Summary

Every member installs thornode, generates their key, and shares the pubkey.
All members must create the same multisig locally.
One person creates the transaction; everyone signs.
The final signed transaction is broadcast by one member.
The process ensures security and collective review before execution.

🍏 Special Instructions for macOS Users

🔧 Prerequisites

📦 Step 1: Install thornode

🧩 Step 2: Generate and Share Public Keys

🔐 Step 3: Create the Multisig Key

📝 Step 4: Generate the Transaction (Only Once)

✍️ Step 5: Each Participant Signs the Transaction

🧷 Step 6: Combine Signatures and Broadcast

✅ Final Step: Test It

🤝 Summary

🍏 Special Instructions for macOS Users

🔧 Prerequisites

📦 Step 1: Install thornode

🧩 Step 2: Generate and Share Public Keys

🔐 Step 3: Create the Multisig Key

📝 Step 4: Generate the Transaction (Only Once)

✍️ Step 5: Each Participant Signs the Transaction

🧷 Step 6: Combine Signatures and Broadcast

✅ Final Step: Test It

🤝 Summary

📦 Step 1: Install `thornode`

📦 Step 1: Install `thornode`