Setting Up a THORChain Multisig
This guide walks you through the complete process of creating and using a multisig wallet on THORChain, including the installation of thornode
, setting up the multisig key, generating and signing transactions, and finally broadcasting them.
This guide has been prepared with love by the AutoRujira team โค๏ธ
๐ Special Instructions for macOS Users
If you're on macOS, you may encounter issues with default versions of tools like awk
, sed
, and find
, which are not GNU-compliant. To fix this:
Install the GNU versions of the required utilities using Homebrew:
brew install coreutils binutils diffutils findutils gnu-tar gnu-sed gawk grep make
Add the GNU versions to your
PATH
. Add the following lines to your shell config (~/.zshrc
or~/.bash_profile
):
# GNU utils for macOS
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gawk/libexec/gnubin:$PATH"
Then run:
source ~/.zshrc # or source ~/.bash_profile
Update Go to the required version (at least Go 1.23.4):
brew upgrade go
Verify with:
go version
Once all is set up, you're good to go with make install
.
๐ง Prerequisites
Each member of the multisig must:
Have access to a local terminal.
Install
thornode
.Share their public key with the group.
Be able to sign and submit transactions individually.
๐ฆ Step 1: Install thornode
thornode
Install the Thorchain CLI binary on your machine:
git clone https://gitlab.com/thorchain/thornode.git
cd thornode
TAG=mainnet make install
This installs the
thornode
binary in your$GOPATH/bin
. Make sure it's in your system path.
๐งฉ Step 2: Generate and Share Public Keys
Each participant should create a new key (if they don't already have one):
thornode keys add <your-key-name>
Then export your public key:
thornode keys show <your-key-name> -p
Share this public key with all other members.
To import a public key shared by another participant, use:
thornode keys add <other-key-name> --pubkey <their-public-key>
Once you have everyone's pubkeys imported, you can create the multisig key.
๐ Step 3: Create the Multisig Key
Each participant must locally create the multisig key with the same set of public keys and threshold:
thornode keys add <multisig-key-name> --multisig=<comma-separated-pubkeys> --multisig-threshold=<N>
Example:
thornode keys add multisig-xx --multisig=pubkey1,pubkey2,pubkey3 --multisig-threshold=2
โ ๏ธ This must be done identically by all participants.
๐ Step 4: Generate the Transaction (Only Once)
One participant prepares a transaction to send 1 RUNE and exports it to JSON (leave some RUNE for paying the fee):
thornode tx bank send <multisig-key-name> <destination-address> 1000000000rune --generate-only --chain-id thorchain-1 > tx.json
This transaction file is then shared with all multisig participants.
โ๏ธ Step 5: Each Participant Signs the Transaction
Each participant signs the transaction using their own key and the multisig key:
thornode tx sign tx.json \
--from <your-key-name> \
--multisig <multisig-key-name> \
--node https://rpc.ninerealms.com:443 \
--chain-id thorchain-1 \
--output-document sig-<your-name>.json
Everyone sends their sig-<your-name>.json
file to the coordinator.
๐งท Step 6: Combine Signatures and Broadcast
One person aggregates the signatures and broadcasts the final signed transaction:
thornode tx multi-sign tx.json <multisig-key-name> sig-1.json sig-2.json ... --chain-id thorchain-1 --node https://rpc.ninerealms.com:443 > signed.json
thornode tx broadcast signed.json --chain-id thorchain-1 --node https://rpc.ninerealms.com:443
โ
Final Step: Test It
Once the multisig address is finalized and funded, you can test the setup by executing a multisig transaction that sends 1 RUNE to a known address as shown above.
๐ค Summary
Every member installs
thornode
, generates their key, and shares the pubkey.All members must create the same multisig locally.
One person creates the transaction; everyone signs.
The final signed transaction is broadcast by one member.
The process ensures security and collective review before execution.
Last updated