# Setting Up a THORChain Multisig

To instantiate, store and deploy contracts on Rujira, teams need to setup a multisig on THORChain. There are currently three ways to setup a multisig on THORChain:

1. DAODAO
2. Keplr Multisig
3. Thornode Multisig Key

## 1. DAODAO

The preferred option to setup a multisig is using [daodao.zone](https://daodao.zone/) because it let's teams not just sign off on transactions, but contains a whole library of actions that satisfy all the needs a decentralised team will ever need:

<figure><img src="https://780454749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fjck9fGNvnlDMHj7pa6Gz%2Fuploads%2Fj4dh9duwMao7jj4IjX9t%2FScreenshot%202025-08-08%20at%2011.32.42.png?alt=media&#x26;token=cf393065-dfc6-4b54-88a8-05b09030dc4a" alt=""><figcaption></figcaption></figure>

You can create a DAO on DAODAO using this link: <https://daodao.zone/dao/create?chain=thorchain-1>

## 2. Keplr Multisig

THORChain is available on [Keplr Wallet](https://www.keplr.app/) and hence [Keplr Multisig](https://multisig.keplr.app/), allowing teams to create simple multisigs to sign off on THORChain transactions:

<figure><img src="https://780454749-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fjck9fGNvnlDMHj7pa6Gz%2Fuploads%2FkWK9x6vqK5d84sjmlrar%2FScreenshot%202025-08-08%20at%2011.41.49.png?alt=media&#x26;token=3fa1c3d3-c353-465e-97b2-635812441ac4" alt=""><figcaption></figcaption></figure>

You can create a Keplr Multisig using this link: <https://multisig.keplr.app/account/register/create>

Consider using only individual Keplr wallets that are connected to Ledger hardware wallet to add an extra level of security to the Keplr Multisig.

## 3. Thornode Multisig Key

This guide walks you through the complete process of creating and using a multisig wallet on **THORChain**, including the installation of `thornode`, setting up the multisig key, generating and signing transactions, and finally broadcasting them.

This guide has been prepared with love by the [AutoRujira](https://autorujira.app/) team :heart:

### Special Instructions for macOS Users

If you're on macOS, you may encounter issues with default versions of tools like `awk`, `sed`, and `find`, which are not GNU-compliant. To fix this:

1. Install the GNU versions of the required utilities using Homebrew:

```bash
brew install coreutils binutils diffutils findutils gnu-tar gnu-sed gawk grep make
```

2. Add the GNU versions to your `PATH`. Add the following lines to your shell config (`~/.zshrc` or `~/.bash_profile`):

```bash
# GNU utils for macOS
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gawk/libexec/gnubin:$PATH"
```

Then run:

```bash
source ~/.zshrc  # or source ~/.bash_profile
```

3. Update Go to the required version (at least Go 1.23.4):

```bash
brew upgrade go
```

Verify with:

```bash
go version
```

Once all is set up, you're good to go with `make install`.

***

### Prerequisites

Each member of the multisig must:

* Have access to a local terminal.
* Install `thornode`.
* Share their public key with the group.
* Be able to sign and submit transactions individually.

***

### Step 1: Install `thornode`

Install the Thorchain CLI binary on your machine:

```bash
git clone https://gitlab.com/thorchain/thornode.git
cd thornode
TAG=mainnet make install
```

> This installs the `thornode` binary in your `$GOPATH/bin`. Make sure it's in your system path.

***

### Step 2: Generate and Share Public Keys

Each participant should create a new key (if they don't already have one):

```bash
thornode keys add <your-key-name>
```

Then export your **public key**:

```bash
thornode keys show <your-key-name> -p
```

Share this public key with all other members.

To import a public key shared by another participant, use:

```bash
thornode keys add <other-key-name> --pubkey <their-public-key>
```

Once you have everyone's pubkeys imported, you can create the multisig key.

***

### Step 3: Create the Multisig Key

Each participant must **locally** create the multisig key with the same set of public keys and threshold:

```bash
thornode keys add <multisig-key-name> --multisig=<comma-separated-pubkeys> --multisig-threshold=<N>
```

Example:

```bash
thornode keys add multisig-xx --multisig=pubkey1,pubkey2,pubkey3 --multisig-threshold=2
```

> ⚠️ This must be done **identically by all participants**.

***

### Step 4: Generate the Transaction (Only Once)

One participant prepares a transaction to send 1 RUNE and exports it to JSON (leave some RUNE for paying the fee):

```bash
thornode tx bank send <multisig-key-name> <destination-address> 1000000000rune --generate-only --chain-id thorchain-1 > tx.json
```

This transaction file is then shared with all multisig participants.

***

### Step 5: Each Participant Signs the Transaction

Each participant signs the transaction using their own key and the multisig key:

```bash
thornode tx sign tx.json \
  --from <your-key-name> \
  --multisig <multisig-key-name> \
  --node https://rpc.ninerealms.com:443 \
  --chain-id thorchain-1 \
  --output-document sig-<your-name>.json
```

Everyone sends their `sig-<your-name>.json` file to the coordinator.

***

### Step 6: Combine Signatures and Broadcast

One person aggregates the signatures and broadcasts the final signed transaction:

```bash
thornode tx multi-sign tx.json <multisig-key-name> sig-1.json sig-2.json ... --chain-id thorchain-1 --node https://rpc.ninerealms.com:443 > signed.json

thornode tx broadcast signed.json --chain-id thorchain-1 --node https://rpc.ninerealms.com:443
```

***

### Final Step: Test It

Once the multisig address is finalized and funded, you can test the setup by executing a multisig transaction that sends 1 RUNE to a known address as shown above.

***

### Summary

* Every member installs `thornode`, generates their key, and shares the pubkey.
* All members must create the same multisig locally.
* One person creates the transaction; everyone signs.
* The final signed transaction is broadcast by one member.
* The process ensures **security and collective review** before execution.