Setting Up a THORChain Multisig

This guide walks you through the complete process of creating and using a multisig wallet on THORChain, including the installation of thornode, setting up the multisig key, generating and signing transactions, and finally broadcasting them.

This guide has been prepared with love by the AutoRujira team โค๏ธ

๐Ÿ Special Instructions for macOS Users

If you're on macOS, you may encounter issues with default versions of tools like awk, sed, and find, which are not GNU-compliant. To fix this:

  1. Install the GNU versions of the required utilities using Homebrew:

brew install coreutils binutils diffutils findutils gnu-tar gnu-sed gawk grep make

  1. Add the GNU versions to your PATH. Add the following lines to your shell config (~/.zshrc or ~/.bash_profile):

# GNU utils for macOS
export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
export PATH="/usr/local/opt/gawk/libexec/gnubin:$PATH"

Then run:

source ~/.zshrc  # or source ~/.bash_profile

  1. Update Go to the required version (at least Go 1.23.4):

brew upgrade go

Verify with:

go version

Once all is set up, you're good to go with make install.

๐Ÿ”ง Prerequisites

Each member of the multisig must:

  • Have access to a local terminal.

  • Install thornode.

  • Share their public key with the group.

  • Be able to sign and submit transactions individually.

๐Ÿ“ฆ Step 1: Install thornode

Install the Thorchain CLI binary on your machine:

git clone https://gitlab.com/thorchain/thornode.git
cd thornode
TAG=mainnet make install

This installs the thornode binary in your $GOPATH/bin. Make sure it's in your system path.

๐Ÿงฉ Step 2: Generate and Share Public Keys

Each participant should create a new key (if they don't already have one):

thornode keys add <your-key-name>

Then export your public key:

thornode keys show <your-key-name> -p

Share this public key with all other members.

To import a public key shared by another participant, use:

thornode keys add <other-key-name> --pubkey <their-public-key>

Once you have everyone's pubkeys imported, you can create the multisig key.

๐Ÿ” Step 3: Create the Multisig Key

Each participant must locally create the multisig key with the same set of public keys and threshold:

thornode keys add <multisig-key-name> --multisig=<comma-separated-pubkeys> --multisig-threshold=<N>

Example:

thornode keys add multisig-xx --multisig=pubkey1,pubkey2,pubkey3 --multisig-threshold=2

โš ๏ธ This must be done identically by all participants.

๐Ÿ“ Step 4: Generate the Transaction (Only Once)

One participant prepares a transaction to send 1 RUNE and exports it to JSON (leave some RUNE for paying the fee):

thornode tx bank send <multisig-key-name> <destination-address> 1000000000rune --generate-only --chain-id thorchain-1 > tx.json

This transaction file is then shared with all multisig participants.

โœ๏ธ Step 5: Each Participant Signs the Transaction

Each participant signs the transaction using their own key and the multisig key:

thornode tx sign tx.json \
  --from <your-key-name> \
  --multisig <multisig-key-name> \
  --node https://rpc.ninerealms.com:443 \
  --chain-id thorchain-1 \
  --output-document sig-<your-name>.json

Everyone sends their sig-<your-name>.json file to the coordinator.

๐Ÿงท Step 6: Combine Signatures and Broadcast

One person aggregates the signatures and broadcasts the final signed transaction:

thornode tx multi-sign tx.json <multisig-key-name> sig-1.json sig-2.json ... --chain-id thorchain-1 --node https://rpc.ninerealms.com:443 > signed.json

thornode tx broadcast signed.json --chain-id thorchain-1 --node https://rpc.ninerealms.com:443

โœ… Final Step: Test It

Once the multisig address is finalized and funded, you can test the setup by executing a multisig transaction that sends 1 RUNE to a known address as shown above.

๐Ÿค Summary

  • Every member installs thornode, generates their key, and shares the pubkey.

  • All members must create the same multisig locally.

  • One person creates the transaction; everyone signs.

  • The final signed transaction is broadcast by one member.

  • The process ensures security and collective review before execution.

PreviousReview and Audit GuideNextMainnet Deployment Guide

Last updated