Multisig ISM
Verify messages through validator consensus
The MultisigISM is one of the most commonly used ISM types. These ISMs verify that m of n Validators have attested to the validity of a particular interchain message.
Multisig Module Types
There are two types of MultisigISM modules:
enum Types {
...
MERKLE_ROOT_MULTISIG,
MESSAGE_ID_MULTISIG,
...
}
MerkleRootMultisigIsmMetadata
Type: Types.MERKLE_ROOT_MULTISIG
Format of metadata:
| Component | Length (bytes) | Description |
|---|---|---|
| 1st component | 32 | Origin merkle tree address |
| 2nd component | 4 | Index of message ID in merkle tree |
| 3rd component | 32 | Signed checkpoint message ID |
| 4th component | 1024 | Merkle proof |
| 5th component | 4 | Signed checkpoint index (computed from proof and index) |
| 6th component (len == threshold * 65 bytes) | threshold * 65 | Validator signatures |
MessageIdMultisigIsmMetadata
Type: Types.MESSAGE_ID_MULTISIG
Format of metadata:
| Component | Length (bytes) | Description |
|---|---|---|
| 1st component | 32 | Origin merkle tree address |
| 2nd component | 32 | Signed checkpoint root |
| 3rd component | 4 | Signed checkpoint index |
| 4th component (len == threshold * 65 bytes) | threshold * 65 | Validator signatures |
Interface
MultisigISMs must implement the IMultisigIsm interface.
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.6.11;
import {IInterchainSecurityModule} from "../IInterchainSecurityModule.sol";
interface IMultisigIsm is IInterchainSecurityModule {
/**
* @notice Returns the set of validators responsible for verifying _message
* and the number of signatures required
* @dev Can change based on the content of _message
* @dev Signatures provided to `verify` must be consistent with validator ordering
* @param _message Hyperlane formatted interchain message
* @return validators The array of validator addresses
* @return threshold The number of validator signatures needed
*/
function validatorsAndThreshold(
bytes calldata _message
) external view returns (address[] memory validators, uint8 threshold);
}
Configure
The hyperlane-monorepo contains MultisigISM implementations (including a legacy version and more gas-efficient versions deployable via factories) that application developers can deploy off-the-shelf, specifying their desired configuration.
To configure a MultisigISM instance:
- Developers define the set of
nValidators on each origin chain. - A threshold is set, specifying the number (
m) of Validator signatures required to confirm a message.
Validator signatures are not specific to an ISM. In other words, developers can configure their MultisigISM to use any validator that's running on Hyperlane.
Customize
For more specific use cases, developers can fork the abstract MultisigISM implementation provided in the Hyperlane monorepo. The primary customization involves implementing the validatorsAndThreshold() function.
Custom implementations allow developers to adjust the security model to meet the needs of their application. For example, a custom implementation could vary the number of signatures required, based on the content of the message being verified.