I tried to use pre-authorizeded transactions on Stellar as a replacement for a co-signer signature, but it seems like they don't play terribly well with multi-signature setups.
Given:
- Account A
- Account M, 2-out-of-2 multi-signature, signers are M and A
Flow:
- Create a transaction T with source account M, containing operations with source M only. So it needs to be signed by M and A.
- Instead of co-signing the transaction T, A adds T's hash as pre-authorized transaction signer to the account A
- M signs the transaction and submits it to the network
T is lacking A's signature, but A already authorized the transaction in advance.
Right now the transaction fails with error code tx_bad_auth when submitted to the network.
Since M signed the transaction and A authorized it, too, even though not signing the transaction in place, the transaction should be considered valid and the pre-authorized transaction hash should be removed from A's signers.
Consider the account A to be an m-out-of-n multi-signature account itself, potentially with signers leaving and joining over time. So account A acts as the entity that executes actions on the Stellar network on behalf of its counsel of signers.
In a setup where A acts as a co-signer of other accounts, like M, the account M should not need to care about who is currently signer of A. If m out of A's n signers agree to co-sign M's transaction, there should be a way for A to co-sign M's transaction.
Right now this does not seem to be possible, unless M adds all of A's current signers as co-signers of M. That is impractical at best or does not work for the use case at all if A's signers are likely to change.
Being able to use pre-authorized transactions to authorize co-signing would solve that issue quite elegantly using existing network features.