Celo - Release Gold: Voting & Revoking Signer Keys

Follow

Celo Gold: Voting & Revoking Signer Keys

 

Requirements

NVM (https://github.com/nvm-sh/nvm)

  • Optional tool used to control what version of Node.js is running on local machine

Node v10

NPM

  • Automatically installed once Node.js is installed on the local machine 

Celocli

Important Information

Celo Foundation recommends that two Ledgers are used in order to interact with the network. The following steps assume that two Ledgers are being used, and we will reference them as the following:

  • Ledger 1: Holds your Beneficiary account that owns the tokens.
  • Ledger 2: Holds your Signer accounts in order to vote for the Beneficiary account.

Configure Celocli

In order to use Celocli you will need to connect to a fully synced Celo node.

Step1: Connect to Celo node

Command:

$ celocli config:set --node=<node_url>

 

Example:

$ celocli config:set --node=https://bs3nnr8uhsj8376f3kd0.stg.bdnodes.net?auth=6CZ6KsFMon8lqs_Ln8J0Z9D2Zc2vYUFMaIicnvHnfuM

 

Step 2: Verify connected to Celo node

Command:

$ celocli config:get

 

Output:

nodeUrl: https://<node_url>

 

Example command and output:

$ celocli config:get<
nodeUrl:
https://bs3nnr8uhsj8376f3kd0.stg.bdnodes.net?auth=6CZ6KsFMon8lqs_Ln8J0Z9D2Zc2vYUFMaIicnvHnfuM

 

Account Setup for Voting

Step 1: View Beneficiary account
  • Provide your Beneficiary account to cLabs to associate it to your Release Gold contract.  This needs to be established before moving forward on these steps.
  • Use Ledger 1
  • The output of Ledger Addresses is your Beneficiary account.
  • Celo Documentation: Prerequisites
Command:
$ celocli account:list --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
All Addresses:  [ '0x631*************************441a',
  '0x874*************************747' ]
Keystore Addresses:  [ '0x631*************************41a' ]
Ledger Addresses:  [ '0x874*************************747' ]

 

Step 2: Register Contract Account
  • This requires the Beneficiary account to have funds
  • Use Ledger 1
  • Celo Documentation: Register Contract
Command:
$ celocli releasegold:create-account --contract <contract_account> --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
Running Checks:
  ✔  0x874*************************747 is not a registered Account
SendTransaction: register
txHash: 0x17f*************************190
Sending Transaction: register... done
SendTransaction: setName
txHash: 0x494*************************9f5
Sending Transaction: setName... done

 

Step 3: Create Signer account
  • Create first signer account on a ledger
  • Use Ledger 2
  • The output of Ledger Addresses will be the first signer account.
  • Celo Documentation: Account List
Command:
$ celocli account:list --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
All Addresses:  [ '0x63*************************1a',
  '0x314*************************A4D' ]
Keystore Addresses:  [ '0x63*************************1a' ]
Ledger Addresses:  [ '0x314*************************A4D' ]

 

Step 4: Set Proof of Possession for voter signer
  • Required to authorize signer account
  • Use Ledger 2
  • The output will be the signature used to authorize the first signer account.
  • Celo Documentation: Proof-of-Possession
    (note this is only for a voter signer and not for a validator signer, the latter needs a 2nd command with ‘-bls’ flag.)
Command:
$ celocli account:proof-of-possession --account  --signer  --useLedger --ledgerCustomAddresses [1]

Output:

Retrieving derivation Paths [ 0 ]
signature: 0x1c7**************************************************42f

 

Step 5: Authorize the Signer account
  • Allows the signer account to vote on behalf of the Contract account.
  • Use Ledger 1
  • Celo Documentation: Authorize Signer Account
Command:
$ celocli releasegold:authorize --contract --contract_account --signer --signer1_account --role vote --signature --signer1_signature --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
Running Checks:
  ✔  0x874*************************747 is a registered Account
SendTransaction: authorizeTx
txHash: 0x34c*************************719
Sending Transaction: authorizeTx... done

 

Step 6: Verify signer in block explorer
  • Use an explorer like https://explorer.celo.org/ to look up the contract account and view the signer.
  • Note that all previous authorized signers will also show in the explorer, but there can only be one active signer at a time.

Vote using signer account

Step 1: Lock Gold for governance
  • In order to participate in governance the Beneficiary account is required to lock Celo Gold for the Release Gold contract account. This locked gold can be used by a signer account to vote in the network.
  • Use Ledger 1
  • The command below will lock a total of 25 cGLD
  • Celo Documentation: Lock Gold
Command:
$ celocli releasegold:locked-gold --action lock --contract <contract_account> --value 25e18 --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0]
Running Checks:
  ✔  Value [25000000000000000000] is > 0
  ✔  0x874*************************747 is a registered Account
Running Checks:
  ✔  Account has at least 25 cGLD
SendTransaction: lock
txHash: 0xc4f*************************eb1
Sending Transaction: lock... done

 

Step 2: Vote using signer account
  • Once Celo Gold has been locked the signer account can participate in governance. The signer account that is authorized will need to have funds in order to participate in governance. This is separate from the locked Celo Gold.
  • Use Ledger 2
  • Below is an example of voting for a Validator Group with 1 cGLD
  • Celo Documentation: Vote
Command:
$ celocli election:vote --from signer1_account --for group_address --value 1e18 --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
Running Checks:
  ✔  0x314*************************A4D is Signer or registered Account
  ✔  0x198*************************a4d is ValidatorGroup
  ✔  Account has at least 1 non-voting Locked Gold
SendTransaction: vote
txHash: 0xc7f*************************064
Sending Transaction: vote... done

 

Step 3: Verify Vote
Command:
$ celocli election:show <contract_account> --voter
Output:

Running Checks:
  ✔  0x874*************************747 is a registered Account
address: 0x874*************************747
votes:
  0:
    group: 0x198**************************A4D
    pending: 1000000000000000000
    active: 0

 

Revoke Signer Key

Step 1: Create new Signer account
  • We will create a new signer account to rotate keys for our Release Gold contract
  • Use Ledger 2
  • The output of Ledger Addresses is your new signer account
  • Each time you create a new signer account you will increase the value used in --ledgerCustomAddresses to get a new account
  • Celo Documentation: Account List
Command:
$ celocli account:list --useLedger --ledgerCustomAddresses [1]
Output:

Retrieving derivation Paths [ 1 ]s
All Addresses:  [ '0x63*************************1a',
  '0x05D*************************3cA' ]
Keystore Addresses:  [ '0x63*************************1a' ]
Ledger Addresses:  [ '0x05D*************************3cA' ]

 

Step 2: Set Proof of Possession on new signer account
  • Creates new signature to authorize the new Signer account
  • Ledger 2
  • The output will be the signature used to authorize the new signer account.
  • Celo Documentation: Proof-of-Possession
Command:
$ celocli account:proof-of-possession --account <contract_account> --signer <signer1_account> --useLedger --ledgerCustomAddresses [1]
 

Retrieving derivation Paths [ 1 ]
signature: 0x1bc**************************************************4f4

Output:

 

Step 3: Authorize new Signer Account
  • The Beneficiary account is needed to authorize a new signer account for the Release Gold contract and revoke any previous signer account.
  • Use Ledger 1
  • Celo Documentation: Authorize New Signer
Command:
$ celocli releasegold:authorize --contract <contract_account> --signer <signer2_account> --role vote --signature <signer2_signature> --useLedger --ledgerCustomAddresses [0] 
 

Retrieving derivation Paths [ 0 ]
Running Checks:
  ✔  0x874*************************747 is a registered Account
SendTransaction: authorizeTx
txHash: 0x948*************************e34
Sending Transaction: authorizeTx... done

Output:

 

Step 4: Verify new signer on block explorer
  • The new signer account should show up in a block explorer like https://explorer.celo.org/ when you look for the contract account.
  • Note that all previous authorized signers will also show in the explorer, but there can only be one active signer at a time.
Step 5: Verify old signer is not working (Optional)
  • By authorizing the new signer account the previous active signer is revoked. This can be verified by trying to vote using the old signer account.
  • User Ledger 2
  • Below is an example of voting for a Validator Group with 1 cGLD while using a revoked signer. Note that the contract account needs to have available locked Celo Gold in order to try to vote.
  • Celo Documentation: Vote
Command:
$ celocli election:vote --from signer1_account -- group_adderss --value 1e18 --useLedger --ledgerCustomAddresses [0]
Output:

Retrieving derivation Paths [ 0 ]
Running Checks:
  ✔  0x314*************************A4D is Signer or registered Account
  ✔  0xfcb*************************fa0 is ValidatorGroup
  ✔  Account has at least 1 non-voting Locked Gold
Sending Transaction: vote... !
    Error: Gas estimation failed: not active authorized vote signer

 

Step 6: Vote using new signer account
  • The signer account that is authorized will need to have funds in order to participate in governance. This is separate from the locked Celo Gold in the contract account. The contract account also needs to have available locked Celo Gold that can be used to vote.
  • Use Ledger 2
  • Below is an example of voting for a Validator Group with 1 cGLD
  • Celo Documentation: Vote
Command:
$ celocli election:vote --from signer2_account -- --value 1e18 --useLedger --ledgerCustomAddresses [1]
Output:

Retrieving derivation Paths [ 1 ]
Running Checks:
  ✔  0x05D*************************3cA is Signer or registered Account
  ✔  0xfcb*************************fa0 is ValidatorGroup
  ✔  Account has at least 1 non-voting Locked Gold
SendTransaction: vote
txHash: 0x188*************************640
Sending Transaction: vote... done

 

Resources

Celo Exchange

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.