A secure multisig wallet where each signer authenticates using biometrics/passkeys (Face ID, Touch ID), built with Clarity 4 and Epoch 3.3.
- β Clarity 4 compatible (Epoch 3.3)
- β All tests passing (13 comprehensive test cases)
- β Event logging for monitoring and audit trails
- β Best practices .gitignore
- β Syntax validated with Clarinet 3.11.0
- β Ready for testnet deployment
- β Comprehensive documentation
| Feature | Usage | Line Reference |
|---|---|---|
secp256r1-verify |
Verify passkey signatures from each signer | 291, 357 |
stacks-block-time |
Time-bound transaction approvals and event timestamps | 210, 285 |
to-ascii? |
Human-readable transaction descriptions | 195-211 |
print |
Event logging for monitoring | 96-149 |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Passkey Multisig Wallet β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββ βββββββββββ βββββββββββ β
β β Signer1 β β Signer2 β β Signer3 β (Passkey Auth) β
β β π Face β β π Touchβ β π Face β β
β ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ β
β β β β β
β ββββββββββββββΌβββββββββββββ β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β secp256r1-verify (WebAuthn) β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Threshold Check (e.g., 2-of-3 required) β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Execute Transaction β β
β β (if threshold met & not expired) β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Clarinet 3.11.0+ (Clarity 4 support)
- Deno (for running tests)
- Node.js 16+ (optional, for development tools)
# Navigate to project directory
cd passkey-multisig
# Verify Clarity 4 syntax (Epoch 3.3)
clarinet check
# Run comprehensive test suite (13 test cases)
clarinet test
# Start interactive REPL console
clarinet console# Generate deployment plan for simnet
clarinet deployments generate --simnet
# Generate deployment plan for testnet
clarinet deployments generate --testnet
# Start local devnet for testing
clarinet integrate
# Apply deployment to testnet (after configuration)
clarinet deployments apply --testnet;; Create a 2-of-3 multisig
(contract-call? .passkey-multisig create-multisig
0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
"Family Wallet"
u2
(list 0x03pubkey1... 0x03pubkey2... 0x03pubkey3...))
;; Deposit funds
(contract-call? .passkey-multisig deposit
0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
u1000000000)
;; Get multisig info
(contract-call? .passkey-multisig get-multisig
0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef)| Function | Description |
|---|---|
create-multisig |
Create new multisig with signers |
deposit |
Add funds to multisig |
| Function | Description |
|---|---|
propose-tx |
Propose a new transaction |
approve-tx |
Sign/approve pending transaction |
execute-tx |
Execute once threshold met |
| Function | Description |
|---|---|
get-multisig |
Get multisig details |
get-signer |
Get signer info by index |
get-pending-tx |
Get transaction details |
has-signed |
Check if signer approved |
is-tx-valid |
Check if tx is still valid |
generate-tx-summary |
Human-readable summary |
- π Biometric Auth: Each signer uses Face ID/Touch ID via WebAuthn passkeys
- βοΈ Flexible Threshold: M-of-N configuration (e.g., 2-of-3, 3-of-5)
- β° Time-Bound Approvals: Transactions expire after 7 days (604,800 seconds)
- π Event Logging: Complete audit trail with
printstatements for all key operations - π Human-Readable Descriptions: Using
to-ascii?for transaction summaries - π‘οΈ Security-First Design: Multiple validation layers and anti-replay protection
- β
Passkey Verification: All signatures verified with
secp256r1-verify(WebAuthn compatible) - β
Time-Locked Approvals: Prevents execution of stale transactions using
stacks-block-time - β Anti-Replay Protection: Nonce tracking and unique transaction IDs
- β Threshold Enforcement: On-chain validation of M-of-N signatures
- β Input Validation: Comprehensive checks on all user inputs
- β Active Signer Management: Only active signers can participate
The contract emits detailed events for monitoring and analytics:
;; Events emitted:
- multisig-created: When a new multisig wallet is created
- deposit: When funds are deposited to the wallet
- tx-proposed: When a new transaction is proposed
- tx-approved: When a signer approves a transaction
- tx-executed: When a transaction is executedAll events include timestamps using stacks-block-time for accurate audit trails.
13 comprehensive test cases covering:
- β Multisig creation with various configurations
- β Signer validation and management
- β Deposit functionality
- β Transaction proposal and approval workflow
- β Invalid threshold handling
- β Edge cases and error conditions
- β Read-only function verification
-
Configure settings:
# Edit settings/Testnet.toml with your mnemonic # Ensure you have testnet STX for deployment
-
Generate deployment plan:
clarinet deployments generate --testnet
-
Deploy contract:
clarinet deployments apply --testnet
-
Verify deployment:
- Check contract on Stacks Explorer
- Test contract functions via API or console
- Configure mainnet settings
- Audit contract code
- Generate deployment plan
- Apply deployment with caution
This contract demonstrates best practices for Clarity 4 development:
- β Epoch 3.3: Configured in Clarinet.toml
- β secp256r1-verify: WebAuthn passkey signature verification
- β stacks-block-time: Time-based transaction expiration
- β to-ascii?: Human-readable transaction summaries
- β print: Comprehensive event logging for monitoring
- β No circular dependencies: Optimized function structure
- β Production-ready: Syntax validated and tests passing
MIT License