Skip to content

feat(multisig): import a shared account by scanning its QR code#501

Merged
yasincaliskan merged 4 commits into
mainfrom
yasince/shared-account-import
May 18, 2026
Merged

feat(multisig): import a shared account by scanning its QR code#501
yasincaliskan merged 4 commits into
mainfrom
yasince/shared-account-import

Conversation

@yasin-ce
Copy link
Copy Markdown
Collaborator

@yasin-ce yasin-ce commented May 15, 2026

Description

Adds an Import Shared Account flow. Scanning a multisig QR resolves the multisig metadata from the backend, shows version / threshold / participant addresses on a preview screen, and routes into the existing NameMultisigScreen with importParams so the account can be persisted without re-deriving its address. Wires the new screen into the multisig routes and the deeplink parser, and adds i18n copy.

Related Issues

Checklist

  • Have you tested your changes locally?
  • Have you reviewed the code for any potential issues?
  • Have you documented any necessary changes in the project's documentation?
  • Have you added any necessary tests for your changes?
  • Have you updated any relevant dependencies?

Additional Notes

Crypto-feature checklist (per team convention):

  • Typed errors — UI hooks surface errors via the existing toast pattern; no new error classes needed for this flow (no key material touched).
  • Preserves every source field — import payload carries version, threshold, addresses, and address; all four are threaded through NameMultisigScreen and persisted.
  • Swallowed errors — none added.
  • Verifies, doesn't trust — see the open item below; the imported address is currently trusted verbatim rather than derived from (version, threshold, addresses) and asserted equal.
  • Scope — surface is just the new screen + routes + parser branch; no speculative exports.

Open follow-ups before merge (raised in code review):

  • useNameMultisigScreen.ts (~line 105) takes importParams.address verbatim. Recommend deriving via generateMultisigAddress(version, threshold, addresses) and asserting equality before calling createMultisigMutation so a backend / payload inconsistency can't persist an account whose address disagrees with its own participant list.

@yasin-ce
feat(multisig): import a shared account by scanning its QR code
253f659 
Wire the shared-account-import deeplink to a new ImportSharedAccount
screen that fetches the account's participants and threshold from the
backend, previews them, and hands off to the naming step. NameMultisig
is generalized to name either a created or an imported shared account,
and no longer blocks on duplicate names — account uniqueness is keyed
on address, not name.
@yasincaliskan
Copy link
Copy Markdown
Collaborator

yasincaliskan commented May 18, 2026

  • Address verification: On import, we re-derive the multisig address from (version, threshold, participants) and refuse to persist if it doesn't match the address the QR code claimed. A mismatch means the scanned payload is corrupt or tampered with, so we surface a "Couldn't verify shared account" error instead of saving a bad account.
  • Ignore / Add to Accounts actions: Resolving an invitation (either way) clears the matching invitation from the inbox, mirroring Android behavior. The delete is fire-and-forget; a 404 (QR scan with no inbox record) is expected and ignored.
  • Dismiss: The toolbar back arrow exits the flow back to the wallet home without touching the inbox (back ≠ Ignore).
  • Also adds an integration test for the flow and a wallet-core-multisig test-handlers alias.

@yasincaliskan yasincaliskan marked this pull request as ready for review May 18, 2026 11:19
@yasincaliskan yasincaliskan requested a review from a team as a code owner May 18, 2026 11:19
@yasincaliskan yasincaliskan merged commit 98ef9b0 into main May 18, 2026
8 checks passed
@yasincaliskan yasincaliskan deleted the yasince/shared-account-import branch May 18, 2026 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wjbeau wjbeau wjbeau approved these changes

Assignees

@yasincaliskan yasincaliskan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yasin-ce @yasincaliskan @wjbeau