wallet notification not working for multisig address

[jyorgemakeline]

Hello Friend. I am new in bitcoin. I started research about bitcoin(Couple of days ago) for my project.I setup bitcoin node on my linux server and it is fully synchronized. here is my bitcoin.conf


    prune=600
    maxconnections=10
    maxuploadtarget=20
    rpcuser=XXXXX
    rpcpassword=XXXXX
    keypool=100
    server=1
    rescan=1
    alertnotify=php \var\www\html\alert.php %s
    blocknotify=php \var\www\html\block.php %s
    walletnotify=php \var\www\html\wallet.php %s


Case 1: I created address using `getnewaddress` [account_name] then I sent some BTC from other wallet and I can get wallet notification.

Case 2: I created address using `addmultisigaddress` command then I sent some BTC from other wallet and I can get wallet notification.

Case 3 : I have created multisig address using `createmultisig` command. And I sent some BTC from other wallet (Check transaction status https://blockchain.info/tx/199a83f627477e147d38a6f28be323cb3d93d255b4f7ce46abb88c51f52d81b5 ). That transaction have enough confirmation But I can not get wallet notification.

Why i can not getting wallet notification of multisig address (Case 3)?

addmultisigaddress command will save redeemScript and attache it to that address. this is work for me and I can get notification.

So here i also want to know how secure is my multisig address if i create it using `addmultisigaddress` command? Suppose my server hacked, Attacker easily get redeemscript(using validateaddress command) and also can get sign address associate with it and privet key of that addresses. My BTC can be easly Theft.

Please suggest me the best way to create multisig address or answer me why I am not getting wallet notification of multisig address and what is alternative solution?

Info: I want to develop BTC wallet website where my user can create BTC address and can send and receive BTC. I want to create multisig address for every user. What is best way to create multisig address for them? any security advice welcome.

I searched lots of about this multsig address but I can't get any idea how to implement it (Multisig address using `createmultisig` command) in my project and wonder how other how other website support multisig address and handle it? Are they using `addmultisigaddress` command ? If yes then how secure is that account ?

if I can't get wallet notification then how can I credit or debit BTC from my user account (In my project).

Thank you in advance.

[1714909701]

1714909701

[1714909701]

1714909701

[1714909701]

1714909701

[1714909701]

1714909701

[achow101]

Case 3 : I have created multisig address using `createmultisig` command. And I sent some BTC from other wallet (Check transaction status https://blockchain.info/tx/199a83f627477e147d38a6f28be323cb3d93d255b4f7ce46abb88c51f52d81b5 ). That transaction have enough confirmation But I can not get wallet notification.

Why i can not getting wallet notification of multisig address (Case 3)?

createmultisig does not add the address to your wallet, so it will not track that address. addmultisig adds the address to the wallet so it does track the address. Thus you will get notifications for addresses added using addmultisig but not createmultisig.

addmultisigaddress command will save redeemScript and attache it to that address. this is work for me and I can get notification.

So here i also want to know how secure is my multisig address if i create it using `addmultisigaddress` command? Suppose my server hacked, Attacker easily get redeemscript(using validateaddress command) and also can get sign address associate with it and privet key of that addresses. My BTC can be easly Theft.

A multisig address would ideally require multiple signatures from keys that are not stored in your wallet. That is the whole point of multisig. So, you would ideally have one key on the server wallet, one key locally on your desktop, and one key on a piece of paper locked up somewhere. Thus, if your server is hacked, no one can steal the Bitcoin from the multisig address. However, in order to spend, you must manually process the transaction.

[jyorgemakeline]

A multisig address would ideally require multiple signatures from keys that are not stored in your wallet. That is the whole point of multisig. So, you would ideally have one key on the server wallet, one key locally on your desktop, and one key on a piece of paper locked up somewhere. Thus, if your server is hacked, no one can steal the Bitcoin from the multisig address. However, in order to spend, you must manually process the transaction.

Yes you are right knightdk . Then How can I implement multisig address for my every users? (As I mentioned in question "I want to develop BTC wallet website where my user can create BTC address and can send and receive BTC.....") Many website provide multisig address to their user and how they manage that manual process ?

More important if they create multisig address using `addmultisigaddress` command then that address is attached one particular account which is saved in wallet.dat file. and it is possible to send BTC from that account by `sendfrom` command. there is no need to sign transaction using that keys. So where is multi signature security / functionality? Here I can send BTC from any account, doesn't matter that address is multisig or normal addresss.


I think I have to create multisig address using `addmultisigaddress` command. Please correct me if i am wrong because i don't find any security of multisig address if it is multisig address created by `addmultisigaddress` command.

[cr1776]

..."address using `addmultisigaddress` command then that address is attached one particular account which is saved in wallet.dat file"...

Just a quick note since not at a real keyboard, but I'm not clear if you are talking about Bitcoin core accounts or not, but Bitcoin core accounts may not work how you think, and they are deprecated and will be removed relatively soon.

[achow101]

A multisig address would ideally require multiple signatures from keys that are not stored in your wallet. That is the whole point of multisig. So, you would ideally have one key on the server wallet, one key locally on your desktop, and one key on a piece of paper locked up somewhere. Thus, if your server is hacked, no one can steal the Bitcoin from the multisig address. However, in order to spend, you must manually process the transaction.

Yes you are right knightdk . Then How can I implement multisig address for my every users? (As I mentioned in question "I want to develop BTC wallet website where my user can create BTC address and can send and receive BTC.....") Many website provide multisig address to their user and how they manage that manual process ?

They don't. AFAIK, typically it's one private key that is the user's that is encrypted. Then another private key is the service's private key. The last key is given to the user at account creation and that key is to be kept offline. When sending, it's done automatically. The user's browser decrypts the encrypted keys and signs. Then it passes the half-signed transaction to the server which signs it as well. Then it is broadcast to the network.

Usually they use BIP32 to generate the keys so that only three root keys are needed. Bitcoin Core doesn't do this yet, but Electrum does.

More important if they create multisig address using `addmultisigaddress` command then that address is attached one particular account which is saved in wallet.dat file. and it is possible to send BTC from that account by `sendfrom` command. there is no need to sign transaction using that keys. So where is multi signature security / functionality? Here I can send BTC from any account, doesn't matter that address is multisig or normal addresss.


I think I have to create multisig address using `addmultisigaddress` command. Please correct me if i am wrong because i don't find any security of multisig address if it is multisig address created by `addmultisigaddress` command.

Unless all three private keys necessary to spend from the multisig address are in the wallet, then it should not be possible to send from that address. If Bitcoin Core is somehow doing that, then the transaction will be invalid.

[jyorgemakeline]

..."address using `addmultisigaddress` command then that address is attached one particular account which is saved in wallet.dat file"...

Just a quick note since not at a real keyboard, but I'm not clear if you are talking about Bitcoin core accounts or not, but Bitcoin core accounts may not work how you think, and they are deprecated and will be removed relatively soon.

Hello cr1776,
Yes I am using bitcoin core account. and as you said "they are deprecated and will be removed relatively soon". Ok fine
I will manage my account in my database (i.e Mysql or other popular DB). My actual problem is how can i get notification of incoming transaction if I create multisig address for my website user?

[jyorgemakeline]

A multisig address would ideally require multiple signatures from keys that are not stored in your wallet. That is the whole point of multisig. So, you would ideally have one key on the server wallet, one key locally on your desktop, and one key on a piece of paper locked up somewhere. Thus, if your server is hacked, no one can steal the Bitcoin from the multisig address. However, in order to spend, you must manually process the transaction.

Yes you are right knightdk . Then How can I implement multisig address for my every users? (As I mentioned in question "I want to develop BTC wallet website where my user can create BTC address and can send and receive BTC.....") Many website provide multisig address to their user and how they manage that manual process ?

They don't. AFAIK, typically it's one private key that is the user's that is encrypted. Then another private key is the service's private key. The last key is given to the user at account creation and that key is to be kept offline. When sending, it's done automatically. The user's browser decrypts the encrypted keys and signs. Then it passes the half-signed transaction to the server which signs it as well. Then it is broadcast to the network.

Usually they use BIP32 to generate the keys so that only three root keys are needed. Bitcoin Core doesn't do this yet, but Electrum does.

More important if they create multisig address using `addmultisigaddress` command then that address is attached one particular account which is saved in wallet.dat file. and it is possible to send BTC from that account by `sendfrom` command. there is no need to sign transaction using that keys. So where is multi signature security / functionality? Here I can send BTC from any account, doesn't matter that address is multisig or normal addresss.


I think I have to create multisig address using `addmultisigaddress` command. Please correct me if i am wrong because i don't find any security of multisig address if it is multisig address created by `addmultisigaddress` command.

Unless all three private keys necessary to spend from the multisig address are in the wallet, then it should not be possible to send from that address. If Bitcoin Core is somehow doing that, then the transaction will be invalid.

Hello knightdk,
Thank you for explanation. If I implement that you just expain, Am i able to get wallet notification ?
Still I didn't get solution of my actual problem.

My Goal
I want to create 2 of 3 multisig address for every user in my website and want incomming wallet notification

Solution 1
I can create 2 of 3 multisig address for every user in my website using "createmultisig" command.
Problem : I can not get wallet notification

Solution 2
I can create 2 of 3 multisig address for every user in my website using "addmultisigaddress" command. And I can get wallet notification
Problem : I can spend BTC from account without signing transation using "sendfrom" command. So here what is meaning of multisig ?

You can suggest me alternative way (as i told you I am new in bitcoin)

[achow101]

Solution 2
I can create 2 of 3 multisig address for every user in my website using "addmultisigaddress" command. And I can get wallet notification
Problem : I can spend BTC from account without signing transation using "sendfrom" command. So here what is meaning of multisig ?

Again, you are doing it wrong, as I have been telling you. If all of the keys of the multisig address are in the same wallet, then that will work. Otherwise it will not. This is detracts from the point of multisig.

You can suggest me alternative way (as i told you I am new in bitcoin)

Use electrum and because using a deterministic wallet for this is better. You should not reuse addresses and a deterministic wallet makes it easier to organize and recover backups.