fix: do not fail governance actions initiated by non-governance authority

changelog.md

@@ -14,6 +14,8 @@ This changelog is based on [Keep A Changelog](https://keepachangelog.com/en/1.1.
 
 ## Fixed
 
+* `smart-contracts` governance actions were failing due too redundant signature when initiated by non-governance wallet
+
 ## Removed
 
 # v1.7.0

toolkit/smart-contracts/offchain/src/governance.rs

@@ -53,6 +53,18 @@ impl GovernancePolicyScript {
 			},
 		}
 	}
+
+	/// Checks if given key hash is among authorities
+	pub(crate) fn contains_authority(&self, key_hash: &Ed25519KeyHash) -> bool {
+		match self {
+			Self::MultiSig(PartnerChainsMultisigPolicy { script: _, key_hashes, threshold: _ }) => {
+				key_hashes.iter().any(|h| &Ed25519KeyHash::from(*h) == key_hash)
+			},
+			Self::AtLeastNNativeScript(SimpleAtLeastN { threshold: _, key_hashes }) => {
+				key_hashes.iter().any(|h| &Ed25519KeyHash::from(*h) == key_hash)
+			},
+		}
+	}
 }
 
 /// Plutus MultiSig smart contract implemented in partner-chains-smart-contracts repo

toolkit/smart-contracts/offchain/src/multisig.rs

@@ -203,7 +203,15 @@ where
 		)
 	} else {
 		MultiSigSmartContractResult::TransactionToSign(
-			create_transaction_to_sign(payment_ctx, make_tx, tx_name, client, await_tx).await?,
+			create_transaction_to_sign(
+				payment_ctx,
+				make_tx,
+				governance_data,
+				tx_name,
+				client,
+				await_tx,
+			)
+			.await?,
 		)
 	})
 }
@@ -239,6 +247,7 @@ where
 async fn create_transaction_to_sign<F, T, A>(
 	payment_ctx: TransactionContext,
 	make_tx: F,
+	governance_data: &GovernanceData,
 	tx_name: &str,
 	client: &T,
 	await_tx: &A,
@@ -268,7 +277,12 @@ where
 					e
 				)
 			})?;
-	let signed_tx_by_caller = original_ctx.sign(&tx);
+	let signed_tx_by_caller =
+		if governance_data.policy.contains_authority(&original_ctx.payment_key_hash()) {
+			original_ctx.sign(&tx)
+		} else {
+			tx
+		};
 	let signed_tx = temp_wallet_ctx.sign(&signed_tx_by_caller);
 	Ok(MultiSigTransactionData {
 		tx_name: tx_name.to_owned(),

toolkit/smart-contracts/offchain/tests/integration_tests.rs

@@ -402,6 +402,19 @@ async fn governed_map_update() {
 	assert!(result.is_err(), "Updating an existing key should fail with incorrect expected value");
 }
 
+#[tokio::test]
+async fn governance_action_can_be_initiated_by_non_governance() {
+	let image = GenericImage::new(TEST_IMAGE, TEST_IMAGE_TAG);
+	let client = Cli::default();
+	let container = client.run(image);
+	let client = initialize(&container).await;
+	let genesis_utxo = run_init_goveranance(&client).await;
+	let tx_to_sign = run_upsert_d_param(genesis_utxo, 1, 1, &eve_payment_key(), &client)
+		.await
+		.unwrap();
+	run_assemble_and_sign(tx_to_sign, &[GOVERNANCE_AUTHORITY_KEY], &client).await;
+}
+
 async fn initialize<'a>(container: &Container<'a, GenericImage>) -> OgmiosClients {
 	let ogmios_port = container.get_host_port_ipv4(1337);
 	println!("Ogmios port: {}", ogmios_port);