From cfbda7bbc7fe8787bccc299e1e107c0a21bae605 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Wed, 31 Dec 2025 01:21:12 -0800
Subject: [PATCH] fix(co-sign): validate exactly t parties for t-of-n signing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For threshold signing, exactly t parties are required:
- 3-of-5 → 3 parties
- 2-of-3 → 2 parties
- 4-of-7 → 4 parties

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../account/adapters/input/http/co_managed_handler.go       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go b/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
index 630c18de..a70dceb6 100644
--- a/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
+++ b/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
@@ -499,10 +499,10 @@ func (h *CoManagedHTTPHandler) CreateSignSession(c *gin.Context) {
 		return
 	}
 
-	// Validate party count >= threshold + 1
-	if len(req.Parties) < req.ThresholdT+1 {
+	// Validate party count == threshold_t (for t-of-n signing, exactly t parties are needed)
+	if len(req.Parties) != req.ThresholdT {
 		c.JSON(http.StatusBadRequest, gin.H{
-			"error": fmt.Sprintf("need at least %d parties for threshold %d", req.ThresholdT+1, req.ThresholdT),
+			"error": fmt.Sprintf("need exactly %d parties for threshold %d, got %d", req.ThresholdT, req.ThresholdT, len(req.Parties)),
 		})
 		return
 	}