(Replying to PARENT post)
I see, that is disconcerting. Though it doesn't seem to be an issue with the multisig transaction api specifically. The single signatory api implies a certain amount trust that they'll produce the correct transaction as well.
I agree that that trust should be more explicitly explained.
๐คghkbrew๐11y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
Thanks for the feedback, we will add a section on how to verify it.
๐คmriou๐11y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
However, decoding and verifying a complex transaction takes about the same amount of work as generating it yourself to begin with...
Their documentation clearly expects you to blindly sign whatever tx they make up for you. There's not a word on verifying the transaction locally before signing it.
http://dev.blockcypher.com/#signing_sending