We have the following scenario. A payment is sent to a 3 of 5 multisig wallet, held in escrow, with a specific expiry date (expiry date corresponding to the payment is written in some stream on the blockchain). Each of the 5 signatories is an address on a separate node. When the expiry date passes, we would like to automatically release the payment back to the sender.
Our initial idea was to have some kind of background process running on each node that periodically checks if the expiry date for the payment has passed. If yes, the node will start a transaction to release the funds from the multisig wallet back to the sender, then send the partially signed transaction (possibly by writing the rawtx to a stream) to the other nodes to be signed. Once at least 3 nodes have signed, the transaction can be sent.
The problem with this approach is that the background process on each node will be subject to a race condition which makes it possible for all 5 nodes to initiate the partial transaction at the same time. Of course in the end, it would not be possible for all 5 partial transactions to be completed since only the first one will be able to spend the inputs. However, we would like to avoid generating too many extraneous data/records of those partial transactions thus we would prefer to avoid that race condition.
I thought it would be possible to lock the unspent outputs of the multisig wallet, but attempting to use preparelockunspentfrom with a multisig address returns Invalid address.
Another solution we considered was simply to have the signatories be ordered, and require that signatory#1 always be the one to initiate the transaction. However, the reason we have a 3-of-5 multisig in the first place is to have some level of redundancy - in case 1-2 nodes are down, the other 3 can still release the funds. Requiring a certain signatory to initiate the txn would defeat that purpose.
Would you have any advice for this scenario? Or possible alternate solution?