What’s changing
A valid Flow transaction must be signed by all accounts serving the roles of payer, proposer, and authorizers. The Flow Virtual Machine (FVM) verifies transaction signatures to ensure that every required role has authorized the transaction and fails execution if any required authorization is missing.
As part of an upcoming height coordinated upgrade (HCU), the FVM will also enforce that only accounts explicitly assigned a role in the transaction may provide signatures. Any transaction that includes signatures from accounts that are not a payer, proposer, or authorizer will be considered invalid.
This additional check allows the network to enforce stricter limits on transaction size and FVM computation cost, while aligning execution with the intended transaction authorization model.
The Access API will enforce the same restriction after the upgrade and will reject transactions that contain signatures from accounts with no assigned role. Such transactions will not be processed by the network.
This update enforces the originally intended and documented transaction authorization rules. It is a correctness and validation tightening rather than a change to transaction semantics or protocol design, and therefore does not require a FLIP.
Impact
Only transactions that include extra signatures from accounts that do not serve as payer, proposer, or authorizer will be affected by this change.
Transactions constructed according to the documented transaction model, with signatures provided exclusively by the required roles, will continue to work as expected and require no changes.