Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add check for account age to apply restrictions #2801

Merged
merged 15 commits into from May 3, 2019

Conversation

Projects
None yet
3 participants
@ManfredKarrer
Copy link
Member

commented May 2, 2019

This PR provides some security improvements to enable us to unblock the banned SEPA counties and Interac due to the chargeback scams.

We limit accounts created after 15.3. to 0.01 BTC trades in case they are the fiat buyer of payment methods considered risky regarding chargebacks (basically all bank transfer methods).

This is a intermediary solution as the planned proposals will require more time to get implemented and deployed.

To ensure that users with old version cannot be caught by the scammer once we unblock the banned counties and Interac we will send out a message which enforces all users to update, otherwise their trades will fail. We will do that shortly after the release (about 2 days).

@ManfredKarrer ManfredKarrer requested a review from ripcurlx as a code owner May 2, 2019

@@ -344,6 +344,16 @@ offerbook.warning.noTradingAccountForCurrency.headline=No trading account for se
offerbook.warning.noTradingAccountForCurrency.msg=You don't have a trading account for the selected currency.\nDo you want to create an offer with one of your existing trading accounts?
offerbook.warning.noMatchingAccount.headline=No matching trading account.
offerbook.warning.noMatchingAccount.msg=You don't have a trading account with the payment method required for that offer.\nYou need to setup a trading account with that payment method if you want to take this offer.\nDo you want to do this now?
offerbook.warning.makerHasNoMatureAccountForBuyOffer=You cannot create an offer because you do not have a payment account which was created before March 15th 2019. \

This comment has been minimized.

Copy link
@m52go

m52go May 2, 2019

Member

Not show-stopping but I made some minor changes:

offerbook.warning.noMatchingAccount.msg=To take this offer, you will need to set up a payment account using this payment method.\n\nWould you like to do this now?
offerbook.warning.makerHasNoMatureAccountForBuyOffer=You cannot create this offer because you do not have a payment account which was created before March 15th 2019. \
 The selected payment method is considered risky for bank chargebacks. We needed to deploy this restriction as a short-term measure for enhanced security.\n\n\
 The next software release will provide more robust chargeback protection tools, and this restriction for new accounts will be removed.
offerbook.warning.riskyBuyOfferWithImmatureAccountAge=This offer cannot be taken because the maker's payment account \
 was created after March 15th 2019, and the payment method is considered risky for bank chargebacks. We needed to deploy this restriction as a \
 short-term measure for enhanced security.\n\n\
 The next software release will provide more robust protection tools so that offers with this risk profile can be traded again.
offerbook.warning.sellOfferAndAnyTakerPaymentAccountForOfferMature=This offer cannot be taken because your payment account \
 was created after March 15th 2019 and the payment method is considered risky for bank chargebacks. We needed to deploy this restriction as a \
 short-term measure for enhanced security.\n\n\
 The next software release will provide more robust protection tools so that offers with this risk profile can be traded again.

ManfredKarrer added some commits May 2, 2019

Revert changes with filtering not mature accounts
- We will allow small amounts so we keep all accounts and add the check
later when the user click next

@ManfredKarrer ManfredKarrer changed the title Add check for account age to apply restrictions [WIP] Add check for account age to apply restrictions May 2, 2019

@ManfredKarrer ManfredKarrer requested a review from sqrrm May 2, 2019

ManfredKarrer added some commits May 2, 2019

@ManfredKarrer ManfredKarrer changed the title [WIP] Add check for account age to apply restrictions Add check for account age to apply restrictions May 3, 2019

@ManfredKarrer ManfredKarrer requested a review from devinbileck May 3, 2019

ManfredKarrer and others added some commits May 3, 2019

@@ -63,6 +63,7 @@
public class AccountAgeWitnessService {
private static final Date RELEASE = Utilities.getUTCDate(2017, GregorianCalendar.NOVEMBER, 11);
public static final Date FULL_ACTIVATION = Utilities.getUTCDate(2018, GregorianCalendar.FEBRUARY, 15);
public static final long SAFE_ACCOUNT_AGE_DATE = Utilities.getUTCDate(2019, GregorianCalendar.MARCH, 15).getTime();

This comment has been minimized.

Copy link
@ripcurlx

ripcurlx May 3, 2019

Member

I think we should re-use the static from AccountAgeRestrictions

@ripcurlx
Copy link
Member

left a comment

ACK - besides a small UI issue with popups everything worked as expected. @devinbileck and I experienced a problem on Regtest that an old account wasn't able to take a sell offer by a new account that exceeded the demo amount of 0.01 BTC. The reason for this error was that the account age witness data wasn't propagated in the local network at the point the offer was taken. Shouldn't be a problem on Mainnet.

@ripcurlx ripcurlx merged commit 7523fc5 into bisq-network:master May 3, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@m52go m52go referenced this pull request May 9, 2019

Open

For Cycle 1 #277

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.