Verify maker & taker fee transactions via Mempool lookup #5160
Conversation
|
I thought it did this already 😳 |
Only for transactions that are linked to your wallet (e.g. Bisq fee tx of the trading peer wasn't checked) |
ghost
marked this pull request as draft
ghost
closed this
ghost
reopened this
ghost
changed the title
Would there be a scenario when that was ever advisable? Or worth doing? |
ghost
mentioned this pull request
ghost
marked this pull request as ready for review
| long feeValue = jsonVIn0Value.getAsLong() - jsonFeeValue.getAsLong(); | ||
| // if the first output (BSQ) is greater than the first input (BSQ) include the second input (presumably BSQ) | ||
| if (jsonFeeValue.getAsLong() > jsonVIn0Value.getAsLong()) { | ||
| // in this case 2 or more UTXOs were spent to pay the fee: |
There was a problem hiding this comment.
The code handles only the case of 1 or 2 BSQ inputs. Maybe also add a comment that we building on the concention that BSQ inputs are the before BTC inputs, which is not a consensus rule (for outputs it is) but our code handles it like that, so for the fee check that is good enough as we do not expect that ppl use custom txs for those txs.
It could be also a rare case that there is no BSQ change output. That can be if the input is exactly the amount to be burned or if the change is < dust, then it gets added to miner fee.
Another issue is that we do not check if the burned satoshis are BSQ or BTC. That would require that the tx is confirmed as only at confirmation the BSQ explorers recognize a BSQ tx. As confirmation will happen later we need to do that check after the deposit tx is confirmed in the trade protocol. So before the buyer sends the fiat he will check the takers BSQ fee it the BSQ explorer returns it as a valid BSQ tx and then before the seller confirms receipt to check the makers fee tx.
| JsonObject jsonVin0 = jsonVin.get(0).getAsJsonObject(); | ||
| JsonObject jsonVout0 = jsonVout.get(0).getAsJsonObject(); | ||
| JsonElement jsonVIn0Value = jsonVin0.getAsJsonObject("prevout").get("value"); | ||
| JsonElement jsonFeeValue = jsonVout0.get("value"); |
There was a problem hiding this comment.
The BSQ fee check is tricky. Maybe a better approach is to postpone it directly to the trade protocol states when the deposit tx is confirmed and use the BSQ explorer for delivering the fee.
In BsqWalletService.completeBsqTradingFeeTx there have been added a while ago a change which made the input 0 a BTC output in case there is no BSQ output. I think that change is not needed (at least I tested it without and it worked, but don't want to touch that at the moment...). So to take that additional option into account all gets more complicated....
core/src/main/java/bisq/core/provider/mempool/MempoolService.java
Outdated
Show resolved
Hide resolved
core/src/main/java/bisq/core/provider/mempool/MempoolService.java
Outdated
Show resolved
Hide resolved
desktop/src/main/java/bisq/desktop/main/offer/takeoffer/TakeOfferView.java
Show resolved
Hide resolved
desktop/src/main/java/bisq/desktop/main/offer/takeoffer/TakeOfferViewModel.java
Outdated
Show resolved
Hide resolved
|
👍 Thanks @chimp1984 for the review & suggestions. I applied your changes, and will think about the suggestion of checking BSQ fees using a BSQ explorer. |
|
@jmacxx I'm reviewing this PR right now and think it would be great to get it into v1.6.0. Could you please resolve the conflicts mentioned and I'm happy to merge it after a positive review. |
|
I just got following error while trying to open a dispute as mediator: This happens as |
desktop/src/main/java/bisq/desktop/main/offer/takeoffer/TakeOfferDataModel.java
Outdated
Show resolved
Hide resolved
|
It wasn't changed in this PR, but I missed it in the other one.
Better would be e.g. to create a new class
|
|
And one more thing I missed in the other PR and feels a little bit weird for the user. If a dispute is closed you get the notification popup. When you click on it, it opens the support section and the issue is selected. But it is greyed out and users might not know what to do. Maybe it is better to open in this case automatically the same action as a double click would trigger. WDYT? |
|
Also it would be good to show a (1) badge over the chat icon for the system message, so people are looking into it. In the past the chat was open by default in-line. So at least a notification would be good. |
desktop/src/main/java/bisq/desktop/main/offer/takeoffer/TakeOfferDataModel.java
Outdated
Show resolved
Hide resolved
apply @chimp1984 patch.txt code review suggestions taker tx check moved to trade step 2, after confirmation solve issue with calculating expected fees for unconfirmed tx resolve conflict with PR5207 (Disputes UI) check new offers after 1 block; check Json string not null; warn -> info remove unused parameter remove debugging log.warn message
ghost
mentioned this pull request
ghost
mentioned this pull request
ghost
mentioned this pull request
Closes #5119
Screenshots
https://imgur.com/a/tSaUgRL
Safeguards
Can be disabled universally via a filter, and individually via config setting.
In regtest mode the API calls are bypassed, returning success status.
Accuracy
The fee schedule is set via DAO parameters. Therefore checking that the correct fee was paid involves comparing the block height of an offer Tx to the DAO parameters which were relevant at that time.
I observed some variance in fee payments, perhaps because different users nodes may have been out of consensus with the DAO state.
The validation code has a threshold at which it considers fees paid to be acceptable. Currently this is set at 95%, i.e. if the fee paid is >= 95% of what was expected, the validation passes.
Very old offers (of which there are a handful still out there), use fee addresses which are not known but perhaps were used prior to the DAO. So a threshold of blockheight 599999 is used such that the unknown fee addresses are allowed to pass when the offer Tx is older than the threshold. Alternatively we could add 1PUXU1M... and 18GzH11... to the validator's list of accepted fee addresses.
Out of ~450 current offers ~9 are flagged as having underpaid the trading fee.
Checks own open offers
To implement the requirement that one's own offers be checked I integrated a validation in the TriggerPriceService so that if an offer is found to be bad it gets automatically disabled. This can help prevent the issues we've been seeing of offers that do not get published to the mempool for hours/days sometimes. Now if an offer Tx is not found, it will get disabled and the user will be motivated to investigate.
Testing
Tests were written in
TxValidatorTestto check the various error scenarios, be it underpaid BSQ, BTC, unknown fee address, or unknown tx. Most of the tests use data from real-world scenarios like the dust-fee scam.PR Checklist: