<h3>Background</h3>
<p>When a Bisq trade offer is accepted, each Bisq node participating in the trade creates a TradeStatistics data object and broadcasts it to the P2P network. This trade statistics data is used by every Bisq node to generate trading volume graphs, price charts, and is also available on the Bisq Markets API service.</p>
<p><a target="_blank" rel="noopener noreferrer" href="https://user-images.githubusercontent.com/232186/72218023-6a5cc100-3579-11ea-8599-9274b6eb2fb2.png"><img width="2000" alt="Screen Shot 2020-01-12 at 20 23 11" src="https://user-images.githubusercontent.com/232186/72218023-6a5cc100-3579-11ea-8599-9274b6eb2fb2.png" style="max-width:100%;"></a></p>
<h3>Issue</h3>
<p>The TradeStatistics2 object contains excessive metadata about the trade, specifically the on-chain TXID of the maker's deposit. Unfortunately, because the offerId of every Bisq trade is mapped to the on-chain Bitcoin depositTxID, this allows malicious blockchain analysis of all Bisq trades.</p>
<p>Example data object:</p>
<pre><code> {
"currency": "JPY",
"direction": "SELL",
"tradePrice": 8791986900,
"tradeAmount": 10000,
"tradeDate": 1578784489588,
"paymentMethod": "F2F",
"offerDate": 1578784398352,
"useMarketBasedPrice": true,
"marketPriceMargin": 0.0,
"offerAmount": 10000,
"offerMinAmount": 10000,
"offerId": "12635-224f7143-3366-46e7-9e14-7fa6f39fcb2b-125",
"depositTxId": "9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8",
"currencyPair": "BTC/JPY",
"primaryMarketDirection": "SELL",
"primaryMarketTradePrice": 87919869000000,
"primaryMarketTradeAmount": 10000,
"primaryMarketTradeVolume": 8791980000
}
</code></pre>
<p>Example blockchain analysis of this trade:<br>
<a href="https://blockstream.info/tx/9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8?expand" rel="nofollow">https://blockstream.info/tx/9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8?expand</a></p>
<h3>How to Reproduce</h3>
<ol>
<li>Start Bisq with <code>--dumpStatistics=true</code> option enabled</li>
<li>After a few minutes, a <code>trade_statistics.db</code> file will be generated in your <code>$HOME/.bisq/btc_mainnet/db/</code> datadir.</li>
<li>Extract the mapping of offer ID and deposit TXID by <code>grep Id trade_statistics.json</code></li>
<li>Paste any Bitcoin TXID into any Bitcoin Block Explorer</li>
</ol>
<h3>Expected Result</h3>
<p>Bisq should not reveal the on-chain Bitcoin TXID for each trade.</p>
<h3>Actual Result</h3>
<p>A full mapping of offer IDs to Bitcoin TXIDs for the past 50,000 trades on Bisq is generated. Snippet:</p>
<pre><code> "depositTxId": "23f8dd12c6f772f9cf48eb586192d0852b7c001f9b52853eb2745c50085e7aad",
"offerId": "f5701917-1858-44f5-a81b-874c83c965f9",
"depositTxId": "c72d6f8816edd0d914988ee51f9cacc46cded48aff5b8bfebc0e3b04d6e30d77",
"offerId": "8f52b851-ab30-45de-9b00-978c6c1320d2",
"depositTxId": "4352525005912cad0af9b32ed131f5856f4f72add3b7e67fb8ed4a263f0ae00f",
"offerId": "b96da749-0910-4870-8c43-ffa0d6e5c15a",
"depositTxId": "0b76f73006b94fb69e2a4ac4e9cea25bc5a0af08ed1aadd4f3769053f14a326e",
"offerId": "940fd072-66de-405a-86a9-abf693c98146",
"depositTxId": "e251355d683b7e611fe85c03db64eb965402e53e7568ea652230acaef908ff56",
"offerId": "0f6ff881-7f13-4654-bc0b-3267fc99021a",
"depositTxId": "6a5001d1392e877f0c7058c76e9af01913143751690f2990842526b61ec30cda",
"offerId": "9de779ff-5e94-46a6-aa93-4dde1d49b6de",
"depositTxId": "6ba5e8d42814ea27d01c62eec1e1c8543a7627c19e282632a05fdae8e1df1b1e",
"offerId": "75edc3db-6dea-4ed1-b33a-e998765e8605",
"depositTxId": "be059d21e287e10876aa3e29ddad55455645cd4c3996f71d945c7d788bb4383c",
"offerId": "dce8c43e-1a91-4c98-8fdd-5776898589ed",
"depositTxId": "656ea12e55c31ed96e43de32c53155387bc08ba2d0be708bac3bda6b4682fbbe",
"offerId": "57a68fbd-26cc-4f8d-8f0f-4114e09cc57c",
"depositTxId": "f078d4191545a79b7dad6393648a63cf8b9bf337bcb43a84343a6fd923c10585",
</code></pre>
<h3>Severity</h3>
<p><g-emoji class="g-emoji" alias="rotating_light" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f6a8.png">🚨</g-emoji><g-emoji class="g-emoji" alias="rotating_light" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f6a8.png">🚨</g-emoji><g-emoji class="g-emoji" alias="rotating_light" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f6a8.png">🚨</g-emoji><g-emoji class="g-emoji" alias="rotating_light" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f6a8.png">🚨</g-emoji><g-emoji class="g-emoji" alias="rotating_light" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f6a8.png">🚨</g-emoji></p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/bisq/issues/3893?email_source=notifications&email_token=AJFFTNSGXCLV6VFYNWCJDT3Q5L5ABA5CNFSM4KFXEESKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFSKDZA">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AJFFTNT476MV73ZFDW4VSTTQ5L5ABANCNFSM4KFXEESA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AJFFTNTG4U4QOA5UVZFSFILQ5L5ABA5CNFSM4KFXEESKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFSKDZA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/bisq-network/bisq/issues/3893?email_source=notifications\u0026email_token=AJFFTNSGXCLV6VFYNWCJDT3Q5L5ABA5CNFSM4KFXEESKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFSKDZA",
"url": "https://github.com/bisq-network/bisq/issues/3893?email_source=notifications\u0026email_token=AJFFTNSGXCLV6VFYNWCJDT3Q5L5ABA5CNFSM4KFXEESKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFSKDZA",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>