

<p>This PR attempts to take advantage of the SegWit trade protocol upgrade (hard fork), to fix all the remaining cases where a buyer or seller can publish a deposit tx without their peer having a valid delayed payout tx (at least in the fully SegWit case, when taking an offer created in v1.5.0+). When taking pre-1.5.0 offers, the deposit tx inputs will be of mixed type, which makes it malleable and thus impossible to completely prevent either trader from altering its ID and thus rendering their peer's delayed payout tx invalid. In that case, the buyer should still fully validate their delayed payout tx anyway, against the agreed deposit tx, so that if the latter changes before confirming, the trade hopefully fails before the buyer makes payment. The PR additionally fixes a bug where (it appears) the buyer fails to check the signature of the final delayed payout tx.</p>

<p>These changes are intended to prevent blackmail attacks (or reduce the risk of them in not-fully-SegWit cases where the deposit tx is malleable).</p>


<hr>


<h4>You can view, comment on, or merge this pull request online at:</h4>

<p>  <a href='https://github.com/bisq-network/bisq/pull/4789'>https://github.com/bisq-network/bisq/pull/4789</a></p>


<h4>Commit Summary</h4>

<ul>

  <li>Fix missing segwit case when sanitising preparedDepositTx</li>

  <li>Send seller's delayedPayoutTx signature to peer ASAP</li>

  <li>Add new BuyerFinalizesDelayedPayoutTx task</li>

  <li>Withhold witnesses in buyer->seller depositTx data, until last step</li>

</ul>


<h4>File Changes</h4>

<ul>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-2208e815b409a18e37c6d0f1404c9df056762391ac619a3a64b957029dad68e1">core/src/main/java/bisq/core/btc/wallet/TradeWalletService.java</a>

    (56)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-f27fb001048ac323e5444951b5c0675087ca009d7f4c9e32394fe9d2ea026054">core/src/main/java/bisq/core/trade/messages/DelayedPayoutTxSignatureRequest.java</a>

    (21)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-bef9f31b98beae319357fb1b6b28c54a3672a151bff2fc50ebcd58cf7bf70e42">core/src/main/java/bisq/core/trade/messages/DelayedPayoutTxSignatureResponse.java</a>

    (27)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-4721e6552918192d1756ede99ae5038e017ebf82f78078ba0b75fe7268b8b717">core/src/main/java/bisq/core/trade/messages/DepositTxMessage.java</a>

    (16)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-32e782f261a8a670fced61b0c439df772fccfe84e1fdee8f52d43a692e4dcb7c">core/src/main/java/bisq/core/trade/protocol/BuyerAsMakerProtocol.java</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-03a40388a2ba08e9369bef2da7384c8fe8a0f9f7592a542e535ad473e9f9ae8a">core/src/main/java/bisq/core/trade/protocol/BuyerAsTakerProtocol.java</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-1e7d1b2468cf6bdecbccae4911c80c477a3a33aca995507365a4582d8cd84a1c">core/src/main/java/bisq/core/trade/protocol/SellerAsMakerProtocol.java</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-2483eed70c31f52fd4c639e9e157d92aeba5ce044a1acd039a51c49498d6aa38">core/src/main/java/bisq/core/trade/protocol/SellerAsTakerProtocol.java</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-0efcd58eb6a313e4d37128d8ae56ad1db3d18cfb1732cb0448154aef24dec6fb">core/src/main/java/bisq/core/trade/protocol/SellerProtocol.java</a>

    (2)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-9fe84908c89e2c23c51811fa597f492e45165bc0928085c9e14770d7e05e0190">core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerFinalizesDelayedPayoutTx.java</a>

    (60)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-e01a58b6954e6e79056124c64f5f27c8663b7f9d996967c012746dbe881a1acb">core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerProcessDelayedPayoutTxSignatureRequest.java</a>

    (1)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-7d8b41849be7b2f6ae758e445ff58700421359f93d3f800472f934e9d015af03">core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerProcessDepositTxAndDelayedPayoutTxMessage.java</a>

    (10)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-1b6f212b7967cdc1f3350324db3f34d2466a1f3df06e828513c68c0722d46dad">core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerSendsDelayedPayoutTxSignatureResponse.java</a>

    (7)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-f4a7384c9dfd51bf3485cf64eb1f59575cd7a4332eaef60a5b49ced921a0637a">core/src/main/java/bisq/core/trade/protocol/tasks/buyer/BuyerVerifiesPreparedDelayedPayoutTx.java</a>

    (23)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-b3fc773aed02efde945b540254ecac722210650dbd6cc7bf2f221cd7f0b76fcd">core/src/main/java/bisq/core/trade/protocol/tasks/buyer_as_maker/BuyerAsMakerSendsInputsForDepositTxResponse.java</a>

    (7)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-7b10d928ccf19ece80280ec65a6c30978a62bba89d56e00c47c28e61e540d6fe">core/src/main/java/bisq/core/trade/protocol/tasks/buyer_as_taker/BuyerAsTakerSendsDepositTxMessage.java</a>

    (4)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-94b28e0651d55170cd6ef282926e9de8a36a37b95be9c2dc18f35dc8a7bfedea">core/src/main/java/bisq/core/trade/protocol/tasks/seller/SellerFinalizesDelayedPayoutTx.java</a>

    (3)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-a3d753c509098d8d02c37798546e6bf9c2b06cf43a1ca07f4aa63380c4c44b4c">core/src/main/java/bisq/core/trade/protocol/tasks/seller/SellerProcessDelayedPayoutTxSignatureResponse.java</a>

    (7)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-cc29a74e200a0a95120e00e756512f4b92e41efc2896272e6abaad718d5affd2">core/src/main/java/bisq/core/trade/protocol/tasks/seller/SellerSendDelayedPayoutTxSignatureRequest.java</a>

    (5)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-9bc5c6380a31030116cb7d3b2fd45fbc0227ef5f9a0bb878c7d5152d83feb5bd">core/src/main/java/bisq/core/trade/protocol/tasks/seller_as_maker/SellerAsMakerProcessDepositTxMessage.java</a>

    (2)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-0342ce48aef8237d961260aafc3980c294d2a9b5cb8ca12c9020aeaca32532b4">core/src/main/java/bisq/core/trade/protocol/tasks/seller_as_maker/SellerAsMakerSendsInputsForDepositTxResponse.java</a>

    (3)

  </li>

  <li>

    <strong>M</strong>

    <a href="https://github.com/bisq-network/bisq/pull/4789/files#diff-51dcd1d852312df65738ff2bd493fdb0f187f50fb7d7324158c8b57fc1de7da7">proto/src/main/proto/pb.proto</a>

    (6)

  </li>

</ul>


<h4>Patch Links:</h4>

<ul>

  <li><a href='https://github.com/bisq-network/bisq/pull/4789.patch'>https://github.com/bisq-network/bisq/pull/4789.patch</a></li>

  <li><a href='https://github.com/bisq-network/bisq/pull/4789.diff'>https://github.com/bisq-network/bisq/pull/4789.diff</a></li>

</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/bisq/pull/4789">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AJFFTNR3JQXRMI5I7SEL4QLSPTXHZANCNFSM4TUJ4W5Q">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AJFFTNT4PFFN2VXM32V2QYDSPTXHZA5CNFSM4TUJ4W52YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4LB6GMPQ.gif" height="1" width="1" alt="" /></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/bisq-network/bisq/pull/4789",

"url": "https://github.com/bisq-network/bisq/pull/4789",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>