[bisq-network/bisq] Past payout tx used as deposit tx (#4873)
chimp1984
notifications at github.com
Wed Dec 2 16:37:03 CET 2020
<!--
SUPPORT REQUESTS: This is for reporting bugs in the Bisq app.
If you have a support request, please join #support on Bisq's
Keybase team at https://keybase.io/team/Bisq
-->
### Description
We saw quite a few cases where the trade fails because a past payout tx is used as deposit tx in the trade.
We could reproduce it now (still not easy as it only happens rarely). The reason is that we reset the address entry context for the Multisig address/key, and because those addresses are not detected in the check if an address is used they can be reused in a later trade. If both traders have repeated trades and by chance reuse the same address/key to create the MS address, the input address of a past payout tx is then the same address as the new output address of the deposit tx.
We use the address for listening for tx confidence and this can trigger then in the trade protocol that the wrong tx is interpreted and set a deposit tx.
To fix that we need to avoid resetting the address entry for Multisig. And to avoid that already past txs where the address entry was already reset and which could be reused any time again we also need to add some additional checks when we setup the confidence listener. We need to check if the input addresses are the 2 trade fee addresses and if the address we are looking up is used as output and not as input.
A PR is in preparation and I recommend that we release a hotfix based on 1.5.0 including only that PR and enforce an update after a few days when most users have updated to avoid furture issues from that bug.
@oscarguindzberg I do not think that issue is related to https://github.com/bisq-network/bisq/issues/4870 but also not 100% sure.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/4873
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201202/649e7c9f/attachment.htm>
More information about the bisq-github
mailing list