[bisq-network/proposals] Concerning the refund agent system (#236)

[QuantumRipple]

I think a new timelock destination address owner+arbitration role to handle failed trades only would mostly solve this. The associated "donation" address would not be the same as the existing ones, and there could be more than one of these roles to handle different size categories of trade with different bond size and compensation as each size would be prone to a different degree trust and number of cases.

Reimbursement would be funded directly by the timelock transaction used by the failed trade. Large trade reimbursement no longer involves personal risk or a convoluted BTC->BSQ->BTC path. The prevailing trader would not have to deal with a delayed or volatile reimbursement and double payout should be impossible with the client/protocol changes detailed below.

Incoming transactions remain in situ for some [time period] after receipt (say ~1 week in block confirmations). Participants of a failed trade have [time period] time to open an arbitration case and cause the associated on-hold BTC to be moved to an open arbitration case address. If [time period] elapsed without a case being opened, the BTC would be sent to the normal donation address (where it would be involved in multiple transactions to convert to BSQ and burn). If a case was not opened within [time period] traders would have to appeal to the DAO for reimbursement.

All funds sent to the incoming address would be forwarded on to 1 of 2 addresses - the normal donation address (between [time period] confirmations and another limit specified by the role such as a further 2 weeks) or an "open arbitration cases" wallet address (before [time period] confirmations).

An external observer could easily check that this rule was being followed in an automated fashion: the balance of the incoming address calculated with only incoming tx exceeding [time period] confirmations that were not referenced by outgoing tx (made while the associated incoming tx was < [time period] confirmations) to the open cases address should regularly drop to precisely 0.

Double reimbursement would be impossible because the reimbursement wallet could only be funded from a reserved transaction matching the arbitration case validated against the last [time period] blocks, and payout/closure of the arbitration case would return un-reimbursed funds to the normal donation address.

This would also limit the opportunity for embezzlement even with no/minimal oversight. Such a role's  compensation would only be time spent for duties performed, as reimbursement is funded directly by the failed trades. Furthermore, trader funds could not be absconded with without triggering complaints to the other DAO participants (and likely a manual audit). As such, the only funds really available to be stolen without immediately triggering flags would be the un-reimbursed portion of each arbitration case, most of which would otherwise return to the bonded role anyway as compensation.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/236#issuecomment-663976821
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200726/c093f064/attachment.html>