[bisq-network/bisq] Bisq does not verify taker's funding TX is broadcast to Bitcoin P2P network (#3489)

wiz notifications at github.com
Sun Mar 22 14:11:59 UTC 2020 

@sqrrm @freimair @ripcurlx
I thought of a better workaround than using electrs backend - take the following case:

```
depositTx received from peer: 
  29f9666b64df1b162f64bfa2bdf9ef510d65b02e36a8e9e1b3bebb3b5487e7fe
  updated: 2020-03-20T03:10:42Z
     in   PUSHDATA(72)[3045022100f3a09edfa44027e035d2d5ffe3100d5df24a2737e16342be04907bb6d072ee0d022068eb82020b18151877e541e2040c02cdbb4011f992e73ab4c6309f984fa0f1ba01] PUSHDATA(33)[03b251a0397992ad03577d0cedd95aca5d562e7e5190887bacb8c68ff21e4d0b3a] 0.013485 BTC (1348500)
          outpoint:92f708c6c317b7293ac360a7e0525d968f0c423b407f725121b39c5e7be9e9eb:1 hash160:53ebe7e1ec28e89ed5326fc179c9ab37d865217d
     in   PUSHDATA(72)[304502210080aab58d142d47bcfa70fac45cf549f47d077b30176fbfaad075aba41b76b196022057fdede2135016197aa14a079a2b7a916b3a59a909162ddbd2a92d293237be2901] PUSHDATA(33)[02e080be8d5ba65e74fd167063533cca2bd74e8c8af473b923acaa43cb76f5917c]
          outpoint:1f51b6a116726799a18bb82943a1b92683785650e4b58c96d7dddf5bcc54e76a:1
     out  HASH160 PUSHDATA(20)[38abc168a78caba347e1a63623479c08a33b970c] EQUAL 0.117136 BTC (11713600) ScriptPubKey: a91438abc168a78caba347e1a63623479c08a33b970c87 Address:36rfX4tS12TPvUqRRj8yrhvMiNxb7dwjMh 
     out  RETURN PUSHDATA(32)[c072d153c502af690eb95a909b492ce22d4d4068957c134164358d3597ac94eb] 0.00 BTC (0) ScriptPubKey: 6a20c072d153c502af690eb95a909b492ce22d4d4068957c134164358d3597ac94eb Address:[exception: Cannot cast this script to a pay-to-address type]
     prps UNKNOWN
```

In this deposit TX, the taker's funding TX `1f51b6a116726799a18bb82943a1b92683785650e4b58c96d7dddf5bcc54e76a` does not exist in mempool or blockchain, so the deposit TX is invalid because it spends an invalid UTXO.

My suggested workaround, is to have both trade parties re-broadcast the deposit TX to their Bitcoin peers. They should expect either a successful broadcast, or a "already in mempool" error, which also indicates a valid TX. If they receive any other error when re-broadcasting the TX, such as "spends invalid UTXO", etc. the maker can assume the taker's funding TX is not valid, and it can reject the peer attempting to take the offer.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/3489#issuecomment-602206648
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200322/3ef0c50d/attachment.html>

More information about the bisq-github mailing list