[bisq-network/bisq] Add cancel trade feature (#4514)

Thu Sep 17 01:10:46 UTC 2020

> During testing I get the accept/reject/decide later popup twice if the trade is not open when receiving the request. First I Accept/Reject and the same popup shows again and I must choose again. Perhaps a listener is attached when switching to that view or something like that.
> 
> The buyer should not be able to continue with the trade after the rejection with the current protocol since he's signing the payout with all going to seller. Better might be:
> Accept path
> 
>     1. Buyer proposes cancellation
> 
>     2. Seller accepts, signs payout and sends signature back
> 
>     3. Buyer finalizes cancellation
> 
> 
> Reject path
> 
>     1. Buyer proposes cancellation
> 
>     2. Seller rejects
> 
>     3. Buyer can continue with trade. No risk to buyer since the seller doesn't have the signed payouttx. No risk to seller since the potential cancellation tx would send all funds to seller.
> 
> 
> Adding signedwitness to last message in protocol makes a lot of sense.
> 
> The handling of mailboxmessages wasn't obivous to me. Hence the failure to remove them from the network. Would it make sense to make a separate service to pop mailboxmessages from the p2p network store them locally to be processed by the trade protocol later. That way there is no need to worry about the post trade tast mailbox handling.
> 
> Added some minor comments inline.

The popup comes everytime when you activate the pending trades UI and select the trade. Once you accept/reject it does not come again. 
Did you get 2 popups?

Re buyers signature:
Good catch! Yes that was a real security flaw. Thanks for catching it! Of course the buyer must not send the signature first but the other way round as the seller gets the funds back. I will change that and yes we need a 3rd step so that the buyers signs as the end and publishes the tx.

Re mailbox msg:
Yes that might be a good idea, then we have less risk that there are dangling msgs. We just need to add a new store for that and manage it locally. I will have a look into that once the persistence PR is merged.

Currently we allow the buyer to continue with the trade once he opened a cancel request. I think that is dangerous as it might cause conflicts in the trade protocol if 2 branches can be executed in parallel. As well it might lead to more complex situations and carries higher risk that it could be abused. So I think better to deactivate that the buyer can continue normally until the seller has replied. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4514#issuecomment-693747636
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200916/f4975b8b/attachment-0001.html>