Bisq nodes leak TXID of every trade when TradeStatistics are generated

[wiz]

Background

When a Bisq trade offer is accepted, each Bisq node participating in the trade creates a TradeStatistics data object and broadcasts it to the P2P network. This trade statistics data is used by every Bisq node to generate trading volume graphs, price charts, and is also available on the Bisq Markets API service.

Issue

The TradeStatistics2 object contains excessive metadata about the trade, specifically the on-chain TXID of the maker's deposit. Unfortunately, because the offerId of every Bisq trade is mapped to the on-chain Bitcoin depositTxID, this allows malicious blockchain analysis of all Bisq trades.

Example data object:

  {
    "currency": "JPY", 
    "direction": "SELL",
    "tradePrice": 8791986900,
    "tradeAmount": 10000, 
    "tradeDate": 1578784489588,
    "paymentMethod": "F2F", 
    "offerDate": 1578784398352,
    "useMarketBasedPrice": true,
    "marketPriceMargin": 0.0,
    "offerAmount": 10000, 
    "offerMinAmount": 10000, 
    "offerId": "12635-224f7143-3366-46e7-9e14-7fa6f39fcb2b-125",
    "depositTxId": "9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8",
    "currencyPair": "BTC/JPY",
    "primaryMarketDirection": "SELL",
    "primaryMarketTradePrice": 87919869000000,
    "primaryMarketTradeAmount": 10000, 
    "primaryMarketTradeVolume": 8791980000
  }

Example blockchain analysis of this trade:
https://blockstream.info/tx/9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8?expand

How to Reproduce

1. Start Bisq with --dumpStatistics=true option enabled
2. After a few minutes, a trade_statistics.db file will be generated in your $HOME/.bisq/btc_mainnet/db/ datadir.
3. Extract the mapping of offer ID and deposit TXID by grep Id trade_statistics.json
4. Paste any Bitcoin TXID into any Bitcoin Block Explorer

Expected Result

Bisq should not reveal the on-chain Bitcoin TXID for each trade.

Actual Result

A full mapping of offer IDs to Bitcoin TXIDs for the past 50,000 trades on Bisq is generated. Snippet:

    "depositTxId": "23f8dd12c6f772f9cf48eb586192d0852b7c001f9b52853eb2745c50085e7aad",
    "offerId": "f5701917-1858-44f5-a81b-874c83c965f9",
    "depositTxId": "c72d6f8816edd0d914988ee51f9cacc46cded48aff5b8bfebc0e3b04d6e30d77",
    "offerId": "8f52b851-ab30-45de-9b00-978c6c1320d2",
    "depositTxId": "4352525005912cad0af9b32ed131f5856f4f72add3b7e67fb8ed4a263f0ae00f",
    "offerId": "b96da749-0910-4870-8c43-ffa0d6e5c15a",
    "depositTxId": "0b76f73006b94fb69e2a4ac4e9cea25bc5a0af08ed1aadd4f3769053f14a326e",
    "offerId": "940fd072-66de-405a-86a9-abf693c98146",
    "depositTxId": "e251355d683b7e611fe85c03db64eb965402e53e7568ea652230acaef908ff56",
    "offerId": "0f6ff881-7f13-4654-bc0b-3267fc99021a",
    "depositTxId": "6a5001d1392e877f0c7058c76e9af01913143751690f2990842526b61ec30cda",
    "offerId": "9de779ff-5e94-46a6-aa93-4dde1d49b6de",
    "depositTxId": "6ba5e8d42814ea27d01c62eec1e1c8543a7627c19e282632a05fdae8e1df1b1e",
    "offerId": "75edc3db-6dea-4ed1-b33a-e998765e8605",
    "depositTxId": "be059d21e287e10876aa3e29ddad55455645cd4c3996f71d945c7d788bb4383c",
    "offerId": "dce8c43e-1a91-4c98-8fdd-5776898589ed",
    "depositTxId": "656ea12e55c31ed96e43de32c53155387bc08ba2d0be708bac3bda6b4682fbbe",
    "offerId": "57a68fbd-26cc-4f8d-8f0f-4114e09cc57c",
    "depositTxId": "f078d4191545a79b7dad6393648a63cf8b9bf337bcb43a84343a6fd923c10585",

[wiz]

@sqrrm @ripcurlx please re-open this critical issue!

[sqrrm]

It's now my issue.

[wiz]

@sqrrm looks like chimp fixed it by completely re-implementing the trade statistics in #4611

[ripcurlx]

@sqrrm looks like chimp fixed it by completely re-implementing the trade statistics in #4611

Yes. Closing as complete.