Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact deposittxid from tradestatistics #3911

Merged
merged 3 commits into from
Jan 30, 2020
Merged

Redact deposittxid from tradestatistics #3911

merged 3 commits into from
Jan 30, 2020

Conversation

ripcurlx
Copy link
Contributor

Starting with the release after v1.2.6 the deposit transaction ID will not be added anymore to the trade statistics object. If you use the --dumpStatistics option in this PR the deposit transaction ID will not be stored in the JSON file anymore.
Of course until we activate this feature with the next release after v1.2.6 (we need to set the minimum required version for trading to 1.2.6 before e.g. v1.2.7 release is published) a sophisticated actor can manipulate the source code and still access this information.
This staged release is necessary to prevent duplicate trade statistics objects because of how the hash for it is generated.

What needs to be discussed is, if we want to make it version update dependent or if we want to set a date and force all to upgrade to v1.2.6 a couple days after the release.

Fixes #3893.

@ripcurlx ripcurlx mentioned this pull request Jan 21, 2020
Closed
@ripcurlx
Copy link
Contributor Author

Thinking about it, I think we should do it date based, as it will delay the activation of this feature for roughly 30 more days and it would also help us to get rid of unnecessary support cases by users using old versions that don't include the patches from v1.2.4+. Will force push a change in a couple of minutes.

@wiz
Copy link
Contributor

wiz commented Jan 21, 2020
edited
Loading

Thank you for working on this critical issue and doing the forced update - will #3894 be a part of this forced update as well?

@ripcurlx ripcurlx force-pushed the redact-deposittxid-from-tradestatistics branch from cd269b5 to b297a69 Compare January 22, 2020 09:10
@ripcurlx
Copy link
Contributor Author

I'll probably add the fix for #3894 to this PR as well, as they both need a forced update process to prevent any backwards compatibility issues.

@sqrrm
Copy link
Member

sqrrm commented Jan 27, 2020

Avoiding duplicate trade stats is good but is it really a breaking issue? Perhaps any duplicates should be removed if they have a deposittxid set for trades made after the cutoff date.

Seed nodes would be upgraded by the cutoff date and only a few users would still be running on version < 1.2.5. They might have duplicate entries but I don't think that would cause harm and once they upgrade they would also remove the bad duplicates. I think it's good to avoid forced upgrades as much as possible.

@ripcurlx
Copy link
Contributor Author

Avoiding duplicate trade stats is good but is it really a breaking issue? Perhaps any duplicates should be removed if they have a deposittxid set for trades made after the cutoff date.

Seed nodes would be upgraded by the cutoff date and only a few users would still be running on version < 1.2.5. They might have duplicate entries but I don't think that would cause harm and once they upgrade they would also remove the bad duplicates. I think it's good to avoid forced upgrades as much as possible.

True, that could be done. I'll have a look on how to clean up duplicates in that case.

@ripcurlx
Remove deprecated code parts
3374f1b 
As we don't have any arbitrators connected to the network anymore it shouldn't possible to use arbitration anymore
@ripcurlx
Not add the deposit transaction id to the trade statistics object
2887ab0
@ripcurlx
Not expose offer fee tx id in UI or JSON export
1d9fda7
@ripcurlx ripcurlx force-pushed the redact-deposittxid-from-tradestatistics branch from b297a69 to 1d9fda7 Compare January 29, 2020 13:54
@ripcurlx ripcurlx marked this pull request as ready for review January 29, 2020 14:02
sqrrm
sqrrm approved these changes Jan 30, 2020
View reviewed changes
Copy link
Member

@sqrrm sqrrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

@sqrrm sqrrm merged commit 4e4ac96 into bisq-network:master Jan 30, 2020
@ripcurlx ripcurlx added this to the v1.2.6 milestone Jan 30, 2020
@ripcurlx ripcurlx added re:privacy is:priority PR or issue marked with this label is up for compensation labels Feb 4, 2020
@sqrrm sqrrm mentioned this pull request Feb 10, 2020
Closed
@ripcurlx ripcurlx modified the milestones: v1.2.6, v1.2.7 Feb 11, 2020
@ripcurlx ripcurlx mentioned this pull request Feb 14, 2020
Closed
@ripcurlx ripcurlx removed this from the v1.2.8 milestone Mar 9, 2020
@ripcurlx ripcurlx deleted the redact-deposittxid-from-tradestatistics branch July 16, 2021 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sqrrm sqrrm sqrrm approved these changes

Assignees
No one assigned
Labels
is:priority PR or issue marked with this label is up for compensation re:privacy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bisq nodes leak TXID of every trade when TradeStatistics are generated
3 participants
@ripcurlx @wiz @sqrrm