Add encrypted wallet password prompt when submitting proposals using BSQ wallet

[pazza83]

This issue is similar to the recently implemented #4719 by @jmacxx

Assuming a Bisq user has turned on password protection for their Bisq wallet. The following is true:

• When Sending BTC from their Bisq wallet they are required to enter their encrypted wallet password.
• When sending BSQ from their Bisq wallet they are required to enter their encrypted wallet password.
• When submitting a proposal eg compensation request using BSQ they are NOT required to enter their encrypted wallet password.
• When voting using BSQ they are NOT required to enter their encrypted wallet password.
• When paying an asset listing fee using BSQ I assume they are NOT required to enter their encrypted wallet password.

Not sure when submitting an asset listing fee I do not know if this requires a BSQ fee? If it does then this can be password protected too.

It would increase Bisq wallet security if encrypted wallet password prompts were shown at all times when BSQ leaves the wallet.

Version
v1.5.5

Steps to reproduce
In Bisq client > DAO > Governance > Make proposal
In Bisq client > DAO > Governance > Asset listing fee/proof of burn

No password prompt is shown.

Proposed behaviour
In instances were a Bisq user has turned on password protection for their Bisq wallet. Encrypted wallet Password prompt is shown every time they use their BSQ wallet to send payment.

[pazza83]

Hi are any @bisq-network/bisq-devs able to take this on?

[wallclockbuilder]

I can work on it when it gets approved.

[pazza83]

@ripcurlx please can this be approved

[sqrrm]

I don't know if this would add a lot of real security if there's just a password prompt and the wallet is already unlocked. There has been some discussion on improving the security of the wallet and only keep specific keys unlocked rather than the whole wallet. The amounts sent when creating a proposal is just the proposal fee, which is 2 BSQ for now.

[pazza83]

Hi @sqrrm I appreciate it is only 2 BSQ to send but the BSQ amount is a minor part of the security issue:

• Unlimited Miner fees (no limit on what sats can be set to?)
• Unlimited transactions
• Malicious votes

The wallet password was recently added for BSQ withdrawals: #4719

This cost a total of 50 USD. A bargain for the additional security provided.

I am assuming this would be similar to implement.

Better safe than sorry :)

[sqrrm]

As some help to the user it's ok, as long as it's understood that the added safety is limited.

[pazza83]

Yes, appreciate there are still other wallet security issues, but this would be a good step to preventing someone without the technical skills required to send malicious funds if they had access to someone's Bisq incidence.

[pazza83]

@ripcurlx please can you let me know if this can be approved for @wallclockbuilder to work on?

[ripcurlx]

Sure, but let's not overload @wallclockbuilder with too much issues as there are lots of them already outstanding.

[wallclockbuilder]

Thanks @ripcurlx.Reducing my customer support team commitments from 40+hrs to 10ish so I can finish up the work on my plate.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[pazza83]

Still to be implemented

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant.

[pazza83]

I think think the addition of a password would be good :)