Privacy improvements for manual payout #4899
Conversation
|
Sounds good! I'm gonna try it out with a case I currently have that requires that. So the steps are:
|
|
Yes, those are the steps. I'm here & on keybase if you have any issues. |
|
Like I said in our discussion in Keybase, this does look very promising and certainly would make users' lives easier as they do feel a like intimidated when they read the tutorial on how to get the private keys. Plus it removes our reliance on Coinb.in as part of the current "private" process, a service that could be taken down at any time |
|
Thanks @jmacxx for your initiative! Maybe we can combine that for bisq-network/proposals#287 ? E.g. If we make it a bit more automated then the users could use that tool to make an alternative payout with arbitrary outputs and fees so it can serve both the idea to boost stuck tx chains by CPFP and to be used as emergency tool if normal payout options do not work. Of course adding too much complexity to an emergency tool is not a good idea... |
Redesign the UI Add import/export of payout settings Add ability to import from mediation ticket Mediator does not need private key User can sign using own wallet or private key Validation of input fields Calculate the tx fee based on inputs Display of the generated txid & hex so it can be checked
ghost
marked this pull request as ready for review
@chimp1984 Its a good idea and I'd like to take some time to think about a UI design for it. |
Actually after more thought, I found that it might be ok to do it manually. It is exceptional anyway and the manual process via mediator brings some safety. Otherwise there might be risky situations (e.g. buyer sending signature but then later it gets confirmed and he starts the payment, but seller takes signature and gets back his trade amount with it...). I started a while back a "cancel trade" sub-protocol and it turned out that its more tricky and risky as it seemed first. Mainly because it introduced a parallel execution stream and that can cause problems. So if your tool supports to change the miner fee, it would fulfill the basic requirements for a CPFP. The calculation how much fee is required can also be done manually by a explorer look up. I think its not worth the effort for that edge case.... Just would be good that we have a tool at hand to un-block stuck txs in times when the fees spike and sustain high. |
|
To adjust the fee, adjust one or both payout amounts. The fee adjusts to the leftover. |
desktop/src/main/java/bisq/desktop/main/overlays/windows/ManualPayoutTxWindow.java
Outdated
Show resolved
Hide resolved
|
Just re-triggered Travis, seems to be quite unreliable recently. I'll cherry-pick this into v1.5.2. |
ghost
mentioned this pull request
ghost
mentioned this pull request
ghost
mentioned this pull request
The goal of this PR is to improve privacy, by not requiring mediators to ask for users private keys.
The emergency multisig payout tool has been redesigned so that the unsigned payout transaction can be built, exported to the users for them to sign, and then the two signatures applied by the mediator before broadcasting the payout.
The screen is split into tabs (or a menu) allowing choices for Inputs, Import/Export, Sign and Build. See screenshots below.
Inputs would be filled out by the mediator. Most of the info can be obtained from the trade's contract. The amountInMultisig can be obtained from checking an explorer - amountInMultisig is necessary because this value is part of the hashed signature (in segwit), so the TX will not be valid unless this amount is specified correctly.
update 2020-12-14 : added the option to import data from a mediation ticket (see last screenshot)
The mediator would then export the settings and paste the exported string to both users in mediation chat. e.g.
Users would open the tool (ctrl+g) click import and paste in the supplied string. Then they would click sign and press "LOCATE KEY IN WALLET" followed by "GENERATE SIGNATURE". Then they would paste the signature string back to the mediator.
(The mediator would give the user some guidance on how to open the tool and sign).
The mediator, upon receiving the two signature strings would click "BUILD" and paste the buyer and seller signatures into the fields, followed by "BUILD" and/or "BROADCAST". The txId and txHex are displayed in a text box (similar to the UI of coinbin), so the txId could by copied into an explorer to check the TX status.
Entering the parameters:
Exporting:
Signing (by users):
Building:
Update 2020-12-14 added ability to import data from mediation ticket:
Fixes #4061
@huey735, mediators are invited to review/comment on this proposed solution.