View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011158 | Taler | exchange | public | 2026-02-25 13:35 | 2026-02-25 15:28 |
| Reporter | Antoine A | Assigned To | Christian Grothoff | ||
| Priority | high | Severity | major | Reproducibility | N/A |
| Status | assigned | Resolution | open | ||
| Summary | 0011158: Clarify incoming wire transfer subject constraint | ||||
| Description | The current unspecified rule is that only a public reserve key can be used only once, whereas a KYC key can be reused and the same key can therefore be used once for the reserve and several times for KYC. We need to specify this formally somewhere (in the wire gateway API?) and ensure that the exchange and wire gateway implementations behave consistently. | ||||
| Tags | discussion-needed | ||||
|
|
Ah, we only allow ONE KYC AUTH transfer per unique subject AND origin account. Which makes sense, as more than one is clearly redundant. ;-). Now, we could relax that constraint, or libeufin can just 'hide' those duplicate transactions from the exchange. Is the latter hard to do? |
|
|
So a different account can reuse the key ? I would prefer to enforce the rule of one key can only be used once, this make everything simpler and I guess it's what we currently have in the database as it never crashed before |
|
|
We could allow the same key to be used once for KYC and once for reserve as it can be stored in different DB tables, but most wire gateway would be more restrictive and clients should not try reuse them |
|
|
With the new registration endpoint, wallet can check for reuse before making a transfer. This means bounces should never happen under normal use after this change |
|
|
Yes, another account can reuse the key. In fact MUST: you can have a single merchant instance (=key) with multiple bank accounts. So for that scenario, the merchant would have to use the same key from multiple accounts. |
|
|
As for new endpoint: you still must handle the case where you do get duplicate incoming wire transfers -- say from clients that don't use the new endpoint. |
|
|
Ok, let's keep the same logic then |
|
|
Ok, so assign bug to you or consider resolved or what? |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-02-25 13:35 | Antoine A | New Issue | |
| 2026-02-25 13:35 | Antoine A | Status | new => assigned |
| 2026-02-25 13:35 | Antoine A | Assigned To | => Christian Grothoff |
| 2026-02-25 13:40 | Christian Grothoff | Note Added: 0027884 | |
| 2026-02-25 13:44 | Antoine A | Note Added: 0027885 | |
| 2026-02-25 13:48 | Antoine A | Note Added: 0027886 | |
| 2026-02-25 13:49 | Antoine A | Note Added: 0027887 | |
| 2026-02-25 14:15 | Christian Grothoff | Note Added: 0027891 | |
| 2026-02-25 14:16 | Christian Grothoff | Tag Attached: discussion-needed | |
| 2026-02-25 14:17 | Christian Grothoff | Note Added: 0027892 | |
| 2026-02-25 14:20 | Antoine A | Note Added: 0027894 | |
| 2026-02-25 15:28 | Christian Grothoff | Note Added: 0027895 |
