View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006863||Taler||mechant backend||public||2021-05-14 15:47||2021-06-10 16:22|
|Product Version||git (master)|
|Summary||0006863: Filling a reserve with 2 transactions just take the first|
|Description||Im testing out reserve. I have created one with initial balance with X but then filling with X/2 twice.|
The reserve never received the second transfer, first I thought that might be a bug but it may be a design choice?
If it is a bug I can create a test case for this.
Does the initial value has a security concern? Has evaluated a reserve that can be filled through time?
|Tags||No tags attached.|
||Yes, there was a design choice made that a reserve can only ever receive one incoming transfer. Alas, we MAY need to revise this soon-ish, when we introduce KYC'ed accounts which may require us to review that 'unique' constraint...|
||Just discussed this with Florian. We will continue to only allow a reserve to be filled _once_. Subsequent wire transfers with the same wire transfer subject will be rejected by LibEuFin (and _should_ be eventually rejected by the PyBank & fakebank).|
So this bug should now be read as:
- pybank should reject wire transfers to exchange with duplicate reserve public key (if transaction with same reserve public key exists)
- fakebank should do so, too
29c6de2..749545b updates 'docs.git' to say:
diff --git a/core/api-wire.rst b/core/api-wire.rst
index f82ceaa..654d72f 100644
@@ -345,6 +345,8 @@ exposed by bank gateways in production.
Authentication failed, likely the credentials are wrong.
:http:statuscode:`404 Not found`:
The endpoint is wrong or the user name is unknown. The bank replies with an `ErrorDetail` object.
+ :http:statuscode:`409 Conflict`:
+ The 'reserve_pub' argument was used previously in another transfer, and the specification mandates that reserve public keys must not be reused.
(note that this is in the DD13 branch).
||259a180b..4741f4ea implements the new spec in fakebank (returning 409 if a reserve public key is duplicated -- or the currency does not match). Also adds a test. The test_bank_api_with_pybank now fails.|
||pybank implements this here: 3ab7d22b116e523c6934cc756f677e343d5e1cf8. test_bank_api_with_pybank passes again.|
|2021-05-14 15:47||sebasjm||New Issue|
|2021-05-14 15:47||sebasjm||Status||new => assigned|
|2021-05-14 15:47||sebasjm||Assigned To||=> Christian Grothoff|
|2021-05-14 15:51||Christian Grothoff||Note Added: 0017850|
|2021-05-17 16:53||Christian Grothoff||Note Added: 0017867|
|2021-05-17 16:54||Christian Grothoff||Note Added: 0017868|
|2021-05-18 21:08||Christian Grothoff||Priority||normal => high|
|2021-05-18 21:08||Christian Grothoff||Target Version||git (master) => 0.9|
|2021-05-20 12:20||Christian Grothoff||Note Added: 0017882|
|2021-05-20 12:34||Christian Grothoff||Note Added: 0017883|
|2021-05-20 12:41||Christian Grothoff||Assigned To||Christian Grothoff => MS|
|2021-06-10 16:22||MS||Note Added: 0017948|
|2021-06-10 16:22||MS||Status||assigned => resolved|
|2021-06-10 16:22||MS||Resolution||open => fixed|