View Issue Details

IDProjectCategoryView StatusLast Update
0006863Talermechant backendpublic2021-06-10 16:22
Reportersebasjm Assigned ToMS  
PriorityhighSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Versiongit (master) 
Target Version0.9 
Summary0006863: Filling a reserve with 2 transactions just take the first
DescriptionIm testing out reserve. I have created one with initial balance with X but then filling with X/2 twice.
The reserve never received the second transfer, first I thought that might be a bug but it may be a design choice?

If it is a bug I can create a test case for this.

Does the initial value has a security concern? Has evaluated a reserve that can be filled through time?
TagsNo tags attached.

Activities

Christian Grothoff

2021-05-14 15:51

manager   ~0017850

Yes, there was a design choice made that a reserve can only ever receive one incoming transfer. Alas, we MAY need to revise this soon-ish, when we introduce KYC'ed accounts which may require us to review that 'unique' constraint...

Christian Grothoff

2021-05-17 16:53

manager   ~0017867

Just discussed this with Florian. We will continue to only allow a reserve to be filled _once_. Subsequent wire transfers with the same wire transfer subject will be rejected by LibEuFin (and _should_ be eventually rejected by the PyBank & fakebank).

Christian Grothoff

2021-05-17 16:54

manager   ~0017868

So this bug should now be read as:
- pybank should reject wire transfers to exchange with duplicate reserve public key (if transaction with same reserve public key exists)
- fakebank should do so, too

Christian Grothoff

2021-05-20 12:20

manager   ~0017882

29c6de2..749545b updates 'docs.git' to say:
diff --git a/core/api-wire.rst b/core/api-wire.rst
index f82ceaa..654d72f 100644
--- a/core/api-wire.rst
+++ b/core/api-wire.rst
@@ -345,6 +345,8 @@ exposed by bank gateways in production.
     Authentication failed, likely the credentials are wrong.
   :http:statuscode:`404 Not found`:
     The endpoint is wrong or the user name is unknown. The bank replies with an `ErrorDetail` object.
+ :http:statuscode:`409 Conflict`:
+ The 'reserve_pub' argument was used previously in another transfer, and the specification mandates that reserve public keys must not be reused.
 
(note that this is in the DD13 branch).

Christian Grothoff

2021-05-20 12:34

manager   ~0017883

259a180b..4741f4ea implements the new spec in fakebank (returning 409 if a reserve public key is duplicated -- or the currency does not match). Also adds a test. The test_bank_api_with_pybank now fails.

MS

2021-06-10 16:22

manager   ~0017948

pybank implements this here: 3ab7d22b116e523c6934cc756f677e343d5e1cf8. test_bank_api_with_pybank passes again.

Issue History

Date Modified Username Field Change
2021-05-14 15:47 sebasjm New Issue
2021-05-14 15:47 sebasjm Status new => assigned
2021-05-14 15:47 sebasjm Assigned To => Christian Grothoff
2021-05-14 15:51 Christian Grothoff Note Added: 0017850
2021-05-17 16:53 Christian Grothoff Note Added: 0017867
2021-05-17 16:54 Christian Grothoff Note Added: 0017868
2021-05-18 21:08 Christian Grothoff Priority normal => high
2021-05-18 21:08 Christian Grothoff Target Version git (master) => 0.9
2021-05-20 12:20 Christian Grothoff Note Added: 0017882
2021-05-20 12:34 Christian Grothoff Note Added: 0017883
2021-05-20 12:41 Christian Grothoff Assigned To Christian Grothoff => MS
2021-06-10 16:22 MS Note Added: 0017948
2021-06-10 16:22 MS Status assigned => resolved
2021-06-10 16:22 MS Resolution open => fixed