View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009214Talerexchangepublic2024-09-23 18:572024-09-29 15:22
ReporterFlorian Dold Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version0.14Fixed in Version0.14 
Summary0009214: exchange claims bad_kyc_auth=true, but account_pub is the same as merchant_pub
DescriptionThe exchange wrongly reports bad_kyc_auth=true, despite reporting the same account_pub that was used as the merchant_pub in the deposit.

Note that the account_pub is a reserve pub, but the deposit was done to a *different* bank account than the one from the withdrawal reserve. Maybe that's what's confusing the exchange.
Steps To Reproduce$ taler-harness run-integrationtests kyc-deposit-deposit-kyctransfer

Additional InformationThe `POST /batch-deposit` reports:

2024-09-23T16:42:05.181Z deposits.ts INFO kyc legitimization needed response: {
  "code": 1028,
  "hint": "The exchange is not allowed to proceed with the operation until the client has satisfied a KYC check.",
  "h_payto": "YRGMYWQFEDFZYJSTPXNDN69Q76MFC66YCQ4N4B9Z1V1HRZ3YEPX0",
  "account_pub": "2T13Y0G65WN5P28858ZREM235BHVK8EA6RG02WTRP7V35WZMM3X0",
  "requirement_row": 1,
  "bad_kyc_auth": true
}

However, the deposit request has the following body:


2024-09-23T16:42:05.178Z deposits.ts TRACE deposit request: {
  "coins": [
    {
      "coin_pub": "JAYW0FV4S3NVJ39D08CA253DZXPEX3513JSERK1TATREN8TR3RZ0",
      "coin_sig": "SBQZZ16DSTHA14MC18YNTWGB69ECN07Q1CTCFYHT611XAZVH6B1P2NAGBZSCYX6F47744AMTNN7NJC7564ZS7AATRA1NS6FPAZ9K020",
      "contribution": "TESTKUDOS:10",
      "denom_pub_hash": "5GWWVEZZWSMG8XETPQZETR4E0J8A9M2XH8Q1AGBQNZW4K6TD7VVZ0Q9AKNNY6FTJP7CBYXRYQ4HJDJ1F9HEC10X42DACTHC38QPXS0G",
      "ub_sig": {
        "cipher": "RSA",
        "rsa_signature": "0RJ84N35FD1M777J7DCMWX9D8MGB3CF005CG2G0DXY2MWP533H6P2H0AXB5XG94PYHZ2H2QPSE7WQBR6TCZTJQCWEPMKCGK2C9P0DFKRYTRE7GTT79R78PZ2CW9FPPMJPJK7FBMBM3Y3G1HRSNXVBWJ7ME895NMR3B9GJ3Y669WKTYZH7HW14SW12QR90VC7PSHVQV3X6FSDP"
      }
    }
  ],
  "h_contract_terms": "NXG3EKCJVNE9Q2QDT847QKBV4TGETYG0HK035KPA6RMDEB86QVGMXZWV5YKDDKS7JEPK46JJTN0EEXPT3WEZ6HJ3PRMN23Z2VK2RX4G",
  "merchant_payto_uri": "payto://x-taler-bank/localhost/deposit-test?receiver-name=deposit-test",
  "merchant_pub": "2T13Y0G65WN5P28858ZREM235BHVK8EA6RG02WTRP7V35WZMM3X0",
  "timestamp": {
    "t_s": 1727109724
  },
  "wire_salt": "4EQN8KG7DNDZZ5WC5G1SQ5B6NM",
  "wire_transfer_deadline": {
    "t_s": 1727110024
  },
  "refund_deadline": {
    "t_s": 0
  }
}
TagsNo tags attached.

Activities

Christian Grothoff

2024-09-29 14:05

manager   ~0023390

You do /batch-deposit, and get a 451. Then you do a /kyc-check, and get a 202 Accepted. But you never actually DO the KYC operation, instead try /batch-deposit again, which obviously MUST fail as you still didn't do the KYC operation (I see no /kyc-info, /kyc-proof, or anything like that).

The bug seems to be: the merchant_pub in the request of /batch-deposit matches the account_pub being returned in the body, but we still have bad_kyc_auth: true which makes no sense.

Christian Grothoff

2024-09-29 14:37

manager   ~0023391

After *rebuilding* exchange, I now get a 451 without the "account_pub" (no other changes to the code!), which makes sense since there was no KYC AUTH transfer made.

Christian Grothoff

2024-09-29 14:38

manager   ~0023392

Checked the database. We have two entries in wire_targets:

#1 payto://x-taler-bank/localhost/user-h9ghwjjfk6nnb6aa?receiver-name=user-h9ghwjjfk6nnb6aa
#2 payto://x-taler-bank/localhost/deposit-test?receiver-name=deposit-test

The reserve_in came from #1. The /batch-deposit goes to #2. So the reserve_pub from the reserve_in is *not* acceptable for KYC auth here.

Christian Grothoff

2024-09-29 14:42

manager   ~0023393

I now see the test following-up with a kyc-auth wire transfer and doing a kyc-check, which passes (200 OK), but with a deposit soft limit of 5.

Christian Grothoff

2024-09-29 14:43

manager   ~0023394

A 2nd /batch-deposit fails, this time *still* with bad_kyc_auth *and* an account_pub and a requirement row of 1. Here we again see the original issue: account_pub matches merchant_pub, but we're complaining about bad_kyc_auth! Hmm.

Christian Grothoff

2024-09-29 15:22

manager   ~0023395

Ugh. Ultimately:

- out_bad_kyc_auth = COALESCE ((my_account_pub = in_merchant_pub), TRUE);
+ out_bad_kyc_auth = COALESCE ((my_account_pub != in_merchant_pub), TRUE);

Fixed in 0ba346daf..a04b6b25a

Christian Grothoff

2024-09-29 15:22

manager   ~0023396

Specific issue fixed, but test still fails...

Issue History

Date Modified Username Field Change
2024-09-23 18:57 Florian Dold New Issue
2024-09-23 18:57 Florian Dold Status new => assigned
2024-09-23 18:57 Florian Dold Assigned To => Christian Grothoff
2024-09-29 14:05 Christian Grothoff Note Added: 0023390
2024-09-29 14:37 Christian Grothoff Note Added: 0023391
2024-09-29 14:38 Christian Grothoff Note Added: 0023392
2024-09-29 14:42 Christian Grothoff Note Added: 0023393
2024-09-29 14:43 Christian Grothoff Note Added: 0023394
2024-09-29 15:22 Christian Grothoff Note Added: 0023395
2024-09-29 15:22 Christian Grothoff Status assigned => resolved
2024-09-29 15:22 Christian Grothoff Resolution open => fixed
2024-09-29 15:22 Christian Grothoff Fixed in Version => 0.14
2024-09-29 15:22 Christian Grothoff Note Added: 0023396