Stability for Flow
caffeinum opened this issue · comments
Currently, Flows are not very stable. For example, you can get into the state where you should know secret, but somehow it's null. We should make Flows more obvious in the sense of data flow before releasing and having real money and users' headaches at stake.
Main UX obstacles are:
- user does not have enough balance to swap
- user already has a swap with this person
Main security obstacles:
-
user lost a Swap ID – this goes to SwapHistory issue.
-
second party left right after signing and I dont know that
-
I froze my money, I should have all the values so I can get them back
-
bad connection to server, I am not sure if money were sent
-
I froze money, but second party left away – can I refund?
-
we both froze our money – how can I be sure it is? double-check
-
I am ready to withdraw, but I don't know
-
ETH owner had lost a secret key, but his ETH were withdraw already
Given the above, we have next steps:
For brevity and polimorphism we call BTC = base, ETH = secondary
setup
Both know only the participant address and amounts to send.
We cannot leave this step until both agree on continuing swap.
sync balances
This step should check the balances for everyone. Double-check you have money you claim to have.
lock base currency
Submit secret method goes here.
BTC owner should froze his money.
The shared state adds script address and exact values.
We cannot leave until both know these.
ETH owner also checks the frozen balance is just equals to what was expected.
lock secondary currency
ETH owner locks funds on the smart contract.
This step has no additional data. That's only he should send message, that funds are ready.
BTC owner doesnt leave until he knows exactly that contract has the right balance, and the hash matches.
ETH owner does not leave until BTC owner leaves.
withdraw secondary
BTC owner does not leave this step until ETH were transferred to his account.
ETH owner does not leave until he receives the message that ETH were withdrawn
withdraw base currency
Although he has everything he needs, BTC owner waits for message to mark swap as finished.
ETH owner cannot leave the step until he makes a successful withdraw tx.
All in all, state has two parts:
- informational flags
- crypto data
On exiting every step, Flow should have this data:
| step | flags | data |
|---|---|---|
| setup | meSigned,participantSigned | |
| sync balance | balanceEnough | balance |
| lock base | baseLocked | scriptValues, (secret), secretHash, lockedBalance, lockTxHash |
| lock seco | secondaryLocked | lockedBalance, lockTxHash |
| withdraw seco | secondaryWithdrawn | withdrawTxHash, (secret) |
| withdraw base | baseWithdrawn | withdrawTxHash |
Also, for every step, there is a person, who decides step's finished.
| step | responsible |
|---|---|
| setup | both |
| sync balance | both |
| lock base | secondaryOwner |
| lock seco | baseOwner |
| withdraw seco | secondaryOwner |
| withdraw base | baseOwner |
| finish | both |
this.state = {
step: 0,
signTransactionHash: null,
isSignFetching: false,
isMeSigned: false,
secretHash: null,
btcScriptValues: null,
btcScriptVerified: false,
isBalanceFetching: false,
isBalanceEnough: false,
balance: null,
btcScriptCreatingTransactionHash: null,
ethSwapCreationTransactionHash: null,
isEthContractFunded: false,
secret: null,
isEthWithdrawn: false,
isBtcWithdrawn: false,
refundTransactionHash: null,
isRefunded: false,
isFinished: false,
}on hold
Есть предложение разделить Flow на две части:
- setup
- withdraw
Шаги убрать, вместо этого добавить список проверок, делать их можно в любом порядке. Это значит, почти весь код из Flow перенести в классы ***Swap. А Flow сведется к
// BTC2ETH
try {
await btcSwap.setup()
await ethSwap.check()
await ethSwap.withdraw()
} catch () {
await btcSwap.refund()
}Например, список необходимых действий для обменов BTC<->ETH
| ETHSwap | |
|---|---|
| Sender | Recipient |
| lock funds | check contract balance |
| withdraw |
| BTCSwap | |
|---|---|
| Sender | Recipient |
| request sign | request script values |
| submit secret | check script |
| sync balance | verify script |
| lock funds | withdraw |
| send script values |
полностью за, это как Игорь сделал EOS - BTC только ты хочешь более явно разделить
чеклист перенести в темплейты ишью и закрыть можно думаю
@noxonsu ишью о том, чтоб учесть эти все проблемы в архитектуре. Можно временно закрыть, наверное
перенести в вики тогда и закрыть
Это более общий вариант #4
Пока что мы пришли примерно к такому, если вкратце:
Вначале берем BTC2EOS Игоря, а дальше смотрим:
pull Handlers
Это круто, более того, они нужны везде, поэтому логично положить из в swap.swap/Room.js
push Handlers
По сути являются сообщениями, чаще всего это ответы на pull. Их можно сделать структурами данных без кода вовсе.
import { scriptValuesMessageGenerator } from '../btc/push'
room.sendMessage(scriptValuesMessageGenerator(state))transaction Handlers
Тут самый сок. Это именно то, что отвечает прямо за действия.
Но почему бы не класть их напрямую в BtcSwap, EthSwap ? Это как раз действия с блокчейном.
Примеры идей:
caffeinum/swap.core@fd5925a
устарело