Commit Graph

788 Commits

Author SHA1 Message Date
Daniel Karzel
c976358c37
Multiple swaps with the same peer
- Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message.
- Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap.
- ASB: Encryption signatures are associated with swaps by swap-id, not peer-id.
- ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple
- CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database.

Includes concurrent swap tests with the same Bob.

- One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap.
- One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem.

Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice.
2021-04-13 18:16:19 +10:00
Daniel Karzel
46f144ac67
Switch monero-rpc to debug in tests
To be able to see CI monero RPC errors.
2021-04-13 17:43:10 +10:00
Daniel Karzel
b60790a32c
Allow buffering multiple transfer proofs per peer
Allowing multiple swaps with the same peer requires buffering multiple transfer proofs per peer.
2021-04-08 17:02:18 +10:00
COMIT Botty McBotface
1687f84aa1 Prepare release 0.4.0 2021-04-06 08:20:31 +00:00
bors[bot]
32912ebd4a
Merge #394
394: Add a configurable spread to the ASB r=thomaseizinger a=thomaseizinger

Fixes #381.

Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2021-04-06 07:39:11 +00:00
bors[bot]
f0a8be6835
Merge #396
396: Remove default connection details from CLI r=thomaseizinger a=rishflab

Connecting buyers to us by default is not consistent with our vision of
a decentralised network of sellers.

Closes #395

Co-authored-by: rishflab <rishflab@hotmail.com>
2021-04-06 07:26:24 +00:00
rishflab
9b0467d43a Remove default connection details from CLI
Connecting buyers to us by default is not consistent with our vision of
a decentralised network of sellers.

Closes #395
2021-04-06 16:59:11 +10:00
bors[bot]
e0b859bb1e
Merge #387
387: Improve the resilience of the network layer r=thomaseizinger a=thomaseizinger

We improve the resilience in two ways:

1. Use a timeout on Bob's side for the execution-setup.
2. Use the `bmrng` library to model the communication between Alice and Bob.

See commit messages for details.

Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2021-04-06 06:20:30 +00:00
Thomas Eizinger
a99d12b9df
Add a configurable spread to the ASB
Fixes #381.
2021-04-06 16:16:58 +10:00
Thomas Eizinger
3e0301a9d4
Move FixedRate into event_loop module
This is where these types are used, they can be defined in there.
2021-04-06 16:16:57 +10:00
Thomas Eizinger
654cfff2a8
Make kraken module emit PriceUpdates instead of Rates 2021-04-06 16:16:56 +10:00
Thomas Eizinger
cfc530e8ab
Make ask field of Rate private 2021-04-06 16:16:53 +10:00
Thomas Eizinger
bc46d95985
Remove unnecessary Serialize implementations 2021-04-06 16:08:42 +10:00
Daniel Karzel
0341e7c9fc
Point BDK to commit that fixes overflow error
Edge cases of UTXOs where value < fee cause the BDK's `coin_select` calculation to panic.
This issue was fixed upstream thus we point the BDK dependency against the commit of the merged fix.
2021-04-06 14:50:27 +10:00
rishflab
7df93faa4b Remove unnecessary wrapper struct 2021-04-06 11:05:36 +10:00
Daniel Karzel
04b49d7117 Add command to print Bitcoin and Monero balance 2021-04-06 09:19:43 +10:00
Daniel Karzel
96008ec130 Add command to withdraw BTC
If no amount is given the wallet will be drained.
2021-04-06 09:19:43 +10:00
Daniel Karzel
f5e81bb0ee Move seed and env_config outside Start command 2021-04-06 09:19:43 +10:00
Daniel Karzel
d9d697821e Separate bitcoin and monero wallet initialization 2021-04-06 09:19:43 +10:00
Daniel Karzel
084fc618b4 Test Alice refunds if restarted and Bob refunded 2021-04-01 17:47:01 +11:00
Thomas Eizinger
1b2f476cae
Have --force flag only override the timelock check
It might very well be that the cancel transaction is already published.
If that is the case, there is no point in failing the command. We simply
transition to cancel and exit normally.

The reason this comes up now is because Alice now properly waits for
the cancel timelock as well and publishes the cancel transaction first.

Ultimately, she should not do that because there is no benefit to her
unless she can also publish the punish transaction.
2021-04-01 17:28:38 +11:00
Thomas Eizinger
24f444b9f7
Race sending transfer proof against cancel timelock
Sending the transfer proof might never resolve because Bob doesn't
come back online. In that case, we need to make sure we bail out
as soon as the timelock expires.
2021-04-01 17:09:18 +11:00
Thomas Eizinger
c0785ab05a
"Buffer" all requests to Alice until we are connected
We use the "precondition" feature of the `tokio::select!` macro to
avoid polling certain futures. In particular, we skip polling all
futures that - when resolved - require us to send a message to Alice.
2021-04-01 17:09:17 +11:00
Thomas Eizinger
1b0c29b424
Use bmrng to model communicaton of Alice's EventLoop with the handle
This allows us to delay the ACKing of the encrypted signature up until
the swap has actually requested it.

Similarly, it allows us to wait for the ACK of the transfer proof within
the swap before continuing.
2021-04-01 17:09:17 +11:00
Thomas Eizinger
1c47b32681
Use bmrng to model communicaton of Bob's EventLoop with the handle
bmrng is a library providing a request-response channel that allows
the receiving end of the channel to send a response back to the sender.
This allows us to more accurately implement the functions on the
`EventLoopHandle`. In particular, we now _wait_ for the ACK of specific
messages from the other party before resolving the future.

For example, when sending the encrypted signature, the async function
on the `EventLoopHandle` does not resolve until we received the ACK
from the other party.

We also delete the `Channels` abstraction in favor of directly creating
bmrng channels. This allows us to directly control the channel buffer
which we set to 1 because we don't need more than that on Bob's side.
2021-04-01 17:09:17 +11:00
Thomas Eizinger
958e5b12bc
Don't match on expired_timelocks and race it in a select in parallel
There is no point in first checking for the expired timelocks and
then constructing a `select!` that also watches for the timelock to
expiry.

We can simply only have the select! invocation to achieve the same
effect. In case the timelock is already expired, this future will
resolve immediately.

Normally, the polling order of `select!` is pseudo-random. We
configure it to be _biased_ here to make sure the futures are polled
in order.
2021-04-01 17:08:26 +11:00
Thomas Eizinger
dbe03ba1cf
Timeout Bob's execution-setup after 10 seconds
The execution setup is our only libp2p protocol that doesn't have
a timeout built-in. Hence, if anything fails on Alice's side, we
would wait here forever.

Wrapping the future in a timeout ensures that we fail eventually
if this protocol doesn't succeed.
2021-04-01 17:08:26 +11:00
Thomas Eizinger
5d75f1adba
Remove import line in favor of FQ macro usage 2021-04-01 17:08:26 +11:00
Thomas Eizinger
4c2e254543
Don't log subscription
This object is very verbose and not meant to be logged.
2021-04-01 17:08:25 +11:00
Thomas Eizinger
5b230bc75f
Don't import tracing macros
Typing them out is quicker than constantly adjusting imports.
2021-04-01 17:08:25 +11:00
Thomas Eizinger
90a7760124
Add some log statements to bob::cancel 2021-04-01 17:08:25 +11:00
Thomas Eizinger
3f54b39281
Make all error messages start with an uppercase letter 2021-04-01 16:12:14 +11:00
Thomas Eizinger
0ef9d97679
Remove delegation functions in favor of public fields
We don't need to hide the fields of this Behaviour as the only reason
for why this struct exists is because libp2p forces us to compose our
NetworkBehaviours into a new struct.
2021-04-01 16:12:13 +11:00
Thomas Eizinger
b1d0ae8db7
Remove dead code
No codepath constructs this event, we can delete the associated code.
2021-04-01 16:11:57 +11:00
Daniel Karzel
2135a6e53e
Alice resumes swaps 2021-04-01 16:09:13 +11:00
Daniel Karzel
b6e4fb4f9d
Improve comment 2021-04-01 16:06:49 +11:00
Daniel Karzel
d233e9914e
Avoid problems when re-ordering / changing Bob's states
Make it explicit in which states we are able NOT to cancel/refund.
2021-04-01 16:06:48 +11:00
Daniel Karzel
e6dd194f77
next_state loop always exits in final state
Otherwise we can run into scenarios where the loop never properly exits.
2021-04-01 16:06:48 +11:00
Daniel Karzel
d90496931b
Save Alice's peer-id in the db for Bob
This allows loading the seller-peer-id from the database upon resuming a swap.
Thus, the parameters `--seller-peer-id` is removed for the `resume` command.
Other than the peer-id the multi address of a seller can change and thus is
still a parameter. This parameter might become optional once we add DHT support.
2021-04-01 16:06:48 +11:00
Daniel Karzel
bc442bcad3
Await 10 confirmations of lock tx in refund
Awaiting the confirmations in an earlier state can cause trouble with resuming
swaps with short cancel expiries (test scenarios).
Since it is the responsibility of the refund state to ensure that the XMR can
be sweeped, we now ensure that the lock transaction has 10 confirmations before
refunding the XMR using generate_from_keys.
2021-04-01 16:03:38 +11:00
Daniel Karzel
1c129d58c4
Distinguish loading all swaps for alice or bob on db level 2021-04-01 16:03:28 +11:00
Daniel Karzel
183e8f02de
Wait for lock tx and send transfer proof in separate state
Sending the transfer transaction in a distinct state helps ensuring
that we do not send the Monero lock transaction twice in a restart
scenario.
Waiting for the first transaction confirmation in a separate state
helps ensuring that we send the transfer proof in a restart scenario.
2021-04-01 16:03:19 +11:00
Daniel Karzel
dfd69c9c80
Alice aborts if any timelock expired before locking XMR
Once we resume unfinished swaps upon startup we have to ensure that
it is safe for Alice to act.
If Bob has locked BTC it is only make sense for Alice to lock up the
XMR as long as no timelock has expired. Hence we abort if the BTC is
locked, but any timelock expired already.
2021-04-01 16:02:42 +11:00
bors[bot]
6df26109aa
Merge #389
389: Bump bdk-testutils from 0.3.0 to 0.4.0 r=thomaseizinger a=dependabot[bot]

Bumps [bdk-testutils](https://github.com/bitcoindevkit/bdk) from 0.3.0 to 0.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/bitcoindevkit/bdk/releases">bdk-testutils's releases</a>.</em></p>
<blockquote>
<h2>v0.4.0</h2>
<p>The v0.4.0 release brings updated dependencies, more sanity checks and an overhauled API to build transactions.</p>
<p>You can find the full v0.4.0 changelog on GitHub.</p>
<p>As always, thanks to everybody who contributed to this release!</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/bitcoindevkit/bdk/blob/master/CHANGELOG.md">bdk-testutils's changelog</a>.</em></p>
<blockquote>
<h2>[v0.5.0] - [v0.4.0]</h2>
<h3>Misc</h3>
<h4>Changed</h4>
<ul>
<li>Updated <code>electrum-client</code> to version <code>0.7</code></li>
</ul>
<h3>Wallet</h3>
<h4>Changed</h4>
<ul>
<li><code>FeeRate</code> constructors <code>from_sat_per_vb</code> and <code>default_min_relay_fee</code> are now <code>const</code> functions</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e3f893dbd1"><code>e3f893d</code></a> Bump version to 0.4.0</li>
<li><a href="3f5513a2d6"><code>3f5513a</code></a> Update 'bdk-macros', 'bdk-testutils', 'bdk-testutils-macros' dep versions</li>
<li><a href="fcf5e971a6"><code>fcf5e97</code></a> Bump 'bdk-macros' version to 0.3.0</li>
<li><a href="cdf7b33104"><code>cdf7b33</code></a> Bump 'bdk-testutils' version to 0.3.0</li>
<li><a href="7bbff79d4b"><code>7bbff79</code></a> Bump 'bdk-testutils-macros' version to 0.3.0</li>
<li><a href="3a2b8bdb85"><code>3a2b8bd</code></a> Small CHANGELOG cleanup</li>
<li><a href="7843732e17"><code>7843732</code></a> [descriptor] Perform additional checks before using a descriptor</li>
<li><a href="6092c6e789"><code>6092c6e</code></a> Don't fix tokio minor version</li>
<li><a href="b61427c07b"><code>b61427c</code></a> [policy] Allow specifying a policy path for <code>Multisig</code></li>
<li><a href="fa2610538f"><code>fa26105</code></a> [policy] Remove the <code>TooManyItemsSelected</code> error</li>
<li>Additional commits viewable in <a href="https://github.com/bitcoindevkit/bdk/compare/v0.3.0...v0.4.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bdk-testutils&package-manager=cargo&previous-version=0.3.0&new-version=0.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-31 01:13:05 +00:00
dependabot[bot]
8440cb9d9a
Bump monero from 0.10.0 to 0.11.1
Bumps [monero](https://github.com/monero-rs/monero-rs) from 0.10.0 to 0.11.1.
- [Release notes](https://github.com/monero-rs/monero-rs/releases)
- [Commits](https://github.com/monero-rs/monero-rs/compare/v0.10.0...v0.11.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-30 07:26:53 +00:00
dependabot[bot]
04fc870756
Bump bdk-testutils from 0.3.0 to 0.4.0
Bumps [bdk-testutils](https://github.com/bitcoindevkit/bdk) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/bitcoindevkit/bdk/releases)
- [Changelog](https://github.com/bitcoindevkit/bdk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bitcoindevkit/bdk/compare/v0.3.0...v0.4.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-30 07:26:39 +00:00
Thomas Eizinger
52b9a78de2
Alice to validate Bob's PSBT for correctness
In order for the re-construction of TxLock to be meaningful, we limit
`Message2` to the PSBT instead of the full struct. This is a breaking
change in the network layer.

The PSBT is valid if:

- It has at most two outputs (we allow a change output)
- One of the outputs pays the agreed upon amount to a shared output script

Resolves #260.
2021-03-30 13:02:56 +11:00
Thomas Eizinger
8576894c10
Split bitcoin::Wallet functions into various impl blocks
This allows us to construct instances of bitcoin::Wallet for test
purposes that use a different blockchain and database implementation.

We also parameterize the electrum-client to make it possible to
construct a bitcoin::Wallet for tests that doesn't have one. This
is necessary because the client validates the connection as it is
constructed and we don't want to provide an Electrum backend for
unit tests.
2021-03-30 13:02:55 +11:00
Thomas Eizinger
b9d8cbeaa2
Rename testutils to harness
This allows us to bring in a dependency named `testutils`.
2021-03-30 12:59:34 +11:00
Thomas Eizinger
11b45cd8c0
Move messages into protocol module
This allows us to remove all visibility modifiers from the message
fields because child modules (in this case {alice,bob}::state) can
always access private fields of structs.

It also moves the messages into a more natural place. Previously,
they were defined within the network layer even though they are
independent of the libp2p implementation.
2021-03-30 12:59:34 +11:00