f678f43a24
1309: build(deps): bump tempfile from 3.3.0 to 3.4.0 r=delta1 a=dependabot[bot] Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's changelog</a>.</em></p> <blockquote> <h1>3.4.0</h1> <p>SECURITY: Prior <code>tempfile</code> releases depended on <code>remove_dir_all</code> version 0.5.0 which was vulnerabiel to a <a href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU race</a>. This same race is present in rust versions prior to 1.58.1.</p> <p>Features:</p> <ul> <li>Generalized temporary files: <code>NamedTempFile</code> can now abstract over different kinds of files (e.g., unix domain sockets, pipes, etc.): <ul> <li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for generalized temp file creation.</li> <li>Add <code>NamedTempFile::from_parts</code> to complement <code>NamedTempFile::into_parts</code>.</li> <li>Add generic parameter to <code>NamedTempFile</code> to support wrapping non-File types.</li> </ul> </li> </ul> <p>Bug Fixes/Improvements:</p> <ul> <li>Don't try to create a temporary file multiple times if the file path has been fully specified by the user (no random characters).</li> <li><code>NamedTempFile::persist_noclobber</code> is now always atomic on linux when <code>renameat_with</code> is supported. Previously, it would first link the new path, then unlink the previous path.</li> <li>Fix compiler warnings on windows.</li> </ul> <p>Trivia:</p> <ul> <li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix. This now makes direct syscalls instead of calling through libc.</li> <li>Remove <code>remove_dir_all</code> dependency. The rust standard library has optimized their internal version significantly.</li> <li>Switch to official windows-sys windows bindings.</li> </ul> <p>Breaking:</p> <ul> <li>The minimum rust version is now <code>1.48.0</code>.</li> <li>Mark most functions as <code>must_use</code>.</li> <li>Uses direct syscalls on linux by default, instead of libc.</li> <li>The new type parameter in <code>NamedTempFile</code> may lead to type inference issues in some cases.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stebalien/tempfile/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
---|---|---|
.cargo | ||
.github | ||
docs | ||
monero-harness | ||
monero-rpc | ||
monero-wallet | ||
swap | ||
utils/gpg_keys | ||
.gitignore | ||
bors.toml | ||
Cargo.lock | ||
Cargo.toml | ||
CHANGELOG.md | ||
CONTRIBUTING.md | ||
dprint.json | ||
LICENSE | ||
README.md | ||
rust-toolchain.toml |
XMR to BTC Atomic Swap
This repository hosts an MVP for atomically swapping BTC to XMR. It implements the protocol described in section 3 of this paper.
More information about the protocol in this presentation and this blog post.
Currently, swaps are only offered in one direction with the swap
CLI on the buying side (send BTC, receive XMR).
We are working on implementing a protocol where XMR moves first, but are currently blocked by advances on Monero itself.
You can read this blogpost for more information.
Quick Start
- Download the latest
swap
binary release for your operating system. - Find a seller to swap with:
./swap --testnet list-sellers
- Swap with a seller:
./swap --testnet buy-xmr --receive-address <YOUR MONERO ADDRESS> --change-address <YOUR BITCOIN CHANGE ADDRESS> --seller <SELLER MULTIADDRESS>
For more detailed documentation on the CLI, see this README.
Becoming a Market Maker
Swapping of course needs two parties - and the CLI is only one of them: The taker that occasionally starts a swap with a market maker.
If you are interested in becoming a market maker you will want to run the second binary provided in this repository: asb
- the Automated Swap Backend.
Detailed documentation for the asb
can be found in this README.
Safety
This software is using cryptography that has not been formally audited. While we do our best to make it safe, it is up to the user to evaluate whether or not it is safe to use for their purposes. Please also see section 15 and 16 of the license.
Keep in mind that swaps are complex protocols, it is recommended to not do anything fancy when moving coins in and out. It is not recommended to bump fees when swapping because it can have unpredictable side effects.
Contributing
We encourage community contributions whether it be a bug fix or an improvement to the documentation. Please have a look at the contribution guidelines.
Rust Version Support
Please note that only the latest stable Rust toolchain is supported. All stable toolchains since 1.63 should work.
Contact
Feel free to reach out to us in the COMIT-Monero Matrix channel.