Do admins have access to the wallets when the client reserves funds? If not, arbitration is the only (not small) point of vulnerability.
How can anyone honestly think that locked haveno coins are truly in self-custody? In reality, bad haveno arbiters could easily pretend to be legit takers and get the 2/3 majority needed to approve a transaction, which could lead to theft. Even worse, admin bots could just wipe out the whole haveno order book with ease. This issues has been confirmed by official dread mods and some reddit users.
Quote SaberhagenTheNameless:
...afaict Haveno/Retoswap, in it's current state, has more at risk from rugpulls than necessary - currently over a million USD at stake.
Sell offers are sitting there waiting to be automatically locked into a 2/3 multisig once taken (from potentially malicious admins controlling arbitrator/taker bots meaning they would have enough keys to steal)
Right now nothing is really preventing admins from sweeping the entire orderbook on the sell side.
Cached: https://archive.ph/JOqDC#25%
Quote shortwavesurfer2009:
The way it would work would be that an arbitrator would create a bot to take the offers and then use the key from the taker bot and their arbitrator key to steal the escrow which contains the seller's Monero plus their security deposit.
Cached: https://archive.ph/gSRVs#25%
Quote /u/WoodenInformation730:
The arbitrators could rug the whole orderbook (all sell offers and security deposits) by taking all the offers at once.
Cached: https://archive.ph/icuxp#65%
Quote: /u/monero_desk_support:
After some thoughts, I think you are right and that the arbitration system in Haveno doesn't prevent arbitrators from pulling the funds. They would need to create a bot that takes all the offers and automatically unlock the funds with the key of the taker and arbitrator
Quote /u/geonic_ (Monero Outreach Producer):
Reto has been around for a few milliseconds basically and nothing stops the network operators from creating fake orders if the pot gets big enough. A network would have to be operating successfully for a few years before I trust it with any significant amounts.
Cached: https://archive.ph/bB1VN#84%
Quote /u/WoodenInformation730: To post an offer, you have to deposit the amount + security deposit. If an arbitrator acts maliciously, they could take an offer and essentially steal the funds by signing the 2/3 multisig transaction, since they'd have two keys.
Cached: https://archive.ph/icuxp#45%
Quote /u/jossfun:
Haveno relies upon arbitration by the network you’re operating on. In a case where the arbitrators act maliciously they can create trades where they control 2/3 keys to seize funds.
Source: https://rl.bloat.cat/r/Monero/comments/1h4icot/is_haveno_anymore_secure_than_trading_with_a/
Cached: https://archive.ph/bB1VN
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex #cex #moneroju #xmrbaazar #security #agorism #cypherphunk #bitcoin #btc #decentralized #nostr #moneroju
Discussion
No replies yet.