Replying to Avatar lontivero

> Ok so we agree that funds can't be swept by the devs

No, I stated exactly the opposite. I said that wallet developers can sweep users' wallets and users simply trust developers. There are very few wallets with tons of developers and eyes reviewing everything all the time; the rest of the projects have very few maintainers and almost no external reviewers.

> BUT there isn't any code that we have identified thay allows for the fee to be altered, it just isn't hard coded into the client Ashigaru Terminal.

The server decides the coordination fee and the client doesn't verify it —pthat's the point.

> Whirlpool requires a coordinator and connections to Dojo's. We don't want a bunch of different coordinators.

Okay, I get it. I misunderstood the decentralization part then. If there would not be other —potentially malicious— coordinators, then it makes no sense to protect the user from them. In fact, it makes no sense to verify anything coming from the server, only messages from the users should not be trusted.

> We want the coordinator to either run in a true decentralized manner... meaning the coodination occurs by the users.. NOT via multiple coordinators and pools. The coordination will occur via user's Dojo's talking to eachother.

Thanks for sharing, it is a really fantastic goal, but in that case it would be even more important to develop a defensive mentality where external inputs need to be verified and not blindly trusted.
Avatar
. 6mo ago

Sweeping implies that funds sent to a deposit address in Ashigaru Terminal can be taken by devs without an action by the user. This is simply not true.

Perhaps theoretically as you are describing, UPON THE USER INITIATING a Tx0 then the fee MAY be able to be manipulated to equal the entire Tx0. That is very different from simply having a deposit wallet drained without a user action. Do you understand the difference?

You still haven't shown the code that would allow the coordinator to alter the fee.

Reply to this note

Please Login to reply.

Discussion

Avatar
Ape Mithrandir 6mo ago

When you initiate the tx0 in Ashigaru Terminal it displays the tx0 fee and the structure of the transaction you are about to broadcast.

After you broadcast the tx you can see in a different wallet software (or mempool[dot] space) if it indeed matched what the Ashigaru Terminal wallet said would be the fee.

If it did not match then you can do an CPFP back to your deposit account. Crisis averted.

Avatar
observer👁️🌐 6mo ago

Don't you mean RBF instead?👀

Avatar
Ape Mithrandir 6mo ago

I haven't checked if RBF is enabled for the tx0, iirc the Samourai tx0 had RBF disabled.