Duplicate Deposit

From Open Transactions
Revision as of 12:00, 23 May 2014 by Justusranvier (talk | contribs) (Initial page creation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

Services should strongly encourage customers to never reuse deposit addresses by making the BIP70 payment protocol mandatory and providing them with an API for requesting new deposit addresses on demand.

However, it is not possible to guarantee that unsolicited funds will never be received to the previously-used address.

Procedure

If the address receiving the duplicate address is in a series at least one number ahead of the hot series when a duplicate deposit is received, the pool should issue the funds to the appropriate nym by creating a duplicateBailment notice and placing it in the user’s inbox.

If the address does not meet the criteria above it means the deposit was sent to a hot address instead of a cold address. In this case the funds should be swept to cold storage after it has received 6 confirmations on the blockchain.

The audit server for the blockchain wallet associated with the deposit address should create the sweep transaction by using the getaddresssignature call to obtain the needed signature. The bitcoin wallet should deduct any required blockchain transaction fees from the deposit amount itself.

The audit server then broadcasts a sweep message to the other audit servers containing the source and destination address identifiers, and all signatures they currently have for the transaction. Each audit server validates the provided information and calls getaddresssignature on their own wallets, and add their signatures to the broadcast. As the audit servers obtain additional signatures they call sendmultisigaddress to add them to the transaction.

When each Bitcoin wallet receives enough signatures to make the transaction valid, it broadcasts it to the network.

Type 0 Event - Dust Handling
The size of the deposit may be below the network dust threshold (small enough that it would require more in transaction fees to spend than it is worth).

Once the sweep transaction appears on the network, the audit servers process that transaction like a normal deposit and the transaction server credits the user account via a duplicateBailment notice.