taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
766a291151
exchange/src/lib
History
Christian Grothoff e7aeec04f4
The current recoup API is broken. I guess this is another example where "trivial" API changes turn out to have (multiple!) unexpected consequences. 
The current "/recoup" API does not have clear idempotency semantics, as we've discussed on the phone.  This is already bad by itself, as it makes it hard to write down what the API does other than "whatever the implementation does".

However, it actually breaks correctness in this (admittedly kinda contrived, but not impossible) case:

Say that we have a coin A obtained via withdrawal and a coin B obtained via refreshing coin A. Now the denominations of A gets revoked..

The wallet does a recoup of A for EUR:1.

Now the denomination of B also gets revoked.  The wallet recoups B (incidentally also for EUR:1) and now A can be recouped again for EUR:1.  But now the exchange is in a state where it will refuse a legitimate recoup request for A because the detection for an idempotent request kicks in.

This is IMHO bad API design, and the exchange should simply always recoup the maximum amount.

Furthermore, we usually follow the principle of "API calls that take up DB space are paid".  With the current recoup API, I can do many tiny recoup requests which the exchange then has to store, right?

I guess it would not be a big change to remove the "amount" value from the recoup/recoup-refresh request bodies, right?

- Florian
2022-01-11 12:47:35 +01:00
..
auditor_api_curl_defaults.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
auditor_api_curl_defaults.h rename BANK_excecute_wire_transfer to BANK_transfer, improve error handling when curl_easy_init() fails 2020-03-03 17:14:00 +01:00
auditor_api_deposit_confirmation.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
auditor_api_exchanges.c -more changes towards fixing FTBFS 2021-10-27 09:23:12 +02:00
auditor_api_handle.c fix #6786: do not die on bogus URL 2021-03-05 21:41:55 +01:00
auditor_api_handle.h rename BANK_excecute_wire_transfer to BANK_transfer, improve error handling when curl_easy_init() fails 2020-03-03 17:14:00 +01:00
exchange_api_auditor_add_denomination.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_common.c The current recoup API is broken. I guess this is another example where "trivial" API changes turn out to have (multiple!) unexpected consequences. 2022-01-11 12:47:35 +01:00
exchange_api_curl_defaults.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_curl_defaults.h limit redirects 2020-02-29 16:54:58 +01:00
exchange_api_deposit.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_deposits_get.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_handle.c [age restriction] progress 11/n 2022-01-10 00:04:23 +01:00
exchange_api_handle.h introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_kyc_check.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_kyc_proof.c -fix misc. compiler warnings 2021-11-19 10:57:27 +01:00
exchange_api_kyc_wallet.c -fixes for test 2021-11-09 22:52:01 +01:00
exchange_api_link.c -eliminate redundant hash operation on link signatures 2021-12-25 15:39:01 +01:00
exchange_api_management_auditor_disable.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_auditor_enable.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_get_keys.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_post_extensions.c [age restriction] progress 10/n 2022-01-08 14:40:20 +01:00
exchange_api_management_post_keys.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_revoke_denomination_key.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_revoke_signing_key.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_set_wire_fee.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_wire_disable.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_management_wire_enable.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_melt.c protocol v12 changes (/recoup split, signature changes) plus database sharding plus O(n^2)=>O(n) worst-case complexity reduction on coin balance checks 2021-12-25 13:56:40 +01:00
exchange_api_recoup_refresh.c The current recoup API is broken. I guess this is another example where "trivial" API changes turn out to have (multiple!) unexpected consequences. 2022-01-11 12:47:35 +01:00
exchange_api_recoup.c The current recoup API is broken. I guess this is another example where "trivial" API changes turn out to have (multiple!) unexpected consequences. 2022-01-11 12:47:35 +01:00
exchange_api_refresh_common.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_refresh_common.h introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_refreshes_reveal.c [age restriction] progress 3/n 2021-11-16 14:43:54 +01:00
exchange_api_refund.c v12: also do not sign over merchant_pub in REFUND signature, centralize logic 2021-12-25 14:58:04 +01:00
exchange_api_reserves_get.c complete implementation of long-polling for reserve status; remove support for multi-threaded exchange httpd 2021-08-23 00:00:32 +02:00
exchange_api_transfers_get.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_wire.c introducing GNUNET_TIME_Timestamp, recoup now with amounts 2021-12-14 16:04:40 +01:00
exchange_api_withdraw2.c distinguish between blind and non-blind denomination signatures 2021-10-31 17:56:56 +01:00
exchange_api_withdraw.c distinguish between blind and non-blind denomination signatures 2021-10-31 17:56:56 +01:00
Makefile.am protocol v12 changes (/recoup split, signature changes) plus database sharding plus O(n^2)=>O(n) worst-case complexity reduction on coin balance checks 2021-12-25 13:56:40 +01:00