Open posix4e opened 4 months ago
@posix4e We should schedule a call to discuss this matter. In our opinion, the most secure approach is to proceed with incorporating an authentication layer. However, it's important to note that this would also alter the Mixin flow, as authentication would be required.
@piotrswierzy I think we will need to add an authentication layer, as user connect wallet, we generate a (jwt) token for them, this token can be used for all protected actions of the user. Such as read spot orders by user, cancel spot order by user, and more on the market making and arbitrage side.
We should schedule a call to discuss this matter. In our opinion, the most secure approach is to proceed with incorporating an authentication layer. However, it's important to note that this would also alter the Mixin flow, as authentication would be required.
Let’s focus on this after April 20th
Currently connect wallet
within Mr.Market uses PKCE flow for authorization with mixin api. Which means the JWT token is only stored within client side (web app).
We should transit to normal OAuth flow:
code
With this JWT token we can verify user's identity and use it for auth-required endpoints
example of oauth handler in Go
Currently, when executing a strategy, users need to input their
clientId
anduserId
. This approach poses a security risk, as a third party could execute strategies for any user if they know theclientId
anduserId
, or even attempt to brute-force them.This is a significant security concern for the hosted version.
An example of such an attack could manifest as follows: The attacker executes a PureMarketMaking strategy using another user’s funds, manipulating the parameters to ensure profitability for themselves. This action generates a limit order with the user’s funds, allowing the attacker to fulfill the order and reap profits.
Possible solutions:
We could also consider incorporating a feature to toggle authentication on and off through an environment file. This way, users of the self-hosted version wouldn’t necessarily need to log in.