Bisq nodes leak TXID of every trade when TradeStatistics are generated

wiz commented 4 years ago

Background

When a Bisq trade offer is accepted, each Bisq node participating in the trade creates a TradeStatistics data object and broadcasts it to the P2P network. This trade statistics data is used by every Bisq node to generate trading volume graphs, price charts, and is also available on the Bisq Markets API service.

Issue

The TradeStatistics2 object contains excessive metadata about the trade, specifically the on-chain TXID of the maker's deposit. Unfortunately, because the offerId of every Bisq trade is mapped to the on-chain Bitcoin depositTxID, this allows malicious blockchain analysis of all Bisq trades.

Example data object:

  {
    "currency": "JPY", 
    "direction": "SELL",
    "tradePrice": 8791986900,
    "tradeAmount": 10000, 
    "tradeDate": 1578784489588,
    "paymentMethod": "F2F", 
    "offerDate": 1578784398352,
    "useMarketBasedPrice": true,
    "marketPriceMargin": 0.0,
    "offerAmount": 10000, 
    "offerMinAmount": 10000, 
    "offerId": "12635-224f7143-3366-46e7-9e14-7fa6f39fcb2b-125",
    "depositTxId": "9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8",
    "currencyPair": "BTC/JPY",
    "primaryMarketDirection": "SELL",
    "primaryMarketTradePrice": 87919869000000,
    "primaryMarketTradeAmount": 10000, 
    "primaryMarketTradeVolume": 8791980000
  }

Example blockchain analysis of this trade: https://blockstream.info/tx/9c67453e57cfc80e2c121caf54f8f739cef6c5d7e9afdceec7843436a920f9d8?expand

How to Reproduce

Start Bisq with --dumpStatistics=true option enabled
After a few minutes, a trade_statistics.db file will be generated in your $HOME/.bisq/btc_mainnet/db/ datadir.
Extract the mapping of offer ID and deposit TXID by grep Id trade_statistics.json
Paste any Bitcoin TXID into any Bitcoin Block Explorer

Expected Result

Bisq should not reveal the on-chain Bitcoin TXID for each trade.

Actual Result

A full mapping of offer IDs to Bitcoin TXIDs for the past 50,000 trades on Bisq is generated. Snippet:

    "depositTxId": "23f8dd12c6f772f9cf48eb586192d0852b7c001f9b52853eb2745c50085e7aad",
    "offerId": "f5701917-1858-44f5-a81b-874c83c965f9",
    "depositTxId": "c72d6f8816edd0d914988ee51f9cacc46cded48aff5b8bfebc0e3b04d6e30d77",
    "offerId": "8f52b851-ab30-45de-9b00-978c6c1320d2",
    "depositTxId": "4352525005912cad0af9b32ed131f5856f4f72add3b7e67fb8ed4a263f0ae00f",
    "offerId": "b96da749-0910-4870-8c43-ffa0d6e5c15a",
    "depositTxId": "0b76f73006b94fb69e2a4ac4e9cea25bc5a0af08ed1aadd4f3769053f14a326e",
    "offerId": "940fd072-66de-405a-86a9-abf693c98146",
    "depositTxId": "e251355d683b7e611fe85c03db64eb965402e53e7568ea652230acaef908ff56",
    "offerId": "0f6ff881-7f13-4654-bc0b-3267fc99021a",
    "depositTxId": "6a5001d1392e877f0c7058c76e9af01913143751690f2990842526b61ec30cda",
    "offerId": "9de779ff-5e94-46a6-aa93-4dde1d49b6de",
    "depositTxId": "6ba5e8d42814ea27d01c62eec1e1c8543a7627c19e282632a05fdae8e1df1b1e",
    "offerId": "75edc3db-6dea-4ed1-b33a-e998765e8605",
    "depositTxId": "be059d21e287e10876aa3e29ddad55455645cd4c3996f71d945c7d788bb4383c",
    "offerId": "dce8c43e-1a91-4c98-8fdd-5776898589ed",
    "depositTxId": "656ea12e55c31ed96e43de32c53155387bc08ba2d0be708bac3bda6b4682fbbe",
    "offerId": "57a68fbd-26cc-4f8d-8f0f-4114e09cc57c",
    "depositTxId": "f078d4191545a79b7dad6393648a63cf8b9bf337bcb43a84343a6fd923c10585",

wiz commented 4 years ago

@sqrrm @ripcurlx please re-open this critical issue!

sqrrm commented 4 years ago

It's now my issue.

wiz commented 4 years ago

@sqrrm looks like chimp fixed it by completely re-implementing the trade statistics in #4611

ripcurlx commented 4 years ago

@sqrrm looks like chimp fixed it by completely re-implementing the trade statistics in #4611

Yes. Closing as complete.

bisq-network / bisq