search

bisq-network / growth

Bisq exchange growth experiments
https://bisq.wiki/Growth_team
25 stars 11 forks source link

Match SEPA accounts IBANs to selected participating countries #241

Closed pazza83 closed 2 years ago

pazza83 commented 3 years ago

Description

When adding a SEPA or SEPA payment account on Bisq there is no validation of country selected against IBAN. This can lead to users creating SEPA accounts using banks of non participating SEPA countries.

For example see comments on SEPA order taken by non-SEPA account

Bisq should check users bank IBANs match the selected SEPA countries. The current Bisq client is up-to-date with all the possible participating SEPA counties.

Countries not participating in SEPA include:

Users in these countries should not be able to create SEPA or SPEA Instant payment accounts on Bisq as it will lead to offers failing.

Version

v1.4.9

Steps to reproduce

On the Bisq client:

Accounts > Add new accounts > SEPA (you can set up any IBAN, there is no validation) Accounts > Add new accounts > SEPA Instant (you can set up any IBAN, there is no validation)

Expected behaviour

Accounts > Add new accounts > SEPA (IBAN validated against selected country - maybe it prefills country code) Accounts > Add new accounts > SEPA Instant (IBAN validated against selected country - maybe it prefills country code)

Additional info

For reference: List of participating countries SEPA, 18 November 2020

EPC218-20 v1.0 Overview scheme adherence 2020-11-13.pdf

pazza83 commented 3 years ago

Hi are any @bisq-network/bisq-devs able to take this on?

ripcurlx commented 3 years ago

~@pazza83 I think it would be good to transfer this issue to the Bisq repository so it can be labeled accordingly and the chance increases that new devs might pick it up. WDYT?~

ripcurlx commented 3 years ago

Sorry I did miss #5384 above.

ripcurlx commented 3 years ago

I think this should not only be validated during account creation, but also on the trading peers side to prevent someone to bypass our form validation. This is especially important if we loosen up account signing requirements for certain SEPA countries.

pazza83 commented 3 years ago

@ripcurlx I agree. Also need to decide what to do with historic accounts. Some users have accounts that are set up incorrectly. Any ideas how best to achieve this?

ripcurlx commented 3 years ago

@ripcurlx I agree. Also need to decide what to do with historic accounts. Some users have accounts that are set up incorrectly. Any ideas how best to achieve this?

For incorrect historic accounts - they are incorrect accounts that could cause unnecessary arbitration cases, so I would also render them as invalid IMO.