Open AdamBLevine opened 9 years ago
deweller
commented
9 years ago What is the advantage of having a second address for restocking purposes over just loading the swapbot with all the tokens in the first place? Is this intended to be a security feature?
AdamBLevine
commented
9 years ago At any sort of scale having a single step restockbot that is not itself automatically restocked represents the closest thing our system has to a "pinata" - The bigger and more valuable it gets the better the incentive to break it open.
As an immediate-term solution a one-step restockbot is fine but we'll want to let people rent and run their own to service their machines or a restock-the-restock-bot scenario as described previously
deweller
commented
9 years ago The restockbot will need to be completely disconnected from the swapbot. In other words, even if the swapbot was 100% compromised, it would not have the authority to pull tokens from the restockbot. Interesting...
AdamBLevine
commented
9 years ago This is where we get back to #45
a completely compromised swapbot could only drain to a pre-determined "Bailout" address, wouldn't be able to change existing swaps or create new ones and whatever tokens are restocked into it would be protected by the same things.
I'm not sure if we have an issue for hardcoding a bailout address yet but it is I believe an important security feature.
Swapbots will need to be restocked on an as-needed basis, we should provide an automated restocking service for a nominal monthly fee that lets users prepay their token to a swapbot that then monitors the users swapbots inventory levels.
When inventory on auto-restocking tokens falls below the restock threshold, the Restockbot sends tokens equal to the amount that will bring the depleted swapbots inventory back to “Fully Loaded” level. An email update is issued to the user who owns the swapbot showing recent transactions including the restocking, shows them the current inventory status of their tokens-on-hand at the restockbot and is given the opportunity to top up the account.
Users must pre-load their tokens for Automated Restocking to work, the bot cannot send tokens it does not have. Users cannot be given credit and the tokens being loaded into their swapbot must be theirs. When tokens run low, users would receive an invoice payable from their email that would let them top up their account.
We would charge a flat fee per month bot being monitored in the range of 1-5 dollars
Users who hold large token balances would want to create their own bot to hold the bulk of their tokens and restock the restockbot instead of holding most of a tokens money supply in the general-purpose restockbot. This should be relatively simple and another dedicated instance of the automatic restocking swapbot described above.