diff --git a/basicswap/__init__.py b/basicswap/__init__.py index 2a724a2..c19a8e9 100644 --- a/basicswap/__init__.py +++ b/basicswap/__init__.py @@ -1,3 +1,3 @@ name = "basicswap" -__version__ = "0.11.59" +__version__ = "0.11.60" diff --git a/basicswap/basicswap.py b/basicswap/basicswap.py index 8ce8e29..61f61be 100644 --- a/basicswap/basicswap.py +++ b/basicswap/basicswap.py @@ -4443,10 +4443,13 @@ class BasicSwap(BaseApp): bid, offer = self.getBidAndOffer(bid_id) ensure(bid is not None and bid.was_sent is True, 'Unknown bidid') ensure(offer, 'Offer not found ' + bid.offer_id.hex()) - coin_from = Coins(offer.coin_from) - ci_from = self.ci(coin_from) ensure(bid.expire_at > now + self._bid_expired_leeway, 'Bid expired') + ensure(msg['to'] == bid.bid_addr, 'Received on incorrect address') + ensure(msg['from'] == offer.addr_from, 'Sent from incorrect address') + + coin_from = Coins(offer.coin_from) + ci_from = self.ci(coin_from) if bid.state >= BidStates.BID_ACCEPTED: if bid.was_received: # Sent to self @@ -4520,6 +4523,8 @@ class BasicSwap(BaseApp): if len(xmr_swap.kbsf_dleag) < ci_to.lengthDLEAG(): q = session.query(XmrSplitData).filter(sa.and_(XmrSplitData.bid_id == bid.bid_id, XmrSplitData.msg_type == XmrSplitMsgTypes.BID)).order_by(XmrSplitData.msg_sequence.asc()) for row in q: + ensure(row.addr_to == offer.addr_from, 'Received on incorrect address, segment_id {}'.format(row.record_id)) + ensure(row.addr_from == bid.bid_addr, 'Sent from incorrect address, segment_id {}'.format(row.record_id)) xmr_swap.kbsf_dleag += row.dleag if not ci_to.verifyDLEAG(xmr_swap.kbsf_dleag): @@ -4570,6 +4575,8 @@ class BasicSwap(BaseApp): if len(xmr_swap.kbsl_dleag) < ci_to.lengthDLEAG(): q = session.query(XmrSplitData).filter(sa.and_(XmrSplitData.bid_id == bid.bid_id, XmrSplitData.msg_type == XmrSplitMsgTypes.BID_ACCEPT)).order_by(XmrSplitData.msg_sequence.asc()) for row in q: + ensure(row.addr_to == bid.bid_addr, 'Received on incorrect address, segment_id {}'.format(row.record_id)) + ensure(row.addr_from == offer.addr_from, 'Sent from incorrect address, segment_id {}'.format(row.record_id)) xmr_swap.kbsl_dleag += row.dleag if not ci_to.verifyDLEAG(xmr_swap.kbsl_dleag): raise ValueError('Invalid DLEAG proof.') @@ -4711,6 +4718,10 @@ class BasicSwap(BaseApp): offer, xmr_offer = self.getXmrOffer(bid.offer_id, sent=True) ensure(offer, 'Offer not found: {}.'.format(bid.offer_id.hex())) ensure(xmr_offer, 'XMR offer not found: {}.'.format(bid.offer_id.hex())) + + ensure(msg['to'] == bid.bid_addr, 'Received on incorrect address') + ensure(msg['from'] == offer.addr_from, 'Sent from incorrect address') + ci_from = self.ci(offer.coin_from) ci_to = self.ci(offer.coin_to) @@ -4762,7 +4773,7 @@ class BasicSwap(BaseApp): allowed_states = [BidStates.BID_SENT, BidStates.BID_RECEIVED] if bid.was_sent and offer.was_sent: - allowed_states.append(BidStates.BID_ACCEPTED) # TODO: Split BID_ACCEPTED into recieved and sent + allowed_states.append(BidStates.BID_ACCEPTED) # TODO: Split BID_ACCEPTED into received and sent ensure(bid.state in allowed_states, 'Invalid state for bid {}'.format(bid.state)) bid.setState(BidStates.BID_RECEIVING_ACC) self.saveBid(bid.bid_id, bid, xmr_swap=xmr_swap) @@ -5240,6 +5251,10 @@ class BasicSwap(BaseApp): offer, xmr_offer = self.getXmrOffer(bid.offer_id, sent=False) ensure(offer, 'Offer not found: {}.'.format(bid.offer_id.hex())) ensure(xmr_offer, 'XMR offer not found: {}.'.format(bid.offer_id.hex())) + + ensure(msg['to'] == offer.addr_from, 'Received on incorrect address') + ensure(msg['from'] == bid.bid_addr, 'Sent from incorrect address') + coin_from = Coins(offer.coin_from) coin_to = Coins(offer.coin_to) ci_from = self.ci(coin_from) @@ -5306,6 +5321,10 @@ class BasicSwap(BaseApp): offer, xmr_offer = self.getXmrOffer(bid.offer_id, sent=False) ensure(offer, 'Offer not found: {}.'.format(bid.offer_id.hex())) ensure(xmr_offer, 'XMR offer not found: {}.'.format(bid.offer_id.hex())) + + ensure(msg['to'] == bid.bid_addr, 'Received on incorrect address') + ensure(msg['from'] == offer.addr_from, 'Sent from incorrect address') + ci_from = self.ci(Coins(offer.coin_from)) ci_to = self.ci(Coins(offer.coin_to)) @@ -5355,6 +5374,8 @@ class BasicSwap(BaseApp): return dbr = XmrSplitData() + dbr.addr_from = msg['from'] + dbr.addr_to = msg['to'] dbr.bid_id = msg_data.msg_id dbr.msg_type = msg_data.msg_type dbr.msg_sequence = msg_data.sequence @@ -5384,6 +5405,10 @@ class BasicSwap(BaseApp): offer, xmr_offer = self.getXmrOffer(bid.offer_id, sent=False) ensure(offer, 'Offer not found: {}.'.format(bid.offer_id.hex())) ensure(xmr_offer, 'XMR offer not found: {}.'.format(bid.offer_id.hex())) + + ensure(msg['to'] == bid.bid_addr, 'Received on incorrect address') + ensure(msg['from'] == offer.addr_from, 'Sent from incorrect address') + ci_from = self.ci(Coins(offer.coin_from)) xmr_swap.al_lock_spend_tx_esig = msg_data.al_lock_spend_tx_esig diff --git a/basicswap/db.py b/basicswap/db.py index d413526..b1d8247 100644 --- a/basicswap/db.py +++ b/basicswap/db.py @@ -12,7 +12,7 @@ from enum import IntEnum, auto from sqlalchemy.ext.declarative import declarative_base -CURRENT_DB_VERSION = 18 +CURRENT_DB_VERSION = 19 CURRENT_DB_DATA_VERSION = 2 Base = declarative_base() @@ -376,6 +376,8 @@ class XmrSplitData(Base): __tablename__ = 'xmr_split_data' record_id = sa.Column(sa.Integer, primary_key=True, autoincrement=True) + addr_from = sa.Column(sa.String) + addr_to = sa.Column(sa.String) bid_id = sa.Column(sa.LargeBinary) msg_type = sa.Column(sa.Integer) msg_sequence = sa.Column(sa.Integer) diff --git a/basicswap/db_upgrades.py b/basicswap/db_upgrades.py index 404d69d..e866c7d 100644 --- a/basicswap/db_upgrades.py +++ b/basicswap/db_upgrades.py @@ -244,6 +244,10 @@ def upgradeDatabase(self, db_version): session.execute('ALTER TABLE knownidentities ADD COLUMN visibility_override INTEGER') session.execute('ALTER TABLE knownidentities ADD COLUMN data BLOB') session.execute('UPDATE knownidentities SET active_ind = 1') + elif current_version == 18: + db_version += 1 + session.execute('ALTER TABLE xmr_split_data ADD COLUMN addr_from STRING') + session.execute('ALTER TABLE xmr_split_data ADD COLUMN addr_to STRING') if current_version != db_version: self.db_version = db_version diff --git a/doc/release-notes.md b/doc/release-notes.md index ee8e7f4..5b13a8f 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -2,6 +2,13 @@ 0.0.x ============== +0.0.60 +============== + +- Accepted bids will timeout if the peer does not respond within an hour after the bid expires. +- Ensure messages are always sent from and to the expected addresses. + + 0.0.59 ============== @@ -24,7 +31,6 @@ - Added restrict_unknown_seed_wallets option. - Set to false to disable unknown seed warnings. - ui: Can edit offer automation strategy. -- Accepted bids will timeout if the peer does not respond within an hour after the bid expires. 0.0.54 diff --git a/scripts/createoffers.py b/scripts/createoffers.py index ba9ee83..73992e3 100755 --- a/scripts/createoffers.py +++ b/scripts/createoffers.py @@ -290,8 +290,8 @@ def main(): break """ - recieved_offers = read_json_api(args.port, 'offers', {'active': 'active', 'include_sent': False, 'coin_from': coin_from_data['id'], 'coin_to': coin_to_data['id']}) - print('recieved_offers', recieved_offers) + received_offers = read_json_api(args.port, 'offers', {'active': 'active', 'include_sent': False, 'coin_from': coin_from_data['id'], 'coin_to': coin_to_data['id']}) + print('received_offers', received_offers) TODO - adjust rates based on extisting offers """ @@ -398,11 +398,11 @@ def main(): 'sort_dir': 'asc', } - recieved_offers = read_json_api('offers', offers_options) + received_offers = read_json_api('offers', offers_options) if args.debug: - print('Recieved Offers', recieved_offers) + print('Received Offers', received_offers) - for offer in recieved_offers: + for offer in received_offers: offer_id = offer['offer_id'] offer_amount = float(offer['amount_from']) offer_rate = float(offer['rate'])