I had always assumed (wrongly) that Bisq directly communicated with Poloniex via HTTP to get pricing but reading more about it I see that Bisq communicates with Pricenodes whose onion addresses are hard coded into the source code.
What is stopping whoever runs the pricenode temporarily putting a super low or high price in and basically scoring a bunch of free money by taking a trade that they make super profitable? I’m guessing in this case you could open up a dispute and say the price was wrong and ask for the trade to be canceled, the question is would the arbitrator support you?
Lets say the price node operator only did it by a small more reasonable amount (1%) but just did it all the time to gain an advantage, how would it even be detected?
My suggestion would be to give us the option to be our own price source within the Bisq client itself, obviously it would need to go over clearnet and we’d need to get our own API keys but at least we don’t have to trust an unknown third party who could do anything.
If there’s something I’m missing please fill me in.
From my understanding, Bisq uses Price nodes for efficiency. It allows for orders to be sold at a “market price” instead of a fixed price.
I’m skeptical of how practical these attacks you describe are. I don’t doubt them in theory.
This idea of leaving to the traders to select their price APIs seems interesting but I have no idea if it’s feasible.
I think we shouldn’t trust anybody if we don’t have to.
Offers that depend on the market price are naturally centralized, not sure if there is a good way around it. It would be great if you could run your own pricenode of course and add it in Settings, I support this idea.
Price node software is open source as well and if you search through the code of desktop client for onion addresses of the price node, it might be as simple as replacing or adding your pricenode to the list. Not a very user friendly way to do it, but maybe it would work, I don’t know.
Price feed need to be the same for buyer and seller if they use % based price.
Can you explain why that is?
@huey Because the when someone goes to take an offer, BISQ checks with the offer maker to make sure the offer is still valid and that the prices match. If the two users are using different price feeds, then one persons 1% over spot would be different than the other users price, and the contract wouldn’t be able to execute.
I recently had this problem in an organic way, either there was some lag on my system or their’s or it’s remotely possible it was a form of attack to try to trade at beneficial prices. The log looks like this:
Oct-05 08:07:56.100 [JavaFX Application Thread] ERROR b.c.t.Task: An error occurred at task: MakerProcessPayDepositRequest
Taker’s trade price is too far away from our calculated price based on the market price.
Hum… I assumed that the price was determined only by the offer maker. That when taking an offer, the taker was agreeing to the maker’s parameters. Why is the taker also providing a price?
Well, the taker needs to verify that the price they are taking on their screen is the same as on your screen, right? I wouldn’t want to click on a 110$ offer to find out it was really 112$.
If the maker provides the price it would lead to the bad user experince you see on some e-commerce platforms where the offer is withprice x but when you go to checkout you see a changed price…
I think the point of this question is whether or not we should have a more trustless mechanism of serving the market price