I had always assumed (wrongly) that Bisq directly communicated with Poloniex via HTTP to get pricing but reading more about it I see that Bisq communicates with Pricenodes whose onion addresses are hard coded into the source code.
What is stopping whoever runs the pricenode temporarily putting a super low or high price in and basically scoring a bunch of free money by taking a trade that they make super profitable? I’m guessing in this case you could open up a dispute and say the price was wrong and ask for the trade to be canceled, the question is would the arbitrator support you?
Lets say the price node operator only did it by a small more reasonable amount (1%) but just did it all the time to gain an advantage, how would it even be detected?
My suggestion would be to give us the option to be our own price source within the Bisq client itself, obviously it would need to go over clearnet and we’d need to get our own API keys but at least we don’t have to trust an unknown third party who could do anything.
If there’s something I’m missing please fill me in.