diff options
| author | Florian Dold <florian@dold.me> | 2023-12-11 19:30:56 +0100 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2023-12-11 19:30:56 +0100 |
| commit | 866636826187d5fb02ba96a2ed534ae14857a0e1 (patch) | |
| tree | 637030382988f439d868cfffbd611946060ab84b /design-documents | |
| parent | 85c89757af8c233a9f349b3abb0a67b9d7ff93f5 (diff) | |
| download | docs-866636826187d5fb02ba96a2ed534ae14857a0e1.tar.gz docs-866636826187d5fb02ba96a2ed534ae14857a0e1.tar.bz2 docs-866636826187d5fb02ba96a2ed534ae14857a0e1.zip | |
DD48: do not permanently brick wallets when an exchange is badly configured
Diffstat (limited to 'design-documents')
| -rw-r--r-- | design-documents/048-wallet-exchange-lifecycle.rst | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/design-documents/048-wallet-exchange-lifecycle.rst b/design-documents/048-wallet-exchange-lifecycle.rst index b3df4d8a..75ec3afb 100644 --- a/design-documents/048-wallet-exchange-lifecycle.rst +++ b/design-documents/048-wallet-exchange-lifecycle.rst @@ -67,14 +67,24 @@ Update Status ~~~~~~~~~~~~~ * ``initial``: Not updated, no need to update -* ``initial(update)``: Update pending, possibly with error +* ``initial-update``: Update pending, possibly with error * ``suspended``: Exchange was manually disabled, should not be contacted anymore, but record is kept in the wallet. Mostly useful for testing. -* ``failed``: Updating the exchange info failed permanently, the exchange is - not usable for any operations. -* ``outdated(update)`` +* ``unavailable-update``: The exchange is currently unavailable to be used for withdrawals, + but it is possible that the exchange starts working again in the future. + The wallet will re-try contacting the exchange. The wallet will still try + operations that *spend* coins, but the user might be warned about the bad + exchange status. + + Examples: + + * The exchange updated to a new protocol version that is incompatible with the wallet + * The exchange advertises a new master public key. This might be a temporary + configuration issue or malicious attack. + * The exchange only advertises outdated denomination keys, making new withdrawals + impossible. * ``ready``: Exchange is useable. -* ``ready(update)``: Exchange is useable, but currently being updated. +* ``ready-update``: Exchange is useable, but currently being updated. ToS Status ~~~~~~~~~~ @@ -125,4 +135,10 @@ Definition of Done Discussion / Q&A ================ -(This should be filled in with results from discussions on mailing lists / personal communication.) +* Should there be a "permanently failed" update state? + + * dold => I don't think so, as it means that temporary configuration issues on the side of the + exchange might *permanently* brick users' wallets. + The wallet should always re-try contacting the exchange and of course possibly report + information to the auditor. + |