aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-09-02 03:32:49 +0200
committerChristian Grothoff <christian@grothoff.org>2019-09-02 03:32:49 +0200
commit90eef4bd118d24ffe2340a1afffa39e164a07af7 (patch)
treef7549c84f99251fd3cd390ae3ecee12969d35bf6
parent1891dfd4dad8506c87a109414dec69cf3dcee064 (diff)
downloadexchange-90eef4bd118d24ffe2340a1afffa39e164a07af7.tar.gz
exchange-90eef4bd118d24ffe2340a1afffa39e164a07af7.zip
fix audit report template bugs
-rw-r--r--contrib/auditor-report.tex.j288
1 files changed, 65 insertions, 23 deletions
diff --git a/contrib/auditor-report.tex.j2 b/contrib/auditor-report.tex.j2
index cbecf22e6..b8b72ce0d 100644
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@@ -118,7 +118,7 @@ the tiny threshold. Below, we report {\em non-tiny} wire transfers that are lagg
118 \label{table:lag} 118 \label{table:lag}
119\endlastfoot 119\endlastfoot
120{% for item in wire.lag_details %} 120{% for item in wire.lag_details %}
121 \multicolumn{4}{l}{ {\tt {{ item.coin_pub }} } } \\ 121 \multicolumn{4}{l}{ {\tt \small {{ item.coin_pub }} } } \\
122\nopagebreak 122\nopagebreak
123 & 123 &
124 {{ item.deadline }} & 124 {{ item.deadline }} &
@@ -224,7 +224,7 @@ compromise.
224 \label{table:emergencies} 224 \label{table:emergencies}
225\endlastfoot 225\endlastfoot
226{% for item in data.reserve_inconsistencies %} 226{% for item in data.reserve_inconsistencies %}
227 \multicolumn{4}{l}{ {\tt {{ item.denompub_hash }} } } \\ 227 \multicolumn{4}{l}{ {\tt \small {{ item.denompub_hash }} } } \\
228\nopagebreak 228\nopagebreak
229 & 229 &
230 {{ item.value }} & 230 {{ item.value }} &
@@ -271,17 +271,19 @@ the financial damage done to the customer).
271 \end{longtable} 271 \end{longtable}
272{% endif %} 272{% endif %}
273 273
274
274\subsection{Reserve withdrawals exceeding balance} 275\subsection{Reserve withdrawals exceeding balance}
275 276
276This section highlights cases where more coins were withdrawn from a 277This section highlights cases where more coins were withdrawn from a
277reserve than the reserve contained funding for. This is a serious 278reserve than the reserve contained funding for. This is a serious
278compromise resulting in proportional financial losses to the exchange. 279compromise resulting in proportional financial losses to the exchange.
279 280
281% Table generation tested by testcase #2 in test-auditor.sh
280 282
281{% if data.reserve_balance_insufficient_inconsistencies|length() == 0 %} 283{% if data.reserve_balance_insufficient_inconsistencies|length() == 0 %}
282 {\bf All withdrawals were covered by sufficient reserve funding.} 284 {\bf All withdrawals were covered by sufficient reserve funding.}
283{% else %} 285{% else %}
284 \begin{longtable}{p{4.5cm}|r} 286 \begin{longtable}{p{8.5cm}|r}
285 {\bf Reserve} & {\bf Loss} \\ \hline \hline 287 {\bf Reserve} & {\bf Loss} \\ \hline \hline
286\endfirsthead 288\endfirsthead
287 {\bf Reserve} & {\bf Loss} \\ \hline \hline 289 {\bf Reserve} & {\bf Loss} \\ \hline \hline
@@ -296,7 +298,7 @@ compromise resulting in proportional financial losses to the exchange.
296 \label{table:reserve:balance_insufficient} 298 \label{table:reserve:balance_insufficient}
297\endlastfoot 299\endlastfoot
298{% for item in data.reserve_balance_insufficient_inconsistencies %} 300{% for item in data.reserve_balance_insufficient_inconsistencies %}
299 {\tt {{ item.reserve_pub }} } 301 {\tt \small {{ item.reserve_pub }} }
300 & 302 &
301 {{ item.loss }} \\ \hline 303 {{ item.loss }} \\ \hline
302{% endfor %} 304{% endfor %}
@@ -374,7 +376,7 @@ any effects on its own balance, those entries are excluded from the total.
374\endlastfoot 376\endlastfoot
375{% for item in data.coin_inconsistencies %} 377{% for item in data.coin_inconsistencies %}
376 {{ item.operation }} & 378 {{ item.operation }} &
377 \multicolumn{5}{l}{ {\tt {{ item.coin_pub }} } } \\ 379 \multicolumn{5}{l}{ {\tt \small {{ item.coin_pub }} } } \\
378\nopagebreak & & 380\nopagebreak & &
379 {{ item.exchange }} & 381 {{ item.exchange }} &
380 {{ item.auditor }} \\ \hline 382 {{ item.auditor }} \\ \hline
@@ -416,7 +418,7 @@ public key for ``payback-master'' operations.
416 \label{table:bad_signature_losses} 418 \label{table:bad_signature_losses}
417\endlastfoot 419\endlastfoot
418{% for item in data.bad_sig_losses %} 420{% for item in data.bad_sig_losses %}
419 \multicolumn{5}{l}{ {\tt {{ item.key_pub }} } } \\ 421 \multicolumn{5}{l}{ {\tt \small {{ item.key_pub }} } } \\
420\nopagebreak 422\nopagebreak
421 & {{ item.operation }} & {{ item.rowid }} & 423 & {{ item.operation }} & {{ item.rowid }} &
422 {{ item.loss }} \\ \hline 424 {{ item.loss }} \\ \hline
@@ -426,26 +428,31 @@ public key for ``payback-master'' operations.
426 428
427 429
428 430
429\subsection{Actual incoming wire transfers} 431\subsection{Actual incoming wire transfers} \label{sec:wire_in}
430 432
431This section highlights cases where the exchange's record about 433This section highlights cases where the exchange's record about
432incoming wire transfers does not match with that of the bank. 434incoming wire transfers does not match with that of the bank.
433 435
436% Table generation tested by testcase #3 in test-auditor.sh
437
434{% if wire.reserve_in_amount_inconsistencies|length() == 0 %} 438{% if wire.reserve_in_amount_inconsistencies|length() == 0 %}
435 {\bf All incoming wire transfer amounts and subjects matched up.} 439 {\bf All incoming wire transfer amounts and subjects matched up.}
436{% else %} 440{% else %}
437 \begin{longtable}{p{5.5cm}|r|r} 441 \begin{longtable}{p{5.5cm}|r|r}
438 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\ 442 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\
439 {\bf Diagnostic} & {\bf Wired} & {\bf Expected} \\ 443 \multicolumn{3}{l}{ {\bf Diagnostic} } \\
444 {\bf When} & {\bf Wired} & {\bf Expected} \\
440 \hline \hline 445 \hline \hline
441\endfirsthead 446\endfirsthead
442 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\ 447 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\
443 {\bf Diagnostic} & {\bf Wired} & {\bf Expected} \\ 448 \multicolumn{3}{l}{ {\bf Diagnostic} } \\
449 {\bf When} & {\bf Wired} & {\bf Expected} \\
444 \hline \hline 450 \hline \hline
445\endhead 451\endhead
446 \hline \hline 452 \hline \hline
447 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\ 453 \multicolumn{2}{l}{ {\bf Wire transfer identifier} ({\bf Row}) } \\
448 {\bf Diagnostic} & {\bf Wired} & {\bf Expected} \\ 454 \multicolumn{3}{l}{ {\bf Diagnostic} } \\
455 {\bf When} & {\bf Wired} & {\bf Expected} \\
449\endfoot 456\endfoot
450 \hline \hline 457 \hline \hline
451 {\bf Total deltas} & 458 {\bf Total deltas} &
@@ -455,18 +462,33 @@ incoming wire transfers does not match with that of the bank.
455 \label{table:wire_in:transfer_amount_inconsistencies} 462 \label{table:wire_in:transfer_amount_inconsistencies}
456\endlastfoot 463\endlastfoot
457{% for item in wire.reserve_in_amount_inconsistencies %} 464{% for item in wire.reserve_in_amount_inconsistencies %}
458 \multicolumn{2}{l}{ {\tt {{ item.wtid }} } ({{ item.row }}) } \\ 465 \multicolumn{3}{l}{ {\tt \small {{ item.wtid }} } ({{ item.row }}) } \\
466\nopagebreak
467 \multicolumn{3}{l}{ {{ item.diagnostic }} } \\
459\nopagebreak 468\nopagebreak
460 {{ item.timestamp }}: & 469 {{ item.timestamp }} &
461 {{ item.amount_wired }} & 470 {{ item.amount_wired }} &
462 {{ item.amount_exchange_expected }} \\ 471 {{ item.amount_exchange_expected }} \\
463 \multicolumn{3}{l}{ {{ item.diagnostic }} } \\
464 \hline 472 \hline
465{% endfor %} 473{% endfor %}
466 \end{longtable} 474 \end{longtable}
467{% endif %} 475{% endif %}
468 476
469 477
478{% if wire.reserve_in_amount_inconsistencies|length() != 0 %}
479This means that there are inconsistencies in the exchange's
480claims about incoming wire transfers, amounting to:
481\begin{itemize}
482\item The exchange believing it received
483{\bf {{ wire.total_wire_in_delta_plus }} } {\em less} than it
484actually received in some reserves.
485\item The exchange believing that it received
486{\bf {{ wire.total_wire_in_delta_minus}} } {\em more} than it
487actually received in some reserves.
488\end{itemize}
489{% endif %}
490
491
470\subsection{Missattributed incoming wire transfers} 492\subsection{Missattributed incoming wire transfers}
471 493
472This section lists cases where the sender account record of an 494This section lists cases where the sender account record of an
@@ -534,7 +556,7 @@ with respect to outgoing wire transfers.
534 \label{table:wire_out:transfer_amount_inconsistencies} 556 \label{table:wire_out:transfer_amount_inconsistencies}
535\endlastfoot 557\endlastfoot
536{% for item in wire.wire_out_amount_inconsistencies %} 558{% for item in wire.wire_out_amount_inconsistencies %}
537 {\tt {{ item.wtid }} } & 559 {\tt \small {{ item.wtid }} } &
538 {{ item.amount_wired }} & 560 {{ item.amount_wired }} &
539 {{ item.amount_justified }} \\ \hline 561 {{ item.amount_justified }} \\ \hline
540\nopagebreak 562\nopagebreak
@@ -556,11 +578,12 @@ in the database does not match the calculations made by the auditor.
556Deltas may indicate a corrupt database, but do not necessarily 578Deltas may indicate a corrupt database, but do not necessarily
557translate into a financial loss (yet). 579translate into a financial loss (yet).
558 580
581% Table generation tested by testcase #3 in test-auditor.sh
559 582
560{% if data.reserve_balance_summary_wrong_inconsistencies|length() == 0 %} 583{% if data.reserve_balance_summary_wrong_inconsistencies|length() == 0 %}
561 {\bf All balances matched up.} 584 {\bf All balances matched up.}
562{% else %} 585{% else %}
563 \begin{longtable}{p{1.5cm}|r|r} 586 \begin{longtable}{p{6cm}|r|r}
564 {\bf Reserve} & {\bf Auditor} & {\bf Exchange} \\ \hline \hline 587 {\bf Reserve} & {\bf Auditor} & {\bf Exchange} \\ \hline \hline
565\endfirsthead 588\endfirsthead
566 {\bf Reserve} & {\bf Auditor} & {\bf Exchange} \\ \hline \hline 589 {\bf Reserve} & {\bf Auditor} & {\bf Exchange} \\ \hline \hline
@@ -569,22 +592,41 @@ translate into a financial loss (yet).
569 {\bf Reserve} & {\bf Auditor} & {\bf Exchange} 592 {\bf Reserve} & {\bf Auditor} & {\bf Exchange}
570\endfoot 593\endfoot
571 \hline 594 \hline
572 {\bf Total deltas} & & 595 {\bf Total deltas} &
573 {{ data.total_balance_summary_delta_plus}} & 596 {{ data.total_balance_summary_delta_plus}} &
574 - {{ data.total_balance_summary_delta_minus}} \\ 597 - {{ data.total_balance_summary_delta_minus}} \\
575 \caption{Reserves balances not matching up.} 598 \caption{Reserves balances not matching up.}
576 \label{table:reserve:balance_inconsistencies} 599 \label{table:reserve:balance_inconsistencies}
577\endlastfoot 600\endlastfoot
578{% for item in data.reserve_balance_summary_wrong_inconsistencies %} 601{% for item in data.reserve_balance_summary_wrong_inconsistencies %}
579 \multicolumn{5}{l}{ {\tt {{ item.reserve_pub }} } } \\ 602 {\tt \tiny {{ item.reserve_pub }} } &
580\nopagebreak
581 &
582 {{ item.auditor }} & 603 {{ item.auditor }} &
583 {{ item.exchange }} \\ \hline 604 {{ item.exchange }} \\ \hline
584{% endfor %} 605{% endfor %}
585 \end{longtable} 606 \end{longtable}
586{% endif %} 607{% endif %}
587 608
609{% if data.reserve_balance_summary_wrong_inconsistencies|length() != 0 %}
610This means that there are inconsistencies in the exchange's
611summary data about reserve balances.
612\begin{itemize}
613\item The exchange believes some reserves contain (in total)
614{\bf {{ data.total_balance_summary_delta_plus}} } {\em less} than they
615actually contain. A non-zero value here means the exchange may deny legitimate withdrawal
616requests, denying customers access to their funds.
617\item The exchange believes some reserves contain (in total)
618{\bf {{ data.total_balance_summary_delta_minus}} } {\em more} than they
619actually contain. A non-zero value here means the exchange may allow coins to be withdrawn
620for which it never received any income, at a loss (for the exchange).
621\end{itemize}
622
623{% if wire.reserve_in_amount_inconsistencies|length() != 0 %}
624Note that inconsistencies detected in Section~\ref{sec:wire_in} may
625have created follow-up errors in this table.
626{% endif %}
627
628{% endif %}
629
588 630
589\subsection{Wire table issues} 631\subsection{Wire table issues}
590 632
@@ -754,7 +796,7 @@ reserve expired.
754 \label{table:reserve:not_closed} 796 \label{table:reserve:not_closed}
755\endlastfoot 797\endlastfoot
756{% for item in data.reserve_not_closed_inconsistencies %} 798{% for item in data.reserve_not_closed_inconsistencies %}
757 \multicolumn{4}{l}{ {\tt {{ item.reserve_pub }} } } \\ 799 \multicolumn{4}{l}{ {\tt \small {{ item.reserve_pub }} } } \\
758\nopagebreak 800\nopagebreak
759 & 801 &
760 {{ item.expiration_time }} & 802 {{ item.expiration_time }} &
@@ -792,7 +834,7 @@ may happen even if the exchange is correct.
792 \label{table:refresh:hanging} 834 \label{table:refresh:hanging}
793\endlastfoot 835\endlastfoot
794{% for item in data.refresh_hanging %} 836{% for item in data.refresh_hanging %}
795 \multicolumn{4}{l}{ {\tt {{ item.coin_pub }} } } \\ 837 \multicolumn{4}{l}{ {\tt \small {{ item.coin_pub }} } } \\
796\nopagebreak 838\nopagebreak
797 & 839 &
798 {{ item.row }} & 840 {{ item.row }} &
@@ -831,10 +873,10 @@ implications.
831 \label{table:withdraw:bad_time} 873 \label{table:withdraw:bad_time}
832\endlastfoot 874\endlastfoot
833{% for item in data.denomination_key_validity_withdraw_inconsistencies %} 875{% for item in data.denomination_key_validity_withdraw_inconsistencies %}
834 {\tt {{ item.reserve_pub }} } & {{ item.row }} \\ 876 {\tt \small {{ item.reserve_pub }} } & {{ item.row }} \\
835\nopagebreak 877\nopagebreak
836 & 878 &
837 {\tt {{ item.denompub_h }} } & {{ item.execution_date }} \\ \hline 879 {\tt \small {{ item.denompub_h }} } & {{ item.execution_date }} \\ \hline
838{% endfor %} 880{% endfor %}
839 \end{longtable} 881 \end{longtable}
840{% endif %} 882{% endif %}