Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: New Website - Looking for beta testers
by
microzee
on 26/03/2015, 05:09:21 UTC
Quote from: busterroni on March 26, 2015, 04:57:39 AM
Quote from: microzee on March 26, 2015, 04:42:08 AM
Quote from: busterroni on March 26, 2015, 04:38:40 AM
Quote from: microzee on March 24, 2015, 09:10:32 PM
It is impossible for your bitcoins to be compromised since they do not go through my website.

Sorry, am I missing something here? People clearly need to send money to the website in order to buy a bracket.

No, if you read the faq, the bitcoin goes directly to the user without going through my website. The bitcoin spent on the bracket you are sending to the user 2 levels above you. When you purchase your first bracket, it tells you to send the money to an address, and that address is the address of the user 2 levels above you.

Since this isn't clear, where should I put this to make it very clear? I'm pretty sure I state this in the faq and in the payments section.
The FAQ says, "Using the blockchain payments api, a new address is created which forwards any bitcoin sent to it, to the user two levels above you. Our system checks the address that was generated for any transactions, and then retires the address when a transaction comes through, generating a new one for the next transaction. We have no access to the wallet associated with the generated address so their is no way for our users bitcoins to be compromised. If you are waiting on a payment, it may take up to a day which is a flaw in the api."

This makes it seem like the user is not directly sending btc to the user two levels above them, but to the address generated by blockchain.info's API, which then forwards the btc to the user two levels above them. Also, how can we trust that you don't have access to the generated addresses? It seems like you generate them using blockchain.info's API.

True, but have you looked at the api?

This is the whole api call:

Code:
https://blockchain.info/api/receive?method=create&address=$receiving_address

and the link to the api:
https://blockchain.info/api/api_receive

For the receiving_address we put the user's address that is 2 levels above the user purchasing the bracket.

Then we display the "input_address" for the user buying the brackets to send the coins to.

The only reason we have this intermediate step is so we can check to make sure user1 actually paid user2. The coins are still going directly user to user. We have no access to the wallet associated with the address created by the api. You can have a look at the api, and see that the address in the middle is created by the api and we have zero control over it.

Does that help explain things?