Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: How do trade sites work? What is coding logic?
by
nemgun
on 21/02/2017, 15:20:10 UTC
Quote from: chmod777 on February 21, 2017, 01:20:46 AM
Quote from: nemgun on February 20, 2017, 04:31:16 PM
Basically here the global schema for an exchange :

1- Daemons: Each coin traded must be backed by a fully synced daemon as he manages all the coins operations.
2- User interface : A use can ask for an address, this address is provided by the daemon, in an internal request.
3- Trade room: Usually, exchanges use an internal escrow for transactions as an amount of coins is held in exchange of annother coin, so they are escrowed internally, and when the price meets the users demande, funds are released to both parties.
4- Balances: They are managed by the server, there is a synchronisation between the database of the exchange, and the different daemons "accounts" RPC methods.
5- Withdrawals: they are operated at the request of the user, from his own account in the database, and in the daemon. If there are no funds in the daemon, the transaction won't be processed.

This is how an exchange works globally, now you can have several diffrences from an exchange to annother. The main difference is in the security level, Poloniex is known to be not so secure, if you have a look at your console when opening pages in poloniex, you will notice that every information sent or requested by the server, are using the 'GET' method, and this is prohibited especially when handling passwords and forms. They had been advised to revise these mechanisms, and to use 'POST' instead, but i don't think they did it.
The bitfinex hacking had something to do with this, they forgot to add a simple option to input text fields, coinables knows more about this then i, as he made a video explaining how the hacker managed to take the bitcoins.

I have knowledge of application security. I have an interest in the topics on OWASP. I can code the business processes of the project. But I do not know much about address generation and coin transfer.

https://bitcointalk.org/index.php?topic=1796509.msg17921284#msg17921284

the bitcoin RPC API documentation is your best friend, it is easy, just setup a script who will be triggered when a user demands an address, basically it will querry the daemon this way : bitcoin-cli getnewaddress [account]
and for coin management, you will have to rely on bitcoin daemon basic implementation, which is : bitcoin-cli move
It is that easy, what i can advise you to do is not to think of it as beign too much complicated, satoshi and the bitcoin dev team made things easy, just make some scripts and test them, remember that you can always find a way to run a .sh script from webservers if needed, or you can do this using the RPC port instead, but you will have to use SSL ports as the data will be exposed, even if it is running in localhost, i advise you to use SSL.