Just to mention that we are monitoring the topic closely, without taking part of it as it seems whatever we write there will always be people like davout who will speculate and turn the exchange to be a fraud. Luckily there are more and more successful trades and people with positive reaction.
We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.
Again thanks for all who are trusting us and also starting to defend us -> it really helps and motivates us people!
I don't speculate, I point at hard facts.We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.
Again thanks for all who are trusting us and also starting to defend us -> it really helps and motivates us people!
You were vulnerable to one identified CSRF exploit, you fixed it, good.
You still didn't make any statement regarding the amounts storage, the options are :
- "We use floats because we don't have a clue about handling money in a database"
- "We now use decimals instead of floats because we understand the exact implications"
"we store amounts very precisely", "we're monitoring the site closely", "trust us!", "we don't want to communicate about it", "davout is mean", "" are not acceptable answers.
I'm not making any assumption regarding your honesty, I'm making statements about technical matters and I have no problem being corrected if I happen to be wrong (see previous posts).
Now I suggest you get your code straight and be open about it.
We had a CSRF which could not be used at all anyway. Of course the spot was fixed in a minute after reporting.
This is an outright lie. It was trivially exploitable.On both points I can say honestly that neither the found CSRF could have harmed a user, nor the floats (on the datatypes we still use them) could cause crucial loss of data.
more marketing talk...You're salting and hashing your user's passwords before storing them in your database, right?
Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better 
)