Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move exchange rate fetching to client #13028

Merged
merged 11 commits into from
May 16, 2024
Merged

Move exchange rate fetching to client #13028

merged 11 commits into from
May 16, 2024

Conversation

lontivero
Copy link
Collaborator

Simplify the exchange rate fetching mechanism and move it to the client (remove api from server).

Tor support is missing but the PR is enough to make configurable through the UI and to test.

@lontivero lontivero requested a review from molnard May 14, 2024 00:47
@lontivero lontivero force-pushed the move-exchangerate-to-client branch from baa9b18 to 9e3a483 Compare May 14, 2024 11:28
@lontivero
Use Tor to connect to providers
9f56e4a 
Most of the providers are exchanges that block access to their api from Tor. That means that not all providers can be used when Tor is enabled.
@lontivero lontivero force-pushed the move-exchangerate-to-client branch from 953f8b4 to 9f56e4a Compare May 15, 2024 13:32
molnard
molnard requested changes May 15, 2024
View reviewed changes
WalletWasabi/ExchangeRate/ExchangeRateProvider.cs Outdated Show resolved Hide resolved
WalletWasabi/ExchangeRate/ExchangeRateProvider.cs Outdated Show resolved Hide resolved
WalletWasabi/ExchangeRate/ExchangeRateProvider.cs Outdated Show resolved Hide resolved
molnard
molnard reviewed May 15, 2024
View reviewed changes
Copy link
Collaborator

@molnard molnard left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am testing it. Well I guess it is not a surprise - it is not working yet, it is a merge blocker.

image

@lontivero
Copy link
Collaborator Author

The question is: what to do if the client enables Tor and chose an exchange rate provider which cannot be reached with Tor?

@molnard
Copy link
Collaborator

molnard commented May 16, 2024
edited

The question is: what to do if the client enables Tor and chose an exchange rate provider which cannot be reached with Tor?

We want to prevent identifying that a specific IP using Wasabi.

  • Random useragent is a must have in any cases.
  • Timing attack is possible when using clearnet. I am correlating the request coming from a specific IP in every 5 minutes - that is a wasabi client. In the case of Tor this is solved by identities - no action there.
  • Failsafe option - remove all the providers those are not supporting Tor.

My suggestion is to do random timing and random useragent in case of Clearnet. It is good enough and Wasabi will be compatible with any exchange rate provider - win!

@lontivero
Add User-Agent to requests
7ddc6fe 
Some providers reject the requests if they don't have an User-Agent header. Additionally, using a constant pattern for the requests could help to finger the clients so, we use "random" user agents.
@lontivero
Remove some exchange rate providers
3abed97 
that are unreacheable using tor. Add mempool.space as default provider.
@lontivero lontivero force-pushed the move-exchangerate-to-client branch from 2287bc0 to 3abed97 Compare May 16, 2024 14:54
@lontivero
Copy link
Collaborator Author

This is ready.

@lontivero lontivero merged commit abc3631 into WalletWasabi:Downsize+FOSS May 16, 2024
3 of 5 checks passed
@MarnixCroes MarnixCroes mentioned this pull request May 17, 2024
Open
lontivero added a commit that referenced this pull request May 21, 2024
@lontivero @kiminuo
Move exchange rate to client (#13028)
ab0b7bd 
* Create `ExchangeRateProvider2`

* Remove old exchange rate providers and controllers

* Fetch exchange rates from the client

* Make exchange rate provider configurable

* Fix warnings

* Naming error

* CR feedback

* Use Tor to connect to providers

Most of the providers are exchanges that block access to their api from Tor. That means that not all providers can be used when Tor is enabled.

* Add `User-Agent` to requests

Some providers reject the requests if they don't have an User-Agent header. Additionally, using a constant pattern for the requests could help to finger the clients so, we use "random" user agents.

* Remove some exchange rate providers

that are unreacheable using tor. Add mempool.space as default provider.

* Add random delay between queries

---------

Co-authored-by: Kiminuo <[email protected]>
@lontivero lontivero changed the title Move exchange rate to client Move exchange rate fetching to client May 26, 2024
@lontivero lontivero added the Resiliency All what makes Wasabi inmortal label May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@molnard molnard molnard requested changes

@yahiheb yahiheb yahiheb left review comments

@kiminuo kiminuo kiminuo left review comments

Assignees
No one assigned
Labels
Resiliency All what makes Wasabi inmortal size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@lontivero @molnard @yahiheb @kiminuo