Basically, the haveno network operator can give admin roles to both taker and arbiter bots as well, which lets them ignore any rules in place. This speeds up things a lot since there’s no need to put down a security deposit for each taker bot, allowing all maker funds to be unlocked right away. These bots only work on the API level, so they don't mess with the user interface.
Because of this, it doesn’t really matter if you set up limitations on the frontend or the public API; the admin bots will always be able to access the protected API endpoints. This access is key to getting around rules like security deposits, rate limits, or any other client-side requirements for takers or arbiters.
The admin bots won’t use the public API, since developers would catch any shady changes to it. Instead, they’ll send requests to a protected API run by the network operator on a low-cost VPS for about $5 USD. Only the admin bots (taker and arbiter) will have the keys to access this protected API. This API will basically look like the public API but will have tweaks to bypass all those rules. So, only the maker will use the public API and will have to follow its rules.
To make things work, all you really need is the admin key, a protected API, and a few VPS servers for the taker and arbiter bots. These taker bots will throw the admin keys into the headers of their requests. If a normal taker tries to hit up the protected API without the admin keys, the request won't work. It’s actually pretty simple, and it might have been overlooked because of that.
Also, it’s good to remember that multi-signature setups only make sense when there’s no admin or network operator. The operator is always a single point of failure and can sidestep any limits on the API using their admin keys.
If anyone has a solid reason why this wouldn’t actually work, I’d love to hear it. When someone has the admin keys for their network, they can pretty much do whatever they want and set the rules while everyone else has to follow along.
To wrap it up, everyone in the haveno network, the taker, the arbiter, and the maker will get a key in the multi-sig trade. But there's also a fourth key, called the "magic key" that can do a bunch of powerful things, some of which could be a bit risky.
Reference: https://archive.ph/GsDsn
Thread: 
Interview: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex
openmonero
Hello Nostr! I
Hello Nostr! I'm the dev behind OpenMonero.com
This is my first post. I'm here to bring transparency and harm reduction. Check out my latest audit for haveno: Shady arbiters can steal the entire liquidity from the order book. All you need is just 2 bots. Its crazy.
https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
Issue confirmed by official monero moderator on dread: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-cac5570453f7fa9f42
Quote from /u/monero_desk_support: After some thoughts, I think you are right and that the arbitration system in Haveno doesn't prevent arbitrators from pulling the funds. They would need to create a bot that takes all the offers and automatically unlock the funds with the key of the taker and arbitrator
#introductions #Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides
View quoted note →
