Should the /pay API take a destination_amount? #256
Comments
|
To protect against malicious receivers, I think the STREAM client needs to always check the rate against an external provider. This would make specifying the destination amount much more secure, since single path probing is very easy for the recipient to manipulate. (One simple idea is to just use the same rate provider the router uses). One important note: with this exchange rate check, if I'm specifying a
I agree we should also support a |
|
Also... when/if we add that exchange rate logic, we definitely need to fix this: https://github.com/interledger-rs/interledger-rs/blob/master/crates/interledger-stream/src/client.rs#L121 Right now intermediary connectors can steal ALL the money! |
Currently, the
/payHTTP API endpoint accepts asource_amountand will send STREAM packets until that amount has been sent. We may want to add the option to specify adestination_amountinstead (setting either amount would be supported).The tricky part about the
destination_amount-based sending is that the exchange rate could fluctuate -- for good or malicious reasons -- while the payment is being sent, potentially causing the sender to send a lot of money.We could add a
max_source_amountfield along with it, but it's not totally clear how the user or the node would set that. The best option might be to use STREAM to get a quote first and then base themax_source_amounton the first observed exchange rate + some slippage. Alternatively, if we want to make sure the user is aware of the current exchange rate, we could make themax_source_amounta required field if you set thedestination_amountso that the user has to explicitly call the quote endpoint (#255) first.The text was updated successfully, but these errors were encountered: