|
Title: Exchange Standards Framework Post by: Tommo on April 04, 2014, 04:29:45 AM In light of the recent Mt.Gox debacle, I'm looking for some help in coming up with some sort of Standards Framework which exchanges should follow in order to minimise the potential for hacks, dodgy accounting, etc so that users of the exchanges compliant with the framework can feel safer trading bitcoins or other cryptos.
Lets start with listing some safe and unsafe features: [Safe Features] - Operating in a politically stable and crypto friendly jurisdiction - KYC/AML adherence - Dedicated hardware - DDoS resistant - Minimal alteration of Bitcoin Core, alterations independently reviewed - Regular software audits and performance review - Cold storage, manual access only - Hot wallet size algorithmically determined by standard deviations of withdraws - 100% reserve - Regular financial statements, fiat + crypto - 2 factor authentication - Separation between read-only and execution APIs (https://bitcointalk.org/index.php?topic=556810.msg6065434#msg6065434) - Separation between trade and wallet APIs - Exchange transactions all performed on chain (operationally possible?) [Unsafe Features] - ? For clarity I'll add/remove features here later depending on census. Let's self regulate. Title: Re: Exchange Standards Framework Post by: Initscri on April 04, 2014, 07:11:42 AM [Unsafe Features] - "Fancy" APIs Define what you mean by "Fancy"? I don't believe all API's are bound to be defined as Unsafe. It depends on the company or developer developing the API and their code, what practices and what safety precautions they use. Title: Re: Exchange Standards Framework Post by: Tron on April 04, 2014, 08:15:04 AM I would like to suggest that exchanges have the option of read-only API Keys. Or limited to viewing trades, transactions, and balances.
This would be separate from an API Key that allows trade executions and/or withdrawals. Lose the "fancy API". That doesn't mean any thing. Fancy is in the eye of the beholder. I like your other standards. Especially the 100% reserve. Title: Re: Exchange Standards Framework Post by: Initscri on April 05, 2014, 07:51:44 AM I would like to suggest that exchanges have the option of read-only API Keys. Or limited to viewing trades, transactions, and balances. This would be separate from an API Key that allows trade executions and/or withdrawals. Lose the "fancy API". That doesn't mean any thing. Fancy is in the eye of the beholder. I like your other standards. Especially the 100% reserve. The read-only API keys could be set by a action/permission based API. The API key creator would have the ability to choose what actions each API key can perform. All, or specific actions. Title: Re: Exchange Standards Framework Post by: Tommo on April 12, 2014, 05:29:37 PM We'll also need some way to perform regular transparent and minimally intrusive audits.
Title: Re: Exchange Standards Framework Post by: knightcoin on April 12, 2014, 07:34:02 PM I would like to see transparency about how the exchange operates from the "front office" to "back office", rulebook, documentations etc... something like
http://www.londonstockexchange.com/traders-and-brokers/rules-regulations/rules-regulations.htm if is open source the project should give all sources and documentations too... like buttercoin https://dchtm6r471mui.cloudfront.net/buttercoin.hackpad.com_nKajyO5V1tR_p.44038_1365837248577_arch.v1.png |
