Please help me to list the best security practices implementation details of my assignment.
Alice and Bob sign an agreement.
Alice borrows Bob $8,000 (assuming that 1 BTC = $8,000) for a period of time T and Bob put up a collateral of 1.5 BTC into a multisig account.
If within time T Bob settles his debt ($8,000 + fees) then Bob can have 1.5 BTC back, else Alice can seize 1.5 BTC collateral and do whatever she wants.
Here's an example by Gavin Andresen that can be used for what's described above:
https://gist.github.com/gavinandresen/3966071Here is what I've pointed out so far:
- How to create the three keypairs and give the private keys of the multisig addresses to three different Escrow agents in such a way that the private keys are not revealed to anyone (even the creator)?
- After Bob performs the transaction from his wallet to the multisig address wait for 6 confirmations before lending him $8,000.
- Reveal operation's details (when and where) only to people involved.
- What's best cold storage method with pros and cons? (i.e. HW wallets: if the period T is relatively long, new firmware may be released to patch vulnerabilities. An update process needs to be defined)
- Transfer 1,5 BTC to either Alice or Bob according to agreement outcomes. Is this probably the least risky step in the list?
Something is missing for sure ...
UPDATE:
- send transactions to your fullnode or to verified peers.