Hallo my crypto-compatriots!
I am [perhaps foolishly] developing my own code to receive bitcoin payments for a new game. As I prefer to do things in a robust manner I am looking for ways to ensure the code is reliable before exposing it to the General Public. Automated testing is a fantastic way to ensure your code is protected against all manner of badness, now and in future iterations.
My general plan of attack is to set up several nodes configured such that they do not connect to the network at large and instead communicate solely with each other. I would premine several hundred coin for the system to use.
In this way I would be able to orchestrate payments and check that my code handles them in an expected manner, as well as trigger double spends, transaction malleability attacks, and block reorgs.
Has anyone come across something similar?
Sounds like testnet in a box, which AFAIKT is no longer needed because bitcoin core now has regtest[1]
What other exploits should I be guarding against? Anyone interested in seeing the result?
I am also interested in any other docker related bitcoin handling. It seems like a decent way to setup a reasonably secure and reproducible bitcoin environment.
IMHO your main concern should be double spend attempts, which can be mitigated by requiring at least 1 (or n) confirmations.
[1]
https://bitcoin.org/en/developer-examples#regtest-mode