Exchange Software That is Ready to Use (almost)

[CoinFascination]

There are a few projects on Github that claim to be templates for an exchange. But there is no rating system. Nothing reliable to say if there is a backdoor or some danger. Of course, there is a legal issue, but I am first asking for technical viability.

I know of Peato for instance.

[1715176317]

1715176317

[1715176317]

1715176317

[yegor256]

I believe you should hire someone to audit the software, before you can use it in production. I would not trust any ready-to-use packages without such an audit.

[bob123]

There doesn't even need to be a real backdoor.

Just a purposely included vulnerability would be enough to completely compromise your server which you are running the exchange software on.

This would be hard to detect. Especially in a non-running environment.
Also, no one guarantees you that the developer knows how to create such a software properly. Even if no vulnerability has been placed in there on purpose.


If you really want to use that template, you should set up a test environment and purchase a full security audit / penetration test for webapp.
And don't choose a test which only lasts 5 days. You'd need 10 - 15 at least. With an average price of 1k - 2k$ per day, that would be between 10k$ and 30k$.

If you don't have enough money to perform such an audit, don't start an exchange.

The chances that a fully working and secure template for an exchange is available for free.. are almost zero. Why would someone give it away for free if they can earn money by selling it?
What is their business model? How do they make money from that template ? Selling it is lucrative.. what would be more lucrative?.. Just think about it.

[CoinFascination]

There is a big barrier to entry in building an exchange. Peatio unfortunately does not have the capabilities to reach the standard of those currently running. Its a nice guide for developers and it's always fantastic seeing open source projects being available but its not something that could be viable to use for a startup/business. It does also require a lot of work on top of what's available, so it's essentially a script much like the scripts that are regularly up for sale on this forum and elsewhere for $200 that promise to provide a service that platforms generating millions do 

Thanks David.
The issue is that as a programmer one has to start from somewhere. Even a really simple implementation will give some ideas. I was wondering if even that exists.

[serhanni]

There are a few projects on Github that claim to be templates for an exchange. But there is no rating system. Nothing reliable to say if there is a backdoor or some danger. Of course, there is a legal issue, but I am first asking for technical viability.

I know of Peato for instance.

Maybe you can check how many forks does it have... And check every forks of it. Maybe you can get a clue:) By the way which templates and exchange software are you talking? Peatio?

[joniboini]

Maybe you can check how many forks does it have... And check every forks of it. Maybe you can get a clue:) By the way which templates and exchange software are you talking? Peatio?

He's mentioning Peatio[1] for the example, though there's a bit of typo. Checking the forks of each code would take a lot of time, and it doesn't really make sense if you want to look for the weakness of that code. It would be better to examine the source code directly and see how did an exchange that runs on top of that code performs, or run it offline and do a stress test.

[1] https://github.com/peatio/peatio

[Initscri]

I know others have mentioned backdoors, or intentional vulnerabilities, which could lead to the exchange being hacked.

TBH, what I've see much more is non-intentional vulnerabilities or zero day attacks, which affect any site using the open source software. When it comes to websites as high in security demand such as an exchange, there's really no room for error.

Sometimes not using open source software, and building it your own, is security by obscurity.

For example, there's been MANY hacks w/ software like Wordpress where a security vulnerability was found in Wordpress (zero day), scans were made to find every single applicable Wordpress site, and then any Wordpress site found was exploited.

The same could happen w/ exchange software, it would just be a hell of a lot more costly.

Just my $0.02

[Blockchain Mechanic]

Hi, exchange code is used to make money. The only fully functional open source code i know is peatio and it's really hard to modify. It took me almost a month to get it to support multiple coins let alone customize it to some of my specific needs, eventually I gave up and started from scratch. I have been developing my own exchange as part of a much larger project :- Xequium. It has an exchange built completely by me, and I think that you should follow a similar path. This is mainly due to the issues mentioned in previous responses but also because you will learn a lot in the process and be able to quickly diagnose a problem should one appear. By designing your own database schema, security model and features you have the benefit of knowing your system in and out, then if you do it well you are more likely to attract users.

Note:- developing/running a proper exchange efficiently is a taxing job, it requires a lot of time,patience and coffee. I had the advantage of a background in CS and SE sand massive experience coding for crypto projects , but diligence should cover that for you.


Some things you should research :-

1) securing a server
2) securing a wallet
3) communicating with a wallet
4) storing data properly in a database
5) differences between what will be done server side vs client side.


Checkout the exchange part of my platform  :-







It goes live as soon as i finalize work in other areas of the project, raise some funding etc.

[Initscri]

Also, just to add-on to Blockchain Mechanic's response there; take note of the mistakes made by exchanges before you.

Whether it be improper storage of Bitcoins w/o a plan (for example, QuadrigaCX) or hacking attempts (MtGox), I would honestly do many hours of research into exchange failures before creating your own.

[CoinFascination]

Also, just to add-on to Blockchain Mechanic's response there; take note of the mistakes made by exchanges before you.

Whether it be improper storage of Bitcoins w/o a plan (for example, QuadrigaCX) or hacking attempts (MtGox), I would honestly do many hours of research into exchange failures before creating your own.

Yes, absolutely. The way some talk about, it is so risky that there is no point in even trying.
And once you get the courage to build something, there are the legal issues to deal with. I doubt if one can build it in the US, without kyc for instance.