Bitcoin Forum
November 25, 2017, 08:03:36 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: I'm looking for someone interested in making BitCoin/altcoin exchange  (Read 550 times)
kompiler
Newbie
*
Offline Offline

Activity: 4


View Profile
June 09, 2014, 10:32:08 AM
 #1

Hi

I am very experienced enterprise web systems developer. The thing I noticed in Bitcoin world is that exchanges are really poor developed. Very low reliabilty, performance and security.

Things like this, make me feel cringe: http://www.reddit.com/r/Bitcoin/comments/1wtbiu/how_i_stole_roughly_100_btc_from_an_exchange_and/

Most, if not all, are based on badly choosen technologies (like PHP, MongoDB) without even proper transaction isolation, race conditions posibilities etc.

I have already made about ~80% of enterprise exchange. It is build on application server with background transactional and monitoring tasks,
done in the lot better way than CRON based scheduling etc.

Highly concurrent, clean and maintainable code with near 100% coverage with unit and integration tests. Lot of caching involved.
Capability to process 10-20k requests/second for some static pages, and realize 50-200 orders/s on single machine.

For example, if wallet communication commands take long and there is too long processing detected,
user is immediately notified and system does not try to force another RPC call going to a huge overload etc.

There is really lot of cool features, too much to describe now. For example pre-cashing of wallet addresses, that you can generate new addresses on wallet RPC
in lowest load hours and just assign them to users under peak load.

Lot of monitoring abilities, with monitoring wallets health and possibility to inform users about wallet on/off status, load or last retreived block time from blockchain.
Internal mail sending queue with reporting and status etc. etc. Just enterprise solution. Possibilty to implement some SQL-balance vs wallet-balance montors
to improve security and detect security breach, possiblity to implement near real-time monitoring/withdrawal confirmation app for android.

Opened oportunities for wallet-pooling if single internal wallet daemon per currency is not enough.
   
Is anybody interested in starting his own professional exchange?
   
I'm looking for people going to invest in "starter pack" without further maintaince, espacialy that I have already a full-time job.
Of course, some additional maintaince and feture requests possible.

For clarity, I do enterprise software - so it's neccessary to have someone for regulatory approval, lawyers etc. Also some bitcoin-theory expert and/or unix service/wallets maintainer for unix-level and wallet security and backuping.
   
So, I am just offering professional-level software here only, not complete exchange solution.

Sorry for my english, I'm not from US.
1511597016
Hero Member
*
Offline Offline

Posts: 1511597016

View Profile Personal Message (Offline)

Ignore
1511597016
Reply with quote  #2

1511597016
Report to moderator
"There should not be any signed int. If you've found a signed int somewhere, please tell me (within the next 25 years please) and I'll change it to unsigned int." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511597016
Hero Member
*
Offline Offline

Posts: 1511597016

View Profile Personal Message (Offline)

Ignore
1511597016
Reply with quote  #2

1511597016
Report to moderator
Justin00
Legendary
*
Offline Offline

Activity: 910


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
June 09, 2014, 10:38:49 AM
 #2

how will your exchange diff from the other 15 already in production ?
serious question.. .

Eliphaz Fimk
Hero Member
*****
Offline Offline

Activity: 688


Heatledger.com


View Profile WWW
June 09, 2014, 10:39:16 AM
 #3

Interesting.

I'm looking for people going to invest in "starter pack" without further maintaince, espacialy that I have already a full-time job.
Of course, some additional maintaince and feture requests possible.

You produce such excellent software that you're convinced there will be no bugs or exploits worth fixing without testing in live production environment? Impressive.  Shocked Good luck!

         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   ████      ████      ████████████          █████        ████████████████  
   ████      ████      ████████████          █████        ████████████████  
   ████      ████      ████                ████ ████            ████        
   ██████████████      ████████████        ████ ████            ████        
   ██████████████      ████████████      ████     ████          ████        
   ████      ████      ████              █████████████          ████        
   ████      ████      ████████████    █████████████████        ████        
   ████      ████      ████████████    ████         ████        ████
        
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
              ██      ██████  ██████    ██████   ██████  ██████
              ██      ██      ██   ██  ██    ██  ██      ██   ██
              ██      ██████  ██   ██  ██  ▄▄▄   ██████  ██████
              ██      ██      ██   ██  ██  ▀▀██  ██      ██   ██
              ██████  ██████  ██████    ██████   ██████  ██   ██







kompiler
Newbie
*
Offline Offline

Activity: 4


View Profile
June 09, 2014, 10:43:20 AM
 #4

@Justin00

Really, there is a huge difference with services like PHP+Mongo+CRON vs. enterprise, JIT-compiled, highly-declarative secured&transactional. Too much to write here. Security, reliability, monitoring, performance etc.

And some other things:

- How it is possible to cannot log in for a new account severl hours after its creation and confiramtion?
- How it is possible to wait 24hrs for withdrawal?
- How it is possible to cannot generate deposit address for several hours?
- How it is possible to wait looot of time for simple page load?
   
It's literally lame. And it is related to biggest exchange!

Also I heard about race conditions, negative balances in exchanges etc - it's huge blame.

@Eliphaz Fimk

No, I mean that I can sell a finished product, go throught beta test etc. and even after that support it, but not in 8hrs/day way, but more like freelance.

EvilPanda
Hero Member
*****
Offline Offline

Activity: 658


Small Red and Bad


View Profile
June 09, 2014, 11:09:29 AM
 #5

I think we are lacking an important statement: how much are you asking for Smiley

kompiler
Newbie
*
Offline Offline

Activity: 4


View Profile
June 09, 2014, 11:30:50 AM
 #6

@EvilPanda

Generally cost is highly dependent on actual option and involvement (only bug fixing or regaular feature additions).

The most prefferable option for me is starter pack with beta tests on installed and preconfigured wallets for several weeks and few dozens of support hours and "thats it" (preferrable if you already have some dev to maintain project further).

The reasonable cost is my opinion about 15-20BTC. (solution with wallet pooling - more than 1 wallet daemon per currency -  30BTC and up). Additional payment for supporting any non-bitcoin json-rpc compatible currency - as I know, NXT for example.

But there should also be spends (not for my services) on penetration testing, code audit, server configuratin and administration, wallets compilation/setup/securing/maintaince.

I'm just offering my definatelly-above-average programming skills to make whole user/balance/trading/deposit/withdrawal system, and of course - time - because system is almost completed already.

As I said, I'm offering to create such service in other way than slow and almost stateless PHP/CRON and totally-not-for-financial-services MongoDB etc. , but building in on enterprise concurrent solutions based on queues, background tasks, multithreading, declarative security and transactions. With a lot more monitoring and fault detection tolarance (anyone knows PHP error reporting system?)

What I forget to admit it's that of course, I would provide a huge, very detailed documentation for the whole system. Not only component-level documentation but whole architecture and working environment detailed description.
CodeEmck
Newbie
*
Offline Offline

Activity: 5

9FF8 6290 ADF4 565F 3A74 8ED4 3B46 93E9 A854 35A3


View Profile
June 09, 2014, 11:59:00 AM
 #7

I would hope that most exchanges are not using PHP and non ACID databases for transactions.

You clearly state what you are not using. Could also give an overview of what tech you are using for the app server and database and frontend.
kompiler
Newbie
*
Offline Offline

Activity: 4


View Profile
June 09, 2014, 12:05:10 PM
 #8

Easy to check that most are using PHP. Not sayin earlier about performance-killing regular AJAX-interval-refreshing instead of notofication by push/long-pooling (I am using WebSockets)

We can hope that they are at least using ACID db but, as wee see, I pasted a reddit link about successful race condition attack. I have not mentioned my technologies jet on purpose, because it's Java and people are so truly wrong about Java. They have some very wrong and bad opinion (what is totally false) about it's speed and reliability. Probably most of the real official banks are using Java and think about it.

Basically is J2EE with SQL database with JSON-RPC wallet comunication (but not directly - commands are processed in custom per-wallet queue-based engine with common monitoring and logging for every single call). Any frontend technology possible. Typical HTML/CSS with WebSocket live updates. Any chosen web template integration included in service.

Very defensive coding, lot of preconditios (like its physicaly not possible to assign any user a negative balance, per whole system environment - even if such situation would have place by some mistake, transactions/balances core will throw error and everything changed in DB would be undoed with transaction rollback etc.).

Internally it's a not-legacy java, MVC and dependency injection based, including things like JSR bean validation, JSR REST endpoints for external API, declarative Spring Security authorization, declarative transactions with proper isolation and propagation. Unit and integration (with production-like) DB tests with near 100% coverage. JMeter - checked performance and reliability (no memory leaks). Possible to include acceptance selenium tests.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!