Hello,
please consider this scenario:
- user and worker want to make an agreement where worker must do a job for user in 30 days.
- if worker doesn't deliver anything in 30 days, refund completely the user
- if worker deliver something in 30 days, give ability to user to accept or reject it
- if user accept pay the worker
- if user reject pay only 10% and get back 90%
- if worker delivery but user doesn't reply pay the worker
Now, all of this can be done with an escrow account where only user and worker are signers and both are required to submit any operation.
Furthermore we need some pre-authorized transactions signed by both participants where we set the payments or refund (same sequence number, time bounded, payment operation to user or worker) and finally ask user to fund the escrow account when we have everything setup.
What's the problem now? The problem is if I give signed XDR to both participants:
1- worker could send the payment one as soon as time bound is reached without any other requirement (like deliver the job done), so worker will get money without doing anything
2- in the other side, worker could have delivered the job but the user could simply wait for refund period and submit the refund transaction, so basically user will have money back and the job done while worker will remain with nothing.
This could happen because I asked both signatures and I gave signed XDR to both participants.
What's the idea to solve this? My idea is to let verify and sign the pre-authorized tx to both and then keep signed XDRs in a secret place where they cannot get them.
They will be still able to cancel them (if both agree, just sign a bump sequence tx and they can invalidate the previous ones), but only the platform who host the marketplace can submit the right pre-auth tx.
At time bound reached the platform could do some checks like those I wrote at beginning and automatically submit the right transaction.
Of course in the meantime creator could have accepted or rejected "manually" the job telling the platform to submit one or the other tx.
What do you think? I'm not so happy to keep signed XDR secrets, but I really don't know an alternative without putting a third signer (like the platform itself) in the middle to require also its signature, but I would avoid this because we don't want to review each offer, instead we'd like to have a self-management service where participants can handle all the situations by themselves.
