GalacticTrade

[unknown] You should probably tell us more about exactly what "loans" mean before calling out any other projects as cash grabs. Because otherwise it sounds hypocritical when this project is just a copy/paste of Coinbase Pro with a Loans button slapped on.

GalacticTrade | Trade. Lend. Fast.

GalacticTrade | Trade. Lend. Fast.

enter image description here

Title:

GalacticTrade - https://galactic.trade/

Summary:

GalacticTrade is a terminal that enables decentralized peer-to-peer trade and loans on Stellar network.

Category:

Application

Goals:

To increase the Stellar decentralized exchange (SDEX) experience and to ensure that the main currency of the Stellar network, "XLM", is used more actively with the loans system.

Timeline:

Short term :

Loans system (in progress)
Planning to release it in next days. Stay tuned!
Hardware wallet support (Trezor and Ledger)
Path payment support
UX improvements and fixes

Long term:

Social trading
Margin trading

Description:

GalacticTrade is designed as a trade interface free from all unnecessary details, where the user experience is prioritized. In this way, we think that we will help you discover the power of the Stellar network in a safe and fun way.

What makes GalacticTrade unique than others?
User experience and loans system. Try and see!

Links:

Website - http://galactic.trade/

Tags:

"exchange, loans, lending, trade, wallet, payment"

Freitag

Hello fellow galactic proposal. What does this exchange do that others do not? While loans could certainly be a new exchange feature, is there any interest from the stellar community to use it? We've seen numerous exchange entries in the past and in the current round. It's starting to look like a cash grab attempt rather than an attempt to provide a new and improved service for the stellar community.

galactictrade

Freitag Hey, for exchange side we're all just an interface which is using Stellar network and we can only provide the data via better UI currently. In long term, social trading will be unique feature of GalacticTrade for exchange users.

For loans, I don't think there is a need to measure the demand of the community because it is gonna be first one at ecosystem. I think the most exciting thing will be that we can create P2P loan contracts on Stellar completely decentralized.

Loans system is unique feature of GalacticTrade but in long term exchange side will be too.

Freitag

tmacshaq I'm unsure what you're trying to tell me here. You're defending this entry in the first sentence, and then attacking it in the second?

tmacshaq

Freitag I misread part of your post. For that I apologize. But I don't think it's proper to give derogative labels to other projects. If you have concrete feedback just give those directly.

For this entry, yes it seems like they heavily copied Coinbase Pro's exchange layout. And they shouldn't brag about something (lending) they haven't shown yet. And it looks like they take full custody of your private key which they should have mentioned. But I am interested in lending and margin trading. I just don't see how it can be done in decentralized manner on Stellar without involving another blockchain. It seems like they would need to do that part off chain so it just turns into something like Deribit/Celsius with a deposit option for Stellar assets. In that case it's not at all decentralized and they need to clarify the legality of operating such a business.

galactictrade

tmacshaq Hey, thanks for feedback. GalacticTrade never store your private keys and passwords on database. All operations take place on your client. Thats why we called it "decentralized".

I plan to release the loans system within a few days. Our loans system is also fully decentralized solution on only Stellar network. All details (e.g. how it works) will be given out when it is gonna be live.

John

The best model for logging is getting private-key of users like Stellarterm and you have to be open-source your app.
also, you have to more work on the design.
I think it is CEX no DEX

galactictrade

John GalacticTrade never store your private keys and passwords on database. All operations take place on your client. We don't need to be open source to prove it, you can test and confirm the outgoing and incoming data on the client very easily like in StellarX,Stellarport...

tmacshaq

galactictrade If you don't store my private key how am I suppose to use your thing? You generate a wallet when I signup but never showed me my private key. Good thing I didn't deposit anything

John

galactictrade Databases? I don't think this app needs to database client <=> Horizon
Oooh...! I suggest you study about DEX and structure.
even I don't think Stellar X is a DEX I only believe to Stellarterm.

John

galactictrade All DEXs in the world are opensource

galactictrade

tmacshaq You have mnemonic recovery seed while signup and you can view your private key at any time in the Account > Security section.

When you create your wallet, a recovery seed is created. Your wallet is encrypted on your browser with your personal password. Your password acts as your decryption key to both lock and unlock your wallet and nobody cant be accessed without it. Because we don’t know or store your password.

Your encrypted wallet is backed up to our servers when you signup . When you access your wallet with your username, your browser download your encrypted wallet backup from API and decrypting it on your device. This way we need to store your password or private key.

So you are completely safe!

John

galactictrade
we know that all DEX in the world stores our private key on the local browser but how users trust DEX?
The answer is simple, by the research on the source code, you must be open your app source.
Decentralized app = Open source

tyvdh

@John open source isn't a requirement, of DEX's or for the SCF, please stop acting as if you were the SCF police. Provide helpful, kind, respectful feedback or please don't say anything. Security and openness are extremely important and while I do think galactictrade does have more to show and prove in this respect let's give him the benefit of the doubt and respectfully query into his DEX construction and not make assumptions of misintent or demands that our preferences be followed.

tmacshaq

galactictrade I love it when people say their product is "completely safe".

You encrypt with user's password. Is this same password sent to your server for authentication when they login?

mustaphee

Forgive me if this seems like a naive question, but if personal password are saved on client side (browser) where they are to decrypt your wallet backup. What will happen in a case where you switch browsers or your browsers data is being cleared?

galactictrade

mustaphee
Your password is not kept on the browser, it is only used when logging into your account to decrypt the data in the encrypted state below.

{"success":true,"encrypted":"{\"pbkdf2_iterations\":\"10000\",\"payload\":\"3d0646083ac0ecc7945d5217d2dfd258b59969c13c82bb18b7351048cf510017s2GXQ5N/IQJ8ALd3T0s8549TidVDYkS2MEAwrnNP9qHifZrzoUDKkh+qf986bbChn2kr4+r0w99bILulCpMaaXppe9kLpcSKit+TN3+kIeo=\"}"}

When you switch to any other device, GalacticTrade provides you with the following encrypted data and asks you to prove your identity by decrypt it in your browser.

In case you lose your password, you can regain access to your account from any device with the "mnenomic" backup offered during registration or your "secret key" that you can access in Settings -> Security.

mustaphee

Ok. Thank you for taking your time to answer my question. It's really insightful. One more question though, how does your mnemonic seed not provide the same access to the encrypted data like password does?
Does it not mean if I have access to the mnemonic key, I can as well get access to the person's private key?

galactictrade

tmacshaq The user never sends his password to the server. GalacticTrade does not have a login system that requires a password to be sent to the server. I answered this before, but I still do not understand why it is not understood. Right now, you can try logging in immediately and test what information goes to the server while logging or registering.

tmacshaq

galactictrade Ok so if I spoof the username in the JSON request, I can obtain the encrypted private key of any other user of your system with no barrier whatsoever? Like I don't even need to break into your server. YOu literally just give it to me straight up

galactictrade

tmacshaq
I don't think it makes sense to continue this conversation further because you don't want to understand even a simple cryptographic scheme. Choosing a strong password is always the responsibility of the user.

In addition, the user can put 2FA to provide an extra layer of security (the barrier you mentioned) when logging in (which will come with the loans update). Even if you have accessed the server, you will only have strongly encrypted data and trying to crack them is unreasonable because using a strong password is enough.