GalacticTrade

Hello fellow galactic proposal. What does this exchange do that others do not? While loans could certainly be a new exchange feature, is there any interest from the stellar community to use it? We've seen numerous exchange entries in the past and in the current round. It's starting to look like a cash grab attempt rather than an attempt to provide a new and improved service for the stellar community.

[unknown] You should probably tell us more about exactly what "loans" mean before calling out any other projects as cash grabs. Because otherwise it sounds hypocritical when this project is just a copy/paste of Coinbase Pro with a Loans button slapped on.

tmacshaq I'm unsure what you're trying to tell me here. You're defending this entry in the first sentence, and then attacking it in the second?

Freitag I misread part of your post. For that I apologize. But I don't think it's proper to give derogative labels to other projects. If you have concrete feedback just give those directly. For this entry, yes it seems like they heavily copied Coinbase Pro's exchange layout. And they shouldn't brag about something (lending) they haven't shown yet. And it looks like they take full custody of your private key which they should have mentioned. But I am interested in lending and margin trading. I just don't see how it can be done in decentralized manner on Stellar without involving another blockchain. It seems like they would need to do that part off chain so it just turns into something like Deribit/Celsius with a deposit option for Stellar assets. In that case it's not at all decentralized and they need to clarify the legality of operating such a business.

The best model for logging is getting private-key of users like Stellarterm and you have to be open-source your app. also, you have to more work on the design. I think it is CEX no DEX

Freitag Hey, for exchange side we're all just an interface which is using Stellar network and we can only provide the data via better UI currently. In long term, social trading will be unique feature of GalacticTrade for exchange users. For loans, I don't think there is a need to measure the demand of the community because it is gonna be first one at ecosystem. I think the most exciting thing will be that we can create P2P loan contracts on Stellar completely decentralized. Loans system is unique feature of GalacticTrade but in long term exchange side will be too.

tmacshaq Hey, thanks for feedback. GalacticTrade never store your private keys and passwords on database. All operations take place on your client. Thats why we called it " decentralized ". I plan to release the loans system within a few days. Our loans system is also fully decentralized solution on only Stellar network. All details (e.g. how it works) will be given out when it is gonna be live.

John GalacticTrade never store your private keys and passwords on database. All operations take place on your client. We don't need to be open source to prove it, you can test and confirm the outgoing and incoming data on the client very easily like in StellarX,Stellarport...

galactictrade Databases? I don't think this app needs to database client <=> Horizon Oooh...! I suggest you study about DEX and structure. even I don't think Stellar X is a DEX I only believe to Stellarterm.

galactictrade All DEXs in the world are opensource

GalacticTrade | Trade. Lend. Fast.

tmacshaq
It was pointless to discuss this issue unless there was anything realistic attack.

Putting extra extra layers of extra protection only makes access difficult, but since GalacticTrade controls these layers, they are never enough. As I said, the most important thing to do here is that the user chooses a sufficiently secure password. This applies to all systems including hardware wallets.

tmacshaq Your app literally just hands it to whoever asks for it.

That being so comes from trust in the security scheme anyway. This is a challenge, if you think the current security scheme is insecure, you can join this challenge. Simple, isn't it?

tmacshaq

I already mentioned this. The difference with other systems is they have a whole layer of security and attacker has to breach first. Like someone needs to break into my house and take my hardware wallet first before they can enter the password!

galactictrade

tmacshaq Yes, that's exactly the difference. Instead of relying on extra extra extra layered security systems of other systems, in GalacticTrade you only provide a strong password for your own security without trusting GalacticTrade. Only in this way will you have full control.

tmacshaq

galactictrade I like your spin on the "no trust" part but its completely irrelevant. Your basically punting a tricky security problem to your own users and allowing them to shoot themselves in the foot. The thing in security you should not do. Users using your GalacticTrade will be mislead into thinking it works like any other software except its missing a whole layer of security. I cannot think of one system that is designed this way and I don't think its because everyone else is stupid.

galactictrade

tmacshaq

I answer for the last time, thinking that you are not malicious in these comments, only the lack of information.

tmacshaq I cannot think of one system that is designed this way and I don't think its because everyone else is stupid.

GalacticTrade uses the same authentication scheme I linked. I did not invent anything new, I used the safest way already.
https://www.blockchain.com/learning-portal/how-it-works

As I said, if you have any claim that there are any security issues, you can show it with evidence and take your imagination one step further in your comments.

See you in the comments on another topic!

tmacshaq

galactictrade I just randomly logged in to galactic.trade account I didn't create. The password was "test".

You left out some key details in your comparison to blockchain.com. blockchain.com doesn't let their users create an account with "test" as password. Also when you log back in Blockchain requires you to enter the 41 character wallet ID not your username. This is basically another mandatory secure password. Its very easy for people to attack your users accounts if they can guess the username because you use to lookup their data.

FWIW I think it's very inconsiderate to Stellar users to publish something so half baked and insecure. Your way too cavalier about security. Its really scary since you called your thing is "completely safe". If you think your users have to actually lose money to an attack before you admit a security hole you should absolutely not be building software that handle other peoples money

tmacshaq

galactictrade Oh I see your the guy who did StellarPay. You won 450,000 XLM in SCF #2 and we never hear about StellarPay again. Now you come for second serving with different account. I see what Freitag means now about cash grab. I also see your perspective now. Win the SCF then sweep it under rug so people forget it about it. Hey if theres a security hole but no one will use it, is it still bad? 😆

dzham

As far as I can remember, the original Stellar account viewer had this exact same issue, right out of the gate.
The encrypted blobs where available for anyone who asked for them, so as soon as a new account was registered on the ledger, people did a reverse federation lookup to get the username, used the username to get the blob, and slurped away all STRs from accounts with weak passwords. This took seconds.

dzham

The way I think they dealt with it was to do the 2FA check before giving out the blob.

galactictrade

2FA feature has been activated. You can start using this feature by going to the Account> 2FA page.

Also, the minimum password length requested from the user during registration was set to 10.

The next update is the "Loan" system, which works completely with Stellar smart contracts, which makes GalacticTrade special. I plan to release the "Loan" update within 24-48 hours unless something goes wrong.

Stay tuned!

tmacshaq

Until 2FA is required to use your thing or you do BlockChain's wallet ID the security issue above still applies. If you read dzham's response again 2FA has to be done before giving out the blob.

Here's another hack where you compromise security for the sake of "convenience". Your app stores the users private key in cleartext as the "data" field in Local Storage. Again no other apps do this- not Blockchain not Stellarport. Again not something I'd expect from an app that's "completely secure"

galactictrade

tmacshaq If you read dzham's response again 2FA has to be done before giving out the blob.

You write here the claims you have produced using your imagination from the very beginning. Encrypted data (blob) is never presented to the user without entering the 2FA code. It is only a waste of time for you to come here and make negative comments even if you have not tested this.

Here is a small clip of how it works
https://cl.ly/ab34a42cb77b

tmacshaq Your app stores the users private key in cleartext as the "data" field in Local Storage.

This claim is unreal like the other. There is no private key data which is stored as a "cleartext".

tmacshaq Until 2FA is required to use your thing or you do BlockChain's wallet ID the security issue above still applies.

Forcing users to log in with a long id harms user experience. Minimum password length is 10 and it is pretty enough to keep them safe. I do not have a plan like login with long and complex ID instead of username. 2FA feature is here for those who want extra security.

galactictrade

Hey guys, I know you are looking forward to P2P Loans system, the unique feature of GalacticTrade!

P2P Loans system is almost ready and I'm working hard to get it live immediately. Before I go live, I want to make sure that all contracts are working smoothly and securely, and that the instructions are correct, so I have to test each step several times.

I can't wait to release it and get feedback from you. No doubt that it will be released before the voting begins (who knows maybe tomorrow). Stay tuned!

galactictrade

P2P loans system is online!

Available lends:

Apply to loan :

https://galactic.trade/loans/available/lend

How the contracts work in the borrowing process is explained in detail. However, since this is insufficient, I am preparing a visual model that users will understand how it works before the process starts.

Here is briefly what they are:

2 contracts ensure that the funds of the lender and borrower parties are secure before the match.

onExpire contract is activated
if your loan offer does not match and automatically sends
the loan or colleteral, which is the amount you deposit or
lock for the loan contract, back to your GalacticTrade
account within X days.

onIncomplete contract ensures
that the escrow account, which has been specially activated
for you and has enough funds to operate, will merge into
GalacticTrade if you do not complete all the steps necessary
to publish the loan offer. This contract is valid only if
the onExpire contract is invalid.

The 5 contracts manage the post-match payment to the borrower, the repayment from the borrower to the lender, the delay and cancellation status.

onPayment contract is
contract ensures that the loan amount is transferred
to the borrower.

onCancel contract
becomes active as a result of discontinuance of
transactions on both sides of the borrower and
lender and closes the escrow account created for the
transaction (Merge account)

onRepay contract ensures
that the debt paid is sent to the lender and the
locked collateral is sent to the borrower back if
the debt is paid. Also, after these transactions,
the escrow account created for the loan is closed
for use. (Account merge)

onDelay contract becomes
active if the borrower fails to pay the debt on time
and sends the entire amount of collateral under the
account of the lender. Also, after these
transactions, the escrow account created for the
loan is closed for use. (Account merge)

onIncomplete contract becomes active if the escrow accounts do not trade on either side and wait for the expire period and abandon the transaction. The escrow account merges back to GalacticTrade.

GalacticTrade prepares and delivers contracts for the two parties and sends it to the Stellar network when the time comes. Borrower and lender can run these contracts (preAuthTx) and complete the loan, even if the GalacticTrade platform disappears.

If the bids to the opened loans are not completed on time, the bid will be canceled automatically and the loan will be open to everyone again. Similarly, if the request to create a loan offer is not completed within a certain period of time, the escrow account (s) created for the loan offer will be closed automatically.

You can ask your questions about the loans system here or via GalacticTrade.

OrbitLens

galactictrade The approach is quite exciting. But it's a prototype, right? I wouldn't roll out such a system on the mainnet without thoroughly describing the process from a UX perspective. Currently, it looks more like a playground for developers with all those scary contracts.

Also, I don't understand the collateral requirements and don't see a forced liquidation option – arguably the most complex part of the lending systems. For example, I deposit BTC tokens pegged on Stellar to the lending contract as collateral for an XLM loan. First of all, the system should automatically detect the exchange rate and set minimum collateral requirements. For example, Maker requires at least 150% of the loan value to be collateralized. And if tomorrow XLM suddenly jumps 10% against BTC (which is definitely possible as history shows), the system should automatically send the margin call notification to the borrower with a proposal to increase the collateral position. If the borrower fails to increase collateral or repay the loan, and the collateral percentage is lower than a certain threshold (say, 130%), the position should be automatically liquidated.

Without such an emergency liquidation system, lenders are not protected at all and nobody will use such p2p loans for volatile pairs. Maybe it makes sense for USD/EUR or USD/NGNT pairs due to the low volatility of the underlying fiat markets, but the orderbooks on Stellar lack liquidity. So I doubt that lenders will risk their fiat-pegged tokens for less than, say, 10% rate even on short-term loans.

That's a good starting point, but please don't roll out this on the mainnet until you make sure that both sides of the deal are protected. It may really hurt the ecosystem if people start using it and lose their money. There is a reason why there are no lending/margin projects on Stellar. We don't have such flexible smart contracts and on-chain oracles. I'd say that second-layer solutions are better suited for this purpose.

galactictrade

OrbitLens
Hey,

OrbitLens The approach is quite exciting. But it's a prototype, right? I wouldn't roll out such a system on the mainnet without thoroughly describing the process from a UX perspective. Currently, it looks more like a playground for developers with all those scary contracts.

Yes, this is the first concrete example of how P2P lending can be made possible with Stellar's Multisignature, Atomicity, Sequence and Time Bounds features. The reason I post it on the public network comes from numerous tests I have done to make sure the contracts are working smoothly. I am preparing the GalacticTrade testnet subdomain version for those who want to test the contracts deeper.

OrbitLens Also, I don't understand the collateral requirements and don't see a forced liquidation option – arguably the most complex part of the lending systems. For example, I deposit BTC tokens pegged on Stellar to the lending contract as collateral for an XLM loan. First of all, the system should automatically detect the exchange rate and set minimum collateral requirements. For example, Maker requires at least 150% of the loan value to be collateralized. And if tomorrow XLM suddenly jumps 10% against BTC (which is definitely possible as history shows), the system should automatically send the margin call notification to the borrower with a proposal to increase the collateral position. If the borrower fails to increase collateral or repay the loan, and the collateral percentage is lower than a certain threshold (say, 130%), the position should be automatically liquidated.

This is called dynamic "margin calls". This mechanism exists in many projects that use Ethereum smart contracts, but risk management is left entirely to the contract there, and if there is an error in the contract, people's funds may disappear and I have seen this many times. Therefore, the "margin calls" mechanism is left optional in some projects. This is something I am working on and trying to find a solution, but it is not a must. The risk-taking party can secure itself by adjusting the haircut, interest and maturity values according to the risks envisaged before starting the credit transaction. Trying to make dynamic "margin calls" with existing Stellar features will complicate this system and lead users to sign numerous contracts.

OrbitLens Without such an emergency liquidation system, lenders are not protected at all and nobody will use such p2p loans for volatile pairs. Maybe it makes sense for USD/EUR or USD/NGNT pairs due to the low volatility of the underlying fiat markets, but the orderbooks on Stellar lack liquidity. So I doubt that lenders will risk their fiat-pegged tokens for less than, say, 10% rate even on short-term loans.

If Lender thinks that the value of the asset he accepts is fluctuating, he can determine a loan period, haircut value and interest value and protect himself. Here, they determine the risks of the lender and the borrower themselves and accept this and start this process. I am working on different solutions to protect both sides, but my priority is that both parties always approve something on the system at the minimum level.

OrbitLens That's a good starting point, but please don't roll out this on the mainnet until you make sure that both sides of the deal are protected. It may really hurt the ecosystem if people start using it and lose their money. There is a reason why there are no lending/margin projects on Stellar. We don't have such flexible smart contracts and on-chain oracles. I'd say that second-layer solutions are better suited for this purpose.

Yes, as I said, this system is a working concrete example of P2P lending and borrowing possible on Stellar, and no doubt that it will continue to evolve and improve. Perhaps we will see new CAPs and side-chains that will steer this, and then much more dynamic contracts will be possible.

The reason I posted it on Mainnet was to show that the contracts are more than theoretical. It's really easy to control it with the limits I set. For example, to be able to open a lending-buying offer for a maximum of $ 50. I am sure that this worry will disappear with the TESTNET version I will release.

The only thing I think might be a problem here for a long time is "surge pricing". That's why I set the maximum credit period to 30 days in the current version. When the network enters the "surge pricing" mode and the preAuthTxs are sent to the network, if the predetermined transaction fee for the contracts is insufficient, it will receive the error "tx_insufficient_fee" until the network becomes normal, but this does not prevent the contracts from still being valid because it does not affect the sequence number of the escrow account.

OrbitLens

galactictrade Would love to see a solution that proposes contracts with dynamic forced liquidation. I'd use it myself. Without this feature the lenders will be too cautious – require huge collateral for short-term contracts only.

BTW, are you going to introduce public API for this to allow p2p lending and matching for trading bots?

dzham

galactictrade The only thing I think might be a problem here for a long time is "surge pricing". That's why I set the maximum credit period to 30 days in the current version. When the network enters the "surge pricing" mode and the preAuthTxs are sent to the network, if the predetermined transaction fee for the contracts is insufficient, it will receive the error "tx_insufficient_fee" until the network becomes normal, but this does not prevent the contracts from still being valid because it does not affect the sequence number of the escrow account.

Just a small comment here..

Since protocol v11, the fee you specify isn't the one you will pay, but the maximum fee you are willing to pay. You can set it to something rather high, and in most cases you will pay a lot less.

And @OrbitLens might know more about when the fee bumping will arrive.

galactictrade

OrbitLens

OrbitLens Would love to see a solution that proposes contracts with dynamic forced liquidation. I'd use it myself. Without this feature the lenders will be too cautious – require huge collateral for short-term contracts only.

Yes, I will try to find a model for this that does not cause user experience problems.

OrbitLens BTW, are you going to introduce public API for this to allow p2p lending and matching for trading bots?

Yes, I can offer this as a public API. It will be sufficient to sign and send contracts (XDRs) by using the API with any Stellar library (eg js-stellar-base). Of course, I need to prepare a solid documentation for this. What kind of scenario do you have for trading bots?

OrbitLens

dzham Core devs released the protocol version 13 RC1 today, so probably we'll see it on the testnet soon.

galactictrade

dzham

dzham Since protocol v11, the fee you specify isn't the one you will pay, but the maximum fee you are willing to pay. You can set it to something rather high, and in most cases you will pay a lot less.

This is really good news. When it is published, I will test it and share the results. Thank you.

« Previous Page Next Page »