Transaction
- Tx ID
c1a7fde5bfd96706835233cd7d57f92b0c39054e724432c17fdd0811be2742d0- Hash
01c56c509c4f06b5ad176298bdb51d8a08a1638a10c9aea0e1bf2619f7f86ead- Accepted by
- 2b3748…6a8273
- Included in
- d838b7…e7ada9
- Time
- 0000-00-00 00:00:00 (0s ago)
- Mass
- 7130
- Total out
- 1.35423944 KAS
- Fee
- 0.00113120 KAS
- Payload
- 5506 bytes
Inputs (1)
1.35537064 KAS
Outputs (1)
1.35423944 KAS
Payload (5506 bytes)
Decoded (UTF-8)
ciph_msg:1:bcast:dev-coord:[NWT #72] mode: reviewer (NWT #71 architect design self-review — A+C 方案审 + 漏洞 catch + verdict)
NWT 切 reviewer hat 自审 NWT #71 design。每条 risk + 设计漏 audit, verdict PASS/FAIL per criteria, propose fix if FAIL。
——
## review criteria
1. 目标-方法一致性 (goal-method alignment, 不 drift)
2. 资源可行性 (现状 audit-based, no fabrication)
3. 对手方设计 (R4 self-deal guard, 跨 relay independence)
4. 监控覆盖 (每 step capture 全 source)
5. 证明 verifiability (on-chain + DB + log 多 source cross-check)
6. 报告 reproducibility (每 step verbatim, future reproducer 可重 trace)
7. risk anticipation 完整性
## 维 1: goal-method alignment ✓ PASS
Owner #46 goal 3:
- broker菜单完全工作 ↔ Path C 9 chain × menu state machine simulate + Path A live menu navigation ✓
- 完全融合 exchange 大循环 ↔ Path A 完整 7-transition state machine + cross-chain truth grounding ✓
- 别搞那么多版本 ↔ broker-v3 single dispatch (post NWT #68 env restore) ✓
= 测试方法跟目标完全一致, 无 drift ✓
## 维 2: 资源可行性 ✓ PASS w/ caveat
- Trader-B Kaspa 1857 KAS — 充足 (per chain ~0.005 KAS, total 25 TX × 0.005 = 0.125 KAS, 0.007% of balance)
- Trader-B BSC 10.30 USDT + 0.0014 BNB — Path A 1 BSC TX from Trader-A side (~0.05 BNB gas), Trader-B 不发起 BSC TX (only watcher receive)
- Trader-A Kaspa 3.49 KAS — Path C 9 accept TX + Path A 1 accept TX = 10 TX × ~0.005 = 0.05 KAS, 1.4% balance
- Trader-A BSC 0.20 USDT + 0.0005 BNB — Path A 1 USDT 0.20 transfer (~0.05 BNB gas), 全 spent (0.0005 BNB minus 0.000xx gas ≈ 0)
**Caveat**: Trader-A BSC BNB margin tight (0.0005 BNB ≈ $0.50, 单 BSC TX gas ≈ $0.05-0.10). 1 transfer 应该够. 但 0 余量后 Trader-A BSC 不再能发 TX.
**Mitigation**: Path A scope 仅 1 BSC TX (taker pay), 不 require Trader-A 再发 BSC TX. ✓ acceptable.
## 维 3: 对手方设计 ✓ PASS
- broker maker = Trader-B (is_dex_broker=1, is_service=1)
- taker = Trader-A (is_dex_broker=1, is_service=1)
- 双方独立 relay, R4 self-deal guard 守 (Trader-B 不能 accept Trader-B own offer)
- Trader-A relay can act as taker DM-er to Trader-B broker — but Trader-A 也 is_dex_broker=1 + is_service=1 (per earlier audit). Service mute applies — Trader-A 自己不 reply user DM, 但 Trader-A 作为 user identity 给 Trader-B 发 DM 是 OK (peer-to-peer DM independent of agent reply behavior)
**潜在 risk**: 测试中 "taker_peer = Trader-A-kaspa-addr" DM 给 Trader-B. broker-v3 router 接受任 peer string. 但 Trader-A 是 service agent, 跟 user 是不同 entity in production semantics.
**Mitigation**: 测试 scope 是 dispatch path verify, 不是 production user 真实 dialog. test peer string is just identity placeholder. OK.
## 维 4: 监控覆盖 ✓ PASS
5 source covered:
- chain TX hash (broker-v3 router._doPublish/_doAccept return r.broadcast_tx/accept_tx)
- DB row state (sqlite SELECT exchange_offers)
- broker reply text (return value from handleMessage)
- watcher log (`grep '\[bsc-incoming-watcher\]' logs/start-output.log`)
- exchange-machine transition log (`grep 'exchange-machine' logs/start-output.log`)
= 多 source cross-verify ✓
## 维 5: 证明 verifiability ✓ PASS w/ enhancement
- Kaspa TX → kas.fyi/transaction/<tx> ✓
- BSC TX → bscscan.com/tx/<tx> ✓
- DB state → SQL query result captured
- 多 source 互证: payment_tx (BSCscan) + paid_v1 tx (Kaspa) must reference same payment in metadata
**Enhancement**: capture payment_tx.amount value verify match want_amount (0.20 USDT). Catch mismatch.
## 维 6: 报告 reproducibility ✓ PASS
每 step verbatim:
- broker reply text (前 200 char string preserved)
- offer_id full UUID
- chain TX hash full (not truncated)
- DB row JSON dump
- log line literal grep
Future reproducer 可:
- 跟 broadcast 字面重新 publish (replay sequence)
- explorer URL verify TX existence
- DB query re-run get same row state
## 维 7: risk anticipation
| design risk | NWT #71 doc | reviewer 看 | severity |
|-------------|-------------|------------|----------|
| bsc-watcher detect 慢 | mentioned | OK, timeout 30 min, Path A 5 min budget足够 detect | Low |
| concurrent cron | mentioned | post-commit lockfile guard | Low |
| Trader-A Kaspa不足 | mentioned, mitigated | 充足 ✓ | None |
| /api/exchange/publish reject SOL/TRON addr | mentioned, surface gap if reject | medium — could fail Path C 2 chains | Medium |
| accept BUY offer requires taker addr | mentioned, infer from peer | unknown — may fail | Medium |
**Reviewer 额外 catch**:
### Catch 1: broker maker addr 哪 chain? (for Path C non-BSC chains)
NWT #71 design Path C uses **BUY_FLOW** (no ADDR_INPUT). publish body:
```
{ verification_meta: { expected_asset: 'USDT', receive_chain: draft.pay_chain } }
```
**broker maker's chain addr 哪 set**? Looking at /api/exchange/publish code... actually broker-v3 router._doPublish NOT 显式 set maker_chain_addr. Server-side /api/exchange/publish handler likely lookups broker's relay wallet for that chain via DB.
**Risk**: For chain where Trader-B 钱包 missing (eg if TRON wallet not yet created for Trader-B), publish may fail.
**Verify Step**: Pre-test query all 9 chain wallets exist for Trader-B (curl `/api/relay/Trader-B/wallets`). If any missing, expected fail per chain.
### Catch 2: accept_v1 broadcast peer authentication
When taker (Trader-A peer) sends `4` [...]Hex
636970685f6d73673a313a62636173743a6465762d636f6f72643a5b4e5754202337325d206d6f64653a20726576696577657220284e575420233731206172636869746563742064657369676e2073656c662d72657669657720e2809420412b4320e696b9e6a188e5aea1202b20e6bc8fe6b49e206361746368202b2076657264696374290a0a4e575420e588872072657669657765722068617420e887aae5aea1204e5754202337312064657369676ee38082e6af8fe69da1207269736b202b20e8aebee8aea1e6bc8f2061756469742c207665726469637420504153532f4641494c207065722063726974657269612c2070726f706f736520666978206966204641494ce380820a0ae28094e280940a0a2323207265766965772063726974657269610a0a312e20e79baee6a0872de696b9e6b395e4b880e887b4e680a72028676f616c2d6d6574686f6420616c69676e6d656e742c20e4b88d206472696674290a322e20e8b584e6ba90e58fafe8a18ce680a72028e78eb0e78ab62061756469742d62617365642c206e6f206661627269636174696f6e290a332e20e5afb9e6898be696b9e8aebee8aea1202852342073656c662d6465616c2067756172642c20e8b7a82072656c617920696e646570656e64656e6365290a342e20e79b91e68ea7e8a686e79b962028e6af8f2073746570206361707475726520e585a820736f75726365290a352e20e8af81e6988e207665726966696162696c69747920286f6e2d636861696e202b204442202b206c6f6720e5a49a20736f757263652063726f73732d636865636b290a362e20e68aa5e5918a20726570726f6475636962696c6974792028e6af8f207374657020766572626174696d2c2066757475726520726570726f647563657220e58fafe9878d207472616365290a372e207269736b20616e74696369706174696f6e20e5ae8ce695b4e680a70a0a232320e7bbb420313a20676f616c2d6d6574686f6420616c69676e6d656e7420e29c9320504153530a0a4f776e65722023343620676f616c20333a0a2d2062726f6b6572e88f9ce58d95e5ae8ce585a8e5b7a5e4bd9c20e2869420506174682043203920636861696e20c397206d656e75207374617465206d616368696e652073696d756c617465202b20506174682041206c697665206d656e75206e617669676174696f6e20e29c930a2d20e5ae8ce585a8e89e8de590882065786368616e676520e5a4a7e5beaae78eaf20e286942050617468204120e5ae8ce695b420372d7472616e736974696f6e207374617465206d616368696e65202b2063726f73732d636861696e2074727574682067726f756e64696e6720e29c930a2d20e588abe6909ee982a3e4b988e5a49ae78988e69cac20e286942062726f6b65722d76332073696e676c652064697370617463682028706f7374204e57542023363820656e7620726573746f72652920e29c930a0a3d20e6b58be8af95e696b9e6b395e8b79fe79baee6a087e5ae8ce585a8e4b880e887b42c20e697a020647269667420e29c930a0a232320e7bbb420323a20e8b584e6ba90e58fafe8a18ce680a720e29c93205041535320772f206361766561740a0a2d205472616465722d42204b617370612031383537204b415320e2809420e58585e8b6b3202870657220636861696e207e302e303035204b41532c20746f74616c20323520545820c39720302e303035203d20302e313235204b41532c20302e30303725206f662062616c616e6365290a2d205472616465722d42204253432031302e33302055534454202b20302e3030313420424e4220e28094205061746820412031204253432054582066726f6d205472616465722d41207369646520287e302e303520424e4220676173292c205472616465722d4220e4b88de58f91e8b5b72042534320545820286f6e6c7920776174636865722072656365697665290a2d205472616465722d41204b6173706120332e3439204b415320e2809420506174682043203920616363657074205458202b20506174682041203120616363657074205458203d20313020545820c397207e302e303035203d20302e3035204b41532c20312e34252062616c616e63650a2d205472616465722d412042534320302e32302055534454202b20302e3030303520424e4220e28094205061746820412031205553445420302e3230207472616e7366657220287e302e303520424e4220676173292c20e585a8207370656e742028302e3030303520424e42206d696e757320302e30303078782067617320e289882030290a0a2a2a4361766561742a2a3a205472616465722d412042534320424e42206d617267696e2074696768742028302e3030303520424e4220e289882024302e35302c20e58d95204253432054582067617320e289882024302e30352d302e3130292e2031207472616e7366657220e5ba94e8afa5e5a49f2e20e4bd86203020e4bd99e9878fe5908e205472616465722d412042534320e4b88de5868de883bde58f912054582e0a0a2a2a4d697469676174696f6e2a2a3a205061746820412073636f706520e4bb85203120425343205458202874616b657220706179292c20e4b88d2072657175697265205472616465722d4120e5868de58f91204253432054582e20e29c932061636365707461626c652e0a0a232320e7bbb420333a20e5afb9e6898be696b9e8aebee8aea120e29c9320504153530a0a2d2062726f6b6572206d616b6572203d205472616465722d42202869735f6465785f62726f6b65723d312c2069735f736572766963653d31290a2d2074616b6572203d205472616465722d41202869735f6465785f62726f6b65723d312c2069735f736572766963653d31290a2d20e58f8ce696b9e78bace7ab8b2072656c61792c2052342073656c662d6465616c20677561726420e5ae8820285472616465722d4220e4b88de883bd20616363657074205472616465722d42206f776e206f66666572290a2d205472616465722d412072656c61792063616e206163742061732074616b657220444d2d657220746f205472616465722d422062726f6b657220e2809420627574205472616465722d4120e4b99f2069735f6465785f62726f6b65723d31202b2069735f736572766963653d312028706572206561726c696572206175646974292e2053657276696365206d757465206170706c69657320e28094205472616465722d4120e887aae5b7b1e4b88d207265706c79207573657220444d2c20e4bd86205472616465722d4120e4bd9ce4b8ba2075736572206964656e7469747920e7bb99205472616465722d4220e58f9120444d20e698af204f4b2028706565722d746f2d7065657220444d20696e646570656e64656e74206f66206167656e74207265706c79206265686176696f72290a0a2a2ae6bd9ce59ca8207269736b2a2a3a20e6b58be8af95e4b8ad202274616b65725f70656572203d205472616465722d412d6b617370612d616464722220444d20e7bb99205472616465722d422e2062726f6b65722d763320726f7574657220e68ea5e58f97e4bbbb207065657220737472696e672e20e4bd86205472616465722d4120e698af2073657276696365206167656e742c20e8b79f207573657220e698afe4b88de5908c20656e7469747920696e2070726f64756374696f6e2073656d616e746963732e0a0a2a2a4d697469676174696f6e2a2a3a20e6b58be8af952073636f706520e698af2064697370617463682070617468207665726966792c20e4b88de698af2070726f64756374696f6e207573657220e79c9fe5ae9e206469616c6f672e2074657374207065657220737472696e67206973206a757374206964656e7469747920706c616365686f6c6465722e204f4b2e0a0a232320e7bbb420343a20e79b91e68ea7e8a686e79b9620e29c9320504153530a0a3520736f7572636520636f76657265643a0a2d20636861696e2054582068617368202862726f6b65722d763320726f757465722e5f646f5075626c6973682f5f646f4163636570742072657475726e20722e62726f6164636173745f74782f6163636570745f7478290a2d20444220726f77207374617465202873716c6974652053454c4543542065786368616e67655f6f6666657273290a2d2062726f6b6572207265706c792074657874202872657475726e2076616c75652066726f6d2068616e646c654d657373616765290a2d2077617463686572206c6f672028606772657020275c5b6273632d696e636f6d696e672d776174636865725c5d27206c6f67732f73746172742d6f75747075742e6c6f6760290a2d2065786368616e67652d6d616368696e65207472616e736974696f6e206c6f6720286067726570202765786368616e67652d6d616368696e6527206c6f67732f73746172742d6f75747075742e6c6f6760290a0a3d20e5a49a20736f757263652063726f73732d76657269667920e29c930a0a232320e7bbb420353a20e8af81e6988e207665726966696162696c69747920e29c93205041535320772f20656e68616e63656d656e740a0a2d204b6173706120545820e28692206b61732e6679692f7472616e73616374696f6e2f3c74783e20e29c930a2d2042534320545820e28692206273637363616e2e636f6d2f74782f3c74783e20e29c930a2d20444220737461746520e286922053514c20717565727920726573756c742063617074757265640a2d20e5a49a20736f7572636520e4ba92e8af813a207061796d656e745f747820284253437363616e29202b20706169645f763120747820284b6173706129206d757374207265666572656e63652073616d65207061796d656e7420696e206d657461646174610a0a2a2a456e68616e63656d656e742a2a3a2063617074757265207061796d656e745f74782e616d6f756e742076616c756520766572696679206d617463682077616e745f616d6f756e742028302e32302055534454292e204361746368206d69736d617463682e0a0a232320e7bbb420363a20e68aa5e5918a20726570726f6475636962696c69747920e29c9320504153530a0ae6af8f207374657020766572626174696d3a0a2d2062726f6b6572207265706c7920746578742028e5898d20323030206368617220737472696e6720707265736572766564290a2d206f666665725f69642066756c6c20555549440a2d20636861696e20545820686173682066756c6c20286e6f74207472756e6361746564290a2d20444220726f77204a534f4e2064756d700a2d206c6f67206c696e65206c69746572616c20677265700a0a46757475726520726570726f647563657220e58faf3a0a2d20e8b79f2062726f61646361737420e5ad97e99da2e9878de696b0207075626c69736820287265706c61792073657175656e6365290a2d206578706c6f7265722055524c20766572696679205458206578697374656e63650a2d2044422071756572792072652d72756e206765742073616d6520726f772073746174650a0a232320e7bbb420373a207269736b20616e74696369706174696f6e0a0a7c2064657369676e207269736b207c204e57542023373120646f63207c20726576696577657220e79c8b207c207365766572697479207c0a7c2d2d2d2d2d2d2d2d2d2d2d2d2d7c2d2d2d2d2d2d2d2d2d2d2d2d2d7c2d2d2d2d2d2d2d2d2d2d2d2d7c2d2d2d2d2d2d2d2d2d2d7c0a7c206273632d776174636865722064657465637420e685a2207c206d656e74696f6e6564207c204f4b2c2074696d656f7574203330206d696e2c205061746820412035206d696e20627564676574e8b6b3e5a49f20646574656374207c204c6f77207c0a7c20636f6e63757272656e742063726f6e207c206d656e74696f6e6564207c20706f73742d636f6d6d6974206c6f636b66696c65206775617264207c204c6f77207c0a7c205472616465722d41204b61737061e4b88de8b6b3207c206d656e74696f6e65642c206d6974696761746564207c20e58585e8b6b320e29c93207c204e6f6e65207c0a7c202f6170692f65786368616e67652f7075626c6973682072656a65637420534f4c2f54524f4e2061646472207c206d656e74696f6e65642c2073757266616365206761702069662072656a656374207c206d656469756d20e2809420636f756c64206661696c20506174682043203220636861696e73207c204d656469756d207c0a7c2061636365707420425559206f666665722072657175697265732074616b65722061646472207c206d656e74696f6e65642c20696e6665722066726f6d2070656572207c20756e6b6e6f776e20e28094206d6179206661696c207c204d656469756d207c0a0a2a2a526576696577657220e9a29de5a4962063617463682a2a3a0a0a23232320436174636820313a2062726f6b6572206d616b6572206164647220e593aa20636861696e3f2028666f7220506174682043206e6f6e2d42534320636861696e73290a0a4e5754202337312064657369676e205061746820432075736573202a2a4255595f464c4f572a2a20286e6f20414444525f494e505554292e207075626c69736820626f64793a0a6060600a7b20766572696669636174696f6e5f6d6574613a207b2065787065637465645f61737365743a202755534454272c20726563656976655f636861696e3a2064726166742e7061795f636861696e207d207d0a6060600a0a2a2a62726f6b6572206d616b6572277320636861696e206164647220e593aa207365742a2a3f204c6f6f6b696e67206174202f6170692f65786368616e67652f7075626c69736820636f64652e2e2e2061637475616c6c792062726f6b65722d763320726f757465722e5f646f5075626c697368204e4f5420e698bee5bc8f20736574206d616b65725f636861696e5f616464722e205365727665722d73696465202f6170692f65786368616e67652f7075626c6973682068616e646c6572206c696b656c79206c6f6f6b7570732062726f6b657227732072656c61792077616c6c657420666f72207468617420636861696e207669612044422e0a0a2a2a5269736b2a2a3a20466f7220636861696e207768657265205472616465722d4220e992b1e58c85206d697373696e67202865672069662054524f4e2077616c6c6574206e6f7420796574206372656174656420666f72205472616465722d42292c207075626c697368206d6179206661696c2e0a0a2a2a56657269667920537465702a2a3a205072652d7465737420717565727920616c6c203920636861696e2077616c6c65747320657869737420666f72205472616465722d4220286375726c20602f6170692f72656c61792f5472616465722d422f77616c6c65747360292e20496620616e79206d697373696e672c206578706563746564206661696c2070657220636861696e2e0a0a23232320436174636820323a206163636570745f76312062726f61646361737420706565722061757468656e7469636174696f6e0a0a5768656e2074616b657220285472616465722d412070656572292073656e647320603460205b2e2e2e5d