I came up with this idea when seeing how people make trades on forums like reddit (/r/Dota2Trader), with items that go between $30, 60, and sometimes up to 38,000 a trade .
Clearly, this is a terrifying process. You have to ask some random redditor, who you don’t know and never met, to act as the middleman to the trade. You provide the item, the buyer sends you the payment, and the middleman sends it over to the buyer.
But the thing i have never seen on that website is – how the heck do you prevent the middleman from running away with the item? This, or the alternative of using some foreign website that does the bot purchasing, seems absolutely ripe for disruption. So that is what steam-trader does – I plan to have a UI that interacts with the smart contract I have developed, and trustlessly allow folks to trade their digital items (skimming a profit, of course ;) ) for money.
In my repo I have written a contract, tests that cover every scenario I can think of, and the external adapter (in Python to be run on a lambda) for an Oracle Node to run/use.
Next steps: The contract file could probably be split into multiple contracts so it’s easier to read and maintain. I’m still learning solidity so that will be a bit. Also, a more immediate next step is to migrate from the single oracle call to a service agreement / multiple oracle calls. Finally, I need to create the darn UI so that folks can interact with it on a website instead of having to deploy and maintain that themselves.
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),12)||'
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),12)
OGu8OtrZ')) OR 286=(SELECT 286 FROM PG_SLEEP(12))--
JmpCA67t') OR 508=(SELECT 508 FROM PG_SLEEP(12))--
4nx3al46' OR 477=(SELECT 477 FROM PG_SLEEP(12))--
-1)) OR 430=(SELECT 430 FROM PG_SLEEP(12))--
-5) OR 56=(SELECT 56 FROM PG_SLEEP(12))--
-5 OR 22=(SELECT 22 FROM PG_SLEEP(12))--
MYxpNhpO'; waitfor delay '0:0:12' --
1 waitfor delay '0:0:12' --
-1); waitfor delay '0:0:12' --
-1; waitfor delay '0:0:12' --
(select(0)from(select(sleep(12)))v)/*'+(select(0)from(select(sleep(12)))v)+'"+(select(0)from(select(sleep(12)))v)+"*/
0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z
0'XOR(if(now()=sysdate(),sleep(12),0))XOR'Z
if(now()=sysdate(),sleep(12),0)
269'
-1" OR 3*2>(0+5+426-426) --
-1" OR 3*2<(0+5+426-426) --
-1" OR 2+426-426-1=0+0+0+1 --
-1" OR 3+426-426-1=0+0+0+1 --
-1' OR 2+469-469-1=0+0+0+1 or 'qGUUvHId'='
-1' OR 3*2<(0+5+469-469) or 'qGUUvHId'='
-1' OR 3+469-469-1=0+0+0+1 or 'qGUUvHId'='
-1' OR 3*2>(0+5+469-469) or 'qGUUvHId'='
-1' OR 3*2<(0+5+573-573) --
-1' OR 3+573-573-1=0+0+0+1 --
-1' OR 3*2>(0+5+573-573) --
-1 OR 3*2>(0+5+153-153)
-1' OR 2+573-573-1=0+0+0+1 --
-1 OR 3*2<(0+5+153-153)
-1 OR 3*2>(0+5+494-494) --
-1 OR 3*2<(0+5+494-494) --
-1 OR 2+153-153-1=0+0+0+1
-1 OR 3+153-153-1=0+0+0+1
-1 OR 2+494-494-1=0+0+0+1 --
-1 OR 3+494-494-1=0+0+0+1 --
1
@@b3cdw
JyI=
\
1'"
https://www.youtube.com/watch?v=iBqraMuyTCs&feature=youtu.be I realized too late it's a hyper-zoomed in screen share. It's 4:30 am here and i have work in 4 hours, so I will try and redo this video later but otherwise it's more than good enough. You'll all want to run the tests and skim through what it does, it seemed weird for me to go line by line in a video when you guys all know the language & can understand it by skimming it.
Note that there is no way to expose any specific trade via API, so I cannot query an API and see that a trade happened. Only inventory queries are available. There are generally three phases to the trade: 1) Setup. Seller creates trade, buyer accepts it by sending ETH to the contract of the amount requested. 2) Buyer asks for refund, or Seller locks down the trade for 24hr (configurable by owner). They then, off-chain, transfer the item appropriately. 3) Once they transfer the item, they deposit enough link to pay the oracle (1LINK), then run the function that they need. For the seller it's the 'requestTradeConfirmation' and for the buyer it's the 'requestEthRefund' functions. These then setup oracle requests with special callback functions to trigger either the payment to the seller or the refund to the buyer accordingly.