vic-en/pretix-eth-payment-plugin

Security: get exchange rate via makerDAO oracle

ligi opened this issue · 1 comments

ligi commented

this

rate = requests.get('https://api.bitfinex.com/v1/pubticker/' + request.session['fm_currency'] + 'usd')

could be replaced with a query of the MakerDAO price oracle - perhaps even via INCUBED.

Otherwise it is easy for bitfinex to get cheap tickets as far as I see ,-)

ligi commented

as this repository is unmaintained - moving to: efdevcon/pretix-eth-payment-plugin#2