Skip to content

move Monero account payload to package #4586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sdmg15 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

move Monero account payload to package #4586

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f700fa
move Monero account payload to package
sdmg15 Mar 27, 2026
709f340
feat: implement subaddress routine inside MoneroFormController
sdmg15 Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions account/src/main/java/bisq/account/accounts/crypto/CryptoAssetAccount.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

import bisq.account.accounts.Account;
import bisq.account.accounts.AccountOrigin;
import bisq.account.accounts.crypto.monero.MoneroAccount;
import bisq.account.payment_method.crypto.CryptoPaymentMethod;
import bisq.account.timestamp.KeyType;
import bisq.common.proto.UnresolvableProtobufMessageException;
Expand Down
1 change: 1 addition & 0 deletions account/src/main/java/bisq/account/accounts/crypto/CryptoAssetAccountPayload.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

import bisq.account.accounts.AccountPayload;
import bisq.account.accounts.SingleCurrencyAccountPayload;
import bisq.account.accounts.crypto.monero.MoneroAccountPayload;
import bisq.account.payment_method.crypto.CryptoPaymentMethod;
import bisq.common.asset.CryptoAssetRepository;
import bisq.common.proto.UnresolvableProtobufMessageException;
Expand Down
3 changes: 2 additions & 1 deletion ...ccount/accounts/crypto/MoneroAccount.java → ...accounts/crypto/monero/MoneroAccount.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@
* along with Bisq. If not, see <http://www.gnu.org/licenses/>.
*/

package bisq.account.accounts.crypto;
package bisq.account.accounts.crypto.monero;

import bisq.account.accounts.AccountOrigin;
import bisq.account.accounts.crypto.CryptoAssetAccount;
import bisq.account.timestamp.KeyType;
import bisq.security.keys.KeyPairProtoUtil;
import lombok.EqualsAndHashCode;
Expand Down
3 changes: 2 additions & 1 deletion ...accounts/crypto/MoneroAccountPayload.java → ...s/crypto/monero/MoneroAccountPayload.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@
* along with Bisq. If not, see <http://www.gnu.org/licenses/>.
*/

package bisq.account.accounts.crypto;
package bisq.account.accounts.crypto.monero;

import bisq.account.accounts.crypto.CryptoAssetAccountPayload;
import bisq.account.accounts.util.AccountUtils;
import bisq.account.payment_method.crypto.CryptoPaymentMethod;
import bisq.common.asset.CryptoAssetRepository;
Expand Down
46 changes: 46 additions & 0 deletions account/src/main/java/bisq/account/accounts/crypto/monero/MoneroSubaddressService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* This file is part of Bisq.
*
* Bisq is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Bisq is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Bisq. If not, see <http://www.gnu.org/licenses/>.
*/

package bisq.account.accounts.crypto.monero;

import bisq.account.accounts.crypto.monero.knaccc.monero.address.WalletAddress;
import lombok.extern.slf4j.Slf4j;

import static com.google.common.base.Preconditions.checkArgument;

@Slf4j
public class MoneroSubaddressService {

public String generateSubAddress(String mainAddress, String privateViewKey, long accountIndex, long subAddressIndex) {
checkArgument(accountIndex >= 0, "accountIndex must be >= 0, was: %s", accountIndex);
checkArgument(subAddressIndex >= 0, "subAddressIndex must be >= 0, was: %s", subAddressIndex);
checkArgument(accountIndex > 0 || subAddressIndex > 0, "accountIndex and subAddressIndex cannot both be 0 (would represent main address)");
checkArgument(mainAddress != null && !mainAddress.trim().isEmpty(), "mainAddress must not be null or empty");
checkArgument(privateViewKey != null && !privateViewKey.trim().isEmpty(), "privateViewKey must not be null or empty");

try {
WalletAddress walletAddress = new WalletAddress(mainAddress);
long start = System.currentTimeMillis();
String subAddress = walletAddress.getSubaddressBase58(privateViewKey, accountIndex, subAddressIndex);
log.info("Created new subAddress {}. Took {} ms.", subAddress, System.currentTimeMillis() - start);
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Avoid logging full cryptocurrency addresses.

Logging the complete subAddress exposes sensitive financial information. Consider logging only a truncated version or omitting it entirely.

🔒 Proposed fix 
-            log.info("Created new subAddress {}. Took {} ms.", subAddress, System.currentTimeMillis() - start);
+            log.info("Created new subAddress (prefix: {}...). Took {} ms.", 
+                subAddress.substring(0, Math.min(8, subAddress.length())), 
+                System.currentTimeMillis() - start);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
log.info("Created new subAddress {}. Took {} ms.", subAddress, System.currentTimeMillis() - start);
log.info("Created new subAddress (prefix: {}...). Took {} ms.",
subAddress.substring(0, Math.min(8, subAddress.length())),
System.currentTimeMillis() - start);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@account/src/main/java/bisq/account/accounts/crypto/monero/MoneroSubaddressService.java`
at line 39, The log in MoneroSubaddressService currently prints the full
subAddress which leaks sensitive info; update the logging in the method that
creates new subaddresses (where subAddress is used) to avoid printing the full
address—either omit subAddress entirely or log a masked/truncated form (e.g.,
show only the first N and last M characters or replace middle chars with
ellipsis) and keep the elapsed time as before; locate the log.info call that
references subAddress and replace it with a maskedAddress variable or remove the
address from the message so only non-sensitive details (like timing) are logged.

return subAddress;
} catch (WalletAddress.InvalidWalletAddressException e) {
log.error("WalletAddress.getSubaddressBase58 failed for mainAddress: {}", mainAddress, e);
throw new IllegalArgumentException("Invalid main address or private view key", e);
}
}
}
Loading
Loading