

Baron is a Bitcoin payment processor that anyone can deploy - adrianmacneil
https://github.com/slickage/baron

======
wtogami
[https://bitcointalk.org/index.php?topic=309785.0](https://bitcointalk.org/index.php?topic=309785.0)
BitcoinTalk.org includes Baron in its security bounty program because it
intends on using it within its own infrastructure. If you find a way to break
it you can earn some serious money.

------
jianshi
I'm the CEO of Slickage. This was released a few months ago and I'm personally
sorry for the downtime of demo. I hope people like it!

------
kleer001
I'd love to see a review of this code

~~~
linhares
it's OSS...

------
wmf
Does this use extended public keys?

~~~
yafujifide
As best I can tell, it does not do any key management. No reference to terms
like "Key" or "HierarchicalKey" at all. My guess is that you have to give it
the addresses you own, and it detects if payment has been made to them. Since
it does not use "HierarchicalKey", bitcore's term for BIP32 extended keys, it
probably requires that you constantly refill the address pool so it doesn't
run out. Or it reuses them.

edit: I also just realized it depends on "bitcoin". It may rely on a running
bitcoin core full node to handle the private keys.

~~~
jamoes
Based on the fact that it has a "Bitcoind RPC port" option, I think it is safe
to say that it just relies on a running Bitcoin Core node.

That means it does not support deterministic keys. Users will need to be
careful to back up their wallet.dat file on a periodic basis.

~~~
wtogami
That's correct. Currently it requires private keys on the Baron server, which
means the wallet must be encrypted and backed up often. Encrypted means the
keypool must be refilled periodically.

If there is sufficient demand it would be theoretically possible to include
watch-only support so the Baron server need not have private keys online.
Ideally this would work with a Hierarchical Deterministic wallet where the
server does not need to be periodically refilled with unused addresses.

Hypothetically this could be done today with a javascript library that
generates the public addresses as needed. I am not sure if such a library
exists at the moment?

------
dscrd
Javascript as a language for handling serious amounts of money? I don't
know...

~~~
ubersync
NodeJS is very stable. Since JavaScript is asynchronous by design, NodeJS's
performance is excellent.

~~~
haakon
Stable, performant. Secure?

------
agorabinary
live demo 502

