
Show HN: Retail Store that runs on Ethereum - brakmic
https://github.com/brakmic/BlockchainStore
======
dbrgn
I would be terribly afraid to write a real world retail system in Solidity.
One stupid mistake and all the money is gone, without much you can do about
it.

And without formal verification, bugs are certain sooner or later.

~~~
scottshapiro
Would you feel more comfortable with Javascript on Lisk?

~~~
Moshe_Silnorin
Security isn't graded on a curve. The crappiness of Lisk doesn't make Solidity
any less crappy.

~~~
jfoutz
I kinda think it is. Not many systems can withstand a nation-state level
attack. But, uh, most people get a pass on that.

------
openasocket
How does Ethereum help with retail? It's not like the smart contracts can
verify that the customer has actually received the physical item.

~~~
ThrustVectoring
What? Yeah they can. Have an escrow that releases the sale price to the seller
and additional security deposits to both parties when the buyer sends proof
that they received a nonce shipped with the physical item. You can even add a
refund mechanism by allowing the buyer to send back another nonce along with
the returned item, which when redeemed returns all escrows back to whoever
originally paid in.

~~~
recursive
The buyer wouldn't receive the nonce until they received the physical item, at
which time they could claim they did not receive it.

~~~
zeroxfe
That's why you have the additional security deposits.

------
tuxxy
Ethereum will not scale.

/Every/ single node will have to run these contracts. Not your node, not ten
distributed nodes, but /every/ node has to run the contract.

I wouldn't trust anything with my money that works this way.

~~~
SirensOfTitan
> Ethereum will not scale.

I understand your not wanting to put your money into a bleeding edge
technology, but there are /plenty/ of ways that Ethereum is working on the
scaling problem:

1\. Sharding and shard-based consensus algorithms are already in development
and can be deployed after PoS hits. 2\. Raiden offers scalability solutions
for certain DApps.

~~~
tuxxy
> can be deployed after PoS hits.

Why is this considered a solution? All it does is formalize Vitalik's control
over the network. If he doesn't like it, it gets forked.

Not to mention, do you know how few Ethereum nodes there are that /actually/
verify the contracts? Proof of Stake isn't going to incentivize anyone to
execute the contracts on the scale that is needed to maintain this network.
Sharding won't work if there aren't enough people to work with.

What about DoS contracts? I know for a fact, that I can write code to brick
SSDs by writing as much as possible to them.

I honestly have no idea why anyone thinks joining into a botnet that allows
arbitrary code execution is okay.

Furthermore, all it takes is a single vulnerability in the Ethereum VM to
cause a chain split that could, theoretically, throw every node off.

------
AdamSC1
I'm unclear - how is this different than an eCommerce system (say Shopify or
WooCommerce) that had a plugin to accept Eth?

Is it just that the registrations are handled in contracts too?

------
1ba9115454
This first thing that popped into my head was Silk Road.

~~~
Cthulhu_
But with the store itself running in the blockchain (I think that's how it
works), so it's a lot harder for the FBI and co to infiltrate and take down.
Of course, they could instead create legislation that illegalizes the use of
Ethereum or any similar blockchain technology.

~~~
openasocket
There's a much simpler solution. Cops sell drugs on the market. Sellers have
to physically mail the drugs to the customer, so they need a mailing address.
Then instead of mailing drugs they raid the house. Pretty easy. And to get
sellers they can buy drugs and trace the drugs they bought back to the dealer.

The FBI may not be able to take down the entire store, but they don't have to.

~~~
Jenya_
The first issue is addressed by a reputation system (e.g. like in
LocalBitcoins where traders have the history and reputation). For cops to get
a good reputation would mean actually selling drugs to a lot of people.

And the second issue: what if cops traced the package to a country where
selling these drugs is legal (e.g. generics in India)?

~~~
Jtsummers
In an anonymous/pseudonymous system you can fake your reputation. If you can
launder the coin being used, you can reuse it to create a bunch of fake sales
and purchases with a randomized (but positive) score attached to the
transactions (or some subset of them, people don't always provide ratings).
This establishes the seller (and the buyer) reputations and allows them to
interact with others.

An account (seller or buyer) with a positive reputation could be hijacked if
their computers are compromised or they reveal just enough PII for an
investigative team to track them.

Re second issue: It may be legal to sell (drug) in (nation). If it's not legal
in (other nation), then you're breaking the law by sending it to (other
nation) even if you're in (nation). Local legality does not protect you
entirely, though it may shield you partially (through your nation not
supporting extradition). But should you enter (other nation), be prepared to
be arrested (this has happened several times in the US).

~~~
Jach
Reputation systems need to have more than just the number, they need to have a
date, and they need to have out-of-band communication points where prospective
buyers can see anything said about sellers outside of the transaction-level
reputation system. Silk Road at least had this. So how many months/years is
the cop account going to operate for, and how many fake sales can they get
away with without selling a legit thing to someone? If the system is using
bitcoin, each fake sale needs to use real bitcoin (and pay transaction fees),
and since site owners have an incentive to find and get rid of fakers cops
need to make sure their coins are adequately mixed too. To not actually ever
distribute anything, how long until multiple people complain that attempts to
buy resulted in the item being delisted? Or if they actually do get to buy,
how many times are the cops going to sell and deliver illegal goods in a
manner that will give them positive reviews sometimes with pictures (like good
package obfuscation)? The real protection for buyers is that cops don't spend
nearly as much resources (with the exception of maybe a couple items /
circumstances) going after buyers as they do going after sellers.

The protection for sellers is that it's actually pretty hard to track one down
from a package. Not impossible but hard. (And you might even get the wrong
seller. The seller you buy from might just be buying from someone else and
entering your information for delivery, like drop shipping. If you're
concerned about a seller, you might even pay a premium to sell their same item
at a loss and wait for someone else to take the buy risk for you.)

It's interesting to look at known dark market arrests, buyers tend to go down
to controlled deliveries of certain items but there's not all that much
commonality in arrests.
[https://www.gwern.net/DNM%20arrests#analysis](https://www.gwern.net/DNM%20arrests#analysis)

------
euparkeria
Interesting, i will try to fork this project to do a used clothes store(Brechó
in portuguese).

------
joeyspn
This is so cool! I was starting to research the design of something like
this...

The ERC20 token idea is also great, people then would have a reference
implementation for their own tokens... it could unlock a new wave of DApps.
Kudos!

------
jstanley
> Besides the web interface I'm planning to implement an ERC20 compliant token

Why??

~~~
rspeer
In case people want to give him lots of money for no reason.

------
NwmG
Check out openbazaar

