.netbitcoincryptocurrencynbitcoinblockcypher

Validating Purchases from an Exchange


I'm new to crypto but I'm attempting to implement a storefront to process bitcoin sending / receiving. In my first test I transferred some BTC from my coinbase account to my personally hosted wallet. The result was what appears to be a combined transaction with several unknown (for all intents and purposes anyway, they are coinbase's (temporary?) wallets) public keys that distribute out to the various output wallets, including the one I was using in my test.

So I received the bitcoin, but I cannot verify that it came from me as coinbase's system obfuscates that detail. The wallet / key they display on the website seems to only be for receiving crypto.

The only solution that has come to mind is to create a different wallet for every transaction in order to verify the amount received is as expected, and thus removes any nonsense with having to trust user input. Is this the standard methodology? Are there better ways to handle this? I figure the cost of then transferring from those small wallets would be a rather large loss.

For this project I'm using NBitcoin + Blockcypher in a .NET Framework environment.

Thank you for any insight or suggestions in advance. This has been an interesting field to dive into.


Solution

  • Multiple inputs

    Each transaction can have multiple inputs, which are the addresses you are seeing. A transaction with multiple inputs counts as a single transaction. So the miner's fee will be the same as a transaction with a single input.

    A user spending the transaction will need to have the private key of each input, so it's safe to assume that all the inputs belong to the same user.

    Outputs

    A transaction can have 1 or 2 outputs. One for the receiving party, and one for any spare change back to the paying party.

    Automatically validating a transaction

    All automatic payment validation systems (that I know of), use "single-use addresses". That is, they create an address that is only used once. You can then link the address to a certain user, and check if the funds were received on that address without having to know anything about the input addresses.

    Note that most wallets also generate a lot of addresses for users. So, keeping a record of users and their bitcoin addresses is generally not recommended.

    As generating new bitcoin addresses is quite easy, I would suggest you set up a system that generates a new address for each incoming payment. If you share this address only with the paying party you know for certain it can only be them that made the payment.

    Good luck!