WARNING: Haveno's multi-sig setup does not protect liquidity (open offers) : Monero | Torhoo darknet markets

How can anyone honestly think that locked haveno coins are truly in self-custody? In reality, bad haveno arbiters could easily pretend to be legit takers and get the 2/3 majority needed to approve a transaction, which could lead to theft. Even worse, admin bots could just wipe out the whole haveno order book with ease. Those issues have been confirmed by official dread mods and some reddit users.

Quote SaberhagenTheNameless:
...afaict Haveno/Retoswap, in it's current state, has more at risk from rugpulls than necessary - currently over a million USD at stake.
Sell offers are sitting there waiting to be automatically locked into a 2/3 multisig once taken (from potentially malicious admins controlling arbitrator/taker bots meaning they would have enough keys to steal)
Right now nothing is really preventing admins from sweeping the entire orderbook on the sell side.
Source: https://primal.net/e/nevent1qqsy7hmx9n2ws94x92ftvc44ylkejyg8ygw9z9pt4eswj44yqewp3jcpzamhxue69uhkvet9v3ejumn0wd68ytnzv9hxgtcppemhxue69uhkummn9ekx7mp0qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshs0gztdf
Cached: https://archive.ph/JOqDC#25%

Quote shortwavesurfer2009:
The way it would work would be that an arbitrator would create a bot to take the offers and then use the key from the taker bot and their arbitrator key to steal the escrow which contains the seller's Monero plus their security deposit.
Source: https://primal.net/e/nevent1qqs0h2fvwvcsg58l6xw9hwpav4kk3vry933rrm6pparrf0s7p9rel6gpz4mhxue69uhkg6t5w3hjuur4vghhyetvv9uszyrhwden5te0v5hxummn9ekx7mp0qythwumn8ghj7en9v4j8xtnwdaehgu3wvfskuep0mvpr6f
Cached: https://archive.ph/gSRVs#25%

Quote https://torhoo.cc/go.php?u=TDNVdlYyOXZaR1Z1U1c1bWIzSnRZWFJwYjI0M016QT0=#:
The arbitrators could rug the whole orderbook (all sell offers and security deposits) by taking all the offers at once.
Source: https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwp7yhn/?context=3#mwp7yhn
Cached: https://archive.ph/icuxp#65%

Quote: https://torhoo.cc/go.php?u=TDNVdmJXOXVaWEp2WDJSbGMydGZjM1Z3Y0c5eWRBPT0=#:
After some thoughts, I think you are right and that the arbitration system in Haveno doesn't prevent arbitrators from pulling the funds. They would need to create a bot that takes all the offers and automatically unlock the funds with the key of the taker and arbitrator
Source: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-cac5570453f7fa9f42

Quote https://torhoo.cc/go.php?u=TDNVdloyVnZibWxqWHc9PQ==# (Monero Outreach Producer):
Reto has been around for a few milliseconds basically and nothing stops the network operators from creating fake orders if the pot gets big enough. A network would have to be operating successfully for a few years before I trust it with any significant amounts.
Source: https://rl.bloat.cat/r/Monero/comments/1h4icot/is_haveno_anymore_secure_than_trading_with_a/m0ae3rk/?context=3#m0ae3rk
Cached: https://archive.ph/bB1VN#84%

Quote https://torhoo.cc/go.php?u=TDNVdlYyOXZaR1Z1U1c1bWIzSnRZWFJwYjI0M016QT0=#: To post an offer, you have to deposit the amount + security deposit. If an arbitrator acts maliciously, they could take an offer and essentially steal the funds by signing the 2/3 multisig transaction, since they'd have two keys.
Source: https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwj10k3/?context=3#mwj10k3
Cached: https://archive.ph/icuxp#45%

Quote https://torhoo.cc/go.php?u=TDNVdmFtOXpjMloxYmc9PQ==#:
Haveno relies upon arbitration by the network you’re operating on. In a case where the arbitrators act maliciously they can create trades where they control 2/3 keys to seize funds.
Source: https://rl.bloat.cat/r/Monero/comments/1h4icot/is_haveno_anymore_secure_than_trading_with_a/
Cached: https://archive.ph/bB1VN