You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new swap design for BTC -> Smartchain (Solana, Starknet, etc.) relies purely on bitcoin transactions with a certain structure being broadcasted - i.e. referencing the latest vault UTXO and adding the swap data to an OP_RETURN, the transaction therefore needs to be co-signed by the user and LP cooperatively. In the current design the user signs the transaction first and then sends it to the LP who should sign its input and broadcast the transaction, however there is no guarantee, nor incentive that the LP will do so in a timely manner. In this case the LP holds the free option over whether to execute the swap or not, and since bitcoin doesn't natively support transaction expiry this option is valid for as long as the user's UTXOs are not spent.
Here we present a novel idea to mitigate this issue and make it incentive compatible for LPs to execute the swaps in a timely manner. The construction is built on top of adaptor signatures & timelocks and works in a reactive manner. Similar approach can be also used with other bitcoin protocol which require transaction expiry in a 2-party setting.
As soon as the LP publishes the transaction that is expired, anyone with the required data can broadcast a different timelocked transaction, which burns the total amount destined for LPs to miner fees. Similar approach can be also used with other bitcoin protocol which require transaction expiry in a 2-party setting.
Principle of operation
There exist 2 parties, the user and the LP. User is the first signer of transaction and is therefore exposed to the risk of free option, LP signs second and is therefore holding the free option over whether to broadcast the transaction or not.
Instead of the user constructing the transaction first, we let the LP construct a punishment transaction first. The punishment transaction is timelocked to the required expiry blocktime/blockheight - E, signed by the LP and the signature is encrypted using a signature adaptor point generated by the LP and not revealed to the user. This transaction burns half of the swap BTC amount to miner fees and returns the rest back to the user, while still sending the funds on the destination chain to the user thanks to the OP_RETURN data.
Punishment transaction (TXp)
Inputs: Outputs:
>-- Vault UTXO 0 (adaptor signature) ---+---+--- Vault UTXO 1 --->
>-- User A UTXO 0 (unsigned) -----------+ +--- OP_RETURN data ->
... | +--- User A change -->
>-- User A UTXO N (unsigned) -----------+
Timelock: E
Fee: swap BTC amount / 2
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
atomiq labs
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The new swap design for BTC -> Smartchain (Solana, Starknet, etc.) relies purely on bitcoin transactions with a certain structure being broadcasted - i.e. referencing the latest vault UTXO and adding the swap data to an OP_RETURN, the transaction therefore needs to be co-signed by the user and LP cooperatively. In the current design the user signs the transaction first and then sends it to the LP who should sign its input and broadcast the transaction, however there is no guarantee, nor incentive that the LP will do so in a timely manner. In this case the LP holds the free option over whether to execute the swap or not, and since bitcoin doesn't natively support transaction expiry this option is valid for as long as the user's UTXOs are not spent.
Here we present a novel idea to mitigate this issue and make it incentive compatible for LPs to execute the swaps in a timely manner. The construction is built on top of adaptor signatures & timelocks and works in a reactive manner. Similar approach can be also used with other bitcoin protocol which require transaction expiry in a 2-party setting.
As soon as the LP publishes the transaction that is expired, anyone with the required data can broadcast a different timelocked transaction, which burns the total amount destined for LPs to miner fees. Similar approach can be also used with other bitcoin protocol which require transaction expiry in a 2-party setting.
Principle of operation
There exist 2 parties, the user and the LP. User is the first signer of transaction and is therefore exposed to the risk of free option, LP signs second and is therefore holding the free option over whether to broadcast the transaction or not.
Instead of the user constructing the transaction first, we let the LP construct a punishment transaction first. The punishment transaction is timelocked to the required expiry blocktime/blockheight - E, signed by the LP and the signature is encrypted using a signature adaptor point generated by the LP and not revealed to the user. This transaction burns half of the swap BTC amount to miner fees and returns the rest back to the user, while still sending the funds on the destination chain to the user thanks to the OP_RETURN data.
TODO: WIP
Beta Was this translation helpful? Give feedback.
All reactions