Author: Russell O'Connor 2022-04-23 19:30:56
Published on: 2022-04-23T19:30:56+00:00
The CTV (CheckTemplateVerify) and MES (MuSig Extended Signing) vault schemes are designed as an improvement over the traditional management of hot-wallets and cold-wallets. The CTV vault is located on the "cold-side" and allows funds to be sent from the "cold" side to one's own hot wallet after the unvaulting delay, minimizing the risk of loss of funds. On the other hand, the MES vault scheme applies to a different scenario where the hot funds are inside the vault, and it is the hot key that unvaults the funds and sends them to customer's addresses after a delay. While the CTV vault only offers advantages for managing payments through a vault, the MES vault could be used on both the hot and cold sides.However, if an attacker steals the hot key, they have the option to wait for the user to unvault their funds of their own accord and then race/outspend the user's transaction with their own. To mitigate this, a key security assumption of the CTV-based vaults is that users should never withdraw more in one go than their hot wallet risk tolerance. Additionally, if a hot wallet key is stolen, all CTV outputs must be rotated, and the CTV outputs must never be any larger than the hot wallet risk tolerance amount. Furthermore, there are issues regarding fee management in the CTV vault scheme, which would likely benefit from a less constrained design for covenants. Despite these limitations, the CTV and MES vault schemes offer improvements over traditional wallet management and could be useful for minimizing the risk of loss of funds.
Updated on: 2023-06-15T19:37:43.887547+00:00