Author: ZmnSCPxj 2020-05-15 04:39:33
Published on: 2020-05-15T04:39:33+00:00
The conversation revolves around a hypothetical situation where Alice and Bob are participating in a protocol. A script is added to refund tx #1, which won't be visible with taproot. The attack scenario involves Alice completing the protocol up to handing over `sigSuccessAlice` to Bob, then stalling the protocol and never sending the `Alice` privkey, waiting for 1 day, then sneaking the refund tx #1 and spending the LTC via direct miner collusion. It is suggested that Bob should broadcast success tx before the refund tx #1 becomes valid to avoid chaos. Additionally, it is proposed that in client-server CoinSwap, the server should take Alice's position and the client should take Bob's position. Multiple CoinSwaps should be made in sequence to obscure history, as the server might secretly be a surveillor and recording swaps. Since Bob should spend received coin before timeout, it is best for Bob to be the client. Finally, if the client needs to spend to a classic, address-using service, then nothing in the SAS protocol allows Alice to receive its funds directly into a specific third-party address. However, Bob can hand over a specific third-party address to use in the success tx.
Updated on: 2023-06-14T01:31:53.582089+00:00