Author: ZmnSCPxj 2020-09-03 09:45:53
Published on: 2020-09-03T09:45:53+00:00
A vulnerability in the CoinSwap system has been found that could lead to privacy leaks. The vulnerability is called the riskless theft attempt problem, where a previous owner of coins knows the fully-signed contract transaction and can broadcast it at no cost to themselves. To solve this problem, collateral payments are proposed where there is a 2of2 multisig made up of Bob's and Charlie's keys. The value K is something that can be set by the protocol, and made high enough so that doing a riskless theft attempt is not worth it. A fresh maker that is given its starting funds in a single UTXO needs to split up its funds to make at least one collateral input it can use. In terms of onchain analysis heuristics, the B output also serves as a point for CPFPing this transaction, thus only one version of the B collateralized contract transaction needs to be made, and the B collateralized contract transaction can be at or close to the minimum relay feerate and later CPFPed. The other contract transaction, known only to Charlie, does not contain a collateral input or collateral value (K), because Charlie can't do a riskless theft attempt to Bob. If Bob ever spends his collateral input in another transaction, then his contract transaction will become invalid.
Updated on: 2023-06-14T03:23:57.933675+00:00