The Risks of Atomic Swaps & How to Mitigate Them – Block DX

The above process is atomic (with timeout), meaning that it either happens completely or it does not happen at all.

If at any point Alice or Bob cease participating the other party can reclaim their coins after the expiry of the respective timeouts:

• If Alice creates Alice’s offer but Bob does not create Bob’s offer then Alice waits until the expiry of Alice’s offer to reclaim her coins; and
• If Bob creates Bob’s offer but Alice does not claim it then Bob can immediately reclaim his coins and Alice must wait for her offer to expire to reclaim her coins.

(a) Timelock attack

If Alice creates Alice’s offer but Bob does not create Bob’s offer then Alice is subject to the opportunity cost/inconvenience of waiting until the expiry of Alice’s offer to reclaim her coins.

Mitigated by:

(i) Bob Fee

• Bob could be required to pay a fee prior to Alice creating Alice’s offer. This would ensure that there would be an economic cost associated with Bob failing to create Bob’s offer.

(ii) Reputation Systems

• Alice could decide to only perform atomic swaps with certain addresses for which some reputation has been established, either by industry reputation, past history or otherwise. Front-end DEXes and DApps could then filter for only those addresses.

(iii) Collateral Checks

• Alice could check to ensure Bob’s address contains sufficient balance and require him to prove ownership of the address by signing with his private key.

(iv) Spam Checks

• Alice could check to ensure there are no transactions in the mempool spending from the Bob’s address and that there are no open orders on the decentralized exchange using the same inputs.

(b) Optionality Advantage

After Bob creates Bob’s offer, Alice has the advantage of being able to decide whether to redeem Bob’s offer any time before it expires. Alice can therefore wait to see how the market develops before deciding whether to redeem Bob’s offer or to let it expire. In effect, Alice has been granted an American Call Option (See here and here).

Mitigated by:

(i) Shorter Bob offer

• The shorter the timelock on Bob’s offer the less time Alice has to watch the market develop.
• Alice need only ensure that Bob’s offer is long enough to minimize the risk of a double spend.
• If Alice uses a zero-confirmation transaction this would take a matter of seconds.
• If Alice requires further protection she could wait for one or more on-chain confirmations.
• In either case, the time required will be significantly less than the 24 hours assumed by those who have previously written on this topic (See here and here)

(ii) Longer Alice offer

• Bob could insist on a longer timelock on Alice’s offer. In this way, if Alice does not redeem Bob’s offer she will be subject to the opportunity cost of her funds being locked up until her offer expires. However, a longer timelock on Alice’s offer would also mean that the timelock attack described in the last section would have an even greater impact on Alice. Therefore, a longer Alice offer must strike an appropriate balance.

(iii) Premium mechanism

• The third solution is using a trusted third party to implement a premium mechanism. When Alice initiates an Atomic Swap Alice is forced to deposit a premium. The trusted third party should be trustworthy (such as a service node) and could be a single point of failure.

(c) Timeout

If after Alice redeems Bob’s offer Bob fails to redeem Alice’s offer before it expires Bob would be forced to leave empty handed.

(i) Security best practices

• Bob could implement security best practices, such as redundant or virtual machines, to ensure that he always has access to the network.

(i) Longer Alice offer

• Bob could insist on a longer timelock on Alice’s offer to give him more time, however, as noted above Alice’s offer must be appropriately balanced against other competing factors.

Atomic swaps eliminate custodial risk and other frictions associated with intermediaries (including decentralized intermediaries!) such as the time and cost of deposits and withdrawals.

Atomic swaps do, however, have some risks. The risks of atomic swaps are largely in the nature of opportunity cost associated with funds being locked-up in failed atomic swaps.

These risks can be mitigated with the use of fees, reputation systems, security checks and competitive timelocks.