HTLC smart contract with penalty
Imagine Alice and Bob want to exchange their tokens on different chains / same chain. Alice and Bob enter into HTLC (Hashed time lock contract) and then Alice changes her mind and backs out. Bob has to wait for timeout to claim his funds. This results in a waste of time from Bob’s perspective.
Let’s refresh HTLC basics before we introduce the details of HTLC smart contract with penalty. HTLC smart contract comes with hashlock and timelock. In HTLC, hashlock means cryptographic key (the secret) is hashed and compared in transactions. Hashlock is a condition that we can only spend the funds by proving that we know a secret. Timelock means transactions are time constraint on the smart contract. Together, hashlock and timelock achieve time bound atomic transactions.
HTLC smart contract with penalty is an extension of HTLC to account for the risks if either party backs out from the swap of tokens. In this new extension, there are griefing lock smart contracts and principal lock smart contracts.
The griefing lock is used to penalize the party that backs out from the swap transaction. Inside the griefing lock, there is a griefing amount. The griefing amount is the opportunity costs of locking within HTLC, paid by the party that backs out. The principal lock is used to exchange the principal tokens they want to exchange in the first place. This concept is inspired by the academic paper https://arxiv.org/pdf/2211.15804.pdf
Let’s apply this HTLC extension to an example of Alice and Bob exchanging USD for BTC. The diagram below illustrates the flow.
Bob will lock USD token inside his griefing lock, Alice will lock BTC token inside her griefing lock. These tokens are ERC20 tokens. They are the placeholder tokens for indicating damages if either party backs out from the swap. Alice also calls BitGo API to deposit BTC to custodian.
Next, Alice deploys principal lock contract to lock BTC tokens, and Alice sends the BTC to custodian using BitGo API to custodian, in preparation of the swap. Then, Bob deploys principal lock contract to lock USD tokens.
Next, the actual swap of tokens happens. Alice withdraw USD token from Bob’s principal lock, Bob withdraw BTC token from Alice’s principal lock. Importantly, Bob also withdraw BTC from custodian.
To close the flow, Alice refund from her griefing lock. Bob refund from his griefing lock. Alice also withdraw the collateral BTC from custodian.
That is the end of happy scenario of atomic swap process.
The addition of griefing lock serves as a penalty if user backs out from the atomic swap. Let’s look at how it is applied in negative scenarios.
For negative scenarios, after Bob and Alice put their collateral into griefing lock:
- Alice backs out and does not deploy principal lock, Bob will get the collateral in Alice’s griefing lock
- Bob backs out and does not deploy principal lock, Alice will get the collateral in Bob’s griefing lock
- Alice deploy principal lock, and backs out, and refund her principal lock, Bob will get the collateral in Alice’s griefing lock
- Bob deploy principal lock, and backs out, and refund his principal lock, Alice will get the collateral in Bob’s griefing lock
The smart contracts are available at: