Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2025-03-23 06:36:47 -04:00
Code Issues Packages Projects Releases Wiki Activity
xmr-btc-swap/xmr-btc/src/lib.rs

614 lines
20 KiB
Rust
Raw Normal View History

Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 16:18:50 +10:00
#![warn(
unused_extern_crates,
missing_debug_implementations,
missing_copy_implementations,
rust_2018_idioms,
clippy::cast_possible_truncation,
clippy::cast_sign_loss,
clippy::fallible_impl_from,
clippy::cast_precision_loss,
clippy::cast_possible_wrap,
clippy::dbg_macro
)]
#![cfg_attr(not(test), warn(clippy::unwrap_used))]
#![forbid(unsafe_code)]
#![allow(non_snake_case)]
Remove duplicated macro definitions
2020-10-09 10:17:36 +11:00
#[macro_use]
mod utils {
macro_rules! impl_try_from_parent_enum {
($type:ident, $parent:ident) => {
impl TryFrom<$parent> for $type {
type Error = anyhow::Error;
fn try_from(from: $parent) -> Result<Self> {
if let $parent::$type(inner) = from {
Ok(inner)
} else {
Err(anyhow::anyhow!(
"Failed to convert parent state to child state"
))
}
}
}
};
}
macro_rules! impl_from_child_enum {
($type:ident, $parent:ident) => {
impl From<$type> for $parent {
fn from(from: $type) -> Self {
$parent::$type(from)
}
}
};
}
}
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 16:18:50 +10:00
pub mod alice;
pub mod bitcoin;
pub mod bob;
pub mod monero;
Save and recover protocol state from disk NOTE: This implementation saves secrets to disk! It is not secure. The storage API allows the caller to atomically record the state of the protocol. The user can retrieve this recorded state and re-commence the protocol from that point. The state is recorded using a hard coded key, causing it to overwrite the previously recorded state. This limitation means that this recovery mechanism should not be used in a program that simultaneously manages the execution of multiple swaps. An e2e test was added to show how to save, recover and resume protocol execution. This logic could also be integrated into the run_until functions to automate saving but was not included at this stage as protocol execution is currently under development. Serialisation and deserialisation was implemented on the states to allow the to be stored using the database. Currently the secret's are also being stored to disk but should be recovered from a seed or wallets.
2020-10-14 09:32:25 +11:00
pub mod serde;
Execute Alice and Bob state machines concurrently Previously we were testing the protocol by manually driving Alice and Bob's state machines. This logic has now be moved to an async state transition function that can take any possible state as input. The state transition function is called in a loop until it returns the desired state. This allows use to interrupt midway through the protocol and perform refund and punish tests. This design was chosen over a generator based implementation because the the generator based implementation results in a impure state transition function that is difficult to reason about and prone to bugs. Test related code was extracted into the tests folder. The 2b and 4b states were renamed to be consistent with the rest. Macros were used to reduce code duplication when converting child states to their parent states and vice versa. Todos were added were neccessary.
2020-09-29 15:36:50 +10:00
pub mod transport;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
Move storage into application crate
2020-10-23 13:13:17 +11:00
pub use cross_curve_dleq::Scalar as CrossCurveScalar;
pub use curve25519_dalek::scalar::Scalar as Curve25519Scalar;
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
use async_trait::async_trait;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
use ecdsa_fun::{adaptor::Adaptor, nonce::Deterministic};
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
use futures::{
future::{select, Either},
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
Future, FutureExt,
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
};
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
use genawaiter::sync::{Gen, GenBoxed};
use sha2::Sha256;
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
use std::{sync::Arc, time::Duration};
use tokio::time::timeout;
use tracing::error;
// TODO: Replace this with something configurable, such as an function argument.
/// Time that Bob has to publish the Bitcoin lock transaction before both
/// parties will abort, in seconds.
const SECS_TO_ACT_BOB: u64 = 60;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
#[allow(clippy::large_enum_variant)]
#[derive(Debug)]
Write action_generator_alice
2020-10-16 17:04:03 +11:00
pub enum BobAction {
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
LockBitcoin(bitcoin::TxLock),
SendBitcoinRedeemEncsig(bitcoin::EncryptedSignature),
CreateMoneroWalletForOutput {
spend_key: monero::PrivateKey,
view_key: monero::PrivateViewKey,
},
Split RefundBitcoin into CancelBitcoin and RefundBitcoin
2020-10-16 14:06:25 +11:00
CancelBitcoin(bitcoin::Transaction),
RefundBitcoin(bitcoin::Transaction),
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
}
// TODO: This could be moved to the monero module
Make ReceiveTransferProof async and take &mut self
2020-10-16 10:49:34 +11:00
#[async_trait]
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
pub trait ReceiveTransferProof {
Make ReceiveTransferProof async and take &mut self
2020-10-16 10:49:34 +11:00
async fn receive_transfer_proof(&mut self) -> monero::TransferProof;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
}
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
#[async_trait]
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
pub trait BlockHeight {
async fn block_height(&self) -> u32;
}
#[async_trait]
pub trait TransactionBlockHeight {
async fn transaction_block_height(&self, txid: bitcoin::Txid) -> u32;
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
}
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
/// Perform the on-chain protocol to swap monero and bitcoin as Bob.
///
/// This is called post handshake, after all the keys, addresses and most of the
/// signatures have been exchanged.
pub fn action_generator_bob<N, M, B>(
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
mut network: N,
monero_client: Arc<M>,
bitcoin_client: Arc<B>,
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
// TODO: Replace this with a new, slimmer struct?
bob::State2 {
A,
b,
s_b,
S_a_monero,
S_a_bitcoin,
v,
xmr,
refund_timelock,
redeem_address,
refund_address,
tx_lock,
tx_cancel_sig_a,
tx_refund_encsig,
..
}: bob::State2,
Write action_generator_alice
2020-10-16 17:04:03 +11:00
) -> GenBoxed<BobAction, (), ()>
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
where
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
N: ReceiveTransferProof + Send + Sync + 'static,
M: monero::WatchForTransfer + Send + Sync + 'static,
B: BlockHeight
+ TransactionBlockHeight
+ bitcoin::WatchForRawTransaction
+ Send
+ Sync
+ 'static,
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
{
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
#[derive(Debug)]
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
enum SwapFailed {
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
BeforeBtcLock,
AfterBtcLock(Reason),
Bubble up unrecoverable errors instead of expecting This does introduce the ability of expressing incorrect combinations of the enums `SwapFailed` and `Reason`, but these are just internal to this function and it's terser that way.
2020-10-16 11:43:24 +11:00
AfterBtcRedeem(Reason),
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
}
Document Reason enum
2020-10-16 11:31:16 +11:00
/// Reason why the swap has failed.
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
#[derive(Debug)]
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
enum Reason {
Document Reason enum
2020-10-16 11:31:16 +11:00
/// The refund timelock has been reached.
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
BtcExpired,
Document Reason enum
2020-10-16 11:31:16 +11:00
/// Alice did not lock up enough monero in the shared output.
Rename InsufficientXMR to InsufficientXmr
2020-10-16 14:02:47 +11:00
InsufficientXmr(monero::InsufficientFunds),
Bubble up unrecoverable errors instead of expecting This does introduce the ability of expressing incorrect combinations of the enums `SwapFailed` and `Reason`, but these are just internal to this function and it's terser that way.
2020-10-16 11:43:24 +11:00
/// Could not find Bob's signature on the redeem transaction witness
/// stack.
BtcRedeemSignature,
/// Could not recover secret `s_a` from Bob's redeem transaction
/// signature.
SecretRecovery,
Replace monero::CheckTransfer with monero::WatchForTransfer Instead of checking once to see if Monero's `TxLock` has been published, the new trait should keep looking until the transaction has been found. The new trait also allows the caller to set an expected number of confirmations on the transaction. The implementation of the trait is currently part of test code, but it should be similar to what we will eventually do for an application.
2020-10-15 13:10:31 +11:00
}
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
async fn poll_until(condition_future: impl Future<Output = bool> + Clone) {
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
loop {
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
if condition_future.clone().await {
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
return;
}
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
tokio::time::delay_for(std::time::Duration::from_secs(1)).await;
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
}
}
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
async fn bitcoin_block_height_is_gte<B>(bitcoin_client: &B, n_blocks: u32) -> bool
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
where
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
B: BlockHeight,
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
{
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
bitcoin_client.block_height().await >= n_blocks
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
}
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
Gen::new_boxed(|co| async move {
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
let swap_result: Result<(), SwapFailed> = async {
Write action_generator_alice
2020-10-16 17:04:03 +11:00
co.yield_(BobAction::LockBitcoin(tx_lock.clone())).await;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
timeout(
Duration::from_secs(SECS_TO_ACT_BOB),
s/{monero,bitcoin}_ledger/{monero,bitcoin}_client/g
2020-10-16 14:17:10 +11:00
bitcoin_client.watch_for_raw_transaction(tx_lock.txid()),
Fail the swap early if Bitcoin TxLock is never published This helps distinguish between the case where the refund timelock is reached before the bitcoin is locked and the case where the refund timelock is reached after the bitcoin is locked and before Alice sends over the transfer proof for locking up the monero. In the first case we can abort without doing anything, but in the second case we must instruct the caller to refund the bitcoin.
2020-10-16 11:25:41 +11:00
)
.await
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
.map(|tx| tx.txid())
.map_err(|_| SwapFailed::BeforeBtcLock)?;
let tx_lock_height = bitcoin_client
.transaction_block_height(tx_lock.txid())
.await;
let btc_has_expired = bitcoin_block_height_is_gte(
bitcoin_client.as_ref(),
tx_lock_height + refund_timelock,
)
.shared();
let poll_until_btc_has_expired = poll_until(btc_has_expired).shared();
futures::pin_mut!(poll_until_btc_has_expired);
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
Refund if Alice takes too long to prove that Monero has been locked
2020-10-16 10:54:12 +11:00
let transfer_proof = match select(
network.receive_transfer_proof(),
poll_until_btc_has_expired.clone(),
)
.await
{
Either::Left((proof, _)) => proof,
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
Either::Right(_) => return Err(SwapFailed::AfterBtcLock(Reason::BtcExpired)),
Refund if Alice takes too long to prove that Monero has been locked
2020-10-16 10:54:12 +11:00
};
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let S_b_monero = monero::PublicKey::from_private_key(&monero::PrivateKey::from_scalar(
s_b.into_ed25519(),
));
let S = S_a_monero + S_b_monero;
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
match select(
s/{monero,bitcoin}_ledger/{monero,bitcoin}_client/g
2020-10-16 14:17:10 +11:00
monero_client.watch_for_transfer(
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
S,
v.public(),
transfer_proof,
xmr,
monero::MIN_CONFIRMATIONS,
),
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
poll_until_btc_has_expired.clone(),
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
)
.await
{
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
Either::Left((Err(e), _)) => {
Rename InsufficientXMR to InsufficientXmr
2020-10-16 14:02:47 +11:00
return Err(SwapFailed::AfterBtcLock(Reason::InsufficientXmr(e)))
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
}
Either::Right(_) => return Err(SwapFailed::AfterBtcLock(Reason::BtcExpired)),
Trigger refund if the publication of Monero TxLock takes too long
2020-10-15 18:34:55 +11:00
_ => {}
}
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let tx_redeem = bitcoin::TxRedeem::new(&tx_lock, &redeem_address);
let tx_redeem_encsig = b.encsign(S_a_bitcoin.clone(), tx_redeem.digest());
Write action_generator_alice
2020-10-16 17:04:03 +11:00
co.yield_(BobAction::SendBitcoinRedeemEncsig(tx_redeem_encsig.clone()))
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
.await;
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
let tx_redeem_published = match select(
s/{monero,bitcoin}_ledger/{monero,bitcoin}_client/g
2020-10-16 14:17:10 +11:00
bitcoin_client.watch_for_raw_transaction(tx_redeem.txid()),
Check expiry before emitting first action
2020-10-15 21:48:08 +11:00
poll_until_btc_has_expired,
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
)
.await
{
Either::Left((tx, _)) => tx,
Only generate refund action after Bitcoin lock
2020-10-16 11:18:02 +11:00
Either::Right(_) => return Err(SwapFailed::AfterBtcLock(Reason::BtcExpired)),
Make bitcoin::WatchForRawTransaction infallible And trigger refund if Alice's redeem transaction takes too long.
2020-10-15 21:17:42 +11:00
};
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let tx_redeem_sig = tx_redeem
.extract_signature_by_key(tx_redeem_published, b.public())
Bubble up unrecoverable errors instead of expecting This does introduce the ability of expressing incorrect combinations of the enums `SwapFailed` and `Reason`, but these are just internal to this function and it's terser that way.
2020-10-16 11:43:24 +11:00
.map_err(|_| SwapFailed::AfterBtcRedeem(Reason::BtcRedeemSignature))?;
let s_a = bitcoin::recover(S_a_bitcoin, tx_redeem_sig, tx_redeem_encsig)
.map_err(|_| SwapFailed::AfterBtcRedeem(Reason::SecretRecovery))?;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let s_a = monero::PrivateKey::from_scalar(monero::Scalar::from_bytes_mod_order(
s_a.to_bytes(),
));
let s_b = monero::PrivateKey {
scalar: s_b.into_ed25519(),
};
Write action_generator_alice
2020-10-16 17:04:03 +11:00
co.yield_(BobAction::CreateMoneroWalletForOutput {
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
spend_key: s_a + s_b,
view_key: v,
})
.await;
Ok(())
Replace monero::CheckTransfer with monero::WatchForTransfer Instead of checking once to see if Monero's `TxLock` has been published, the new trait should keep looking until the transaction has been found. The new trait also allows the caller to set an expected number of confirmations on the transaction. The implementation of the trait is currently part of test code, but it should be similar to what we will eventually do for an application.
2020-10-15 13:10:31 +11:00
}
.await;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
if let Err(err @ SwapFailed::AfterBtcLock(_)) = swap_result {
error!("Swap failed, reason: {:?}", err);
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let tx_cancel =
bitcoin::TxCancel::new(&tx_lock, refund_timelock, A.clone(), b.public());
Watch the blockchain during Bitcoin refund
2020-10-16 14:16:06 +11:00
let tx_cancel_txid = tx_cancel.txid();
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let signed_tx_cancel = {
let sig_a = tx_cancel_sig_a.clone();
let sig_b = b.sign(tx_cancel.digest());
tx_cancel
.clone()
.add_signatures(&tx_lock, (A.clone(), sig_a), (b.public(), sig_b))
.expect("sig_{a,b} to be valid signatures for tx_cancel")
};
Write action_generator_alice
2020-10-16 17:04:03 +11:00
co.yield_(BobAction::CancelBitcoin(signed_tx_cancel)).await;
Split RefundBitcoin into CancelBitcoin and RefundBitcoin
2020-10-16 14:06:25 +11:00
s/{monero,bitcoin}_ledger/{monero,bitcoin}_client/g
2020-10-16 14:17:10 +11:00
let _ = bitcoin_client
Watch the blockchain during Bitcoin refund
2020-10-16 14:16:06 +11:00
.watch_for_raw_transaction(tx_cancel_txid)
.await;
Split RefundBitcoin into CancelBitcoin and RefundBitcoin
2020-10-16 14:06:25 +11:00
Watch the blockchain during Bitcoin refund
2020-10-16 14:16:06 +11:00
let tx_refund = bitcoin::TxRefund::new(&tx_cancel, &refund_address);
let tx_refund_txid = tx_refund.txid();
let signed_tx_refund = {
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
let adaptor = Adaptor::<Sha256, Deterministic<Sha256>>::default();
let sig_a =
adaptor.decrypt_signature(&s_b.into_secp256k1(), tx_refund_encsig.clone());
let sig_b = b.sign(tx_refund.digest());
tx_refund
.add_signatures(&tx_cancel, (A.clone(), sig_a), (b.public(), sig_b))
.expect("sig_{a,b} to be valid signatures for tx_refund")
};
Write action_generator_alice
2020-10-16 17:04:03 +11:00
co.yield_(BobAction::RefundBitcoin(signed_tx_refund)).await;
Watch the blockchain during Bitcoin refund
2020-10-16 14:16:06 +11:00
s/{monero,bitcoin}_ledger/{monero,bitcoin}_client/g
2020-10-16 14:17:10 +11:00
let _ = bitcoin_client
Watch the blockchain during Bitcoin refund
2020-10-16 14:16:06 +11:00
.watch_for_raw_transaction(tx_refund_txid)
.await;
[WIP] Generate actions for Bob's on-chain protocol Mimics what @thomaseizinger did here [1] and here [2]. This has the advantage that the consumer has more freedom to execute `Action`s without having to implement particular traits. The error handling required inside this protocol-executing function is also reduced. As discussed with Thomas, for this approach to work well, the trait functions such as `receive_transfer_proof` should be infallible, and the implementer should be forced to hide IO errors behind a retry mechanism. All of these asynchronous calls need to be "raced" against the abort condition (determined by the `refund_timelock`), which is missing in the current state of the implementation. The initial handshake of the protocol has not been included here, because it may not be easy to integrate this approach with libp2p, but a couple of messages still need to exchanged. I need @tcharding to tell me if it's feasible/good to do it like this. [1] https://github.com/comit-network/comit-rs/blob/move-nectar-swap-to-comit/nectar/src/swap/comit/herc20_hbit.rs#L57-L184. [2] https://github.com/comit-network/comit-rs/blob/e584d2b14f3602e2657d09b989e8ea1d483a0626/nectar/src/swap.rs#L716-L751.
2020-10-12 17:17:22 +11:00
}
})
}
Write action_generator_alice
2020-10-16 17:04:03 +11:00
#[derive(Debug)]
pub enum AliceAction {
// This action also includes proving to Bob that this has happened, given that our current
// protocol requires a transfer proof to verify that the coins have been locked on Monero
LockXmr {
amount: monero::Amount,
public_spend_key: monero::PublicKey,
public_view_key: monero::PublicViewKey,
},
RedeemBtc(bitcoin::Transaction),
CreateMoneroWalletForOutput {
spend_key: monero::PrivateKey,
view_key: monero::PrivateViewKey,
},
CancelBtc(bitcoin::Transaction),
PunishBtc(bitcoin::Transaction),
}
// TODO: This could be moved to the bitcoin module
#[async_trait]
pub trait ReceiveBitcoinRedeemEncsig {
async fn receive_bitcoin_redeem_encsig(&mut self) -> bitcoin::EncryptedSignature;
}
/// Perform the on-chain protocol to swap monero and bitcoin as Alice.
///
/// This is called post handshake, after all the keys, addresses and most of the
/// signatures have been exchanged.
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
pub fn action_generator_alice<N, B>(
mut network: N,
bitcoin_client: Arc<B>,
Write action_generator_alice
2020-10-16 17:04:03 +11:00
// TODO: Replace this with a new, slimmer struct?
alice::State3 {
a,
B,
s_a,
S_b_monero,
S_b_bitcoin,
v,
xmr,
refund_timelock,
punish_timelock,
refund_address,
redeem_address,
punish_address,
tx_lock,
tx_punish_sig_bob,
tx_cancel_sig_bob,
..
}: alice::State3,
) -> GenBoxed<AliceAction, (), ()>
where
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
N: ReceiveBitcoinRedeemEncsig + Send + Sync + 'static,
B: BlockHeight
+ TransactionBlockHeight
+ bitcoin::WatchForRawTransaction
+ Send
+ Sync
+ 'static,
Write action_generator_alice
2020-10-16 17:04:03 +11:00
{
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
#[derive(Debug)]
Write action_generator_alice
2020-10-16 17:04:03 +11:00
enum SwapFailed {
BeforeBtcLock,
AfterXmrLock(Reason),
}
/// Reason why the swap has failed.
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
#[derive(Debug)]
Write action_generator_alice
2020-10-16 17:04:03 +11:00
enum Reason {
/// The refund timelock has been reached.
BtcExpired,
}
enum RefundFailed {
BtcPunishable {
tx_cancel_was_published: bool,
},
/// Could not find Alice's signature on the refund transaction witness
/// stack.
BtcRefundSignature,
/// Could not recover secret `s_b` from Alice's refund transaction
/// signature.
SecretRecovery,
}
async fn poll_until(condition_future: impl Future<Output = bool> + Clone) {
loop {
if condition_future.clone().await {
return;
}
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
tokio::time::delay_for(std::time::Duration::from_secs(1)).await;
Write action_generator_alice
2020-10-16 17:04:03 +11:00
}
}
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
async fn bitcoin_block_height_is_gte<B>(bitcoin_client: &B, n_blocks: u32) -> bool
Write action_generator_alice
2020-10-16 17:04:03 +11:00
where
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
B: BlockHeight,
Write action_generator_alice
2020-10-16 17:04:03 +11:00
{
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
bitcoin_client.block_height().await >= n_blocks
Write action_generator_alice
2020-10-16 17:04:03 +11:00
}
Gen::new_boxed(|co| async move {
let swap_result: Result<(), SwapFailed> = async {
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
timeout(
Duration::from_secs(SECS_TO_ACT_BOB),
Write action_generator_alice
2020-10-16 17:04:03 +11:00
bitcoin_client.watch_for_raw_transaction(tx_lock.txid()),
)
.await
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
.map_err(|_| SwapFailed::BeforeBtcLock)?;
let tx_lock_height = bitcoin_client
.transaction_block_height(tx_lock.txid())
.await;
let btc_has_expired = bitcoin_block_height_is_gte(
bitcoin_client.as_ref(),
tx_lock_height + refund_timelock,
)
.shared();
let poll_until_btc_has_expired = poll_until(btc_has_expired).shared();
futures::pin_mut!(poll_until_btc_has_expired);
Write action_generator_alice
2020-10-16 17:04:03 +11:00
let S_a = monero::PublicKey::from_private_key(&monero::PrivateKey {
scalar: s_a.into_ed25519(),
});
co.yield_(AliceAction::LockXmr {
amount: xmr,
public_spend_key: S_a + S_b_monero,
public_view_key: v.public(),
})
.await;
// TODO: Watch for LockXmr using watch-only wallet. Doing so will prevent Alice
// from cancelling/refunding unnecessarily.
let tx_redeem_encsig = match select(
network.receive_bitcoin_redeem_encsig(),
poll_until_btc_has_expired.clone(),
)
.await
{
Either::Left((encsig, _)) => encsig,
Either::Right(_) => return Err(SwapFailed::AfterXmrLock(Reason::BtcExpired)),
};
let (signed_tx_redeem, tx_redeem_txid) = {
let adaptor = Adaptor::<Sha256, Deterministic<Sha256>>::default();
let tx_redeem = bitcoin::TxRedeem::new(&tx_lock, &redeem_address);
let sig_a = a.sign(tx_redeem.digest());
let sig_b =
adaptor.decrypt_signature(&s_a.into_secp256k1(), tx_redeem_encsig.clone());
let tx = tx_redeem
.add_signatures(&tx_lock, (a.public(), sig_a), (B.clone(), sig_b))
.expect("sig_{a,b} to be valid signatures for tx_redeem");
let txid = tx.txid();
(tx, txid)
};
co.yield_(AliceAction::RedeemBtc(signed_tx_redeem)).await;
match select(
bitcoin_client.watch_for_raw_transaction(tx_redeem_txid),
poll_until_btc_has_expired,
)
.await
{
Either::Left(_) => {}
Either::Right(_) => return Err(SwapFailed::AfterXmrLock(Reason::BtcExpired)),
};
Ok(())
}
.await;
if let Err(SwapFailed::AfterXmrLock(Reason::BtcExpired)) = swap_result {
let refund_result: Result<(), RefundFailed> = async {
let bob_can_be_punished =
Test on-chain protocol happy path
2020-10-22 10:57:42 +11:00
bitcoin_block_height_is_gte(bitcoin_client.as_ref(), punish_timelock).shared();
Write action_generator_alice
2020-10-16 17:04:03 +11:00
let poll_until_bob_can_be_punished = poll_until(bob_can_be_punished).shared();
futures::pin_mut!(poll_until_bob_can_be_punished);
let tx_cancel =
bitcoin::TxCancel::new(&tx_lock, refund_timelock, a.public(), B.clone());
match select(
bitcoin_client.watch_for_raw_transaction(tx_cancel.txid()),
poll_until_bob_can_be_punished.clone(),
)
.await
{
Either::Left(_) => {}
Either::Right(_) => {
return Err(RefundFailed::BtcPunishable {
tx_cancel_was_published: false,
})
}
};
let tx_refund = bitcoin::TxRefund::new(&tx_cancel, &refund_address);
let tx_refund_published = match select(
bitcoin_client.watch_for_raw_transaction(tx_refund.txid()),
poll_until_bob_can_be_punished,
)
.await
{
Either::Left((tx, _)) => tx,
Either::Right(_) => {
return Err(RefundFailed::BtcPunishable {
tx_cancel_was_published: true,
})
}
};
let s_a = monero::PrivateKey {
scalar: s_a.into_ed25519(),
};
let tx_refund_sig = tx_refund
.extract_signature_by_key(tx_refund_published, B.clone())
.map_err(|_| RefundFailed::BtcRefundSignature)?;
let tx_refund_encsig = a.encsign(S_b_bitcoin.clone(), tx_refund.digest());
let s_b = bitcoin::recover(S_b_bitcoin, tx_refund_sig, tx_refund_encsig)
.map_err(|_| RefundFailed::SecretRecovery)?;
let s_b = monero::PrivateKey::from_scalar(monero::Scalar::from_bytes_mod_order(
s_b.to_bytes(),
));
co.yield_(AliceAction::CreateMoneroWalletForOutput {
spend_key: s_a + s_b,
view_key: v,
})
.await;
Ok(())
}
.await;
// LIMITATION: When approaching the punish scenario, Bob could theoretically
// wake up in between Alice's publication of tx cancel and beat Alice's punish
// transaction with his refund transaction. Alice would then need to carry on
// with the refund on Monero. Doing so may be too verbose with the current,
// linear approach. A different design may be required
if let Err(RefundFailed::BtcPunishable {
tx_cancel_was_published,
}) = refund_result
{
let tx_cancel =
bitcoin::TxCancel::new(&tx_lock, refund_timelock, a.public(), B.clone());
if !tx_cancel_was_published {
let tx_cancel_txid = tx_cancel.txid();
let signed_tx_cancel = {
let sig_a = a.sign(tx_cancel.digest());
let sig_b = tx_cancel_sig_bob;
tx_cancel
.clone()
.add_signatures(&tx_lock, (a.public(), sig_a), (B.clone(), sig_b))
.expect("sig_{a,b} to be valid signatures for tx_cancel")
};
co.yield_(AliceAction::CancelBtc(signed_tx_cancel)).await;
let _ = bitcoin_client
.watch_for_raw_transaction(tx_cancel_txid)
.await;
}
let tx_punish =
bitcoin::TxPunish::new(&tx_cancel, &punish_address, punish_timelock);
let tx_punish_txid = tx_punish.txid();
let signed_tx_punish = {
let sig_a = a.sign(tx_punish.digest());
let sig_b = tx_punish_sig_bob;
tx_punish
.add_signatures(&tx_cancel, (a.public(), sig_a), (B, sig_b))
.expect("sig_{a,b} to be valid signatures for tx_cancel")
};
co.yield_(AliceAction::PunishBtc(signed_tx_punish)).await;
let _ = bitcoin_client
.watch_for_raw_transaction(tx_punish_txid)
.await;
}
}
})
}
Reference in New Issue Copy Permalink