Bitcoin–Monero Cross-chain Atomic Swap
Go to file
bors[bot] f678f43a24
Merge #1309
1309: build(deps): bump tempfile from 3.3.0 to 3.4.0 r=delta1 a=dependabot[bot]

Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.3.0 to 3.4.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/NEWS">tempfile's changelog</a>.</em></p>
<blockquote>
<h1>3.4.0</h1>
<p>SECURITY: Prior <code>tempfile</code> releases depended on <code>remove_dir_all</code> version 0.5.0 which was vulnerabiel to a <a href="https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr">TOCTOU race</a>. This same race is present in rust versions prior to 1.58.1.</p>
<p>Features:</p>
<ul>
<li>Generalized temporary files: <code>NamedTempFile</code> can now abstract over different kinds of files (e.g.,
unix domain sockets, pipes, etc.):
<ul>
<li>Add <code>Builder::make</code> and <code>Builder::make_in</code> for generalized temp file
creation.</li>
<li>Add <code>NamedTempFile::from_parts</code> to complement <code>NamedTempFile::into_parts</code>.</li>
<li>Add generic parameter to <code>NamedTempFile</code> to support wrapping non-File types.</li>
</ul>
</li>
</ul>
<p>Bug Fixes/Improvements:</p>
<ul>
<li>Don't try to create a temporary file multiple times if the file path has been fully specified by
the user (no random characters).</li>
<li><code>NamedTempFile::persist_noclobber</code> is now always atomic on linux when <code>renameat_with</code> is
supported. Previously, it would first link the new path, then unlink the previous path.</li>
<li>Fix compiler warnings on windows.</li>
</ul>
<p>Trivia:</p>
<ul>
<li>Switch from <code>libc</code> to <code>rustix</code> on wasi/unix. This now makes direct syscalls instead of calling
through libc.</li>
<li>Remove <code>remove_dir_all</code> dependency. The rust standard library has optimized their internal version
significantly.</li>
<li>Switch to official windows-sys windows bindings.</li>
</ul>
<p>Breaking:</p>
<ul>
<li>The minimum rust version is now <code>1.48.0</code>.</li>
<li>Mark most functions as <code>must_use</code>.</li>
<li>Uses direct syscalls on linux by default, instead of libc.</li>
<li>The new type parameter in <code>NamedTempFile</code> may lead to type inference issues in some cases.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/Stebalien/tempfile/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 09:51:27 +00:00
.cargo .cargo/config.toml for specifying linker 2021-03-15 14:36:05 +11:00
.github build(deps): bump Swatinem/rust-cache from 2.2.0 to 2.2.1 2023-02-24 11:20:07 +00:00
docs Change example rendezvous node to /dns4/discover.unstoppableswap.net/tcp/8888/p2p/12D3Ko... 2022-04-22 14:51:37 +02:00
monero-harness feat: upgrade monero images to v0.18.1.2 2022-11-07 09:53:50 +02:00
monero-rpc ci: update msrv and github actions toolchains 2023-01-10 14:57:09 +02:00
monero-wallet Update dependencies and rust-toolchain to 1.59 2022-03-12 13:05:36 +02:00
swap build(deps): bump bdk from 0.26.0 to 0.27.0 2023-02-13 12:01:22 +00:00
utils/gpg_keys docs: add gpg key readme and delta1.asc 2022-08-11 13:05:21 +02:00
.gitignore docs: update sqlx script and add ci 2022-11-30 15:30:32 +02:00
bors.toml feat(swap): merge cancel/refund commands into one command 2023-01-08 12:53:56 +02:00
Cargo.lock build(deps): bump tempfile from 3.3.0 to 3.4.0 2023-03-01 12:10:49 +00:00
Cargo.toml Update secp256kfun and rand to latest version 2021-05-25 15:35:13 +10:00
CHANGELOG.md ci: update msrv and github actions toolchains 2023-01-10 14:57:09 +02:00
CONTRIBUTING.md Create CONTRIBUTING.md 2021-06-29 10:58:00 +10:00
dprint.json Upgrade libp2p and stabilized the version 2022-04-22 15:53:55 +02:00
LICENSE Change license to GPLv3 2020-10-12 17:13:25 +11:00
README.md readme: fix minor grammar error 2023-02-27 15:13:17 -05:00
rust-toolchain.toml ci: update msrv and github actions toolchains 2023-01-10 14:57:09 +02:00

XMR to BTC Atomic Swap

This repository hosts an MVP for atomically swapping BTC to XMR. It implements the protocol described in section 3 of this paper.

More information about the protocol in this presentation and this blog post.

Currently, swaps are only offered in one direction with the swap CLI on the buying side (send BTC, receive XMR). We are working on implementing a protocol where XMR moves first, but are currently blocked by advances on Monero itself. You can read this blogpost for more information.

Quick Start

  1. Download the latest swap binary release for your operating system.
  2. Find a seller to swap with:
./swap --testnet list-sellers
  1. Swap with a seller:
./swap --testnet buy-xmr --receive-address <YOUR MONERO ADDRESS> --change-address <YOUR BITCOIN CHANGE ADDRESS> --seller <SELLER MULTIADDRESS>

For more detailed documentation on the CLI, see this README.

Becoming a Market Maker

Swapping of course needs two parties - and the CLI is only one of them: The taker that occasionally starts a swap with a market maker.

If you are interested in becoming a market maker you will want to run the second binary provided in this repository: asb - the Automated Swap Backend. Detailed documentation for the asb can be found in this README.

Safety

This software is using cryptography that has not been formally audited. While we do our best to make it safe, it is up to the user to evaluate whether or not it is safe to use for their purposes. Please also see section 15 and 16 of the license.

Keep in mind that swaps are complex protocols, it is recommended to not do anything fancy when moving coins in and out. It is not recommended to bump fees when swapping because it can have unpredictable side effects.

Contributing

We encourage community contributions whether it be a bug fix or an improvement to the documentation. Please have a look at the contribution guidelines.

Rust Version Support

Please note that only the latest stable Rust toolchain is supported. All stable toolchains since 1.63 should work.

Contact

Feel free to reach out to us in the COMIT-Monero Matrix channel.