Good morning Dmitry, > I made a version of the TLA+ spec according to the suggested variant, > as I understood it from your description. This version is in > the separate branch in the SASwap repo, 'variant_ZmnSCPxj'  > > If I understood and specified your variant correctly, there is a > deadlock possible after step 9, if Bob fails to publish success tx in > time. After refund tx becomes spendable, Alice cannot publish it via > mempool, because Bob can learn her secret and has a chance invalidate > her refund tx by giving his success tx to friendly miner, while taking > back the locked LTC because both secrets are known. At the same time, > Bob cannot publish success tx via mempool, because then Alice can do > the same thing, invalidating his success tx with refund tx via friednly > miner.
Indeed, this is precisely the issue Ruben pointed out. Rationally, neither side will want this condition due to the deadlock and Bob will strive to avoid this, having a short real-world timeout after which Bob will force publication of the success tx if Alice does not respond in time. There *is* a reason why it says "Bob claims the BTC funding txo before L1." Of course, computers do crash occasionally, I am informed, so complete accidents may occur that way. This can be mitigated by running multiple servers who are given copies of the success tx, and which will publish it regardless after a short sidereal time duration, unless countermanded by the main server (i,e, a dead man switch system). With sufficient distribution the probability of this occurring can drop to negligible levels compared to other theoretical attacks. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list firstname.lastname@example.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev