[R4R]BEP3: HTLC and Atomic Peg

[abelliumnt]

This BEP is about introducing Hash Timer Locked Contract functions and further mechanism to handle inter-blockchain token peg.

HTLC has been used for Atomic Swap and cross payment channel for a few years on Bitcoin and its variant blockchains, and also Ethereum. This BEP defines native transactions to support HTLC on Binance Chain, and also proposes the standard infrastructure and procedure to use HTLC for inter-chain atomic swap to easily create and use pegged token, which is called Atomic Peg.

Related BEP: #3

[abelliumnt]

@caffeinum Could you help to review this BEP?

[drunken005]

When will this feature come online

[chainwhisper]

where is the diagram?

[chainwhisper]

we need to check if the contract has enough deposit

[abelliumnt]

There is no need to check. The contract will ensure there has been enough deposit on the contract address.

[wjmelements]

Will it be possible to lock the operator's balance so they can only send using HTLC?

[wjmelements]

Should this be CHLT? This is the only place it is called CHTL.

[abelliumnt]

CHTL is right.

[caffeinum]

I believe Atomic Swap and Peg should be a totally separate concerns. Atomic Swap is an option, and cannot be enforced without intermediary and complicated mechanisms like DAI (which isn't safe, too).

It's easy to implement an Atomic Swap using HTLC first, so I think we should focus on that and move Peg discussion to separate BEP.

[caffeinum]

Related:

https://blog.bitmex.com/atomic-swaps-and-distributed-exchanges-the-inadvertent-call-option/

[Dominator008]

Is "OB" an ordinary address controlled by the owner's private key? If so, isn't the owner free to move tokens from this address?

[abelliumnt]

Yes. It is an ordinary address. But once HTLT transaction is sent, a certain number of coins will be transferred to a temporary address. There is no risk for swap.

[Dominator008]

Understood the swap process works. My question is geared more towards ensuring the total supply of tokens is still fixed. It's unclear to me how the current proposal guarantees at any given time, circulatingSupply(BEP-2) + circulatingSupply(ERC-20) == originalCirculatingSupply(ERC-20)?

[abelliumnt]

Taking ERC20 token for instance, the total supply of token A is 10000. If 5000 the BEP2 token is minted, then 5000 ERC20 token should be burned. Currently, there are 5000 BEP2 token and 5000 ERC20 token. Then the swap service provider use 1000 BEP2 token and 1000 ERC20 token for atomic swap service. Then total supply is still 10000.

[Dominator008]

But there's no prevention against the token owner minting more BEP-2, besides community monitoring?

[abelliumnt]

You are right. The community monitor is the main insurance for the unexpected minting on Binance Chain.

[caffeinum]

@HaoyangLiu I believe it cannot be called a peg then.

I will state again that I think it's needed to separate Atomic swap BEP and Peg BEP.

[abelliumnt]

Changes on Binance Chain implementation:

1. Add swap in amount and swap out amount.
2. Add refund msg type on Binance Chain
3. Once a CHTL transaction or a refund transaction are sent, the corresponding hash lock record will be deleted.
4. Change Coins to Coin
5. secetHashLock = hash(secretKey+timestamp), The gap between timestamp and block time should be less than one day.

Changes on swap contract interface:

1. Add swap amount in and swap amount out.
2. _timelock should be block height instead of timestamp.
3. Add swap query interface to get all opened swap

I have add the above changes. Please review it again.
@darren-liu @notatestuser @rickyyangz @yutianwu @guagualvcha @ackratos

[caffeinum]

I think pegging mechanism needs much improvement, while Atomic swap is OK.

It's great we're having progress here, but I am for the separation.

[abelliumnt]

@caffeinum
Could you clarify how to improve pegging mechanism?

[Dominator008]

Without loss of generality, let's design a pegging scheme between ERC-20 and BEP-2. IMO a proper mechanism should be something as follows:

Create pegged BEP-20 tokens (convert a part of the supply from ERC-20 to BEP-2):

1. On Ethereum, the token owner sends a certain amount of ERC-20 tokens to a bridge contract where the tokens are locked until unpegged.
2. On Binance Chain, the token owner broadcasts a peg transaction with the requested pegging amount.
3. Binance Chain validators check on Ethereum that the locked amount is enough for the pegging and approves the peg transaction. Note that they will need to wait for a certain number of Ethereum blocks to establish finality.
4. Token owner is now free to transfer the newly minted pegged tokens on Binance Chain.

Destroy pegged BEP-20 tokens (convert a part of they supply from BEP-2 to ERC-20):

1. On Binance Chain, token owner broadcasts a regular burn transaction on the Binance chain, which burns certain number of pegged tokens.
2. On Binance Chain, token owner broadcasts a requestProofOfBurn transaction, for which the validators sign-off the burnt amount and a nonce with secp256k1.
3. On Ethereum, token owner sends the proof of burn to the bridge contract. The contract checks the signatures of the validators and unlocks the signed-off amount of tokens. The nonce is recorded as used to prevent replay attacks.

Note that this requires an extension to the semantics of mintable on Binance chain -- pegged assets should only be mintable with the special peg transaction.

This mechanism guarantees that the total supply of the token remains constant.

[Dominator008]

https://github.com/swishlabsco/cosmos-ethereum-bridge is an example of a unidirectional pegging implementation.

[karzak]

https://github.com/swishlabsco/cosmos-ethereum-bridge is an example of a unidirectional pegging implementation.

FYI The latest version of the ETH bridge code is https://github.com/musnit/peggy/tree/unidirectional-complete

[darren-liu]

Without loss of generality, let's design a pegging scheme between ERC-20 and BEP-2. IMO a proper mechanism should be something as follows:

Create pegged BEP-20 tokens (convert a part of the supply from ERC-20 to BEP-2):

1. On Ethereum, the token owner sends a certain amount of ERC-20 tokens to a bridge contract where the tokens are locked until unpegged.
2. On Binance Chain, the token owner broadcasts a peg transaction with the requested pegging amount.
3. Binance Chain validators check on Ethereum that the locked amount is enough for the pegging and approves the peg transaction. Note that they will need to wait for a certain number of Ethereum blocks to establish finality.
4. Token owner is now free to transfer the newly minted pegged tokens on Binance Chain.

Destroy pegged BEP-20 tokens (convert a part of they supply from BEP-2 to ERC-20):

1. On Binance Chain, token owner broadcasts a regular burn transaction on the Binance chain, which burns certain number of pegged tokens.
2. On Binance Chain, token owner broadcasts a requestProofOfBurn transaction, for which the validators sign-off the burnt amount and a nonce with secp256k1.
3. On Ethereum, token owner sends the proof of burn to the bridge contract. The contract checks the signatures of the validators and unlocks the signed-off amount of tokens. The nonce is recorded as used to prevent replay attacks.

Note that this requires an extension to the semantics of mintable on Binance chain -- pegged assets should only be mintable with the special peg transaction.

This mechanism guarantees that the total supply of the token remains constant.

It is nice to have it trustless, but it is heavy-weight-lifting and I don't think it is realistically achievable to implement this feature for multiple chains.

I agree it is not a perfect solution for Peg here. The progress is to make at least a better way than current situation of how peg is performed on Binance Chain.

[Dominator008]

Without loss of generality, let's design a pegging scheme between ERC-20 and BEP-2. IMO a proper mechanism should be something as follows:
Create pegged BEP-20 tokens (convert a part of the supply from ERC-20 to BEP-2):

1. On Ethereum, the token owner sends a certain amount of ERC-20 tokens to a bridge contract where the tokens are locked until unpegged.
2. On Binance Chain, the token owner broadcasts a peg transaction with the requested pegging amount.
3. Binance Chain validators check on Ethereum that the locked amount is enough for the pegging and approves the peg transaction. Note that they will need to wait for a certain number of Ethereum blocks to establish finality.
4. Token owner is now free to transfer the newly minted pegged tokens on Binance Chain.

Destroy pegged BEP-20 tokens (convert a part of they supply from BEP-2 to ERC-20):

1. On Binance Chain, token owner broadcasts a regular burn transaction on the Binance chain, which burns certain number of pegged tokens.
2. On Binance Chain, token owner broadcasts a requestProofOfBurn transaction, for which the validators sign-off the burnt amount and a nonce with secp256k1.
3. On Ethereum, token owner sends the proof of burn to the bridge contract. The contract checks the signatures of the validators and unlocks the signed-off amount of tokens. The nonce is recorded as used to prevent replay attacks.

Note that this requires an extension to the semantics of mintable on Binance chain -- pegged assets should only be mintable with the special peg transaction.
This mechanism guarantees that the total supply of the token remains constant.

It is nice to have it trustless, but it is heavy-weight-lifting and I don't think it is realistically achievable to implement this feature for multiple chains.

I agree it is not a perfect solution for Peg here. The progress is to make at least a better way than current situation of how peg is performed on Binance Chain.

Understood. We can revisit once projects like ThorChain have made more progress with generic peg zone implementations.