Skip to content

v0.2.2

Latest

Choose a tag to compare

@mojoX911 mojoX911 released this 01 Jul 17:49
5695fc8

Coinswap v0.2.2 Release Notes

This release focuses on security hardening, privacy, and production readiness. Between April 1, 2026 and early July 2026, the core library absorbed the findings of an external security audit, gained its first deniability-proof support, introduced a multi-transaction swap pathway, refined the marketplace and offerbook layer, and modernized core dependencies, while the surrounding apps moved closer to a self-contained operator and client experience.

📋 Changelog Summary (v0.2.1 → v0.2.2)

  • 🔧 37 Issues Closed across security, swap reporting, marketplace, and contract validation: View on GitHub
  • 57 Merged PRs in the core coinswap repo for v0.2.1 → v0.2.2: View on GitHub
  • 🧱 Core repo diff since v0.2.1: 101 files changed, 7k+ insertions, 3k+ deletions

🔒 Special Note: Security Audit with Loupe

This release absorbed a security audit of the core coinswap codebase using Loupe, Spiral's open-source AI-powered security scanner for Bitcoin projects. The scan of 75+ Rust source files surfaced 72 candidate findings; after human triage, five substantive fixes were merged — covering Taproot/legacy contract validation gaps, missing invariant checks, fidelity bond verification, and maker reboot-recovery data loss (tracked as [Loupe Finding] issues; see the Security rows below).

Full writeup: 📄 Auditing Coinswap with Loupe.

Highlights of v0.2.2

The major highlights of this release are as follows:

  • External security audit hardening. A round of audit findings (tracked as [Loupe Finding] issues) was addressed across the maker and taker, tightening Taproot and legacy contract validation, fidelity bond verification, and reboot-recovery safety so makers and takers reject malformed, unspendable, or under-funded contracts before committing funds.
  • Deniability proof support landed in the core library, advancing the project's privacy goals by letting participants demonstrate plausible deniability for swap outputs.
  • Multi-transaction swap pathway — a large protocol change enabling multi-transaction routing across hops for both Taproot (P2TR) and legacy SegWit (P2WPKH) paths, with per-hop miner fees folded into the outgoing amount and internal-address indexing added to the wallet store.
  • Offerbook and marketplace overhaul — one of the largest areas of core work this cycle, driven largely by stark-3k: async/incremental offerbook sync, per-maker poll_maker / remove_maker APIs, simplified offerbook discovery, duplicate-maker rejection, and a bumped, network-specific Nostr event kind for a clean, freshly seeded marketplace.
  • Wallet and key hygiene improvements, including AES-GCM nonce rotation on every wallet encryption, removal of the seed phrase from logs, and Merkle-proof verification for legacy funding transactions.
  • Dependency modernization, replacing the unmaintained secp256k1 fork with upstream 0.32.0-beta.2 and restoring compatibility with Bitcoin Core v30+.
  • Performance profiling in CI via a hotpath profiler that reports per-PR deltas, giving early visibility into regressions on swap-critical code paths.
  • Fee and rate tuning, updating fee estimates and fee rates toward realistic production values.

Major Improvements in v0.2.2

Type Improvement PR(s) Contributor
Security Harden maker and taker Taproot contract validation so malformed or unspendable contracts are rejected before funds are committed. #881, #886 0xEgao
Security Verify the legacy maker funding output before the taker signs, and validate Taproot contract amounts against transaction outputs. #901 0xEgao
Security Prevent maker reboot recovery from discarding funded, unfinished swapcoins when tracker state is missing. #879 0xEgao
Security Validate the fidelity bond amount against the on-chain output rather than trusting maker-supplied values. #884 0xEgao
Security Rotate the AES-GCM nonce on every wallet encryption. #907 0xEgao
Security Stop logging the wallet seed phrase / mnemonic. #905 Supremesv715
Security Implement Merkle proof verification for legacy funding transactions. #852 piyush-1337
Security Harden RPC code paths against unwrap-induced panics. #832 Vedd-Patel
Privacy Add deniability proof support to the core library. #915 keraliss
Marketplace Add async per-maker poll_maker and remove_maker offerbook APIs for incremental marketplace updates. #889 stark-3k
Marketplace Simplify offerbook discovery and reject duplicate makers. #872, #869 stark-3k
Marketplace Bump the CoinSwap Nostr event kind for a cleanly, freshly seeded marketplace. #820 stark-3k
Marketplace Use network-specific CoinSwap Nostr event kinds for publish/discovery. #824 Supremesv715
Protocol Enable the multi-transaction swap pathway for both Taproot (P2TR) and legacy (P2WPKH) routes, folding per-hop miner fees into the outgoing amount and adding internal-address indexing to the wallet store. #918 NeoZ666
Protocol Derive the maker Tor identity from the wallet and add a BIP32 fidelity-bond ownership check. #868 Godzilla-oss
Protocol Reject maker swaps that exceed active liquidity. #861 0xEgao
Protocol Persist swapcoins before broadcasting funding, and wait for maker funding confirmation in Taproot swaps. #837, #895 stark-3k
Wallet Update the wallet coin-selection integration to the latest rust-coinselect. #919 NeoZ666
Wallet Update fee estimates toward realistic production values. #913 Godzilla-oss
Wallet Tune fee rates toward realistic production values. #896 0xEgao
Reporting Unify swap reports into a single JSON file and write them to the wallet folder. #857, #880 keraliss
Performance Add a hotpath profiler and per-PR profiling comments in CI. #858, #867 0xEgao
Infrastructure Replace the unmaintained secp256k1 fork with upstream 0.32.0-beta.2. #854 stark-3k
Infrastructure Restore Bitcoin Core v30+ compatibility by fixing getwalletinfo deserialization. #818 0xEgao
Infrastructure Replace the nostr-rs-relay crate with a GitHub Action in tests to avoid event conflicts. #904 hulxv
Apps Add a list-offers command to the taker CLI. #823 Antrikshgwal

Notable Issues Closed

The following issues were among the most important items addressed during the release window:

  • #906: Fidelity timelock verification trusted maker-supplied confirmation height (Loupe finding).
  • #885 and #862: Taker did not fully validate maker Taproot contract data before accepting an incoming swapcoin, and Taproot contract amounts were not strictly validated against outputs.
  • #882: Maker accepted replaceable/mempool Taproot incoming contracts before funding the outgoing side (Loupe finding).
  • #883: Legacy taker accepted an unspendable maker contract and reported a successful swap with zero output.
  • #878: Maker reboot recovery could discard funded, unfinished swapcoins when tracker state was missing (Loupe finding).
  • #903: Wallet seed phrase was exposed in logs.
  • #887 and #891: Taker reported swap success even when the incoming sweep failed, and maker swap reports showed incorrect swap duration.
  • #873: Swap reports were written to the wrong directory.
  • #860: Maker accepted multiple swap offers even without sufficient liquidity.
  • #851: Removed the .onion postfix from Tor addresses in OP_RETURN.

Ecosystem Updates Beyond the Core Repo

This release also includes substantial work in the surrounding Coinswap ecosystem:

  • Maker Dashboard saw the largest app-layer activity this cycle, adding dashboard authentication, automatic Tor deployment (removing the Docker dependency for demos), a docker-compose stack bundling bitcoind, Tor, and the dashboard, an automated CI workflow that bumps the coinswap dependency, maker auto-start, deployment-with-notification, password-change support, and a steady stream of UI and login-flow fixes.
  • Taker App improved substantially with bundled Tor for distribution builds, failed-swap reporting and recovery UI, manual maker selection, async/incremental offerbook sync, CBOR-based swap status tracking, an updated block explorer and confirmation handling, and numerous bug fixes.
  • Coinswap-FFI added React Native bindings via turbo modules and standardized on the uniffi-react-native glue, exposed async offerbook sync with pollMakerAsync / removeMaker over N-API, and streamlined Swift/macOS CI.
  • Coinswap Website gained a market page, a dark-mode toggle, React Native FFI documentation, clean-URL routing, and performance/Lighthouse improvements.

Documentation and References

Documentation also improved during this cycle:

  • Demo documentation was refreshed with the v0.2.1 demo flow, FTS demo instructions, and cleanup of demo assets.
  • Maker Dashboard docs added guidance for running from the published image and the libtor build dependencies for macOS and Windows.
  • Website docs added React Native FFI integration documentation and demo-doc fixes.
  • Core code docs were corrected, including the send_message wire-format comment and assorted module-level fixes, alongside a README community-link fix.

Full Changelog: v0.2.1...v0.2.2

Weighted Contribution Ranking

Contributions across all public citadel-tech repositories are scored with a per-PR impact model that combines two tracks:

  • Authorship — each merged pull request scores severity × criticality × durability. Severity reflects the nature of the change (security > bug fix > feature > refactor/infrastructure > docs/chore); criticality weights the coinswap core library highest and the other repositories lower, refined by how central the touched code is; durability discounts reverted work.
  • Stewardship — code review and issue triage (opening, closing, and labeling), weighted to favor substantive participation.

Each contributor's authorship and stewardship are combined into a single score, normalized to 100%. Automated bot accounts are excluded.

Rank Contributor PRs (core/aux) Reviews Issues (open/close) Authorship Score %
1 0xEgao 23 / 20 4 14 / 3 84.7 30.1%
2 mojoX911 3 / 0 47 35 / 42 1.6 19.2%
3 keraliss 4 / 27 5 8 / 15 32.6 15.7%
4 stark-3k 9 / 5 7 9 / 0 36.2 13.5%
5 hulxv 1 / 17 12 4 / 4 20.1 9.3%
6 Godzilla-oss 6 / 1 0 1 / 0 11.5 3.7%
7 NeoZ666 4 / 5 0 3 / 2 6.7 3.0%
8 Vedd-Patel 1 / 0 0 0 / 0 5.8 1.8%
9 piyush-1337 1 / 0 0 1 / 0 5.0 1.7%
10 Antrikshgwal 1 / 0 0 0 / 0 2.0 0.6%
11 Supremesv715 2 / 0 0 0 / 0 1.5 0.5%
12 YoganshSharma 1 / 0 0 1 / 0 0.3 0.2%

Plus five issue-only reporters (Mandalorian7773, kushagra0902, theAnuragMishra, oren-z0, Ferryx349) at ≈0.1–0.2% each.

Major References