allways/chains.py:28 hardcodes BTC.min_confirmations = 3 globally, applied to both legs of a swap.
The two directions have asymmetric reorg risk:
- User → miner deposits: the miner bears the reorg risk.
- Miner → user fulfillment: the user bears the reorg risk.
They should not share a threshold. Bitcoin's de-facto standard for high-value receive is 6 confirmations; 3 is defensible for the leg where you're accepting inbound funds from a counterparty you already have collateral against, but weak for the leg where the user has already given up their funds.
Direction: split into source_min_confirmations (can stay at 3) and destination_min_confirmations (raise to 6, or make it scale with swap size).
allways/chains.py:28 hardcodes
BTC.min_confirmations = 3globally, applied to both legs of a swap.The two directions have asymmetric reorg risk:
They should not share a threshold. Bitcoin's de-facto standard for high-value receive is 6 confirmations; 3 is defensible for the leg where you're accepting inbound funds from a counterparty you already have collateral against, but weak for the leg where the user has already given up their funds.
Direction: split into
source_min_confirmations(can stay at 3) anddestination_min_confirmations(raise to 6, or make it scale with swap size).