Hi all. We've been quiet for some time, because we've been cooking something exciting!
Why Boltz does not trade BTC/USDt? Because of the free option problem. And why SideSwap requires you to use their own wallet? To address that problem. The third solution - SideShift - is to charge you extra spread for it. There are also Bitfinex, etc who are KYC and custodial. What if we tell you there is a better way?
Introducing a (some will say crazy) idea of letting a web app manage the wallet's private keys to trade with you directly:
Liquid BTC/USDt Swaps
https://swapmarket.github.io/usdt/
A proof-of-concept implementation of "Exchange in a Browser" idea. You trade against an open source code hosted at GitHub Pages. No third party involved, except to provide a bag of private keys + UTXOs to the website when the page loads. The rest happens automatically: if you deposit L-BTC, you get back L-USDt and vice versa. Kind of a large smart contract.
To prove available reserves, balances are computed from the keys. The deposit address is also derived from a new private and blinding keys. These keys, along with TxId and Vout are added to the wallet's available UTXOs after funding. This ensures automatic refund in an unlikely event that the purchased asset is not available (some other user purchased all or most of it while your trade was pending).
All trades have blinded amounts and assets, with outputs randomized. Private keys are (hopefully!) well protected by encryption and code obfuscation. Feel free to prove us wrong by hacking the code and stealing our testnet coins. To this end, the code is made very simple with minimal UI. Not mobile friendly at the moment. Bells and whistles, and mainnet, are coming soon!
TL;DR: Code provenance attestation makes https://swapmarket.github.io a verifiably trustless Bitcoin swap platform.
**Someone asked how our frontend verifies that a third party backend is legit. This is a very good question indeed.**
Submarine swaps at Boltz are atomic, because both legs are unlocked with the same preimage. When a backend generates an on-chain address or a lightning invoice, the frontend validates this locking mechanism.
An attack vector for a rogue backend would be to provide an unrelated address or invoice to steal the funds. For this attack to work, it would need cooperation from an evil frontend to bypass this check.
Using websites like Boltz and Diamond Hands requires trust that the frontend is not evil. Boltz acknowledges this and proposes self hosting their Web App as a solution. However, only a small fraction of swap users can do that in practice.
We discovered and implemented an alternative for everyone else: run the Boltz frontend directly from Github. It utilizes three services that Github provides for free:
1. Host the code as open source.
2. Use Github Actions to automatically build and deploy it to Github Pages.
3. Include code provenance attestation while doing that.
Now any user can verify that the deployed commit (shown at the bottom of the page) matches that in the [attestation](https://github.com/SwapMarket/swapmarket.github.io/attestations).
In addition, as you know, our frontend lists independent swap providers alongside Boltz to decentralize this market and make the fees more competitive.
Oddbean new post about login | logout
Notes by SwapMarket | export