forked from DecentralizedClimateFoundation/DCIPs
253 lines
10 KiB
Markdown
253 lines
10 KiB
Markdown
---
|
|
eip: 2266
|
|
title: Atomic Swap-based American Call Option Contract Standard
|
|
author: Runchao Han <runchao.han@monash.edu>, Haoyu Lin <chris.haoyul@gmail.com>, Jiangshan Yu <jiangshan.yu@monash.edu>
|
|
discussions-to: https://github.com/ethereum/EIPs/issues/2266
|
|
status: Last Call
|
|
type: Standards Track
|
|
category: ERC
|
|
created: 2019-08-17
|
|
last-call-deadline: 2020-12-31
|
|
---
|
|
|
|
## Simple Summary
|
|
|
|
A standard for token contracts providing Atomic Swap-based American Call Option functionalities.
|
|
|
|
## Abstract
|
|
|
|
This standard provides functionality to make Atomic Swap-based American Call Option payment. The Atomic Swap protocol based on Hashed Time-Locked Contract (HTLC) [^1] has optionality [^2], and such optionality can be utilised to construct American Call Options without trusted third party. This standard defines the common way of implementing this protocol. In particular, this EIP defines technical terms, provides interfaces, and gives reference implementations of this protocol.
|
|
|
|
|
|
## Motivation
|
|
|
|
Atomic Swap allows users to atomically exchange their tokens without trusted third parties while the HTLC is commonly used for the implementation. However, the HTLC-based Atomic Swap has optionality. More specifically, the swap initiator can choose to proceed or abort the swap for several hours, which gives him time for speculating according to the exchange rate. A discussion[^2] shows that the HTLC-based Atomic Swap is equivalent to an American Call Option in finance. On the other hand,thanks to such optionality, the HTLC-based Atomic Swap can be utilised to construct American Call Options without trusted third party. A paper[^3] proposes a secure Atomic-Swap-based American Call Option protocol on smart contracts. This protocol not only eliminates the arbitrage opportunity but also prevents any party from locking the other party's money maliciously. This EIP aims at providing the standard of implementing this protocol in existing token standards.
|
|
|
|
## Specification
|
|
|
|
The Atomic Swap-based American Call Option smart contract should follow the syntax and semantics of Ethereum smart contracts.
|
|
|
|
### Definitions
|
|
|
|
+ `initiator`: the party who publishes the advertisement of the swap.
|
|
+ `participant`: the party who agrees on the advertisement and participates in the swap with `initiator`.
|
|
+ `asset`: the amount of token(s) to be exchanged.
|
|
+ `premium`: the amount of token(s) that `initiator` pays to `participant` as the premium.
|
|
+ `redeem`: the action to claim the token from the other party.
|
|
+ `refund`: the action to claim the token from the party herself/himself, because of timelock expiration.
|
|
+ `secrect`: a random string chosen by `initiator` as the preimage of a hash.
|
|
+ `secrectHash`: a string equals to the hash of `secrect`, used for constructing HTLCs.
|
|
+ `timelock`: a timestamp representing the timelimit, before when the asset can be redeemed, and otherwise can only be refunded.
|
|
|
|
### Storage Variables
|
|
|
|
#### swap
|
|
|
|
This mapping stores the metadata of the swap contracts, including the parties and tokens involved. Each contract uses different `secretHash`, and is distinguished by `secretHash`.
|
|
|
|
```solidity
|
|
mapping(bytes32 => Swap) public swap;
|
|
```
|
|
|
|
#### initiatorAsset
|
|
|
|
This mapping stores the detail of the asset initiators want to sell, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
|
|
|
|
```solidity
|
|
mapping(bytes32 => InitiatorAsset) public initiatorAsset;
|
|
```
|
|
|
|
#### participantAsset
|
|
|
|
This mapping stores the details of the asset participants want to sell, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
|
|
|
|
```solidity
|
|
mapping(bytes32 => ParticipantAsset) public participantAsset;
|
|
```
|
|
|
|
#### premiumAsset
|
|
|
|
This mapping stores the details of the premium initiators attach in the swap contract, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
|
|
|
|
```solidity
|
|
mapping(bytes32 => Premium) public premium;
|
|
```
|
|
|
|
|
|
### Methods
|
|
|
|
#### setup
|
|
|
|
This function sets up the swap contract, including the both parties involved, the tokens to exchanged, and so on.
|
|
|
|
```solidity
|
|
function setup(bytes32 secretHash, address payable initiator, address tokenA, address tokenB, uint256 initiatorAssetAmount, address payable participant, uint256 participantAssetAmount, uint256 premiumAmount) public payable
|
|
```
|
|
|
|
#### initiate
|
|
|
|
The initiator invokes this function to fill and lock the token she/he wants to sell and join the contract.
|
|
|
|
```solidity
|
|
function initiate(bytes32 secretHash, uint256 assetRefundTime) public payable
|
|
```
|
|
|
|
#### fillPremium
|
|
|
|
The initiator invokes this function to fill and lock the premium.
|
|
|
|
```solidity
|
|
function fillPremium(bytes32 secretHash, uint256 premiumRefundTime) public payable
|
|
```
|
|
|
|
#### participate
|
|
|
|
The participant invokes this function to fill and lock the token she/he wants to sell and join the contract.
|
|
|
|
```solidity
|
|
function participate(bytes32 secretHash, uint256 assetRefundTime) public payable
|
|
```
|
|
|
|
#### redeemAsset
|
|
|
|
One of the parties invokes this function to get the token from the other party, by providing the preimage of the hash lock `secret`.
|
|
|
|
```solidity
|
|
function redeemAsset(bytes32 secret, bytes32 secretHash) public
|
|
```
|
|
|
|
#### refundAsset
|
|
|
|
One of the parties invokes this function to get the token back after the timelock expires.
|
|
|
|
```solidity
|
|
function refundAsset(bytes32 secretHash) public
|
|
```
|
|
|
|
#### redeemPremium
|
|
|
|
The participant invokes this function to get the premium. This can be invoked only if the participant has already invoked `participate` and the participant's token is redeemed or refunded.
|
|
|
|
```solidity
|
|
function redeemPremium(bytes32 secretHash) public
|
|
```
|
|
|
|
#### refundPremium
|
|
|
|
The initiator invokes this function to get the premium back after the timelock expires.
|
|
|
|
```solidity
|
|
function refundPremium(bytes32 secretHash) public
|
|
```
|
|
|
|
|
|
### Events
|
|
|
|
#### SetUp
|
|
|
|
This event indicates that one party has set up the contract using the function `setup()`.
|
|
|
|
```solidity
|
|
event SetUp(bytes32 secretHash, address initiator, address participant, address tokenA, address tokenB, uint256 initiatorAssetAmount, uint256 participantAssetAmount, uint256 premiumAmount);
|
|
```
|
|
|
|
#### Initiated
|
|
|
|
This event indicates that `initiator` has filled and locked the token to be exchanged using the function `initiate()`.
|
|
|
|
```solidity
|
|
event Initiated(uint256 initiateTimestamp, bytes32 secretHash, address initiator, address participant, address initiatorAssetToken, uint256 initiatorAssetAmount, uint256 initiatorAssetRefundTimestamp);
|
|
```
|
|
|
|
#### Participated
|
|
|
|
This event indicates that `participant` has filled and locked the token to be exchanged using the function `participate()`.
|
|
|
|
```solidity
|
|
event Participated(uint256 participateTimestamp, bytes32 secretHash, address initiator, address participant, address participantAssetToken, uint256 participantAssetAmount, uint256 participantAssetRefundTimestamp);
|
|
```
|
|
|
|
#### PremiumFilled
|
|
|
|
This event indicates that `initiator` has filled and locked `premium` using the function `fillPremium()`.
|
|
|
|
```solidity
|
|
event PremiumFilled(uint256 fillPremiumTimestamp, bytes32 secretHash, address initiator, address participant, address premiumToken, uint256 premiumAmount, uint256 premiumRefundTimestamp);
|
|
```
|
|
|
|
#### InitiatorAssetRedeemed/ParticipantAssetRedeemed
|
|
|
|
These two events indicate that `asset` has been redeemed by the other party before the timelock by providing `secret`.
|
|
|
|
```solidity
|
|
event InitiatorAssetRedeemed(uint256 redeemTimestamp, bytes32 secretHash, bytes32 secret, address redeemer, address assetToken, uint256 amount);
|
|
```
|
|
|
|
```solidity
|
|
event ParticipantAssetRedeemed(uint256 redeemTimestamp, bytes32 secretHash, bytes32 secret, address redeemer, address assetToken, uint256 amount);
|
|
```
|
|
|
|
#### InitiatorAssetRefunded/ParticipantAssetRefunded
|
|
|
|
These two events indicate that `asset` has been refunded by the original owner after the timelock expires.
|
|
|
|
```solidity
|
|
event InitiatorAssetRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address assetToken, uint256 amount);
|
|
```
|
|
|
|
```solidity
|
|
event ParticipantAssetRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address assetToken, uint256 amount);
|
|
```
|
|
|
|
#### PremiumRedeemed
|
|
|
|
This event indicates that `premium` has been redeemed by `participant`. This implies that `asset` is either redeemed by `initiator` if it can provide the preimage of `secrectHash` before `asset` timelock expires; or refunded by `participant` if `asset` timelock expires.
|
|
|
|
```solidity
|
|
event PremiumRedeemed(uint256 redeemTimestamp,bytes32 secretHash,address redeemer,address token,uint256 amount);
|
|
```
|
|
|
|
#### PremiumRefunded
|
|
|
|
This event indicates that `premium` has been refunded back to `initiator`, because of `participant` doesn't participate at all, by the time of `premium` timelock expires.
|
|
|
|
```solidity
|
|
event PremiumRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address token, uint256 amount);
|
|
```
|
|
|
|
## Rationale
|
|
|
|
+ To achieve the atomicity, HTLC is used.
|
|
+ The participant should decide whether to participate after the initiator locks the token and sets up the timelock.
|
|
+ The initiator should decide whether to proceed the swap (redeem the tokens from the participant and reveal the preimage of the hash lock), after the participant locks the tokens and sets up the time locks.
|
|
+ Premium is redeemable for the participant only if the participant participates in the swap and redeems the initiator's token before premium's timelock expires.
|
|
+ Premium is refundable for the initiator only if the initiator initiates but the participant does not participate in the swap at all.
|
|
|
|
|
|
## Security Considerations
|
|
|
|
+ The `initiateTimestamp` should cover the whole swap process.
|
|
+ The participant should never participate before the premium has been deposited.
|
|
|
|
|
|
## Backwards Compatibility
|
|
|
|
This proposal is fully backward compatible. Functionalities of existing standards will not be affected by this proposal, as it only provides additional features to them.
|
|
|
|
|
|
## Implementation
|
|
|
|
Please visit [here](../assets/eip-2266/Example.sol) to find our example implementation.
|
|
|
|
## Copyright
|
|
|
|
Copyright and related rights waived via [CC0](../LICENSE.md).
|
|
|
|
## References
|
|
|
|
[^1]: [Hash Time Locked Contracts](https://en.bitcoin.it/wiki/Hash_Time_Locked_Contracts)
|
|
|
|
[^2]: [An Argument For Single-Asset Lightning Network](https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-January/001798.html)
|
|
|
|
[^3]: [On the optionality and fairness of Atomic Swaps](https://eprint.iacr.org/2019/896)
|