PaganoBarserker
/
DCIPs
forked from DecentralizedClimateFoundation/DCIPs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
DCIPs/EIPS/eip-2266.md

253 lines
10 KiB
Markdown
Raw Blame History

---
eip: 2266
title: Atomic Swap-based American Call Option Contract Standard
author: Runchao Han <runchao.han@monash.edu>, Haoyu Lin <chris.haoyul@gmail.com>, Jiangshan Yu <jiangshan.yu@monash.edu>
discussions-to: https://github.com/ethereum/EIPs/issues/2266
status: Last Call
type: Standards Track
category: ERC
created: 2019-08-17
last-call-deadline: 2020-12-31
---
## Simple Summary
A standard for token contracts providing Atomic Swap-based American Call Option functionalities.
## Abstract
This standard provides functionality to make Atomic Swap-based American Call Option payment. The Atomic Swap protocol based on Hashed Time-Locked Contract (HTLC) [^1] has optionality [^2], and such optionality can be utilised to construct American Call Options without trusted third party. This standard defines the common way of implementing this protocol. In particular, this EIP defines technical terms, provides interfaces, and gives reference implementations of this protocol.
## Motivation
Atomic Swap allows users to atomically exchange their tokens without trusted third parties while the HTLC is commonly used for the implementation. However, the HTLC-based Atomic Swap has optionality. More specifically, the swap initiator can choose to proceed or abort the swap for several hours, which gives him time for speculating according to the exchange rate. A discussion[^2] shows that the HTLC-based Atomic Swap is equivalent to an American Call Option in finance. On the other hand,thanks to such optionality, the HTLC-based Atomic Swap can be utilised to construct American Call Options without trusted third party. A paper[^3] proposes a secure Atomic-Swap-based American Call Option protocol on smart contracts. This protocol not only eliminates the arbitrage opportunity but also prevents any party from locking the other party's money maliciously. This EIP aims at providing the standard of implementing this protocol in existing token standards.
## Specification
The Atomic Swap-based American Call Option smart contract should follow the syntax and semantics of Ethereum smart contracts.
### Definitions
+ `initiator`: the party who publishes the advertisement of the swap.
+ `participant`: the party who agrees on the advertisement and participates in the swap with `initiator`.
+ `asset`: the amount of token(s) to be exchanged.
+ `premium`: the amount of token(s) that `initiator` pays to `participant` as the premium.
+ `redeem`: the action to claim the token from the other party.
+ `refund`: the action to claim the token from the party herself/himself, because of timelock expiration.
+ `secrect`: a random string chosen by `initiator` as the preimage of a hash.
+ `secrectHash`: a string equals to the hash of `secrect`, used for constructing HTLCs.
+ `timelock`: a timestamp representing the timelimit, before when the asset can be redeemed, and otherwise can only be refunded.
### Storage Variables
#### swap
This mapping stores the metadata of the swap contracts, including the parties and tokens involved. Each contract uses different `secretHash`, and is distinguished by `secretHash`.
```solidity
mapping(bytes32 => Swap) public swap;
```
#### initiatorAsset
This mapping stores the detail of the asset initiators want to sell, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
```solidity
mapping(bytes32 => InitiatorAsset) public initiatorAsset;
```
#### participantAsset
This mapping stores the details of the asset participants want to sell, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
```solidity
mapping(bytes32 => ParticipantAsset) public participantAsset;
```
#### premiumAsset
This mapping stores the details of the premium initiators attach in the swap contract, including the amount, the timelock and the state. It is associated with the swap contract with the same `secretHash`.
```solidity
mapping(bytes32 => Premium) public premium;
```
### Methods
#### setup
This function sets up the swap contract, including the both parties involved, the tokens to exchanged, and so on.
```solidity
function setup(bytes32 secretHash, address payable initiator, address tokenA, address tokenB, uint256 initiatorAssetAmount, address payable participant, uint256 participantAssetAmount, uint256 premiumAmount) public payable
```
#### initiate
The initiator invokes this function to fill and lock the token she/he wants to sell and join the contract.
```solidity
function initiate(bytes32 secretHash, uint256 assetRefundTime) public payable
```
#### fillPremium
The initiator invokes this function to fill and lock the premium.
```solidity
function fillPremium(bytes32 secretHash, uint256 premiumRefundTime) public payable
```
#### participate
The participant invokes this function to fill and lock the token she/he wants to sell and join the contract.
```solidity
function participate(bytes32 secretHash, uint256 assetRefundTime) public payable
```
#### redeemAsset
One of the parties invokes this function to get the token from the other party, by providing the preimage of the hash lock `secret`.
```solidity
function redeemAsset(bytes32 secret, bytes32 secretHash) public
```
#### refundAsset
One of the parties invokes this function to get the token back after the timelock expires.
```solidity
function refundAsset(bytes32 secretHash) public
```
#### redeemPremium
The participant invokes this function to get the premium. This can be invoked only if the participant has already invoked `participate` and the participant's token is redeemed or refunded.
```solidity
function redeemPremium(bytes32 secretHash) public
```
#### refundPremium
The initiator invokes this function to get the premium back after the timelock expires.
```solidity
function refundPremium(bytes32 secretHash) public
```
### Events
#### SetUp
This event indicates that one party has set up the contract using the function `setup()`.
```solidity
event SetUp(bytes32 secretHash, address initiator, address participant, address tokenA, address tokenB, uint256 initiatorAssetAmount, uint256 participantAssetAmount, uint256 premiumAmount);
```
#### Initiated
This event indicates that `initiator` has filled and locked the token to be exchanged using the function `initiate()`.
```solidity
event Initiated(uint256 initiateTimestamp, bytes32 secretHash, address initiator, address participant, address initiatorAssetToken, uint256 initiatorAssetAmount, uint256 initiatorAssetRefundTimestamp);
```
#### Participated
This event indicates that `participant` has filled and locked the token to be exchanged using the function `participate()`.
```solidity
event Participated(uint256 participateTimestamp, bytes32 secretHash, address initiator, address participant, address participantAssetToken, uint256 participantAssetAmount, uint256 participantAssetRefundTimestamp);
```
#### PremiumFilled
This event indicates that `initiator` has filled and locked `premium` using the function `fillPremium()`.
```solidity
event PremiumFilled(uint256 fillPremiumTimestamp, bytes32 secretHash, address initiator, address participant, address premiumToken, uint256 premiumAmount, uint256 premiumRefundTimestamp);
```
#### InitiatorAssetRedeemed/ParticipantAssetRedeemed
These two events indicate that `asset` has been redeemed by the other party before the timelock by providing `secret`.
```solidity
event InitiatorAssetRedeemed(uint256 redeemTimestamp, bytes32 secretHash, bytes32 secret, address redeemer, address assetToken, uint256 amount);
```
```solidity
event ParticipantAssetRedeemed(uint256 redeemTimestamp, bytes32 secretHash, bytes32 secret, address redeemer, address assetToken, uint256 amount);
```
#### InitiatorAssetRefunded/ParticipantAssetRefunded
These two events indicate that `asset` has been refunded by the original owner after the timelock expires.
```solidity
event InitiatorAssetRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address assetToken, uint256 amount);
```
```solidity
event ParticipantAssetRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address assetToken, uint256 amount);
```
#### PremiumRedeemed
This event indicates that `premium` has been redeemed by `participant`. This implies that `asset` is either redeemed by `initiator` if it can provide the preimage of `secrectHash` before `asset` timelock expires; or refunded by `participant` if `asset` timelock expires.
```solidity
event PremiumRedeemed(uint256 redeemTimestamp,bytes32 secretHash,address redeemer,address token,uint256 amount);
```
#### PremiumRefunded
This event indicates that `premium` has been refunded back to `initiator`, because of `participant` doesn't participate at all, by the time of `premium` timelock expires.
```solidity
event PremiumRefunded(uint256 refundTimestamp, bytes32 secretHash, address refunder, address token, uint256 amount);
```
## Rationale
+ To achieve the atomicity, HTLC is used.
+ The participant should decide whether to participate after the initiator locks the token and sets up the timelock.
+ The initiator should decide whether to proceed the swap (redeem the tokens from the participant and reveal the preimage of the hash lock), after the participant locks the tokens and sets up the time locks.
+ Premium is redeemable for the participant only if the participant participates in the swap and redeems the initiator's token before premium's timelock expires.
+ Premium is refundable for the initiator only if the initiator initiates but the participant does not participate in the swap at all.
## Security Considerations
+ The `initiateTimestamp` should cover the whole swap process.
+ The participant should never participate before the premium has been deposited.
## Backwards Compatibility
This proposal is fully backward compatible. Functionalities of existing standards will not be affected by this proposal, as it only provides additional features to them.
## Implementation
Please visit [here](../assets/eip-2266/Example.sol) to find our example implementation.
## Copyright
Copyright and related rights waived via [CC0](../LICENSE.md).
## References
[^1]: [Hash Time Locked Contracts](https://en.bitcoin.it/wiki/Hash_Time_Locked_Contracts)
[^2]: [An Argument For Single-Asset Lightning Network](https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-January/001798.html)
[^3]: [On the optionality and fairness of Atomic Swaps](https://eprint.iacr.org/2019/896)
Reference in New Issue View Git Blame Copy Permalink