[bisq-network/proposals] Scheme for locked funds with non responsive peers (#275)

Thu Oct 29 12:24:40 UTC 2020

> _This is a Bisq Network proposal. Please familiarize yourself with the [submission and review process](https://docs.bisq.network/proposals.html)._

## Problem
Users are leaving funds locked up in the 2of2 and not responding to mediators. This forces the responsive party to spend the delayed payout tx, sending the funds to the donation address and taking the case to the refund agent. This adds a burden on the refund agent and the donation address holder, adds annoyance for the user and is costly for the DAO.

### Current delayed payout
During trade initiation the buyer and seller send coins to a 2of2 multisig address, this is the deposit tx. They also sign a transaction that spends the output from the deposit tx to the donation address, the so called delayed payout tx. This transaction can only be spent after a certain block height.

## Optional delayed spending scheme
### Inspiration - lightning network
In the lightning network the setup is similar to Bisq's deposit tx, two parties, Alice and Bob, prepare spendable transactions from a 2of2 address. During normal operations these transactions are not broadcast, but they are used as a backup to motivate the counterparty to adhere to the rules of their lightning channel. If Bob disappears, Alice can spend one of these prepared transactions to cancel the channel and get her money back. Bob then has a time window to get his share before Alice can spend it all for herself.

### Bisq case
For Bisq a similar scheme could be used in conjunction with the donation address.
1. Setup deposit txD
1. Prepare 3 time locked transactions that spend from the deposit tx
    1. Delayed txP, payout transaction that can spend txD:0 to the donation address after X blocks (how it works now)
    1. Delayed txA can spend txD:0 to 2of2 addressA after X+Y blocks
        1. Relative time lock txAA, can spend txA:0 to Alice with a relative time lock Z
        1. Payout to donation address txAP, spends txA:0 to donation address without time lock
    1. Delayed txB can spend txD:0 to 2of2 addressB after X+Y blocks
        1. Relative time lock txBB, can spend txB:0 to Bob with a relative time lock Z
        1. Payout to donation address txBP, spends txB:0 to donation address without time lock

This setup helps releasing funds to the users without going through the donation address in the cases where one party has disappeared. When both parties are active either one can broadcast txP to take the case to refund agent.

If Bob is not responsive, Alice can wait X+Y blocks to broadcast txA. If Bob is indeed gone, after another Z blocks she can then broadcast txAA to recover the funds. If Bob happens to be around, he can broadcast txAP before txAA can be spent to send the funds to donation address and continue with a refund case.

If Alice is not responsive Bob can do the same as Alice in the the previous case to recover the funds through the txB path.

## Considerations
This adds an extra step in the non happy payout path. Not ideal when fees are increasing as they are. It also requires both parties to monitor for the personalized payout txs txA and txB respectively and spend to donation address if they don't want to lose the funds. This shouldn't be a big problem as txP could be broadcast earlier if they intended to take the case to refund agent. It's only a problem when one side is maliciously non responsive to try to steal the funds. A case which is handled and would not be possible to exploit.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/275
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201029/e066ec3a/attachment.html>