Revert if an assert fails.
Check if necessary for all functions

Benefit:

• DoS protection / white listing
• Allow vaults to reserve collateral to issue tokens themselves (without being charged an additional fee obviously)

• can only be called by a vault
• check digest is in OP_return

"Unlock" vault collateral.
Add boolean flag to decide if

1. Collateral remains in contract and is available for new issuing processes
   or
2. Collateral is send back to vault's account.

Hi there!

I want to try to swap btc to eth on private network. In the repo I can not find where to set up and config btc private network. Can you kindly give me any clue?

Thanks!

Add replay protection to redeem protocol, to prevent a vault from re-using the same Bitcoin transaction as proof for multiple redeemRequests.

Require the following digest is included in OP_RETURN of the redeem Bitcoin transaction:

• redeemer Eth address
• contract address
• redeemRequestId

Problem: if we do not check that the same user account is used to call issueToken, as registerCommit, the vault or a malicious user can call issueToken for arbitrary users with wrong data, causing it to failr (and collateral being slashed).

Solution: check that msg.sender is the same user that called registerCommit in issueToken

Required checks:

• Redeem must be free! i.e., vault cannot charged a fee for this
• User specifies bitcoin transaction fee? Challenge: if too low, tx never included. Who is to blame then? Problem!
• We might need an oracle for current bitcoin transaction fees.

--> if BTC relay is used frequently, we can use verified TX as an estimate

We need to implement support for multiple issuers. Currently, it seems as if only a single issuer can register.

Currently a user can only create a single issue commitment at a time.
Problem: mapping currently is msg.sender => CollateralCommit
Fix: increment a uint256 counter with each commitment and use the following mapping:
hash(msg.sender, counter) => CollateralCommit.

Challenge: user must track hash(msg.sender, counter)!
Fix: emit msg.sender and the counter non-digested

Add replay protection - identical to issue and redeem:

• contract address
• redeem request id/nonce

Currently, no vault specified when making a redeem request.

Problem: vaults can prevent users from redeeming funds if they do not react -> however, we will not know who to punish.

Fix: add vault address as parameter.

Check required: does vault have sufficient funds?

To allow issuing of large tokens amounts within a single issue process --> allow multiple vaults to join collateral (user driven call!).

Automatically generate API docs with: https://github.com/OpenZeppelin/solidity-docgen

Replace new vault's tx fee?

When a redeem request is created after lockReplace has been called, the countdown of the redeem request must only be initiated AFTER the replace was finalized.

Otherwise, the new vault may end up having not enough time to fulfill the redeem requests and get's punished

Problem: currently surplus collateral given to the contract

Fix: add the surplus collateral to the vault's balance

Instead of users having to enter the precise amount of the vault's available BTC, when they want to redeem a large sum with multiple vaults, allow user to specify a "fill up" flag, which simply takes all of the vault's available funds.

Improvement: we avoid dust remaining in the vault's balance.

Problem: transaction can be replayed by a user to trick contract into issuing multiple tokens, possible with different contracts

Fix:

• Contract must check that contract address is in Bitcoin transaction -> prevent issuing on multiple issuing chains
• Contract generates a nonce which must be included in the Bitcoin tx -> counter

As a result, the contract returns a digest of:

• user eth address
• contract address
• counter

Define a factor: eth collateral per vault's locked collateral unit (eth) per time unit (minutes / blocks).

Currently, slashed collateral is paid to the vault, whose funds were locked.

Problem: may incentivize vault to try to force failures.

Alternative: burn? Keep in contract?

Other option: make vault reimbursement strictly smaller than the fee the vault would earn in case the issue would succeed

The check for free vault collateral must also check for expired collateralized commitments.

Reason: otherwise, the vault would have to make a transaction to update the balances when a commitment expires (and user did not issue).

TODO:

1. add additional method extracting correct amount of free vault collateral and marking it as free (stateful!)
2. Getter method for free collateral must extract all expired commitments as well (stateless). Do the check/calculation in the frontend / offchain to save gas! (get all vaults and all existing commitments)

If the exchange rate drops so far, the vault's collateral falls below a certain threshold (specify!) --> allow the user to abort the issuing process without penalty.