I believe I have found a serious vulnerability in the way that hash locked cross-chain atomic swap smart contracts are being written right now (!). The vulnerability allows the initiating party (holding hash secret) to scam the counterparty and steal funds, in certain pairs of cryptocurrencies (e.g., BTC-ETH) but not in others (e.g., BTC-LTC).
https://gist.github.com/markblundeberg/7a932c98179de2190049f5823907c016Luckily, it has an easy fix.
Please criticize!
Well, not each cryptocurrency can be swapped. It has to have certain prerequisites that are as follows:
- branched transaction scripts (i.e. existence of scripting language)
- the same hash algorithm in both chains’ transaction scripts
- signature checks in transaction scripts
- CheckLockTimeVerify or CheckSequenceVerify (“CLTV” and “CSV” for short) in transaction scripts