PoC: Fix fee bypass bug using OP_CHECKTEMPLATEVERIFY

Jan 25 - Jan 25, 2024

  • HodlHodl, a P2P trading platform, has traditionally used a 2-of-3 multisig setup for its trades, involving public keys from the buyer, seller, and HodlHodl.

This allows the buyer and seller to transact directly without incurring fees from HodlHodl. However, this standard practice is being reconsidered through a proposal that suggests implementing a 3-of-4 FROST (Flexible Round-Optimized Schnorr Threshold) on the taproot keyspend where HodlHodl would control two keys. Alongside, four alternative script spends are proposed, which could resolve potential disputes either through single signature settlement or through cooperation or competition between buyer and seller after specified timeframes.

To facilitate these transactions without HodlHodl's fee, an open-source tool is available here, providing users with the necessary assistance. The detailed multisig contract specifications can be found in the HodlHodl Multisig contract specification.

The process begins with the seller funding a CTV address with bitcoin via a lock_tx, such as in the example transaction found here. Next, the seller provides an unlock_tx hex to both the buyer and HodlHodl. Once the buyer transfers the payment to the seller's bank account, they broadcast the unlock_tx, which in turn pays the trading fee to HodlHodl and locks the remaining amount in a 2-of-3 multisig address, as demonstrated by this transaction. If a dispute arises, HodlHodl's decision determines whether the funds return to the seller or not, utilizing their key in the multisig.

While a 3-of-3 multisig arrangement would make HodlHodl custodial and potentially hinder the release of bitcoins if HodlHodl becomes inaccessible, it would also ensure greater security. Therefore, employing OP_CHECKTEMPLATEVERIFY is beneficial for HodlHodl as it guarantees that they receive the trading fee with every trade, serving as a proof of concept that could be refined further.

Acknowledgements within the research include contributions from individuals such as Jeremy Rubin and katsu, as well as the platform HodlHodl itself.

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback