rfp: cross-chain DEX and synthetic-XMR design bundle (decision drafts) + 2 lambda prizes#57
Draft
fryorcraken wants to merge 16 commits into
Draft
rfp: cross-chain DEX and synthetic-XMR design bundle (decision drafts) + 2 lambda prizes#57fryorcraken wants to merge 16 commits into
fryorcraken wants to merge 16 commits into
Conversation
Five decision-stage RFP drafts plus two background appendices. Each RFP captures one alternative in the cross-chain DEX design space so the Logos team and the community can compare and pick before specifying further. Scope of Work, FURPS hard requirements, team profile, timeline, and contracting details are deliberately omitted at this stage; the drafts focus on desired properties, high-level flow, and consistent Pros/Cons/Risks so the trade-offs are scan-comparable. New RFPs: - RFP-021: cross-chain privacy DEX (Serai-like federated middle layer). AMM-style liquidity, TSS custody, LEZ privacy primitives layered on top. Honest XMR caveat: view-key-shared TSS custody leaks Monero deposit history to validators. - RFP-022: bonded atomic swaps with two explicit tiers. Tier 1 (LEZ-BTC, LEZ-ETH): symmetric bonding via on-LEZ light-client inclusion proofs; full bilateral free-option mitigation. Tier 2 (LEZ-XMR): asymmetric because Monero has no SPV-style proof primitive without view-key disclosure. Bob bonded; Alice reputation-gated only on pre-XMR-lock free option. Bondless-taker capped-entry mechanic for onboarding without LEZ assets. - RFP-023: reputation as the bonding alternative. Maker reputation is publicly linkable. Taker reputation via either capped-pseudonym path or zk membership proofs (SMT of swap outcomes). Provides the reputation primitive consumed by RFP-022 and RFP-025. - RFP-024: synthetic XMR (sXMR), pure non-custodial design. Goal 1 from the sXMR design-space appendix. Oracle-priced, open LP set, soft peg, redemption via atomic swap to real XMR on Monero L1. - RFP-025: synthetic XMR (sXMR) with redemption SLA. Goals 2a and 2b together; applicants commit to one. Option 2a bonded LP set (consumes RFP-023 reputation for default attribution because atomic-swap state alone cannot adjudicate "LP defaulted"). Option 2b protocol XMR reserve (structurally an oracle-priced sBTC). New appendices: - appendix/cross-chain-trust-model-contrast.md: the federated-signers vs atomic-swaps trust analysis. Three mitigations for the atomic-swap free-option problem (same-asset bridge with the synthetic-token correction; bonded atomic swap with the two-tier framing for BTC/ETH vs XMR; reputation with the taker-linkability privacy tension). Bondless-taker capped-entry mechanic documented as cross-cutting. Primary sources only. - appendix/sxmr-design-space.md: Goal 1 / 2a / 2b property matrix, decision tree, pre-spec validation list, bottom-line table. Adapted from research-synthetics/rfp/appendix/sxmr-atomic-redemption.md with no em dashes and Australian English. Citation policy: primary sources only (Monero docs, FCMP++ research notes, COMIT/Farcaster references, Serai/Thorchain whitepapers, BIP references). No internal R&D documents cited. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- RFP-021: replace the labels-only ASCII architecture sketch with a Mermaid flowchart that shows the validator set, the per-curve TSS vaults, and the LEZ execution layer (AMM plus privacy primitives) with proper connections. - RFP-022: replace the Tier 1 ASCII swimlane with a Mermaid sequenceDiagram covering phases 0 through 5 (Quote, Commit, Lock-BTC, Lock-Logos, Reveal, Settle) with explicit slash-window notes. - appendix/cross-chain-trust-model-contrast.md line 53: fix the inline citation of the Hoenisch and del Pino BTC-XMR atomic-swap paper from "IACR 2021/441" to "IACR 2020/1126". The URL was already correct and the references block (line 208) and RFP-022 (line 135) had the right identifier; only the inline mention was wrong. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Findings consolidated from seven parallel fact-check agents (one per new file). Fixes applied as a single follow-up commit. Citation corrections: - IACR ePrint 2020/1126 is "Bitcoin-Monero Cross-chain Atomic Swap" by Joel Gugger, not Hoenisch and del Pino. The Hoenisch/del Pino paper "Atomic Swaps between Bitcoin and Monero" is arXiv:2101.12332. The earlier "fix" commit (ba4adfd) swapped one wrong attribution (IACR 2021/441) for another (IACR 2020/1126 / Hoenisch and del Pino). Now cites both papers correctly: Gugger 2020/1126 and Hoenisch/del Pino arXiv:2101.12332. Affects RFP-022 line 135 and appendix line 53/References. - Broken URLs replaced: getmonero.org/resources/moneropedia/fcmp.html -> getmonero.org/2024/04/27/fcmps.html (the canonical FCMP++ post); citrea.xyz/learn/clementine -> docs.citrea.xyz/essentials/ clementine-trust-minimized-bitcoin-bridge; LLFourn/one-time-vrf -> LLFourn/one-time-VES (correct repo); wormhole.com/docs/learn/ security -> wormhole.com/docs/protocol/infrastructure/guardians (which actually contains "Security through reputation, not tokens"); docs.stacks.co/concepts/sbtc -> docs.stacks.co/learn/sbtc (post-redirect canonical URL). - Synthetix V3 docs link replaced with SIP-302, the primary source describing snxUSD-minting against collateral. The previously cited /v/v3/ page documents perps trading only. - Inline Thorchain bond-to-pooled ratio (2:1 + 1:1) was cited via the Serai Validator Sets spec and the Thorchain CLP page, neither of which document that ratio. Cite docs.thorchain.org/understanding- thorchain/rune instead. - Liquality "$35M lifetime volume" originally cited defiprime.com which does not state the figure. Reframed as widely-cited marketing copy without primary anchor. Substantive claim revisions: - Tier 2 Monero cryptography text in RFP-022 line 21 tightened: "reveals either the per-tx private key or the recipient view key (plus the output blinding factor), each of which is sufficient to deanonymise the swap output". Reflects the distinction between OutProofV2 (tx_secret_key) and InProofV2 (view secret key). Cites Zero to Monero 2.0 inline. - Wedge claim "the only synthetic in the published landscape" was overclaimed: Synthetix's historical sXMR paired with the Secret Network Monero Bridge already offers XMR-L1 redemption under signer-set custody; Haven Protocol's xAsset family offered privacy-chain synthetics (closed Dec 2024). Narrowed to "the only currently published, live synthetic whose redemption deposits real XMR on Monero L1 *non-custodially, via peer-to-peer atomic swap*". Affects RFP-024 and the sxmr-design-space appendix. - "Reinvented sBTC with an oracle bolted on" framing in RFP-025 option 2b corrected: sBTC is 1:1 redemption-backed, not oracle- priced. The structural overlap is the threshold-signer custody model; the peg semantics differ. Reworded throughout. - Serai timeline in RFP-021 corrected: "roughly six years" -> "roughly five years" (Serai dev began 2021, not 2020). "post-audit as of 2026-04" -> "post-cryptographic-audit by Cypher Stack in May 2025; mainnet not yet launched". - Thorchain cumulative volume updated from $112B to >$120B per DefiLlama dashboard, with access date. - Wormhole reputation analogy in RFP-023 and the appendix softened: Wormhole is 19 hand-picked PoA signers, not a permissionless reputation-accruing population. RFP-023 premise reframed as a design conjecture rather than a proven theorem. - Wormhole Feb 2022 categorisation in RFP-025 fixed: was listed under "signer collusion / key compromise / signing-software bug"; actually a per-chain bridge-contract bug (load_instruction_at) that bypassed the signer set entirely. Recategorised. - Settlement-time claim "30 to 60 minutes per swap" repeated five times across the bundle without primary source. Hedged to "Monero-confirmation-bound; typically under an hour but with variance from network conditions". Applicants asked to measure against a recent client release rather than rely on the indicative range. - "About five years (2017 proposal to 2021 implementation)" was four years. Corrected. - COMIT xmr-btc-swap "archived as of 2024-11" -> "unmaintained since 2024-11; archival pending per issue #1791" (the repo is not actually flagged as archived on GitHub). - Thorchain TSS incident dated more precisely: "May 2026" -> "2026-05-15" where applicable. Wormhole "February 2022" -> "2022-02-02" where applicable. Citation hygiene: - Inline citation added for sBTC-redeems-to-BTC claim in RFP-024. - Demand-asymmetry and adverse-selection claims in RFP-024 marked as predicted behaviour ("predicted demand asymmetry", "predicted adverse selection") rather than stated facts. - "(accessed 2026-05-21)" added to all external citations across the seven new files, matching the inline-citation convention used by the sibling appendix lez-vs-dedicated-zone.md. - Han et al. IACR 2019/896 added as the canonical "free option problem" reference in the sxmr-design-space appendix. No changes to the Mermaid diagrams added in commit ba4adfd. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
A well-sourced lesson from the research vault that should probably be captured explicitly in one of these RFPs (most likely RFP-022 or the trust-model appendix): The Secret Monero Bridge (launched August 2021) tried to bridge XMR into a programmable privacy ecosystem and failed reputationally with the Monero community. The research documents three specific failure modes that are directly relevant to the bonded-atomic-swap and synthetic-XMR designs in this bundle:
Sources (all primary or community-verified):
The research vault note is at (Secret Monero Bridge section) and in . Suggest adding a brief reference to the Secret Monero Bridge as a negative example in RFP-022's Risks section or in the trust-model appendix, to show what happens when a bridge tries to bring XMR into DeFi without bonding, without privacy-preserving UX, and without aligning with the source chain's trust assumptions. |
fryorcraken
commented
May 22, 2026
Collaborator
Author
fryorcraken
left a comment
fryorcraken
left a comment
There was a problem hiding this comment.
Need to review whether the private middle chain (a la Thor) is really a USP Logos can offer.
Do not use "Waku" terminology: only "Logos Delivery"
Sounds like the appendix could be merged as I saw duplicate info
Pure background appendix covering atomic-swap mechanics: HTLC, adaptor signatures with cross-curve DLEQ, the canonical XMR-BTC flow (with Mermaid sequence diagram), the locks-first rule (script-bearing side locks first by construction of the adaptor-signature primitive), the free-option problem, and the sigma*sqrt(T)*notional notation used to size free-option premiums. Survey scope only: deployed protocols and published literature. No bundle-specific designs, no recommendations. Part of the appendix/RFP-design split for PR #57. Following commits will rewrite the trust-model-contrast and synthetics appendices to pure survey form, then move the bundle's design content into the relevant RFPs (022-025). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The sequence diagram had "scalar s" at end-of-line, which Mermaid's parser treated as a participant token rather than label text. Reworded to "the scalar" / "the revealed scalar" so the diagram renders on GitHub. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mermaid's sequenceDiagram parser treats semicolons in message labels as statement separators, breaking the diagram. Replaced "Claim BTC; broadcast reveals the scalar" with "Claim BTC, broadcasting the scalar to Alice". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three changes: 1. atomic-swaps-primer.md: corrected Farcaster status (vault confirms still actively maintained as of 2026 with Lightning BTC support, not the v0.8.4-2023-01-16 stale claim). Removed bundle-specific "Generalisation to XMR-LEZ" section. Removed bundle references from notation and closing text. Sourcing for the protocol step diagram and lock-ordering rationale flagged in marclawclaw/research-cross-chain-dex/projects/PENDING-atomic-swap-protocol-details.md. 2. cross-chain-trust-model-contrast.md: stripped Mitigations 1/2/3 design content, Synthesis table, bondless-taker mechanic. All are bundle design choices that belong in the RFPs, not in a survey appendix. Kept the two-camps contrast and the adoption record. All numbers re-grounded against the research vault: Thorchain $112.201B cumulative (DefiLlama, not the $118B Messari claim that was not in vault); AtomicDEX Nomics $5,737 figure; Liquality $35M; Serai pre-mainnet with 2026-04-15 audit; Wormhole 19-of-13 attestation pattern. Every claim now traces to a citation in marclawclaw/research-cross-chain-dex/. 3. synthetics-design-space.md: replaces sxmr-design-space.md. Stripped Goal 1/2a/2b sub-designs (move to RFPs 024 and 025 in follow-up commits). Survey-only taxonomy: oracle-priced over-collateralised (Haven, Synthetix); redeem-to-underlying with custody (sBTC, Secret Monero Bridge); redeem-to-underlying without custody (no deployed example). Privacy-coin specific constraints documented. Secret Monero Bridge included as the closest deployed prior art with its documented launch reception. Three vault-uncertain claims explicitly flagged inline for verification (Haven shutdown date, SIP-302 citation, sBTC trust shape); see PENDING-atomic-swap-protocol-details.md. Inbound links from RFP-024 and RFP-025 to the old sxmr-design-space file will be updated by the follow-up commits that move the design content into those RFPs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Completes the appendix/RFP split started in the previous commit. RFP-022 (Bonded Atomic Swaps): - Reframe bonds as the *price of the free option* at each phase boundary (per the comment-7 walk-through). Bond is sized at or above sigma*sqrt(T)*notional; bond posts at Commit; refunds on honest completion or slashes on default. - Drop the B_bob_slice slicing concept (comments 3, 5). Use full B_alice and B_bob bonds posted atomically at Commit. - Drop the Bob-broadcasts-BTC hop (comment 4). Alice broadcasts the BTC lock directly; inclusion-proof submitter remains unauthenticated. - Fix Phase 3 row to lock only trade_amount, not the bond (comment 5). - Add an option-pricing audit subsection naming, per phase boundary, who is short the option, who is long, and which bond prices it. - Add a direction-symmetry note (comment 6): for LEZ-XMR, the protocol- level asymmetry is direction-independent; XMR-side party always holds the unverifiable lock; roles flip across taker/maker. - Add a Tier 2 option-pricing audit and explicitly mark the Phase 2 boundary as non-bond-priceable (trigger event off-LEZ); reputation plus maker market competition only. - Defer the off-chain verifiable maker reputation question to RFP-023 with a one-paragraph pointer. - Update appendix links to point at atomic-swaps-primer.md and cross-chain-trust-model-contrast.md (the survey appendix). RFP-023 (Reputation-Based Atomic Swaps): - Add a Slashable-event matrix and reputation counter design section (comment 8): per-event matrix showing LEZ-observable / slashable / reputation-counter triples. "Zero slashes" is too crude for LEZ-XMR; registry must track completed_count, slashed_count, abandoned_pre_xmr_lock_count, and disputed_attestation_count separately. zk membership proofs claim against per-counter thresholds. - Add Off-chain verifiable maker reputation section: open question about whether the non-slashable abandonment paths can be made third-party-verifiable via a proof bundle (signed quote + Monero lock + view-key material + LEZ no-show). Sub-questions: privacy cost, distribution, aggregation, spam resistance, defense, threshold. RFP-024 (sXMR Pure): - Rewrite the wedge paragraph to remove unverifiable claims (Synthetix-sXMR-paired-with-Secret-Monero-Bridge, Haven shutdown date, sBTC public-BTC-redemption specifics). Replaced with what is sourced in the vault: Secret Monero Bridge as deployed custodial prior art; Haven xAssets as a Monero-forked privacy-chain synth family without an xXMR product; sBTC and sETH-family synths as redeem-to-transparent-assets. - Update appendix references; remove stale Farcaster v0.8.4 citation (already documented in research vault as misleading). - Point references at atomic-swaps-primer.md, synthetics-design-space.md (renamed), and cross-chain-trust-model-contrast.md. RFP-025 (sXMR with SLA): - Update appendix references to point at synthetics-design-space.md and atomic-swaps-primer.md. The Option 2a (bonded LPs) and Option 2b (protocol reserve) design content was already in this RFP and remains unchanged. - Flag the sBTC trust-shape citation as pending vault verification. Appendix touch-ups: - atomic-swaps-primer.md: minor formatting from mdformat. - cross-chain-trust-model-contrast.md: mdformat reflow. - synthetics-design-space.md: mdformat reflow. All sourcing gaps are tracked in marclawclaw/research-cross-chain-dex/projects/PENDING-atomic-swap-protocol-details.md for a researcher pass; flagged annotations in the appendices will be cleaned up once the pending claims are verified. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The vault deliverable atomic-swap-protocol-details.md (plus stacks-sbtc.md, synthetix.md, updated haven.md) answered all 11 sourcing requests on 2026-05-22. Corrections applied: Primer (appendix/atomic-swaps-primer.md): - Drop the "step 0: signed quote" framing. Quote exchange is an implementation-layer maker convention (libp2p secure-channel auth), not a cryptographic protocol step. Gugger 2020 §2 explicitly says price agreement is off-protocol. - Reframe BTC-locks-first as an economic constraint (draining-attack analysis, Hoenisch and del Pino 2021 §4), not a primitive constraint. Gugger 2020 has the reverse XMR-first variant; reversing the order requires CLSAG-based adaptor signatures (not deployed). - Correct timelock framing: both timelocks are Bitcoin-side; Monero has no script-level timelock primitive (Gugger 2020 §3.1). Add canonical mainnet values from xmr-btc-swap and eigenwallet source code (eigenwallet: t_1=24, t_2=144; COMIT: 72/72). - Soften Han 2019 claim: paper proves equivalence to premium-free American Call Option and quantifies premium at ~2% for crypto pairs; does not directly attribute volume scarcity to the free-option. - Reframe the "4-year gap": Decred-Litecoin 2017-09-19 first on-chain HTLC to COMIT 2021-08-20 BTC-XMR mainnet is ~4 years bridging the script-vs-no-script chain gap. From Gugger 2020 formal protocol to COMIT mainnet is ~18 months. TierNolan's bitcointalk post is 2013, not 2017. - Refine HTLC requirements: hashlocks plus relative timelocks plus transaction-malleability fix (Gugger 2020 §3.2). - Bump eigenwallet to v4.6.4 (2026-05-21). - Correct deployed-direction roles: Alice = XMR seller, Bob = BTC seller, BTC locks first. Synthetics appendix (appendix/synthetics-design-space.md): - Haven Protocol: confirmed shutdown 2024-12-12 after range-proof exploit; >94% of XHV supply controlled by attackers at closure. Closure announcement cited directly. - Synthetix: SIP-302 V3 CDP-minting reference verified with direct quote from the SIP. - sBTC (Stacks): 15-signer federation, 70% threshold (14 currently operating, 10-of-14 to sign); ~6-block (~1h) withdrawal latency; no protocol-level privacy on BTC-side destination. - Two-unrelated-sXMR-products section: Synthetix sXMR (Ethereum L1, SNX-collateralised CDP oracle synth, Hadar release 2020-03-30) is unrelated to Secret Network sXMR (SNIP-20 wrapped real XMR via Secret Monero Bridge, 2021). The two share a ticker but were never paired. - Remove all "flagged for vault verification" inline annotations. RFP-024 (synthetic XMR pure): - Rewrite the wedge paragraph: two distinct prior-art families (bridge-custodied real XMR via Secret Monero Bridge; CDP-collateralised oracle-priced synth via Synthetix sXMR) neither of which fills the non-custodial peer-to-peer-atomic-swap corner. - Correct Haven characterisation: ran 2018-2024, closed 2024-12-12, never offered xXMR. - Clean up references to remove the stale "pending vault verification" annotations. RFP-025 (synthetic XMR SLA): - Add the sBTC custody specifics (15-signer 70% threshold) to the references list; remove the "pending vault verification" annotation. Decisions log (proposals-review/pr-57-decisions.md): - Replace "Outstanding sourcing requests" with "Sourcing requests resolved 2026-05-22" listing each of the 11 claims with their resolution. PR description updated to reflect the new three-appendix structure and the verified-sourcing pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New RFP: - RFP-026 (Fee-Burn Atomic Swaps): adapts the eigenwallet PR #675 mechanism to LEZ-paired swaps. Non-refundable burn on the refund branch prices the free option without an on-LEZ bond. Maker-set fraction; burnt (not paid to counterparty) to avoid incentive skew; mercy path for honest refunds. The RFP explicitly addresses direction dependence: the fee-burn lives on the locks-first chain, so it prices the first-locker's option only; the second-locker's option needs a separate mechanism (or is left unpriced). For the reverse XMR-first variant (Hoenisch and del Pino 2021 §4), Monero has no refund-branch script and the mechanism is infeasible until FCMP++ or similar primitives ship. Bond-system review (code-reviewer agent) findings applied: - RFP-022 §Overview: replaced "Locking order is fixed by the cryptographic primitive" with the draining-attack economic framing (Hoenisch and del Pino 2021 §4), matching the corrected primer. Fixed broken anchor link to the primer. - RFP-022 §Cons: added "Bond can exceed spread in high-volatility regimes" with the σ=0.8 / 28h example yielding bond ≈ 4-5% of notional vs typical maker spread 1-2%. Applicants must address what happens when σ × √T > spread. - RFP-022 §Relationship: added RFP-026 entry. Explicitly framed as a *substitute* for RFP-022's bond, not a complement. RFP-022 bond dominates Tier 1 (capital-efficient on honest completion); RFP-026 fee-burn dominates Tier 2 (prices the off-LEZ option the bond can't). Layering both on the same option boundary is double-counting. - RFP-024 §Overview: added "Trade-off accepted up front" paragraph moving the unpriced-free-option choice from Risks to the Overview. States explicitly that LPs bear the cost of the unpriced option; points readers to RFP-022, RFP-026, or RFP-025 if they want the option priced. - RFP-025 §Option 2a: added paragraph distinguishing the per-swap RFP-022 bond from the persistent SLA-bond. Applicants must address whether the two are additive or one subsumes the other when layered; aggregate bond load matters for LP economics. Deferred for follow-up review (real findings, not fixed in this commit): bond sizing T-parameter inconsistency (1h indicative vs 28h actual refund window); Phase 5 settlement clarification; bondless- taker capped-entry interaction with both-bonds-at-Commit; Tier 2 bidirectional audit tables; Wormhole-as-closest-analog framing in RFP-023; Thorchain aggregate-bond invariant accept/reject; bondless cap math (US$100 ↔ option value). Captured in pr-57-decisions.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three RFPs removed; two lambda prizes added; remaining RFPs reframed around existing-project prior art. Removed RFPs: - RFP-022 (Bonded Atomic Swaps) - RFP-023 (Reputation-Based Atomic Swaps) - RFP-026 (Fee-Burn Atomic Swaps) These RFPs specified solutions to two open problems where the Logos team would rather not pre-judge the design. They were prescriptive about the mechanism (bonds, reputation primitives, fee-burns) when the more honest posture is to frame the problem and let solvers compete. New lambda prizes (staged in lambda-prizes/; to move to logos-co/lambda-prize when accepted): - LP-0018 (Anti-Spam Mechanism for Atomic Swaps): frames the taker-spam / free-option problem. References eigenwallet PR #675 as one example of reference prior art but does not prescribe the approach. Solvers may design bonds, fee-burns, reputation, deposits, slashing schemes, or any combination. Success criteria require non-custody preservation, incentive-compatibility argument, direction-coverage statement, and honest-refund handling. - LP-0019 (Off-Chain Verifiable Reputation for Atomic-Swap Makers): frames the off-chain attribution / verifiable-complaint problem. Lists naive view-key disclosure, FCMP++-grade zk proofs, multi-party attestation, and watchtower designs as candidates without prescribing the answer. Success criteria require sybil resistance, spam resistance, third-party verifiability without trusting the complainant, and complainant-side privacy. Reframed remaining RFPs around existing-project inspiration: - RFP-021: already cited Thorchain/Serai/Maya/Chainflip. Relationship section updated to point at LP-0018 and LP-0019 instead of the deleted RFP-022/023. - RFP-024: added "Inspired by existing prior art" paragraph naming Synthetix (CDP minting mechanic, SIP-302 Pools V3) and eigenwallet/ COMIT (peer-to-peer atomic-swap redemption). The novelty is the combination, not either half. Updated all cross-references to the deleted RFPs. - RFP-025: Option 2a now explicitly framed as inspired by Thorchain's bonded-validator model (operators post slashable stake against a defined performance contract); Option 2b explicitly framed as adopting sBTC's threshold-signer custody model with an oracle-priced peg layer. Both link to appendix-documented existing projects. - All references to RFP-022/023/026 replaced with pointers to LP-0018 or LP-0019 as appropriate. Appendix coverage check: every project named in the remaining RFPs (Thorchain, Serai, Maya, Chainflip, Wormhole, sBTC, Stacks, Synthetix, eigenwallet, COMIT, Farcaster, Haven, Liquality, AtomicDEX, Komodo, Secret Monero Bridge, Secret Network) is documented in at least one appendix (atomic-swaps-primer.md, cross-chain-trust-model-contrast.md, or synthetics-design-space.md). Decisions log (proposals-review/pr-57-decisions.md) appended with a "Bundle restructure 2026-05-22 (afternoon)" section summarising the shift. Deferred bond-system review findings (#3, #4, #5, #6, #7, #8, #12, #14) are no longer relevant since the bonded-atomic-swap design they applied to has been removed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fryorcraken
changed the title
Two cosmetic touch-ups from the fact-check agent's report (no critical issues found): - atomic-swaps-primer.md: Han 2019 premium framing tightened from "approximately 2%" to "2-3%", matching the paper's exact "2% ~ 3%" range for cryptocurrency pairs. - cross-chain-trust-model-contrast.md: replaced "four orders of magnitude" with "roughly three-to-four orders of magnitude" for the Thorchain vs Liquality cumulative volume gap. Thorchain $112.2B / Liquality $35M is ~3,200x, which is 3.5 orders of magnitude. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fryorcraken
commented
May 22, 2026
Collaborator
Author
fryorcraken
left a comment
fryorcraken
left a comment
There was a problem hiding this comment.
RFP-24 and 25 make no sense.
the only two options we have, based on the research capted on teh appendix are:
- stable over-collaterizsed CDP back the synthetic
- real assets locked in trusted multi-sig
This is 2 RFPs we can have, with a preference for (1)
then, have another RFP, where we plug atomic swaps with (1).
…rrection)
Primer (atomic-swaps-primer.md):
- C1: add refund-path Mermaid sequenceDiagram in Timelocks and refunds
section showing TxLock → TxCancel → branch: TxRefund (Bob) or TxPunish
(Alice after t_2).
- C2: accept text suggestion at line 112; drop "The quote is not
cryptographically signed" clause.
- C3: add paragraph after Han 2019 citation noting eigenwallet runs a
community-scale market (3,000+ swaps via GUI in 2023, ~89k cumulative
binary downloads, single-digit active makers), demonstrating the
free-option problem is a friction rather than absolute blocker.
- C3b (substantive): rewrite "Locking order" and "How locking order
generalises across pairs" sections. BTC-first in BTC-XMR is now framed
as a protocol-level constraint, not just economic. Monero today
provides no on-chain primitive supporting the locks-first role in any
published atomic-swap construction. Sources: Monero core team's
2026-05-10 deprecating-unlock-time blog post ("no scheme has been
specified" using Monero's existing timelock); eigenwallet/protocol
commit 6151734 removing the XMR-first chapter; FCMP++ hardfork
deprecating the timelock primitive. Economic draining-attack
complements but does not replace the protocol constraint.
Trust-model contrast (cross-chain-trust-model-contrast.md):
- C4: add eigenwallet and Samourai Wallet (atomic-swap GUI) bullet
entries to the atomic-swap representative protocols list. Includes
vault-sourced adoption figures: eigenwallet 3,000+ swaps via GUI in
2023, ~89,400 cumulative binary downloads, ~2 active mainnet makers,
third-party +180% growth attribution; Samourai 2023-08 announcement,
2024-01 beta, 2024-04 seizure, 5/4-year prison sentences in Nov 2025,
several-hundred-thousand pre-seizure user base, no first-party swap-
volume figure published. Softened the volume-gap prose to acknowledge
community-scale adoption is real, not "unused".
Synthetics design space (synthetics-design-space.md):
- C5: add closing paragraph to sBTC bullet comparing it to Thorchain's
bonded-validator model. Same trust class (federation of named or
staked signers custodying the underlying asset); differences in size,
threshold, and cryptographic construction documented.
Lambda prize LP-0018 (anti-spam → spam-protection-for-makers):
- C6, C7, C8, C9: retitle in-body to "Spam Protection for Atomic-Swap
Makers" (filename unchanged per user). Introduce maker/taker
architecture. State LEZ-side-locks-first as a protocol constraint
for XMR↔LEZ. Add explicit two-sub-case direction analysis (A: LEZ-
taker locks first; B: LEZ-maker locks first, DDoS-exposed). Scope to
XMR↔LEZ. Single prize, two acceptable solution shapes. Replace FURPS
subsections with three success criteria (proven spam reduction with
stats/testimony; no reliability reduction for honest takers; no
reliability reduction for honest makers). Move non-pass/fail items
into a Design Constraints section. Clean Out-of-Scope: remove
polished-UI and LEZ↔XMR-direction-symmetry exclusions.
Lambda prize LP-0019 (off-chain reputation → taker reliability):
- C10: retitle in-body to "Taker Reliability for Atomic Swaps". Strip
the off-chain proof-bundle subsection entirely; replace with generic
"design space is open" statement listing on-chain attestation,
off-chain proof bundles, slashable bonds, watchtower designs,
reputation systems, and hybrids as candidate approaches without
prescribing. Mirror LP-0018 structure (maker/taker intro, XMR↔LEZ
scope, two sub-cases, three success criteria, Design Constraints
section).
Decisions log (proposals-review/pr-57-decisions.md):
- Append "Round 2 review resolutions 2026-05-22" section logging C1
through C10 plus the C3b protocol-constraint correction.
Verification: 0 FURPS headers remain in prizes; both prizes mention
XMR↔LEZ six times each; primer has 2 Mermaid sequence diagrams (happy
path + refund); trust-model contrast lists eigenwallet and Samourai;
all 5 off-chain mentions in LP-0019 are listed as one option among
many rather than as the framing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous bundle conflated three distinct synthetic-XMR designs. The
research-vault material supports a clean three-way split, with the
team's preference for the CDP-backed design (RFP-024).
RFP-024 rewritten as CDP-backed synthetic only:
- Mint sXMR against stable collateral on LEZ at oracle price; burn to
recover collateral. No atomic swap, no XMR custody, no redemption to
Monero L1. Inspired by Synthetix CDP minting (SIP-302 Pools V3).
- The atomic-swap-redemption mechanic that was in the old RFP-024 has
been extracted to RFP-026.
- This is the preferred sXMR design in the bundle.
RFP-025 rewritten as real-XMR multisig only:
- 1:1 backed by real XMR held in a threshold-signer multisig on Monero
(FROST-over-CLSAG per Serai's monero-oxide work). Inspired by sBTC
(Stacks) and Secret Network's Secret Monero Bridge.
- Overview explicitly flags this as not the team's preferred design,
with custody risk and Monero deposit-history leak as the reasons.
- Option 2a (bonded LPs with redemption SLA) DROPPED. The slashable LP
bond cannot be auto-slashed on a single failed swap because LEZ
cannot adjudicate atomic-swap defaults from state alone; without
LP-0019 the bond degrades to a gating deposit. The "two sub-designs"
framing from the old RFP-025 is gone.
RFP-026 created as atomic-swap-redemption module:
- Strictly extends RFP-024. RFP-024 and RFP-003 are hard prerequisites.
- Adds open-LP-set peer-to-peer atomic-swap redemption from sXMR to
real XMR on Monero L1. Soft SLA; no protocol custody; no bonded LPs.
- LP-0018 and LP-0019 layerable but not preconditions.
RFP-021 slim trim:
- Stripped the "Desired properties" FURPS-shaped bullet list per
user direction ("all RFPs should be slim but Pros/Cons/Risks stay
because that is the critical decision content").
- Bundle-range note updated to "RFP-021, RFP-024, RFP-025, RFP-026".
- Relationship section updated to reflect the four-way split.
All RFPs (021/024/025/026):
- Bundle-range note updated to mention all four RFPs.
- "Desired properties" section removed in favour of letting Overview
and High-level flow carry the design intent. Pros/Cons/Risks kept
in full — those are the decision content.
- The note text explicitly says "FURPS detail" is among the omitted
decision-stage content.
Lambda prizes:
- LP-0018 bundle-range mention updated to include RFP-026.
- LP-0019 unchanged (no stale bundle references).
- LP-0018 and LP-0019 explicitly noted in RFP-024 as not preconditions
(the CDP design ships without atomic-swap-specific mitigations), and
in RFP-026 as layerable but not preconditions.
Decisions log:
- Appended "Round 3 restructure 2026-05-22 (synthetics three-way split)"
section documenting the design clarification and the new RFP mapping.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…o atomic swaps Add explicit "not preferred standalone, complementary to atomic swaps" framing to RFP-021's top-of-file note and Overview. The federated-signer custody model trades non-custody for AMM liquidity and one-step UX; the Logos team's working preference is the non-custodial atomic-swap path (RFP-003 + RFP-024 + RFP-026). RFP-021 stays in the bundle as a complementary design for users who prefer the better UX over cryptographic non-custody. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The research vault `~/src/marclawclaw/research-cross-chain-dex/` lives publicly at https://github.com/marclawclaw/research-cross-chain-dex. Replaced two local-folder references with the matching GitHub URLs so external readers can follow the citations. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fryorcraken
force-pushed
the
rfp/cross-chain-and-synthetics-bundle
branch
from
9438461 to
0b14248
Compare
Collaborator
Author
|
Hard blocker across all RFP is lack of core module and GUI for lez wallet |
Collaborator
|
One idea worth investigating is to have the synthetic asset anchored as a separate lending market within the lending RFP product. This way, we wouldn't need to provide the CDP infrastructure. Check out Maker's Direct deposit modules as slightly more centralized a reference. |
Collaborator
Author
We could make it a soft-requirement in the RFP. Enabling applicant to save dev effort and quote lower. WDYT? |
Collaborator
I think this makes sense. We do not know who will be running the lending market in the end. It might not be the same entity, after all. |
Collaborator
|
Changed my opinion based on this research below @fryorcraken We might need to have a specific CDP liquidation mechanism for this. On liquidation mechanics for CDP-backed sXMR Walking through the failure mode:
This is a structural ceiling on how much sXMR can be safely issued. In thin sXMR/LGS liquidity, the band where liquidation is profitable is narrow and gets narrower as the underlying moves faster. A volatile synthetic with shallow secondary markets has a liquidator-shortage problem that generic CDP design doesn't address. This also means the liquidation layer can't ride on a generic lending-market substrate (Aave/Compound/Morpho Blue all assume the borrowed asset has a deep secondary market the liquidator can hit in one tx). The position accounting (isolated CDPs, c-ratios, oracle pricing) can be reused, but the liquidation absorption mechanism needs to be specific to sXMR. Liquity-style stability pool as the proposed solution. Depositors pre-fund a pool with sXMR. When a CDP breaches the liquidation threshold, the protocol atomically burns sXMR from the pool against the debt and distributes the seized LGS pro-rata to pool depositors. Liquidators don't need to scramble for sXMR. Pool depositors are effectively running a perpetual short-XMR / long-LGS strategy and earn the liquidation discount as yield. Why this fits sXMR specifically:
Recommended for RFP-024: specify the liquidation mechanism explicitly rather than punting to "standard CDP liquidation". A Liquity-style stability pool is the natural baseline given the synthetic-with-thin-secondary-market shape of sXMR at launch. Applicants can propose alternatives, but the RFP should call out the problem and the baseline answer rather than leaving it open. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Four RFP drafts plus three background appendices plus two lambda prize drafts. The bundle keeps RFPs where the solution shape is anchored in deployed prior art; the two open design questions (taker-spam protection for makers and taker reliability against maker misbehaviour) become competitive lambda prizes where the Logos team does not pre-judge the mechanism.
RFPs (each inspired by existing prior art documented in the appendices)
RFP-021 — Cross-Chain Privacy DEX (Federated Middle Layer) (not preferred standalone; complementary to atomic swaps). Inspired by Thorchain, Serai, Maya, Chainflip. AMM-style liquidity, TSS custody, LEZ privacy primitives layered on top. Honest XMR caveat: view-key-shared TSS custody leaks Monero deposit history to validators. Positioned as complementary to RFP-024 + RFP-026: the federated middle chain handles high-liquidity bulk trading where users accept federated custody for better UX, while the atomic-swap path covers the privacy-maximalist niche where cryptographic non-custody beats UX convenience. The two can coexist. See `appendix/cross-chain-trust-model-contrast.md`.
RFP-024 — sXMR, CDP-Backed Synthetic (preferred sXMR design). Inspired by Synthetix CDP minting (SIP-302 Pools V3). Mint sXMR against stable collateral on LEZ at oracle price; burn to recover collateral. No atomic swap, no XMR custody. sXMR is a debt instrument against stable collateral, not a wrapped asset. Trade-off: no direct redemption to real XMR on Monero L1 within this RFP (use RFP-026 for that path).
RFP-025 — sXMR Backed by Real XMR in Trusted Multisig (not the preferred design). Inspired by sBTC (Stacks) and Secret Network's Secret Monero Bridge. 1:1 real-XMR backing held in a threshold-signer multisig on Monero (FROST-over-CLSAG per Serai's monero-oxide work). Documented for design-space comparability with an explicit "not preferred" callout in the Overview: custody risk and Monero deposit-history leak are real and material; RFP-024 wins on the bundle's positioning. The previous Option 2a (bonded LPs with redemption SLA) has been dropped because the slashable bond cannot be auto-slashed on a single failed swap without LP-0019's off-chain attribution.
RFP-026 — sXMR Atomic-Swap Redemption (extends RFP-024). Adds a peer-to-peer atomic-swap redemption module on top of RFP-024's CDP-backed sXMR. Holders post a redemption intent over Logos Delivery; any XMR holder (an open LP) can counterparty via an atomic swap using RFP-003's LEZ-XMR SDK. Open LP set, soft SLA, no protocol custody. Hard prerequisites: RFP-024 and RFP-003. LP-0018 and LP-0019 layerable but not preconditions.
Lambda prizes (staged in `lambda-prizes/`, to move to logos-co/lambda-prize when accepted)
The prizes could be open at a later stage once the frictions they aim to solve are actually experienced by users.
LP-0018 — Spam Protection for Atomic-Swap Makers. Frames the maker-side reliability problem (malicious takers spamming makers via initiate-and-abandon swaps). Scoped to XMR↔LEZ with two explicit sub-cases driven by the protocol-level locking-order constraint (LEZ-side party always locks first because Monero today provides no on-chain primitive supporting the locks-first role). References eigenwallet PR #675 as reference prior art without prescribing. Three-criterion success: proven spam reduction with hard stats or testimony; no reliability reduction for honest takers; no reliability reduction for honest makers.
LP-0019 — Taker Reliability for Atomic Swaps. The dual of LP-0018, framing the taker-side reliability problem (maker quote-and-walk, refusal to advance, selective serving, mid-swap disappearance). Design space deliberately open: on-chain attestation, off-chain proof bundles, slashable bonds, watchtower designs, reputation systems, or any combination. Same three-criterion success shape as LP-0018.
Appendices (bundle-agnostic surveys; no RFP-specific designs)
`appendix/atomic-swaps-primer.md` — HTLC and adaptor-signature constructions; canonical XMR-BTC flow with two Mermaid sequence diagrams (happy path + refund path); locking-order framed as a protocol-level constraint (Monero today provides no on-chain primitive supporting the locks-first role; vault-verified against Monero core's 2026-05-10 deprecating-unlock-time blog post, eigenwallet/protocol commit 6151734, and the FCMP++ hardfork deprecating the timelock primitive); canonical mainnet timelock values from `xmr-btc-swap` and `eigenwallet/core` source code; free-option problem with Han et al. 2019 framing tempered by eigenwallet's community-scale adoption signal; `σ × √T × notional` notation.
`appendix/cross-chain-trust-model-contrast.md` — federated-signer middle chains (Thorchain, Serai, Maya, Chainflip; Wormhole as a related-but-distinct attestation pattern) vs atomic swaps (COMIT, eigenwallet, Samourai Wallet, Farcaster, AtomicDEX, Liquality). Adoption record: Thorchain $112.2B cumulative; Wormhole $58.95B; Liquality $35M lifetime; eigenwallet 3,000+ swaps via GUI in 2023, ~89k cumulative binary downloads, ~2 active mainnet makers (community-scale not unused); Samourai pre-seizure user base in the several hundred thousands.
`appendix/synthetics-design-space.md` — deployed-synthetics taxonomy: oracle-priced over-collateralised (Haven, Synthetix); redeem-to-underlying with custody (sBTC 15-signer federation noted as structurally similar to Thorchain's bonded-validator model, Secret Monero Bridge); redeem-to-underlying without custody (no deployed example). Includes the Two-unrelated-sXMR-products clarification (Synthetix sXMR ≠ Secret Network sXMR), the Haven Protocol shutdown (2024-12-12 after range-proof exploit), and the Secret Monero Bridge as the closest deployed prior art.
Sourcing
All factual claims trace to the research vault or to primary-source citations (Gugger 2020, Hoenisch and del Pino 2021, Han et al. 2019, Monero core deprecating-unlock-time 2026-05-10, eigenwallet/protocol repo, project documentation, Decred blog, Stacks docs, Haven closure announcement, Synthetix SIP-302, eigenwallet PR #675, DOJ Samourai sentencing release). The 11-claim vault sourcing pass and the subsequent vault material on XMR-first infeasibility (
projects/xmr-first-atomic-swaps.md,projects/xmr-first-required-monero-features.md) ground the locking-order framing. The comment-by-comment resolution log lives in `proposals-review/pr-57-decisions.md`.