In this paper, we show that MAD-HTLC is also incentive-incompatible. The crux of the issue is that MAD-HTLC only considers passively rational miners. We argue that such a model fails to capture active rational behaviors. We demonstrate the importance of taking actively rational behaviors into consideration by showing three novel reverse-bribery attacks against MAD-HTLC that can be implemented using Trusted Execution Environments (TEEs) or zero-knowledge proofs (ZKPs). We further show that reverse bribery can be combined with original delaying attacks to render MAD-HTLC insecure regardless of the relationship between collateral and deposit. Based on the learnings from our attacks, we devise a new smart contract specification, He-HTLC, which is lightweight and inert to incentive manipulation attacks. HE-HTLC, according to us, is the first specification to meet the HTLC specification even in the presence of actively rational miners.
Category / Keywords: cryptographic protocols / fair exchange, blockchains, HTLC Date: received 5 May 2022, last revised 20 May 2022 Contact author: sarisht wadhwa at duke edu, fan zhang at duke edu, kartik at cs duke edu, jannis stoeter at alumni duke edu Available format(s): PDF | BibTeX Citation Version: 20220520:005552 (All versions of this report) Short URL: ia.cr/2022/546