How Blockchain Contracts Ensure Fairness, Flexibility, and Compensation for Option Holders

Table of Links

1. Abstract and Introduction

2. Preliminaries

3. Overview

4. Protocol

   4.1 Efficient Option Transfer Protocol

   4.2 Holder Collateral-Free Cross-Chain Options

5. Security Analysis

   5.1 Option Transfer Properties

   5.2 Option Properties

6. Implementation

7. Related Work

8. Conclusion and Discussion, and References

A. Codes

• A.1 Robust and Efficient Transfer Protocol
• A.2 Holder Collateral-Free Cross-Chain Options

B. Proofs

• B.1 Transfer Protocol Proofs
• B.2 Option

B.2 Option

Theorem 6. Protocol 4.2 satisfies option correctness: If both the Alice and Bob are conforming, then if Alice does not exercise the right, Alice doesn’t lose the 𝐴𝑠𝑠𝑒𝑡𝐴 and Bob doesn’t lose the 𝐴𝑠𝑠𝑒𝑡𝐺 and 𝐴𝑠𝑠𝑒𝑡𝐵; or if Alice exercise the right, then Alice will receive 𝐴𝑠𝑠𝑒𝑡𝐵 and Bob will receive 𝐴𝑠𝑠𝑒𝑡𝐴 and 𝐴𝑠𝑠𝑒𝑡𝐺 .

Proof. According to Protocol 4.2, it is evident that if Alice escrows her collateral in the 𝐶𝑜𝑛𝑡𝑟𝑎𝑐𝑡𝐴 contract and calls 𝑒𝑥𝑒𝑟𝑐𝑖𝑠𝑒 (), then a conforming Bob will reveal the pre-image 𝐵 in 𝐶𝑜𝑛𝑡𝑟𝑎𝑐𝑡𝐴 to reclaim the guarantee 𝐴𝑠𝑠𝑒𝑡𝐺 and Alice’s collateral 𝐴𝑠𝑠𝑒𝑡𝐴. Subsequently, Alice can use 𝐵 to obtain 𝐴𝑠𝑠𝑒𝑡𝐵. If Alice does not escrow the collateral, Bob will not reveal 𝐵. After the option expires at 𝑇𝐸 +2Δ, Bob can call𝑐𝑙𝑎𝑖𝑚() and 𝑟𝑒 𝑓 𝑢𝑛𝑑 () on the respective chains to reclaim 𝐴𝑠𝑠𝑒𝑡𝐺 and 𝐴𝑠𝑠𝑒𝑡𝐵.

Theorem 7. Protocol 4.2 satisfies exercisablity: During the transfer from Bob to Dave, the option remains active, allowing Alice to exercise the option without any delays.

Proof. According to Protocol 4.2.1, during the transfer from Bob to Dave, Alice can make a deposit and exercise her option at any time. If the transfer is in the Setup Phase, Bob will need to reveal 𝐵 to fulfill his obligation and revoke the transfer. It is important to note that Dave can use 𝐵 to reclaim 𝑇 𝑟𝑎𝑛𝑠𝑊 . If the transfer is in the Attempt Phase and Bob acts maliciously by using 𝐵 to take 𝐴𝑠𝑠𝑒𝑡𝐺 , Alice can use 𝐵 to obtain 𝐴𝑠𝑠𝑒𝑡𝐵. Dave will need to use 𝐵 on 𝐶𝑜𝑛𝑡𝑟𝑎𝑐𝑡𝐵 to withdraw the transfer. Otherwise, when Dave uses 𝜎𝑚 to change the writer and the hash lock, he will reveal a new preimage secret 𝐷, which Alice can then use to obtain 𝐴𝑠𝑠𝑒𝑡𝐵.

Theorem 8. Protocol 4.2 satisfies failure compensation: Before expiration, Alice can exercise the option successfully, or if the exercise fails, she is compensated with the guarantee deposited by Bob.

Proof. By Theorem 6, if Alice successfully exercises her option, she will receive Bob’s collateral. Otherwise, after Alice makes a deposit and calls 𝑒𝑥𝑒𝑟𝑐𝑖𝑠𝑒 (), 𝐶𝑜𝑛𝑡𝑟𝑎𝑐𝑡𝐴 can invoke 𝑖𝑠𝐷𝑒𝑝𝑜𝑠𝑖𝑡𝑒𝑑 () to determine if the exercise has occurred. If Bob does not fulfill his obligation within a period of Δ, Alice can call 𝑐𝑙𝑎𝑖𝑚() to obtain 𝐴𝑠𝑠𝑒𝑡𝐺 as compensation, and Bob will lose his guarantee.