# Fraud Engine

This document describes the requirements for software that is used by participants in the DSL to determine whether or not an SDP or a PI have committed fraud. It also generates the data necessary to submit proof of fraud to the DSL smart contracts. A design goal of the protocol is that, assuming full data availability, an auditor only needs to provide inclusion proofs in order to demonstrate that fraud occurred. It should not be necessary to submit an exclusion proof in order to demonstrate fraud.

When the SDP detects a trade from a PI which returns

`false`

after calling `UTXOEngine.validateTrade`

, the trade must be processed by the Fraud Engine to determine the kind of fraud that has occurred.
Given a trade, the engine runs it through a series of functions which compare the trade data against the current state of the UTXO database. The functions should be called in a logical order, such that a type of fraud that is quicker to detect and will always lead to a subsequent type of fraud is called first. These functions may be called in parallel, as the smart contracts must accept any type of fraud that can be proven.Signature fraud occurs when a

`TraderIntent`

provided by the PI uses a signature where the recovered address does not match the address in the `Trade`

or `SettlementRequest.`

`validateTradeSignature`

:- Given a
`Trade`

, function MUST:- recover the address from the signature of each
`Order`

- check if recovered address matches the
`address trader`

in the`Order`

`validateSettlementSignature`

:- Given a
`SettlementRequest`

, function MUST:- recover the address from the signature
- check if recovered address matches the
`address trader`

in the`SettlementRequest`

Order fraud occurs when the parameters of an

`Order`

included in a `Trade`

by the PI does not match the parameters of the trade.`validateOrderParameters`

:- Given a
`Trade`

, function MUST:- verify that
`uint64 participatingInterface`

in the`TradeParams`

matches the one specified in each`Order`

- verify that
`Product p`

in the`TradeParams`

matches the one specified in each`Order`

- verify that the
`size`

in the`TradeParams`

is less than or equal to the size specified in each`Order`

- verify that the
`price`

in the`TradeParams`

matches the conditions specified in each`Order`

- verify that one
`Order`

sets`buyOrSell`

as`true`

, while the other specifies it as`false`

UTXO fraud occurs when the input or output UTXOs included in a

`Trade`

by the PI violate a constraint of the protocol.`validateInputUTXOs`

:- Given a
`Trade`

, function MUST:- verify that every input UTXO exists in the UTXO ledger
`DepositUTXO`

must exist in ledger and on the chain of the asset- Proof: Data that hashes to trade, including raw UTXO. Validate that chain Id of the asset matches chain ID of the settlement contracts. Hash UTXO and show that it either does not exist in the on-chain ledger, or it exists but the asset does not match.

`ObligationUTXO`

must exist in a settled root in the ledger, or within the same proposed root but as an output of a trade earlier in the sequence- Proof: Data that hashes to the trade, including the raw UTXO. Data that hashes to the trade referenced by the input UTXO. Inclusion proof of trade in settled root, or previous leaf in proposed root. Iterate through all output UTXOs of the trade. Show that none of them match the obligation UTXO.

- verify that every input UTXO is unspent (has no children in the ledger)
- Proof: Data that hashes to the trade. Data that hashes to another trade which has the same UTXO used as an input. Inclusion proof of second trade in settled or root or previous leaf in proposed root.

- verify that the spender of every input UTXO is either the signer of
`Order a`

or`Order b`

- verify that every input UTXO where the spender is the signer of
`Order a`

represents the base asset - verify that every input UTXO where the spender is the signer of
`Order b`

represents the counter asset - verify that the sum of each input UTXO of the base asset is greater than or equal to the
`size`

of the trade - verify that the sum of each input UTXO of the counter asset is greater than or equal to the
`size`

of the trade multiplied by the`price`

`validateOutputUTXOs`

- Given a
`Trade`

, function MUST:- verify that for every input UTXO, there are either 3 or 4 output UTXOs (1-2
`ObligationUTXO`

and 2`FeeUTXO`

)- proof: data that hashes to
`Trade`

, including the input and output UTXOs. Specify an input UTXO. Iterate through output UTXOs and count how many are children of the input. If the count is less than 3 or greater than 4, then the trade is fraudulent.

- verify that every output UTXO is an
`ObligationUTXO`

or a`FeeUTXO`

- proof: data that hashes to
`Trade`

, including raw bytes of the signed data. First`uint8`

of the signed data does not match type identifier for`ObligationUTXO`

or`FeeUTXO`

- verify that every output UTXO is a child of an input UTXO
- proof: data that hashes to
`Trade`

, including the input and output UTXOs. Specify an output UTXO. Iterate through the input UTXOs and verify that none of the inputs match the parent of the output.

- verify that the asset of every output UTXO matches the asset of its input UTXO
- proof: data that hashes to
`Trade`

, including the input and output UTXOs. Specify an output. Verify that its asset does not match the asset of its input.

- verify that the sum of the children of each input UTXO matches the amount of the input UTXO
- proof: data that hashes to
`Trade`

, including the input and output UTXOs. Specify an input. Iterate through outputs, and add the amount to a total if the output lists the input as its parent. Verify that the total does not match the amount of the specified input.

Error fraud occurs as a result of incorrectly running the UTXO Engine software.

`validateUTXOOrder`

- verify that input and output UTXOs are correctly sorted in ascending order by the numerical value represented by their hashes
- Proof: Data that hashes to
`Trade`

. One UTXO and its index. Second UTXO and its index. Show that second index comes after the first, and that the numerical value of hash of second UTXO is less than the numerical value of the hash of the first UTXO.