Fraud Engine
Fraud Engine Specification
This document describes the requirements for software that is used by participants in the DSL to determine whether or not an SDP or a PI have committed fraud. It also generates the data necessary to submit proof of fraud to the DSL smart contracts. A design goal of the protocol is that, assuming full data availability, an auditor only needs to provide inclusion proofs in order to demonstrate that fraud occurred. It should not be necessary to submit an exclusion proof in order to demonstrate fraud.
PI Fraud
When the SDP detects a trade from a PI which returns false after calling UTXOEngine.validateTrade, the trade must be processed by the Fraud Engine to determine the kind of fraud that has occurred.
Given a trade, the engine runs it through a series of functions which compare the trade data against the current state of the UTXO database. The functions should be called in a logical order, such that a type of fraud that is quicker to detect and will always lead to a subsequent type of fraud is called first. These functions may be called in parallel, as the smart contracts must accept any type of fraud that can be proven.
Signature Fraud
Signature fraud occurs when a TraderIntent provided by the PI uses a signature where the recovered address does not match the address in the Trade or SettlementRequest.
validateTradeSignature:Given a
Trade, function MUST:recover the address from the signature of each
Ordercheck if recovered address matches the
address traderin theOrder
validateSettlementSignature:Given a
SettlementRequest, function MUST:recover the address from the signature
check if recovered address matches the
address traderin theSettlementRequest
Order Fraud
Order fraud occurs when the parameters of an Order included in a Trade by the PI does not match the parameters of the trade.
validateOrderParameters:Given a
Trade, function MUST:verify that
uint64 participatingInterfacein theTradeParamsmatches the one specified in eachOrderverify that
Product pin theTradeParamsmatches the one specified in eachOrderverify that the
sizein theTradeParamsis less than or equal to the size specified in eachOrderverify that the
pricein theTradeParamsmatches the conditions specified in eachOrderverify that one
OrdersetsbuyOrSellastrue, while the other specifies it asfalse
UTXO Fraud
UTXO fraud occurs when the input or output UTXOs included in a Trade by the PI violate a constraint of the protocol.
validateInputUTXOs:Given a
Trade, function MUST:verify that every input UTXO exists in the UTXO ledger
DepositUTXOmust exist in ledger and on the chain of the assetProof: Data that hashes to trade, including raw UTXO. Validate that chain Id of the asset matches chain ID of the settlement contracts. Hash UTXO and show that it either does not exist in the on-chain ledger, or it exists but the asset does not match.
ObligationUTXOmust exist in a settled root in the ledger, or within the same proposed root but as an output of a trade earlier in the sequenceProof: Data that hashes to the trade, including the raw UTXO. Data that hashes to the trade referenced by the input UTXO. Inclusion proof of trade in settled root, or previous leaf in proposed root. Iterate through all output UTXOs of the trade. Show that none of them match the obligation UTXO.
verify that every input UTXO is unspent (has no children in the ledger)
Proof: Data that hashes to the trade. Data that hashes to another trade which has the same UTXO used as an input. Inclusion proof of second trade in settled or root or previous leaf in proposed root.
verify that the spender of every input UTXO is either the signer of
Order aorOrder bverify that every input UTXO where the spender is the signer of
Order arepresents the base assetverify that every input UTXO where the spender is the signer of
Order brepresents the counter assetverify that the sum of each input UTXO of the base asset is greater than or equal to the
sizeof the tradeverify that the sum of each input UTXO of the counter asset is greater than or equal to the
sizeof the trade multiplied by theprice
validateOutputUTXOsGiven a
Trade, function MUST:verify that for every input UTXO, there are either 3 or 4 output UTXOs (1-2
ObligationUTXOand 2FeeUTXO)proof: data that hashes to
Trade, including the input and output UTXOs. Specify an input UTXO. Iterate through output UTXOs and count how many are children of the input. If the count is less than 3 or greater than 4, then the trade is fraudulent.
verify that every output UTXO is an
ObligationUTXOor aFeeUTXOproof: data that hashes to
Trade, including raw bytes of the signed data. Firstuint8of the signed data does not match type identifier forObligationUTXOorFeeUTXO
verify that every output UTXO is a child of an input UTXO
proof: data that hashes to
Trade, including the input and output UTXOs. Specify an output UTXO. Iterate through the input UTXOs and verify that none of the inputs match the parent of the output.
verify that the asset of every output UTXO matches the asset of its input UTXO
proof: data that hashes to
Trade, including the input and output UTXOs. Specify an output. Verify that its asset does not match the asset of its input.
verify that the sum of the children of each input UTXO matches the amount of the input UTXO
proof: data that hashes to
Trade, including the input and output UTXOs. Specify an input. Iterate through outputs, and add the amount to a total if the output lists the input as its parent. Verify that the total does not match the amount of the specified input.
Error Fraud
Error fraud occurs as a result of incorrectly running the UTXO Engine software.
validateUTXOOrderverify that input and output UTXOs are correctly sorted in ascending order by the numerical value represented by their hashes
Proof: Data that hashes to
Trade. One UTXO and its index. Second UTXO and its index. Show that second index comes after the first, and that the numerical value of hash of second UTXO is less than the numerical value of the hash of the first UTXO.
Last updated