The idea of a service that would monitor and automatically proxy unlock HTLCs has been floating around for a while now. I decided to start writing a simple “watchtower” service that does this and I’ve been testing it out on the HyperCore testnet.
When joining a P2P swap in Syrius, Syrius will automatically scan for the swap’s secret (also known as the preimage) and complete the swap automatically. The caveat is that for this to work Syrius has to be running after the preimage has been published but before the swap expires.
There are many reasons that could cause Syrius to not be able to automatically complete the swap, such as:
- Syrius auto locks itself → the unlock transaction can’t be sent because the keystore is locked.
- The user doesn’t realize Syrius has to be running.
- A power outage or hardware failure.
- Syrius loses its connection to a node.
- A bug in Syrius.
If the user is not vigilant during the swap, making sure Syrius is running as expected, the user can lose access to the funds that were deposited to them and will be left empty handed.
Fortunately, NoM’s embedded HTLC contract supports unlocking HTLCs by proxy and the watchtower service can utilize this feature.
The HTLC Watchtower is meant to be a service that anyone can run on a server with relative ease. The watchtower will constantly monitor the embedded HTLC contract and automatically unlock an HTLC when Syrius fails to unlock it for the user. If a watchtower is running it would significantly reduce the risk of users losing funds. Having multiple watchtowers running simultaneously would be even better.
The watchtower stores all the HTLCs that are created on the network into a database. When an HTLC is unlocked, it pairs the revealed preimage with all the HTLCs that match the preimage’s hashlock in the database.
The watchtower periodically checks the database for HTLCs that have a known preimage and will unlock an HTLC if the recipient address allows it (by default all addresses allow it).
Only active HTLCs are stored in the database and any expired or unlocked HTLCs are removed.
The watchtower is designed to be simple to run, with minimal dependencies and requirements.
It will automatically manage the wallet that it uses to send the unlock transactions. The first time the watchtower is run it will request Plasma to be fused to the watchtower address and continue operation once the Plasma requirement is met.
The watchtower can be run on a VPS and it needs a connection to a node (preferably local).
Even though the expired and unlocked HTLCs are removed from the database, an adversary could spam the HTLC contract with HTLCs that expire after a long time, filling up the database.
Some database benchmarks with the current data model:
DB size with 1M records → ~900 MB
Writing 1M records to the database → ~2600 msecs
Adding a preimage to 1M records with the matching hashlock → ~2600 msecs
The watchtower’s code (WIP) can be found here.