4027 sats \ 0 replies \ @supertestnet 6 Apr freebie \ on: BitVM Bridges Considered Unsafe bitcoin
This criticism of Robin's bridge model seems to incorrectly state that verifiers can burn user funds in step 8. That is not my understanding of Robin's model, I believe that if the prover does not process a withdrawal, the verifiers can burn some funds that the prover himself put up as a kind of stake to dissuade dishonest behavior, but user funds do not get burned, they simply move to a new m-of-m multisig controlled by the remaining verifiers.
One of them becomes the new prover and must process the withdrawals now otherwise they lose their own stake and the cycle repeats until one of two things happens: either some verifier processed the withdrawals properly when it was their turn, or all user funds become the sole property of the last verifier, locked to a 1-of-1 where he or she is the only remaining keyholder.
At that point, this final verifier can simply send the users their money without hindrance. But if he or she is dishonest, users are out of luck, the last verifier can run off with all user funds if no previous verifier could or would perform the withdrawals honestly. (This is largely why you must always trust at least one verifier to be honest, in Robin's model.)
Also worth pointing point: my unisob bridge model is unaffected by this criticism. The prover sources the funds to perform a withdrawal when the user first deposits money to the bridge, and every depositor gets to withdraw up to the amount in their own individual contract with the prover. If the prover is unable to source sufficient funds, the would-be depositor simply aborts and never makes their deposit.