TL;DR: Code provenance attestation makes https://swapmarket.github.io a verifiably trustless Bitcoin swap platform.
Someone asked how our frontend verifies that a third party backend is legit. This is a very good question indeed.
Submarine swaps at Boltz are atomic, because both legs are unlocked with the same preimage. When a backend generates an on-chain address or a lightning invoice, the frontend validates this locking mechanism.
An attack vector for a rogue backend would be to provide an unrelated address or invoice to steal the funds. For this attack to work, it would need cooperation from an evil frontend to bypass this check.
Using websites like Boltz and Diamond Hands requires trust that the frontend is not evil. Boltz acknowledges this and proposes self hosting their Web App as a solution. However, only a small fraction of swap users can do that in practice.
We discovered and implemented an alternative for everyone else: run the Boltz frontend directly from Github. It utilizes three services that Github provides for free:
  1. Host the code as open source.
  2. Use Github Actions to automatically build and deploy it to Github Pages.
  3. Include code provenance attestation while doing that.
Now any user can verify that the deployed commit (shown at the bottom of the page) matches that in the attestation.
In addition, as you know, our frontend lists independent swap providers alongside Boltz to decentralize this market and make the fees more competitive.
I would not consider this trustless. It is more like "trust GitHub".
reply
Well, actually, not too much. Attestation code is open source itself. And you can download attested artifacts and verify them locally with a third party tool that you trust.
reply
might as well get the best security running yourself locally at that point
reply
You do you. For 99% of Bitcoin users hosting own Boltz frontend is unfeasible. And does not solve centralization problem.
reply
True. But we already trust GitHub to host all our Bitcoin code. And git to clone it unadulterated.
reply
Reproducible builds eliminate the need to trust GitHub.
reply
Sure they do, but to use such a frontend one needs to run his own server.
reply
Why not make it a desktop app?
reply
For all operating systems and mobile platforms, repeat the functionality of browsers? Too much hassle. If Boltz will do such a feat, we will fork it again to decentralize.
We make minimal adjustments to their Web App to be able to pull upstream changes and stay fully compatible with their backend. They both keep evolving, we don't want to stay behind like Diamond Hands fork.
reply
Cool, thanks for the explanation.
reply