TL;DR: Code provenance attestation makes https://swapmarket.github.io a verifiably trustless Bitcoin swap platform.
Someone asked how our frontend verifies that a third party backend is legit. This is a very good question indeed.
Submarine swaps at Boltz are atomic, because both legs are unlocked with the same preimage. When a backend generates an on-chain address or a lightning invoice, the frontend validates this locking mechanism.
An attack vector for a rogue backend would be to provide an unrelated address or invoice to steal the funds. For this attack to work, it would need cooperation from an evil frontend to bypass this check.
Using websites like Boltz and Diamond Hands requires trust that the frontend is not evil. Boltz acknowledges this and proposes self hosting their Web App as a solution. However, only a small fraction of swap users can do that in practice.
We discovered and implemented an alternative for everyone else: run the Boltz frontend directly from Github. It utilizes three services that Github provides for free:
- Host the code as open source.
- Use Github Actions to automatically build and deploy it to Github Pages.
- Include code provenance attestation while doing that.
Now any user can verify that the deployed commit (shown at the bottom of the page) matches that in the attestation.
In addition, as you know, our frontend lists independent swap providers alongside Boltz to decentralize this market and make the fees more competitive.