DLC Markets Security Model

DLC Markets relies on the Discreet Log Contract protocol, which enables secure and private financial contracts between two counterparties. 

Unlike a "Turing-complete" smart contract, such as those on Ethereum, the financial contracts set up with DLC Markets are based on simple and robust primitives. These ensure not only that counterparties' funds will never be locked on the blockchain, but also that a malicious third party cannot seize them. 

DLC Markets does not have access to users' funds, which remain under their control at all times. 

The main identified risks are related to the security of the oracle. In case of oracle failure, the contract counterparties will automatically recover their initial deposit. In a cooperative framework, they can even agree on the application of certain fund distribution rules.

Contract Security

• In the Discreet Log Contracts we deploy, the fund locking script is a simple, tested, and proven 2-of-2 multisig. There is therefore no complexity. The marginal technical risk associated with using a "self-custodial" solution compared to trusting your counterparty for contract settlement is zero.
• Furthermore, we have conducted extensive testing to ensure the validity of the function that transforms the financial parameters of the contract into DLC parameters.

Identified Potential Risks

a) Oracle Failure

• Unintentional leak of the oracle's database

This situation occurs when the Oracle attests to a price whose secret attestation data has leaked. It would then be possible to combine this secret data with the Oracle's price signature to recover its private key. This would allow signing on behalf of the Oracle, which would break the trust assumption in the holder of this private key.

In this most problematic case where the Oracle is unaware of the data leak, the funds can only be recovered by one of the DLC counterparties (even if a third party initiates this process). The visible and major reputational risk for the counterparties considerably limits this scenario.

• Oracle's refusal to sign (in case of suspected leak)

In this case, the Oracle knows there has been a data leak and consequently refuses to attest to the price in accordance with the announcement that allowed the counterparties to prepare their contracts. Without the Oracle's signature, the counterparties can then either:

• Arrange between themselves on a redistribution of funds
• If they disagree: the refund transaction defined and signed when setting up the DLC ensures a full refund of the collateral deposited by each counterparty, without the contract terms being executed.

b) Leak of Users' Private Keys

This risk is inherent in any Bitcoin transaction, and the same precautions apply to institutions dealing with Bitcoin derivatives.

Protection of User Funds

• DLC Markets does not have access to users' keys. For the practical aspect of the platform, DLC Markets simply keeps an encryption of their key protected by their password.
• Users' funds cannot be directly manipulated by DLC Markets.
• Users retain control of their funds at all times. Once in the on-chain DLC, the funds become de facto constrained by the contract. However, both parties can mutually agree to distribute the funds as they wish (to renew, cancel the contract, etc.).

Procedures in Case of Failure

If the Oracle does not attest within the expected timeframe or refuses to sign due to failure (as mentioned above), the refund transaction can be used by any party.

Users recover their collateral initially declared in the contract.

This refund transaction is prepared at the same time the DLC is signed. It can be stored by the user, and they can broadcast it themselves if they have kept the exchanged data and have the internal tools to form the transaction.

This transaction is not usable before a date set as the day following the expected oracle attestation to ensure the contract is properly enforced.

Users can therefore manage fund recovery autonomously if they have archived their signatures.

Possible Improvements Under Consideration

• Implementation of processes on financial HSMs (Hardware Security Modules) for optimal security.
• Using a quorum of oracles for price attestations.

Level of Trust Required Towards DLC Markets

The main risk would be that DLC Markets, at the time of contract setup, tries to favor one of the parties by giving them a "free option," i.e., more time to observe the market and unilaterally decide on the opening or not of the contract well after its negotiation. However, such a practice would entail considerable operational and reputational risk for DLC Markets and the involved counterparty.

In summary, the main identified risks are related to Oracle security and the management of private keys by users. Refund procedures are planned in case of failure, and future improvements are envisaged to further strengthen the system's security. Users are fully responsible and can adopt practices that enhance the security of their funds with technical experience.

Join the new paradigm in Institutional Bitcoin Trading

We invite financial institutions, professional traders, and Bitcoin enterprises to explore DLC Markets and shape the future of bilateral Bitcoin derivatives trading.

For more information or to schedule a demonstration, visit dlcmarkets.com or contact our team at contact@dlcmarkets.com.

Join DLC Markets today and experience the next evolution in institutional Bitcoin derivatives trading – where advanced security, operational efficiency, and customization converge with the power of Bitcoin infrastructure.