Solution: Atomic swaps using Schnorr-locked time contracts.
ETH and ERC-20 token transfers between L2s and L1 have several limitations. For optimistic rollups, a user must choose among two evils: either to wait for long withdrawal period or rely on a centralized cross-chain service.
ZK rollups offer a much better deal in theory: tokens could be withdrawn as fast as a ZK proof is generated and verified and the technology can be used to provide a native privacy protection. However, in practice current ZK-rollups are still not instant (e.g. zkSync waits for 1 day to be on the safe side), and they face pressure from governments to avoid any anonymization functionality.
Our solution extends the idea of Hash Timelocked Contracts to Schnorr Timelocked Contracts, based on this paper. Main idea: the hash function is chosen so the opening commitments on two different contracts can not be linked by a third party. Ether and ERC-20 can be swapped using the contract.
The privacy-protection of Atomic Cloak is based on a mixer + account abstraction. From the outside, STLC counterparties cannot be identified and all requests created at the same time cannot be distinguished from other requests of the same value tier. Also it is impossible to determine the destination chain of tokens, so several cross-chain swaps with random wait times can obfuscate token sender very well.
The web application in this repo provides 3 modes out of the box using LPs:
See deployments: https://github.com/Atomic-Cloak/atomic-cloak#deployments
We faced several challenges :
Solution to 1: Abuse
ecrecoveropcode to multiply an EC point with a scalar as explained here.
Solution to 2: use The Graph to listen to emitted events.
Solution to 3: account abstraction. Using [EIP-4337][https://eips.ethereum.org/EIPS/eip-4337] protocol, the SLT contract itself can pay swap closure fee for a small fraction of the swap amount. To close a swap, a user can create a UserOperation with the reveal data, and can withdraw tokens to a fresh empty account. Note that a user can also close with a transaction (e.g. to use on chains with no AA features), but this will provide risks for privacy.
Solution to 4: account abstraction. We use transaction batching feature of EIP-4337 to open many atomic swaps with a single transaction.
Solution to 5: deploy everything via factories that use