These properties hold under the adversarial assumptions defined in the protocol’s threat model.
Atomicity
For any swap involving asset sets {A₁, A₂, …, Aₙ}, settlement obeys:
∀i, transfer(Aᵢ) ⇔ ∀j, transfer(Aⱼ)
Partial execution is cryptographically impossible.
Safety (No Loss of Funds)
At no point can an honest participant lose assets due to:
counterparty failure
off-chain censorship
network delays
chain congestion
Refund paths are deterministic and time-bounded.
Liveness
All swaps resolve within a bounded time determined by timelock parameters. No swap can remain indefinitely unresolved.
Censorship Resistance
Users can always self-submit transactions.
Minimal Trust
No intermediary is trusted for custody or execution.
Security
Multi-Sig Verification: optional multi-signature (or threshold signature) setups can be implemented to reduce single-key risk
