SecureSwap

How SecureSwap works

SecureSwap uses Monero's native 2-of-3 multisig features to allow safe and decentralized P2P trades. Here’s a full breakdown of how the process works:

Step-by-step Workflow

1. Multisig Participants

We use 3 parties:

  • Buyer (wants to buy Monero)
  • Seller (offers Monero)
  • SecureSwap Admin

Each party has their own wallet. Buyer and seller use browser-based wallets (private), and the admin uses a temporary backend wallet as a dispute resolver.

2. Offer Initialization

  • The buyer clicks on a seller’s offer.
  • The seller accepts it, and the multisig setup process begins.

3. Wallet Initialization

  • Buyer and seller generate wallet instances using Monero-TS directly in the browser.
  • Users use a wallet connected directly with their account (decrypted in their browser based on password).
  • Meanwhile, SecureSwap generates a backend wallet that will serve as the third key holder.

4. Multisig Setup

  • Buyer and seller exchange the required cryptographic data to establish a shared 2-of-3 Monero multisig wallet.
  • This process involves securely exchanging and combining keys in multiple rounds, all handled seamlessly in the background which include (prepare_multisig hex, make_multisig hex and exchange_multisig_keys hex)

5. Multisig Wallet Recovery

  • Each user exports their multisig seed.
  • The seed is encrypted client-side and saved on the backend — we never store unencrypted seeds.
  • This allows session recovery without requiring users to repeat the full setup.

6. Handling Disconnects

  • If a user leaves mid-process, we pause the process until they return.
  • This state is saved, allowing users to resume without loss.

7. Deposit

  • Once multisig is finalized, the seller sees the deposit address and sends XMR there.
  • Once a deposit is found and confirmed (10 blocks), the process proceeds.

8. Preparing to Spend

  • Admin exports outputs and sends them to the browser clients.
  • Users import them, and returns their multisig hex to the backend.

9. Creating and Signing Transaction

  • The backend wallet prepares the unsigned transaction.
  • It includes the buyer’s address and the platform’s 1% fee.
  • After success, the unsigned transaction is returned to users for signing.

10. Signing Flow

  • Buyer confirms they’ve sent fiat and signs the transaction.
  • Seller signs upon receiving fiat.
  • If signing fails due to stale data (one user took too long to sign the transaction) , the process refreshes as needed.

11. Submission

  • Once two parties have signed, the transaction is submitted from the backend wallet.
  • Tx hash is returned and escrow is marked complete.

12. Dispute Handling

  • If the buyer claims to have paid but the seller disagrees, SecureSwap steps in.
  • Admin reviews evidence and signs with the correct party.
  • A new transaction is created and submitted after the second party signs.