Skip to content

Forfeits and connectors

Forfeits are pre-signed transactions, used for refreshes and offboards, that grant the Ark server control over a user's VTXOs. The server holds these forfeit transactions off-chain as a safeguard against malicious exits. Although a forfeit grants control over the original VTXO to the server, the server can't access the bitcoin immediately—it must still wait for the VTXO to expire.

Connectors provide cryptographic assurance that forfeit transactions are only valid if the intended transactions are completed:

  • A new VTXO included in the round transaction and confirmed on-chain
  • An offboard output is included in the on-chain round transaction

Consequently, a user can safely sign a forfeit transaction without needing to trust any third-party—ensuring these processes are atomic, self-custodial, and without counterparty risk.

Diagram showing how a forfeit transaction cannot be confirmed until the round transaction is confirmed on-chain

The connector ensures that Alice's refresh forfeit is not valid until the new VTXO's round transaction is confirmed on-chain.

Spends don't use forfeits

Ark spends do not involve an atomic operation where the user forfeits a VTXO to make a payment. Instead, the user pre-signs a new off-chain transaction with the Ark server that extends the leaf of one of their existing VTXOs. For Lightning spends, Ark uses custom HTLC-based spending policies to ensure atomic execution.

How forfeits work

If you are familiar with penalty transactions in the Lightning Network, you should already have a good idea of how forfeits on Ark work.

To support forfeits, each VTXO's exit transaction (leaf) has two spend paths:

  • Spend path 1: This path is a 2-of-2 multisig between the user and the Ark server. The user signs this path to make a forfeit transaction which grants the bitcoin associated with the VTXO to the Ark server. Crucially this spend path doesn't have a timelock. If the exit transaction ever makes it on-chain, the Ark server can always broadcast the forfeit transaction before the user can claim the bitcoin.
  • Spend path 2: This path is controlled solely by the user and enables them to exit unilaterally, assuming a signed forfeit doesn't exist. The path has a relative timelock of 60 blocks (approximately 10 hours). The timelock is implemented using the OP_CHECKSEQUENCEVERIFY (CSV) opcode in Bitcoin Script.

Diagram of the spend paths in an exit output

How spending conditions in an exit output (leaf) enable forfeits

Forfeits usually never make it on-chain

Under normal operations, neither of these spend paths should ever be used, even for forfeited VTXOs. Instead, Ark servers will simply sweep the entire round transaction in one on-chain transaction once the round transaction's absolute timelock has expired.

The forfeit transaction signed by the user is only held as "insurance" should the user attempt an exit after they have forfeited.

How forfeits are used to prevent malicious exits

If a user does attempt a malicious exit, they will broadcast all their VTXO's branch transactions, but once they get to the leaf, they must wait for the relative timelock to expire before they can send the balance to an on-chain address only they control.

At Second, we're expecting to set the exit timelock at around 10 hours. That will give ample time for an Ark server to detect the exit attempt and broadcast the forfeit transaction that was pre-signed by the user before the user can claim their bitcoin.

While forfeits provide an Ark server with security, they're not ideal: the server must make extra on-chain transactions beyond the normal round sweep post-expiry (to claim the rest of the round's bitcoin). However, the on-chain fees to broadcast multiple transactions (branch to leaf) should be a sufficient deterrent from users attempting this too often!

How connectors work

Now that we understand forfeits, let's examine how connectors ensure they work atomically by looking at refreshes (offboarding works essentially the same way).

Forfeits are atomically dependent on the linked round transaction being confirmed. As long as the round transaction is unconfirmed (for example, sitting in the mempool), the forfeit transaction is invalid and would be rejected if broadcast to prevent the user's unilateral exit. Of course, without the round transaction confirmed, the new VTXO is not valid either!

Diagram showing how a forfeit transaction cannot be confirmed until the round transaction is confirmed on-chain

If the round is not confirmed on-chain, the forfeit and new VTXO cannot be confirmed.

But as soon as the round transaction is confirmed on-chain, it will both activate the forfeit and grant the new VTXO.

Diagram showing how a forfeit transaction becomes active once the round transaction is confirmed on-chain

Once the round is confirmed on-chain, the forfeit and new VTXO can now be confirmed.

Optimizing blockspace footprint

To save chain space, we want all connectors to be grouped in a single output. But we need to do it efficiently. Ark rounds are expected to involve hundreds and perhaps thousands of users and poorly structured connectors could lead to huge (and very expensive!) round transactions.

Below is an illustration of a bad design for grouping connectors in a single output that could quickly balloon in size:

Diagram illustrating an inefficient design for grouping connectors that results in a large and expensive round transaction

Instead, the Ark protocol uses connector chains—a chain of transactions and each has a connector output. Below is an illustration of a good design for grouping connectors—it results in a smaller round transaction while still embedding all the data required to link the forfeits.

The trade-off is more interactivity: A user that forfeits a VTXO must sign a forfeit for each connector output in the chain.

Diagram showing an efficient connector chain design that results in a smaller round transaction while maintaining all necessary connector data

Below you can see an illustration of how an Ark server must respond to a user attempting a malicious exit of one of their forfeited VTXOs. For example, it must broadcast C1 and F1 on-chain.

Diagram showing how forfeits of old VTXOs relate to connectors in new VTXOs, and how the Ark server can respond to malicious exits

Forfeits and connectors are only a contingency

In normal circumstances only the round transaction ever goes on-chain. Transactions from the connector chain only go on-chain when a user attempts to maliciously spend a forfeited VTXO.