Coin escrow without transferring out of account

[leeduan]

Summary

Provide a way for a signer to lock or hold coin in their account, while still granting another
account access to funds when conditions meet for exchange of coins, without having to transfer
coins to a smart contract or other "escrow" address.

Problem Definition

For more complex bilateral settlement of coins between two (or more accounts)
to occur when some condition has been met, coin must be first transferred to some escrow
account, usually a smart contract address, to guarantee availability and prevent possibility
of double spend or account holder changing their minds via removal of grant authz.

This can be considered suboptimal for the following reasons:

1. Coin leaves account that still really "owns" the asset which makes it more difficult to view or report on true ownership
2. Potentially difficult for compliance teams to explain to regulars who now "owns" the asset while coin is in escrow
3. More difficult to track true movement of asset between parties as coins are potentially aggregated in a single smart contract address bucket
4. Harder to argue this is true bilateral settlement when coins move through an address "owned" by a third party and exchange is not directly between exchanging accounts.
5. Potentially extra gas fees associated with transference of assets

Proposal

Allow a signer to move a coin balance to a "held" bucket to lock/escrow funds in their account and designate
another address the ability to move those funds how they see fit.

The type of lock should be configurable:

1. Locked for perpetuity until designated address moves the funds (or cancels the lock)
2. Lock with some expiration time

Ideally, you would also be able to query for all held authorizations on an account that are still active.

You would also ideally be able to query for:

1. All coin balances on account (default behavior today)
2. All coin balances on account not held for transaction purposes

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[leeduan]

Some discussions around this exists in #1518

[iramiller]

The separate discussions around this identified some additional aspects:

The coins in an account would not move when holds are placed.

This is an important feature for transfer authority tracking but especially for restricted tokens that require explicit approval to move. If the tokens are not moved then the approval process does not need to be executed when the hold is placed.

The account with the funds being held doesn't actually have permission to create or cancel holds (directly).

In the escrow scenario a 3rd trusted party is arbitrating the exchange. The blockchain protocol is capable of handling this process however, there is still a process and the parties involved must use it to fulfill or cancel the transaction. With this in mind the hold capability will need to be managed by a separate protocol level function that also understands the rest of the exchange contract involved.

Additional points to consider:

• If a user is able to cancel the exchange contract (for example if it is a bid that is withdrawn) then the protocol will be able to remove the hold on the user's funds.
• If the exchange contract allows for a bid to expire then the protocol can perform the appropriate cleanup operations including removing the hold(s) from the account.
• If the contract is executed then the hold can be removed in combination with the funds being transferred. If these two steps are not handled together in the same process then it would not be possible. to complete the exchange as the funds would appear double committed.