Hi Antoine,

Thank you for the disclosure.

> * Onchain DLC/Coinswap/Vault : Those contract protocols have also multiple stages of execution with time-sensitive transactions opening the way to pinning attacks. Those protocols being non-deployed or in early phase, I would recommend that any in-protocol competing transactions explicitly signal RBF.

For what it's worth, Revault isn't vulnerable as all transactions signal RBF and there is no way to sneak a non-signaling competing transaction (as long as the CSV isn't matured yet).

Thanks,

Antoine (the other one)