Published an analysis of the security of signature adaptors.

https://github.com/AdamISZ/AdaptorSecurityDoc/blob/main/adaptorsecurity.pdf

It's going to be too dry for most, plus it's currently unreviewed, but a TLDR: the most important application of adaptors is essentially the 'coinswap' primitive where you atomicize two transactions with the same adaptor secret `t`. There's been some interesting previous work on adaptor security (Aumayr, Fournier), but I don't think they really addressed this scenario, so that's what I tried to do (specifically, trying to construct a reduction to ECDLP). As well as noting some other things that are maybe well known but not really written down anywhere.

PRs welcome!