This post was first published on Medium.
We are thrilled to announce the first successful smart contract written in a high-level programming language on the BTC network.
The contract involves two transactions, which can be viewed using a block explorer:
- Deploy txid: f7b0d5c2a1b70a3ce13afe06f867a9f3c60fd73c9756bb4f37a343e9a8f9d4c1
- Spend txid: cf48d9d242bd19a70042609d1602f39ca4191830b656e6d1d9660ba9fa529a8e
It is crucial to understand that the entire smart contract logic is enforced at Layer-1 in the form of Bitcoin Script, which is embedded in the witness data.
We provide a step-by-step guide on how to deploy an sCrypt smart contract on BTC, from compiling to deploying and finally calling it. Also we will elucidate the current limitations of the BTC chain and how they hinder development.
What is sCrypt?
sCrypt is a TypeScript framework for writing smart contracts on Bitcoin. It allows developers to program smart contracts directly in TypeScript¹, one of the most popular high-level programming languages known by millions of developers worldwide. An sCrypt smart contract compiles to Script, Bitcoin’s native scripting language, which is then included into a transaction to enforce an arbitrary spending condition. It provides a more developer-friendly abstraction over Script.
sCrypt is originally and primarily designed for Bitcoin SV, but the script it compiles can also be applied on other Bitcoin forks and derived chains, such as BTC, BCH, LiteCoin, or DogeCoin, since they use compatible Bitcoin Script.
The following is how the most popular smart contract on Bitcoin today, namely Pay to Public Key Hash, is coded in sCrypt.
P2WSH
Pay to Witness Script Hash (P2WSH) is a type of locking script in BTC, introduced in the Segregated Witness (SegWit) upgrade. It is similar to a Pay to Script Hash (P2SH), except that it uses SegWit.
Here’s a simplified overview of how P2WSH works:
- Creation: A P2WSH UTXO (Unspent Transaction Output) is created by sending bitcoins to the hash of a witness or redeem script, as in P2SH. This redeem script is the compiled sCrypt smart contract in our case.
- Spending: To spend these bitcoins, the spender presents the original redeem script and any required witness (i.e., sCrypt smart contract public method arguments). The Bitcoin network verifies that the provided redeem script matches the hash in the previous output and that the script executes successfully with the given witness.
Multi-party hash puzzles
In a hash puzzle contract, the spender has to provide a preimage x that hashes to a predefined value y to unlock a UTXO. It can be extended to multiple parties so that multiple preimages have to be provided such that y1 = H(x1), y2 = H(x2), …, yN = H(xN).
This can be easily coded in sCrypt.
Deploy and Call
For demonstration purposes, we will deploy a multiparty hash puzzle contract.
We first compile the contract and create an instance, i.e., initialize it with randomly generated values:
Now we can extract our redeem script:
console.log(instance.lockingScript.toHex())
This will print the serialized script:
0000018257615179547a75537a537a537a0079537a75527a527a7575615279008763537952795279615179517993517a75517a75619c77777777675279518763537952795279949c7777777767006868
Now, let’s broadcast a P2WSH transaction containing the hash of this script. For this we use the Python library bitcoin-utils:
This will print the serialized and signed P2WSH transaction, something like the following:
02000000000101219a8eb380a72d2b54ebdeca158b0126e7c81e1b84f43d6587556cf3f5e6d5a60000000000ffffffff01435e0400000000002200203463b81678556aea41c76646be324ee16b676331d652dd650c1add2c83e064aa02473044022011f96e5e79905a7cb45a3952dad27df25bb7aa5de0a9d36bd37dcc5d3b0f70ec022055f54335ef75d1a32433c19d47356efc40705c950e80a55924516fa5f5094957012102e53bd683720e9e759ea9b958d3faaeaaeda3345db42ffe77be3db212535f465600000000
We can broadcast it by simply copying and pasting it to this site, and click “Broadcast transaction.”
Once broadcast, we can construct the redeeming transaction that will spend our P2WSH output. Again, we use a Python script:
The most significant part of the script above is when we set the witness data, which contains the right preimages at Line 25–27.
After running the script we get the raw transaction like this:
02000000000101c1d4f9a8e943a3374fbb56973cd70fc6f3a967f806fe3ae13c0ab7a1c2d5b0f70000000000ffffffff013337040000000000160014295b09a1e101623d2cbefff0d2461e308ba0646f0420abc57d70dc5e56ac73e2970077adaf94accfb36dac2b40d34f807cdedad0807b20fe4f237f4e51053fa4cebc55ee15ffd9dd654c2e3b928d4a6243d1f1bcb57ca7205776ddb41c760c1965401fc4521531c3db68cf1023ce5a294a201ccfc887bc85fd2901000000201e3457f730d001d0fbe60830bded73df7166afd38ab3ac273e385003094371c0205657aa4c420a961153d539f4501457995fad8d27e17a5ec7ffda449e8b8aab1e20e60d1fb5e71b6327214e2e9503027c3ba44331562a8e1d193a1e759bcc27fc4161527952795279587a587a587a757575557a557a557a757575616155007600a26976539f6961946b6c766b796c75a853795379537953007600a26976539f6994618c6b6c766b796c756b7575756c87696155517600a26976539f6961946b6c766b796c75a853795379537953517600a26976539f6994618c6b6c766b796c756b7575756c87696155527600a26976539f6961946b6c766b796c75a853795379537953527600a26976539f6994618c6b6c766b796c756b7575756c87695177777777777700000000
Again, we can simply broadcast using the same link as before.
Voila! We have successfully deployed and called an sCrypt smart contract on the BTC blockchain.
BTC’s severe limitations
BTC suffers from several grave drawbacks for the development of complex smart contracts, primarily due to its many disabled op-codes and artificially imposed limitations on transaction and script size.
By contrast, BSV releases the full unconstrained power of Bitcoin smart contracts, by restoring all opcodes and removing all artificial limits. There have been a Cambrian explosion of smart contracts developed, such as Zero-knowledge proof, Turing machines, ZK-Rollup, and Deep Neural Networks. None of this is possible on BTC and other Bitcoin compatible chains.
As a concrete example, the aforementioned multiparty hash puzzle can be optimized by using the concatenating opcode OP_CAT, which is re-enabled on BSV but still disabled on BTC. Previously, all N hashes have to be included in the locking script, bloating the transaction when N is large. Instead, we can combine all y’s into a single y. For example, when N is 3, we let y = H(H(H(y1) || y2) || y3) , in which || is concatenation. The new optimized contract is as follows:
In Line 20, concatenation (+) is used, which does not work on BTC.
Conclusion
We have demonstrated how an sCrypt smart contract can run on BTC. Similarly, it can run any Script-compatible chains like BCH, LiteCoin, and DogeCoin. Due to their crippling limits, it runs extremely inferiorly than on BSV, which is the only unbounded and scalable chain to realize sCrypt’s full potential.
The full code is here.
NOTE:
[1] More precisely, it is a Domain-Specific Language (DSL) embedded in TypeScript.
Watch: sCrypt makes smart contracts possible on the BSV blockchain
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.