gold bitcoin in the middle of stocks, connections, and cryptocurrency background

The first high-level language smart contract on BTC

This post was first published on Medium.

We are thrilled to announce the first successful smart contract written in a high-level programming language on the BTC network.

The contract involves two transactions, which can be viewed using a block explorer:

  1. Deploy txid: f7b0d5c2a1b70a3ce13afe06f867a9f3c60fd73c9756bb4f37a343e9a8f9d4c1
  2. Spend txid: cf48d9d242bd19a70042609d1602f39ca4191830b656e6d1d9660ba9fa529a8e

It is crucial to understand that the entire smart contract logic is enforced at Layer-1 in the form of Bitcoin Script, which is embedded in the witness data.

We provide a step-by-step guide on how to deploy an sCrypt smart contract on BTC, from compiling to deploying and finally calling it. Also we will elucidate the current limitations of the BTC chain and how they hinder development.

What is sCrypt?

sCrypt is a TypeScript framework for writing smart contracts on Bitcoin. It allows developers to program smart contracts directly in TypeScript¹, one of the most popular high-level programming languages known by millions of developers worldwide. An sCrypt smart contract compiles to Script, Bitcoin’s native scripting language, which is then included into a transaction to enforce an arbitrary spending condition. It provides a more developer-friendly abstraction over Script.

sCrypt is originally and primarily designed for Bitcoin SV, but the script it compiles can also be applied on other Bitcoin forks and derived chains, such as BTC, BCH, LiteCoin, or DogeCoin, since they use compatible Bitcoin Script.

The following is how the most popular smart contract on Bitcoin today, namely Pay to Public Key Hash, is coded in sCrypt.

Pay to Public Key Hash is coded in sCrypt.


Pay to Witness Script Hash (P2WSH) is a type of locking script in BTC, introduced in the Segregated Witness (SegWit) upgrade. It is similar to a Pay to Script Hash (P2SH), except that it uses SegWit.

Pay to Witness Script Hash
P2SH Credit: learnmeabitcoin

Here’s a simplified overview of how P2WSH works:

  1. Creation: A P2WSH UTXO (Unspent Transaction Output) is created by sending bitcoins to the hash of a witness or redeem script, as in P2SH. This redeem script is the compiled sCrypt smart contract in our case.
  2. Spending: To spend these bitcoins, the spender presents the original redeem script and any required witness (i.e., sCrypt smart contract public method arguments). The Bitcoin network verifies that the provided redeem script matches the hash in the previous output and that the script executes successfully with the given witness.

Multi-party hash puzzles

In a hash puzzle contract, the spender has to provide a preimage x that hashes to a predefined value y to unlock a UTXO. It can be extended to multiple parties so that multiple preimages have to be provided such that y1 = H(x1), y2 = H(x2), …, yN = H(xN).

This can be easily coded in sCrypt.

Deploy and Call

For demonstration purposes, we will deploy a multiparty hash puzzle contract.

We first compile the contract and create an instance, i.e., initialize it with randomly generated values:

Now we can extract our redeem script:


This will print the serialized script:


Now, let’s broadcast a P2WSH transaction containing the hash of this script. For this we use the Python library bitcoin-utils:

This will print the serialized and signed P2WSH transaction, something like the following:


We can broadcast it by simply copying and pasting it to this site, and click “Broadcast transaction.”

broadcast transaction

Once broadcast, we can construct the redeeming transaction that will spend our P2WSH output. Again, we use a Python script:

The most significant part of the script above is when we set the witness data, which contains the right preimages at Line 25–27.

After running the script we get the raw transaction like this:


Again, we can simply broadcast using the same link as before.

Voila! We have successfully deployed and called an sCrypt smart contract on the BTC blockchain.

have successfully deployed and called an sCrypt smart contract
witness script

BTC’s severe limitations

BTC suffers from several grave drawbacks for the development of complex smart contracts, primarily due to its many disabled op-codes and artificially imposed limitations on transaction and script size.

BTC’s severe limitations
List of disabled opcodes on BTC

By contrast, BSV releases the full unconstrained power of Bitcoin smart contracts, by restoring all opcodes and removing all artificial limits. There have been a Cambrian explosion of smart contracts developed, such as Zero-knowledge proofTuring machinesZK-Rollup, and Deep Neural Networks. None of this is possible on BTC and other Bitcoin compatible chains.

As a concrete example, the aforementioned multiparty hash puzzle can be optimized by using the concatenating opcode OP_CAT, which is re-enabled on BSV but still disabled on BTC. Previously, all N hashes have to be included in the locking script, bloating the transaction when N is large. Instead, we can combine all y’s into a single y. For example, when N is 3, we let y = H(H(H(y1) || y2) || y3) , in which || is concatenation. The new optimized contract is as follows:

In Line 20, concatenation (+) is used, which does not work on BTC.


We have demonstrated how an sCrypt smart contract can run on BTC. Similarly, it can run any Script-compatible chains like BCH, LiteCoin, and DogeCoin. Due to their crippling limits, it runs extremely inferiorly than on BSV, which is the only unbounded and scalable chain to realize sCrypt’s full potential.

The full code is here.

[1] More precisely, it is a Domain-Specific Language (DSL) embedded in TypeScript.

Watch: sCrypt makes smart contracts possible on the BSV blockchain

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.