Overview
NEXUS-Bitcoin brings trustless smart contract programmability to Bitcoin L1 through ZK-STARK proofs and BitVM2 fraud proofs. Deploy full WASM contracts with cross-contract calls, delegate calls, and contract deployment - all secured by Bitcoin’s proof-of-work.
Trustless Verification
NEXUS-Bitcoin is fully trustless - no federation, no multisig, no trusted third parties.
How Trustlessness is Achieved
- Cryptographic Proofs: Every state transition is proven via ZK-STARK proofs
- On-Chain Verification: BitVM2 enables proof verification on Bitcoin L1
- Economic Security: Provers post bonds that are slashed for invalid states
- Permissionless Challenges: Anyone can challenge invalid state transitions
- Self-Custody: Users always retain escape hatch to recover funds
┌─────────────────────────────────────────────────────────────────┐
│ Trustless Verification Flow │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. Prover executes WASM contracts │
│ │ │
│ ▼ │
│ 2. Generates ZK-STARK proof of correct execution │
│ │ │
│ ▼ │
│ 3. Posts state commitment to Bitcoin L1 (OP_RETURN) │
│ │ │
│ ▼ │
│ 4. Anyone can challenge via BitVM2 bisection game │
│ │ │
│ ▼ │
│ 5. Invalid proofs → Prover bond slashed on Bitcoin L1 │
│ │
└─────────────────────────────────────────────────────────────────┘
Security Model
Cryptographic Soundness (ZK-STARK)
- State transitions proven via ZK-STARK proofs
- No trusted setup required
- Post-quantum secure
- Anyone can verify proofs
Economic Security (BitVM2)
- Provers post bonds on Bitcoin L1
- Interactive bisection games for disputes
- Fraudulent provers lose bonds
- Honest challengers earn rewards
Combined Model
ZK-STARK Proofs (Cryptographic) + BitVM2 Bonds (Economic)
=
Trustless Verification
Full WASM Smart Contracts
NEXUS-Bitcoin supports the complete WASM smart contract system with full programmability.
Contract Capabilities
| Feature | Support | Description |
|---|
| WASM Execution | ✅ | Full WebAssembly runtime |
| Cross-Contract Calls | ✅ | Call any deployed contract |
| Delegate Calls | ✅ | Execute code in caller’s context |
| Contract Deployment | ✅ | Deploy new contracts from contracts |
| Storage | ✅ | Persistent key-value storage |
| Events | ✅ | Emit events for indexing |
| Reentrancy Guards | ✅ | Built-in protection |
| Bitcoin SPV | ✅ | Verify Bitcoin transactions in contracts |
Cross-Contract Calls (xcc)
Contracts can call other contracts seamlessly:
use nexus_sdk::contract_api::xcc;
// Call another contract
nexus_fn! {
fn swap_btc_for_token(token: Address, amount: U256, min_out: U256) {
// Call AMM router to swap
let result = xcc::call(&AMM_ROUTER.0, "swapExactTokensForTokens", &encode_swap_args(
amount, min_out, &[WBTC, token], &sender, deadline
));
require!(check_result(&result), "Swap failed");
ret::u32(1)
}
}
Delegate Calls
Execute another contract’s code in the current contract’s storage context:
// Delegate call - runs target code with our storage
nexus_fn! {
fn upgrade_implementation(new_impl: Address) {
let sender = Blockchain::msg.sender();
require!(sender == OWNER.get(&b"val".as_slice()), "Not owner");
// Delegate to new implementation
xcc::delegate_call(&new_impl.0, "initialize", &[]);
IMPLEMENTATION.set(&b"val".as_slice(), new_impl);
ret::u32(1)
}
}
Contract Deployment from Contracts
Deploy child contracts with deterministic addresses:
// Factory pattern - deploy new contracts
nexus_fn! {
fn createPair(tokenA: Address, tokenB: Address) {
const PAIR_CODE: &[u8] = include_bytes!("../../pair.wasm");
// CREATE2-style deterministic deployment
let mut salt = Vec::new();
salt.extend_from_slice(&tokenA.0);
salt.extend_from_slice(&tokenB.0);
let pair_addr = xcc::deploy(PAIR_CODE, &[], &salt);
xcc::call(&pair_addr.0, "init_pair", &encode_init_args(&tokenA, &tokenB));
PAIRS.set(&key, Address(pair_addr));
emit("PairCreated", &[]);
ret::address(&pair_addr)
}
}
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ NEXUS-Bitcoin │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ Bitcoin L1 │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Taproot │ │ State │ │ BitVM2 │ │ │
│ │ │ Vaults │ │ Commits │ │ Bonds │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ NEXUS Layer │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ WASM VM │ │ Cross- │ │ Unified │ │ │
│ │ │ Contracts │ │ Contract │ │ Liquidity │ │ │
│ │ │ │ │ Calls │ │ │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
Supported Features
| Feature | Status | Description |
|---|
| Smart Contracts | ✅ | WASM contracts with full programmability |
| Taproot Vaults | ✅ | P2TR addresses with escape hatch |
| State Commits | ✅ | On-chain state commitments |
| Fraud Proofs | ✅ | BitVM2 interactive bisection |
| SPV Proofs | ✅ | Bitcoin transaction verification |
| Cross-Contract Calls | ✅ | xcc and delegate calls |
| BRC-20 Bridge | ✅ | Bridge BRC-20 tokens to NEXUS |
| BTC/ZEC Swaps | 🔄 V2 | Via intent exchange |
| BTC/DOGE Swaps | 🔄 V2 | Via intent exchange |
| Unified Liquidity | 🔄 V2 | Cross-chain pools |
| Runes Bridge | 🔄 | Coming soon |
| Ordinals | 🔄 | Coming soon |
Cross-Chain Swaps (V2)
Cross-chain swaps between BTC/ZEC/DOGE will be available in V2 via intent exchange.
BTC → DOGE (V2)
// V2: Intent-based cross-chain swap
const intent = await client.createSwapIntent({
fromChain: 'bitcoin',
toChain: 'dogecoin',
fromAmount: btcAmount,
minToAmount: minDogeOut,
recipient: dogeAddress
});
// Intent matched and executed by solvers
await client.waitForIntentFulfillment(intent.id);
V1 supports BTC deposits, withdrawals, and smart contracts. Unified liquidity with ZEC/DOGE via intent exchange is coming in V2.
Deposit Flow
-
Derive Vault Address
const vault = await client.getVaultAddress();
console.log('Deposit BTC to:', vault.vaultAddress);
-
Send Bitcoin
bitcoin-cli sendtoaddress <VAULT_ADDRESS> 0.01
-
Wait for Confirmations (6 blocks)
-
Receive vSAT on L2
const balance = await client.getBalance();
// Balance credited automatically
Withdrawal Flow
-
Request Withdrawal
await client.requestWithdrawal(btcAddress, amount);
-
Wait for Processing (batched for efficiency)
-
Receive BTC on L1
State Commitments
NEXUS posts state commitments to Bitcoin every N blocks:
Bitcoin Block 100: State Root 0xabc...
Bitcoin Block 200: State Root 0xdef...
Bitcoin Block 300: State Root 0x123...
- Downloading state from NEXUS nodes
- Computing state root
- Comparing with on-chain commitment
BitVM2 Challenge System
If a prover posts an invalid state:
1. Challenger initiates challenge (posts bond)
2. Bisection game narrows to single step
3. Disputed step verified on-chain
4. Loser's bond transferred to winner
Configuration
[bitcoin]
rpc_url = "http://localhost:8332"
rpc_user = "user"
rpc_password = "password"
network = "regtest" # mainnet, testnet, signet, regtest
[bitcoin.vault]
escape_timelock = 2016 # ~2 weeks in blocks
[bitcoin.state_commit]
interval_blocks = 100
bond_amount_sats = 100000
Comparison with Alternatives
| Feature | NEXUS-Bitcoin | Spark | OpNet | Arch |
|---|
| Security Model | ZK + BitVM2 | Federated | Optimistic | BitVM |
| Smart Contracts | WASM | Limited | EVM | WASM |
| Trustless | ✅ | ❌ | Partial | ✅ |
| Cross-Chain | 🔄 V2 | ❌ | ❌ | ❌ |
| Unified Liquidity | 🔄 V2 | ❌ | ❌ | ❌ |
Roadmap
V1 (Current)
- ✅ Full WASM smart contracts
- ✅ Cross-contract calls & delegate calls
- ✅ Taproot vaults with escape hatch
- ✅ ZK-STARK + BitVM2 verification
- ✅ BRC-20 bridge
V2 (Planned)
- 🔄 Unified liquidity with ZEC/DOGE via intent exchange
- 🔄 Cross-chain swaps (BTC/ZEC/DOGE)
- 🔄 Runes bridge
- 🔄 Ordinals support
