Skip to main content

Overview

NEXUS vaults are Taproot addresses that enable trustless deposits and withdrawals between L1 and L2.

Vault Structure

Each vault is a P2TR (Pay-to-Taproot) address with two spending paths: 
Vault Address (P2TR)

├── Protocol Path
│   └── <ProtocolKey> OP_CHECKSIG

└── Escape Path (Timelock)
    └── <Timelock> OP_CSV OP_DROP <UserKey> OP_CHECKSIG

Protocol Path

The protocol maintains L1 vault balances to always match L2 balances, ensuring 1:1 backing at all times.

Escape Path

Users can recover funds after a timelock (default: 2016 blocks ≈ 2 weeks). This ensures users always have a way to exit.

Deposit Flow

  1. User derives vault address from their pubkey + protocol key
  2. User sends BTC/ZEC/DOGE to vault address
  3. NEXUS detects deposit on L1
  4. User receives vSAT (virtual satoshis) on L2
User ──► Vault Address ──► L1 Confirmation ──► L2 Credit

Withdrawal Flow

  1. User requests withdrawal on L2
  2. NEXUS queues withdrawal
  3. Protocol signs L1 transaction
  4. User receives funds on L1
L2 Request ──► Queue ──► L1 Transaction ──► User Wallet

Deriving Vault Address

const vaultInfo = await client.getVaultAddress();
console.log('Deposit to:', vaultInfo.vaultAddress);

Security

  • Escape hatch: Users can always exit after timelock
  • No custodial risk: Protocol cannot steal funds
  • Transparent: All vault operations are on-chain