Author: Lorenzo Protocol Source: medium Translation: Shan Ouba, Golden Finance
While Bitcoin was originally launched with the goal of being just a global peer-to-peer digital cash system, the promise of cryptocurrency has expanded far beyond that initial use case since its early days.
Many additional use cases have been developed on alternative blockchains with more expressive scripting languages, such as Ethereum and Solana, as Bitcoin Script is fairly limited in terms of overall functionality.
Through the use of smart contracts written in some of the more expressive cryptocurrency scripting languages, alternative blockchains have been able to attract millions of users whose interests extend beyond simply watching numbers go up or making uncensorable transactions.
But what exactly are smart contracts? Why are all of these developments happening outside of the Bitcoin network? Is it possible for Bitcoin to adopt all of these alternative use cases for blockchain technology? Let’s take a closer look at the growing intersection between Bitcoin and smart contracts.
A smart contract is any type of contract that is enforced by code rather than by a traditional legal system or other centralized authority. This code is typically deployed on a decentralized, blockchain-based network. Smart contracts were first discussed by famous cypherpunk Nick Szabo as early as 1994, and the concept was popularized by the launch of Ethereum about 20 years ago.
Smart contracts can range from the simplest implementations to highly complex ones. For example, a standard Bitcoin transaction can be said to be a smart contract. Once a Bitcoin user signs a transaction with their private key, the transfer of that Bitcoin to another address is enforced through the blockchain. On the other hand, decentralized finance (DeFi) protocols on various blockchain networks can combine a range of different smart contracts into larger applications, such as creating derivatives-based synthetic tokens and decentralized trading with automated market makers.
It should be noted that over the past decade, the term smart contract has expanded to include almost any use of cryptography in the financial world, as many platforms use it more as a buzzword to attract investment. For example, it can be argued that so-called smart contracts, which involve some trusted third party (usually in the form of an oracle) as part of their design, are not truly smart contracts, as the execution of that contract is essentially in the hands of the third party. In other words, the expected outcome of the code execution is not necessarily the final law in these scenarios.
So why would anyone use smart contracts on a blockchain, rather than traditional agreements backed by the local legal system? Some of the main potential advantages of smart contracts include:
No "trusted" third party: Smart contracts in their truest form do not involve any trusted third party to resolve disputes. As Szabo once wrote, trusted third parties are security holes, and they can create problems with cost, censorship, and more. The lack of a third party is also an essential feature for smart contracts to achieve some of their other advantages.
Increased transparency: By publishing smart contracts on a public blockchain, anyone can verify the contract rules and how those rules are enforced for free. This can increase transparency, which does not exist with the equivalent system that exists in traditional contracts. For example, the whole world can view all transactions that occur on a decentralized exchange like Uniswap.
Increased privacy: It may seem contradictory for smart contracts to provide both transparency and privacy, but smart contract systems can be built with different goals in mind. The core idea of Bitcoin smart contracts is to leave as little information as possible on the blockchain, which provides a greater degree of privacy for those participating in these contracts. For example, it would be advantageous if a blockchain observer could not tell whether an on-chain Bitcoin transaction was a standard payment or the opening of a Lightning Network channel. In addition, some smart contract designs (such as CoinJoin) are specifically built to increase user privacy.
Immutability: Once a smart contract is deployed on the blockchain, it cannot be changed (unless the initial design of the smart contract allows it). This allows the parties to understand exactly how the contract rules will be implemented across all potential outcomes. Of course, it should be noted that smart contracts are as immutable as the underlying blockchain, as was reversed in 2016 by the hack of The DAO (aka Genesis DAO) on Ethereum via a hard fork.
Increased speed and efficiency: While traditional contracts may involve manual paperwork and legal procedures, smart contracts can be completed instantly once the triggers for final settlement are met.
Lower costs: Depending on the use case, smart contracts issued on a blockchain can offer lower costs than other options. For example, it is often cheaper to send a transaction via a stablecoin rather than a bank wire. That said, smart contracts are not the cheaper option in all cases, as interactions with a public, decentralized blockchain can be much more costly than a centralized database. Like smart contracts themselves, blockchain has become a buzzword-driven technology that people sometimes turn to out of desire rather than necessity.
Borderless: Smart contracts are published on the blockchain and run on a global, permissionless basis over the internet. This means that any two parties from around the world can agree on the terms of a contract — even if they are located in different jurisdictions that traditionally don’t work well together.
Contrary to popular belief, smart contracts exist on Bitcoin today. The reason many people associate smart contracts more with other blockchains like Ethereum and Solana is that Bitcoin’s limited scripting language means that there are limits to what can be done on the base blockchain.
In Ethereum, there are essentially no limits to writing decentralized applications, as developers can write smart contracts from scratch. In Bitcoin, each smart contract primitive is effectively added over time as needed, after it has been proven to be useful and worthwhile in terms of security tradeoffs.
For example, the OP_CHECKLOCKTIMEVERIFY (CLTV) and OP_CHECKSEQUENCEVERIFY (CSV) opcodes were added to Bitcoin because they can be used as building blocks for the Lightning Network, which is seen as a key scaling breakthrough for Bitcoin payments. On the other hand, complex, smart contract-based applications such as Uniswap and Maker simply cannot be built on the underlying Bitcoin blockchain today because the tools required to develop them do not exist in Bitcoin Script.
It is worth noting that the limitations of Bitcoin Script were intentionally implemented by Bitcoin creator Satoshi Nakamoto. Bitcoin was originally launched with additional opcodes such as OP_CAT, but these are no longer active on the network because Satoshi Nakamoto deactivated them for security reasons. Some of the problems that Bitcoin was able to avoid through this design decision include preventing stablecoin issuers from gaining unwanted control over the network and potential issues related to miner extractable value (MEV).
That said, some smart contracts can be written on Bitcoin today through a variety of mechanisms. Here are some of the more notable types of smart contracts that can be written using Bitcoin Script in its current form:
Multi-Signature Addresses: A multi-signature address is a Bitcoin address that, as the name suggests, requires more than one signature in order to send a transaction. For example, a company or organization might require two-thirds of its executives to sign every transaction for the finance department. This is a type of smart contract that exists at the foundation of many Bitcoin applications, enabling features such as improved wallet security, federated sidechains, and the Lightning Network.
Time-Lock Transactions: Time-lock transactions are used to prevent certain specific bitcoins from being spent until a certain time in the future. For example, someone could use this type of smart contract to prevent themselves from spending their savings at a later date, or to stop a loved one from spending their inheritance until a certain block height is reached. In addition to the nLockTime parameter, CLTV and CSV are two opcodes that enable this smart contract functionality. These opcodes are also key building blocks for the Lightning Network and cross-chain atomic swaps, where cryptographic proofs are used to prove that an off-chain spending commitment has been made. Token Meta-Protocols: While token offerings didn’t really take off until Ethereum’s implementation, the reality is that various meta-protocols for issuing alternative assets on top of Bitcoin have been around since around 2013. Originally called Colored Coins, the meta-protocol used for token issuance on Bitcoin didn’t see widespread adoption until the invention of serial numbers and inscriptions in 2023. That said, Tether USD, the world’s largest stablecoin by market cap to date, was originally issued on a Bitcoin meta-protocol called Mastercoin (now Omni). Other meta-protocols for issuing fungible and non-fungible tokens (NFTs) on top of Bitcoin include Stamps, RGB, Taproot Assets, Runes, and Counterparty. Discrete Log Contracts (DLCs): DLCs are Bitcoin’s answer to the smart contract oracle problem, where a third party must be trusted to decide the outcome of a bet between two or more parties. This mechanism provides a great deal of privacy and scalability for such bets, as the vast majority of the data is processed off-blockchain. It is worth noting that the oracle of the smart contract does not necessarily know the details of the bet. DLCs can be used to create financial derivatives on both the base Bitcoin blockchain and the Lightning Network.
It should be noted that multiple Bitcoin smart contracts are sometimes combined to create more advanced upper-layer protocols. For example, multi-signature addresses and time-locked transactions were both used to create the Lightning Network.
While Bitcoin's base protocol layer is difficult to change, the network's consensus rules have undergone some changes over time to enable additional smart contract functionality. For example, while multi-signature addresses are very common on the Bitcoin network today, they were not available in the original version of the protocol.
In 2021, an improvement called Taproot was added to Bitcoin that aims to enhance the privacy and efficiency of smart contracts. In fact, this improvement is a big step forward in terms of the design goal of minimizing the amount of information related to the execution of smart contracts that is stored forever in the Bitcoin blockchain. In addition to the extreme focus on security, Bitcoin smart contracts tend to be implemented off-chain, which maximizes privacy and scalability.
The Taproot upgrade coincides with the addition of Schnorr signatures to Bitcoin, which makes multi-signature transactions look no different than traditional single-signature transactions on the blockchain. This means that, for example, the opening or closing of a Lightning Network channel looks the same as a normal on-chain transaction, where Bob is simply sending Alice some Bitcoin. This makes it difficult to understand the true meaning behind a Bitcoin user's on-chain interactions, in addition to reducing the amount of block space that needs to be used through the use of signature aggregation.
In addition, the use of Merkelized Abstract Syntax Trees (MASTs) makes it so that only the executed form of a smart contract is visible on the blockchain. While there are many potential different outcomes that a particular smart contract may produce, MASTs improve privacy and scalability by only publishing data related to the final outcome of the smart contract execution. However, it should be noted that more data is disclosed when there is some kind of off-chain smart contract dispute that needs to be resolved by reverting to the blockchain.
Taproot also makes it easier to introduce new opcodes in the future that can be used as building blocks for more expressive smart contracts. Tapscript was introduced via the Taproot upgrade, which also comes with the OP_SUCCESSx opcode. These are effectively placeholders for future opcodes to be seamlessly added to Bitcoin.
That being said, it’s worth mentioning that Taproot was the last soft fork change made to Bitcoin. Over time, it’s become more difficult to make such changes to Bitcoin as the network’s protocol rules slowly ossify. As Bitcoin’s user base grows and becomes more diverse, coordinating changes to Bitcoin’s scripting language may become more difficult, if not impractical.
As part of Bitcoin developers’ desire to limit interactions with the base blockchain layer, a multi-layered approach to scaling the cryptocurrency to billions of potential users has been considered the right path forward for years. Notably, Ethereum has also shifted its focus to Layer 2 (L2) networks over the past few years.
Most financial activities involving Bitcoin assets do not necessarily require the high degree of decentralization and censorship resistance provided by the base Bitcoin blockchain, so it makes sense to give users the option to enter secondary networks built on top of the base layer through smart contracts.
The most well-known L2 network on Bitcoin today is the Lightning Network, which is currently focused on payment use cases. While the Lightning Network itself is built on top of many different Bitcoin smart contracts, this L2 does not offer much in terms of enabling additional smart contract functionality. However, the Lightning Network does allow smart contracts that exist on the Bitcoin base layer (such as tokenization and DLCs) to run in a faster and cheaper off-chain environment.
In terms of the expansion of Bitcoin's smart contract functionality, most of the activity so far has been on federated sidechains. Liquid is a sidechain that is very similar to Bitcoin itself, with various additional functions and opcodes. Another sidechain comes in the form of Rootstock, which is compatible with the Ethereum Virtual Machine (EVM), meaning that any Ethereum application can be deployed on a sidechain.
While Liquid and Rootstock have been more experimental with using Bitcoin in smart contracts, adoption rates on these platforms have been fairly low. This could be due to a number of reasons, such as a dislike for the federated sidechain security model, or the fact that fees on the base Bitcoin blockchain are still relatively low in the grand scheme of things. Of course, many smart contract systems will reintroduce some form of counterparty risk anyway, usually in the form of trusted oracles. Then again, many Bitcoin users generally prefer to simply hold Bitcoin rather than reintroduce financial risk.
Alternative sidechain security models are now possible thanks to innovations such as Babylon and BitVM, which has led to the development of proof-of-stake (PoS) based models. Whether these new forms of L2 Bitcoin networks will be able to gain more traction than previous sidechain iterations remains to be seen, but the level of L2 experimentation is bound to increase in the coming years.
Of course, it could also be argued that other first-layer blockchain networks, such as Ethereum and Binance Smart Chain, could also be considered second-layer networks for Bitcoin. In fact, the amount of Bitcoin that has moved to Ethereum via the Wrapped Bitcoin (WBTC) ERC-20 token dwarfs the combined size of the Lightning Network, Liquid, and Rootstock. Some networks operate in a gray area between sidechains and alternative cryptocurrency networks, such as Stacks, where a new native cryptocurrency exists while focusing on using Bitcoin as currency.
While it is technically possible to build decentralized applications through smart contracts on Bitcoin today, the reality is that there aren’t many popular examples that can be called successful projects at this time. WBTC is a popular token used in some of the largest and most well-known DeFi projects, such as Uniswap and Aave, but there are no examples of product-market fit when it comes to building such applications directly on Bitcoin itself.
That said, there are three notable bright spots so far when it comes to building decentralized applications using Bitcoin smart contracts: Sovryn, the Lightning Network, and Ordinals.
Sovryn is a Bitcoin application that supports basically all the features one would find in various applications built on Ethereum. Sovryn was initially deployed on Rootstock and is expected to be deployed on Build on Bitcoin in the near future. The DeFi application has everything a Bitcoin user could want in terms of DeFi activities, including decentralized exchanges, collateral-backed stablecoins, NFTs, lending, decentralized autonomous organizations (DAOs), staking, and more.
Back in November 2021, the total value locked (TVL) in the Sovryn protocol peaked at around $160 million, and as of this writing, around half of that amount is locked in DeFi applications.
While the Lightning Network has long been hailed as Bitcoin’s major L2 development to date, the extent of its actual success to date is debatable. While more payments have occurred on the Lightning Network than many payment-focused altcoins, there are clearly still some issues that need to be ironed out. In fact, many of the most popular and notable Lightning wallets, such as the Satoshi Wallet and Chivo Wallet, operate in a fully custodial manner.
The relatively small amount of Bitcoin locked in the Lightning Network at any given time is often cited as evidence of its failed adoption, but the reality is that TVL is not a very useful metric for measuring the success of a payment protocol. Currently, most of the activity in the Lightning Network is built around low-value transactions related to Nostr and gaming, use cases that don’t require much Bitcoin to be on the network, especially considering that the same Bitcoin can be reused for multiple payments in a conscious circular economy.
Based on the temporary spike in Bitcoin transaction fees over the past year or so, ordinals and inscriptions have attracted a lot of attention and controversy. While some Bitcoin users see ordinals as a healthy integration of the concept of Bitcoin NFTs, others see the large amount of block space taken up by inscriptions as nothing more than spam.
In addition to the Ordinals series of NFT-like items, there are many meme tokens that have been launched through this process. According to CryptoSlam, as of April 2024, Bitcoin has now become the largest blockchain in terms of NFT sales, and the Ordinals concept has been a key driving force behind this phenomenon.
Making changes to Bitcoin can be extremely difficult, but some progress has been made to introduce additional smart contracts to Bitcoin through soft forks. In addition, there is a large amount of upper-layer network development underway that will work well with the existing base Bitcoin protocol. There is no doubt that the Lightning Network, sidechains, and other existing Bitcoin smart contract systems will also be improved.
While most smart contract activity currently occurs on Ethereum and its layer 2 networks (even activity involving Bitcoin), the merger of Bitcoin as an asset and smart contracts as a technology could change the current paradigm in the long run.
When the Bitcoin network first launched in January 2009, the ground rules of the Bitcoin network were certainly somewhat “set in stone.” However, minor changes to the protocol have been made from time to time through backwards-compatible soft forks. Multi-signature addresses, Lightning Network-related smart contracts, Segregated Witness, and Taproot have all come to Bitcoin via this method, and there are a number of proposals in Ethereum for new smart contracts that could be added to Bitcoin Script.
Bitcoin contracts would allow users to better set conditional rules for how, when, or where to send Bitcoin. For example, a contract might allow some Bitcoin to be spent to certain specific addresses only after a certain period of time has passed. Effectively increasing control over the conditions for spending Bitcoin and the ability to add restrictions could enable a variety of different use cases and improve upon the smart contract system that already exists on Bitcoin today.
Several contract proposals have been published by various Bitcoin developers over the past few years. Some of the most notable Bitcoin contract proposals include OP_CHECKTEMPLATEVERIFY (CTV) and OP_CAT, the second of which was available in the original version of Bitcoin before being deactivated by Satoshi Nakamoto. Bitcoin developers have been debating the merits of many different contract proposals as they look to strike the right balance between increasing programmability without adding too much complexity that could increase Bitcoin's attack surface. Furthermore, some have said that adding contracts is simply not worth the security tradeoff because there are no proven use cases.
One of the key use cases for contracts that has long been discussed is the concept of vaults, which would provide an extra layer of protection against theft and hacking. The basic idea is that Bitcoin held in a certain address can only be used in a predetermined way, thereby disincentivizing attackers. For example, funds may need to be sent to an intermediate address and then to any address of the user's choice, and a time lock is also added to that intermediate address to allow the legitimate owner of the Bitcoin to prevent theft attempts. Today, simple versions of vaults can be implemented on Bitcoin; however, if Bitcoin had contracts, they could be made much more efficient and secure.
Contracts could also provide some improvements to existing layer 2 Bitcoin networks such as the Lightning Network and sidechains. In the case of the Lightning Network, contracts could enable improvements such as channel factories, which allow Lightning users to interact with the underlying Bitcoin blockchain at a lower frequency, thereby reducing overall costs. For sidechains, contracts could potentially help improve the security and efficiency of various two-way peg mechanisms. There is also potential to improve privacy-centric protocols such as CoinSwap, develop congestion control, and improve existing other L2 networks such as Ark and Mercury Layer.
As mentioned earlier, sidechains already exist on Bitcoin; however, current implementations rely on a security model based on a coalition of signers behind a multi-signature address. There are also proof-of-stake based models coming online, but drivechains would offer a third option where the funds on the sidechain are controlled by Bitcoin miners.
Drivechains are a highly controversial proposal at this point, but certain segments of the Bitcoin user base believe that they are the best solution to the two-way peg problem and would provide the highest degree of censorship resistance for sidechains. Critics argue that drivechains change the game theory at the underlying network level by placing large amounts of Bitcoin in the collective hands of miners. That said, the ultimate goal here is to enable low-trust Bitcoin sidechains to enable a higher level of experimentation with smart contracts and other use cases.
It is worth noting that a version of Drivechain can be implemented today through BitVM; however, it will be made more secure through the introduction of two Bitcoin Improvement Proposals (BIPs): BIP 300 and BIP 301.
Simplicity is an advanced, high-level Bitcoin scripting language developed by Blockstream that provides formal verification and more expressive smart contracts. Blockstream CEO Adam Back called the integration of Simplicity into Bitcoin a potential "ultimate soft fork" because it could cause the base protocol to ossify.
In the Simplicity Bitcoin world, Bitcoin smart contract development will be more like in the Ethereum world, where developers are free to write any smart contract they want. Simplicity also provides formal verification, meaning that smart contracts can be proven to behave exactly as expected before they are used, which can limit security issues and bugs. This feature does not exist in Ethereum's Solidity scripting language, and a large number of error-prone smart contracts have led to billions of dollars worth of losses over the years. Adding Simplicity to Bitcoin would be seen as highly controversial today, but it is expected to be added to the Liquid sidechain sometime in 2024.
Going forward, sidechains will be a key area to watch in terms of Bitcoin smart contract development, as these L2 networks enable more experimentation. As Bitcoin continues to scale through a multi-layer approach, it is likely that a large number of new sidechain concepts will be tried out.
A key issue that still has a lot of room for improvement is the two-way peg, which enables Bitcoin to move back and forth between the base chain and the L2 network. Over a long enough period of time, some kind of zero-knowledge proof-based system may become the ultimate peg mechanism for these Bitcoin secondary layers.
The Lightning Network is still fairly basic in terms of its feature set; however, this will certainly change in the near future. Two recent developments in the Lightning Network that could lead to even higher levels of adoption are Taproot assets and DLCs. Stablecoins have been a key area of adoption in the cryptocurrency market over the past few years, an opportunity that the Bitcoin ecosystem has missed since on-chain fees rose and Tether USD (USDT) slowly moved to alternative networks.
Through Taproot Assets (and other similar protocols), stablecoins can be issued on Bitcoin and sent over the Lightning Network, making it a faster and cheaper alternative to some other blockchain networks like Ethereum and Tron. With DLCs, use cases like USD-pegged holdings and trust-minimized derivatives can be enabled on the Lightning Network.
As mentioned earlier, adding contract proposals or simplicity to Bitcoin could also help the Lightning Network become more efficient in terms of using the base Bitcoin blockchain, and there is still a lot of work to be done in terms of scaling this L2 network to potentially billions of users around the world.
Going forward, the Lightning Network will likely act more as a glue that allows users to instantly swap between various L2 Bitcoin networks for essentially free. That said, the Lightning Network is considered the L2 with the least trust assumptions in terms of how funds on the network are custodied at the base layer, as Lightning transactions are simply self-custodial Bitcoin transactions that have not yet been broadcast and included in a block.
There are also technologies similar to the Lightning Network coming online that could provide alternative options for specific use cases. Fedimint is an electronic cash system based on federated Bitcoin escrow (similar to Liquid) that enables fast and cheap anonymous transactions. Additionally, Ark is a newer concept that could address some of the liquidity and privacy issues found with the Lightning Network.
The Lightning Network in its current form still has some limitations and is definitely not a panacea in terms of scaling Bitcoin to a global population. Rather, it is one of the potential tools to allow anyone to use Bitcoin while maintaining a degree of decentralization and censorship resistance.
The future of Bitcoin smart contracts is now. For those looking to deploy smart contracts on top of the world’s most valuable cryptocurrency network, there are already many tools available, and these tools are bound to become more powerful and secure in the coming years. Building decentralized applications on top of Bitcoin has never been more exciting than it is today, thanks to the advent of Ordinals, BitVM, and other recent breakthroughs.
The idea of building everything around Bitcoin, rather than splitting the cryptocurrency user base into many different, incompatible systems, has been around at least since the original sidechains whitepaper was released in 2014, and now the tools to realize this vision are coming online. There is no reason everything can't be built on top of Bitcoin as the core source of truth and smart contract dispute resolution.
Ethereum smart contracts automate and secure transactions on the blockchain, enhancing efficiency in various applications. Platforms like CryptoBox utilise these contracts to manage staking, offering users a straightforward path to passive income with minimal effort.
Huang Bo“If Bitcoin, which has an unrivaled consensus and a stronger network, has smart contracts, then there will be no place for public chains like Ethereum and Solana.”
JinseFinanceOP_NET seeks to bring Ethereum-like expressibility and creativity to Bitcoin. Master emphasised the need for applications that benefit all Bitcoin holders. He stated that these applications should go beyond NFT speculation.
Cheng YuanOne way investors value assets in the smart contract platform crypto space is by analyzing their fee-generating ability over time.
JinseFinanceCoinbase's new Smart Contract Wallet removes gas fees and simplifies onboarding with no recovery phrases. It supports multiple blockchains, offers self-custody, secure authentication, and developer incentives to sponsor transactions.
Huang BoDominic Williams, founder and chief scientist of DFINITY Foundation, delivered a speech titled “AI is a smart contract — why? how?”
JinseFinanceSmart contract wallets are self-executing scripted protocols that automatically execute the terms of the agreement, providing users with more functionality and security than traditional wallets.
JinseFinanceFor more than half a century, how computers and the Internet have profoundly affected large-scale collaboration in human society
JinseFinanceProject, NOTE The first practical native Bitcoin smart contract protocol Golden Finance, NOTE protocol marks a major progress in the history of Bitcoin.
JinseFinanceBitVM, introduced by ZeroSync, aims to enhance Bitcoin's smart contracts, making it more expressive and capable without requiring a consensus upgrade
Sanya