1 of 88

Threshold Docs

What is the Threshold Network?

Threshold Network powers tBTC, the Bitcoin standard in finance, and the most decentralized 1:1 tokenized Bitcoin.

tBTC enables Bitcoin liquidity to move seamlessly across chains without compromising settlement finality. Built on threshold cryptography and secured by a rotating network of independent node operators, it distributes control of Bitcoin so that no single entity can act alone on funds.

This structure upholds Bitcoin’s core principles of being trust-minimized, permissionless, and censorship-resistant while maintaining a direct and verifiable path back to native Bitcoin. No complex staking mechanics needed.

Threshold Network's T token is the value accrual and governance asset for the network.

tBTC Bitcoin Bridge

A Decentralized, Permissionless Bitcoin Bridge Onchain

Existing solutions that bridge Bitcoin to DeFi require users to send their Bitcoin to an intermediary, in exchange for an IOU token that represents the original asset. This centralized model requires you to trust a third party and is susceptible to censorship, threatening the premise of Bitcoin as sovereign, secure, permissionless digital asset.

In contrast, tBTC is a decentralized (and scalable) bridge between Bitcoin and DeFi. It provides Bitcoin holders secure and open access to the broader DeFi ecosystem, allowing you to unlock your Bitcoin’s value to borrow and lend, mint stablecoins, provide liquidity, and much more.

Honest Majority Assumption

Instead of centralized intermediaries, tBTC uses a randomly selected group of operators running nodes on the Threshold Network to secure deposited Bitcoin through threshold cryptography. tBTC requires a threshold majority agreement before operators can perform any action with your Bitcoin. By rotating the selection of operators bi-weekly, tBTC protects against any individual or group of operators colluding to fraudulently seize the underlying deposits. By relying on an honest-majority-assumption, we can calculate the likelihood any wallet comprised of a quorum of dishonest operators (for a deeper discussion of the probability calculations, see ).

Fees

tBTC fees are action-based (i.e. users incur a mint and redemption fee when using the bridge). Currently, the mint fee is and the redemption fee is . The bridge fees can be changed through governance.

T Token

The is an ERC-20 token that powers tBTC and serves as the value accrual asset for the Threshold Network.

Supply

The initial supply of T was established by the DAO as 10B T with the following allocation:

4.5B T allocated to NU token holders

THRESHOLD APP

tBTC Minting Walkthrough

Follow along with this guide and leverage your Bitcoin by minting tBTC.

Before you start

Here are some things you will need before you start the minting process: What you need:

✅ At least 0.01 Bitcoin (BTC)

✅ Bitcoin compatible wallet (self-custodied)

✅ Destination Wallet (on supported chains; see the list of supported chains .) Important Reminders:

Always download and securely store your deposit receipt. This JSON file is required to recover your funds in the event of any technical issues during the minting process.
Minting may take anywhere from a few minutes to several hours, depending on the amount of BTC deposited. You can monitor the status at .
Your BTC recovery address must come from a self-custodied wallet that you control. Do not use an address from a centralized exchange.

If you don't have a Bitcoin wallet, you'll need to set one up. A solid option to use is Green Wallet. You can download it here:

After you've created your wallet, select Bitcoin

Start minting tBTC

🎉 You're ready to mint! Go to the tBTC app here: , and watch the tutorial video below:

If you have questions about terminology, you can toggle over to the How it Works page in the dapp to learn more. You can also dive into documentation on and in the docs.

Congrats — you minted!

🎉 You've successfully minted tBTC! 🎉

Governance

Governance Process

Lifecycle of a successful proposal

Forum discussion: A Threshold community member posts a potential proposal on the Threshold governance forums. Community members who post the initial proposal are encouraged to get active in Meta governance discussions within the community on forums and in Discord to earn support for the proposal. There is no minimum token threshold required to create a new proposal on the forums. Community mods reserve the right to moderate spam proposals during this stage by deleting the proposal from the forums.
Temperature Check: Once a potential proposal has enough traction and discussion within the community, it can proceed for a temperature check via an off-chain . If a proposal receives majority support during the temperature check, it is eligible to move onto the next step.
Proposal Creation: A community member holding enough vote weight (at least 0.25% of T total supply) submits the proposal on-chain. The proposal enters a 2-day delay period before voting officially begins.
Vote Period: Proposal voting remains open for 10 days. If the proposal passes with enough quorum (at least 1.5% of T total supply), it moves onto the next step; if the proposal fails, it is canceled. Creators and supporters of the proposal may bring a modified proposal forward again but it must be sufficiently different and pass requirements outlined in previous steps.
Timelock Period: Once a proposal is approved, the Governor Bravo smart contracts include an additional timelock delay of 2 days. Anyone can interact with the Governor Bravo smart contracts to queue an approved proposal into the Timelock contract.
Execution: After the timelock delay, anyone can execute an approved proposal.

Deviations in the proposal lifecycle

Committee vetos: During the on-chain phase, the Elected Committee can veto any proposal. This is intended to be an extra security mechanism in the event that a dangerous proposal passes.
Late quorum prevention: The 10-days voting period is automatically extended when quorum is reached late, to prevent governance attacks that try to reach quorum at the last minute; in case a proposal reaches quorum less than 2 days before the deadline, the proposal deadline is extended for 2 more days from the moment the quorum was reached.
Off-chain proposals: Some proposals do not imply any on-chain action (e.g. Council and Guild elections). In these cases, there is a Snapshot vote that takes 5 days for regular proposals and 7 days for elections, with no associated on-chain proposal.

Threshold Multisigs

Compilation of current multisigs for the Threshold Committee

Committee Multisigs

Chain

Address

Safe Link

Ethereum

0x9F6e831c8F8939DC0C830C6e492e7cEf4f9C2F5f

The Threshold Committee multisigs have a signature policy threshold set to 6 of 9.

Liquid Token Delegation

How to delegate liquid T tokens

Liquid T holders can delegate their token weights to themselves or a third party for voting on governance proposals.

Delegation is accomplished via an on-chain transaction which costs ETH gas.

1. Go to https://boardroom.io/threshold.

2. Connect your wallet.

3. Click "Set Up Delegation".

4. Select your "Delegation Type" - either to yourself or a third party.

5. Enter "Delegate Address" and click on "Delegate Votes".

6. Sign the transaction.

tBTC Signer Nodes

tBTC Signers

Threshold Network allow-lists authorized signers to participate in tBTC minting, redemptions, and custody. These signers ensure key operations run properly without interruptions.

A few notable professional staking providers can be found requesting DAO approval .

Visit to see the current number of Beta Stakers.

Signers nodes form a permissioned set that is responsible for creating tBTC wallets that custody BTC. Running a tBTC Signer node is a significant commitment with specific requirements. This document aims to highlight such requirements, technical recommendations, and possible costs of operating a tBTC Signer node.

To stay informed about current node activity and overall network health please visit or check . These resources provide up-to-date statistics on node counts and operational metrics.

Node Setup

This document explains the basic installation and configuration for the tBTC v2 client.

Please be aware that running a node is not an easy task and requires technical skill and commitment to maintaining node uptime and availability.

Please review this document in its entirety prior to beginning setup of your node to familiarize yourself with the general setup process.

Important Considerations

The Threshold Network expects certain capabilities for each node running on the network. To help attain these capabilities consider the following criteria:

It is paramount that tBTC v2 nodes remain available to the Network. We strongly encourage a stable and redundant internet connection.
Equally important is machine uptime and reliability. A VPS is strongly recommended.
A connection to a production grade self-hosted or third party Ethereum node deployment.
Persistent and redundant storage that will survive a VM or container rotation, and a disk failure.

Recommended Machine Types

While it is possible to run the client on a local machine, this is not recommended.

Your operating environment will ultimately dictate what machine type to go with. This is particularly relevant if you’re running a containerized solution where multiple applications are sharing VM resources. The below types are sufficient for running one instance of the tBTC v2 Node.

The preferred OS is Ubuntu.

VPS Provider

VPS Type

Ethereum API

A Keep Node requires a connection to a WebSocket Ethereum API. You should obtain a WS API URL from a service provider (e.g. , , ) or run your own Ethereum node (e.g. ).

Bitcoin API

Starting from version v2.0.0-m3 , the Keep Node interacts with the Bitcoin network through an Electrum protocol server. You can use one of the publicly available servers or run your own. The URL of the chosen server should be passed under the bitcoin.electrum section of the configuration. If no Electrum server is set explicitly in the bitcoin.electrum configuration section, the Keep Node will randomly pick one server from its embedded server list, appropriate for the Bitcoin network the Keep Node is currently running against.

Configuration

The client expects configuration options to be passed as CLI flags or specified in a . If you specify an option by using a parameter on the command line, it will override the value read from the configuration file.

Operator Account

Prepare your machine to install the tBTC v2 client

The client requires an Ethereum Key File of an Operator Account to connect to the Ethereum chain. This account is created in a subsequent step using Geth (GoEthereum).

The Ethereum Key File is expected to be encrypted with a password. The password has to be provided in a prompt after the client starts or configured as a KEEP_ETHEREUM_PASSWORD environment variable.

The Operator Account has to maintain a positive Ether balance at all times. We strongly advise you monitor the account and top-up when its balance gets below 0.5 Ether.

Install Geth (GoEthereum)

To create a new Ethereum account, (GoEthereum) and create a new account using the command below. This account will subsequently be referred to as the Operator Account.

When prompted, provide a password to protect the operator key file.

Use a password manager to generate a strong password and store it safely. It will be needed again during setup.

Avoid passwords that contain the following characters: ', ", `, $ These characters may be interpreted as part of the configuration which can lead to undesirable outcomes that may be extremely time intensive to correct.

Once the process completes, your public key will be displayed. Take note of your Operator Account public key.

DO NOT LOSE THE PASSWORD TO THE OPERATOR ACCOUNT.

Funding your Operator Account

Your Operator Account will need to maintain a positive ETH balance at all times to ensure proper operation and availability of your tBTC v2 node.

Network Configuration

Required network configuration for the tBTC v2 client.

Required Ports

The node has to be accessible publicly to establish and maintain connections with bootstrap nodes and discovered peers. The node exposes metrics and diagnostics services for network health monitoring purposes. Update firewall rules as necessary, including application level firewalls for the following ports

Purpose

Config Property

Protocol

Default

Data Storage

Setup persistent data directories for the client.

The client requires two persistent directories. These directories will store configuration files and data generated and used by the client. It is highly recommended to create frequent backups of these directories. Loss of these data may be catastrophic and may lead to slashing.

It is crucial to ensure the data directory is persisted and backed up on a regular basis.

Create folders for tBTC v2 client

The tBTC v2 client will create two subdirectories within the storage directory: keystore and work. You do not need to create these.

The keystore subdirectory contains sensitive key material data generated by the client. Loosing the keystore data is a serious protocol offense and leads to slashing and potentially losing funds.

It is the operator’s responsibility to ensure the keystore data are not lost under any circumstances.

The work directory contains data generated by the client that should persist the client restarts or relocations. If the work data are lost the client will be able to recreate them, but it is inconvenient due to the time needed for the operation to complete and may lead to losing rewards.

Copy Operator keystore file

Assuming for the root user with the command provided in the step, the operator-key file should be located in the /.operator-key directory.

Contained within the operator-key directory is the account key file (operator key file), its name will be similar to the following: UTC--2018-11-01T06-23-57.810787758Z--fa3da235947aab49d439f3bcb46effd1a7237e32

copy (not move!) this account key file to the config directory created above

Installation

A tBTC v2 node can be set up using either a docker or binary installation.

Binary Installation

This page will guide you through Binary setup steps.

Choose either Docker installation OR Binary installation.

Download the Binary

See GitHub for the latest release:

Updating Nodes

Update procedure for the tBTC v2 client depends on installation method

Docker Installation

The following instructions assume your docker install followed installation instructions.

To update a tBTC node:

Pull the new image

Restart the tBTC service

Advanced Options

Advanced configuration options and tBTC v2 client options

Logging

Configuration options for logging

Config File

Application configuration can be stored in a file and passed to the application with the --config flag.

Client information exposed by the tBTC v2 client.

Logging

Optional logging configuration for the tBTC v2 client.

Configuration

Logging can be configured with environment variables. Please see sample settings:

LOG_LEVEL=DEBUG
IPFS_LOGGING_FMT=nocolor
GOLOG_FILE=/var/log/keep/keep.log
GOLOG_TRACING_FILE=/var/log/keep/trace.json

LOG_LEVEL option DEBUG will generate extensive output. Consider INFO instead.

If you want to share your LibP2P address with others you can get it from the startup log. When sharing remember to substitute the /ipv4/ address with the public facing IP of your client if you’re running on a private machine, or replace the entire /ipv4/ segment with a DNS entry if you’re using a hostname.

CLI Options

Review available CLI Options below.

Client Info

Client information exposed by the tBTC v2 client.

The client exposes metrics and diagnostics on a configurable port (default: 9601) under /metrics and /diagnostics resources.

The data can be consumed by Prometheus to monitor the state of a node.

Metrics

The client exposes the following metrics:

connected peers count,
connected bootstraps count,
Ethereum client connectivity status (if a simple read-only CALL can be executed).

Metrics are enabled once the client starts. It is possible to customize the port at which metrics endpoint is exposed as well as the frequency with which the metrics are collected.

Exposed metrics contain the value and timestamp at which they were collected.

Example metrics endpoint call result:

Diagnostics

The client exposes the following diagnostics:

list of connected peers along with their network id and Ethereum operator address,
information about the client’s network id and Ethereum operator address.

Diagnostics are enabled once the client starts. It is possible to customize the port at which diagnostics endpoint is exposed.

Example diagnostics endpoint call result:

Frequently Asked Questions

Find answers to some of the most commonly asked questions here.

Errors in Logs or Console

Certain errors may be reported by your node. See a sample below:

This warning is normal and may happen. It will disappear and reappear periodically.

Sepolia Testnet

Here you'll find the Sepolia testnet version of the Threshold dapp.

App Development

tBTC SDK

tBTC SDK is a TypeScript library that provides effortless access to the fundamental features of the tBTC Bitcoin bridge. The SDK allows developers to integrate tBTC into their own applications and offer the power of trustless tokenized Bitcoin to their users.

The SDK documentation consists of the following parts:

Quickstart
Architecture

For a high-level overview of the tBTC protocol, please see the section.

Quickstart

Here you can find instructions explaining how to use the SDK in your own project.

Installation

To install the tBTC SDK in your project, run:

Please note that you will also need to install the library to initialize a signer or provider. To do so, invoke:

Architecture

The following diagram presents the architecture of the tBTC SDK and its place in the ecosystem:

As you can see, the SDK consists of several major parts:

TBTC component
Feature services

Guides

Initialize SDK

Before initializing the tBTC SDK instance in your project, you need to answer the following questions:

What Bitcoin network and which tBTC contracts do you plan to interact with?
Do you want to perform just read-only actions or send transactions as well?

Answering those questions will allow initializing the SDK in the right way. The SDK is prepared to handle common use cases but provides some flexibility as well. This guide explains that in detail.

Ethereum and Bitcoin mainnet

This is the most common case when you want to use the SDK to interact with the tBTC bridge on Ethereum and Bitcoin mainnet.

The SDK addresses it by exposing the TBTC.initializeMainnet function. That function:

Takes an Ethers signer or provider as a parameter and uses it to interact with tBTC contracts deployed on Ethereum mainnet
Automatically configures an Electrum Bitcoin client to communicate with the Bitcoin mainnet (communication is done through a set of pre-configured Electrum servers)

The following code snippet presents the usage of this function:

import * as ethers from "ethers"
import { TBTC } from "@keep-network/tbtc-v2.ts"

// Create an Ethers provider. Pass the URL of an Ethereum mainnet node.
// For example, Alchemy or Infura.
const provider = new ethers.providers.JsonRpcProvider("...")
// Create an Ethers signer. Pass the private key and the above provider.
const signer = new ethers.Wallet("...", provider)

// If you want to initialize the SDK just for read-only actions, it is
// enough to pass the provider. 
const sdkReadonly = await TBTC.initializeMainnet(provider)
// If you want to make transactions as well, you have to pass the signer.
const sdk = await TBTC.initializeMainnet(signer)

The above code snippet presents just one way of creating an Ethers signer/provider. Please refer to learn more.

Ethereum and Bitcoin testnet

This is the case where you want to use the SDK to interact with the tBTC bridge on Ethereum and Bitcoin testnet.

The SDK addresses it by exposing the TBTC.initializeSepolia function. That function:

Takes an Ethers signer or provider as a parameter and uses it to interact with tBTC contracts deployed on Ethereum Sepolia
Automatically configures an Electrum Bitcoin client to communicate with the Bitcoin testnet (communication is done through a set of pre-configured Electrum servers)

The usage of this function is exactly the same as for the previous TBTC.initializeMainnet function.

Crosschain

This mode of the SDK will initialize Ethereum, Bitcoin and an L2 to work with tBTC. Compatible with mainnet and testnet.

Currently only functional with Arbitrum, soon more blockchains will be available.

Mainnet

The SDK addresses it by exposing the TBTC.initializeMainnet function. That function:

Takes an Ethers signer or provider as a parameter and uses it to interact with tBTC contracts deployed on Ethereum mainnet
Needs to receive as a second parameter the value true to activate the crosschain mode.
Automatically configures an Electrum Bitcoin client to communicate with the Bitcoin mainnet (communication is done through a set of pre-configured Electrum servers)

The following code snippet presents the usage of this function:

The above code snippet presents just one way of creating an Ethers signer/provider. Please refer to learn more.

Testnet

The SDK addresses it by exposing the TBTC.initializeSepolia function. That function:

Takes an Ethers signer or provider as a parameter and uses it to interact with tBTC contracts deployed on Ethereum Sepolia
Needs to receive as a second parameter the value true to activate the crosschain mode.
Automatically configures an Electrum Bitcoin client to communicate with the Bitcoin testnet (communication is done through a set of pre-configured Electrum servers)

The usage of this function is exactly the same as for the previous TBTC.initializeMainnet function.

Deposit and mint

The main feature of the tBTC bridge is depositing BTC and using it to mint the ERC-20 TBTC token. This guide explains how to perform this process using the SDK.

Initialize the SDK

First, initialize the SDK, as described in the guide.

Unmint and redeem

Another core feature of the tBTC bridge is unminting (burning) TBTC tokens and redeeming BTC in return. This guide explains how to perform this process using the SDK.

Initialize the SDK

First, initialize the SDK, as described in the guide.

tBTC Contracts API

Bridge API

You can learn about APIs of contracts related to the Bridge under the following links:

BridgeGovernanceParameters

Vault that allows making BTC donations to the system. Upon deposit, this vault does not increase depositors' balances and always decreases its own balance in the same transaction. The vault also allows making donations using existing Bank balances.

BEWARE: ALL BTC DEPOSITS TARGETING THIS VAULT ARE NOT REDEEMABLE AND THERE IS NO WAY TO RESTORE THE DONATED BALANCE. USE THIS VAULT ONLY WHEN YOU REALLY KNOW WHAT YOU ARE DOING!

EcdsaLib

compressPublicKey

Converts public key X and Y coordinates (32-byte each) to a compressed public key (33-byte). Compressed public key is X coordinate prefixed with 02

GovernanceUtils

onlyAfterGovernanceDelay

Reverts if the governance delay has not passed since the change initiated time or if the change has not been initiated.

Heartbeat

The library establishes expected format for heartbeat messages signed by wallet ECDSA signing group. Heartbeat messages are constructed in such a way that they can not be used as a Bitcoin transaction preimages.

The smallest Bitcoin non-coinbase transaction is a one spending an OP_TRUE anyonecanspend output and creating 1 OP_TRUE anyonecanspend output. Such a transaction has 61 bytes (see BitcoinTx documentation): 4 bytes for version 1 byte for tx_in_count 36 bytes for tx_in.previous_output 1 byte for tx_in.script_bytes (value: 0) 0 bytes for tx_in.signature_script 4 bytes for tx_in.sequence 1 byte for tx_out_count 8 bytes for tx_out.value 1 byte for tx_out.pk_script_bytes 1 byte for tx_out.pk_script 4 bytes for lock_time

The smallest Bitcoin coinbase transaction is a one creating 1 OP_TRUE anyonecanspend output and having an empty coinbase script. Such a transaction has 65 bytes: 4 bytes for version 1 byte for tx_in_count 32 bytes for tx_in.hash (all 0x00) 4 bytes for tx_in.index (all 0xff) 1 byte for tx_in.script_bytes (value: 0) 4 bytes for tx_in.height 0 byte for tx_in.coinbase_script 4 bytes for tx_in.sequence 1 byte for tx_out_count 8 bytes for tx_out.value 1 byte for tx_out.pk_script_bytes 1 byte for tx_out.pk_script 4 bytes for lock_time

IReceiveBalanceApproval

IReceiveBalanceApproval is an interface for a smart contract consuming Bank balances approved to them in the same transaction by other contracts or externally owned accounts (EOA).

receiveBalanceApproval

Called by the Bank in approveBalanceAndCall function after the balance owner approved amount of their balance in the Bank for the contract. This way, the depositor can approve balance and call the contract to use the approved balance in a single transaction.

The implementation must ensure this function can only be called by the Bank. The Bank does not guarantee that the amount approved by the owner currently exists on their balance. That is, the owner could approve more balance than they currently have. This works the same as Bank.approve function. The contract must ensure the actual balance is checked before performing any action based on it.

Parameters

Name

Type

Description

IRelay

Contains only the methods needed by tBTC v2. The Bitcoin relay provides the difficulty of the previous and current epoch. One difficulty epoch spans 2016 blocks.

getCurrentEpochDifficulty

function getCurrentEpochDifficulty() external view returns (uint256)

Returns the difficulty of the current epoch.

getPrevEpochDifficulty

Returns the difficulty of the previous epoch.

IVault

IVault is an interface for a smart contract consuming Bank balances of other contracts or externally owned accounts (EOA).

LightRelayMaintainerProxy

The proxy contract that allows the relay maintainers to be refunded for the spent gas from the ReimbursementPool. When proving the next Bitcoin difficulty epoch, the maintainer calls the LightRelayMaintainerProxy which in turn calls the actual LightRelay contract.

TBTC

constructor

ECDSA API

You can learn about APIs of contracts related to ECDSA under the following links:

WalletRegistryGovernance

Wallets

IWalletOwner

__ecdsaWalletCreatedCallback

Callback function executed once a new wallet is created.

Should be callable only by the Wallet Registry.

Parameters

Name

Type

Description

__ecdsaWalletHeartbeatFailedCallback

Callback function executed once a wallet heartbeat failure is detected.

Should be callable only by the Wallet Registry.

Parameters

Name

Type

Description

Contract Addresses

Resources

Security Audits

This page documents the various third-party security audits conducted on Threshold Network components, including tBTC bridge, staking contracts, the vending machines, thUSD, and integrations.

Protocol Upgrades

Defense by Thesis - Gasless Minting Feature for the Threshold App

Links

Resource

Link

EcdsaAuthorization

Library managing the state of stake authorizations for ECDSA operator contract and the presence of operators in the sortition pool based on the stake authorized for them.

Parameters

AuthorizationDecrease

Data

OperatorRegistered

AuthorizationIncreased

AuthorizationDecreaseRequested

AuthorizationDecreaseApproved

InvoluntaryAuthorizationDecreaseFailed

OperatorJoinedSortitionPool

OperatorStatusUpdated

setMinimumAuthorization

Sets the minimum authorization for ECDSA application. Without at least the minimum authorization, staking provider is not eligible to join and operate in the network.

setAuthorizationDecreaseDelay

Sets the authorization decrease delay. It is the time in seconds that needs to pass between the time authorization decrease is requested and the time the authorization decrease can be approved, no matter the authorization decrease amount.

setAuthorizationDecreaseChangePeriod

Sets the authorization decrease change period. It is the time period before the authorization decrease delay end, during which the authorization decrease request can be overwritten.

registerOperator

Used by staking provider to set operator address that will operate ECDSA node. The given staking provider can set operator address only one time. The operator address can not be changed and must be unique. Reverts if the operator is already set for the staking provider or if the operator address is already in use. Reverts if there is a pending authorization decrease for the staking provider.

authorizationIncreased

Used by T staking contract to inform the application that the authorized stake amount for the given staking provider increased.

Reverts if the authorization amount is below the minimum.

The function is not updating the sortition pool. Sortition pool state needs to be updated by the operator with a call to joinSortitionPool or updateOperatorStatus.

Should only be callable by T staking contract.

authorizationDecreaseRequested

Used by T staking contract to inform the application that the authorization decrease for the given staking provider has been requested.

Reverts if the amount after deauthorization would be non-zero and lower than the minimum authorization.

Reverts if another authorization decrease request is pending for the staking provider and not enough time passed since the original request (see authorizationDecreaseChangePeriod).

If the operator is not known (registerOperator was not called) it lets to approveAuthorizationDecrease immediately. If the operator is known (registerOperator was called), the operator needs to update state of the sortition pool with a call to joinSortitionPool or updateOperatorStatus. After the sortition pool state is in sync, authorization decrease delay starts.

After authorization decrease delay passes, authorization decrease request needs to be approved with a call to approveAuthorizationDecrease function.

If there is a pending authorization decrease request, it is overwritten, but only if enough time passed since the original request. Otherwise, the function reverts.

Should only be callable by T staking contract.

approveAuthorizationDecrease

Approves the previously registered authorization decrease request. Reverts if authorization decrease delay have not passed yet or if the authorization decrease was not requested for the given staking provider.

involuntaryAuthorizationDecrease

Used by T staking contract to inform the application the authorization has been decreased for the given staking provider involuntarily, as a result of slashing.

If the operator is not known (registerOperator was not called) the function does nothing. The operator was never in a sortition pool so there is nothing to update.

If the operator is known, sortition pool is unlocked, and the operator is in the sortition pool, the sortition pool state is updated. If the sortition pool is locked, update needs to be postponed. Every other staker is incentivized to call updateOperatorStatus for the problematic operator to increase their own rewards in the pool.

Should only be callable by T staking contract.

joinSortitionPool

Lets the operator join the sortition pool. The operator address must be known - before calling this function, it has to be appointed by the staking provider by calling registerOperator. Also, the operator must have the minimum authorization required by ECDSA. Function reverts if there is no minimum stake authorized or if the operator is not known. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay.

updateOperatorStatus

Updates status of the operator in the sortition pool. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay. Function reverts if the operator is not known.

isOperatorUpToDate

Checks if the operator's authorized stake is in sync with operator's weight in the sortition pool. If the operator is not in the sortition pool and their authorized stake is non-zero, function returns false.

eligibleStake

Returns the current value of the staking provider's eligible stake. Eligible stake is defined as the currently authorized stake minus the pending authorization decrease. Eligible stake is what is used for operator's weight in the pool. If the authorized stake minus the pending authorization decrease is below the minimum authorization, eligible stake is 0.

This function can be exposed to the public in contrast to the second variant accepting decreasingBy as a parameter.

eligibleStake

This function is not intended to be exposes to the public. decreasingBy must be fetched from pendingDecreases mapping and it is passed as a parameter to optimize gas usage of functions that call eligibleStake and need to use AuthorizationDecrease fetched from pendingDecreases for some additional logic.

pendingAuthorizationDecrease

Returns the amount of stake that is pending authorization decrease for the given staking provider. If no authorization decrease has been requested, returns zero.

remainingAuthorizationDecreaseDelay

Returns the remaining time in seconds that needs to pass before the requested authorization decrease can be approved. If the sortition pool state was not updated yet by the operator after requesting the authorization decrease, returns type(uint64).max.

VendingMachine

The Vending Machine is the owner of TBTC v2 token and can mint TBTC v2 tokens in 1:1 ratio from TBTC v1 tokens with TBTC v1 deposited in the contract as collateral. TBTC v2 can be unminted back to TBTC v1 with or without a fee - fee parameter is controlled by the Governance. This implementation acts as a bridge between TBTC v1 and TBTC v2 token, allowing to mint TBTC v2 before the system is ready and fully operational without sacrificing any security guarantees and decentralization of the project. Vending Machine can be upgraded in a two-step, governance-controlled process. The new version of the Vending Machine will receive the ownership of TBTC v2 token and entire TBTC v1 balance stored as collateral. It is expected that this process will be executed before the v2 system launch. There is an optional unmint fee with a value that can be updated in a two-step, governance-controlled process. All governable parameters are controlled by two roles: update initiator and finalizer. There is a separate initiator role for unmint fee update and vending machine upgrade. The initiator proposes the change by initiating the update and the finalizer (contract owner) may approve it by finalizing the change after the governance delay passes.

GOVERNANCE_DELAY

The time delay that needs to pass between initializing and finalizing update of any governable parameter in this contract.

FLOATING_POINT_DIVISOR

Divisor for precision purposes. Used to represent fractions in parameter values.

tbtcV1

tbtcV2

unmintFee

The fee for unminting TBTC v2 back into TBTC v1 represented as 1e18 precision fraction. The fee is proportional to the amount being unminted and added on the top of the amount being unminted. To calculate the fee value, the amount being unminted needs to be multiplied by unmintFee and divided by 1e18. For example, unmintFee set to 1000000000000000 means that 0.001 of the amount being unminted needs to be paid to the VendingMachine as an unminting fee on the top of the amount being unminted.

newUnmintFee

unmintFeeUpdateInitiatedTimestamp

unmintFeeUpdateInitiator

newVendingMachine

The address of a new vending machine. Set only when the upgrade process is pending. Once the upgrade gets finalized, the new vending machine will become an owner of TBTC v2 token.

vendingMachineUpgradeInitiatedTimestamp

vendingMachineUpgradeInitiator

UnmintFeeUpdateInitiated

UnmintFeeUpdated

VendingMachineUpgradeInitiated

VendingMachineUpgraded

Minted

Unminted

only

onlyAfterGovernanceDelay

constructor

mint

Mints TBTC v2 to the caller from TBTC v1 with 1:1 ratio. The caller needs to have at least amount of TBTC v1 balance approved for transfer to the VendingMachine before calling this function.

Parameters

Name

Type

Description

receiveApproval

Mints TBTC v2 to from address from TBTC v1 with 1:1 ratio. from address needs to have at least amount of TBTC v1 balance approved for transfer to the VendingMachine before calling this function.

This function is a shortcut for approve + mint. Only TBTC v1 caller is allowed and only TBTC v1 is allowed as a token to transfer.

Parameters

Name

Type

Description

unmint

Unmints TBTC v2 from the caller into TBTC v1. Depending on unmintFee value, may require paying an additional unmint fee in TBTC v2 in addition to the amount being unminted. To see what is the value of the fee, please call unmintFeeFor(amount) function. The caller needs to have at least amount + unmintFeeFor(amount) of TBTC v2 balance approved for transfer to the VendingMachine before calling this function.

Parameters

Name

Type

Description

withdrawFees

Allows the Governance to withdraw unmint fees accumulated by VendingMachine.

Parameters

Name

Type

Description

initiateUnmintFeeUpdate

Initiates unmint fee update process. The update process needs to be finalized with a call to finalizeUnmintFeeUpdate function after the GOVERNANCE_DELAY passes. Only unmint fee update initiator role can initiate the update.

Parameters

Name

Type

Description

finalizeUnmintFeeUpdate

Allows the contract owner to finalize unmint fee update process. The update process needs to be first initiated with a call to initiateUnmintFeeUpdate and the GOVERNANCE_DELAY needs to pass.

initiateVendingMachineUpgrade

Initiates vending machine upgrade process. The upgrade process needs to be finalized with a call to finalizeVendingMachineUpgrade function after the GOVERNANCE_DELAY passes. Only vending machine upgrade initiator role can initiate the upgrade.

Parameters

Name

Type

Description

finalizeVendingMachineUpgrade

Allows the contract owner to finalize vending machine upgrade process. The upgrade process needs to be first initiated with a call to initiateVendingMachineUpgrade and the GOVERNANCE_DELAY needs to pass. Once the upgrade is finalized, the new vending machine will become an owner of TBTC v2 token and all TBTC v1 held by this contract will be transferred to the new vending machine.

transferUnmintFeeUpdateInitiatorRole

Transfers unmint fee update initiator role to another address. Can be called only by the current unmint fee update initiator.

Parameters

Name

Type

Description

transferVendingMachineUpgradeInitiatorRole

Transfers vending machine upgrade initiator role to another address. Can be called only by the current vending machine upgrade initiator.

Parameters

Name

Type

Description

getRemainingUnmintFeeUpdateTime

Get the remaining time that needs to pass until unmint fee update can be finalized by the Governance. If the update has not been initiated, the function reverts.

getRemainingVendingMachineUpgradeTime

Get the remaining time that needs to pass until vending machine upgrade can be finalized by the Governance. If the upgrade has not been initiated, the function reverts.

unmintFeeFor

Calculates the fee that needs to be paid to the VendingMachine to unmint the given amount of TBTC v2 back into TBTC v1.

_mint

TBTCVault

TBTC is a fully Bitcoin-backed ERC-20 token pegged to the price of Bitcoin. It facilitates Bitcoin holders to act on the Ethereum blockchain and access the decentralized finance (DeFi) ecosystem. TBTC Vault mints and unmints TBTC based on Bitcoin balances in the Bank.

TBTC Vault is the owner of TBTC token contract and is the only contract minting the token.

bank

tbtcToken

newVault

The address of a new TBTC vault. Set only when the upgrade process is pending. Once the upgrade gets finalized, the new TBTC vault will become an owner of TBTC token.

upgradeInitiatedTimestamp

The timestamp at which an upgrade to a new TBTC vault was initiated. Set only when the upgrade process is pending.

Minted

Unminted

UpgradeInitiated

UpgradeFinalized

onlyBank

constructor

mint

Mints the given amount of TBTC to the caller previously transferring amount / SATOSHI_MULTIPLIER of the Bank balance from caller to TBTC Vault. If amount is not divisible by SATOSHI_MULTIPLIER, the remainder is left on the caller's Bank balance.

TBTC Vault must have an allowance for caller's balance in the Bank for at least amount / SATOSHI_MULTIPLIER.

Parameters

Name

Type

Description

receiveBalanceApproval

Transfers satoshis of the Bank balance from the caller to TBTC Vault and mints satoshis * SATOSHI_MULTIPLIER of TBTC to the caller.

Can only be called by the Bank via approveBalanceAndCall.

Parameters

Name

Type

Description

receiveBalanceIncrease

Mints the same amount of TBTC as the deposited satoshis amount multiplied by SATOSHI_MULTIPLIER for each depositor in the array. Can only be called by the Bank after the Bridge swept deposits and Bank increased balance for the vault.

Fails if depositors array is empty. Expects the length of depositors and depositedSatoshiAmounts is the same.

unmint

Burns amount of TBTC from the caller's balance and transfers amount / SATOSHI_MULTIPLIER back to the caller's balance in the Bank. If amount is not divisible by SATOSHI_MULTIPLIER, the remainder is left on the caller's account.

Caller must have at least amount of TBTC approved to TBTC Vault.

Parameters

Name

Type

Description

unmintAndRedeem

Burns amount of TBTC from the caller's balance and transfers amount / SATOSHI_MULTIPLIER of Bank balance to the Bridge requesting redemption based on the provided redemptionData. If amount is not divisible by SATOSHI_MULTIPLIER, the remainder is left on the caller's account.

Caller must have at least amount of TBTC approved to TBTC Vault.

Parameters

Name

Type

Description

receiveApproval

Burns amount of TBTC from the caller's balance. If extraData is empty, transfers amount back to the caller's balance in the Bank. If extraData is not empty, requests redemption in the Bridge using the extraData as a redemptionData parameter to Bridge's receiveBalanceApproval function. If amount is not divisible by SATOSHI_MULTIPLIER, the remainder is left on the caller's account. Note that it may left a token approval equal to the remainder.

This function is doing the same as unmint or unmintAndRedeem (depending on extraData parameter) but it allows to execute unminting without a separate approval transaction. The function can be called only via approveAndCall of TBTC token.

Parameters

Name

Type

Description

initiateUpgrade

Initiates vault upgrade process. The upgrade process needs to be finalized with a call to finalizeUpgrade function after the UPGRADE_GOVERNANCE_DELAY passes. Only the governance can initiate the upgrade.

Parameters

Name

Type

Description

finalizeUpgrade

Allows the governance to finalize vault upgrade process. The upgrade process needs to be first initiated with a call to initiateUpgrade and the GOVERNANCE_DELAY needs to pass. Once the upgrade is finalized, the new vault becomes the owner of the TBTC token and receives the whole Bank balance of this vault.

recoverERC20FromToken

Allows the governance of the TBTCVault to recover any ERC20 token sent mistakenly to the TBTC token contract address.

Parameters

Name

Type

Description

recoverERC721FromToken

Allows the governance of the TBTCVault to recover any ERC721 token sent mistakenly to the TBTC token contract address.

Parameters

Name

Type

Description

recoverERC20

Allows the governance of the TBTCVault to recover any ERC20 token sent - mistakenly or not - to the vault address. This function should be used to withdraw TBTC v1 tokens transferred to TBTCVault as a result of VendingMachine > TBTCVault upgrade.

Parameters

Name

Type

Description

recoverERC721

Allows the governance of the TBTCVault to recover any ERC721 token sent mistakenly to the vault address.

Parameters

Name

Type

Description

amountToSatoshis

Returns the amount of TBTC to be minted/unminted, the remainder, and the Bank balance to be transferred for the given mint/unmint. Note that if the amount is not divisible by SATOSHI_MULTIPLIER, the remainder is left on the caller's account when minting or unminting.

Return Values

Name

Type

Description

_mint

Mints the given amount of TBTC to the given depositor's address. Implemented by TBTCVault.

_unmint

amount MUST be divisible by SATOSHI_MULTIPLIER with no change.

_unmintAndRedeem

amount MUST be divisible by SATOSHI_MULTIPLIER with no change.

Bank

Bank is a central component tracking Bitcoin balances. Balances can be transferred between balance owners, and balance owners can approve their balances to be spent by others. Balances in the Bank are updated for depositors who deposited their Bitcoin into the Bridge and only the Bridge can increase balances.

Bank is a governable contract and the Governance can upgrade the Bridge address.

bridge

balanceOf

The balance of the given account in the Bank. Zero by default.

allowance

The remaining amount of balance a spender will be allowed to transfer on behalf of an owner using transferBalanceFrom. Zero by default.

nonces

Returns the current nonce for an EIP2612 permission for the provided balance owner to protect against replay attacks. Used to construct an EIP2612 signature provided to the permit function.

cachedChainId

cachedDomainSeparator

PERMIT_TYPEHASH

Returns an EIP2612 Permit message hash. Used to construct an EIP2612 signature provided to the permit function.

BalanceTransferred

BalanceApproved

BalanceIncreased

BalanceDecreased

BridgeUpdated

onlyBridge

constructor

updateBridge

Allows the Governance to upgrade the Bridge address.

The function does not implement any governance delay and does not check the status of the Bridge. The Governance implementation needs to ensure all requirements for the upgrade are satisfied before executing this function. Requirements:

The new Bridge address must not be zero.

Parameters

Name

Type

Description

transferBalance

Moves the given amount of balance from the caller to recipient.

Requirements:

recipient cannot be the zero address,
the caller must have a balance of at least amount.

Parameters

Name

Type

Description

approveBalance

Sets amount as the allowance of spender over the caller's balance. Does not allow updating an existing allowance to a value that is non-zero to avoid someone using both the old and the new allowance by unfortunate transaction ordering. To update an allowance to a non-zero value please set it to zero first or use increaseBalanceAllowance or decreaseBalanceAllowance for an atomic update.

If the amount is set to type(uint256).max, transferBalanceFrom will not reduce an allowance.

Parameters

Name

Type

Description

approveBalanceAndCall

Sets the amount as an allowance of a smart contract spender over the caller's balance and calls the spender via receiveBalanceApproval.

If the amount is set to type(uint256).max, the potential transferBalanceFrom executed in receiveBalanceApproval of spender will not reduce an allowance. Beware that changing an allowance with this function brings the risk that spender may use both the old and the new allowance by unfortunate transaction ordering. Please use increaseBalanceAllowance and decreaseBalanceAllowance to eliminate the risk.

Parameters

Name

Type

Description

increaseBalanceAllowance

Atomically increases the caller's balance allowance granted to spender by the given addedValue.

Parameters

Name

Type

Description

decreaseBalanceAllowance

Atomically decreases the caller's balance allowance granted to spender by the given subtractedValue.

Requirements:

spender must not be the zero address,
the current allowance for spender must not be lower than the subtractedValue.

Parameters

Name

Type

Description

transferBalanceFrom

Moves amount of balance from spender to recipient using the allowance mechanism. amount is then deducted from the caller's allowance unless the allowance was made for type(uint256).max.

Requirements:

recipient cannot be the zero address,
spender must have a balance of at least amount,
the caller must have an allowance for spender's balance of at least amount

Parameters

Name

Type

Description

permit

An EIP2612 approval made with secp256k1 signature. Users can authorize a transfer of their balance with a signature conforming to the EIP712 standard, rather than an on-chain transaction from their address. Anyone can submit this signature on the user's behalf by calling the permit function, paying gas fees, and possibly performing other actions in the same transaction.

The deadline argument can be set to type(uint256).max to create permits that effectively never expire. If the amountis set totype(uint256).maxthentransferBalanceFromwill not reduce an allowance. Beware that changing an allowance with this function brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. Please useincreaseBalanceAllowanceanddecreaseBalanceAllowance` to eliminate the risk.

Parameters

Name

Type

Description

increaseBalances

Increases balances of the provided recipients by the provided amounts. Can only be called by the Bridge.

Requirements:

length of recipients and amounts must be the same,
none of recipients addresses must point to the Bank.

Parameters

Name

Type

Description

increaseBalance

Increases balance of the provided recipient by the provided amount. Can only be called by the Bridge.

Requirements:

recipient address must not point to the Bank.

Parameters

Name

Type

Description

increaseBalanceAndCall

Increases the given smart contract vault's balance and notifies the vault contract about it. Can be called only by the Bridge.

Requirements:

vault must implement IVault interface,
length of recipients and amounts must be the same.

Parameters

Name

Type

Description

decreaseBalance

Decreases caller's balance by the provided amount. There is no way to restore the balance so do not call this function unless you really know what you are doing!

Requirements:

The caller must have a balance of at least amount.

Parameters

Name

Type

Description

DOMAIN_SEPARATOR

Returns hash of EIP712 Domain struct with TBTC Bank as a signing domain and Bank contract as a verifying contract. Used to construct an EIP2612 signature provided to the permit function.

_increaseBalance

Wallets

Library responsible for handling integration between Bridge contract and ECDSA wallets.

WalletState

Wallet

NewWalletRequested

NewWalletRegistered

WalletMovingFunds

WalletClosing

WalletClosed

WalletTerminated

requestNewWallet

Requests creation of a new wallet. This function just forms a request and the creation process is performed asynchronously. Outcome of that process should be delivered using registerNewWallet function.

Requirements:

activeWalletMainUtxo components must point to the recent main UTXO of the given active wallet, as currently known on the Ethereum chain. If there is no active wallet at the moment, or the active wallet has no main UTXO, this parameter can be empty as it is ignored,
Wallet creation must not be in progress,
If the active wallet is set, one of the following conditions must be true:

Parameters

Name

Type

Description

registerNewWallet

Registers a new wallet. This function should be called after the wallet creation process initiated using requestNewWallet completes and brings the outcomes.

Requirements:

The only caller authorized to call this function is registry,
Given wallet data must not belong to an already registered wallet.

Parameters

Name

Type

Description

notifyWalletRedemptionTimeout

Handles a notification about a wallet redemption timeout. Triggers the wallet moving funds process only if the wallet is still in the Live state. That means multiple action timeouts can be reported for the same wallet but only the first report requests the wallet to move their funds. Executes slashing if the wallet is in Live or MovingFunds state. Allows to notify redemption timeout also for a Terminated wallet in case the redemption was requested before the wallet got terminated.

Requirements:

The wallet must be in the Live, MovingFunds, or Terminated state.

Parameters

Name

Type

Description

notifyWalletHeartbeatFailed

Handles a notification about a wallet heartbeat failure and triggers the wallet moving funds process.

Requirements:

The only caller authorized to call this function is registry,
Wallet must be in Live state.

Parameters

Name

Type

Description

notifyWalletCloseable

Notifies that the wallet is either old enough or has too few satoshis left and qualifies to be closed.

Requirements:

Wallet must not be set as the current active wallet,
Wallet must exceed the wallet maximum age OR the wallet BTC balance must be lesser than the minimum threshold. If the latter case is true, the walletMainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain. If the wallet has no main UTXO, this parameter can be empty as it is ignored since the wallet balance is assumed to be zero,
Wallet must be in Live state.

Parameters

Name

Type

Description

notifyWalletClosingPeriodElapsed

Notifies about the end of the closing period for the given wallet. Closes the wallet ultimately and notifies the ECDSA registry about this fact.

Requirements:

The wallet must be in the Closing state,
The wallet closing period must have elapsed.

Parameters

Name

Type

Description

notifyWalletFundsMoved

Notifies that the wallet completed the moving funds process successfully. Checks if the funds were moved to the expected target wallets. Closes the source wallet if everything went good and reverts otherwise.

Requirements:

The caller must make sure the moving funds transaction actually happened on Bitcoin chain and fits the protocol requirements,
The source wallet must be in the MovingFunds state,
The target wallets commitment must be submitted by the source wallet,
The actual target wallets used in the moving funds transaction must be exactly the same as the target wallets commitment.

Parameters

Name

Type

Description

notifyWalletMovingFundsBelowDust

Called when a MovingFunds wallet has a balance below the dust threshold. Begins the wallet closing.

Requirements:

The wallet must be in the MovingFunds state.

Parameters

Name

Type

Description

notifyWalletMovingFundsTimeout

Called when the timeout for MovingFunds for the wallet elapsed. Slashes wallet members and terminates the wallet.

Requirements:

The wallet must be in the MovingFunds state.

Parameters

Name

Type

Description

notifyWalletMovedFundsSweepTimeout

Called when a wallet which was asked to sweep funds moved from another wallet did not provide a sweeping proof before a timeout. Slashes and terminates the wallet who failed to provide a proof.

Requirements:

The wallet must be in the Live, MovingFunds, or Terminated state.

Parameters

Name

Type

Description

notifyWalletFraudChallengeDefeatTimeout

Called when a wallet which was challenged for a fraud did not defeat the challenge before the timeout. Slashes and terminates the wallet who failed to defeat the challenge. If the wallet is already terminated, it does nothing.

Requirements:

The wallet must be in the Live, MovingFunds, Closing or Terminated state.

Parameters

Name

Type

Description

moveFunds

Requests a wallet to move their funds. If the wallet balance is zero, the wallet closing begins immediately. If the move funds request refers to the current active wallet, such a wallet is no longer considered active and the active wallet slot is unset allowing to trigger a new wallet creation immediately.

Requirements:

The caller must make sure that the wallet is in the Live state.

Parameters

Name

Type

Description

beginWalletClosing

Begins the closing period of the given wallet.

Requirements:

The caller must make sure that the wallet is in the MovingFunds state.

Parameters

Name

Type

Description

finalizeWalletClosing

Finalizes the closing period of the given wallet and notifies the ECDSA registry about this fact.

Requirements:

The caller must make sure that the wallet is in the Closing state.

Parameters

Name

Type

Description

terminateWallet

Terminates the given wallet and notifies the ECDSA registry about this fact. If the wallet termination refers to the current active wallet, such a wallet is no longer considered active and the active wallet slot is unset allowing to trigger a new wallet creation immediately.

Requirements:

The caller must make sure that the wallet is in the Live or MovingFunds or Closing state.

Parameters

Name

Type

Description

getWalletBtcBalance

Gets BTC balance for given the wallet.

Requirements:

walletMainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain. If the wallet has no main UTXO, this parameter can be empty as it is ignored.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

Redemption

OutboundTx

Aggregates functions common to the redemption transaction proof validation and to the moving funds transaction proof validation.

processWalletOutboundTxInput

Checks whether an outbound Bitcoin transaction performed from the given wallet has an input vector that contains a single input referring to the wallet's main UTXO. Marks that main UTXO as correctly spent if the validation succeeds. Reverts otherwise. There are two outbound transactions from a wallet possible: a redemption transaction or a moving funds to another wallet transaction.

Parameters

Name

Type

Description

parseWalletOutboundTxInput

Parses the input vector of an outbound Bitcoin transaction performed from the given wallet. It extracts the single input then the transaction hash and output index from its outpoint. There are two outbound transactions from a wallet possible: a redemption transaction or a moving funds to another wallet transaction.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

Redemption

The library handles the logic for redeeming Bitcoin balances from the Bridge.

To initiate a redemption, a user with a Bank balance supplies a Bitcoin address. Then, the system calculates the redemption fee, and releases balance to the provided Bitcoin address. Just like in case of sweeps of revealed deposits, redemption requests are processed in batches and require SPV proof to be submitted to the Bridge.

RedemptionRequest

RedemptionTxOutputsInfo

RedemptionTxOutputsProcessingInfo

RedemptionRequested

RedemptionsCompleted

RedemptionTimedOut

requestRedemption

Requests redemption of the given amount from the specified wallet to the redeemer Bitcoin output script. This function handles the simplest case, where balance owner is the redeemer.

Requirements:

Wallet behind walletPubKeyHash must be live,
mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain,
redeemerOutputScript must be a proper Bitcoin script,

Parameters

Name

Type

Description

requestRedemption

Requests redemption of the given amount from the specified wallet to the redeemer Bitcoin output script. Used by Bridge.receiveBalanceApproval. Can handle more complex cases where balance owner may be someone else than the redeemer.

Requirements:

Wallet behind walletPubKeyHash must be live,
mainUtxo* components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain,
redeemerOutputScript must be a proper Bitcoin script,

Parameters

Name

Type

Description

requestRedemption

Requests redemption of the given amount from the specified wallet to the redeemer Bitcoin output script.

Requirements:

Wallet behind walletPubKeyHash must be live,
mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain,
redeemerOutputScript must be a proper Bitcoin script,

Parameters

Name

Type

Description

submitRedemptionProof

Used by the wallet to prove the BTC redemption transaction and to make the necessary bookkeeping. Redemption is only accepted if it satisfies SPV proof.

The function is performing Bank balance updates by burning the total redeemed Bitcoin amount from Bridge balance and transferring the treasury fee sum to the treasury address.

It is possible to prove the given redemption only one time.

Requirements:

redemptionTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The redemptionTx should represent a Bitcoin transaction with exactly 1 input that refers to the wallet's main UTXO. That transaction should have 1..n outputs handling existing pending redemption requests or pointing to reported timed out requests. There can be also 1 optional output representing the change and pointing back to the 20-byte wallet public key hash. The change should be always present if the redeemed value sum is lower than the total wallet's BTC balance,

Parameters

Name

Type

Description

resolveRedeemingWallet

Resolves redeeming wallet based on the provided wallet public key hash. Validates the wallet state and current main UTXO, as currently known on the Ethereum chain.

Requirements:

Sweeping wallet must be either in Live or MovingFunds state,
Main UTXO of the redeeming wallet must exists in the storage,
The passed mainUTXO parameter must be equal to the stored one.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

processRedemptionTxOutputs

Processes the Bitcoin redemption transaction output vector. It extracts each output and tries to identify it as a pending redemption request, reported timed out request, or change. Reverts if one of the outputs cannot be recognized properly. This function also marks each request as processed by removing them from pendingRedemptions mapping.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

processRedemptionTxOutputs

Processes all outputs from the redemption transaction. Tries to identify output as a change output, pending redemption request or reported redemption. Reverts if one of the outputs cannot be recognized properly. Marks each request as processed by removing them from pendingRedemptions mapping.

Parameters

Name

Type

Description

processNonChangeRedemptionTxOutput

Processes a single redemption transaction output. Tries to identify output as a pending redemption request or reported redemption timeout. Output script passed to this function must not be the change output. Such output needs to be identified separately before calling this function. Reverts if output is neither requested pending redemption nor requested and reported timed-out redemption. This function also marks each pending request as processed by removing them from pendingRedemptions mapping.

Requirements:

This function should be called only if the given output represents redemption. It must not be the change output.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

notifyRedemptionTimeout

Notifies that there is a pending redemption request associated with the given wallet, that has timed out. The redemption request is identified by the key built as keccak256(keccak256(redeemerOutputScript) | walletPubKeyHash). The results of calling this function:

the pending redemptions value for the wallet will be decreased by the requested amount (minus treasury fee),
the tokens taken from the redeemer on redemption request will be returned to the redeemer,
the request will be moved from pending redemptions to timed-out redemptions,
if the state of the wallet is Live

Requirements:

The wallet must be in the Live or MovingFunds or Terminated state,
The redemption request identified by walletPubKeyHash and redeemerOutputScript must exist,
The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash

Parameters

Name

Type

Description

getRedemptionKey

Calculate redemption key without allocations.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_getRedemptionKey

Finish calculating redemption key without allocations.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

MovingFunds

The library handles the logic for moving Bitcoin between Bridge wallets.

A wallet that failed a heartbeat, did not process requested redemption on time, or qualifies to be closed, begins the procedure of moving funds to other wallets in the Bridge. The wallet needs to commit to which other Live wallets it is moving the funds to and then, provide an SPV proof of moving funds to the previously committed wallets. Once the proof is submitted, all target wallets are supposed to sweep the received UTXOs with their own main UTXOs in order to update their BTC balances.

MovingFundsTxOutputsProcessingInfo

MovedFundsSweepRequestState

MovedFundsSweepRequest

MovingFundsCommitmentSubmitted

MovingFundsTimeoutReset

MovingFundsCompleted

MovingFundsTimedOut

MovingFundsBelowDustReported

MovedFundsSwept

MovedFundsSweepTimedOut

submitMovingFundsCommitment

Submits the moving funds target wallets commitment. Once all requirements are met, that function registers the target wallets commitment and opens the way for moving funds proof submission.

Requirements:

The source wallet must be in the MovingFunds state,
The source wallet must not have pending redemption requests,
The source wallet must not have pending moved funds sweep requests,
The source wallet must not have submitted its commitment already,

Parameters

Name

Type

Description

resetMovingFundsTimeout

Resets the moving funds timeout for the given wallet if the target wallet commitment cannot be submitted due to a lack of live wallets in the system.

Requirements:

The wallet must be in the MovingFunds state,
The target wallets commitment must not be already submitted for the given moving funds wallet,
Live wallets count must be zero,
The moving funds timeout reset delay must be elapsed.

Parameters

Name

Type

Description

submitMovingFundsProof

Used by the wallet to prove the BTC moving funds transaction and to make the necessary state changes. Moving funds is only accepted if it satisfies SPV proof.

The function validates the moving funds transaction structure by checking if it actually spends the main UTXO of the declared wallet and locks the value on the pre-committed target wallets using a reasonable transaction fee. If all preconditions are met, this functions closes the source wallet.

It is possible to prove the given moving funds transaction only one time.

Requirements:

movingFundsTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The movingFundsTx should represent a Bitcoin transaction with exactly 1 input that refers to the wallet's main UTXO. That transaction should have 1..n outputs corresponding to the pre-committed target wallets. Outputs must be ordered in the same way as their corresponding target wallets are ordered within the target wallets commitment,

Parameters

Name

Type

Description

processMovingFundsTxOutputs

Processes the moving funds Bitcoin transaction output vector and extracts information required for further processing.

Requirements:

The movingFundsTxOutputVector must be parseable, i.e. must be validated by the caller as stated in their parameter doc,
Each output must refer to a 20-byte public key hash,
The total outputs value must be evenly divided over all outputs.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

notifyMovingFundsTimeout

Notifies about a timed out moving funds process. Terminates the wallet and slashes signing group members as a result.

Requirements:

The wallet must be in the MovingFunds state,
The moving funds timeout must be actually exceeded,
The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted

Parameters

Name

Type

Description

notifyMovingFundsBelowDust

Notifies about a moving funds wallet whose BTC balance is below the moving funds dust threshold. Ends the moving funds process and begins wallet closing immediately.

Requirements:

The wallet must be in the MovingFunds state,
The mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain. If the wallet has no main UTXO, this parameter can be empty as it is ignored,
The wallet BTC balance must be below the moving funds threshold.

Parameters

Name

Type

Description

submitMovedFundsSweepProof

Used by the wallet to prove the BTC moved funds sweep transaction and to make the necessary state changes. Moved funds sweep is only accepted if it satisfies SPV proof.

The function validates the sweep transaction structure by checking if it actually spends the moved funds UTXO and the sweeping wallet's main UTXO (optionally), and if it locks the value on the sweeping wallet's 20-byte public key hash using a reasonable transaction fee. If all preconditions are met, this function updates the sweeping wallet main UTXO, thus their BTC balance.

It is possible to prove the given sweep transaction only one time.

Requirements:

sweepTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The sweepTx should represent a Bitcoin transaction with the first input pointing to a wallet's sweep Pending request and, optionally, the second input pointing to the wallet's main UTXO, if the sweeping wallet has a main UTXO set. There should be only one output locking funds on the sweeping wallet 20-byte public key hash,

Parameters

Name

Type

Description

processMovedFundsSweepTxOutput

Processes the Bitcoin moved funds sweep transaction output vector by extracting the single output and using it to gain additional information required for further processing (e.g. value and wallet public key hash).

Requirements:

Output vector must contain only one output,
The single output must be of P2PKH or P2WPKH type and lock the funds on a 20-byte public key hash.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

resolveMovedFundsSweepingWallet

Resolves sweeping wallet based on the provided wallet public key hash. Validates the wallet state and current main UTXO, as currently known on the Ethereum chain.

Requirements:

Sweeping wallet must be either in Live or MovingFunds state,
If the main UTXO of the sweeping wallet exists in the storage, the passed mainUTXO parameter must be equal to the stored one.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

processMovedFundsSweepTxInputs

Processes the Bitcoin moved funds sweep transaction input vector. It extracts the first input and tries to match it with one of the moved funds sweep requests targeting the sweeping wallet. If the sweep request is an existing Pending request, this function marks it as Processed. If the sweeping wallet has a main UTXO, this function extracts the second input, makes sure it refers to the wallet main UTXO, and marks that main UTXO as correctly spent.

Requirements:

The input vector must consist of one mandatory and one optional input,
The mandatory input must be the first input in the vector,
The mandatory input must point to a Pending moved funds sweep request that is targeted to the sweeping wallet,
The optional output must be the second input in the vector,

Parameters

Name

Type

Description

Return Values

Name

Type

Description

parseMovedFundsSweepTxInputAt

Parses a Bitcoin transaction input starting at the given index.

This function assumes vector's structure is valid so it must be validated using e.g. BTCUtils.validateVin function before it is passed here.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

notifyMovedFundsSweepTimeout

Notifies about a timed out moved funds sweep process. If the wallet is not terminated yet, that function terminates the wallet and slashes signing group members as a result. Marks the given sweep request as TimedOut.

Requirements:

The moved funds sweep request must be in the Pending state,
The moved funds sweep timeout must be actually exceeded,
The wallet must be either in the Live or MovingFunds or Terminated state,,
The expression keccak256(abi.encode(walletMembersIDs))

Parameters

Name

Type

Description

WalletRegistry

authorization

dkg

wallets

_maliciousDkgResultSlashingAmount

Slashing amount for submitting a malicious DKG result. Every DKG result submitted can be challenged for the time of dkg.resultChallengePeriodLength. If the DKG result submitted is challenged and proven to be malicious, the operator who submitted the malicious result is slashed for _maliciousDkgResultSlashingAmount.

_maliciousDkgResultNotificationRewardMultiplier

Percentage of the staking contract malicious behavior notification reward which will be transferred to the notifier reporting about a malicious DKG result. Notifiers are rewarded from a notifiers treasury pool. For example, if notification reward is 1000 and the value of the multiplier is 5, the notifier will receive: 5% of 1000 = 50 per each operator affected.

_sortitionPoolRewardsBanDuration

Duration of the sortition pool rewards ban imposed on operators who missed their turn for DKG result submission or who failed a heartbeat.

_dkgResultSubmissionGas

Calculated max gas cost for submitting a DKG result. This will be refunded as part of the DKG approval process. It is in the submitter's interest to not skip his priority turn on the approval, otherwise the refund of the DKG submission will be refunded to another group member that will call the DKG approve function.

_dkgResultApprovalGasOffset

Gas that is meant to balance the DKG result approval's overall cost. It can be updated by the governance based on the current market conditions.

_notifyOperatorInactivityGasOffset

Gas that is meant to balance the notification of an operator inactivity. It can be updated by the governance based on the current market conditions.

_notifySeedTimeoutGasOffset

Gas that is meant to balance the notification of a seed for DKG delivery timeout. It can be updated by the governance based on the current market conditions.

_notifyDkgTimeoutNegativeGasOffset

Gas that is meant to balance the notification of a DKG protocol execution timeout. It can be updated by the governance based on the current market conditions.

The value is subtracted for the refundable gas calculation, as the DKG timeout notification transaction recovers some gas when cleaning up the storage.

inactivityClaimNonce

Stores current operator inactivity claim nonce for the given wallet signing group. Each claim is made with a unique nonce which protects against claim replay.

walletOwner

sortitionPool

staking

randomBeacon

DkgStarted

DkgResultSubmitted

DkgTimedOut

DkgResultApproved

DkgResultChallenged

DkgStateLocked

DkgSeedTimedOut

WalletCreated

WalletClosed

DkgMaliciousResultSlashed

DkgMaliciousResultSlashingFailed

AuthorizationParametersUpdated

RewardParametersUpdated

SlashingParametersUpdated

DkgParametersUpdated

GasParametersUpdated

RandomBeaconUpgraded

WalletOwnerUpdated

OperatorRegistered

AuthorizationIncreased

AuthorizationDecreaseRequested

AuthorizationDecreaseApproved

InvoluntaryAuthorizationDecreaseFailed

OperatorJoinedSortitionPool

OperatorStatusUpdated

InactivityClaimed

onlyStakingContract

onlyWalletOwner

Reverts if called not by the Wallet Owner.

onlyReimbursableAdmin

constructor

Used to initialize immutable variables only, use initialize function for upgradable contract initialization on deployment.

initialize

Initializes upgradable contract on deployment.

withdrawRewards

Withdraws application rewards for the given staking provider. Rewards are withdrawn to the staking provider's beneficiary address set in the staking contract. Reverts if staking provider has not registered the operator address.

Emits RewardsWithdrawn event.

withdrawIneligibleRewards

Withdraws rewards belonging to operators marked as ineligible for sortition pool rewards.

Can be called only by the contract guvnor, which should be the wallet registry governance contract.

Parameters

Name

Type

Description

registerOperator

joinSortitionPool

updateOperatorStatus

authorizationIncreased

Used by T staking contract to inform the application that the authorized stake amount for the given staking provider increased.

Reverts if the authorization amount is below the minimum.

The function is not updating the sortition pool. Sortition pool state needs to be updated by the operator with a call to joinSortitionPool or updateOperatorStatus.

Can only be called by T staking contract.

authorizationDecreaseRequested

Used by T staking contract to inform the application that the authorization decrease for the given staking provider has been requested.

Reverts if the amount after deauthorization would be non-zero and lower than the minimum authorization.

If the operator is not known (registerOperator was not called) it lets to approveAuthorizationDecrease immediatelly. If the operator is known (registerOperator was called), the operator needs to update state of the sortition pool with a call to joinSortitionPool or updateOperatorStatus. After the sortition pool state is in sync, authorization decrease delay starts.

After authorization decrease delay passes, authorization decrease request needs to be approved with a call to approveAuthorizationDecrease function.

If there is a pending authorization decrease request, it is overwritten.

Can only be called by T staking contract.

approveAuthorizationDecrease

Approves the previously registered authorization decrease request. Reverts if authorization decrease delay has not passed yet or if the authorization decrease was not requested for the given staking provider.

involuntaryAuthorizationDecrease

Used by T staking contract to inform the application the authorization has been decreased for the given staking provider involuntarily, as a result of slashing.

If the operator is not known (registerOperator was not called) the function does nothing. The operator was never in a sortition pool so there is nothing to update.

upgradeRandomBeacon

Updates address of the Random Beacon.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

updateWalletOwner

Updates the wallet owner.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters. The wallet owner has to implement IWalletOwner interface.

Parameters

Name

Type

Description

updateAuthorizationParameters

Updates the values of authorization parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

updateDkgParameters

Updates the values of DKG parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

updateRewardParameters

Updates the values of reward parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

updateSlashingParameters

Updates the values of slashing parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

updateGasParameters

Updates the values of gas-related parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

Name

Type

Description

requestNewWallet

Requests a new wallet creation.

Can be called only by the owner of wallets. It locks the DKG and request a new relay entry. It expects that the DKG process will be started once a new relay entry gets generated.

closeWallet

Closes an existing wallet. Reverts if wallet with the given ID does not exist or if it has already been closed.

Only a Wallet Owner can call this function.

Parameters

Name

Type

Description

__beaconCallback

A callback that is executed once a new relay entry gets generated. It starts the DKG process.

Can be called only by the random beacon contract.

Parameters

Name

Type

Description

submitDkgResult

Submits result of DKG protocol. The DKG result consists of result submitting member index, calculated group public key, bytes array of misbehaved members, concatenation of signatures from group members, indices of members corresponding to each signature and the list of group members. The result is registered optimistically and waits for an approval. The result can be challenged when it is believed to be incorrect. The challenge verifies the registered result i.a. it checks if members list corresponds to the expected set of members determined by the sortition pool.

The message to be signed by each member is keccak256 hash of the chain ID, calculated group public key, misbehaved members indices and DKG start block. The calculated hash should be prefixed with \x19Ethereum signed message: before signing, so the message to sign is: \x19Ethereum signed message:\n${keccak256(chainID,groupPubKey,misbehavedIndices,startBlock)}

Parameters

Name

Type

Description

approveDkgResult

Approves DKG result. Can be called when the challenge period for the submitted result is finished. Considers the submitted result as valid, bans misbehaved group members from the sortition pool rewards, and completes the group creation by activating the candidate group. For the first resultSubmissionTimeout blocks after the end of the challenge period can be called only by the DKG result submitter. After that time, can be called by anyone. A new wallet based on the DKG result details.

Parameters

Name

Type

Description

notifySeedTimeout

Notifies about seed for DKG delivery timeout. It is expected that a seed is delivered by the Random Beacon as a relay entry in a callback function.

notifyDkgTimeout

Notifies about DKG timeout.

challengeDkgResult

Challenges DKG result. If the submitted result is proved to be invalid it reverts the DKG back to the result submission phase.

Due to EIP-150 1/64 of the gas is not forwarded to the call, and will be kept to execute the remaining operations in the function after the call inside the try-catch. To eliminate a class of attacks related to the gas limit manipulation, this function requires an extra amount of gas to be left at the end of the execution.

Parameters

Name

Type

Description

notifyOperatorInactivity

Notifies about operators who are inactive. Using this function, a majority of the wallet signing group can decide about punishing specific group members who constantly fail doing their job. If the provided claim is proved to be valid and signed by sufficient number of group members, operators of members deemed as inactive are banned from sortition pool rewards for the duration specified by sortitionPoolRewardsBanDuration parameter. The function allows to signal about single operators being inactive as well as to signal wallet-wide heartbeat failures that are propagated to the wallet owner who should begin the procedure of moving responsibilities to another wallet given that the wallet who failed the heartbeat may soon be not able to function and provide new signatures. The sender of the claim must be one of the claim signers. This function can be called only for registered wallets

Parameters

Name

Type

Description

seize

Allows the wallet owner to add all signing group members of the wallet with the given ID to the slashing queue of the staking . contract. The notifier will receive reward per each group member from the staking contract notifiers treasury. The reward is scaled by the rewardMultiplier provided as a parameter.

Requirements:

The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted and DkgResultApproved events.
rewardMultiplier must be between [0, 100].

Parameters

Name

Type

Description

isDkgResultValid

Checks if DKG result is valid for the current DKG.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getWalletCreationState

Check current wallet creation state.

isWalletMember

Checks whether the given operator is a member of the given wallet signing group.

Requirements:

The operator parameter must be an actual sortition pool operator.
The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted and DkgResultApproved events.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

hasSeedTimedOut

Checks if awaiting seed timed out.

Return Values

Name

Type

Description

hasDkgTimedOut

Checks if DKG timed out. The DKG timeout period includes time required for off-chain protocol execution and time for the result publication for all group members. After this time result cannot be submitted and DKG can be notified about the timeout.

Return Values

Name

Type

Description

getWallet

getWalletPublicKey

Gets public key of a wallet with a given wallet ID. The public key is returned in an uncompressed format as a 64-byte concatenation of X and Y coordinates.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

isWalletRegistered

Checks if a wallet with the given ID is registered.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

minimumAuthorization

The minimum authorization amount required so that operator can participate in ECDSA Wallet operations.

eligibleStake

Returns the current value of the staking provider's eligible stake. Eligible stake is defined as the currently authorized stake minus the pending authorization decrease. Eligible stake is what is used for operator's weight in the sortition pool. If the authorized stake minus the pending authorization decrease is below the minimum authorization, eligible stake is 0.

availableRewards

Returns the amount of rewards available for withdrawal for the given staking provider. Reverts if staking provider has not registered the operator address.

pendingAuthorizationDecrease

Returns the amount of stake that is pending authorization decrease for the given staking provider. If no authorization decrease has been requested, returns zero.

remainingAuthorizationDecreaseDelay

stakingProviderToOperator

Returns operator registered for the given staking provider.

operatorToStakingProvider

Returns staking provider of the given operator.

isOperatorUpToDate

isOperatorInPool

Returns true if the given operator is in the sortition pool. Otherwise, returns false.

selectGroup

Selects a new group of operators. Can only be called when DKG is in progress and the pool is locked. At least one operator has to be registered in the pool, otherwise the function fails reverting the transaction.

Return Values

Name

Type

Description

dkgParameters

Retrieves dkg parameters that were set in DKG library.

authorizationParameters

Returns authorization-related parameters.

The minimum authorization is also returned by minimumAuthorization() function, as a requirement of IApplication interface.

Return Values

Name

Type

Description

rewardParameters

Retrieves reward-related parameters.

Return Values

Name

Type

Description

slashingParameters

Retrieves slashing-related parameters.

Return Values

Name

Type

Description

gasParameters

Retrieves gas-related parameters.

Return Values

Name

Type

Description

BridgeGovernanceParameters

TreasuryData

DepositData

RedemptionData

MovingFundsData

WalletData

FraudData

DepositDustThresholdUpdateStarted

DepositDustThresholdUpdated

DepositTreasuryFeeDivisorUpdateStarted

DepositTreasuryFeeDivisorUpdated

DepositTxMaxFeeUpdateStarted

DepositTxMaxFeeUpdated

DepositRevealAheadPeriodUpdateStarted

DepositRevealAheadPeriodUpdated

RedemptionDustThresholdUpdateStarted

RedemptionDustThresholdUpdated

RedemptionTreasuryFeeDivisorUpdateStarted

RedemptionTreasuryFeeDivisorUpdated

RedemptionTxMaxFeeUpdateStarted

RedemptionTxMaxFeeUpdated

RedemptionTxMaxTotalFeeUpdateStarted

RedemptionTxMaxTotalFeeUpdated

RedemptionTimeoutUpdateStarted

RedemptionTimeoutUpdated

RedemptionTimeoutSlashingAmountUpdateStarted

RedemptionTimeoutSlashingAmountUpdated

RedemptionTimeoutNotifierRewardMultiplierUpdateStarted

RedemptionTimeoutNotifierRewardMultiplierUpdated

MovingFundsTxMaxTotalFeeUpdateStarted

MovingFundsTxMaxTotalFeeUpdated

MovingFundsDustThresholdUpdateStarted

MovingFundsDustThresholdUpdated

MovingFundsTimeoutResetDelayUpdateStarted

MovingFundsTimeoutResetDelayUpdated

MovingFundsTimeoutUpdateStarted

MovingFundsTimeoutUpdated

MovingFundsTimeoutSlashingAmountUpdateStarted

MovingFundsTimeoutSlashingAmountUpdated

MovingFundsTimeoutNotifierRewardMultiplierUpdateStarted

MovingFundsTimeoutNotifierRewardMultiplierUpdated

MovingFundsCommitmentGasOffsetUpdateStarted

MovingFundsCommitmentGasOffsetUpdated

MovedFundsSweepTxMaxTotalFeeUpdateStarted

MovedFundsSweepTxMaxTotalFeeUpdated

MovedFundsSweepTimeoutUpdateStarted

MovedFundsSweepTimeoutUpdated

MovedFundsSweepTimeoutSlashingAmountUpdateStarted

MovedFundsSweepTimeoutSlashingAmountUpdated

MovedFundsSweepTimeoutNotifierRewardMultiplierUpdateStarted

MovedFundsSweepTimeoutNotifierRewardMultiplierUpdated

WalletCreationPeriodUpdateStarted

WalletCreationPeriodUpdated

WalletCreationMinBtcBalanceUpdateStarted

WalletCreationMinBtcBalanceUpdated

WalletCreationMaxBtcBalanceUpdateStarted

WalletCreationMaxBtcBalanceUpdated

WalletClosureMinBtcBalanceUpdateStarted

WalletClosureMinBtcBalanceUpdated

WalletMaxAgeUpdateStarted

WalletMaxAgeUpdated

WalletMaxBtcTransferUpdateStarted

WalletMaxBtcTransferUpdated

WalletClosingPeriodUpdateStarted

WalletClosingPeriodUpdated

FraudChallengeDepositAmountUpdateStarted

FraudChallengeDepositAmountUpdated

FraudChallengeDefeatTimeoutUpdateStarted

FraudChallengeDefeatTimeoutUpdated

FraudSlashingAmountUpdateStarted

FraudSlashingAmountUpdated

FraudNotifierRewardMultiplierUpdateStarted

FraudNotifierRewardMultiplierUpdated

TreasuryUpdateStarted

TreasuryUpdated

onlyAfterGovernanceDelay

Reverts if called before the governance delay elapses.

Parameters

Name

Type

Description

beginDepositDustThresholdUpdate

Begins the deposit dust threshold amount update process.

Parameters

Name

Type

Description

finalizeDepositDustThresholdUpdate

Finalizes the deposit dust threshold amount update process.

Can be called after the governance delay elapses.

beginDepositTreasuryFeeDivisorUpdate

Begins the deposit treasury fee divisor amount update process.

Parameters

Name

Type

Description

finalizeDepositTreasuryFeeDivisorUpdate

Finalizes the deposit treasury fee divisor amount update process.

Can be called after the governance delay elapses.

beginDepositTxMaxFeeUpdate

Begins the deposit tx max fee amount update process.

Parameters

Name

Type

Description

finalizeDepositTxMaxFeeUpdate

Finalizes the deposit tx max fee amount update process.

Can be called after the governance delay elapses.

beginDepositRevealAheadPeriodUpdate

Begins the deposit reveal ahead period update process.

Parameters

Name

Type

Description

finalizeDepositRevealAheadPeriodUpdate

Finalizes the deposit reveal ahead period update process.

Can be called after the governance delay elapses.

beginRedemptionDustThresholdUpdate

Begins the redemption dust threshold amount update process.

Parameters

Name

Type

Description

finalizeRedemptionDustThresholdUpdate

Finalizes the redemption dust threshold amount update process.

Can be called after the governance delay elapses.

beginRedemptionTreasuryFeeDivisorUpdate

Begins the redemption treasury fee divisor amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTreasuryFeeDivisorUpdate

Finalizes the redemption treasury fee divisor amount update process.

Can be called after the governance delay elapses.

beginRedemptionTxMaxFeeUpdate

Begins the redemption tx max fee amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTxMaxFeeUpdate

Finalizes the redemption tx max fee amount update process.

Can be called after the governance delay elapses.

beginRedemptionTxMaxTotalFeeUpdate

Begins the redemption tx max total fee amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTxMaxTotalFeeUpdate

Finalizes the redemption tx max total fee amount update process.

Can be called after the governance delay elapses.

beginRedemptionTimeoutUpdate

Begins the redemption timeout amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTimeoutUpdate

Finalizes the redemption timeout amount update process.

Can be called after the governance delay elapses.

beginRedemptionTimeoutSlashingAmountUpdate

Begins the redemption timeout slashing amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTimeoutSlashingAmountUpdate

Finalizes the redemption timeout slashing amount update process.

Can be called after the governance delay elapses.

beginRedemptionTimeoutNotifierRewardMultiplierUpdate

Begins the redemption timeout notifier reward multiplier amount update process.

Parameters

Name

Type

Description

finalizeRedemptionTimeoutNotifierRewardMultiplierUpdate

Finalizes the redemption timeout notifier reward multiplier amount update process.

Can be called after the governance delay elapses.

beginMovingFundsTxMaxTotalFeeUpdate

Begins the moving funds tx max total fee amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsTxMaxTotalFeeUpdate

Finalizes the moving funds tx max total fee amount update process.

Can be called after the governance delay elapses.

beginMovingFundsDustThresholdUpdate

Begins the moving funds dust threshold amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsDustThresholdUpdate

Finalizes the moving funds dust threshold amount update process.

Can be called after the governance delay elapses.

beginMovingFundsTimeoutResetDelayUpdate

Begins the moving funds timeout reset delay amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsTimeoutResetDelayUpdate

Finalizes the moving funds timeout reset delay amount update process.

Can be called after the governance delay elapses.

beginMovingFundsTimeoutUpdate

Begins the moving funds timeout amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsTimeoutUpdate

Finalizes the moving funds timeout amount update process.

Can be called after the governance delay elapses.

beginMovingFundsTimeoutSlashingAmountUpdate

Begins the moving funds timeout slashing amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsTimeoutSlashingAmountUpdate

Finalizes the moving funds timeout slashing amount update process.

Can be called after the governance delay elapses.

beginMovingFundsTimeoutNotifierRewardMultiplierUpdate

Begins the moving funds timeout notifier reward multiplier amount update process.

Parameters

Name

Type

Description

finalizeMovingFundsTimeoutNotifierRewardMultiplierUpdate

Finalizes the moving funds timeout notifier reward multiplier amount update process.

Can be called after the governance delay elapses.

beginMovingFundsCommitmentGasOffsetUpdate

Begins the moving funds commitment gas offset update process.

Parameters

Name

Type

Description

finalizeMovingFundsCommitmentGasOffsetUpdate

Finalizes the moving funds commitment gas offset update process.

Can be called after the governance delay elapses.

beginMovedFundsSweepTxMaxTotalFeeUpdate

Begins the moved funds sweep tx max total fee amount update process.

Parameters

Name

Type

Description

finalizeMovedFundsSweepTxMaxTotalFeeUpdate

Finalizes the moved funds sweep tx max total fee amount update process.

Can be called after the governance delay elapses.

beginMovedFundsSweepTimeoutUpdate

Begins the moved funds sweep timeout amount update process.

Parameters

Name

Type

Description

finalizeMovedFundsSweepTimeoutUpdate

Finalizes the moved funds sweep timeout amount update process.

Can be called after the governance delay elapses.

beginMovedFundsSweepTimeoutSlashingAmountUpdate

Begins the moved funds sweep timeout slashing amount update process.

Parameters

Name

Type

Description

finalizeMovedFundsSweepTimeoutSlashingAmountUpdate

Finalizes the moved funds sweep timeout slashing amount update process.

Can be called after the governance delay elapses.

beginMovedFundsSweepTimeoutNotifierRewardMultiplierUpdate

Begins the moved funds sweep timeout notifier reward multiplier amount update process.

Parameters

Name

Type

Description

finalizeMovedFundsSweepTimeoutNotifierRewardMultiplierUpdate

Finalizes the moved funds sweep timeout notifier reward multiplier amount update process.

Can be called after the governance delay elapses.

beginWalletCreationPeriodUpdate

Begins the wallet creation period amount update process.

Parameters

Name

Type

Description

finalizeWalletCreationPeriodUpdate

Finalizes the wallet creation period amount update process.

Can be called after the governance delay elapses.

beginWalletCreationMinBtcBalanceUpdate

Begins the wallet creation min btc balance amount update process.

Parameters

Name

Type

Description

finalizeWalletCreationMinBtcBalanceUpdate

Finalizes the wallet creation min btc balance amount update process.

Can be called after the governance delay elapses.

beginWalletCreationMaxBtcBalanceUpdate

Begins the wallet creation max btc balance amount update process.

Parameters

Name

Type

Description

finalizeWalletCreationMaxBtcBalanceUpdate

Finalizes the wallet creation max btc balance amount update process.

Can be called after the governance delay elapses.

beginWalletClosureMinBtcBalanceUpdate

Begins the wallet closure min btc balance amount update process.

Parameters

Name

Type

Description

finalizeWalletClosureMinBtcBalanceUpdate

Finalizes the wallet closure min btc balance amount update process.

Can be called after the governance delay elapses.

beginWalletMaxAgeUpdate

Begins the wallet max age amount update process.

Parameters

Name

Type

Description

finalizeWalletMaxAgeUpdate

Finalizes the wallet max age amount update process.

Can be called after the governance delay elapses.

beginWalletMaxBtcTransferUpdate

Begins the wallet max btc transfer amount update process.

Parameters

Name

Type

Description

finalizeWalletMaxBtcTransferUpdate

Finalizes the wallet max btc transfer amount update process.

Can be called after the governance delay elapses.

beginWalletClosingPeriodUpdate

Begins the wallet closing period amount update process.

Parameters

Name

Type

Description

finalizeWalletClosingPeriodUpdate

Finalizes the wallet closing period amount update process.

Can be called after the governance delay elapses.

beginFraudChallengeDepositAmountUpdate

Begins the fraud challenge deposit amount update process.

Parameters

Name

Type

Description

finalizeFraudChallengeDepositAmountUpdate

Finalizes the fraud challenge deposit amount update process.

Can be called after the governance delay elapses.

beginFraudChallengeDefeatTimeoutUpdate

Begins the fraud challenge defeat timeout amount update process.

Parameters

Name

Type

Description

finalizeFraudChallengeDefeatTimeoutUpdate

Finalizes the fraud challenge defeat timeout amount update process.

Can be called after the governance delay elapses.

beginFraudSlashingAmountUpdate

Begins the fraud slashing amount update process.

Parameters

Name

Type

Description

finalizeFraudSlashingAmountUpdate

Finalizes the fraud slashing amount update process.

Can be called after the governance delay elapses.

beginFraudNotifierRewardMultiplierUpdate

Begins the fraud notifier reward multiplier amount update process.

Parameters

Name

Type

Description

finalizeFraudNotifierRewardMultiplierUpdate

Finalizes the fraud notifier reward multiplier amount update process.

Can be called after the governance delay elapses.

beginTreasuryUpdate

Begins the treasury address update process.

It does not perform any parameter validation.

Parameters

Name

Type

Description

finalizeTreasuryUpdate

Finalizes the treasury address update process.

Can be called after the governance delay elapses.

Bridge

Bridge manages BTC deposit and redemption flow and is increasing and decreasing balances in the Bank as a result of BTC deposit and redemption operations performed by depositors and redeemers.

Depositors send BTC funds to the most recently created off-chain ECDSA wallet of the bridge using pay-to-script-hash (P2SH) or pay-to-witness-script-hash (P2WSH) containing hashed information about the depositor’s Ethereum address. Then, the depositor reveals their Ethereum address along with their deposit blinding factor, refund public key hash and refund locktime to the Bridge on Ethereum chain. The off-chain ECDSA wallet listens for these sorts of messages and when it gets one, it checks the Bitcoin network to make sure the deposit lines up. If it does, the off-chain ECDSA wallet may decide to pick the deposit transaction for sweeping, and when the sweep operation is confirmed on the Bitcoin network, the ECDSA wallet informs the Bridge about the sweep increasing appropriate balances in the Bank.

Bridge is an upgradeable component of the Bank. The order of functionalities in this contract is: deposit, sweep, redemption, moving funds, wallet lifecycle, frauds, parameters.

self

DepositRevealed

DepositsSwept

RedemptionRequested

RedemptionsCompleted

RedemptionTimedOut

WalletMovingFunds

MovingFundsCommitmentSubmitted

MovingFundsTimeoutReset

MovingFundsCompleted

MovingFundsTimedOut

MovingFundsBelowDustReported

MovedFundsSwept

MovedFundsSweepTimedOut

NewWalletRequested

NewWalletRegistered

WalletClosing

WalletClosed

WalletTerminated

FraudChallengeSubmitted

FraudChallengeDefeated

FraudChallengeDefeatTimedOut

VaultStatusUpdated

SpvMaintainerStatusUpdated

DepositParametersUpdated

RedemptionParametersUpdated

MovingFundsParametersUpdated

WalletParametersUpdated

FraudParametersUpdated

TreasuryUpdated

onlySpvMaintainer

constructor

initialize

Initializes upgradable contract on deployment.

Parameters

Name

Type

Description

revealDeposit

Used by the depositor to reveal information about their P2(W)SH Bitcoin deposit to the Bridge on Ethereum chain. The off-chain wallet listens for revealed deposit events and may decide to include the revealed deposit in the next executed sweep. Information about the Bitcoin deposit can be revealed before or after the Bitcoin transaction with P2(W)SH deposit is mined on the Bitcoin chain. Worth noting, the gas cost of this function scales with the number of P2(W)SH transaction inputs and outputs. The deposit may be routed to one of the trusted vaults. When a deposit is routed to a vault, vault gets notified when the deposit gets swept and it may execute the appropriate action.

Requirements:

This function must be called by the same Ethereum address as the one used in the P2(W)SH BTC deposit transaction as a depositor,
reveal.walletPubKeyHash must identify a Live wallet,
reveal.vault must be 0x0 or point to a trusted vault,

If any of these requirements is not met, the wallet must refuse to sweep the deposit and the depositor has to wait until the deposit script unlocks to receive their BTC back.

Parameters

Name

Type

Description

submitDepositSweepProof

Used by the wallet to prove the BTC deposit sweep transaction and to update Bank balances accordingly. Sweep is only accepted if it satisfies SPV proof.

The function is performing Bank balance updates by first computing the Bitcoin fee for the sweep transaction. The fee is divided evenly between all swept deposits. Each depositor receives a balance in the bank equal to the amount inferred during the reveal transaction, minus their fee share.

It is possible to prove the given sweep only one time.

Requirements:

sweepTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The sweepTx should represent a Bitcoin transaction with 1..n inputs. If the wallet has no main UTXO, all n inputs should correspond to P2(W)SH revealed deposits UTXOs. If the wallet has an existing main UTXO, one of the n inputs must point to that main UTXO and remaining n-1 inputs should correspond to P2(W)SH revealed deposits UTXOs. That transaction must have only one P2(W)PKH output locking funds on the 20-byte wallet public key hash,

Parameters

Name

Type

Description

requestRedemption

Requests redemption of the given amount from the specified wallet to the redeemer Bitcoin output script. Handles the simplest case in which the redeemer's balance is decreased in the Bank.

Requirements:

Wallet behind walletPubKeyHash must be live,
mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain,
redeemerOutputScript must be a proper Bitcoin script,

Parameters

Name

Type

Description

receiveBalanceApproval

Requests redemption of the given amount from the specified wallet to the redeemer Bitcoin output script. Used by Bank.approveBalanceAndCall. Can handle more complex cases where balance owner may be someone else than the redeemer. For example, vault redeeming its balance for some depositor.

Requirements:

The caller must be the Bank,
Wallet behind walletPubKeyHash must be live,
mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain,

Note on upgradeability: Bridge is an upgradeable contract deployed behind a TransparentUpgradeableProxy. Accepting redemption data as bytes provides great flexibility. The Bridge is just like any other contract with a balance approved in the Bank and can be upgraded to another version without being bound to a particular interface forever. This flexibility comes with the cost - developers integrating their vaults and dApps with Bridge using approveBalanceAndCall need to pay extra attention to redemptionData and adjust the code in case the expected structure of redemptionData changes.

Parameters

Name

Type

Description

submitRedemptionProof

Used by the wallet to prove the BTC redemption transaction and to make the necessary bookkeeping. Redemption is only accepted if it satisfies SPV proof.

The function is performing Bank balance updates by burning the total redeemed Bitcoin amount from Bridge balance and transferring the treasury fee sum to the treasury address.

It is possible to prove the given redemption only one time.

Requirements:

redemptionTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The redemptionTx should represent a Bitcoin transaction with exactly 1 input that refers to the wallet's main UTXO. That transaction should have 1..n outputs handling existing pending redemption requests or pointing to reported timed out requests. There can be also 1 optional output representing the change and pointing back to the 20-byte wallet public key hash. The change should be always present if the redeemed value sum is lower than the total wallet's BTC balance,

Parameters

Name

Type

Description

notifyRedemptionTimeout

The pending redemptions value for the wallet will be decreased by the requested amount (minus treasury fee),
The tokens taken from the redeemer on redemption request will be returned to the redeemer,
The request will be moved from pending redemptions to timed-out redemptions,
If the state of the wallet is Live

Requirements:

The wallet must be in the Live or MovingFunds or Terminated state,
The redemption request identified by walletPubKeyHash and redeemerOutputScript must exist,
The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash

Parameters

Name

Type

Description

submitMovingFundsCommitment

Submits the moving funds target wallets commitment. Once all requirements are met, that function registers the target wallets commitment and opens the way for moving funds proof submission. The caller is reimbursed for the transaction costs.

Requirements:

The source wallet must be in the MovingFunds state,
The source wallet must not have pending redemption requests,
The source wallet must not have pending moved funds sweep requests,
The source wallet must not have submitted its commitment already,

Parameters

Name

Type

Description

resetMovingFundsTimeout

Resets the moving funds timeout for the given wallet if the target wallet commitment cannot be submitted due to a lack of live wallets in the system.

Requirements:

The wallet must be in the MovingFunds state,
The target wallets commitment must not be already submitted for the given moving funds wallet,
Live wallets count must be zero,
The moving funds timeout reset delay must be elapsed.

Parameters

Name

Type

Description

submitMovingFundsProof

Used by the wallet to prove the BTC moving funds transaction and to make the necessary state changes. Moving funds is only accepted if it satisfies SPV proof.

It is possible to prove the given moving funds transaction only one time.

Requirements:

movingFundsTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The movingFundsTx should represent a Bitcoin transaction with exactly 1 input that refers to the wallet's main UTXO. That transaction should have 1..n outputs corresponding to the pre-committed target wallets. Outputs must be ordered in the same way as their corresponding target wallets are ordered within the target wallets commitment,

Parameters

Name

Type

Description

notifyMovingFundsTimeout

Notifies about a timed out moving funds process. Terminates the wallet and slashes signing group members as a result.

Requirements:

The wallet must be in the MovingFunds state,
The moving funds timeout must be actually exceeded,
The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted

Parameters

Name

Type

Description

notifyMovingFundsBelowDust

Notifies about a moving funds wallet whose BTC balance is below the moving funds dust threshold. Ends the moving funds process and begins wallet closing immediately.

Requirements:

The wallet must be in the MovingFunds state,
The mainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain. If the wallet has no main UTXO, this parameter can be empty as it is ignored,
The wallet BTC balance must be below the moving funds threshold.

Parameters

Name

Type

Description

submitMovedFundsSweepProof

Used by the wallet to prove the BTC moved funds sweep transaction and to make the necessary state changes. Moved funds sweep is only accepted if it satisfies SPV proof.

It is possible to prove the given sweep transaction only one time.

Requirements:

sweepTx components must match the expected structure. See BitcoinTx.Info docs for reference. Their values must exactly correspond to appropriate Bitcoin transaction fields to produce a provable transaction hash,
The sweepTx should represent a Bitcoin transaction with the first input pointing to a moved funds sweep request targeted to the wallet, and optionally, the second input pointing to the wallet's main UTXO, if the sweeping wallet has a main UTXO set. There should be only one output locking funds on the sweeping wallet 20-byte public key hash,

Parameters

Name

Type

Description

notifyMovedFundsSweepTimeout

Requirements:

The moved funds sweep request must be in the Pending state,
The moved funds sweep timeout must be actually exceeded,
The wallet must be either in the Live or MovingFunds or Terminated state,
The expression keccak256(abi.encode(walletMembersIDs))

Parameters

Name

Type

Description

requestNewWallet

Requests creation of a new wallet. This function just forms a request and the creation process is performed asynchronously. Once a wallet is created, the ECDSA Wallet Registry will notify this contract by calling the __ecdsaWalletCreatedCallback function.

Requirements:

activeWalletMainUtxo components must point to the recent main UTXO of the given active wallet, as currently known on the Ethereum chain. If there is no active wallet at the moment, or the active wallet has no main UTXO, this parameter can be empty as it is ignored,
Wallet creation must not be in progress,
If the active wallet is set, one of the following conditions must be true:

Parameters

Name

Type

Description

__ecdsaWalletCreatedCallback

A callback function that is called by the ECDSA Wallet Registry once a new ECDSA wallet is created.

Requirements:

The only caller authorized to call this function is registry,
Given wallet data must not belong to an already registered wallet.

Parameters

Name

Type

Description

__ecdsaWalletHeartbeatFailedCallback

A callback function that is called by the ECDSA Wallet Registry once a wallet heartbeat failure is detected.

Requirements:

The only caller authorized to call this function is registry,
Wallet must be in Live state.

Parameters

Name

Type

Description

notifyWalletCloseable

Notifies that the wallet is either old enough or has too few satoshi left and qualifies to be closed.

Requirements:

Wallet must not be set as the current active wallet,
Wallet must exceed the wallet maximum age OR the wallet BTC balance must be lesser than the minimum threshold. If the latter case is true, the walletMainUtxo components must point to the recent main UTXO of the given wallet, as currently known on the Ethereum chain. If the wallet has no main UTXO, this parameter can be empty as it is ignored since the wallet balance is assumed to be zero,
Wallet must be in Live state.

Parameters

Name

Type

Description

notifyWalletClosingPeriodElapsed

Notifies about the end of the closing period for the given wallet. Closes the wallet ultimately and notifies the ECDSA registry about this fact.

Requirements:

The wallet must be in the Closing state,
The wallet closing period must have elapsed.

Parameters

Name

Type

Description

submitFraudChallenge

Submits a fraud challenge indicating that a UTXO being under wallet control was unlocked by the wallet but was not used according to the protocol rules. That means the wallet signed a transaction input pointing to that UTXO and there is a unique sighash and signature pair associated with that input. This function uses those parameters to create a fraud accusation that proves a given transaction input unlocking the given UTXO was actually signed by the wallet. This function cannot determine whether the transaction was actually broadcast and the input was consumed in a fraudulent way so it just opens a challenge period during which the wallet can defeat the challenge by submitting proof of a transaction that consumes the given input according to protocol rules. To prevent spurious allegations, the caller must deposit ETH that is returned back upon justified fraud challenge or confiscated otherwise.

Requirements:

Wallet behind walletPublicKey must be in Live or MovingFunds or Closing state,
The challenger must send appropriate amount of ETH used as fraud challenge deposit,
The signature (represented by r, s and v) must be generated by the wallet behind walletPubKey during signing of sighash which was calculated from preimageSha256

Parameters

Name

Type

Description

defeatFraudChallenge

Allows to defeat a pending fraud challenge against a wallet if the transaction that spends the UTXO follows the protocol rules. In order to defeat the challenge the same walletPublicKey and signature (represented by r, s and v) must be provided as were used to calculate the sighash during input signing. The fraud challenge defeat attempt will only succeed if the inputs in the preimage are considered honestly spent by the wallet. Therefore the transaction spending the UTXO must be proven in the Bridge before a challenge defeat is called. If successfully defeated, the fraud challenge is marked as resolved and the amount of ether deposited by the challenger is sent to the treasury.

Requirements:

walletPublicKey and sighash calculated as hash256(preimage) must identify an open fraud challenge,
the preimage must be a valid preimage of a transaction generated according to the protocol rules and already proved in the Bridge,
before a defeat attempt is made the transaction that spends the given UTXO must be proven in the Bridge.

Parameters

Name

Type

Description

defeatFraudChallengeWithHeartbeat

Allows to defeat a pending fraud challenge against a wallet by proving the sighash and signature were produced for an off-chain wallet heartbeat message following a strict format. In order to defeat the challenge the same walletPublicKey and signature (represented by r, s and v) must be provided as were used to calculate the sighash during heartbeat message signing. The fraud challenge defeat attempt will only succeed if the signed message follows a strict format required for heartbeat messages. If successfully defeated, the fraud challenge is marked as resolved and the amount of ether deposited by the challenger is sent to the treasury.

Requirements:

walletPublicKey and sighash calculated as hash256(heartbeatMessage) must identify an open fraud challenge,
heartbeatMessage must follow a strict format of heartbeat messages.

Parameters

Name

Type

Description

notifyFraudChallengeDefeatTimeout

Notifies about defeat timeout for the given fraud challenge. Can be called only if there was a fraud challenge identified by the provided walletPublicKey and sighash and it was not defeated on time. The amount of time that needs to pass after a fraud challenge is reported is indicated by the challengeDefeatTimeout. After a successful fraud challenge defeat timeout notification the fraud challenge is marked as resolved, the stake of each operator is slashed, the ether deposited is returned to the challenger and the challenger is rewarded.

Requirements:

The wallet must be in the Live or MovingFunds or Closing or Terminated state,
The walletPublicKey and sighash calculated from preimageSha256 must identify an open fraud challenge,
The expression keccak256(abi.encode(walletMembersIDs))

Parameters

Name

Type

Description

setVaultStatus

Allows the Governance to mark the given vault address as trusted or no longer trusted. Vaults are not trusted by default. Trusted vault must meet the following criteria:

IVault.receiveBalanceIncrease must have a known, low gas cost,
IVault.receiveBalanceIncrease must never revert.

Without restricting reveal only to trusted vaults, malicious vaults not meeting the criteria would be able to nuke sweep proof transactions executed by ECDSA wallet with deposits routed to them. Can only be called by the Governance.

Parameters

Name

Type

Description

setSpvMaintainerStatus

Allows the Governance to mark the given address as trusted or no longer trusted SPV maintainer. Addresses are not trusted as SPV maintainers by default.

The SPV proof does not check whether the transaction is a part of the Bitcoin mainnet, it only checks whether the transaction has been mined performing the required amount of work as on Bitcoin mainnet. The possibility of submitting SPV proofs is limited to trusted SPV maintainers. The system expects transaction confirmations with the required work accumulated, so trusted SPV maintainers can not prove the transaction without providing the required Bitcoin proof of work. Trusted maintainers address the issue of an economic game between tBTC and Bitcoin mainnet where large Bitcoin mining pools can decide to use their hash power to mine fake Bitcoin blocks to prove them in tBTC instead of receiving Bitcoin miner rewards. Can only be called by the Governance.

Parameters

Name

Type

Description

updateDepositParameters

of depositTreasuryFeeDivisor and depositTxMaxFee parameters in order to make requests that can incur the treasury and transaction fee and still satisfy the depositor.

Requirements:

Deposit dust threshold must be greater than zero,
Deposit dust threshold must be greater than deposit TX max fee,
Deposit transaction max fee must be greater than zero.

Parameters

Name

Type

Description

updateRedemptionParameters

Updates parameters of redemptions.

Requirements:

Redemption dust threshold must be greater than moving funds dust threshold,
Redemption dust threshold must be greater than the redemption TX max fee,
Redemption transaction max fee must be greater than zero,
Redemption transaction max total fee must be greater than or equal to the redemption transaction per-request max fee,

Parameters

Name

Type

Description

updateMovingFundsParameters

Updates parameters of moving funds.

Requirements:

Moving funds transaction max total fee must be greater than zero,
Moving funds dust threshold must be greater than zero and lower than the redemption dust threshold,
Moving funds timeout reset delay must be greater than zero,
Moving funds timeout must be greater than the moving funds timeout reset delay,

Parameters

Name

Type

Description

updateWalletParameters

Requirements:

Wallet maximum BTC balance must be greater than the wallet minimum BTC balance,
Wallet maximum BTC transfer must be greater than zero,
Wallet closing period must be greater than zero.

updateFraudParameters

Updates parameters related to frauds.

Requirements:

Fraud challenge defeat timeout must be greater than 0,
Fraud notifier reward multiplier must be in the range [0, 100].

Parameters

Name

Type

Description

updateTreasury

Updates treasury address. The treasury receives the system fees.

The treasury address must not be 0x0.

Parameters

Name

Type

Description

deposits

Collection of all revealed deposits indexed by keccak256(fundingTxHash | fundingOutputIndex). The fundingTxHash is bytes32 (ordered as in Bitcoin internally) and fundingOutputIndex an uint32. This mapping may contain valid and invalid deposits and the wallet is responsible for validating them before attempting to execute a sweep.

pendingRedemptions

Collection of all pending redemption requests indexed by redemption key built as keccak256(keccak256(redeemerOutputScript) | walletPubKeyHash). The walletPubKeyHash is the 20-byte wallet's public key hash (computed using Bitcoin HASH160 over the compressed ECDSA public key) and redeemerOutputScript is a Bitcoin script (P2PKH, P2WPKH, P2SH or P2WSH) that will be used to lock redeemed BTC as requested by the redeemer. Requests are added to this mapping by the requestRedemption method (duplicates not allowed) and are removed by one of the following methods:

submitRedemptionProof in case the request was handled successfully,
notifyRedemptionTimeout in case the request was reported to be timed out.

timedOutRedemptions

Collection of all timed out redemptions requests indexed by redemption key built as keccak256(keccak256(redeemerOutputScript) | walletPubKeyHash). The walletPubKeyHash is the 20-byte wallet's public key hash (computed using Bitcoin HASH160 over the compressed ECDSA public key) and redeemerOutputScript is the Bitcoin script (P2PKH, P2WPKH, P2SH or P2WSH) that is involved in the timed out request. Only one method can add to this mapping:

notifyRedemptionTimeout which puts the redemption key to this mapping based on a timed out request stored previously in pendingRedemptions mapping. Only one method can remove entries from this mapping:
submitRedemptionProof in case the timed out redemption request was a part of the proven transaction.

spentMainUTXOs

Collection of main UTXOs that are honestly spent indexed by keccak256(fundingTxHash | fundingOutputIndex). The fundingTxHash is bytes32 (ordered as in Bitcoin internally) and fundingOutputIndex an uint32. A main UTXO is considered honestly spent if it was used as an input of a transaction that have been proven in the Bridge.

wallets

Gets details about a registered wallet.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

activeWalletPubKeyHash

Gets the public key hash of the active wallet.

Return Values

Name

Type

Description

liveWalletsCount

Gets the live wallets count.

Return Values

Name

Type

Description

fraudChallenges

Returns the fraud challenge identified by the given key built as keccak256(walletPublicKey|sighash).

movedFundsSweepRequests

Collection of all moved funds sweep requests indexed by keccak256(movingFundsTxHash | movingFundsOutputIndex). The movingFundsTxHash is bytes32 (ordered as in Bitcoin internally) and movingFundsOutputIndex an uint32. Each entry is actually an UTXO representing the moved funds and is supposed to be swept with the current main UTXO of the recipient wallet.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

isVaultTrusted

Indicates if the vault with the given address is trusted or not. Depositors can route their revealed deposits only to trusted vaults and have trusted vaults notified about new deposits as soon as these deposits get swept. Vaults not trusted by the Bridge can still be used by Bank balance owners on their own responsibility - anyone can approve their Bank balance to any address.

depositParameters

Returns the current values of Bridge deposit parameters.

Return Values

Name

Type

Description

redemptionParameters

Returns the current values of Bridge redemption parameters.

Return Values

Name

Type

Description

movingFundsParameters

Returns the current values of Bridge moving funds between wallets parameters.

Return Values

Name

Type

Description

walletParameters

Return Values

Name

Type

Description

fraudParameters

Returns the current values of Bridge fraud parameters.

Return Values

Name

Type

Description

contractReferences

Returns the addresses of contracts Bridge is interacting with.

Return Values

Name

Type

Description

treasury

Address where the deposit treasury fees will be sent to. Treasury takes part in the operators rewarding process.

txProofDifficultyFactor

The number of confirmations on the Bitcoin chain required to successfully evaluate an SPV proof.

Threshold Docs

What is the Threshold Network?

tBTC Bitcoin Bridge

hashtagHonest Majority Assumption

hashtagFees

T Token

hashtagSupply

THRESHOLD APP

tBTC Minting Walkthrough

hashtagBefore you start

hashtagStart minting tBTC

hashtagCongrats — you minted!

Governance

Governance Process

hashtagLifecycle of a successful proposal

hashtagDeviations in the proposal lifecycle

Threshold Multisigs

hashtagCommittee Multisigs

Liquid Token Delegation

tBTC Signer Nodes

tBTC Signers

Node Setup

hashtagImportant Considerations

hashtagRecommended Machine Types

hashtagEthereum API

hashtagBitcoin API

hashtagConfiguration

Operator Account

hashtagInstall Geth (GoEthereum)

hashtagFunding your Operator Account

Network Configuration

hashtagRequired Ports

Data Storage

hashtagCreate folders for tBTC v2 client

hashtagCopy Operator keystore file

Installation

Binary Installation

hashtagDownload the Binary

Updating Nodes

hashtagDocker Installation

Advanced Options

Logging

hashtagConfiguration

CLI Options

Client Info

hashtagMetrics

hashtagDiagnostics

Frequently Asked Questions

hashtagErrors in Logs or Console

Sepolia Testnet

App Development

tBTC SDK

Quickstart

hashtagInstallation

Architecture

Guides

Initialize SDK

Ethereum and Bitcoin mainnet

Ethereum and Bitcoin testnet

Crosschain

hashtagMainnet

hashtagTestnet

Deposit and mint

hashtagInitialize the SDK

Unmint and redeem

hashtagInitialize the SDK

tBTC Contracts API

Bridge API

DonationVault

hashtagDonationVault

EcdsaLib

hashtagEcdsaLib

hashtagcompressPublicKey

GovernanceUtils

hashtagGovernanceUtils

hashtagonlyAfterGovernanceDelay

Heartbeat

hashtagHeartbeat

IReceiveBalanceApproval

hashtagIReceiveBalanceApproval

Honest Majority Assumption

Fees

Supply

Before you start

Start minting tBTC

Congrats — you minted!

Lifecycle of a successful proposal

Deviations in the proposal lifecycle

Committee Multisigs

Important Considerations

Recommended Machine Types

Ethereum API

Bitcoin API

Configuration

Install Geth (GoEthereum)

Funding your Operator Account

Required Ports

Create folders for tBTC v2 client

Copy Operator keystore file

Download the Binary

Docker Installation

Configuration

Metrics

Diagnostics

Errors in Logs or Console

Installation

Mainnet

Testnet

Initialize the SDK

Initialize the SDK

DonationVault

EcdsaLib

compressPublicKey

GovernanceUtils

onlyAfterGovernanceDelay

Heartbeat

IReceiveBalanceApproval

receiveBalanceApproval

Parameters

IRelay

getCurrentEpochDifficulty

getPrevEpochDifficulty

IVault

LightRelayMaintainerProxy

TBTC

constructor

IWalletOwner

__ecdsaWalletCreatedCallback

Parameters

__ecdsaWalletHeartbeatFailedCallback

Parameters

Protocol Upgrades

Defense by Thesis - Gasless Minting Feature for the Threshold App

Honest Majority Assumption

Fees

Configuration

Before you start

Start minting tBTC

Congrats — you minted!

Lifecycle of a successful proposal

Deviations in the proposal lifecycle

Required Ports

Supply

Initialize the SDK