Introduce sCrypt: a Layer-1 Smart Contract Framework for BTC

Develop Smart Contracts on BTC in TypeScript

5 min readJan 10, 2024

We are extremely thrilled to introduce sCrypt: a modern Typescript framework to develop Layer-1 smart contracts on BTC today, no fork needed. One can now write, test, debug, deploy, and call smart contracts in a easy-to-use unified framework using modern developer tools. Any web2 developer can develop smart contract-powered apps on BTC, as long as she knows JavaScript/TypeScript. It serves as a solid foundation to transforming BTC into a smart contract platform.

Smart Contracts on BTC

Conventionally, BTC is regarded only capable of payments and storing value. Ordinals has changed the misconception by demonstrating it also supports tokens. Another misconception is BTC’s lack of smart contract capabilities. In fact, BTC support smart contracts since day 1, in the form of Bitcoin Script. Hashlocks, timelocks, and multisig are some prominent examples.

One of the biggest hurdle in BTC smart contracts lies in Script. Being a low-level assembly language, Script is extremely difficult to code in and reason about. There is virtually no tool to test, debug, and deploy as in typical software development workflow. Writing smart contract in native Script is cumbersome and error-prone. It quickly becomes intractable when the contract size and complexity grow.


Enter sCrypt. With sCrypt, developers can directly code BTC smart contracts in Typescript, one of the most popular programming language in the world and used by millions of developers every day. sCrypt contracts are compiled into Bitcoin Script.

sCrypt offers a plethora of benefits:

  • No need to learn new programming language. We chose TypeScript because it provides an easy, familiar language (JavaScript), but with type safety, making it easy to get started writing safe smart contracts. There is no need to learn a new programming language or tools if you are already familiar with TypeScript/JavaScript.
  • No need to learn new tools. Web2 developers can reuse millions of existing TypeScript/JavaScript libraries and their favorite tools: Visual Studio Code/WebStorm for IDE, NPM for package management, Jest/Mocha/ Jasmine for testing.

A Working Example

Let us examine a practical smart contract.

The code below represents a simple logical NAND (NOT-AND) gate commitment for BitVM, taken from Figure 2 in its whitepaper. It checks if the two input bits (A, B) and one output bit (E), all committed in advance using hashes, of the gate match, i.e., E = NAND(A, B).

The exact details of how this code works is not important. The central message here is that it is far from what a modern programming language looks like and appears esoteric.

NAND gate commitment in Script

The functionally equivalent is expressed in sCrypt simply as:

NAND gate commitment in sCrypt

Comparing the Script and sCrypt implementations, it is obvious the latter is drastically more friendly and approachable to modern developers. The former is only known by a handful of developers who can code in outdated assembly language, while the latter can be mastered by millions of developers who know JavaScript/TypeScript, or any other Object Oriented programming languages such as Java, C++, or Golang. The more complicated a smart contract gets, the more advantageous it is to develop it in sCrypt than in Script.

The full code is listed below, based on the sCrypt library scrypt-ts-btc.

BitVM contract

Deploy and Call Smart Contracts

We use Pay-to-Witness-Script-Hash (P2WSH) for contract deployment. Deployment consists of compiling the smart contracts code to produce script, hashing this script, and placing the hash into a P2WSH transaction (Tx0), which is broadcast to the network.

When someone wants to call the deployed contract, she will embed the full contract script along with the called method’s inputs as witness data in the subsequent transaction (Tx1) spending Tx0.

Deploy & call transactions: left represents input, right output

Here is the code snippet to deploy and call the contract:

Deploy & call the contract

It is worth noting that deploying (Line 8) and calling (Line 12) the contract only takes one single line.

  • Deployment Transaction ID:


  • Call Transaction ID:


These transaction IDs represent an instance of the BitVM contract deployed and called on BTC.

The full code of the example is available on GitHub. Interested developers can access the complete code and run it themselves. For more information on sCrypt, please refer to our extensive documentation.

Known Limitations

sCrypt can work on any blockchain that supports Bitcoin Script. This includes Bitcoin forks and Bitcoin-derived chains such as Litecoin and Doge.

BTC has disabled many Script opcodes such as OP_CAT and OP_MUL, greatly limiting the types of smart contracts that can be expressed in sCrypt. The BTC community is actively discussing re-enabling such opcodes and introducing new ones, which will make sCrypt on BTC more powerful than it is today if the proposed changes are accepted.

In the meantime, there are chains that have the full suite of Script opcodes, like Bitcoin SV and MVC. sCrypt reaches its full capacity on these chains today.

Use in Taproot

We use P2WSH type script to embed sCrypt contracts for ease of exposition in the example, which allows maximum script size of 10KB. sCrypt contracts can also be used in Taproot script. They can be made more expressive and complex, since Taproot has a much bigger script size limit of ~4MB.

Related Work

Compare to other Layer-1s (L1)

There are other attempts to improve Script’s programmability, which we list some below.

  • Miniscript: a standalone language for representing Bitcoin Script in a composable and readable way. It is very limited in scope and less expressive than Script: it can only express signature requirements, timelocks, hash preimages, and arbitrary combinations of these.
  • Simplicity: a work-in-progress low-level programming language with greater flexibility and expressiveness than Bitcoin Script. It requires a fork to implement on BTC.

In contrast to both, sCrypt does not invent a new programming language and just reuses TypeScript, which has a significantly shallower learning curve. Also it provides a more comprehensive framework besides smart contract language, including IDE, package management, debugger, SDK and APIs. That is, it offers everything developers need to build a full-stack app powered by smart contracts.

Compare to Layer-2s (L2)

sCrypt is a Typescript-based domain specific language (DSL) compiled into Bitcoin Script, which runs on BTC today without any fork. It inherits the full security of BTC, thus making it more secure and trustless than any BTC L2.

Having said that, BTC L2 could use more sCrypt features if they also use Script and have more opcodes enabled than BTC L1. In fact, there are already L2s that leverage sCrypt this way, like Note Protocol.




sCrypt ( is a web3 development platform specialized in UTXO-blockchains like Bitcoin