Bitcoin Cash Specification

Script

Bitcoin Cash transactions make use of a scripting language to authorize and secure transfers. While, colloquially, there is a tendency to refer to transactions as “sending” Bitcoin Cash to “an address”, that is merely an abstraction. In fact, the only thing that permits the spending of existing UTXOs is the successful execution of a script. The only thing preventing the spending of newly created UTXOs is the difficulty of producing a successfully executing script. Through the use of cryptographic signatures and hash functions, such scripts are often designed specifically to be difficult to produce unless you are the intended spender of a given UTXO, though that need not necessarily be the case.

For more information on how Transactions are commonly secured, see Locking Script.

This page will focus on how the scripts are run, what they are capable of, and what limitations they have.

Script Execution

Scripts are executed using a stack-based memory model and have an intentionally restricted set of available operations. Unlike the common general-purpose programming languages your are probably aware of, Script (the term for the language itself) does not allow for loops, persistent state/memory across script executions, or the definition of functions. Instead, scripts are expected to contain whatever data they need and use the available operations to prove transaction validity.

Features

In addition to the primary stack (“the stack”), there is a secondary stack, referred to as the “alt-stack”, which data can be moved to temporarily. Any data left on the alt-stack is lost when a given sub-script finishes execution. In effect, any data moved to the alt-stack by an unlocking script is not present when the locking script runs.

There are a large number of op-codes that support everything from simple stack-manipulation, to mathematical calculations, to complex cryptographic processes. In terms of control structures there are only basic conditional branching (IF/ELSE) operations available.

Transaction Validation

Scripts are run when validating transactions, and successful execution of all of the scripts defined by the transaction is a necessary, but not sufficient, condition for transaction validity. See Transaction Validation for more details.

As a part of validating a transaction, a script is built for each input spent by the transaction. Each script is the sequential execution (carrying over the same stack, but not alt-stack) of the unlocking script provided with the input definition (which is used that the beginning of the script) and the locking script provided by the previous output being referenced. The exception to this is pay to script hash, which has an altered execution workflow. In general, though, this combined unlocking/locking script is then executed and considered successful if and only if the following conditions are met:

  • Non-Zero Value - after execution the top of the stack must contain a non-zero (TRUE) value.
  • No Stack Overflows - no operation should attempt to pop a value from the stack when the stack is empty. An overflow of the alt-stack is also disallowed.
  • Clean Stack - after execution the stack must only contain a single value, which must be non-zero (TRUE). Added in HF-20181115. The alt-stack is exempt from this.

Additionally, in order for the combined script to be valid, the following must be true:

  • Non-Empty Scripts - both the locking and unlocking scripts must be non-empty.
  • Max Script Length - the locking and unlocking script, when executed, must each be less than the max script length of 10,000 bytes (for a combined script maximum of 20,000 bytes).
  • Contained Control Flow - an IF/ELSE block cannot start in the unlocking script and end in the locking script, the script must be in the top-level scope when the locking script execution begins.
  • Permitted Operations Only - the locking script must not include operations that are disallowed and must not execute operations that are disabled..
  • Push Only - the unlocking script must contain only push operations (i.e. those with op codes 0x60 or less). Added in HF-20181115.

NOTE: violations of the above rules does not necessarily make a transaction invalid. For example, a locking script may be longer than 10,000 bytes, but it would be unspendable, since the max script length is only checked when the scripts are combined before execution.

Operation codes (opcodes)

The table below lists the currently allocated op codes. Op codes marked with (ignored) are permitted but will do nothing when executed. Op codes marked with (disabled) are permitted in scripts so long as they are not executed. Op codes marked with (do not use) are disallowed and will make a transaction invalid merely be being present.

Constants

ValueHexWordsInputoutput
00x00 OP_0, OP_FALSE0
An empty array of bytes is pushed onto the stack. See also OP_X
1-750x01-0x4b N/A
The next value bytes is data to be pushed onto the stack. See also OP_DATA_X
760x4c OP_PUSHDATA1
The next byte contains the number of bytes to be pushed onto the stack.
770x4d OP_PUSHDATA2
The next two bytes contain the number of bytes to be pushed onto the stack in little endian order.
780x4e OP_PUSHDATA4
The next four bytes contain the number of bytes to be pushed onto the stack in little endian order.
790x4f OP_1NEGATE-1
The number -1 is pushed onto the stack.
810x51 OP_1, OP_TRUE1
The number 1 is pushed onto the stack.
82-960x52-0x60 OP_2-OP_162-16
The number (2-16) is pushed onto the stack.

Flow control

ValueHexWordsInputoutput
970x61 OP_NOP
Does nothing.
990x63 OP_IF<expression> IF [statements] [ELSE [statements]] ENDIF
If the top stack value is not False, the statements are executed. The top stack value is removed.
1000x64 OP_NOTIF<expression> NOTIF [statements] [ELSE [statements]] ENDIF
If the top stack value is False, the statements are executed. The top stack value is removed.
1030x67 OP_ELSE<expression> IF [statements] [ELSE [statements]] ENDIF
If the preceding OP_IF or OP_NOTIF or OP_ELSE was not executed then these statements are and if the preceding OP_IF or OP_NOTIF or OP_ELSE was executed then these statements are not.
1040x68 OP_ENDIF<expression> IF [statements] [ELSE [statements]] ENDIF
Ends an if/else block. All blocks must end, or the transaction is marked as invalid. An OP_ENDIF without OP_IF earlier is also invalid.
1050x69 OP_VERIFYtrue / falseNothing / fail
Marks transaction as invalid if top stack value is not true. The top stack value is removed.
1060x6a OP_RETURNfail
Marks the output as unspendable. Since Bitcoin Core 0.9, a standard way of attaching extra data to transactions is to add a zero-value output with a scriptPubKey consisting of OP_RETURN followed by data. Such outputs are provably unspendable and specially discarded from storage in the UTXO set, reducing their cost to the network. Current standard relay rules on the Bitcoin Cash network allow a single output with OP_RETURN, that contains any sequence of push statements (or OP_RESERVED) after the OP_RETURN provided the total scriptPubKey length is at most 223 bytes.

Stack

ValueHexWordsInputoutput
1070x6b OP_TOALTSTACKx1(alt) x1
Puts the input onto the top of the alt stack. Removes it from the main stack.
1080x6c OP_FROMALTSTACK(alt) x1x1
Puts the input onto the top of the main stack. Removes it from the alt stack.
1150x73 OP_IFDUPxx / x x
If the top stack value is not 0, duplicate it.
1160x74 OP_DEPTHNothing<stack size>
Puts the number of stack items onto the stack.
1170x75 OP_DROPxNothing
Removes the top stack item.
1180x76 OP_DUPxx x
Duplicates the top stack item.
1190x77 OP_NIPx1 x2x2
Removes the second-to-top stack item.
1200x78 OP_OVERx1 x2x1 x2 x1
Copies the second-to-top stack item to the top.
1210x79 OP_PICKxn ... x2 x1 x0 nxn ... x2 x1 x0 xn
The item n back in the stack is copied to the top.
1220x7a OP_ROLLxn ... x2 x1 x0 nx(n-1) ... x2 x1 x0 xn
The item n back in the stack is moved to the top.
1230x7b OP_ROTx1 x2 x3x2 x3 x1
The top three items on the stack are rotated to the left.
1240x7c OP_SWAPx1 x2x2 x1
The top two items on the stack are swapped.
1250x7d OP_TUCKx1 x2x2 x1 x2
The item at the top of the stack is copied and inserted below the second-to-top item.
1090x6d OP_2DROPx1 x2Nothing
Removes the top two stack items.
1100x6e OP_2DUPx1 x2x1 x2 x1 x2
Duplicates the top two stack items.
1110x6f OP_3DUPx1 x2 x3x1 x2 x3 x1 x2 x3
Duplicates the top three stack items.
1120x70 OP_2OVERx1 x2 x3 x4x1 x2 x3 x4 x1 x2
Copies the pair of items two spaces back in the stack to the front.
1130x71 OP_2ROTx1 x2 x3 x4 x5 x6x3 x4 x5 x6 x1 x2
The fifth and sixth items back are moved to the top of the stack.
1140x72 OP_2SWAPx1 x2 x3 x4x3 x4 x1 x2
Swaps the top two pairs of items.

Splice

ValueHexWordsInputoutput
1260x7e OP_CATx1 x2out
Concatenates two byte sequences
1270x7f OP_SPLITx nx1 x2
Splits byte sequence x at position n. Known as OP_SUBSTR before 2018-05-15.
1280x80 OP_NUM2BINa bout
Converts numeric value a into byte sequence of length b. Known as OP_LEFT before 2018-05-15.
1290x81 OP_BIN2NUMxout
Converts byte sequence x into a numeric value. Known as OP_RIGHT before 2018-05-15.
1300x82 OP_SIZExx size
Pushes the string length of the top element of the stack (without popping it).
1880xbc OP_REVERSEBYTESxout
Reverses the order of the bytes in byte sequence x so that the first byte is now its last byte, the second is now its second-to-last, and so forth. Enabled in HF-20200515.

Bitwise logic

ValueHexWordsInputoutput
1310x83 OP_INVERTN/AN/A
DISABLED
1320x84 OP_ANDx1 x2out
Boolean AND between each bit of the inputs
1330x85 OP_ORx1 x2out
Boolean OR between each bit of the inputs.
1340x86 OP_XORx1 x2out
Boolean EXCLUSIVE OR between each bit of the inputs.
1350x87 OP_EQUALx1 x2true / false
Returns 1 if the inputs are exactly equal, 0 otherwise.
1360x88 OP_EQUALVERIFYx1 x2Nothing / fail
Same as OP_EQUAL, but runs OP_VERIFY afterward.

Arithmetic

Numeric opcodes (OP_1ADD, etc.) are restricted to operating on 8-byte signed “Script Number” integers, enabled in HF-20220515. This excludes the value -9223372036854775808 that fits in 8-byte two’s complement encoding, but does not fit in an 8-byte Script Number encoding used by the Script VM. If an operation overflows or underflows, the operation must immediately fail evaluation.

ValueHexWordsInputoutput
1390x8b OP_1ADDinout
1 is added to the input.
1400x8c OP_1SUBinout
1 is subtracted from the input.
1410x8d OP_2MULinout
The input is multiplied by 2. DISABLED
1420x8e OP_2DIVinout
The input is divided by 2. DISABLED
1430x8f OP_NEGATEinout
The sign of the input is flipped.
1440x90 OP_ABSinout
The input is made positive.
1450x91 OP_NOTintrue / false
If the input is 0 or 1, it is flipped. Otherwise the output will be 0.
1460x92 OP_0NOTEQUALintrue / false
Returns 0 if the input is 0. 1 otherwise.
1470x93 OP_ADDa bout
a is added to b.
1480x94 OP_SUBa bout
b is subtracted from a.
1490x95 OP_MULa bout
a is multiplied by b. Enabled in HF-20220515.
1500x96 OP_DIVa bout
a is divided by b.
1510x97 OP_MODa bout
Returns the remainder after a is divided by b.
1520x98 OP_LSHIFTa bout
Shifts a left b bits, preserving sign. DISABLED
1530x99 OP_RSHIFTa bout
Shifts a right b bits, preserving sign. DISABLED
1540x9a OP_BOOLANDa btrue / false
If both a and b are not 0, the output is 1. Otherwise 0.
1550x9b OP_BOOLORa btrue / false
If a or b is not 0, the output is 1. Otherwise 0.
1560x9c OP_NUMEQUALa btrue / false
Returns 1 if the numbers are equal, 0 otherwise.
1570x9d OP_NUMEQUALVERIFYa bNothing / fail
Same as OP_NUMEQUAL, but runs OP_VERIFY afterward.
1580x9e OP_NUMNOTEQUALa btrue / false
Returns 1 if the numbers are not equal, 0 otherwise.
1590x9f OP_LESSTHANa btrue / false
Returns 1 if a is less than b, 0 otherwise.
1600xa0 OP_GREATERTHANa btrue / false
Returns 1 if a is greater than b, 0 otherwise.
1610xa1 OP_LESSTHANOREQUALa btrue / false
Returns 1 if a is less than or equal to b, 0 otherwise.
1620xa2 OP_GREATERTHANOREQUALa btrue / false
Returns 1 if a is greater than or equal to b, 0 otherwise.
1630xa3 OP_MINa bout
Returns the smaller of a and b.
1640xa4 OP_MAXa bout
Returns the larger of a and b.
1650xa5 OP_WITHINx min maxtrue / false
Returns 1 if x is within the specified range (left-inclusive), 0 otherwise.

Cryptography

ValueHexWordsInputoutput
1660xa6 OP_RIPEMD160inhash
Hashes input with RIPEMD-160.
1670xa7 OP_SHA1inhash
Hashes input with SHA-1.
1680xa8 OP_SHA256inhash
Hashes input with SHA-256.
1690xa9 OP_HASH160inhash
Hashes input with SHA-256 and then with RIPEMD-160.
1700xaa OP_HASH256inhash
Hashes input twice with SHA-256.
1710xab OP_CODESEPARATORNothingNothing
Makes OP_CHECK(MULTI)SIG(VERIFY) use the subset of the script of everything after the most recently-executed OP_CODESEPARATOR when computing the sighash.
1720xac OP_CHECKSIGsig pubkeytrue / false
The last byte (=sighash type) of the signature is removed. The sighash for this input is calculated based on the sighash type. The truncated signature used by OP_CHECKSIG must be a valid ECDSA or Schnorr signature for this hash and public key. If it is valid, 1 is returned, if it is empty, 0 is returned, otherwise the operation fails.
1730xad OP_CHECKSIGVERIFYsig pubkeyNothing / fail
Same as OP_CHECKSIG, but OP_VERIFY is executed afterward.
1740xae OP_CHECKMULTISIGdummy sig1 sig2 ... <#-of-sigs> pub1 pub2 ... <#-of-pubkeys>true / false
Signatures are checked against public keys. Signatures must be placed in the unlocking script using the same order as their corresponding public keys were placed in the locking script or redeem script. If all signatures are valid, 1 is returned, 0 otherwise. All elements are removed from the stack. For more information on the execution of this opcode, see Multisignature.
1750xaf OP_CHECKMULTISIGVERIFYdummy sig1 sig2 ... <#-of-sigs> pub1 pub2 ... <#-of-pubkeys>Nothing / fail
Same as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward.
1860xba OP_CHECKDATASIGsig msg pubkeytrue / false
Check if signature is valid for message and a public key. See spec
1870xbb OP_CHECKDATASIGVERIFYsig msg pubkeynothing / fail
Same as OP_CHECKDATASIG, but runs OP_VERIFY afterward.

Locktime

ValueHexWordsInputoutput
1770xb1 OP_CHECKLOCKTIMEVERIFYxx / fail
Marks transaction as invalid if the top stack item is greater than the transaction's nLockTime field, otherwise script evaluation continues as though an OP_NOP was executed. Transaction is also invalid if 1. the stack is empty; or 2. the top stack item is negative; or 3. the top stack item is greater than or equal to 500000000 while the transaction's nLockTime field is less than 500000000, or vice versa; or 4. the input's nSequence field is equal to 0xffffffff. The precise semantics are described in BIP65.
1780xb2 OP_CHECKSEQUENCEVERIFYxx / fail
Marks transaction as invalid if the relative lock time of the input (enforced by BIP68 with nSequence) is not equal to or longer than the value of the top stack item. The precise semantics are described in BIP112.

Introspection

ValueHexWordsInputoutput
1920xc0 OP_INPUTINDEXNothingnumber
Push the index of the input being evaluated to the stack as a Script Number.
1930xc1 OP_ACTIVEBYTECODENothingscript
Push the bytecode currently being evaluated, beginning after the last executed OP_CODESEPARATOR, to the stack1. For Pay-to-Script-Hash (P2SH) evaluations, this is the redeem bytecode of the Unspent Transaction Output (UTXO) being spent; for all other evaluations, this is the locking bytecode of the UTXO being spent.
1940xc2 OP_TXVERSIONNothingnumber
Push the version of the current transaction to the stack as a Script Number.
1950xc3 OP_TXINPUTCOUNTNothingnumber
Push the count of inputs in the current transaction to the stack as a Script Number.
1960xc4 OP_TXOUTPUTCOUNTNothingnumber
Push the count of outputs in the current transaction to the stack as a Script Number.
1970xc5 OP_TXLOCKTIMENothingnumber
Push the locktime of the current transaction to the stack as a Script Number.
1980xc6 OP_UTXOVALUEindexnumber
Pop the top item from the stack as an input index (Script Number). Push the value (in satoshis) of the Unspent Transaction Output (UTXO) spent by that input to the stack as a Script Number.
1990xc7 OP_UTXOBYTECODEindexscript
Pop the top item from the stack as an input index (Script Number). Push the full locking bytecode of the Unspent Transaction Output (UTXO) spent by that input to the stack.
2000xc8 OP_OUTPOINTTXHASHindexhash
Pop the top item from the stack as an input index (Script Number). From that input, push the outpoint transaction hash – the hash of the transaction which created the Unspent Transaction Output (UTXO) which is being spent – to the stack in OP_HASH256 byte order.
2010xc9 OP_OUTPOINTINDEXindexnumber
Pop the top item from the stack as an input index (Script Number). From that input, push the outpoint index – the index of the output in the transaction which created the Unspent Transaction Output (UTXO) which is being spent – to the stack as a Script Number.
2020xca OP_INPUTBYTECODEindexscript
Pop the top item from the stack as an input index (Script Number). Push the unlocking bytecode of the input at that index to the stack.
2030xcb OP_INPUTSEQUENCENUMBERindexnumber
Pop the top item from the stack as an input index (Script Number). Push the sequence number of the input at that index to the stack as a Script Number.
2040xcc OP_OUTPUTVALUEindexnumber
Pop the top item from the stack as an output index (Script Number). Push the value (in satoshis) of the output at that index to the stack as a Script Number.
2050xcd OP_OUTPUTBYTECODEindexscript
Pop the top item from the stack as an output index (Script Number). Push the locking bytecode of the output at that index to the stack.
Cash-Tokens
2060xce OP_UTXOTOKENCATEGORYindexscript
Pop the top item from the stack as an input index (VM Number). If the Unspent Transaction Output (UTXO) spent by that input includes no tokens, push a 0 (VM Number) to the stack. If the UTXO does not include a non-fungible token with a capability, push the UTXO's token category, otherwise, push the concatenation of the token category and capability, where the mutable capability is represented by 1 (VM Number) and the minting capability is represented by 2 (VM Number).
2070xcf OP_UTXOTOKENCOMMITMENTindexscript
Pop the top item from the stack as an input index (VM Number). Push the token commitment of the Unspent Transaction Output (UTXO) spent by that input to the stack. If the UTXO does not include a non-fungible token, or if it includes a non-fungible token with a zero-length commitment, push a 0 (VM Number).
2080xd0 OP_UTXOTOKENAMOUNTindexnumber
Pop the top item from the stack as an input index (VM Number). Push the fungible token amount of the Unspent Transaction Output (UTXO) spent by that input to the stack as a VM Number. If the UTXO includes no fungible tokens, push a 0 (VM Number).
2090xd1 OP_OUTPUTTOKENCATEGORYindexscript
Pop the top item from the stack as an output index (VM Number). If the output at that index includes no tokens, push a 0 (VM Number) to the stack. If the output does not include a non-fungible token with a capability, push the output's token category, otherwise, push the concatenation of the token category and capability, where the mutable capability is represented by 1 (VM Number) and the minting capability is represented by 2 (VM Number).
2100xd2 OP_OUTPUTTOKENCOMMITMENTindexscript
Pop the top item from the stack as an output index (VM Number). Push the token commitment of the output at that index to the stack. If the output does not include a non-fungible token, or if it includes a non-fungible token with a zero-length commitment, push a 0 (VM Number).
2110xd3 OP_OUTPUTTOKENAMOUNTindexnumber
Pop the top item from the stack as an output index (VM Number). Push the fungible token amount of the output at that index to the stack as a VM Number. If the output includes no fungible tokens, push a 0 (VM Number).

Reserved

Word Value Hex Description
OP_NOP1 176 0xb0 Previously reserved for OP_EVAL (BIP12).
OP_NOP4-OP_NOP10 179-185 0b3-0xb9 Ignored. Does not mark transaction as invalid.

Uncategorized

Please help improve this article by categorizing and describing the following op codes.

Hex Word
0x50 OP_RESERVED (disabled)
0x62 OP_VER (disabled)
0x65 OP_VERIF (do not use)
0x66 OP_VERNOTIF (do not use)
0x89 OP_RESERVED1 (do not use)
0x8A OP_RESERVED2 (do not use)
0xBD - 0xFF Unused (disabled)