Stateful Contracts
sCrypt contracts use the Unspent Transaction Output (UTXO) model: contracts reside within a UTXO and define how the Bitcoin within the UTXO can be spent. When a UTXO is spent (i.e., a public function of the sCrypt contract is successfully called), the contract is terminated. To maintain the contract's state and allow it to be called multiple times with variable states, follow these steps.
State Modifiers
Use the modifier @state to declare any attribute as part of the state. State attributes can be used like regular
attributes.
contract Counter {
@state
int counter;
constructor(int counter) {
this.counter = counter;
}
}
Updating State
By storing the state in the locking script, the contract can maintain state across chained transactions. In the following example, the contract transitions from state0 to state1, and then to state2. Transaction tx1's input spends the UTXO from tx0, and tx2 spends tx1.
Maintaining State
When you are ready to pass the new state to the next UTXO, simply call the built-in function this.updateState() with
two parameters:
txPreimage: The preimage of the current spending transaction. It must have a single output that contains the new state.amount: The number of satoshis in that single output.
This function is automatically generated for every stateful contract (i.e., a contract with at least one property
decorated with @state). If you need to customize the sighash type (different from the
default SigHash.ALL | SigHash.FORKID), you can use updateStateSigHashType.
Here is an example contract that records the number of increment() calls:
contract Counter {
@state
int counter;
public function increment(SigHashPreimage txPreimage, int amount) {
// Change state
this.counter++;
require(this.updateState(txPreimage, amount));
// Custom sighash type
// require(this.updateStateSigHashType(txPreimage, amount, SigHash.SINGLE | SigHash.FORKID));
}
}
Advanced
If you need more granular control over the state, such as having multiple outputs in the spending transaction, you can
call another built-in function this.getStateScript() to get the locking script containing the latest state properties.
Next, use OP_PUSH_TX to ensure the output containing the state is included in the current spending transaction. This
is equivalent to using this.updateState() in the contract above.
contract Counter {
@state
int counter;
public function increment(SigHashPreimage txPreimage, int amount) {
// Change state
this.counter++;
require(Tx.checkPreimage(txPreimage));
// Get the locking script containing the latest state properties
bytes outputScript = this.getStateScript();
// Construct an output from the locking script and the satoshi amount
bytes output = Utils.buildOutput(outputScript, amount);
// Use only one input here
require(hash256(output) == SigHash.hashOutputs(txPreimage));
}
}
Limitations
For any public function accessing stateful properties, a SigHashPreimage parameter verified by Tx.checkPreimage() must
be included, using OP_PUSH_TX. This does not apply to any non-public functions, including constructors.
contract Counter {
@state
int counter;
constructor(int counter) {
// Allowed: Non-public function
this.counter = counter;
}
public function increment(SigHashPreimage txPreimage, int amount) {
// Allowed
this.counter++;
require(Tx.checkPreimage(txPreimage));
}
public function foo(SigHashPreimage txPreimage, int amount) {
require(Tx.checkPreimageOpt(txPreimage));
// Allowed
this.counter++;
require(true);
}
public function bar(SigHashPreimage txPreimage) {
// Not allowed: Missing Tx.checkPreimage*()
this.counter++;
require(true);
}
public function baz(int i) {
// Not allowed: Missing SigHashPreimage
this.counter++;
require(true);
}
function baz() : int {
// Allowed: Non-public function
return this.counter;
}
}