Glossary

Blockchain Fundamentals

Smart Contract

Self-executing code on the blockchain that automatically enforces agreements.

[1] [2] [3] [4] [5] [6] [7]

Deployment

Process of publishing a smart contract to the blockchain for the first time.

[1]

Constructor

Special function that runs once when a contract is deployed to initialize state.

[1] [2] [3]

State Variable

Data stored permanently in the contract's storage on the blockchain.

[1] [2] [3]

External Function

Function that can be called from outside the contract by users or other contracts.

View Function

Read-only function that doesn't modify state and costs no gas when called directly.

[1]

Event

Log entry emitted by contract that can be monitored off-chain.

[1] [2]

Revert

Transaction failure that undoes all state changes and returns an error message.

[1] [2]

Address(0)

0x0000000000000000000000000000000000000000 - used as burn address or null value. Also called the "zero address".

[1] [2] [3] [4]

EOA

Externally Owned Account - wallet controlled by a private key (not a contract).

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21]

Multisig

Multi-signature wallet requiring multiple parties to approve transactions.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23]

Immutable

Cannot be changed after deployment. Code and certain variables are permanent.

[1] [2]

Fallback Function

Unnamed function in a Solidity contract that executes when ETH is sent to the contract without matching any function selector, or when no data is provided.

[1] [2] [3]

Transient Storage

Temporary key-value storage in the EVM (introduced in EIP-1153) that persists only for the duration of a single transaction, then resets automatically. Cheaper than permanent storage and useful for intra-transaction state like reentrancy locks and balance tracking without persistent fund risk.

[1] [2] [3]

EIP-1153

Ethereum Improvement Proposal introducing transient storage opcodes (tstore/tload). Enables contracts to store and read temporary data within a transaction at lower gas cost than SSTORE/SLOAD, with automatic reset at transaction end.

[1] [2] [3] [4] [5] [6] [7] [8]

Modifier

Reusable code block in Solidity that can be attached to functions to enforce preconditions such as access control checks before the function body executes.

[1] [2] [3] [4]

FIFO

First In, First Out - queue ordering where the earliest entry is processed first. Used in smart contracts for sequential payout systems.

[1]

Token Economics

Fungible Token

Token where each unit is interchangeable (like dollars - one $1 bill is equivalent to another $1 bill).

[1] [2]

Deflationary

Economic model where supply decreases over time, potentially increasing scarcity and value.

[1] [2] [3]

Burn

Permanently destroying tokens by sending them to Address(0) or otherwise removing them from circulation.

[1] [2]

Mint

Creating new tokens and adding them to circulation.

Circulating Supply

Current totalSupply, which may be less than the original supply if tokens were burned.

[1] [2]

Trading & Liquidity

AMM

Automated Market Maker - algorithm that determines swap prices using mathematical formulas instead of order books.

[1] [2] [3] [4] [5] [6]

DEX Aggregator

A routing layer that queries multiple decentralized exchanges to find the best available swap price, splitting or routing trades across protocols to minimize slippage and fees. Unlike a single DEX, a DEX aggregator holds no liquidity itself.

[1] [2] [3] [4] [5]

Ask

The lowest price at which a seller is willing to sell an asset; also called the "offer" price.

[1] [2] [3] [4]

Bid

The highest price at which a buyer is willing to purchase an asset.

[1] [2] [3] [4]

CEX

Centralized Exchange (like Coinbase, Binance).

[1] [2] [3] [4]

DEX

Decentralized Exchange (like Uniswap, Sushiswap).

[1] [2] [3] [4] [5]

DeFi

Decentralized Finance - financial services without traditional intermediaries.

[1] [2] [3] [4] [5]

Liquidity Pool

Smart contract holding paired tokens that enables trading without a traditional order book; traders swap directly against pool reserves.

[1] [2]

LP

Liquidity Provider - entity that deposits tokens into a liquidity pool in exchange for fees.

[1]

LP Token

Receipt token representing proportional ownership share of a liquidity pool; burned upon withdrawal.

[1] [2]

Constant Product Formula

x × y = k pricing algorithm used by most AMMs where the product of token reserves remains constant through swaps.

[1] [2]

Concentrated Liquidity

LP strategy (Uniswap V3/V4) where liquidity is deployed within specific price ranges for higher capital efficiency.

[1] [2]

Order Book

Traditional exchange model where trades are matched between bid and ask orders placed by traders.

[1] [2] [3] [4] [5] [6]

Arbitrageur

Trader who profits from price differences between markets, often rebalancing DEX pools to match external prices.

[1]

IL

Impermanent Loss - value lost to arbitrage when liquidity pool token prices diverge from entry ratio; becomes permanent upon withdrawal.

[1] [2]

Impermanent Loss

Value lost to arbitrage when liquidity pool token prices diverge from entry ratio; becomes permanent upon withdrawal. Abbreviated as IL.

[1]

Limit Order

Order placed at a specific price that sits in the order book until matched; provides price certainty but no fill guarantee.

[1]

Market Order

Order that executes immediately at the best available price; guarantees fill but not execution price.

[1]

Flash Loan

Uncollateralized loan that must be borrowed and repaid within a single blockchain transaction.

[1] [2] [3] [4] [5] [6] [7]

Flash Swap

Uniswap-specific variant of a Flash Loan where borrowed tokens can be repaid with a different token; enables single-transaction arbitrage across token pairs.

Atomic Transaction

Transaction where all operations either succeed together or fail together; no partial execution is possible. Flash loans exploit this property—if repayment fails, the entire borrow never happened.

EIP-3156

Ethereum standard defining a common interface for flash loan providers, enabling interoperability between lending protocols.

Hooks

Uniswap V4 plugin contracts that execute custom logic before or after pool actions.

[1]

Quoter

Read-only contract that simulates swap execution to return expected output amounts without actually performing the trade. Used by frontends and aggregators to display prices and build transaction calldata.

Rug Pull

Scam where token creators drain pool liquidity after attracting buyers, leaving victims unable to sell.

[1]

TVL

Total Value Locked - total value held in a protocol.

[1] [2]

Mempool

Waiting area where pending transactions sit before being included in a block. On most chains, the mempool is public, meaning anyone can see transactions before they execute.

[1] [2] [3]

MEV

Maximal Extractable Value - profit extracted by reordering, inserting, or censoring transactions in a block.

[1] [2] [3] [4] [5] [6] [7]

Block Builder

Entity that constructs blocks by ordering transactions for maximum value extraction; receives tips from MEV searchers in exchange for favorable transaction placement.

MEV Searcher

Bot operator who identifies and captures MEV opportunities by submitting transaction bundles to block builders; jaredfromsubway.eth is a prominent example.

[1]

Price Impact

The change in market price caused directly by your own trade consuming available liquidity; scales with order size relative to market depth.

[1]

Sandwich Attack

MEV attack where a bot front-runs your trade, pushes price against you, then back-runs to capture the difference; enabled by high slippage tolerance.

[1] [2] [3] [4]

Front-Running

Placing a transaction ahead of a known pending transaction to profit from the price movement it will cause; requires higher gas to be included first.

Back-Running

Placing a transaction immediately after another transaction to capture value created by it; commonly used in arbitrage and as part of sandwich attacks.

Slippage

The difference between expected and actual execution price caused by market movement while your order is in transit.

[1] [2]

Spread

The gap between the best bid (buy) price and best ask (sell) price; represents the cost of immediate execution and market maker compensation.

[1] [2] [3] [4]

APR

Annual Percentage Rate - simple interest return over a year, not accounting for compounding.

[1]

APY

Annual Percentage Yield - return over a year accounting for compounding effects.

[1]

Lindy Effect

Heuristic suggesting that the longer a non-perishable system has survived, the longer it's likely to continue surviving. In crypto, older battle-tested protocols are considered more reliable than new ones.

[1] [2] [3] [4]

ADL

Auto-Deleveraging - exchange mechanism that forcibly closes profitable positions to cover losses when underwater positions cannot be liquidated normally due to insufficient liquidity.

[1]

Auto-Deleveraging

Exchange mechanism that forcibly closes profitable positions to cover losses when underwater positions cannot be liquidated normally due to insufficient liquidity. Abbreviated as ADL.

[1] [2]

Open Interest

Total value of outstanding derivative contracts (futures, perpetuals) that have not been settled; high open interest signals leveraged exposure in the market.

[1] [2]

Funding Rate

Periodic payment between long and short perpetual futures traders to keep contract prices aligned with spot prices; positive rates mean longs pay shorts.

[1]

Market Maker

Entity that provides liquidity by continuously posting buy and sell orders on an exchange; profits from the Spread between bid and ask prices.

[1]

Designated Market Maker

In traditional finance, a market maker with legal obligations to maintain orderly markets, quote continuously, and provide liquidity during stress. Crypto market makers have no such obligations. Abbreviated as DMM.

DMM

Designated Market Maker - in traditional finance, a market maker with legal obligations to maintain orderly markets. Crypto market makers have no such obligations.

Ponzi Scheme

Investment scheme where returns for earlier participants are funded by deposits from later participants rather than legitimate revenue; mathematically guaranteed to collapse when new deposits slow or stop.

[1] [2] [3] [4] [5] [6]

Consensus Mechanisms

BFT

Byzantine Fault Tolerance - ability of a distributed system to reach consensus even when some nodes fail or act maliciously; tolerates up to 33% faulty nodes.

[1] [2] [3]

Byzantine Fault Tolerance

Ability of a distributed system to reach consensus even when some nodes fail or act maliciously; tolerates up to 33% faulty nodes. Abbreviated as BFT.

Byzantine Generals Problem

Theoretical problem describing how distributed nodes can reach consensus when some participants may be dishonest; solved by BFT consensus mechanisms.

pBFT

Practical Byzantine Fault Tolerance - consensus algorithm introduced in 1999 that made BFT viable for real systems through a three-phase protocol (pre-prepare, prepare, commit).

[1]

Practical Byzantine Fault Tolerance

Consensus algorithm introduced in 1999 that made BFT viable for real systems through a three-phase protocol (pre-prepare, prepare, commit). Abbreviated as pBFT.

Tendermint

BFT consensus protocol used by Cosmos that provides absolute finality with linear view change complexity; requires mandatory delay after leader changes.

HotStuff

BFT consensus protocol with linear communication complexity and optimistic responsiveness; allows correct leaders to drive consensus at network speed rather than timeout values.

Consensus

Agreement among distributed nodes on the current state of a blockchain; different mechanisms (PoW, PoS, BFT) make different trade-offs between decentralization, security, and performance.

Finality

Guarantee that a confirmed transaction cannot be reversed; BFT provides absolute finality, PoW provides probabilistic finality.

View Change

Process of replacing a failed or malicious leader node in BFT protocols; complexity of view changes is a major differentiator between BFT variants.

Validator

Node responsible for validating transactions and participating in consensus; in BFT systems, validators vote to reach agreement on blocks.

Proof of Work

Consensus mechanism where miners compete to solve cryptographic puzzles; energy-intensive but provides permissionless participation and probabilistic finality.

[1] [2] [3]

PoW

Proof of Work - consensus mechanism where miners compete to solve cryptographic puzzles. Abbreviated form of Proof of Work.

Proof of Stake

Consensus mechanism where validators are selected based on locked capital; more energy-efficient than PoW with faster finality.

[1]

PoS

Proof of Stake - consensus mechanism where validators are selected based on locked capital. Abbreviated form of Proof of Stake.

Sybil Attack

Attack where one entity creates multiple fake identities to gain disproportionate influence; BFT systems require Sybil resistance through staking or permissioned validator sets.

Security Concepts

Oracle

External data feed providing off-chain information (like prices) to smart contracts. Oracles bridge the gap between on-chain and off-chain data.

[1] [2] [3]

DON

Decentralized Oracle Network - distributed system of independent oracle nodes that aggregate and validate external data before delivering it on-chain, eliminating single points of failure.

[1]

Decentralized Oracle Network

Distributed system of independent oracle nodes that aggregate and validate external data before delivering it on-chain, eliminating single points of failure. Abbreviated as DON.

TWAP

Time-Weighted Average Price - price calculation averaged over a time period, used to smooth out manipulation attempts and provide more reliable oracle feeds.

[1] [2]

Oracle Manipulation

Attack where an adversary corrupts the data an oracle feeds to a smart contract, often using Flash Loans to temporarily skew prices and exploit vulnerable protocols.

[1] [2]

Reentrancy

Smart contract vulnerability where a contract is called recursively before state updates complete.

[1] [2] [3] [4]

ReentrancyGuard

OpenZeppelin security pattern that prevents reentrant calls by using a mutex lock; reverts if a function is called while already executing.

[1] [2] [3] [4]

Timelock

Delay mechanism requiring a waiting period before privileged contract actions execute.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]

Timelock Queue

Pending transactions in a timelock contract that are visible on-chain and awaiting execution after the delay period.

M-of-N

Multisig threshold configuration where M signatures are required out of N total signers to authorize a transaction.

Blind Signing

Approving a blockchain transaction without fully verifying its contents; a primary attack vector exploited in the Bybit hack.

Safe

Multi-signature smart contract wallet (formerly Gnosis Safe) that is among the most audited and widely used multisig implementations on Ethereum.

[1] [2] [3]

Gnosis Safe

Original name for Safe, a multi-signature smart contract wallet widely used for protocol treasuries and governance.

Signer

An entity holding a private key that can approve transactions in a Multisig wallet; compromising enough signers defeats multisig security.

Governance Attack

Exploit where an attacker gains majority voting power in a DAO or protocol governance system to pass malicious proposals; often enabled by Flash Loans when voting power can be acquired and used within a single transaction.

[1]

Proxy Contracts & Upgradeability

Proxy Contract

Smart contract that delegates calls to a separate implementation contract using delegatecall; enables upgradeability by allowing the implementation to be swapped while preserving storage.

[1] [2]

Implementation Contract

The contract containing the actual business logic that a proxy delegates to; also called the "logic contract" or "master copy."

[1]

Delegatecall

EVM opcode that executes code from another contract in the caller's storage context; the foundation of proxy patterns.

Transparent Proxy

Proxy pattern where the proxy checks msg.sender to route admin calls to proxy functions and user calls to the implementation; clear separation but higher gas cost.

[1] [2] [3] [4] [5] [6]

UUPS

Universal Upgradeable Proxy Standard (ERC-1822) - proxy pattern where upgrade logic resides in the implementation contract rather than the proxy; more gas-efficient but can be permanently bricked.

[1]

ERC-1822

Ethereum standard defining the Universal Upgradeable Proxy Standard (UUPS), where upgrade logic is placed in the implementation contract.

[1]

Beacon Proxy

Proxy pattern where multiple proxies reference a single Beacon contract holding the implementation address; updating the Beacon upgrades all associated proxies simultaneously.

EIP-1967

Ethereum standard defining specific storage slots for proxy contracts to store implementation, admin, and beacon addresses; prevents storage collisions with implementation variables.

[1] [2] [3] [4] [5] [6] [7]

Storage Collision

Vulnerability where proxy and implementation contracts use the same storage slot for different variables, causing data corruption during delegatecall execution.

Initializer

Function that replaces the constructor in upgradeable contracts; must be called once after deployment to set initial state since constructors don't work with proxies.

Storage Layout

The ordered assignment of state variables to storage slots; must be preserved across upgrades or existing data becomes corrupted.

Cross-Chain & Bridges

Bridge

Infrastructure that transfers assets or data between blockchains that cannot natively communicate; introduces trust assumptions in exchange for interoperability.

[1] [2]

Cross-Chain Bridge

Infrastructure that transfers assets or data between blockchains that cannot natively communicate; introduces trust assumptions in exchange for interoperability. Also called Bridge.

Wrapped Token

Representation of an asset from another blockchain, backed by the original asset locked in a bridge contract; value depends on bridge solvency.

Lock and Mint

Bridge mechanism where tokens are locked on the source chain and equivalent wrapped tokens are minted on the destination chain.

Burn and Mint

Bridge mechanism where tokens are burned on the source chain and native tokens are minted on the destination chain; used by Circle's CCTP for USDC.

Canonical Bridge

Official bridge operated by an L2 or blockchain team that inherits the security properties of the underlying chain; generally safer than third-party bridges.

Validator Bridge

Bridge secured by a committee of validators who attest to cross-chain events; security depends on honest majority assumption.

IBC

Inter-Blockchain Communication - Cosmos protocol enabling native cross-chain communication without additional trust assumptions beyond the connected chains.

Ethereum-Specific

ERC20

Token standard for fungible tokens on Ethereum. Defines functions like transfer, balanceOf, approve, etc.

[1] [2] [3] [4] [5] [6] [7] [8] [9]

ERC1155

Multi-token standard on Ethereum that allows a single contract to manage many token ids. Each id can represent a fungible balance (semi-fungible), a non-fungible asset, or any composite key the contract chooses to encode. Settlement is via safeTransferFrom / safeBatchTransferFrom, with onERC1155Received hooks invoked on contract recipients. Defined by EIP-1155.

[1] [2]

SSTORE2

Pattern for cheaper on-chain data storage that writes a binary blob into the runtime bytecode of a freshly-deployed contract instead of into the parent contract's storage slots. Reads are performed by copying that bytecode back via EXTCODECOPY. Costs roughly an order of magnitude less gas per byte than SSTORE for write-once data; used for things like on-chain SVGs, HTML, and large constant tables.

[1]

EIP-7702

Ethereum Improvement Proposal (Pectra) that lets an externally-owned account (EOA) delegate its execution to a smart-contract implementation while keeping the same address and key. The EOA gains smart-account behavior (batched calls, custom auth) without the user having to migrate funds to a new address. Visible on-chain as an EOA whose code slot holds a 0xef0100… delegation pointer.

[1] [2]

Gas

Fee paid to execute transactions on Ethereum and EVM-compatible chains, measured in Gwei.

Gwei

Unit of ETH used for gas pricing. 1 Gwei = 0.000000001 ETH (10^-9 ETH).

[1]

Wei

Smallest unit of ETH. 1 ETH = 10^18 Wei. Token amounts typically use 18 decimals similarly.

ABI

Application Binary Interface - specification defining how to encode and decode function calls and data for EVM smart contracts. Used by wallets, tools, and other contracts to interact with deployed bytecode.

CREATE2

EVM opcode that deploys a contract to a deterministic address computed from the deployer address, a salt, and the contract's init code hash. Enables predicting contract addresses before deployment.

[1]

Merkle Tree

Binary hash tree where every leaf is the hash of a data block, every intermediate node is the hash of its two children, and the root hash commits to the entire dataset. Used in Bitcoin for transaction verification and in Ethereum for state, transaction, and receipt tries.

[1] [2] [3] [4]

Merkle Root

Single hash at the top of a Merkle Tree that serves as a cryptographic fingerprint for the entire dataset. Changing any leaf changes the root.

[1] [2] [3] [4] [5] [6]

Merkle Proof

Logarithmic-sized set of sibling hashes proving that a specific leaf exists in a Merkle Tree without revealing the full dataset. Requires O(log n) hashes instead of O(n).

[1] [2] [3] [4]

Merkle Patricia Trie

Ethereum's data structure combining Merkle hashing with hexary (16-way) path-based key lookup. Used for the state trie, transaction trie, and receipts trie, with three roots embedded in every block header.

[1]

SPV

Simplified Payment Verification — method for Bitcoin light clients to verify transactions using only block headers and Merkle Proofs without downloading full blocks. Described in Section 8 of the Bitcoin whitepaper.

Merkle Distributor

Smart contract pattern that stores a single Merkle Root on-chain to represent a large set of eligible addresses and amounts, enabling gas-efficient airdrop claims via Merkle Proof verification.

[1] [2] [3] [4]

Verkle Tree

Proposed successor to Ethereum's Merkle Patricia Trie that uses polynomial commitments (IPA or KZG) instead of sibling hashes, reducing proof sizes by 20-30x. Not quantum resistant due to elliptic curve dependency.

Anchoring

Committing a cryptographic hash of off-chain data to a blockchain transaction, creating a timestamped proof that the data existed in a specific state at a specific point in time. The data itself never touches the chain.

[1]

OP_RETURN

Bitcoin Script opcode that marks a transaction output as provably unspendable, allowing arbitrary data (up to 80 bytes, effectively unlimited post-Bitcoin Core 30) to be embedded without polluting the UTXO set. Primary mechanism for Bitcoin-based anchoring.

[1] [2]

UTXO

Unspent Transaction Output — the fundamental unit of Bitcoin accounting. Each UTXO represents a discrete amount of bitcoin that can be spent exactly once. The UTXO set is the collection of all unspent outputs that nodes must track.

[1]

KSI

Keyless Signature Infrastructure — hash-only cryptographic timestamping system developed by Guardtime that uses no public/private keys, making it quantum-resistant by design. Deployed by the Estonian government since 2008.

Tick

In concentrated liquidity AMMs (Uniswap V3/V4), a discrete price point that defines the boundary of a liquidity position's active range. Each tick represents a 0.01% price change.

Tick Spacing

The minimum interval between usable ticks in a concentrated liquidity pool. Larger tick spacing (e.g., 200) reduces gas costs but limits price granularity; smaller spacing (e.g., 1) allows finer positioning.

Distributed Systems

CRDT

Conflict-free Replicated Data Type — a data structure that can be replicated across distributed nodes, updated independently without coordination, and merged deterministically into a consistent state with a mathematical guarantee of no conflicts.

[1]

Conflict-free Replicated Data Type

Data structure that can be replicated across distributed nodes, updated independently without coordination, and merged deterministically into a consistent state. Abbreviated as CRDT.

CvRDT

Convergent Replicated Data Type — state-based CRDT where replicas exchange full state and merge via a join-semilattice function. Tolerates duplicate and out-of-order delivery.

CmRDT

Commutative Replicated Data Type — operation-based CRDT where replicas exchange individual operations that must be commutative. Requires causal delivery and exactly-once semantics.

Eventual Consistency

Consistency model where replicas may temporarily diverge but are guaranteed to converge to the same state once all updates have been delivered. CRDTs provide strong eventual consistency — convergence without coordination.

Semilattice

Mathematical structure with a binary join operation that is commutative, associative, and idempotent. CvRDTs use join-semilattices to guarantee that merging any two states produces a deterministic result.

Tombstone

Marker indicating that a data element has been deleted in a distributed system. Used by CRDTs and other replicated data structures because distributed deletion requires all replicas to learn about the remove; tombstones grow without bound unless garbage collected.

Vector Clock

Logical clock mechanism where each node maintains a vector of counters (one per node) to track causal ordering of events in a distributed system. Enables detecting concurrent updates without synchronized physical clocks.

Governance

DAO

Decentralized Autonomous Organization - entity governed by smart contracts and token holder votes rather than centralized management. Members propose and vote on protocol changes, treasury allocation, and operational decisions.

[1]

DAICO

Decentralized Autonomous Initial Coin Offering - fundraising mechanism combining elements of a DAO with an ICO, where contributors retain governance control over how raised funds are released to the development team.

Liquid Staking

Liquid Staking

Staking model where users deposit a proof-of-stake asset (e.g., ETH) with a protocol and receive a tradable derivative token representing the staked position plus accrued rewards. Unlike traditional staking, the derivative can be used in DeFi while the underlying stays staked.

Lido

Largest liquid staking protocol on Ethereum. Users deposit ETH and receive stETH, which tracks their share of the pooled staked ETH plus rewards via a Rebasing Token mechanism.

[1]

stETH

Lido staked ETH — an ERC-20 representing a claim on pooled ETH staked via Lido's validator set. Contract address 0xae7ab965...d7fE84. Rebases daily to reflect accrued consensus-layer and execution-layer rewards.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]

Rebasing Token

ERC-20 whose per-holder balance changes automatically over time — not via transfer, but by adjusting each holder's share of a tracked total supply. stETH is the most prominent example. Rebasing breaks naive balance-diff accounting unless contracts explicitly track principal separately.

[1] [2] [3]

Basis Counter

A stored scalar that records the principal contribution to a position independent of subsequent balance changes caused by rebasing, yield, or fees. Used to derive "yield = currentBalance - basis" without needing share math.

Bitcoin-Specific

secp256k1

Elliptic curve defined by the SEC (Standards for Efficient Cryptography) group, used by Bitcoin for ECDSA and Schnorr signatures and by Ethereum for ECDSA signatures. The same curve underpins BIP-340 Schnorr signatures and Pedersen Commitments in Bitcoin-side confidential-token protocols. 256-bit prime field; structure makes scalar multiplication efficient enough for in-tx verification.

[1]

Taproot

Bitcoin upgrade activated in November 2021 (block 709,632) that introduced BIP-340 Schnorr signatures, BIP-341 output script type P2TR, and Merkleized Alternative Script Trees (MAST). Enables witness data carrying signatures or arbitrary scripts to be revealed only when used.

[1] [2]

BIP-340

Bitcoin Improvement Proposal specifying Schnorr signatures over the secp256k1 curve. Smaller and linear (signatures can be aggregated), unlike ECDSA. Activated as part of Taproot.

[1] [2] [3] [4] [5]

BIP-341

Bitcoin Improvement Proposal defining Taproot output script types and the Merkleized Alternative Script Trees (MAST) commitment scheme. Defines the P2TR output format.

[1] [2] [3]

P2TR

Pay-to-Taproot — Bitcoin output script type introduced in BIP-341. Addresses begin with bc1p… and commit to either a single public key (key-path) or a Merkle tree of alternative scripts (script-path).

[1] [2] [3] [4]

Witness Data

Per-input data field of a SegWit/Taproot Bitcoin transaction that carries signatures and (for Script-Path Spends) the revealed script and its inputs. Witness bytes are discounted 4x for fee calculations, which is why meta-protocols favor it over OP_RETURN for embedding large payloads.

[1] [2] [3]

Script-Path Spend

P2TR spend that reveals one of the alternative scripts committed to in the Taproot output, along with a Merkle proof that the script was committed. The revealed script appears in the input's Witness Data at spend time.

[1] [2]

Key-Path Spend

P2TR spend that signs with the internal public key embedded in the Taproot output, without revealing any alternative script. On-chain it is indistinguishable from any other key-path spend, which is the primary privacy property of Taproot.

Commit-Reveal Pattern

Two-transaction settlement pattern used by Bitcoin meta-protocols. A first transaction commits to a payload (e.g., creates a Taproot output whose script encodes data); a second transaction spends that output via a Script-Path Spend, putting the payload in Witness Data where indexers can read it. Used by Ordinals, Inscriptions, and Tacit.

[1]

Meta-Protocol

A protocol whose state and rules live above the base layer of a blockchain, validated by off-chain indexers rather than by base-layer consensus. Bitcoin miners do not validate meta-protocol semantics — they only see ordinary Bitcoin transactions whose witness data happens to be interpretable. Ordinals, BRC-20, Runes, and Tacit are all Bitcoin meta-protocols.

Ordinals

Bitcoin meta-protocol introduced in January 2023 that assigns serial numbers to individual satoshis and tracks their transfer through inputs and outputs. Together with Inscriptions it is the substrate for most Bitcoin NFT activity.

[1] [2] [3] [4] [5] [6] [7] [8]

Inscriptions

Bitcoin payloads (images, text, JSON) embedded in Witness Data via the Commit-Reveal Pattern and assigned to specific satoshis via Ordinals. Functionally analogous to NFT metadata, but stored in full on-chain rather than via URI.

[1] [2]

BRC-20

Token standard built on top of Ordinals and Inscriptions. Token state is encoded as JSON payloads in inscriptions and reconstructed by off-chain indexers. No Bitcoin-level consensus rules enforce balances.

[1] [2] [3] [4]

Runes

Bitcoin meta-protocol for fungible tokens that uses OP_RETURN outputs to encode operations, avoiding the witness-data and UTXO bloat of BRC-20. Activated at the Bitcoin halving in April 2024.

[1] [2] [3]

Cryptographic Privacy Primitives

Pedersen Commitment

Cryptographic commitment of the form C = vG + rH, where v is the committed value, r is a blinding factor, and G/H are independent curve generators. Hides v perfectly under the discrete-log assumption and is additively homomorphic (C₁ + C₂ commits to v₁ + v₂), which is what makes Confidential Transactions possible without revealing amounts.

[1] [2] [3] [4] [5] [6] [7]

Range Proof

Zero-knowledge proof that a committed value lies within a specified range (typically [0, 2^n)) without revealing the value. Required by Confidential Transactions to prevent overflow attacks that would otherwise allow hidden negative outputs.

[1] [2] [3] [4]

Bulletproof

Short, non-interactive Range Proof introduced by Bünz et al. (2017). Logarithmic in proof size, requires no trusted setup, and supports aggregation (one proof can cover many commitments). The standard range-proof primitive in modern confidential-token designs.

[1] [2] [3]

zk-SNARK

Zero-Knowledge Succinct Non-interactive ARgument of Knowledge — a class of cryptographic proofs that allow a prover to convince a verifier that a statement is true without revealing anything else, with proofs small enough to verify in milliseconds. Most production zk-SNARKs require a Trusted Setup.

[1] [2] [3] [4]

Groth16

zk-SNARK proving system published by Jens Groth in 2016. Produces the smallest known proofs (≈200 bytes) and the fastest known verifier, at the cost of requiring a circuit-specific Trusted Setup. Widely used by privacy mixers and rollups.

[1]

Trusted Setup

One-time ceremony that generates the public parameters (a "Structured Reference String" or SRS) needed by a zk-SNARK system. If all ceremony participants colluded and retained their secret randomness, the resulting parameters could be used to forge proofs. Multi-party ceremonies (often called "Powers of Tau") are run with the assumption that at least one participant was honest and destroyed their secret.

[1] [2] [3]

Mixer

Privacy protocol that breaks the on-chain link between source and destination of a transfer by pooling many deposits and allowing each depositor to later withdraw to a fresh address. Modern mixers use zk-SNARK proofs over a Merkle tree of commitments to prove "I deposited" without revealing which deposit was theirs.

[1]

Unlinkability

Property that two on-chain events (typically a deposit and a withdrawal) cannot be tied to the same actor by an outside observer. The defining goal of a Mixer.

Confidential Transactions

Transaction scheme that hides amounts using Pedersen Commitments and a Range Proof per output, while still allowing observers to verify that no value is created out of thin air (sum of input commitments equals sum of output commitments plus fees). Originally proposed by Greg Maxwell for Bitcoin; deployed in Blockstream's Liquid sidechain and by Monero.

[1] [2] [3] [4]

Poseidon Hash

Algebraic hash function designed to be cheap inside zk-SNARK circuits (orders of magnitude fewer constraints than SHA-256 or Keccak). The standard hash for Merkle trees inside SNARK-based mixers.

ECDH

Elliptic-Curve Diffie–Hellman — key-exchange primitive where two parties derive a shared secret from one party's public key and the other party's private key. Used by confidential-token protocols to let the sender encrypt a value-blinding tuple that only the recipient can decrypt.

[1]

Mimblewimble

Confidential-transaction format proposed pseudonymously by "Tom Elvis Jedusor" in 2016 and formalized by Andrew Poelstra later that year. Combines Pedersen Commitments, aggregated Range Proofs, and Kernel Signatures into a block format that hides amounts, prevents inflation, and proves supply conservation without per-input signatures. Production implementations include Grin and Beam. Bitcoin-side meta-protocols such as Tacit borrow the kernel-signature construction without adopting the rest of the block format.

[1] [2] [3] [4] [5]

Kernel Signature

Schnorr signature produced under the "excess" point of a confidential transaction — E' = Σ C_out − Σ C_in (plus any public delta term such as a burned amount). When input amounts equal output amounts, the H components of the Pedersen Commitments cancel and E' becomes a pure G-multiple whose discrete log the signer knows; when amounts do not balance, signing requires the discrete log of H with respect to G, which the NUMS construction forbids. A valid kernel signature is therefore a proof of supply conservation. Originated in Mimblewimble; adopted by Tacit for CXFER, T_AXFER, T_BURN, T_DEPOSIT, and T_DCLAIM.

[1] [2] [3] [4] [5] [6]

Toxic Waste

Informal term for the secret randomness each participant contributes during a zk-SNARK Trusted Setup ceremony. If any participant keeps their share instead of destroying it, that share — combined with the resulting public parameters — can be used to forge proofs against the circuit. Soundness of a Groth16 deployment therefore rests on the assumption that at least one ceremony participant honestly destroyed their toxic waste.

[1] [2]

Notable Libraries & Organizations

Solady

Gas-optimized Solidity smart-contract library maintained by Vectorized. An alternative to OpenZeppelin contracts that prioritizes bytecode size and runtime gas.

[1]

Zolidity

Solidity pattern library maintained by z0r0z. Repository tagline: "Zero-to-One Solidity with Simplicity-first."

[1]

LexDAO

Legal-engineering collective focused on lawyers writing smart-contract code. Co-founded by z0r0z.

[1]

KaliDAO

Tokenized multisig and DAO tooling stack built around ERC1155. Co-founded by z0r0z.

[1]

NaniDAO

Protocol and DAO combining Ethereum account abstraction with open-source LLMs. Founded by z0r0z. NANI token contract: 0x00000000000007c8612ba63df8ddefd9e6077c97.

[1]

z0r0z

Solo Ethereum developer behind the zFi stack (zFi superdapp, Wei Name Service, SLOW, Lido Harvester) and the Tacit Bitcoin meta-protocol. Primary deployer EOA 0x1C0Aa8cCD568d90d61659F060D1bFb1e6f855A20, ENS z0r0z.eth, WNS ross.wei.