OP_VAULT behavior can be emulated in elements opcodes. Instead of introducing an OP_EVAL-like behavior by expecting:
- a witness program scriptPubKey that, when hashed, yields the <unvault-spk-hash>,
- a witness stack satisfying that witness program
It's more elegant to separate this execution under a separate input spend called “Unvault SPK Mirror”. A single Unvault SPK Mirror spend must be present in the second to last input in an unvault attempt.
The VAULT script introspects the second the last input spk and constrains it to its hardcoded value HARDCODED_UNVAULT_SPK. The satisfying conditions for initiating an unvault attempt must have been met if the spk is present.
The VAULT script then constructs the UNVAULT output spk based on hardcoded HARDCODED_RECOVERY_SPK, hardcoded DELAY_PERIOD, and variable TARGETS from the witness of VAULT.
Multiple VAULT utxos can be easily swept into the RECOVERY output by adding a “BatchAgg Checker” spend to the end of inputs, eliminating the proclaimed quadratic setup concern with MAST.
BatchAgg Checker is a multi-leaf, well-known universal p2tr scriptpubkey that can be used in any VAULT context. A single BatchAgg Checker spend must be present in the last input of the spending transaction.
Each VAULT script introspects the last output in the spending transaction and ensures it's equal to the well-known BatchAgg Checker spk. Each TapLeaf index of BatchAgg Checker (starting from index 0) represents the corresponding number of batched VAULT spends in the spending transaction.
Each BatchAgg Checker TapLeaf is given to this tapscript template:
- The BatchAgg script first ensures BatchAgg Checker is the last input spent in the spending transaction.
- The BatchAgg script then checks the number of inputs in the spending transaction is LEAF INDEX + 3.
- The BatchAgg script then checks if all inputs (except for the last two) share the same VAULT scriptpubkey.
- The BatchAgg script finally sums all the input values (except for the last two) and constrains the value to the first output value.
BatchAgg can be funded with a dust value and added to the spending transaction zero-conf. The whole point of BatchAgg is to be PRESENT in the spending transaction and enforce the correct batching of VAULT spends.
Fee-supplier or Unvault SPK Mirror
Depending on the recovery or unvault cases, Fee-supplier or Unvault SPK Mirror can be funded with the transaction fees value and added to the spending transaction zero-conf.