The covenant used in Sha-Gate are implemented in CashScript to utilize self-introspection. It manages the cc-UTXOs which keep the coins transferred to the smartBCH sidechain.
The logic of this covenant is quite simple:
- 1.There are 10 operators and 3 monitors, whose hashes are encoded as the covenant's constructor parameters, i.e., part of the scriptPubkey.
- 2.If seven of the ten operators sign the transaction, this cc-UTXO can be spent in any way they want, as long as the transaction has only one input and one output. (
- 3.If at least seven operators are unavailable for more than eight months, this cc-UTXO can be sent to a new operator set. (
It is very unlikely that we need to use
convertByMonitors. So currently the smartbchd nodes do not recognoize such transactions. If such a accident really happens (at least seven operators are unavailable for more than eight months), the smartbchd nodes need to be hard-forked to recognize
The miner fee of
redeemOrConvertis deducted from the input cc-UTXO and has an upper bound hardcoded in the covenant. And the miner fee of
convertByMonitorsis paid by some other input other than cc-UTXO.
In practice, the operators only sign two kinds of transactions using
- 1.Send the cc-UTXO to a P2PKH address. For such cases, the covenant does not check anything.
- 2.Convert the cc-UTXO's constructor parameters, while keeping the covenant's logic unchanged. For such cases, the covenant checks the format of the resulted P2SH output.