Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Exfer Script: Always-Halting Scripts

The conditions under which a coin on Exfer can be spent are expressed in a language called Exfer Script. The language guarantees, by construction, that every script terminates and that every script's execution cost can be computed exactly before it runs.

This is the sharpest design divergence between Exfer and Ethereum.

The cost of Turing-completeness

Ethereum's EVM is Turing-complete — in principle it can express any program. The price is that you cannot statically decide how long a contract will run (the halting problem is undecidable). So the EVM uses gas as a backstop: every step costs gas, run out of gas and execution halts. This keeps the network from hanging forever, but leaves a long list of side effects:

  • Complex contracts' execution cost can only be estimated, not computed — hence the entire gas-estimation machinery
  • Reentrancy attacks: contract A calls contract B, B calls back into A, and state becomes inconsistent — the 2016 DAO hack drained ~$60M from an Ethereum smart contract this way
  • State dependence: the same transaction may produce different results at different block heights
  • Formal proofs are nearly impossible: you cannot rigorously prove an EVM contract is correct

Human developers can work around these. Autonomous programs cannot tolerate "the code might hang" or "the result might vary."

Exfer's alternative: total functional combinators

Exfer Script is not Turing-complete. It belongs to a class called total functional combinator languages:

  • total = defined output for every input; no undefined behavior
  • functional = no side effects, pure functions
  • combinator = built from finitely many basic combinators; no while, no general recursion

Exfer Script is a bounded-depth expression tree. The language itself prevents you from writing infinite loops — there is no while(true), no arbitrary recursion.

What this buys you

PropertyEVMExfer Script
Guaranteed to haltNo (relies on gas)Yes (by syntax)
Execution cost known in advanceEstimatedExactly computable
Reentrancy attacksReal, historically exploitedImpossible by model
Global mutable stateYes; a source of bugsNone; state is local
Formal verificationDifficultPractical

What this design can and can't do

Can do: all the core payment-layer patterns — multisig, timeout refunds, escrow, delayed unlocks, delegated authority, atomic swaps. Each is a built-in CLI command (see Built-in script templates).

Cannot do:

  • Uniswap-style AMMs: require arbitrary loops and unbounded state access
  • Decentralized lending (Aave/Compound): depends on composable Turing-complete contracts
  • Complex derivatives / perpetuals: same
  • On-chain NFT auctions with arbitrary logic: simple ones yes, complex auction mechanisms no

Exfer assumes M2M payments and DeFi have different requirements. Paying between machines, escrow, dispute resolution — these do not require Turing-completeness. What they require is absolute predictability. The tradeoff is deliberate, not a ceiling.

Historical context

Non-Turing-complete scripting languages predate Exfer. Blockstream's Simplicity project — a research effort to give Bitcoin a provably-correct contract language — has been on this path for years. Exfer Script sits in the same lineage.

Further reading