The UTXO Data Model: Reentrancy-Free by Design
Exfer uses an extended UTXO model — every transaction consumes some "unspent outputs" and creates new ones. The shape is Bitcoin-style; the scripting language attached to each output is richer.
The choice of data model determines what a chain can and cannot do. Exfer is not an account model (Ethereum-style); the choice is deliberate. UTXO has specific advantages for programs.
Account model vs. UTXO model
| Dimension | Account model (Ethereum) | UTXO model (Bitcoin / Exfer) |
|---|---|---|
| State representation | Global mutable account balances | Immutable "spent / unspent" markers |
| Parallel validation | Same-account transactions must be serialized | Transactions that don't share an input run in parallel |
| Reentrancy attacks | Allowed by the model (has caused multiple major losses) | Impossible by the model |
| Reasoning scope | Global — one transaction may touch any account | Local — only the consumed and produced UTXOs |
| Privacy | Address reuse makes behavior patterns analyzable | New address per transaction is the default |
Why UTXO is friendly to programs
1. Local reasoning. Validating a transaction means checking: do its claimed inputs still exist, do the unlock scripts pass, do the new outputs sum correctly? No global state simulation needed. This is what makes "compute fees statically" and "know in advance the tx will validate" possible (see Deterministic fees).
2. Natural parallelism. Two transactions that don't share an input can be validated in parallel. Under an account model, "Alice → Bob, Bob → Carol" must serialize (Bob's balance is shared state); under UTXO, if they don't reference the same input, they don't interact.
3. No reentrancy. Reentrancy comes from "global state mutates during contract execution." UTXO has no mutable global state — a UTXO is either entirely consumed by a single transaction or untouched, with no intermediate state. The DAO-style attack is structurally impossible under UTXO.
4. Natural state finality. Once a UTXO is spent, it can never be spent again. Unlike account balances, which change continuously, UTXOs are write-once. This makes auditing, reconciliation, and tracing straightforward.
Costs / boundaries
- Bad fit for "complex financial contracts." Account models express "global state machines" naturally (most DeFi protocols are state machines); UTXO models make this awkward. Exfer isn't going after DeFi, so this is intentional
- Wallet logic is slightly more complex. A UTXO wallet has to manage a set of UTXOs rather than a single balance — handling change, UTXO consolidation, and dust. These are encapsulated in the wallet/CLI and transparent to the end user
- Not privacy-preserving by default. UTXO is transparent — amounts, sending scripts, receiving scripts are public. Behavior analysis is harder than under address-reused account models, but real privacy requires application-level care (new address per transaction, CoinJoin-style techniques)
What "extended UTXO" adds over Bitcoin UTXO
Bitcoin UTXOs can only lock to simple "verify a signature" scripts. Exfer's extended UTXO lets the lock condition be any Exfer Script expression — multisig, timelocks, hashlocks, combined conditions. Still UTXO as a model, but each output can carry an arbitrarily complex (and provably halting) unlock condition.
Further reading
- Exfer Script: always-halting scripts — what unlock conditions can be attached
- Glossary / UTXO — one-line definition
- Glossary / OutPoint — how a UTXO is referenced
- JSON-RPC / get_address_utxos — query an address's UTXO set