Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

The UTXO Data Model: Reentrancy-Free by Design

Exfer uses an extended UTXO model — every transaction consumes some "unspent outputs" and creates new ones. The shape is Bitcoin-style; the scripting language attached to each output is richer.

The choice of data model determines what a chain can and cannot do. Exfer is not an account model (Ethereum-style); the choice is deliberate. UTXO has specific advantages for programs.

Account model vs. UTXO model

DimensionAccount model (Ethereum)UTXO model (Bitcoin / Exfer)
State representationGlobal mutable account balancesImmutable "spent / unspent" markers
Parallel validationSame-account transactions must be serializedTransactions that don't share an input run in parallel
Reentrancy attacksAllowed by the model (has caused multiple major losses)Impossible by the model
Reasoning scopeGlobal — one transaction may touch any accountLocal — only the consumed and produced UTXOs
PrivacyAddress reuse makes behavior patterns analyzableNew address per transaction is the default

Why UTXO is friendly to programs

1. Local reasoning. Validating a transaction means checking: do its claimed inputs still exist, do the unlock scripts pass, do the new outputs sum correctly? No global state simulation needed. This is what makes "compute fees statically" and "know in advance the tx will validate" possible (see Deterministic fees).

2. Natural parallelism. Two transactions that don't share an input can be validated in parallel. Under an account model, "Alice → Bob, Bob → Carol" must serialize (Bob's balance is shared state); under UTXO, if they don't reference the same input, they don't interact.

3. No reentrancy. Reentrancy comes from "global state mutates during contract execution." UTXO has no mutable global state — a UTXO is either entirely consumed by a single transaction or untouched, with no intermediate state. The DAO-style attack is structurally impossible under UTXO.

4. Natural state finality. Once a UTXO is spent, it can never be spent again. Unlike account balances, which change continuously, UTXOs are write-once. This makes auditing, reconciliation, and tracing straightforward.

Costs / boundaries

  • Bad fit for "complex financial contracts." Account models express "global state machines" naturally (most DeFi protocols are state machines); UTXO models make this awkward. Exfer isn't going after DeFi, so this is intentional
  • Wallet logic is slightly more complex. A UTXO wallet has to manage a set of UTXOs rather than a single balance — handling change, UTXO consolidation, and dust. These are encapsulated in the wallet/CLI and transparent to the end user
  • Not privacy-preserving by default. UTXO is transparent — amounts, sending scripts, receiving scripts are public. Behavior analysis is harder than under address-reused account models, but real privacy requires application-level care (new address per transaction, CoinJoin-style techniques)

What "extended UTXO" adds over Bitcoin UTXO

Bitcoin UTXOs can only lock to simple "verify a signature" scripts. Exfer's extended UTXO lets the lock condition be any Exfer Script expression — multisig, timelocks, hashlocks, combined conditions. Still UTXO as a model, but each output can carry an arbitrarily complex (and provably halting) unlock condition.

Further reading