cpacia/vault.md

## vault.md
```lisp
;; This is an example of a vault script. The general concept is to have two keys — a
;; hot key and a cold key. The cold key is allowed to spend from the script at any
;; time. If a spend is initiated using the hot key, a timer is started. The hot key
;; is allowed to spend the funds after the timer expires. At any time before the timer
;; expires the cold key can spend the funds.

;; The script allows the following list of custom parameters:
;;(<hot-key (num)> <cold-key (num)> <fee (num)> <recovery-window (num)> <required-precision (num)>)
;;
;; Remember the illium address commits to both hash of this function (the script-commitment) and
;; the list of the custom parameters (script-params). Ex)
;;
;; address = serialize(hash(script-commitment || script-params), view_key)
;;
;; Funding transactions should always keep the input state set at zero.
;;
;; The unlocking parameters must equal:
;; (<signature (list num)> <output-index>)
;;
;; Where output index is the index of the contract output when signing with the hot key when
;; the input state is zero. If the input state is non-zero or the cold key is being used to sign
;; the output-index can be omitted.
;;
;; If you try to spend using the hot key when the input state is zero it checks:
;;    - The output script-hash is equal to the script-commitment (ie. the coins are sent
;       back into this same script).
;;    - The locktime precision is less than or equal to the required-precision.
;;    - The output state is set to the locktime.
;;    - The output amount is equal to the input amount minus the fee.
;;    - A valid hot key signature is provided covering the transaction's sighash.
;;    - The output salt is computed as the hash of the input salt. This is done because in
;;      this case we are presupposing the hot key is compromised and if the attacker were
;;      allowed to set the salt he could lock us out of the contract.
;;
;; Using the hot key to spend from this script when the input state is not zero requires:
;;    - The locktime is greater than the locktime found in the input state plus the recovery window
;;    - The locktime precision is less than or equal to the required-precision.
;;    - A valid hot key signature covering the transaction's sighash.
(lambda (script-params unlocking-params input-index private-params public-params)
    (let (
          (signature (car unlocking-params))
          (output-index (car (cdr unlocking-params)))
          (locktime (list-get 8 public-params))
          (precision (list-get 9 public-params))
          (sig-hash (list-get 7 public-params))
          (input (list-get input-index (car private-params)))
          (output (list-get output-index (car (cdr private-params))))
          (script-commitment (car input))
          (in-amount (list-get 1 input))
          (out-amount (list-get 1 output))
          (in-state (list-get 6 input))
          (out-state (list-get 3 output))
          (out-script-hash (car output))
          (in-salt (list-get 7 input))
          (out-salt (list-get 4 output))
          (hot-key (list-get 0 script-params))
          (cold-key (list-get 1 script-params))
          (fee (list-get 2 script-params))
          (recovery-window (list-get 3 script-params))
          (required-precision (list-get 4 script-params)))

          (if (check-sig signature cold-key sig-hash)
              t
              (if (= (car in-state) 0)
                  (if (eq (car out-state) locktime)
                      (if (<= precision required-precision)
                          (if (= out-amount (- in-amount fee))
                              (if (eq out-script-hash script-commitment)
                                  (if (eq salt (hash in-salt))
                                      (check-sig signature hot-key sig-hash)
                                      nil
                                  )
                                  nil
                              )
                              nil
                          )
                          nil
                      )
                      nil
                  )
                  (if (> locktime (+ (car in-state) recovery-window))
                      (if (<= precision required-precision)
                          (check-sig signature hot-key sig-hash)
                          nil
                      )
                      nil
                  )
              )
          )
    )
)
```
	```lisp
	;; This is an example of a vault script. The general concept is to have two keys — a
	;; hot key and a cold key. The cold key is allowed to spend from the script at any
	;; time. If a spend is initiated using the hot key, a timer is started. The hot key
	;; is allowed to spend the funds after the timer expires. At any time before the timer
	;; expires the cold key can spend the funds.

	;; The script allows the following list of custom parameters:
	;;(<hot-key (num)> <cold-key (num)> <fee (num)> <recovery-window (num)> <required-precision (num)>)
	;;
	;; Remember the illium address commits to both hash of this function (the script-commitment) and
	;; the list of the custom parameters (script-params). Ex)
	;;
	;; address = serialize(hash(script-commitment \|\| script-params), view_key)
	;;
	;; Funding transactions should always keep the input state set at zero.
	;;
	;; The unlocking parameters must equal:
	;; (<signature (list num)> <output-index>)
	;;
	;; Where output index is the index of the contract output when signing with the hot key when
	;; the input state is zero. If the input state is non-zero or the cold key is being used to sign
	;; the output-index can be omitted.
	;;
	;; If you try to spend using the hot key when the input state is zero it checks:
	;; - The output script-hash is equal to the script-commitment (ie. the coins are sent
	; back into this same script).
	;; - The locktime precision is less than or equal to the required-precision.
	;; - The output state is set to the locktime.
	;; - The output amount is equal to the input amount minus the fee.
	;; - A valid hot key signature is provided covering the transaction's sighash.
	;; - The output salt is computed as the hash of the input salt. This is done because in
	;; this case we are presupposing the hot key is compromised and if the attacker were
	;; allowed to set the salt he could lock us out of the contract.
	;;
	;; Using the hot key to spend from this script when the input state is not zero requires:
	;; - The locktime is greater than the locktime found in the input state plus the recovery window
	;; - The locktime precision is less than or equal to the required-precision.
	;; - A valid hot key signature covering the transaction's sighash.
	(lambda (script-params unlocking-params input-index private-params public-params)
	(let (
	(signature (car unlocking-params))
	(output-index (car (cdr unlocking-params)))
	(locktime (list-get 8 public-params))
	(precision (list-get 9 public-params))
	(sig-hash (list-get 7 public-params))
	(input (list-get input-index (car private-params)))
	(output (list-get output-index (car (cdr private-params))))
	(script-commitment (car input))
	(in-amount (list-get 1 input))
	(out-amount (list-get 1 output))
	(in-state (list-get 6 input))
	(out-state (list-get 3 output))
	(out-script-hash (car output))
	(in-salt (list-get 7 input))
	(out-salt (list-get 4 output))
	(hot-key (list-get 0 script-params))
	(cold-key (list-get 1 script-params))
	(fee (list-get 2 script-params))
	(recovery-window (list-get 3 script-params))
	(required-precision (list-get 4 script-params)))

	(if (check-sig signature cold-key sig-hash)
	t
	(if (= (car in-state) 0)
	(if (eq (car out-state) locktime)
	(if (<= precision required-precision)
	(if (= out-amount (- in-amount fee))
	(if (eq out-script-hash script-commitment)
	(if (eq salt (hash in-salt))
	(check-sig signature hot-key sig-hash)
	nil
	)
	nil
	)
	nil
	)
	nil
	)
	nil
	)
	(if (> locktime (+ (car in-state) recovery-window))
	(if (<= precision required-precision)
	(check-sig signature hot-key sig-hash)
	nil
	)
	nil
	)
	)
	)
	)
	)
	```