In fact, the only thing that permits the spending of existing [UTXOs](/protocol/blockchain/transaction#transaction-output) is the successful execution of a script.
The only thing preventing the spending of newly created UTXOs is the difficulty of producing a successfully executing script.
Through the use of cryptographic signatures and hash functions, such scripts are often designed specifically to be difficult to produce unless you are the intended spender of a given UTXO, though that need not necessarily be the case.
Scripts are executed using a stack-based memory model and have an intentionally restricted set of available operations.
Unlike the common general-purpose programming languages your are probably aware of, Script (the term for the language itself) does not allow for loops, persistent state/memory across script executions, or the definition of functions.
Instead, scripts are expected to contain whatever data they need and use the available operations to prove transaction validity.
In addition to the primary stack ("the stack"), there is a secondary stack, referred to as the "alt-stack", which data can be moved to temporarily.
Any data left on the alt-stack is lost when a given sub-script finishes execution.
In effect, any data moved to the alt-stack by an unlocking script is not present when the locking script runs.
There are a large number of op-codes that support everything from simple stack-manipulation, to mathematical calculations, to complex cryptographic processes. In terms of control structures there are only basic conditional branching (IF/ELSE) operations available.
### Transaction Validation
Scripts are run when validating transactions, and successful execution of all of the scripts defined by the transaction is a necessary, but not sufficient, condition for transaction validity.
See [Transaction Validation](/protocol/blockchain/transaction-validation) for more details.
As a part of validating a transaction, a script is built for each input spent by the transaction.
Each script is the sequential execution (carrying over the same stack, but not alt-stack) of the [unlocking script](/protocol/blockchain/transaction/unlocking-script) provided with the input definition (which is used that the beginning of the script) and the locking script provided by the [previous output](/protocol/blockchain/transaction#transaction-output) being referenced.
The exception to this is [pay to script hash](/protocol/blockchain/transaction/locking-script#standard-scripts), which has an altered execution workflow.
In general, though, this combined unlocking/locking script is then executed and considered successful if and only if the following conditions are met:
- **No Stack Overflows** - no operation should attempt to pop a value from the stack when the stack is empty. An overflow of the alt-stack is also disallowed.
- **Clean Stack** - after execution the stack must only contain a single value, which must be non-zero (TRUE). Added in [HF-20181115](/protocol/forks/hf-20181115). The alt-stack is exempt from this.
- **Max Script Length** - the locking and unlocking script, when executed, must each be less than the max script length of 10,000 bytes (for a combined script maximum of 20,000 bytes).
- **Contained Control Flow** - an IF/ELSE block cannot start in the unlocking script and end in the locking script, the script must be in the top-level scope when the locking script execution begins.
- **Permitted Operations Only** - the locking script must not include operations that are disallowed and must not execute operations that are disabled..
- **Push Only** - the unlocking script must contain only push operations (i.e. those with op codes 0x60 or less). Added in [HF-20181115](/protocol/forks/hf-20181115).
NOTE: violations of the above rules does not necessarily make a transaction invalid.
For example, a locking script may be longer than 10,000 bytes, but it would be unspendable, since the max script length is only checked when the scripts are combined before execution.
| OP_0, OP_FALSE | 0 | 0x00 | | 0 | An empty array of bytes is pushed onto the stack. See also [OP_X](/protocol/blockchain/script/op-codes/op-x) |
| N/A | 1-75 | 0x01-0x4b | | | The next *value* bytes is data to be pushed onto the stack. See also [OP_DATA_X](/protocol/blockchain/script/op-codes/op-data-x) |
| OP_IF | 99 | 0x63 | <expression> IF [statements] [ELSE [statements]] ENDIF || If the top stack value is not False, the statements are executed. The top stack value is removed. |
| OP_NOTIF | 100 | 0x64 | <expression> NOTIF [statements] [ELSE [statements]] ENDIF || If the top stack value is False, the statements are executed. The top stack value is removed. |
| OP_ELSE | 103 | 0x67 | <expression> IF [statements] [ELSE [statements]] ENDIF || If the preceding OP_IF or OP_NOTIF or OP_ELSE was not executed then these statements are and if the preceding OP_IF or OP_NOTIF or OP_ELSE was executed then these statements are not. |
| OP_ENDIF | 104 | 0x68 | <expression> IF [statements] [ELSE [statements]] ENDIF || Ends an if/else block. All blocks must end, or the transaction is **marked as invalid**. An OP_ENDIF without OP_IF earlier is also **invalid**. |
| OP_VERIFY | 105 | 0x69 | true / false | Nothing / *fail* | **Marks transaction as invalid** if top stack value is not true. The top stack value is removed. |
| OP_RETURN | 106 | 0x6a | | *fail* | **Marks the output as unspendable**. Since [Bitcoin Core 0.9](https://bitcoin.org/en/release/v0.9.0#opreturn-and-data-in-the-block-chain), a standard way of attaching extra data to transactions is to add a zero-value output with a scriptPubKey consisting of OP_RETURN followed by data. Such outputs are provably unspendable and specially discarded from storage in the UTXO set, reducing their cost to the network. Current [standard relay rules](https://reference.cash/protocol/blockchain/transaction-validation/network-level-validation-rules/) on the Bitcoin Cash network allow a single output with OP_RETURN, that contains any sequence of push statements (or OP_RESERVED) after the OP_RETURN provided the total scriptPubKey length is at most 223 bytes. |
|OP_REVERSEBYTES |188 |0xbc |x |out |Reverses the order of the bytes in byte sequence *x* so that the first byte is now its last byte, the second is now its second-to-last, and so forth. Enabled in [HF-20200515](/protocol/forks/hf-20200515). |
Numeric opcodes (OP_1ADD, etc.) are restricted to operating on 8-byte signed "Script Number" integers, enabled in [HF-20220515](/protocol/forks/hf-20220515).
This excludes the value `-9223372036854775808` that fits in 8-byte two's complement encoding, but does not fit in an 8-byte Script Number encoding used by the Script VM.
If an operation [overflows or underflows](protocol/forks/chips/2022-05-bigger-script-integers#arithmetic-operation-overflows), the operation must immediately fail evaluation.
| OP_CODESEPARATOR | 171 | 0xab | Nothing | Nothing | Makes `OP_CHECK(MULTI)SIG(VERIFY)` use the subset of the script of everything after the most recently-executed OP_CODESEPARATOR when computing the sighash. |
| OP_CHECKSIG | 172 | 0xac | sig pubkey | true / false | The last byte (=sighash type) of the signature is removed. The sighash for this input is calculated based on the sighash type. The truncated signature used by OP_CHECKSIG must be a valid ECDSA or Schnorr signature for this hash and public key. If it is valid, 1 is returned, if it is empty, 0 is returned, otherwise the operation fails. |
| OP_CHECKMULTISIG | 174 | 0xae | dummy sig1 sig2 ... <#-of-sigs> pub1 pub2 ... <#-of-pubkeys> | true / false | Signatures are checked against public keys. Signatures must be placed in the unlocking script using the same order as their corresponding public keys were placed in the locking script or redeem script. If all signatures are valid, 1 is returned, 0 otherwise. All elements are removed from the stack. For more information on the execution of this opcode, see [Multisignature](/protocol/blockchain/cryptography/multisignature). |
| OP_CHECKMULTISIGVERIFY | 175 | 0xaf | dummy sig1 sig2 ... <#-of-sigs> pub1 pub2 ... <#-of-pubkeys> | Nothing / *fail* | Same as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward. |
| OP_CHECKDATASIG | 186 | 0xba | sig msg pubkey | true / false | Check if signature is valid for message and a public key. [See spec](/protocol/forks/op_checkdatasig) |
| OP_CHECKLOCKTIMEVERIFY | 177 | 0xb1 | x |x / *fail* | Marks transaction as invalid if the top stack item is greater than the transaction's nLockTime field, otherwise script evaluation continues as though an OP_NOP was executed. Transaction is also invalid if 1. the stack is empty; or 2. the top stack item is negative; or 3. the top stack item is greater than or equal to 500000000 while the transaction's nLockTime field is less than 500000000, or vice versa; or 4. the input's nSequence field is equal to 0xffffffff. The precise semantics are described in [BIP65](/protocol/forks/bip-0065). |
| OP_CHECKSEQUENCEVERIFY | 178 | 0xb2 | x |x / *fail* | Marks transaction as invalid if the relative lock time of the input (enforced by BIP68 with nSequence) is not equal to or longer than the value of the top stack item. The precise semantics are described in [BIP112](/protocol/forks/bip-0112). |
| OP_INPUTINDEX | 192 | 0xc0 | Nothing | number | Push the index of the input being evaluated to the stack as a Script Number. |
| OP_ACTIVEBYTECODE | 193 | 0xc1 | Nothing | script | Push the bytecode currently being evaluated, beginning after the last executed OP_CODESEPARATOR, to the stack1. For Pay-to-Script-Hash (P2SH) evaluations, this is the redeem bytecode of the Unspent Transaction Output (UTXO) being spent; for all other evaluations, this is the locking bytecode of the UTXO being spent. |
| OP_TXVERSION | 194 | 0xc2 | Nothing | number | Push the version of the current transaction to the stack as a Script Number. |
| OP_TXINPUTCOUNT | 195 | 0xc3 | Nothing | number | Push the count of inputs in the current transaction to the stack as a Script Number. |
| OP_TXOUTPUTCOUNT | 196 | 0xc4 | Nothing | number | Push the count of outputs in the current transaction to the stack as a Script Number. |
| OP_TXLOCKTIME | 197 | 0xc5 | Nothing | number | Push the locktime of the current transaction to the stack as a Script Number. |
| OP_UTXOVALUE | 198 | 0xc6 | index | number | Pop the top item from the stack as an input index (Script Number). Push the value (in satoshis) of the Unspent Transaction Output (UTXO) spent by that input to the stack as a Script Number. |
| OP_UTXOBYTECODE | 199 | 0xc7 | index | script | Pop the top item from the stack as an input index (Script Number). Push the full locking bytecode of the Unspent Transaction Output (UTXO) spent by that input to the stack. |
| OP_OUTPOINTTXHASH | 200 | 0xc8 | index | hash | Pop the top item from the stack as an input index (Script Number). From that input, push the outpoint transaction hash – the hash of the transaction which created the Unspent Transaction Output (UTXO) which is being spent – to the stack in OP_HASH256 byte order. |
| OP_OUTPOINTINDEX | 201 | 0xc9 | index | number | Pop the top item from the stack as an input index (Script Number). From that input, push the outpoint index – the index of the output in the transaction which created the Unspent Transaction Output (UTXO) which is being spent – to the stack as a Script Number. |
| OP_INPUTBYTECODE | 202 | 0xca | index | script | Pop the top item from the stack as an input index (Script Number). Push the unlocking bytecode of the input at that index to the stack. |
| OP_INPUTSEQUENCENUMBER | 203 | 0xcb | index | number | Pop the top item from the stack as an input index (Script Number). Push the sequence number of the input at that index to the stack as a Script Number. |
| OP_OUTPUTVALUE | 204 | 0xcc | index | number | Pop the top item from the stack as an output index (Script Number). Push the value (in satoshis) of the output at that index to the stack as a Script Number. |
| OP_OUTPUTBYTECODE | 205 | 0xcd | index | script | Pop the top item from the stack as an output index (Script Number). Push the locking bytecode of the output at that index to the stack. |
| OP_UTXOTOKENCATEGORY | 206 | 0xce | index | script | Pop the top item from the stack as an input index (VM Number). If the Unspent Transaction Output (UTXO) spent by that input includes no tokens, push a 0 (VM Number) to the stack. If the UTXO does not include a non-fungible token with a capability, push the UTXO's token category, otherwise, push the concatenation of the token category and capability, where the mutable capability is represented by 1 (VM Number) and the minting capability is represented by 2 (VM Number). |
| OP_UTXOTOKENCOMMITMENT | 207 | 0xcf | index | script | Pop the top item from the stack as an input index (VM Number). Push the token commitment of the Unspent Transaction Output (UTXO) spent by that input to the stack. If the UTXO does not include a non-fungible token, or if it includes a non-fungible token with a zero-length commitment, push a 0 (VM Number). |
| OP_UTXOTOKENAMOUNT | 208 | 0xd0 | index | number | Pop the top item from the stack as an input index (VM Number). Push the fungible token amount of the Unspent Transaction Output (UTXO) spent by that input to the stack as a VM Number. If the UTXO includes no fungible tokens, push a 0 (VM Number). |
| OP_OUTPUTTOKENCATEGORY | 209 | 0xd1 | index | script | Pop the top item from the stack as an output index (VM Number). If the output at that index includes no tokens, push a 0 (VM Number) to the stack. If the output does not include a non-fungible token with a capability, push the output's token category, otherwise, push the concatenation of the token category and capability, where the mutable capability is represented by 1 (VM Number) and the minting capability is represented by 2 (VM Number). |
| OP_OUTPUTTOKENCOMMITMENT | 210 | 0xd2 | index | script | Pop the top item from the stack as an output index (VM Number). Push the token commitment of the output at that index to the stack. If the output does not include a non-fungible token, or if it includes a non-fungible token with a zero-length commitment, push a 0 (VM Number). |
| OP_OUTPUTTOKENAMOUNT | 211 | 0xd3 | index | number | Pop the top item from the stack as an output index (VM Number). Push the fungible token amount of the output at that index to the stack as a VM Number. If the output includes no fungible tokens, push a 0 (VM Number). |
