Beta⚠️ This software is in Beta. Smart contracts have not been audited. Use at your own risk — do not deposit more than you can afford to lose.

Documentation

What is KaVault?

KaVault is a non-custodial vault built on Kaspa L1 using Toccata's Covenant (KIP-17) feature. It allows you to lock your KAS with programmable spending rules enforced entirely on-chain. No backend, no middlemen — just SilverScript covenants compiled to native Kaspa Script.

Vault Types

Time-Lock Vault

Time-locked custody. Funds are locked for a configurable number of days. Only the owner can withdraw after the lock period. Includes heartbeat to refresh the UTXO.

Spending Guard

Adds a daily spend limit and guardian key. Small withdrawals need only the owner's signature. Large amounts require both owner + guardian. Emergency withdrawal bypasses the time lock.

Legacy Vault

Social recovery for inheritance or lost-key scenarios. If the owner is inactive (no heartbeat), a trusted recovery key can claim funds after an additional delay.

Shared Vault

2-of-3 multisignature for teams and DAOs. Any two of three signers can authorize a withdrawal. Any single signer can send a heartbeat.

Auto-Pay Vault

Release a fixed amount to a beneficiary on a recurring schedule. The owner can cancel at any time. Heartbeat keeps the vault active.

Vesting Vault

Linearly unlock funds over a vesting period. An optional cliff period prevents any withdrawals until it expires. After the cliff, funds are released proportionally over the remaining time. Ideal for team token allocations, employee compensation, or investor vesting schedules.

Technology

KaVault uses SilverScript, Kaspa's high-level smart contract language, to define covenant spending conditions. SilverScript compiles to native Kaspa Script opcodes introduced in the Toccata hardfork (KIP-16/17/20), including transaction introspection opcodes.

Security Model

KaVault currently wraps covenant scripts in standard P2SH outputs. The covenant spending rules are enforced client-side when constructing transactions — the on-chain UTXO only requires revealing the redeem script to spend. This means anyone who possesses the full redeem script and satisfies the covenant logic in their transaction construction can spend the UTXO. KaVault builds and verifies these transactions locally before signing.

Full consensus-enforced covenants (v1 transactions with a dedicated `covenant` field) will be supported when the Kaspa protocol stabilizes the v1 transaction format. Until then, users should understand that P2SH-wrapped vaults rely on correct client-side transaction construction rather than on-chain covenant enforcement alone.

Security

  • KaVault is 100% non-custodial — we never hold your keys or funds.
  • All rules are enforced by the Kaspa L1 blockchain consensus.
  • The frontend builds and signs transactions locally in your browser.
  • No backend server, no database, no admin keys.
  • SilverScript contracts are open-source (MIT License).

FAQ

Can KaVault steal my funds?

No. KaVault is a frontend tool. Spending conditions are enforced by the Kaspa blockchain. We have no ability to access your covenant UTXOs.

What if the KaVault website goes down?

Your funds remain safe on-chain. Any compatible wallet or tool that can construct the correct covenant transaction can withdraw your funds.

Is Toccata live on mainnet?

Yes! Toccata activated on Kaspa mainnet on June 30, 2026 (DAA score 474,165,565). KaVault fully supports mainnet.