This work addresses critical security challenges in developing smart contracts on Bitcoin’s UTXO model, where reliance on low-level stack operations often leads to vulnerabilities such as signature malleability, fund locking, and uncontrolled execution paths. Existing approaches, including Miniscript, struggle to model complex state transitions and resource liveness. To bridge the gap between security and developer usability, we propose Bithoven, a novel language that, while strictly adhering to Bitcoin Script constraints, integrates a rigorous type system, resource liveness analysis, and semantic control-flow analysis to enable formal verification of expressive smart contracts. Bithoven compiles to efficient, compliant Script bytecode that achieves performance close to hand-optimized code while systematically eliminating multiple classes of critical security flaws.

The rigorous security model of Bitcoin's UTXO architecture often comes at the cost of developer usability, forcing a reliance on manual stack manipulation that leads to critical financial vulnerabilities like signature malleability, unspendable states and unconstrained execution paths. Industry standards such as Miniscript provide necessary abstractions for policy verification but do not model the full imperative logic required for complex contracts, leaving gaps in state management and resource liveness. This paper introduces Bithoven, a high-level language designed to bridge the gap between expressiveness and formal safety. By integrating a strict type checker and a resource liveness analyzer with a semantic control-flow analyzer, Bithoven eliminates major categories of consensus and logic defects defined in our fault model prior to deployment. Our results indicate that this safety comes at modest cost: Bithoven compiles to Bitcoin Script with efficiency comparable to hand-optimized code, demonstrating that type-safe, developer-friendly abstractions are viable even within the strict byte-size constraints of the Bitcoin blockchain.