Trustless by design.
Not by claim.
BNRP has no smart contracts, no admin keys, and no upgrade mechanisms. Ownership is verified on Bitcoin. Every resolution rule is open and inscribed on-chain.
There are no smart contracts in BNRP. No Solidity. No bytecode. No upgrade proxy. No admin function that can drain funds or alter resolution rules. The protocol is a set of open rules applied to Bitcoin Ordinals inscriptions.
Name ownership is determined by who holds the inscription on Bitcoin, verified by taproot address. No oracle, no off-chain database, and no company can override that. Transfer the inscription — ownership and access update automatically.
Only the first valid inscription is canonical. Re-inscriptions are invalid and are not surfaced. Resolution is deterministic — the same rules, applied to the same Bitcoin state, always produce the same result.
There is no admin key that controls name resolution. The BTCNative team cannot alter your subnames, revoke your name, or modify your namespace records. Control is held by the wallet that holds the inscription.
When a name changes hands, all subnames become invalid immediately. The new owner starts with a clean namespace. No residual access leaks to prior holders. This is enforced by protocol — not by trust.
The BNRP protocol spec and the BTCNative marketplace are open source. The resolution logic, fee structure, and namespace rules are public and auditable by anyone. No proprietary black boxes.
The market API and BNRP resolution API run on Cloudflare Workers with edge caching, DDoS protection, and zero cold-start latency. No centralized server to take down or compromise.
BTCNative never holds your inscription or your Bitcoin. Listings use PSBT-based escrow — you sign the transaction, not us. Your keys, your names.
Zero EVM or script-based contracts. No bytecode deployed anywhere in the resolution path.
The protocol cannot be silently changed. Any protocol update requires new inscriptions and is visible on Bitcoin.
Only the first valid inscription is canonical. Duplicate or re-inscribed records are ignored at the resolution layer.
Namespace owners can revoke subnames. Revoked records are excluded from resolution output.
Subname issuance can be delegated with scoped authority. Delegates cannot exceed the permissions granted by the namespace owner.
When a name is sold or transferred, all subnames are immediately invalidated. The new owner gets a clean namespace with no inherited access.
PSBT-based listing flow. BTCNative never takes custody of inscriptions or Bitcoin during a sale.
Protocol spec, resolution logic, and marketplace code are public. Anyone can audit, fork, or build on BNRP independently.
If you discover a security issue — in the protocol spec, the resolution API, the market worker, or the frontend — please report it privately before disclosing publicly. We will respond within 48 hours and credit researchers who report valid findings.
security@btcnative.nameAn independent security review of the BNRP protocol and BTCNative infrastructure is planned. Report will be published here when complete.