Lendasat LogoLendasat Docs
Resources

Doomsday

Lendasat's break-glass recovery tool for Bitcoin lending contracts.

What "Doomsday" Is

Doomsday is Lendasat's break-glass recovery tool for a Bitcoin lending contract.

If Lendasat ever disappears (hosting down, company gone, etc.), the two counterparties (borrower & lender) can still co-spend the contract's collateral by reconstructing the needed key material and building/signing a PSBT (Partially Signed Bitcoin Transaction) together - entirely outside Lendasat's platform.

Audit, use and download the software on GitHub

What You Will Need to Stay Safe
  • Your contract backup - it should contain all non-secret metadata required by the tool and can be found on your contract page
  • Your own encrypted wallet seed and Lendasat password
  • The contract derivation path (per-contract key path)
  • The collateral contract address and collateral script (used as inputs when building the spend)

All of the above, except your password, are in the backup file.

How It Works (Step-by-Step)

1. Open the Offline UI

You load dist/index.html in a browser (no server needed). Select the Bitcoin network (mainnet by default).

Or go to the hosted version: https://lendasat.github.io/doomsday/

2. Derive Your Per-Contract Private Key

In the UI you supply:

  • Your encrypted wallet seed
  • Your Lendasat password
  • The derivation path for this specific contract

The tool derives the key that can authorize spending from the contract's script. (Only your password decrypts your seed; the path ties it to the specific contract.)

3. Build a Spend PSBT (Initiating Party)

You click "Build transaction" and provide:

  • Inputs: the collateral contract address and the collateral script
  • Outputs: the borrower address + amount and the lender address + amount (after discussing with your counterparty)

The UI constructs a PSBT and includes your partial signature. You then copy the PSBT hex and send it to your counterparty.

4. Coordinate Out-of-Band (Fallback Comms)

The README suggests contacting your counterparty via Nostr, using derived keys (your Nsec, their Npub) so you can find each other even if Lendasat is gone. (This is just for coordination; signing happens in the PSBT.)

5. Verify, Finalize, Broadcast (Finalizing Party)

The other party:

  • Verifies the PSBT amounts (to ensure they match the agreed split)
  • Derives their own per-contract key the same way (seed + password + derivation path)
  • Clicks "Sign & broadcast," pastes your PSBT, adds their signature, and broadcasts the fully signed transaction to the Bitcoin network

A few seconds later, it should appear on-chain.

Security & Trust Model

Non-Custodial by Construction

Each party holds their own encrypted seed and password; the tool derives per-contract keys locally to authorize spends from the collateral script (e.g., a pay-to-witness-script-hash address defined by the loan contract). Lendasat's availability is not required at signing time.

Cooperative Only

Doomsday is a two-party cooperative recovery. Both borrower and lender must sign the PSBT to move funds. (If one side refuses, Doomsday by itself does not imply a unilateral path - any such path would have to be part of the contract's script rules, which are not described in the repo.)

Data Minimization

The tool needs your password to decrypt your seed locally; everything else it asks for (address, script, derivation path) should be in the backup. Keep that backup safe.

Practical Usage Tips
  • Do it offline if you can: Open the HTML file locally; consider running the browser in a hardened environment (no extensions; ideally an air-gapped machine) when handling seeds/passwords
  • Verify outputs carefully: Double-check the sats amounts and recipient addresses before you sign or broadcast. The finalizing party is explicitly told to verify the amount
  • Use Nostr only to coordinate: Treat it like email/DMs for sharing PSBTs and confirming terms. Don't paste secrets there
  • Keep the backup current: Since the tool relies on contract backups, make sure your backups are up-to-date whenever you enter a new contract
Limitations to Be Aware Of
  • Requires cooperation: If the other party is unresponsive or adversarial, Doomsday (as documented) doesn't promise a unilateral spend route
  • You must supply correct script data: The inputs (contract address + script) must match the on-chain UTXO(s) holding collateral; wrong data = invalid PSBT
  • Password/seed hygiene matters: Anyone with your decrypted seed and path can sign on your behalf

Lender API

Complete API documentation for Lendasat Lender integration

Impressum

Next Page

On this page

What "Doomsday" IsWhat You Will Need to Stay SafeHow It Works (Step-by-Step)Security & Trust ModelPractical Usage TipsLimitations to Be Aware Of