KAS Price Oracle
The first on-chain KAS/USD price on Kaspa. Its value changes only with a RISC Zero proof — verified by every node via the 0x21 precompile — that the new price is the median of committee-signed exchange feeds. No operator can post a number that isn't the real median. It lives in a covenant, so any Kaspa contract can read it.
How a price gets on-chain
1 · Fetch
A fixed committee of exchanges (MEXC, Gate, KuCoin, CoinGecko) is polled for KAS/USD.
2 · Sign
Each committee member signs its (price, epoch) with its own key — off-chain data providers, not tx signers.
3 · Prove
A RISC Zero guest verifies the signatures and commits the MEDIAN. The aggregation is inside the proof.
4 · Post
The covenant accepts the new price only if the 0x21 proof verifies against it. State advances; the covid is preserved.
Why the proof matters
proves that k members signed some price — but not that the posted number is the correct aggregate. A colluding relayer with k signatures can publish anything.
proves the aggregation rule itself — the price is the median of the signed feeds, computed inside the proof. No relayer or subset can post an arbitrary value, and it scales to many publishers with one on-chain proof.
The live oracle on-chain
One covenant lineage on testnet-10 — genesis, then real KAS prices, each a `0x21`-verified median. Open any:
Any Kaspa contract reads this box's current price by co-spending it (a passthrough) — that's how the kUSD CDP or the DEX would price KAS collateral, with no trusted feed key in the middle.
Consume it — a verifiable feed
The price is served over a plain HTTPS endpoint (CORS-open) for apps, dashboards, and bots — but unlike a normal price API, every response ships the on-chain reference so you can audit it. Don't trust the server; verify against the chain.
GET https://pq.murraywiki.org/api/oracle/state
→ { "pair":"KAS/USD", "price":0.029780, "priceMicroUsd":29780,
"epoch":1783748966, "ageSeconds":..., "stale":false,
"verify": { "covenantId":"d4af5220…", "lastPostTx":"f458f82c…",
"explorerTx":"…", "committee":[…], "threshold":3,
"sourceSetCommitment":"bf1340cb…", "howTo":"…" } }For apps / bots — verify the API
- Read price + verify.lastPostTx from the endpoint.
- Open explorerTx — confirm output 0 continues covenantId.
- The covenant only accepts a price its 0x21 median-proof verifies — so the on-chain value is provably the median, and it must equal the API's number.
- Reject if stale is true (no fresh post).
For contracts — read it on-chain
A Kaspa covenant co-spends the oracle box and reads {price, epoch} via readInputStateWithTemplate (template 4318f1bd…, covid d4af5220…). No server in the loop — the guarantee is enforced by consensus. This is how the kUSD CDP or the DEX would price KAS.
The honest trust model
The proof enforces the aggregation — it does not make the data true. Trust collapses to: ≥ threshold of the committee is honest and their exchange data is correct. That's the standard oracle model (it's what Chainlink/Pyth are underneath), and a real improvement over a single key — but it's not trustless, and we won't pretend it is.
Testnet-10 only · unaudited prototype · the MVP operator currently holds the committee keys · not for real value. A concrete, fee-dense use of Toccata: exactly the high-value settlement demand that pays for L1 security as emission tapers.