Learn · Explainer 2 of 6
What the seven rules restrict (data carriage)
This is the detailed article on BIP-110's seven transaction rules. It is byte-exact where the specification is byte-exact. Read Understanding BIP-110 first for the vocabulary and the overview. Read this when you need to know precisely what an active BIP-110 block will and will not accept, which is the question that matters to wallet developers, miners, and anyone building or classifying transactions in the window.
These rules restrict data carriage: the practice of embedding arbitrary data in transaction outputs, witnesses, and scripts. The name comes from that intent, but the rules are defined mechanically in bytes and opcodes, not by intent, and this article describes the mechanics. Whether restricting data carriage is desirable is a position held by participants, argued on both sides, and not adjudicated here.
The seven rules, one at a time
While the deployment is ACTIVE, blocks are checked against seven additional restrictions. Each one only ever narrows the set of valid blocks. The table below is the specification-level statement; the sections after it give the byte-level detail.
| # | Additional consensus restriction |
|---|---|
| 1 | Each new output scriptPubKey is at most 34 bytes. If its first opcode is OP_RETURN, the whole script may instead be at most 83 bytes. This is total script size, not 83 bytes of payload. |
| 2 | OP_PUSHDATA payloads and script-argument witness items are at most 256 bytes. The BIP16 redeemScript push in a scriptSig is exempt. Witness scripts and Tapleaf scripts are scripts rather than argument items, but pushes executed within them remain limited. |
| 3 | Spending an undefined witness version or undefined Tapleaf version is invalid. Witness v0, Taproot, and P2A are recognised exceptions. Creating an output using an undefined witness version remains valid. |
| 4 | A Taproot spend containing an annex is invalid. |
| 5 | A Taproot control block is at most 257 bytes, corresponding to a maximum Merkle path depth of 7. |
| 6 | A Tapscript containing any OP_SUCCESS opcode is invalid, even if execution would never reach it. |
| 7 | Executing OP_IF or OP_NOTIF in Tapscript is invalid, regardless of the condition result. Merely having the byte inside pushed data is not execution. |
Rule 1: output script size
Every new output scriptPubKey may be at most 34 bytes. The single exception is a script whose first opcode is OP_RETURN: such a script may be up to 83 bytes total. The 83 bytes are the whole script size, including the OP_RETURN opcode and any push opcodes, not 83 bytes of embeddable payload. A 34-byte cap is exactly the size of the largest standard output types (P2TR and P2WSH are 34 bytes; P2PKH, P2SH, P2WPKH are smaller), and the OP_RETURN allowance preserves a small labelled-data output.
This is the only rule that applies to outputs rather than inputs, and it is the one that survives grandfathering (see below). A 35-byte non-OP_RETURN output is invalid in an active block even if every input to the transaction is a grandfathered pre-activation coin.
Rule 2: push-payload and witness-item size
Any OP_PUSHDATA payload, and any witness item that is a script argument, may be at most 256 bytes. Two clarifications matter:
- The BIP16 redeemScript push in a scriptSig is exempt. A P2SH redeemScript can therefore still exceed 256 bytes when pushed as the final scriptSig element.
- Witness scripts (the P2WSH witnessScript) and Tapleaf scripts are treated as scripts, not as argument items, so the script itself is not capped by this rule. But pushes that execute inside those scripts are still limited to 256 bytes.
The effect is a cap on the size of any single embedded data blob carried as a push, which is the mechanism most inscription-style data carriage relies on.
Rules 3 to 7: witness and Tapscript restrictions
These five rules all constrain how coins are spent, which is why they are all subject to per-input grandfathering.
- Rule 3, undefined versions. Spending an output that uses an undefined witness version or an undefined Tapleaf version is invalid. Witness v0 (SegWit), Taproot, and P2A are the recognised exceptions. Note the asymmetry: creating an output that uses an undefined witness version is still valid; only spending one is restricted. The implementation treats the P2A exception as the empty-witness P2A form. A non-empty-witness P2A spend falls through to the upgradable-witness rejection while the RDTS flags apply.
- Rule 4, Taproot annex. A Taproot spend that includes an annex is invalid. The annex is an optional, currently-unused extension field in a Taproot witness.
- Rule 5, control-block depth. A Taproot control block may be at most 257 bytes. A control block is 33 bytes plus 32 bytes per Merkle path step, so 257 bytes corresponds to a maximum Merkle path depth of 7. Deeper script trees cannot be revealed while the rules are active.
- Rule 6,
OP_SUCCESS. A Tapscript containing anyOP_SUCCESSopcode is invalid, even if execution would never reach that opcode. The presence of the byte in the script is enough.OP_SUCCESSopcodes are the currently-reserved upgrade opcodes in Tapscript. - Rule 7,
OP_IFandOP_NOTIF. ExecutingOP_IForOP_NOTIFin Tapscript is invalid, regardless of whether the condition evaluates true or false. The distinction is execution, not presence: having theOP_IFbyte sitting inside a data push is not execution and is not a violation. A Tapscript that reaches anOP_IFon the executed path fails.
Rules 3, 6, and 7 also close upgrade hooks for the duration: undefined versions and OP_SUCCESS are exactly the mechanisms a future soft fork would use, and they cannot be used while RDTS is active.
Grandfathering is per input, not per transaction
This is the rule that most often trips up analysis. Exemption from the input and script rules (rules 2 through 7) is decided per input, using the height at which each input's UTXO was confirmed on the selected ancestry.
- An input spending a UTXO created below that branch's activation height is exempt from all the new input and script rules.
- An input spending a UTXO created at or above the activation height is not exempt.
- In a mixed transaction, the implementation selects flags independently for each input. One input can be grandfathered while another in the same transaction is checked.
Output rule 1 does not grandfather. Every output created in an active block is new, so its size is always checked, coinbase outputs included. The consequences are precise:
- A pre-activation UTXO cannot be made BIP-only or permissive-only merely by using a witness construction that rules 2 through 7 forbid. Its input is grandfathered, so the construction is simply exempt.
- A post-activation transaction that spends an old UTXO can still be made permissive-only, by violating output rule 1 (for example creating a 35-byte non-
OP_RETURNoutput), subject to relay and miner policy. - Outputs created during
STARTEDorLOCKED_INare still pre-activation UTXOs, so they receive the input-side exemption later, once the rules are active. - A reorganization that moves the same funding transaction from below the activation height to at or above it changes its outputs from grandfathered to restricted. Grandfathering follows the confirmed coin height on the selected ancestry, so it is branch-relative like everything else in this event.
- At
EXPIRED, the consensus restrictions stop for all new spends, but local mempool policy can remain stricter.
Consensus and policy are intentionally different
The reviewed clients apply the RDTS script and output-size checks as ordinary mempool and mining policy, even outside the ACTIVE period. This is a deliberate design choice, and it has consequences that matter for everything you see on the Live dashboard:
- Pre-activation transaction relay is already partially partitioned by policy. A transaction that violates the RDTS-style checks may be refused by a BIP node's mempool today, long before the rules are consensus rules.
- A consensus-valid spend of a grandfathered input may need direct miner submission if ordinary relay policy rejects it.
- Changing a policy option cannot make an active-period consensus-invalid block valid. Policy can only narrow what a node relays or mines, never widen the set of valid blocks.
- Seeing a transaction absent from a BIP node's mempool does not prove it would be invalid in a block at the current height.
The rule to carry from this: policy can make a node refuse transactions that consensus would allow; policy cannot make a node accept a block that active consensus forbids.
Try it: the interactive tools
Two interactive tools accompany this article. The Data-Carriage Matrix and Atlas lets you cross-reference each of the seven rules against transaction and output types and see which combinations are restricted, grandfathered, or unaffected. The Script Lab lets you build an input or output and test it against both active RDTS consensus and Knots policy, so you can see for yourself where a given push size, control-block depth, or Tapscript construction crosses a limit.
What to watch
On the Live dashboard, the data-carriage rules are what the mempool-divergence panel is actually measuring. When Core and Knots mempools disagree about a transaction, it is usually because that transaction crosses one of these limits as Knots policy even before activation. Watch the mempool-divergence panel with the guardrail in mind: absence from the Knots mempool is a policy outcome (one of these seven checks applied as relay policy), not a consensus verdict. After activation, the split-telemetry panel would show a realized RDTS-invalid block only if one is actually mined; the rule difference stays latent until then.
Sources
This page restates the BIP-110 technical walkthrough sections What BIP 110 changes (the seven-rule table and the surrounding notes on upgrade hooks), Grandfathering is per input, not per transaction, and Consensus and policy are intentionally different. Byte counts, the 34/83/256/257-byte limits, and the depth-7 figure are quoted from that walkthrough, which draws them from the BIP-110 text and the reviewed Knots and standalone-client source.