VitoCoin is a full-stack PoW blockchain with real consensus, P2P networking, HD wallets, and a merchant payment engine — running end-to-end in your browser.
Real-time view of the most recently confirmed blocks on the VitoCoin network.
| Height | Hash | Transactions | Timestamp |
|---|---|---|---|
| Connecting to node… | |||
Real consensus logic — no fake chains, no shortcuts, no central authorities.
Double SHA-256 identical to Bitcoin. Difficulty retargets every 2,016 blocks with a 4× clamp. Multi-threaded miner with getblocktemplate.
Full peer-to-peer network with handshake enforcement, peer banning, inventory deduplication, and 8 outbound connections by default.
Bitcoin-compatible UTXO set with O(1) lookup, double-spend protection, coinbase maturity enforcement, and undo-diff reorg.
secp256k1 ECDSA, P2PKH addresses, HD derivation (m/44'/6333'/0'), BIP-39 mnemonic. AES-256-GCM vault encryption.
Payment lifecycle with TTL, HD address derivation per request, HMAC-SHA256 webhook signatures with replay protection.
Cumulative-work chain selection (not longest). Undo diffs for O(1) rollback. MAX_REORG_DEPTH=100 guards against DoS.
Bitcoin-compatible Merkle root in every block header. Any tampered or added transaction invalidates the root immediately.
LevelDB with SQLite fallback. Atomic batch writes, UTXO undo diffs, full tx index, and structured key prefixes.
Full explorer API with sliding-window rate limiting, CORS, SSRF protection, Prometheus metrics, and API key auth.
VitoCoin operates as a sovereign chain with its own genesis block, coin type, and address space.
Every component of the stack has dedicated security controls and formal protections.
UTXO set enforced at mempool admission and block validation. Spent outputs rejected immediately.
secp256k1 with low-S normalization (BIP-62). 128-bit equivalent security per input.
SHA-256d PoW + Merkle root validation. Every block header commits to all transactions.
SIGHASH_ALL binds signatures to the exact transaction. Cannot be replayed in others.
MAX_REORG_DEPTH=100. Attack chains deeper than 100 blocks are rejected outright.
RFC 1918, loopback, and link-local addresses blocked from all peer connections.
Sliding window per IP: 300 reads/min, 5 tx/min, 10 admin/min, 600 global ceiling.
Messages before verack are dropped. Ban scoring with 24-hour automatic bans.
HMAC-SHA256 with 5-minute window and nonce. Webhook secret never in payloads.
Accept VITO payments anywhere — every request gets a dedicated HD-derived address, automatic settlement detection, and signed webhook callbacks.
Each payment request derives a fresh child address via BIP-32 (m/44'/6333'/account'/0/index). No address reuse, no UTXO correlation, no tracking.
Invoices expire automatically — configurable TTL (default 15 min). Expired orders are flagged and archived. No stale payment windows left open.
Signed callbacks delivered on confirmation. HMAC-SHA256 over the payload with a nonce and 5-minute replay window. Secret never appears in the payload.
Orders transition through pending → detected → confirmed → settled. Configurable confirmation count. Under-payment and over-payment handled gracefully.
POST /merchant/orders is idempotent on order_id. Safe to retry on network failure. GET /merchant/orders/:id for status polling.
Every state change is timestamped and persisted. Export CSV, query by date range or status. Immutable append-only event log per merchant.
Built for production from day one — independent audit coverage, open-source cryptography, and zero custody.
VitoCoin never holds your keys. All private keys are generated in-browser, encrypted with AES-256-GCM under your password, and stored only on your device. Zero server-side key material.
Four independent test suites cover consensus, UTXO integrity, ECDSA signing, mempool admission, fee validation, Merkle roots, and simulated 51% attacks. CI enforced on every commit.
SHA-256d (Bitcoin-identical), secp256k1 ECDSA with BIP-62 low-S normalization, BIP-32/39/44 HD derivation, AES-256-GCM vault encryption. No proprietary cryptography.
Per-IP sliding window: 300 reads/min · 5 txs/min · 10 admin ops/min · 600 global ceiling. Exponential backoff enforced client-side; 429 triggers automatic node failover.
Frankfurt · New York · Singapore · Tokyo — four independent nodes with automatic health checks, cross-region failover, and BroadcastChannel tab coordination to eliminate redundant calls.
No analytics, no trackers, no third-party data collection. All blockchain data served from self-hosted nodes. Supabase for authentication only — no financial data leaves your browser.
Comprehensive coverage from ECDSA signing to 51% attack simulation across 4 independent test suites.
Create an account or sign in to access your wallet, merchant portal, or admin panel.