Proof-of-Windy.

§ token spec

The Windy token contract is deployed once and never replaced. New mint mechanisms plug in as separate Minter contracts that receive MINTER_ROLE. The 21M cap is a Solidity constant in the deployed bytecode — no admin path can raise it.

deployed contracts

§ how mining works

Mining WNDY is not a brute-force search. You write a program in windy-lang, prove it ran honestly inside a Risc Zero zkVM, and submit the proof on-chain. The minter verifies the proof, grades the journal, and pays out a fixed reward per tier.

1. 1

   write a .wnd program

   Anything that executes — the harder the language features it uses (multi-IP, grid memory, branching, wind speed), the higher it scores. Write it in the browser playground or any editor.

2. 2

   prove it in the zkVM

   The Risc Zero guest runs your program, measures execution shape (visited cells, hard-opcode diversity, branches, grid writes), and produces a Groth16 proof bound to your recipient address and a one-shot nonce.

3. 3

   submit on-chain

   The minter calls the Risc Zero verifier, re-grades the journal in Solidity, dedups by programHash (one mint per source forever), and mints the tier reward to the recipient committed inside the proof.

The first miner to submit a given program_hash claims it. Subsequent submissions of the byte-identical source revert with ProgramAlreadyConsumed. Mining is a search for previously-unsolved programs, not a loop that re-submits a known-good proof forever.

§ tiers

Score is a function of visitedCells (trace-truth code size) and a multiplicative diversity bonus over the ten "hard" opcodes (t p g _ | ≫ ≪ ~ # "). The exact formula is enforced both in the zkVM guest and on-chain — see PHASE-2-MINING.md. Run windy mine --dry-run my.wnd to preview your score before paying gas.

§ quickstart

Install the CLI, write a program, mine it.

$ cargo install windy-lang windy-mine

$ cat > my.wnd <<'EOF'
"Hi,Windy"v
        >
       ,@
EOF

$ windy mine --dry-run my.wnd       # grade only, no tx, no Docker
score:    34.30
tier:     2 → Silver
reward:   1.0 WNDY
Looks mintable. Re-run without --dry-run to claim it.

$ windy mine my.wnd                  # Groth16 wrap (~5–10 min) + mainnet mint
✓ proof generated
✓ score verified on-chain (Silver)
✓ minted 1.0 WNDY → 0xCE13…5167
   tx: https://basescan.org/tx/0x9731…4c54c

Full walkthrough — installing Docker for Groth16, picking a keystore, troubleshooting revert reasons — lives in docs/MINING-GUIDE.md.

§ trust model

• 21M cap is a Solidity constant. It lives in the deployed bytecode of Windy.sol. No admin, no multisig, no upgrade path can raise it.
• Deployer EOA holds zero roles. DEFAULT_ADMIN_ROLE + PAUSER_ROLE were renounced from the deployer in the same atomic broadcast as the deploy. After block N+1 the deployer is indistinguishable from any other address.
• Admin is a 1-of-1 Safe. The Safe can pause the minter or grant MINTER_ROLE to a future Phase 3 minter. It cannot mint WNDY directly.
• Only path to new WNDY: a valid Risc Zero proof. MINTER_ROLE on the token is held only by ZkExecutionMinterV2. The minter verifies against the pinned IMAGE_ID and mints to the recipient committed inside the proof's journal.
• Self-audit baseline. 61 Foundry tests · 7 fuzz × 256 runs · 100% coverage on production contracts · Slither 0 findings · Mythril clean. No paid external audit yet — that's the trade for "experimental useful-PoW token." When real value/liquidity accumulates, re-audit.

§ the windy trilogy

WNDY is one of three sibling projects exploring the same 2D wind-flow language.