3.2.8 Denunciations In order to avoid the double minting of a block or the double signing of a block, a miner may include in his block a denunciation. This denunciation takes the form of two signatures. Each minting signature or block signature signs the height of the block, making the proof of malfeasance quite concise. While we could allow anyone to denounce malfeasance, there is really no point to allow anyone else beyond the block miner. Indeed, a miner can simply 4 copy any proof of malfeasance and pass it off as its own discovery. Once a party has been found guilty of double minting or double signing, the safety bond is forfeited. 3.3 Smart contracts 3.3.1 Contract type In lieu of unspent outputs, Tezos uses stateful accounts. When those accounts specify executable code, they are known more generally as contracts. Since an account is a type of contract (one with no executable code), we refer to both as ”contracts” in full generality. Each contract has a “manager”, which in the case of an account is simply the owner. If the contract is flagged as spendable, the manager may spend the funds associated with the contract. In addition, each contract may specify the hash of a public key used to sign or mine blocks in the proof-of-stake protocol. The private key may or may not be controlled by the manager. Formally, a contract is represented as: type contract = { counter: int; (* counter to prevent repeat attacks *) manager: id; (* hash of the contract's manager public key *) balance: Int64.t; (* balance held *) signer: id option; (* id of the signer *) code: opcode list; (* contract code as a list of opcodes *) storage: data list; (* storage of the contract *) spendable: bool; (* may the money be spent by the manager? *) delegatable: bool; (* may the manager change the signing key? *) } The handle of a contract is the hash of its initial content. Attempting to create a contract whose hash would collide with an existing contract is an invalid operation and cannot be included in a valid block. Note that data is represented as the union type. type data = | STRING of string | INT of int 4 Azero-knowledge proof would allow anyone to benefit from denouncing malfeasances, but it’s not particularly clear this carries much benefit. 14
A Self-Amending Crypto-Ledger White Paper Page 15 Page 17