GovDepsMatch
Lemma (govDepsMatch is invariant of LEDGER rule).
Informally.
Suppose s and s' are ledger states such that
s ⇀⦇ tx ,LEDGER⦈ s'.
Let utxoSt and utxoSt' be their respective
UTxOStates and let govSt and
govSt' be their respective GovStates.
If the governance action deposits of utxoSt are equal to those of
govSt, then the same holds for utxoSt' and govSt'.
In other terms, if govDepsMatch s, then
govDepsMatch s'.
Formally.
LEDGER-govDepsMatch : LedgerInvariant _⊢_⇀⦇_,LEDGER⦈_ govDepsMatch
Proof.
LEDGER-govDepsMatch (LEDGER-I⋯ refl (UTXOW-UTXOS (Scripts-No _))) aprioriMatch = aprioriMatch LEDGER-govDepsMatch {Γ}{s}{tx}{s'} utxosts@(LEDGER-V⋯ tx-valid (UTXOW-UTXOS (Scripts-Yes x)) _ GOV-sts) aprioriMatch = let open Tx tx; open TxBody body open LEnv Γ renaming (pparams to pp) open PParams pp using (govActionDeposit) open LState s open LState s' renaming (govSt to govSt'; certState to certState') open LEDGER-PROPS tx Γ s using (utxoDeps; updateGovStates; STS→GovSt≡) open SetoidProperties tx Γ s using (|ᵒ-GAs-pres; props-dpMap-votes-invar; utxo-govst-connex; noGACerts) in begin filterˢ isGADeposit (dom (updateDeposits pp body utxoDeps)) ≈⟨ noGACerts txcerts (updateProposalDeposits txprop txid govActionDeposit utxoDeps) ⟩ filterˢ isGADeposit (dom (updateProposalDeposits txprop txid govActionDeposit utxoDeps)) ≈⟨ utxo-govst-connex txprop aprioriMatch ⟩ fromList (dpMap (updateGovStates (map inj₂ txprop) 0 govSt)) ≈˘⟨ props-dpMap-votes-invar txvote txprop ⟩ fromList (dpMap (updateGovStates (txgov body) 0 govSt )) ≈˘⟨ |ᵒ-GAs-pres 0 govSt certState' ⟩ fromList (dpMap (updateGovStates (txgov body) 0 (rmOrphanDRepVotes certState' govSt))) ≡˘⟨ cong (fromList ∘ dpMap ) (STS→GovSt≡ utxosts tx-valid) ⟩ fromList (dpMap govSt') ∎ LEDGER-govDepsMatch {s' = s'} utxosts@(LEDGER-V (() , UTXOW-UTXOS (Scripts-No (_ , refl)) , _ , GOV-sts)) aprioriMatch