Overview

As of PR #5471, we lack the guarantees needed to perform Merkle-proof verification of execution results. If we want clients to trust query responses about transaction results, we must separate the block identifier from the consensus hash.

Explanation

• Merkle verification relies on a validated Merkle root.
• To be validated by consensus, a Merkle root must be included in the block header and contribute to its consensus hash.
• However, the result_merkle_root can only be computed after validation.
• Adding post-validation data to the consensus hash would necessarily change that hash.
• Therefore, you cannot keep the consensus hash identical before and after validation.
• As a result, the consensus hash alone cannot serve as a stable block identifier throughout a block's lifecycle.
• We need a separate block identifier.

Why PR #5471 doesn't work for verifying the results

PR #5471 purposely omits the result_merkle_root from the header's hash. That allows any arbitrary result root to reside in the header without changing the consensus hash. Consequently, even if you verify the header, you gain no guarantee about the authenticity of the result Merkle root.

Possible Implementation

• consensus hash: the header hash including the result Merkle root
• block identifier: the header hash excluding the result Merkle root