Minor: reformat code a bit, introduce TimestampedWireTransaction as a wrapper, fix ContractStateRef to be the same as a Bitcoin COutPoint structure.

src/core/ContractsDSL.kt

@@ -25,8 +25,7 @@ inline fun <reified T : Command> List<VerifiedSigned<Command>>.select(signer: Pu
 inline fun <reified T : Command> List<VerifiedSigned<Command>>.requireSingleCommand() = try {
     select<T>().single()
 } catch (e: NoSuchElementException) {
-    // Better error message.
-    throw IllegalStateException("Required ${T::class.qualifiedName} command")
+    throw IllegalStateException("Required ${T::class.qualifiedName} command")   // Better error message.
 }
 
 // endregion

src/core/Structures.kt

@@ -1,7 +1,6 @@
 package core
 
 import java.security.PublicKey
-import java.security.Timestamp
 
 /**
  * A contract state (or just "state") contains opaque data used by a contract program. It can be thought of as a disk
@@ -18,25 +17,9 @@ interface ContractState {
 }
 
 /**
- * A stateref is a pointer to a state, normally a hash but this version is opaque.
+ * A stateref is a pointer to a state, this is an equivalent of an "outpoint" in Bitcoin.
  */
-class ContractStateRef(private val hash: SecureHash.SHA256)
-
-/**
- * A transition groups one or more transactions together, and combines them with a signed timestamp. A transaction
- * may not stand independent of a transition and all transactions are applied or reverted together as a unit.
- *
- * Consider the following attack: a malicious actor extracts a single transaction like "pay $X to me" from a transition
- * and then broadcasts it with a fresh timestamp. This cannot work because the original transition will always take
- * priority over the later attempt as it has an earlier timestamp. As long as both are visible, the first transition
- * will always win.
- */
-data class Transition(
-    val tx: LedgerTransaction,
-
-    /** Timestamp of the serialised transaction as fetched from a timestamping authority (RFC 3161) */
-    val signedTimestamp: Timestamp
-)
+class ContractStateRef(private val txhash: SecureHash.SHA256, private val index: Int)
 
 class Institution(
     val name: String,
@@ -47,7 +30,7 @@ class Institution(
 
 interface Command
 
-/** Provided as an input to a contract; converted to a [VerifiedSignedCommand] by the platform before execution. */
+/** Provided as an input to a contract; converted to a [VerifiedSigned] by the platform before execution. */
 data class SignedCommand(
     /** Signatures over this object to prove who it came from: this is fetched off the end of the transaction wire format. */
     val commandDataSignatures: List<DigitalSignature.WithKey>,

src/core/Transactions.kt

@@ -4,8 +4,8 @@ import java.time.Instant
 
 // Various views of transactions as they progress through the pipeline:
 //
-// WireTransaction -> LedgerTransaction -> TransactionForVerification
-//                                         TransactionForTest
+// TimestampedWireTransaction(WireTransaction) -> LedgerTransaction -> TransactionForVerification
+//                                                                     TransactionForTest
 
 class WireTransaction(
     // TODO: This is supposed to be a protocol buffer, FIX SPE message, etc. For prototype it can just be Kryo serialised.
@@ -17,6 +17,14 @@ class WireTransaction(
     val signatures: ByteArray
 )
 
+class TimestampedWireTransaction(
+    // A serialised WireTransaction
+    val wireTX: ByteArray,
+
+    // This is, for example, an RFC 3161 serialised structure (but we probably want something more compact).
+    val timestamp: ByteArray
+)
+
 /**
  * A LedgerTransaction wraps the data needed to calculate one or more successor states from a set of input states.
  * It is the first step after extraction from a WireTransaction. The signature part is tricky.

tests/contracts/ComedyPaperTests.kt

@@ -45,7 +45,6 @@ class ComedyPaperTests {
 
             input { CASH_3 }
             output { CASH_2 }
-
             arg(DUMMY_PUBKEY_1) { Cash.Commands.Move() }
 
             // Time passes, but not enough. An attempt to redeem is made.