Protocol Oxford

This page documents the changes brought by protocol Oxford with respect to Nairobi (see Protocol naming).

The code can be found in directory src/proto_018_Proxford of the master branch of Octez.

Environment Version

This protocol requires a different protocol environment version than Nairobi. It requires protocol environment V11, compared to V9 for Nairobi.

  • Simplify the timelock opening_result type in the environment as we do not deal with Bogus_cipher any longer. (MR !8404)

  • Expose encoding with legacy attestation name. (MR !8620)

Smart Rollups

  • Add the support for bootstrapped smart rollups in storage initialization, similarly to bootstrapped accounts and smart contracts. (MR !8552)

  • Remove the origination proof from the smart rollups’ origination operation. (MR !8817)

  • The field commitment in the operation Sc_rollup_cement is now removed. It was no longer used and was deprecated in Nairobi. This also mean that the commitment does not need to be provided in the client command. (MR !8850)


    ./octez-client cement commitment <commitment hash> from <src> for smart rollup <smart rollup address>


    ./octez-client cement commitment from <src> for smart rollup <smart rollup address>

  • Enable the latest version of the WASM PVM (2.0.0-r2). Existing smart rollups will see their PVM automatically upgrade, and newly originated smart rollups will use this version directly (MR !9051)

  • Add one new host function to the WASM PVM: store_exists (MR !9204).

  • Remove dead refutation games at migration time. A game is dead if both players are no longer staking. (MMR !8975)

  • Reduce cost for internal transaction to smart rollup (MR !9284)

  • The smart_rollup_originate operation now also takes an optional whitelist of public key hashes. This whitelist cannot be used yet (the sc_rollup.private_enable flag has to be set to true). (MR !9401)

  • The transferring parameter from smart rollup client command get proof for message <index> of outbox at level <level> is now optional. (MR !9461)

  • Enable the latest version of the WASM PVM (2.0.0-r3). Existing smart rollups will see their PVM automatically upgrade, and newly originated smart rollups will use this version directly (MR !9735)

  • Added the updated whitelist for private rollups in the receipt of the outbox message execution receipt. (MR !10095)

  • Add private rollups: smart rollup with an updatable whitelist stakers. Only stakers on the whitelist can publish commitment and participate in a refutation game. (MRs !9823, !10104, !9823, !9572, !9427, !9472, !9439, !9401)

Adaptive Issuance (experimental)

  • This protocol expands the voting system for bakers to include Adaptive Issuance alongside Liquidity Baking. This vote is ignored on Mainnet (as explained below), but active on testnets for testing purposes. Bakers may use the per-block votes file, or CLI option --adaptive-issuance-vote. If they do not vote for the Adaptive Issuance feature, the vote defaults to “pass” (unlike the case of Liquidity Baking, whose vote remains mandatory).

  • Adaptive Issuance is locked behind a feature flag and cannot be activated for this proposal. The voting mechanism for Adaptive Issuance remains accessible, but is ignored and can never activate the feature. Moreover, the vote EMA will be reset before reactivating the feature flag. (MR !10371)

  • The new stake and unstake operations are currently deactivated on Mainnet, calls to these operations will fail. Staking and unstaking transfers are still used internally, and may appear in balance receipts. (MR !10849)

  • The new staking mechanism is used internally to freeze deposits automatically at cycle ends, and mimic Nairobi’s behavior. (MR !10562)

  • Most rewards (baking rewards, baking bonuses, attestation rewards, revelation rewards) are partially paid on the frozen deposits balance in addition to the spendable balance. Manager operations fees and denunciation rewards are still paid on the spendable balance. (MR !8091)

  • Denunciation rewards computation updated to depend on limit_of_staking_over_baking. (MR !8939)

When the feature flag is enabled (testnets only), the following extra changes happen:

  • Add parameter limit_of_staking_over_baking as the limit of the ratio of tez staked by other delegators over the baker’s own, for a given baker. (MR !8744)

  • Multiplicative coefficient (with a dynamic part) applied to reward values. (MRs !8860, !8861)

  • EMA and launch cycle. (MRs !8967, !9002, !9025, !9058)

  • Staking and deposits. (MRs !8940, !8957, !8958, !8965, !8966, !8973, !9000, !9014, !9018, !9022, !9023, !9031, !9033, !9039, !9040, !9052, !9054, !9055, !9069)

  • New RPCs introduced: total supply, total frozen stake, launch cycle. (MRs !8982, !8995, !8997, !9057)

  • The unstake client command uses the amount field instead of an extra parameter. (MRs !10377, !10429)

  • Balance updates now include more information related to staking in general, including slashing and rewards. (MRs !10485, !10486, !10487, !10488, !10496, !10526, !10766, !10853)

  • Unstaked frozen deposits, i.e recently unstaked funds, can be used by bakers to be staked again (unless the baker has been slashed). They are used in addition to liquid funds for staking, prioritizing the most recent unstake requests. (MR !10781)

Breaking Changes

  • Protocol parameter ratio_of_frozen_deposits_slashed_per_double_endorsement is converted from the ratio 1/2 into the percentage 50% and renamed to percentage_of_frozen_deposits_slashed_per_double_attestation. (MRs !8753, !9440)

  • Protocol parameter double_baking_punishment is converted from a fixed value of 640tz into the percentage 5% and renamed to percentage_of_frozen_deposits_slashed_per_double_baking. (MR !8753, !10431)

  • Since protocol Ithaca, the ratio of delegated tez over the delegate’s frozen deposit must be at most 9. Until now, this was ensured by a protocol parameter named frozen_deposits_percentage (whose value is 10%) representing the minimal percentage of frozen deposit. We convert it from a percentage to a factor named limit_of_delegation_over_baking whose value is 9. (MR !8884)

  • Receipts involving the Deposits kind of balance are updated in a non-backward-compatible manner. It allows non-delegates, and distinguishes updates to a delegate’s balance from sharing of rewards and punishments. (MR !9498)

  • Field for_double_endorsing from context storage has been renamed into for_double_attesting. (MR !9486)

  • Field endorsing_reward_per_slot from rewards storage has been renamed into attesting_reward_per_slot. (MR !9486)

  • Field missed_endorsements from contract storage has been renamed into missed_attestations. (MR !9486)

  • Fields preendorsements_seen, endorsements_seen and double_endorsing_evidences_seen from the mempool’s operation_state encoding has been renamed preattestations_seen, attestation_seen and double_attesting_evidences_seen. (MR !9440)

  • A DAL attestation operation now contains a new slot field, while the attestor field is removed. (MRs !10183, !10294, !10317)

RPC Changes

  • Split duplicated argument pkh in RPC smart_rollups/smart_rollup/<address>/staker1/<pkh>/staker2/<pkh>/timeout and smart_rollups/smart_rollup/<address>/staker1/<pkh>/staker2/<pkh>/timeout_reached into /staker1/<staker1_pkh>/staker2/<staker2_pkh>. This changes the RPC description but not its use. (MR !8339)

  • Update context with new reward parameters. This changes the JSON from the RPC /chains/main/blocks/head/context/constants. (MR !8657)

  • Remove the RPC for computing smart rollups’ origination proofs smart_rollups/all/origination_proof. (MR !8817)

  • Add the consensus key’s public key to the reponse of the ../context/delegates/<delegate_pkh>/consensus_key RPC. (MR !8856)

  • Three new variants of the voting_power RPC (which returns the voting power of a delegate based on the stake it had when voting snapshot was taken) have been added:

    • current_voting_power the voting power of a delegate based on its current stake (MR !9329)

    • current_baking_power computes the baking power of a delegate based on its current stake (MR !9350)

  • Two new variants of the voting_power RPC (which returns the expected_endorsing_rewards field from /participation RPC has been renamed in expected_attesting_rewards.

Operation receipts

  • To handle the new staking mechanism, the following changes to receipts have been made:

    • the Deposits kind of balance, which used to be associated to the public key hash of a delegate, has been generalized to handle non-delegate staking and sharing of rewards and punishments; it is now associated to either a Single delegator (represented by a pair of the delegator address and its delegate public key hash) or Shared between all the delegators of a given delegate in proportion to their stake (represented by the public key hash of the delegate). (MR !9498)

    • a new Unstaked_deposits kind of balance has been added to represent tez for which unstaking has been requested. This kind of balance is associated with the cycle at which the tez become liquid and, like in the Deposits case, it is either associated with a Single delegator or Shared between a delegate and its delegators. (MR !9498)

Protocol parameters

  • The protocol constant max_slashing_period has been moved from parametric constants to fixed constants. (MR !10451)

Bug Fixes

  • Fix the JSON field kind of the smart rollup preveal encoding. This constant field was wrongfully set for the metadata and request_dal_page case. (MR !9307)

  • Fix reporting of gas in traced execution of Michelson scripts. (MR !6558)

Minor Changes

  • Improve the error for implicit account type check. (MR !7714)

  • Remove infinite source Double_signing_evidence_rewards and take reward from the punishment instead. (MR !7758)

  • Remove zero tickets from a big map of a mainnet contract during migration. (MR !8111)

  • Add a Total supply counter in the storage. (MRs !8732, !8739)

  • Allow to choose the bootstrapped contracts hashes. (MR !9176)

  • Rename endorsement into attestation in protocol errors (MR !9192)

  • Arithmetic errors on Michelson mutez type have been exported so they can now be caught outside of the protocol. (MR !9934)

  • Slashing penalties for double-signing are now applied at the end of the cycle where denunciations were included, rather than immediately. The same applies for rewards allocated from denunciations. (MR !10389)

  • The semantics of forbidden delegates has been adjusted: a delegate becomes forbidden if it has been slashed for more than 51% of its frozen stake over the last 2 cycles. (MRs !10382, !10844)


  • Fail earlier when a smart rollup commitment is in conflict when cementing. (MR !8128)

  • split smart rollup origination fct for readibility. (MR !8276)

  • Remove the deprecated and unused tx_rollup_l2_address Michelson type. (MR !8546)

  • Add an internal represention case for the UNIT Michelson instruction. (MR !8579)

  • Encoding that supports endorsement kind in JSON are now suffixed with _with_legacy_attestation_name. Non legacy encoding supports attestation kind. (MRs !8563, !8531)

  • Michelson: remove legacy behaviour related to contract type. (MR !5800)

  • Michelson: cleanup legacy annotation management. (MR !8208)

  • Michelson: refactor management of metadata in ty smart constructors. (MR !8420)

  • Michelson: remove unused deprecated tx_rollup_l2_address type. (MR !8546)

  • Rename source into sender. (MR !7373)

  • Improve efficiency of solving the baker PoW challenge. (MR !8403)

  • Refactor declarations of make_empty_context and make_empty_tree for easier use. (MR !8550)

  • Move notions of Smart rollup address and various smart rollup hashes types to the shell to make them common to all protocols though the environment. (MR !8562, MR !8625)

  • Refactoring : stake splitted between a frozen part and a delegated part. (MRs !8051, !8885)

  • Refactoring : rewards computed as a relative portion of the total amount of tez rewarded per minute (about 85tez/min). (MR !8657)

  • Introduce the notion of rollups “machine” which can compute the semantics of a given rollup, but cannot be used to generate or verify proof. (MR !8815)

  • Consensus: optimized validation of attestations by maintaining a set of forbidden delegates instead of checking through an I/O that the delegate has a sufficient frozen deposit. (MR !8722)

  • Refactor punishing transfers to be closer to each other. (MR !7759)

  • Remove almost all transaction rollup logic from the protocol. (MR !8466)

  • Fix encoding names for rewards. (MR !8716)

  • Use pair type instead of *` for Michelson pairs. (MR !8720)

  • Add new function of_list to build a Merkle list. (MR !8853)

  • Improve some aspects in the PlonK code. (MR !8730)

  • Store a history of percentages of slashed deposits. (MR !8828)

  • Renaming the endorsement_power and preendorsement_power fields from consensus operation receipt to consensus_power in the non legacy encoding. (MR !8531)

  • Improve storage cleaning at the end of a refutation game. (MR !8881)

  • version_value moved from to (MR !8867)

  • Transaction rollup: removed left parameters (!8700)

  • balance_update_encoding now output attesting rewards and lost attesting rewards in JSON. balance_update_encoding_with_legacy_attestation_name has been added and output legacy endorsing rewards and lost endorsing rewards. (MR !9251)

  • Register an error’s encoding: WASM_proof_verification_failed. It was previously not registered, making the error message a bit obscure. (MR !9603)