A question about your protocol, is the purpose of the block structure containing the Merkle tree (mapping
address => tx
with each tx bundle[shard[1], address[1], shard[2], address[2] ... shard[n], address[n], data]
) to make it easy for shards to verify that each account is only affected by one cross-shard tx in a slot (i.e. only affected by one cross-shard tx at some block height across all shards)?
Yes.
But the validator on shard A is proposing shard-A-block-N without checking against shard-B-block-N, right?
Correct.
So the concern is what prevents validators from stuffing blocks with transactions where
data
is not executed, or is it not a problem if shard blocks are stuffed with invalid tx’s?
Invalid transactions are just treated as no-ops. And yes, it is possible for a malicious validator to prevent any cross-shard transactions that involve their shard from taking place for that one block.