How does Kaspa stop someone from faking covenant membership?

Kaspa's consensus rules allow an output to carry a `covenant_id` only if it genuinely continues an existing covenant or correctly genesis-initializes a brand-new one from a unique outpoint and a committed set of authorized outputs — making unauthorized covenant membership impossible at the protocol level. Think of a covenant like a club: you can only join as a founding member (genesis-initialization with the right credentials) or by inheriting membership from an existing member output (continuing the covenant). Because the network itself enforces this check on every transaction, no output can forge its way into a covenant it was never authorized to join. For beginners, this non-forgeability property is what makes covenant-based applications trustworthy — the membership roster is enforced by consensus, not by a central gatekeeper.

Learn more ›