contract/money: Constrain spend_hook in ZK when burning coins.

src/contract/money/proof/burn_v1.zk

@@ -79,6 +79,9 @@ circuit "Burn_V1" {
 	user_data_enc = poseidon_hash(user_data, user_data_blind);
 	constrain_instance(user_data_enc);
 
+	# Reveal spend_hook
+	constrain_instance(spend_hook);
+
 	# Finally, we derive a public key for the signature and
 	# constrain its coordinates:
 	signature_public = ec_mul_base(signature_secret, NULLIFIER_K);

src/contract/money/src/client/stake_v1.rs

@@ -72,8 +72,8 @@ impl MoneyStakeBurnRevealed {
             *tokcom_coords.x(),
             *tokcom_coords.y(),
             self.merkle_root.inner(),
-            // TODO: Why is spend hook in the struct but not here?
             self.user_data_enc,
+            pallas::Base::ZERO, // We force spend_hook==0 here
             *sigpub_coords.x(),
             *sigpub_coords.y(),
         ]

src/contract/money/src/client/transfer_v1.rs

@@ -96,8 +96,8 @@ impl TransferBurnRevealed {
             *tokcom_coords.x(),
             *tokcom_coords.y(),
             self.merkle_root.inner(),
-            // TODO: Why is spend hook in the struct but not here?
             self.user_data_enc,
+            self.spend_hook,
             *sigpub_coords.x(),
             *sigpub_coords.y(),
         ]

src/contract/money/src/entrypoint/stake_v1.rs

@@ -70,6 +70,7 @@ pub(crate) fn money_stake_get_metadata_v1(
             *token_coords.y(),
             input.merkle_root.inner(),
             input.user_data_enc,
+            pallas::Base::ZERO, // We enforce spend_hook==0
             sig_x,
             sig_y,
         ],

src/contract/money/src/entrypoint/transfer_v1.rs

@@ -76,6 +76,7 @@ pub(crate) fn money_transfer_get_metadata_v1(
                 *token_coords.y(),
                 input.merkle_root.inner(),
                 input.user_data_enc,
+                input.spend_hook,
                 sig_x,
                 sig_y,
             ],