After each component has been formalized, combine the mempool, consensus, and execution engine formal specs into a larger formal spec (in TLA+ or similar) for which we can check end-to-end properties. Ideally, this would match the english spec.

Prerequisites

• Heterogeneous Narwhal Formal Spec #42
• Multi-Round Heterogeneous Paxos #54
• Execution Engine Formal Spec #50

Sub-Tasks

• combine spec text together (may involve matching up different representations of stuff)
• prove end-to-end serializability: based on proven properties of consensus and mempool, the execution engine in fact is equivalent to a serial execution
• prove end-to-end censorship resistance