[ufmace]

I'm pretty sure that for normal operation, a transaction gets broadcast to the network, and all miners see it and try to include it in their blocks. Each miner has a queue of unverified transactions to include in the blocks it's trying to build. When the miner gets a valid block from another miner, then it removes all of the transactions in that block from it's queue.

In a legit fork with no attempt at malicious action, there's no reason for the transactions in the forks to be any different, since all of the miners are seeing the same transactions broadcast to the network and have essentially the same transaction queue.

For an attempted double-spend attack, miners already check that there isn't a double-spend in the nodes in their block, so they would drop the second transaction they got trying to spend the same coins.

Since a double-spend can't happen in a single block, the double-spend attack relies on 2 miners working on different blocks, where the attacker-controlled miner is semi-isolated from the network and does not include the original spend transaction, but instead the attacker's second spend transaction. If the attack miner solves the block before any other miner on the network and broadcasts it, then the rest of the miners will accept it and reject the original spend transaction as a double-spend, leaving whoever was going to receive it with no coins.