Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WorkShop Notes: ChainAgnostic Verification Standard Brainstorming #20

Open
ligi opened this issue Apr 25, 2022 · 2 comments
Open

WorkShop Notes: ChainAgnostic Verification Standard Brainstorming #20

ligi opened this issue Apr 25, 2022 · 2 comments

Comments

@ligi
Copy link
Member

ligi commented Apr 25, 2022

Lead by @kuzdogan from sourcify.dev

Current Sourcify overview:

(SourceCode + parameters) -> [compiler] -> bytecode1
address on chain -> bytecode2
verified if bytecode1 = bytecode2
contains IPFS hash of metadata and solidity version


Standardize CBOR encoding of metadata in bytecode for other languages? Currently implementation detail of solidity.
Standardize MetaData? So other languages produce compatible metatata so e.g. ABI is accessible to wallets/dapps even if it was written in a different language.
CBOR should have key "language" and value the language instead of currently:

@Serializable
class MetaDataInByteCodeCBOR(
    @ByteString
    val ipfs: ByteArray? = null,
    @ByteString
    val bzzr: ByteArray? = null,
    @ByteString
    val solc: ByteArray
)

to be more open to other languages. Solidity can be special and grandfathered in as a special case.
Then version as another field
2 Suggested CAIPS:

  • one for how to extend Bytecode with metadata
  • one for how a metadata file looks like (we should go through the current "state of the art" solidity metadata and fix/standardize everything that is not solidity specific like the ABI)

both together can be used for verification.

potential languages:

  • soldity
  • vyper
  • cairo
  • fe
  • yul?

proposed CBOR:

  • metadataURL
  • language

(maybe just URL and lang to save on size to deploy)
Maybe we can just use MultiCodec instead of an URL
size here is important as it introduces cost.

@kuzdogan
Copy link

kuzdogan commented Apr 26, 2022

Thanks for the notes @ligi !

Here are some additional resources:

  • The first half of the workshop was about how Sourcify does the "perfect" verification. For better visuals refer to the slides from the Solidity summit talk.
  • Solidity docs on contract metadata.json and metadata encoding.
  • Metadata playground: Visual explainer and decoder app for Solidity contract bytecodes
  • Article: samczsun's Paradigm CTF challenge I mentioned, that exploits Etherscan's RegEx search of the metadata pattern

Whiteboard:
Whiteboard notes

@hazemdr454
Copy link

dr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants