WorkShop Notes: ChainAgnostic Verification Standard Brainstorming
ligi opened this issue · 1 comments
Lead by @kuzdogan from sourcify.dev
Current Sourcify overview:
(SourceCode + parameters) -> [compiler] -> bytecode1
address on chain -> bytecode2
verified if bytecode1 = bytecode2
contains IPFS hash of metadata and solidity version
Standardize CBOR encoding of metadata in bytecode for other languages? Currently implementation detail of solidity.
Standardize MetaData? So other languages produce compatible metatata so e.g. ABI is accessible to wallets/dapps even if it was written in a different language.
CBOR should have key "language" and value the language instead of currently:
@Serializable
class MetaDataInByteCodeCBOR(
@ByteString
val ipfs: ByteArray? = null,
@ByteString
val bzzr: ByteArray? = null,
@ByteString
val solc: ByteArray
)
to be more open to other languages. Solidity can be special and grandfathered in as a special case.
Then version as another field
2 Suggested CAIPS:
- one for how to extend Bytecode with metadata
- one for how a metadata file looks like (we should go through the current "state of the art" solidity metadata and fix/standardize everything that is not solidity specific like the ABI)
both together can be used for verification.
potential languages:
- soldity
- vyper
- cairo
- fe
- yul?
proposed CBOR:
- metadataURL
- language
(maybe just URL and lang to save on size to deploy)
Maybe we can just use MultiCodec instead of an URL
size here is important as it introduces cost.
Thanks for the notes @ligi !
Here are some additional resources:
- The first half of the workshop was about how Sourcify does the "perfect" verification. For better visuals refer to the slides from the Solidity summit talk.
- Solidity docs on contract metadata.json and metadata encoding.
- Metadata playground: Visual explainer and decoder app for Solidity contract bytecodes
- Article: samczsun's Paradigm CTF challenge I mentioned, that exploits Etherscan's RegEx search of the metadata pattern
Whiteboard:
