AMS-CASA-gathering icon indicating copy to clipboard operation
AMS-CASA-gathering copied to clipboard

Published 20 hours ago verified publisher icon ChainAgnostic

WorkShop Notes: ChainAgnostic Verification Standard Brainstorming

Open ligi opened this issue 2 years ago • 1 comments

Lead by @kuzdogan from sourcify.dev

Current Sourcify overview:

(SourceCode + parameters) -> [compiler] -> bytecode1 address on chain -> bytecode2 verified if bytecode1 = bytecode2 contains IPFS hash of metadata and solidity version

Standardize CBOR encoding of metadata in bytecode for other languages? Currently implementation detail of solidity. Standardize MetaData? So other languages produce compatible metatata so e.g. ABI is accessible to wallets/dapps even if it was written in a different language. CBOR should have key "language" and value the language instead of currently:

@Serializable
class MetaDataInByteCodeCBOR(
    @ByteString
    val ipfs: ByteArray? = null,
    @ByteString
    val bzzr: ByteArray? = null,
    @ByteString
    val solc: ByteArray
)

to be more open to other languages. Solidity can be special and grandfathered in as a special case. Then version as another field 2 Suggested CAIPS:

  • one for how to extend Bytecode with metadata
  • one for how a metadata file looks like (we should go through the current "state of the art" solidity metadata and fix/standardize everything that is not solidity specific like the ABI)

both together can be used for verification.

potential languages:

  • soldity
  • vyper
  • cairo
  • fe
  • yul?

proposed CBOR:

  • metadataURL
  • language

(maybe just URL and lang to save on size to deploy) Maybe we can just use MultiCodec instead of an URL size here is important as it introduces cost.

ligi avatar Apr 25 '22 14:04 ligi

Thanks for the notes @ligi !

Here are some additional resources:

  • The first half of the workshop was about how Sourcify does the "perfect" verification. For better visuals refer to the slides from the Solidity summit talk.
  • Solidity docs on contract metadata.json and metadata encoding.
  • Metadata playground: Visual explainer and decoder app for Solidity contract bytecodes
  • Article: samczsun's Paradigm CTF challenge I mentioned, that exploits Etherscan's RegEx search of the metadata pattern

Whiteboard: Whiteboard notes

kuzdogan avatar Apr 26 '22 12:04 kuzdogan