kuzdogan
commented
2 years ago Thanks for the notes @ligi !
Here are some additional resources:
- The first half of the workshop was about how Sourcify does the "perfect" verification. For better visuals refer to the slides from the Solidity summit talk.
- Solidity docs on contract metadata.json and metadata encoding.
- Metadata playground: Visual explainer and decoder app for Solidity contract bytecodes
- Article: samczsun's Paradigm CTF challenge I mentioned, that exploits Etherscan's RegEx search of the metadata pattern
Whiteboard:
hazemdr454
Lead by @kuzdogan from sourcify.dev
Current Sourcify overview:
(SourceCode + parameters) -> [compiler] -> bytecode1 address on chain -> bytecode2 verified if bytecode1 = bytecode2 contains IPFS hash of metadata and solidity version
Standardize CBOR encoding of metadata in bytecode for other languages? Currently implementation detail of solidity. Standardize MetaData? So other languages produce compatible metatata so e.g. ABI is accessible to wallets/dapps even if it was written in a different language. CBOR should have key "language" and value the language instead of currently:
to be more open to other languages. Solidity can be special and grandfathered in as a special case. Then version as another field 2 Suggested CAIPS:
both together can be used for verification.
potential languages:
proposed CBOR:
(maybe just URL and lang to save on size to deploy) Maybe we can just use MultiCodec instead of an URL size here is important as it introduces cost.