Describe the feature you'd like
When publishing an action that expects or includes a remotely hosted metadata file and a confirmation hash (e.g. pool registration/update, governance action creation/submission) and using cardano-cli transaction build then we should provide a mechanism to provide some dummy-proofing for the user w.r.t. validating that the provided hash matches the file contents at the remote source.
Describe alternatives you've considered
The current alternative is for users to download the file themselves from the remote source and then hash the file and double-check that the values entered into these commands (cardano-cli transaction build or cardano-cli governance create-info) match.
Here we have an opportunity for the CLI (assuming there is an IPFS_GATEWAY_URI environment variable set) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the body_hash instead of the file_hash (which is what actually happened with this first gov action).
Here we have an opportunity for the CLI (maybe assuming there is an IPFS_GATEWAY_URI environment variable set if we switch to allowing IPFS URIs for stake pool metadata in the future) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the file_hash variable which is the blake2b-256 of our Governance Action metadata file rather than our stake pool metadata file so this will cause issues and errors downstream with explorers (this has happened literally hundreds if not thousands of times in the 4 years since Shelley).
Certificate Transaction Building
When using cardano-cli transaction build... we can assume that the user is utilizing a "hot" network environment with a local or remote connection to a node and so, it should be possible to check when there is a proposal-file, vote-file, or certificate-file and their related metadata URLs and hashes are valid and either:
Issue a warning if the hashes cannot be checked for some reason (file not accessible?)
Issue a warning if the hash does not match the file contents
Internal/External External
Area Other
Describe the feature you'd like When publishing an action that expects or includes a remotely hosted metadata file and a confirmation hash (e.g. pool registration/update, governance action creation/submission) and using
cardano-cli transaction build
then we should provide a mechanism to provide some dummy-proofing for the user w.r.t. validating that the provided hash matches the file contents at the remote source.Describe alternatives you've considered The current alternative is for users to download the file themselves from the remote source and then hash the file and double-check that the values entered into these commands (
cardano-cli transaction build
orcardano-cli governance create-info
) match.Additional context / screenshots A very "costly" real world example is the first Governance Action published to mainnet: https://cexplorer.io/tx/15f82a365bdee483a4b03873a40d3829cc88c048ff3703e11bd01dd9e035c916/governance#data
File URL: ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb
Here we had two potential points where the CLI could have provided confirmation/validation of the URI and the hash.
There are currently two types of certificates that rely on remotely hosted files and their hashes being published to the blockchain:
Governance Action Create
Here we have an opportunity for the CLI (assuming there is an
IPFS_GATEWAY_URI
environment variable set) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used thebody_hash
instead of thefile_hash
(which is what actually happened with this first gov action).Governance Vote
dRep Registration Certificate
dRep Update Certificate
Stake Pool Registration Certificate
Here we have an opportunity for the CLI (maybe assuming there is an
IPFS_GATEWAY_URI
environment variable set if we switch to allowing IPFS URIs for stake pool metadata in the future) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used thefile_hash
variable which is theblake2b-256
of our Governance Action metadata file rather than our stake pool metadata file so this will cause issues and errors downstream with explorers (this has happened literally hundreds if not thousands of times in the 4 years since Shelley).Certificate Transaction Building
When using
cardano-cli transaction build...
we can assume that the user is utilizing a "hot" network environment with a local or remote connection to a node and so, it should be possible to check when there is aproposal-file
,vote-file
, orcertificate-file
and their related metadata URLs and hashes are valid and either: