reproducible npm publish

[sihoang]

Figure out a mechanism to verify the npm module @WeTrustPlatform/charity-challenge-contracts and source code of a deployed Challenge contract.

The current procedure for npm publish is:

• npm run beforePublish on the latest master branch to generate the new .exported.js
• pump version in package.json
• commit package.json and .exported.js
• git push upstream master
• npm publish

Things that could go wrong:

1. npm run beforePublish generates different .exported.js on different machine.
2. On client side i.e. move-ethereum-forward where we deploy new contracts, we could potentially:
   • forget to update the latest @WeTrustPlatform/charity-challenge-contracts
   • wrong cache being used by package manager npm/yarn

[sihoang]

For the forwarder, we only deploy 1 Factory and verify its code on etherscan. The Etherscan verification process is manual. https://etherscan.io/address/0x81cce0b68f2c2264a3a24a7fc3096611d9294f6f#code There's no need to upgrade ever since because the specs and requirements are dead simple i.e. forward ETH to a pre-defined address.

However, for Challenge contracts, changes might happen. How can we automated the code verification of a deployed contract?

We don't want to go the Factory route because:

1. Etherscan does not allow us to verify the contract created by Factory
2. As a result of point 1, users can not "read" our contract via Etherscan. For example, only contracts whose code is verified by etherscan, users can have this view https://etherscan.io/address/0xcb94be6f13a1182e4a4b6140cb7bf2025d28e41b#readContract Note the green checkmark next to "Code" which indicate we have verified our contract code with Etherscan

[twoeths]

Can we implement getVersion() method in our smart contract? Every time we publish the challenge contract, we need to change getVersion() accordingly.

We can easily use a NodeJS program to get version of our contracts.