Auditors should inspect code artifacts that are actually evaluated, not compiled artifacts. Bundles do not currently contain the source code the auditor will find in the contract’s Github repository, but rather the combined result of a ses-censoriship-evasive-transform (@endo/evasive-transform) and the module-to-ses-script-transform (@endo/static-module-record) which collectively attempt to preserve line numbers and spacing, but fails on both counts to varying degrees. Source maps should not be used to make the generated code resemble the alleged original sources because source maps can be used for malicious distortions that hide attack code. Auditing has different design criteria than debugging https://github.com/endojs/endo/issues/2116.
What is the Problem Being Solved?
Auditors should inspect code artifacts that are actually evaluated, not compiled artifacts. Bundles do not currently contain the source code the auditor will find in the contract’s Github repository, but rather the combined result of a ses-censoriship-evasive-transform (
@endo/evasive-transform) and the module-to-ses-script-transform (@endo/static-module-record) which collectively attempt to preserve line numbers and spacing, but fails on both counts to varying degrees. Source maps should not be used to make the generated code resemble the alleged original sources because source maps can be used for malicious distortions that hide attack code. Auditing has different design criteria than debugging https://github.com/endojs/endo/issues/2116.Description of the Design
Security Considerations
Scaling Considerations
Test Plan
Compatibility Considerations
Upgrade Considerations