CBOR decryption and ABI IPFS link

sergmetelin commented 5 months ago

Problem

As per community request: "we need ABI to be publicly available, and 1-1 relationship with the contract itself as a unique source of truth"

Solution

Sourcify allows the decryption of CBOR encrypted payload attached to a published smart contract. That payload is a JSON referencing a metadata IPFS file containing ABI. We should enable it for us and encourage the usage of this functionality for Hedera smart contracts.

Alternatives

No response

acuarica commented 5 months ago

Hi @sergmetelin, thanks for forwarding this.

This is supported in our Sourcify instance, but not at the network level. Only through an explorer, e.g., HashScan, or a CLI tool, e.g., Foundry. I'm not aware of any network that allows you to provide source-level information at deploy time. That's because contract metadata on EVM-bytecode is a compiler (Solidity, Vyper) construct.

The compiler appends by default the IPFS hash of the metadata file to the end of the runtime bytecode [...][1]

In the EVM the metadata bytes are never touched and hence never executed.

Just for reference, if you upload your sources to IPFS, the whole compiler input gets uploaded, for example https://ipfs.io/ipfs/QmbRQF3HA9eZ8ZLwyUtnQfXjvZ8MTRnKWTVULhqLALUSTu.

Should we support it at the network level, we would have to change at least the json-rpc-relay and eventually lose EVM compatibility. This is a whole different discussion.

And also a small detail when they refer to CBOR "decryption" they mean decoding. :)

Hope it helps.

[1] https://docs.soliditylang.org/en/latest/metadata.html

acuarica commented 5 months ago

For more context on Solidity Metadata[1]

Metadata is data that describes and gives information about other data. Bytecode (contract) metadata in Solidity is supported since version 0.4.7 and is automatically generated by the Solidity compiler in the form of a JSON file. The metadata file contains information about the compiled contract, e.g. the used compiler version, the sources used, the ABI and the NatSpec documentation. The metadata file also contains IPFS and SWARM hashes of the source code, which allows to retrieve them if they are available.

[1] https://soliditylang.org/blog/2020/06/25/sourcify-faq/ § What is bytecode metadata?

acuarica commented 2 months ago

After discussing this offline, we will investigate how Hedera verification and upstream Sourcify can support IPFS uploads. This might make more sense after we switch to upstream Sourcify images https://github.com/hashgraph/hedera-sourcify/issues/147.

hashgraph / hedera-sourcify