Replies: 6 comments 5 replies
-
I'm for this and the arbitrary string can also be a CID on IPFS or some other decentralized storage. Maybe consider changing to:
|
Beta Was this translation helpful? Give feedback.
-
Following a lot of positive feedback I've received regarding this discussion, I've created a pull request into the NEPs repo. Feel free to comment, leave feedback, or approve the PR 🙂 |
Beta Was this translation helpful? Give feedback.
-
For what it's worth, a related idea I've been having is a compiler contract: one passes it the contract source code and enough tokens, and it builds the source code into a contract only it has the keys for, while remembering the source code. This way there is full auditability of the built contract with no fear that the source code metadata as listed here is actually a lie. The biggest hurdle in actually doing this is that one compilation definitely doesn't fit into one transaction, so it'd need a way to pause/resume rustc mid-execution to allow for longer calls. And then, the costs may be expensive. All that to say, what's proposed here is certainly a great middle ground that's actually technically doable right now. I just wanted to take advantage of this place to mention this other idea as a possible very-long-term goal :) |
Beta Was this translation helpful? Give feedback.
-
Jumping in SUPER late to the party here - sorry :) A couple things I see:
Here's how we're doing it for sputnik:
For 1 to be truly trusted - we need the issue #294 to be implemented and surfaced, so contracts can know if the code has changed at all before doing potentially malicious actions. |
Beta Was this translation helpful? Give feedback.
-
A couple of thoughts.
|
Beta Was this translation helpful? Give feedback.
-
On the topic of having the git commit hash information as a static information inside of the wasm binary, it's possible to automatically generate and grab that information, such as how it was done in https://github.com/PrimeLabDev/contract-version Notes:
|
Beta Was this translation helpful? Give feedback.
-
After discussions with @agileurbanite, we thought it would be an interesting idea to have a standard which made it easier for smart contracts to be audited and increase visibility for open source smart contracts.
I propose a set of optional metadata that contains information about the current version or commit hash that a smart contract is based off and a link to the repository. There is currently no standard for metadata across all types of smart contracts and if a person wanted to know more information about an arbitrary smart contract without knowing if it was an NFT or FT contract, for example, there is no way of doing this (as far as I know).
The struct could look as follows and could be updated using a restricted setter method.
This metadata could have a standard way of being queried across all smart contracts regardless of their types which could look as follows.
Since contracts might change and the version might be bumped, a setter needs to be implemented as well, although this would be optional and up to the authors of the contract.
Let me know what y'all think and I can make a PR into the NEPs repo if there's any agreement. This would be completely optional and would live as an extension to smart contracts. I've heard from the community several times that having a way to view open source contracts in the explorer or somewhere would be awesome as currently, it's very difficult to know whether or not a smart contract is open sourced or not and where to find its code.
Beta Was this translation helpful? Give feedback.
All reactions