Contract Verification Registry API #1945
Replies: 10 comments 30 replies
-
|
Why do we not serve this information onchain instead? We have here a perfect example of what a blockchain can be used for with all its guarantees in terms of availability, auditability and immutability. Hence I would define a smart contract API instead of a REST API. Of course one does not prevent the other, I would just encourage to not have the data itself in a private DB. Also if onchain that opens many possibilities with cross contract calls. We can also define some metadata to be stored on IPFS alongside if we needed. |
Beta Was this translation helpful? Give feedback.
-
|
I think we should hold off here. There is an open RFP to do exactly this. Making a PR now with something is giving a constraint too early IMHO https://stellar.gitbook.io/scf-handbook/scf-awards/build-award/rfp-track |
Beta Was this translation helpful? Give feedback.
-
|
Regarding
The Anything with that much ambiguity would be difficult to use well, so I think the field should be removed. It leaves too open the definition of what is a verified contract. This in my opinion should be narrowly defined as:
If the plan is to use this API as a way to provide visibility into more than just build-style verification, then I think this API needs to provide separate fields that capture those details. For example, a contract that has not been verified (reproduced), but does have an attestation could be: {
"verified": false,
"attestation": {
// details about the attestation here
},
//...
}Conveniently verified contracts can also use attestation then and their attestation details can be surfaced here too. |
Beta Was this translation helpful? Give feedback.
-
|
@fnando Thanks for coming up with this SEP as a quick follow-up to how verifiers should surface verifications result, I don't see major concerns expect for the ones listed in my answer to @leighmcculloch I have one question related to source code management, one of the use-case for explorers displaying verified contracts result is to display the verified source code in their UX, and I'm not sure where it fits in the current status object schema. I think the verifier should be responsible for storing a copy of the source code provided for the rebuild as the SEP-58 source identification fields embedded in WASM ( I'm not sure where this result should be surfaced, is it one of the URL that should be returned as part of |
Beta Was this translation helpful? Give feedback.
-
|
I wonder about making sure a clear spec upfront rather than allowing an open discussion with those who win the RFP. It seems like a critical design issue. I do agree that if multiple teams win the RFP, they should work with @fnando and the rest of stellar core team to define a consistent API. It just seems rushed to push the discussion into a few days as people prepare specs. |
Beta Was this translation helpful? Give feedback.
-
|
One example where I think we need more discussion is my comment here: https://github.com/orgs/stellar/discussions/1923#discussioncomment-17190066 I really think we need to define either package or manifest path as a separate field, same visibility as source_repo rather than some buildopt. Also, ideally standardizing. I explain better on the linked comment, but that would affect this API as well as SEP-058 |
Beta Was this translation helpful? Give feedback.
-
|
For the multiple verifiers example, it seems hard to trust. If server A says they verified the source, then the trust is on them. If server A says validator B verified the source, I am trusting server A and get no more security from the verification from B (as it is only based on this server A say so) To securely surface multiple verifiers, you need cryptographically signed attestations. Those can be handled off-chain but validated to a signature registered on chain, or they can be tied to an on chain transaction signed by a given verifier identity. I think this would be great to support in a real API that exposes multiple verifiers and is a much larger design surface than a simple JSON schema. I would love to have a longer conversation on this and can share two alternatives here I am considering. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the draft SEP. I agree with the direction of keeping the base API small and keyed by wasm hash. From an implementation and downstream UI perspective, there are a few areas where more structure, or at least future-compatible extension points, would help:
|
Beta Was this translation helpful? Give feedback.
-
|
Hey, chiming in as an implementer — we've been On the on-chain question: we thought about this On the timing concern: from where we sit, having The SEP not touching the verification process Happy to share more on what we've learned |
Beta Was this translation helpful? Give feedback.
-
|
Since all verification efforts gradually converged into a fully centralized service with an API, I think this service itself should be an ultimate source of truth. So from my point of view, the To me the whole idea of verifying source code tarballs without publishing the source code itself looks absolutely bizarre. I also have some other security concerns that I shared in other threads. Since SEP standards allow this, there should be a clear responsible business entity that might be investigated by law enforcement agencies at some point. It's probably not a very pleasant part of this conversation, but as someone who had to talk to officers from a dozen countries and provide information regarding dozens of criminal cases (this automatically comes as a bonus with StellarExpert), I'm very cautious about any claims in our user interface. Based on this logic, the verification registry provider should either employ its own team to verify all smart contracts (regardless automatically or manually) or fully trust a verifier, taking risks on their behalf. One technical request from our side: please add a bulk-load API endpoint for verification results to this SEP. It would allow third-party apps to pull the data from the verifier service without bombarding it with hundreds of requests to Proposed format:
The results should be sorted by the verification timestamp ( It’s a scalable approach that will allow API consumers to load all data retrospectively and monitor updates by periodically pulling this endpoint. It also guarantees that downstream systems will not end up using stale data (for example, if any verification record gets discarded/removed from the registry later on after the review). |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
This thread is to discuss a new draft SEP: Contract Verification Registry API.
Note
This SEP proposal it's meant to standardize only the consumer-facing response shape so tools like Lab, explorers and Stellar CLI can read any verifier's results. It should not constrain how teams build their service.
PR: #1944
It defines a read-only HTTP API for asking a verification service whether a smart contract's wasm has been reproduced from its source, and for reading the build and source metadata behind each result. A client looks a wasm up by its hash and receives the verifications one or more verifiers have recorded for it.
The proposal standardizes the API surface for the Contract Source Verification Service RFP. With a common interface, any verification service can implement the API and any client can consume verification results interchangeably, regardless of which service produced them.
It builds directly on SEP-58, reusing its build and source vocabulary verbatim — this SEP is a transport for SEP-58 results and adds no vocabulary of its own.
Feedback welcome on the API shape, the status object schema, and the error model.
Beta Was this translation helpful? Give feedback.
All reactions