Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contract source code verification in retrospect #8025

Closed
tobikuhlmann opened this issue May 31, 2021 · 8 comments
Closed

Contract source code verification in retrospect #8025

tobikuhlmann opened this issue May 31, 2021 · 8 comments
Labels
CAP Component: Contracts stale
Milestone
Milestone 12

Comments

@tobikuhlmann
Copy link
Contributor

tobikuhlmann commented May 31, 2021
edited

Expected Behavior

Current Behavior

  • It's very hard or impossible to rebuild the metadata locally for an exact match with the deployed bytecode on-chain as truffle hashes absolute filepaths into the bytecode
  • If you're not the original migrator of a contract, and don't know the exact folder structure of the migrator, and they used truffle to generate the artefacts (so the absolute file paths are embedded in the metadata and hashed into the bytecode), and they haven't verified it themselves - there is no way to compile it yourself such that your locally build metadata matches the deployed bytecode on-chain
@tobikuhlmann
Copy link
Contributor Author

Related: ethereum/sourcify#27 and ethereum/sourcify#24

@tobikuhlmann
Copy link
Contributor Author

Related: trufflesuite/truffle-compile#77

@aaronmboyd
Copy link
Contributor

aaronmboyd commented Jun 2, 2021
edited

Note this is mostly a Truffle-specific issue. If the original migrator used hardhat or even generates metadata manually this is not a problem.

I realise now the old issue 77 under truffle-compile is a deprecated repository and no longer maintained. The new version is trufflesuite/truffle and there is a replacement issue covering the same thing: trufflesuite/truffle#1621, but it is definitely stale.

More importantly, there is a larger conversation going on with the Solidity compiler related to removing absolute paths for many reasons, including non-deterministic swarm hashes in compiled bytecode: ethereum/solidity#11410

@alecps alecps added this to the Milestone 12 milestone Jun 14, 2021
@yorhodes
Copy link
Contributor

yorhodes commented Jun 17, 2021
edited

We can resolve this by migrating our internal release tooling to Hardhat but it is difficult to prioritize #8118

@aaronmboyd
Copy link
Contributor

@yorhodes This has been resolved by truffle team, no need to migrate to hardhat - trufflesuite/truffle#4119

It looks like with this merge: trufflesuite/truffle#4137 the project root will be noted as project:// instead of the entire absolute file path on the machine you build/migrate with.

@carterqw2 This will simplify the Blockscout verification explainer documentation significantly. We should both update the default truffle version for all Celo contracts going forward to utilise this fix.

@yorhodes
Copy link
Contributor

unfortunately many of the deployed core contracts will forever be associated with this absolute path metadata unless they are upgraded
definitely great to hear that future deployments do not have to suffer from this limitation

@carterqw2
Copy link
Contributor

That's nice, thanks for the update @aaronmboyd!

@m-chrzan m-chrzan mentioned this issue Jun 15, 2022
Closed
@github-actions
Copy link
Contributor

This issue is stale and will be closed in 30 days without activity

@github-actions github-actions bot added the stale label Dec 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CAP Component: Contracts stale
Projects
None yet
Milestone
Milestone 12
Development

No branches or pull requests
5 participants
@yorhodes @aaronmboyd @carterqw2 @alecps @tobikuhlmann