Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CBOR decryption and ABI IPFS link #124

Open
sergmetelin opened this issue Jan 18, 2024 · 3 comments
Open

CBOR decryption and ABI IPFS link #124

sergmetelin opened this issue Jan 18, 2024 · 3 comments

Comments

@sergmetelin
Copy link

Problem

As per community request:
"we need ABI to be publicly available, and 1-1 relationship with the contract itself as a unique source of truth"

Solution

  • Sourcify allows the decryption of CBOR encrypted payload attached to a published smart contract. That payload is a JSON referencing a metadata IPFS file containing ABI. We should enable it for us and encourage the usage of this functionality for Hedera smart contracts.

Alternatives

No response
@acuarica
Copy link
Contributor

Hi @sergmetelin, thanks for forwarding this.

This is supported in our Sourcify instance, but not at the network level. Only through an explorer, e.g., HashScan, or a CLI tool, e.g., Foundry. I'm not aware of any network that allows you to provide source-level information at deploy time. That's because contract metadata on EVM-bytecode is a compiler (Solidity, Vyper) construct.

The compiler appends by default the IPFS hash of the metadata file to the end of the runtime bytecode [...][1]

In the EVM the metadata bytes are never touched and hence never executed.

Just for reference, if you upload your sources to IPFS, the whole compiler input gets uploaded, for example https://ipfs.io/ipfs/QmbRQF3HA9eZ8ZLwyUtnQfXjvZ8MTRnKWTVULhqLALUSTu.

Should we support it at the network level, we would have to change at least the json-rpc-relay and eventually lose EVM compatibility. This is a whole different discussion.

And also a small detail when they refer to CBOR "decryption" they mean decoding. :)

Hope it helps.

[1] https://docs.soliditylang.org/en/latest/metadata.html

@acuarica acuarica mentioned this issue Jan 18, 2024
Closed
3 tasks
@acuarica
Copy link
Contributor

For more context on Solidity Metadata[1]

Metadata is data that describes and gives information about other data. Bytecode (contract) metadata in Solidity is supported since version 0.4.7 and is automatically generated by the Solidity compiler in the form of a JSON file. The metadata file contains information about the compiled contract, e.g. the used compiler version, the sources used, the ABI and the NatSpec documentation. The metadata file also contains IPFS and SWARM hashes of the source code, which allows to retrieve them if they are available.

[1] https://soliditylang.org/blog/2020/06/25/sourcify-faq/ § What is bytecode metadata?

@acuarica acuarica self-assigned this Apr 17, 2024
@acuarica
Copy link
Contributor

After discussing this offline, we will investigate how Hedera verification and upstream Sourcify can support IPFS uploads. This might make more sense after we switch to upstream Sourcify images #147.

@acuarica acuarica removed their assignment Jun 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Smart Contract Sprint Board
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sergmetelin @acuarica