Add SEP: Contract Verification Attestations #1952
Replies: 6 comments 6 replies
-
|
@leighmcculloch and @fnando I would love your feedback here, as it is an addition to your excellent work around SEP-58. I want to make clearly reproducible claims and attestations that can be gossiped and aggregated securely. |
Beta Was this translation helpful? Give feedback.
-
|
Any comments here? This is actually important design for a build registry system to limit on-chain data and I'd love some feedback here - even if just asking about motivations. I am convinced we will need lots of build info available to reproduce existing contracts and a small on-chain anchor seems the best way to distribute this. However, to avoid bloat and keep TTL payments low, I would like to only push a hash, not the full JSON SEP-58 definition (which is easily over 500 bytes each time). Also, it would be great to be able to have a standard for cryptographic signatures from different validators to view who attested to what. I think that is as important a stable API definition to query - as the different verifiers must be able to safely share and gossip their attestations in a provable way. Or at least that is my idea of a properly decentralized solution. And if we don't really care about that, why not just stellar.expert storing it in their database, much simpler. |
Beta Was this translation helpful? Give feedback.
-
|
Are you allowed to make a draft PR with your SEP so I can comment on individual lines there instead of copying and pasting them here? Assuming you cannot for now, so here I go:
Why not the wasm hash? |
Beta Was this translation helpful? Give feedback.
-
I know that SHA128 is "broken", but is this really true? If the SEP requires use of a git SHA, is it really as unreliable as using a git REF? I have no idea how to force push and keep the SHA unchanged. |
Beta Was this translation helpful? Give feedback.
-
|
Would car files be potentially useful for the source hash? I know that this exists, but have no experience using it. |
Beta Was this translation helpful? Give feedback.
-
|
A well-considered SEP that will make our source verification work much more straightforward. Thank you! This restricts what verifiers can communicate about a given verification run quite severely. Especially in the VERIFICATION_DID_NOT_RUN case, I imagine it being useful to have a URL where I can visit the verifier's detail page about what they tried to do for this specific verification. I picture this looking similar to a CI info page, like a GitHub action. That's just one example that I can think of, but it's possible that verifiers might want to include other information about a verification. Is this all outside of this SEP? Would it be worth including some mention of this? For the CI workflow page, I could envision verifiers settling on a URL structure that embeds the claim hash. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Discussion around proposed SEP for contract verification attestations
I propose a new SEP (Draft), defining a normalized build claim, a cheap signed verification result over that claim, and a content-addressing convention for the claims, source archives, and wasm bytes involved in verifying a Soroban contract.
The SEP adds three layers on top of the build-environment vocabulary in SEP-0058:
It also specifies how a verifier reconstructs a claim from a wasm's embedded meta and re-embeds that meta byte-for-byte on rebuild.
Rendered markdown of the proposed SEP
Why
SEP-0058 makes a build reproducible, but says nothing about what a verifier does with the result. Two honest verifiers have no shared identifier for "the same build", no cheap way to publish a result others can trust selectively, and no integrity guarantee on the source bytes a recorded URL points at.
This SEP closes those gaps and is complementary to SEP-55 (CI attestations) and SEP-0058 (rebuild vocabulary): a contract can carry meta supporting all three, and consumers pick whichever verification path fits their threat model.
Beta Was this translation helpful? Give feedback.
All reactions