Delegate Mission Request Summary:
As a part of increasing technical decentralization, it is critical for the community to have assurance that the smart contracts running on chain align with audited code. This mission proposes creating a tool that can attest to the alignment between onchain smart contracts with Github commit information.
(Note: This idea is drawn from the example listed in Intent 1, “Attestations of onchain smart contracts with github commit information”)
S5 Intent: Intent 1: Progress towards technical decentralization
Maybe some kind of commit by an attestation onchain where a node compiles x.sol at commit y, checks the deployed code? Doesnt seem too useful tbh. Though this could be interesting if you had a verify tool for certain standards so a contract can check x meets some spec. May also be useful to see if 2 contracts are the same.
As a smart contract developer and security researcher, the number of times I have looked at a github and later figured out it does not match the onchain version is quite large. In my opinion this would be useful as whitehats can be assured that the code they have matches onchain and can look for bugs there. Maybe this looks like a github action, or a site with a github integration (i.e. a config file that address X is the bytecode of the compilation of contract Y.sol).
Thought about this think can do it for much less using Scry since all the onchain bs and core infras already there myself. Agree aswell that would be useful to have a way to check that source for a contract has been put somewhere. Think even 40k would be more than enough for this to be done even from ind dev, also gives me a new feature to build if apply to do it myself. Will approve incase others see value. Tbh its mostly just a tool to pull from a source, comp, then commit. If u have a few nodes then its chill to assume secure. Could use IPFS for DA. But yeah <40k
I am an Optimism delegate [Agora - OP Voter] with sufficient voting power and I believe this proposal is ready to move to a vote.
Hey @Gonna.eth – just wanted to flag this as a proposal that still needs delegate approvals in order to move to a vote. If you are no longer interested in pursuing this proposal – please disregard this message. In order to see the delegates assigned to your proposal those can be found here. The deadline to provide feedback and approvals for Mission Requests is February 7th at 19:00
The Developer Advisory Board has reviewed this Delegate Mission Request, and voted on its acceptance or rejection. The vote results are as follows:
ACCEPT: 6 votes
REJECT: 0 votes
ABSTAIN: 0 votes
therefore, the Developer Advisory Board accepts this delegate mission request.
The Developer Advisory Board has reached this conclusion as our experience as security researchers ourselves. Github/onchain code mismatch is a constant problem across the ecosystem and we think this will help improve verifiability of contract source code and therefore improve technical decentralization.