Description
Summary
Help the developer annotate where the source code for a contract is.
This is not validated, but can allow a client to easily check the code out and validate if it matches (via deterministic build system).
Problem Definition
It is important to validate the source code. Solutions like Etherscan store all this info on a centralized database. Adding a field or two can make this much more decentralized.
Proposal
We want to add two fields:
Source string
is an optional field that, if present, must be a valid URI that can reference the source codeBuilder string
is an optional field that, if present, is a docker tag for a deterministic build system. This will not be run blindly, but the client can check it against some whitelist. For examplecosmwasm-opt:0.6.0
orcosmwasm-opt:0.5.2
. We need this info to properly verify (as we need the same build tag to properly reproduce).
Please update MsgStoreCode
, CodeInfo
, and any relevant queries
For Admin Use
- Not duplicate issue
- Appropriate labels applied
- Appropriate contributors tagged
- Contributor assigned/self-assigned