{"id":13511196,"url":"https://github.com/sourcifyeth/sourcify","last_synced_at":"2025-03-30T20:32:47.859Z","repository":{"id":43519435,"uuid":"268590957","full_name":"sourcifyeth/sourcify","owner":"sourcifyeth","description":"Solidity re-compiler that can be used to verify that bytecode corresponds to certain source code","archived":false,"fork":true,"pushed_at":"2020-05-30T09:10:43.000Z","size":2096,"stargazers_count":0,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-08-02T03:07:38.662Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"ethereum/sourcify","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcifyeth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-01T17:43:18.000Z","updated_at":"2021-04-14T17:06:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sourcifyeth/sourcify","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcifyeth%2Fsourcify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcifyeth%2Fsourcify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcifyeth%2Fsourcify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcifyeth%2Fsourcify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcifyeth","download_url":"https://codeload.github.com/sourcifyeth/sourcify/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222581177,"owners_count":17006292,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T03:00:37.574Z","updated_at":"2024-11-01T13:30:30.594Z","avatar_url":"https://github.com/sourcifyeth.png","language":null,"readme":"# source-verify\n\nSource-Verify is a service that verifies Ethereum bytecode was compiled from a certain\nSolidity source code and maintains a public repository of contract metadata.\n\nThe repository indexes metadata with IPFS or Swarm hashes which the solc compiler\nembeds in contract bytecode. By fetching code on chain and extracting this hash,\nyou can obtain related metadata from Source-Verify's records.\n\nMore information can be found in Solidity [metadata documentation][30]\n\n[30]: https://solidity.readthedocs.io/en/latest/metadata.html#contract-metadata\n\nIf you have any question please ask us on [gitter][31].\n\n[31]: https://gitter.im/ethereum/source-verify\n\n## Install\n```\n$ npm install\n$ git submodule update --init\n```\n\n## Service\n\nThe service has three components:\n+ a \"monitor\" which watches public Ethereum networks for contract deployments\nand tries to associate them with sources and metadata published to Swarm or IPFS. It currently\nwatches:\n  + mainnet\n  + ropsten\n  + rinkeby\n  + kovan\n  + goerli\n\n+ a website which allows you to submit sources and metadata for a specific contract address\n  + https://verification.komputing.org/ (Stable)\n  + https://verificationstaging.komputing.org/ (Unstable)\n\n+ a public metadata repository that contains uploaded (or discovered) metadata and their sources:\n  + https://contractrepo.komputing.org/ (Stable)\n  + https://contractrepostaging.komputing.org/ (Unstable)\n\n**Getting metadata**\n\nUsing solc directly on the commandline:\n\n```\nsolc --metadata --metadata-literal \u003cmySource.sol\u003e\n```\n\nor with JSON/IO\n\n```\n{\n  \"settings\": {\n    \"metadata\": { \"useLiteralContent\": true }\n  }\n}\n```\n\n**Using the monitor**\n\nIf your Solidity code compiles with solc \u003e= 0.6.0, you just need to upload your\ncontract metadata and sources to IPFS as part of your deployment process. The monitor service will\nautomatically add your files to the metadata repository when it sees your contract created on the\nnetwork.\n\nA simple example for Truffle projects can be found at [cgewecke/metacoin-source-verify][40]\nwhich contains [a script][41] to publish to IPFS directly from a Truffle compilation artifact.\n\n\n[40]: https://github.com/cgewecke/metacoin-source-verify\n[41]: https://github.com/cgewecke/metacoin-source-verify/blob/master/scripts/ipfs.js\n\n## Security Precautions\n\nPlease note that source code verification is only reliable if it is performed\non the **creation** bytecode, i.e. the bytecode payload used when the contract\nwas created. The deployed bytecode, i.e. the bytecode stored in the blockchain\nas code is not sufficient, because the constructor can still be different and\nset arbitrary storage entries.\n\nFurthermore, if the constructor requires parameters, these have to be checked\nas well.\n\nAlso note that there can still be differences in the source code that are not\nvisible in the bytecode. Variables can be renamed or unused code can be\nintroduced. Since the bytecode contains a hash of the source code, such\nmodifications have to be prepared at deploy time, but it is still a possibility.\n\n**Using the repository**\n\nThere is a repository which contains all the files that monitor and server have found\non one of the networks they are scraping.\n\nRepository is located on this [link](https://contractrepo.komputing.org/).\n\nWhen you go to the link, UI looks like this:\n\u003cimg src=\"./public/ui_start.png\" width=\"80%\"/\u003e\n\nThere you have options to search, donwload or open folders.\n\nFor example to download:\n\n\u003cimg src=\"./public/download.png\" width=\"80%\"/\u003e\n\n\nOr if you want to search something:\n\n\u003cimg src=\"./public/search.png\" width=\"80%\"/\u003e\n\nMetadata inside is visible as raw, and you can download it like that\n\n\u003cimg src=\"./public/metadata.png\" width=\"80%\"/\u003e\n\nor if you want to take a look of the contract in browser you can open it like this:\n\n\u003cimg src=\"./public/sol.png\" width=\"80%\"/\u003e\n\n\n## Future Plans\n\n- cope with metadata that does not have in-place source code\n- automatically retrieve the metadata and the source code from SWARM or IPFS,\n  so you only need to supply the metadata hash or bytecode\n- perform source verification given only an address instead of the bytecode\n  or the metadata\n\n## Run inside docker\n### Prerequisites\n[Docker](https://docs.docker.com/docker-for-mac/install/)\n\n[Docker-compose](https://docs.docker.com/compose/install/)\n\n### How to run\nPrepare environment and start by running\nIf you want to build images locally run:\n`docker-compose -f geth.yaml -f ipfs.yaml -f localchain.yaml -f monitor.yaml -f repository.yaml -f s3.yaml -f server.yaml -f ui.yaml -f build-ipfs.yaml -f build-localchain.yaml -f build-monitor.yaml -f build-repository.yaml -f build-s3.yaml -f build-server.yaml -f build-ui.yaml build --parallel`\n\nIf you just want to run it do:\n`docker-compose -f ipfs.yaml -f localchain.yaml -f monitor.yaml -f repository.yaml -f s3.yaml -f server.yaml -f ui.yaml up -d` (-d flag means that output won't be printed in stdout)\n\nNote: you don't need to run all the services, just the ones you want.\n\n### How to run\n\n## Development\n\n**Launch**\n\n```\ncp .env.testing .env\ndocker-compose -f ipfs.yaml -f localchain.yaml -f monitor.yaml -f repository.yaml -f s3.yaml -f server.yaml -f ui.yaml up -d\n```\n\nOther approach would be to run every service in docker except one that you are working on.\n\nThis will build the project in docker containers, launching the monitor and server.\nVerified sources and contract addresses will be stored in `repository` and `db` folders\nin your project root. The directories are created automatically if they don't exist.\n\n`/ui/dist/index.html` will be served to **http://localhost:1234**\n\n**UI**\n\nTo help with manual UI testing, some contracts whose sources and metadata can be found in the\n`test/sources/all` folder are automatically deployed to a local ganache instance running\non port 8545. Their contract addresses are deterministically generated at:\n\n| Contracts  |  Addresses |\n| ---------  |  --------- |\n| Simple.sol |  0x8168f192F7432C93FCb16e039B57FB890AaB3230 |\n| SimpleWithImport.sol | 0x0Ef7de872C7110d6020fa5e62d7cD31Fd90FF811 |\n\n\nSimilar sources are also pre-deployed to **Ropsten** and can be found in the `test/sources/ropsten` folder:\n\n| Contracts  |  Addresses |\n| ---------  |  --------- |\n| Simple.sol |  0xEB6Cf7952c666F81f1a5678E80D4fC5Ce3a7bF0b |\n| SimpleWithImport.sol | 0x4668b709182F41837c4e06C8de1D3568df7778D9 |\n\n**Shutdown**\nStop the docker run with ctrl-c\n\n### Tests\n\nRun tests with:\n\n```\nnpm test\n```\n\n`test/sources` contains contracts, compilation artifacts and metadata files which can be used for\nbuilding test cases.\n\n- **contracts/**: Solidity files (browser tests)\n- **metadata/**: raw metadata files (browser tests)\n- **pass/**: compilation artifacts which should verify (unit tests)\n- **fail/**: compilation artifacts which should not verify (unit tests)\n- **compiler.json**: compiler config for generating more cases\n\nTest sources are compiled with 0x's [sol-compiler][22]. This lets you pick any compiler version or\nsettings by modifying the `compiler.json` file as needed.\n\nTo generate more test data, go to the `test/sources` directory, add Solidity files to the\n`contracts` folder and run:\n\n```\nnpx sol-compiler\n```\n\nCompilation artifacts will be written to an `artifacts` folder.\n\n[22]: https://sol-compiler.com/\n","funding_links":[],"categories":["List of Web3 Libraries"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcifyeth%2Fsourcify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcifyeth%2Fsourcify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcifyeth%2Fsourcify/lists"}