Introduction
The TON blockchain, like many others, operates on the principle that “code is law,” with smart contracts acting as the binding agreements between parties. However, the on-chain storage of smart contracts in compiled TVM bitcode form poses a significant challenge for human readability and transparency. Recognizing the importance of accessible and verifiable source code, this document proposes a decentralized infrastructure and an on-chain registry dedicated to storing the source code of verified TON smart contracts. This approach not only enhances transparency and trust within the TON ecosystem but also aligns with the blockchain’s principles of decentralization and open access.
Motivation
The ability for users to read and understand the terms of smart contracts they interact with is crucial for informed participation in the blockchain ecosystem. Currently, the absence of a standardized, accessible platform for source code verification hinders users’ ability to verify the functionality and safety of smart contracts. By establishing a decentralized registry for contract source codes, we aim to address these challenges, ensuring that the TON ecosystem remains open, transparent, and secure for all participants.
Implementation Overview
The proposed contract source registry operates through a collaborative protocol involving various stakeholders within the TON community, including contract developers, source-code uploaders, verifiers, displayers, and end users. The registry leverages IPFS (and eventually TON Storage) for storing human-readable source files and on-chain contracts to map code hashes to their respective source files. This system facilitates a permissionless verification process, allowing for greater transparency and accountability in smart contract deployment and operation.
Technical Specification
Contract Source Registry Components
- IPFS and TON Storage: Used for storing the human-readable source-code files and verification attestations due to their potentially large size and cost implications of on-chain storage.
- On-chain Registry Contracts: Deployed to the TON mainnet to map code hash values of contracts to the URLs hosting their source codes, facilitating easy access and verification.
Stakeholder Roles and Interactions
| Stakeholder | Role |
|---|---|
| Contract Developers | Write and deploy smart contracts but may not directly publish or verify source codes. |
| Source-code Uploaders | Publish source codes to IPFS/TON Storage and initiate the verification process, paying for verification if necessary. |
| Source-code Verifiers | Perform validation of source codes against on-chain code cells, publishing signed attestations of verification. |
| Source-code Displayers | Explorers and platforms that integrate the registry’s widget to display verified source codes to users, potentially filtering based on trusted verifiers. |
| End Users | Consult verified source codes to understand contract functionalities and terms, possibly verifying the code independently using provided tools. |
Data Storage and Verification Protocol
- IPFS/TON Storage: Temporary and future permanent storage solutions for source files and attestations, ensuring decentralized and immutable record-keeping.
- Verifier Registry Contract: Manages a list of active verifiers, including their public keys and quorum configurations, facilitating a transparent verification ecosystem.
- Sources Registry Contract: Maps contract code hashes to their verified source URLs, streamlining the access to source codes for verification and review.
Comparative Analysis
| Aspect | Proposed Decentralized Registry | Centralized Solutions (e.g., Etherscan) |
|---|---|---|
| Accessibility | Source codes stored on IPFS/TON Storage, accessible to all without gatekeeping. | Source codes stored on private servers, access controlled by the service provider. |
| Transparency | Verification process is open and permissionless, with attestations stored on-chain. | Verification process is opaque, managed internally without community oversight. |
| Decentralization | Multiple verifiers and open participation ensure no single point of failure or control. | Centralized control, posing risks of censorship or manipulation. |
| Competitiveness | Lowers barriers for new explorers and tools by providing open access to source codes, fostering ecosystem diversity. | Monopolizes source code verification and display, limiting competition and innovation. |
| Security | Community-driven verification and redundancy in verifiers enhance security and trust. | Centralized verification could miss flaws or be compromised, risking false verifications. |
Conclusion
The Contract Source Registry represents a critical step towards enhancing the transparency, security, and accessibility of smart contracts on the TON blockchain. By leveraging decentralized storage and a permissionless verification protocol, the registry ensures that all participants can confidently interact with smart contracts, knowing their functionalities and terms are verifiable and transparent. This initiative not only strengthens the TON ecosystem’s foundation but also sets a precedent for openness and community collaboration in blockchain governance and operation.