Keyvault - UCG Proposal

hi @Juminstock, @GuiGou,

Although, yes, I am having difficulties with getting cargo contract build --verifiable to work well with cargo contract verify (I’ll show the details in a follow-up post to not clutter this post), I think there is another issue that’s just as problematic.

As listed in use.ink contract verification docs, there are 2 ways to verify an ink! contract. The following include my understanding of what the 2 options entail.

1. “local bare-bones verification” – This is the running of cargo contract verify locally. However, I further imagine that this approach would require users to run the command if they want to verify the contract. However, I assume this would not provide a “verified contract” in the sense of a block explorer site publicly vouching for the verified status.
2. “third-party service such as [Subscan/Sirato/Polkaholic]” – This means to upload the relevant contract and wasm files to the 3rd party service so that they can verify the build and officially vouch for the build on their site. This is, I imagine, what provides a verified contract that users can check on these sites. Here is where I’m running into issues.

There are/were 3 such services (block explorers of Astar network, wasm) that I’m aware of. Here are the issues I encountered with each:

1. Sirato – This is the site that’s actually listed on the use.ink docs: Sirato | ink! documentation. The listed link, https://substrate.sirato.xyz/, results in a connection error. I think they’ve since taken down their block explorer service. So, this one is a no-go.
2. Polkaholic – This is the verification service that ChainIDE uses. Unfortunately, https://polkaholic.io/ returns a 404. That is the address listed on their GitHub page. And, base on their issues page, it has been down for at least 3 weeks and shows no signs of coming back online.

The above image is the result I’m getting from using ChainIDE for building, deploying, and publishing verified wasm contracts. Unfortunately, it now results in an error, stating that it [f]ailed to connect to api.polkaholic.io/0.0.0.0:443. https://api.polkaholic.io/ results in a 404.

3. Subscan – I think this one is manageable with time. Subscan is up and has a link for verifying wasm contracts: https://astar.subscan.io/verify_wasm_contract. The only issue is that their listed compilers only go up to version 3.2.0 whereas I’ve been using 4.1.1. Subscan does offer the option of contacting them to “add custom docker image[s]” for the compilation process. However, I imagine that’ll take a good amount of time and I’m also having difficulties with cargo contract build --verifiable and cargo contract verify steps.

Anyway, above detail some of my thought process and attempts. Maybe (hopefully?) I misunderstood something?

As for the articles/blog posts I mentioned, they were just the use.ink docs site and a few Medium articles where the author detail the steps for verifying ink! contracts with their, the author’s, preferred block explorer service. I can try to find them again if you like.