Allow Truffle to publish source+metadata information to Sourcify

[gnidan]

solc terminates all bytecode output with a CBOR-encoded hash of the metadata, intended for use in contract verification (ref: documentation). Provided a commonly-used repository containing public contract metadata, wallet software should be able to perform contract verification natively, without relying on (or in addition to) centralized services such as Etherscan.

Truffle should likely:

• Allow outputting solc's native metadata format as an artifact of compilation
• Add a new configuration parameter, to enable users to specify a repository for uploading these metadata files
• Add a command, or update the publish command, to publish these metadata files to the specified repository.

With this in place, wallet software can start downloading these metadata files from a given repository and perform contract verification at transaction-time.

Probably lots of unknowns here to investigate, such as IPFS support (since solc currently only outputs the Swarm hash).

This comes out of a discussion with @chriseth. cc @danfinlay.

[stale]

Thank you for raising this issue! It has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. If you would like to keep this issue open, please respond with information about the current state of this problem.

[stale]

There has been no new activity on this issue since it was marked as stale 7 days ago, so it is being automatically closed. If you'd like help with this or a different problem, please open a new issue. Thanks!

[chriseth]

Would be really great to have this...

[stale]

Thanks for your response! This issue is no longer considered stale and someone from the Truffle team will try to respond as soon as they can.

[gnidan]

You're right, @chriseth :)

[gnidan]

Just cause @Stale's gonna come in here soon and tell us this is stale. It's not. We should still do this.

[stale]

Thank you for raising this issue! It has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. If you would like to keep this issue open, please respond with information about the current state of this problem.

[chriseth]

Oh, I just discussed with again with @eggplantzzz - didn't even remember we already had this issue here :)

[stale]

Thanks for your response! This issue is no longer considered stale and someone from the Truffle team will try to respond as soon as they can.

[gnidan]

stalebot!!!!

[snario]

+1

[gnidan]

PRs welcome on this!

[rkalis]

It sounds like bullet point one is satisfied by #1856. Point two and three sound like they'd be better suited for a Truffle plugin to be honest.

The example plugin for truffle-plugin-store that I created for Truffle University last year seems like it could be extended by someone in order to store metadata in a dedicated repository.

[haltman-at]

@gnidan Is there more work to be done here, or does @rkalis have the right of it?

[chriseth]

In my opinion, the best action would be to publish the metadata on ipfs, so it can be picked up by the sourcify monitor or whoever wants to. Then we could have instant source verification without any action required on the deployer's part.

[gnidan]

I believe the next step for this would be to integrate this workflow into Truffle's upcoming truffle preserve command. Moving this to our icebox to revisit in a couple months when the infrastructure is in place.

Thanks for continuing to champion this effort, @chriseth 🙇