smart contract

SmartContract/Cargo.toml

@@ -0,0 +1,60 @@
+cargo-features = ["edition2021"]
+
+[package]
+name = "cw-dotc"
+version = "0.1.0"
+authors = ["anilcse <[email protected]>"]
+edition = "2021"
+
+exclude = [
+  # Those files are rust-optimizer artifacts. You might want to commit them for convenience but they should not be part of the source code publication.
+  "contract.wasm",
+  "hash.txt",
+]
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[net]
+git-fetch-with-cli = true
+[lib]
+crate-type = ["cdylib", "rlib"]
+
+[profile.release]
+opt-level = 3
+debug = false
+rpath = false
+lto = true
+debug-assertions = false
+codegen-units = 1
+panic = 'abort'
+incremental = false
+overflow-checks = true
+
+[features]
+# for more explicit tests, cargo test --features=backtraces
+backtraces = ["cosmwasm-std/backtraces"]
+# use library feature to disable all instantiate/execute/query exports
+library = []
+
+[package.metadata.scripts]
+optimize = """docker run --rm -v "$(pwd)":/code \
+  --mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \
+  --mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \
+  cosmwasm/rust-optimizer:0.12.8
+"""
+
+[dependencies]
+cosmwasm-schema = "1.1.3"
+cosmwasm-std = "1.1.3"
+cosmwasm-storage = "1.1.3"
+cw-storage-plus = "1.0.1"
+cw2 = "1.0.1"
+schemars = "0.8.10"
+serde = { version = "1.0.145", default-features = false, features = ["derive"] }
+thiserror = { version = "1.0.31" }
+
+
+
+[dev-dependencies]
+cw-multi-test = "0.20.0"
+cosmwasm-schema = { version = "1.0.0" }
+wasm-bindgen = "0.2.73"

SmartContract/Developing.md

@@ -0,0 +1,96 @@
+# Developing
+
+If you have recently created a contract with this template, you probably could use some
+help on how to build and test the contract, as well as prepare it for production. This
+file attempts to provide a brief overview, assuming you have installed a recent
+version of Rust already (eg. 1.51.0+).
+
+## Prerequisites
+
+Before starting, make sure you have [rustup](https://rustup.rs/) along with a
+recent `rustc` and `cargo` version installed. Currently, we are testing on 1.51.0+.
+
+And you need to have the `wasm32-unknown-unknown` target installed as well.
+
+You can check that via:
+
+```sh
+rustc --version
+cargo --version
+rustup target list --installed
+# if wasm32 is not listed above, run this
+rustup target add wasm32-unknown-unknown
+```
+
+## Compiling and running tests
+
+Now that you created your custom contract, make sure you can compile and run it before
+making any changes. Go into the repository and do:
+
+```sh
+# this will produce a wasm build in ./target/wasm32-unknown-unknown/release/YOUR_NAME_HERE.wasm
+cargo wasm
+
+# this runs unit tests with helpful backtraces
+RUST_BACKTRACE=1 cargo unit-test
+
+# auto-generate json schema
+cargo schema
+```
+
+### Understanding the tests
+
+The main code is in `src/contract.rs` and the unit tests there run in pure rust,
+which makes them very quick to execute and give nice output on failures, especially
+if you do `RUST_BACKTRACE=1 cargo unit-test`.
+
+We consider testing critical for anything on a blockchain, and recommend to always keep
+the tests up to date.
+
+## Generating JSON Schema
+
+While the Wasm calls (`instantiate`, `execute`, `query`) accept JSON, this is not enough
+information to use it. We need to expose the schema for the expected messages to the
+clients. You can generate this schema by calling `cargo schema`, which will output
+4 files in `./schema`, corresponding to the 3 message types the contract accepts,
+as well as the internal `State`.
+
+These files are in standard json-schema format, which should be usable by various
+client side tools, either to auto-generate codecs, or just to validate incoming
+json wrt. the defined schema.
+
+## Preparing the Wasm bytecode for production
+
+Before we upload it to a chain, we need to ensure the smallest output size possible,
+as this will be included in the body of a transaction. We also want to have a
+reproducible build process, so third parties can verify that the uploaded Wasm
+code did indeed come from the claimed rust code.
+
+To solve both these issues, we have produced `rust-optimizer`, a docker image to
+produce an extremely small build output in a consistent manner. The suggest way
+to run it is this:
+
+```sh
+docker run --rm -v "$(pwd)":/code \
+  --mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \
+  --mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \
+  cosmwasm/rust-optimizer:0.11.4
+```
+
+We must mount the contract code to `/code`. You can use a absolute path instead
+of `$(pwd)` if you don't want to `cd` to the directory first. The other two
+volumes are nice for speedup. Mounting `/code/target` in particular is useful
+to avoid docker overwriting your local dev files with root permissions.
+Note the `/code/target` cache is unique for each contract being compiled to limit
+interference, while the registry cache is global.
+
+This is rather slow compared to local compilations, especially the first compile
+of a given contract. The use of the two volume caches is very useful to speed up
+following compiles of the same contract.
+
+This produces an `artifacts` directory with a `PROJECT_NAME.wasm`, as well as
+`checksums.txt`, containing the Sha256 hash of the wasm file.
+The wasm file is compiled deterministically (anyone else running the same
+docker on the same git commit should get the identical file with the same Sha256 hash).
+It is also stripped and minimized for upload to a blockchain (we will also
+gzip it in the uploading process to make it even smaller).

SmartContract/Importing.md

@@ -0,0 +1,62 @@
+# Importing
+
+In [Publishing](./Publishing.md), we discussed how you can publish your contract to the world.
+This looks at the flip-side, how can you use someone else's contract (which is the same
+question as how they will use your contract). Let's go through the various stages.
+
+## Verifying Artifacts
+
+Before using remote code, you most certainly want to verify it is honest.
+
+The simplest audit of the repo is to simply check that the artifacts in the repo
+are correct. This involves recompiling the claimed source with the claimed builder
+and validating that the locally compiled code (hash) matches the code hash that was
+uploaded. This will verify that the source code is the correct preimage. Which allows
+one to audit the original (Rust) source code, rather than looking at wasm bytecode.
+
+We have a script to do this automatic verification steps that can
+easily be run by many individuals. Please check out
+[`cosmwasm-verify`](https://github.com/CosmWasm/cosmwasm-verify/blob/master/README.md)
+to see a simple shell script that does all these steps and easily allows you to verify
+any uploaded contract.
+
+## Reviewing
+
+Once you have done the quick programatic checks, it is good to give at least a quick
+look through the code. A glance at `examples/schema.rs` to make sure it is outputing
+all relevant structs from `contract.rs`, and also ensure `src/lib.rs` is just the
+default wrapper (nothing funny going on there). After this point, we can dive into
+the contract code itself. Check the flows for the execute methods, any invariants and
+permission checks that should be there, and a reasonable data storage format.
+
+You can dig into the contract as far as you want, but it is important to make sure there
+are no obvious backdoors at least.
+
+## Decentralized Verification
+
+It's not very practical to do a deep code review on every dependency you want to use,
+which is a big reason for the popularity of code audits in the blockchain world. We trust
+some experts review in lieu of doing the work ourselves. But wouldn't it be nice to do this
+in a decentralized manner and peer-review each other's contracts? Bringing in deeper domain
+knowledge and saving fees.
+
+Luckily, there is an amazing project called [crev](https://github.com/crev-dev/cargo-crev/blob/master/cargo-crev/README.md)
+that provides `A cryptographically verifiable code review system for the cargo (Rust) package manager`.
+
+I highly recommend that CosmWasm contract developers get set up with this. At minimum, we
+can all add a review on a package that programmatically checked out that the json schemas
+and wasm bytecode do match the code, and publish our claim, so we don't all rely on some
+central server to say it validated this. As we go on, we can add deeper reviews on standard
+packages.
+
+If you want to use `cargo-crev`, please follow their
+[getting started guide](https://github.com/crev-dev/cargo-crev/blob/master/cargo-crev/src/doc/getting_started.md)
+and once you have made your own *proof repository* with at least one *trust proof*,
+please make a PR to the [`cawesome-wasm`]() repo with a link to your repo and
+some public name or pseudonym that people know you by. This allows people who trust you
+to also reuse your proofs.
+
+There is a [standard list of proof repos](https://github.com/crev-dev/cargo-crev/wiki/List-of-Proof-Repositories)
+with some strong rust developers in there. This may cover dependencies like `serde` and `snafu`
+but will not hit any CosmWasm-related modules, so we look to bootstrap a very focused
+review community.

SmartContract/README.md

@@ -0,0 +1,3 @@
+# cw-dotc
+
+