Technical Overview

Reproducibility through Docker Images

Our approach to achieving reproducibility in contract compilation leverages Docker. We use the contract-builder Docker image provided by NEAR Protocol, currently supporting Rust compilation. A TypeScript builder is planned for future release. The infrastructure is centered around the concept of a reproducible environment, preserved for future users who need to compile contracts.

Enhanced Security with JWT Authentication

Security is paramount in our system, implemented by assigning each user a temporary folder, secured using JWT authentication. The architecture comprises several isolated components:

  • The backend API

  • contract-builder

  • IPFS

Each component operates in separate Docker containers. The backend's /tmp folder is mounted into contract-builder. Compilation requests are processed within this reproducible image, and the output is managed within the backend's container, enabling comparison and verification with the on-chain code.

Code Import and Verification Process

Users specify the GitHub repository and commit SHA to import code, receiving an access token for their temporary folder, which auto-deletes after 30 minutes, matching the token's validity.

The verification process involves a backend signer that signs and proposes transactions to the NEAR blockchain, adding verified smart contract information into our smart contract's mapping.

Decentralized Storage Options

Besides GitHub, users can opt for IPFS for decentralized storage. The corresponding IPFS CID is bound in the smart contract by the signer.

Contract Verification

Contract verification compares the on-chain contract's code hash with that compiled on the server. Options for ensuring similar on-chain code include using sourcescan-builder-rust, involving the NEAR Protocol contract builder, or attaching a full access key to our service for compiling and deploying smart contracts, followed by backend verification.

More options will be available in future implementations. We store the code_hash of the correctly compiled contract in our smart contract. If a user deploys a different contract, the previous verification is revoked.

PreviousNEAR NativeNextContinuous Monitoring

Last updated