WalletUnCon

Deployment Validation Files : Ensuring the Sanity of Deployed Smart Contracts
11-17, 15:00–15:30 (Europe/Istanbul), Beyazit Main Stage

One of the problems any user willing to interact with a deployed smart contract faces is whether a smart contract is audited and whether the deployed version is the same version that was audited. Auditors of the smart contracts mainly focus on the source code. This tool helps auditors as well as end-users to make sure that the deployed version works as expected.


Security audits are a targeting to assure the users that the "source code" provides a good level of security. However, the might be some discrepancies between the audited source code and the deployed bytes code, for example:
1. If the deployed smart contract is a different version of the source code.
2. (Even if the source code compiled and deployed has the same version of audit) Using different version of compiler/dependencies result in a different bytecode.
3. Upon deployment constructor arguments are mistakenly set (e.g., owner of the contract)
4. Despite of being deployed correctly, later, some of the critical storage variables are modified in a way that affects the access control and other security-related aspects.

Deployment Validation proposes a standard to address the aforementioned issues.

Shahriar is a junior blockchain security engineer @ Chainsecurity, an auditor of High-TVL projects, and has participated in the development of multiple tools for the ETH ecosystem. He joined Chainsecurity in August 2022.