Verify Kwenta
This article explains how to verify the advanced decentralized deployment
Last updated
This article explains how to verify the advanced decentralized deployment
Last updated
Kwenta is currently hosted on the distributed IPFS network. Each release is stored with an unique cryptographical hash on this network. These hashes however are difficult to remember, hence gateways such as eth.limo exist.
Users with the IPFS Companion extension installed (or Brave Browser which comes with IPFS built-in) can visit Kwenta by visiting kwenta.eth/,bypassing the centralized gateway.
This article explains different ways on how to verify that when you visit kwenta.eth.limo, you are actually seeing the currently endorsed release voted on by the Kwenta Elite Council in accordance with KIP-22.
The Elite Council has control over the ENS records set for the kwenta.eth domain name via a multisig. When a new release IPFS hash is proposed by the DAO, the Elite Council needs to verify and sign a transaction in order to change the ENS record to point to the new release IPFS hash.
In order to check the latest IPFS hash signed by the Elite Council, head over to https://ens.domains and search for kwenta.eth. Under Records, you will find the correct IPFS hash set which the eth.limo gateway is pointing to for kwenta:
But where does the DAO derive this IPFS hash from? To check this, you can head over to GitHub where releases are currently published. Note that this solution is temporary and will change in the future due to the envisioned switch to Radicle (KIP-31).
Currently the devDAO publishes information on new releases to https://github.com/Kwenta/kwenta/releases. Each new release includes the IPFS hashes of the new deployments, as well as a summary of the changes. Community members can read through the changes and audit the code that has been changed since the last release.
You can now verify the CIDv1 IPFS hash with the hash shown on ENS (see above).
To fully verify that the IPFS hash relates to the release shown on GitHub, you can also verify the commit hash by double checking the commit hash shown on the release (see left sidebar of the screenshot) with the latest git hash printed on any page on Kwenta at the very bottom:
As seen in the screenshots, the hash 7e409f3 matches on both Github and Kwenta.
If you now visit Kwenta on IPFS and all hashes match, you can be relatively certain that you are visiting the correct and Elite Council endorsed version of Kwenta.
A commit hash is a cryptographic checksum that is calculated from the state of the repository.
