This article explains how to verify the advanced decentralized deployment
Kwenta is currently hosted on the distributed
IPFSnetwork. Each release is stored with an unique cryptographical hash on this network. These hashes however are difficult to remember, hence gateways such as
Users with the IPFS Companion extension installed (or Brave Browser which comes with IPFS built-in) can visit Kwenta by visiting
kwenta.eth/,bypassing the centralized gateway.
This article explains different ways on how to verify that when you visit
kwenta.eth.limo, you are actually seeing the currently endorsed release voted on by the Kwenta Elite Council in accordance with
The Elite Council has control over the ENS records set for the
kwenta.ethdomain name via a multisig. When a new release IPFS hash is proposed by the DAO, the Elite Council needs to verify and sign a transaction in order to change the ENS record to point to the new release IPFS hash.
In order to check the latest IPFS hash signed by the Elite Council, head over to
https://ens.domainsand search for
kwenta.eth. Under Records, you will find the correct IPFS hash set which the
eth.limogateway is pointing to for kwenta:
Kwenta ENS Records
But where does the DAO derive this IPFS hash from? To check this, you can head over to GitHub where releases are currently published. Note that this solution is temporary and will change in the future due to the envisioned switch to Radicle (KIP-31).
Currently the devDAO publishes information on new releases to https://github.com/Kwenta/kwenta/releases. Each new release includes the IPFS hashes of the new deployments, as well as a summary of the changes. Community members can read through the changes and audit the code that has been changed since the last release.
You can now verify the
CIDv1IPFS hash with the hash shown on ENS (see above).
To fully verify that the IPFS hash relates to the release shown on GitHub, you can also verify the commit hash by double checking the commit hash shown on the release (see left sidebar of the screenshot) with the latest git hash printed on any page on Kwenta at the very bottom:
Release git commit hash at the bottom of Kwenta
As seen in the screenshots, the hash
7e409f3matches on both Github and Kwenta.
If you now visit Kwenta on IPFS and all hashes match, you can be relatively certain that you are visiting the correct and Elite Council endorsed version of Kwenta.
A commit hash is a cryptographic checksum that is calculated from the state of the repository.