I’d like to bring up a matter of concern regarding the transparency of a recent upgrade to the open-sourced NFT ledger managed by Toniq Labs. Specifically, this involves a missing .wasm module related to upgrade 3e3018b, which was active during a reported theft and sale of an “ultra-rare” NFT. Several suspicious activities were observed within the Motoko community’s Discord around that time, raising concerns among NFT holders.
Currently, the .wasm file that would allow for independent review of the code and rule out the existence of any backdoors is unavailable. @bob11 has made attempts to obtain the file but has not been successful so far.
Transparency and security are crucial for maintaining trust within the community. With this in mind, we believe a publicly verifiable audit would help assure NFT holders that the ledger remains secure and free from malicious intent. This would not only restore confidence but also set a precedent for transparency in future upgrades and ledger management.
We are simply requesting access to the .wasm file so that community members like @dgdg-app and others can independently review the code and confirm its integrity.
Any assistance or response would be greatly appreciated.
Who deployed the updated version? Toniq Labs? If they use a source control and do reproducible builds, they should be able rebuild the Wasm module with the same hash without trouble.
As far as I know, it’s impossible to retrieve the current Wasm module, let alone a historical version.
It’s not impossible, the .wasm file must exist for new nodes to be able to join the network. How else would they be able to create a working node machine that would execute the smart contract?
It should be impossible (or really hard) to access those files.
Otherwise they could swap the Wasm, share between 1/3+1 of malicious providers with node machines in the same subnet, and you would never know that happened because IC doesn’t keep public logs of requests and responses of update calls - logs kept by the canisters itself can’t be trusted if it’s a hacked canister.
I believe you’re mixing up state and concensus of state changes with the executable that operates on the state. My understanding is that the computation is replicated across nodes, sure someone could muck with an individual node machine but when they get different results from the other replicas it’s caught in concensus.
There’s a record of the hash maintained for each contract, it’s certainly used internally when node machines join and receive the .wasm executable necessary to actually do the compute for that contract. The node machine would check the SHA256 signature for the file upon receipt to ensure it has the correct binary.
We need this .wasm file as soon as possible. “Don’t trust, verify” is a core principle in crypto, and by releasing the file, Toniq Labs can uphold that standard. Transparency and community verification are key to what ICP stands for. Providing the .wasm file will show a commitment to these values, helping restore trust and allowing us to move forward together.
(sorry for tagging, I’m new to the forum and thought you might know who to send to this thread to clarify the situation)