How to check the consistency between the source code and verification key of a zkapp? | Mina Protocol | Page 1

#How to check the consistency between the source code and verification key of a zkapp?

1 messages · Page 1 of 1 (latest)

noble sigil Mar 21, 2024, 1:27 AM

If developers A and B have collaborated on a zkapp and B deploys it to Mina, how can A ensure that B hasn't modified the source code before deployment? Can A use the original code and the zkapp's verification key hash to verify consistency?

jolly dragon Mar 21, 2024, 11:53 AM

You can compare the verification key written to the zkApp deployment account and the verification key that you will generate yourself while compiling the SmartContract's code.

You should keep in mind that the verification key is the function of

SmartContract code
o1js version
network where the contract is deployed, and version of this network
result of the calls of the functions inside the SmartContract

The easiest way is to take the whole repo used for deployment and repeat compiling using this repo with the same settings, same env.json, same environment and same versions of all libraries.