SIP-3: Code Verification API

SIP Number: 3
Title: Code Verification API

1 Like

Let me introduce the background for submitting the SIP-3.

When users query a package in the SUI Explorer, they can’t inspect the move code directly; instead, they only have access to low-level bytecode, which is not easily readable for most users.

To address this issue, I proposed SIP-3, an API specification that the explorer can utilize to display the verified move code of the package. In this context, “verified” implies incorporating functionality to prevent the upload of malicious fake code. This verification is crucial because trusting an unverified package with shown fake code can potentially lead to the loss of assets.

The Ethereum ecosystem has experienced several DeFi incidents, which naturally led to the establishment of a verification culture. As a result, platforms like Etherscan provide access to around 99% of smart contract codes. There is a widespread understanding that using unverified contracts is a highly risky behavior.