Skip to content

Commit e0bb594

Browse files
author
Neo
committed
Fix 4: ABI_VERIFICATION_NEEDED.md — honest per-service ABI/endpoint audit
The 14 services call real protocol interfaces written best-effort against public docs; they cannot be confirmed without the real deployed contract address + a network connection. This catalogs, per service, exactly which ABI / function signature / API request shape / address a human must verify against the live contract before going live — sourced from each service's inline UNVERIFIED markers. No ABIs were changed to 'look more right'; this is an audit, not a fabrication. Also records the separate dispatch-wiring bug (liquid_stake_* mis-routed to StakingService) surfaced by FIX 2.
1 parent 2fd86da commit e0bb594

1 file changed

Lines changed: 94 additions & 0 deletions

File tree

ABI_VERIFICATION_NEEDED.md

Lines changed: 94 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
# ABI_VERIFICATION_NEEDED — per-service checklist before go-live
2+
3+
The 14 wired blockchain services (`runtime/blockchain/services/<name>/service.py`)
4+
call **real protocol interfaces**, but the exact ABIs / function signatures / API
5+
request shapes were written **best-effort against public documentation** and
6+
**cannot be confirmed without the real deployed contract address + a network
7+
connection**. This file is the honest catalog of what a human must verify against
8+
the actual deployed contract / live API **before** flipping each service on. It is
9+
an audit, not a fix — no ABIs were changed to "look more right."
10+
11+
How to read it: each service lists the **config key(s)** you populate, the
12+
**ABI / interface assumption** to check against the real contract, and the
13+
**API endpoint** to confirm. Items marked `UNVERIFIED` are flagged inline in the
14+
service source too. Until a service's row is verified, leave it unconfigured — it
15+
stays a CREDENTIAL-GATED no-op.
16+
17+
Default network: **Base Sepolia (84532)**. Non-custodial invariant preserved
18+
(server signs only the platform paymaster account, never user funds).
19+
20+
---
21+
22+
### 1. payment_channels (Raiden)
23+
- **Config:** `services.payment_channels.endpoint` (Raiden REST node), `.token_address`, `.contract_address`/`.token_network_address`, `.api_key` (optional).
24+
- **Verify ABI:** `TokenNetwork.openChannel(address,address,uint256)`, `getChannelIdentifier(address,address)`, `closeChannel(...)`. **UNVERIFIED:** `closeChannel` is the minimal 2-arg cooperative form; a **unilateral close carries a balance-proof** (balance_hash, nonce, additional_hash, signatures) only the node can produce — confirm against your deployed `raiden-contracts` TokenNetwork and use the REST path for balance-proof closes.
25+
- **Verify API:** Raiden REST `PUT /api/v1/channels`, `POST /api/v1/payments/{token}/{target}`, `PATCH /api/v1/channels/{token}/{partner}` (field names + settle-timeout bounds) against your node version.
26+
27+
### 2. compute (Akash / Render / Gensyn / DePIN)
28+
- **Config:** `services.compute.endpoint`, `.api_key`, `.provider` (akash|render|gensyn), `.rental_contract`.
29+
- **Verify ABI:** generic `claimRewards(address)` on the DePIN reward contract — **UNVERIFIED**, the real selector is provider-specific.
30+
- **Verify API:** Akash `POST {endpoint}/v1/deployments`, `/v1/leases`, `/v1/rewards/claim`. **UNVERIFIED:** exact SDL/manifest body + paths are provider-specific (`https://api.akash.network`).
31+
32+
### 3. mpc (recovery / session keys / threshold sign)
33+
- **Config:** `services.mpc.recovery_module`/`module_address`, `.session_key_module`, `.endpoint`, `.api_key`.
34+
- **Verify ABI:** `initiateRecovery(account,newOwner,...)`, `registerSessionKey(account,...)`. **UNVERIFIED:** signatures follow a *generic* social-recovery / session-key module — confirm against your deployed recovery module (e.g. the specific 4337/6900 module).
35+
- **Verify API:** MPC-node signing request shape (generic) — confirm against the real MPC node.
36+
- **Non-custodial note:** must operate via the user-authorized module; the server never holds user keys.
37+
38+
### 4. social_protocols (Lens / Farcaster / Push)
39+
- **Config:** `services.social_protocols.lens_hub_address`, `.farcaster_api_base`/`.farcaster_api_key`/`.farcaster_signer_uuid`, `.push_api_base`/`.push_channel`, `.token_factory_address`.
40+
- **Verify ABI:** `LensHub.createProfile(createProfileParams)`**UNVERIFIED** against the exact deployed LensHub (v1 vs v2 param struct differs); token-launch factory selector **UNVERIFIED**.
41+
- **Verify API:** Farcaster via Neynar `https://api.neynar.com`, Push `https://backend.epns.io` — confirm endpoints/keys.
42+
43+
### 5. advanced_governance (veToken / Snapshot / RetroPGF / bribes)
44+
- **Config:** `services.advanced_governance.ve_token_address`, `.snapshot_hub`/`.snapshot_space`, `.bribe_market_address`, `.delegate_registry_address`, `.eas_address`/`.eas_schema`.
45+
- **Verify ABI:** Curve `VotingEscrow.create_lock(uint256,uint256)`, `balanceOf(address)`, `locked(address)`. **UNVERIFIED:** bribe-market selector (Votium-style varies); **assumes an 18-decimal lock/reward token** (line ~180/442) — confirm decimals.
46+
- **Verify API:** Snapshot hub `https://hub.snapshot.org` (message/typed-data shape).
47+
48+
### 6. oracles_plus (Pyth / RedStone / API3 / Chainlink Keepers)
49+
- **Config:** `services.oracles_plus.pyth_contract_address`, `.hermes_endpoint`, `.redstone_endpoint`/`.redstone_api_key`/`.redstone_data_service_id`, `.keeper_registrar_address`/`.registrar_address`.
50+
- **Verify ABI:** Pyth `getPriceUnsafe(bytes32)` returning `(price,conf,expo,publishTime)` — Pyth on Base is canonical `0x8250f4aF4B972684F7b336503E2D6dFeDeB1487a` (confirm). **UNVERIFIED:** Chainlink `AutomationRegistrar` `RegistrationParams` struct/selector differs across Automation versions (2.1 shape assumed, line ~110/473).
51+
- **Verify API:** `https://hermes.pyth.network`, RedStone `https://oracle-gateway-1.a.redstone.finance`.
52+
53+
### 7. tba (ERC-6551 token-bound accounts)
54+
- **Config:** `services.tba.account_implementation` (registry is canonical `0x000000006551c19487814612e58FE06813775758`).
55+
- **Verify ABI:** `ERC6551Registry.createAccount(implementation,salt,chainId,tokenContract,tokenId)` + `IERC6551Account.execute(...)`. Lowest-risk (the registry is standardized) — **verify the account-implementation address + that your registry is the canonical one**.
56+
57+
### 8. storage (Filecoin / Ceramic / OrbitDB)
58+
- **Config:** `services.storage.filecoin_api_key`/`.filecoin_endpoint`/`.filecoin_provider`, `.ceramic_endpoint`/`.ceramic_controller`, `.orbitdb_endpoint`/`.orbitdb_api_key`.
59+
- **Verify API:** Lighthouse `https://node.lighthouse.storage/api/v0/add` / web3.storage upload — **UNVERIFIED:** multipart field name (`file`) + response shape (line ~150). Ceramic genesis commit normally must be **DAG-CBOR encoded & signed** (line ~233) — confirm. OrbitDB has **no standard HTTP API** (line ~331) — confirm your gateway.
60+
61+
### 9. creator_platforms (Sound.xyz / Mirror / Paragraph)
62+
- **Config:** `services.creator_platforms.sound_api_key`/`.sound_edition_address`/`.sound_endpoint`, `.mirror_api_key`/`.mirror_endpoint`, `.paragraph_api_key`/`.paragraph_endpoint`/`.paragraph_publication`.
63+
- **Verify ABI:** Sound `mint(address,quantity)`**UNVERIFIED** against the exact deployed SoundEdition version (line ~164).
64+
- **Verify API:** Sound GraphQL `https://api.sound.xyz/graphql` (query shape, line ~228), Mirror via Arweave bundler (UNVERIFIED for direct posting), Paragraph `https://api.paragraph.xyz`.
65+
66+
### 10. kyc (Sumsub / Persona)
67+
- **Config:** `services.kyc.api_key`/`.secret_key`/`.base_url`/`.level_name` (Sumsub) or `.template_id` (Persona).
68+
- **Verify API:** Sumsub `https://api.sumsub.com` with **HMAC-SHA256 signed** requests — **UNVERIFIED** end-to-end without a real app token (line ~137); Persona `https://withpersona.com/api/v1` inquiry create/fetch (Bearer) — **UNVERIFIED** (line ~207/310).
69+
- **Privacy note:** confirm no raw PII is stored — it passes through to the provider.
70+
71+
### 11. restaking (EigenLayer / Symbiotic / Karak / Lido / Rocket Pool)
72+
- **Config:** `services.restaking.strategy_manager_address`/`.strategy_address`/`.delegation_manager_address` (EigenLayer), `.symbiotic_vault_address`, `.karak_vault_address`, `.lido_steth_address`, `.rocketpool_deposit_address`.
73+
- **Verify ABI:** EigenLayer `StrategyManager.depositIntoStrategy(strategy,token,amount)`, `DelegationManager.delegateTo(...)`; Lido `submit(address)`; Rocket Pool deposit. **Verify each manager/strategy address + signature** against the live deployments (these differ per network and have changed across EigenLayer upgrades).
74+
- **DISPATCH WIRING BUG (separate, flagged):** `ACTION_MAP` routes `liquid_stake_lido` / `liquid_stake_rocketpool` to **`StakingService`**, which has no such methods — the real methods are on **`RestakingService`**. Fix `ACTION_MAP` (in the untouched `service_dispatcher.py`) to repoint these two actions. (See also FIX 2's note.)
75+
76+
### 12. nft_lending (BendDAO / NFTfi / Arcade)
77+
- **Config:** `services.nft_lending.pool_address` (per protocol).
78+
- **Verify ABI:** lending-pool borrow/liquidate signatures differ substantially across BendDAO vs NFTfi vs Arcade `LoanCore`**verify against the specific protocol + pool address** you target.
79+
80+
### 13. ccip (Chainlink CCIP / Hyperlane / Wormhole / Axelar / Stargate)
81+
- **Config:** `services.ccip.router_address` (+ per-bridge addresses).
82+
- **Verify ABI:** Chainlink `Router.ccipSend(destChainSelector, EVM2AnyMessage)` — the **`EVM2AnyMessage` tuple encoding** is intricate; verify against the live router. Base Sepolia CCIP router address must be confirmed (defaulted + marked UNVERIFIED). Hyperlane `Mailbox.dispatch`, Wormhole core, Axelar gateway, Stargate router each need their real addresses + signatures.
83+
84+
### 14. auctions (Dutch / English / sealed-bid + orderbook DEX)
85+
- **Config:** `services.auctions.auction_address`, `.orderbook_address`.
86+
- **Verify ABI:** `createAuction / placeBid / settleAuction` and `placeLimitOrder / cancelLimitOrder` are **bespoke to your auction + orderbook contracts** — there is no single standard. Verify every signature against your deployed contracts.
87+
88+
---
89+
90+
## Cross-cutting items to verify
91+
- **EAS:** Base + Base Sepolia EAS = `0x4200000000000000000000000000000000000021`, Ethereum mainnet = `0xA1207F3BBa224E2c9c3c6D5aF63D0eb1582Ce587` (both verified against the official eas-contracts deployment artifacts in FIX 3).
92+
- **Selectors:** the platform computes selectors via `web3` (real keccak256) — correct. The iOS app's selectors were fixed to real keccak256 in FIX 1 (proven against `0xa9059cbb` etc.).
93+
- **Token decimals:** several services assume 18-decimal tokens — confirm per token.
94+
- **Every `not_deployed`/CREDENTIAL-GATED response** names its exact missing key; grep the logs for `called but credential '…' is not configured` to see what each service still needs.

0 commit comments

Comments
 (0)