TruCol aims at building a decentralized, trust-less platform for test-driven programming development. This GUI allows people to submit their sponsor contracts to our server such that they can receive feedback on the safety of the contract (e.g. are there any loopholes malicious bounty hunters might exploit), and have their contract automatically deployed on the Ethereum chain. The TruCol protocol can also be used directly by the users themselves, we intend to provide a CLI to make that easier.
Suppose Alice wants some well-defined challenge, such as an 'n*n' sudoku, to be solved. She writes a set of unit tests that check any given solution, using random inputs. Instead of creating the solution herself, Alice publishes the unit tests in a smart contract and sets a bounty for any other smart contract that solves it. Bob, the bounty hunter, finds the contract and codes a solution in a smart contract, in order to receive the bounty. If Alice's requirements are fulfilled, the smart contract automatically pays out the reward. This repository presents the protocol to do this completely trustless and decentralised, without taking any fees, thus increasing market efficiency.
- By providing a protocol instead of a service, we empower the users financially whilst increasing their autonomy by removing the need to rely on an over-arching bounty platform that takes money from the work of users.
- Sharing a completely open and deterministic payout protocol, removes bias from "the hiring process"*.
- Presenting a protocol instead of a service makes the free market for test driven development (significantly more) resilient against takedowns.
- Currently, the fully trustless decentralised version of the protocol is only implemented in Solidity to Solidity. This is a significant constraint on the adoptability as most test-driven development happens in other languages like Python/C etc. Issue 5 describes how the protocol can be expanded to facilitate other languages
- The costs of evaluating unit tests and solutions on chain can be significant. Scalability in costs through expansion of the chain of trust and/or allowing users to reduce decentralisation might allow users to make their own decision on "safety/costs".
- *The bias in "the hiring process" is only removed for test driven development jobs.
- *The bias in "the hiring process" is still present based on the language that sponsors write their code in. Additionally, bounty hunters and sponsors still require access to the internet to enter this free market.
- Documentation of code can be/is important yet cannot (yet) be fully deterministically/reliably be assessed on quality in this protocol.
- Code readability (e.g. sensible variable names) is not yet completely deterministically/reliably assessable in this protocol.
The content of this repository is divided into three categories. The three listed potentially somewhat overlapping applications of decentralisation technologies are developed to give the user a wider range of choice.
- This repository contains three pairs of solidity contracts of which two pairs are a proof of concept of the protocol. The third set/pair of contracts is the
metacoin
Truffle unit testing example that shows how to write unit tests for solidity contracts.
- Additionally a website is written in NodeJS that makes writing their bounty contracts and solidity unit tests as simple as possible. Simplification is done by providing solidity contract templates, (gas costs estimates and through automated Truffle unit testing using Travis-CI (future work)) in branch nodey-docker.
- Randomness (used to prevent the bounty hunter from hardcoding solutions) is absorbed from Chainlinks' VRF in branch poly-sol.
- An approach to perform api-calls to GitHub to facilitate all languages (instead of Solidity only) using Tellor is included in branch tellor.
- An approach to store a secret (used to prevent the bounty hunter from hardcoding solutions) using NuCypher is implemented here.
To use the protocol, clone this repo, and modify the test
and checkQueens
function of the sponsor contract such that they contain the unit tests for your challenge (in NP). Next, we recommend you modify the TestMetaCoin or TestSolveNQueens.sol to throw some solutions into your unit tests and check if they catch true and false solutions correctly. You can test your solidity contract with the unit tests using Truffle.
Documentation is here, video instructions is here (starts at 1:34). The following installations are written for a Linux system:
- install npm on device
sudo apt install npm
- Install truffle
sudo npm install -g truffle
- Run truffle test to verify if your bounty contract works.
truffle test
Besides the automated testing using Truffle, you can also manually test your smart contracts. To do so you can look at AskContract which consists of a square root problem and the SolveContract which is able to solve the problem.
Test:
- Open both contracts in https://remix.ethereum.org
- Compile (ctrl+s) and select the AskContract (Not the template!), deploy it (optionally add a value to it)
- Copy the contract address of the AskContract
- Compile and select the SolveContract (Not the template!), paste the copied address in the deploy field and deploy it
- Finally, click on the SolveContract and click on the 'solve' function
- Now the funds should be transferred to the owner of the SolveContract
TestRefund:
- Change the expiry value in the contract to a future experidate (unix timestamp)
- Compile and select the AskContract, deploy it with a value
- Click on the AskContract and try to get the refund, when it is past your timestamp it should self-destruct otherwise it should not work
Note that only the owner of the contract (which is the person who either created or solved the contract) can activate the refund function.
The frequently asked questions are discussed in detail in FAQ.
We welcome critical evaluations of our protocol, and have found it quite a fun exercise to analyse the attack surfaces of the various possible implementations of the protocol. To do so, please have a look here to check if your concern is already treated, and if not, feel free to raise an issue or even pull request that addresses the security concern.