First off, I totally understand the convenience of having ABI readily available from API, and am aware of existing blockchains (e.g. EOS) that do exactly just this.
However, despite things working well under the happy case (everyone using the standard toolchain to build and deploy contracts), the
abi returned by
get_code cannot be relied upon:
contract_definitionis optional anyways when deploying contract
- There’s no way for sequencers to verify correctness of ABI submitted on deployment
To demonstrate the idea, I’ve deployed a contract with fake ABI here, and it’s picked up by the block explorer:
which is quite misleading.
IMO if shouldn’t even be there if it cannot be relied upon. I think the responsibility of providing ABI should be outsourced to a source verification service like Sourcify or Etherscan, which can deterministically derive ABI from source code.
What do you guys think?