⏩Publish an audit
Once you're registered as an auditor on Trustblock, you will be able to publish your audits. Upon registration, you had to provide a wallet address, which lets you to sign in and submit your audits.
All the publishing costs you nothing since we use gasless transactions.
There are two methods to publish your audits:
Using our platform
Head to beta.trustblock.run to connect your wallet.
Click on the "Go to my profile" button.
At the bottom of your profile's page, you'll see a "Publish an audit" button redirecting you to the audit publication form once you click on it.
Complete the form, submit and you're all set!
Using our API
To publish an audit through our API, you must structure your data object in a specific way involving four parts: audit, issues, contracts, and project.
1. Audit data
The audit data is at the first level of the full data object.
To obtain a valid reportFileCid
, you will have to perform an upload on our IPFS provider, Pinata.
In order to upload a file successfully, you will first have to fetch the necessary authorization to do so by calling our dedicated route.
Once you have retrieved your authorization response from the previous request, you must upload the file effectively. The code should look something like this:
The name and description expected here are not supposed to be the ones of the project audit. Still, the audit itself, e.g., If you audited the liquidity locker of a project named TokenA, the name of the audit would be Liquidity Locker.
2. Issues data
Two attributes classify every issue: its status (IssueStatus
) and severity (IssueSeverity
).
An issue status can either be fixed
or not_fixed
.
An issue severity can either be low
, medium
, high
or critical
.
We know all auditors have different values for these fields; our goal was to simplify so that everyone can adapt their own system to ours.
The most important kind of issues are thenot_fixed critical
ones.
We are always welcoming suggestions, so don't hesitate to contact us!
All your issues must be stored inside a list passed to the main request body.
3. Contracts data
Every contract has a type
(ContractType
) field, which can either be: on_chain
or off_chain
.
Depending on the type, the contract must have different fields.
Contract on-chain
Additionally, to the type
field, two other fields are required to submit an on-chain contract: evmAddress
& chain
.
chain
can either one of the supported chains.
Contract off-chain
An off-chain contract requires three extra fields: repositoryUrl
, repositoryCommitHash
& repositoryFilePath
.
For now, we only support Github public repositories.
All your issues must be stored inside a list passed to the main request body.
4. Project data
Our system will automatically check if the audit's project already exists in our database by relying on links.website
.
Best practice for an automated setup
To make sure your request never fails, pass all the data needed to create a project, including links
, name
, description
and tags
.
5. Final data object
6. Sending the request
Once your data is ready, you'll have to set up the request.
The publish audit route only accepts formdata
.
The formdata
should have two fields: the report file stored under the pdf
key and the data (passed as a JSON string) stored under the data
key.
And then, what?
That's it! Your audit is published and publicly accessible through our platform.
We refresh metrics on Trustblock every day at a fixed time, and as such, your profile should be updated pretty soon after publishing your audits with the newest metrics.
The audit you publish will now be available from labels and API. Check the links below for more information.
Last updated