Audit and Identify Off-chain Data in Soroban Contracts

[Jeffrey0522]

Audit and Identify Off-Chain Data in Contracts

• Name / Title: Audit and Identify Off-chain Data in Soroban Contracts
• Complexity: Low
• Task Type: Analysis / Research
• Description: Currently, the Soroban smart contracts in the project are storing extensive application data which is not the optimal use case for blockchain technology. Specifically, we have identified UserProfile in contracts/course/course_access/src/schema.rs and contracts/user_profile/src/schema.rs storing name, email, profession, goals, and country. Additionally, Course in contracts/course/course_registry/src/schema.rs stores large strings like title, description, and thumbnail_url. This task involves formally documenting all such fields and structs to provide a clean mapping to the off-chain database.
• Technical Requirement: Rust, Soroban SDK, understanding of on-chain vs off-chain data paradigms.
• Estimated time to deliver: 4 hours
• Acceptance criteria:
  • A definitive list of data structures and fields currently on-chain that should be moved off-chain is documented.
  • A mapping document is provided detailing the required schema for the off-chain database.
• MUST DOs:
  • Do not make changes to the Rust files yet; this is an analysis task.
  • Identify all instances of non-essential string data being stored (e.g., CourseModule title, CourseGoal content).
  • Avoid assumptions about database size; document all fields verbatim.
• References:
  • Repo: skillcert_contracts
  • Files:
    • contracts/user_profile/src/schema.rs (UserProfile)
    • contracts/course/course_access/src/schema.rs (UserProfile)
    • contracts/course/course_registry/src/schema.rs (Course, CourseModule, CourseGoal)

[gelluisaac]

I’m interested in tackling this! I have a strong background in smart contract development and full-stack systems, so I'm well-equipped to handle the requirements here. Could you please assign this to me?