Where is the on-chain code actually stored?

Question

I've just read something that suggests Validators aren't actually kept on the blockchain. To save the space, only the hash of the Validator is kept at the UTxO and users willing to spend it must themselves provide the Validator code with matching hash value.

Besides the funny fact that on-chain code doesn't actually live on the chain, that brings a number of questions, of which the first and most obvious will be:

1. How the actual Validators are stored? I mean the repositories may and should be distributed and each SC author could provide their own source of the code, but
2. Is there any standard format of such packages (most likely containing also off-chain code) that could be loaded into wallets or other clients?
3. Since the hash refers to a compiled version of the Validator, i.e. the Plutus Script code, how could users make sure that the binary is a result of compilation of the source the author publishes? Having the compilator and libraries being developed and optimized, it's almost sure the compilation results will vary over time, obviously changing the hash.

Answer 1

As stated by Samuel, the code that a validator runs to check whether a transaction is valid is sent and stored in the transaction body as an input.

So all scripts, be they Plutus or Native scripts, get stored on chain when any UTxO's locked by the script are consumed (though they are not part of the UTxO ledger state, but stored in another part of the ledger) and are retrievable through the chain-indexer, Blockfrost or even in some cases, from some blockchain explorers.

For example, you can use the Blockfrost API "Script CBOR" to access the script CBOR. Here's a link to understand how to do this.

Additionally, if you just look at a sample transaction on CardanoScan itself, for example this transaction claiming an UTxO for the simple "Always succeed" plutus script address [3], we can see that the datum in CBOR is 182a.

Using an online tool caller cbor.me we see that the datum/redeemer was 42 (182a in CBOR hex). The contract bytecode is also listed there, but this is not human-readable plutus core code.

Now for the off-chain part that safely can construct transactions for users, that needs to be distributed by the writer of that script. I know that IOG (also known as IOHK) is building a Dapp store to safely distribute such offline code.

And lastly, you are correct! The plutus script hashes to the address, so if one would change the code, a new address should be used. Note however that complex Dapps may use several contracts, for example look at the Occam dex that they showed off [5] They used 3 contracts to implement certain behavior. So over time use cases may change, and other addresses might be used.

EDIT After the Vasil HF in the Babbage era, transactions can witness the scripts by referencing them in other UTxO's that may not be consumed in the transaction. This way, scripts do get stored on the active UTxO graph part of the ledger. These referenced validators will also become available inside plutus (6).

Answer 2

Auxiliary scripts are an attribute in the txbody that can have the validator script in it if it's small enough. You could also have metadata that links your users to the script off-chain.