I've just read something that suggests Validators aren't actually kept on the blockchain. To save the space, only the hash of the Validator is kept at the UTxO and users willing to spend it must themselves provide the Validator code with matching hash value.
Besides the funny fact that on-chain code doesn't actually live on the chain, that brings a number of questions, of which the first and most obvious will be:
- How the actual Validators are stored? I mean the repositories may and should be distributed and each SC author could provide their own source of the code, but
- Is there any standard format of such packages (most likely containing also off-chain code) that could be loaded into wallets or other clients?
- Since the hash refers to a compiled version of the Validator, i.e. the Plutus Script code, how could users make sure that the binary is a result of compilation of the source the author publishes? Having the compilator and libraries being developed and optimized, it's almost sure the compilation results will vary over time, obviously changing the hash.