I propose to put up a development bounty for a NMControl module/plugin/whatever that implements an "SPV client" - i. e., is able to connect to the P2P network and determine the longest chain with verified proof-of-work. This can then be used as a basis for "safer" API queries, e. g. by verifying the Merkle branch of returned name_update transactions and, in the future, the UNO commitment. (These could be separate bounties added on top.) In particular, I suggest that the following tasks must be fulfilled:
- Ideally implemented in Python, should at least be easily added to NMControl. The user must be able to turn the new functionality on by something simple and without much configuration, like just adding a command-line flag to nmcontrol.
- The code must be released under a free license and, in particular, be compatible with NMControl's licensing.
- Discovery of new peers from the existing DNS seeds.
- Handshake with nodes, including not setting the "network" service bit.
- Exchange of node IPs so that more peers can be discovered without the DNS seeds. These should be saved locally to avoid the DNS seeds in the future, like the core client does.
- Client must sync and stay up-to-date with respect to all block headers seen on the network, and be able to verify proof-of-work (including auxpow) to determine the longest chain.
- For these block headers (and blocks), the client must be able to find basic information. In particular, at least the Merkle root hash and the coinbase tx. (The latter is not part of the block header and should be queried from the network (at least on demand), including verification of its Merkle branch.)
- It must be possible to configure the client to do everything over Tor.