• The presentation focuses on the technical aspects of the protocol
• The structure of the presentation is announced and graphically visible
• The presentation contains valuable and readable code snippets
• The presentation contains a reflective part
• There is one good slide positioning the presentation in the state of the art
• The last slide contains a good and concise take-home message
• The speakers engage with the audience
• The speakers are fun, have humour or the protocol contains an Easter egg
• The slides do not have too much text

Project Overview

Problem Space

The goal is to increase salary transparency between employees and the employer. If all financial details regarding salaries are disclosed by the employer monthly, the employees have the opportunity to address details that they deem unfair. Ensuring a fair and transparent salary system can be critical for the longevity of a company as employees can feel correctly compensated. The benefits for the employer are, hopefully, trust from the employees, which can increase loyalty to the company, which is key in a competitive industry. Companies telling their employees to not disclose their salary is not unheard of, which is what motivated this idea as the employees will not only be able to validate that their salary is correct and gain data regarding the salaries of the other employees for future salary interviews.

Scenario: Monthly/bi-monthly/recurring submission of employee salaries.
Who: Employer

Key questions:

• Format to submit
• Anonymous submissions linked to employees

step 1 -> ..

Employee struct:
Implement more information (gender and other potentially relevant information)

Less gas:
Don't write; RegistryRight storage r = registryRights[companyKey];
Instead, use registryRights[companyKey] on each r-invokation.
Implement this for all cases where this is relevant.

From #1

• Protocol is deployed on mainnet and IPFS

New Protocol Design

After consulting with Mojtaba, we have decided to change the design of the protocol. To enhance privacy without involving zk solutions (which Mojtaba through would be a whole another project), we will move the view from one company and individual "comparison" of salaries within the company, to a more sector-wide view. In this model, a company submits its data, and an assumption is that this data is already "verified".

We will use two contracts for this:

Company contract

• The contract owner is the person who created it using company factory contract.

• Modifies the company's list of employees, including their digital wallet, title and salary (add, remove, contains)

• Allows employees to verify the authenticity of their stated salary

• Functionality of the company contract:

1. Add, remove and update employee data
2. Verify the salary
3. A lookup function:
   a. Query digital wallet
   b. Returns Title, Salary and if salary is verified by employee.

Company factory contract

• Built on Company Contract
• Creates a company contract, tied to the wallet of the person who invokes it
• Can be used to query other contracts to get details about salaries
• Requirements for creating a company contract:

1. Digital Wallet to connect the company to
2. Writing what sector the company operates in

• Functionality of the company factory contract:

1. Company Contract creation
2. Storing companies based on sector
3. Allowing queries for look-ups
   a. Specific companies in a sector
   b. Bigger picture queries (average salary of the sector)
4. See total number of verified salaries for specific companies and the entire sector.

• Changes to contracts
  • Company
    • Average salary functionality
    • How to interact with it
    • Read in several employee data at once
  • CompanyFactory
    • remove/update stuff
• Finish chai tests
  • Company
  • CompanyFactory
• Implement access control using Openzeppelin
• Bonus: some front end

Reporting salaries

We want to display salaries, and when a salary is updated or added it should be reflected in the state of the contract.

Q: How should the salaries be added? How do we know this is correct?
In the real world, a salary is set when you sign a contract between the employer and the employee. Perhaps we should adopt this approach on the blockchain as well, with contracts for an employment being signed on-chain.

An idea is to use Echidna or Mythrill
From #1

• Bonus: Fuzzing/symbolic execution: the protocol has a harness for fuzzing or symbolic execution

From #1

• Bonus: the protocol contains user interface application

• Average salary functionality
• Streamline entity interaction flow
• Add several employees at once

Ensure that both contracts have 100%-statement coverage.

Static Analysis

2023-12-14 using slither.
pip3 install slither-analyzer
slither .

• Contract locking ether found:
  Contract Company (contracts/Company.sol#12-154) has payable functions:
  - Company.constructor(address,string,string) (contracts/Company.sol#50-58)
  But does not have a function to withdraw the ether

• Contract locking ether found:´
  Contract CompanyFactory (contracts/CompanyFactory.sol#7-185) has payable functions:
  - CompanyFactory.constructor() (contracts/CompanyFactory.sol#41-43)
  But does not have a function to withdraw the ether

• Company.constructor(address,string,string)._companyKey (contracts/Company.sol#51) lacks a zero-check on :
  - companyKey = _companyKey (contracts/Company.sol#55)
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation

• CompanyFactory.getAverageSalaryInSector(string) (contracts/CompanyFactory.sol#165-184) has external calls inside a loop: totalSalaries += company.getAverageSalary() * company.totalEmployees() (contracts/CompanyFactory.sol#173-175)

• CompanyFactory.getAverageSalaryInSector(string) (contracts/CompanyFactory.sol#165-184) has external calls inside a loop: totalEmployees += company.totalEmployees() (contracts/CompanyFactory.sol#176)
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop

• Pragma version>=0.5.0<0.9.0 (contracts/Company.sol#2) is too complex

• Pragma version>=0.5.0<0.9.0 (contracts/CompanyFactory.sol#2) is too complex
  solc-0.8.19 is not recommended for deployment
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

• Parameter Company.addEmployee(address,string,uint256)._title (contracts/Company.sol#64) is not in mixedCase

• Parameter Company.addEmployee(address,string,uint256)._salary (contracts/Company.sol#65) is not in mixedCase

• Parameter CompanyFactory.grantRegistryRight(address,string,string)._companyName (contracts/CompanyFactory.sol#49) is not in mixedCase

• Parameter CompanyFactory.grantRegistryRight(address,string,string)._sector (contracts/CompanyFactory.sol#50) is not in mixedCase
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

• Company.companyKey (contracts/Company.sol#14) should be immutable

• CompanyFactory.owner (contracts/CompanyFactory.sol#9) should be immutable
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable

INFO:Slither:. analyzed (2 contracts with 93 detectors), 14 result(s) found

Testing using chai.

From #1

• The protocol can be automatically executed from a test suite
• 100% test coverage

Basics 😎

• Deploying locally in hardhat and interacting through the console - Openzeppelin
• Tests with chai - Openzeppelin
• Connecting to a test network - Openzeppelin

• Defining ABI (ref)

// ethers.js example
abi = [
  "function decimals() view returns (string)",
  "function symbol() view returns (string)",
  "function balanceOf(address addr) view returns (uint)"
]

// Create a contract
contract = new Contract("dai.tokens.ethers.eth", abi, provider)

From #1

• The usage of the protocol is well documented
• The README gives enough background
• The protocol is clearly motivated
• The README discusses closely related work

1. A contract is agreed on off-chain, retrieved from an API on-chain, and signed there. This verifies the salary. Salary can after that be displayed. Issue: Anonimity
2. Just report a salary and verify. Issue: Adds another step to signing a contract, seems unnecessary if contract can be signed on chain per default.
3. The Employer proposes some salary for some employee, on chain. Employee accepts this on chain. Retrieve info of employee based on public key via API. Issue: what does the employee really sign if they are not signing the contract itself. Alternative: whole contract goes in a transaction, issue: too much data -> ipfs.

Make the contract upgradable

Mandatory

• The protocol is hosted on GitHub, publicly available.
• The GitHub repository must have a root README file.
• The protocol can be automatically executed from a test suite
• The usage of the protocol is well documented
• The length of the presentation is 15 minutes (hard limit)

Optional

Need 9 checked to pass.

Protocol and Documentation

• The protocol is clearly motivated
• The README gives enough background
• The protocol is original & the README discusses closely related work

Presentation

• The presentation focuses on the technical aspects of the protocol
• The structure of the presentation is announced and graphically visible
• The presentation contains valuable and readable code snippets
• The presentation contains a reflective part
• There is one good slide positioning the presentation in the state of the art
• The last slide contains a good and concise take-home message
• The speakers engage with the audience
• The speakers are fun, have humour or the protocol contains an Easter egg
• The slides do not have too much text

Bonus

• Bonus: Verification beyond testing (mutation testing with Gambit, formal verification)
• Bonus: The protocol has 100% statement coverage <-- statement coverage via hardhat
• Bonus: Fuzzing/symbolic execution: the protocol has a harness for fuzzing or symbolic execution <-- Echidna
• Bonus: Protocol is deployed on mainnet and IPFS
• Bonus the protocol contains user interface application <-- with react/or template stuff