Project Independence — Trust nothing. Verify everything.

Two ways to run it

Desktop for the full guarantee.
Browser for everywhere else.

Same app, same code, one honest difference: who you trust for chain state.

Full trust model

Desktop app

The whole pitch, uncompromised: an embedded Helios light client proves every chain read against Ethereum consensus, and a Ledger signs on-device through a dedicated Rust worker. Build it from the source.

Your RPC = your trust anchor

Web app — explorer.sourcify.app

Runs entirely in your browser, on any EVM chain you add. No light client here — chain reads come from an RPC endpoint you configure, so they're only as trustworthy as that endpoint (point it at your own node to close the gap). Source re-verification, clear signing and the local-EVM simulation still run locally in the browser; signing goes through your browser wallet.

Manifesto

Every fact on screen.
Proven on your machine.

Ethereum’s base layer is one of the most decentralized systems ever built. The way we use it is not.

We read the chain through someone else’s RPC and call it truth. We trust a block explorer’s “verified” badge instead of the code. We sign bytes our wallets can’t explain, previewed by simulation services we’ve never audited.

Every one of those conveniences quietly re-introduces the middlemen Ethereum was built to remove. Decentralization you don’t verify is a promise, not a property.

Project Independence is an experiment in removing the asterisk: every security-relevant fact on screen — state, source, meaning, effect — is verified on your machine, or explicitly labeled as unverified.

Don’t trust. Verify. Locally.

Features

Everything verified.
Nothing assumed.

Six pieces, one rule: if the UI asserts it, your machine proved it.

Helios light client

Every chain read is checked against Ethereum consensus — BLS-verified checkpoints, Merkle-proven state. The RPC is just a courier; it can’t lie to you. Desktop app only — the web version reads through an RPC you choose.

Local source verification

Sources arrive from Sourcify untrusted, get recompiled in-app (lib-sourcify + web-solc), and must match the on-chain bytecode Helios verified. The ABI you interact with comes from your compile.

ERC-7730 clear signing

Descriptor-driven forms and previews: “Allow to spend 1.5 stETH”, not 0x095ea7b3…. Coverage badges before you build, a full human-readable preview before you sign.

Trustless simulation

Transactions run in a local EVM whose every state read is fetched through Helios. Decoded events, balance diffs and storage changes with real variable names — no third-party simulator.

ENS, verified

Type vitalik.eth anywhere an address goes. Resolution is an eth_call through the light client — not an indexer’s answer. Plus a local address book that never leaves your device.

Hardware signing

A connected Ledger is read-only until the moment you sign. Keys never touch the app; transactions are assembled from Helios data and signed on-device. On the web, your browser wallet signs instead.

Gallery

See it prove itself.

Real screenshots, real mainnet contracts, zero mock data.

The gate

Contracts open only after proof.

There is no “verified” badge to take on faith. Helios syncs to consensus, sources download from Sourcify (untrusted), solc compiles them inside the app, and the recompiled bytecode is compared against the on-chain code Helios proved.

Proxies and diamonds don’t get a pass — implementations and every facet go through the same gate before a single function renders.

The verification gate mid-run on Aave V3 Pool: Helios sync, download sources and compile locally done; compare bytecode in progress — Aave V3 Pool, caught mid-verification. Blink and you’ll miss it — it’s usually over in seconds.

Two views

An explorer when you read.
A clear-signing form when you act.

The classic block-explorer view is all here — every read and write method of the locally-verified ABI.

But when a contract ships an ERC-7730 descriptor, it becomes something better: a form that speaks the descriptor’s language. “Approve stETH” instead of a selector, token amounts in token units, and an Unlimited button that means exactly what the registry says it means.

ENS names resolved through Helios as you type
Token decimals read on-chain — never trusted from the registry
ETH / Gwei / wei units for payable values
Dates, durations and enums as real controls

Descriptor-driven clear-signing form for Approve stETH with an ENS-resolved spender and an amount in stETH units — The clear-signing view: descriptor labels, verified units, honest hints.

The classic explorer view: read and write method grids from the locally recompiled ABI — The classic view: Read (50) | Write (32), from *your* compile.

Field intelligence

Fields that know what they hold.

Every input is driven by the ERC-7730 field format. Address fields take ENS names and resolve them through the light client. Token amounts fetch the ticker and decimals from the chain itself — so a malicious descriptor can’t skew what you encode.

An address field with vitalik.eth resolved to its address, marked ENS Helios-verified — `vitalik.eth` → resolved & verified through Helios.

A token amount field showing 1.5 with the stETH unit, an Unlimited button and the raw units conversion — 1.5 stETH — decimals read on-chain, raw units always shown.

Simulation

Know what happens
before you sign.

One Build gives you three independent answers:

Meaning — the ERC-7730 preview: “Allow to spend 1.5 stETH”
Outcome — a dry-run via Helios eth_call: would it succeed?
Effects — a local EVM replays the tx over Helios-verified state: decoded events and storage diffs, by name

Lido.allowance[you][spender]: 0 → 1500000000000000000 — that line was computed on your machine, from consensus-proven state, with slot names from the bytecode-matched compile.

Simulated effects panel: the Approval event and the named storage change Lido.allowance going from 0 to 1.5e18, all verified locally — Events + named storage changes from the local EVM. Every touched contract re-verified before labeling.

Sources

Sources, proven.
Not promised.

The Sources tab shows what your machine actually verified: a perfect runtime match, the exact compiler and settings, and all 37 files of Lido’s code — from the same compile that matched the on-chain bytecode.

If it can’t be verified, it doesn’t render. Unverifiable proxy implementations are hidden; unverifiable simulation labels are flagged, never guessed.

The Sources tab for Lido: perfect runtime match, Solidity 0.4.24, optimizer on, 37 verified files with code expanded — Lido on mainnet: `runtime: perfect` · solc 0.4.24 · 37 files, verified locally.

Trust model

Downloaded ≠ trusted.

Data can come from anywhere. Facts are established locally.

Your app

React WebView · Tauri (Rust)

→

127.0.0.1 proxy

local CORS shim

→

Helios

embedded light client

→

Consensus + execution RPC

BLS-verified · Merkle proofs

Sourcify and the ERC-7730 registry are fetched over HTTPS as untrusted input — then recompiled, byte-compared and re-derived until they become locally verified facts. The Ledger talks to a dedicated Rust worker; private keys never exist in the app.

In the web app, the proxy + Helios stages are replaced by an RPC endpoint you configure — the rest of the pipeline runs unchanged, in your browser.

The difference

Same chain.
Different trust.

A typical explorer / wallet

Project Independence

Chain state

Whatever their RPC returns

Helios light client — consensus-verified, Merkle-proven

Contract source

A “verified” badge on someone’s server

Recompiled on your machine, byte-compared to verified code

The ABI you call

Served by an API

Output of your own local compilation

What you sign

Raw calldata hex

ERC-7730 clear-signing form + human-readable preview

Simulation

A third-party simulation service

Local EVM over Helios-verified state, named storage diffs

Your keys

Browser-extension hot wallet

Ledger hardware signing via a dedicated Rust worker

The table describes the desktop app. The web app keeps every row except two: chain state comes from an RPC you choose, and signing from your browser wallet.

Trust nothing.
Verify everything.

Desktop for the full guarantee.
Browser for everywhere else.

Desktop app

Web app — explorer.sourcify.app

Every fact on screen.
Proven on your machine.

Everything verified.
Nothing assumed.

Helios light client

Local source verification

ERC-7730 clear signing

Trustless simulation

ENS, verified

Hardware signing

See it prove itself.

Contracts open only after proof.

An explorer when you read.
A clear-signing form when you act.

Fields that know what they hold.

Know what happens
before you sign.

Sources, proven.
Not promised.

Downloaded ≠ trusted.

Same chain.
Different trust.

Standing on rigorous shoulders.

Run it. Verify it.
Break it.

Desktop for the full guarantee.Browser for everywhere else.

Desktop app

Web app — explorer.sourcify.app

Every fact on screen.Proven on your machine.

Everything verified.Nothing assumed.

Helios light client

Local source verification

ERC-7730 clear signing

Trustless simulation

ENS, verified

Hardware signing

See it prove itself.

Contracts open only after proof.

An explorer when you read.A clear-signing form when you act.

Fields that know what they hold.

Know what happensbefore you sign.

Sources, proven.Not promised.

Downloaded ≠ trusted.

Same chain.Different trust.

Standing on rigorous shoulders.

Run it. Verify it.Break it.

Desktop for the full guarantee.
Browser for everywhere else.

Every fact on screen.
Proven on your machine.

Everything verified.
Nothing assumed.

An explorer when you read.
A clear-signing form when you act.

Know what happens
before you sign.

Sources, proven.
Not promised.

Same chain.
Different trust.

Run it. Verify it.
Break it.