<aside> ➡️

NOTE: Hackers building on Swarm get free gift codes to start using the network immediately — no tokens or setup costs. Pick up your code from our mentor Áron Soós.

</aside>

Bounty 1: Verified Fetch — Trust No Gateway

Description

Build a JavaScript/TypeScript library that lets any app download data from Swarm gateway and prove it's correct — without running a full node.

Right now, downloading from Swarm without your own node means trusting a public gateway. For a network built on trustlessness, that's a gap. This library closes it: fetch from any gateway, verify client-side by recomputing the content hash — the same way a Bee node does internally, as a standalone package any developer can drop into their project. IPFS already has this (helia-verified-fetch). Swarm needs its own.

Every file on Swarm is split into small chunks. Each chunk's address is its hash — so to verify it, you just recompute the hash and check if it matches. For mutable data (feeds), you verify the Ethereum signature instead. Download, hash, compare.

What is required to complete this bounty?

• Fetch and verify data from any Swarm gateway
• Support both immutable data (files) and mutable data (feeds)
  • Immutable data: verify using CAC + BMT per Swarm chunking; for multi-chunk content, recompute the same structure Bee would use — document any intentional scope limits (e.g. single-chunk blobs vs. full files)
  • Feeds: verify feed updates (SOC / feed payload path) in line with Swarm's feed format
• Simple, familiar API
• Works in browsers and Node.js
• Clean docs and tests

What are examples of use cases you are looking to solve?

• Browser-based dApps that read from Swarm without running a node — and can prove the data hasn't been tampered with
• Mobile apps that need lightweight, trustless access to Swarm content
• Any application that wants to use public gateways without trusting them

What are the UX, Privacy, other requirements?

• The API should feel familiar to anyone who's used fetch() — minimal learning curve
• No private keys or wallets required for reading/verifying data