The deployed version of BTC Relay is from commit 41753486b770665319f39da55676732b11af40fe
The main steps to verifying the source code are:
1) compile code to the evm (bytecode)
2) compare the evm against the data used in the contract creation transaction
serpent compile btcBulkStoreHeaders.se > compiled.evm
Here's how to use Geth console to obtain the evm. The receipt is used to guarantee that the tx hash provided is the one that created the BTC Relay contract (see contractAddress property of the receipt).
> tx='0xa51ce97bd9a1e7be15c0e7bd2782967239cb9bc015c6088c37cc8931c8283f17' > objTx = eth.getTransaction(tx) > objTx.input
Compare objTx.input with the contents of compiled.evm and you will see that they match identically (except for 0x at the front of objTx.input)
The version of the Serpent compiler used is commit 51ee60857fe53c871fa916ef66fc1b4255bb9433
BTC RELAY IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.