No gatekeeper — anyone can post. But a launch must prove it owns the contracts it claims, so no one can hijack a popular app's address to inflate a score. Hijacking is hard; honest submission is one signature.
Sign a challenge with the address that deployed the contract. The deployer is public on-chain — no DNS, no trust.
For factory- or proxy-deployed contracts, a signature from the on-chain owner/admin role.
Prove control of the app's domain via DNS TXT — and that domain must publicly list the contract addresses.