How to Verify a Smart Contract on HashScan
How to verify a smart contract using the HashScan Smart Contract Verification tool.
Last updated
How to verify a smart contract using the HashScan Smart Contract Verification tool.
Last updated
Verifying smart contracts helps ensure the deployed bytecode matches the expected source files. HashScan Smart Contract Verifier is a tool that simplifies this process. This guide will walk through the basic steps of smart contract verification using the HashScan Smart Contract Verifier tool.
📣 Note: This is an initial release. API functionalities will see enhancements in upcoming updates of the https://github.com/hashgraph/hedera-sourcify repository.
Solidity source code file of the deployed smart contract.
Solidity JSON (metadata) file of the deployed smart contract.
EVM address of the smart contract deployed on the Hedera network.
Open a web browser and navigate to HashScan. Make sure you are on the correct Hedera network (Mainnet, Testnet, or Previewnet), and search for the deployed contract address in the search bar at the top of the page. In the Contract Bytecode section click on Verify Contract. The source code file importer popup window will open.
Add your Solidity source code files in the source file importer popup. Source files include the smart contract (.sol
) source code file and metadata (.json
) file. The metadata file can be found in the artifacts/
directory of your smart contract project and its name correlates with the smart contract. For example, the metadata for the HelloHedera.sol
contract would be called HelloHedera.json
.
After importing the source files, if you get the "Contract <contract name> is ready to be verified" message, click VERIFY to initiate the verification process. Sourcify will then compare the deployed contract bytecode to the source files you imported in the previous step.
If your verification is successful, the verifier will return either a Full Match or Partial Match status. Let's review each verification status and what they mean:
Full Match: Indicates the bytecode is a full (perfect) match, including all the metadata. The contract source code and metadata settings are identical to the deployed version.
Partial Match: Indicates the bytecode mostly (partially) matches with the deployed contract, except for the metadata hash like comments or variable names. It is usually sufficient for most verification purposes.
To learn more about each verification match status, head over to the official Sourcify documentation here.
To view the verified contract repository, click View Contract Sources in the Contract Bytecode section on HashScan. This will open a verified contract repository search page window.
A summary of your contract's verification details will be displayed in the new window. Verification details include the contract address, source code files, match type, chain ID, metadata, and an option to open the repository in Remix.
To be directed to the Sourcify Contract Repository search page, click on ⬅ 296
.
Congratulations! 🎉 You have successfully learned how to verify a smart contract. Feel free to reach out on Discord if you have any questions!
If you change your contract or want to upgrade your contract from a Partial Match to a Full Match, there are two options for re-verification:
Head to the smart contract verifier page and import your new updated source files.
Enter the smart contract address and chain, then click Verify.
Revisit Step 1 and use the Re-verify Contract flow. Then proceed to Steps 2 through 5.
➡ Smart Contract Verifier Page
➡ Verified Contract Repository
➡ Smart Contract Documentation