Comment on page

How to Verify a Smart Contract on HashScan

How to verify a smart contract using the HashScan Smart Contract Verification tool.

Verifying smart contracts helps ensure the deployed bytecode matches the expected source files. HashScan Smart Contract Verifier is a tool that simplifies this process. This guide will walk through the basic steps of smart contract verification using the HashScan Smart Contract Verifier tool. 
Smart Contract Verification Flow
📣 Note: This is an initial release. API functionalities will see enhancements in upcoming updates of the https://github.com/hashgraph/hedera-sourcify repository.
Prerequisites 
Solidity source code file of the deployed smart contract.
Solidity JSON (metadata) file of the deployed smart contract.
EVM address of the smart contract deployed on the Hedera network.
Table of Contents
1.​Find the Contract​
2.​Import Source Files​
3.​Verify Contract​
4.​Verification Match​
5.​View Verified Contract​
6.​Re-Verify Smart Contract​
7.​Additional Resources​
Step 1: Find the Contract on HashScan
Open a web browser and navigate to HashScan. Make sure you are on the correct Hedera network (Mainnet, Testnet, or Previewnet), and search for the deployed contract address in the search bar at the top of the page. In the Contract Bytecode section click on Verify Contract. The source code file importer popup window will open.
Step 2: Import Source Files
Add your Solidity source code files in the source file importer popup. Source files include the smart contract (.sol) source code file and metadata (.json ) file. The metadata file can be found in the artifacts/ directory of your smart contract project and its name correlates with the smart contract. For example, the metadata for the HelloHedera.sol contract would be called HelloHedera.json.
HashScan Verification Source File Importer Popup
📣 Different compiling tools require specific verification source files. Here's a brief outline of what is needed for popular tools: 
1.Remix:
Required for Full Match Verification: Both the metadata file found in the contracts/artifacts/ folder and the smart contract's Solidity file. More details here. 
2.Hardhat:
Required for Full Match Verification: Only the output of the compilation JSON file found in the /artifacts/build-info/ folder. More details here.
3.Solidity Compiler (solc): 
Required for Full Match Verification: Both the metadata file (generated by solc --metadata) and the smart contract's Solidity file. More details here. 
4.Foundry:
Required for Full Match Verification: Both the metadata file (generated by forge-build) and the smart contract's Solidity file. 
Note: Uploading only the Solidity file without the metadata file will result in a Partial Match.
Step 3: Verify Contract
After importing the source files, if you get the "Contract <contract name> is ready to be verified" message, click VERIFY to initiate the verification process. Sourcify will then compare the deployed contract bytecode to the source files you imported in the previous step.
Step 4: Verification Match
If your verification is successful, the verifier will return either a Full Match or Partial Match status. Let's review each verification status and what they mean:
Full Match: Indicates the bytecode is a full (perfect) match, including all the metadata. The contract source code and metadata settings are identical to the deployed version.
Partial Match: Indicates the bytecode mostly (partially) matches with the deployed contract, except for the metadata hash like comments or variable names. It is usually sufficient for most verification purposes.
To learn more about each verification match status, head over to the official Sourcify documentation here. 
Step 5: View Verified Contract
To view the verified contract repository, click View Contract Sources in the Contract Bytecode section on HashScan. This will open a verified contract repository search page window.
A summary of your contract's verification details will be displayed in the new window. Verification details include the contract address, source code files, match type, chain ID, metadata, and an option to open the repository in Remix. 
Verified contract repository
To be directed to the Sourcify Contract Repository search page, click on ⬅ 296.
Sourcify Contract Repository search page
Congratulations! 🎉 You have successfully learned how to verify a smart contract.  Feel free to reach out on Discord if you have any questions!
Step 6: Re-Verify Smart Contract
If you change your contract or want to upgrade your contract from a Partial Match to a Full Match, there are two options for re-verification:
Option 1
Head to the smart contract verifier page and import your new updated source files.
Enter the smart contract address and chain, then click Verify.
Option 2
Revisit Step 1 and use the Re-verify Contract flow. Then proceed to Steps 2 through 5.
Additional Resources
➡ HashScan Network Explorer​
➡ Smart Contract Verifier Page​
➡ Verified Contract Repository 
➡ Sourcify Documentation​
➡ Smart Contract Documentation​
Writer: Krystal, Technical Writer
​GitHub | Hashnode​
Editor: Nana, Sr. Software Manager
​GitHub | LinkedIn​
Editor: Ed, DevRel Engineer
​GitHub | LinkedIn​
Editor: Logan, Software Engineer (Intern)
​GitHub | LinkedIn​

Smart Contracts

Deploy a Smart Contract Using Remix

Last modified 17d ago