Contract Verification
Sourcify is the preferred service for the verification of smart
contracts deployed on Sapphire. Make sure you have
the address of each deployed contract available (your deployment scripts
should report those) and the contracts JSON metadata file generated when
compiling contracts (Hardhat stores it inside the artifacts/build-info
folder
and names it as a 32-digit hex number). If your project contains multiple
contracts, you will need to verify each contract separately.
Do not deploy your contract with an encrypted contract deployment transaction,
if you want to verify it. For example, if your hardhat.config.ts
or deployment script contains import '@oasisprotocol/sapphire-hardhat'
or
import '@oasisprotocol/sapphire-paratime'
lines at the beginning, you should
comment those out for the deployment.
Verification services will try to match the contract deployment transaction code
with the one in the provided contract's metadata and since the transaction was
encrypted with an ephemeral ParaTime key, the verification service will not be
able to decrypt it. Some services may extract the contract's bytecode from the
chain directly by calling eth_getCode
RPC, but this will not work correctly
for contracts with immutable variables.
To verify a contract deployed on Sapphire Mainnet or Testnet:
-
Visit the Sourcify website and hit the "VERIFY CONTRACT" button.
-
Upload the contracts JSON metadata file.
Store your metadata filesFor production deployments, it is generally a good idea to archive your contract metadata JSON file since it is not only useful for the verification, but contains a copy of all the source files, produced bytecode, an ABI, compiler and other relevant contract-related settings that may be useful in the future. Sourcify will store the metadata file for you and will even make it available via IPFS, but it is still a good idea to store it yourself.
-
Sourcify will decode the metadata and prepare a list of included contracts on the right. Enter the address of the specific contract and select the "Oasis Sapphire" or "Oasis Sapphire Testnet" chain for Mainnet or Testnet accordingly. If your contract assigns any immutable variables in the constructor, you will also need to correctly fill those out under the "More Inputs (optional)" panel. Finally, click on the "Verify" button.
-
If everything goes well, you will get a Perfect match notice and your contract is now verified. Congratulations!
In case of a Partial match, the contracts metadata JSON differs from the one
used for deployment although the compiled contract bytecode matched. Make sure
the source code .sol
file of the contract is the same as the one used during the
deployment (including the comments, variable names and source code file
names) and use the same version of Hardhat and solc compiler.
You can also explore other verification methods on Sourcify by reading the official Sourcify contract verification instructions.