A Guide to Smart Contract Verification
Smart Contract verification is crucial for ensuring blockchain trustlessness and enabling essential developer tools. Discover some of the most important reasons to verify your contracts, where you can complete the process, and how Tenderly helps make it easier during development.
In this post
Trustlessness, transparency, and security are some of the core blockchain values often realized through Smart Contracts. But how can you be sure that the immutable pieces of code in charge of handling your assets across the chain are actually that – secure and transparent? Is trustlessness even possible if you have limited insight into the logic of a Smart Contract?
Not-so-unexpected spoiler alert: Contact verification is the solution. To support the core blockchain values and ensure contract integrity, engineers run their Smart Contracts through a verification process, usually on Etherscan.
Tenderly also allows you to verify contracts through a variety of methods. You can choose among no-code, low-code, and high-code approaches, each one bringing specific benefits and levels of involvement. Whether from the Dashboard, by using the Tenderly Hardhat plugin, or through the Tenderly CLI, you can verify your contract privately during development or publicly once it goes live.
You have numerous options at your fingertips, so let’s delve into the concept of verification, how it works, and what verification methods there are.
What does Smart Contract verification mean?
Smart Contract verification is the process of matching a Smart Contract’s source code to its on-chain bytecode. This involves the recompilation of a Smart Contract to verify that its source code has actually generated the bytecode deployed on-chain.
The process allows anyone interacting with a specific contract to be confident in its logic because they can double-check if the submitted source code is the same as the one executed at the contract address.
How does Smart Contract verification work?
Upon compiling your Solidity contract, the compiler generates executable bytecode and Application Binary Interface (ABI). The Ethereum Virtual Machine (EVM) executes the assembly instructions contained in the bytecode.
The process of compiling decouples source code from the bytecode deployed on the blockchain. So, when verifying a Smart Contract, Tenderly needs to connect the deployed bytecode back with the original source code. This is known as source mapping, the backbone of most Tenderly features.
To accomplish this, the algorithm recompiles the source code which then generates another instance of the bytecode. Then, Tenderly compares the newly generated bytecode to the one that’s live on-chain. If everything matches, the contract has been verified successfully.
Do you need to verify Smart Contracts?
There are several important reasons to verify your Smart Contracts:
- You provide additional transparency to the information flow and share the intentions of your Smart Contract.
- You enable projects relying on your Smart Contracts to have a clear insight into their source and, consequently, their behavior.
- Developers using your Smart Contract can take full advantage of tooling that relies on source code.
- You contribute to the trustlessness of the entire ecosystem.
- It enables numerous Tenderly features, including transaction decoding, Analytics, Alerting, Simulations, and Web3 Actions.
Where to verify your contracts
Different platforms are available for contract verification depending on your project requirements, development stage, and environment. Some of the popular options include the following:
- Etherscan is a blockchain explorer and analytics platform that enables users to verify their contracts. Once verified on Etherscan, Smart Contracts are marked as “verified” and displayed under “Verified Contracts” in the “Blockchain” tab.
- Tenderly offers several ways to verify Smart Contracts. It also supports contract development and quality assurance through specific approaches such as private verification.
Using verified contracts on Tenderly enables you to observe and monitor everything happening around your Smart Contracts. It allows for transaction decoding and provides information necessary for enabling Debugger, Alerting, Analytics, and other Tenderly features.
- Blockscout, Polygonscan, Snowtrace, and many other platforms are also available for Smart Contract verification, each one with its own set of functionalities.
How do you verify Smart Contracts on Etherscan?
Etherscan is the most common option for public Smart Contract verification upon or post-deployment. It enables users to verify their contracts via the website by following an intuitive UI. Etherscan offers an automated, programmatic approach to contract verification using the hardhat-etherscan plugin, as well.
Once a contract is verified on Etherscan, Tenderly automatically pulls this data using the Etherscan API. This makes the Smart Contract available for use and monitoring on Tenderly too, requiring no additional verification steps. Just add the verified contract to the platform and it’s ready to go.
What types of contract verification does Tenderly offer?
There are a few ways to verify your Smart Contracts with Tenderly depending on whether you’re verifying them programmatically or manually through the Dashboard. Based on the method you go with, you can enable seamless iterative contract development. For instance, choosing an automated approach will allow for verification repeatability, which becomes essential as your contracts evolve.
Nonetheless, it’s important to explore each method so you can decide which one might be the best fit for your project.
1. Tenderly Hardhat plugin
When using the Tenderly Hardhat plugin, you can choose between automatic and manual verification methods that offer different levels of complexity and user involvement.
While the automatic (no-code) approach to verification is seamless and happens automatically when deploying a new contract using Hardhat, the manual method is applicable when verifying previously deployed contracts. Additionally, manual verification may be necessary with complex deployments of Smart Contracts.
When it comes to the manual verification of Smart Contracts, you can go with a simple (low-code) or advanced (high-code) way to complete the process. Although both options offer greater control than automatic verification, there are slight differences:
- The low-code approach is suitable for verifying previously deployed contracts.
- The high-code option allows you to verify both new and previously deployed contracts in an unorthodox deployment setup.
2. Tenderly Dashboard
You can handle contract verification from the Tenderly Dashboard, following a few user-friendly steps.
This is a manual approach to contract verification that follows an intuitive flow. It can be useful in development stages where you don’t want to deploy your Smart Contracts right away.
It’s important to note that this approach doesn’t support automated verification. So, you should consider exploring other Tenderly methods if you’d like to automate this part of the process.
3. Tenderly CLI
Using the Tenderly CLI is another way to automate the deployment and verification of your Smart Contracts. To verify and upload your contracts to Tenderly, you need to call the verify command.
This option enables the repeatability of deployment and verification on different networks. This way, Tenderly supports the evolution of your Smart Contracts as you continue to develop them.
Private vs. public contract verification
You can opt for public or private contract verification, depending on whether you want to share your contracts with others outside your Tenderly project:
- Verify your contract publicly and share it with other Tenderly users.
- Verify your contract privately within your project and share it with your team.
Should you pick public or private verification?
Among Tenderly users, it’s a common practice to go with private verification during development as it allows you to work on and fine-tune your contract in an isolated environment. You can use different tools to try out and optimize your contract in the privacy of your project while it’s still in the development phase.
Once you’re confident in your contract and comfortable with sharing it with other Tenderly users, you can make it public. This gives you an opportunity to work on your Smart Contract at your own pace and share it with the world when it’s ready.
After making your contract public, developers who use it as a third-party contract will be able to see how it contributed to their transactions. You can even share a Sandbox demonstration of how to integrate with your contract.
Last but definitely not least, if your users’ transactions get reverted because they violate the constraints and rules of your Smart Contract, they’ll have all the tooling necessary to understand why, adjust the transactions, and even simulate them before actually retrying.
This way, Tenderly helps you establish a strong development and quality assurance process. You get to work on your contract, try it out, and identify potential issues that may leave it vulnerable to exploits before making it public. It also allows your users to interact with your contract in an effective way.
Verify contracts & support blockchain transparency
Contract verification is an essential and natural part of the development process. It contributes to blockchain trustlessness, security, and decentralization by making contracts verifiable and accessible to everyone.
To ensure the seamlessness of verification, the ecosystem offers numerous options, ranging from no-code to high-code solutions. While Etherscan is the industry standard for public verification, Tenderly offers several modes and methods, bringing privacy during development, automation of the process, and availability of essential development tools.
Ultimately, the method you choose should suit your individual project and its purpose. But no matter the method you pick, the goal of everyone involved is the same: complete transparency and information-sharing.