search

OpenZeppelin / openzeppelin-sdk

OpenZeppelin SDK repository for CLI and upgrades.js. No longer actively developed.
MIT License
431 stars 200 forks source link

Different from #1183 npx oz verify` Error while trying to verify contract: Fail - Unable to verify #1556

Open EndOfMaster opened 4 years ago

EndOfMaster commented 4 years ago

Unable to verify using OpenZeppelin SDK. npx oz verify results in the following error:

Error while trying to verify contract: Fail - Unable to verify

OpenZeppelin CLI Version 2.5.2

$ npx oz --version
2.8.2

Verify to Etherscan on Ropsten

  % npx oz verify -v
? Pick a network ropsten
? Was your contract compiled with optimizations enabled? No
? Choose a remote endpoint etherscan
? Enter your Etherscan API key (get one at https://etherscan.io/myapikey) UWARD6FWG5QPPQEY5AXN7G99F289AXYT1N
? Pick a contract to verify Agic
[2020-06-17T11:37:19.129Z@NetworkController.js#verifyAndPublishContract] <started> Verifying and publishing contract source code of Agic on etherscan (this usually takes under 30 seconds)
[2020-06-17T11:37:43.940Z@errors.js#call] <started> Error: Error while trying to verify contract: Fail - Unable to verify
    at /usr/local/lib/node_modules/@openzeppelin/cli/lib/models/Verifier.js:116:19
    at Generator.throw (<anonymous>)
    at rejected (/usr/local/lib/node_modules/@openzeppelin/cli/lib/models/Verifier.js:6:65)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

ropsten.json

"proxies": {
    "Agic/Agic": [
      {
        "address": "0xb7Ea20f2804D25B97014CEB5D865Edc8D7059da5",
        "version": "1.0.0",
        "implementation": "0xB1Adb695BB72D86B790c49738287F57F489EbcCc",
        "admin": "0xDc46DD6DaD08f0Be47C474cFE2b82dE1200DFFd2",
        "kind": "Upgradeable"
      }
    ]
  },

project.json

{
  "manifestVersion": "2.2",
  "contracts": {
    "Agic": "Agic"
  },
  "dependencies": {},
  "name": "Agic",
  "version": "1.0.0",
  "compiler": {
    "compilerSettings": {
      "optimizer": {
        "enabled": false,
        "runs": "200"
      }
    },
    "typechain": {
      "enabled": false
    },
    "manager": "truffle",
    "artifactsDir": "build/contracts",
    "contractsDir": "contracts"
  },
  "telemetryOptIn": true
}
abcoathup commented 4 years ago

Hi @EndOfMaster ! I’m sorry that you had this issue. We would need more information so that we can reproduce it.

Can you provide the Solidity and EVM versions you are using and a link to your contract or repository?

I also noticed that you included an Etherscan API key in the text of the issue. I recommend disabling this API key to prevent any misuse.

EndOfMaster commented 4 years ago

Hi @abcoathup .

truffle-config.js

// Configure your compilers
    compilers: {
        solc: {
            version: "0.6.8",    // Fetch exact version from solc-bin (default: truffle's version)
            // docker: true,        // Use "0.5.1" you've installed locally with docker (default: false)
            settings: {          // See the solidity docs for advice about optimization and evmVersion
             optimizer: {
               enabled: true,
               runs: 200
             },
            evmVersion: "byzantium"
            }
        }
    }
abcoathup commented 4 years ago

Hi @EndOfMaster ,

We have been able to reproduce this issue by following these steps:

Using the Box.sol contract

Compile with solc 0.6.8 and target EVM istanbul

$ npx oz compile --solc-version 0.6.8 --evm-version istanbul
✓ Compiled contracts with solc 0.6.8 (commit.0bbfe453)

Deploy to a public testnet

$ npx oz deploy
Nothing to compile, all contracts are up to date.
? Choose the kind of deployment upgradeable
? Pick a network rinkeby
? Pick a contract to deploy Box
✓ Added contract Box
✓ Contract Box deployed
All implementations have been deployed
? Call a function to initialize the instance after creating it? No
✓ Setting everything up to create contract instances
✓ Instance created at 0x17d4CD1D87e38FcFd79d69fb5AFdCA61888D03C4
To upgrade this instance run 'oz upgrade'
0x17d4CD1D87e38FcFd79d69fb5AFdCA61888D03C4

Verify on Etherscan fails

$ npx oz verify
? Pick a network rinkeby
? Was your contract compiled with optimizations enabled? No
? Choose a remote endpoint etherscan
? Enter your Etherscan API key (get one at https://etherscan.io/myapikey) ZZZ_APIKEY_ZZZ
? Pick a contract to verify Box
✖ Verifying and publishing contract source code of Box on etherscan (this usually takes under 30 seconds)
Error while trying to verify contract: Fail - Unable to verify

The project owner will review and triage this issue as soon as they can. In the meantime, you can try the following workaround:

You are currently using the non-default EVM version of byzantium.
The default for 0.6.8 is istanbul
See the Solidity documentation for details: https://solidity.readthedocs.io/en/v0.6.8/using-the-compiler.html#target-options

My understanding is that the EVM version wasn't originally part of the Etherscan API.

If you can recompile using istanbul then you can verify using the CLI.
Alternatively you can manually verify using Etherscan website.

$ npx oz compile --solc-version 0.6.8 --evm-version istanbul
✓ Compiled contracts with solc 0.6.8 (commit.0bbfe453)
$ npx oz deploy
Nothing to compile, all contracts are up to date.
? Choose the kind of deployment upgradeable
? Pick a network rinkeby
? Pick a contract to deploy Box
✓ Contract Box deployed
All implementations have been deployed
? Call a function to initialize the instance after creating it? No
✓ Setting everything up to create contract instances
✓ Instance created at 0x7B9d5E4B4d43721c267623Cb5c391CDA3837e415
To upgrade this instance run 'oz upgrade'
0x7B9d5E4B4d43721c267623Cb5c391CDA3837e415
? Pick a network rinkeby
? Was your contract compiled with optimizations enabled? No
? Choose a remote endpoint etherscan
? Enter your Etherscan API key (get one at https://etherscan.io/myapikey) ZZZ_APIKEY_ZZZ
? Pick a contract to verify Box
✓ Contract source code of Box verified and published successfully. You can check it here: https://rinkeby.etherscan.io/address/0x0F9DBFc64c29bc006a5f2F747DCeD8AF9498EC8f#code

Another potential issue is if there is a mix of SPDX license identifiers: https://forum.openzeppelin.com/t/solidity-0-6-8-introduces-spdx-license-identifiers/2859

EndOfMaster commented 4 years ago

Hi @abcoathup ,I modified the evmVersion , but it doesn't work. It's the same mistake.

project.json

{
  "manifestVersion": "2.2",
  "contracts": {
    "Agic": "Agic"
  },
  "dependencies": {},
  "name": "Agic",
  "version": "1.0.0",
  "compiler": {
    "compilerSettings": {
      "evmVersion": "istanbul",
      "optimizer": {
        "enabled": false,
        "runs": "200"
      }
    },
    "typechain": {
      "enabled": false
    },
    "manager": "openzeppelin",
    "solcVersion": "0.6.8",
    "artifactsDir": "build/contracts",
    "contractsDir": "contracts"
  },
  "telemetryOptIn": true
}

about SPDX, all the files I import have // SPDX-License-Identifier: MIT , the truff-flattener seemed to produce a lot of // SPDX-license-Identifier: MIT

sirpy commented 4 years ago

I had two MIT SPDX had to remove one then manual verification passed. shouldn't openzeppelin account for that?