People need to be able to verify that a deployed contract matches the source code
that the author claims was used to deploy it. Previously, there was no simple
way to achieve this.
How was it fixed?
These are the steps to verify a contract with the verify command:
Obtain the project's source code locally.
Ensure it is the same source code that was used to deploy the contract. (e.g. check out a specific tag)
From the project directory run fe verify <contract-address> <json-rpc-url>
Example:
$ fe verify 0xf0adbb9ed4135d1509ad039505bada942d18755f https://example-eth-mainnet-rpc.com
It's a match!✨
Onchain contract:
Address: 0xf0adbb9ed4135d1509ad039505bada942d18755f
Bytecode: 0x60008..76b90
Local contract:
Contract name: SimpleDAO
Source file: /home/work/ef/simple_dao/fe_contracts/simpledao/src/main.fe
Bytecode: 0x60008..76b90
Hint: Run with --verbose to see the contract's source code.
What was wrong?
People need to be able to verify that a deployed contract matches the source code that the author claims was used to deploy it. Previously, there was no simple way to achieve this.
How was it fixed?
These are the steps to verify a contract with the
verify
command:fe verify <contract-address> <json-rpc-url>
Example:
This builds on #947