Compiler source mapping differences between forge build and forge verify-contract causing verification to fail

[heyskylark]

Hello,

I think I have found a bug in the way the compiler maps sources. The sources in the artifact produced by the build are different than the source paths in the verify json output. I noticed this issue when trying to verify an existing smart contract. I figured out that the reason that the verification was failing was because the standard_json_input compilation was using a different source which was a slightly different version of openzeppelin-contracts. It appears that it was using a version of openzeppelin-contracts that was within another dependency instead of the openzeppelin-contracts that existed in the root of the lib directory.

Source Pathing Example

Build source paths (compile)

• src/Test.sol
• lib/PBT/src/PBTSimple.sol
• lib/PBT/lib/openzeppelin-contracts/contracts/access/Ownable.sol
• lib/PBT/lib/openzeppelin-contracts/contracts/token/ERC721/ERC721.sol
• etc

Verify source paths (standard_json_input)

• src/Test.sol
• lib/PBT/src/PBTSimple.sol
• lib/openzeppelin-contracts/contracts/access/Ownable.sol
• lib/openzeppelin-contracts/contracts/token/ERC721/IERC721.sol
• etc

Minimal steps to reproduce

• Create a new project forge init
• Install dependencies
  • forge install OpenZeppelin/openzeppelin-contracts@v4.7.0
  • forge install chiru-labs/PBT
• Create a simple contract: Test.sol

  
  // SPDX-License-Identifier: UNLICENSED
  pragma solidity ^0.8.13;

import "@chiru-labs/pbt/PBTSimple.sol"; import "@openzeppelin/contracts/access/Ownable.sol";

contract Test is PBTSimple, Ownable { uint256 public number;

function setNumber(uint256 newNumber) public {
    number = newNumber;
}

function increment() public {
    number++;
}

}

- Create remappings.txt in the root directory

@chiru-labs/pbt=lib/PBT/src @openzeppelin=lib/openzeppelin-contracts

- Create build artifacts: `forge build`
- Create verification json:
```bash
forge verify-contract \
--verifier etherscan --show-standard-json-input \
--constructor-args $(cast abi-encode "constructor(string,string)" "Test" "Test") \
0x000000000000000000000000000000000000dEaD src/Test.sol:Test

• Verify that source paths are different between build (compile) artifacts and verify (standard_json_input) artifacts

Versions & Other details

• forge 0.2.0 (63fff3510 2024-04-21T21:59:02.827682000Z)
• OSX Sonoma 14.0 - M2 Mac
• I would love to take a crack at fixing this myself and opening a PR, but I wanted to start a conversation beforehand to check in on if this outcome is expected for any reason.