YiDaiBi Blog

How to verify Ethereum smart contract's source code


Why you should verify code

Ethereum platform offers transparency by default. All data on Ethereum's blockchain is public and accessible by anyone. The problem is that all contracts code on Ethereum is binary code, easily executed by Ethereum Virtual Machine, but hardly human-readable. Although most devs write smart contracts using Solidity language, what is deployed is not Solidity, but binary code.

Questions that come to mind: what is the point of deploying a smart contract if no one can verify that it's doing what it's supose to do? Should you entrust your money to unverified code? No.

Where to verify

Verification helps with building a trust betweeen a customer using smart contract and a counter-party that deployed contract. Etherscan has implemented an online tool to help developers verify their code. Verification is a process of connecting a Solidity source code to smart contract's deployed binary code. The tool checks if the compiled version of Solidity code matches binary code. Once contract is verified, anyone can check the source code, review and audit it.

Etherscan's Verify and Publish tool

How to verify your code

Before we explain how to verify your code, if you are using our tool to mint some ERC-20 tokens, you do not need to do anything; contracts are auto-verified. Here's an example token's Solidity code on Etherscan deployed using our tool.

This guide is for devs using Truffle and Solidity for contract development.

1. Prepare a flat Solidity file

truffle-flattener concats solidity files developed under Truffle with all of their dependencies. Install it with the following:
npm install truffle-flattener -g
Use truffle-flattener to concatenate all dependencies of the deployed contract. Example code is as follows:
truffle-flattener contracts/ERC20/YidaibiERC20Token.sol > FlatYidaibiERC20Token.sol
A new file named FlatYidaibiERC20Token.sol should be created with the content of all solidity contracts used in the hierarchy.

2. Verify and publish tool

This section will guide you through the Etherscan's Verify and publish tool and help you fill in all the fields on their page. We'll go step by step.

2.1 Contract Address and Constructor Arguments ABI-encoded

Find your contract on Etherscan, then navigate to code tab, click on the Verify And Publish link. Etherscan will autofill some of the form fields so you don't have to (contract address and constructor arguments ABI encoded).

2.2 Contract Name

Next, you'll fill in the Contract Name using name of the contract from solidity file (for example from YidaibiERC20Token.sol the name is YidaibiERC20Token).

2.3 Compiler

The version of Solidity compiler you used can be viewed with following command:
truffle version
You'll get something like this:
Truffle v4.1.14 (core: 4.1.14)
Solidity v0.4.24 (solc-js)

Find your compiler version from the dropdown, use commit version, not nightly (for example v0.4.24+commite57f0147).

2.4 Optimization

To check if optimization is enabled, open the truffle.js configuration file in your project's root folder and look up for object named solc, something like this:
solc: {
  optimizer: {
    enabled: true,
    runs: 200
  }
}

If there is an object like this, you can see that optimization is enabled, with 200 runs. If solc object is not present, then optimization is disabled.

2.5 Contract code

Copy/paste the contents of the flattened file (FlatYidaibiERC20Token.sol) in the form.

2.6 Finish

Hit the Verify And Publish button, and wait a few seconds for contracts to be verified!

Share This Post

What's Next

If you've completed this tutorial, we recommend you follow up with these tutorials:

Add ERC0 Token to Metamask Wallet
Add ERC20 Token To Uniswap Exchange
Add ERC20 Token To Etherdelta Exchange

Connect With Us

Thank you for reading this far! You can:
- follow us on Twitter
- subscribe to our channel on Youtube

Contact us

We are YiDaibi DOO, a blockchain startup.

Being,China

Wechat: (yidaibi)