Skip to content

Latest commit

 

History

History
147 lines (122 loc) · 5.22 KB

20191206-etherscan-verification.md

File metadata and controls

147 lines (122 loc) · 5.22 KB
Raw

Etherscan contract verification tool

Aim of the tool is to automate and verify contracts on Etherscan (mainnet, Ropsten and Goerli).

Origin contracts to verify per auxiliary chain

  • Anchor
  • AnchorOrganization
  • OSTGatewayOrganization
  • OSTEIP20Gateway
  • MerklePatriciaProof
  • MessageBus
  • GatewayLib

Origin contracts to verify per token

  • ERC20GatewayOrganization
  • ERC20Gateway
  • ValueBrandedToken

Tool to automate contracts verification on etherscan

  • Proposed command

    npm run verify-contract <apiKey> <network> <githubRepoUrl> <contractName> <contractAddress> <contractCreationTxHash> <byteCode> <libraryContractConfig>
    • apiKey: Etherscan API key
    • network: Network where contract is deployed. e.g. "mainnet", "ropsten", "rinkeby", "kovan", "goerli"
    • GithubRepoUrl: Github exact tag/release contract repository which was used to deploy the contracts. Supported repositories:
      • mosaic-contracts
      • brandedtoken-contracts
      • openst-contracts
    • contractName: Contract which is to be verified on etherscan
    • contractAddress: Contract address to verify
    • contractCreationTxHash: Contract's creation transaction hash
    • byteCode: Bytecode which was used to deploy the contracts. This parameter is optional after contract compilation bugs are fixed
    • libraryContractConfig: It's an optional field. File path which contains verified library contracts details in json format. If library contracts are not verified, they need to be verified first. e.g. 
          {
      "MerklePatriciaProof": "<contractAddress>",
      "MessageBus": "<contractAddress>"
  }

  • Implementation Details

    • The tool will clone the given github release/tag repository. Supported repositories:
      • mosaic-contracts
      • brandedtoken-contracts
      • openst-contracts
    • Run npm ci
    • npm run compile needs to run. This will populate compiled contract build files in contract/build directory.
      • Note: Make sure contracts are compiled with exact solc version which was deployed.
    • Update contract/build/.json file network section:
    "networks": {
    "1": {
      "address": "<contractAddress>",
      "transactionHash": "<contractCreationTxHash>",
      "links": {}
    }
    • To verify contracts which have links to library contracts, library contract addresses needs to be specified in the links section. Library contracts should be verified before verifying linked library contract. e.g.
    "networks": {
    "1": {
      "address": "<gatewayContractAddress>",
      "transactionHash": "<gatewayContractCreationTxHash>",
      "links": {
          "MerklePatriciaProof": "<contractAddress>",
          "MessageBus": "<contractAddress>"
      }
    }

  • verify-on-etherscan.verify method will be called from inside the script

        const verify = require('verify-on-etherscan');
    const result = await verify({
      cwd,
      artifacts,
      apiKey,
      web3,
      network,
      useFetch,
      optimizer,
      output,
      delay,
      logger,
      verbose
    })

Notes

  • Rotate etherscan API key
  • BUG: brandedtoken-contracts and MosaicContracts is using different solc version(not 0.5.0) for contracts compilation.
  • Truffle "beta" version is taking latest beta version for compilation
  • Verification of contracts should be done as soon as they are deployed

Chain contracts verification

Pepo contracts verification