How to verify smart contracts using Foundry

How to verify smart contracts using Foundry

Learn how you can verify your contracts using Etherscan's API

Introduction

Blockchain technology is built on the fundamental principle of transparency, where every transaction is visible and verifiable. We extend the same principle to smart contracts. When they are deployed on the Ethereum network, their bytecodes are publicly available, but unless they are verified, the actual source code remains obscure. In this guide, we’ll see how to use Etherscan’s API to verify our contracts and make the code available in plaintext for everyone to read.

What is Etherscan?

Etherscan is a blockchain explorer that allows users to view and search data on Ethereum. Developers who deploy smart contracts can get them verified on Etherscan by publishing their code on the platform. This way, anyone who enters the address of the deployed contract can look it up on Etherscan and read the contract themselves. This facilitates transparency and ensures that users know which code they are interacting with, thus reducing the risk of them getting one-shotted by a shitcoin. Etherscan has an API to make the verification process simpler for us smart contract developers. It also supports testnets like Sepolial and Holesky as well, so it will be fairly easy for us to deploy and verify our contracts.

Setting up

Spin up a new Foundry project by entering forge init . in your terminal. Create a .env file in the root of the project.

Go to this page on Etherscan and Sign up or login if needed. They have a free tier available so no need to worry about pricing for now. Once you’re logged in, you’ll see this page

Here, under the API Keys section, click on the “Add” button. You’ll see this modal open up

Give it a name of your choice and click on Create New API Key. Once that is done, you’ll see an API key token for your project. Copy it.

Great. Now go back to the .env file you made and create a new variable for your API key like so:

ETHERSCAN_API_KEY=your_etherscan_api_key

Since we’re gonna be deploying to a testnet, you need the private key of a dev account which has no real funds. I hope that by now you are using keystores in Foundry. If not, refer to this section in the 4th part of this series.

Finally, we need an RPC URL. Feel free to use any public RPC for Ethereum Sepolia. You will find a list of such RPC’s here. Copy the URL and paste it into your .env file like so:

SEPOLIA_RPC_URL=https://ethereum-sepolia-rpc.publicnode.com

Now open foundry.toml present in the root of your project and add these lines to it:

[rpc_endpoints]
sepolia = "${SEPOLIA_RPC_URL}"

[etherscan]
sepolia = { key = "${ETHERSCAN_API_KEY}" }

Verifying a contract during deployment

Open src/Counter.sol and add an arbitrary function to it. Here’s what I added, though I urge you to do something else instead

    function arbitraryFunctionWithArbitraryName() public{
        number +=23;
    }

Now, use forge build to compile the contract and make sure there are no errors. Make sure the terminal points to the directory of your project and enter this to make sure your environment variables are loaded:

source .env

Awesome! Now let’s deploy and verify this contract. We can do this using the forge create command itself by specifying our Etherscan API key and adding --verify to our command. Run this in your terminal:

forge create --rpc-url $SEPOLIA_RPC_URL --account dev src/Counter.sol:Counter --chain sepolia --etherscan-api-key $ETHERSCAN_API_KEY --verify --broadcast

You should then see something like this:

Now let’s check Sepolia Etherscan to see if it actually worked. Just click the URL it gave you and check the Contract tab. You should see something like this

It is not possible to verify a contract that is identical to one which has already been deployed and verified on the target chain and if you try to do so, you’ll see an error like: contract is already verified. Skipping verification.

Verifying a contract after deployment

There is a chance that you followed all the steps but got an error message that looks like:

This just implies that the indexer didn’t index the transaction within the given time, which is fine, and you can still verify your contract by using forge-verify. Run this command in your terminal

 forge verify-contract --chain sepolia --watch --etherscan-api-key $ETHERSCAN_API_KEY address-of-your-contract src/Counter.sol:Counter

You should now see something like this:

Conclusion

Bravo! You’ve learned how you can verify your smart contracts, both during deployment and after it, using Etherscan’s API! The only genuine instance you would avoid using this knowledge henceforth (apart from laziness) would be when you know your code is trash and don’t want anyone else to see it lol. In the next blog, we’ll learn how to test smart contracts using Foundry, though we have already seen a glimpse of it in the 4th part of this series. Stay tuned for it. Thanks a lot for reading to the end🫡🫡