How to Verify Deployed Code


Smart contracts are represented as bytecode in the EVM. You get a brief intro to bytecode in this article.

The goal of “verifying deployed code” is to confirm that the source code in the GitHub pull request for a BIP is actually the same code that was deployed on-chain.

Verify locally

  1. Follow
    How to Setup Environment
    — after running npx hardhat compile, a artifacts directory will be created in the protocol directory.
    1. Double check that you are on the correct branch listed in the
      BIP Runbooks
  2. Navigate to artifacts/contracts/farm/.
  3. For each facet being added or changed (and _init address if applicable—these will be in the init/ directory), do the following:
    1. Navigate to facets/ (or init/ for the _init contract)—each XFacet.sol file should have a corresponding XFacet.json file.
    2. At the bottom of each JSON file, find the corresponding bytecode under the bytecode key (second to the bottom).
    3. Open a site like https://www.diffchecker.com/text-compare/ and copy the local bytecode into the first field.
    4. Fetch the on-chain bytecode for the respective facet address—this can be done via CLI or by visiting the Contract tab on Etherscan and scrolling down. At the bottom, you can see the on-chain bytecode for the given contract in the Contract Creation Code field.
    5. Copy this on-chain bytecode into the second field on Diffchecker.
      1. Note that you may have to prepend this bytecode with 0x.
    6. Click “Find Difference” on Diffchecker. If they are identical then the source code on GitHub matches the on-chain deployed bytecode. Repeat for each facet being added or changed in the BIP.