CLI
mud verify

mud verify

This command uploads the source code for the deployed contracts to a public repository, such as a block explorer. The repository then compiles the source code and verifies that the compiled version is identical to what is deployed onchain.

The best time to perform verification is immediately after deployment. Verification only works with the original source code, compiler options, and compiled artifacts. Otherwise, the generated bytecode is different and therefore verification fails.

ℹ️

Currently, on Blockscout mud verify verifies the Systems that are part of your application, but not the MUD contracts themselves. On Sourcify mud verify verifies all the contracts.

See below for how to verify library contracts on Blockscout.

Using the command

  1. If using Blockscout, specify the API key:

    export ETHERSCAN_API_KEY=<value goes here>

    With Blockscout you don't have to specify the API key. However, there is a limited number of requests allowed for accounts without an API key per second, so you get much more reliable service if you do. To get an API key, use the URL for the Blockscout explorer for the blockchain where your contract is located followed by /account/api-key. For example, for Redstone you'd use https://explorer.redstone.xyz/account/api-key (opens in a new tab).

  2. Run the command.

    pnpm mud verify --worldAddress <address here> --rpc <RPC to the blockchain> [--verifier <verifier>]

    These are the command line options you can specify on mud verify:

    OptionMeaningTypeDefault value
    --worldAddressVerify the contracts of the World at the given addressstringnone, error if unspecified
    --configPathPath to the config filestringmud.config.ts
    --verifierThe verifier to use (sourcify, or blockscout)stringblockscout
    --verifierUrlURL to use to access the verifier's APIstringdepends on the verifier used
    --profileThe foundry profile to usestringlocal
    --rpcURL to the blockchainstring
    --srcDirSource directorystringFoundry src directory
    --versionShow version numberbooleanfalse

    Note that it takes block explorers some time to process new contracts. You should wait 5-10 minutes past deployment before you verify the contract on Blockscout.

Examples

  • To verify the world at that address on Holesky on sourcify (opens in a new tab):

    WORLD_ADDRESS=0x816038e244ff78b86a5e7dec9bf281634fb6d2a2
    HOLESKY_RPC=https://ethereum-holesky.publicnode.com
    pnpm mud verify --rpc $HOLESKY_RPC --worldAddress $WORLD_ADDRESS
  • To verify a contract on Holesky for users of Blockscout (opens in a new tab):

    WORLD_ADDRESS=0x816038e244ff78b86a5e7dec9bf281634fb6d2a2
    HOLESKY_RPC=https://ethereum-holesky.publicnode.com
    export ETHERSCAN_API_KEY= ** blockscout API key goes here **
    pnpm mud verify --rpc $HOLESKY_RPC --worldAddress $WORLD_ADDRESS --verifier blockscout --verifier-url https://eth-holesky.blockscout.com/api

Manual contract verification

mud verify only verifies contracts in your own project, not those imported from other packages. In most cases, those contracts are already verified and the block explorer will show you the source code regardless. However, if they are not, you can use forge verify-contract to verify them manually. Here are step by step directions when using Blockscout.

  1. Set the following environment variables:

    VariableValue
    BLOCKSCOUT_API_KEYBlockscout API key
    ADDRESSContract address
    CONTRACTThe contract1
    API_URLBlockscout API URL (the explorer URL followed by /api)
    RPC_URLRPC HTTP URL for the blockchain

    (1) The path from the contracts package, followed by a colon and the contract name. For example, node_modules/@latticexyz/world-modules/src/modules/erc721-puppet/ERC721System.sol:ERC721System.

  2. Run this command:

    forge verify-contract --verifier blockscout \
     --verifier-url $API_URL --rpc-url $RPC_URL \
     --etherscan-api-key $BLOCKSCOUT_API_KEY $ADDRESS $CONTRACT