@ethereum-sourcify/lib-sourcify
Advanced tools
Library for Sourcify's contract verification methods, contract validation, types, and interfaces.
lib-sourcify is Sourcify's reusable backbone library for verifying contracts. Additionally it contains:
CheckedContracts
The initial step to verify a contract is to validation, i.e. creating a CheckedContract. This can be done with checkFiles which takes files in PathBuffer as input and outputs a CheckedContract array:
const pathBuffers: PathBuffer[] = [];
pathBuffers.push({
path: filePath,
buffer: fs.readFileSync(filePath),
});
For a CheckedContract to be valid i.e. compilable, you need to provide a contract metadata JSON file identifying the contract and the source files of the contract listed under the sources field of the metadata.
const checkedContracts: CheckedContract[] = await checkFiles(pathBuffers);
Each contract source either has a content field containing the Solidity code as a string, or urls to fetch the sources from (Github, IPFS, Swarm etc.). If the contract sources are available, you can fetch them with.
CheckedContract.fetchMissing(checkedContracts[0]); // static method
You can check if a contract is ready to be compiled with:
CheckedContract.isValid(checkedContracts[0]); // true
A contract verification essentially requires a CheckedContract and an on-chain contract to compare against the CheckedContract.
You can verify a deployed contract with:
export async function verifyDeployed(
checkedContract: CheckedContract,
sourcifyChain: SourcifyChain,
address: string,
creatorTxHash?: string
): Promise<Match>;
a SourcifyChain here is the chain object of ethereum-lists/chains. This states which chain to look the contract in (e.g. chainId) and through which rpcs to retrieve the deployed contract from.
const goerliChain = {
name: "Goerli",
rpc: [
"https://locahlhost:8545/"
"https://goerli.infura.io/v3/${INFURA_API_KEY}",
],
chainId: 5,
},
const match = verifyDeployed(
checkedContract[0],
goerliChain,
'0x00878Ac0D6B8d981ae72BA7cDC967eA0Fae69df4'
)
console.log(match.status) // 'perfect'
Alternatively you can verify counterfactual contracts created with the CREATE2 opcode. This does not require a SourcifyChain and address as the contract address is pre-deterministicly calculated and the contract is not necessarily deployed.
export async function verifyCreate2(
checkedContract: CheckedContract,
deployerAddress: string,
salt: string,
create2Address: string,
abiEncodedConstructorArguments?: string
): Promise<Match>;
Example:
const match = await verifyCreate2(
checkedContract[0],
deployerAddress,
salt,
create2Address,
abiEncodedConstructorArguments
);
console.log(match.chainId); // '0'. create2 matches return 0 as chainId
console.log(match.status); // 'perfect'
sourcify-monorepo@1.1.2 - 2024-01-03
FUNDING.jsonFAQs
Library for Sourcify's contract verification methods, contract validation, types, and interfaces.
The npm package @ethereum-sourcify/lib-sourcify receives a total of 2 weekly downloads. As such, @ethereum-sourcify/lib-sourcify popularity was classified as not popular.
We found that @ethereum-sourcify/lib-sourcify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.