Security News
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
By Sarah Gooding - Jun 30, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@nomiclabs/hardhat-etherscan
Advanced tools
What is @nomiclabs/hardhat-etherscan?
@nomiclabs/hardhat-etherscan is a plugin for Hardhat that allows developers to verify their smart contracts on Etherscan, a popular Ethereum block explorer and analytics platform. This plugin simplifies the process of contract verification by automating the interaction with Etherscan's API.
What are @nomiclabs/hardhat-etherscan's main functionalities?
Contract Verification
This feature allows you to verify your smart contracts on Etherscan. By configuring your Hardhat project with the necessary network and Etherscan API key, you can use the `hardhat verify` command to automatically verify your contracts.
module.exports = { solidity: '0.8.0', networks: { mainnet: { url: 'https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID', accounts: ['YOUR_PRIVATE_KEY'] } }, etherscan: { apiKey: 'YOUR_ETHERSCAN_API_KEY' } };Other packages similar to @nomiclabs/hardhat-etherscan
truffle-plugin-verify
truffle-plugin-verify is a Truffle plugin that provides similar functionality to @nomiclabs/hardhat-etherscan, allowing developers to verify their smart contracts on Etherscan. While @nomiclabs/hardhat-etherscan is designed for use with Hardhat, truffle-plugin-verify is intended for Truffle users, offering a similar level of automation and ease of use for contract verification.
buidler-etherscan
buidler-etherscan is a plugin for Buidler (the predecessor to Hardhat) that also facilitates contract verification on Etherscan. It offers similar functionality to @nomiclabs/hardhat-etherscan but is tailored for projects that are still using Buidler instead of migrating to Hardhat.
hardhat-etherscan
The @nomiclabs/hardhat-etherscan plugin is deprecated in favor of our new @nomicfoundation/hardhat-verify plugin.
Migrating to hardhat-verify
hardhat-verify is a drop-in replacement of hardhat-etherscan. To migrate to it:
- Uninstall the
@nomiclabs/hardhat-etherscanpackage - Install the
@nomicfoundation/hardhat-verifypackage - Update your Hardhat config to import
@nomicfoundation/hardhat-verifyinstead of@nomiclabs/hardhat-etherscan
What
This plugin helps you verify the source code for your Solidity contracts on Etherscan.
It's smart and it tries to do as much as possible to facilitate the process:
- Just provide the deployment address and constructor arguments, and the plugin will detect locally which contract to verify.
- If your contract uses Solidity libraries, the plugin will detect them and deal with them automatically. You don't need to do anything about them.
- A simulation of the verification process will run locally, allowing the plugin to detect and communicate any mistakes during the process.
- Once the simulation is successful the contract will be verified using the Etherscan API.
Installation
npm install --save-dev @nomiclabs/hardhat-etherscan
And add the following statement to your hardhat.config.js:
require("@nomiclabs/hardhat-etherscan");
Or, if you are using TypeScript, add this to your hardhat.config.ts:
import "@nomiclabs/hardhat-etherscan";
Tasks
This plugin provides the verify task, which allows you to verify contracts through Etherscan's service.
Environment extensions
This plugin does not extend the environment.
Usage
You need to add the following Etherscan config to your hardhat.config.js file:
module.exports = {
networks: {
mainnet: { ... }
},
etherscan: {
// Your API key for Etherscan
// Obtain one at https://etherscan.io/
apiKey: "YOUR_ETHERSCAN_API_KEY"
}
};
Alternatively you can specify more than one block explorer API key, by passing an object under the apiKey property, see Multiple API keys and alternative block explorers.
Lastly, run the verify task, passing the address of the contract, the network where it's deployed, and the constructor arguments that were used to deploy it (if any):
npx hardhat verify --network mainnet DEPLOYED_CONTRACT_ADDRESS "Constructor argument 1"
Complex arguments
When the constructor has a complex argument list, you'll need to write a javascript module that exports the argument list. The expected format is the same as a constructor list for an ethers contract. For example, if you have a contract like this:
struct Point {
uint x;
uint y;
}
contract Foo {
constructor (uint x, string s, Point memory point, bytes b) { ... }
}
then you can use an arguments.js file like this:
module.exports = [
50,
"a string argument",
{
x: 10,
y: 5,
},
// bytes have to be 0x-prefixed
"0xabcdef",
];
Where the third argument represents the value for the point parameter.
The module can then be loaded by the verify task when invoked like this:
npx hardhat verify --constructor-args arguments.js DEPLOYED_CONTRACT_ADDRESS
Libraries with undetectable addresses
Some library addresses are undetectable. If your contract uses a library only in the constructor, then its address cannot be found in the deployed bytecode.
To supply these missing addresses, you can create a javascript module that exports a library dictionary and pass it through the --libraries parameter:
hardhat verify --libraries libraries.js OTHER_ARGS
where libraries.js looks like this:
module.exports = {
SomeLibrary: "0x...",
};
Multiple API keys and alternative block explorers
If your project targets multiple EVM-compatible networks that have different explorers, you'll need to set multiple API keys.
To configure the API keys for the chains you are using, provide an object under etherscan/apiKey with the identifier of each chain as the key. This is not necessarily the same name that you are using to define the network. For example, if you are going to verify contracts in Ethereum mainnet, Optimism and Arbitrum, your config would look like this:
module.exports = {
networks: {
mainnet: { ... },
testnet: { ... }
},
etherscan: {
apiKey: {
mainnet: "YOUR_ETHERSCAN_API_KEY",
optimisticEthereum: "YOUR_OPTIMISTIC_ETHERSCAN_API_KEY",
arbitrumOne: "YOUR_ARBISCAN_API_KEY",
}
}
};
To see the full list of supported networks, run npx hardhat verify --list-networks. The identifiers shown there are the ones that should be used as keys in the apiKey object.
Adding support for other networks
If the chain you are using is not in the list, you can manually add the necessary information to verify your contracts on it. For this you need three things: the chain id of the network, the URL of the verification endpoint, and the URL of the explorer.
For example, if Goerli wasn't supported, you could add it like this:
etherscan: {
apiKey: {
goerli: "<goerli-api-key>"
},
customChains: [
{
network: "goerli",
chainId: 5,
urls: {
apiURL: "https://api-goerli.etherscan.io/api",
browserURL: "https://goerli.etherscan.io"
}
}
]
}
Keep in mind that the name you are giving to the network in customChains is the same one that has to be used in the apiKey object.
To see which custom chains are supported, run npx hardhat verify --list-networks.
Using programmatically
To call the verification task from within a Hardhat task or script, use the "verify:verify" subtask. Assuming the same contract as above, you can run the subtask like this:
await hre.run("verify:verify", {
address: contractAddress,
constructorArguments: [
50,
"a string argument",
{
x: 10,
y: 5,
},
"0xabcdef",
],
});
If the verification is not successful, an error will be thrown.
Providing libraries from a script or task
If your contract has libraries with undetectable addresses, you may pass the libraries parameter with a dictionary specifying them:
hre.run("verify:verify", {
// other args
libraries: {
SomeLibrary: "0x...",
}
}
How it works
The plugin works by fetching the bytecode in the given address and using it to check which contract in your project corresponds to it. Besides that, some sanity checks are performed locally to make sure that the verification won't fail.
Known limitations
- Adding, removing, moving or renaming new contracts to the hardhat project or reorganizing the directory structure of contracts after deployment may alter the resulting bytecode in some solc versions. See this Solidity issue for further information.
FAQs
Hardhat plugin for verifying contracts on etherscan
The npm package @nomiclabs/hardhat-etherscan receives a total of 166,585 weekly downloads. As such, @nomiclabs/hardhat-etherscan popularity was classified as popular.
We found that @nomiclabs/hardhat-etherscan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Dec 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
By Sarah Gooding - Jun 26, 2025
Security News
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
By Sarah Gooding - Jun 25, 2025