Smart Contract Verification on Hedera | Hedera Hedera Network Services Token Service Mint and configure tokens and accounts. Consensus Service Verifiable timestamps and ordering of events. Smart Contracts Run Solidity smart contracts. HBAR The Hedera network's native cryptocurrency. Insights How It Works Learn about Hedera from end to end. Explorers View live and historical data on Hedera. Dashboards Analyze network activity and metrics. Network Nodes Understand networks and node types. Devs Start Building Get Started Learn core concepts and build the future. Documentation Review the API and build using your favorite language. Developer Resources Integrations Plugins and microservices for Hedera. Fee Estimator Understand and estimate transaction costs. Open Source Hedera is committed to open, transparent code. Learning Center Learn about web3 and blockchain technologies. Grants Grants & accelerators for your project. Bounties Find bugs. Submit a report. Earn rewards. Ecosystem ECOSYSTEM Hedera Ecosystem Applications, developer tools, network explorers, and more. NFT Ecosystem Metrics Analyze on-chain and market NFT ecosystem metrics. CATEGORIES Web3 Applications Connect into the innovative startups decentralizing the web on Hedera. Enterprise Applications Learn about the Fortune 500 companies decentralizing the web on Hedera. Wallets & Custodians Create a Hedera account to manage HBAR, fungible tokens, and NFTs. Network Explorers Hedera mainnet and testnet graphical network explorers. Developer Tooling Third-party APIs, integrations, and plugins to build apps on Hedera. Grants & Accelerators Boost your project with support from the Hedera ecosystem. Partner Program Explore our partners to bring your vision into reality. Hedera Council Over 30 highly diversified organizations govern Hedera. Use Cases Hedera Solutions Asset Tokenization Studio Open source toolkit for tokenizing assets securely. Stablecoin Studio All-in-one toolkit for stablecoin solutions. Hedera Guardian Auditable carbon markets and traceability. Functional Use Cases Data Integrity & AI Reliable, secure, and ethically governed insights. Sustainability Enabling fair carbon markets with trust. Real-World Asset Tokenization Seamless tokenization of real-world assets and digital at scale. Consumer Engagement & Loyalty Mint, distribute, and redeem loyalty rewards. Decentralized Identity Maintain the lifecycle of credentials. Decentralized Logs Scalable, real-time timestamped events. DeFi Dapps built for the next-generation of finance. NFTs Low, fixed fees. Immutable royalties. Payments Scalable, real-time, and affordable crypto-payments. HBAR Overview Learn about Hedera's token, HBAR. Treasury Management Hedera’s report of the HBAR supply. Governance Decentralized Governance Hedera Council See the world's leading organizations that own Hedera. About Meet Hedera's Board of Directors and team. Journey Watch Hedera's journey to build an empowered digital future for all. Transparent Governance Public Policy Hedera's mission is to inform policy and regulation that impact the industry. Meeting Minutes Immutably recorded on Hedera. Roadmap Follow Hedera's roadmap in its journey to build the future. Resources Company What's New Partners Papers Careers Media Blog Technical Press Podcast Community Events Meetups Store Brand Navigation QUICKSTART Smart Contract Verification on Hedera technical Nov 20, 2023 by Keith Kowal Director of Product Management, Hashgraph by Ed Marquez Head of Developer Relations Introduction Since the launch of Smart Contracts 2.0 in February 2022, more features and capabilities have been introduced continuously to improve the Hedera smart contract ecosystem. Today, we are launching Smart Contract Verification on Hedera to bolster security and trust between smart contract owners and smart contract users. This feature is useful for all smart contract applications, but it is a must-have for many DeFi products.  Background Smart contract verification is an established feature of many Ethereum Virtual Machine (EVM) ecosystems. It enables smart contract users to view the source code of those contracts. Regardless of the implementation, at a high level, the process of verifying smart contracts follows a few simple steps: A smart contract owner deploys the contract After deployment, a user (presumably the smart contract owner) goes to a verification service and uploads source code and/or metadata related to the deployed smart contract. The verification service compiles the uploaded source code if needed, and compares the resulting or provided compiled bytecode vs the bytecode of the deployed contract on the network. From this comparison, the verification service creates a result of no match, partial match, or full match (also called perfect match). Upon a partial or full match, the verification service saves the verification result and the uploaded source code in a repository. Users of the smart contract can now look up the smart contract in an explorer, view the verification result, and view and evaluate the contract source code. The process above enables users to review and evaluate the smart contract source code with the assurance from the verification service that the source code they are viewing matches the contract deployed on the network. This process may require the user reviewing the source code to have a strong understanding of Solidity smart contract code, architecture, potential security vulnerabilities, etc. Not all users will have this technical skillset, so they can in turn rely upon experts they trust to perform these reviews in their stead and report the results. However, it should be noted that the presence of a smart contract verification in no way asserts that a given smart contract is good, bad, safe, malicious etc. It's only meaning is that the source code is available for review, and it’s up to the users to do their own research to determine if the contract is worthy of interaction. The Smart Contract Verification Ecosystem Looking upon the EVM Smart Contract verification ecosystem we see a few dominant services. First we have Sourcify (sourcify.dev) which is an open source offering. Second we see Smart Contract verification offered by Etherscan and Etherscan clones (Polygonscan, Arbiscan, FTMscan etc.) These services are typically operated as separate repositories - so a verification performed on Etherscan will not appear in Sourcify.dev and vice versa. Then downstream services such as Remix and Hardhat will often support the reading and writing of verifications from one or more of these services. Hedera Smart Contract Verification Service Overview When setting out to support smart contract verification, Swirlds Labs looked at a number of options and ultimately decided to host an instance of Sourcify as the industry tool of record. The hosted instance can be found at https://verify.hashscan.io/. This instance of Sourcify driving the Hedera verifications has a few changes from the main Sourcify branch including removal of support for other chains, UI/UX modifications, and most notably support for testnet/previewnet “resets” where all of the stored verifications will be deleted when the Hedera testnet/previewnet periodically resets.  The code base for the Hedera Sourcify instance is open source for all to review and contribute to. This instance operates independently from the Sourcify.dev instance, as previously mentioned. Hedera mainnet is available in Sourcify.dev as an network option to independently perform verifications. In some cases, it might make sense for a smart contract owner to do verifications on both Hedera and Sourcify.dev in particular if a smart contract is being deployed across multiple chains using the same EVM address. The deployment of the Hedera Sourcify instance seeks to enable 3 verification options in the Hedera ecosystem. Users can go directly to verify.hashscan.io to perform verifications. Users can go Hashscan.io to perform verifications as part of the broader explorer experience. Other blockchain explorers in the Hedera ecosystem can leverage the Sourcify instance to enable verifications through their services. As a testament to the impact of this advancement in the Hedera ecosystem, some application developers have recently expressed their commendation and highlighted the significance of these efforts. In the case of Eta Swap, a DEX aggregator on Hedera, they stated: “Kudos to @swirldslabs for implementing smart-contract verification on #hashscan. Huge step to transparency (source code is easily verifiable now).” There are three types of results when performing a smart contract verification; no match, partial match, and full match (also known as perfect match). Based on the previous explanation of the verification process, the “no match” result is self explanatory. Where there is more complexity is between partial match and full match. A full match means there is a 1-1 match between the verification service compiled code and the bytecode deployed on the network. Partial match occurs in cases where the compiled bytecode matches the deployed bytecode except for the metadata hash. For a more detailed explanation on these differences please refer to the Sourcify documentation here. The most desired outcome for a Smart Contract owner is a full match. If a user verifies a contract and achieves a partial match, Hashscan supports the ability to “re-verify” the contract with updated source files to achieve a full match. Also, if a smart contract owner is struggling to get a desired match, the Sourcify Playground provides valuable tools to support verification debugging. Hashscan Smart Contract Verification Performing Smart Contract Verification using the service is simple and straightforward. Step 1: Deploy a smart contract on Hedera. Step 2: Go to Hashscan and lookup the unverified deployed contract and choose the option to “Verify Contract” Step 3: Upload the source code files associated with the smart contract. Step 4: After a successful verification (partial or full match) any user viewing the smart contract will see the verification status, verification details, and a link to the source code files. Step 5: Users can click on the “View contract sources” button and view the source code Conclusion The ability to verify smart contracts is crucial for various applications, especially in the DeFi sector. Introducing Smart Contract Verification on Hedera bolsters transparency and security between smart contract owners and users. This verification process is integral in establishing trust in the smart contracts deployed on the Hedera network. It also ensures that users can review and assess the smart contract source code with confidence, knowing it matches the contract deployed on the network. However, it's important to note that verification itself doesn't label a smart contract as safe or risky; it merely makes the code available for scrutiny. The responsibility of evaluating the safety and suitability of a contract lies with the users, who may rely on experts for in-depth analysis. Continually enhancing the security features of smart contracts on Hedera, complementing its other top-tier attributes like high performance and low gas costs, helps Hedera become the preferred platform for reliable on-chain programmability. Resources Open a Testnet Account Verifying Smart Contracts How to Verify a Smart Contract on HashScan Open Source Hedera Sourcify Instance Join the Developer Discord Share This Back to blog What is gRPC, gRPC-Web, and Proxies? Ed Marquez Pragmatic Blockchain Design Patterns – Integrating Blockchain into Business Processes Michiel Mulders Zero Cost EthereumTransaction on Success: Hedera's New Fee Model for Relay Operators Oliver Thorn Hedera Adopts Chainlink Standard for Cross-Chain Interoperability To Accelerate Ecosystem Adoption Hedera Team Hedera Developer Highlights March 2025 Michiel Mulders Hedera Release Cycle Overview Ed Marquez View All Posts Sign up for the newsletter CONNECT WITH US Transparency Open Source Audits & Standards Sustainability Commitment Carbon Offsets Governance Hedera Council Public Policy Treasury Management Meeting Minutes LLC Agreement Node Requirements Community Events Meetups HBAR Telegram Developer Discord Twitter Community Support FAQ Network Status Developer Discord StackOverflow Brand Brand Guidelines Built on Hedera Logo Hedera Store About Team Partners Journey Roadmap Careers Contact General Inquiry Public Relations © 2018-2025 Hedera Hashgraph, LLC. All trademarks and company names are the property of their respective owners. All rights in the Deutsche Telekom mark are protected by Deutsche Telekom AG. All rights reserved. Hedera uses the third party marks with permission. Terms of Use  |  Privacy Policy