Skip to main content
Verifying smart contracts helps ensure the deployed bytecode matches the expected source files. HashScan Smart Contract Verifier is a tool that simplifies this process. This guide will walk through the basic steps of smart contract verification using the HashScan Smart Contract Verifier tool.
📣 Note: This is an initial release. API functionalities will see enhancements in upcoming updates of the https://github.com/hashgraph/hedera-sourcify repository.

Prerequisites

  • Solidity source code file of the deployed smart contract.
  • Solidity JSON (metadata) file of the deployed smart contract.
  • EVM address of the smart contract deployed on the Hedera network.

Table of Contents

  1. Find the Contract
  2. Import Source Files
  3. Verify Contract
  4. Verification Match
  5. Re-Verify Smart Contract
  6. Additional Resources

Step 1: Find the Contract on HashScan

Open a web browser and navigate to HashScan. Make sure you are on the correct Hedera network (mainnet, testnet, or previewnet), and search for the deployed contract address in the search bar at the top of the page. In the Contract Bytecode section click on Verify. The source code file importer popup window will open.

Step 2: Import Source Files

Add your Solidity source code files in the source file importer popup. Source files include the smart contract (.sol) source code file and metadata (.json ) file. The metadata file can be found in the artifacts/ directory of your smart contract project and its name correlates with the smart contract. For example, the metadata for the HelloHedera.sol contract would be called HelloHedera.json.

Step 3: Advanced Manual Verification for Complex Contracts

For complex projects with multiple dependencies (such as OpenZeppelin libraries) or upgradeable proxy contracts, manually uploading individual source files can be extremely difficult and error-prone. Each dependency file must be uploaded separately, and ensuring all imports are correctly resolved can be challenging. A more robust approach is to programmatically verify the contract using hardhat/foundry directly but you can also take a manual approach where you generate a single, self-contained metadata.json file that includes all source code dependencies inline. This single file can then be uploaded to HashScan for verification.

Why Use This Approach?

When your smart contract imports many external libraries and multiple files, the standard manual verification process requires you to:
  • Upload the main contract .sol file
  • Upload the metadata .json file
  • Upload every imported dependency file (which can be dozens of files)
This is tedious and prone to errors. The advanced approach bundles everything into one file.

Generating the Single Metadata File

Both Hardhat and Foundry projects can be configured to generate this single file using community-developed scripts that leverage the Sourcify standard.
  1. Download the metadata generation script from Generate Hedera SC Metadata Repo: 
     curl -O https://gist.githubusercontent.com/kpachhai/972d63c5f5ecd9bbc718ab4dd34d5f29/raw/generate_hedera_sc_metadata.sh
 chmod +x generate_hedera_sc_metadata.sh
    1. Run the script to generate the bundles: 
      # USAGE:
#   ./generate_hedera_sc_metadata.sh [ContractName] [ContractName=0xAddress] ...

# EXAMPLES:
#   ./generate_hedera_sc_metadata.sh MyToken
#   ./generate_hedera_sc_metadata.sh MyToken=0x1234567890abcdef...
#   ./generate_hedera_sc_metadata.sh src/MyContract.sol:MyContract=0x9876...

# For example for a contract "MyToken", you would do:
./generate_hedera_sc_metadata.sh MyToken
    2. This produces a directory (e.g., verify-bundles/) containing a single metadata.json file for each contract. 
      >> tree verify-bundles/
verify-bundles/
├── MANIFEST.txt
└── MyToken
    └── metadata.json
    3. On HashScan, go to the contract’s page, click Verify, and upload the corresponding single metadata.json file.

When to Use This Approach

Use the single metadata.json approach when:
  • Your contract imports multiple external libraries and files (OpenZeppelin, etc.)
  • You’re verifying upgradeable proxy contracts
  • The standard manual upload process is too cumbersome
  • You want a more reliable verification workflow
Prefer Programmatic Verification: While this advanced manual approach is more robust than uploading individual files, the programmatic verification methods using Hardhat’s hashscan-verify plugin or Foundry’s forge verify-contract command are even more reliable and efficient. See the standalone verification guides for fully automated workflows.

Step 4: Verify Contract

After importing the source files, if you get the “Contract <contract name> is ready to be verified” message, click VERIFY to initiate the verification process. Sourcify will then compare the deployed contract bytecode to the source files you imported in the previous step.

Step 5: Verification Match

If your verification is successful, the verifier will return either a Full Match or Partial Match status. Let’s review each verification status and what they mean:
  • Full Match: Indicates the bytecode is a full (perfect) match, including all the metadata. The contract source code and metadata settings are identical to the deployed version.
  • Partial Match: Indicates the bytecode mostly (partially) matches with the deployed contract, except for the metadata hash like comments or variable names. It is usually sufficient for most verification purposes.
To learn more about each verification match status, head over to the official Sourcify documentation here. Congratulations! 🎉 You have successfully learned how to verify a smart contract. Feel free to reach out on Discord if you have any questions!

Step 6: Re-Verify Smart Contract

If you change your contract or want to upgrade your contract from a Partial Match to a Full Match, there are two options for re-verification:

Option 1

Head to the smart contract verifier page and import your new updated source files.
Enter the smart contract address and chain, then click Verify.

Option 2

Revisit Step 1 and use the Re-verify Contract flow. Then proceed to Steps 2 through 4.

Video Tutorial

Additional Resources

Smart Contract Verification API HashScan Network Explorer Smart Contract Verifier Page Verified Contract Repository Sourcify Documentation Smart Contract Documentation

Writer: Krystal, DX Engineer

GitHub | X

Editor: Nana, Sr. Software Manager

GitHub | LinkedIn

Editor: Ed, DevRel Engineer

GitHub | LinkedIn

Editor: Logan, Software Engineer II

GitHub | LinkedIn