Skip to main content

Documentation Index

Fetch the complete documentation index at: https://hedera-0c6e0218-update-sourcify-migration-issue-508-luke.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Verifying smart contracts proves that the deployed bytecode matches the source files you publish. On Hedera, verification is handled by Sourcify, which natively supports Hedera Mainnet (chain ID 295) and Testnet (chain ID 296). Once a contract is verified on Sourcify, HashScan automatically picks up the verified status and displays the source code on the contract page.
The in-app HashScan verification form is temporarily disabled. Verify your contracts directly at sourcify.dev using the steps below, or use the Foundry / Hardhat tutorials linked at the bottom of this page.

Prerequisites

  • Solidity source code file of the deployed smart contract.
  • Solidity JSON (metadata) file of the deployed smart contract.
  • EVM address of the smart contract deployed on the Hedera network.

Table of Contents

  1. Verify on Sourcify
  2. Confirm on HashScan
  3. Bundled Metadata for Complex Contracts
  4. Recommended: Programmatic Verification
  5. Additional Resources

Step 1: Verify on Sourcify

  1. Open sourcify.dev in your browser.
  2. Choose the network that matches your deployment: Hedera Mainnet (chain ID 295) or Hedera Testnet (chain ID 296).
  3. Paste the deployed contract’s EVM address.
  4. Upload your Solidity source files (.sol) and the metadata file (.json). The metadata file is generated when you compile the contract; for example, with Hardhat it lives under artifacts/build-info/, and with Foundry the metadata is included in the per-contract JSON under out/.
  5. Submit the verification request. Sourcify will recompile your sources and compare them against the deployed bytecode.
If the comparison succeeds, Sourcify returns either a Full Match or a Partial Match:
  • Full Match: the bytecode and metadata are an exact match. Source code, comments, and variable names line up with the deployed contract.
  • Partial Match: the bytecode mostly matches, but the metadata hash differs (typically due to comments or variable names). This is sufficient for most verification purposes.

Step 2: Confirm on HashScan

Open the contract on HashScan, making sure you’re on the same network you verified against. The contract’s source code, ABI, and verification badge will appear on the Contract tab once HashScan picks up the verified status from Sourcify. To learn more about each verification match status, head over to the official Sourcify documentation here. Congratulations! 🎉 You have successfully verified a smart contract on Hedera. Feel free to reach out on Discord if you have any questions!

Bundled Metadata for Complex Contracts

For projects with multiple dependencies (such as OpenZeppelin libraries) or upgradeable proxy contracts, manually uploading individual source files can be extremely difficult and error-prone. Each dependency must be uploaded separately, and ensuring all imports resolve correctly is challenging. A more robust manual approach is to generate a single, self-contained metadata.json file that includes all source code dependencies inline. This single file can then be uploaded to Sourcify in place of dozens of individual files.

Why Use This Approach?

When a contract imports many external libraries and files, the standard manual upload requires you to provide:
  • The main contract .sol file
  • The metadata .json file
  • Every imported dependency file
The bundled approach packages everything into one file.

Generating the Single Metadata File

Both Hardhat and Foundry projects can be configured to generate this single file using community-developed scripts that leverage the Sourcify standard.
  1. Download the metadata generation script from Generate Hedera SC Metadata Repo: 
     curl -O https://gist.githubusercontent.com/kpachhai/972d63c5f5ecd9bbc718ab4dd34d5f29/raw/generate_hedera_sc_metadata.sh
 chmod +x generate_hedera_sc_metadata.sh
  2. Run the script to generate the bundles: 
    # USAGE:
#   ./generate_hedera_sc_metadata.sh [ContractName] [ContractName=0xAddress] ...

# EXAMPLES:
#   ./generate_hedera_sc_metadata.sh MyToken
#   ./generate_hedera_sc_metadata.sh MyToken=0x1234567890abcdef...
#   ./generate_hedera_sc_metadata.sh src/MyContract.sol:MyContract=0x9876...

# For example, for a contract "MyToken":
./generate_hedera_sc_metadata.sh MyToken
  3. This produces a directory (e.g., verify-bundles/) containing a single metadata.json file for each contract. 
    >> tree verify-bundles/
verify-bundles/
├── MANIFEST.txt
└── MyToken
    └── metadata.json
  4. On sourcify.dev, select the Hedera network, enter the contract address, and upload the corresponding single metadata.json file.
While the bundled metadata approach above is more robust than uploading individual files, programmatic verification through Foundry or Hardhat is even more reliable and integrates cleanly into a deployment pipeline. See the standalone guides for fully automated workflows:

Deploy and Verify a Smart Contract with Foundry

Deploy and Verify a Smart Contract with Hardhat

Additional Resources

Smart Contract Verification API HashScan Network Explorer Sourcify Verification UI Sourcify v2 API Docs Sourcify Documentation Smart Contract Documentation

Writer: Krystal, Senior DX Engineer

GitHub | X

Editor: Luke, DevRel Engineer

GitHub | X

Editor: Nana, Sr. Software Manager

GitHub | LinkedIn

Editor: Ed, DevRel Engineer

GitHub | LinkedIn

Editor: Logan, Software Engineer II

GitHub | LinkedIn