9-Verify a Ink! Smart Contract with Patron
Smart contracts are designed to be “trustless”, meaning users shouldn’t have to trust third parties (e.g., developers and companies) before interacting with a contract. As a requisite for trustlessness, users and other developers must be able to verify a smart contract’s source code. Source code verification assures users and developers that the published contract code is the same code running at the contract address on the blockchain.
The verification process for Wasm-based smart contract languages is more complex than EVM-based languages such as Solidity due to the Rust compiler not providing deterministic builds of contracts.
In order to verify an ink! or Wasm smart contract the verification process must recompile the contract in an identical host environment to which it was originally built. The simplest way to do this is using a Docker container.
Currently, there is different contract verification tools and in this this tutorial, we will focus on Patron created by Brushfam.
Prerequises
Cargo contract installed: https://polkaverse.com/9768/technical-guide-install-cargo-contract-37738
This tutorial uses cargo 1.72, cargo contract 3.2 and will build and verify the following contracts : https://github.com/GuiGou12358/astar-tutorials/tree/main/tuto9
Install
Start using the Patron CLI by installing it using Cargo:
cargo install patron --git https://github.com/brushfam/patron-backend
Auth
Using Patron CLI, developers can build and verify their contracts!
To authenticate, use the following subcommand:
patron auth
It automatically redirects you to the website where you can choose your wallet and account. After that, you will just need to sign an authentication message using your wallet extension.
Set cargo-contract version
Then, you need to create a Deploy.toml
file at the root of your contract source code. This file describes the cargo-contract
version that will be used during the build:
cargo_contract_version = "3.2.0"
Build without deploy
The build process itself is done on a remote server, to start it:
patron build --root contracts/addition
The tool builds your contract in release mode and you can find the output of the build.
Note: the tool displays the output of the build done on the remote server. Your artifacts are not under the folder /contract/target/ink/addition
but directly in the folder target/ink
:
contract.wasm
: the contract’s WebAssembly blob (the contract code)contract.json
: a JSON file that contains just the contract’s metadata, used by the tools to interact with your contractbundle.contract
: bundle with the combination of the metadata and the wasm code
It’s recomended to copy or move them in another directory before building another contract.
After the successful deployment, process data about the build session and source code are stored on the server and anyone can verify:
https://patron.works/codeHash/7445c0d84e7461f7088ecc21d50d23a0084bc0aaca7258bb044c5912eef5af81/code
Deploy
Deploy manually the verified contract via polkadtot.js or ContractsUI.
And check if the code hash matches with the verified one
Found the code hash linked to your contract
Before interacting with a contract, you can use subscan to find the code hash linked to the given contract address and check if the contract it is verified.
https://shibuya.subscan.io/wasm%5Fcontract/ZFFQ2BXRWmTzG9Khvqi5DRrptoNaycr2wU3VLGxPiD5HKma
https://patron.works/codeHash/7445c0d84e7461f7088ecc21d50d23a0084bc0aaca7258bb044c5912eef5af81/codeIn conclusion
Smart contract verification is crucial for ensuring the security, reliability, and trustworthiness of dApps and blockchain platforms. With Patron, you can simplify the deployment flow, manage your builds and help us make the Polkadot ecosystem more secure.
Git repository
https://github.com/GuiGou12358/astar-tutorials/tree/main/tuto9
Source
Crypto-enthusiast, Defi & NFT believer, Dotsam Fam Astar Tech Amb & Phala Amb Web2 builder gradually migrating to Web3
Tutorials to write Smart Contracts in Rust and Ink!
0 comments