What is Smart Contract Verification?
Smart Contact Verification allows people to inspect the source code of your smart contract.
You see, when you upload your smart contract to the Ethereum blockchain, you only upload the bytecode. The source code is not uploaded. Thus people can't understand what your smart contract is doing because they can't read bytecode.
Computers can't read it either. It's practically impossible to recover back the source code from the bytecode.
Smart Contract Verification allows you to attach the source code to your smart contract in a verifiable way. It's kinda like adding a blue checkmark to your contract
How to verify your Smart Contract
You upload your source code to the blockchain explorers like Etherscan and they can compile it using the same compiler that you used and verify that indeed what comes out of the compiler is the bytecode provided at the contract address.
Let's see how you would verify your smart contract in Etherscan. You need to go to etherscan.io/verifyContract.
- You provide the contact address. This is needed so that Etherscan can read your contract bytecode.
- You provide the compiler version and license. This is so that Etherscan uses the same compiler that you used to convert the source to the bytecode. Different compiler versions might produce slightly different bytecode due to different optimizations in the code.
- You finally provide your source code.
Etherscan will take your source and pass it through the same compiler that you used to get the bytecode. It will then compare it to the bytecode that is stored on the blockchain at the provided address. If the bytecodes match, it will add a blue checkmark. The checkmark can be found on Etherscan here:
Neat, right? When you verify your smart contract, your source code is attached to the contract address. People can then inspect your smart contract and verify that it's indeed doing what you claimed it to be doing.