Truffle deployed contracts can't be verified through Etherscan #456
Comments
|
There's a compiler optimization in solc/truffle-compile that in this moment etherscan does not support when compiling contracts. |
|
This is a blocker for me. Nobody is going to trust my deployed contracts if they can't verify them. How can I turn this optimization off? |
|
@mtbitcoin, can you expose the "runs" parameter when verifying contracts on Etherscan? |
|
does browser solidity have a similiar option for the "runs" parameter? |
|
@interfect, As workaround you can revert runs parameter to its default value 200 in truffle-compile/index.js file. Etherscan has been informed about this issue but I don't know how fast they'll add supporting the "runs" parameter |
|
@akravin any reason you closed this without a solution being implemented? Rather than just relying on a workaround? This will be a blocker for us too in very near future. |
|
@mtbitcoin, Remix online compiler doesn't have this parameter, but most developers use truffle to deploy their contracts. So the problem is urgent |
|
@akravin If remix doesn't support this then how do you propose we (Etherscan) fix this problem? Can truffle be configured to be compile without the "run" parameter ? |
|
@mtbitcoin I propose to add "runs" parameter on your verify page in order to eliminate problems with contract verification that were compiled another way rather than Remix or Mist. I think all compiler's options must be supported to verify contract's source code by Etherscan, because developers may change them anytime. In order to support "runs" parameter you may use solcjs and standard input json. {
"language": "Solidity",
"sources": {
"MyContract": {
"content": "pragma solidity ^0.4.11; contract Ownable {address public owner; function Ownable() { owner = msg.sender; } modifier onlyOwner { if (msg.sender != owner) throw; _;} function transferOwnership(address newOwner) onlyOwner { if (newOwner != address(0)) { owner = newOwner; }}}"
}
},
"settings": {
"optimizer": {
"enabled": true,
"runs": 0
},
"outputSelection": {
"*": {
"MyContract": [
"evm.bytecode.object"
]
}
}
}
}
In this file replace "runs" parameter on user input. After that run solcjs as following: $ solcjs --standard-json < input.json Output of this command is output JSON (http://solidity.readthedocs.io/en/develop/using-the-compiler.html) which contains "evm.bytecode.object" tag. You just need to compare it with bytecode in the Ethereum transaction. PS: Solidity compiler "solc" has separate option "--optimize-runs" for changing this value |
|
@mtbitcoin As I know in truffle "runs" parameter is hardcoded and its default value equals 0 (zero) |
|
no solutions on this? |
|
@akravin Thanks for the info. Looking into this, but it will require a rewrite for our backend code handling the source code verification Edit: Also "--standard-json < input.json" appears to work only with version 0.4.11 and above. |
|
From what i understand, solcjs has a "runs" value of 200, so if you can truffle to also "runs" at "200" instead of "0" this will produce the same code (see https://stackoverflow.com/questions/44704420/truffle-deployed-contracts-cant-be-verified-through-etherscan) |
|
@mtbitcoin How would you verify a contract that depends on 3rd party libraries like openZeppelin ? |
|
Unfortunately, changing the "runs" value in Truffle won't help to verify
code that's already been deployed and is in use by others. But perhaps it
should be exposed as a per-project parameter in truffle.js, rather than
requiring users to edit the installed Truffle tool itself in order to set
it.
Verifying a contract with dependencies requires pasting all the imported
code into the verification text box, and deleting all the import
statements. It's awkward, but (if the compiler parameters are right) it
works.
…On Fri, Jun 30, 2017 at 9:05 AM, Matt.Tan ***@***.***> wrote:
From what i understand, solcjs has a "runs" value of 200, so if you can
truffle to also "runs" at "200" instead of "0" this will produce the same
code (see https://stackoverflow.com/questions/44704420/truffle-
deployed-contracts-cant-be-verified-through-etherscan)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#456 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAt5tv89Dh0z_4zqeymZJUnq1ZsbS9zZks5sJRzFgaJpZM4OCnr1>
.
|
|
@mtbitcoin, I agree with @interfect. Our company have already several contracts deployed with "runs=0" and they can't be verified by Etherscan and I can't replace them too as they are already in production. We hope you provide the implementation of this feature asap because we are loosing potential customers every day. I have already wrote the bug report 22 jun to the support service, but at present time I had no information about plans of implementation. Is there a workaround in our case? |
|
@akravin I am working on this. Please understand that we are a small team, providing a free service and are doing our best to accommodate the various requests and tickets we receive on a daily basis. The new verifier will accept the runs parameter but only for contracts compiled with >= 0.4.11 (given all the know solidity compiler bugs, contracts should really only be compiled with the latest versions anyhow). If you can drop me your email or contact i will ping you once this is done you can be the first to test this. |
|
@mtbitcoin, of course, I understand and I am very appreciate to hear that you are working on this issue. Here is my email: [email protected]. I'm looking forward to testing it. Thank you! |
If you do consider token pull requests, here is one for you. The Macroverse token, MRV, functions as a tokenized software license to use Macroverse, a procedurally-generated universe on the Ethereum blockchain. The token is here: https://etherscan.io/token/0xAB6CF87a50F17d7F5E1FEaf81B6fE9FfBe8EBF84 The source is here: https://github.com/NovakDistributed/macroverse/blob/master/contracts/MRVToken.sol Verification of the contract source on Etherscan is blocked pending updates in Etherscan to support the "runs" optimizer parameter used by Truffle; more information on that is here: trufflesuite/truffle#456 (comment)
|
Hi @mtbitcoin, could you please ping this thread once you have a fix for this deployed? I'd be happy to help test as well - just let me know. |
|
I'm going to reopen this. We can easily expose solc optimization parameters in your Truffle config file. For reference, this is the reason the optimizer has a runs value of zero in Truffle. ethereum/solidity#2245 TL;DR: Anything larger than 0 produces larger bytecode. The default setting in Truffle is to produce the smallest bytecode possible. |
|
I'm also open to changing the default optimizer setting back to 200. |
|
@yarrumretep yup, will post here instead once its completed. |
|
@yarrumretep @akravin The new verifier is available at https://etherscan.io/verifyContract2 This will only work with solc 0.4.11 and above. This new verifier provides additional information for debugging. Please let me know if this works Under the optional settings section, there is place where you can enter a custom runs value. Older versions of truffle defaulted to 0. Browser solidity uses 200 |
|
@mtbitcoin, thanks for this feature. At last, I was able to verify my deployed contracts. Thank you again! |
|
@mtbitcoin - i'm currently running on kovan - the kovan.etherscan.io does not appear to have the verifyContract2 available yet. Happy to test there when it is. |
|
Thanks everyone for their input, and @mtbitcoin for adding support in etherscan -- we appreciate it. We're going to add support for custom compiler optimization settings, and will be setting the default back to 200. See #486 for more info. Closing this ticket for housekeeping. |
|
Hi @mtbitcoin - sorry for the delay in testing this - been traveling. Back at the screen now. I am getting an "Opps - that's an error" page when I try to use the https://kovan.etherscan.io/verifyContract2 This seems to happen for Runs=0 and Runs=200. I'm using the 0.4.11 compiler. |
|
@yarrumretep can you provide the contractaddress, sourcecode gist, optimization setting and I will see if I can replicate the issue |
|
@mtbitcoin - here are some repro data:
When I click Verify and Publish I immediately get the "Opps - that's an error" page. NOTE: when I perform the same steps on the original .../verifyContract page, The compilation happens, with the expected message: "Sorry! The Compiled Contract ByteCode for 'TestToken' does NOT match the Contract Creation Code for [0xc84177ad471cf4f9cddeae58be71121af989916b]." BTW - happy to take this offline if there's a better forum for this |
|
@yarrumretep please give it another try |
|
Yeee haw! Now we're cookin' with gas. Thank you, @mtbitcoin Say, Matt - do you guys have plans for validation of contract source by REST api? |
|
Yes, but only when we have the time to look into that |
|
So how do I change the Runs value in truffle? I am having the same issue where truffle and solidity browser are giving different bytecodes |
|
@mtbitcoin any updates? I just get different ABI code from truffle and Remix on the same exact solidity code... I've tried both running with/ without optimization and with 200 and 0 runs... |
|
Is there a tool to automatically concatenate the contract? |
|
it seems that with solc version 0.4.18 and above the Bytecodes dont get outputted anymore, anyone else running into a similar issues? |
|
I am having the same issue as @mtbitcoin, No outputed bytocode in etherscan verifyContract2. |
|
@mtbitcoin it works now, I managed to verify it with optimization disabled, runs 200 solc 0.4.18 |
|
Hi, I'm still having this issue as well. It seems the only difference is that etherscan is not actually adding the ABI-encoded characters to the end, or maybe I'm not seeing the other difference: Constructor Arguments Used (ABI-encoded): ByteCode on the Blockchain (what we are looking for): Your Compiled Bytecode + Constructor Argument if any (what you provided): And it still fails. Shouldn't etherscan be adding the abi encoding I provided to the end? |
|
@nickjuntilla I had the same but the problem was that the settings were not correct, try with optimization disabled, runs 200. I found this setting in /build/cli.bundled.js . Search for "runs:" and you'll see it. Maybe there is a better way to find it but that's what worked for me. |
|
@schampilomatis I don't have a cli.bundled.js. I'm using truffle 3.4.11. In the build folder all I have are the contract abi .json files. Is there somewhere else this can be? I've tried optimization disabled, enabled, and runs of 200 and 0 and every combination thereof. I've stopped short of trying every optimization level between 1 and 200. I already have contracts out that people are using and now I want to verify them on etherscan. I still have the source code and I've tried concatenating and using both version of the etherscan verify tool as many compilation versions. I have some questions for anyone: Does leaving in the comments or white space change any byte code? Does changing the solidity code version in the file change the byte code? If I concatenate files do I still have to add the reference files that were deployed via truffle as libraries? Thanks anyone! |
|
@nickjuntilla <https://github.com/nickjuntilla> I meant the truffle
installation folder (usually /usr/lib/node_modules) not your project
folder. Type `which truffle` to see which one you are using. If you get
/usr/bin/truffle , the cli.bundled.js will be in
/usr/lib/node_modules/truffle/build.
Does leaving in the comments or white space change any byte code?
No it doesn't
Does changing the solidity code version in the file change the byte code?
Not sure, but probably not. It refers to the solidity version used, not the
compiler version.
If I concatenate files do I still have to add the reference files that were
deployed via truffle as libraries?
Yes, also you should add the addresses in the libraries section, but
etherscan will ask for it
…On Sat, Dec 2, 2017 at 10:29 PM, Nicholas Juntilla ***@***.*** > wrote:
@schampilomatis <https://github.com/schampilomatis> I don't have a
cli.bundled.js. I'm using truffle 3.4.11. In the build folder all I have
are the contract abi .json files. Is there somewhere else this can be? I've
tried optimization disabled, enabled, and runs of 200 and 0 and every
combination thereof. I've stopped short of trying every optimization level
between 1 and 200. I already have contracts out that people are using and
now I want to verify them on etherscan. I still have the source code and
I've tried concatenating and using both version of the etherscan verify
tool as many compilation versions.
I have some questions for anyone:
Does leaving in the comments or white space change any byte code?
Does changing the solidity code version in the file change the byte code?
If I concatenate files do I still have to add the reference files that
were deployed via truffle as libraries?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#456 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGmbfg-4pGY9AmNEACovaBY21KILgHofks5s8cFCgaJpZM4OCnr1>
.
|
|
@schampilomatis Thanks for helping! So I found my cli.bundled.js it was in /usr/local/lib/ntruffle/build/cli.bundled.js and my runs are 200, but it's still not working. I'm not getting an error about the missing libraries. It just says the code doesn't match. I don't have the original addresses of where the classes were deployed anymore. Is there a way to find out? You can see here is the contract I'm trying to verify: https://etherscan.io/verifyContract2?a=0x52f7018bc6ba4d24abfbaefccae4617bfb0a0b52 And here is the source code: And here is the ABI encoded params:
I'm not sure the addresses fro StandardToken and Token so I just have to guess for them and the errors I get are that they are not used never that anything is missing. I'm not sure why I would have to concatenate them and link them as well either that seems strange? |
|
Note: I finally got it. I just started trying all the compilers and v0.4.17+commit.bdeb9e52 worked. Optimizations Enabled and Runs: 200. I think maybe v0.4.17 is what truffle: 3.4.11 uses. So even though the scripts were tagged with ^0.4.8 they ended up being compiled with v0.4.17 which I guess is understandable if it was the latest one available, but for this verification process it doesn't help to use the latest one. We need to start using exact versions and keep track of them. Also note I didn't need to link the libraries included in my concatenation, which makes sense since they are there in the body. I reviewed my contract history and I didn't even see them deployed as separate contracts ever. There are migration contracts where a setComplete function was called. Maybe those are the base tokens? Incidentally it's the same source code for this one and I can't get it to register with the same settings: https://etherscan.io/verifyContract2?a=0xd6e49800decb64c0e195f791348c1e87a5864fd7 Abi encoding If anyone can verify 0xd6e49800decb64c0e195f791348c1e87a5864fd7 I'll send you some eth. |
|
@mtbitcoin Is there any way to make this compatible with v0.4.8? solcjs in truffle is still 0.4.8 so even new code cannot be verified. |
|
So I got a version of my second contract to verify by changing all the dependent classes 0.4.18 and re-deploying, but unfortunately that means all the contracts I have that have pragma 0.4.8 like everything based on consensys code. |
|
Thanks, guys @schampilomatis got it the last contract: 0.4.11 optimization enabled and 0 runs. |
Do you know if changing comments will change the hash of the source code file -> it will change the metadata file http://solidity.readthedocs.io/en/develop/metadata.html -> it will change metadata file hash -> it will change the swarm hash appended to the bytecode by Solidity compiler. Will the contract still verify after that? |
|
The changed swarm hash should not affect the contract source code verification on our end (Etherscan) in (most cases) |
|
you might want to check this repo |
and others
Issue
Truffle deployed contracts can't be verified through Etherscan (https://etherscan.io/verifyContract)
Steps to Reproduce
pragma solidity ^0.4.11; contract Ownable { address public owner; function Ownable() { owner = msg.sender; } modifier onlyOwner { if (msg.sender != owner) throw; _; } function transferOwnership(address newOwner) onlyOwner { if (newOwner != address(0)) { owner = newOwner; } } }See the bytecode generated by Truffle compiler in test-contract/build/Ownable.json file in "unlinked-bytecode" attribute.
(Optional). Deploy Ownable contract to Ethereum (TEST-NET)
Expected Behavior
The bytecode generated by Truffle must be the same as bytecode generated by Remix (online compiler) or solcjs (local compiler), i.e.:
Actual Results
The actual bytecode generated by Truffle compiler is different from the bytecodes generated by Remix (online compiler) or solcjs (local compiler):
See https://ropsten.etherscan.io/address/0x6c8e1b321ce94b12069222b543558d4159527ecd
RESULT: The SolJS bytecode is identical to the Remix bytecode but different from the truffle bytecode.
Environment
The text was updated successfully, but these errors were encountered: