Verifying Smart Contracts
The following are the steps needed to verify any contract from the chain. In this particular example a brand new contract uploaded to the testnet.
Create new contract
Follow this guide to create a new contract with Beaker.
Output:
Once the contract is created query the contract information. Assuming you are connected to the testnet.
Contract info
osmosisd query wasm contract osmo1mpf0guu0t363xrshhedandypq003ahzaxvsxzgu69n3ej03mh2zqx5gk8l
Output:
Contract version
Get the contract version by running the following command
osmosisd query wasm contract-state raw osmo1mpf0guu0t363xrshhedandypq003ahzaxvsxzgu69n3ej03mh2zqx5gk8l 636F6E74726163745F696E666F --node https://rpc.testnet.osmosis.zone:443 --output json | jq -r .data | base64 -d | jq
What in the world is 636F6E74726163745F696E666F
? 😕
ContractInfo is must be stored under "contract_info" key which translates to "636F6E74726163745F696E666F" in hex format. As documented here.
Output:
Downloading the Contract from the network
osmosisd query wasm code 205 205_code.wasm --node https://rpc.testnet.osmosis.zone:443
Output:
Getting the hash
sha256sum 205_code.wasm
Output:
0b662785042cd938d0f0e8142f69d2d23fdf0addec965d1fbeacf44080330016
Verify hash
Now it's time to verify the hash with the source repos. All contracts should provide a repository with a hash for their contracts the same way that cw-plus does on their checksum as shown below:
10bc1a8cf82055106b26136f26137d6bf132df99c2d2098a75d03b64e7fe75a5 cw1155_base.wasm
539b62678532596c73b27764186623a2bb868f5e67c3e588508c4a28e105e8c9 cw1_subkeys.wasm
b67bc69fef770c28d48730feb800ea9c91eaae1a608e3ea7819aac64a6e99d92 cw1_whitelist.wasm
....