mud verify
This command uploads the source code for the deployed contracts to a public repository, such as a block explorer. The repository then compiles the source code and verifies that the compiled version is identical to what is deployed onchain.
The best time to perform verification is immediately after deployment. Verification only works with the original source code, compiler options, and compiled artifacts. Otherwise, the generated bytecode is different and therefore verification fails.
Currently, on Blockscout mud verify verifies the Systems that are part of your application, but not
the MUD contracts themselves. On Sourcify mud verify verifies all the contracts.
See below for how to verify library contracts on Blockscout.
Using the command
-
If using Blockscout, specify the API key:
export ETHERSCAN_API_KEY=<value goes here>With Blockscout you don't have to specify the API key. However, there is a limited number of requests allowed for accounts without an API key per second, so you get much more reliable service if you do. To get an API key, use the URL for the Blockscout explorer for the blockchain where your contract is located followed by
/account/api-key. For example, for Redstone you'd usehttps://explorer.redstone.xyz/account/api-key(opens in a new tab). -
Run the command.
pnpm mud verify --worldAddress <address here> --rpc <RPC to the blockchain> [--verifier <verifier>]These are the command line options you can specify on
mud verify:Option Meaning Type Default value --worldAddressVerify the contracts of the World at the given address string none, error if unspecified --configPathPath to the config file string mud.config.ts--verifierThe verifier to use ( sourcify, orblockscout)string blockscout--verifierUrlURL to use to access the verifier's API string depends on the verifier used --profileThe foundry profile to use string local--rpcURL to the blockchain string --srcDirSource directory string Foundry srcdirectory--versionShow version number boolean falseNote that it takes block explorers some time to process new contracts. You should wait 5-10 minutes past deployment before you verify the contract on Blockscout.
Examples
-
To verify the world at that address on Holesky on sourcify (opens in a new tab):
WORLD_ADDRESS=0x816038e244ff78b86a5e7dec9bf281634fb6d2a2 HOLESKY_RPC=https://ethereum-holesky.publicnode.com pnpm mud verify --rpc $HOLESKY_RPC --worldAddress $WORLD_ADDRESS -
To verify a contract on Holesky for users of Blockscout (opens in a new tab):
WORLD_ADDRESS=0x816038e244ff78b86a5e7dec9bf281634fb6d2a2 HOLESKY_RPC=https://ethereum-holesky.publicnode.com export ETHERSCAN_API_KEY= ** blockscout API key goes here ** pnpm mud verify --rpc $HOLESKY_RPC --worldAddress $WORLD_ADDRESS --verifier blockscout --verifier-url https://eth-holesky.blockscout.com/api
Manual contract verification
mud verify only verifies contracts in your own project, not those imported from other packages.
In most cases, those contracts are already verified and the block explorer will show you the source code regardless.
However, if they are not, you can use forge verify-contract to verify them manually.
Here are step by step directions when using Blockscout.
-
Set the following environment variables:
Variable Value BLOCKSCOUT_API_KEY Blockscout API key ADDRESS Contract address CONTRACT The contract1 API_URL Blockscout API URL (the explorer URL followed by /api)RPC_URL RPC HTTP URL for the blockchain (1) The path from the
contractspackage, followed by a colon and the contract name. For example,node_modules/@latticexyz/world-modules/src/modules/erc721-puppet/ERC721System.sol:ERC721System. -
Run this command:
forge verify-contract --verifier blockscout \ --verifier-url $API_URL --rpc-url $RPC_URL \ --etherscan-api-key $BLOCKSCOUT_API_KEY $ADDRESS $CONTRACT