Contract Verification with BlockScout

This guide explains how to use BlockScout - a comprehensive blockchain explorer - to verify and interact with smart contracts deployed on IOST 3.0 Layer 2.

What is BlockScout?

BlockScout is an open-source blockchain explorer designed for EVM-compatible networks. It provides a user-friendly interface that allows you to:

• Browse blocks, transactions, and accounts
• View and verify smart contracts
• Interact with verified contracts directly from the web interface
• Track token transfers and holdings
• Monitor network activity and statistics

Accessing IOST Layer 2 BlockScout

IOST 3.0 Layer 2 provides a BlockScout instance at:(https://l2-scan.iost.io) This explorer gives you complete visibility into the IOST Layer 2 network including blocks, transactions, accounts, and smart contracts.

Contract Verification Process

After deploying a smart contract to IOST Layer 2, verifying it through BlockScout makes the contract's source code publicly available and enables direct interaction through the explorer interface.

Method 1: UI Verification

1. Navigate to Your Contract

   • Go to the IOST BlockScout explorer (https://l2-scan.iost.io/contract-verification)
   • Search for your contract address in the search bar
   • Click on the contract address in the search results

2. Initiate Verification

   • On the contract page, look for the "Code" tab
   • Click on "Verify & Publish" button

3. Select Verification Method

   BlockScout offers multiple verification methods:

   • Standard Input JSON: For contracts with complex compilation settings
   • Solidity (Single file): For simple contracts contained in a single file
   • Solidity (Multiple files): For contracts with multiple source files
   • Vyper Contract: For contracts written in Vyper

4. Enter Contract Details

   For the Standard Solidity verification method, provide:

   • Contract name (the exact name from your source code)
   • Compiler version used for deployment
   • Optimization setting (enabled/disabled)
   • Optimization runs (if optimization was enabled)
   • EVM version (if a specific version was targeted)
   • License type (e.g., MIT, GPL, etc.)

5. Upload Source Code

   • Paste your contract source code or upload the source file
   • If using multiple files, ensure proper import paths

6. Constructor Arguments (if applicable)

   • If your contract's constructor takes arguments, you need to provide them
   • These should be ABI-encoded and in hexadecimal format
   • Tools like ethers.js or web3.js can help encode constructor arguments

7. Submit for Verification

   • Click "Verify & Publish"
   • Wait for the verification process to complete

Method 2: API Verification

For programmatic or automated verification, you can use the BlockScout API:

curl -X POST 'https://l2-scan.iost.io/api?module=contract&action=verify' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'contractaddress=0xYourContractAddress' \
  --data-urlencode 'sourceCode=pragma solidity ^0.8.0; contract YourContract {...}' \
  --data-urlencode 'codeformat=solidity-single-file' \
  --data-urlencode 'contractname=YourContract' \
  --data-urlencode 'compilerversion=v0.8.0+commit.c7dfd78e' \
  --data-urlencode 'optimizationused=1' \
  --data-urlencode 'runs=200' \
  --data-urlencode 'evmversion=london' \
  --data-urlencode 'licenseType=3' \
  --data-urlencode 'constructorArguements=constructor_arguments_if_any'

Interacting with Verified Contracts

Once your contract is verified, BlockScout provides an interface to interact with it directly:

1. Navigate to Contract Page

   • Go to your contract's page on BlockScout
   • Click on the "Code" tab to see your verified source code

2. Read Contract

   • Click on the "Read Contract" tab
   • View all public variables and read-only functions
   • Call view/pure functions directly from the interface

3. Write Contract

   • Click on the "Write Contract" tab
   • Connect your wallet (typically MetaMask configured for IOST Layer 2)
   • Execute state-changing functions by filling in the required parameters
   • Confirm transactions through your connected wallet

4. View Contract Events

   • Click on the "Events" tab
   • See all events emitted by the contract
   • Filter events by type or other parameters

Contract Analysis Features

BlockScout offers several features for analyzing verified contracts:

Security Analysis

• Proxy Detection: Identifies if your contract is a proxy and shows the implementation contract
• Similar Contract Detection: Finds contracts with similar bytecode
• Potential Issues: Some versions highlight potential security concerns

Contract Visualization

• Function Identifiers: Lists all function selectors with their corresponding functions
• Storage Layout: Displays how contract state variables are organized in storage
• Call Graph: Some BlockScout instances show a visual representation of contract interactions

Flattening Contracts for Verification

If your contract imports other files, you might need to flatten it before verification:

Using Hardhat

npx hardhat flatten contracts/YourContract.sol > FlattenedContract.sol

Using Truffle

npx truffle-flattener contracts/YourContract.sol > FlattenedContract.sol

Using Foundry

forge flatten src/YourContract.sol > FlattenedContract.sol

Before submitting the flattened file:

1. Remove duplicate SPDX license identifiers (keep only one)
2. Remove duplicate pragma statements (keep only one)
   3.Resolve any naming conflicts

Verification via Hardhat Plugin

If you're using Hardhat, you can streamline verification with the hardhat-verify plugin:

1. Install the plugin

npm install --save-dev @nomiclabs/hardhat-etherscan

2. Configure in hardhat.config.js

require("@nomiclabs/hardhat-etherscan");

module.exports = {
  // Network configurations...
  
  etherscan: {
    apiKey: {
      iostLayer2: "your_explorer_api_key" // If required by IOST explorer
    },
    customChains: [
      {
        network: "iostLayer2",
        chainId: 182,
        urls: {
          apiURL: "https://l2-scan.iost.io/",
          browserURL: "https://l2-scan.iost.io"
        }
      }
    ]
  }
};

3. Run verification command

npx hardhat verify --network iostLayer2 DEPLOYED_CONTRACT_ADDRESS [constructor arguments...]

Troubleshooting

Contract Not Found

Symptom: BlockScout shows "Contract not found" message

Solution: Ensure you're using the correct network and the contract address is accurate

Verification Failure

Symptom: Verification process fails with bytecode mismatch

Solution: Ensure exact compiler version, optimization settings, and EVM version match those used for deployment

Constructor Arguments Error

Symptom: Verification fails with constructor arguments error

Solution: Ensure constructor arguments are correctly ABI-encoded and in hexadecimal format

Best Practices

• Verify Immediately After Deployment: Verify contracts soon after deployment while deployment details are still fresh
• Save Compilation Settings: Record exact compiler version and optimization settings used during deployment
• Document Constructor Arguments: Keep a record of any constructor arguments used
• Use Versioned Imports: When importing libraries like OpenZeppelin, use specific versions rather than ^version ranges
• Test Verification Process: For critical contracts, test the verification process on testnet before mainnet deployment