Verifying Smart Contracts

The following are the steps needed to verify any contract from the chain. In this particular example a brand new contract uploaded to the testnet.

Create new contract

Follow this guide to create a new contract with Beaker.

Output:

Once the contract is created query the contract information. Assuming you are connected to the testnet.

Contract info

osmosisd query wasm contract osmo1mpf0guu0t363xrshhedandypq003ahzaxvsxzgu69n3ej03mh2zqx5gk8l

Output:

Contract version

Get the contract version by running the following command

osmosisd query wasm contract-state raw osmo1mpf0guu0t363xrshhedandypq003ahzaxvsxzgu69n3ej03mh2zqx5gk8l 636F6E74726163745F696E666F --node https://rpc.testnet.osmosis.zone:443 --output json | jq  -r .data | base64 -d | jq

What in the world is 636F6E74726163745F696E666F? 😕

ContractInfo is must be stored under "contract_info" key which translates to "636F6E74726163745F696E666F" in hex format. As documented here.

Output:

Downloading the Contract from the network

osmosisd query wasm code 205 205_code.wasm --node https://rpc.testnet.osmosis.zone:443

Output:

Getting the hash

sha256sum 205_code.wasm

Output:

0b662785042cd938d0f0e8142f69d2d23fdf0addec965d1fbeacf44080330016

Verify hash

Now it's time to verify the hash with the source repos. All contracts should provide a repository with a hash for their contracts the same way that cw-plus does on their checksum as shown below:

10bc1a8cf82055106b26136f26137d6bf132df99c2d2098a75d03b64e7fe75a5  cw1155_base.wasm
539b62678532596c73b27764186623a2bb868f5e67c3e588508c4a28e105e8c9  cw1_subkeys.wasm
b67bc69fef770c28d48730feb800ea9c91eaae1a608e3ea7819aac64a6e99d92  cw1_whitelist.wasm
....

Verifying Smart Contracts

Create new contract​

Contract info​

Contract version​

Downloading the Contract from the network​

Getting the hash​

Verify hash​

Create new contract

Contract info

Contract version

Downloading the Contract from the network

Getting the hash

Verify hash