Open in app

Sign in

Write

Sign in

What is a Smart Contract verification

Agustin Fiorenza
Cryptologic
Published in
4 min readOct 16, 2019

And how it works under the hood.

Whilst the objective of this article is to provide information and explain the verification process of a Smart Contract, we will take a quick detour to explain the core concepts of smart contracts and bytecode.

¿What are Smart Contracts?

As any other computer process, smart contracts are a piece of code that has instructions and can be executed to fulfill its purpose.

The main difference between regular code running on a given server, is that this code can be executed on a “decentralised way” that’s why we also say that some times, smart contracts are “dApps” (decentralised Applications).

This is due to the fact that the code “inside” the smart contract can be executed by every node participating in the blockchain.

All that is needed it’s an EVM (in case of Ethereum related blockchains) which is the interpreter of the smart contract language internals, called bytecode.

The bytecode looks like this:

6080604052600436106100a35763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416631515bc2b81146100ae5780632c4e722e146100d7578063355274ea146100fe5780634042b66f146101135780634b6753bc146101285780634f9359451461013d578063521eb27314610152578063b7a8807c14610183578063ec8ac4d814610198578063fc0c546a146101ac575b6100ac336101c1565b005b3480156100ba57600080fd5b506100c3610263565b604080519115158252519081900360200190f35b3480156100e357600080fd5b506100ec61026b565b60408051918252519081900360200190f35b34801561010a57600080fd5b506100ec610271565b34801561011f57600080fd5b506100ec610277565b34801561013457600080fd5b506100ec61027d565b34801561014957600080fd5b506100c3610283565b34801561015e57600080fd5b5061016761028e565b60408051600160a060020a039092168252519081900360200190f35b34801561018f57600080fd5b506100ec61029d565b6100ac600160a060020a03600435166101c1565b3480156101b857600080fd5b506101676102a3565b3460006101ce83836102b2565b6101d7826102df565b6003549091506101ed908363ffffffff6102fc16565b6003556101fa8382610309565b60408051838152602081018390528151600160a060020a0386169233927f623b3804fa71d67900d064613da8f94b9617215ee90799290593e1745087ad18929081900390910190a361024c83836102db565b610254610313565b61025e83836102db565b505050565b600654421190565b60025481565b60045481565b60035481565b60065481565b600454600354101590565b600154600160a060020a031681565b60055481565b600054600160a060020a031681565b60055442101580156102c657506006544211155b15156102d157600080fd5b6102db828261034f565b5050565b60006102f66002548361037a90919063ffffffff16565b92915050565b818101828110156102f657fe5b6102db82826103a3565b600154604051600160a060020a03909116903480156108fc02916000818181858888f1935050505015801561034c573d6000803e3d6000fd5b50565b610359828261044c565b60045460035461036f908363ffffffff6102fc16565b11156102db57600080fd5b600082151561038b575060006102f6565b5081810281838281151561039b57fe5b04146102f657fe5b60008054604080517f40c10f19000000000000000000000000000000000000000000000000000000008152600160a060020a03868116600483015260248201869052915191909216926340c10f1992604480820193602093909283900390910190829087803b15801561041557600080fd5b505af1158015610429573d6000803e3d6000fd5b505050506040513d602081101561043f57600080fd5b505115156102db57600080fd5b600160a060020a038216151561046157600080fd5b8015156102db57600080fd00a165627a7a72305820f9a54137c7e2f838c9999799214e9f15262988c6feb9ee1aab6a651560736edb0029

Now, we have all the components that we need to run the dApp:

  1. The Smart Contract (actual code)
  2. The blockchain (storage of the code)
  3. The EVM (the interpreter)

In every public blockchain any participant and/or node can execute, write and read functions and/or variables “stored” in that smart contract, making it transparent and trusted by all the peers in the network.

¿Why verify the Smart Contract?

Although as stated before the “bytecode” of the Smart Contract is publicly readable it’s also impossible to understand for the average developer and non-developer human being.

Before the creation and storage of the bytecode, there was a programmer who wrote the contract logic using some high-level language such as Solidity or Vyper.

But of course this type of code can’t be stored inside blockchain because of it’s weight and being non-optimal for low-level calculations; before the deploy it’s needed to convert the functions to operation codes/instructions.

Also, Smart Contract specification details the usage of Application Binary Interface (ABIs) which is needed to easily interact programatically with Smart Contracts and create features on top of it.

So, how do we map the internal non-readable bytecode stored inside blockchain with the readable code and the ABI?

By verifying it!

¿How do we verify the Smart Contract?

This is the tricky part;

At the publication of this article, we are sure that there will be much more tools than when we started working on smart contract verification.

At that time only the EtherScan contract verifier was online

https://etherscan.io/verifyContract

But whilst this worked fine the source code and the processes behind the verification done by EtherScan was not publicly available.

So we decided to write our own bytecode-verifier from scratch.

The journey to contract verification library

The writing of the open source library took us more time than we initially though because there are some key points to understand when it comes to bytecode, how it is deployed and executed by the EVM.

The actual bytecode is comprised of 3 parts:

  1. Functional bytecode: which includes the constructor and general initialization code and parameters for deploy

2. Runtime bytecode: only the bytecode needed to execute contract functions

3. Aux data: this auxiliary data which is always located at the end of the bytecode, it’s never actually executed, but stores information in CBOR-encoding rewarding swarm file and version numbers.

As stated in the official documentation:

Now, with all the pieces of the puzzle we were able to come up with a JavaScript library that process and compare the Solidity written code with the already deployed bytecode, taking into account the differences and importance of functional, runtime bytecode and auxiliary metadata.

bytecode-utils

This method check if a deployed contract match bytecode to a contract passed by parameter. address - String solcVersion…

www.npmjs.com

Also, some minor Solidity/bytecode processing tools were added to make the usage and implementation easier for developers.

If you find it useful don’t hesitate to share your thoughts, also we are open to add new features so please send us your pull requests with the desired functionality.

Code and other useful tools can be found here: https://github.com/cryptol0g1c/

All of our other libraries can for JS can be found here: https://www.npmjs.com/~cryptologic

Contact us at: www.cryptologic.io

Ethereum
Smart Contracts
Bytecode
Evm
Blockchain

--

--

Agustin Fiorenza
Cryptologic

Written by Agustin Fiorenza

5 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams