Verification
We've built a handy tool to verify that the on-chain bytecode of deployed Mento contracts matches what has been audited. This is a bit technical and requires at least some knowledge of the stack used for smart contract development and how to use the terminal.
- 1.
- 2.Run
forge install
- 3.Run
yarn verifyBytecodes -n <network> -u <upgrade> -c <commit or tag>
For the
verifyBytecodes
command, you need to pick three parameters as follows:network
one ofbaklava
,alfajores
orcelo
upgrade
currently onlyMU01
exists which upgrades mento from v1.0 to v2.0commit or tag
what version of the source files to check against, this should come from the audit report associated with the upgrade.
For example, if we want to verify on Celo mainnet we would run this command:
$ yarn verifyBytecodes -n celo -u MU01 -c v2.0.0

In order to trust the results, you also have to trust the verification script. Luckily it's short enough to be able to read comfortably. You can find it here:

mento-deployment/verifyBytecodes.ts at main · mento-protocol/mento-deployment
GitHub
Link to verification script
The script flow is the following:
- 1.Check out
lib/mento-core
at the supplied commit - 2.Clean and recompile all contracts
- 3.Find deployed contracts by looking at the broadcast folders related to the upgrade
- 4.Compare the bytecode found on-chain for a deployed contract with the local compilation results
- 5.Print a pretty table.
Last modified 10d ago