Verifying an OpenZeppelin proxy contract on etherscan

During the creation of an Upgradeable contract, the deployProxy function is called, which creates three contracts on the network.

The proxy contract, which appears as our “token address” - is the first item anyone will see when exploring the address on etherscan. Open Zeppelin proxy contracts like this have been issued over and over again, so Etherscan decides it found similar bytecode and automatically verifies the bytecode and displays a link to some “other” contract as a “Similar Match”.

We would like to self-verify our proxy contract so that it does not point to this “other” contract, which we know nothing about. As it is, the verify contract button does not exist, but you are able to recreate the link using etherscan’s ‘verify contract’ schema as such:

The issue is that it’s not immediately obvious how OpenZeppelin generates the contract. There are four files to the proxy admin contract, and there are constructors used in generating it. But the information, necessary to verify with etherscan, is not succinct for gathering. After trying various approaches, I have not been able to generate my own validation - including pulling from the repository, or even copying the derived code from the other linked “other” contract. There are also initializers as well as settings to comprise the bytecode, so it is very difficult to match.

Further, the hardhat-etherscan plugin does not automatically detect the proxy contracts in the source, (actually I am not even sure they exist in the project at all) making it impossible to use the plugin to verify the proxy contract.

Can you tell me how to find the appropriate fields to verify an Open Zeppelin proxy contract on etherscan manually?

My current config is using:
@openzeppelin/contracts-upgradeable”: “^3.3.0”,
@openzeppelin/hardhat-upgrades”: “^1.4.1”,

2 Likes

Hi @sean,

It's interesting that you want to verify manually. We were working under the assumption that the automatic verification based on similar contracts was good enough. (Are you sure that verifying manually will remove the "similar match" link?)

I can verify the contract for you if you want (feel free to send the contract address over DM if you prefer).

If you would like to do it yourself, you can follow the same steps I would follow:

  1. Clone the openzeppelin-upgrades repository
  2. Install dependencies running npx yarn.
  3. Go in the directory packages/core and run:

yarn hardhat verify --network mainnet <proxy address> <implementation address> <admin address> <initializer data>

We are looking into ways of making this process simpler for users.

3 Likes

4 posts were split to a new topic: Verify proxy contract 0.5.5