forge_verify/

provider.rs

use crate::{
    etherscan::EtherscanVerificationProvider,
    sourcify::SourcifyVerificationProvider,
    verify::{VerifyArgs, VerifyCheckArgs},
};
use alloy_json_abi::JsonAbi;
use async_trait::async_trait;
use eyre::{Context, OptionExt, Result};
use foundry_common::compile::ProjectCompiler;
use foundry_compilers::{
    Project,
    artifacts::{
        Source, StandardJsonCompilerInput, output_selection::OutputSelection, vyper::VyperInput,
    },
    compilers::solc::SolcCompiler,
    multi::MultiCompilerSettings,
    solc::{Solc, SolcLanguage},
};
use foundry_config::{Chain, Config, EtherscanConfigError};
use semver::Version;
use std::{
    fmt,
    path::{Path, PathBuf},
    str::FromStr,
};

/// Container with data required for contract verification.
#[derive(Debug, Clone)]
pub struct VerificationContext {
    pub config: Config,
    pub project: Project,
    pub target_path: PathBuf,
    pub target_name: String,
    pub compiler_version: Version,
    pub compiler_settings: MultiCompilerSettings,
}

impl VerificationContext {
    pub fn new(
        target_path: PathBuf,
        target_name: String,
        compiler_version: Version,
        config: Config,
        compiler_settings: MultiCompilerSettings,
    ) -> Result<Self> {
        let mut project = config.project()?;
        project.no_artifacts = true;

        let solc = Solc::find_or_install(&compiler_version)?;
        project.compiler.solc = Some(SolcCompiler::Specific(solc));

        Ok(Self { config, project, target_name, target_path, compiler_version, compiler_settings })
    }

    pub fn get_solc_standard_json_input(&self) -> Result<StandardJsonCompilerInput> {
        let mut input: StandardJsonCompilerInput = self
            .project
            .standard_json_input(&self.target_path)
            .wrap_err("Failed to get standard json input")?
            .normalize_evm_version(&self.compiler_version);

        let mut settings = self.compiler_settings.solc.settings.clone();
        settings.libraries.libs = input
            .settings
            .libraries
            .libs
            .into_iter()
            .map(|(f, libs)| {
                (f.strip_prefix(self.project.root()).unwrap_or(&f).to_path_buf(), libs)
            })
            .collect();

        settings.remappings = input.settings.remappings;
        settings.sanitize(&self.compiler_version, SolcLanguage::Solidity);
        input.settings = settings;

        Ok(input)
    }

    /// Creates Vyper standard JSON input for verification.
    pub fn get_vyper_standard_json_input(&self) -> Result<VyperInput> {
        let path = Path::new(&self.target_path);
        let sources = Source::read_all_from(path, &["vy", "vyi"])?;
        Ok(VyperInput::new(sources, self.compiler_settings.vyper.clone(), &self.compiler_version))
    }

    /// Compiles target contract requesting only ABI and returns it.
    pub fn get_target_abi(&self) -> Result<JsonAbi> {
        let mut project = self.project.clone();
        project.update_output_selection(|selection| {
            *selection = OutputSelection::common_output_selection(["abi".to_string()]);
        });

        let output = ProjectCompiler::new()
            .quiet(true)
            .files([self.target_path.clone()])
            .compile(&project)?;

        let artifact = output
            .find(&self.target_path, &self.target_name)
            .ok_or_eyre("failed to find target artifact when compiling for abi")?;

        artifact.abi.clone().ok_or_eyre("target artifact does not have an ABI")
    }
}

/// An abstraction for various verification providers such as etherscan, sourcify, blockscout
#[async_trait]
pub trait VerificationProvider {
    /// This should ensure the verify request can be prepared successfully.
    ///
    /// Caution: Implementers must ensure that this _never_ sends the actual verify request
    /// `[VerificationProvider::verify]`, instead this is supposed to evaluate whether the given
    /// [`VerifyArgs`] are valid to begin with. This should prevent situations where there's a
    /// contract deployment that's executed before the verify request and the subsequent verify task
    /// fails due to misconfiguration.
    async fn preflight_verify_check(
        &mut self,
        args: VerifyArgs,
        context: VerificationContext,
    ) -> Result<()>;

    /// Sends the actual verify request for the targeted contract.
    async fn verify(&mut self, args: VerifyArgs, context: VerificationContext) -> Result<()>;

    /// Checks whether the contract is verified.
    async fn check(&self, args: VerifyCheckArgs) -> Result<()>;
}

impl FromStr for VerificationProviderType {
    type Err = String;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        match s {
            "e" | "etherscan" => Ok(Self::Etherscan),
            "s" | "sourcify" => Ok(Self::Sourcify),
            "b" | "blockscout" => Ok(Self::Blockscout),
            "o" | "oklink" => Ok(Self::Oklink),
            "c" | "custom" => Ok(Self::Custom),
            _ => Err(format!("Unknown provider: {s}")),
        }
    }
}

impl fmt::Display for VerificationProviderType {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::Etherscan => {
                write!(f, "etherscan")?;
            }
            Self::Sourcify => {
                write!(f, "sourcify")?;
            }
            Self::Blockscout => {
                write!(f, "blockscout")?;
            }
            Self::Oklink => {
                write!(f, "oklink")?;
            }
            Self::Custom => {
                write!(f, "custom")?;
            }
        };
        Ok(())
    }
}

#[derive(Clone, Debug, Default, PartialEq, Eq, clap::ValueEnum)]
pub enum VerificationProviderType {
    Etherscan,
    #[default]
    Sourcify,
    Blockscout,
    Oklink,
    /// Custom verification provider, requires compatibility with the Etherscan API.
    Custom,
}

impl VerificationProviderType {
    /// Returns the corresponding `VerificationProvider` for the key
    pub fn client(
        &self,
        key: Option<&str>,
        chain: Option<Chain>,
        has_url: bool,
    ) -> Result<Box<dyn VerificationProvider>> {
        let has_key = key.as_ref().is_some_and(|k| !k.is_empty());
        // 1. If no verifier or `--verifier sourcify` is set and no API key provided, use Sourcify.
        if !has_key && self.is_sourcify() {
            sh_println!(
                "Attempting to verify on Sourcify. Pass the --etherscan-api-key <API_KEY> to verify on Etherscan, \
            or use the --verifier flag to verify on another provider."
            )?;
            return Ok(Box::<SourcifyVerificationProvider>::default());
        }

        // 2. If `--verifier etherscan` is explicitly set, check if chain is supported and
        // enforce the API key requirement.
        if self.is_etherscan() {
            if let Some(chain) = chain
                && chain.etherscan_urls().is_none()
                && !has_url
            {
                eyre::bail!(EtherscanConfigError::UnknownChain(
                    "when using Etherscan verifier".to_string(),
                    chain
                ))
            }
            if !has_key {
                eyre::bail!("ETHERSCAN_API_KEY must be set to use Etherscan as a verifier")
            }
            return Ok(Box::<EtherscanVerificationProvider>::default());
        }

        // 3. If `--verifier blockscout | oklink | custom` is explicitly set, use the chosen
        //    verifier and make sure an URL was specified.
        if matches!(self, Self::Blockscout | Self::Oklink | Self::Custom) {
            if !has_url {
                eyre::bail!("No verifier URL specified for verifier {}", self);
            }
            return Ok(Box::<EtherscanVerificationProvider>::default());
        }

        // 4. If no `--verifier` is specified but `ETHERSCAN_API_KEY` is set, default to Etherscan.
        if has_key {
            return Ok(Box::<EtherscanVerificationProvider>::default());
        }

        // 5. If no valid provider is specified, bail.
        eyre::bail!(
            "No valid verification provider specified. Pass the --verifier flag to specify a provider or set the ETHERSCAN_API_KEY environment variable to use Etherscan as a verifier."
        )
    }

    pub fn is_sourcify(&self) -> bool {
        matches!(self, Self::Sourcify)
    }

    pub fn is_etherscan(&self) -> bool {
        matches!(self, Self::Etherscan)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn etherscan_allows_unknown_chain_with_verifier_url() {
        let chain = Chain::from(3658348u64);
        let res = VerificationProviderType::Etherscan.client(Some("key"), Some(chain), true);
        assert!(res.is_ok());
    }

    #[test]
    fn etherscan_rejects_unknown_chain_without_verifier_url() {
        let chain = Chain::from(3658348u64);
        let res = VerificationProviderType::Etherscan.client(Some("key"), Some(chain), false);
        match res {
            Ok(_) => panic!("expected unknown-chain error"),
            Err(err) => {
                assert!(err.to_string().contains("No known Etherscan API URL"));
            }
        }
    }
}