[buidler-etherscan] verify-contract by default is pushing all the project source code

[abarmat]

I see that by default the verify script is uploading the full source code for the project folder, so in Etherscan you see a number of files that are not related to the contract being verified.

const source = JSON.stringify(await run(TASK_COMPILE_GET_COMPILER_INPUT));
https://github.com/nomiclabs/buidler/blob/development/packages/buidler-etherscan/src/index.ts#L66

One option to solve this could be to flatten each contract file separately and passing the source file to the verify-contract task.

[michael1011]

Just noticed the same bug. @abarmat were you able to find a workaround for this?

[alcuadrado]

One option to solve this could be to flatten each contract file separately and passing the source file to the verify-contract task.

I'm not sure if that's viable, but will investigate it. It's unclear to me if etherscan requires the exact same compiler input, or just enough to be able to compile the contract.

[abarmat]

@michael1011 my idea was to flatten the contract file separately and then feed it to the verify-contract script through a parameter. I saw that was possible through --source in https://github.com/nomiclabs/buidler-etherscan. But it seems this option was removed when moving the plugins to the monorepo.

If we had a way to flatten individual contracts like with truffle-flattener in the FLATTEN_TASK we could feed that output to the source request.

[alcuadrado]

I can confirm now that both etherscan and sourcify don't need all the contracts that were compiled together, but just the subset needed to recreate the contract that you are trying to verify.

We are already working on improving this.

[abarmat]

Great, let me know if I can help.

[alcuadrado]

I'm afraid this issue in Solidity will prevent us from shipping this improvement, otherwise, the verification can fail.

Once this is fixed in Solidity, we'll re-enable it selectively, depending on the Solidity version being used.

[thekevinbrown]

@alcuadrado it looks like it's fixed in 0.7.0 from that issue.

[alcuadrado]

Apparently it does. We'll improve on this soon, but not a priority right now, as very few users are on 0.7. Not that we don't care about those, but we are also working on a major revamp of our compilation system, and fixing this after it lands will be easier.

[alcuadrado]

We've just released a new version of hardhat-etherscan, which first tries verifying with the minimal amount of contracts, and only if this fails tries verifying with the whole build.

This is all we can do on this front, and most times will lead to the optimal results, so I'm closing this issue. Thanks, everyone for your patience.