Add tooling for Lens verification (#244)

fedgiac · web-flow · commit f171606f12d1 · 2025-07-31T07:55:09.000Z
## Description Adds tooling needed to fully verify a deployment on Lens. It uses the same verification procedure from 0ae8a26, but it uses the `new-chain-deployment` branch to guarantee that the metadata matches as well (and so the full verification works, not just the partial one). I took the verification URL from internal discussion with the Lens team. The commands are: ```sh npx hardhat verify --network lens 0xC92E8bdf79f0507f65a392b0ab4667716BFE0110 0xBA12222222228d8Ba445958a75a0704d566BF2C8 npx hardhat verify --network lens 0x9008d19f58aabd9ed0d60971565aa8510560ab41 0x2c4c28DDBdAc9C5E7055b4C863b72eA0149D8aFE 0xBA12222222228d8Ba445958a75a0704d566BF2C8 npx hardhat verify --network lens 0x9E7Ae8Bdba9AA346739792d219a808884996Db67 ``` Note that I added Sourcify verification as well despite Sourcify not supporting Lens. That's more for future tricky deployments since it can turn out to be handy. I was unable to verify the authenticator itself. That's because it's a proxy and the proxy artifacts aren't available for the script to pick up. In particular, the following command does **not** work: ```sh npx hardhat verify --network lens 0x2c4c28DDBdAc9C5E7055b4C863b72eA0149D8aFE 0x9E7Ae8Bdba9AA346739792d219a808884996Db67 0x6Fb5916c0f57f88004d5b5EB25f6f4D77353a1eD 0x7f7120fe0000000000000000000000006fb5916c0f57f88004d5b5eb25f6f4d77353a1ed ``` ## Test Plan Check out the [vault relayer](https://explorer.lens.xyz/address/0xC92E8bdf79f0507f65a392b0ab4667716BFE0110#contract), the [settlement contract](https://explorer.lens.xyz/address/0x9008d19f58aabd9ed0d60971565aa8510560ab41#contract), and the [allow list authentication implementation](https://explorer.lens.xyz/address/0x9E7Ae8Bdba9AA346739792d219a808884996Db67#contract). ## Extra chores GitHub deprecated the action we rely on ([1](https://github.com/cowprotocol/contracts/actions/runs/16449102714/job/46489174189), [2](https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down)). To fix that I just copied [what we do on main](https://github.com/cowprotocol/contracts/blob/f8e4bcbcfa7ed560b237d78d44fe06a25fadf565/.github/workflows/ci.yml#L20-L27).
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -19,7 +19,7 @@ jobs:
           node-version: ${{ matrix.node }}
       - id: yarn-cache
         run: echo "::set-output name=dir::$(yarn cache dir)"
-      - uses: actions/cache@v2
+      - uses: actions/cache@v4
         with:
           path: ${{ steps.yarn-cache.outputs.dir }}
           key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
diff --git a/README.md b/README.md
@@ -87,6 +87,15 @@ export ETHERSCAN_API_KEY=<Your Key>
 yarn verify:etherscan --network $NETWORK
 ```
 
+Single contracts can be verified as well, but the constructor arguments must be explicitly given to the command.
+A common example is the vault relayer contract, which is not automatically verified with the command above since it is only deployed indirectly during initialization. This contract can be manually verified with:
+
+```sh
+npx hardhat verify --network $NETWORK 0xC92E8bdf79f0507f65a392b0ab4667716BFE0110 0xBA12222222228d8Ba445958a75a0704d566BF2C8
+```
+
+The first address is the vault relayer address, the second is the deployment input (usually, the Balancer vault).
+
 #### Tenderly
 
 For verifying all deployed contracts:
diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -3,6 +3,7 @@ import "hardhat-deploy";
 import "hardhat-gas-reporter";
 import "solidity-coverage";
 import "@tenderly/hardhat-tenderly";
+import "@nomicfoundation/hardhat-verify";
 
 import dotenv from "dotenv";
 import type { HttpNetworkUserConfig } from "hardhat/types";
@@ -104,6 +105,10 @@ export default {
       ...sharedNetworkConfig,
       url: "https://xdai.poanetwork.dev",
     },
+    lens: {
+      ...sharedNetworkConfig,
+      url: "https://rpc.lens.xyz",
+    },
   },
   namedAccounts: {
     // Note: accounts defined by a number refer to the the accounts as configured
@@ -120,6 +125,25 @@ export default {
       hardhat: 2,
     },
   },
+  etherscan: {
+    apiKey: {
+      lens: "unneeded",
+    },
+    customChains: [
+      {
+        network: "lens",
+        chainId: 232,
+        urls: {
+          apiURL:
+            "https://api-explorer-verify.lens.matterhosted.dev/contract_verification",
+          browserURL: "https://explorer.lens.xyz/",
+        },
+      },
+    ],
+  },
+  sourcify: {
+    enabled: true,
+  },
   gasReporter: {
     enabled: REPORT_GAS ? true : false,
     currency: "USD",
diff --git a/package.json b/package.json
@@ -32,6 +32,7 @@
     "@0x/contract-artifacts-v2": "npm:@0x/contract-artifacts@^2.2.2",
     "@gnosis.pm/safe-contracts": "^1.3.0",
     "@gnosis.pm/util-contracts": "=3.1.0-solc-7",
+    "@nomicfoundation/hardhat-verify": "^2.0.1",
     "@nomiclabs/hardhat-ethers": "^2.0.2",
     "@nomiclabs/hardhat-waffle": "^2.0.1",
     "@openzeppelin/contracts": "=3.4.0-solc-0.7",
diff --git a/yarn.lock b/yarn.lock
