Skip to content

Add tooling for Lens verification #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 31, 2025
Merged

Add tooling for Lens verification #244

merged 3 commits into from
Jul 31, 2025

Conversation

@fedgiac
Copy link
Contributor

@fedgiac fedgiac commented Jul 22, 2025
edited
Loading

Description

Adds tooling needed to fully verify a deployment on Lens.

It uses the same verification procedure from 0ae8a26, but it uses the new-chain-deployment branch to guarantee that the metadata matches as well (and so the full verification works, not just the partial one).

I took the verification URL from internal discussion with the Lens team.

The commands are:

npx hardhat verify --network lens 0xC92E8bdf79f0507f65a392b0ab4667716BFE0110 0xBA12222222228d8Ba445958a75a0704d566BF2C8
npx hardhat verify --network lens 0x9008d19f58aabd9ed0d60971565aa8510560ab41 0x2c4c28DDBdAc9C5E7055b4C863b72eA0149D8aFE 0xBA12222222228d8Ba445958a75a0704d566BF2C8
npx hardhat verify --network lens 0x9E7Ae8Bdba9AA346739792d219a808884996Db67

Note that I added Sourcify verification as well despite Sourcify not supporting Lens. That's more for future tricky deployments since it can turn out to be handy.

I was unable to verify the authenticator itself. That's because it's a proxy and the proxy artifacts aren't available for the script to pick up. In particular, the following command does not work:

npx hardhat verify --network lens 0x2c4c28DDBdAc9C5E7055b4C863b72eA0149D8aFE 0x9E7Ae8Bdba9AA346739792d219a808884996Db67 0x6Fb5916c0f57f88004d5b5EB25f6f4D77353a1eD 0x7f7120fe0000000000000000000000006fb5916c0f57f88004d5b5eb25f6f4d77353a1ed

Test Plan

Check out the vault relayer, the settlement contract, and the allow list authentication implementation.

Extra chores

GitHub deprecated the action we rely on (1, 2). To fix that I just copied what we do on main.

@fedgiac fedgiac requested review from a team and squadgazzz July 22, 2025 15:44
@socket-security
Copy link

socket-security bot commented Jul 22, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​ethersproject/​keccak256@​5.3.0 ⏵ 5.8.01001006977100
Addedpicocolors@​1.1.11001007178100
Updatedstrip-ansi@​6.0.0 ⏵ 6.0.11001007279100
Updated@​ethersproject/​base64@​5.3.0 ⏵ 5.8.01001007577100
Updatedstring-width@​4.2.2 ⏵ 4.2.31001008076100
Updated@​ethersproject/​constants@​5.3.0 ⏵ 5.8.01001007777100
Added@​ethersproject/​logger@​5.8.01001007977100
Updated@​ethersproject/​strings@​5.3.0 ⏵ 5.8.01001008477100
Updated@​ethersproject/​signing-key@​5.3.0 ⏵ 5.8.0100 +110079 +177100
Updated@​ethersproject/​transactions@​5.3.0 ⏵ 5.8.0100 +110081 +177100
Updated@​ethersproject/​bytes@​5.3.0 ⏵ 5.8.0100 +110089 +177100
Updated@​ethersproject/​hash@​5.3.0 ⏵ 5.8.010010080 +177100
Updated@​ethersproject/​abstract-provider@​5.3.0 ⏵ 5.8.0100 +110087 +177100
Updated@​ethersproject/​networks@​5.3.0 ⏵ 5.8.0100 +110079 +177100
Updated@​ethersproject/​bignumber@​5.3.0 ⏵ 5.8.0100 +110082 +177100
Updated@​ethersproject/​properties@​5.3.0 ⏵ 5.8.0100 +110081 +177100
Updated@​ethersproject/​abstract-signer@​5.3.0 ⏵ 5.8.0100 +110079 +177100
Updated@​ethersproject/​web@​5.3.0 ⏵ 5.8.0100 +110081 +177100
Updated@​ethersproject/​abi@​5.3.0 ⏵ 5.8.0100 +110087 +177100
Updatedansi-regex@​5.0.0 ⏵ 5.0.1100100 +169080100
Updatedtable@​6.7.1 ⏵ 6.9.099 +1100100 +180100
Addednofilter@​3.1.01001008182100
Added@​fastify/​busboy@​2.1.110010010085100
Addedcbor@​8.1.010010010087100
Addedundici@​5.29.09810010096100
Added@​nomicfoundation/​hardhat-verify@​2.1.09910010098100

View full report

anxolin
anxolin approved these changes Jul 30, 2025
View reviewed changes
Copy link
Contributor

@anxolin anxolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested that:

  • Addressed match!
  • They are verified with EXACT MATCH
  • The bytecode matched mainnet (*1)

(*1) For the settlement contract, the bytecode is slightly different for some reason.

I didn't test test the validation itself work, because the command threw an error saying that they were already validated, also --force didn't help, but I trust they were validated using that command :)

hardhat.config.ts
},
etherscan: {
apiKey: {
lens: "unneeded",
Copy link
Contributor

@anxolin anxolin Jul 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤷‍♂️

@fedgiac
Copy link
Contributor Author

fedgiac commented Jul 31, 2025

(*1) For the settlement contract, the bytecode is slightly different for some reason.

The deployment calldata is exactly the same (otherwise we can't get the same address).
The deployed calldata is expected to be different because of the different domain separator.

@fedgiac fedgiac merged commit f171606 into new-chain-deployments Jul 31, 2025
3 checks passed
@fedgiac fedgiac deleted the lens-verification branch July 31, 2025 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anxolin anxolin anxolin approved these changes

@squadgazzz squadgazzz Awaiting requested review from squadgazzz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fedgiac @anxolin