Contract Verification Inconsistency Between Sourcify and Hashscan

[mgarbs]

Description

The Swarm team has encountered an issue where a smart contract is properly verified on Sourcify but fails verification on Hashscan, despite using the same source code.

Contract Details

• Contract Address: 0x60A49273f8f2F522b6F38B1101745bB8A2267DE6
• Network: Hedera Mainnet (295)
• Contract Version: 0.0.8968421

Steps to Reproduce

1. The contract is successfully verified on Sourcify as shown at:
   https://repo.sourcify.dev/295/0x60A49273f8f2F522b6F38B1101745bB8A2267DE6

2. When attempting to verify the same contract on Hashscan using identical source files at:
   https://hashscan.io/mainnet/contract/0.0.8968421?ps=1&pf=1&pr=1&pa=1

   The verification process fails to complete successfully.

Expected Behavior

Contract verification should be consistent across both platforms when using the same source files.

Additional Information

• This appears to be related to a known issue with Sourcify as documented in: Integrate proxy detection into the verification flow ethereum/sourcify#1712
• All source code files were provided to both platforms
• Verification date on Sourcify: 2023-06-19 04:13:26 UTC (as shown in screenshots)

Screenshots

Environment

• Browser: Not specified
• Operating System: Not specified

Request

Please investigate if there's a possible workaround for this inconsistency between Sourcify and Hashscan verification processes for Hedera contracts. The contract is properly verified on one platform but not the other, which creates confusion.

Related Issues

• Integrate proxy detection into the verification flow ethereum/sourcify#1712

[svienot]

We will need access to the contract files to be able to investigate.

Could you check that our instance of Sourcify is able do the verification (i.e. using the native UI): https://verify.hashscan.io/ ?

[ericleponner]

Summary:

• I replayed verification and everything worked fine.
• Any additional information that could help reproducing the pb ?

Investigation details

Contract 0.0.8968421 is now fully verified and cannot be used for reproducing the pb. So I deployed a copy on testnet as 0.0.5922244.

In fact, it's not an exact copy : I renamed AssetTokenCCIPCompatible.sol as AssetTokenCCIPCompatiblePatch.sol to make a binary difference. An exact copy doesn't enable to replay verification because it is immediately considered as verified.

I opened Verification Dialog and tried various scenarios:

1. I dropped folder containing both sources and binary artifacts (generated by solc)
   => full match
2. I dropped sources one by one and finally dropped metadata file
   => full match

So the two basic verification scenarios work just fine.
@mgarbs do you (or Swarm team) have additional info that could help us to reproduce the problem ?

Dropping folder containing sources and artifacts:

Dropping source files one by one and dropping metadata: