massa-sc-scanner logo

Massa Smart contract Verifier

Verify the source code of a smart contract and inspect its content.

Massa wallet

Not connected

Price per byte to scan a smart contract: 0.005000000 MAS.

Price per byte to verify a smart contract: 0.100000000 MAS.

FAQ

Scanner

How does it work?

The scanner smart contract is able to read the bytecode of another smart contract. Then we can extract useful information from the bytecode.

How much does it cost?

The cost is calculated by multiplying the size of the bytecode and the price per byte. When a user pay to scan a smart contract, anyone can request a scan of this smart contract. Note that the price include the storage cost (around 0.0062 MAS).

How to use it on Massa Buildnet?

To use the scanner and the verifier on the Buildnet, simply connect your wallet with Massa Wallet and Massa Station on the Buildnet.

What will be the next features?
The next features will allow you to:
  • - see the smart contract storage,
  • - readonly the smart contract exported function.

Verifier

How does it work?

The verifier smart contract is also able to read the bytecode of another smart contract. You can upload a zip file of source code and the verifier will compare the deployed smart contract with the source code. The zip archive must contain the package.json file at the root. Then the server will extract the zip and compile the source code. The verifier will compare the deployed smart contract with the compiled wasm bytecode. Everything is store in a database for future reference.

How much does it cost?

The cost is calculated by multiplying the size of the bytecode and the price per byte. When a user pay to verify a smart contract, anyone can upload a source code zip file if the smart contract is not verified. Note that the price include the storage cost (around 0.0062 MAS).

What is the expected format of the zip file?

The zip file must contain the package.json file at the root. The npm dependencies must not have critical vulnerability. Check the vulnerabilities with the command:

npm audit

The zip archive must not contain the node_modules, .git and build folders. In addition, it must not contains the files: .env. It must contains the folder assembly and the file package.json.

How long is the verification?

The verification can take up to 3 or 4 minutes. The website will fetch the status every 5 seconds. If the verification is not completed after 5 minutes, this is probably because the zip file format is invalid or does not correspond to the deployed smart contract.

How can I see the proof of the verification status?

To see the proof that the bytecode of a smart contract corresponds to the source code, you can download the zip file and the deployed bytecode and perform the commands:

npm install
npm build

Then you can generate the sha1 of the wasm file and compare it with the sha1 of the deployed smart contract:

shasum build/*.wasm
What will be the next features?
The next features will allow you to:
  • - provide a new source code zip file of a smart contract if the deployed smart contract has been updated,
  • - only the address that paid will be able to upload the source code zip file,
  • - the verification status will be updated regularly to monitor smart contract mutation (setBytecode ABI).
Github: https://github.com/Thykof/massa-sc-scanner
Join Dusa: https://app.dusa.io/trade?ref=qmf57z
Delegated stacking: https://massa-blast.net
Mainnet faucet? https://fauxceeet.netlify.app