Massa wallet
Price per byte to scan a smart contract: 0.005000000 MAS.
Price per byte to verify a smart contract: 0.100000000 MAS.
The scanner smart contract is able to read the bytecode of another smart contract. Then we can extract useful information from the bytecode.
The cost is calculated by multiplying the size of the bytecode and the price per byte. When a user pay to scan a smart contract, anyone can request a scan of this smart contract. Note that the price include the storage cost (around 0.0062 MAS).
To use the scanner and the verifier on the Buildnet, simply connect your wallet with Massa Wallet and Massa Station on the Buildnet.
The verifier smart contract is also able to read the bytecode of another smart contract. You can upload a zip file of source code and the verifier will compare the deployed smart contract with the source code. The zip archive must contain the package.json file at the root. Then the server will extract the zip and compile the source code. The verifier will compare the deployed smart contract with the compiled wasm bytecode. Everything is store in a database for future reference.
The cost is calculated by multiplying the size of the bytecode and the price per byte. When a user pay to verify a smart contract, anyone can upload a source code zip file if the smart contract is not verified. Note that the price include the storage cost (around 0.0062 MAS).
The zip file must contain the package.json file at the root. The npm dependencies must not have critical vulnerability. Check the vulnerabilities with the command:
npm audit
The zip archive must not contain the node_modules, .git and build folders. In addition, it must not contains the files: .env. It must contains the folder assembly and the file package.json.
The verification can take up to 3 or 4 minutes. The website will fetch the status every 5 seconds. If the verification is not completed after 5 minutes, this is probably because the zip file format is invalid or does not correspond to the deployed smart contract.
To see the proof that the bytecode of a smart contract corresponds to the source code, you can download the zip file and the deployed bytecode and perform the commands:
npm install
npm build
Then you can generate the sha1 of the wasm file and compare it with the sha1 of the deployed smart contract:
shasum build/*.wasm