-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When verifying upgradeable contract: "Bytecode does not match with the current version of ERC1967Proxy in the Hardhat Upgrades plugin" #870
Comments
The Hardhat Upgrades plugin can only verify proxy source code for proxies that were deployed by the plugin. This is because verification requires the exact compiler settings which were used to compile the proxy, and those compiler settings (along with the source code) are provided by the plugin during Etherscan verification to match the proxy bytecode that it deployed. If you deploy proxy contracts without using the plugin, you would need to verify them manually. However, generally there is no need to deploy newer versions of the proxy contracts than the ones provided by the plugin. We don't believe that any of the above compiler bugs affect the proxies. If compiler bugs or other vulnerabilities are discovered to affect the proxy contracts, we would publish a security advisory for OpenZeppelin Contracts https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories and would update the plugin to use the newer proxies as needed. |
The latest release of @openzeppelin/contracts is v4.9.3 but openzeppelin-upgrades is still using v4.8.3:
You should keep it up-to-date. |
While some source files have been modified (including for contracts that the proxies depend on) between OpenZeppelin Contracts v4.8.3 and v4.9.3, those specific changes were not deemed to affect proxy functionality. We generally do not update the version of the proxies used in the Hardhat plugin unless there are changes that affect the proxies. Updating the versions unnecessarily (if functionality does not change) would cause more difficulties for users. For example, a benefit of keeping proxy bytecode the same is that many proxy deployments would automatically have "Similar Match Source Code" verified on Etherscan and related block explorers if they were verified by other users before. As another example, the Hardhat plugin (as mentioned above) verifies proxy source code with the same bytecode that it deploys. If a user deploys a proxy but did not verify it, then updates the plugin with updated proxy source code, the |
I deployed an
ERC1967Proxy
proxy contract and implementation without using hardhat-upgrades.Then I tried to verify the contracts using
await run("verify:verify", { address, constructorArguments })
, but got the above error.I noticed that the artifact
ERC1967Proxy
is obtained from @openzeppelin/upgrades-core:openzeppelin-upgrades/packages/plugin-hardhat/src/verify-proxy.ts
Line 17 in a41b431
If I use that version then Etherscan shows a warning when viewing
ERC1967Proxy
s source code:The contract was compiled with solidity v0.8.9+commit.e5eed63a, which would be the reason for the warnings and bytcode mismatch. I use the latest version of solidity (0.8.21).
Please fix this issue. Thank you.
The text was updated successfully, but these errors were encountered: