Definition:
Sourcify is an Ethereum Foundation-supported, open-source contract source code verification service that uses Solidity compiler metadata files to achieve deterministic, trustless verification — matching deployed bytecode against locally compiled source code and publishing verified sources to IPFS and a public repository, allowing any developer or user to independently confirm that a deployed contract’s source code is accurate without trusting any centralized verification service. Sourcify’s approach is more rigorous than Etherscan’s verification because it uses the compiler metadata file (which encodes all compilation settings) rather than approximate bytecode matching.
Why Source Code Verification Matters
When you deploy a smart contract, only EVM bytecode goes on-chain — the original Solidity source is not stored. Users must trust the developer’s claims about what the contract does. Verification links source code to bytecode so anyone can:
- Audit what the contract actually does
- Confirm ABI (call and receive with correct function signatures)
- Use block explorers with human-readable interfaces (decoded function calls, events)
- Verify there are no hidden backdoors or malicious functions
Metadata-Based Verification
The Solidity Compiler Metadata File:
When compiling Solidity, the compiler generates a JSON metadata file (output.metadata.json) containing:
- Exact compiler version
- Optimization settings (runs, enabled/disabled)
- Source file hashes
- ABI
- A hash of the metadata itself (appended to the bytecode as CBOR-encoded suffix)
Sourcify’s Approach:
Because the metadata hash is appended to every deployed contract’s bytecode, Sourcify can:
- Accept the source files + metadata from the developer
- Recompile using exactly the settings in the metadata
- Compare the recompiled bytecode including the metadata hash against the on-chain bytecode
- If they match — perfect verification is confirmed
This means no approximation — Sourcify knows the exact compiler settings were used, not just that the bytecode is “close enough.”
Match Types
| Match Type | Description |
|---|---|
| Perfect match | Bytecode AND metadata hash identical — complete confidence in source accuracy |
| Partial match | Bytecode identical, metadata hash different — source is likely correct but compilation settings may differ slightly |
Etherscan uses partial matching. Sourcify’s perfect matches are the gold standard.
Decentralized Storage
Verified source code and metadata are stored:
- IPFS — The metadata file itself links to source files via IPFS CIDs, making the source permanently accessible
- Sourcify’s public repository —
https://repo.sourcify.dev/provides an HTTP API and directory browser - SWARM (historically) — early alternative, now less used
Anyone can add a Sourcify node and mirror the repository — no central authority controls the data.
Supported Chains
Sourcify supports 100+ EVM chains:
- Ethereum Mainnet, Goerli, Sepolia
- Polygon, Arbitrum, Optimism, Base
- BSC, Avalanche, Fantom
- Most L2s and testnets
Integration with Tools
Etherscan Integration:
Major block explorers (Etherscan, Blockscout) pull from Sourcify’s repository. A Sourcify-verified contract shows as verified on Blockscout automatically.
Hardhat Plugin:
“`bash
npm install –save-dev @nomicfoundation/hardhat-verify
npx hardhat verify –network mainnet DEPLOYED_ADDRESS
“`
The Hardhat verify plugin supports both Etherscan and Sourcify as verification targets.
Foundry:
“`bash
forge verify-contract –chain mainnet –verifier sourcify DEPLOYED_ADDRESS ContractName
“`
OpenZeppelin Defender:
Sourcify verification is integrated into the Defender deployment workflow.
Ethereum Foundation Support
Sourcify is a project of the Ethereum Foundation, making it the most credible independent verification alternative to Etherscan. The Ethereum Foundation funds Sourcify development as public infrastructure for the Ethereum ecosystem.
Sourcify vs. Etherscan Verification
| Feature | Sourcify | Etherscan |
|---|---|---|
| Open source | Yes | No |
| Centralized | No (IPFS) | Yes |
| Verification rigor | Perfect match possible | Partial match (bytecode only) |
| Chain support | 100+ | Etherscan-supported chains |
| API access | Free | Rate-limited, API key required |
| Metadata required | Yes | No |
Related Terms
Sources
- Sourcify Documentation — Complete guide to Sourcify verification and API.
- Sourcify Repository — Public repository of all verified contracts.
- Sourcify GitHub — Open-source Ethereum Foundation repository.
- Ethereum Foundation — Sourcify Overview — Background on contract verification standards.
Last updated: 2026-04