HashPilot

verify_contract

Verify smart contract source code on HashScan block explorer to ensure transparency and enable public auditability through direct upload or build artifacts.

Instructions

Verify smart contract on HashScan block explorer.

METHODS: Direct source upload, Hardhat build-info, Foundry artifacts RETURNS: Verification status and HashScan URL

USE FOR: Contract transparency, code verification, public auditability.

Input Schema

TableJSON Schema

Name	Required	Description
`address`	Yes	Contract address (0x...)
`network`	Yes
`contractName`	Yes	Contract name
`filePath`	Yes	Source file path

Implementation Reference

src/tools/verify.ts:26-145 (handler)

The primary handler function for the 'verify_contract' MCP tool. Handles input validation, file reading (single file/dir/Hardhat build-info/Foundry artifacts), calls HashScan verification service, and formats the ToolResult response.

export async function verifyContract(args: {
  address: string;
  network: HederaNetwork;
  contractName: string;
  filePath: string;
  creatorTxHash?: string;
  buildInfoPath?: string;
  artifactPath?: string;
}): Promise<ToolResult> {
  try {
    logger.info('Verifying contract on HashScan', {
      address: args.address,
      network: args.network,
      contractName: args.contractName,
    });

    let result;

    // If buildInfoPath or artifactPath provided, use solc-json verification
    if (args.buildInfoPath) {
      // Hardhat build-info verification
      const buildInfo = await hashScanService.readHardhatBuildInfo(args.buildInfoPath);
      result = await hashScanService.verifyWithSolcJson(
        args.address,
        args.network,
        buildInfo.input,
        buildInfo.compilerVersion,
        args.contractName,
        args.creatorTxHash,
      );
    } else if (args.artifactPath) {
      // Foundry artifact verification
      const artifact = await hashScanService.readFoundryArtifact(args.artifactPath);

      // Read source file
      const sourceCode = await fs.readFile(args.filePath, 'utf-8');

      result = await hashScanService.verifyContract(
        args.address,
        args.network,
        {
          [`${args.contractName}.sol`]: sourceCode,
          'metadata.json': artifact.metadata,
        },
        args.creatorTxHash,
        args.contractName,
      );
    } else {
      // Direct file verification - read source files from directory or single file
      const stats = await fs.stat(args.filePath);
      const files: Record<string, string> = {};

      if (stats.isDirectory()) {
        // Read all .sol files from directory
        const entries = await fs.readdir(args.filePath, { withFileTypes: true });
        for (const entry of entries) {
          if (entry.isFile() && entry.name.endsWith('.sol')) {
            const fullPath = path.join(args.filePath, entry.name);
            const content = await fs.readFile(fullPath, 'utf-8');
            files[entry.name] = content;
          }
        }
      } else {
        // Single file
        const content = await fs.readFile(args.filePath, 'utf-8');
        files[path.basename(args.filePath)] = content;
      }

      result = await hashScanService.verifyContract(
        args.address,
        args.network,
        files,
        args.creatorTxHash,
        args.contractName,
      );
    }

    if (result.success) {
      const hashScanUrl = hashScanService.getContractUrl(args.address, args.network);

      return {
        success: true,
        data: {
          address: result.address,
          chainId: result.chainId,
          status: result.status,
          libraryMap: result.libraryMap,
          hashScanUrl,
          message:
            result.status === 'perfect'
              ? 'Contract verified successfully with perfect match'
              : 'Contract verified with partial match',
        },
        metadata: {
          executedVia: 'hashscan',
          command: 'verify_contract',
        },
      };
    } else {
      return {
        success: false,
        error: result.message || 'Verification failed',
        metadata: {
          executedVia: 'hashscan',
          command: 'verify_contract',
        },
      };
    }
  } catch (error: any) {
    logger.error('Contract verification failed', { error: error.message });
    return {
      success: false,
      error: error.message,
      metadata: {
        executedVia: 'hashscan',
        command: 'verify_contract',
      },
    };
  }
}

src/tools/verify.ts:405-444 (schema)

Complete input schema definition for the verify_contract tool, matching the handler parameters. Used internally or as reference for MCP registration.

{
  name: 'verify_contract',
  description:
    'Verify a smart contract on HashScan (Hedera block explorer). Supports direct file upload, Hardhat build-info, and Foundry artifacts. Returns verification status and HashScan URL.',
  inputSchema: {
    type: 'object' as const,
    properties: {
      address: {
        type: 'string',
        description: 'Contract address in 0x... format',
        pattern: '^0x[a-fA-F0-9]{40}$',
      },
      network: {
        type: 'string',
        description: 'Hedera network',
        enum: ['mainnet', 'testnet', 'previewnet'],
      },
      contractName: {
        type: 'string',
        description: 'Contract name (e.g., "Greeter")',
      },
      filePath: {
        type: 'string',
        description: 'Path to source file or directory containing .sol files',
      },
      creatorTxHash: {
        type: 'string',
        description: 'Optional: Transaction hash that created the contract',
      },
      buildInfoPath: {
        type: 'string',
        description: 'Optional: Path to Hardhat build-info JSON file for easier verification',
      },
      artifactPath: {
        type: 'string',
        description: 'Optional: Path to Foundry artifact JSON file (out/Contract.sol/Contract.json)',
      },
    },
    required: ['address', 'network', 'contractName', 'filePath'],
  },

src/index.ts:458-479 (registration)

MCP tool registration in the optimizedToolDefinitions array, including schema and description. Returned by ListToolsRequestHandler.

  {
    name: 'verify_contract',
    description: `Verify smart contract on HashScan block explorer.

METHODS: Direct source upload, Hardhat build-info, Foundry artifacts
RETURNS: Verification status and HashScan URL

USE FOR: Contract transparency, code verification, public auditability.`,
    inputSchema: {
      type: 'object' as const,
      properties: {
        address: { type: 'string', description: 'Contract address (0x...)' },
        network: {
          type: 'string',
          enum: ['mainnet', 'testnet', 'previewnet'],
        },
        contractName: { type: 'string', description: 'Contract name' },
        filePath: { type: 'string', description: 'Source file path' },
      },
      required: ['address', 'network', 'contractName', 'filePath'],
    },
  },

src/index.ts:636-638 (registration)
Dispatch/execution handler in the main CallToolRequestSchema switch statement that invokes the verifyContract handler.
```
case 'verify_contract':
  result = await verifyContract(args as any);
  break;
```

src/services/hashscan-service.ts:120-177 (helper)

Core helper function in HashScanService that performs the actual API verification request to HashScan's Sourcify endpoint.

async verifyContract(
  address: string,
  network: HederaNetwork,
  files: Record<string, string>,
  creatorTxHash?: string,
  chosenContract?: string,
): Promise<VerificationResult> {
  try {
    const chainId = this.getChainId(network);

    logger.info('Verifying contract on HashScan', {
      address,
      network,
      chainId,
      fileCount: Object.keys(files).length,
    });

    const response = await this.client.post('/verify', {
      address,
      chain: chainId,
      files,
      creatorTxHash,
      chosenContract,
    });

    const result = response.data.result?.[0];
    if (!result) {
      throw new Error('No verification result returned');
    }

    logger.info('Contract verification successful', {
      address,
      status: result.status,
      chainId: result.chainId,
    });

    return {
      success: true,
      address: result.address,
      chainId: result.chainId,
      status: result.status,
      libraryMap: result.libraryMap,
    };
  } catch (error: any) {
    logger.error('Contract verification failed', {
      error: error.message,
      response: error.response?.data,
    });

    return {
      success: false,
      address,
      chainId: this.getChainId(network),
      status: 'failed',
      message: error.response?.data?.error || error.message,
    };
  }
}

Tool Definition Quality

A4.2/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden and does well by disclosing key behavioral traits: it lists three verification methods (Direct source upload, Hardhat build-info, Foundry artifacts) and describes what the tool returns (verification status and HashScan URL). This provides important operational context beyond basic parameters.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is perfectly structured with clear sections (METHODS, RETURNS, USE FOR) and every sentence earns its place. It's front-loaded with the core purpose and efficiently communicates essential information without wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (4 parameters, no output schema, no annotations), the description provides good coverage of what the tool does, how it behaves, and when to use it. The main gap is lack of output schema, but the description compensates by specifying what the tool returns. It could be more complete by explaining parameter relationships or error cases.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 75% (3 of 4 parameters have descriptions), so the baseline is 3. The description doesn't add meaningful parameter semantics beyond what's in the schema - it mentions verification methods but doesn't explain how they relate to the filePath parameter or other inputs. The description doesn't compensate for the 25% coverage gap.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('verify smart contract') and resource ('on HashScan block explorer'), distinguishing it from sibling tools like deploy_contract or rpc_call_contract which focus on different operations. It provides concrete purpose beyond just the tool name.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The 'USE FOR' section explicitly lists three use cases (contract transparency, code verification, public auditability), giving clear context about when this tool is appropriate. However, it doesn't specify when NOT to use it or mention alternatives among siblings like foundry_contract or hardhat_contract that might relate to verification.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/justmert/hashpilot'

If you have feedback or need assistance with the MCP directory API, please join our Discord server