Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Deploying to a testnet is your first real taste of what a production deploy feels like. You pay (fake) gas, you wait for a block, and the contract lives on a public network. Verifying on Etherscan publishes your source code and gives users (and you, in 6 months) the ability to read and call the contract from a browser. This is the minimum standard for any contract you'd want a user to interact with.
Foundry's --verify flag submits source files and constructor arguments to the Etherscan API immediately after broadcast, so the contract appears verified within seconds of going on-chain. Verification is how auditors, users, and integrators confirm that what they're interacting with actually does what the README claims.
# Prerequisites (from earlier challenges):
# - $PRIVATE_KEY in .env, funded with Sepolia ETH
# - $SEPOLIA_RPC_URL in .env
# Plus get an Etherscan API key from etherscan.io/apis (free).
echo 'ETHERSCAN_API_KEY=ABC123...' >> .env
# Load env vars:
source .env
# Deploy + verify in one command:
forge script script/DeployHello.s.sol \
--rpc-url $SEPOLIA_RPC_URL \
--private-key $PRIVATE_KEY \
--broadcast \
--verify \
--etherscan-api-key $ETHERSCAN_API_KEY
# Expected output:
# Contract Address: 0x1234...
# Verification: Pass - Verified
# URL: https://sepolia.etherscan.io/address/0x1234...
# Then:
cast call <ADDR> 'greeting()(string)' --rpc-url $SEPOLIA_RPC_URL
# -> "gm".env. (Free, etherscan.io/apis.)--verify. Wait for the verify step — it's usually done in under a minute.setGreeting from your MetaMask wallet. You've now used a real wallet to send a real (test) transaction.Use these three in order. Each builds on the one before.
Explain what 'verifying a contract on Etherscan' does technically. What's being submitted, what's being checked, and what happens when it succeeds?
Walk me through Foundry's `--verify` flow: it submits the source, the compiler version, the optimizer settings, and the constructor args. Etherscan recompiles and compares bytecode. Why does verification sometimes fail for silly reasons (wrong solc version, wrong optimizer, wrong libraries)?
For a production deploy (mainnet, serious money at risk), what's your pre-flight checklist? Include: dry-run on forked mainnet, constructor arg validation, gas estimation, multi-sig signing, post-deploy sanity checks, verification.