Update on Similar Match Contract Verification

Similar Match is a convenient tool to display source code and Read/Write contract capabilities for contracts with similar bytecode, but different constructor arguments.

This enables similar contracts that are commonly reused, such as libraries, factories, and proxies, to be verified without individually verifying each contract.

Source Code Comment Attacks

The Similar Match re-verification tool was previously exploited by malicious actors performing verification with the correct constructor arguments, however injecting comments, graffiti art, and renaming files.

A sample contract verification that was vandalized

To mitigate such an exploit, we temporarily restricted the degree of Similar Match re-verification as we developed a more secure method to protect re-verification.

Similar Match Contract Verification Whitelist

We've introduced a whitelist for smart contract authors to resubmit verification to update the contracts to Full Match.

This process is similar to Token Information Update to prove contract ownership. Contract authors/ developers would need to verify their contract address ownership with an Etherscan account, which you may sign up for free here.

You may then write to us via a Contact Us form to be included for Similar Match Contract Verification.

Once your Etherscan account has been whitelisted for Similar Match Contract Verification, you will be able to proceed to the source code verification page to reverify a similar matched contract. The process from there is the same as verifying a regular contract.

If your account has not had Similar Match updating enabled, you will encounter an error message, which you may request access via a Contact Us form.

Nicholas C
Nicholas C
Last updated: