GITBOOK-2482: #542 verifying smart contracts page improvements

core-concepts/smart-contracts/verifying-smart-contracts-beta.md

@@ -1,10 +1,10 @@
 # Verifying Smart Contracts
 
-Smart contract verification is the process of verifying that the smart contract bytecode uploaded to the network matches the expected smart contract source files. Verification is _not_ required for contracts that are deployed on the Hedera but it is best practice and essential to maintaining the contract's security and integrity by identifying vulnerabilities that could be exploited, as smart contracts are immutable once deployed. It also enables transparency and builds trust within the user community by proving that the deployed bytecode matches the contract's original source code. 
+Smart contract verification is the process of verifying that the smart contract bytecode uploaded to the network matches the expected smart contract source files. Verification is _not_ required for contracts deployed on the Hedera network, but it is best practice and essential to maintaining the contract's security and integrity by identifying vulnerabilities that could be exploited, as smart contracts are immutable once deployed. It also enables transparency and builds trust within the user community by proving that the deployed bytecode matches the contract's original source code. 
 
 To initiate verification, you can use a community-hosted Hedera Mirror Node Explorer, like [HashScan](https://hashscan.io/) ([Arkhia](https://explorer.arkhia.io/) and [Dragon Glass](https://app.dragonglass.me/) do not currently support this feature), that integrates with [Sourcify](../../support-and-community/glossary.md#sourcify): A Solidity source code and metadata verification tool. Once you upload your files to the verification tool, Sourcify recompiles the submitted source code and metadata files to check them against the deployed bytecode. If a match is found, the contract's verification status is updated to either a [_<mark style="color:green;">Full (Perfect) Match</mark>_](https://docs.sourcify.dev/docs/full-vs-partial-match/#full-perfect-matches) or a [_<mark style="color:green;">Partial Match</mark>_](https://docs.sourcify.dev/docs/full-vs-partial-match/#partial-matches)_<mark style="color:green;">.</mark>_
 
-The verification status is then publicly available across all community-hosted Hedera Mirror Node Explorers. To learn what differentiates a _Full (Perfect) Match_ from a _Partial Match_, check out the Sourcify documentation [here](https://docs.sourcify.dev/docs/full-vs-partial-match/).
+The verification status is publicly available across all community-hosted Hedera Mirror Node Explorers. To learn what differentiates a _Full (Perfect) Match_ from a _Partial Match_, check out the Sourcify documentation [here](https://docs.sourcify.dev/docs/full-vs-partial-match/).
 
 {% hint style="info" %}
 **Note**: This is an initial beta release, and both the HashScan user interface and API functionalities are scheduled for enhancements in upcoming updates.
@@ -61,7 +61,9 @@ contract HelloWorld {
 
 ## The Metadata File
 
-When you compile a Solidity smart contract, it generates a JSON metadata file. This file contains settings used when the smart contract was originally compiled. These settings can include the compiler version, optimization details, and more. The metadata file is crucial for ensuring that the bytecode generated during verification matches the deployed bytecode. See Sourcify's Metadata documentation [here](https://docs.sourcify.dev/docs/metadata/#metadata).&#x20;
+When you compile a Solidity smart contract, it generates a JSON metadata file. This file contains settings used when the smart contract was originally compiled. These settings can include the compiler version, optimization details, and more. The metadata file is crucial for ensuring that the bytecode generated during verification matches the deployed bytecode.&#x20;
+
+> _Metadata is not part of the EVM spec because it's handled externally by compilers and tools like Sourcify. See Sourcify's Metadata documentation_ [_here_](https://docs.sourcify.dev/docs/metadata/#metadata)_._&#x20;
 
 You have options for generating the metadata file. The recommended skill levels for each option are in parentheses. Choose the option that best fits your experience with smart contracts:
 
@@ -83,7 +85,7 @@ See the Remix IDE docs for more detailed documentation [here](https://remix-ide.
 
 <summary>Hardhat (intermediate)</summary>
 
-To create the `.json` metadata file with Hardhat, compile the contract using the `npx hardhat compile` command. The compiled artifacts will be saved in the `artifacts/` directory and the `<dynamic_hash>.json` metadata file will be under `artifacts/build-info` and used for verification. See Sourcify Hardhat metadata [here](https://docs.sourcify.dev/docs/metadata/#hardhat).&#x20;
+To create the `.json` metadata file with Hardhat, compile the contract using the `npx hardhat compile` command. The compiled artifacts will be saved in the `artifacts/` directory and the `<dynamic_hash>.json` metadata file will be under `artifacts/build-info` and used for verification. See Sourcify Hardhat metadata documentation [here](https://docs.sourcify.dev/docs/metadata/#hardhat).&#x20;
 
 <img src="../../.gitbook/assets/hardhat contract artifacts.png" alt="" data-size="original">
 
@@ -93,6 +95,18 @@ To create the `.json` metadata file with Hardhat, compile the contract using the
 
 <details>
 
+<summary>Foundry (intermediate)</summary>
+
+To create the metadata file with Foundry, compile the contract using the `forge build` command. The compilation outputs to `out/CONTRACT_NAME` folder. The `.json` file contains the metadata of the contract under `"rawMetadata"` and `"metadata"` fields. However, you don't need to extract the metadata manually for verification. See Sourcify Foundry metadata documentation [here](https://docs.sourcify.dev/docs/metadata/#foundry).&#x20;
+
+![](../../.gitbook/assets/foundry-out-folder.png)
+
+**Note**: The requirements for verification with a contract compiled with Foundry are both the `.json` metadata and the Solidity source file.&#x20;
+
+</details>
+
+<details>
+
 <summary><strong>Solidity compiler (advanced)</strong></summary>
 
 You can pass the `--metadata` flag to the Solidity command line compiler to get the metadata output printed.&#x20;
@@ -113,10 +127,6 @@ solc --metadata contracts/HelloWorld.sol > metadata.json
 
 </details>
 
-> _**🚨 Note**: If you encounter the **`The deployed and recompiled bytecode don't match`** error, it's often because different tools were used for the initial compilation & deployment of your smart contract and the subsequent recompilation for metadata generation. To ensure successful verification, consistently use the same tool for both initial deployment and metadata generation._
-
-#### Example:
-
 An example metadata file for the `HelloWorld` smart contract:
 
 ```json
@@ -185,15 +195,7 @@ _**Note**: The `0.0.XXXXXXX` smart contract address format can not be used in th
 
 ***
 
-## Verify Your Smart Contract
-
-Learn how to verify your smart contract:
-
-{% content-ref url="../../tutorials/smart-contracts/how-to-verify-a-smart-contract-on-hashscan.md" %}
-[how-to-verify-a-smart-contract-on-hashscan.md](../../tutorials/smart-contracts/how-to-verify-a-smart-contract-on-hashscan.md)
-{% endcontent-ref %}
-
-#### Different Instances of Sourcify: Hedera's Custom Approach
+## Different Instances of Sourcify: Hedera's Custom Approach
 
 It's important to note that multiple instances of Sourcify do exist, tailored to the specific needs of different networks. Hedera runs an independent instance of Sourcify, distinct from the public-facing Sourcify.dev instances like Etherscan and other Etherscan clones.
 
@@ -205,6 +207,16 @@ An essential detail to remember is that smart contracts verified on Hedera's Sou
 
 ***
 
+## Verify Your Smart Contract
+
+Learn how to verify your smart contract:
+
+{% content-ref url="../../tutorials/smart-contracts/how-to-verify-a-smart-contract-on-hashscan.md" %}
+[how-to-verify-a-smart-contract-on-hashscan.md](../../tutorials/smart-contracts/how-to-verify-a-smart-contract-on-hashscan.md)
+{% endcontent-ref %}
+
+***
+
 ## Additional Resources
 
 **➡** [**Sourcify Documentation**](https://docs.sourcify.dev/docs/intro)