Skip to content

[next-wave] CLI subcommand: sanctifier verify-deployment #738

Open
Open
[next-wave] CLI subcommand: sanctifier verify-deployment#738
Labels
contractSmart contract developmentdifficulty:mediumModerate changenext-waveScoped for the next contributor wavesdkCLI / SDK / integrationstoolingDeveloper tools and CLI
@Gbangbolaoluwagbemiga

Description

@Gbangbolaoluwagbemiga
Gbangbolaoluwagbemiga
opened on May 20, 2026

Context

We have on-chain contracts. We need a one-command verifier in the CLI that contributors can run locally to confirm the deployment matches their local source.

Tasks

  • Add verify-deployment subcommand to sanctifier-cli
  • Accept --contract-id and --source-path flags
  • Build the local crate to wasm32v1-none with stellar contract build
  • Fetch the deployed WASM hash via Soroban RPC getLedgerEntries
  • Compare hashes — exit code 0 on match, 1 on mismatch
  • Pretty-print a diff summary (deployed hash vs local hash, file sizes)
  • Add a --all mode that reads addresses from LIVE_TESTNET.md and verifies all three

Acceptance Criteria

$ sanctifier verify-deployment --all
✓ runtime-guard-wrapper  hash matches  (CBLDEREK…ZMTXB)
✓ vulnerable-contract    hash matches  (CABBT5FK…XNLMIB)
✓ reentrancy-guard       hash matches  (CDDVM5A5…CR3UY)
All 3 deployments verified.

Metadata

Metadata

Assignees

No one assigned

    Labels

    contractSmart contract developmentdifficulty:mediumModerate changenext-waveScoped for the next contributor wavesdkCLI / SDK / integrationstoolingDeveloper tools and CLI

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions