Introduction

Work in progress

This documentation is an early placeholder. Content, commands, and APIs are subject to change.

Vrfier is source code verification for Soroban smart contracts. It establishes a trustworthy link between a contract running on the Stellar network and the human-readable source code it was built from.

The problem

When you interact with a deployed smart contract, what you’re really trusting is its WASM bytecode — not the friendly README in someone’s repository. A project can publish source code that looks safe while deploying something different, and there is no built-in way for a user to tell the difference.

This gap matters most for the people least equipped to read bytecode: the developers integrating a protocol and the end users signing its transactions.

What Vrfier does

Vrfier reproducibly rebuilds a contract’s published source and checks that the resulting bytecode hash matches the code actually installed on-chain:

1. You submit a contract address and the source (repo + commit) that should correspond to it.
2. Vrfier rebuilds that source in a pinned, deterministic environment.
3. It compares the rebuilt WASM hash against the on-chain code and records a verdict that anyone can independently reproduce.

A verified contract earns a badge backed by everything needed to re-run the check yourself — verification you don’t have to take on faith.

Who it’s for

• Contract authors who want users to trust what they’ve shipped.
• Integrators who need to confirm a dependency is what it claims to be.
• Auditors and users who want provenance before signing a transaction.

Next steps

• Follow the Quick Start to verify your first contract.
• Read How Verification Works for the technical details.