Base链智能合约部署指南：安全配置、测试网ETH获取与合约验证

deploying-contracts-on-base by base/skills

150 周安装量

54 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/base/skills --skill deploying-contracts-on-base

开发区块链安全

🇨🇳中文介绍

在 Base 上部署合约

前提条件

配置 RPC 端点（测试网：sepolia.base.org，主网：mainnet.base.org）
将私钥存储在 Foundry 的加密密钥库中 — 切勿提交密钥
从 CDP 水龙头获取测试网 ETH（仅限测试网）
获取 BaseScan API 密钥用于合约验证

安全

切勿将私钥提交到版本控制系统 — 使用 Foundry 的加密密钥库（cast wallet import）
切勿在源文件中硬编码 API 密钥 — 使用环境变量或带有 ${ENV_VAR} 引用的 foundry.toml
切勿暴露 .env 文件 — 将 .env 添加到

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

通过 CDP 水龙头获取测试网 ETH

在 Base Sepolia 上支付 gas 费需要测试网 ETH。使用 CDP 水龙头来领取。支持的代币：ETH、USDC、EURC、cbBTC。ETH 每次领取上限为 0.0001 ETH，每 24 小时可领取 1000 次。

选项 A：CDP 门户界面（推荐用于快速设置）

代理行为： 如果您有浏览器访问权限，请导航到门户并直接领取。否则，请要求用户完成这些步骤并提供已注资的钱包地址。

登录 CDP 门户（如果需要，请在 portal.cdp.coinbase.com/create-account 创建账户）
前往水龙头
选择 Base Sepolia 网络
选择 ETH 代币
输入钱包地址并点击领取
在 sepolia.basescan.org 上验证资金是否到账

选项 B：通过 CDP SDK 以编程方式获取

npm install @coinbase/cdp-sdk dotenv

import { CdpClient } from "@coinbase/cdp-sdk";
import dotenv from "dotenv";
dotenv.config();

const cdp = new CdpClient();
const account = await cdp.evm.createAccount();

const faucetResponse = await cdp.evm.requestFaucet({
  address: account.address,
  network: "base-sepolia",
  token: "eth",
});

console.log(`Funded: https://sepolia.basescan.org/tx/${faucetResponse.transactionHash}`);

.env 中需要的环境变量：

CDP_API_KEY_ID=your-api-key-id
CDP_API_KEY_SECRET=your-api-key-secret
CDP_WALLET_SECRET=your-wallet-secret

要为现有钱包注资而不是创建新钱包，请将其地址直接传递给 requestFaucet。

获取 BaseScan API 密钥

--verify 标志需要在 BaseScan 上自动验证合约，这要求提供 BaseScan API 密钥。BaseScan 使用与 Etherscan 相同的账户系统。

代理行为： 如果您有浏览器访问权限，请导航到 BaseScan 网站并创建密钥。否则，请要求用户完成这些步骤并提供 API 密钥。

访问 basescan.org/myapikey（或 etherscan.io/myapikey — 同一账户通用）
登录或创建一个免费账户
点击添加以创建新的 API 密钥
复制密钥并在您的环境中设置：

export ETHERSCAN_API_KEY=your-basescan-api-key

或者，直接将其传递给 forge：

forge create ... --etherscan-api-key <your-key>

或将其添加到 foundry.toml：

[etherscan]
base-sepolia = { key = "${ETHERSCAN_API_KEY}", url = "https://api-sepolia.basescan.org/api" }
base = { key = "${ETHERSCAN_API_KEY}", url = "https://api.basescan.org/api" }

forge create src/MyContract.sol:MyContract \
  --rpc-url https://sepolia.base.org \
  --account <keystore-account> \
  --verify \
  --etherscan-api-key $ETHERSCAN_API_KEY

forge create src/MyContract.sol:MyContract \
  --rpc-url https://mainnet.base.org \
  --account <keystore-account> \
  --verify \
  --etherscan-api-key $ETHERSCAN_API_KEY

合约格式：<contract-path>:<contract-name>
--verify 标志可在 BaseScan 上自动验证（需要 API 密钥）
区块浏览器：basescan.org（主网），sepolia.basescan.org（测试网）
CDP 水龙头文档：docs.cdp.coinbase.com/faucets

错误	原因
`nonce has already been used`	节点同步未完成
交易失败	gas 费 ETH 不足 — 从水龙头领取
验证失败	目标网络的 RPC 端点错误
验证 403/未授权	缺少或 BaseScan API 密钥无效

🇺🇸English

Deploying Contracts on Base

Prerequisites

Configure RPC endpoint (testnet: sepolia.base.org, mainnet: mainnet.base.org)
Store private keys in Foundry's encrypted keystore — never commit keys
Obtain testnet ETH from CDP faucet (testnet only)
Get a BaseScan API key for contract verification

Security

Never commit private keys to version control — use Foundry's encrypted keystore (cast wallet import)
Never hardcode API keys in source files — use environment variables or foundry.toml with ${ENV_VAR} references
Never expose.env files — add .env to .gitignore
Use production RPC providers (not public endpoints) for mainnet deployments to avoid rate limits and data leaks
Verify contracts on BaseScan to enable public audit of deployed code

Input Validation

Before constructing shell commands, validate all user-provided values:

contract-path : Must match ^[a-zA-Z0-9_/.-]+\.sol:[a-zA-Z0-9_]+$. Reject paths with spaces, semicolons, pipes, or backticks.
rpc-url : Must be a valid HTTPS URL (^https://[^\s;|&]+$). Reject non-HTTPS or malformed URLs.
keystore-account : Must be alphanumeric with hyphens/underscores (^[a-zA-Z0-9_-]+$).
etherscan-api-key : Must be alphanumeric (^[a-zA-Z0-9]+$).

Do not pass unvalidated user input into shell commands.

Obtaining Testnet ETH via CDP Faucet

Testnet ETH is required to pay gas on Base Sepolia. Use the CDP Faucet to claim it. Supported tokens: ETH, USDC, EURC, cbBTC. ETH claims are capped at 0.0001 ETH per claim, 1000 claims per 24 hours.

Option A: CDP Portal UI (recommended for quick setup)

Agent behavior: If you have browser access, navigate to the portal and claim directly. Otherwise, ask the user to complete these steps and provide the funded wallet address.

Sign in to CDP Portal (create an account at portal.cdp.coinbase.com/create-account if needed)
Go to Faucets
Select Base Sepolia network
Select ETH token
Enter the wallet address and click Claim
Verify on sepolia.basescan.org that the funds arrived

Option B: Programmatic via CDP SDK

Requires a CDP API key and Wallet Secret.

npm install @coinbase/cdp-sdk dotenv



import { CdpClient } from "@coinbase/cdp-sdk";
import dotenv from "dotenv";
dotenv.config();

const cdp = new CdpClient();
const account = await cdp.evm.createAccount();

const faucetResponse = await cdp.evm.requestFaucet({
  address: account.address,
  network: "base-sepolia",
  token: "eth",
});

console.log(`Funded: https://sepolia.basescan.org/tx/${faucetResponse.transactionHash}`);

Environment variables needed in .env:

CDP_API_KEY_ID=your-api-key-id
CDP_API_KEY_SECRET=your-api-key-secret
CDP_WALLET_SECRET=your-wallet-secret

To fund an existing wallet instead of creating a new one, pass its address directly to requestFaucet.

Obtaining a BaseScan API Key

A BaseScan API key is required for the --verify flag to auto-verify contracts on BaseScan. BaseScan uses the same account system as Etherscan.

Agent behavior: If you have browser access, navigate to the BaseScan site and create the key. Otherwise, ask the user to complete these steps and provide the API key.

Go to basescan.org/myapikey (or etherscan.io/myapikey — same account works)
Sign in or create a free account
Click Add to create a new API key
Copy the key and set it in your environment:

export ETHERSCAN_API_KEY=your-basescan-api-key

Alternatively, pass it directly to forge:

forge create ... --etherscan-api-key <your-key>

Or add it to foundry.toml:

[etherscan]
base-sepolia = { key = "${ETHERSCAN_API_KEY}", url = "https://api-sepolia.basescan.org/api" }
base = { key = "${ETHERSCAN_API_KEY}", url = "https://api.basescan.org/api" }

Deployment Commands

Testnet

forge create src/MyContract.sol:MyContract \
  --rpc-url https://sepolia.base.org \
  --account <keystore-account> \
  --verify \
  --etherscan-api-key $ETHERSCAN_API_KEY

Mainnet

forge create src/MyContract.sol:MyContract \
  --rpc-url https://mainnet.base.org \
  --account <keystore-account> \
  --verify \
  --etherscan-api-key $ETHERSCAN_API_KEY

Key Notes

Contract format: <contract-path>:<contract-name>
--verify flag auto-verifies on BaseScan (requires API key)
Explorers: basescan.org (mainnet), sepolia.basescan.org (testnet)
CDP Faucet docs: docs.cdp.coinbase.com/faucets

Common Issues

Error	Cause
`nonce has already been used`	Node sync incomplete
Transaction fails	Insufficient ETH for gas — claim from faucet
Verification fails	Wrong RPC endpoint for target network
Verification 403/unauthorized	Missing or invalid BaseScan API key

Weekly Installs

116

Repository

base/skills

GitHub Stars

First Seen

Feb 24, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

codex113

github-copilot112

kimi-cli112

gemini-cli112

cursor112

amp112

Azure RBAC 权限管理工具：查找最小角色、创建自定义角色与自动化分配

135,700 周安装