EVM Mirror: verify audited code matches onchain deployment

Aragon released EVM Mirror to close the “audit vs deployment” gap: smart-contract audits review a specific Git commit, but users interact with live deployed bytecode. The tool helps teams confirm that the verified source code from block explorers actually compiles to the bytecode running onchain. EVM Mirror works in three commands: (1) mirror verify compares deployed contracts against a trusted local source directory, including all imported libraries and dependencies; (2) mirror diff compares two deployed contracts to pinpoint changes during upgrades or governance reviews; (3) mirror clone pulls verified onchain source code from explorers into a buildable project structure and generates a foundry.toml using the deployed compiler/optimizer settings. Key features for real deployment environments include proxy-aware analysis via --follow-proxy (checking implementation contracts rather than proxy addresses) and multi-chain support across Ethereum, Optimism, Arbitrum, Base, Polygon, zkSync and more, using Etherscan multi-chain APIs when available and fallback explorer infrastructure otherwise. Aragon says the motivation came from managing multi-chain releases and security work with external protocols like Taiko, where repeated upgrade validation became hard to automate. EVM Mirror is open source and distributed as a standalone Deno binary designed with minimal permissions to reduce supply-chain risk. Net takeaway for traders: EVM Mirror improves onchain transparency and upgrade assurance, which can reduce governance and security “unknowns” when tokens depend on frequently upgraded smart contracts.