Token Provenance Verifier

Everything runs locally in your browser. View-source to inspect. There’s no server-side processing or hidden state; all verification happens transparently in your browser.

What this tool does: It verifies integrity of token-related files by:

Fetching metadata from a URL you provide (e.g., IPFS or HTTP).
Checking that the downloaded media file’s SHA-256 hash matches the hash recorded in the metadata.
Verifying a cryptographic signature (EIP-191 personal_sign) against the contract's creator address (signer address).

What this tool does not do: It does not prove the authenticity of the metadata itself. For authenticity, you must independently confirm that:

The metadata URL is the official one for this token.
The contract creator address genuinely belongs to Bearly Bass.
The smart contract’s on-chain storage (e.g. tokenURI or baseURI) matches the URL you are verifying.

This verifier will pass even if the metadata comes from an untrusted source or a compromised key, as long as the hash/signature match.

How to use

Step 0: Enter Token ID and Metadata Base URL (e.g. ipfs://CID/ or http://localhost:8080/meta/). The page shows the final metadata URL it will fetch. Click Fetch metadata.
Step 1: Click Verify file hash to confirm the media’s SHA-256 matches the metadata.
Step 2: Enter the address of the contract creator (signer) and click Verify signature.
Finally: Click Copy proof JSON for an auditable record.

0) Token + metadata Token ID Metadata Base URL

Final metadata URL: —

IPFS gateways (used when URL starts with ipfs://):

Loaded metadata snapshot

—

1) File hash check loop_audio (IPFS or HTTP) Expected audio_sha256 (hex, lowercase)

Last downloaded file info

Resolved URL: —

Bytes: —

Computed SHA-256: —

2) Signature check (EIP-191 personal_sign) Message Signature (0x… 65-byte r||s||v) Expected signer address (0x…)

Recovered signer

—