Address Validity
The AddressValidity attestation type validates whether a string represents a valid address on supported blockchain networks (BTC, DOGE, and XRP).
This validation ensures addresses meet chain-specific formatting and checksum requirements before they're used in transactions or smart contracts.
The full specification is available on the official specification repo.
The primary contract interface for this attestation type is IAddressValidity. Let's walk through validating a Bitcoin testnet address using the FDC protocol.
We will use the address mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs as an example throughout this guide.
You can swap this with any valid testnet address from the supported chains.
You can follow this tutorial with any other valid address - just make sure it is a valid testnet address.
This validation process works identically for BTC, DOGE, and XRP addresses, with only minor chain-specific parameter adjustments which we'll highlight throughout the guide.
In this guide, we will follow the steps outlined in the FDC overview.
Our implementation requires handling the FDC voting round finalization process.
To manage this, we will create separate scripts in script/fdcExample/AddressValidity.s.sol that handle different stages of the validation process:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;
import {Script} from "dependencies/forge-std-1.9.5/src/Script.sol";
...
// Configuration constants
string constant attestationTypeName = "AddressValidity";
string constant dirPath = "data/";
contract PrepareAttestationRequest is Script {
...
}
contract SubmitAttestationRequest is Script {
...
}
contract RetrieveDataAndProof is Script {
...
}
contract Deploy is Script {
...
}
...
The names of included contracts mostly mirror the steps described in the FDC overview.
To bridge the separate script executions, we will save the relevant data of each script to a file in the dirPath folder.
Each succeeding script will then read that file to load the data.
Prepare request
A JSON request to the verifier follows the same structure for all attestation types, with field values varying per type.
Required Fields
attestationType: UTF8 hex string encoding of the attestation type name, zero-padded to 32 bytes.sourceId: UTF8 hex string encoding of the data source identifier name, zero-padded to 32 bytes.requestBody: Specific to each attestation type.
For AddressValidity, requestBody contains a single field:
addressString: The address to verify.
Reference Documentation
- AddressValidity Specification
- Verifier Interactive Docs
- API available for DOGE and XRP.
Example Values
attestationType: UTF8 hex encoding ofAddressValidity, zero-padded to 32 bytes.sourceId: UTF8 hex encoding oftestBTC, zero-padded to 32 bytes."test"prefix denotes Bitcoin testnet.- Supports deployment on Flare testchains (
CostonorCoston2). - Replace
testBTCwithtestDOGEortestXRPfor other chains.
addressString:mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs.
Encoding Functions
To encode values into UTF8 hex:
toUtf8HexString: Converts a string to UTF8 hex.toHexString: Zero-right-pads the string to 32 bytes.
These functions are included in the Base library within the example repository, but they can also be defined locally in your contract or script.
function toHexString(
bytes memory data
) public pure returns (string memory) {
bytes memory alphabet = "0123456789abcdef";
bytes memory str = new bytes(2 + data.length * 2);
str[0] = "0";
str[1] = "x";
for (uint i = 0; i < data.length; i++) {
str[2 + i * 2] = alphabet[uint(uint8(data[i] >> 4))];
str[3 + i * 2] = alphabet[uint(uint8(data[i] & 0x0f))];
}
return string(str);
}
function toUtf8HexString(
string memory _string
) internal pure returns (string memory) {
string memory encodedString = toHexString(
abi.encodePacked(_string)
);
uint256 stringLength = bytes(encodedString).length;
require(stringLength <= 64, "String too long");
uint256 paddingLength = 64 - stringLength + 2;
for (uint256 i = 0; i < paddingLength; i++) {
encodedString = string.concat(encodedString, "0");
}
return encodedString;
}
We also define a helper function for formatting data into a JSON string.
function prepareAttestationRequest(
string memory attestationType,
string memory sourceId,
string memory requestBody
) internal view returns (string[] memory, string memory) {
// We read the API key from the .env file
string memory apiKey = vm.envString("VERIFIER_API_KEY");
// Preparing headers
string[] memory headers = prepareHeaders(apiKey);
// Preparing body
string memory body = prepareBody(
attestationType,
sourceId,
requestBody
);
console.log(
"headers: %s",
string.concat("{", headers[0], ", ", headers[1]),
"}\n"
);
console.log("body: %s\n", body);
return (headers, body);
}
function prepareHeaders(
string memory apiKey
) internal pure returns (string[] memory) {
string[] memory headers = new string[](2);
headers[0] = string.concat('"X-API-KEY": ', apiKey);
headers[1] = '"Content-Type": "application/json"';
return headers;
}
function prepareBody(
string memory attestationType,
string memory sourceId,
string memory body
) internal pure returns (string memory) {
return
string.concat(
'{"attestationType": ',
'"',
attestationType,
'"',
', "sourceId": ',
'"',
sourceId,
'"',
', "requestBody": ',
body,
"}"
);
}
In the example repository, these are once again included within the Base library file.
Thus, the part of the script that prepares the verifier request looks like:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;
import {console} from "dependencies/forge-std-1.9.5/src/console.sol";
import {Script} from "dependencies/forge-std-1.9.5/src/Script.sol";
import {Base} from "./Base.s.sol";
...
string constant attestationTypeName = "AddressValidity";
string constant dirPath = "data/";
contract PrepareAttestationRequest is Script {
using Surl for *;
// Setting request data
string public addressStr = "mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs"; // Id of the Bitcoin address to be validated
string public baseSourceName = "btc"; // Part of verifier URL
string public sourceName = "testBTC"; // Bitcoin chain ID
function prepareRequestBody(
string memory addressStr
) private pure returns (string memory) {
return string.concat('{"addressStr": "', addressStr, '"}');
}
function run() external {
// Preparing request data
string memory attestationType = Base.toUtf8HexString(
attestationTypeName
);
string memory sourceId = Base.toUtf8HexString(sourceName);
string memory requestBody = prepareRequestBody(addressStr);
(string[] memory headers, string memory body) = Base
.prepareAttestationRequest(attestationType, sourceId, requestBody);
// TODO change key in .env
// string memory baseUrl = "https://testnet-verifier-fdc-test.aflabs.org/";
string memory baseUrl = vm.envString("VERIFIER_URL_TESTNET");
string memory url = string.concat(
baseUrl,
"verifier/",
baseSourceName,
"/",
attestationTypeName,
"/prepareRequest"
);
console.log("url: %s", url);
(string[] memory headers, string memory body) = prepareAttestationRequest(attestationType, sourceId, requestBody);
...
}
}
...
If you are accessing a different chain, replace the baseSourceName with an appropriate value, doge or xrp.
The code above differs slightly from the starter example.
But, if we remove the ellipses ... signifying missing code, we can still run the script.
Because of the console.log commands it will produce JSON strings that represent valid requests; we can then pass this to the interactive verifier to check what the response is.
We can run the script by calling the following commands in the console.
source .env
forge script script/fdcExample/AddressValidity.s.sol:PostRequest --private-key $PRIVATE_KEY --rpc-url $COSTON2_RPC_URL --etherscan-api-key $FLARE_API_KEY --broadcast --ffi
The prerequisite for this is that the .env file is not missing the PRIVATE KEY and COSTON2_RPC_URL values.
The script can also access other chains; that can be achieved by replacing the --rpc-url value with COSTON_RPC_URL, FLARE_RPC_URL, or SONGBIRD_RPC_URL.
Post request to verifier
Before submitting address validation requests to the FDC protocol, we first need to prepare and send them to a verifier server.
This section walks through the request submission process using the surl package.
We place using Surl for *; at the start of our PostRequest contract, and then call its post method on the verifier URL.
(, bytes memory data) = url.post(headers, body);
We construct the URL by appending to the verifier address https://fdc-verifiers-testnet.flare.network/ the path verifier/btc/AddressValidity/prepareRequest.
We can do so dynamically with the following code.
string memory baseUrl = "https://fdc-verifiers-testnet.flare.network/";
string memory url = string.concat(
baseUrl,
"verifier/",
baseSourceName,
"/",
attestationTypeName,
"/prepareRequest"
);
console.log("url: %s", url);
string memory requestBody = string.concat(
'{"addressStr": "',
addressStr,
'"}'
);
Lastly, we parse the return data from the verifier server.
Using the Foundry parseJson shortcode, and a custom struct AttestationResponse, we decode the returned data and extract from it the ABI encoded request.
function parseAttestationRequest(
bytes memory data
) internal pure returns (AttestationResponse memory) {
string memory dataString = string(data);
bytes memory dataJson = vm.parseJson(dataString);
AttestationResponse memory response = abi.decode(
dataJson,
(AttestationResponse)
);
console.log("response status: %s\n", response.status);
console.log("response abiEncodedRequest: ");
console.logBytes(response.abiEncodedRequest);
console.log("\n");
return response;
}
Understanding the abiEncodedRequest.
If everything went right, the abiEncodedRequest should look something like this (minus the line breaks - we split it after the 0x symbol and then after every 64 characters (32 bytes), for the sake of clarity).
0x
4164647265737356616c69646974790000000000000000000000000000000000
7465737442544300000000000000000000000000000000000000000000000000
7d2ef938d4ffd2392f588bf46563e07ab885b15fead91c1bb99b16f465b71a68
0000000000000000000000000000000000000000000000000000000000000020
0000000000000000000000000000000000000000000000000000000000000020
0000000000000000000000000000000000000000000000000000000000000022
6d6739503966347772397737633173674665695443356f4d4c59584363326337
6873000000000000000000000000000000000000000000000000000000000000
Let's break it down line by line:
- First line:
toUtf8HexString("AddressValidity") - Second line:
toUtf8HexString("testBTC") - Third line: message integrity code (MIC), a hash of the whole response salted with a string
"Flare", ensures the integrity of the attestation - Remaining lines: ABI encoded
AddressValidity.RequestBodySolidity struct
What this demonstrates is that, with some effort, the abiEncodedRequest can be constructed manually.
We write the abiEncodedRequest to a file (data/AddressValidity_abiEncodedRequest.txt) to it in the next step.
Base.writeToFile(
dirPath,
string.concat(attestationTypeName, "_abiEncodedRequest"),
StringsBase.toHexString(response.abiEncodedRequest),
true
);
Submit request to FDC
This step transitions from offchain request preparation to on-chain interaction with the FDC protocol. Now, we submit the validated request to the blockchain using deployed smart contracts.
Submit request
The entire submission process requires only five key steps:
function submitAttestationRequest(
bytes memory abiEncodedRequest
) internal {
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerPrivateKey);
IFdcRequestFeeConfigurations fdcRequestFeeConfigurations = ContractRegistry
.getFdcRequestFeeConfigurations();
uint256 requestFee = fdcRequestFeeConfigurations.getRequestFee(
abiEncodedRequest
);
console.log("request fee: %s\n", requestFee);
vm.stopBroadcast();
vm.startBroadcast(deployerPrivateKey);
IFdcHub fdcHub = ContractRegistry.getFdcHub();
console.log("fcdHub address:");
console.log(address(fdcHub));
console.log("\n");
fdcHub.requestAttestation{value: requestFee}(abiEncodedRequest);
vm.stopBroadcast();
}
Step-by-Step Breakdown
- Load Private Key
The private key is read from the
.envfile using Foundry'senvUintfunction:
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
- Obtain Request Fee
We retrieve the required requestFee from the
FdcRequestFeeConfigurationscontract:
IFdcRequestFeeConfigurations fdcRequestFeeConfigurations = ContractRegistry
.getFdcRequestFeeConfigurations();
uint256 requestFee = fdcRequestFeeConfigurations.getRequestFee(
response.abiEncodedRequest
);
This is done in a separate broadcast to ensure requestFee is available before submitting the request.
- Access
FdcHubContract Using theContractRegistrylibrary (fromflare-periphery), we fetch theFdcHubcontract:
IFdcHub fdcHub = ContractRegistry.getFdcHub();
console.log("fcdHub address:");
console.log(address(fdcHub));
console.log("\n");
- Submit the Attestation Request We send the attestation request with the required fee:
fdcHub.requestAttestation{value: requestFee}(response.abiEncodedRequest);
- Calculate the Voting Round Number
To determine the voting round in which the attestation request is processed, we query the
FlareSystemsManagercontract:
// Calculating roundId
IFlareSystemsManager flareSystemsManager = ContractRegistry
.getFlareSystemsManager();
uint32 roundId = flareSystemsManager.getCurrentVotingEpochId();
console.log("roundId: %s\n", Strings.toString(roundId));
This can be done within the existing broadcast or in a new one (as done in the demo repository for better code organization).
Again, we write the roundId to a file (data/AddressValidity_roundId.txt).
Wait for response
We wait for the round to finalize. This takes no more than 180 seconds.
You can check if the request was submitted successfully on the AttestationRequests page on the Flare Systems Explorer website. To check if the round has been finalized, go to Finalizations page.
If you want to learn more about how the FDC protocol works, check here.
Prepare proof request
We prepare the proof request in a similar manner as in the step Prepare the request, by string concatenation.
We import two new variables from the .env file; the URL of a verifier server and the corresponding API key.
note
string memory daLayerUrl = vm.envString("COSTON2_DA_LAYER_URL");
string memory apiKey = vm.envString("X_API_KEY");
Also, by repeatedly using the Foundry shortcode vm.readLine, we read the data, saved to a file in the previous step, to variables.
string memory votingRoundId = vm.readLine(filePath);
string memory requestBytes = vm.readLine(filePath);
The code is as follows.
contract RetrieveDataAndProof is Script {
using Surl for *;
function run() external {
string memory daLayerUrl = vm.envString("COSTON2_DA_LAYER_URL");
string memory apiKey = vm.envString("X_API_KEY");
string memory requestBytes = vm.readLine(
string.concat(
dirPath,
attestationTypeName,
"_abiEncodedRequest",
".txt"
)
);
string memory votingRoundId = vm.readLine(
string.concat(
dirPath,
attestationTypeName,
"_votingRoundId",
".txt"
)
);
console.log("votingRoundId: %s\n", votingRoundId);
console.log("requestBytes: %s\n", requestBytes);
string[] memory headers = Base.prepareHeaders(apiKey);
string memory body = string.concat(
'{"votingRoundId":',
votingRoundId,
',"requestBytes":"',
requestBytes,
'"}'
);
console.log("body: %s\n", body);
console.log(
"headers: %s",
string.concat("{", headers[0], ", ", headers[1]),
"}\n"
);
...
}
}
Post proof request to DA Layer
We post the proof request to a chosen DA Layer provider server also with the same code as we did in the previous step.
string memory url = string.concat(
daLayerUrl,
// "api/v0/fdc/get-proof-round-id-bytes"
"api/v1/fdc/proof-by-request-round-raw"
);
console.log("url: %s\n", url);
(, bytes memory data) = postAttestationRequest(url, headers, body);
Parsing the returned data requires the definition of an auxiliary struct.
struct ParsableProof {
bytes32 attestationType;
bytes32[] proofs;
bytes responseHex;
}
The field attestationType holds the UTF8 encoded hex string of the attestation type name, padded to 32 bytes.
Thus, it should match the value of the attestationType parameter in the Prepare the request step.
In our case, that value is 0x4164647265737356616c69646974790000000000000000000000000000000000.
The array proofs holds the Merkle proofs of our attestation request.
Lastly, responseHex is the ABI encoding of the chosen attestation type response struct.
In this case, it is the IAddressValidity.Response struct.
We retrieve this data as follows.
bytes memory dataJson = Base.parseData(data);
ParsableProof memory proof = abi.decode(dataJson, (ParsableProof));
IAddressValidity.Response memory proofResponse = abi.decode(
proof.responseHex,
(IAddressValidity.Response)
);
An example complete proof response and decoded IAddressValidity.Response.
An example DA Layer response for a request using the data provided in this example is:
{
response_hex: "0x
0000000000000000000000000000000000000000000000000000000000000020
4164647265737356616c69646974790000000000000000000000000000000000
7465737442544300000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000e6bda
000000000000000000000000000000000000000000000000ffffffffffffffff
00000000000000000000000000000000000000000000000000000000000000c0
0000000000000000000000000000000000000000000000000000000000000140
0000000000000000000000000000000000000000000000000000000000000020
0000000000000000000000000000000000000000000000000000000000000022
6d6739503966347772397737633173674665695443356f4d4c59584363326337
6873000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000001
0000000000000000000000000000000000000000000000000000000000000060
6810e152510fe893f9cc8954c4dfaecd5c2be00e2732d6fe3e25922f30c5a3c5
0000000000000000000000000000000000000000000000000000000000000022
6d6739503966347772397737633173674665695443356f4d4c59584363326337
6873000000000000000000000000000000000000000000000000000000000000",
attestation_type: "0x4164647265737356616c69646974790000000000000000000000000000000000",
proof: [
"0x275dc338dd4e6a0a8749caa098c6749e0e77e22ba9db264f334b5dfb79aa6321",
"0x084e002bbe12f4a163d82ddd17861d1d3131c816fe3b998d575d134043a6c8f1",
"0xc30304c7d430e3d0f83d05017035f13ca19dec2799917745967f4c48685eab49",
"0x4d622137c9e7c9a1fa3a5d2942a183a8e926ba8659fe606495ea994acbb6ec0f"
]
}
The proof field is dependent on the round in which the attestation request was submitted;
it contains proofs for all of the requests submitted in that round.
In the case of a single attestation request it is an empty list [] (the proof is the merkle root itself).
The decoded IAddressValidity.Response struct is:
[
attestationType: "0x4164647265737356616c69646974790000000000000000000000000000000000",
sourceId: "0x7465737442544300000000000000000000000000000000000000000000000000",
votingRound: "945114",
lowestUsedTimestamp: "18446744073709551615",
requestBody: [
"mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs",
addressStr: "mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs"
],
responseBody: [
true,
"mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs",
"0x6810e152510fe893f9cc8954c4dfaecd5c2be00e2732d6fe3e25922f30c5a3c5",
isValid: true,
standardAddress: "mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs",
standardAddressHash: "0x6810e152510fe893f9cc8954c4dfaecd5c2be00e2732d6fe3e25922f30c5a3c5"
]
]
Verify proof
FDC optimizes on-chain storage costs by implementing a hybrid data verification system. Instead of storing complete datasets on-chain, it stores only Merkle proofs, while maintaining the actual data through trusted offchain providers. This approach significantly reduces gas costs while preserving data integrity.
When requested, data providers supply the original data along with its corresponding Merkle proof. The protocol verifies data authenticity by comparing the provided Merkle proof against the on-chain Merkle root. A successful match confirms the data's integrity and authenticity within the FDC system.
While data verification is optional if you trust your data provider, FDC ensures transparency by making verification possible at any time. This capability is crucial for maintaining system integrity and allowing users to independently verify data when needed, particularly in production environments.
FDC provides verification functionality through the FdcVerification contract.
To verify address validity, we first format our data using the IAddressValidity.Proof struct, which contains both the Merkle proof and the response data.
IAddressValidity.Proof memory _proof = IAddressValidity.Proof(
proof.proofs,
proofResponse
);
We then access the FdcVerification contract through the ContractRegistry, and feed it the proof.
If we proof is valid, the function verifyAddressValidity will return true, otherwise false.
As before, we wrap the whole thing into a broadcast environment, using the PRIVATE_KEY variable from our .env file.
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerPrivateKey);
bool isValid = ContractRegistry
.getFdcVerification()
.verifyAddressValidity(proof);
console.log("proof is valid: %s\n", StringsBase.toString(isValid));
vm.stopBroadcast();
Use the data
We will now define a simple contract, that will demonstrate how the data can be used onchain. The contract will receive an address and proof, and decide if the address is valid. If the address is valid, the contract will add it to an array of valid addresses. Otherwise, it will raise an error.
The code for this contract is as follows.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;
import {console} from "dependencies/forge-std-1.9.5/src/console.sol";
import {Strings} from "@openzeppelin-contracts/utils/Strings.sol";
import {ContractRegistry} from "dependencies/flare-periphery-test-0.0.7/src/coston2/ContractRegistry.sol";
import {IFdcHub} from "dependencies/flare-periphery-test-0.0.7/src/coston2/IFdcHub.sol";
import {IAddressValidity} from "dependencies/flare-periphery-test-0.0.7/src/coston2/IAddressValidity.sol";
import {IFdcVerification} from "dependencies/flare-periphery-test-0.0.7/src/coston2/IFdcVerification.sol";
import {FdcStrings} from "src/utils/fdcStrings/AddressValidity.sol";
struct EventInfo {
address sender;
uint256 value;
bytes data;
}
contract AddressValidity {
string[] public verifiedAddresses;
function isAddressValidityProofValid(
IAddressValidity.Proof calldata transaction
) public view returns (bool) {
// Use the library to get the verifier contract and verify that this transaction was proved by the state connector
IFdcVerification fdc = ContractRegistry.getFdcVerification();
console.log("transaction: %s\n", FdcStrings.toJsonString(transaction));
// return true;
return fdc.verifyAddressValidity(transaction);
}
function registerAddress(
string calldata _addressStr,
IAddressValidity.Proof calldata _transaction
) external {
// 1. FDC Logic
// Check that this AddressValidity has indeed been confirmed by the FDC
require(
isAddressValidityProofValid(_transaction),
"Invalid transaction proof"
);
// 2. Business logic
string provedAddress = _transaction.data.requestBody.addressStr;
require(
Strings.equal(provedAddress, _addressStr),
string.concat(
"Invalid address.\n\tProvided: ",
_addressStr,
"\n\tProoved: ",
provedAddress
)
);
verifiedAddresses.push(provedAddress);
}
}
The function registerAddress takes as parameters a string representing an address, and a proof.
If the proof is valid, and if the given address matches the one in the proof, the address is added to an array of verified addresses.
We deploy the contract through a simple script.
The script creates a new AddressRegistry contract, and writes its address to a file (data/Address_listenerAddress.txt).
contract DeployContract is Script {
function run() external {
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerPrivateKey);
AddressRegistry addressRegistry = new AddressRegistry();
address _address = address(addressRegistry);
vm.stopBroadcast();
Base.writeToFile(
dirPath,
string.concat(attestationTypeName, "_address"),
StringsBase.toHexString(abi.encodePacked(_address)),
true
);
}
}
We run the above script with the following console command.
forge script script/fdcExample/AddressValidity.s.sol:Deploy --private-key $PRIVATE_KEY --rpc-url $COSTON2_RPC_URL --etherscan-api-key $FLARE_API_KEY --broadcast --ffi
Lastly, we define a script that interacts with the above contract.
It first reads the ABI encoded proof data, and the contract address, from files.
Then, it connects to the above contract at the saved address (this is why we require the interface).
With that, it is able to call the registerAddress method of the contract.
contract InteractWithContract is Script {
function run() external {
string memory addressString = vm.readLine(
string.concat(dirPath, attestationTypeName, "_address", ".txt")
);
address _address = vm.parseAddress(addressString);
string memory proofString = vm.readLine(
string.concat(dirPath, attestationTypeName, "_proof", ".txt")
);
bytes memory proofBytes = vm.parseBytes(proofString);
IAddressValidity.Proof memory proof = abi.decode(
proofBytes,
(IAddressValidity.Proof)
);
uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
vm.startBroadcast(deployerPrivateKey);
IAddressRegistry registry = IAddressRegistry(_address);
registry.registerAddress("mg9P9f4wr9w7c1sgFeiTC5oMLYXCc2c7hs", proof);
vm.stopBroadcast();
}
}
We run this script with the console command:
forge script script/fdcExample/
AddressValidity.s.sol:InteractWithContract --private-key $PRIVATE_KEY --rpc-url $COSTON2_RPC_URL --etherscan-api-key $FLARE_API_KEY --broadcast --ffi