diff --git a/.github/workflows/release-cycle.yml b/.github/workflows/release-cycle.yml
index 1831bd519..2fd66458d 100644
--- a/.github/workflows/release-cycle.yml
+++ b/.github/workflows/release-cycle.yml
@@ -142,6 +142,11 @@ jobs:
         run: bash scripts/release/workflow/pack.sh
         env:
           PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
+      - name: Upload tarball artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ github.ref_name }}
+          path: ${{ steps.pack.outputs.tarball }}
       - name: Tag
         run: npx changeset tag
       - name: Publish
@@ -158,6 +163,26 @@ jobs:
           PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
         with:
           script: await require('./scripts/release/workflow/github-release.js')({ github, context })
+    outputs:
+      tarball_name: ${{ steps.pack.outputs.tarball_name }}
+
+  integrity_check:
+    needs: publish
+    name: Tarball Integrity Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Download tarball artifact
+        id: artifact
+        # Replace with actions/upload-artifact@v3 when
+        # https://github.com/actions/download-artifact/pull/194 gets released
+        uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
+        with:
+          name: ${{ github.ref_name }}
+      - name: Check integrity
+        run: bash scripts/release/workflow/integrity-check.sh
+        env:
+          TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
 
   merge:
     needs: state
diff --git a/scripts/release/workflow/integrity-check.sh b/scripts/release/workflow/integrity-check.sh
new file mode 100644
index 000000000..86e99f929
--- /dev/null
+++ b/scripts/release/workflow/integrity-check.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+CHECKSUMS="$RUNNER_TEMP/checksums.txt"
+
+# Extract tarball content into a tmp directory
+tar xf "$TARBALL" -C "$RUNNER_TEMP"
+
+# Move to extracted directory
+cd "$RUNNER_TEMP/package"
+
+# Checksum all Solidity files
+find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS"
+
+# Back to directory with git contents
+cd "$GITHUB_WORKSPACE/contracts"
+
+# Check against tarball contents
+shasum -c "$CHECKSUMS"
diff --git a/scripts/release/workflow/pack.sh b/scripts/release/workflow/pack.sh
index 798417d3d..ce30712f8 100644
--- a/scripts/release/workflow/pack.sh
+++ b/scripts/release/workflow/pack.sh
@@ -20,6 +20,7 @@ dist_tag() {
 
 cd contracts
 TARBALL="$(npm pack | tee /dev/stderr | tail -1)"
+echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT
 echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT
 echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT
 cd ..
diff --git a/scripts/release/workflow/publish.sh b/scripts/release/workflow/publish.sh
index f9e2802d9..41a9975cb 100644
--- a/scripts/release/workflow/publish.sh
+++ b/scripts/release/workflow/publish.sh
@@ -15,6 +15,6 @@ delete_tag() {
 
 if [ "$TAG" = tmp ]; then
   delete_tag "$TAG"
-elif ["$TAG" = latest ]; then
+elif [ "$TAG" = latest ]; then
   delete_tag next
 fi