Skip to content

Changelog

A detailed log of changes, research, and additions to DNZN // RESEARCH.

2026-01-15

Fixed: Eth Wallet Analyzer Error Handling

Type: Bug Fix | Location: Eth Wallet Analyzer

Fixed error handling in the wallet analyzer tool that caused analysis to fail when addresses had no internal transactions. The tool now gracefully handles cases where Etherscan returns "No transactions found" or "No records found" responses by treating them as empty result sets rather than hard errors.

What changed:

  • Updated fetchTransactions() function to distinguish between "no results found" and actual API errors
  • Tool now successfully analyzes addresses with missing transaction types (no internal txs, no token transfers, etc.)
  • Improved logging to use info level for "no results" cases instead of error

Pending Review Queue

Articles generated by robots awaiting human review, editing, and curation.

ARTICLE CREATED
Alameda/FTX Collapse 2026-01-09
MOVE Token Scandal 2026-01-09
Mantra OM Collapse 2026-01-09

2026-01-13

Added: Sentinel Token Allocation Contract Analysis

Type: Contract Analysis | Location: Sentinel Token Allocation

A comprehensive bytecode analysis of the Sentinel Token Allocation contract, an unverified centralized allocation ledger for tracking intended SENT token distributions. This pure accounting contract manages recipient-amount mappings without holding or transferring tokens directly. Analysis completed through transaction pattern analysis, function signature extraction, and bytecode decompilation. Gas: 65 tok.

Key findings:

  • Centralized allocation ledger deployed December 30, 2025 (Block 24,125,223)
  • Tracks token allocations for 100+ recipients across 20 batch allocation transactions
  • Single EOA owner control with no multisig or timelock protection
  • Pausable operations and irreversible allocation lock function
  • Emergency withdrawal functions for mistakenly sent assets (ETH and ERC-20)
  • Pure accounting mechanism—does not hold or transfer SENT tokens
  • 3-hour deployment window with concentrated batch processing, zero activity since
  • Risk assessment: 2 Critical, 3 High, 4 Medium, 3 Low, 2 Informational

Related pages: Functions | Storage Layout | Potential Risks | Methodology | Artifacts

Notable aspects:

  • Contract source code is unverified on Etherscan—analysis based on transaction patterns and bytecode
  • 19 functions cataloged (10 view, 9 admin, 0 public user functions)
  • Complete function selector mapping and event signature reconstruction
  • 450+ lines of reconstructed Solidity source code in artifacts
  • Multiple mermaid diagrams visualizing architecture, storage layout, and access control
  • 50+ verification commands for independent validation
  • Critical risks identified: unverified source code and single owner control without protective mechanisms

Infrastructure: Added to Contract Analysis section under Sentinel, alongside SENT Token, SENT Presale, and SENT Hive Registry analyses.

Added: Sentinel Hive Registry Contract Analysis

Type: Contract Analysis | Location: Sentinel Hive Registry

A comprehensive bytecode analysis of the Sentinel Hive Registry contract, an unverified UUPS upgradeable membership tracking system for SENT token holders. This analysis reconstructs the contract's functionality from bytecode, identifying 33+ functions, complete storage layout, and upgrade mechanisms.

Key findings:

  • UUPS upgradeable proxy pattern (EIP-1967 compliant) deployed December 28, 2025
  • Tracks SENT token holders meeting minimum balance threshold (default 1,000 SENT)
  • Registration system with external eligibility verification via Hive contract
  • Automated daily balance checks with batch processing (100 participant cap)
  • Cooldown period for re-registration (default 7 days, max 30 days)
  • Centralized owner control with unrestricted upgrade authority (no timelock)
  • External dependencies: SENT token (0xe88BAab9...c304) and Hive contract (configurable)
  • Risk assessment: 0 Critical, 3 High, 5 Medium, 4 Low, 3 Informational

Related pages: Functions | Storage Layout | Potential Risks | Methodology | Artifacts

Notable aspects:

  • Contract source code is unverified on Etherscan—analysis based entirely on bytecode decompilation
  • Reconstructed Solidity source code included in artifacts (450+ lines)
  • Complete function selector mapping and ABI reconstruction
  • 15+ mermaid diagrams illustrating architecture, storage, and logic flows
  • 50+ cast commands provided for independent verification

Infrastructure: Added to Contract Analysis section under Sentinel, following SENT Token and SENT Presale analyses.

2026-01-11

Added: Eth Wallet Analyzer Tool

Type: Interactive Tool | Location: Eth Wallet Analyzer

A client-side browser tool for analyzing Ethereum wallet transaction history. Generates detailed reports showing ETH and ERC20 token inflows, outflows, top counterparties, and recent activity. All processing happens in the browser using Etherscan API data—no data is sent to DNZN servers.

Key features:

  • ETH and ERC20 token analysis with configurable filters
  • Activity logging with real-time status updates
  • Cached responses and wallet history stored locally
  • Report download and clipboard copy
  • Independent security audit included in documentation

Enhanced: Cross-Linking Across Documentation

Type: Site Infrastructure | Scope: Multiple articles

Added strategic cross-links throughout the documentation to improve navigation and create educational pathways between related concepts. Cross-links connect abstract concepts to real-world examples and technical mechanisms to practical case studies.

Articles updated:

  • Flash Loans → Beanstalk Governance Attack (full deep dive link)
  • Oracles → Flash Loans (attack pattern mechanics)
  • Price Impact/Slippage → jaredfromsubway.eth (real-world MEV example)
  • Proxy Contracts → Bridges (Ronin exploit context) + Multisigs & Timelocks (securing upgrades)
  • jaredfromsubway.eth → Price Impact/Slippage (attack mechanics explanation)
  • October Flash Crash → Market Makers (liquidity withdrawal context)
  • Multisigs & Timelocks → Proxy Contracts (Bybit hack technical details)
  • Bridges → Proxy Contracts (vulnerability patterns)
  • BFT → Oracles, Beanstalk Governance Attack (application-layer exploits)

Impact: Readers can now navigate from high-level concepts to detailed case studies and vice versa, creating a more interconnected knowledge base.

Added: BFT (Byzantine Fault Tolerance)

Type: Low Dive | Location: BFT

Byzantine Fault Tolerance (BFT) is the ability of a distributed system to reach consensus even when some nodes fail or act maliciously. This low dive covers the Byzantine Generals Problem, how BFT consensus works (including the 3f+1 requirement), practical BFT (pBFT) and its three-phase protocol, modern variants like Tendermint and HotStuff, and the vulnerabilities that threaten BFT systems.

Key findings:

  • BFT systems tolerate up to 33% faulty nodes (compared to 51% in PoW)
  • pBFT introduced a practical three-phase protocol (pre-prepare, prepare, commit) in 1999
  • Modern variants optimize different trade-offs: Tendermint (linear view changes), HotStuff (responsive + linear communication)
  • BFT provides absolute finality—transactions cannot be reversed once consensus is reached
  • Major vulnerabilities include Sybil attacks, majority attacks (>33% control), and view change failures
  • Communication overhead limits validator count (O(n²) in pBFT, O(n) in HotStuff)

Glossary additions: BFT, Byzantine Fault Tolerance, Byzantine Generals Problem, pBFT, Practical Byzantine Fault Tolerance, Tendermint, HotStuff, Consensus, Finality, View Change, Validator, Proof of Work, PoW, Proof of Stake, PoS, Sybil Attack

Infrastructure: Added BFT to Technology section alongside Oracles and Bridges.

2026-01-09

Added: Privacy Policy

Type: Site Infrastructure | Location: Privacy Policy

Added a privacy policy page to document Google Analytics usage. The policy explains what anonymous data is collected (page views, device info, referrals), confirms no personal information is gathered, and provides options for users who prefer to block tracking.

Revised: Market Makers (Low Dive)

Type: Low Dive | Location: Market Makers

Revised the Market Makers article from deep dive length (~508 lines) to proper low dive format (~257 lines). Removed redundant case study content that duplicated other deep dives, added TL;DR section, reduced diagram count from 9 to 2, and converted detailed case studies to brief mentions with cross-references to new dedicated deep dive articles.

Added: Alameda/FTX Collapse (November 2022)

Type: Deep Dive (Event) | Location: Alameda/FTX Collapse

The November 2022 collapse of FTX and Alameda Research demonstrated what happens when a market maker operates without oversight, with privileged exchange access, and with other people's money. Alameda had secret exemptions from FTX's risk controls, including immunity from auto-liquidation, and used customer deposits to cover trading losses.

Key findings:

  • Alameda had a hidden $65B line of credit to withdraw customer funds
  • FTT token used as collateral created circular solvency dependencies
  • $8.9B in customer funds went missing; $6B withdrawn in 72 hours during bank run
  • Sam Bankman-Fried convicted on all 7 counts, sentenced to 25 years
  • Post-collapse "Alameda Gap" saw market liquidity drop ~50%

Added: MOVE Token Scandal (2025)

Type: Deep Dive (Event) | Location: MOVE Token Scandal

Movement Labs executives colluded with their market maker to dump $38M worth of MOVE tokens on retail investors immediately after the December 2024 exchange listing. Internal documents showed explicit incentives to "manipulate the price to over $5 billion FDV and then dump on retail for shared profit."

Key findings:

  • 66 million MOVE tokens dumped the day after listing
  • Deal structure documented coordinated pump-and-dump for "shared profit"
  • World Liberty Financial (Trump-associated) was an early backer
  • Coinbase delisted MOVE; Binance froze market maker proceeds
  • Multiple executives terminated; investigations ongoing

Added: Mantra OM Collapse (April 2025)

Type: Deep Dive (Event) | Location: Mantra OM Collapse

On April 13, 2025, Mantra's OM token collapsed 92% in hours—from $6.21 to under $0.50—wiping out $5B+ in market cap. OKX alleged circular collateralization schemes where USDT loans backed by OM were used to buy more OM, creating artificial price support that collapsed when risk teams froze accounts.

Key findings:

  • 92% crash occurred on Sunday evening UTC when liquidity was thinnest
  • OKX alleged circular collateralization: borrow USDT against OM, buy more OM
  • Circulating supply and volume metrics allegedly misrepresented
  • Multiple market makers denied being Mantra's official MM
  • Token trades at ~$0.07 as of late 2025 (99% decline from peak)

Added: Glossary Terms

Type: Glossary Update | Location: Glossary

Added market maker terminology to support the new deep dive articles.

Glossary additions: Market Maker, Designated Market Maker, DMM

2026-01-08

Added: Beanstalk Governance Attack (April 2022)

Type: Deep Dive (Event) | Location: Beanstalk Governance Attack

On April 17, 2022, an attacker used a $1B+ flash loan to gain 79% voting power in Beanstalk's governance system, then executed a malicious proposal that drained $182M from the protocol in a single transaction. The attack exploited the emergencyCommit() function which allowed same-block proposal execution without delays. This deep dive covers the attack mechanics, timeline, key actors, the protocol's recovery via the "Barn Raise," and lessons for governance design.

Key findings:

  • Attacker flash-loaned $1.04B from Aave, Uniswap, and SushiSwap to acquire 79% voting power
  • emergencyCommit() function allowed instant proposal execution with zero delay
  • Attacker netted ~$76M profit (24,830 ETH); laundered via 270 Tornado Cash transactions
  • Founders "Publius" (Weintraub, Sanderson, Montoya) doxxed themselves post-attack
  • Protocol relaunched 4 months later with multisig governance replacing on-chain voting

Glossary additions: Governance Attack

Added: Flash Loans

Type: Low Dive | Location: Flash Loans

Flash loans are uncollateralized loans that must be borrowed and repaid within a single blockchain transaction—if repayment fails, the entire transaction reverts. This article covers the mechanics, legitimate use cases (arbitrage, collateral swaps, liquidations), major providers and their fees, attack patterns that have exploited vulnerable protocols, and defensive measures.

Key findings:

  • Flash loans enable borrowing unlimited funds with zero collateral, but atomicity means lenders face zero risk
  • Over $300M stolen via flash loan-assisted attacks since 2020 (bZx, Harvest Finance, Beanstalk)
  • Major providers: Aave (0.05%), Uniswap (0.05-1%), Balancer (0%), MakerDAO (0% flash mint)
  • Flash loans amplify existing vulnerabilities—particularly oracle manipulation and governance attacks
  • Defenses include TWAP oracles, governance time delays, and multi-source price feeds

Glossary additions: Flash Swap, Atomic Transaction, EIP-3156

2026-01-05

Added: Jared 2.0 MEV Bot Contract Analysis

Type: Contract Analysis | Location: Jared 2.0 MEV Bot

A detailed bytecode analysis of the Jared 2.0 MEV bot contract (0x1f2f10d1c40777ae1da742455c65828ff36df387), the second iteration of the notorious jaredfromsubway.eth sandwich attack infrastructure. This analysis examines the contract's multi-DEX integration, stateless architecture, and the technical mechanisms enabling multi-layer sandwich attacks.

Key findings:

  • Contract is stateless (no storage slots used) for gas efficiency and security
  • Integrates with 5+ DEXs: Uniswap V2/V3, Balancer, Curve, DODO
  • Includes Uniswap V3 liquidity functions (mint/burn/collect) for multi-layer attacks
  • Access control hardcoded to single EOA (jaredfromsubway.eth)
  • 2.39M+ transactions processed since August 2024

Related pages: Functions | Storage Layout | Potential Risks | Methodology | Artifacts

2026-01-04

Added: jaredfromsubway.eth Deep Dive

Type: Deep Dive (Entity) | Location: jaredfromsubway.eth

A comprehensive analysis of one of Ethereum's most notorious MEV bot operators. jaredfromsubway.eth rose to infamy during the April 2023 memecoin frenzy, executing sandwich attacks that extracted an estimated $22M+ in revenue while spending $34M in gas fees. The article covers attack mechanics, timeline of activity, contract addresses, evolution to "Jared 2.0" with multi-layer attacks, and protection mechanisms available to traders.

Key findings:

  • At peak activity, jaredfromsubway transactions appeared in over 60% of Ethereum blocks
  • 106,000+ unique addresses victimized across 238,000+ sandwich attacks
  • Jared 2.0 (August 2024) introduced 5-layer and 7-layer sandwich attacks using liquidity provision
  • Operator identity remains unknown despite extensive on-chain analysis

Glossary additions: Front-Running, Back-Running, Block Builder, MEV Searcher

Added: Proxy Contracts & Upgradeability

Type: Low Dive | Location: Proxy Contracts & Upgradeability

Proxy contracts enable smart contract upgradeability by separating storage from logic—but this flexibility introduces trust assumptions and attack surfaces. This article covers how delegatecall works, the major proxy patterns (Transparent, UUPS, Beacon), EIP-1967 storage slots, and the vulnerabilities that have cost protocols hundreds of millions.

Key findings:

  • Uninitialized implementation contracts remain a critical attack vector ($12M Ronin, Delta Prime, Pike Finance in 2024)
  • UUPS is more gas-efficient but can be permanently bricked if upgrade logic is removed
  • Storage layout must be preserved exactly across upgrades or state corruption occurs
  • EIP-1967 standardizes storage slots to prevent collisions between proxy and implementation

Glossary additions: Proxy Contract, Implementation Contract, Delegatecall, Transparent Proxy, UUPS, ERC-1822, Beacon Proxy, EIP-1967, Storage Collision, Initializer, Storage Layout

Added: Bridge Technology Overview

Type: Low Dive | Location: Bridges

Cross-chain bridges enable asset transfers between isolated blockchains by introducing trust assumptions—and those assumptions have cost users over $2.8B since 2022. This article covers the mechanics (lock-and-mint, burn-and-mint, lock-and-unlock), the trust spectrum from centralized custodians to ZK-verified systems, and a graveyard of major exploits.

Key findings:

  • Private key compromise dominates attack vectors—not smart contract bugs
  • The $625M Ronin hack originated from a fake LinkedIn job offer targeting an Axie engineer
  • Canonical bridges (operated by L2 teams) inherit chain security; third-party bridges introduce new trust assumptions
  • $55B TVL across bridges in 2025 makes them persistent honeypots

Glossary additions: Bridge, Cross-Chain Bridge, Wrapped Token, Lock and Mint, Burn and Mint, Canonical Bridge, Validator Bridge, IBC