Skip to content

Methodology

DISCLAIMER // NFA // DYOR

This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.

⊙ generated by robots | curated by humans

METADATA
Contract Address 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 (etherscan)
Network Ethereum Mainnet
Analysis Date 2025-12-26

Overview

This document outlines the methodology used to analyze the Sentinel Presale contract at address 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563. Since the source code is not verified on Etherscan, analysis was performed through bytecode examination, storage slot reading, and function signature matching.

Thought Process

%%{init: {'theme': 'base'}}%%
mindmap
  root((Contract Analysis))
    Phase 0: Obtain Contract
      Fetch bytecode from chain
      Check for verified source
      Check proxy patterns
      Store artifacts locally
    Phase 1: Discovery
      Extract function selectors
      Match known signatures
      Read storage slots
      Identify patterns
        Ownable
        ReentrancyGuard
        ERC20 interactions
    Phase 2: Reconstruction
      Analyze error messages
      Map storage layout
      Reconstruct Solidity
      Validate via calls
    Phase 3: Deep Analysis
      Categorize functions
      Trace fund flows
      Identify access control
      Document behaviors
    Phase 4: Risk Assessment
      Centralization points
      Trust assumptions
      Economic risks
      Technical concerns
    Phase 5: Documentation
      Contract Analysis
      Functions
      Storage Layout
      Potential Risks
      Methodology
      Artifacts

Verification Guide

Tools Used

  • Foundry Cast: Command-line tool for interacting with Ethereum contracts
  • Python: For bytecode parsing and selector extraction
  • Etherscan: For transaction history and address labeling

External Resources

RESOURCE PURPOSE
Etherscan Transaction history, bytecode, address info
4byte.directory Function signature database
Foundry Documentation Cast command reference
OpenZeppelin Contracts Standard pattern reference

Commandline Tools

Tip

Commands below use cast from the Foundry Toolkit. To run the commands below, you must set the RPC URL environment variable:

export ETH_RPC_URL=https://eth.llamarpc.com

Fetch Contract Bytecode

Retrieve the deployed runtime bytecode from the blockchain.

# FETCH RUNTIME BYTECODE
cast code 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563

Check Proxy Implementation

Determine if the contract is a proxy and find the implementation address.

# CHECK EIP-1967 IMPLEMENTATION SLOT
cast implementation 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563

Result: 0x0000000000000000000000000000000000000000 - Not a proxy.

Read Storage Slots

Directly read contract storage to verify state variables.

# READ OWNER (SLOT 0)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 0

# READ REENTRANCY LOCK (SLOT 1)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 1

# READ USDT ADDRESS (SLOT 2)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 2

# READ BENEFICIARY (SLOT 3)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 3

# READ SENTINEL TOKEN (SLOT 4)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 4

# READ TOTAL SENTINEL BOUGHT (SLOT 5)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 5

# READ TOTAL SENTINEL RAISED (SLOT 6)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 6

# READ PACKED STATE (SLOT 9)
cast storage 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 9

Call View Functions

Verify storage readings match public getter functions.

# VERIFY OWNER
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "owner()(address)"

# VERIFY BENEFICIARY
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "beneficiary()(address)"

# CHECK PRESALE STATUS
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "isPresaleActive()(bool)"

# GET TOTAL SENTINEL BOUGHT
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "totalSentinelBought()(uint256)"

# GET TOTAL SENTINEL RAISED
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "totalSentinelRaised()(uint256)"

# GET PRESALE STATS (MULTIPLE RETURN VALUES)
cast call 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563 "getPresaleStats()(uint256,uint256,uint256)"

Fetch Creation Transaction

Retrieve the deployment transaction for constructor analysis.

# GET CREATION TX INPUT DATA
cast tx 0x2cdc2c5f3a0b2f0b85e6692b32cb791337fe9a6938785138ee0f409261b535d7 input

# GET DEPLOYMENT BLOCK
cast tx 0x2cdc2c5f3a0b2f0b85e6692b32cb791337fe9a6938785138ee0f409261b535d7 --json | jq '.blockNumber'

Check Code Size

Verify contract exists and get bytecode size.

# GET CONTRACT CODE SIZE IN BYTES
cast codesize 0x8d33666c83f7f17a1b8dc0e950d8ff2e7e37c563

Result: 12,329 bytes

Analysis Steps Performed

1. Contract Retrieval

  • Fetched runtime bytecode using cast code
  • Checked for proxy patterns using cast implementation
  • Retrieved creation transaction for constructor arguments
  • Stored all artifacts locally

2. Function Selector Extraction

  • Extracted 4-byte function selectors from bytecode
  • Matched selectors against known signatures
  • Categorized functions by role (admin, user, view)

3. Storage Layout Mapping

  • Read all relevant storage slots
  • Identified standard patterns (Ownable at slot 0, ReentrancyGuard at slot 1)
  • Decoded packed variables in slot 9
  • Verified readings via public getter calls

4. Error Message Extraction

  • Located string constants in bytecode
  • Extracted revert messages for function behavior understanding
  • Used messages to infer function logic and conditions

5. Code Reconstruction

  • Built approximate Solidity source from:
  • Function signatures
  • Storage layout
  • Error messages
  • Standard pattern recognition
  • Created SentinelPresale_reconstructed.sol

6. External Investigation

  • Looked up owner and beneficiary addresses on Etherscan
  • Traced fund flows
  • Checked for contract labels or associations

7. Documentation Generation

  • Created all analysis documents following templates
  • Included verification commands for reproducibility
  • Documented findings with appropriate certainty levels

Limitations

This analysis has inherent limitations due to:

  1. Unverified Source: Working from bytecode reconstruction, not original source
  2. No Audit Access: Cannot verify if professional audit was performed
  3. Snapshot Analysis: Represents state at time of analysis only
  4. Interpretation: Some function behaviors are inferred, not confirmed
  5. External Factors: Off-chain processes and team intentions unknown

Reproducibility

All findings can be reproduced using:

  1. The commands listed above
  2. Any Ethereum RPC endpoint
  3. Foundry toolkit (cast command)

For complete reproduction:

# Install Foundry
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Set RPC
export ETH_RPC_URL=https://eth.llamarpc.com

# Run verification commands from above