Artifacts
Analysis artifacts for the Batch Sender & Sweeper contract at 0x4320b7...5C236 (etherscan).
This document catalogs all files generated during the bytecode analysis process, including decompiled source code, verification scripts, transaction data, and analysis notes.
Artifact Directory
All artifacts are stored in:
File Inventory
| FILE | SIZE | LINES | DESCRIPTION |
|---|---|---|---|
| bytecode.txt | 10,821 bytes | 1 | Raw deployment bytecode |
| runtime-bytecode.txt | 10,821 bytes | 1 | Runtime bytecode (same as deployment) |
| decompiled-source.sol | 9,008 bytes | 255 | Reconstructed Solidity source |
| decompilation-notes.md | 22,797 bytes | 732 | Detailed analysis notes |
| ARCHITECTURE.md | 22,210 bytes | 404 | Architecture documentation |
| verify-decompilation.sh | 3,530 bytes | 129 | Automated verification script |
| transactions-first.json | 84,202 bytes | 1 | Raw transaction history data |
| etherscan-source.json | 364 bytes | 1 | Etherscan source verification response |
| etherscan-source-check.json | 0 bytes | 0 | Empty (source not verified) |
| README.md | 8,939 bytes | 1 | Artifact collection overview |
| TODO.md | 3,662 bytes | 1 | Analysis task tracking |
Total Files: 11
Total Size: ~165 KB
Core Artifacts
bytecode.txt
Purpose: Raw deployment bytecode retrieved from Ethereum mainnet
Format: Hexadecimal string (0x-prefixed)
Size: 10,821 bytes (5,410.5 bytes decoded)
Retrieval Command:
Contents:
Metadata:
Bytecode contains CBOR-encoded metadata at end:
runtime-bytecode.txt
Purpose: Runtime bytecode (deployed code without constructor)
Format: Hexadecimal string (0x-prefixed)
Size: 10,821 bytes
Note: For this contract, runtime bytecode equals deployment bytecode (no constructor parameters).
Verification:
# Verify bytecode matches on-chain
cast code 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 | \
diff - bytecode.txt
Expected: No differences
decompiled-source.sol
Purpose: Reconstructed Solidity source code from bytecode analysis
Format: Solidity 0.8.26
Size: 9,008 bytes
Lines: 255
Confidence: 95%+
Key Sections
Storage (Lines 17-18)
Events (Lines 22-56)
event Received(address sender, uint256 amount);
event Swept(address token, uint256 amount);
event EthSent(address to, uint256 amount);
event TokenSent(address to, address token, uint256 amount);
event UnknownSweptEvent(uint256 amount);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
Errors (Lines 60-67)
Functions (Lines 72-254)
All 7 functions fully reconstructed:
receive()(Lines 89-91)transferOwnership(address)(Lines 99-106)batchSend(...)(Lines 119-157)sweepToken(address)(Lines 163-172)sweepTokens(address[])(Lines 178-193)sweepETH()(Lines 198-206)_safeTransfer(...)(Lines 217-238)_getTokenBalance(...)(Lines 246-254)
Note: Variable names, comments, and exact error messages are inferred from standard patterns. Core logic is verified against bytecode.
decompilation-notes.md
Purpose: Detailed technical analysis notes from decompilation process
Format: Markdown
Size: 22,797 bytes
Lines: 732
Contents Overview
- Executive Summary (Lines 1-20)
- Contract Architecture (Lines 22-57)
- Storage Layout (Lines 59-82)
- Function Analysis (Lines 84-350) - Detailed breakdown of each function
- Internal Functions (Lines 302-351)
- Event Signatures (Lines 353-376)
- Error Signatures (Lines 378-398)
- External Contract Calls (Lines 400-442)
- Use Cases (Lines 444-483)
- Security Considerations (Lines 485-553)
- Risk Assessment (Lines 513-553)
- Comparison to Standards (Lines 555-572)
- Decompilation Methodology (Lines 574-613)
- Verification Commands (Lines 615-642)
- Recommendations (Lines 659-683)
- Conclusion (Lines 685-715)
Key Insights
From decompilation-notes.md:
Function Coverage:
- 7 functions identified and analyzed
- 6 events documented (5 verified, 1 unknown)
- 4 error types cataloged
- 2 internal helpers reconstructed
Risk Summary:
Critical: 0
High: 1 (Owner Key Compromise)
Medium: 2 (Reentrancy, Gas DoS)
Low: 3 (One-step transfer, No whitelist, Atomicity)
ARCHITECTURE.md
Purpose: Visual architecture documentation with ASCII diagrams
Format: Markdown with ASCII art
Size: 22,210 bytes
Lines: 404
Contents
- Visual contract overview (ASCII box diagram)
- Function call flows (ASCII flowcharts)
- Access control matrix
- Event emission diagram
- External interaction patterns
- Error handling table
- Data flow diagrams
- Security model
- State machine representation
- Gas optimization strategies
- Comparison tables
Notable Diagrams
Storage Layout (Lines 11-13)
┌────────────────────────────────────────────────────────┐
│ Slot 0: address owner │
└────────────────────────────────────────────────────────┘
batchSend() Flow (Lines 74-100)
Complete ASCII flowchart showing validation, loop iteration, ETH/token transfers.
Security Model (Lines 255-288)
Trust assumptions and attack vector analysis.
verify-decompilation.sh
Purpose: Automated script to verify decompilation against on-chain data
Format: Bash shell script
Size: 3,530 bytes
Lines: 129
Permissions: Executable (chmod +x)
Script Sections
Function Selector Verification (Lines 25-50)
Computes keccak256 hash of function signatures and compares to extracted selectors:
functions=(
"sweepToken(address):0x1be19560"
"batchSend(address[],uint256[],address[],uint256[]):0x6f074e32"
"owner():0x8da5cb5b"
"sweepTokens(address[]):0x909b19d9"
"sweepETH():0xd47f6877"
"transferOwnership(address):0xf2fde38b"
)
Event Signature Verification (Lines 53-76)
Verifies event topic hashes:
events=(
"Received(address,uint256):0x88a5966d..."
"Swept(address,uint256):0xc36b5179..."
"EthSent(address,uint256):0x78f5cdad..."
"TokenSent(address,address,uint256):0x3ddb739c..."
"OwnershipTransferred(address,address):0x8be0079c..."
)
On-Chain Verification (Lines 78-118)
Queries contract state:
# Read owner
cast call $CONTRACT "owner()(address)"
# Check balance
cast balance $CONTRACT
# Verify bytecode
cast code $CONTRACT
Usage
Expected output:
========================================
Contract Decompilation Verification
Address: 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236
========================================
=== Function Selector Verification ===
✓ sweepToken(address)
✓ batchSend(address[],uint256[],address[],uint256[])
✓ owner()
✓ sweepTokens(address[])
✓ sweepETH()
✓ transferOwnership(address)
=== Event Signature Verification ===
✓ Received(address,uint256)
✓ Swept(address,uint256)
✓ EthSent(address,uint256)
✓ TokenSent(address,address,uint256)
✓ OwnershipTransferred(address,address)
=== On-Chain Verification ===
✓ Owner: 0x5D81236693E7D92bF61614Fb3fC4c6Fb79D36635
✓ ETH Balance: 0 wei
✓ Bytecode size: 5410 bytes
✓ Bytecode matches local copy
Supporting Artifacts
transactions-first.json
Purpose: Raw transaction history data from Etherscan API
Format: JSON
Size: 84,202 bytes
Contents:
{
"status": "1",
"message": "OK",
"result": [
{
"blockNumber": "24200006",
"timeStamp": "1767996419",
"hash": "0xdf4ae7ba89701257eec34f260e9f249ab827c6eb8766167c9f7cb6c2ead0bcbc",
"from": "0x5d81236693e7d92bf61614fb3fc4c6fb79d36635",
"to": "",
"value": "0",
"contractAddress": "0x4320b7c74995e6b7ba8a5918cfa9bb3e39f5c236",
"input": "0x608060405234801561000f575f80fd5b50335f806101000a81548...",
"gas": "1500000",
"gasUsed": "541091",
"isError": "0"
}
]
}
Key Data:
- Only 1 transaction (deployment)
- No operational usage detected as of Feb 3, 2026
- Gas used: 541,091
- Deployer:
0x5d8123...36635
etherscan-source.json
Purpose: Etherscan source verification API response
Format: JSON
Size: 364 bytes
Contents:
Confirms contract source code is not verified on Etherscan.
etherscan-source-check.json
Purpose: Placeholder for source verification check
Format: JSON (empty)
Size: 0 bytes
Note: Empty file confirms no verified source available.
README.md
Purpose: Overview of artifact collection
Format: Markdown
Size: 8,939 bytes
Contents:
- Artifact directory overview
- File descriptions
- Usage instructions
- Verification procedures
- Quick reference guide
TODO.md
Purpose: Analysis task tracking during investigation
Format: Markdown
Size: 3,662 bytes
Contents:
- Completed analysis tasks (checked)
- Remaining verification steps (unchecked)
- Questions to investigate
- Documentation improvements needed
Verification Commands
Verify All Function Selectors
echo "owner()" | cast keccak | cut -c1-10
# Expected: 0x8da5cb5b
echo "transferOwnership(address)" | cast keccak | cut -c1-10
# Expected: 0xf2fde38b
echo "sweepToken(address)" | cast keccak | cut -c1-10
# Expected: 0x1be19560
echo "sweepTokens(address[])" | cast keccak | cut -c1-10
# Expected: 0x909b19d9
echo "sweepETH()" | cast keccak | cut -c1-10
# Expected: 0xd47f6877
echo "batchSend(address[],uint256[],address[],uint256[])" | cast keccak | cut -c1-10
# Expected: 0x6f074e32
Verify All Event Signatures
echo "Received(address,uint256)" | cast keccak
# Expected: 0x88a5966d370b9919b20f3e2c13ff65706f196a4e32cc2c12bf57088f88525874
echo "Swept(address,uint256)" | cast keccak
# Expected: 0xc36b5179cb9c303b200074996eab2b3473eac370fdd7eba3bec636fe35109696
echo "EthSent(address,uint256)" | cast keccak
# Expected: 0x78f5cdad99320ec2ba57132d7dffb1d125775c823239e60ff5e9300fd4ac898c
echo "TokenSent(address,address,uint256)" | cast keccak
# Expected: 0x3ddb739c68dd901671f09fbe0bc2344c179ed55f8e8110a7c7a3c5665bd9518d
echo "OwnershipTransferred(address,address)" | cast keccak
# Expected: 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0
Note: Event 0xe0d60934... (emitted by sweepETH()) not found in 4byte.directory.
Verify Storage State
# Read owner from slot 0
cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 0
# Verify slots 1-10 are empty
for i in {1..10}; do
cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 $i
done
Verify Contract State
# Get current owner
cast call 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 "owner()(address)"
# Get ETH balance
cast balance 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236
# Get bytecode size
cast code 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 | wc -c
Decompiled Source Code Excerpt
Contract Header
// SPDX-License-Identifier: UNLICENSED
// Decompiled from bytecode at 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236
// Compiler: Solidity 0.8.26
// Decompiled by: DNZN Research
pragma solidity ^0.8.26;
/**
* @title BatchSenderAndSweeper
* @notice Contract for batch sending ETH/tokens and sweeping stuck funds
* @dev Uses Ownable pattern with custom errors for access control
*/
contract BatchSenderAndSweeper {
Core Functions
receive() function:
/// @notice Accepts ETH transfers and emits event
receive() external payable {
emit Received(msg.sender, msg.value);
}
batchSend() function excerpt:
function batchSend(
address[] calldata ethRecipients,
uint256[] calldata ethAmounts,
address[] calldata tokenRecipients,
uint256[] calldata tokenAmounts
) external payable onlyOwner {
uint256 length = ethRecipients.length;
// Validate array lengths match
require(
length == ethAmounts.length &&
length == tokenRecipients.length &&
length == tokenAmounts.length,
"length mismatch"
);
// Process each recipient
for (uint256 i = 0; i < length; i++) {
// Send ETH if amount > 0
// Send tokens if amount > 0
}
}
_safeTransfer() internal helper:
function _safeTransfer(address token, address to, uint256 amount) internal {
// Encode transfer(address,uint256) call
bytes memory data = abi.encodeWithSelector(
0xa9059cbb, // transfer(address,uint256)
to,
amount
);
(bool success, bytes memory returndata) = token.call(data);
if (!success) {
revert SafeERC20FailedOperation();
}
// Check return value if any
if (returndata.length > 0) {
bool returnValue = abi.decode(returndata, (bool));
if (!returnValue) {
revert SafeERC20FailedOperation();
}
}
}
Full source: See decompiled-source.sol (255 lines)
Usage Guide
For Auditors
-
Review Decompiled Source:
-
Read Analysis Notes:
-
Run Verification Script:
-
Compare Against Bytecode:
- Review function selectors in bytecode
- Trace control flow via JUMPI destinations
- Verify storage layout via SLOAD/SSTORE operations
For Developers
-
Study Patterns:
- Ownable implementation (slot 0 owner pattern)
- SafeERC20 low-level call pattern
- Custom error usage (gas optimization) -
Reuse Code:
-decompiled-source.solcan serve as reference
- Note: This is reconstructed code (not original)
- Verify and modify before production use -
Test Locally:
- Deploy reconstructed source to testnet
- Compare gas costs with original
- Verify behavior matches
For Security Researchers
-
Independent Verification:
- Use different decompiler (e.g., Dedaub, Panoramix)
- Compare results with DNZN analysis
- Report discrepancies -
Pattern Analysis:
- Study function dispatcher structure
- Analyze loop patterns for gas DoS risks
- Trace external call patterns for reentrancy -
On-Chain Testing:
- Fork mainnet state
- Simulate function calls
- Test edge cases
Reproduction Guide
To reproduce this analysis independently:
Step 1: Retrieve Bytecode
mkdir -p artifacts/4320b7...5C236
cd artifacts/4320b7...5C236
cast code 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 > bytecode.txt
Step 2: Extract Function Selectors
# Method 1: Manual (first 4 bytes of each JUMPI target)
xxd -p bytecode.txt | grep -E "63[0-9a-f]{8}" | cut -c3-10
# Method 2: Use 4byte.directory API
curl "https://www.4byte.directory/api/v1/signatures/?hex_signature=0x8da5cb5b"
Step 3: Decompile Bytecode
Manual decompilation:
- Identify function dispatcher (first 500 bytes)
- Trace JUMPI destinations for each function
- Map SLOAD/SSTORE operations to storage slots
- Identify LOG operations and extract topic hashes
- Reconstruct Solidity source from patterns
Step 4: Verify Against On-Chain
# Verify owner
cast call 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 "owner()(address)"
# Verify storage
cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 0
Step 5: Document Findings
Create analysis documents following DNZN standards.
Artifact Integrity
Checksums
Generate checksums to verify artifact integrity:
cd artifacts/4320b7...5C236
# SHA256 checksums
sha256sum bytecode.txt
sha256sum decompiled-source.sol
sha256sum verify-decompilation.sh
Verification
Users can verify artifacts haven't been tampered with by:
- Retrieving fresh bytecode from mainnet
- Comparing with
bytecode.txtvia checksum - Running
verify-decompilation.shto confirm selectors match - Cross-referencing analysis against independent sources
External References
Bytecode Sources
- Etherscan: https://etherscan.io/address/0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236#code
- On-Chain: Direct RPC query via
eth_getCode
Function Signature Databases
- 4byte.directory: https://www.4byte.directory/
- Ethereum Signature Database: https://sig.eth.samczsun.com/
Decompiler Tools
- Dedaub: https://library.dedaub.com/decompile
- Panoramix: https://github.com/palkeo/panoramix
- ethervm.io: https://ethervm.io/decompile
Artifact Preservation
All artifacts are preserved in the DNZN Research repository for:
- Reproducibility of analysis
- Independent verification
- Historical reference
- Educational purposes
- Security research
Repository: https://github.com/[repository-path]/dnzn.research/artifacts/4320b7...5C236/
License: Analysis artifacts are provided for educational and research purposes only. Reconstructed source code should not be considered original or production-ready.
Contact & Feedback
Questions about these artifacts or the analysis process?
- Submit feedback via DNZN Research contact form
- Open issue on GitHub repository
- Reference this contract address:
0x4320b7...5C236
Spotted an error in the decompilation? Independent verification results differ? We welcome corrections and improvements to the analysis.