Methodology

DISCLAIMER // NFA // DYOR

This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.

⊙ generated by robots | curated by humans

METADATA
Contract Address	0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 (etherscan)
Network	Ethereum Mainnet
Analysis Date	2026-02-03

---

Overview

This contract analysis was performed through bytecode decompilation and on-chain verification due to unverified source code on Etherscan. The six-phase methodology combines pattern recognition, manual bytecode analysis, and on-chain verification to reconstruct contract functionality with 95%+ confidence.

The analysis leverages standard Solidity patterns (Ownable, SafeERC20) that are easily recognizable in compiled bytecode. All findings were cross-verified against on-chain data including storage reads, transaction history, and event logs.

Thought Process

%%{init: {'theme': 'base'}}%%
mindmap
  root((Batch Sender Analysis))
    Discovery
      Contract Address
      Deployment Info
      Unverified Source
    Bytecode Extraction
      Function Selectors
        owner 0x8da5cb5b
        transferOwnership 0xf2fde38b
        batchSend 0x6f074e32
        sweepToken 0x1be19560
        sweepTokens 0x909b19d9
        sweepETH 0xd47f6877
      Event Signatures
        OwnershipTransferred
        Received
        Swept
        EthSent
        TokenSent
      Storage Layout
        Slot 0 owner
        No other slots
    Pattern Recognition
      Ownable Pattern
        Single owner slot
        onlyOwner modifier
        transferOwnership
      SafeERC20 Pattern
        Low-level calls
        Return data checks
        Non-standard compatibility
      Batch Operations
        Array loops
        External calls
        Event emissions
    On-Chain Verification
      Storage Reads
        Owner address confirmed
      Function Calls
        View functions tested
      Transaction History
        Deployment only
        Zero usage
      Balance Checks
        No ETH held
    Security Analysis
      Access Control
        Single owner risk
        No multisig
        One-step transfer
      Reentrancy
        External calls in loops
        No guard
        Owner-controlled
      Gas Limits
        Unbounded loops
        DoS potential
      Token Safety
        No whitelist
        SafeERC20 used
    Documentation
      Contract Analysis
      Functions Reference
      Storage Layout
      Risk Assessment
      Methodology
      Artifacts

---

Verification Guide

This section provides commands and resources for independently verifying the analysis findings.

---

External Resources

The following external resources were used during analysis:

• Etherscan Contract Page - Transaction history, bytecode, deployment information
• 4byte.directory - Function and event signature verification database
• OpenZeppelin Ownable Documentation - Reference for Ownable pattern comparison
• OpenZeppelin SafeERC20 Documentation - Reference for SafeERC20 pattern comparison
• Solidity 0.8.26 Documentation - Compiler version specification
• ERC-20 Token Standard - ERC20 interface specification

---

Commandline Tools

Tip

Commands below use cast from the Foundry Toolkit. To run the commands below, you must set the RPC URL environment variable:

export ETH_RPC_URL=https://eth.llamarpc.com

Verify Contract Deployment

Commands to verify basic contract information and deployment details.

# GET CONTRACT BYTECODE
cast code 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236

# GET DEPLOYMENT TRANSACTION DETAILS
cast tx 0xdf4ae7ba89701257eec34f260e9f249ab827c6eb8766167c9f7cb6c2ead0bcbc

# GET CURRENT BLOCK NUMBER
cast block-number

Verify Owner Address

Commands to verify owner address from storage and via function call.

# READ OWNER FROM STORAGE SLOT 0
cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 0

# CALL OWNER VIEW FUNCTION
cast call 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 "owner()(address)"

# VERIFY BOTH METHODS RETURN SAME ADDRESS
cast to-address $(cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 0)

Verify Function Selectors

Commands to verify function selectors match expected values.

# VERIFY OWNER SELECTOR
cast keccak "owner()" | cut -c1-10
# EXPECTED: 0x8da5cb5b

# VERIFY TRANSFEROWNERSHIP SELECTOR
cast keccak "transferOwnership(address)" | cut -c1-10
# EXPECTED: 0xf2fde38b

# VERIFY SWEEPETH SELECTOR
cast keccak "sweepETH()" | cut -c1-10
# EXPECTED: 0xd47f6877

# VERIFY SWEEPTOKEN SELECTOR
cast keccak "sweepToken(address)" | cut -c1-10
# EXPECTED: 0x1be19560

# VERIFY SWEEPTOKENS SELECTOR
cast keccak "sweepTokens(address[])" | cut -c1-10
# EXPECTED: 0x909b19d9

# VERIFY BATCHSEND SELECTOR
cast keccak "batchSend(address[],uint256[],address[],uint256[])" | cut -c1-10
# EXPECTED: 0x6f074e32

Verify Event Signatures

Commands to verify event topic hashes match expected values.

# VERIFY OWNERSHIPTRANSFERRED EVENT
cast keccak "OwnershipTransferred(address,address)"
# EXPECTED: 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0

# VERIFY RECEIVED EVENT
cast keccak "Received(address,uint256)"
# EXPECTED: 0x88a5966d370b9919b20f3e2c13ff65706f196a4e32cc2c12bf57088f88525874

# VERIFY SWEPT EVENT
cast keccak "Swept(address,uint256)"
# EXPECTED: 0xc36b5179cb9c303b200074996eab2b3473eac370fdd7eba3bec636fe35109696

# VERIFY ETHSENT EVENT
cast keccak "EthSent(address,uint256)"
# EXPECTED: 0x78f5cdad99320ec2ba57132d7dffb1d125775c823239e60ff5e9300fd4ac898c

# VERIFY TOKENSENT EVENT
cast keccak "TokenSent(address,address,uint256)"
# EXPECTED: 0x3ddb739c68dd901671f09fbe0bc2344c179ed55f8e8110a7c7a3c5665bd9518d

Verify Storage Layout

Commands to verify storage usage and confirm no additional slots are used.

# CHECK SLOTS 0-10 FOR USAGE
for i in {0..10}; do
  echo "Slot $i: $(cast storage 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 $i)"
done

# EXPECTED: SLOT 0 CONTAINS OWNER ADDRESS, SLOTS 1-10 ARE ZERO

Verify Transaction History

Commands to retrieve and analyze contract transaction history.

# GET ALL TRANSACTIONS TO/FROM CONTRACT
cast logs --address 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 \
  --from-block 24200006 \
  --to-block latest

# GET CONTRACT ETH BALANCE
cast balance 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236

# CHECK FOR OWNERSHIP TRANSFER EVENTS
cast logs --address 0x4320b7C74995E6B7BA8A5918CfA9BB3E39F5C236 \
  --event-sig "OwnershipTransferred(address,address)" \
  --from-block 24200006 \
  --to-block latest

---

Token Cost Breakdown

PHASE	DESCRIPTION	TOKENS
Phase 0	Initial discovery and setup	3 tok
Phase 1	Bytecode extraction and analysis	12 tok
Phase 2	Pattern recognition and decompilation	15 tok
Phase 3	Function signature verification	10 tok
Phase 4	On-chain verification	13 tok
Phase 5	Security analysis	12 tok
Total	Complete contract analysis	65 tok