Skip to content

Artifacts

DISCLAIMER // NFA // DYOR

This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.

⊙ generated by robots | curated by humans

METADATA
Contract Address 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 (etherscan)
Network Ethereum Mainnet
Analysis Date 2026-02-04

Runtime Bytecode

The deployed contract bytecode fetched from the blockchain.

Source: Etherscan - Contract Code

Command:

export ETH_RPC_URL=https://eth.llamarpc.com
cast code 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532

Size: 27,601 bytes (hex encoded)

Artifact: Runtime bytecode stored at artifacts/41b242...6532/runtime-bytecode.txt

Creation Bytecode

The full bytecode used to deploy the contract, including constructor code and arguments.

Source: Etherscan - Creation TX

Transaction Hash: 0x556a4525ffc51c7edeb73d264cd5c0b0cbc0d6d7bf8cbffac21097f8440a80af

Deployment Block: 23,784,335

Deployment Timestamp: 2025-11-12 10:28:11 UTC

Deployer Address: 0x1fbaEd378Edf655726C3C2f5ebbD0363043838A6

Command:

export ETH_RPC_URL=https://eth.llamarpc.com
cast tx 0x556a4525ffc51c7edeb73d264cd5c0b0cbc0d6d7bf8cbffac21097f8440a80af input

Verified Source Code

Complete Solidity source code verified on Etherscan with Exact Match verification.

Source: Etherscan API V2

Compiler: Solidity 0.8.30+commit.73712a01

Optimization: Enabled with 200 runs

EVM Version: Cancun

License: MIT

File Structure: Single file contract (2,928 lines) with flattened OpenZeppelin imports

Command:

curl -s "https://api.etherscan.io/v2/api?chainid=1&module=contract&action=getsourcecode&address=0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532&apikey=YOUR_API_KEY" | jq -r '.result[0].SourceCode'

Artifact: Complete source code stored at artifacts/41b242...6532/source-code-raw.txt

Source Code Structure

The ZeroMoon contract is a comprehensive single-file contract incorporating:

  1. OpenZeppelin Interfaces & Libraries (Lines 1-2070):

    • IERC20, IERC20Metadata (ERC-20 standard)
    • Context (msg.sender/msg.data abstraction)
    • ERC20 (core token implementation)
    • IERC20Permit (EIP-2612 permit extension)
    • Math, SignedMath (safe math operations)
    • Strings (string utilities)
    • ECDSA (signature verification)
    • StorageSlot, ShortStrings (storage optimizations)
    • IERC5267 (EIP-712 domain separator)
    • EIP712 (typed data hashing)
    • Counters (nonce tracking)
    • Ownable, Ownable2Step (ownership management)
    • ReentrancyGuard (reentrancy protection)

  2. ZeroMoon Contract (Lines 2071-2928):

    • Immutable configuration constants
    • State variables for tracking burns, sales, dividends
    • Custom events for buy, refund, dividend operations
    • Purchase mechanism (buy(), receive())
    • Refund mechanism (transfer to contract)
    • Transfer override with dividend tracking
    • Dividend distribution and claim system
    • Contract detection heuristics
    • Fee exemption management
    • Admin functions (disabled via renounced ownership)
    • View functions for balance queries and calculations

Key Functions Implemented:

  • buy() - Direct ETH→zETH purchase
  • _handleRefund() - Automatic refund on transfer to contract
  • claimDividends() - Claim accumulated dividends
  • _distributeDividends() - Proportional dividend allocation
  • isContract() - 8-interface contract detection
  • calculatezETHForNative() / calculateNativeForZETH() - Price calculations
  • setDevAddress(), excludeFromFee() - Admin (disabled)

Additional Artifacts

Contract ABI

The Application Binary Interface defining how to interact with the contract.

Source: Derived from verified source code

Command:

cast interface 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532

Key Function Signatures:

// User Functions
function buy() external payable
function claimDividends() external
function transfer(address to, uint256 amount) external returns (bool)
function transferFrom(address from, address to, uint256 amount) external returns (bool)
function approve(address spender, uint256 amount) external returns (bool)
function increaseAllowance(address spender, uint256 addedValue) external returns (bool)
function decreaseAllowance(address spender, uint256 subtractedValue) external returns (bool)

// Admin Functions (Disabled - Ownership Renounced)
function setDevAddress(address _devAddress) external
function excludeFromFee(address account, bool isExcluded) external

// View Functions
function balanceOf(address account) external view returns (uint256)
function totalSupply() external view returns (uint256)
function pendingDividends(address user) external view returns (uint256)
function calculatezETHForNative(uint256 nativeAmount) external view returns (uint256)
function calculateNativeForZETH(uint256 zETHAmount) external view returns (uint256)
function getTotalDividendsDistributed() external view returns (uint256)
function getMagnifiedDividendPerShare() external view returns (uint256)
function getCirculatingSupplyPublic() external view returns (uint256)
function getUserDividendInfo(address user) external view returns (uint256, uint256, uint256, uint256, bool)

// ERC-20 Standard
function name() external view returns (string)
function symbol() external view returns (string)
function decimals() external view returns (uint8)
function allowance(address owner, address spender) external view returns (uint256)

// ERC-20 Permit (EIP-2612)
function permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) external
function nonces(address owner) external view returns (uint256)
function DOMAIN_SEPARATOR() external view returns (bytes32)

// Ownership (Renounced)
function owner() external view returns (address)
function pendingOwner() external view returns (address)
function transferOwnership(address newOwner) external
function acceptOwnership() external
function renounceOwnership() external

Event Signatures

Events emitted by the contract for off-chain monitoring.

Buy Event:

event Buy(address indexed buyer, uint256 nativePaid, uint256 zETHReceived)
// Topic 0: 0x1cbc5ab135991bd2b6a4b034a04aa2aa086dac1371cb9b16b8b5e2ed6b036bed

Refund Event:

event Refund(address indexed refunder, uint256 zETHRefunded, uint256 nativeReceived)
// Topic 0: [Calculate from signature]

Transfer Event (ERC-20 Standard):

event Transfer(address indexed from, address indexed to, uint256 value)
// Topic 0: 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef

Approval Event (ERC-20 Standard):

event Approval(address indexed owner, address indexed spender, uint256 value)
// Topic 0: 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925

DividendWithdrawn Event:

event DividendWithdrawn(address indexed user, uint256 amount)
// Topic 0: [Calculate from signature]

DividendsDistributed Event:

event DividendsDistributed(uint256 amount, uint256 magnifiedDividendPerShare)
// Topic 0: [Calculate from signature]

TransferFeeApplied Event:

event TransferFeeApplied(address indexed from, address indexed to, uint256 originalAmount, uint256 devFee, uint256 reflectionFee, uint256 reserveFee, uint256 netAmount)

SwapFeeApplied Event:

event SwapFeeApplied(SwapType swapType, address indexed user, uint256 originalAmount, uint256 devFee, uint256 reflectionFee, uint256 reserveFee, uint256 netAmount)

TransferFeeExempt Event:

event TransferFeeExempt(address indexed from, address indexed to, uint256 amount, ExemptionReason reason)

LiquidityPairDetected Event:

event LiquidityPairDetected(address indexed pair)

DevAddressChanged Event:

event DevAddressChanged(address indexed oldDevAddress, address indexed newDevAddress)

FeeExclusionSet Event:

event FeeExclusionSet(address indexed account, bool isExcluded)

Storage Slot Map

Direct storage slot addresses for off-chain reading.

Slot Calculation:

# Simple storage slots (sequential)
slot_0 = "0x0"  # _status (ReentrancyGuard)
slot_1 = "0x1"  # _balances mapping base
slot_2 = "0x2"  # _allowances mapping base
slot_3 = "0x3"  # _totalSupply
# ... continues through slot 22

# Mapping slot calculation
import hashlib

def get_mapping_slot(key_address, slot_number):
    """Calculate storage slot for mapping[address] => value"""
    key_padded = key_address.lower().replace('0x', '').zfill(64)
    slot_padded = hex(slot_number)[2:].zfill(64)
    slot_hash = hashlib.sha3_256((key_padded + slot_padded).encode()).hexdigest()
    return '0x' + slot_hash

# Example: Get balance slot for address
user_address = "0x1234567890123456789012345678901234567890"
balance_slot = get_mapping_slot(user_address, 1)

Read Storage Directly:

# Read totalBurned (slot 13)
cast storage 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 13

# Read tokensSold (slot 14)
cast storage 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 14

# Read magnifiedDividendPerShare (slot 16)
cast storage 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 16

# Read totalDividendsDistributed (slot 17)
cast storage 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 17

Compiler Metadata

Compilation Settings:

{
  "compiler": {
    "version": "0.8.30+commit.73712a01"
  },
  "language": "Solidity",
  "settings": {
    "optimizer": {
      "enabled": true,
      "runs": 200
    },
    "evmVersion": "cancun",
    "outputSelection": {
      "*": {
        "*": [
          "abi",
          "evm.bytecode",
          "evm.deployedBytecode",
          "evm.methodIdentifiers"
        ]
      }
    }
  }
}

Initialization Transaction

The deployment transaction details showing constructor parameters.

Transaction Hash: 0x556a4525ffc51c7edeb73d264cd5c0b0cbc0d6d7bf8cbffac21097f8440a80af

Constructor Parameters:

  • _initialOwner: Address that received initial ownership (subsequently renounced)
  • _devAddress: Address that receives development fees
  • msg.value: Initial ETH sent (used for initial token purchase)

Command to Decode:

cast tx 0x556a4525ffc51c7edeb73d264cd5c0b0cbc0d6d7bf8cbffac21097f8440a80af --json

Function Selectors

Mapping of function selectors to function signatures for transaction decoding.

SELECTOR FUNCTION SIGNATURE
0x00fdd58e buy()
0x1b42e96e getMagnifiedDividendPerShare()
0x2b14ca56 getTotalDividendsDistributed()
0x30bb4cff pendingDividends(address)
0x39509351 increaseAllowance(address,uint256)
0x518ab2a8 tokensSold()
0x668038e0 claimDividends()
0x6a627842 getUserDividendInfo(address)
0x6de1a5a9 getCirculatingSupplyPublic()
0x70a08231 balanceOf(address)
0x78d573f2 setDevAddress(address)
0x79ba5097 acceptOwnership()
0x7e00a4ca calculatezETHForNative(uint256)
0x8202ac0e TOTAL_SUPPLY()
0x8c66896f excludeFromFee(address,bool)
0x8da5cb5b owner()
0x95d89b41 symbol()
0xa457c2d7 decreaseAllowance(address,uint256)
0xa6f2ae3a buy() (duplicate/fallback)
0xa9059cbb transfer(address,uint256)
0xae034806 MINIMUM_PURCHASE_NATIVE()
0xc7926458 calculateNativeForZETH(uint256)
0xd0d41fe1 permit(...)
0xd89135cd totalBurned()
0xdd62ed3e allowance(address,address)
0xdf8408fe excludeFromFee(address,bool)
0xe30c3978 pendingOwner()
0xf2fde38b transferOwnership(address)
0xfd9574e4 getMagnifiedDividendPerShare() (duplicate)

Fallback Function: receive() external payable - Calls buy() when ETH sent directly

Verification Commands Summary

Complete set of commands to independently verify all analysis claims.

# Setup
export ETH_RPC_URL=https://eth.llamarpc.com

# Contract Status
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "owner()(address)"  # Should be 0x00
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "pendingOwner()(address)"  # Should be 0x00

# Supply Metrics
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "totalSupply()(uint256)"
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "totalBurned()(uint256)"
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "tokensSold()(uint256)"
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "getCirculatingSupplyPublic()(uint256)"

# ETH Backing
cast balance 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 --ether

# Dividend Metrics
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "getTotalDividendsDistributed()(uint256)"
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "getMagnifiedDividendPerShare()(uint256)"

# Price Calculations
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "calculatezETHForNative(uint256)(uint256)" 100000000000000000
cast call 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532 "calculateNativeForZETH(uint256)(uint256)" 1000000000000000000

# Bytecode
cast code 0x41b242c36F7dc5f18be21c1a6B7b5e05b2FD6532

File Manifest

All analysis artifacts are stored in the repository at:

artifacts/41b242...6532/
├── runtime-bytecode.txt           # Deployed bytecode (27,601 bytes)
├── source-code-raw.txt            # Verified source code (2,928 lines)
├── etherscan-v2-response.json     # API response with metadata
└── TODO.md                        # Analysis checklist and progress

docs/contracts/zeromoon/zeth-token/
├── contract-analysis.md           # Main analysis document
├── functions.md                   # Function catalog and documentation
├── storage-layout.md              # Storage slot mapping
├── potential-risks.md             # Risk assessment
├── methodology.md                 # Analysis process documentation
└── artifacts.md                   # This file