Contract Analysis
DISCLAIMER // NFA // DYOR
This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.
⊙ generated by robots | curated by humans
Analysis Date: 2026-02-28
Metadata
Primary Contract
| PROPERTY | VALUE |
|---|---|
| Contract Address | 0x658bF1A6608210FDE7310760f391AD4eC8006A5F (etherscan) |
| Network | Ethereum Mainnet |
| Contract Type | Standalone |
| Deployment Date | 2025-08-26 19:47:59 UTC |
| Deployment Block | 23,227,474 |
| Contract Creator | 0x999657a4...b44e1c (etherscan) |
| Creation TX | 0xf851c65a81...e1c60 (tx) |
| Compiler Version | Solidity v0.8.30+commit.73712a01 |
| Total Functions | 7 public/external (+ internal helpers and embedded math libraries) |
| External Contract Dependencies | 5 (Uniswap V3 Quoter, V3 Factory, zAMM, V4 StateView, V2/Sushi pools) |
| Upgrade Mechanism | ☒ None — Not Upgradable |
| Verification Status | ☑ Verified — Exact Match |
| Audit Status | △ No public audit found |
Related Addresses
| TYPE | ADDRESS | NOTES |
|---|---|---|
| ZROUTER constant | 0x0000000000404FECAf36E6184245475eE1254835 (etherscan) |
Earlier zRouter version; target for buildBestSwap calldata |
| Newer zRouter | 0x000000000000FB114709235f1ccBFfb925F600e4 (etherscan) |
Later zRouter deployed 2026-02-12; not referenced in zQuoter code |
| Uniswap V2 Factory | 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f (etherscan) |
Used for deterministic V2 pool address computation |
| SushiSwap Factory | 0xC0AEe478e3658e2610c5F7A4A2E1777cE9e4f2Ac (etherscan) |
Used for deterministic Sushi pool address computation |
| Uniswap V3 Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 (etherscan) |
Used to resolve V3 pool addresses |
| Uniswap V3 Quoter | 0x5e55C9e631FAE526cd4B0526C4818D6e0a9eF0e3 (etherscan) |
Called for V3 exact-in and exact-out quotes |
| Uniswap V4 StateView | 0x7fFE42C4a5DEeA5b0feC41C94C136Cf115597227 (etherscan) |
Used to read pool state for V4 simulation |
| zAMM | 0x000000000000040470635EB91b7CE4D132D616eD (etherscan) |
zFi's AMM; queried directly for pool reserves |
| WETH | 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 (etherscan) |
Used as two-hop intermediary and ETH proxy |
Executive Summary
zQuoter is a fully stateless, read-only quoter contract for the zFi ecosystem. Its purpose is to answer one question: "Given a token pair and an amount, which Automated Market Maker (AMM) gives the best price?" It queries Uniswap V2, SushiSwap, zAMM (four fee tiers), Uniswap V3 (four fee tiers), and Uniswap V4 (four fee tiers) — 14 pools in total — and returns both the ranked list of quotes and a pre-built calldata payload ready to submit to zRouter.
Beyond pure quoting, the contract also provides a two-hop routing helper (buildBestSwapViaETHMulticall) that routes ERC-20 → ERC-20 trades through WETH as an intermediary, returning a multicall-compatible array of calldata entries.
The contract holds no funds, has no owner, no admin functions, and no storage variables whatsoever. It is entirely immutable and carries no governance or centralization risk. All risks that exist are inherited from the accuracy and availability of the external protocols it reads from.
One notable detail: the ZROUTER constant embedded in the source code (0x0000000000404FECAf36E6184245475eE1254835) is an earlier version of zRouter deployed in August 2025, not the zRouter analyzed separately in this project. The deployer of zQuoter (0x999657a4...b44e1c) also differs from the deployer of the newer zRouter (0x1C0Aa8cC...855A20), though both appear to be zFi-operated addresses deploying contracts via CREATE2.
Architecture
graph TD
User([User / Frontend / Contract])
ZQ["zQuoter\n0x658bF1...006A5F"]
subgraph AMMs["AMM Protocols Queried"]
V2["Uniswap V2 Pools\n(getReserves)"]
SU["SushiSwap Pools\n(getReserves)"]
ZA["zAMM Pools\n(pools mapping)"]
V3["Uniswap V3\n(via V3 Quoter)"]
V4["Uniswap V4\n(via StateView)"]
end
subgraph Output["Output"]
QR["Quote Results\n(best + all 14 quotes)"]
CD["Calldata\n(ready for zRouter)"]
end
ZR["zRouter (ZROUTER constant)\n0x000000...1254835\n(earlier version)"]
User -->|"getQuotes / buildBestSwap\nbuildBestSwapViaETHMulticall"| ZQ
ZQ -->|"read reserves"| V2
ZQ -->|"read reserves"| SU
ZQ -->|"read pool state"| ZA
ZQ -->|"quoteExactInputSingle\nquoteExactOutputSingle"| V3
ZQ -->|"getSlot0, getLiquidity\ngetTickBitmap, getTickLiquidity"| V4
ZQ --> QR
ZQ --> CD
CD -->|"User submits to"| ZR
style ZQ fill:#e0f0ff
style ZR fill:#f0f0ffSystem Overview
zQuoter operates as a pure read layer. It has no payable functions, makes no state changes, and holds no token approvals. The entire contract — including the embedded V4 tick math libraries — fits in a single file.
- Queries 14 pools across 5 protocols in a single
getQuotescall (V2, Sushi, zAMM ×4, V3 ×4, V4 ×4) - V2/Sushi/zAMM quotes computed purely on-chain using constant product math — no external calls beyond reading reserves
- V3 quotes delegated to Uniswap's own QuoterV2 contract at
0x5e55C9e6... - V4 quotes computed locally by simulating the full tick-by-tick swap loop using pool state read from the V4 StateView lens
buildBestSwappicks the best quote and returns ready-to-execute calldata for zRouter, includingmsg.valueif the input token is native ETHbuildBestSwapViaETHMulticallhandles ERC-20 → ERC-20 trades via a WETH two-hop path, returning amulticall-compatible call array with safety sweep entries
Design Patterns Used
- Fully Stateless: Zero storage slots used. The contract cannot be reconfigured, paused, or upgraded. There is nothing to own or control.
- Embedded Math Libraries: TickMath, SwapMath, SqrtPriceMath, FullMath, LiquidityMath, BitMath, SafeCast, UnsafeMath, FixedPoint96, and V4TickBitmap are all inlined in the same source file. No external library imports.
- CREATE2 Pool Derivation: V2 and Sushi pool addresses are computed deterministically using
keccak256(abi.encodePacked(0xff, factory, keccak256(abi.encodePacked(token0, token1)), initCodeHash)). No registry lookup required. - Try/Catch for V3 Quotes: V3 quoting calls the external V3 Quoter inside a
try/catch, returning(0, 0)gracefully on any failure. This prevents a single unavailable pool from reverting the entire multi-quote call. - V4 Tick Simulation: Rather than delegating to a V4 quoter, zQuoter replicates the V4 swap loop locally, walking initialized ticks using data from the StateView lens. This matches zRouter's hookless V4 path.
uncheckedArithmetic: All mathematical operations are wrapped inuncheckedblocks throughout the contract for gas efficiency, consistent with the Uniswap core library patterns the math is drawn from.
Access Control
Roles & Permissions
| ROLE | ASSIGNED BY | REVOKABLE | CALL COUNT |
|---|---|---|---|
| Any caller | — (no restrictions) | — | Unlimited |
Permission Matrix
| FUNCTION | ANYONE |
|---|---|
getQuotes() |
☑ |
quoteV2() |
☑ |
quoteV3() |
☑ |
quoteV4() |
☑ |
quoteZAMM() |
☑ |
buildBestSwap() |
☑ |
buildBestSwapViaETHMulticall() |
☑ |
Time Locks & Delays
| ACTION | TIME LOCK | CAN CANCEL | PURPOSE |
|---|---|---|---|
| N/A | N/A | N/A | ☑ No admin actions exist |
Economic Model
This contract does not handle funds or implement economic mechanics. All functions are view or pure. No ETH or tokens can be sent to or held by this contract in any meaningful way. The payable constructor allows ETH at deploy time only; no sweep function exists, but the contract carries no ongoing ETH custody risk.
Summary of Observations
zQuoter appears to be a clean, purpose-built utility contract for the zFi DEX routing stack. It is a pure read layer: no storage, no ownership, no token approvals, no admin keys. There is nothing to exploit, compromise, or misuse in the contract itself.
The quoting coverage is broad — 14 pools across five protocols — and the best-route selection logic (_pickBest) appears correct: it maximizes output for exact-in and minimizes input for exact-out, with fee tier as a tiebreaker. The buildBestSwap and buildBestSwapViaETHMulticall functions extend this into actionable calldata generation, making zQuoter a routing library rather than just a price oracle.
The V4 tick simulation is the most complex portion of the code. It is a faithful reimplementation of the Uniswap V4 swap loop, drawing on the same math libraries used in the official V4 codebase. The implementation appears consistent with Uniswap's published source. However, the V3 quoting path relies on an external call to the V3 Quoter contract — if that contract is unavailable or returns unexpected data, those quotes will silently return (0, 0) rather than reverting.
This analysis is for educational purposes only and should not be considered a security audit or financial advice.
References
| RESOURCE | NOTES |
|---|---|
| Etherscan — zQuoter Contract | Verified source code (Exact Match) |
| Etherscan — Creation TX | Deployment transaction |
| Uniswap V4 Docs — StateView | V4 lens architecture reference; StateView queried by quoteV4 |
| Uniswap V3 QuoterV2 | V3 Quoter contract interface; delegated to for V3 quotes |
| zRouter Contract Analysis | DNZN analysis of the newer zRouter (0x000000...F600e4) |
Change Log
| DATE | AUTHOR | NOTES |
|---|---|---|
| 2026-02-28 | Artificial. | Generated by robots. Gas: 65 tok |
| 2026-02-28 | Denizen. | Reviewed, edited, and curated by humans. |