Skip to content

Functions

DISCLAIMER // NFA // DYOR

This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.

⊙ generated by robots | curated by humans

METADATA
Contract Address 0x000000000000FB114709235f1ccBFfb925F600e4 (etherscan)
Network Ethereum Mainnet
Analysis Date 2026-02-28

Function Selectors

SELECTOR FUNCTION SIGNATURE CATEGORY
0x6e0a4f98 swapV2(address,bool,address,address,uint256,uint256,uint256) User
0xafeae12b swapV3(address,bool,uint24,address,address,uint256,uint256,uint256) User
0x21c0dad2 swapV4(address,bool,uint24,int24,address,address,uint256,uint256,uint256) User
0x9d5b5af8 swapVZ(address,bool,uint256,address,address,uint256,uint256,uint256,uint256,uint256) User
0x12db224a swapCurve(address,bool,address[11],uint256[4][5],address[5],uint256,uint256,uint256) User
0x5f3bd1c8 snwap(address,uint256,address,address,uint256,address,bytes) User
0x3f896275 snwapMulti(address,uint256,address,address[],uint256[],address,bytes) User
0xf76aaa4d addLiquidity(tuple,uint256,uint256,uint256,uint256,address,uint256) User
0xac9650d8 multicall(bytes[]) User
0x0efe6a8b deposit(address,uint256,uint256) User
0xcb019b84 sweep(address,uint256,uint256,address) User
0xea598cb0 wrap(uint256) User
0xde0e9a3e unwrap(uint256) User
0x7ac2ff7b permit(address,uint256,uint256,uint8,bytes32,bytes32) User
0x230390f4 permitDAI(uint256,uint256,uint8,bytes32,bytes32) User
0x09d31579 permit2TransferFrom(address,uint256,uint256,uint256,bytes) User
0x4c766bbc permit2BatchTransferFrom(tuple[],uint256,uint256,bytes) User
0x47c1ba3a exactETHToSTETH(address) User
0xf978602c exactETHToWSTETH(address) User
0xbd6b76d7 ethToExactSTETH(address,uint256) User
0xc391b381 ethToExactWSTETH(address,uint256) User
0x2cb9f974 revealName(string,bytes32,address) User
0x91dd7346 unlockCallback(bytes) Callback
0x150b7a02 onERC721Received(address,address,uint256,bytes) Callback
(fallback) uniswapV3SwapCallback (via fallback) Callback
0xb61d27f6 execute(address,uint256,bytes) Trusted
0x06262f1b trust(address,bool) Admin
0xf2fde38b transferOwnership(address) Admin
0x41abb1ef ensureAllowance(address,bool,address) Admin
0xe8382b01 safeExecutor() View

Summary

CATEGORY COUNT
Total Functions 31 (incl. fallback + receive)
User Functions 22
Callback Functions 3
Trusted Functions 1
Admin Functions 3
View Functions 1

User Functions

Function: swapV2(address to, bool exactOut, address tokenIn, address tokenOut, uint256 swapAmount, uint256 amountLimit, uint256 deadline)

Executes an exact-in or exact-out swap on a Uniswap V2 or SushiSwap pool. The pool address is computed deterministically on-chain using CREATE2. Supports ETH as input or output by wrapping/unwrapping WETH automatically. When deadline == type(uint256).max, routes through SushiSwap instead of Uniswap.

ATTRIBUTE VALUE
Selector 0x6e0a4f98
Parameters to — recipient address; exactOut — true for exact-out mode; tokenIn/tokenOut — use address(0) for ETH; swapAmount — amount in (exact-in) or target out (exact-out); amountLimit — max in (exact-out) or min out (exact-in); deadline — expiry timestamp (use type(uint256).max for SushiSwap)
Access Public, payable
FLAG OBSERVATION
deadline == type(uint256).max is a non-standard overloading to select SushiSwap — not deadline bypass
swapAmount == 0 with exact-in mode uses entire contract/transient balance of tokenIn
Slippage check (amountLimit == 0) can be bypassed if caller passes zero
ETH input refund sent to msg.sender if msg.value > amountIn
CONDITION REQUIREMENT
Deadline block.timestamp <= deadline (via checkDeadline modifier)
Non-zero swap amountIn > 0 or msg.value > 0 if swapAmount == 0
Slippage amountIn <= amountLimit (exact-out) or amountOut >= amountLimit (exact-in) when limit != 0
STEP ACTION
1 Replace address(0) with WETH for tokenIn/tokenOut
2 Compute V2 pool address deterministically
3 Fetch reserves via getReserves()
4 Calculate amountIn/amountOut using x*y=k formula
5 Pull input tokens (transient balance, contract balance, or transferFrom)
6 Call IV2Pool.swap()
7 Unwrap WETH and send ETH if ethOut, otherwise deliver token to to
CONDITION REVERT MESSAGE
Deadline passed Expired()
Zero swap amount BadSwap()
Slippage exceeded Slippage() 
function swapV2(
    address to, bool exactOut, address tokenIn, address tokenOut,
    uint256 swapAmount, uint256 amountLimit, uint256 deadline
) public payable checkDeadline(deadline) returns (uint256 amountIn, uint256 amountOut)

Function: swapV3(address to, bool exactOut, uint24 swapFee, address tokenIn, address tokenOut, uint256 swapAmount, uint256 amountLimit, uint256 deadline)

Executes a swap on a Uniswap V3 pool. Pool address is derived on-chain. Triggers the standard V3 uniswapV3SwapCallback flow, handled by the contract's fallback() function. Supports ETH in/out via WETH wrapping.

ATTRIBUTE VALUE
Selector 0xafeae12b
Parameters swapFee — pool fee tier (e.g., 500, 3000, 10000); other params match swapV2
Access Public, payable
FLAG OBSERVATION
Swap callback data is packed inline via abi.encodePacked — no struct overhead
ETH refund sent back to msg.sender after V3 swap if any balance remains
amountLimit == 0 disables slippage check
CONDITION REVERT MESSAGE
Deadline passed Expired()
Zero swap amount BadSwap()
Slippage exceeded Slippage() 
function swapV3(
    address to, bool exactOut, uint24 swapFee,
    address tokenIn, address tokenOut,
    uint256 swapAmount, uint256 amountLimit, uint256 deadline
) public payable checkDeadline(deadline) returns (uint256 amountIn, uint256 amountOut)

Function: swapV4(address to, bool exactOut, uint24 swapFee, int24 tickSpace, address tokenIn, address tokenOut, uint256 swapAmount, uint256 amountLimit, uint256 deadline)

Executes a swap via Uniswap V4's lock/callback architecture. Calls IV4PoolManager.unlock() with encoded calldata; the PoolManager calls back unlockCallback() on this contract to execute the actual swap. Supports ETH natively (V4 uses native ETH rather than WETH).

ATTRIBUTE VALUE
Selector 0x21c0dad2
Parameters tickSpace — pool tick spacing; swapFee — fee tier; other params match swapV2
Access Public, payable
FLAG OBSERVATION
Hookless pools only — V4PoolKey hooks field hardcoded to address(0)
V4 uses native ETH (currency0 = address(0)) rather than WETH
ETH refund returned to payer after swap completes
CONDITION REVERT MESSAGE
Deadline passed Expired()
Zero swap amount BadSwap()
Slippage exceeded Slippage()
Caller not V4 PoolManager (in callback) Unauthorized() 
function swapV4(
    address to, bool exactOut, uint24 swapFee, int24 tickSpace,
    address tokenIn, address tokenOut,
    uint256 swapAmount, uint256 amountLimit, uint256 deadline
) public payable checkDeadline(deadline) returns (uint256 amountIn, uint256 amountOut)

Function: swapVZ(address to, bool exactOut, uint256 feeOrHook, address tokenIn, address tokenOut, uint256 idIn, uint256 idOut, uint256 swapAmount, uint256 amountLimit, uint256 deadline)

Executes a swap against zFi's zAMM contract. Supports ERC-6909 multi-token IDs (set idIn/idOut to 0 for standard ERC-20). deadline == type(uint256).max routes to hookless ZAMM_0 instead of hooked ZAMM. Pulls full expected input upfront and handles excess refund.

ATTRIBUTE VALUE
Selector 0x9d5b5af8
Parameters feeOrHook — fee tier or hook address for pool key; idIn/idOut — ERC-6909 token IDs (0 = ERC-20)
Access Public, payable
FLAG OBSERVATION
deadline == type(uint256).max selects hookless ZAMM_0 (same non-standard overloading as swapV2)
Exact-out excess input refunded to msg.sender after swap
Supports ERC-6909 fractional token IDs alongside standard ERC-20
CONDITION REVERT MESSAGE
Deadline passed Expired()
Zero swap amount BadSwap()
zAMM call fails (exact-in) SwapExactInFail()
zAMM call fails (exact-out) SwapExactOutFail() 
function swapVZ(
    address to, bool exactOut, uint256 feeOrHook,
    address tokenIn, address tokenOut,
    uint256 idIn, uint256 idOut,
    uint256 swapAmount, uint256 amountLimit, uint256 deadline
) public payable checkDeadline(deadline) returns (uint256 amountIn, uint256 amountOut)

Function: swapCurve(address to, bool exactOut, address[11] route, uint256[4][5] swapParams, address[5] basePools, uint256 swapAmount, uint256 amountLimit, uint256 deadline)

Executes a multi-hop swap through Curve Finance pools. Supports up to 5 hops with 8 swap types (exchange, exchange_underlying, add_liquidity, remove_liquidity_one_coin, ETH/WETH wrapping). Uses Curve's get_dx functions for exact-out mode. The router pre-funds itself, then calls each Curve pool in sequence.

ATTRIBUTE VALUE
Selector 0x12db224a
Parameters route — 11-element array of alternating tokens and pools; swapParams — per-hop [i, j, swap_type, pool_type]; basePools — base pools for meta-pool underlying swaps
Access Public, payable
FLAG OBSERVATION
Lazy approval: sets unlimited token approval to Curve pools on first use if allowance is zero
Up to 5 hops supported; route terminates at first zero pool address
Surplus output refunded to msg.sender in exact-out mode
Minimum output set to 0 on each Curve hop — slippage checked only at final output
CONDITION REVERT MESSAGE
Deadline passed Expired()
Zero input amount BadSwap()
Slippage exceeded Slippage()
Invalid swap type BadSwap()
ETH amount mismatch InvalidMsgVal() 
function swapCurve(
    address to, bool exactOut,
    address[11] calldata route,
    uint256[4][5] calldata swapParams,
    address[5] calldata basePools,
    uint256 swapAmount, uint256 amountLimit, uint256 deadline
) public payable checkDeadline(deadline) returns (uint256 amountIn, uint256 amountOut)

Function: snwap(address tokenIn, uint256 amountIn, address recipient, address tokenOut, uint256 amountOutMin, address executor, bytes executorData)

Generic executor swap. Sends tokenIn to the executor address, then calls executor via the isolated SafeExecutor contract, then checks that recipient received at least amountOutMin of tokenOut. Enables integration with any DEX or protocol not directly supported by the named swap functions.

ATTRIBUTE VALUE
Selector 0x5f3bd1c8
Parameters executor — the contract to call; executorData — arbitrary calldata
Access Public, payable
FLAG OBSERVATION
executor is arbitrary — no whitelist; caller controls where tokens and ETH are sent
Output measured as balance delta on recipient — cannot be faked by the executor
Execution routed through SafeExecutor which holds no token approvals
amountIn == 0 sends all but 1 wei of router's tokenIn balance to executor
CONDITION REVERT MESSAGE
Output below minimum SnwapSlippage(tokenOut, received, minimum) 
function snwap(
    address tokenIn, uint256 amountIn, address recipient,
    address tokenOut, uint256 amountOutMin,
    address executor, bytes calldata executorData
) public payable returns (uint256 amountOut)

Function: snwapMulti(address tokenIn, uint256 amountIn, address recipient, address[] tokensOut, uint256[] amountsOutMin, address executor, bytes executorData)

Multi-output variant of snwap. Records pre-execution balances for multiple output tokens and validates each delta after the executor call.

ATTRIBUTE VALUE
Selector 0x3f896275
Parameters tokensOut — array of expected output tokens; amountsOutMin — minimum output per token
Access Public, payable
CONDITION REVERT MESSAGE
Any output below minimum SnwapSlippage(token, received, minimum) 
function snwapMulti(
    address tokenIn, uint256 amountIn, address recipient,
    address[] calldata tokensOut, uint256[] calldata amountsOutMin,
    address executor, bytes calldata executorData
) public payable returns (uint256[] memory amountsOut)

Function: multicall(bytes[] data)

Executes multiple encoded calls to this contract atomically via delegatecall. Enables chaining of swaps across different DEX protocols in a single transaction. Transient balances from earlier calls are available to later calls within the same multicall batch.

ATTRIBUTE VALUE
Selector 0xac9650d8
Parameters data — array of ABI-encoded calldata for each sub-call
Access Public, payable
FLAG OBSERVATION
Uses delegatecall — sub-calls execute in the context of zRouter itself
Reverts the entire batch if any sub-call fails
msg.sender is preserved across delegatecall sub-calls
CONDITION REVERT MESSAGE
Any sub-call fails Propagates the sub-call's revert reason 
function multicall(bytes[] calldata data)
    public payable returns (bytes[] memory results)

Function: deposit(address token, uint256 id, uint256 amount)

Pre-funds the router's transient balance for a given token/id. This enables multi-step swaps via multicall — the first call deposits tokens, subsequent swap calls consume from transient balance without additional transferFrom calls.

ATTRIBUTE VALUE
Selector 0x0efe6a8b
Parameters tokenaddress(0) for ETH, WETH address for WETH; id — ERC-6909 token ID (0 for ERC-20); amount — amount to pre-fund
Access Public, payable 
function deposit(address token, uint256 id, uint256 amount) public payable

Function: sweep(address token, uint256 id, uint256 amount, address to)

Transfers tokens or ETH from the router contract to to. When amount == 0, sweeps the full balance. Anyone can call this — it is intended for recovering any residual balances left after a transaction completes.

ATTRIBUTE VALUE
Selector 0xcb019b84
Parameters tokenaddress(0) for ETH; id — ERC-6909 ID (0 for ERC-20); amount — 0 sweeps all
Access Public, payable (no access restriction)
FLAG OBSERVATION
No access control — any caller can sweep any token balance held by the router
Intended behavior: router should not hold persistent balances; sweep is a safety valve 
function sweep(address token, uint256 id, uint256 amount, address to) public payable

Function: wrap(uint256 amount) / unwrap(uint256 amount)

wrap converts ETH held by the contract to WETH and records it in transient balance. unwrap converts WETH held by the contract back to ETH. Both are primarily utility functions for use within multicall chains.

ATTRIBUTE VALUE
Selectors wrap: 0xea598cb0 / unwrap: 0xde0e9a3e
Parameters amount — 0 uses entire balance
Access Public, payable 
function wrap(uint256 amount) public payable
function unwrap(uint256 amount) public payable

Function: addLiquidity(PoolKey poolKey, uint256 amount0Desired, uint256 amount1Desired, uint256 amount0Min, uint256 amount1Min, address to, uint256 deadline)

Adds liquidity to a zAMM pool by delegating directly to IZAMM.addLiquidity(). Passes ETH if poolKey.token0 == address(0).

ATTRIBUTE VALUE
Selector 0xf76aaa4d
Parameters poolKey — zAMM PoolKey struct (id0, id1, token0, token1, feeOrHook)
Access Public, payable 
function addLiquidity(
    PoolKey calldata poolKey,
    uint256 amount0Desired, uint256 amount1Desired,
    uint256 amount0Min, uint256 amount1Min,
    address to, uint256 deadline
) public payable returns (uint256 amount0, uint256 amount1, uint256 liquidity)

Function: permit(address token, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)

Calls ERC-2612 permit() on token to grant the router spending approval without a separate transaction. Useful at the start of a multicall batch before a swap that requires transferFrom.

ATTRIBUTE VALUE
Selector 0x7ac2ff7b
Access Public, payable 
function permit(address token, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
    public payable

Function: permitDAI(uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s)

DAI-specific permit function. Uses DAI's non-standard permit signature which includes nonce, expiry, and a allowed boolean (always true here).

ATTRIBUTE VALUE
Selector 0x230390f4
Access Public, payable 
function permitDAI(uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) public payable

Function: permit2TransferFrom(address token, uint256 amount, uint256 nonce, uint256 deadline, bytes signature)

Transfers amount of token from msg.sender to the router using Uniswap Permit2's signature-based transfer. Records the received amount in transient balance for subsequent swap steps.

ATTRIBUTE VALUE
Selector 0x09d31579
Access Public, payable 
function permit2TransferFrom(
    address token, uint256 amount, uint256 nonce, uint256 deadline, bytes calldata signature
) public payable

Function: permit2BatchTransferFrom(IPermit2.TokenPermissions[] permitted, uint256 nonce, uint256 deadline, bytes signature)

Batch variant of permit2TransferFrom. Transfers multiple tokens in a single Permit2 signature, depositing each into transient balance.

ATTRIBUTE VALUE
Selector 0x4c766bbc
Access Public, payable 
function permit2BatchTransferFrom(
    IPermit2.TokenPermissions[] calldata permitted,
    uint256 nonce, uint256 deadline, bytes calldata signature
) public payable

Function: exactETHToSTETH(address to)

Stakes all msg.value ETH with Lido and sends the resulting stETH shares to to. Uses inline assembly to call stETH.submit() then stETH.transferShares().

ATTRIBUTE VALUE
Selector 0x47c1ba3a
Access Public, payable 
function exactETHToSTETH(address to) public payable returns (uint256 shares)

Function: exactETHToWSTETH(address to)

Stakes all msg.value ETH with Lido by sending directly to the wstETH contract (which auto-wraps), then transfers resulting wstETH to to.

ATTRIBUTE VALUE
Selector 0xf978602c
Access Public, payable 
function exactETHToWSTETH(address to) public payable returns (uint256 wstOut)

Function: ethToExactSTETH(address to, uint256 exactOut)

Stakes exactly exactOut stETH worth of ETH, refunding any surplus ETH to msg.sender. Computes required ETH input using on-chain Lido share rate math.

ATTRIBUTE VALUE
Selector 0xbd6b76d7
Access Public, payable
CONDITION REVERT MESSAGE
msg.value insufficient Reverts (inline assembly) 
function ethToExactSTETH(address to, uint256 exactOut) public payable

Function: ethToExactWSTETH(address to, uint256 exactOut)

Obtains exactly exactOut wstETH, refunding surplus ETH. Computes required ETH using Lido's getSharesByPooledEth rate.

ATTRIBUTE VALUE
Selector 0xc391b381
Access Public, payable 
function ethToExactWSTETH(address to, uint256 exactOut) public payable

Function: revealName(string label, bytes32 innerSecret, address to)

Reveals a .wei name registration commitment on the zFi NameNFT contract and transfers the minted NFT to to. The secret is derived as keccak256(abi.encode(innerSecret, to)) — binding it to the intended recipient and preventing mempool front-running. Can be chained with a swap via multicall for an atomic swap-to-register flow.

ATTRIBUTE VALUE
Selector 0x2cb9f974
Access Public, payable
FLAG OBSERVATION
Recipient-bound secret prevents front-running of the reveal transaction
Uses full ETH balance of router (from transient or msg.value) for the reveal payment 
function revealName(string calldata label, bytes32 innerSecret, address to)
    public payable returns (uint256 tokenId)

Callback Functions

Function: fallback() (uniswapV3SwapCallback)

Handles the Uniswap V3 uniswapV3SwapCallback. Verifies the caller is the expected V3 pool, then fulfills the required token payment. Also handles ETH output unwrapping when the output token is ETH.

ATTRIBUTE VALUE
Selector (fallback — any unmatched calldata)
Access External, payable
FLAG OBSERVATION
Rejects if transient lock slot is non-zero (prevents callback during execute())
Verifies msg.sender == expected V3 pool before fulfilling payment
CONDITION REVERT MESSAGE
Called during execute() lock Reverts (assembly revert(0, 0))
Caller is not expected pool Unauthorized()
Zero deltas BadSwap() 
fallback() external payable { ... }

Function: unlockCallback(bytes callbackData)

Uniswap V4 callback triggered by V4PoolManager.unlock(). Executes the actual V4 pool swap, settles input tokens, and delivers output tokens to to.

ATTRIBUTE VALUE
Selector 0x91dd7346
Access Public, payable
FLAG OBSERVATION
Requires msg.sender == V4_POOL_MANAGER
Rejects if transient lock slot is non-zero
CONDITION REVERT MESSAGE
Called during execute() lock Reverts (assembly revert(0, 0))
Caller is not V4 PoolManager Unauthorized()
Slippage exceeded Slippage() 
function unlockCallback(bytes calldata callbackData)
    public payable returns (bytes memory result)

Function: onERC721Received(address, address, uint256, bytes)

ERC-721 receiver hook required for the router to receive NFTs from the NameNFT contract during revealName(). Always returns the correct selector.

ATTRIBUTE VALUE
Selector 0x150b7a02
Access Public, pure 
function onERC721Received(address, address, uint256, bytes calldata)
    public pure returns (bytes4)

Trusted Functions

Function: execute(address target, uint256 value, bytes data)

Calls an arbitrary target contract with value ETH and data calldata. Only callable by addresses that the owner has whitelisted via trust(). Sets a transient lock during execution to prevent V3/V4 swap callbacks from being triggered by the external call.

ATTRIBUTE VALUE
Selector 0xb61d27f6
Access Public, payable — restricted to _isTrustedForCall[msg.sender] == true
FLAG OBSERVATION
Arbitrary external call — target is unconstrained beyond the trust whitelist
Transient lock (tstore(0x00, 1)) blocks V3/V4 callbacks during execution
Access restricted to owner-whitelisted addresses only
CONDITION REVERT MESSAGE
Caller not trusted Unauthorized()
External call fails Propagates external revert 
function execute(address target, uint256 value, bytes calldata data)
    public payable returns (bytes memory result)

Admin Functions

Function: trust(address target, bool ok)

Adds or removes an address from the _isTrustedForCall mapping. Only the owner can call this. Trusted addresses can call execute().

ATTRIBUTE VALUE
Selector 0x06262f1b
Access Public, payable — onlyOwner 
function trust(address target, bool ok) public payable onlyOwner

Function: transferOwnership(address owner)

Transfers the _owner role to a new address. Emits OwnershipTransferred. No two-step confirmation, no timelock.

ATTRIBUTE VALUE
Selector 0xf2fde38b
Access Public, payable — onlyOwner
FLAG OBSERVATION
Single-step ownership transfer — no confirmation from new owner required
No timelock — ownership change is immediate and irreversible without new owner cooperation 
function transferOwnership(address owner) public payable onlyOwner

Function: ensureAllowance(address token, bool is6909, address to)

Sets unlimited token approval (type(uint256).max) for token to to, or sets ERC-6909 operator status. Used by the owner to pre-approve Curve pools and other integrations as needed.

ATTRIBUTE VALUE
Selector 0x41abb1ef
Access Public, payable — onlyOwner
FLAG OBSERVATION
Grants unlimited approval to any arbitrary address at owner discretion 
function ensureAllowance(address token, bool is6909, address to) public payable onlyOwner

View Functions

Function: safeExecutor()

Returns the address of the companion SafeExecutor contract deployed during construction.

ATTRIBUTE VALUE
Selector 0xe8382b01
Access Public, view — auto-generated getter for immutable variable 
SafeExecutor public immutable safeExecutor;