Contract Analysis by Request

The origin purpose of creating this site was to post the research that we were already doing, for our own purposes. We aren't creating catchy brilliant headlines to ride a social media wave... everything you see here is because it is what we care about. The agents have worked, the tokens were spent... so we may as well share it out.

As we establish clean, consistent and robust workflows for documenting all-the-things, we realize that the output of the work we do could be valuable to others for things outside of our realm of interest.

What We Can Do

We produce structured contract analysis reports. We read every function, map the storage layout, trace the access control, identify the trust assumptions, and document all of it in plain language with enough technical detail that you can verify it yourself.

For deployed contracts, we work from verified source code where available or decompile the bytecode where it isn't. Every report includes the cast commands and on-chain queries we used, so if you |distrust us| you are free to verify everything yourself.

For pre-deployment contracts, we can work directly from source code provided by the development team. The same analysis applies — functions, storage, access control, risks — but on-chain verification commands are replaced with notes on what to verify after deployment. If you're building a contract and want a structured, independent read of what it does before it goes on-chain - this is a good use of our service.

What We Can Not

We are not a security audit firm, nor credentialed security researchers. We are not yet blockchain experts, but we are engineers with several decades of interdisciplanary experience. We are good with tools, reading code, and verifying on-chain state to answer questions that others generally do not know to ask.

Our reports document what a contract does and what trust assumptions it introduces. They do not certify that a contract is safe. If you need a formal security audit for a mainnet deployment with significant money at stake, hire Trail of Bits or OpenZeppelin. If you want to understand what a contract actually does before you interact with it, or wish to have a third-party review a contract before it goes live - that is our sweat spot.

Standared Inclusions

Every analysis produces the following six documents:

Contract Analysis — metadata, executive summary, architecture diagram, access control matrix, economic model, observations
Functions — every function documented with parameters, access control, preconditions, state changes, and failure cases
Storage Layout — all storage slots mapped with current on-chain values
Potential Risks — findings rated Critical through Informational across five categories: centralization, trust assumptions, economic, complexity, and external dependencies
Methodology — tools used, thought process, and cast commands for independent verification
Artifacts — bytecode, source code, function selectors, deployment metadata

Additional analysis is possible based on your particular interests and concerns.

Cost

This is new to us ... you tell us what it would be worth to you.

TIER	PRICE	DETAILS
Analysis Preview	?	Executive summary, architecture overview, identication of potential risks (level/count only).
Full Report	$??? – $?,???	All six documents, published or delivered privately.
~~Custom Analysis~~	~~$?,??? – $?,???~~	~~Your contract, your timeline, with Q&A.~~ (not available at this time)

Pricing depends on contract complexity. A 100-line random contract is not the same engagement as a 1500-line multi-protocol DEX aggregator (for example). Additionally, unverified bytecode-only contracts require additional effort, are less concrete, and generally cost more.

Examples

The reports published on this site are the same format and depth as paid work. You can browse any of them to see exactly what you'd get, but here are several notable examples:

zRouter by zFi — 1,659-line DEX aggregator, verified source, five AMM integrations
Jared 2.0 MEV Bot by Jared (from subway) — stateless MEV bot, bytecode-only analysis, multi-DEX sandwich infrastructure
Ether Doubler by Unknown — 70-line Ponzi scheme from 2016, Solidity 0.2.0, on-chain storage verification

Same process, same methodology, consistent output — every time.

Request an Analysis

Submit an inquiry with the contract address (or source code, if not yet deployed), the network, what you're trying to understand, and what it might be worth to you.

Please note that our contact form is anonymous by design - this allows you to remain anonymous when contacting us, but also means if you do not provide a means of contacting you in return - you will never hear back from us.

We will not analyze contracts for the purpose of exploiting them.

⊙ generated by robots | curated by humans

by Denizen. // dnzn.wei