Methodology

DISCLAIMER // NFA // DYOR

This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.

⊙ generated by robots | curated by humans

METADATA
Contract Address	`0x00000000...feAaBC` (etherscan)
Network	Ethereum Mainnet
Analysis Date	2026-05-02

Overview

Analysis proceeded top-down from verified source because both SLOW and the inline SLOWGate are Exact-Match verified on Etherscan and the source is small enough (~1,000 lines including the gate, exclusive of inherited Solady libraries) to read end-to-end. Verification status was confirmed first; the full source bundle was pulled and split to disk; on-chain state was read via cast to populate the storage-layout values; the deployment trace was decoded to identify the SSTORE2 chunks passed as constructor args; and the live event log was tallied to characterize observed activity. The contract pair has been live only since 2026-04-29, so the observed activity is small (4 deposits, 1 reversal, all by the deployer) and serves as a sanity check on the documented control flow rather than as a production usage study.

Thought Process

%%{init: {'theme': 'base'}}%%
mindmap
  root((SLOW Analysis))
    Source
      Verified on Etherscan
      GitHub repo z0r0z slow - context only
      Source.wei.is project page
      Inherited Solady libraries vendored
    On-Chain State
      Deployer z0r0z.eth - EIP-7702 EOA
      Vanity factory CREATE2
      Gate immutable
      SSTORE2 chunk 1 and chunk 2
      Per-user nonces and guardians
      Pending transfers
      Tips on the gate
    Mechanisms
      ERC-1155 composite token-delay ids
      Op-typed transferId preimage
      Nonce and lastGuardianChange invalidation
      Two-key staged guardian rotation
      Tip and relayer settlement via gate
      Multicallable msg.value safety
      Transient-storage reentrancy via EIP-1153
      SSTORE2 on-chain dapp HTML
    Risks
      Guardian trust assumptions
      Stuck-vs-veto symmetry
      Non-vanilla ERC-20 - fee-on-transfer or rebasing
      Unbounded inbound set - dust spam
      Late-rotation abort path is non-obvious
      Gate batch all-or-nothing reverts
      Transfer of in-flight wrapper restarts timelock
    External Deps
      Solady ERC1155
      Solady Multicallable and ReentrancyGuardTransient
      Solady SafeTransferLib and SSTORE2
      Solady MetadataReaderLib and LibString
      ERC-20 tokens at user discretion

Verification Guide

Analysis used Etherscan's v2 API for source, ABI, creation metadata, and transaction history; Foundry's cast for on-chain reads and event log decoding; and direct reading of the authoritative Solidity source. All inferences are grounded in the source file, not in documentation comments — comments are referenced only where they describe author intent and the corresponding behavior was independently confirmed in code.

External Resources

Etherscan — SLOW source — verified source (Solidity 0.8.34, viaIR, evmVersion=prague, optimizer 200 runs).
Etherscan API v2 getsourcecode — compiler metadata, verification status, multi-file source.
Etherscan API v2 getcontractcreation — deployer, factory, creation tx, block, timestamp.
Etherscan API v2 txlistinternal — internal CREATE / CREATE2 trace of the deployment tx, used to identify SSTORE2 chunk addresses and confirm gate is a CREATE2 child.
github.com/z0r0z/slow — author's repo (context and project framing only).
Source Co — source.wei.is — author's project space referencing SLOW.
Solady library source — for the inherited base contracts (ERC1155, Multicallable, ReentrancyGuardTransient, SafeTransferLib, SSTORE2, LibString, EnumerableSetLib, MetadataReaderLib).
EIP-1153 — Transient storage opcodes — primitive used by Solady's ReentrancyGuardTransient.

Commandline Tools

Tip

Commands below use cast from the Foundry Toolkit. To run the commands below, you must set the RPC URL environment variable:

export ETH_RPC_URL=https://eth.llamarpc.com

Verify deployment metadata

Used to confirm verification, compiler version, deployer, and to pull the verified multi-file source.

# FETCH VERIFIED SOURCE METADATA AND MULTI-FILE SOURCE BUNDLE
curl -s "https://api.etherscan.io/v2/api?chainid=1&module=contract&action=getsourcecode\
&address=0x000000000000888741B254d37e1b27128AfEAaBC&apikey=$ETHERSCAN_API_KEY"

# FETCH CREATION TX, DEPLOYER, FACTORY, BLOCK, TIMESTAMP
curl -s "https://api.etherscan.io/v2/api?chainid=1&module=contract&action=getcontractcreation\
&contractaddresses=0x000000000000888741B254d37e1b27128AfEAaBC&apikey=$ETHERSCAN_API_KEY"

# DECODE INTERNAL CREATE / CREATE2 TRACE TO IDENTIFY GATE AND HTML CHUNKS
curl -s "https://api.etherscan.io/v2/api?chainid=1&module=account&action=txlistinternal\
&txhash=0xb98494e357d21c7dac98fd417b1b6efbbc89ddfd7fe2d07250176a69c93fa7bb\
&apikey=$ETHERSCAN_API_KEY"

Read current on-chain state

Used to populate the storage layout, related-addresses table, and the activity-state observation.

C=0x000000000000888741B254d37e1b27128AfEAaBC
G=0xb8B546b93a82f4Aa6f0345142dF5679B659ef3D4

# RESOLVE GATE IMMUTABLE FROM SLOW
cast call $C "gate()(address)"

# CONFIRM GATE POINTS BACK TO SLOW
cast call $G "slow()(address)"

# CONFIRM SSTORE2 CHUNK SIZES (~24KB EACH)
cast code 0x745c9c91674754eee083c66bdd533fca2e21723e | wc -c
cast code 0x62a765fce31b247febd64918ef964e56998863f8 | wc -c

# READ ON-CHAIN HTML DAPP RECONSTITUTED FROM CHUNKS
cast call $C "html()(string)" | head -c 200

# READ ETH BALANCES
cast balance $C
cast balance $G

# READ PER-USER STATE (deployer was the only observed user)
USER=0x1C0Aa8cCD568d90d61659F060D1bFb1e6f855A20
cast call $C "nonces(address)(uint256)"             $USER
cast call $C "guardians(address)(address)"          $USER
cast call $C "lastGuardianChange(address)(uint256)" $USER
cast call $C "outboundTransferCount(address)(uint256)" $USER
cast call $C "inboundTransferCount(address)(uint256)"  $USER

Resolve deployer identity and constructor args

Used to label the deployer and identify the SSTORE2 chunks baked into the contract.

# REVERSE-RESOLVE DEPLOYER (returns z0r0z.eth)
cast lookup-address 0x1C0Aa8cCD568d90d61659F060D1bFb1e6f855A20

# DEPLOYER CONTRACT-CODE PROBE (EIP-7702 DELEGATED EOA HAS NON-EMPTY CODE)
cast code 0x1C0Aa8cCD568d90d61659F060D1bFb1e6f855A20

# CONSTRUCTOR ARGS FROM CREATION TX (LAST 192 BYTES BEFORE METADATA CBOR)
cast tx 0xb98494e357d21c7dac98fd417b1b6efbbc89ddfd7fe2d07250176a69c93fa7bb --json
# → htmlChunk1 = 0x745c9c91...21723e, htmlChunk2 = 0x62a765fc...9863f8

Tally on-chain activity

Used to verify the contract's observed usage profile (small, mostly self-test by the deployer).

# LIST ALL EXTERNAL TRANSACTIONS TO SLOW
curl -s "https://api.etherscan.io/v2/api?chainid=1&module=account&action=txlist\
&address=$C&startblock=0&endblock=99999999&page=1&offset=10000&sort=asc\
&apikey=$ETHERSCAN_API_KEY"

# DUMP ALL EVENTS EMITTED BY SLOW SINCE DEPLOYMENT
cast logs --from-block 24986598 --to-block latest --address $C

Confirm function selectors

Used to map the dispatcher selectors observed in transaction inputs back to source-level signatures and to populate the Function Selectors table.

for s in \
  "depositTo(address,address,uint256,uint96,bytes)" \
  "depositToWithTip(address,address,uint256,uint96,uint256,bytes)" \
  "unlock(uint256)" "claim(uint256)" "claimTipped(uint256)" \
  "withdrawFrom(address,address,uint256,uint256)" \
  "reverse(uint256)" "clawback(uint256)" \
  "setGuardian(address)" "approveTransfer(address,uint256)" \
  "revokeApproval(address,uint256)" "commitGuardian(address)" \
  "cancelGuardianChange(address)" \
  "safeTransferFrom(address,address,uint256,uint256,bytes)"; do
  printf "%s  %s\n" "$(cast sig "$s")" "$s"
done

Decode event topic hashes

Used to interpret the raw event log dump.

for ev in \
  "TransferSingle(address,address,address,uint256,uint256)" \
  "TransferPending(uint256,uint256)" \
  "Unlocked(address,uint256,uint256)" \
  "TransferReversed(uint256)" \
  "TransferClaimed(uint256)" \
  "TransferClawedBack(uint256)" \
  "TipPosted(uint256,uint96,address,address)" \
  "TipPaid(uint256,uint96,address)" \
  "GuardianSet(address,address)" \
  "GuardianChangeProposed(address,address,uint256)" \
  "GuardianChangeCanceled(address)" \
  "TransferApproved(address,address,uint256)" \
  "TransferApprovalRevoked(address,address,uint256)"; do
  printf "%s  %s\n" "$(cast keccak "$ev")" "$ev"
done

Token Cost Breakdown

PHASE	DESCRIPTION	TOKENS
Phase 0	Obtain the Contract — fetch verified source bundle, split to disk, save creation metadata	10 tok
Phase 1	Discovery & Understanding — read all 1,000 lines, map storage, resolve immutables and chunk addresses, decode deployment trace	18 tok
Phase 2	Deep Dive Analysis — per-function documentation, lifecycle diagrams (transfer + guardian rotation), op-type / nonce semantics	30 tok
Phase 3	Risk & Trust Analysis — finding enumeration across guardian trust, ERC-20 assumptions, set unboundedness, rotation-window symmetry	14 tok
Phase 4	Documentation Generation — six output files, mkdocs nav, glossary updates, site changelog row	38 tok
TOTAL	Complete Contract Analysis	110 tok

Note: Token costs are estimates based on typical conversation lengths and complexity. Actual consumption may vary by ±10-15% depending on API responses, iterative refinement, and verification steps.