Tenderly + Etherscan Debugging & Recon

Etherscan kya hai?
→ Ethereum blockchain explorer
→ Transactions, contracts, addresses — sab!
→ Contract source code verify + read
→ ABI available hota hai
→ Events, logs, traces dekh sakte hain

Security research mein use:
→ Target contract ka code padho
→ Deployment history samjho
→ Admin/owner kaun hai dhundho
→ Kaunse functions exposed hain
→ Recent suspicious transactions dekho
→ Hack transaction analyze karo!

Related explorers:
→ Arbiscan.io    (Arbitrum)
→ Bscscan.com    (BNB Chain)
→ Polygonscan.com(Polygon)
→ Optimistic.etherscan.io (Optimism)
→ Snowtrace.io   (Avalanche)
Sab similar interface!

Target: Koi bhi DeFi protocol
Goal: Security researcher ban ke recon karo

URL format:
https://etherscan.io/address/0xCONTRACT

Etherscan Contract Page:

┌─────────────────────────────────────────────┐
│  Contract: 0xABC...123                      │
│  Balance: 50,000 ETH                        │
│  Txn Count: 1,234,567                       │
├─────────────────────────────────────────────┤
│  [Transactions] [Internal Txns] [Erc20 Txns]│
│  [Contract] [Events] [Analytics]            │
└─────────────────────────────────────────────┘

Security Research Focus:

1. [Contract] Tab:
   → Code tab: Source code!
   → Read Contract: Public variables
   → Write Contract: Execute functions
   → Read as Proxy: Proxy state!
   → Write as Proxy: Proxy functions!

2. [Transactions] Tab:
   → Latest transactions
   → Large ETH movements = Suspicious!
   → Failed transactions = Interesting!

3. [Internal Txns] Tab:
   → Contract-to-contract calls!
   → Flash loans yahan dikhte hain!
   → ETH flows trace karo!

4. [Events] Tab:
   → All emitted events
   → Admin events filter karo!
   → "OwnershipTransferred" = Owner change!

5. [Analytics] Tab:
   → TVL graph
   → Sudden drop = Hack?

READ CONTRACT — Security Research Ke Liye:

┌──────────────────────────────────────────┐
│ 1. owner()    → 0xOwnerAddress           │
│    ↑ Kaun control karta hai?             │
│                                          │
│ 2. paused()   → false                   │
│    ↑ Emergency switch available?         │
│                                          │
│ 3. totalSupply() → 1,000,000 TOKENS     │
│                                          │
│ 4. implementation() → 0xImplAddress     │
│    ↑ Proxy! Actual code yahan hai!      │
│                                          │
│ 5. timelock() → 0xTimelockAddr          │
│    ↑ Governance kitna protected?        │
└──────────────────────────────────────────┘

Important: "Read as Proxy" tab!
→ Proxy contracts ka actual state!
→ "Read Contract" sirf proxy ka state!
→ Implementation ka state alag!

WRITE CONTRACT — Testing Ke Liye:
→ MetaMask connect karo
→ Functions call karo
→ Parameters try karo
→ (Test wallet use karo! Real wallet NEVER!)

# ─── API Key Setup ────────────────────────

# 1. etherscan.io pe register karo (free!)
# 2. API Keys → Add
# 3. Copy key

export ETHERSCAN_API_KEY=YOUR_API_KEY_HERE

# Base URL:
BASE="https://api.etherscan.io/api"

# ─── Account APIs ─────────────────────────

# ETH Balance:
curl "$BASE?\
module=account\
&action=balance\
&address=0xVitalikAddress\
&tag=latest\
&apikey=$ETHERSCAN_API_KEY"

# Output:
# {"status":"1","message":"OK",
#  "result":"1234567890000000000000"}

# Token Balance (ERC-20):
curl "$BASE?\
module=account\
&action=tokenbalance\
&contractaddress=$USDC_ADDRESS\
&address=0xWhaleAddress\
&tag=latest\
&apikey=$ETHERSCAN_API_KEY"

# Transaction list:
curl "$BASE?\
module=account\
&action=txlist\
&address=0xContractAddress\
&startblock=0\
&endblock=99999999\
&sort=desc\
&apikey=$ETHERSCAN_API_KEY"

# Internal transactions:
curl "$BASE?\
module=account\
&action=txlistinternal\
&address=0xContractAddress\
&startblock=18000000\
&endblock=19000000\
&sort=desc\
&apikey=$ETHERSCAN_API_KEY"

# ─── Contract APIs ────────────────────────

# ABI fetch karo:
curl "$BASE?\
module=contract\
&action=getabi\
&address=0xContractAddress\
&apikey=$ETHERSCAN_API_KEY" \
| python3 -m json.tool

# Source code:
curl "$BASE?\
module=contract\
&action=getsourcecode\
&address=0xUSDC_ADDRESS\
&apikey=$ETHERSCAN_API_KEY" \
| python3 -c "
import json, sys
d = json.load(sys.stdin)
result = d['result'][0]
print('Contract:', result['ContractName'])
print('Compiler:', result['CompilerVersion'])
print('Proxy:', result['Proxy'])
if result['Proxy'] == '1':
    print('Implementation:', result['Implementation'])
"

# Contract creation TX:
curl "$BASE?\
module=contract\
&action=getcontractcreation\
&contractaddresses=0xContractAddress\
&apikey=$ETHERSCAN_API_KEY"

# ─── Transaction APIs ─────────────────────

# TX Receipt + Logs:
curl "$BASE?\
module=proxy\
&action=eth_getTransactionReceipt\
&txhash=0xTXHASH\
&apikey=$ETHERSCAN_API_KEY"

# TX by hash:
curl "$BASE?\
module=proxy\
&action=eth_getTransactionByHash\
&txhash=0xTXHASH\
&apikey=$ETHERSCAN_API_KEY"

# ─── Logs/Events API ──────────────────────
# Specific events filter karo!

# Transfer events in last 1000 blocks:
LATEST_BLOCK=$(cast block latest --field number \
    --rpc-url $MAINNET_RPC)
FROM_BLOCK=$((LATEST_BLOCK - 1000))

# Transfer event topic:
TRANSFER_TOPIC="0xddf252ad1be2c89b69c2b068fc378\
daa952ba7f163c4a11628f55a4df523b3ef"

curl "$BASE?\
module=logs\
&action=getLogs\
&fromBlock=$FROM_BLOCK\
&toBlock=latest\
&address=$TOKEN_ADDRESS\
&topic0=$TRANSFER_TOPIC\
&apikey=$ETHERSCAN_API_KEY"

#!/usr/bin/env python3
# etherscan_recon.py
# Target protocol ka automated recon!

import requests
import json
import os
from datetime import datetime

API_KEY = os.environ.get("ETHERSCAN_API_KEY")
BASE    = "https://api.etherscan.io/api"

def api_call(params):
    params["apikey"] = API_KEY
    r = requests.get(BASE, params=params)
    return r.json()

def recon_contract(address):
    print(f"\n{'='*50}")
    print(f"RECON: {address}")
    print(f"{'='*50}")

    # 1. Source code check:
    code = api_call({
        "module":  "contract",
        "action":  "getsourcecode",
        "address": address
    })
    if code["status"] == "1":
        r = code["result"][0]
        print(f"\n📋 Contract Info:")
        print(f"   Name:     {r['ContractName']}")
        print(f"   Compiler: {r['CompilerVersion']}")
        print(f"   Verified: {'Yes ✅' if r['ABI'] != 'Contract source code not verified' else 'No ❌'}")
        print(f"   Proxy:    {'Yes ⚠️' if r['Proxy'] == '1' else 'No'}")
        if r["Proxy"] == "1":
            print(f"   Impl:     {r['Implementation']}")

    # 2. ETH Balance:
    bal = api_call({
        "module":  "account",
        "action":  "balance",
        "address": address,
        "tag":     "latest"
    })
    if bal["status"] == "1":
        eth_bal = int(bal["result"]) / 1e18
        print(f"\n💰 ETH Balance: {eth_bal:.4f} ETH")

    # 3. Recent transactions:
    txns = api_call({
        "module":    "account",
        "action":    "txlist",
        "address":   address,
        "startblock":"0",
        "endblock":  "99999999",
        "sort":      "desc",
        "offset":    "10",
        "page":      "1"
    })
    if txns["status"] == "1":
        print(f"\n📊 Recent Transactions (last 10):")
        for tx in txns["result"][:5]:
            ts = datetime.fromtimestamp(
                int(tx["timeStamp"])
            ).strftime("%Y-%m-%d %H:%M")
            value = int(tx["value"]) / 1e18
            status = "✅" if tx["txreceipt_status"] == "1" else "❌"
            print(f"   {status} {ts} | "
                  f"{value:.4f} ETH | "
                  f"{tx['hash'][:20]}...")

    # 4. Failed transactions check:
    failed = [
        tx for tx in txns.get("result", [])
        if tx.get("txreceipt_status") == "0"
    ]
    if failed:
        print(f"\n⚠️  Failed TXs: {len(failed)}")
        print("   Investigate these!")

    print(f"\n{'='*50}\n")

# Usage:
if __name__ == "__main__":
    # USDC contract:
    recon_contract(
        "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
    )

Hack transaction analyze karna =
Most important skill!

Steps:
1. Hack TX hash dhundho
2. Etherscan pe dekho
3. Internal transactions trace karo
4. Tenderly mein full trace dekho
5. Root cause samjho
6. PoC likho!

Example: Reentrancy hack TX
https://etherscan.io/tx/0xHACK_HASH
Transaction Page Layout:

┌─────────────────────────────────────────────┐
│ Transaction Hash: 0xABC...                  │
│ Status: ✅ Success                          │
│ Block: 19,500,000                           │
│ From: 0xAttacker                            │
│ To:   0xVictimContract                      │
│ Value: 0 ETH                                │
│ Gas Used: 234,567                           │
├─────────────────────────────────────────────┤
│ [Input Data]                                │
│ Function: attack()                          │
│ MethodID: 0x9e5faafc                        │
└─────────────────────────────────────────────┘

"Click to see more" → Internal Transactions:

┌─────────────────────────────────────────────┐
│ Internal Transactions (reentrancy example): │
│                                             │
│ CALL  Attacker → Vault  : withdraw(1 ETH)  │
│ CALL  Vault    → Attacker: 1 ETH transfer  │
│  └─ CALL Attacker → Vault: withdraw(1 ETH) │
│      CALL Vault → Attacker: 1 ETH          │
│       └─ CALL Attacker → Vault: withdraw   │
│           CALL Vault → Attacker: 1 ETH     │
│            └─ ... (5 times!)               │
│                                             │
│ Pattern = REENTRANCY! 🚨                   │
└─────────────────────────────────────────────┘

# Contract ka storage directly read karo!
# Private variables bhi!

# ─── Basic Slot Reading ───────────────────

TARGET="0xContractAddress"
RPC=$MAINNET_RPC_URL

# Slot 0 (usually: owner ya first variable):
cast storage $TARGET 0 --rpc-url $RPC
# 0x000000000000000000000000OWNER_ADDRESS

# Address extract karo:
cast storage $TARGET 0 --rpc-url $RPC \
    | xargs -I{} cast parse-bytes32-address {}
# 0xOwnerAddress

# ─── Mapping Slots ────────────────────────
# mapping(address => uint256) at slot N
# User ka value = keccak256(user_address ++ N)

# User ka balance (mapping at slot 1):
USER="0xUserAddress"
SLOT=$(cast index address $USER 1)
echo "Mapping slot: $SLOT"

cast storage $TARGET $SLOT --rpc-url $RPC
# User ka balance!

# ─── Proxy Implementation ─────────────────

# EIP-1967 implementation slot:
IMPL_SLOT="0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc"

cast storage $TARGET $IMPL_SLOT \
    --rpc-url $RPC
# Implementation contract address!

# Admin slot:
ADMIN_SLOT="0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103"

cast storage $TARGET $ADMIN_SLOT \
    --rpc-url $RPC
# Proxy admin address!

# ─── Packed Storage ───────────────────────
# Multiple variables ek slot mein!

# Example: slot 0 = address(20 bytes) + bool(1 byte)
# address = bytes 0-19
# bool    = byte 20

RAW=$(cast storage $TARGET 0 --rpc-url $RPC)
echo "Raw slot: $RAW"
# 0x000000000000000000000001ADDRESS_HERE

# Last byte = bool value:
echo ${RAW: -2}  # Last 2 hex chars
# 01 = true, 00 = false

# ─── Brute Force Important Slots ──────────

for i in {0..10}; do
    VAL=$(cast storage $TARGET $i \
        --rpc-url $RPC 2>/dev/null)
    echo "Slot $i: $VAL"
done

# Output:
# Slot 0: 0x0000...owner_address
# Slot 1: 0x0000...total_supply
# Slot 2: 0x0000...paused_flag
# ...
# Pattern recognize karo!

Tenderly kya hai?
→ Web3 development + debugging platform
→ Transaction simulation
→ Full execution traces
→ Smart contract monitoring
→ Alerts + webhooks
→ Fork environment

URL: https://tenderly.co
Free tier: Available!

Kyun Tenderly?
→ Etherscan sirf basic info deta hai
→ Tenderly FULL trace deta hai!
→ Har opcode level detail!
→ Storage changes deta hai!
→ Gas profiling!
→ Simulation! (Mainnet state pe test!)

Security Research Mein:
→ Hack TX simulate karo
→ Storage changes step by step
→ Exact bug point identify karo
→ Fix verify karo simulation se!
→ Fork pe exploit test karo!

Account Create:

1. https://tenderly.co → Sign Up (free!)
2. Dashboard → New Project
3. Project name: "web3-security-research"
4. Create Project

Free Tier Limits:
→ 25 simulations/day
→ 5 alert rules
→ Community support
→ Public networks

Paid (Pro):
→ Unlimited simulations
→ Private forks
→ Team features
→ Priority support

For learning: Free tier enough hai! ✅

# ─── CLI Install ──────────────────────────

# npm se:
npm install -g @tenderly/cli

# Verify:
tenderly version
# tenderly version v1.x.x

# ─── Login ────────────────────────────────

tenderly login
# Browser mein open hoga
# Authorize karo!

# ─── Project Init ─────────────────────────

cd my-foundry-project
tenderly init

# prompts:
# Project slug: web3-security-research
# ✅ tenderly.yaml created!

# tenderly.yaml:
# tenderly.yaml

account_id: "your-username"
project_slug: "web3-security-research"

push:
  networks:
    - mainnet
    - sepolia

devnets: {}
# ─── Contract Push ────────────────────────
# Contracts Tenderly pe push karo
# Better debugging ke liye!

tenderly push
# Contracts verified on Tenderly!
# Now traces mein source code dikhega!

# ─── Verify Specific Contract ─────────────

tenderly verify \
    --network mainnet \
    --address 0xContractAddress

Transaction Debug Karna:

Method 1: Website se
────────────────────
1. https://dashboard.tenderly.co
2. Left sidebar → "Transactions"
3. TX hash paste karo
4. "Debug" button click karo!

Method 2: Direct URL
────────────────────
https://dashboard.tenderly.co/tx/mainnet/0xTXHASH

Method 3: CLI
─────────────
tenderly export 0xTXHASH
Tenderly Debugger Interface:

┌─────────────────────────────────────────────┐
│ Transaction: 0xABC...                       │
│ Status: Reverted ❌ / Success ✅            │
│ Gas Used: 234,567 / 300,000                 │
├─────────────┬───────────────────────────────┤
│ CALL TRACE  │  SOURCE CODE                  │
│             │                               │
│ ▶ attack()  │  function attack() {          │
│   ▶ deposit │    vault.deposit{value: 1}(); │
│   ▶ withdraw│    vault.withdraw(1 ether);   │
│     ▶ CALL  │  }                            │
│     ▶ CALL  │                               │
│     ▶ CALL  │  // ← Reentrancy here!        │
├─────────────┴───────────────────────────────┤
│ STATE CHANGES                               │
│ balances[attacker]: 0 → 1 ETH → 2 ETH      │
│ balances[victim]:   10 ETH → 9 → 8 → 7...  │
├─────────────────────────────────────────────┤
│ GAS PROFILER                                │
│ withdraw(): 45,123 gas (67%)                │
│ deposit():  23,456 gas (33%)                │
└─────────────────────────────────────────────┘

Security Research Focus:
→ State Changes tab = What changed when!
→ Call Trace = Exact execution path!
→ Revert reason = Why failed!

Simulation kya hai?
→ Mainnet state use karo
→ Apni custom transaction run karo
→ Broadcast kiye bina!
→ "Kya hoga agar..." test karo!

Security Research Use Cases:
→ Exploit simulate karo pehle!
→ Patch verify karo (kya fix kaam kiya?)
→ Edge cases test karo
→ Different block pe test karo

Tenderly Dashboard Simulation:

1. Dashboard → "Simulator" → "New Simulation"

2. Fill form:
   ┌────────────────────────────────────────┐
   │ Network:  Ethereum Mainnet             │
   │ Block:    19500000 (ya Latest)         │
   │ From:     0xYourAddress               │
   │ To:       0xContractAddress           │
   │ Value:    0.1 ETH (ya 0)              │
   │ Function: deposit()                   │
   │ Params:   (koi nahi)                  │
   └────────────────────────────────────────┘

3. "Simulate" click karo!

4. Full trace milega:
   → Execution steps
   → State changes
   → Events emitted
   → Gas used

5. Bug mila? → "Fork" button!
   → Fork create hoga
   → Is state pe experiments karo!

#!/usr/bin/env python3
# tenderly_simulate.py

import requests
import json
import os

TENDERLY_KEY     = os.environ.get("TENDERLY_API_KEY")
TENDERLY_ACCOUNT = os.environ.get("TENDERLY_ACCOUNT")
TENDERLY_PROJECT = os.environ.get("TENDERLY_PROJECT")

BASE_URL = (
    f"https://api.tenderly.co/api/v1/account/"
    f"{TENDERLY_ACCOUNT}/project/"
    f"{TENDERLY_PROJECT}"
)

HEADERS = {
    "X-Access-Key": TENDERLY_KEY,
    "Content-Type": "application/json"
}

def simulate_transaction(
    from_addr,
    to_addr,
    data,
    value=0,
    block_number=None
):
    """
    Transaction simulate karo Tenderly se!
    """
    payload = {
        "network_id": "1",           # Mainnet
        "from":       from_addr,
        "to":         to_addr,
        "input":      data,
        "value":      str(value),
        "save":       True,           # Save karo!
        "save_if_fails": True,        # Even if fails!
        "simulation_type": "full",    # Full trace!
    }

    if block_number:
        payload["block_number"] = block_number

    response = requests.post(
        f"{BASE_URL}/simulate",
        headers=HEADERS,
        json=payload
    )

    return response.json()

def analyze_simulation(result):
    """
    Simulation result analyze karo!
    """
    sim = result.get("simulation", {})

    print("\n=== SIMULATION RESULT ===")
    print(f"Status: {'✅ Success' if sim.get('status') else '❌ Reverted'}")
    print(f"Gas Used: {sim.get('gas_used', 'N/A')}")

    if not sim.get("status"):
        print(f"Revert Reason: {sim.get('error_message', 'Unknown')}")

    # State changes:
    changes = result.get("transaction", {}).get(
        "state_diff", {}
    )
    if changes:
        print("\n📊 State Changes:")
        for addr, diff in changes.items():
            print(f"\n  Contract: {addr}")
            for slot, change in diff.items():
                print(f"    Slot {slot}:")
                print(f"      Before: {change.get('original')}")
                print(f"      After:  {change.get('dirty')}")

    # Events:
    logs = result.get("transaction", {}).get(
        "logs", []
    )
    if logs:
        print(f"\n📢 Events Emitted: {len(logs)}")
        for log in logs:
            print(f"  - {log.get('name', 'Unknown')}")

    # Simulation URL:
    sim_id = sim.get("id")
    if sim_id:
        print(f"\n🔗 View: https://dashboard.tenderly.co/"
              f"{TENDERLY_ACCOUNT}/{TENDERLY_PROJECT}/"
              f"simulator/{sim_id}")

# ─── Example Usage ────────────────────────

if __name__ == "__main__":
    # USDC transfer simulate karo:
    from web3 import Web3

    # Encode function call:
    w3 = Web3()
    abi_fragment = [{
        "name": "transfer",
        "type": "function",
        "inputs": [
            {"name": "to", "type": "address"},
            {"name": "value", "type": "uint256"}
        ]
    }]
    contract = w3.eth.contract(abi=abi_fragment)
    data = contract.encodeABI(
        fn_name="transfer",
        args=[
            "0xRecipientAddress",
            1000 * 10**6  # 1000 USDC
        ]
    )

    result = simulate_transaction(
        from_addr="0xUSDC_WHALE",
        to_addr="0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
        data=data,
        block_number=19500000
    )

    analyze_simulation(result)

Tenderly Fork kya hai?
→ Mainnet ka snapshot
→ Apna private fork!
→ Real state + apni transactions
→ Broadcast nahi hoti real chain pe!
→ Experiments ke liye perfect!

Foundry ke vm.createFork() jaisa!
Lekin:
→ Persistent (restart ke baad bhi)
→ Shareable (team ke saath)
→ Web dashboard available
→ No RPC needed for basic use!
# ─── Tenderly Fork Create ─────────────────

# Dashboard se:
# 1. Tenderly Dashboard → "Forks"
# 2. "Create Fork"
# 3. Network: Mainnet
# 4. Block: 19500000
# 5. Create!
# 6. Fork RPC URL copy karo!

# CLI se:
tenderly devnet spawn-rpc \
    --project web3-security-research \
    --template mainnet

# Output:
# DevNet RPC: https://rpc.tenderly.co/fork/YOUR_FORK_ID

# ─── Fork Ke Saath Foundry Use Karo ───────

# foundry.toml mein add karo:
[rpc_endpoints]
tenderly_fork = "https://rpc.tenderly.co/fork/YOUR_ID"
# Tests run karo Tenderly fork pe:
forge test \
    --fork-url $TENDERLY_FORK_URL \
    -vvvv

# Ya script:
forge script script/Exploit.s.sol \
    --rpc-url $TENDERLY_FORK_URL \
    --broadcast

# Tenderly dashboard mein:
# → Sari transactions visible!
# → Full traces available!
# → State changes color coded!

# Euler Finance Hack — $197M (March 2023)
# Hack TX analyze karte hain!

HACK_TX="0xc310a0affe2169d1f6feec1c63dbc7f7c62a887521"
# (Simplified hash — real hash longer)

# ─── Step 1: Etherscan pe dekho ───────────

# https://etherscan.io/tx/0xHACK_TX
# Internal transactions tab:
# Flash loan → Donate → Liquidate → Profit!

# ─── Step 2: cast se analyze ──────────────

cast tx $HACK_TX \
    --rpc-url $MAINNET_RPC

# Output:
# from:   0xb66cd966670d962C227B3EABA30a872DbFb995db
# to:     0xb66cd9... (Euler exploit contract)
# value:  0
# input:  0x... (complex calldata)

# ─── Step 3: Trace decode ─────────────────

cast run $HACK_TX \
    --rpc-url $MAINNET_RPC \
    --trace
# Full execution trace!
# Each CALL, SSTORE, SLOAD visible!

# ─── Step 4: Tenderly mein open karo ──────

# https://dashboard.tenderly.co/tx/mainnet/0xHACK_TX

# Tenderly trace mein dikhega:
# 1. EulerExploit.attack() called
# 2. DToken.donateToReserves() ← Bug here!
# 3. Violator position created
# 4. Liquidation executed
# 5. Massive profit extracted!

# Root cause:
# donateToReserves() ne
# health factor check nahi kiya!
# Attacker apna loan donate kiya
# → Underwater position bana
# → Self-liquidate kiya
# → Liquidation bonus steal kiya!

# ─── Step 5: Foundry mein PoC ─────────────

forge test \
    --match-test "test_eulerExploit" \
    --fork-url $MAINNET_RPC \
    --fork-block-number 16817995 \
    -vvvv
# Block number = 1 block before hack!

#!/bin/bash
# recon.sh
# Complete target recon script!

TARGET=$1
# Usage: ./recon.sh 0xContractAddress

echo "╔══════════════════════════════════╗"
echo "║   Web3 Security Recon Tool      ║"
echo "╚══════════════════════════════════╝"
echo "Target: $TARGET"
echo ""

RPC=$MAINNET_RPC_URL

# ─── 1. Basic Info ────────────────────────
echo "📋 [1/6] Basic Information"

# Code exists?
CODE=$(cast code $TARGET --rpc-url $RPC)
if [ "$CODE" = "0x" ]; then
    echo "   ⚠️  EOA — Not a contract!"
    exit 1
fi

# Code size:
SIZE=$(cast codesize $TARGET --rpc-url $RPC)
echo "   Code size: $SIZE bytes"

# ETH balance:
BAL=$(cast balance $TARGET \
    --ether --rpc-url $RPC)
echo "   ETH balance: $BAL ETH"

# ─── 2. Contract Metadata ─────────────────
echo ""
echo "📝 [2/6] Contract Metadata"

# Try owner():
OWNER=$(cast call $TARGET \
    "owner()(address)" \
    --rpc-url $RPC 2>/dev/null)
if [ ! -z "$OWNER" ]; then
    echo "   Owner: $OWNER"
fi

# Try paused():
PAUSED=$(cast call $TARGET \
    "paused()(bool)" \
    --rpc-url $RPC 2>/dev/null)
if [ ! -z "$PAUSED" ]; then
    echo "   Paused: $PAUSED"
fi

# Proxy check (EIP-1967):
IMPL_SLOT="0x360894a13ba1a3210667c828492db98\
dca3e2076cc3735a920a3ca505d382bbc"
IMPL=$(cast storage $TARGET $IMPL_SLOT \
    --rpc-url $RPC 2>/dev/null)
if [ "$IMPL" != "0x0000000000000000000000000000000000000000000000000000000000000000" ]; then
    echo "   ⚠️  PROXY DETECTED!"
    echo "   Implementation: $IMPL"
fi

# ─── 3. Storage Slots ─────────────────────
echo ""
echo "🗄️  [3/6] Storage Slots (0-5)"

for i in {0..5}; do
    VAL=$(cast storage $TARGET $i \
        --rpc-url $RPC 2>/dev/null)
    echo "   Slot $i: $VAL"
done

# ─── 4. Slither Quick Scan ────────────────
echo ""
echo "🐍 [4/6] Slither Quick Scan"

# Download source from Etherscan:
slither $TARGET \
    --etherscan-apikey $ETHERSCAN_API_KEY \
    --exclude-informational \
    --exclude-low \
    2>&1 | tail -20

# ─── 5. Recent Activity ───────────────────
echo ""
echo "📊 [5/6] Recent Transactions"

curl -s "https://api.etherscan.io/api?\
module=account&action=txlist\
&address=$TARGET\
&sort=desc&offset=5&page=1\
&apikey=$ETHERSCAN_API_KEY" \
| python3 -c "
import json, sys
from datetime import datetime
d = json.load(sys.stdin)
txs = d.get('result', [])
for tx in txs[:5]:
    ts = datetime.fromtimestamp(
        int(tx['timeStamp'])
    ).strftime('%Y-%m-%d %H:%M')
    val = int(tx['value'])/1e18
    st = '✅' if tx['txreceipt_status']=='1' else '❌'
    print(f'   {st} {ts} {val:.3f}ETH {tx[\"hash\"][:16]}...')
"

# ─── 6. Summary ───────────────────────────
echo ""
echo "╔══════════════════════════════════╗"
echo "║           RECON SUMMARY         ║"
echo "╠══════════════════════════════════╣"
echo "║ Target:  $TARGET    ║"
echo "║ Balance: $BAL ETH          ║"
echo "╚══════════════════════════════════╝"
echo ""
echo "Next Steps:"
echo "  1. Tenderly mein TX traces dekho"
echo "  2. Mythril deep scan karo"
echo "  3. Manual code review karo"
echo "  4. Foundry mein PoC likho!"

🔍 Etherscan:
   Contract tab → Source code!
   Read Contract → State variables
   Read as Proxy → Proxy state!
   Internal Txns → Contract calls!
   Events tab → Admin actions!

   API endpoints:
   getsourcecode → ABI + Code
   txlist        → TX history
   getLogs       → Events filter
   getabi        → ABI only

🔑 Storage Reading:
   cast storage ADDR SLOT → Raw value
   cast index address USER SLOT → Mapping!
   EIP-1967 impl slot → Proxy detection

🚀 Tenderly:
   Transaction Debugger → Full traces!
   Simulator → Test without broadcasting!
   Fork → Private test environment!
   CLI → tenderly push/export

   Key features:
   → Step-by-step execution
   → State changes visualization
   → Gas profiling
   → Revert reason
   → Source code mapping

🔄 Complete Workflow:
   1. Etherscan → Basic recon
   2. Storage slots → Hidden state
   3. Tenderly Simulator → Test
   4. Tenderly Fork → Exploit test
   5. Slither scan → Static analysis
   6. Foundry PoC → Confirm bug

🎯 Hack Analysis Workflow:
   1. Hack TX on Etherscan
   2. Internal txns trace
   3. Tenderly full trace
   4. Root cause identify
   5. Foundry fork reproduce
   6. Write report!

Ek story:

2022 mein Wormhole hack hua — $320M!

Hack ke 2 ghante baad:

Researcher A ne kya kiya:
→ Etherscan pe hack TX dhundha
→ Internal transactions dekha
→ Tenderly mein simulate kiya
→ Root cause: Signature bypass!
→ Detailed thread Twitter pe
→ 50,000 followers overnight!

Researcher B ne kya kiya:
→ News padhi
→ "Bahut bura hua" bola
→ Soy gaya

Difference:
Researcher A ke paas tools tha!
Etherscan + Tenderly = Complete picture!

Aaj tum ne seekha:
→ Etherscan recon
→ API automation
→ Storage slots read karna
→ Tenderly simulation
→ Tenderly fork
→ Hack TX analyze karna

Yeh skills = Hack ke baad
sabse pehle samajhne waale
researchers mein se ek!

Phase 2 (Tools) COMPLETE!
Agle phase mein:
RECON & METHODOLOGY!
Web3 targets kaise dhundhte aur
analyze karte hain — professional way!