Case Studies

"The blockchain leaves a trail; tools like Etherscan and Dune Analytics help you follow it. Knowledge is the true currency of DeFi!"

To understand how Etherscan and Dune Analytics work in real-world scenarios, let’s take an example of analyzing a wallet’s activity. This case will guide you step-by-step to track a wallet address, its transactions, and its broader activity trends.

---

Scenario 1: Investigating Wallet Activity

Suppose you are a DeFi enthusiast and notice a wallet address (0x1234...abcd) being referenced in a Telegram group. The group claims it belongs to a whale making significant moves in the decentralized exchange (DEX) Uniswap. You want to:

1. Verify the wallet's activity.

2. Track its historical transactions.

3. Analyze its interactions with smart contracts and protocols.

4. Identify broader trends, such as trading patterns or token holdings.

---

Step 1: Using Etherscan to Track Transactions

1. Search the Wallet Address:

   • Go to Etherscan.

   • Enter the wallet address 0x1234...abcd in the search bar.

2. View Transaction History:

   • The wallet's transaction page shows a chronological list of all activity.

   • For each transaction, you can view:

     • Transaction Hash: Unique identifier.

     • Block Number: When the transaction was processed.

     • From/To Address: Sender and recipient.

     • Value: Amount of ETH or tokens transferred.

     • Gas Fee: Cost of the transaction.

3. Filter Transactions:

   • Use filters like "ERC-20 Token Transfers" to focus on specific activities, such as token swaps or staking.

4. Smart Contract Interactions:

   • If the wallet interacts with a DEX, click on the To Address of the transaction. This will often lead to a contract page (e.g., Uniswap’s smart contract).

   • Analyze the transaction’s input data to understand what action the wallet performed (e.g., swapping ETH for USDT).

---

Insights Gained from Etherscan:

• The wallet has interacted with Uniswap multiple times, swapping large amounts of ETH for stablecoins.

• It holds a balance of 100,000 USDT, suggesting it may be preparing for another major trade.

• It has staked tokens in a DeFi protocol like Aave.

---

Step 2: Using Dune Analytics for Broader Insights

1. Explore Pre-Built Dashboards:

   • Visit Dune Analytics.

   • Search for dashboards related to Uniswap or whale wallet activity. You may find public dashboards tracking top traders or large transactions.

2. Query Wallet Data:

   • Use SQL to query specific data. For instance:

     sqlCopiar códigoSELECT 
       tx_hash, 
       block_time, 
       from_address, 
       to_address, 
       value
     FROM 
       ethereum.transactions
     WHERE 
       from_address = '0x1234...abcd' OR to_address = '0x1234...abcd';

3. Analyze Token Movements:

   • Create a chart showing token inflows and outflows over time.

   • Visualize the wallet's interactions with specific DEXs or protocols.

4. Track Trading Patterns:

   • Use the dashboard to observe if the wallet has recurring behavior, like buying during dips or selling after price spikes.

---

Insights Gained from Dune Analytics:

• The wallet frequently swaps stablecoins for ETH during market dips, indicating strategic trading.

• It interacts with multiple DeFi protocols, diversifying its staking and liquidity pool investments.

• Token movement charts show periodic large inflows, suggesting possible external funding or profit-taking.

---

Key Findings from the Investigation:

1. Wallet Overview:

   • A whale actively trading on Uniswap.

   • Significant holdings in stablecoins and ETH.

2. Trading Behavior:

   • Strategic buying and selling based on market trends.

   • Regular participation in liquidity pools for passive income.

3. Broader Activity:

   • High gas fees suggest frequent and substantial transactions.

   • Patterns reveal the wallet’s strategy of using stablecoins to stabilize profits.

---

Scenario 2: Investigating a Smart Contract for Vulnerabilities

In this scenario, we’ll analyze a smart contract for potential weaknesses or vulnerabilities. This process is vital for developers, auditors, and DeFi enthusiasts to ensure that funds are secure and the protocol operates as intended.

---

Context:

Suppose you are exploring a new DeFi project called FastSwap, which promises high returns. The project’s smart contract is available on Etherscan, but you want to verify its safety before investing. You’ll examine the contract for common vulnerabilities like reentrancy attacks, excessive privileges, or hardcoded backdoors.

---

Step 1: Access the Smart Contract

1. Find the Contract:

   • On Etherscan, locate the contract address for FastSwap.

   • Navigate to the “Contract” tab to view the source code (if verified).

2. Download the Code:

   • Copy the verified code and paste it into a Solidity development tool like Remix for analysis.

---

Step 2: Analyze the Code

1. Check for Reentrancy Vulnerabilities

• Look for external calls within payable functions, such as:

  solidityCopiar códigofunction withdraw(uint _amount) public {
      require(balances[msg.sender] >= _amount);
      (bool success, ) = msg.sender.call{value: _amount}("");
      require(success, "Transfer failed");
      balances[msg.sender] -= _amount;
  }

• Red Flag: External calls (e.g., msg.sender.call) before state updates (balances[msg.sender] -= _amount) can lead to reentrancy attacks.

• Fix: Use checks-effects-interactions pattern:

  solidityCopiar códigofunction withdraw(uint _amount) public {
      require(balances[msg.sender] >= _amount);
      balances[msg.sender] -= _amount;
      (bool success, ) = msg.sender.call{value: _amount}("");
      require(success, "Transfer failed");
  }

2. Examine Ownership and Privileges

• Look for functions marked onlyOwner or admin:

  solidityCopiar códigofunction setFee(uint _fee) public onlyOwner {
      fee = _fee;
  }

• Red Flag: Centralized control over critical parameters like fees or withdrawal limits.

• Fix: Replace centralized ownership with a multi-signature wallet or DAO governance:

  solidityCopiar códigofunction setFee(uint _fee) public {
      require(msg.sender == multiSigWallet);
      fee = _fee;
  }

3. Check for Hardcoded Backdoors

• Look for suspicious code that transfers funds to an arbitrary address:

  solidityCopiar códigofunction emergencyWithdraw() public onlyOwner {
      msg.sender.transfer(address(this).balance);
  }

• Red Flag: Functions that allow the owner to withdraw all funds without restrictions.

• Fix: Add checks and multi-sig approval for emergency withdrawals:

  solidityCopiar códigofunction emergencyWithdraw() public {
      require(msg.sender == multiSigWallet, "Not authorized");
      require(block.timestamp > emergencyTimeLock, "Time lock active");
      multiSigApproval();
      msg.sender.transfer(address(this).balance);
  }

4. Inspect Arithmetic Operations

• Check for integer overflows/underflows in calculations:

  solidityCopiar códigouint public totalSupply;
  function mint(uint _amount) public {
      totalSupply += _amount; // Potential overflow
  }

• Red Flag: Missing safe arithmetic functions.

• Fix: Use SafeMath or Solidity >= 0.8’s built-in checks:

  solidityCopiar códigofunction mint(uint _amount) public {
      totalSupply = totalSupply + _amount;
  }

5. Validate Token Standards

• Ensure compliance with ERC-20/ERC-721 standards:

  • transfer() and transferFrom() functions should revert on failure.

  • Prevent approve() from overwriting allowance without resetting to zero.

---

Step 3: Simulate the Contract

1. Use Remix IDE:

   • Deploy the contract on a testnet or Remix Virtual Machine.

   • Test functions like deposits, withdrawals, and admin controls for expected behavior.

2. Simulate Edge Cases:

   • Withdraw funds repeatedly to test for reentrancy.

   • Exceed balances or allowances to test for under/overflow handling.

---

Step 4: Use Automated Tools

Static Analysis Tools:

• MythX: Detect reentrancy, access control issues, and logic flaws.

• Slither: Perform static analysis to identify known patterns of vulnerabilities.

Dynamic Testing:

• Echidna: Run fuzz tests to find unexpected behaviors.

• Brownie: Test complex interactions in Python-based frameworks.

---

Step 5: Summarize Findings

After analyzing the FastSwap contract:

• Identified Issues:

  • Vulnerable to reentrancy in the withdraw() function.

  • Centralized control over fees without multi-sig protection.

  • Hardcoded emergency withdrawal for the owner.

• Recommendations:

  • Apply the checks-effects-interactions pattern to fix reentrancy.

  • Implement multi-signature governance for critical functions.

  • Remove centralized backdoor functions.

---

Scenario 3: Evaluating Tokenomics and Sustainability of a New Token

In this scenario, you are analyzing a new token called EcoToken, which claims to support environmental sustainability through decentralized finance. Your goal is to assess its tokenomics, distribution model, and overall sustainability to determine whether it is a promising and ethical investment.

---

Step 1: Analyze the Tokenomics

1. Review the Whitepaper:

   • Locate and download the whitepaper from the official website.

   • Focus on the token's purpose, utility, and governance structure.

2. Check the Token Distribution:

   • Look for details on token allocation:

     • Team Allocation: Ideally less than 20% to avoid centralization.

     • Public Sale: Sufficient tokens allocated to ensure decentralization.

     • Community Incentives: Clear mechanisms for staking, rewards, or other participation.

   Example from EcoToken:

   plaintextCopiar códigoTotal Supply: 1 Billion Tokens
   - Team: 15%
   - Public Sale: 50%
   - Community Rewards: 20%
   - Liquidity Pool: 10%
   - Partnerships: 5%

3. Examine Token Utility:

   • What is the token used for?

     • Payment for carbon offsets.

     • Governance of environmental projects.

     • Staking for rewards in green energy investments.

   • Ensure the utility aligns with its purpose and is not solely speculative.

4. Assess Inflation or Deflation Models:

   • Does the token have a burn mechanism or minting process?

   • EcoToken burns 1% of every transaction to reduce supply and incentivize holding:

     solidityCopiar códigofunction _transfer(address sender, address recipient, uint256 amount) internal {
         uint256 burnAmount = amount / 100; // 1%
         _burn(sender, burnAmount);
         _balances[recipient] += (amount - burnAmount);
     }

---

Step 2: Evaluate the Governance Model

1. Review Decentralization:

   • Are decisions made by a DAO (Decentralized Autonomous Organization)?

   • Does EcoToken allow token holders to vote on fund allocation or environmental initiatives?

2. Examine Voting Power:

   • Ensure that voting is not overly centralized. For example, 1 token = 1 vote might be fair, but mechanisms should exist to prevent whales from dominating decisions.

3. Audit Smart Contract Governance:

   • Check the DAO's smart contract for vulnerabilities, such as:

     • Lack of quorum requirements.

     • Centralized admin privileges.

---

Step 3: Investigate the Sustainability Claims

1. Verify Environmental Partnerships:

   • Contact listed partners (e.g., NGOs, renewable energy providers) to confirm their involvement.

   • Cross-check the credibility of these organizations.

2. Evaluate Project Transparency:

   • Is there a public dashboard showing funds allocated to green projects?

   • EcoToken offers a "Green Chain Explorer" to track every transaction related to environmental initiatives.

3. Inspect the Impact Metrics:

   • Metrics such as the number of carbon offsets purchased, renewable energy projects funded, or trees planted should be clearly defined and publicly verified.

---

Step 4: Investigate Market Behavior

1. Analyze Liquidity:

   • Use tools like Etherscan or Dextools to examine liquidity pool size and lock duration.

   • Example:

     plaintextCopiar códigoLiquidity Pool: $2M
     Locked Duration: 1 Year

2. Check for Whales:

   • Use Etherscan to identify large holders. If a single wallet holds more than 20% of tokens, it may pose a risk.

3. Inspect Price History:

   • Analyze the token's price chart for pump-and-dump patterns. Sudden, sharp rises followed by steep declines are red flags.

---

Step 5: Use Blockchain Analysis Tools

1. Etherscan:

   • Look for any unusual transactions, such as large token movements to centralized exchanges (CEXs), indicating potential dumps.

2. Dune Analytics:

   • Build dashboards to track:

     • Token distribution over time.

     • The number of active wallets.

     • Volume trends for EcoToken.

3. Smart Contract Scanners:

   • Use tools like Slither or MythX to identify vulnerabilities in EcoToken's contract:

     • Hidden minting functions.

     • Unauthorized privilege escalations.

---

Step 6: Summarize Findings

Strengths:

• Clear and transparent tokenomics with community-focused allocation.

• Burn mechanism supports deflation and long-term value.

• Verified partnerships with credible environmental organizations.

Weaknesses:

• Potential centralization risk if DAO governance is not robust.

• Liquidity lock duration of 1 year may be too short for sustainability.

Recommendations:

• Strengthen governance by introducing quadratic voting to prevent whale dominance.

• Extend liquidity lock duration to 3 years to build investor trust.

• Increase transparency through more detailed impact reports.