d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a6d3cfc7f765252f92066b511c898e957ebc546
proxmox/docs/07-ccip/BSCSCAN_SUPPORT_DD_0xe0E932_BSC.md
defiQUG 2a6d3cfc7f
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
Update submodule references and improve CI workflow 
- Update submodule references for explorer-monorepo and smom-dbis-138 to latest commits.
- Modify CI workflow to include shellcheck installation and enforce error severity for script checks.
- Update contract addresses in configuration and documentation to reflect the new canonical addresses for CCIPWETH9Bridge and CCIP Router.
- Revise integration test documentation to align with updated contract addresses and deployment statuses.

Made-with: Cursor
2026-03-24 22:50:52 -07:00

10 KiB
Raw Blame History

BscScan support package — due diligence

Contract (BNB Smart Chain, chain id 56): 0xe0E93247376aa097dB308B92e6Ba36bA015535D0
Explorer: bscscan.com/address/0xe0e93247376aa097db308b92e6ba36ba015535d0
Purpose: Evidence and narrative for BscScan support / token update review (impersonation warning, # Suspicious, Suspicious_Token20774).

Prepared: 2026-03-25 (repo snapshot). Refresh on-chain dates and balances when submitting.

1. Executive summary

  • The contract on BSC is a verified WETH token: standard WETH9-style wrap/unwrap of native BNB (deposit/withdraw), not a honeypot masquerading as unrelated bytecode.
  • Name/symbol on-chain are Wrapped Ether / WETH, which triggers BscScans impersonation heuristics because the commonly expected “WETH” on BSC is the Binance-Peg / canonical bridged ETH token at a different address (see section 5).
  • The deployer is the projects known deployment key: 0x4A666F96fC8764181194447A7dFdb7d471b301C8 (used across this repository for Chain 138 and CCIP-related deployments).
  • Important nuance: The same 0x address on another chain can be a different contract. On Chain 138 and Ethereum mainnet, 0xe0E932… is documented in this project as CCIPWETH10Bridge (different bytecode than the BSC WETH.sol instance). BscScans page reflects BSC bytecode only — verified as WETH.sol.

Ask to BscScan (suggested): Review for false positive impersonation; consider official nametag or token profile clarifying “project-deployed wrapped native for CCIP/relay — not Binance-Peg WETH”; optionally suggest distinct display name if policy allows (on-chain strings may remain unchanged unless redeployed).

2. On-chain facts (BSC) — verify before sending

Item Value / action
Address 0xe0E93247376aa097dB308B92e6Ba36bA015535D0
Verification Contract source verified (exact match). Compiler v0.8.20+commit.a1b79de6, optimizer 200 runs, london.
Contract name (verification) WETH
Token strings name = Wrapped Ether, symbol = WETH, decimals = 18
Creator 0x4A666F96fC8764181194447A7dFdb7d471b301C8
Creation tx 0xf98a95e8c8399aeee513f874780e9896759124e9be3bfe5fd3a3882c67208d71 (confirm on BscScan)
BscScan UI Impersonation banner; tags e.g. Suspicious_Token20774, # Suspicious

Re-check holder count, liquidity, and recent transfers on BscScan before submission; paste screenshots into the ticket if useful.

3. Source code provenance (repository)

The verified source matches the projects WETH.sol (WETH9-style wrapper). Reference copy:

  • File: smom-dbis-138/contracts/tokens/WETH.sol
  • NatSpec states intent for ChainID 138 in the comment; on BSC the same artifact was deployed for wrapped native interoperability (comment is chain-specific wording, deployment is multi-chain).

Behavior (high level):

  • deposit() / receive() credit balanceOf with msg.value (wrap native).
  • withdraw(uint256) sends native back (unwrap).
  • totalSupply() returns address(this).balance.
  • Standard transfer / transferFrom / approve with allowance handling.

No admin mint, no proxy upgrade hooks in this file — ordinary non-upgradeable wrapper pattern.

4. Same address, different chains (clarification for reviewers)

EVM addresses are per-chain. Equal hex across chains does not imply equal bytecode.

Network Role of 0xe0E93247376aa097dB308B92e6Ba36bA015535D0 in project docs
BSC (56) WETH.sol-style token (BscScan verification). Relay config references this address on BSC as destination wrapped asset (see section 6).
Chain 138 CCIPWETH10Bridgecontracts/ccip/CCIPWETH10Bridge.sol (different contract than BSC bytecode). See docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md.
Ethereum (1) CCIPWETH10Bridge at same hex per smom-dbis-138/docs/deployment/CONTRACT_OWNERSHIP_VERIFICATION.md.

Polygon (137): Project docs list WETH9 at the same 0xe0e932… address (another chain, wrapper deployment — confirm on Polygonscan if cited to BscScan).

This explains why Etherscan may show a bridge at 0xe0… while BscScan shows WETH: different chains, different deployed bytecode at the colliding address.

5. Canonical “WETH” on BSC (contrast)

Widely used Binance-Peg Ethereum / BSC WETH (bridged ETH representation) is not this contract. Example reference used in this repos routing/config context:

  • BSC WETH (canonical / widely listed): 0x2170Ed0880ac9A755fd29B2688956BD959F933F8 (verify against your token lists and BscScans official listings).

Our position: 0xe0E932… on BSC is a separate, project-deployed wrapper using WETH9-like name/symbol for cross-chain naming parity, not a claim to be the official Binance-Peg WETH contract.

6. Internal configuration (evidence of legitimate use)

Relay / destination asset (BSC)smom-dbis-138/services/relay/.env.bsc (template in repo):

  • DEST_CHAIN_ID=56
  • DEST_WETH9_ADDRESS=0xe0E93247376aa097dB308B92e6Ba36bA015535D0
  • RELAYER_ADDRESS=0x4A666F96fC8764181194447A7dFdb7d471b301C8

Canonical project config:

  • config/contract-addresses.conf: ADDR_CCIPWETH10_BRIDGE="0xe0E93247376aa097dB308B92e6Ba36bA015535D0" (Chain 138 bridge address — same hex, different chain than BSC token).

Public-facing / operator docs (non-exhaustive):

  • docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md — CCIPWETH10Bridge on 138
  • docs/11-references/ADDRESS_MATRIX_AND_STATUS.md
  • docs/07-ccip/CCIP_SECURITY_DOCUMENTATION.md, CCIP_SENDER_CONTRACT_REFERENCE.md
  • docs/04-configuration/METAMASK_CONFIGURATION.md — bridge interactions on 138 (same hex as bridge, not BSC token)

7. Ownership and control

  • WETH.sol has no owner/admin in code (see CONTRACT_OWNERSHIP_VERIFICATION.md pattern for other chains: “No ownership (standard ERC20)” for WETH9 deployments).
  • Deployer 0x4A66… is the consistent project deployer across CCIP and token scripts (see workspace operator docs).

If BscScan requests proof of control: sign a message or complete contract ownership flows they specify; verified source already ties bytecode to published Solidity.

8. Risk and honesty (for support and users)

  • Users must never trust symbol “WETH” alone on BSC — always verify contract address against the projects published lists.
  • The team acknowledges the naming collision with widely known WETH branding; ideal long-term mitigation is distinct on-chain name/symbol on future deployments (requires new contract, migration, and integrator updates).
  • This DD is not legal or investment advice and does not guarantee BscScan will remove any flag.

9. Suggested token profile text (token update form)

Adapt to BscScan character limits and policies:

Project: [Your legal/project name]
Description: Project-deployed WETH9-style wrapped native BNB for CCIP/relay and cross-chain testing. Not Binance-Peg Ethereum (0x2170…933F8). Do not confuse with official BSC bridged WETH.
Website / docs: [Link to public doc listing this BSC address explicitly]
Social: [Official channels]

Link directly to this file or a public mirror that lists BSC 0xe0E932… as intentional.

10. Evidence checklist (attach to ticket)

  • Link to BscScan contract + Read Contract name/symbol/decimals
  • Creation transaction link
  • Verified source screenshot or link
  • Deployer address and short bio (same as Chain 138 / CCIP docs)
  • Contrast: canonical BSC WETH 0x2170… vs this address (table)
  • Optional: GitHub or public repo path to smom-dbis-138/contracts/tokens/WETH.sol (if repository is public)
  • Optional: Signed message from deployer per BscScan instructions

11. Draft message to BscScan support (template)

Subject: Token review — impersonation false positive — 0xe0E93247376aa097dB308B92e6Ba36bA015535D0 (BSC)

Body (edit placeholders):

Hello BscScan team,

We request review of the impersonation / suspicious flags on contract 0xe0E93247376aa097dB308B92e6Ba36bA015535D0 (BSC).

Facts:

  • Contract is verified as a standard WETH9-style wrapper (deposit/withdraw native BNB); source matches our published WETH.sol.
  • Deployer: 0x4A666F96fC8764181194447A7dFdb7d471b301C8 (consistent across our CCIP deployments).
  • We are not claiming to be Binance-Peg WETH (0x2170Ed0880ac9A755fd29B2688956BD959F933F8). The on-chain name/symbol reuse is for cross-chain parity; we understand this collides with user expectations on BSC.
  • Note: the same hex address on Ethereum/Chain 138 points to different bytecode (our CCIP bridge). BSC shows only the WETH wrapper.

Ask: Reassess the impersonation classification; if appropriate, add an official nametag or allow an updated token profile clarifying “project wrapped BNB — not official BSC WETH.”

Evidence: [links + attachments].

Thank you.

12. References in this repository

Document Relevance
smom-dbis-138/contracts/tokens/WETH.sol BSC-verified source match
smom-dbis-138/contracts/ccip/CCIPWETH10Bridge.sol Bridge on other chains at same hex
config/contract-addresses.conf Chain 138 bridge hex
smom-dbis-138/services/relay/.env.bsc BSC destination wrapped asset
docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md Chain 138 address matrix
smom-dbis-138/docs/deployment/CONTRACT_OWNERSHIP_VERIFICATION.md Deployer / multi-chain table
docs/11-references/TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md Deploy-all / WETH deploy behavior

Document maintainer: Update after any redeploy, rename, or BscScan decision; keep public-facing address list in sync.

Reference in New Issue View Git Blame Copy Permalink