Transaction overview
The overview tab shows status, block, timestamp, from, to, value, and fee. Success means the top-level call did not revert. Failed transactions include a revert reason when the contract uses modern Solidity errors or revert strings.
- From: the signer. To: recipient or contract called. Value: ETH sent with the call.
- Transaction action: Etherscan's label (e.g. 'Call Approve') — verify against decoded input.
- Nonce links to the account's ordering — see the nonces article for stuck txs.
Input data and decoded calls
Input data is calldata: 4-byte function selector plus ABI-encoded arguments. Verified contracts show a decoded view. Cross-check the selector with the ABI — mismatches mean you are interacting with a different function than the UI claimed.
- selector = first 4 bytes of keccak256('transfer(address,uint256)').
- Proxy contracts may show implementation ABI only after verification linkage.
- Fallback/receive-only calls have empty or non-standard input.
// transfer(address,uint256) selector = 0xa9059cbb
// Always compare UI intent vs decoded function name + argsLogs, token transfers, and internals
A single transaction can emit many events and trigger internal calls. Token transfers tab lists ERC20/721/1155 movements. Internal transactions show ETH moves via call/delegatecall. The full picture often matters more than the top-level value field.
- Approval events precede transferFrom pulls — trace DeFi flows through logs.
- Internal txs are not separate transactions — no extra nonce consumed.
- Contract creation appears as 'to' empty with contract address in receipt.
Contract tab essentials
Read Contract exposes view functions. Write Contract connects your wallet for mutations — treat it like signing any dapp tx. Code tab shows verified source; unverified bytecode is a yellow flag. Read the proxy note — implementation may live at a different address.
- Constructor arguments are appended to creation bytecode — verification needs them.
- Similar match verification means same bytecode, unknown source — still risky.
- Check owner(), admin(), and paused() before interacting with unknown contracts.
Token and approval pages
Holders, transfers, and contract metadata help assess legitimacy. Max total supply and mint functions matter for inflation risk. For NFTs, read tokenURI on a sample tokenId. Track your approvals under More → Token Approvals (or third-party revoke tools).
- Mintable ERC20 from an EOA owner is common for new projects — check who owns mint.
- Honeypots often block sells in code — simulate sell before buying.
- Fake tokens mimic names/symbols — trust address, not ticker.
Investigation workflow
Build a habit: (1) confirm chain and address, (2) read decoded input, (3) scan logs and token transfers, (4) skim verified source for owner powers and pause, (5) check recent deployer activity. Five minutes on Etherscan prevents most preventable losses.
- Deployer wallet history reveals serial scammers or fresh burners.
- Timelock + Governor ownership is healthier than a single EOA admin.
- Bookmark exact contract URLs — do not trust search results.
