approval-audit

> **${var}** — Wallet address (`0x...`) on Base to audit. Required. If empty, log `APPROVAL_AUDIT_NO_TARGET` and exit cleanly (no notify). Answers "what can drain this wallet?" — every ERC-20 `approve()` a wallet has granted that is **still live**, with unlimited allowances flagged. Token approvals are the #1 wallet-drain vector: a forgotten unlimited approval to a malicious or exploited contract lets it move your full balance at any time. Runs **keyless** entirely on the Base RPC — reads `Approval` event logs, then confirms each grant's *current* allowance, so revoked or fully-spent approvals are excluded. Read the last 2 days of `memory/logs/` so a repeat audit can note newly-granted or newly-revoked approvals. ## Config - Target wallet = `${var}`. Chain = Base (`chainid=8453`, explorer `basescan.org`). - `BASE_RPC_URL` — optional; defaults to a public Base RPC (`https://mainnet.base.org`). Any standard JSON-RPC endpoint works. ## Steps ### 1. Find the current block ```bash OWNER="${var}" RPC="${BASE_RPC_URL:-https://mainnet.base.org}" HEAD=$(curl -m 10 -s -X POST "$RPC" -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"eth_blockNumber","params":[]}' | jq -r '.result') ``` ### 2. Fetch Approval events for the owner (chunked) The ERC-20 `Approval(owner,spender,value)` event has topic0 `0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925`; the owner is indexed in **topic1** (left-padded to 32 bytes). Scan a recent window (...