You found a contract holding $4M. Etherscan shows the balance, the transactions, the token transfers. What it does not show is a single line of source code. The "Contract" tab just says: this contract has not been verified.
Now what? You can still audit it. The bytecode is right there on chain, fully public, and the EVM has no secrets from you. This post walks through reading deployed bytecode by hand, recovering function selectors, matching them against signature databases, and reconstructing a usable ABI with viem and whatsabi. By the end you will know exactly what you can recover and what is gone forever.
Step 1: Fetch the Deployed Bytecode
Every deployed contract exposes its runtime bytecode through the eth_getCode RPC method. With viem, that is one call:
import { createPublicClient, http } from "viem";
