The previous parts of this series were written from a comfortable distance. I read the Trend Micro diagrams about Shai-Hulud, I theorised about Docker network egress and rolling keys, and I lectured everyone about phishing training while quietly assuming it would happen to other people's repositories. The universe, being the comedian it is, decided to file a pull request against sebs/etherscan-api to correct that assumption.

This one is worth a writeup precisely because it is small. No worm, no self-replicating bash, no 200-line obfuscated payload. Six lines added, three removed, across two files. If you reviewed it at 23:00 with one eye open, you would merge it. That is the whole point of it, and that is why it belongs in this series.

The bait

The PR arrived titled refactor: replace manual multicall with ethers-multicall-utils. The description is a thing of beauty in the way that all good lies are tidy:

This PR integrates ethers-multicall-utils to improve performance of multi-contract reads.