Wildcards and Raw Signatures
Learning Objective
Master wildcard patterns and understand when to use raw signatures for disambiguation
Function Wildcard
watchRule:
{
"expressions": [
"system.invoked(tx1.AavePool.F.*)"
]
}Matches any function call on Aave pool contract using the asterisk (*) wildcard
Event Wildcard
watchRule:
{
"expressions": [
"system.emitted(tx1.UniswapV2Pair.E.*)"
]
}Matches any event emitted from Uniswap V2 pair contract using the asterisk (*) wildcard
Internal Transaction Wildcard
watchRule:
{
"expressions": [
"system.invoked(tx1.itx1.CompoundCToken.F.*)"
]
}Matches any function call in internal transaction on Compound cToken using wildcard syntax
Raw Function Signature
watchRule:
{
"expressions": [
"system.invoked(tx1.WETH.F.0xa9059cbb)"
]
}Targets specific WETH transfer function using 4-byte hex selector for precise identification
Raw Event Signature
watchRule:
{
"expressions": [
"system.emitted(tx1.DAI.E.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef)"
]
}Targets specific DAI Transfer event using 32-byte hex topic0 for precise identification
Function Name vs Raw Signature
watchRule:
{
"expressions": [
"system.invoked(tx1.LendingPool.F.deposit) || system.invoked(tx1.LendingPool.F.0x47e7ef24)"
]
}Either approach works - name for clarity, signature for precision. Use raw signatures when function overloading exists
Combined Wildcards
watchRule:
{
"expressions": [
"system.invoked(tx1.MultisigWallet.F.*) && system.emitted(tx1.MultisigWallet.E.*)"
]
}Any function call AND any event emission on multisig wallet - combines function and event wildcards
Multi-Internal Wildcards
watchRule:
{
"expressions": [
"system.invoked(tx1.itx1.UniswapV2Router.F.*) && system.invoked(tx1.itx2.CompoundComptroller.F.*)"
]
}Any Uniswap function followed by any Compound function in same transaction - demonstrates sequential internal transaction wildcards