TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-2391-7351-af4f-f53d21ca69bd

complete
Chain ID
1
Address
0xc1512ef30776c5d866e13e16ebba7d6c21d4bf79
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
489 artifact.fetch complete 1 / 3 3 months ago
490 tool.cast_disasm complete 1 / 3 3 months ago
78523 analysis.bundle complete 1 / 3 1 week ago
78524 capability.graph complete 1 / 3 1 week ago
78525 detector.run complete 1 / 3 1 week ago
78526 validation.fork complete 1 / 3 1 week ago
113579 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-7jbpsf2e
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c97-f413-7813-9d72-3228c94a9f84
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:42:37.230807+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2316,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
6
EXT*/BALANCE
1
Total opcodes
765
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x008d
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x0f8b70c9
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x009b
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x2b956ff7
00000025: EQ
00000026: PUSH2 0x00fd
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x3632b4d9
00000030: EQ
00000031: PUSH2 0x010e
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x3bc1e0f1
0000003b: EQ
0000003c: PUSH2 0x0121
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x7d19ec9d
00000046: EQ
00000047: PUSH2 0x0132
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x8e739461
00000051: EQ
00000052: PUSH2 0x0143
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xa79f7412
0000005c: EQ
0000005d: PUSH2 0x015e
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xad7a672f
00000067: EQ
00000068: PUSH2 0x016f
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xc3f909d4
00000072: EQ
00000073: PUSH2 0x0181
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0xd0f46c0b
0000007d: EQ
0000007e: PUSH2 0x0195
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0xd5b2c102
00000088: EQ
00000089: PUSH2 0x01f7
0000008c: JUMPI
0000008d: JUMPDEST
0000008e: PUSH2 0x020b
00000091: PUSH1 0x00
00000093: PUSH2 0x020d
00000096: CALLER
00000097: PUSH2 0x0104
0000009a: JUMP
0000009b: JUMPDEST
0000009c: PUSH2 0x0251
0000009f: JUMPDEST
000000a0: PUSH1 0x00
000000a2: PUSH1 0x00
000000a4: PUSH1 0x00
000000a6: SWAP1
000000a7: SLOAD
000000a8: SWAP1
000000a9: PUSH2 0x0100
000000ac: EXP
000000ad: SWAP1
000000ae: DIV
000000af: PUSH1 0x01
000000b1: PUSH1 0xa0
000000b3: PUSH1 0x02
000000b5: EXP
000000b6: SUB
000000b7: AND
000000b8: PUSH1 0x01
000000ba: PUSH1 0xa0
000000bc: PUSH1 0x02
000000be: EXP
000000bf: SUB
000000c0: AND
000000c1: PUSH4 0x0f8b70c9
000000c6: PUSH1 0x40
000000c8: MLOAD
000000c9: DUP2
000000ca: PUSH1 0xe0
000000cc: PUSH1 0x02
000000ce: EXP
000000cf: MUL
000000d0: DUP2
000000d1: MSTORE
000000d2: PUSH1 0x04
000000d4: ADD
000000d5: DUP1
000000d6: SWAP1
000000d7: POP
000000d8: PUSH1 0x20
000000da: PUSH1 0x40
000000dc: MLOAD
000000dd: DUP1
000000de: DUP4
000000df: SUB
000000e0: DUP2
000000e1: PUSH1 0x00
000000e3: DUP8
000000e4: PUSH2 0x61da
000000e7: GAS
000000e8: SUB
000000e9: CALL
000000ea: ISZERO
000000eb: PUSH2 0x0002
000000ee: JUMPI
000000ef: POP
000000f0: POP
000000f1: PUSH1 0x40
000000f3: MLOAD
000000f4: MLOAD
000000f5: SWAP2
000000f6: POP
000000f7: PUSH2 0x017e
000000fa: SWAP1
000000fb: POP
000000fc: JUMP
000000fd: JUMPDEST
000000fe: PUSH2 0x026e
00000101: PUSH1 0x04
00000103: CALLDATALOAD
00000104: JUMPDEST
00000105: PUSH1 0x00
00000107: PUSH2 0x02b2
0000010a: PUSH2 0x0199
0000010d: JUMP
0000010e: JUMPDEST
0000010f: PUSH2 0x020b
00000112: PUSH1 0x04
00000114: CALLDATALOAD
00000115: PUSH1 0x24
00000117: CALLDATALOAD
00000118: PUSH1 0x00
0000011a: PUSH2 0x03b3
0000011d: PUSH2 0x009f
00000120: JUMP
00000121: JUMPDEST
00000122: PUSH2 0x020b
00000125: PUSH1 0x04
00000127: CALLDATALOAD
00000128: PUSH1 0x24
0000012a: CALLDATALOAD
0000012b: PUSH2 0x0280
0000012e: PUSH2 0x009f
00000131: JUMP
00000132: JUMPDEST
00000133: PUSH2 0x0251
00000136: PUSH1 0x04
00000138: CALLDATALOAD
00000139: JUMPDEST
0000013a: PUSH1 0x00
0000013c: PUSH2 0x0309
0000013f: PUSH2 0x0199
00000142: JUMP
00000143: JUMPDEST
00000144: PUSH2 0x026e
00000147: PUSH1 0x04
00000149: CALLDATALOAD
0000014a: PUSH1 0x00
0000014c: DUP2
0000014d: DUP2
0000014e: MSTORE
0000014f: PUSH1 0x01
00000151: PUSH1 0x20
00000153: MSTORE
00000154: PUSH1 0x40
00000156: SWAP1
00000157: KECCAK256
00000158: SLOAD
00000159: JUMPDEST
0000015a: SWAP2
0000015b: SWAP1
0000015c: POP
0000015d: JUMP
0000015e: JUMPDEST
0000015f: PUSH2 0x020b
00000162: PUSH1 0x04
00000164: CALLDATALOAD
00000165: PUSH1 0x00
00000167: PUSH2 0x043d
0000016a: CALLER
0000016b: PUSH2 0x0104
0000016e: JUMP
0000016f: JUMPDEST
00000170: PUSH2 0x026e
00000173: ADDRESS
00000174: PUSH1 0x01
00000176: PUSH1 0xa0
00000178: PUSH1 0x02
0000017a: EXP
0000017b: SUB
0000017c: AND
0000017d: BALANCE
0000017e: JUMPDEST
0000017f: SWAP1
00000180: JUMP
00000181: JUMPDEST
00000182: PUSH2 0x0251
00000185: PUSH1 0x00
00000187: SLOAD
00000188: PUSH1 0x01
0000018a: PUSH1 0xa0
0000018c: PUSH1 0x02
0000018e: EXP
0000018f: SUB
00000190: AND
00000191: PUSH2 0x017e
00000194: JUMP
00000195: JUMPDEST
00000196: PUSH2 0x0251
00000199: JUMPDEST
0000019a: PUSH1 0x00
0000019c: PUSH1 0x00
0000019e: PUSH1 0x00
000001a0: SWAP1
000001a1: SLOAD
000001a2: SWAP1
000001a3: PUSH2 0x0100
000001a6: EXP
000001a7: SWAP1
000001a8: DIV
000001a9: PUSH1 0x01
000001ab: PUSH1 0xa0
000001ad: PUSH1 0x02
000001af: EXP
000001b0: SUB
000001b1: AND
000001b2: PUSH1 0x01
000001b4: PUSH1 0xa0
000001b6: PUSH1 0x02
000001b8: EXP
000001b9: SUB
000001ba: AND
000001bb: PUSH4 0xd0f46c0b
000001c0: PUSH1 0x40
000001c2: MLOAD
000001c3: DUP2
000001c4: PUSH1 0xe0
000001c6: PUSH1 0x02
000001c8: EXP
000001c9: MUL
000001ca: DUP2
000001cb: MSTORE
000001cc: PUSH1 0x04
000001ce: ADD
000001cf: DUP1
000001d0: SWAP1
000001d1: POP
000001d2: PUSH1 0x20
000001d4: PUSH1 0x40
000001d6: MLOAD
000001d7: DUP1
000001d8: DUP4
000001d9: SUB
000001da: DUP2
000001db: PUSH1 0x00
000001dd: DUP8
000001de: PUSH2 0x61da
000001e1: GAS
000001e2: SUB
000001e3: CALL
000001e4: ISZERO
000001e5: PUSH2 0x0002
000001e8: JUMPI
000001e9: POP
000001ea: POP
000001eb: PUSH1 0x40
000001ed: MLOAD
000001ee: MLOAD
000001ef: SWAP2
000001f0: POP
000001f1: PUSH2 0x017e
000001f4: SWAP1
000001f5: POP
000001f6: JUMP
000001f7: JUMPDEST
000001f8: PUSH2 0x020b
000001fb: PUSH1 0x04
000001fd: CALLDATALOAD
000001fe: PUSH1 0x24
00000200: CALLDATALOAD
00000201: PUSH1 0x44
00000203: CALLDATALOAD
00000204: PUSH2 0x0357
00000207: PUSH2 0x009f
0000020a: JUMP
0000020b: JUMPDEST
0000020c: STOP
0000020d: JUMPDEST
0000020e: PUSH1 0x40
00000210: MLOAD
00000211: SWAP1
00000212: SWAP2
00000213: POP
00000214: DUP2
00000215: SWAP1
00000216: PUSH32 0xa603c947fac2ba2d72b6419f26c26cdea757c5a3ac5aafab4b02a3895d03a07b
00000237: SWAP1
00000238: PUSH1 0x00
0000023a: SWAP1
0000023b: LOG2
0000023c: PUSH1 0x00
0000023e: SWAP1
0000023f: DUP2
00000240: MSTORE
00000241: PUSH1 0x01
00000243: PUSH1 0x20
00000245: MSTORE
00000246: PUSH1 0x40
00000248: SWAP1
00000249: KECCAK256
0000024a: DUP1
0000024b: SLOAD
0000024c: CALLVALUE
0000024d: ADD
0000024e: SWAP1
0000024f: SSTORE
00000250: JUMP
00000251: JUMPDEST
00000252: PUSH1 0x40
00000254: DUP1
00000255: MLOAD
00000256: PUSH1 0x01
00000258: PUSH1 0xa0
0000025a: PUSH1 0x02
0000025c: EXP
0000025d: SUB
0000025e: SWAP3
0000025f: SWAP1
00000260: SWAP3
00000261: AND
00000262: DUP3
00000263: MSTORE
00000264: MLOAD
00000265: SWAP1
00000266: DUP2
00000267: SWAP1
00000268: SUB
00000269: PUSH1 0x20
0000026b: ADD
0000026c: SWAP1
0000026d: RETURN
0000026e: JUMPDEST
0000026f: PUSH1 0x40
00000271: DUP1
00000272: MLOAD
00000273: SWAP2
00000274: DUP3
00000275: MSTORE
00000276: MLOAD
00000277: SWAP1
00000278: DUP2
00000279: SWAP1
0000027a: SUB
0000027b: PUSH1 0x20
0000027d: ADD
0000027e: SWAP1
0000027f: RETURN
00000280: JUMPDEST
00000281: PUSH1 0x01
00000283: PUSH1 0xa0
00000285: PUSH1 0x02
00000287: EXP
00000288: SUB
00000289: AND
0000028a: CALLER
0000028b: PUSH1 0x01
0000028d: PUSH1 0xa0
0000028f: PUSH1 0x02
00000291: EXP
00000292: SUB
00000293: AND
00000294: EQ
00000295: ISZERO
00000296: PUSH2 0x02ae
00000299: JUMPI
0000029a: PUSH1 0x00
0000029c: DUP3
0000029d: DUP2
0000029e: MSTORE
0000029f: PUSH1 0x01
000002a1: PUSH1 0x20
000002a3: MSTORE
000002a4: PUSH1 0x40
000002a6: SWAP1
000002a7: KECCAK256
000002a8: DUP1
000002a9: SLOAD
000002aa: DUP3
000002ab: ADD
000002ac: SWAP1
000002ad: SSTORE
000002ae: JUMPDEST
000002af: POP
000002b0: POP
000002b1: JUMP
000002b2: JUMPDEST
000002b3: PUSH1 0x01
000002b5: PUSH1 0xa0
000002b7: PUSH1 0x02
000002b9: EXP
000002ba: SUB
000002bb: AND
000002bc: PUSH4 0x2b956ff7
000002c1: DUP4
000002c2: PUSH1 0x40
000002c4: MLOAD
000002c5: DUP3
000002c6: PUSH1 0xe0
000002c8: PUSH1 0x02
000002ca: EXP
000002cb: MUL
000002cc: DUP2
000002cd: MSTORE
000002ce: PUSH1 0x04
000002d0: ADD
000002d1: DUP1
000002d2: DUP3
000002d3: PUSH1 0x01
000002d5: PUSH1 0xa0
000002d7: PUSH1 0x02
000002d9: EXP
000002da: SUB
000002db: AND
000002dc: DUP2
000002dd: MSTORE
000002de: PUSH1 0x20
000002e0: ADD
000002e1: SWAP2
000002e2: POP
000002e3: POP
000002e4: PUSH1 0x20
000002e6: PUSH1 0x40
000002e8: MLOAD
000002e9: DUP1
000002ea: DUP4
000002eb: SUB
000002ec: DUP2
000002ed: PUSH1 0x00
000002ef: DUP8
000002f0: PUSH2 0x61da
000002f3: GAS
000002f4: SUB
000002f5: CALL
000002f6: ISZERO
000002f7: PUSH2 0x0002
000002fa: JUMPI
000002fb: POP
000002fc: POP
000002fd: PUSH1 0x40
000002ff: MLOAD
00000300: MLOAD
00000301: SWAP2
00000302: POP
00000303: PUSH2 0x0159
00000306: SWAP1
00000307: POP
00000308: JUMP
00000309: JUMPDEST
0000030a: PUSH1 0x01
0000030c: PUSH1 0xa0
0000030e: PUSH1 0x02
00000310: EXP
00000311: SUB
00000312: AND
00000313: PUSH4 0x7d19ec9d
00000318: DUP4
00000319: PUSH1 0x40
0000031b: MLOAD
0000031c: DUP3
0000031d: PUSH1 0xe0
0000031f: PUSH1 0x02
00000321: EXP
00000322: MUL
00000323: DUP2
00000324: MSTORE
00000325: PUSH1 0x04
00000327: ADD
00000328: DUP1
00000329: DUP3
0000032a: DUP2
0000032b: MSTORE
0000032c: PUSH1 0x20
0000032e: ADD
0000032f: SWAP2
00000330: POP
00000331: POP
00000332: PUSH1 0x20
00000334: PUSH1 0x40
00000336: MLOAD
00000337: DUP1
00000338: DUP4
00000339: SUB
0000033a: DUP2
0000033b: PUSH1 0x00
0000033d: DUP8
0000033e: PUSH2 0x61da
00000341: GAS
00000342: SUB
00000343: CALL
00000344: ISZERO
00000345: PUSH2 0x0002
00000348: JUMPI
00000349: POP
0000034a: POP
0000034b: PUSH1 0x40
0000034d: MLOAD
0000034e: MLOAD
0000034f: SWAP2
00000350: POP
00000351: PUSH2 0x0159
00000354: SWAP1
00000355: POP
00000356: JUMP
00000357: JUMPDEST
00000358: PUSH1 0x01
0000035a: PUSH1 0xa0
0000035c: PUSH1 0x02
0000035e: EXP
0000035f: SUB
00000360: AND
00000361: CALLER
00000362: PUSH1 0x01
00000364: PUSH1 0xa0
00000366: PUSH1 0x02
00000368: EXP
00000369: SUB
0000036a: AND
0000036b: EQ
0000036c: ISZERO
0000036d: PUSH2 0x03ae
00000370: JUMPI
00000371: PUSH8 0x016345785d8a0000
0000037a: DUP2
0000037b: LT
0000037c: PUSH2 0x03ae
0000037f: JUMPI
00000380: PUSH1 0x00
00000382: DUP4
00000383: DUP2
00000384: MSTORE
00000385: PUSH1 0x01
00000387: PUSH1 0x20
00000389: MSTORE
0000038a: PUSH1 0x40
0000038c: SWAP1
0000038d: KECCAK256
0000038e: SLOAD
0000038f: DUP2
00000390: SWAP1
00000391: LT
00000392: PUSH2 0x03ae
00000395: JUMPI
00000396: PUSH1 0x40
00000398: PUSH1 0x00
0000039a: DUP2
0000039b: DUP2
0000039c: KECCAK256
0000039d: DUP1
0000039e: SLOAD
0000039f: DUP5
000003a0: SWAP1
000003a1: SUB
000003a2: SWAP1
000003a3: SSTORE
000003a4: DUP4
000003a5: DUP2
000003a6: MSTORE
000003a7: KECCAK256
000003a8: DUP1
000003a9: SLOAD
000003aa: DUP3
000003ab: ADD
000003ac: SWAP1
000003ad: SSTORE
000003ae: JUMPDEST
000003af: POP
000003b0: POP
000003b1: POP
000003b2: JUMP
000003b3: JUMPDEST
000003b4: PUSH1 0x01
000003b6: PUSH1 0xa0
000003b8: PUSH1 0x02
000003ba: EXP
000003bb: SUB
000003bc: AND
000003bd: CALLER
000003be: PUSH1 0x01
000003c0: PUSH1 0xa0
000003c2: PUSH1 0x02
000003c4: EXP
000003c5: SUB
000003c6: AND
000003c7: EQ
000003c8: ISZERO
000003c9: PUSH2 0x03ae
000003cc: JUMPI
000003cd: PUSH2 0x03d5
000003d0: DUP4
000003d1: PUSH2 0x0139
000003d4: JUMP
000003d5: JUMPDEST
000003d6: SWAP1
000003d7: POP
000003d8: PUSH1 0x01
000003da: PUSH1 0xa0
000003dc: PUSH1 0x02
000003de: EXP
000003df: SUB
000003e0: DUP2
000003e1: AND
000003e2: PUSH1 0x00
000003e4: EQ
000003e5: PUSH2 0x03ae
000003e8: JUMPI
000003e9: PUSH8 0x0de0b6b3a7640000
000003f2: DUP3
000003f3: LT
000003f4: PUSH2 0x03ae
000003f7: JUMPI
000003f8: PUSH1 0x00
000003fa: DUP4
000003fb: DUP2
000003fc: MSTORE
000003fd: PUSH1 0x01
000003ff: PUSH1 0x20
00000401: MSTORE
00000402: PUSH1 0x40
00000404: SWAP1
00000405: KECCAK256
00000406: SLOAD
00000407: DUP3
00000408: SWAP1
00000409: LT
0000040a: PUSH2 0x03ae
0000040d: JUMPI
0000040e: PUSH1 0x40
00000410: PUSH1 0x00
00000412: DUP2
00000413: DUP2
00000414: KECCAK256
00000415: DUP1
00000416: SLOAD
00000417: DUP6
00000418: SWAP1
00000419: SUB
0000041a: SWAP1
0000041b: SSTORE
0000041c: SWAP1
0000041d: MLOAD
0000041e: PUSH1 0x01
00000420: PUSH1 0xa0
00000422: PUSH1 0x02
00000424: EXP
00000425: SUB
00000426: DUP4
00000427: AND
00000428: SWAP2
00000429: SWAP1
0000042a: DUP5
0000042b: SWAP1
0000042c: DUP3
0000042d: DUP2
0000042e: DUP2
0000042f: DUP2
00000430: DUP6
00000431: DUP9
00000432: DUP4
00000433: CALL
00000434: POP
00000435: POP
00000436: POP
00000437: POP
00000438: POP
00000439: POP
0000043a: POP
0000043b: POP
0000043c: JUMP
0000043d: JUMPDEST
0000043e: PUSH1 0x00
00000440: DUP2
00000441: DUP2
00000442: MSTORE
00000443: PUSH1 0x01
00000445: PUSH1 0x20
00000447: MSTORE
00000448: PUSH1 0x40
0000044a: SWAP1
0000044b: KECCAK256
0000044c: SLOAD
0000044d: SWAP1
0000044e: SWAP2
0000044f: POP
00000450: DUP3
00000451: SWAP1
00000452: LT
00000453: PUSH2 0x02ae
00000456: JUMPI
00000457: PUSH1 0x40
00000459: PUSH1 0x00
0000045b: DUP2
0000045c: DUP2
0000045d: KECCAK256
0000045e: DUP1
0000045f: SLOAD
00000460: DUP6
00000461: SWAP1
00000462: SUB
00000463: SWAP1
00000464: SSTORE
00000465: SWAP1
00000466: MLOAD
00000467: PUSH1 0x01
00000469: PUSH1 0xa0
0000046b: PUSH1 0x02
0000046d: EXP
0000046e: SUB
0000046f: CALLER
00000470: AND
00000471: SWAP2
00000472: SWAP1
00000473: DUP5
00000474: SWAP1
00000475: DUP3
00000476: DUP2
00000477: DUP2
00000478: DUP2
00000479: DUP6
0000047a: DUP9
0000047b: DUP4
0000047c: CALL
0000047d: POP
0000047e: POP
0000047f: POP
00000480: POP
00000481: POP
00000482: POP
00000483: POP
00000484: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0xaa27703a36732ef60715bfae90c04dd80de54ec0db2b552fc058e2d51d6f9872
call_targets: 0x87521d3b4b53e8d1f04f14d7567a6e1af9cf486a, 0xc1512ef30776c5d866e13e16ebba7d6c21d4bf79
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xaa27703a36732ef60715bfae90c04dd80de54ec0db2b552fc058e2d51d6f9872",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x87521d3b4b53e8d1f04f14d7567a6e1af9cf486a",
        "0xc1512ef30776c5d866e13e16ebba7d6c21d4bf79"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0f8b70c9",
            "selector": "0x0f8b70c9",
            "calldata_variants": [
                "0x0f8b70c9",
                "0x0f8b70c90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2b956ff7",
            "selector": "0x2b956ff7",
            "calldata_variants": [
                "0x2b956ff7",
                "0x2b956ff70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3632b4d9",
            "selector": "0x3632b4d9",
            "calldata_variants": [
                "0x3632b4d9",
                "0x3632b4d90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3bc1e0f1",
            "selector": "0x3bc1e0f1",
            "calldata_variants": [
                "0x3bc1e0f1",
                "0x3bc1e0f10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7d19ec9d",
            "selector": "0x7d19ec9d",
            "calldata_variants": [
                "0x7d19ec9d",
                "0x7d19ec9d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8e739461",
            "selector": "0x8e739461",
            "calldata_variants": [
                "0x8e739461",
                "0x8e7394610000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa79f7412",
            "selector": "0xa79f7412",
            "calldata_variants": [
                "0xa79f7412",
                "0xa79f74120000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xad7a672f",
            "selector": "0xad7a672f",
            "calldata_variants": [
                "0xad7a672f",
                "0xad7a672f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 233,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 483,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 757,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 6,
    "guards_detected": [],
    "untrusted_call_count": 6
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0xaa27703a36732ef60715bfae90c04dd80de54ec0db2b552fc058e2d51d6f9872
call_targets: 0x87521d3b4b53e8d1f04f14d7567a6e1af9cf486a, 0xc1512ef30776c5d866e13e16ebba7d6c21d4bf79
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xaa27703a36732ef60715bfae90c04dd80de54ec0db2b552fc058e2d51d6f9872",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x87521d3b4b53e8d1f04f14d7567a6e1af9cf486a",
        "0xc1512ef30776c5d866e13e16ebba7d6c21d4bf79"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0f8b70c9",
            "selector": "0x0f8b70c9",
            "calldata_variants": [
                "0x0f8b70c9",
                "0x0f8b70c90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2b956ff7",
            "selector": "0x2b956ff7",
            "calldata_variants": [
                "0x2b956ff7",
                "0x2b956ff70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3632b4d9",
            "selector": "0x3632b4d9",
            "calldata_variants": [
                "0x3632b4d9",
                "0x3632b4d90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3bc1e0f1",
            "selector": "0x3bc1e0f1",
            "calldata_variants": [
                "0x3bc1e0f1",
                "0x3bc1e0f10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7d19ec9d",
            "selector": "0x7d19ec9d",
            "calldata_variants": [
                "0x7d19ec9d",
                "0x7d19ec9d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8e739461",
            "selector": "0x8e739461",
            "calldata_variants": [
                "0x8e739461",
                "0x8e7394610000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa79f7412",
            "selector": "0xa79f7412",
            "calldata_variants": [
                "0xa79f7412",
                "0xa79f74120000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xad7a672f",
            "selector": "0xad7a672f",
            "calldata_variants": [
                "0xad7a672f",
                "0xad7a672f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 233,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 483,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 757,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 6,
    "guards_detected": []
}