TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-23b3-702c-a52f-b753f7258f6a

complete
Chain ID
1
Address
0x2945e60678d76acc6178730488d1f00e7dbf5105
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
511 artifact.fetch complete 1 / 3 3 months ago
512 tool.cast_disasm complete 1 / 3 3 months ago
78443 analysis.bundle complete 1 / 3 1 week ago
78444 capability.graph complete 1 / 3 1 week ago
78445 detector.run complete 1 / 3 1 week ago
78446 validation.fork complete 1 / 3 1 week ago
113575 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-a9w4pcz6
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c97-d2c6-78b3-8b01-bfdd2cc5e01b
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:42:28.847126+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 4064,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
7
EXT*/BALANCE
1
Total opcodes
1380
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x007f
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0x3ccfd60b
00000034: EQ
00000035: PUSH2 0x0088
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0x4c773795
0000003f: EQ
00000040: PUSH2 0x0097
00000043: JUMPI
00000044: DUP1
00000045: PUSH4 0x524f3889
0000004a: EQ
0000004b: PUSH2 0x00d0
0000004e: JUMPI
0000004f: DUP1
00000050: PUSH4 0x853828b6
00000055: EQ
00000056: PUSH2 0x013a
00000059: JUMPI
0000005a: DUP1
0000005b: PUSH4 0xa4c8a1c1
00000060: EQ
00000061: PUSH2 0x0149
00000064: JUMPI
00000065: DUP1
00000066: PUSH4 0xadf59f99
0000006b: EQ
0000006c: PUSH2 0x024a
0000006f: JUMPI
00000070: DUP1
00000071: PUSH4 0xf8b2cb4f
00000076: EQ
00000077: PUSH2 0x0304
0000007a: JUMPI
0000007b: PUSH2 0x007f
0000007e: JUMP
0000007f: JUMPDEST
00000080: PUSH2 0x0086
00000083: JUMPDEST
00000084: JUMPDEST
00000085: JUMP
00000086: JUMPDEST
00000087: STOP
00000088: JUMPDEST
00000089: PUSH2 0x0095
0000008c: PUSH1 0x04
0000008e: DUP1
0000008f: POP
00000090: POP
00000091: PUSH2 0x03a4
00000094: JUMP
00000095: JUMPDEST
00000096: STOP
00000097: JUMPDEST
00000098: PUSH2 0x00a4
0000009b: PUSH1 0x04
0000009d: DUP1
0000009e: POP
0000009f: POP
000000a0: PUSH2 0x0330
000000a3: JUMP
000000a4: JUMPDEST
000000a5: PUSH1 0x40
000000a7: MLOAD
000000a8: DUP1
000000a9: DUP3
000000aa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000bf: AND
000000c0: DUP2
000000c1: MSTORE
000000c2: PUSH1 0x20
000000c4: ADD
000000c5: SWAP2
000000c6: POP
000000c7: POP
000000c8: PUSH1 0x40
000000ca: MLOAD
000000cb: DUP1
000000cc: SWAP2
000000cd: SUB
000000ce: SWAP1
000000cf: RETURN
000000d0: JUMPDEST
000000d1: PUSH2 0x0124
000000d4: PUSH1 0x04
000000d6: DUP1
000000d7: DUP1
000000d8: CALLDATALOAD
000000d9: SWAP1
000000da: PUSH1 0x20
000000dc: ADD
000000dd: SWAP1
000000de: DUP3
000000df: ADD
000000e0: DUP1
000000e1: CALLDATALOAD
000000e2: SWAP1
000000e3: PUSH1 0x20
000000e5: ADD
000000e6: SWAP2
000000e7: SWAP2
000000e8: SWAP1
000000e9: DUP1
000000ea: DUP1
000000eb: PUSH1 0x1f
000000ed: ADD
000000ee: PUSH1 0x20
000000f0: DUP1
000000f1: SWAP2
000000f2: DIV
000000f3: MUL
000000f4: PUSH1 0x20
000000f6: ADD
000000f7: PUSH1 0x40
000000f9: MLOAD
000000fa: SWAP1
000000fb: DUP2
000000fc: ADD
000000fd: PUSH1 0x40
000000ff: MSTORE
00000100: DUP1
00000101: SWAP4
00000102: SWAP3
00000103: SWAP2
00000104: SWAP1
00000105: DUP2
00000106: DUP2
00000107: MSTORE
00000108: PUSH1 0x20
0000010a: ADD
0000010b: DUP4
0000010c: DUP4
0000010d: DUP1
0000010e: DUP3
0000010f: DUP5
00000110: CALLDATACOPY
00000111: DUP3
00000112: ADD
00000113: SWAP2
00000114: POP
00000115: POP
00000116: POP
00000117: POP
00000118: POP
00000119: POP
0000011a: SWAP1
0000011b: SWAP1
0000011c: SWAP2
0000011d: SWAP1
0000011e: POP
0000011f: POP
00000120: PUSH2 0x0356
00000123: JUMP
00000124: JUMPDEST
00000125: PUSH1 0x40
00000127: MLOAD
00000128: DUP1
00000129: DUP3
0000012a: DUP2
0000012b: MSTORE
0000012c: PUSH1 0x20
0000012e: ADD
0000012f: SWAP2
00000130: POP
00000131: POP
00000132: PUSH1 0x40
00000134: MLOAD
00000135: DUP1
00000136: SWAP2
00000137: SUB
00000138: SWAP1
00000139: RETURN
0000013a: JUMPDEST
0000013b: PUSH2 0x0147
0000013e: PUSH1 0x04
00000140: DUP1
00000141: POP
00000142: POP
00000143: PUSH2 0x043e
00000146: JUMP
00000147: JUMPDEST
00000148: STOP
00000149: JUMPDEST
0000014a: PUSH2 0x0234
0000014d: PUSH1 0x04
0000014f: DUP1
00000150: DUP1
00000151: CALLDATALOAD
00000152: SWAP1
00000153: PUSH1 0x20
00000155: ADD
00000156: SWAP1
00000157: SWAP2
00000158: SWAP1
00000159: DUP1
0000015a: CALLDATALOAD
0000015b: SWAP1
0000015c: PUSH1 0x20
0000015e: ADD
0000015f: SWAP1
00000160: DUP3
00000161: ADD
00000162: DUP1
00000163: CALLDATALOAD
00000164: SWAP1
00000165: PUSH1 0x20
00000167: ADD
00000168: SWAP2
00000169: SWAP2
0000016a: SWAP1
0000016b: DUP1
0000016c: DUP1
0000016d: PUSH1 0x1f
0000016f: ADD
00000170: PUSH1 0x20
00000172: DUP1
00000173: SWAP2
00000174: DIV
00000175: MUL
00000176: PUSH1 0x20
00000178: ADD
00000179: PUSH1 0x40
0000017b: MLOAD
0000017c: SWAP1
0000017d: DUP2
0000017e: ADD
0000017f: PUSH1 0x40
00000181: MSTORE
00000182: DUP1
00000183: SWAP4
00000184: SWAP3
00000185: SWAP2
00000186: SWAP1
00000187: DUP2
00000188: DUP2
00000189: MSTORE
0000018a: PUSH1 0x20
0000018c: ADD
0000018d: DUP4
0000018e: DUP4
0000018f: DUP1
00000190: DUP3
00000191: DUP5
00000192: CALLDATACOPY
00000193: DUP3
00000194: ADD
00000195: SWAP2
00000196: POP
00000197: POP
00000198: POP
00000199: POP
0000019a: POP
0000019b: POP
0000019c: SWAP1
0000019d: SWAP1
0000019e: SWAP2
0000019f: SWAP1
000001a0: DUP1
000001a1: CALLDATALOAD
000001a2: SWAP1
000001a3: PUSH1 0x20
000001a5: ADD
000001a6: SWAP1
000001a7: DUP3
000001a8: ADD
000001a9: DUP1
000001aa: CALLDATALOAD
000001ab: SWAP1
000001ac: PUSH1 0x20
000001ae: ADD
000001af: SWAP2
000001b0: SWAP2
000001b1: SWAP1
000001b2: DUP1
000001b3: DUP1
000001b4: PUSH1 0x1f
000001b6: ADD
000001b7: PUSH1 0x20
000001b9: DUP1
000001ba: SWAP2
000001bb: DIV
000001bc: MUL
000001bd: PUSH1 0x20
000001bf: ADD
000001c0: PUSH1 0x40
000001c2: MLOAD
000001c3: SWAP1
000001c4: DUP2
000001c5: ADD
000001c6: PUSH1 0x40
000001c8: MSTORE
000001c9: DUP1
000001ca: SWAP4
000001cb: SWAP3
000001cc: SWAP2
000001cd: SWAP1
000001ce: DUP2
000001cf: DUP2
000001d0: MSTORE
000001d1: PUSH1 0x20
000001d3: ADD
000001d4: DUP4
000001d5: DUP4
000001d6: DUP1
000001d7: DUP3
000001d8: DUP5
000001d9: CALLDATACOPY
000001da: DUP3
000001db: ADD
000001dc: SWAP2
000001dd: POP
000001de: POP
000001df: POP
000001e0: POP
000001e1: POP
000001e2: POP
000001e3: SWAP1
000001e4: SWAP1
000001e5: SWAP2
000001e6: SWAP1
000001e7: DUP1
000001e8: CALLDATALOAD
000001e9: SWAP1
000001ea: PUSH1 0x20
000001ec: ADD
000001ed: SWAP1
000001ee: DUP3
000001ef: ADD
000001f0: DUP1
000001f1: CALLDATALOAD
000001f2: SWAP1
000001f3: PUSH1 0x20
000001f5: ADD
000001f6: SWAP2
000001f7: SWAP2
000001f8: SWAP1
000001f9: DUP1
000001fa: DUP1
000001fb: PUSH1 0x1f
000001fd: ADD
000001fe: PUSH1 0x20
00000200: DUP1
00000201: SWAP2
00000202: DIV
00000203: MUL
00000204: PUSH1 0x20
00000206: ADD
00000207: PUSH1 0x40
00000209: MLOAD
0000020a: SWAP1
0000020b: DUP2
0000020c: ADD
0000020d: PUSH1 0x40
0000020f: MSTORE
00000210: DUP1
00000211: SWAP4
00000212: SWAP3
00000213: SWAP2
00000214: SWAP1
00000215: DUP2
00000216: DUP2
00000217: MSTORE
00000218: PUSH1 0x20
0000021a: ADD
0000021b: DUP4
0000021c: DUP4
0000021d: DUP1
0000021e: DUP3
0000021f: DUP5
00000220: CALLDATACOPY
00000221: DUP3
00000222: ADD
00000223: SWAP2
00000224: POP
00000225: POP
00000226: POP
00000227: POP
00000228: POP
00000229: POP
0000022a: SWAP1
0000022b: SWAP1
0000022c: SWAP2
0000022d: SWAP1
0000022e: POP
0000022f: POP
00000230: PUSH2 0x0649
00000233: JUMP
00000234: JUMPDEST
00000235: PUSH1 0x40
00000237: MLOAD
00000238: DUP1
00000239: DUP3
0000023a: DUP2
0000023b: MSTORE
0000023c: PUSH1 0x20
0000023e: ADD
0000023f: SWAP2
00000240: POP
00000241: POP
00000242: PUSH1 0x40
00000244: MLOAD
00000245: DUP1
00000246: SWAP2
00000247: SUB
00000248: SWAP1
00000249: RETURN
0000024a: JUMPDEST
0000024b: PUSH2 0x02ee
0000024e: PUSH1 0x04
00000250: DUP1
00000251: DUP1
00000252: CALLDATALOAD
00000253: SWAP1
00000254: PUSH1 0x20
00000256: ADD
00000257: SWAP1
00000258: SWAP2
00000259: SWAP1
0000025a: DUP1
0000025b: CALLDATALOAD
0000025c: SWAP1
0000025d: PUSH1 0x20
0000025f: ADD
00000260: SWAP1
00000261: DUP3
00000262: ADD
00000263: DUP1
00000264: CALLDATALOAD
00000265: SWAP1
00000266: PUSH1 0x20
00000268: ADD
00000269: SWAP2
0000026a: SWAP2
0000026b: SWAP1
0000026c: DUP1
0000026d: DUP1
0000026e: PUSH1 0x1f
00000270: ADD
00000271: PUSH1 0x20
00000273: DUP1
00000274: SWAP2
00000275: DIV
00000276: MUL
00000277: PUSH1 0x20
00000279: ADD
0000027a: PUSH1 0x40
0000027c: MLOAD
0000027d: SWAP1
0000027e: DUP2
0000027f: ADD
00000280: PUSH1 0x40
00000282: MSTORE
00000283: DUP1
00000284: SWAP4
00000285: SWAP3
00000286: SWAP2
00000287: SWAP1
00000288: DUP2
00000289: DUP2
0000028a: MSTORE
0000028b: PUSH1 0x20
0000028d: ADD
0000028e: DUP4
0000028f: DUP4
00000290: DUP1
00000291: DUP3
00000292: DUP5
00000293: CALLDATACOPY
00000294: DUP3
00000295: ADD
00000296: SWAP2
00000297: POP
00000298: POP
00000299: POP
0000029a: POP
0000029b: POP
0000029c: POP
0000029d: SWAP1
0000029e: SWAP1
0000029f: SWAP2
000002a0: SWAP1
000002a1: DUP1
000002a2: CALLDATALOAD
000002a3: SWAP1
000002a4: PUSH1 0x20
000002a6: ADD
000002a7: SWAP1
000002a8: DUP3
000002a9: ADD
000002aa: DUP1
000002ab: CALLDATALOAD
000002ac: SWAP1
000002ad: PUSH1 0x20
000002af: ADD
000002b0: SWAP2
000002b1: SWAP2
000002b2: SWAP1
000002b3: DUP1
000002b4: DUP1
000002b5: PUSH1 0x1f
000002b7: ADD
000002b8: PUSH1 0x20
000002ba: DUP1
000002bb: SWAP2
000002bc: DIV
000002bd: MUL
000002be: PUSH1 0x20
000002c0: ADD
000002c1: PUSH1 0x40
000002c3: MLOAD
000002c4: SWAP1
000002c5: DUP2
000002c6: ADD
000002c7: PUSH1 0x40
000002c9: MSTORE
000002ca: DUP1
000002cb: SWAP4
000002cc: SWAP3
000002cd: SWAP2
000002ce: SWAP1
000002cf: DUP2
000002d0: DUP2
000002d1: MSTORE
000002d2: PUSH1 0x20
000002d4: ADD
000002d5: DUP4
000002d6: DUP4
000002d7: DUP1
000002d8: DUP3
000002d9: DUP5
000002da: CALLDATACOPY
000002db: DUP3
000002dc: ADD
000002dd: SWAP2
000002de: POP
000002df: POP
000002e0: POP
000002e1: POP
000002e2: POP
000002e3: POP
000002e4: SWAP1
000002e5: SWAP1
000002e6: SWAP2
000002e7: SWAP1
000002e8: POP
000002e9: POP
000002ea: PUSH2 0x0504
000002ed: JUMP
000002ee: JUMPDEST
000002ef: PUSH1 0x40
000002f1: MLOAD
000002f2: DUP1
000002f3: DUP3
000002f4: DUP2
000002f5: MSTORE
000002f6: PUSH1 0x20
000002f8: ADD
000002f9: SWAP2
000002fa: POP
000002fb: POP
000002fc: PUSH1 0x40
000002fe: MLOAD
000002ff: DUP1
00000300: SWAP2
00000301: SUB
00000302: SWAP1
00000303: RETURN
00000304: JUMPDEST
00000305: PUSH2 0x031a
00000308: PUSH1 0x04
0000030a: DUP1
0000030b: DUP1
0000030c: CALLDATALOAD
0000030d: SWAP1
0000030e: PUSH1 0x20
00000310: ADD
00000311: SWAP1
00000312: SWAP2
00000313: SWAP1
00000314: POP
00000315: POP
00000316: PUSH2 0x0366
00000319: JUMP
0000031a: JUMPDEST
0000031b: PUSH1 0x40
0000031d: MLOAD
0000031e: DUP1
0000031f: DUP3
00000320: DUP2
00000321: MSTORE
00000322: PUSH1 0x20
00000324: ADD
00000325: SWAP2
00000326: POP
00000327: POP
00000328: PUSH1 0x40
0000032a: MLOAD
0000032b: DUP1
0000032c: SWAP2
0000032d: SUB
0000032e: SWAP1
0000032f: RETURN
00000330: JUMPDEST
00000331: PUSH1 0x01
00000333: PUSH1 0x00
00000335: SWAP1
00000336: SLOAD
00000337: SWAP1
00000338: PUSH2 0x0100
0000033b: EXP
0000033c: SWAP1
0000033d: DIV
0000033e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000353: AND
00000354: DUP2
00000355: JUMP
00000356: JUMPDEST
00000357: PUSH1 0x00
00000359: PUSH1 0x0a
0000035b: SWAP1
0000035c: POP
0000035d: PUSH2 0x0361
00000360: JUMP
00000361: JUMPDEST
00000362: SWAP2
00000363: SWAP1
00000364: POP
00000365: JUMP
00000366: JUMPDEST
00000367: PUSH1 0x00
00000369: PUSH1 0x02
0000036b: PUSH1 0x00
0000036d: POP
0000036e: PUSH1 0x00
00000370: DUP4
00000371: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000386: AND
00000387: DUP2
00000388: MSTORE
00000389: PUSH1 0x20
0000038b: ADD
0000038c: SWAP1
0000038d: DUP2
0000038e: MSTORE
0000038f: PUSH1 0x20
00000391: ADD
00000392: PUSH1 0x00
00000394: KECCAK256
00000395: PUSH1 0x00
00000397: POP
00000398: SLOAD
00000399: SWAP1
0000039a: POP
0000039b: PUSH2 0x039f
0000039e: JUMP
0000039f: JUMPDEST
000003a0: SWAP2
000003a1: SWAP1
000003a2: POP
000003a3: JUMP
000003a4: JUMPDEST
000003a5: CALLER
000003a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003bb: AND
000003bc: PUSH1 0x00
000003be: PUSH1 0x02
000003c0: PUSH1 0x00
000003c2: POP
000003c3: PUSH1 0x00
000003c5: CALLER
000003c6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003db: AND
000003dc: DUP2
000003dd: MSTORE
000003de: PUSH1 0x20
000003e0: ADD
000003e1: SWAP1
000003e2: DUP2
000003e3: MSTORE
000003e4: PUSH1 0x20
000003e6: ADD
000003e7: PUSH1 0x00
000003e9: KECCAK256
000003ea: PUSH1 0x00
000003ec: POP
000003ed: SLOAD
000003ee: PUSH1 0x40
000003f0: MLOAD
000003f1: DUP1
000003f2: SWAP1
000003f3: POP
000003f4: PUSH1 0x00
000003f6: PUSH1 0x40
000003f8: MLOAD
000003f9: DUP1
000003fa: DUP4
000003fb: SUB
000003fc: DUP2
000003fd: DUP6
000003fe: DUP9
000003ff: DUP9
00000400: CALL
00000401: SWAP4
00000402: POP
00000403: POP
00000404: POP
00000405: POP
00000406: POP
00000407: PUSH1 0x00
00000409: PUSH1 0x02
0000040b: PUSH1 0x00
0000040d: POP
0000040e: PUSH1 0x00
00000410: CALLER
00000411: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000426: AND
00000427: DUP2
00000428: MSTORE
00000429: PUSH1 0x20
0000042b: ADD
0000042c: SWAP1
0000042d: DUP2
0000042e: MSTORE
0000042f: PUSH1 0x20
00000431: ADD
00000432: PUSH1 0x00
00000434: KECCAK256
00000435: PUSH1 0x00
00000437: POP
00000438: DUP2
00000439: SWAP1
0000043a: SSTORE
0000043b: POP
0000043c: JUMPDEST
0000043d: JUMP
0000043e: JUMPDEST
0000043f: PUSH1 0x03
00000441: PUSH1 0x00
00000443: SWAP1
00000444: SLOAD
00000445: SWAP1
00000446: PUSH2 0x0100
00000449: EXP
0000044a: SWAP1
0000044b: DIV
0000044c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000461: AND
00000462: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000477: AND
00000478: CALLER
00000479: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000048e: AND
0000048f: EQ
00000490: ISZERO
00000491: PUSH2 0x0501
00000494: JUMPI
00000495: PUSH1 0x03
00000497: PUSH1 0x00
00000499: SWAP1
0000049a: SLOAD
0000049b: SWAP1
0000049c: PUSH2 0x0100
0000049f: EXP
000004a0: SWAP1
000004a1: DIV
000004a2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004b7: AND
000004b8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004cd: AND
000004ce: PUSH1 0x00
000004d0: ADDRESS
000004d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004e6: AND
000004e7: BALANCE
000004e8: PUSH1 0x40
000004ea: MLOAD
000004eb: DUP1
000004ec: SWAP1
000004ed: POP
000004ee: PUSH1 0x00
000004f0: PUSH1 0x40
000004f2: MLOAD
000004f3: DUP1
000004f4: DUP4
000004f5: SUB
000004f6: DUP2
000004f7: DUP6
000004f8: DUP9
000004f9: DUP9
000004fa: CALL
000004fb: SWAP4
000004fc: POP
000004fd: POP
000004fe: POP
000004ff: POP
00000500: POP
00000501: JUMPDEST
00000502: JUMPDEST
00000503: JUMP
00000504: JUMPDEST
00000505: PUSH1 0x00
00000507: PUSH1 0x00
00000509: PUSH1 0x00
0000050b: POP
0000050c: SLOAD
0000050d: TIMESTAMP
0000050e: ADD
0000050f: PUSH1 0x40
00000511: MLOAD
00000512: DUP1
00000513: DUP3
00000514: DUP2
00000515: MSTORE
00000516: PUSH1 0x20
00000518: ADD
00000519: SWAP2
0000051a: POP
0000051b: POP
0000051c: PUSH1 0x40
0000051e: MLOAD
0000051f: DUP1
00000520: SWAP2
00000521: SUB
00000522: SWAP1
00000523: KECCAK256
00000524: SWAP1
00000525: POP
00000526: DUP1
00000527: POP
00000528: PUSH1 0x00
0000052a: PUSH1 0x00
0000052c: DUP2
0000052d: DUP2
0000052e: POP
0000052f: SLOAD
00000530: DUP1
00000531: SWAP3
00000532: SWAP2
00000533: SWAP1
00000534: PUSH1 0x01
00000536: ADD
00000537: SWAP2
00000538: SWAP1
00000539: POP
0000053a: SSTORE
0000053b: POP
0000053c: PUSH32 0x10e5a0630317080a2108e57e2358f5878434478003c4b2b80055896d299ce9d8
0000055d: DUP2
0000055e: DUP6
0000055f: DUP6
00000560: DUP6
00000561: PUSH1 0x40
00000563: MLOAD
00000564: DUP1
00000565: DUP6
00000566: DUP2
00000567: MSTORE
00000568: PUSH1 0x20
0000056a: ADD
0000056b: DUP5
0000056c: DUP2
0000056d: MSTORE
0000056e: PUSH1 0x20
00000570: ADD
00000571: DUP1
00000572: PUSH1 0x20
00000574: ADD
00000575: DUP1
00000576: PUSH1 0x20
00000578: ADD
00000579: DUP4
0000057a: DUP2
0000057b: SUB
0000057c: DUP4
0000057d: MSTORE
0000057e: DUP6
0000057f: DUP2
00000580: DUP2
00000581: MLOAD
00000582: DUP2
00000583: MSTORE
00000584: PUSH1 0x20
00000586: ADD
00000587: SWAP2
00000588: POP
00000589: DUP1
0000058a: MLOAD
0000058b: SWAP1
0000058c: PUSH1 0x20
0000058e: ADD
0000058f: SWAP1
00000590: DUP1
00000591: DUP4
00000592: DUP4
00000593: DUP3
00000594: SWAP1
00000595: PUSH1 0x00
00000597: PUSH1 0x04
00000599: PUSH1 0x20
0000059b: DUP5
0000059c: PUSH1 0x1f
0000059e: ADD
0000059f: DIV
000005a0: PUSH1 0x03
000005a2: MUL
000005a3: PUSH1 0x0f
000005a5: ADD
000005a6: CALL
000005a7: POP
000005a8: SWAP1
000005a9: POP
000005aa: SWAP1
000005ab: DUP2
000005ac: ADD
000005ad: SWAP1
000005ae: PUSH1 0x1f
000005b0: AND
000005b1: DUP1
000005b2: ISZERO
000005b3: PUSH2 0x05d0
000005b6: JUMPI
000005b7: DUP1
000005b8: DUP3
000005b9: SUB
000005ba: DUP1
000005bb: MLOAD
000005bc: PUSH1 0x01
000005be: DUP4
000005bf: PUSH1 0x20
000005c1: SUB
000005c2: PUSH2 0x0100
000005c5: EXP
000005c6: SUB
000005c7: NOT
000005c8: AND
000005c9: DUP2
000005ca: MSTORE
000005cb: PUSH1 0x20
000005cd: ADD
000005ce: SWAP2
000005cf: POP
000005d0: JUMPDEST
000005d1: POP
000005d2: DUP4
000005d3: DUP2
000005d4: SUB
000005d5: DUP3
000005d6: MSTORE
000005d7: DUP5
000005d8: DUP2
000005d9: DUP2
000005da: MLOAD
000005db: DUP2
000005dc: MSTORE
000005dd: PUSH1 0x20
000005df: ADD
000005e0: SWAP2
000005e1: POP
000005e2: DUP1
000005e3: MLOAD
000005e4: SWAP1
000005e5: PUSH1 0x20
000005e7: ADD
000005e8: SWAP1
000005e9: DUP1
000005ea: DUP4
000005eb: DUP4
000005ec: DUP3
000005ed: SWAP1
000005ee: PUSH1 0x00
000005f0: PUSH1 0x04
000005f2: PUSH1 0x20
000005f4: DUP5
000005f5: PUSH1 0x1f
000005f7: ADD
000005f8: DIV
000005f9: PUSH1 0x03
000005fb: MUL
000005fc: PUSH1 0x0f
000005fe: ADD
000005ff: CALL
00000600: POP
00000601: SWAP1
00000602: POP
00000603: SWAP1
00000604: DUP2
00000605: ADD
00000606: SWAP1
00000607: PUSH1 0x1f
00000609: AND
0000060a: DUP1
0000060b: ISZERO
0000060c: PUSH2 0x0629
0000060f: JUMPI
00000610: DUP1
00000611: DUP3
00000612: SUB
00000613: DUP1
00000614: MLOAD
00000615: PUSH1 0x01
00000617: DUP4
00000618: PUSH1 0x20
0000061a: SUB
0000061b: PUSH2 0x0100
0000061e: EXP
0000061f: SUB
00000620: NOT
00000621: AND
00000622: DUP2
00000623: MSTORE
00000624: PUSH1 0x20
00000626: ADD
00000627: SWAP2
00000628: POP
00000629: JUMPDEST
0000062a: POP
0000062b: SWAP7
0000062c: POP
0000062d: POP
0000062e: POP
0000062f: POP
00000630: POP
00000631: POP
00000632: POP
00000633: PUSH1 0x40
00000635: MLOAD
00000636: DUP1
00000637: SWAP2
00000638: SUB
00000639: SWAP1
0000063a: LOG1
0000063b: DUP1
0000063c: SWAP1
0000063d: POP
0000063e: PUSH2 0x0642
00000641: JUMP
00000642: JUMPDEST
00000643: SWAP4
00000644: SWAP3
00000645: POP
00000646: POP
00000647: POP
00000648: JUMP
00000649: JUMPDEST
0000064a: PUSH1 0x00
0000064c: PUSH1 0x00
0000064e: PUSH1 0x00
00000650: POP
00000651: SLOAD
00000652: TIMESTAMP
00000653: ADD
00000654: PUSH1 0x40
00000656: MLOAD
00000657: DUP1
00000658: DUP3
00000659: DUP2
0000065a: MSTORE
0000065b: PUSH1 0x20
0000065d: ADD
0000065e: SWAP2
0000065f: POP
00000660: POP
00000661: PUSH1 0x40
00000663: MLOAD
00000664: DUP1
00000665: SWAP2
00000666: SUB
00000667: SWAP1
00000668: KECCAK256
00000669: SWAP1
0000066a: POP
0000066b: DUP1
0000066c: POP
0000066d: PUSH1 0x00
0000066f: PUSH1 0x00
00000671: DUP2
00000672: DUP2
00000673: POP
00000674: SLOAD
00000675: DUP1
00000676: SWAP3
00000677: SWAP2
00000678: SWAP1
00000679: PUSH1 0x01
0000067b: ADD
0000067c: SWAP2
0000067d: SWAP1
0000067e: POP
0000067f: SSTORE
00000680: POP
00000681: PUSH32 0x97b98c12b3b1eb3cfb7e686c5bc6b4bd78827780c4c92685f8095a321dff7f75
000006a2: DUP2
000006a3: DUP7
000006a4: DUP7
000006a5: DUP7
000006a6: DUP7
000006a7: PUSH1 0x40
000006a9: MLOAD
000006aa: DUP1
000006ab: DUP7
000006ac: DUP2
000006ad: MSTORE
000006ae: PUSH1 0x20
000006b0: ADD
000006b1: DUP6
000006b2: DUP2
000006b3: MSTORE
000006b4: PUSH1 0x20
000006b6: ADD
000006b7: DUP1
000006b8: PUSH1 0x20
000006ba: ADD
000006bb: DUP1
000006bc: PUSH1 0x20
000006be: ADD
000006bf: DUP1
000006c0: PUSH1 0x20
000006c2: ADD
000006c3: DUP5
000006c4: DUP2
000006c5: SUB
000006c6: DUP5
000006c7: MSTORE
000006c8: DUP8
000006c9: DUP2
000006ca: DUP2
000006cb: MLOAD
000006cc: DUP2
000006cd: MSTORE
000006ce: PUSH1 0x20
000006d0: ADD
000006d1: SWAP2
000006d2: POP
000006d3: DUP1
000006d4: MLOAD
000006d5: SWAP1
000006d6: PUSH1 0x20
000006d8: ADD
000006d9: SWAP1
000006da: DUP1
000006db: DUP4
000006dc: DUP4
000006dd: DUP3
000006de: SWAP1
000006df: PUSH1 0x00
000006e1: PUSH1 0x04
000006e3: PUSH1 0x20
000006e5: DUP5
000006e6: PUSH1 0x1f
000006e8: ADD
000006e9: DIV
000006ea: PUSH1 0x03
000006ec: MUL
000006ed: PUSH1 0x0f
000006ef: ADD
000006f0: CALL
000006f1: POP
000006f2: SWAP1
000006f3: POP
000006f4: SWAP1
000006f5: DUP2
000006f6: ADD
000006f7: SWAP1
000006f8: PUSH1 0x1f
000006fa: AND
000006fb: DUP1
000006fc: ISZERO
000006fd: PUSH2 0x071a
00000700: JUMPI
00000701: DUP1
00000702: DUP3
00000703: SUB
00000704: DUP1
00000705: MLOAD
00000706: PUSH1 0x01
00000708: DUP4
00000709: PUSH1 0x20
0000070b: SUB
0000070c: PUSH2 0x0100
0000070f: EXP
00000710: SUB
00000711: NOT
00000712: AND
00000713: DUP2
00000714: MSTORE
00000715: PUSH1 0x20
00000717: ADD
00000718: SWAP2
00000719: POP
0000071a: JUMPDEST
0000071b: POP
0000071c: DUP5
0000071d: DUP2
0000071e: SUB
0000071f: DUP4
00000720: MSTORE
00000721: DUP7
00000722: DUP2
00000723: DUP2
00000724: MLOAD
00000725: DUP2
00000726: MSTORE
00000727: PUSH1 0x20
00000729: ADD
0000072a: SWAP2
0000072b: POP
0000072c: DUP1
0000072d: MLOAD
0000072e: SWAP1
0000072f: PUSH1 0x20
00000731: ADD
00000732: SWAP1
00000733: DUP1
00000734: DUP4
00000735: DUP4
00000736: DUP3
00000737: SWAP1
00000738: PUSH1 0x00
0000073a: PUSH1 0x04
0000073c: PUSH1 0x20
0000073e: DUP5
0000073f: PUSH1 0x1f
00000741: ADD
00000742: DIV
00000743: PUSH1 0x03
00000745: MUL
00000746: PUSH1 0x0f
00000748: ADD
00000749: CALL
0000074a: POP
0000074b: SWAP1
0000074c: POP
0000074d: SWAP1
0000074e: DUP2
0000074f: ADD
00000750: SWAP1
00000751: PUSH1 0x1f
00000753: AND
00000754: DUP1
00000755: ISZERO
00000756: PUSH2 0x0773
00000759: JUMPI
0000075a: DUP1
0000075b: DUP3
0000075c: SUB
0000075d: DUP1
0000075e: MLOAD
0000075f: PUSH1 0x01
00000761: DUP4
00000762: PUSH1 0x20
00000764: SUB
00000765: PUSH2 0x0100
00000768: EXP
00000769: SUB
0000076a: NOT
0000076b: AND
0000076c: DUP2
0000076d: MSTORE
0000076e: PUSH1 0x20
00000770: ADD
00000771: SWAP2
00000772: POP
00000773: JUMPDEST
00000774: POP
00000775: DUP5
00000776: DUP2
00000777: SUB
00000778: DUP3
00000779: MSTORE
0000077a: DUP6
0000077b: DUP2
0000077c: DUP2
0000077d: MLOAD
0000077e: DUP2
0000077f: MSTORE
00000780: PUSH1 0x20
00000782: ADD
00000783: SWAP2
00000784: POP
00000785: DUP1
00000786: MLOAD
00000787: SWAP1
00000788: PUSH1 0x20
0000078a: ADD
0000078b: SWAP1
0000078c: DUP1
0000078d: DUP4
0000078e: DUP4
0000078f: DUP3
00000790: SWAP1
00000791: PUSH1 0x00
00000793: PUSH1 0x04
00000795: PUSH1 0x20
00000797: DUP5
00000798: PUSH1 0x1f
0000079a: ADD
0000079b: DIV
0000079c: PUSH1 0x03
0000079e: MUL
0000079f: PUSH1 0x0f
000007a1: ADD
000007a2: CALL
000007a3: POP
000007a4: SWAP1
000007a5: POP
000007a6: SWAP1
000007a7: DUP2
000007a8: ADD
000007a9: SWAP1
000007aa: PUSH1 0x1f
000007ac: AND
000007ad: DUP1
000007ae: ISZERO
000007af: PUSH2 0x07cc
000007b2: JUMPI
000007b3: DUP1
000007b4: DUP3
000007b5: SUB
000007b6: DUP1
000007b7: MLOAD
000007b8: PUSH1 0x01
000007ba: DUP4
000007bb: PUSH1 0x20
000007bd: SUB
000007be: PUSH2 0x0100
000007c1: EXP
000007c2: SUB
000007c3: NOT
000007c4: AND
000007c5: DUP2
000007c6: MSTORE
000007c7: PUSH1 0x20
000007c9: ADD
000007ca: SWAP2
000007cb: POP
000007cc: JUMPDEST
000007cd: POP
000007ce: SWAP9
000007cf: POP
000007d0: POP
000007d1: POP
000007d2: POP
000007d3: POP
000007d4: POP
000007d5: POP
000007d6: POP
000007d7: POP
000007d8: PUSH1 0x40
000007da: MLOAD
000007db: DUP1
000007dc: SWAP2
000007dd: SUB
000007de: SWAP1
000007df: LOG1
000007e0: DUP1
000007e1: SWAP1
000007e2: POP
000007e3: PUSH2 0x07e7
000007e6: JUMP
000007e7: JUMPDEST
000007e8: SWAP5
000007e9: SWAP4
000007ea: POP
000007eb: POP
000007ec: POP
000007ed: POP
000007ee: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 yes yes
view
trace_id: 0xbf46b4eb533924ba30f022d09396d8f10a5c82bea6d4068cc53b5bcdc165455c
call_targets: 0x0000000000000000000000000000000000000001, 0x2945e60678d76acc6178730488d1f00e7dbf5105
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xbf46b4eb533924ba30f022d09396d8f10a5c82bea6d4068cc53b5bcdc165455c",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000001",
        "0x2945e60678d76acc6178730488d1f00e7dbf5105"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4c773795",
            "selector": "0x4c773795",
            "calldata_variants": [
                "0x4c773795",
                "0x4c7737950000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x524f3889",
            "selector": "0x524f3889",
            "calldata_variants": [
                "0x524f3889",
                "0x524f38890000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x853828b6",
            "selector": "0x853828b6",
            "calldata_variants": [
                "0x853828b6",
                "0x853828b60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa4c8a1c1",
            "selector": "0xa4c8a1c1",
            "calldata_variants": [
                "0xa4c8a1c1",
                "0xa4c8a1c10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xadf59f99",
            "selector": "0xadf59f99",
            "calldata_variants": [
                "0xadf59f99",
                "0xadf59f990000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf8b2cb4f",
            "selector": "0xf8b2cb4f",
            "calldata_variants": [
                "0xf8b2cb4f",
                "0xf8b2cb4f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1024,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1274,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1446,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 7,
    "guards_detected": [
        {
            "pc": 1144,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 7
}
medium other detector ETH value transfer possible 40 yes yes
view
trace_id: 0xbf46b4eb533924ba30f022d09396d8f10a5c82bea6d4068cc53b5bcdc165455c
call_targets: 0x0000000000000000000000000000000000000001, 0x2945e60678d76acc6178730488d1f00e7dbf5105
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xbf46b4eb533924ba30f022d09396d8f10a5c82bea6d4068cc53b5bcdc165455c",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000001",
        "0x2945e60678d76acc6178730488d1f00e7dbf5105"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4c773795",
            "selector": "0x4c773795",
            "calldata_variants": [
                "0x4c773795",
                "0x4c7737950000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x524f3889",
            "selector": "0x524f3889",
            "calldata_variants": [
                "0x524f3889",
                "0x524f38890000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x853828b6",
            "selector": "0x853828b6",
            "calldata_variants": [
                "0x853828b6",
                "0x853828b60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa4c8a1c1",
            "selector": "0xa4c8a1c1",
            "calldata_variants": [
                "0xa4c8a1c1",
                "0xa4c8a1c10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xadf59f99",
            "selector": "0xadf59f99",
            "calldata_variants": [
                "0xadf59f99",
                "0xadf59f990000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf8b2cb4f",
            "selector": "0xf8b2cb4f",
            "calldata_variants": [
                "0xf8b2cb4f",
                "0xf8b2cb4f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1024,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1274,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1446,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 7,
    "guards_detected": [
        {
            "pc": 1144,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}