019b3836-263f-7282-8814-a140859af314
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 893 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 894 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 43915 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 43916 | capability.graph | complete | 1 / 3 | 1 week ago |
| 43917 | detector.run | complete | 1 / 3 | 1 week ago |
| 43918 | validation.fork | complete | 1 / 3 | 1 week ago |
| 112458 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":true,"summary":"Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode. The contract appears to be a simple ERC20-like token with best-effort selector matches for `name`, `symbol`, `decimals`, `balanceOf`, and a non-standard `transfer`. The only external `CALL` is at `pc:0x188` (`392`), inside the dynamic-string return helper used by the metadata getters; its surrounding pattern matches the identity precompile (`0x04`) memory-copy routine, including the characteristic gas formula `0x0f + 3*ceil(len/32)`, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` alerts are likely false positives. I found no evidenced `DELEGATECALL`, proxy/upgrade slot usage, privileged/admin path, signature-validation logic, or concrete reentrancy-bearing untrusted external call. Bytecode-only uncertainty remains around selector inference and fallback behavior, but no meaningful exploitable issue is supported by the provided artifact.","findings":[]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-6pmgjt6r
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5b53-282b-7e71-9ed6-ca146d3d21c2
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-6pmgjt6r
succeeded in 0ms:
/tmp/codex-6pmgjt6r
exec
/bin/bash -lc 'rg --files' in /tmp/codex-6pmgjt6r
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0xb6307611c06c57257ee2ad83beed39cc6650163e",
"artifact_hash": "0x78b914effa90c9c4232c236dc91052fbf2412f21d6d53e623a8f17c34679032a",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 25
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 36
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 47
},
{
"end_pc": 68,
"hash": "0x3a122683470ea7901e31e80e6378780a829a06da64b04e691b5d5c5621392507",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 58
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 69
},
{
"end_pc": 136,
"hash": "0xfc01f99e3d71612bfaa85e2bb57cdd9403eabce7b9348bcac405b7924f1b1f2d",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 71
},
{
"end_pc": 144,
"hash": "0x94766029cd41199d0239fbf67bb17d1e452d9bb9f7b63a80357531b66475e6d3",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 137
},
{
"end_pc": 163,
"hash": "0x7a9c5e28ca72e7db26993eb4591b942a2bd83baf5200667721f5598807ec92a5",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 145
},
{
"end_pc": 175,
"hash": "0x938aee19a0e1094c19b5a9528f839968d51c237564158e673ab6899436584f6e",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 164
},
{
"end_pc": 199,
"hash": "0x7b0565c261db3d55c39f20ac0ee4d4710d6951f51b6844e361a4647909dcfc38",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 176
},
{
"end_pc": 263,
"hash": "0x05bb2b1cf28e868299a2692b981f091c16cd0b0ff5f325436e762172d3967632",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_85",
"OP_87",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_93",
"AND",
"OP_92",
"OP_90",
"OP_92",
"DIV",
"OP_91",
"OP_82",
"ADD",
"OP_81",
"OP_90",
"DIV",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 200
},
{
"end_pc": 271,
"hash": "0x21b49c68f1af8b85acdfbc3ef26289b590ab67ebb18271dfc552d3d38c161349",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 264
},
{
"end_pc": 290,
"hash": "0xae7e4932e7d3455de45f6fa310bc61e816c4075510a405b25c6797cfa8308dd4",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 272
},
{
"end_pc": 333,
"hash": "0x695d244bc0789518ea2be8b9593ab18c4b31efe9b0bb2b4a99b09bfa0bd4168d",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 291
},
{
"end_pc": 337,
"hash": "0x5ebda49c75a90269902080f51db6f1c7b1af883a7fd6baf1d61b81a8b96dcdca",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 334
},
{
"end_pc": 408,
"hash": "0x5c91046627439dc30668d4e42561f655c26d9a339fc0029841b375508f7254a6",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 338
},
{
"end_pc": 433,
"hash": "0xc0a703c2254334f9171c8126ae06fea5cf289341f4c19c890fa2f6b928c400e4",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 409
},
{
"end_pc": 447,
"hash": "0xbbf38bd955ec6188d491c8a752950f390e38b6a9203b6891438ecf3d66b81c51",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 434
},
{
"end_pc": 457,
"hash": "0xe40870dc717cbfdedea9fbb4d2473ca373d3dd88734eda3a8e7ff7e0a08a80de",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 448
},
{
"end_pc": 471,
"hash": "0x712f7aabde4f2b6cb8fd21b243449d960bb2bde97dfa68f99a6793a74191755f",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 458
},
{
"end_pc": 491,
"hash": "0xb72355893dc85ba3dba3d8450e06bc619269717a95c970bc878e9b20fda0e6a2",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 472
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
},
{
"end_pc": 500,
"hash": "0x44d3956d843a32ee50717833fa8ec9dbfa425cdf8dcb23848e44acae24f05d14",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 492
},
{
"end_pc": 508,
"hash": "0xfc2ec825a8f178aa5a5c70c694abf2c3132e519e33d00850e8769ebb62cf186a",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 501
},
{
"end_pc": 538,
"hash": "0xa75c05a5c67571b18cbd868879dec0d7c57966797b1df8756504756360d24fa1",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 509
},
{
"end_pc": 542,
"hash": "0xee4e5c2be823ee6e569c01a0bf832422eaf7ebbf27bd4c5f027d970c75b8c6f9",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 539
},
{
"end_pc": 715,
"hash": "0x55470c341be9e608b9f37871022d25fc911758efeacc5d69b28df302da0d728e",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 543
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
{
"from": "bb:137",
"to": "bb:458",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:264",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:458",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:272",
"type": "control_flow_fallthrough"
},
{
"from": "bb:272",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:509",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:334",
"type": "control_flow_fallthrough"
},
{
"from": "bb:338",
"to": "bb:434",
"type": "control_flow"
},
{
"from": "bb:338",
"to": "bb:409",
"type": "control_flow_fallthrough"
},
{
"from": "bb:409",
"to": "bb:434",
"type": "control_flow_fallthrough"
},
{
"from": "bb:458",
"to": "bb:472",
"type": "control_flow_fallthrough"
},
{
"from": "bb:472",
"to": "bb:472",
"type": "control_flow"
},
{
"from": "bb:472",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:501",
"type": "control_flow_fallthrough"
},
{
"from": "bb:509",
"to": "bb:543",
"type": "control_flow"
},
{
"from": "bb:509",
"to": "bb:539",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x6c4bb376ffb513d20aa6d4edd74e191aff6c92e336ab4cbe13119a6bd03d7596",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
],
"selectors": [
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x3f42c86ea224fe59f299de5fde71654d4371c019b8bdb311d33f4bce9ca602ee",
"created_at": "2026-04-04T19:46:11.000000Z",
"id": 1638,
"updated_at": "2026-04-04T21:41:27.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0xb6307611c06c57257ee2ad83beed39cc6650163e",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:51.000000Z",
"id": "019b3836-263f-7282-8814-a140859af314",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:46:11.000000Z"
},
"artifact": {
"codehash": "0x3f42c86ea224fe59f299de5fde71654d4371c019b8bdb311d33f4bce9ca602ee",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61015260008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156101f55780601f106101ca576101008083540402835291602001916101f5565b6101c060025460ff1681565b6101c060043560036020526000908152604090205481565b610152600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156101f55780601f106101ca576101008083540402835291602001916101f5565b610045600435602435600160a060020a033316600090815260036020526040902054819010156101fd57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600302600f01f150905090810190601f1680156101b25780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101d857829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561021f57610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
"head": null,
"length": 1434,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0xb6307611c06c57257ee2ad83beed39cc6650163e",
"block_number": null,
"chain_id": 1,
"codehash": "0x3f42c86ea224fe59f299de5fde71654d4371c019b8bdb311d33f4bce9ca602ee",
"created_at": "2026-04-04T19:46:11.000000Z",
"graph_hash": "0xc20974e387627e97d958e747e36173ea1abf7d42b1d528da6165e417af2e5305",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:458",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:501",
"type": "control_flow"
},
{
"from": "bb:200",
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|proxy|delegatecall|reentr' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
910: "delegatecall": 0,
954: "delegatecall": 0,
998: "delegatecall": 0,
1042: "delegatecall": 0,
1086: "delegatecall": 0,
1134: "delegatecall": 0,
1200: "is_proxy": false,
1637: "detector_findings": [
1640: "evidence_json": {
1679: "evidence_json": {
1719: "delegatecall_count": 0,
exec
/bin/bash -lc 'wc -l BYTECODE_BUNDLE.json' in /tmp/codex-6pmgjt6r
succeeded in 0ms:
1722 BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1600,1722p' BYTECODE_BUNDLE.json" in /tmp/codex-6pmgjt6r
succeeded in 0ms:
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 1638,
"updated_at": "2026-04-04T21:41:27.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 104ms:
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 5ms:
338: JUMPDEST
339: PUSH1 0x40
341: MLOAD
342: DUP1
343: DUP1
344: PUSH1 0x20
346: ADD
347: DUP3
348: DUP2
349: SUB
350: DUP3
351: MSTORE
352: DUP4
353: DUP2
354: DUP2
355: MLOAD
356: DUP2
357: MSTORE
358: PUSH1 0x20
360: ADD
361: SWAP2
362: POP
363: DUP1
364: MLOAD
365: SWAP1
366: PUSH1 0x20
368: ADD
369: SWAP1
370: DUP1
371: DUP4
372: DUP4
373: DUP3
374: SWAP1
375: PUSH1 0x00
377: PUSH1 0x04
379: PUSH1 0x20
381: DUP5
382: PUSH1 0x1f
384: ADD
385: DIV
386: PUSH1 0x03
388: MUL
389: PUSH1 0x0f
391: ADD
392: CALL
393: POP
394: SWAP1
395: POP
396: SWAP1
397: DUP2
398: ADD
399: SWAP1
400: PUSH1 0x1f
402: AND
403: DUP1
404: ISZERO
405: PUSH2 0x01b2
408: JUMPI
409: DUP1
410: DUP3
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 1ms:
291: JUMPDEST
292: PUSH2 0x0045
295: PUSH1 0x04
297: CALLDATALOAD
298: PUSH1 0x24
300: CALLDATALOAD
301: PUSH1 0x01
303: PUSH1 0xa0
305: PUSH1 0x02
307: EXP
308: SUB
309: CALLER
310: AND
311: PUSH1 0x00
313: SWAP1
314: DUP2
315: MSTORE
316: PUSH1 0x03
318: PUSH1 0x20
320: MSTORE
321: PUSH1 0x40
323: SWAP1
324: SHA3
325: SLOAD
326: DUP2
327: SWAP1
328: LT
329: ISZERO
330: PUSH2 0x01fd
333: JUMPI
334: PUSH2 0x0002
337: JUMP
338: JUMPDEST
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 2ms:
509: JUMPDEST
510: PUSH1 0x01
512: PUSH1 0xa0
514: PUSH1 0x02
516: EXP
517: SUB
518: DUP3
519: AND
520: PUSH1 0x00
522: SWAP1
523: DUP2
524: MSTORE
525: PUSH1 0x40
527: SWAP1
528: SHA3
529: SLOAD
530: DUP1
531: DUP3
532: ADD
533: LT
534: ISZERO
535: PUSH2 0x021f
538: JUMPI
539: PUSH2 0x0002
542: JUMP
543: JUMPDEST
544: DUP1
545: PUSH1 0x03
547: PUSH1 0x00
549: POP
550: PUSH1 0x00
552: CALLER
553: PUSH1 0x01
555: PUSH1 0xa0
557: PUSH1 0x02
559: EXP
560: SUB
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 7ms:
543: JUMPDEST
544: DUP1
545: PUSH1 0x03
547: PUSH1 0x00
549: POP
550: PUSH1 0x00
552: CALLER
553: PUSH1 0x01
555: PUSH1 0xa0
557: PUSH1 0x02
559: EXP
560: SUB
561: AND
562: DUP2
563: MSTORE
564: PUSH1 0x20
566: ADD
567: SWAP1
568: DUP2
569: MSTORE
570: PUSH1 0x20
572: ADD
573: PUSH1 0x00
575: SHA3
576: PUSH1 0x00
578: DUP3
579: DUP3
580: DUP3
581: POP
582: SLOAD
583: SUB
584: SWAP3
585: POP
586: POP
587: DUP2
588: SWAP1
589: SSTORE
590: POP
591: DUP1
592: PUSH1 0x03
594: PUSH1 0x00
596: POP
597: PUSH1 0x00
599: DUP5
600: PUSH1 0x01
602: PUSH1 0xa0
604: PUSH1 0x02
606: EXP
607: SUB
608: AND
609: DUP2
610: MSTORE
611: PUSH1 0x20
613: ADD
614: SWAP1
615: DUP2
616: MSTORE
617: PUSH1 0x20
619: ADD
620: PUSH1 0x00
622: SHA3
623: PUSH1 0x00
625: DUP3
626: DUP3
627: DUP3
628: POP
629: SLOAD
630: ADD
631: SWAP3
632: POP
633: POP
634: DUP2
635: SWAP1
636: SSTORE
637: POP
638: DUP2
639: PUSH1 0x01
641: PUSH1 0xa0
643: PUSH1 0x02
645: EXP
646: SUB
647: AND
648: CALLER
649: PUSH1 0x01
651: PUSH1 0xa0
653: PUSH1 0x02
655: EXP
656: SUB
657: AND
658: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
691: DUP4
692: PUSH1 0x40
694: MLOAD
695: DUP1
696: DUP3
697: DUP2
698: MSTORE
699: PUSH1 0x20
701: ADD
702: SWAP2
703: POP
704: POP
705: PUSH1 0x40
707: MLOAD
708: DUP1
709: SWAP2
710: SUB
711: SWAP1
712: LOG3
713: POP
714: POP
715: JUMP
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 5ms:
0: PUSH1 0x60
2: PUSH1 0x40
4: MSTORE
5: PUSH1 0xe0
7: PUSH1 0x02
9: EXP
10: PUSH1 0x00
12: CALLDATALOAD
13: DIV
14: PUSH4 0x06fdde03
19: DUP2
20: EQ
21: PUSH2 0x0047
24: JUMPI
25: DUP1
26: PUSH4 0x313ce567
31: EQ
32: PUSH2 0x00a4
35: JUMPI
36: DUP1
37: PUSH4 0x70a08231
42: EQ
43: PUSH2 0x00b0
46: JUMPI
47: DUP1
48: PUSH4 0x95d89b41
53: EQ
54: PUSH2 0x00c8
57: JUMPI
58: DUP1
59: PUSH4 0xa9059cbb
64: EQ
65: PUSH2 0x0123
68: JUMPI
69: JUMPDEST
70: STOP
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 5ms:
164: JUMPDEST
165: PUSH2 0x01c0
168: PUSH1 0x02
170: SLOAD
171: PUSH1 0xff
173: AND
174: DUP2
175: JUMP
176: JUMPDEST
177: PUSH2 0x01c0
180: PUSH1 0x04
182: CALLDATALOAD
183: PUSH1 0x03
185: PUSH1 0x20
187: MSTORE
188: PUSH1 0x00
190: SWAP1
191: DUP2
192: MSTORE
193: PUSH1 0x40
195: SWAP1
196: SHA3
197: SLOAD
198: DUP2
199: JUMP
---
176: JUMPDEST
177: PUSH2 0x01c0
180: PUSH1 0x04
182: CALLDATALOAD
183: PUSH1 0x03
185: PUSH1 0x20
187: MSTORE
188: PUSH1 0x00
190: SWAP1
191: DUP2
192: MSTORE
193: PUSH1 0x40
195: SWAP1
196: SHA3
197: SLOAD
198: DUP2
199: JUMP
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 3ms:
448: JUMPDEST
449: PUSH1 0x60
451: SWAP1
452: DUP2
453: MSTORE
454: PUSH1 0x20
456: SWAP1
457: RETURN
458: JUMPDEST
459: DUP3
460: ADD
461: SWAP2
462: SWAP1
463: PUSH1 0x00
465: MSTORE
466: PUSH1 0x20
468: PUSH1 0x00
470: SHA3
471: SWAP1
472: JUMPDEST
473: DUP2
474: SLOAD
475: DUP2
476: MSTORE
477: SWAP1
478: PUSH1 0x01
480: ADD
481: SWAP1
482: PUSH1 0x20
484: ADD
485: DUP1
486: DUP4
487: GT
488: PUSH2 0x01d8
491: JUMPI
492: DUP3
493: SWAP1
494: SUB
495: PUSH1 0x1f
497: AND
498: DUP3
499: ADD
500: SWAP2
501: JUMPDEST
502: POP
503: POP
504: POP
505: POP
506: POP
507: DUP2
508: JUMP
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 6ms:
71: JUMPDEST
72: PUSH2 0x0152
75: PUSH1 0x00
77: DUP1
78: SLOAD
79: PUSH1 0x20
81: PUSH1 0x02
83: PUSH1 0x01
85: DUP4
86: AND
87: ISZERO
88: PUSH2 0x0100
91: MUL
92: PUSH1 0x00
94: NOT
95: ADD
96: SWAP1
97: SWAP3
98: AND
99: SWAP2
100: SWAP1
101: SWAP2
102: DIV
103: PUSH1 0x1f
105: DUP2
106: ADD
107: DUP3
108: SWAP1
109: DIV
110: SWAP1
111: SWAP2
112: MUL
113: PUSH1 0x80
115: SWAP1
116: DUP2
117: ADD
118: PUSH1 0x40
120: MSTORE
121: PUSH1 0x60
123: DUP3
124: DUP2
125: MSTORE
126: SWAP3
127: SWAP2
128: SWAP1
129: DUP3
130: DUP3
131: DUP1
132: ISZERO
133: PUSH2 0x01f5
136: JUMPI
137: DUP1
138: PUSH1 0x1f
140: LT
141: PUSH2 0x01ca
144: JUMPI
145: PUSH2 0x0100
148: DUP1
149: DUP4
150: SLOAD
151: DIV
152: MUL
153: DUP4
154: MSTORE
155: SWAP2
156: PUSH1 0x20
158: ADD
159: SWAP2
160: PUSH2 0x01f5
163: JUMP
exec
js_repl in /tmp/codex-6pmgjt6r
succeeded in 3ms:
200: JUMPDEST
201: PUSH2 0x0152
204: PUSH1 0x01
206: DUP1
207: SLOAD
208: PUSH1 0x20
210: PUSH1 0x1f
212: PUSH1 0x02
214: PUSH1 0x00
216: NOT
217: PUSH2 0x0100
220: DUP6
221: DUP8
222: AND
223: ISZERO
224: MUL
225: ADD
226: SWAP1
227: SWAP4
228: AND
229: SWAP3
230: SWAP1
231: SWAP3
232: DIV
233: SWAP2
234: DUP3
235: ADD
236: DUP2
237: SWAP1
238: DIV
239: MUL
240: PUSH1 0x80
242: SWAP1
243: DUP2
244: ADD
245: PUSH1 0x40
247: MSTORE
248: PUSH1 0x60
250: DUP3
251: DUP2
252: MSTORE
253: SWAP3
254: SWAP2
255: SWAP1
256: DUP3
257: DUP3
258: DUP1
259: ISZERO
260: PUSH2 0x01f5
263: JUMPI
264: DUP1
265: PUSH1 0x1f
267: LT
268: PUSH2 0x01ca
271: JUMPI
272: PUSH2 0x0100
275: DUP1
276: DUP4
277: SLOAD
278: DIV
279: MUL
280: DUP4
281: MSTORE
282: SWAP2
283: PUSH1 0x20
285: ADD
286: SWAP2
287: PUSH2 0x01f5
290: JUMP
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-6pmgjt6r
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
codex
{"no_findings":true,"summary":"Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode. The contract appears to be a simple ERC20-like token with best-effort selector matches for `name`, `symbol`, `decimals`, `balanceOf`, and a non-standard `transfer`. The only external `CALL` is at `pc:0x188` (`392`), inside the dynamic-string return helper used by the metadata getters; its surrounding pattern matches the identity precompile (`0x04`) memory-copy routine, including the characteristic gas formula `0x0f + 3*ceil(len/32)`, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` alerts are likely false positives. I found no evidenced `DELEGATECALL`, proxy/upgrade slot usage, privileged/admin path, signature-validation logic, or concrete reentrancy-bearing untrusted external call. Bytecode-only uncertainty remains around selector inference and fallback behavior, but no meaningful exploitable issue is supported by the provided artifact.","findings":[]}
tokens used
47,083
{
"codex": {
"ran_at": "2026-04-05T01:49:59.038254+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1434,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode. The contract appears to be a simple ERC20-like token with best-effort selector matches for `name`, `symbol`, `decimals`, `balanceOf`, and a non-standard `transfer`. The only external `CALL` is at `pc:0x188` (`392`), inside the dynamic-string return helper used by the metadata getters; its surrounding pattern matches the identity precompile (`0x04`) memory-copy routine, including the characteristic gas formula `0x0f + 3*ceil(len/32)`, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` alerts are likely false positives. I found no evidenced `DELEGATECALL`, proxy/upgrade slot usage, privileged/admin path, signature-validation logic, or concrete reentrancy-bearing untrusted external call. Bytecode-only uncertainty remains around selector inference and fallback behavior, but no meaningful exploitable issue is supported by the provided artifact.",
"raw_final": {
"summary": "Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode. The contract appears to be a simple ERC20-like token with best-effort selector matches for `name`, `symbol`, `decimals`, `balanceOf`, and a non-standard `transfer`. The only external `CALL` is at `pc:0x188` (`392`), inside the dynamic-string return helper used by the metadata getters; its surrounding pattern matches the identity precompile (`0x04`) memory-copy routine, including the characteristic gas formula `0x0f + 3*ceil(len/32)`, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` alerts are likely false positives. I found no evidenced `DELEGATECALL`, proxy/upgrade slot usage, privileged/admin path, signature-validation logic, or concrete reentrancy-bearing untrusted external call. Bytecode-only uncertainty remains around selector inference and fallback behavior, but no meaningful exploitable issue is supported by the provided artifact.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0152 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x01f5 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x01ca 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x01f5 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01c0 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01c0 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0152 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x01f5 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x01ca 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x01f5 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: ISZERO 0000014a: PUSH2 0x01fd 0000014d: JUMPI 0000014e: PUSH2 0x0002 00000151: JUMP 00000152: JUMPDEST 00000153: PUSH1 0x40 00000155: MLOAD 00000156: DUP1 00000157: DUP1 00000158: PUSH1 0x20 0000015a: ADD 0000015b: DUP3 0000015c: DUP2 0000015d: SUB 0000015e: DUP3 0000015f: MSTORE 00000160: DUP4 00000161: DUP2 00000162: DUP2 00000163: MLOAD 00000164: DUP2 00000165: MSTORE 00000166: PUSH1 0x20 00000168: ADD 00000169: SWAP2 0000016a: POP 0000016b: DUP1 0000016c: MLOAD 0000016d: SWAP1 0000016e: PUSH1 0x20 00000170: ADD 00000171: SWAP1 00000172: DUP1 00000173: DUP4 00000174: DUP4 00000175: DUP3 00000176: SWAP1 00000177: PUSH1 0x00 00000179: PUSH1 0x04 0000017b: PUSH1 0x20 0000017d: DUP5 0000017e: PUSH1 0x1f 00000180: ADD 00000181: DIV 00000182: PUSH1 0x03 00000184: MUL 00000185: PUSH1 0x0f 00000187: ADD 00000188: CALL 00000189: POP 0000018a: SWAP1 0000018b: POP 0000018c: SWAP1 0000018d: DUP2 0000018e: ADD 0000018f: SWAP1 00000190: PUSH1 0x1f 00000192: AND 00000193: DUP1 00000194: ISZERO 00000195: PUSH2 0x01b2 00000198: JUMPI 00000199: DUP1 0000019a: DUP3 0000019b: SUB 0000019c: DUP1 0000019d: MLOAD 0000019e: PUSH1 0x01 000001a0: DUP4 000001a1: PUSH1 0x20 000001a3: SUB 000001a4: PUSH2 0x0100 000001a7: EXP 000001a8: SUB 000001a9: NOT 000001aa: AND 000001ab: DUP2 000001ac: MSTORE 000001ad: PUSH1 0x20 000001af: ADD 000001b0: SWAP2 000001b1: POP 000001b2: JUMPDEST 000001b3: POP 000001b4: SWAP3 000001b5: POP 000001b6: POP 000001b7: POP 000001b8: PUSH1 0x40 000001ba: MLOAD 000001bb: DUP1 000001bc: SWAP2 000001bd: SUB 000001be: SWAP1 000001bf: RETURN 000001c0: JUMPDEST 000001c1: PUSH1 0x60 000001c3: SWAP1 000001c4: DUP2 000001c5: MSTORE 000001c6: PUSH1 0x20 000001c8: SWAP1 000001c9: RETURN 000001ca: JUMPDEST 000001cb: DUP3 000001cc: ADD 000001cd: SWAP2 000001ce: SWAP1 000001cf: PUSH1 0x00 000001d1: MSTORE 000001d2: PUSH1 0x20 000001d4: PUSH1 0x00 000001d6: KECCAK256 000001d7: SWAP1 000001d8: JUMPDEST 000001d9: DUP2 000001da: SLOAD 000001db: DUP2 000001dc: MSTORE 000001dd: SWAP1 000001de: PUSH1 0x01 000001e0: ADD 000001e1: SWAP1 000001e2: PUSH1 0x20 000001e4: ADD 000001e5: DUP1 000001e6: DUP4 000001e7: GT 000001e8: PUSH2 0x01d8 000001eb: JUMPI 000001ec: DUP3 000001ed: SWAP1 000001ee: SUB 000001ef: PUSH1 0x1f 000001f1: AND 000001f2: DUP3 000001f3: ADD 000001f4: SWAP2 000001f5: JUMPDEST 000001f6: POP 000001f7: POP 000001f8: POP 000001f9: POP 000001fa: POP 000001fb: DUP2 000001fc: JUMP 000001fd: JUMPDEST 000001fe: PUSH1 0x01 00000200: PUSH1 0xa0 00000202: PUSH1 0x02 00000204: EXP 00000205: SUB 00000206: DUP3 00000207: AND 00000208: PUSH1 0x00 0000020a: SWAP1 0000020b: DUP2 0000020c: MSTORE 0000020d: PUSH1 0x40 0000020f: SWAP1 00000210: KECCAK256 00000211: SLOAD 00000212: DUP1 00000213: DUP3 00000214: ADD 00000215: LT 00000216: ISZERO 00000217: PUSH2 0x021f 0000021a: JUMPI 0000021b: PUSH2 0x0002 0000021e: JUMP 0000021f: JUMPDEST 00000220: DUP1 00000221: PUSH1 0x03 00000223: PUSH1 0x00 00000225: POP 00000226: PUSH1 0x00 00000228: CALLER 00000229: PUSH1 0x01 0000022b: PUSH1 0xa0 0000022d: PUSH1 0x02 0000022f: EXP 00000230: SUB 00000231: AND 00000232: DUP2 00000233: MSTORE 00000234: PUSH1 0x20 00000236: ADD 00000237: SWAP1 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: PUSH1 0x00 0000023f: KECCAK256 00000240: PUSH1 0x00 00000242: DUP3 00000243: DUP3 00000244: DUP3 00000245: POP 00000246: SLOAD 00000247: SUB 00000248: SWAP3 00000249: POP 0000024a: POP 0000024b: DUP2 0000024c: SWAP1 0000024d: SSTORE 0000024e: POP 0000024f: DUP1 00000250: PUSH1 0x03 00000252: PUSH1 0x00 00000254: POP 00000255: PUSH1 0x00 00000257: DUP5 00000258: PUSH1 0x01 0000025a: PUSH1 0xa0 0000025c: PUSH1 0x02 0000025e: EXP 0000025f: SUB 00000260: AND 00000261: DUP2 00000262: MSTORE 00000263: PUSH1 0x20 00000265: ADD 00000266: SWAP1 00000267: DUP2 00000268: MSTORE 00000269: PUSH1 0x20 0000026b: ADD 0000026c: PUSH1 0x00 0000026e: KECCAK256 0000026f: PUSH1 0x00 00000271: DUP3 00000272: DUP3 00000273: DUP3 00000274: POP 00000275: SLOAD 00000276: ADD 00000277: SWAP3 00000278: POP 00000279: POP 0000027a: DUP2 0000027b: SWAP1 0000027c: SSTORE 0000027d: POP 0000027e: DUP2 0000027f: PUSH1 0x01 00000281: PUSH1 0xa0 00000283: PUSH1 0x02 00000285: EXP 00000286: SUB 00000287: AND 00000288: CALLER 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000002b3: DUP4 000002b4: PUSH1 0x40 000002b6: MLOAD 000002b7: DUP1 000002b8: DUP3 000002b9: DUP2 000002ba: MSTORE 000002bb: PUSH1 0x20 000002bd: ADD 000002be: SWAP2 000002bf: POP 000002c0: POP 000002c1: PUSH1 0x40 000002c3: MLOAD 000002c4: DUP1 000002c5: SWAP2 000002c6: SUB 000002c7: SWAP1 000002c8: LOG3 000002c9: POP 000002ca: POP 000002cb: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce
call_targets:
0x0000000000000000000000000000000000000004, 0xb6307611c06c57257ee2ad83beed39cc6650163e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce
call_targets:
0x0000000000000000000000000000000000000004, 0xb6307611c06c57257ee2ad83beed39cc6650163e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|