TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-2812-72d7-bad8-51979dee2215

complete
Chain ID
1
Address
0xe109ecb193841af9da3110c80fdd365d1c23be2a
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
1193 artifact.fetch complete 1 / 3 3 months ago
1194 tool.cast_disasm complete 1 / 3 3 months ago
96274 analysis.bundle complete 1 / 3 1 week ago
96275 capability.graph complete 1 / 3 1 week ago
96276 detector.run complete 1 / 3 1 week ago
96277 validation.fork complete 1 / 3 1 week ago
113799 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-7b82y135
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c9e-f79c-70c0-b77a-8ed5d0452100
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:50:16.897624+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 3174,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
8
EXT*/BALANCE
0
Total opcodes
860
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x00c4
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x01991313
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x00c6
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x049ae734
00000025: EQ
00000026: PUSH2 0x00e6
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x08f235ec
00000030: EQ
00000031: PUSH2 0x010a
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x21bacf28
0000003b: EQ
0000003c: PUSH2 0x011b
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x480b70bd
00000046: EQ
00000047: PUSH2 0x012d
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x48107843
00000051: EQ
00000052: PUSH2 0x014f
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0x523ccfa8
0000005c: EQ
0000005d: PUSH2 0x01dd
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0x6822abae
00000067: EQ
00000068: PUSH2 0x026b
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0x68402460
00000072: EQ
00000073: PUSH2 0x027f
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0x75c589a0
0000007d: EQ
0000007e: PUSH2 0x02a7
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0x8b676ae8
00000088: EQ
00000089: PUSH2 0x02b7
0000008c: JUMPI
0000008d: DUP1
0000008e: PUSH4 0x96cff3df
00000093: EQ
00000094: PUSH2 0x039a
00000097: JUMPI
00000098: DUP1
00000099: PUSH4 0x98c9cdf4
0000009e: EQ
0000009f: PUSH2 0x0406
000000a2: JUMPI
000000a3: DUP1
000000a4: PUSH4 0x98e00e54
000000a9: EQ
000000aa: PUSH2 0x045c
000000ad: JUMPI
000000ae: DUP1
000000af: PUSH4 0x9f927be7
000000b4: EQ
000000b5: PUSH2 0x04b2
000000b8: JUMPI
000000b9: DUP1
000000ba: PUSH4 0xc0f68859
000000bf: EQ
000000c0: PUSH2 0x055e
000000c3: JUMPI
000000c4: JUMPDEST
000000c5: STOP
000000c6: JUMPDEST
000000c7: PUSH2 0x05b4
000000ca: PUSH1 0x04
000000cc: CALLDATALOAD
000000cd: PUSH1 0x24
000000cf: CALLDATALOAD
000000d0: PUSH1 0x44
000000d2: CALLDATALOAD
000000d3: PUSH1 0x00
000000d5: PUSH2 0x05ff
000000d8: DUP5
000000d9: DUP5
000000da: DUP5
000000db: PUSH1 0x00
000000dd: PUSH1 0xff
000000df: PUSH2 0x0607
000000e2: PUSH2 0x010e
000000e5: JUMP
000000e6: JUMPDEST
000000e7: PUSH2 0x05b4
000000ea: PUSH1 0x04
000000ec: CALLDATALOAD
000000ed: PUSH1 0x24
000000ef: CALLDATALOAD
000000f0: PUSH1 0x44
000000f2: CALLDATALOAD
000000f3: PUSH1 0x64
000000f5: CALLDATALOAD
000000f6: PUSH1 0x84
000000f8: CALLDATALOAD
000000f9: PUSH1 0x00
000000fb: PUSH2 0x061d
000000fe: DUP7
000000ff: DUP7
00000100: DUP7
00000101: DUP7
00000102: DUP7
00000103: PUSH2 0x0607
00000106: PUSH2 0x010e
00000109: JUMP
0000010a: JUMPDEST
0000010b: PUSH2 0x05d1
0000010e: JUMPDEST
0000010f: PUSH8 0x0de0b6b3a7640000
00000118: JUMPDEST
00000119: SWAP1
0000011a: JUMP
0000011b: JUMPDEST
0000011c: PUSH2 0x05d1
0000011f: JUMPDEST
00000120: PUSH8 0x016345785d8a0000
00000129: PUSH2 0x0118
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH2 0x05b4
00000131: PUSH1 0x04
00000133: CALLDATALOAD
00000134: PUSH1 0x24
00000136: CALLDATALOAD
00000137: PUSH1 0x44
00000139: CALLDATALOAD
0000013a: PUSH1 0x64
0000013c: CALLDATALOAD
0000013d: PUSH1 0x00
0000013f: PUSH2 0x0614
00000142: DUP6
00000143: DUP6
00000144: DUP6
00000145: DUP6
00000146: PUSH1 0xff
00000148: PUSH2 0x0607
0000014b: PUSH2 0x010e
0000014e: JUMP
0000014f: JUMPDEST
00000150: PUSH2 0x05b4
00000153: PUSH1 0x04
00000155: CALLDATALOAD
00000156: PUSH1 0x40
00000158: DUP1
00000159: MLOAD
0000015a: PUSH32 0xc4144b2600000000000000000000000000000000000000000000000000000000
0000017b: DUP2
0000017c: MSTORE
0000017d: PUSH1 0x00
0000017f: PUSH1 0x04
00000181: DUP3
00000182: ADD
00000183: DUP2
00000184: SWAP1
00000185: MSTORE
00000186: PUSH1 0x01
00000188: PUSH1 0xa0
0000018a: PUSH1 0x02
0000018c: EXP
0000018d: SUB
0000018e: DUP5
0000018f: AND
00000190: PUSH1 0x24
00000192: DUP4
00000193: ADD
00000194: MSTORE
00000195: SWAP2
00000196: MLOAD
00000197: PUSH20 0x873fd7d0657079da141d5705989d10ca555ba990
000001ac: SWAP2
000001ad: PUSH4 0xc4144b26
000001b2: SWAP2
000001b3: PUSH1 0x44
000001b5: DUP3
000001b6: DUP2
000001b7: ADD
000001b8: SWAP3
000001b9: PUSH1 0x20
000001bb: SWAP3
000001bc: SWAP2
000001bd: SWAP1
000001be: DUP3
000001bf: SWAP1
000001c0: SUB
000001c1: ADD
000001c2: DUP2
000001c3: DUP8
000001c4: DUP8
000001c5: PUSH1 0x32
000001c7: GAS
000001c8: SUB
000001c9: CALLCODE
000001ca: ISZERO
000001cb: PUSH2 0x0002
000001ce: JUMPI
000001cf: POP
000001d0: POP
000001d1: PUSH1 0x40
000001d3: MLOAD
000001d4: MLOAD
000001d5: SWAP2
000001d6: POP
000001d7: PUSH2 0x05fa
000001da: SWAP1
000001db: POP
000001dc: JUMP
000001dd: JUMPDEST
000001de: PUSH2 0x05d1
000001e1: PUSH1 0x04
000001e3: CALLDATALOAD
000001e4: PUSH1 0x40
000001e6: DUP1
000001e7: MLOAD
000001e8: PUSH32 0xed5bd7ea00000000000000000000000000000000000000000000000000000000
00000209: DUP2
0000020a: MSTORE
0000020b: PUSH1 0x00
0000020d: PUSH1 0x04
0000020f: DUP3
00000210: ADD
00000211: DUP2
00000212: SWAP1
00000213: MSTORE
00000214: PUSH1 0x01
00000216: PUSH1 0xa0
00000218: PUSH1 0x02
0000021a: EXP
0000021b: SUB
0000021c: DUP5
0000021d: AND
0000021e: PUSH1 0x24
00000220: DUP4
00000221: ADD
00000222: MSTORE
00000223: SWAP2
00000224: MLOAD
00000225: PUSH20 0x873fd7d0657079da141d5705989d10ca555ba990
0000023a: SWAP2
0000023b: PUSH4 0xed5bd7ea
00000240: SWAP2
00000241: PUSH1 0x44
00000243: DUP3
00000244: DUP2
00000245: ADD
00000246: SWAP3
00000247: PUSH1 0x20
00000249: SWAP3
0000024a: SWAP2
0000024b: SWAP1
0000024c: DUP3
0000024d: SWAP1
0000024e: SUB
0000024f: ADD
00000250: DUP2
00000251: DUP8
00000252: DUP8
00000253: PUSH1 0x32
00000255: GAS
00000256: SUB
00000257: CALLCODE
00000258: ISZERO
00000259: PUSH2 0x0002
0000025c: JUMPI
0000025d: POP
0000025e: POP
0000025f: PUSH1 0x40
00000261: MLOAD
00000262: MLOAD
00000263: SWAP2
00000264: POP
00000265: PUSH2 0x05fa
00000268: SWAP1
00000269: POP
0000026a: JUMP
0000026b: JUMPDEST
0000026c: PUSH2 0x05d1
0000026f: PUSH1 0x04
00000271: CALLDATALOAD
00000272: PUSH1 0x00
00000274: PUSH2 0x05f7
00000277: DUP3
00000278: PUSH2 0x05f2
0000027b: PUSH2 0x011f
0000027e: JUMP
0000027f: JUMPDEST
00000280: PUSH2 0x05b4
00000283: PUSH1 0x04
00000285: CALLDATALOAD
00000286: PUSH1 0x24
00000288: CALLDATALOAD
00000289: PUSH1 0x44
0000028b: CALLDATALOAD
0000028c: PUSH1 0x64
0000028e: CALLDATALOAD
0000028f: PUSH1 0x84
00000291: CALLDATALOAD
00000292: PUSH1 0xa4
00000294: CALLDATALOAD
00000295: PUSH1 0x00
00000297: PUSH2 0x0627
0000029a: DUP8
0000029b: DUP8
0000029c: DUP8
0000029d: DUP8
0000029e: DUP8
0000029f: DUP8
000002a0: PUSH2 0x060f
000002a3: PUSH2 0x011f
000002a6: JUMP
000002a7: JUMPDEST
000002a8: PUSH2 0x05d1
000002ab: PUSH1 0x00
000002ad: PUSH2 0x05e3
000002b0: PUSH2 0x05ea
000002b3: PUSH2 0x010e
000002b6: JUMP
000002b7: JUMPDEST
000002b8: PUSH2 0x05b4
000002bb: PUSH1 0x04
000002bd: CALLDATALOAD
000002be: PUSH1 0x24
000002c0: CALLDATALOAD
000002c1: PUSH1 0x44
000002c3: CALLDATALOAD
000002c4: PUSH1 0x64
000002c6: CALLDATALOAD
000002c7: PUSH1 0x84
000002c9: CALLDATALOAD
000002ca: PUSH1 0xa4
000002cc: CALLDATALOAD
000002cd: PUSH1 0xc4
000002cf: CALLDATALOAD
000002d0: JUMPDEST
000002d1: PUSH1 0x40
000002d3: DUP1
000002d4: MLOAD
000002d5: PUSH32 0x41075e8d00000000000000000000000000000000000000000000000000000000
000002f6: DUP2
000002f7: MSTORE
000002f8: PUSH1 0x00
000002fa: PUSH1 0x04
000002fc: DUP3
000002fd: ADD
000002fe: DUP2
000002ff: SWAP1
00000300: MSTORE
00000301: CALLER
00000302: PUSH1 0x01
00000304: PUSH1 0xa0
00000306: PUSH1 0x02
00000308: EXP
00000309: SUB
0000030a: SWAP1
0000030b: DUP2
0000030c: AND
0000030d: PUSH1 0x24
0000030f: DUP5
00000310: ADD
00000311: MSTORE
00000312: DUP11
00000313: AND
00000314: PUSH1 0x44
00000316: DUP4
00000317: ADD
00000318: MSTORE
00000319: PUSH1 0x64
0000031b: DUP3
0000031c: ADD
0000031d: DUP10
0000031e: SWAP1
0000031f: MSTORE
00000320: PUSH1 0x84
00000322: DUP3
00000323: ADD
00000324: DUP9
00000325: SWAP1
00000326: MSTORE
00000327: PUSH1 0xa4
00000329: DUP3
0000032a: ADD
0000032b: DUP8
0000032c: SWAP1
0000032d: MSTORE
0000032e: PUSH1 0xff
00000330: DUP7
00000331: AND
00000332: PUSH1 0xc4
00000334: DUP4
00000335: ADD
00000336: MSTORE
00000337: PUSH1 0xe4
00000339: DUP3
0000033a: ADD
0000033b: DUP6
0000033c: SWAP1
0000033d: MSTORE
0000033e: PUSH2 0x0104
00000341: DUP3
00000342: ADD
00000343: DUP5
00000344: SWAP1
00000345: MSTORE
00000346: CALLVALUE
00000347: PUSH2 0x0124
0000034a: DUP4
0000034b: ADD
0000034c: MSTORE
0000034d: SWAP2
0000034e: MLOAD
0000034f: PUSH20 0xac0500b26e61a8b26700289d9cd326adbc17be0e
00000364: SWAP2
00000365: PUSH4 0x41075e8d
0000036a: SWAP2
0000036b: PUSH2 0x0144
0000036e: DUP3
0000036f: DUP2
00000370: ADD
00000371: SWAP3
00000372: PUSH1 0x20
00000374: SWAP3
00000375: SWAP2
00000376: SWAP1
00000377: DUP3
00000378: SWAP1
00000379: SUB
0000037a: ADD
0000037b: DUP2
0000037c: DUP8
0000037d: DUP8
0000037e: PUSH1 0x32
00000380: GAS
00000381: SUB
00000382: CALLCODE
00000383: ISZERO
00000384: PUSH2 0x0002
00000387: JUMPI
00000388: POP
00000389: POP
0000038a: PUSH1 0x40
0000038c: MLOAD
0000038d: MLOAD
0000038e: SWAP10
0000038f: SWAP9
00000390: POP
00000391: POP
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: POP
00000397: POP
00000398: POP
00000399: JUMP
0000039a: JUMPDEST
0000039b: PUSH2 0x05d1
0000039e: PUSH1 0x04
000003a0: CALLDATALOAD
000003a1: PUSH1 0x24
000003a3: CALLDATALOAD
000003a4: JUMPDEST
000003a5: PUSH1 0x00
000003a7: PUSH20 0xac0500b26e61a8b26700289d9cd326adbc17be0e
000003bc: PUSH4 0x96cff3df
000003c1: DUP5
000003c2: DUP5
000003c3: PUSH1 0x40
000003c5: MLOAD
000003c6: DUP4
000003c7: PUSH1 0xe0
000003c9: PUSH1 0x02
000003cb: EXP
000003cc: MUL
000003cd: DUP2
000003ce: MSTORE
000003cf: PUSH1 0x04
000003d1: ADD
000003d2: DUP1
000003d3: DUP4
000003d4: DUP2
000003d5: MSTORE
000003d6: PUSH1 0x20
000003d8: ADD
000003d9: DUP3
000003da: DUP2
000003db: MSTORE
000003dc: PUSH1 0x20
000003de: ADD
000003df: SWAP3
000003e0: POP
000003e1: POP
000003e2: POP
000003e3: PUSH1 0x20
000003e5: PUSH1 0x40
000003e7: MLOAD
000003e8: DUP1
000003e9: DUP4
000003ea: SUB
000003eb: DUP2
000003ec: PUSH1 0x00
000003ee: DUP8
000003ef: PUSH1 0x32
000003f1: GAS
000003f2: SUB
000003f3: CALLCODE
000003f4: ISZERO
000003f5: PUSH2 0x0002
000003f8: JUMPI
000003f9: POP
000003fa: POP
000003fb: PUSH1 0x40
000003fd: MLOAD
000003fe: MLOAD
000003ff: SWAP5
00000400: SWAP4
00000401: POP
00000402: POP
00000403: POP
00000404: POP
00000405: JUMP
00000406: JUMPDEST
00000407: PUSH2 0x05d1
0000040a: PUSH1 0x00
0000040c: PUSH20 0xac0500b26e61a8b26700289d9cd326adbc17be0e
00000421: PUSH4 0x98c9cdf4
00000426: PUSH1 0x40
00000428: MLOAD
00000429: DUP2
0000042a: PUSH1 0xe0
0000042c: PUSH1 0x02
0000042e: EXP
0000042f: MUL
00000430: DUP2
00000431: MSTORE
00000432: PUSH1 0x04
00000434: ADD
00000435: DUP1
00000436: SWAP1
00000437: POP
00000438: PUSH1 0x20
0000043a: PUSH1 0x40
0000043c: MLOAD
0000043d: DUP1
0000043e: DUP4
0000043f: SUB
00000440: DUP2
00000441: PUSH1 0x00
00000443: DUP8
00000444: PUSH1 0x32
00000446: GAS
00000447: SUB
00000448: CALLCODE
00000449: ISZERO
0000044a: PUSH2 0x0002
0000044d: JUMPI
0000044e: POP
0000044f: POP
00000450: PUSH1 0x40
00000452: MLOAD
00000453: MLOAD
00000454: SWAP2
00000455: POP
00000456: PUSH2 0x0118
00000459: SWAP1
0000045a: POP
0000045b: JUMP
0000045c: JUMPDEST
0000045d: PUSH2 0x05d1
00000460: PUSH1 0x00
00000462: PUSH20 0xac0500b26e61a8b26700289d9cd326adbc17be0e
00000477: PUSH4 0x98e00e54
0000047c: PUSH1 0x40
0000047e: MLOAD
0000047f: DUP2
00000480: PUSH1 0xe0
00000482: PUSH1 0x02
00000484: EXP
00000485: MUL
00000486: DUP2
00000487: MSTORE
00000488: PUSH1 0x04
0000048a: ADD
0000048b: DUP1
0000048c: SWAP1
0000048d: POP
0000048e: PUSH1 0x20
00000490: PUSH1 0x40
00000492: MLOAD
00000493: DUP1
00000494: DUP4
00000495: SUB
00000496: DUP2
00000497: PUSH1 0x00
00000499: DUP8
0000049a: PUSH1 0x32
0000049c: GAS
0000049d: SUB
0000049e: CALLCODE
0000049f: ISZERO
000004a0: PUSH2 0x0002
000004a3: JUMPI
000004a4: POP
000004a5: POP
000004a6: PUSH1 0x40
000004a8: MLOAD
000004a9: MLOAD
000004aa: SWAP2
000004ab: POP
000004ac: PUSH2 0x0118
000004af: SWAP1
000004b0: POP
000004b1: JUMP
000004b2: JUMPDEST
000004b3: PUSH2 0x05b4
000004b6: PUSH1 0x04
000004b8: CALLDATALOAD
000004b9: PUSH1 0x40
000004bb: DUP1
000004bc: MLOAD
000004bd: PUSH32 0xe6ce3a6a00000000000000000000000000000000000000000000000000000000
000004de: DUP2
000004df: MSTORE
000004e0: PUSH1 0x00
000004e2: PUSH1 0x04
000004e4: DUP3
000004e5: ADD
000004e6: DUP2
000004e7: SWAP1
000004e8: MSTORE
000004e9: PUSH32 0x3e3d000000000000000000000000000000000000000000000000000000000000
0000050a: PUSH1 0x24
0000050c: DUP4
0000050d: ADD
0000050e: MSTORE
0000050f: PUSH1 0x44
00000511: DUP3
00000512: ADD
00000513: DUP5
00000514: SWAP1
00000515: MSTORE
00000516: SWAP2
00000517: MLOAD
00000518: PUSH20 0x873fd7d0657079da141d5705989d10ca555ba990
0000052d: SWAP2
0000052e: PUSH4 0xe6ce3a6a
00000533: SWAP2
00000534: PUSH1 0x64
00000536: DUP3
00000537: DUP2
00000538: ADD
00000539: SWAP3
0000053a: PUSH1 0x20
0000053c: SWAP3
0000053d: SWAP2
0000053e: SWAP1
0000053f: DUP3
00000540: SWAP1
00000541: SUB
00000542: ADD
00000543: DUP2
00000544: DUP8
00000545: DUP8
00000546: PUSH1 0x32
00000548: GAS
00000549: SUB
0000054a: CALLCODE
0000054b: ISZERO
0000054c: PUSH2 0x0002
0000054f: JUMPI
00000550: POP
00000551: POP
00000552: PUSH1 0x40
00000554: MLOAD
00000555: MLOAD
00000556: SWAP2
00000557: POP
00000558: PUSH2 0x05fa
0000055b: SWAP1
0000055c: POP
0000055d: JUMP
0000055e: JUMPDEST
0000055f: PUSH2 0x05d1
00000562: PUSH1 0x00
00000564: PUSH20 0xac0500b26e61a8b26700289d9cd326adbc17be0e
00000579: PUSH4 0xc0f68859
0000057e: PUSH1 0x40
00000580: MLOAD
00000581: DUP2
00000582: PUSH1 0xe0
00000584: PUSH1 0x02
00000586: EXP
00000587: MUL
00000588: DUP2
00000589: MSTORE
0000058a: PUSH1 0x04
0000058c: ADD
0000058d: DUP1
0000058e: SWAP1
0000058f: POP
00000590: PUSH1 0x20
00000592: PUSH1 0x40
00000594: MLOAD
00000595: DUP1
00000596: DUP4
00000597: SUB
00000598: DUP2
00000599: PUSH1 0x00
0000059b: DUP8
0000059c: PUSH1 0x32
0000059e: GAS
0000059f: SUB
000005a0: CALLCODE
000005a1: ISZERO
000005a2: PUSH2 0x0002
000005a5: JUMPI
000005a6: POP
000005a7: POP
000005a8: PUSH1 0x40
000005aa: MLOAD
000005ab: MLOAD
000005ac: SWAP2
000005ad: POP
000005ae: PUSH2 0x0118
000005b1: SWAP1
000005b2: POP
000005b3: JUMP
000005b4: JUMPDEST
000005b5: PUSH1 0x40
000005b7: DUP1
000005b8: MLOAD
000005b9: PUSH1 0x01
000005bb: PUSH1 0xa0
000005bd: PUSH1 0x02
000005bf: EXP
000005c0: SUB
000005c1: SWAP3
000005c2: SWAP1
000005c3: SWAP3
000005c4: AND
000005c5: DUP3
000005c6: MSTORE
000005c7: MLOAD
000005c8: SWAP1
000005c9: DUP2
000005ca: SWAP1
000005cb: SUB
000005cc: PUSH1 0x20
000005ce: ADD
000005cf: SWAP1
000005d0: RETURN
000005d1: JUMPDEST
000005d2: PUSH1 0x40
000005d4: DUP1
000005d5: MLOAD
000005d6: SWAP2
000005d7: DUP3
000005d8: MSTORE
000005d9: MLOAD
000005da: SWAP1
000005db: DUP2
000005dc: SWAP1
000005dd: SUB
000005de: PUSH1 0x20
000005e0: ADD
000005e1: SWAP1
000005e2: RETURN
000005e3: JUMPDEST
000005e4: SWAP1
000005e5: POP
000005e6: PUSH2 0x0118
000005e9: JUMP
000005ea: JUMPDEST
000005eb: PUSH2 0x05f2
000005ee: PUSH2 0x011f
000005f1: JUMP
000005f2: JUMPDEST
000005f3: PUSH2 0x03a4
000005f6: JUMP
000005f7: JUMPDEST
000005f8: SWAP1
000005f9: POP
000005fa: JUMPDEST
000005fb: SWAP2
000005fc: SWAP1
000005fd: POP
000005fe: JUMP
000005ff: JUMPDEST
00000600: SWAP5
00000601: SWAP4
00000602: POP
00000603: POP
00000604: POP
00000605: POP
00000606: JUMP
00000607: JUMPDEST
00000608: PUSH2 0x060f
0000060b: PUSH2 0x011f
0000060e: JUMP
0000060f: JUMPDEST
00000610: PUSH2 0x02d0
00000613: JUMP
00000614: JUMPDEST
00000615: SWAP6
00000616: SWAP5
00000617: POP
00000618: POP
00000619: POP
0000061a: POP
0000061b: POP
0000061c: JUMP
0000061d: JUMPDEST
0000061e: SWAP7
0000061f: SWAP6
00000620: POP
00000621: POP
00000622: POP
00000623: POP
00000624: POP
00000625: POP
00000626: JUMP
00000627: JUMPDEST
00000628: SWAP8
00000629: SWAP7
0000062a: POP
0000062b: POP
0000062c: POP
0000062d: POP
0000062e: POP
0000062f: POP
00000630: POP
00000631: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x495331c48c638d5149047c1bb834c8ad8496f4130ebbc76cd0a9316044651b3e
call_targets: 0x39f631bf138b5eb33e96459f4241e93e13659114, 0xac0500b26e61a8b26700289d9cd326adbc17be0e, 0xe109ecb193841af9da3110c80fdd365d1c23be2a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x495331c48c638d5149047c1bb834c8ad8496f4130ebbc76cd0a9316044651b3e",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x39f631bf138b5eb33e96459f4241e93e13659114",
        "0xac0500b26e61a8b26700289d9cd326adbc17be0e",
        "0xe109ecb193841af9da3110c80fdd365d1c23be2a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x01991313",
            "selector": "0x01991313",
            "calldata_variants": [
                "0x01991313",
                "0x019913130000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x049ae734",
            "selector": "0x049ae734",
            "calldata_variants": [
                "0x049ae734",
                "0x049ae7340000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x08f235ec",
            "selector": "0x08f235ec",
            "calldata_variants": [
                "0x08f235ec",
                "0x08f235ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x21bacf28",
            "selector": "0x21bacf28",
            "calldata_variants": [
                "0x21bacf28",
                "0x21bacf280000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x480b70bd",
            "selector": "0x480b70bd",
            "calldata_variants": [
                "0x480b70bd",
                "0x480b70bd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x48107843",
            "selector": "0x48107843",
            "calldata_variants": [
                "0x48107843",
                "0x481078430000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x523ccfa8",
            "selector": "0x523ccfa8",
            "calldata_variants": [
                "0x523ccfa8",
                "0x523ccfa80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6822abae",
            "selector": "0x6822abae",
            "calldata_variants": [
                "0x6822abae",
                "0x6822abae0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 457,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 599,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 898,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 8,
    "guards_detected": [],
    "untrusted_call_count": 8
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x495331c48c638d5149047c1bb834c8ad8496f4130ebbc76cd0a9316044651b3e
call_targets: 0x39f631bf138b5eb33e96459f4241e93e13659114, 0xac0500b26e61a8b26700289d9cd326adbc17be0e, 0xe109ecb193841af9da3110c80fdd365d1c23be2a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x495331c48c638d5149047c1bb834c8ad8496f4130ebbc76cd0a9316044651b3e",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x39f631bf138b5eb33e96459f4241e93e13659114",
        "0xac0500b26e61a8b26700289d9cd326adbc17be0e",
        "0xe109ecb193841af9da3110c80fdd365d1c23be2a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x01991313",
            "selector": "0x01991313",
            "calldata_variants": [
                "0x01991313",
                "0x019913130000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x049ae734",
            "selector": "0x049ae734",
            "calldata_variants": [
                "0x049ae734",
                "0x049ae7340000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x08f235ec",
            "selector": "0x08f235ec",
            "calldata_variants": [
                "0x08f235ec",
                "0x08f235ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x21bacf28",
            "selector": "0x21bacf28",
            "calldata_variants": [
                "0x21bacf28",
                "0x21bacf280000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x480b70bd",
            "selector": "0x480b70bd",
            "calldata_variants": [
                "0x480b70bd",
                "0x480b70bd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x48107843",
            "selector": "0x48107843",
            "calldata_variants": [
                "0x48107843",
                "0x481078430000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x523ccfa8",
            "selector": "0x523ccfa8",
            "calldata_variants": [
                "0x523ccfa8",
                "0x523ccfa80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6822abae",
            "selector": "0x6822abae",
            "calldata_variants": [
                "0x6822abae",
                "0x6822abae0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 457,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 599,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 898,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 8,
    "guards_detected": []
}