TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-299d-713b-a0cc-aee05d7f3378

complete
Chain ID
1
Address
0xcc2ee7b5eee0d247afed2319202d51907be0bd4e
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
1455 artifact.fetch complete 1 / 3 3 months ago
1456 tool.cast_disasm complete 1 / 3 3 months ago
78759 analysis.bundle complete 1 / 3 1 week ago
78760 capability.graph complete 1 / 3 1 week ago
78761 detector.run complete 1 / 3 1 week ago
78762 validation.fork complete 1 / 3 1 week ago
113587 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-xp1ql62q
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c98-3743-7603-85f6-1ad04acd8379
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:42:54.389982+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2452,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
0
Total opcodes
786
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x06fdde03
0000002e: EQ
0000002f: PUSH2 0x0065
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x313ce567
00000039: EQ
0000003a: PUSH2 0x00e0
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x70a08231
00000044: EQ
00000045: PUSH2 0x0106
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0x95d89b41
0000004f: EQ
00000050: PUSH2 0x0132
00000053: JUMPI
00000054: DUP1
00000055: PUSH4 0xa9059cbb
0000005a: EQ
0000005b: PUSH2 0x01ad
0000005e: JUMPI
0000005f: PUSH2 0x0063
00000062: JUMP
00000063: JUMPDEST
00000064: STOP
00000065: JUMPDEST
00000066: PUSH2 0x0072
00000069: PUSH1 0x04
0000006b: DUP1
0000006c: POP
0000006d: POP
0000006e: PUSH2 0x01ce
00000071: JUMP
00000072: JUMPDEST
00000073: PUSH1 0x40
00000075: MLOAD
00000076: DUP1
00000077: DUP1
00000078: PUSH1 0x20
0000007a: ADD
0000007b: DUP3
0000007c: DUP2
0000007d: SUB
0000007e: DUP3
0000007f: MSTORE
00000080: DUP4
00000081: DUP2
00000082: DUP2
00000083: MLOAD
00000084: DUP2
00000085: MSTORE
00000086: PUSH1 0x20
00000088: ADD
00000089: SWAP2
0000008a: POP
0000008b: DUP1
0000008c: MLOAD
0000008d: SWAP1
0000008e: PUSH1 0x20
00000090: ADD
00000091: SWAP1
00000092: DUP1
00000093: DUP4
00000094: DUP4
00000095: DUP3
00000096: SWAP1
00000097: PUSH1 0x00
00000099: PUSH1 0x04
0000009b: PUSH1 0x20
0000009d: DUP5
0000009e: PUSH1 0x1f
000000a0: ADD
000000a1: DIV
000000a2: PUSH1 0x0f
000000a4: MUL
000000a5: PUSH1 0x03
000000a7: ADD
000000a8: CALL
000000a9: POP
000000aa: SWAP1
000000ab: POP
000000ac: SWAP1
000000ad: DUP2
000000ae: ADD
000000af: SWAP1
000000b0: PUSH1 0x1f
000000b2: AND
000000b3: DUP1
000000b4: ISZERO
000000b5: PUSH2 0x00d2
000000b8: JUMPI
000000b9: DUP1
000000ba: DUP3
000000bb: SUB
000000bc: DUP1
000000bd: MLOAD
000000be: PUSH1 0x01
000000c0: DUP4
000000c1: PUSH1 0x20
000000c3: SUB
000000c4: PUSH2 0x0100
000000c7: EXP
000000c8: SUB
000000c9: NOT
000000ca: AND
000000cb: DUP2
000000cc: MSTORE
000000cd: PUSH1 0x20
000000cf: ADD
000000d0: SWAP2
000000d1: POP
000000d2: JUMPDEST
000000d3: POP
000000d4: SWAP3
000000d5: POP
000000d6: POP
000000d7: POP
000000d8: PUSH1 0x40
000000da: MLOAD
000000db: DUP1
000000dc: SWAP2
000000dd: SUB
000000de: SWAP1
000000df: RETURN
000000e0: JUMPDEST
000000e1: PUSH2 0x00ed
000000e4: PUSH1 0x04
000000e6: DUP1
000000e7: POP
000000e8: POP
000000e9: PUSH2 0x0310
000000ec: JUMP
000000ed: JUMPDEST
000000ee: PUSH1 0x40
000000f0: MLOAD
000000f1: DUP1
000000f2: DUP3
000000f3: PUSH1 0xff
000000f5: AND
000000f6: DUP2
000000f7: MSTORE
000000f8: PUSH1 0x20
000000fa: ADD
000000fb: SWAP2
000000fc: POP
000000fd: POP
000000fe: PUSH1 0x40
00000100: MLOAD
00000101: DUP1
00000102: SWAP2
00000103: SUB
00000104: SWAP1
00000105: RETURN
00000106: JUMPDEST
00000107: PUSH2 0x011c
0000010a: PUSH1 0x04
0000010c: DUP1
0000010d: DUP1
0000010e: CALLDATALOAD
0000010f: SWAP1
00000110: PUSH1 0x20
00000112: ADD
00000113: SWAP1
00000114: SWAP2
00000115: SWAP1
00000116: POP
00000117: POP
00000118: PUSH2 0x0323
0000011b: JUMP
0000011c: JUMPDEST
0000011d: PUSH1 0x40
0000011f: MLOAD
00000120: DUP1
00000121: DUP3
00000122: DUP2
00000123: MSTORE
00000124: PUSH1 0x20
00000126: ADD
00000127: SWAP2
00000128: POP
00000129: POP
0000012a: PUSH1 0x40
0000012c: MLOAD
0000012d: DUP1
0000012e: SWAP2
0000012f: SUB
00000130: SWAP1
00000131: RETURN
00000132: JUMPDEST
00000133: PUSH2 0x013f
00000136: PUSH1 0x04
00000138: DUP1
00000139: POP
0000013a: POP
0000013b: PUSH2 0x026f
0000013e: JUMP
0000013f: JUMPDEST
00000140: PUSH1 0x40
00000142: MLOAD
00000143: DUP1
00000144: DUP1
00000145: PUSH1 0x20
00000147: ADD
00000148: DUP3
00000149: DUP2
0000014a: SUB
0000014b: DUP3
0000014c: MSTORE
0000014d: DUP4
0000014e: DUP2
0000014f: DUP2
00000150: MLOAD
00000151: DUP2
00000152: MSTORE
00000153: PUSH1 0x20
00000155: ADD
00000156: SWAP2
00000157: POP
00000158: DUP1
00000159: MLOAD
0000015a: SWAP1
0000015b: PUSH1 0x20
0000015d: ADD
0000015e: SWAP1
0000015f: DUP1
00000160: DUP4
00000161: DUP4
00000162: DUP3
00000163: SWAP1
00000164: PUSH1 0x00
00000166: PUSH1 0x04
00000168: PUSH1 0x20
0000016a: DUP5
0000016b: PUSH1 0x1f
0000016d: ADD
0000016e: DIV
0000016f: PUSH1 0x0f
00000171: MUL
00000172: PUSH1 0x03
00000174: ADD
00000175: CALL
00000176: POP
00000177: SWAP1
00000178: POP
00000179: SWAP1
0000017a: DUP2
0000017b: ADD
0000017c: SWAP1
0000017d: PUSH1 0x1f
0000017f: AND
00000180: DUP1
00000181: ISZERO
00000182: PUSH2 0x019f
00000185: JUMPI
00000186: DUP1
00000187: DUP3
00000188: SUB
00000189: DUP1
0000018a: MLOAD
0000018b: PUSH1 0x01
0000018d: DUP4
0000018e: PUSH1 0x20
00000190: SUB
00000191: PUSH2 0x0100
00000194: EXP
00000195: SUB
00000196: NOT
00000197: AND
00000198: DUP2
00000199: MSTORE
0000019a: PUSH1 0x20
0000019c: ADD
0000019d: SWAP2
0000019e: POP
0000019f: JUMPDEST
000001a0: POP
000001a1: SWAP3
000001a2: POP
000001a3: POP
000001a4: POP
000001a5: PUSH1 0x40
000001a7: MLOAD
000001a8: DUP1
000001a9: SWAP2
000001aa: SUB
000001ab: SWAP1
000001ac: RETURN
000001ad: JUMPDEST
000001ae: PUSH2 0x01cc
000001b1: PUSH1 0x04
000001b3: DUP1
000001b4: DUP1
000001b5: CALLDATALOAD
000001b6: SWAP1
000001b7: PUSH1 0x20
000001b9: ADD
000001ba: SWAP1
000001bb: SWAP2
000001bc: SWAP1
000001bd: DUP1
000001be: CALLDATALOAD
000001bf: SWAP1
000001c0: PUSH1 0x20
000001c2: ADD
000001c3: SWAP1
000001c4: SWAP2
000001c5: SWAP1
000001c6: POP
000001c7: POP
000001c8: PUSH2 0x033e
000001cb: JUMP
000001cc: JUMPDEST
000001cd: STOP
000001ce: JUMPDEST
000001cf: PUSH1 0x00
000001d1: PUSH1 0x00
000001d3: POP
000001d4: DUP1
000001d5: SLOAD
000001d6: PUSH1 0x01
000001d8: DUP2
000001d9: PUSH1 0x01
000001db: AND
000001dc: ISZERO
000001dd: PUSH2 0x0100
000001e0: MUL
000001e1: SUB
000001e2: AND
000001e3: PUSH1 0x02
000001e5: SWAP1
000001e6: DIV
000001e7: DUP1
000001e8: PUSH1 0x1f
000001ea: ADD
000001eb: PUSH1 0x20
000001ed: DUP1
000001ee: SWAP2
000001ef: DIV
000001f0: MUL
000001f1: PUSH1 0x20
000001f3: ADD
000001f4: PUSH1 0x40
000001f6: MLOAD
000001f7: SWAP1
000001f8: DUP2
000001f9: ADD
000001fa: PUSH1 0x40
000001fc: MSTORE
000001fd: DUP1
000001fe: SWAP3
000001ff: SWAP2
00000200: SWAP1
00000201: DUP2
00000202: DUP2
00000203: MSTORE
00000204: PUSH1 0x20
00000206: ADD
00000207: DUP3
00000208: DUP1
00000209: SLOAD
0000020a: PUSH1 0x01
0000020c: DUP2
0000020d: PUSH1 0x01
0000020f: AND
00000210: ISZERO
00000211: PUSH2 0x0100
00000214: MUL
00000215: SUB
00000216: AND
00000217: PUSH1 0x02
00000219: SWAP1
0000021a: DIV
0000021b: DUP1
0000021c: ISZERO
0000021d: PUSH2 0x0267
00000220: JUMPI
00000221: DUP1
00000222: PUSH1 0x1f
00000224: LT
00000225: PUSH2 0x023c
00000228: JUMPI
00000229: PUSH2 0x0100
0000022c: DUP1
0000022d: DUP4
0000022e: SLOAD
0000022f: DIV
00000230: MUL
00000231: DUP4
00000232: MSTORE
00000233: SWAP2
00000234: PUSH1 0x20
00000236: ADD
00000237: SWAP2
00000238: PUSH2 0x0267
0000023b: JUMP
0000023c: JUMPDEST
0000023d: DUP3
0000023e: ADD
0000023f: SWAP2
00000240: SWAP1
00000241: PUSH1 0x00
00000243: MSTORE
00000244: PUSH1 0x20
00000246: PUSH1 0x00
00000248: KECCAK256
00000249: SWAP1
0000024a: JUMPDEST
0000024b: DUP2
0000024c: SLOAD
0000024d: DUP2
0000024e: MSTORE
0000024f: SWAP1
00000250: PUSH1 0x01
00000252: ADD
00000253: SWAP1
00000254: PUSH1 0x20
00000256: ADD
00000257: DUP1
00000258: DUP4
00000259: GT
0000025a: PUSH2 0x024a
0000025d: JUMPI
0000025e: DUP3
0000025f: SWAP1
00000260: SUB
00000261: PUSH1 0x1f
00000263: AND
00000264: DUP3
00000265: ADD
00000266: SWAP2
00000267: JUMPDEST
00000268: POP
00000269: POP
0000026a: POP
0000026b: POP
0000026c: POP
0000026d: DUP2
0000026e: JUMP
0000026f: JUMPDEST
00000270: PUSH1 0x01
00000272: PUSH1 0x00
00000274: POP
00000275: DUP1
00000276: SLOAD
00000277: PUSH1 0x01
00000279: DUP2
0000027a: PUSH1 0x01
0000027c: AND
0000027d: ISZERO
0000027e: PUSH2 0x0100
00000281: MUL
00000282: SUB
00000283: AND
00000284: PUSH1 0x02
00000286: SWAP1
00000287: DIV
00000288: DUP1
00000289: PUSH1 0x1f
0000028b: ADD
0000028c: PUSH1 0x20
0000028e: DUP1
0000028f: SWAP2
00000290: DIV
00000291: MUL
00000292: PUSH1 0x20
00000294: ADD
00000295: PUSH1 0x40
00000297: MLOAD
00000298: SWAP1
00000299: DUP2
0000029a: ADD
0000029b: PUSH1 0x40
0000029d: MSTORE
0000029e: DUP1
0000029f: SWAP3
000002a0: SWAP2
000002a1: SWAP1
000002a2: DUP2
000002a3: DUP2
000002a4: MSTORE
000002a5: PUSH1 0x20
000002a7: ADD
000002a8: DUP3
000002a9: DUP1
000002aa: SLOAD
000002ab: PUSH1 0x01
000002ad: DUP2
000002ae: PUSH1 0x01
000002b0: AND
000002b1: ISZERO
000002b2: PUSH2 0x0100
000002b5: MUL
000002b6: SUB
000002b7: AND
000002b8: PUSH1 0x02
000002ba: SWAP1
000002bb: DIV
000002bc: DUP1
000002bd: ISZERO
000002be: PUSH2 0x0308
000002c1: JUMPI
000002c2: DUP1
000002c3: PUSH1 0x1f
000002c5: LT
000002c6: PUSH2 0x02dd
000002c9: JUMPI
000002ca: PUSH2 0x0100
000002cd: DUP1
000002ce: DUP4
000002cf: SLOAD
000002d0: DIV
000002d1: MUL
000002d2: DUP4
000002d3: MSTORE
000002d4: SWAP2
000002d5: PUSH1 0x20
000002d7: ADD
000002d8: SWAP2
000002d9: PUSH2 0x0308
000002dc: JUMP
000002dd: JUMPDEST
000002de: DUP3
000002df: ADD
000002e0: SWAP2
000002e1: SWAP1
000002e2: PUSH1 0x00
000002e4: MSTORE
000002e5: PUSH1 0x20
000002e7: PUSH1 0x00
000002e9: KECCAK256
000002ea: SWAP1
000002eb: JUMPDEST
000002ec: DUP2
000002ed: SLOAD
000002ee: DUP2
000002ef: MSTORE
000002f0: SWAP1
000002f1: PUSH1 0x01
000002f3: ADD
000002f4: SWAP1
000002f5: PUSH1 0x20
000002f7: ADD
000002f8: DUP1
000002f9: DUP4
000002fa: GT
000002fb: PUSH2 0x02eb
000002fe: JUMPI
000002ff: DUP3
00000300: SWAP1
00000301: SUB
00000302: PUSH1 0x1f
00000304: AND
00000305: DUP3
00000306: ADD
00000307: SWAP2
00000308: JUMPDEST
00000309: POP
0000030a: POP
0000030b: POP
0000030c: POP
0000030d: POP
0000030e: DUP2
0000030f: JUMP
00000310: JUMPDEST
00000311: PUSH1 0x02
00000313: PUSH1 0x00
00000315: SWAP1
00000316: SLOAD
00000317: SWAP1
00000318: PUSH2 0x0100
0000031b: EXP
0000031c: SWAP1
0000031d: DIV
0000031e: PUSH1 0xff
00000320: AND
00000321: DUP2
00000322: JUMP
00000323: JUMPDEST
00000324: PUSH1 0x03
00000326: PUSH1 0x00
00000328: POP
00000329: PUSH1 0x20
0000032b: MSTORE
0000032c: DUP1
0000032d: PUSH1 0x00
0000032f: MSTORE
00000330: PUSH1 0x40
00000332: PUSH1 0x00
00000334: KECCAK256
00000335: PUSH1 0x00
00000337: SWAP2
00000338: POP
00000339: SWAP1
0000033a: POP
0000033b: SLOAD
0000033c: DUP2
0000033d: JUMP
0000033e: JUMPDEST
0000033f: DUP1
00000340: PUSH1 0x03
00000342: PUSH1 0x00
00000344: POP
00000345: PUSH1 0x00
00000347: CALLER
00000348: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000035d: AND
0000035e: DUP2
0000035f: MSTORE
00000360: PUSH1 0x20
00000362: ADD
00000363: SWAP1
00000364: DUP2
00000365: MSTORE
00000366: PUSH1 0x20
00000368: ADD
00000369: PUSH1 0x00
0000036b: KECCAK256
0000036c: PUSH1 0x00
0000036e: POP
0000036f: SLOAD
00000370: LT
00000371: ISZERO
00000372: PUSH2 0x037a
00000375: JUMPI
00000376: PUSH2 0x0002
00000379: JUMP
0000037a: JUMPDEST
0000037b: PUSH1 0x03
0000037d: PUSH1 0x00
0000037f: POP
00000380: PUSH1 0x00
00000382: DUP4
00000383: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000398: AND
00000399: DUP2
0000039a: MSTORE
0000039b: PUSH1 0x20
0000039d: ADD
0000039e: SWAP1
0000039f: DUP2
000003a0: MSTORE
000003a1: PUSH1 0x20
000003a3: ADD
000003a4: PUSH1 0x00
000003a6: KECCAK256
000003a7: PUSH1 0x00
000003a9: POP
000003aa: SLOAD
000003ab: DUP2
000003ac: PUSH1 0x03
000003ae: PUSH1 0x00
000003b0: POP
000003b1: PUSH1 0x00
000003b3: DUP6
000003b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003c9: AND
000003ca: DUP2
000003cb: MSTORE
000003cc: PUSH1 0x20
000003ce: ADD
000003cf: SWAP1
000003d0: DUP2
000003d1: MSTORE
000003d2: PUSH1 0x20
000003d4: ADD
000003d5: PUSH1 0x00
000003d7: KECCAK256
000003d8: PUSH1 0x00
000003da: POP
000003db: SLOAD
000003dc: ADD
000003dd: LT
000003de: ISZERO
000003df: PUSH2 0x03e7
000003e2: JUMPI
000003e3: PUSH2 0x0002
000003e6: JUMP
000003e7: JUMPDEST
000003e8: DUP1
000003e9: PUSH1 0x03
000003eb: PUSH1 0x00
000003ed: POP
000003ee: PUSH1 0x00
000003f0: CALLER
000003f1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000406: AND
00000407: DUP2
00000408: MSTORE
00000409: PUSH1 0x20
0000040b: ADD
0000040c: SWAP1
0000040d: DUP2
0000040e: MSTORE
0000040f: PUSH1 0x20
00000411: ADD
00000412: PUSH1 0x00
00000414: KECCAK256
00000415: PUSH1 0x00
00000417: DUP3
00000418: DUP3
00000419: DUP3
0000041a: POP
0000041b: SLOAD
0000041c: SUB
0000041d: SWAP3
0000041e: POP
0000041f: POP
00000420: DUP2
00000421: SWAP1
00000422: SSTORE
00000423: POP
00000424: DUP1
00000425: PUSH1 0x03
00000427: PUSH1 0x00
00000429: POP
0000042a: PUSH1 0x00
0000042c: DUP5
0000042d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000442: AND
00000443: DUP2
00000444: MSTORE
00000445: PUSH1 0x20
00000447: ADD
00000448: SWAP1
00000449: DUP2
0000044a: MSTORE
0000044b: PUSH1 0x20
0000044d: ADD
0000044e: PUSH1 0x00
00000450: KECCAK256
00000451: PUSH1 0x00
00000453: DUP3
00000454: DUP3
00000455: DUP3
00000456: POP
00000457: SLOAD
00000458: ADD
00000459: SWAP3
0000045a: POP
0000045b: POP
0000045c: DUP2
0000045d: SWAP1
0000045e: SSTORE
0000045f: POP
00000460: DUP2
00000461: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000476: AND
00000477: CALLER
00000478: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000048d: AND
0000048e: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000004af: DUP4
000004b0: PUSH1 0x40
000004b2: MLOAD
000004b3: DUP1
000004b4: DUP3
000004b5: DUP2
000004b6: MSTORE
000004b7: PUSH1 0x20
000004b9: ADD
000004ba: SWAP2
000004bb: POP
000004bc: POP
000004bd: PUSH1 0x40
000004bf: MLOAD
000004c0: DUP1
000004c1: SWAP2
000004c2: SUB
000004c3: SWAP1
000004c4: LOG3
000004c5: JUMPDEST
000004c6: POP
000004c7: POP
000004c8: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x7dec40026aa159a8932c0853f5b7f58807dd16e0de633b0c7a967a6e1a6c9752
call_targets: 0x0000000000000000000000000000000000000004, 0xcc2ee7b5eee0d247afed2319202d51907be0bd4e
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x7dec40026aa159a8932c0853f5b7f58807dd16e0de633b0c7a967a6e1a6c9752",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xcc2ee7b5eee0d247afed2319202d51907be0bd4e"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x95d89b41",
            "selector": "0x95d89b41",
            "calldata_variants": [
                "0x95d89b41",
                "0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa9059cbb",
            "selector": "0xa9059cbb",
            "calldata_variants": [
                "0xa9059cbb",
                "0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 168,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 373,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x7dec40026aa159a8932c0853f5b7f58807dd16e0de633b0c7a967a6e1a6c9752
call_targets: 0x0000000000000000000000000000000000000004, 0xcc2ee7b5eee0d247afed2319202d51907be0bd4e
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x7dec40026aa159a8932c0853f5b7f58807dd16e0de633b0c7a967a6e1a6c9752",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xcc2ee7b5eee0d247afed2319202d51907be0bd4e"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x95d89b41",
            "selector": "0x95d89b41",
            "calldata_variants": [
                "0x95d89b41",
                "0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa9059cbb",
            "selector": "0xa9059cbb",
            "calldata_variants": [
                "0xa9059cbb",
                "0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 168,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 373,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}