019b3836-2d4e-71c3-b3f0-32d5e191cec7
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 2075 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 2076 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 45268 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 45269 | capability.graph | complete | 1 / 3 | 1 week ago |
| 45270 | detector.run | complete | 1 / 3 | 1 week ago |
| 45271 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113241 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":true,"summary":"Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode as a bytecode-only, token-like contract with likely selectors `0x06fdde03/0x95d89b41/0x313ce567/0x70a08231/0xa9059cbb` (`name/symbol/decimals/balanceOf/transfer`, best-effort only). I did not find meaningful evidence of reentrancy, privileged admin paths, upgradeability/proxy behavior, signature-validation logic, or dangerous `DELEGATECALL`. The detector-reported `CALL` at `pc:0x188` is most consistent with an old-Solidity dynamic string/bytes return helper, likely involving the identity precompile `0x04`, rather than an untrusted external call in the token transfer path; the `transfer` path appears to do balance checks and `SSTORE` updates without an external interaction. Uncertainty remains because this is runtime-bytecode-only analysis and selector/returndata inference is heuristic.","findings":[]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-fxarz37l
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5b84-0d80-75a2-b19c-801be6dfddbb
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-fxarz37l
succeeded in 0ms:
/tmp/codex-fxarz37l
exec
/bin/bash -lc 'rg --files' in /tmp/codex-fxarz37l
succeeded in 0ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x82e960e4a224cc9825135881feebfa224605cf3c",
"artifact_hash": "0x6837c46bf74b1e53cbda8c75cdac4a2af785b3b0e5a3ee41bbda5eabd02513f3",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 25
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 36
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 47
},
{
"end_pc": 68,
"hash": "0x3a122683470ea7901e31e80e6378780a829a06da64b04e691b5d5c5621392507",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 58
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 69
},
{
"end_pc": 136,
"hash": "0xec67f3874a81e276f4497a4f9168afd2521b3b861d4cc15c8da4a0556656b752",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 71
},
{
"end_pc": 144,
"hash": "0x38fe7e3cebe2dd28488c693680c8c0a0a5a5585741c1ccbdb984bb79acc2d6d5",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 137
},
{
"end_pc": 163,
"hash": "0x39d82d062f67a4ee303cb8ba95f6d709cb38320623002519adc99ca3f1c5bac0",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 145
},
{
"end_pc": 175,
"hash": "0x938aee19a0e1094c19b5a9528f839968d51c237564158e673ab6899436584f6e",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 164
},
{
"end_pc": 199,
"hash": "0x7b0565c261db3d55c39f20ac0ee4d4710d6951f51b6844e361a4647909dcfc38",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 176
},
{
"end_pc": 263,
"hash": "0x2dd3321e3d3cee3d8772c60a1b65a39fac69bc39f743fc4373df122a940b48c8",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_85",
"OP_87",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_93",
"AND",
"OP_92",
"OP_90",
"OP_92",
"DIV",
"OP_91",
"OP_82",
"ADD",
"OP_81",
"OP_90",
"DIV",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 200
},
{
"end_pc": 271,
"hash": "0xf48897fe83e8a1c08c2d0a4c53c8e3efbe26a20090e2685c70de180198db9cd6",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 264
},
{
"end_pc": 290,
"hash": "0x104a032d4fc7353fcb25eead7bbb8424937000b97270e2a1e39430f6e1787b82",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 272
},
{
"end_pc": 333,
"hash": "0x3701c3a8e82a5d4ddfedacd82f061822678b81cd9b3e04365c3d36dbf3fdbf1e",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 291
},
{
"end_pc": 337,
"hash": "0x5ebda49c75a90269902080f51db6f1c7b1af883a7fd6baf1d61b81a8b96dcdca",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 334
},
{
"end_pc": 408,
"hash": "0x8260bcfbd4c1d49f77b482640c6297cd133661f3ada7f52d07e1835f240b06d3",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 338
},
{
"end_pc": 433,
"hash": "0xc0a703c2254334f9171c8126ae06fea5cf289341f4c19c890fa2f6b928c400e4",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 409
},
{
"end_pc": 447,
"hash": "0xbbf38bd955ec6188d491c8a752950f390e38b6a9203b6891438ecf3d66b81c51",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 434
},
{
"end_pc": 457,
"hash": "0xe40870dc717cbfdedea9fbb4d2473ca373d3dd88734eda3a8e7ff7e0a08a80de",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 448
},
{
"end_pc": 487,
"hash": "0x418b0fde511679c511110cd65c959067f3759b652c05b9b5da7482388254699e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 458
},
{
"end_pc": 491,
"hash": "0x8f4bf7636b663e8793c58303ec18606236d677f96f3ca2e04c131b00709b1be1",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 488
},
{
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
"end_pc": 664,
"hash": "0xc9d850040a439217133da6682d76ee8c6d05277a847fb1bb17bd89529d66c1b9",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 492
},
{
"end_pc": 678,
"hash": "0x4ebd3e4182c294e7e0cfcee32fa54a9c518a3bf7316c128ec5f3adae1aea52d7",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 665
},
{
"end_pc": 698,
"hash": "0xdbd538713982294e8d700fcb95e735f41532da59590c25f6e1bcf58812962b6c",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 679
},
{
"end_pc": 707,
"hash": "0x3d326e1ae9b5522da4b7bc7795b735c25eed77ef0d3716ee451b8ba034d2046e",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 699
},
{
"end_pc": 715,
"hash": "0x0fbc397827201e77529cd13bfad147697e40ac8cbd7c51e40d923a2dd215bc23",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 708
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
{
"from": "bb:137",
"to": "bb:665",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:264",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:665",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:272",
"type": "control_flow_fallthrough"
},
{
"from": "bb:272",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:458",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:334",
"type": "control_flow_fallthrough"
},
{
"from": "bb:338",
"to": "bb:434",
"type": "control_flow"
},
{
"from": "bb:338",
"to": "bb:409",
"type": "control_flow_fallthrough"
},
{
"from": "bb:409",
"to": "bb:434",
"type": "control_flow_fallthrough"
},
{
"from": "bb:458",
"to": "bb:492",
"type": "control_flow"
},
{
"from": "bb:458",
"to": "bb:488",
"type": "control_flow_fallthrough"
},
{
"from": "bb:665",
"to": "bb:679",
"type": "control_flow_fallthrough"
},
{
"from": "bb:679",
"to": "bb:679",
"type": "control_flow"
},
{
"from": "bb:679",
"to": "bb:699",
"type": "control_flow_fallthrough"
},
{
"from": "bb:699",
"to": "bb:708",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x9f9735ff66419befa29233eb6b7e13ccacc4f4ad1c403d3dc88dbe6939924b6d",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
],
"selectors": [
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x2d0d94bc8df800def9388324c0e757f6698e1ac7cb0759d76291296932c88a18",
"created_at": "2026-04-04T19:53:11.000000Z",
"id": 1975,
"updated_at": "2026-04-04T19:53:11.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x82e960e4a224cc9825135881feebfa224605cf3c",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:53.000000Z",
"id": "019b3836-2d4e-71c3-b3f0-32d5e191cec7",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:53:11.000000Z"
},
"artifact": {
"codehash": "0x2d0d94bc8df800def9388324c0e757f6698e1ac7cb0759d76291296932c88a18",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61015260008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102c45780601f10610299576101008083540402835291602001916102c4565b6101c060025460ff1681565b6101c060043560036020526000908152604090205481565b610152600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102c45780601f10610299576101008083540402835291602001916102c4565b610045600435602435600160a060020a033316600090815260036020526040902054819010156101ca57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101b25780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b600160a060020a0382166000908152604090205480820110156101ec57610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b820191906000526020600020905b8154815290600101906020018083116102a757829003601f168201915b50505050508156",
"head": null,
"length": 1434,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x82e960e4a224cc9825135881feebfa224605cf3c",
"block_number": null,
"chain_id": 1,
"codehash": "0x2d0d94bc8df800def9388324c0e757f6698e1ac7cb0759d76291296932c88a18",
"created_at": "2026-04-04T19:53:11.000000Z",
"graph_hash": "0x0d5a018eb2c8f4c399af48c44d6f56fb7ee6742d663fdfebd8b747e191439b42",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:665",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:708",
"type": "control_flow"
},
{
"from": "bb:200",
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|slot|proxy|delegatecall|callsite|selector|transfer|approve|owner|permit|nonces|upgrade|reentr|unchecked' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
711: "callsites": [
878: "dispatcher_type": "selector_jump_table",
882: "selector": "0x06fdde03"
886: "selector": "0x313ce567"
890: "selector": "0x70a08231"
894: "selector": "0x95d89b41"
898: "selector": "0xa9059cbb"
907: "selector": "0x06fdde03",
910: "delegatecall": 0,
916: "slots": [
920: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
925: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
930: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
935: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
940: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
951: "selector": "0x313ce567",
954: "delegatecall": 0,
960: "slots": [
964: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
969: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
974: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
979: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
984: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
995: "selector": "0x70a08231",
998: "delegatecall": 0,
1004: "slots": [
1008: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
1013: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1018: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
1023: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
1028: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1039: "selector": "0x95d89b41",
1042: "delegatecall": 0,
1048: "slots": [
1052: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
1057: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1062: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
1067: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
1072: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1083: "selector": "0xa9059cbb",
1086: "delegatecall": 0,
1092: "slots": [
1096: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
1101: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1106: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
1111: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
1116: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1123: "selectors": [
1134: "delegatecall": 0,
1137: "upgrade_slot_write_suspected": false
1142: "slots": [
1146: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
1151: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1156: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
1161: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
1166: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1200: "is_proxy": false,
1594: "type": "callsite"
1603: "selector": "0x06fdde03",
1609: "selector": "0x313ce567",
1615: "selector": "0x70a08231",
1621: "selector": "0x95d89b41",
1627: "selector": "0xa9059cbb",
1637: "detector_findings": [
1640: "evidence_json": {
1679: "evidence_json": {
1697: "title": "ETH value transfer possible",
1719: "delegatecall_count": 0,
exec
/bin/bash -lc 'wc -l BYTECODE_BUNDLE.json' in /tmp/codex-fxarz37l
succeeded in 0ms:
1722 BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1560,1722p' BYTECODE_BUNDLE.json" in /tmp/codex-fxarz37l
succeeded in 0ms:
"type": "basic_block"
},
{
"end_pc": 678,
"hash": "0x4ebd3e4182c294e7e0cfcee32fa54a9c518a3bf7316c128ec5f3adae1aea52d7",
"id": "bb:665",
"start_pc": 665,
"type": "basic_block"
},
{
"end_pc": 698,
"hash": "0xdbd538713982294e8d700fcb95e735f41532da59590c25f6e1bcf58812962b6c",
"id": "bb:679",
"start_pc": 679,
"type": "basic_block"
},
{
"end_pc": 707,
"hash": "0x3d326e1ae9b5522da4b7bc7795b735c25eed77ef0d3716ee451b8ba034d2046e",
"id": "bb:699",
"start_pc": 699,
"type": "basic_block"
},
{
"end_pc": 715,
"hash": "0x0fbc397827201e77529cd13bfad147697e40ac8cbd7c51e40d923a2dd215bc23",
"id": "bb:708",
"start_pc": 708,
"type": "basic_block"
},
{
"id": "call:392",
"opcode": "CALL",
"pc": 392,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 1975,
"updated_at": "2026-04-04T19:53:11.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x82e960e4a224cc9825135881feebfa224605cf3c"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x82e960e4a224cc9825135881feebfa224605cf3c"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
exec
/bin/bash -lc "node -e 'const fs=require(\"fs\"); const j=JSON.parse(fs.readFileSync(\"BYTECODE_BUNDLE.json\",\"utf8\")); const code=j.artifact.runtime_bytecode.full.slice(2); const ops={0x00:[\"STOP\",0],0x01:[\"ADD\",0],0x02:[\"MUL\",0],0x03:[\"SUB\",0],0x04:[\"DIV\",0],0x05:[\"SDIV\",0],0x06:[\"MOD\",0],0x07:[\"SMOD\",0],0x08:[\"ADDMOD\",0],0x09:[\"MULMOD\",0],0x0a:[\"EXP\",0],0x0b:[\"SIGNEXTEND\",0],0x10:[\"LT\",0],0x11:[\"GT\",0],0x12:[\"SLT\",0],0x13:[\"SGT\",0],0x14:[\"EQ\",0],0x15:[\"ISZERO\",0],0x16:[\"AND\",0],0x17:[\"OR\",0],0x18:[\"XOR\",0],0x19:[\"NOT\",0],0x1a:[\"BYTE\",0],0x20:[\"SHA3\",0],0x30:[\"ADDRESS\",0],0x31:[\"BALANCE\",0],0x32:[\"ORIGIN\",0],0x33:[\"CALLER\",0],0x34:[\"CALLVALUE\",0],0x35:[\"CALLDATALOAD\",0],0x36:[\"CALLDATASIZE\",0],0x37:[\"CALLDATACOPY\",0],0x38:[\"CODESIZE\",0],0x39:[\"CODECOPY\",0],0x3a:[\"GASPRICE\",0],0x3b:[\"EXTCODESIZE\",0],0x3c:[\"EXTCODECOPY\",0],0x3d:[\"RETURNDATASIZE\",0],0x3e:[\"RETURNDATACOPY\",0],0x40:[\"BLOCKHASH\",0],0x41:[\"COINBASE\",0],0x42:[\"TIMESTAMP\",0],0x43:[\"NUMBER\",0],0x44:[\"DIFFICULTY\",0],0x45:[\"GASLIMIT\",0],0x46:[\"CHAINID\",0],0x47:[\"SELFBALANCE\",0],0x48:[\"BASEFEE\",0],0x50:[\"POP\",0],0x51:[\"MLOAD\",0],0x52:[\"MSTORE\",0],0x53:[\"MSTORE8\",0],0x54:[\"SLOAD\",0],0x55:[\"SSTORE\",0],0x56:[\"JUMP\",0],0x57:[\"JUMPI\",0],0x58:[\"PC\",0],0x59:[\"MSIZE\",0],0x5a:[\"GAS\",0],0x5b:[\"JUMPDEST\",0],0xf0:[\"CREATE\",0],0xf1:[\"CALL\",0],0xf2:[\"CALLCODE\",0],0xf3:[\"RETURN\",0],0xf4:[\"DELEGATECALL\",0],0xf5:[\"CREATE2\",0],0xfa:[\"STATICCALL\",0],0xfd:[\"REVERT\",0],0xfe:[\"INVALID\",0],0xff:[\"SELFDESTRUCT\",0]}; for(let i=0x60;i<=0x7f;i++)ops[i]=[\"PUSH\"+(i-0x5f),i-0x5f]; for(let i=0x80;i<=0x8f;i++)ops[i]=[\"DUP\"+(i-0x7f),0]; for(let i=0x90;i<=0x9f;i++)ops[i]=[\"SWAP\"+(i-0x8f),0]; for(let i=0xa0;i<=0xa4;i++)ops[i]=[\"LOG\"+(i-0xa0),0]; let pc=0; let out=[]; while(pc<code.length/2){ const op=parseInt(code.slice(pc*2,pc*2+2),16); const [name,push]=ops[op]||[\"OP_\"+op.toString(16),0]; let arg=\"\"; if(push){arg='0x'+code.slice(pc*2+2,pc*2+2+push*2);} out.push("'`${pc.toString().padStart(4)} ${name}${arg?` ${arg}`:'"''}"'`); pc+=1+push;} console.log(out.slice(0,220).join("'"\\n\"));'" in /tmp/codex-fxarz37l
exited 1 in 0ms:
[eval]:1
const fs=require("fs"); const j=JSON.parse(fs.readFileSync("BYTECODE_BUNDLE.json","utf8")); const code=j.artifact.runtime_bytecode.full.slice(2); const ops={0x00:["STOP",0],0x01:["ADD",0],0x02:["MUL",0],0x03:["SUB",0],0x04:["DIV",0],0x05:["SDIV",0],0x06:["MOD",0],0x07:["SMOD",0],0x08:["ADDMOD",0],0x09:["MULMOD",0],0x0a:["EXP",0],0x0b:["SIGNEXTEND",0],0x10:["LT",0],0x11:["GT",0],0x12:["SLT",0],0x13:["SGT",0],0x14:["EQ",0],0x15:["ISZERO",0],0x16:["AND",0],0x17:["OR",0],0x18:["XOR",0],0x19:["NOT",0],0x1a:["BYTE",0],0x20:["SHA3",0],0x30:["ADDRESS",0],0x31:["BALANCE",0],0x32:["ORIGIN",0],0x33:["CALLER",0],0x34:["CALLVALUE",0],0x35:["CALLDATALOAD",0],0x36:["CALLDATASIZE",0],0x37:["CALLDATACOPY",0],0x38:["CODESIZE",0],0x39:["CODECOPY",0],0x3a:["GASPRICE",0],0x3b:["EXTCODESIZE",0],0x3c:["EXTCODECOPY",0],0x3d:["RETURNDATASIZE",0],0x3e:["RETURNDATACOPY",0],0x40:["BLOCKHASH",0],0x41:["COINBASE",0],0x42:["TIMESTAMP",0],0x43:["NUMBER",0],0x44:["DIFFICULTY",0],0x45:["GASLIMIT",0],0x46:["CHAINID",0],0x47:["SELFBALANCE",0],0x48:["BASEFEE",0],0x50:["POP",0],0x51:["MLOAD",0],0x52:["MSTORE",0],0x53:["MSTORE8",0],0x54:["SLOAD",0],0x55:["SSTORE",0],0x56:["JUMP",0],0x57:["JUMPI",0],0x58:["PC",0],0x59:["MSIZE",0],0x5a:["GAS",0],0x5b:["JUMPDEST",0],0xf0:["CREATE",0],0xf1:["CALL",0],0xf2:["CALLCODE",0],0xf3:["RETURN",0],0xf4:["DELEGATECALL",0],0xf5:["CREATE2",0],0xfa:["STATICCALL",0],0xfd:["REVERT",0],0xfe:["INVALID",0],0xff:["SELFDESTRUCT",0]}; for(let i=0x60;i<=0x7f;i++)ops[i]=["PUSH"+(i-0x5f),i-0x5f]; for(let i=0x80;i<=0x8f;i++)ops[i]=["DUP"+(i-0x7f),0]; for(let i=0x90;i<=0x9f;i++)ops[i]=["SWAP"+(i-0x8f),0]; for(let i=0xa0;i<=0xa4;i++)ops[i]=["LOG"+(i-0xa0),0]; let pc=0; let out=[]; while(pc<code.length/2){ const op=parseInt(code.slice(pc*2,pc*2+2),16); const [name,push]=ops[op]||["OP_"+op.toString(16),0]; let arg=""; if(push){arg=0x+code.slice(pc*2+2,pc*2+2+push*2);} out.push(`${pc.toString().padStart(4)} ${name}${arg?` ${arg}`:}`); pc+=1+push;} console.log(out.slice(0,220).join("\n"));
SyntaxError: Invalid or unexpected token
at makeContextifyScript (node:internal/vm:185:14)
at node:internal/process/execution:107:22
at [eval]-wrapper:6:24
at runScript (node:internal/process/execution:101:62)
at evalScript (node:internal/process/execution:136:3)
at node:internal/main/eval_string:53:3
Node.js v23.3.0
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code=j.artifact.runtime_bytecode.full.slice(2);
const ops={0x00:['STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x05:['SDIV',0],0x06:['MOD',0],0x07:['SMOD',0],0x08:['ADDMOD',0],0x09:['MULMOD',0],0x0a:['EXP',0],0x0b:['SIGNEXTEND',0],0x10:['LT',0],0x11:['GT',0],0x12:['SLT',0],0x13:['SGT',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x18:['XOR',0],0x19:['NOT',0],0x1a:['BYTE',0],0x20:['SHA3',0],0x30:['ADDRESS',0],0x31:['BALANCE',0],0x32:['ORIGIN',0],0x33:['CALLER',0],0x34:['CALLVALUE',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x38:['CODESIZE',0],0x39:['CODECOPY',0],0x3a:['GASPRICE',0],0x3b:['EXTCODESIZE',0],0x3c:['EXTCODECOPY',0],0x3d:['RETURNDATASIZE',0],0x3e:['RETURNDATACOPY',0],0x40:['BLOCKHASH',0],0x41:['COINBASE',0],0x42:['TIMESTAMP',0],0x43:['NUMBER',0],0x44:['DIFFICULTY',0],0x45:['GASLIMIT',0],0x46:['CHAINID',0],0x47:['SELFBALANCE',0],0x48:['BASEFEE',0],0x50:['POP',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x53:['MSTORE8',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x58:['PC',0],0x59:['MSIZE',0],0x5a:['GAS',0],0x5b:['JUMPDEST',0],0xf0:['CREATE',0],0xf1:['CALL',0],0xf2:['CALLCODE',0],0xf3:['RETURN',0],0xf4:['DELEGATECALL',0],0xf5:['CREATE2',0],0xfa:['STATICCALL',0],0xfd:['REVERT',0],0xfe:['INVALID',0],0xff:['SELFDESTRUCT',0]};
for(let i=0x60;i<=0x7f;i++) ops[i]=['PUSH'+(i-0x5f),i-0x5f];
for(let i=0x80;i<=0x8f;i++) ops[i]=['DUP'+(i-0x7f),0];
for(let i=0x90;i<=0x9f;i++) ops[i]=['SWAP'+(i-0x8f),0];
for(let i=0xa0;i<=0xa4;i++) ops[i]=['LOG'+(i-0xa0),0];
let pc=0; const out=[];
while(pc<code.length/2){
const op=parseInt(code.slice(pc*2,pc*2+2),16);
const [name,push]=ops[op]||['OP_'+op.toString(16),0];
let line=String(pc).padStart(4)+' '+name;
if(push) line+=' 0x'+code.slice(pc*2+2,pc*2+2+push*2);
out.push(line);
pc+=1+push;
}
console.log(out.slice(0,260).join('\\n'));
NODE" in /tmp/codex-fxarz37l
succeeded in 0ms:
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0xe0
7 PUSH1 0x02
9 EXP
10 PUSH1 0x00
12 CALLDATALOAD
13 DIV
14 PUSH4 0x06fdde03
19 DUP2
20 EQ
21 PUSH2 0x0047
24 JUMPI
25 DUP1
26 PUSH4 0x313ce567
31 EQ
32 PUSH2 0x00a4
35 JUMPI
36 DUP1
37 PUSH4 0x70a08231
42 EQ
43 PUSH2 0x00b0
46 JUMPI
47 DUP1
48 PUSH4 0x95d89b41
53 EQ
54 PUSH2 0x00c8
57 JUMPI
58 DUP1
59 PUSH4 0xa9059cbb
64 EQ
65 PUSH2 0x0123
68 JUMPI
69 JUMPDEST
70 STOP
71 JUMPDEST
72 PUSH2 0x0152
75 PUSH1 0x00
77 DUP1
78 SLOAD
79 PUSH1 0x20
81 PUSH1 0x02
83 PUSH1 0x01
85 DUP4
86 AND
87 ISZERO
88 PUSH2 0x0100
91 MUL
92 PUSH1 0x00
94 NOT
95 ADD
96 SWAP1
97 SWAP3
98 AND
99 SWAP2
100 SWAP1
101 SWAP2
102 DIV
103 PUSH1 0x1f
105 DUP2
106 ADD
107 DUP3
108 SWAP1
109 DIV
110 SWAP1
111 SWAP2
112 MUL
113 PUSH1 0x80
115 SWAP1
116 DUP2
117 ADD
118 PUSH1 0x40
120 MSTORE
121 PUSH1 0x60
123 DUP3
124 DUP2
125 MSTORE
126 SWAP3
127 SWAP2
128 SWAP1
129 DUP3
130 DUP3
131 DUP1
132 ISZERO
133 PUSH2 0x02c4
136 JUMPI
137 DUP1
138 PUSH1 0x1f
140 LT
141 PUSH2 0x0299
144 JUMPI
145 PUSH2 0x0100
148 DUP1
149 DUP4
150 SLOAD
151 DIV
152 MUL
153 DUP4
154 MSTORE
155 SWAP2
156 PUSH1 0x20
158 ADD
159 SWAP2
160 PUSH2 0x02c4
163 JUMP
164 JUMPDEST
165 PUSH2 0x01c0
168 PUSH1 0x02
170 SLOAD
171 PUSH1 0xff
173 AND
174 DUP2
175 JUMP
176 JUMPDEST
177 PUSH2 0x01c0
180 PUSH1 0x04
182 CALLDATALOAD
183 PUSH1 0x03
185 PUSH1 0x20
187 MSTORE
188 PUSH1 0x00
190 SWAP1
191 DUP2
192 MSTORE
193 PUSH1 0x40
195 SWAP1
196 SHA3
197 SLOAD
198 DUP2
199 JUMP
200 JUMPDEST
201 PUSH2 0x0152
204 PUSH1 0x01
206 DUP1
207 SLOAD
208 PUSH1 0x20
210 PUSH1 0x1f
212 PUSH1 0x02
214 PUSH1 0x00
216 NOT
217 PUSH2 0x0100
220 DUP6
221 DUP8
222 AND
223 ISZERO
224 MUL
225 ADD
226 SWAP1
227 SWAP4
228 AND
229 SWAP3
230 SWAP1
231 SWAP3
232 DIV
233 SWAP2
234 DUP3
235 ADD
236 DUP2
237 SWAP1
238 DIV
239 MUL
240 PUSH1 0x80
242 SWAP1
243 DUP2
244 ADD
245 PUSH1 0x40
247 MSTORE
248 PUSH1 0x60
250 DUP3
251 DUP2
252 MSTORE
253 SWAP3
254 SWAP2
255 SWAP1
256 DUP3
257 DUP3
258 DUP1
259 ISZERO
260 PUSH2 0x02c4
263 JUMPI
264 DUP1
265 PUSH1 0x1f
267 LT
268 PUSH2 0x0299
271 JUMPI
272 PUSH2 0x0100
275 DUP1
276 DUP4
277 SLOAD
278 DIV
279 MUL
280 DUP4
281 MSTORE
282 SWAP2
283 PUSH1 0x20
285 ADD
286 SWAP2
287 PUSH2 0x02c4
290 JUMP
291 JUMPDEST
292 PUSH2 0x0045
295 PUSH1 0x04
297 CALLDATALOAD
298 PUSH1 0x24
300 CALLDATALOAD
301 PUSH1 0x01
303 PUSH1 0xa0
305 PUSH1 0x02
307 EXP
308 SUB
309 CALLER
310 AND
311 PUSH1 0x00
313 SWAP1
314 DUP2
315 MSTORE
316 PUSH1 0x03
318 PUSH1 0x20
320 MSTORE
321 PUSH1 0x40
323 SWAP1
324 SHA3
325 SLOAD
326 DUP2
327 SWAP1
328 LT
329 ISZERO
330 PUSH2 0x01ca
333 JUMPI
334 PUSH2 0x0002
337 JUMP
338 JUMPDEST
339 PUSH1 0x40
341 MLOAD
342 DUP1
343 DUP1
344 PUSH1 0x20
346 ADD
347 DUP3
348 DUP2
349 SUB
350 DUP3
351 MSTORE
352 DUP4
353 DUP2
354 DUP2
355 MLOAD
356 DUP2
357 MSTORE
358 PUSH1 0x20
360 ADD
361 SWAP2
362 POP
363 DUP1
364 MLOAD
365 SWAP1
366 PUSH1 0x20
368 ADD
369 SWAP1
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code=j.artifact.runtime_bytecode.full.slice(2);
const ops={0x00:['STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x05:['SDIV',0],0x06:['MOD',0],0x07:['SMOD',0],0x08:['ADDMOD',0],0x09:['MULMOD',0],0x0a:['EXP',0],0x0b:['SIGNEXTEND',0],0x10:['LT',0],0x11:['GT',0],0x12:['SLT',0],0x13:['SGT',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x18:['XOR',0],0x19:['NOT',0],0x1a:['BYTE',0],0x20:['SHA3',0],0x30:['ADDRESS',0],0x31:['BALANCE',0],0x32:['ORIGIN',0],0x33:['CALLER',0],0x34:['CALLVALUE',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x38:['CODESIZE',0],0x39:['CODECOPY',0],0x3a:['GASPRICE',0],0x3b:['EXTCODESIZE',0],0x3c:['EXTCODECOPY',0],0x3d:['RETURNDATASIZE',0],0x3e:['RETURNDATACOPY',0],0x40:['BLOCKHASH',0],0x41:['COINBASE',0],0x42:['TIMESTAMP',0],0x43:['NUMBER',0],0x44:['DIFFICULTY',0],0x45:['GASLIMIT',0],0x46:['CHAINID',0],0x47:['SELFBALANCE',0],0x48:['BASEFEE',0],0x50:['POP',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x53:['MSTORE8',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x58:['PC',0],0x59:['MSIZE',0],0x5a:['GAS',0],0x5b:['JUMPDEST',0],0xf0:['CREATE',0],0xf1:['CALL',0],0xf2:['CALLCODE',0],0xf3:['RETURN',0],0xf4:['DELEGATECALL',0],0xf5:['CREATE2',0],0xfa:['STATICCALL',0],0xfd:['REVERT',0],0xfe:['INVALID',0],0xff:['SELFDESTRUCT',0]};
for(let i=0x60;i<=0x7f;i++) ops[i]=['PUSH'+(i-0x5f),i-0x5f];
for(let i=0x80;i<=0x8f;i++) ops[i]=['DUP'+(i-0x7f),0];
for(let i=0x90;i<=0x9f;i++) ops[i]=['SWAP'+(i-0x8f),0];
for(let i=0xa0;i<=0xa4;i++) ops[i]=['LOG'+(i-0xa0),0];
let pc=0; const out=[];
while(pc<code.length/2){
const op=parseInt(code.slice(pc*2,pc*2+2),16);
const [name,push]=ops[op]||['OP_'+op.toString(16),0];
let line=String(pc).padStart(4)+' '+name;
if(push) line+=' 0x'+code.slice(pc*2+2,pc*2+2+push*2);
out.push(line);
pc+=1+push;
}
console.log(out.slice(220).join('\\n'));
NODE" in /tmp/codex-fxarz37l
succeeded in 0ms:
321 PUSH1 0x40
323 SWAP1
324 SHA3
325 SLOAD
326 DUP2
327 SWAP1
328 LT
329 ISZERO
330 PUSH2 0x01ca
333 JUMPI
334 PUSH2 0x0002
337 JUMP
338 JUMPDEST
339 PUSH1 0x40
341 MLOAD
342 DUP1
343 DUP1
344 PUSH1 0x20
346 ADD
347 DUP3
348 DUP2
349 SUB
350 DUP3
351 MSTORE
352 DUP4
353 DUP2
354 DUP2
355 MLOAD
356 DUP2
357 MSTORE
358 PUSH1 0x20
360 ADD
361 SWAP2
362 POP
363 DUP1
364 MLOAD
365 SWAP1
366 PUSH1 0x20
368 ADD
369 SWAP1
370 DUP1
371 DUP4
372 DUP4
373 DUP3
374 SWAP1
375 PUSH1 0x00
377 PUSH1 0x04
379 PUSH1 0x20
381 DUP5
382 PUSH1 0x1f
384 ADD
385 DIV
386 PUSH1 0x0f
388 MUL
389 PUSH1 0x03
391 ADD
392 CALL
393 POP
394 SWAP1
395 POP
396 SWAP1
397 DUP2
398 ADD
399 SWAP1
400 PUSH1 0x1f
402 AND
403 DUP1
404 ISZERO
405 PUSH2 0x01b2
408 JUMPI
409 DUP1
410 DUP3
411 SUB
412 DUP1
413 MLOAD
414 PUSH1 0x01
416 DUP4
417 PUSH1 0x20
419 SUB
420 PUSH2 0x0100
423 EXP
424 SUB
425 NOT
426 AND
427 DUP2
428 MSTORE
429 PUSH1 0x20
431 ADD
432 SWAP2
433 POP
434 JUMPDEST
435 POP
436 SWAP3
437 POP
438 POP
439 POP
440 PUSH1 0x40
442 MLOAD
443 DUP1
444 SWAP2
445 SUB
446 SWAP1
447 RETURN
448 JUMPDEST
449 PUSH1 0x60
451 SWAP1
452 DUP2
453 MSTORE
454 PUSH1 0x20
456 SWAP1
457 RETURN
458 JUMPDEST
459 PUSH1 0x01
461 PUSH1 0xa0
463 PUSH1 0x02
465 EXP
466 SUB
467 DUP3
468 AND
469 PUSH1 0x00
471 SWAP1
472 DUP2
473 MSTORE
474 PUSH1 0x40
476 SWAP1
477 SHA3
478 SLOAD
479 DUP1
480 DUP3
481 ADD
482 LT
483 ISZERO
484 PUSH2 0x01ec
487 JUMPI
488 PUSH2 0x0002
491 JUMP
492 JUMPDEST
493 DUP1
494 PUSH1 0x03
496 PUSH1 0x00
498 POP
499 PUSH1 0x00
501 CALLER
502 PUSH1 0x01
504 PUSH1 0xa0
506 PUSH1 0x02
508 EXP
509 SUB
510 AND
511 DUP2
512 MSTORE
513 PUSH1 0x20
515 ADD
516 SWAP1
517 DUP2
518 MSTORE
519 PUSH1 0x20
521 ADD
522 PUSH1 0x00
524 SHA3
525 PUSH1 0x00
527 DUP3
528 DUP3
529 DUP3
530 POP
531 SLOAD
532 SUB
533 SWAP3
534 POP
535 POP
536 DUP2
537 SWAP1
538 SSTORE
539 POP
540 DUP1
541 PUSH1 0x03
543 PUSH1 0x00
545 POP
546 PUSH1 0x00
548 DUP5
549 PUSH1 0x01
551 PUSH1 0xa0
553 PUSH1 0x02
555 EXP
556 SUB
557 AND
558 DUP2
559 MSTORE
560 PUSH1 0x20
562 ADD
563 SWAP1
564 DUP2
565 MSTORE
566 PUSH1 0x20
568 ADD
569 PUSH1 0x00
571 SHA3
572 PUSH1 0x00
574 DUP3
575 DUP3
576 DUP3
577 POP
578 SLOAD
579 ADD
580 SWAP3
581 POP
582 POP
583 DUP2
584 SWAP1
585 SSTORE
586 POP
587 DUP2
588 PUSH1 0x01
590 PUSH1 0xa0
592 PUSH1 0x02
594 EXP
595 SUB
596 AND
597 CALLER
598 PUSH1 0x01
600 PUSH1 0xa0
602 PUSH1 0x02
604 EXP
605 SUB
606 AND
607 PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
640 DUP4
641 PUSH1 0x40
643 MLOAD
644 DUP1
645 DUP3
646 DUP2
647 MSTORE
648 PUSH1 0x20
650 ADD
651 SWAP2
652 POP
653 POP
654 PUSH1 0x40
656 MLOAD
657 DUP1
658 SWAP2
659 SUB
660 SWAP1
661 LOG3
662 POP
663 POP
664 JUMP
665 JUMPDEST
666 DUP3
667 ADD
668 SWAP2
669 SWAP1
670 PUSH1 0x00
672 MSTORE
673 PUSH1 0x20
675 PUSH1 0x00
677 SHA3
678 SWAP1
679 JUMPDEST
680 DUP2
681 SLOAD
682 DUP2
683 MSTORE
684 SWAP1
685 PUSH1 0x01
687 ADD
688 SWAP1
689 PUSH1 0x20
691 ADD
692 DUP1
693 DUP4
694 GT
695 PUSH2 0x02a7
698 JUMPI
699 DUP3
700 SWAP1
701 SUB
702 PUSH1 0x1f
704 AND
705 DUP3
706 ADD
707 SWAP2
708 JUMPDEST
709 POP
710 POP
711 POP
712 POP
713 POP
714 DUP2
715 JUMP
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-fxarz37l
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
codex
{"no_findings":true,"summary":"Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode as a bytecode-only, token-like contract with likely selectors `0x06fdde03/0x95d89b41/0x313ce567/0x70a08231/0xa9059cbb` (`name/symbol/decimals/balanceOf/transfer`, best-effort only). I did not find meaningful evidence of reentrancy, privileged admin paths, upgradeability/proxy behavior, signature-validation logic, or dangerous `DELEGATECALL`. The detector-reported `CALL` at `pc:0x188` is most consistent with an old-Solidity dynamic string/bytes return helper, likely involving the identity precompile `0x04`, rather than an untrusted external call in the token transfer path; the `transfer` path appears to do balance checks and `SSTORE` updates without an external interaction. Uncertainty remains because this is runtime-bytecode-only analysis and selector/returndata inference is heuristic.","findings":[]}
tokens used
52,795
{
"codex": {
"ran_at": "2026-04-05T02:43:21.768870+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1434,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode as a bytecode-only, token-like contract with likely selectors `0x06fdde03/0x95d89b41/0x313ce567/0x70a08231/0xa9059cbb` (`name/symbol/decimals/balanceOf/transfer`, best-effort only). I did not find meaningful evidence of reentrancy, privileged admin paths, upgradeability/proxy behavior, signature-validation logic, or dangerous `DELEGATECALL`. The detector-reported `CALL` at `pc:0x188` is most consistent with an old-Solidity dynamic string/bytes return helper, likely involving the identity precompile `0x04`, rather than an untrusted external call in the token transfer path; the `transfer` path appears to do balance checks and `SSTORE` updates without an external interaction. Uncertainty remains because this is runtime-bytecode-only analysis and selector/returndata inference is heuristic.",
"raw_final": {
"summary": "Reviewed `BYTECODE_BUNDLE.json` and the runtime bytecode as a bytecode-only, token-like contract with likely selectors `0x06fdde03/0x95d89b41/0x313ce567/0x70a08231/0xa9059cbb` (`name/symbol/decimals/balanceOf/transfer`, best-effort only). I did not find meaningful evidence of reentrancy, privileged admin paths, upgradeability/proxy behavior, signature-validation logic, or dangerous `DELEGATECALL`. The detector-reported `CALL` at `pc:0x188` is most consistent with an old-Solidity dynamic string/bytes return helper, likely involving the identity precompile `0x04`, rather than an untrusted external call in the token transfer path; the `transfer` path appears to do balance checks and `SSTORE` updates without an external interaction. Uncertainty remains because this is runtime-bytecode-only analysis and selector/returndata inference is heuristic.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0152 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x02c4 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x0299 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x02c4 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01c0 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01c0 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0152 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x02c4 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x0299 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x02c4 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: ISZERO 0000014a: PUSH2 0x01ca 0000014d: JUMPI 0000014e: PUSH2 0x0002 00000151: JUMP 00000152: JUMPDEST 00000153: PUSH1 0x40 00000155: MLOAD 00000156: DUP1 00000157: DUP1 00000158: PUSH1 0x20 0000015a: ADD 0000015b: DUP3 0000015c: DUP2 0000015d: SUB 0000015e: DUP3 0000015f: MSTORE 00000160: DUP4 00000161: DUP2 00000162: DUP2 00000163: MLOAD 00000164: DUP2 00000165: MSTORE 00000166: PUSH1 0x20 00000168: ADD 00000169: SWAP2 0000016a: POP 0000016b: DUP1 0000016c: MLOAD 0000016d: SWAP1 0000016e: PUSH1 0x20 00000170: ADD 00000171: SWAP1 00000172: DUP1 00000173: DUP4 00000174: DUP4 00000175: DUP3 00000176: SWAP1 00000177: PUSH1 0x00 00000179: PUSH1 0x04 0000017b: PUSH1 0x20 0000017d: DUP5 0000017e: PUSH1 0x1f 00000180: ADD 00000181: DIV 00000182: PUSH1 0x0f 00000184: MUL 00000185: PUSH1 0x03 00000187: ADD 00000188: CALL 00000189: POP 0000018a: SWAP1 0000018b: POP 0000018c: SWAP1 0000018d: DUP2 0000018e: ADD 0000018f: SWAP1 00000190: PUSH1 0x1f 00000192: AND 00000193: DUP1 00000194: ISZERO 00000195: PUSH2 0x01b2 00000198: JUMPI 00000199: DUP1 0000019a: DUP3 0000019b: SUB 0000019c: DUP1 0000019d: MLOAD 0000019e: PUSH1 0x01 000001a0: DUP4 000001a1: PUSH1 0x20 000001a3: SUB 000001a4: PUSH2 0x0100 000001a7: EXP 000001a8: SUB 000001a9: NOT 000001aa: AND 000001ab: DUP2 000001ac: MSTORE 000001ad: PUSH1 0x20 000001af: ADD 000001b0: SWAP2 000001b1: POP 000001b2: JUMPDEST 000001b3: POP 000001b4: SWAP3 000001b5: POP 000001b6: POP 000001b7: POP 000001b8: PUSH1 0x40 000001ba: MLOAD 000001bb: DUP1 000001bc: SWAP2 000001bd: SUB 000001be: SWAP1 000001bf: RETURN 000001c0: JUMPDEST 000001c1: PUSH1 0x60 000001c3: SWAP1 000001c4: DUP2 000001c5: MSTORE 000001c6: PUSH1 0x20 000001c8: SWAP1 000001c9: RETURN 000001ca: JUMPDEST 000001cb: PUSH1 0x01 000001cd: PUSH1 0xa0 000001cf: PUSH1 0x02 000001d1: EXP 000001d2: SUB 000001d3: DUP3 000001d4: AND 000001d5: PUSH1 0x00 000001d7: SWAP1 000001d8: DUP2 000001d9: MSTORE 000001da: PUSH1 0x40 000001dc: SWAP1 000001dd: KECCAK256 000001de: SLOAD 000001df: DUP1 000001e0: DUP3 000001e1: ADD 000001e2: LT 000001e3: ISZERO 000001e4: PUSH2 0x01ec 000001e7: JUMPI 000001e8: PUSH2 0x0002 000001eb: JUMP 000001ec: JUMPDEST 000001ed: DUP1 000001ee: PUSH1 0x03 000001f0: PUSH1 0x00 000001f2: POP 000001f3: PUSH1 0x00 000001f5: CALLER 000001f6: PUSH1 0x01 000001f8: PUSH1 0xa0 000001fa: PUSH1 0x02 000001fc: EXP 000001fd: SUB 000001fe: AND 000001ff: DUP2 00000200: MSTORE 00000201: PUSH1 0x20 00000203: ADD 00000204: SWAP1 00000205: DUP2 00000206: MSTORE 00000207: PUSH1 0x20 00000209: ADD 0000020a: PUSH1 0x00 0000020c: KECCAK256 0000020d: PUSH1 0x00 0000020f: DUP3 00000210: DUP3 00000211: DUP3 00000212: POP 00000213: SLOAD 00000214: SUB 00000215: SWAP3 00000216: POP 00000217: POP 00000218: DUP2 00000219: SWAP1 0000021a: SSTORE 0000021b: POP 0000021c: DUP1 0000021d: PUSH1 0x03 0000021f: PUSH1 0x00 00000221: POP 00000222: PUSH1 0x00 00000224: DUP5 00000225: PUSH1 0x01 00000227: PUSH1 0xa0 00000229: PUSH1 0x02 0000022b: EXP 0000022c: SUB 0000022d: AND 0000022e: DUP2 0000022f: MSTORE 00000230: PUSH1 0x20 00000232: ADD 00000233: SWAP1 00000234: DUP2 00000235: MSTORE 00000236: PUSH1 0x20 00000238: ADD 00000239: PUSH1 0x00 0000023b: KECCAK256 0000023c: PUSH1 0x00 0000023e: DUP3 0000023f: DUP3 00000240: DUP3 00000241: POP 00000242: SLOAD 00000243: ADD 00000244: SWAP3 00000245: POP 00000246: POP 00000247: DUP2 00000248: SWAP1 00000249: SSTORE 0000024a: POP 0000024b: DUP2 0000024c: PUSH1 0x01 0000024e: PUSH1 0xa0 00000250: PUSH1 0x02 00000252: EXP 00000253: SUB 00000254: AND 00000255: CALLER 00000256: PUSH1 0x01 00000258: PUSH1 0xa0 0000025a: PUSH1 0x02 0000025c: EXP 0000025d: SUB 0000025e: AND 0000025f: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 00000280: DUP4 00000281: PUSH1 0x40 00000283: MLOAD 00000284: DUP1 00000285: DUP3 00000286: DUP2 00000287: MSTORE 00000288: PUSH1 0x20 0000028a: ADD 0000028b: SWAP2 0000028c: POP 0000028d: POP 0000028e: PUSH1 0x40 00000290: MLOAD 00000291: DUP1 00000292: SWAP2 00000293: SUB 00000294: SWAP1 00000295: LOG3 00000296: POP 00000297: POP 00000298: JUMP 00000299: JUMPDEST 0000029a: DUP3 0000029b: ADD 0000029c: SWAP2 0000029d: SWAP1 0000029e: PUSH1 0x00 000002a0: MSTORE 000002a1: PUSH1 0x20 000002a3: PUSH1 0x00 000002a5: KECCAK256 000002a6: SWAP1 000002a7: JUMPDEST 000002a8: DUP2 000002a9: SLOAD 000002aa: DUP2 000002ab: MSTORE 000002ac: SWAP1 000002ad: PUSH1 0x01 000002af: ADD 000002b0: SWAP1 000002b1: PUSH1 0x20 000002b3: ADD 000002b4: DUP1 000002b5: DUP4 000002b6: GT 000002b7: PUSH2 0x02a7 000002ba: JUMPI 000002bb: DUP3 000002bc: SWAP1 000002bd: SUB 000002be: PUSH1 0x1f 000002c0: AND 000002c1: DUP3 000002c2: ADD 000002c3: SWAP2 000002c4: JUMPDEST 000002c5: POP 000002c6: POP 000002c7: POP 000002c8: POP 000002c9: POP 000002ca: DUP2 000002cb: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c
call_targets:
0x0000000000000000000000000000000000000004, 0x82e960e4a224cc9825135881feebfa224605cf3c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x82e960e4a224cc9825135881feebfa224605cf3c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c
call_targets:
0x0000000000000000000000000000000000000004, 0x82e960e4a224cc9825135881feebfa224605cf3c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xa6852b51e7cd2c9af376f6f857a85c2f2bf78d4cf2ebe7a80178c243eba6b05c",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x82e960e4a224cc9825135881feebfa224605cf3c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|