019b3836-3089-71bf-bfe6-7ae7d7c98526
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 2637 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 2638 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46152 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46153 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46154 | detector.run | complete | 1 / 3 | 1 week ago |
| 46155 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113257 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode review suggests a small token-like contract with selectors matching `name`, `decimals`, `balanceOf`, `symbol`, and `transfer`. The lone `CALL` at `pc:0x188` is more consistent with an old-solc dynamic-string return helper than with an untrusted external call. The meaningful issues visible from runtime bytecode are silent ETH acceptance/locking and a missing zero-address guard on the inferred transfer path.","findings":[{"severity":"medium","category":"other","title":"All entrypoints appear payable, so ETH can be accepted and trapped permanently","exploit_scenario":"An integrator or user sends ETH alongside `transfer(...)`, `name()`, or even plain empty calldata. Because the runtime has no `CALLVALUE` rejection and unmatched selectors fall through to `STOP`, the call can succeed while ETH remains on the contract. With no visible withdrawal path in the bytecode, that ETH is likely unrecoverable.","recommendation":"Add a standard nonpayable guard (`CALLVALUE`/revert) to nonpayable functions and the fallback path, or add an explicit, access-controlled withdrawal/receive design if ETH custody is intended.","evidence":"The runtime contains no `CALLVALUE` opcode at all, the dispatcher falls through to `STOP` on unknown selectors at `pc:0x45`, and the only observed `CALL` is the helper call at `pc:0x188` rather than an obvious withdrawal/value-send path. From bytecode alone, this strongly suggests accidental ETH transfers are accepted but not recoverable.","locations":["pc:0x0","pc:0x45","pc:0x188"]},{"severity":"low","category":"other","title":"Inferred `transfer(address,uint256)` path lacks a zero-address recipient check","exploit_scenario":"If selector inference is correct for `0xa9059cbb`, a caller can transfer tokens to `address(0)`. That balance is then credited to the zero address and becomes effectively unreachable, causing accidental token loss and ERC20-incompatible accounting/burn behavior.","recommendation":"On the `transfer` path, explicitly revert when `to == address(0)` unless zero-address burns are intentionally supported and documented with matching supply semantics.","evidence":"Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. That path loads the recipient from calldata at `pc:0x129`, checks sender balance before jumping into the write path, then updates sender storage at `pc:0x24d` and recipient storage at `pc:0x27c`, and emits a `Transfer`-shaped `LOG3` at `pc:0x2c8`. I do not see any equality/zero check on the recipient before those writes, so this finding is low severity but well supported by the bytecode.","locations":["selector:0xa9059cbb","pc:0x129","pc:0x24d","pc:0x27c","pc:0x2c8"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-dozt461b
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5bb5-5709-7861-936e-649fa8bdc362
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "pwd && ls -la && rg --files -g 'BYTECODE_BUNDLE.json' -g 'AGENTS.md'" in /tmp/codex-dozt461b
succeeded in 0ms:
/tmp/codex-dozt461b
total 80
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 03:35 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 03:35 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 44930 Apr 5 03:35 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 03:35 codex-output-schema.json
BYTECODE_BUNDLE.json
Reading the bytecode artifact first, then validating any candidate issues against the evidence bundle and detector output before I produce the JSON report.
→ Inspect BYTECODE_BUNDLE.json structure and contents
• Correlate selectors, callsites, storage slots, and detector findings into concrete risks
• Return a schema-valid JSON report with conservative severity and explicit uncertainty
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "jq '.bytecode_summary | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
exited 5 in 0ms:
jq: error (at BYTECODE_BUNDLE.json:1722): null (null) has no keys
exec
/bin/bash -lc "jq '.detector_findings | if type==\"array\" then map(keys) else keys end' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
[
"confidence",
"evidence_json",
"normalized_json",
"severity",
"title",
"validated",
"validation_json"
],
[
"confidence",
"evidence_json",
"normalized_json",
"severity",
"title",
"validated",
"validation_json"
]
]
exec
/bin/bash -lc "jq '.analysis_artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"address",
"artifact_hash",
"artifact_json",
"block_number",
"chain_id",
"codehash",
"created_at",
"id",
"updated_at",
"version"
]
exec
/bin/bash -lc "jq '.artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
]
exec
/bin/bash -lc "jq '.heuristics_summary | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"create2_count",
"delegatecall_count",
"flags",
"selfdestruct_count"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '{artifact:{is_proxy:.artifact.is_proxy,implementation_address:.artifact.implementation_address,verified_source:.artifact.verified_source}, heuristics:.heuristics_summary, dispatcher_type:.analysis_artifact.artifact_json.dispatcher_type, function_entries:(.analysis_artifact.artifact_json.function_entries|length), selectors:(.analysis_artifact.artifact_json.selectors|length), callsites:(.analysis_artifact.artifact_json.callsites|length), sinks:(.analysis_artifact.artifact_json.sinks|length), storage_slots:(.analysis_artifact.artifact_json.storage.slots|length), auth:(.analysis_artifact.artifact_json.auth|keys), detector_titles:(.detector_findings|map({title,severity,confidence,validated}))}' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"artifact": {
"is_proxy": false,
"implementation_address": null,
"verified_source": false
},
"heuristics": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
},
"dispatcher_type": "selector_jump_table",
"function_entries": 5,
"selectors": 5,
"callsites": 1,
"sinks": 7,
"storage_slots": 5,
"auth": [
"guards"
],
"detector_titles": [
{
"title": "Untrusted CALL target/value reachable",
"severity": "high",
"confidence": 60,
"validated": true
},
{
"title": "ETH value transfer possible",
"severity": "high",
"confidence": 55,
"validated": true
}
]
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.auth' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"guards": []
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x629634c639d291516b0767aa328332d301ccfd19"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 392,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x629634c639d291516b0767aa328332d301ccfd19"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.basic_blocks[0]' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
]
exec
/bin/bash -lc "jq -r '.artifact.runtime_bytecode' BYTECODE_BUNDLE.json | wc -c" in /tmp/codex-dozt461b
succeeded in 0ms:
1523
exec
js_repl in /tmp/codex-dozt461b
2026-04-05T03:36:06.291894Z ERROR codex_core::tools::router: error=bundle.artifact.runtime_bytecode.replace is not a function
exited 1 in 93ms:
bundle.artifact.runtime_bytecode.replace is not a function
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode | type, .[0:80]' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
exited 5 in 0ms:
"object"
jq: error (at BYTECODE_BUNDLE.json:1722): Cannot index object with object
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode | keys' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
[
"full",
"head",
"length",
"tail",
"truncated"
]
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode | {length,truncated,head:(.head|.[0:20]), tail:(.tail|.[0:20]), full_type:(.full|type)}' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"length": 1434,
"truncated": false,
"head": null,
"tail": null,
"full_type": "string"
}
exec
js_repl in /tmp/codex-dozt461b
2026-04-05T03:36:31.118239Z ERROR codex_core::tools::router: error=Identifier 'fs' has already been declared
exited 1 in 3ms:
Identifier 'fs' has already been declared
exec
js_repl in /tmp/codex-dozt461b
succeeded in 6ms:
len 716 ops 511
[
{
"pc": 392,
"name": "CALL"
}
]
[
{
"pc": 341,
"name": "MLOAD"
},
{
"pc": 342,
"name": "DUP1"
},
{
"pc": 343,
"name": "DUP1"
},
{
"pc": 344,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 346,
"name": "ADD"
},
{
"pc": 347,
"name": "DUP3"
},
{
"pc": 348,
"name": "DUP2"
},
{
"pc": 349,
"name": "SUB"
},
{
"pc": 350,
"name": "DUP3"
},
{
"pc": 351,
"name": "MSTORE"
},
{
"pc": 352,
"name": "DUP4"
},
{
"pc": 353,
"name": "DUP2"
},
{
"pc": 354,
"name": "DUP2"
},
{
"pc": 355,
"name": "MLOAD"
},
{
"pc": 356,
"name": "DUP2"
},
{
"pc": 357,
"name": "MSTORE"
},
{
"pc": 358,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 360,
"name": "ADD"
},
{
"pc": 361,
"name": "SWAP2"
},
{
"pc": 362,
"name": "POP"
},
{
"pc": 363,
"name": "DUP1"
},
{
"pc": 364,
"name": "MLOAD"
},
{
"pc": 365,
"name": "SWAP1"
},
{
"pc": 366,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 368,
"name": "ADD"
},
{
"pc": 369,
"name": "SWAP1"
},
{
"pc": 370,
"name": "DUP1"
},
{
"pc": 371,
"name": "DUP4"
},
{
"pc": 372,
"name": "DUP4"
},
{
"pc": 373,
"name": "DUP3"
},
{
"pc": 374,
"name": "SWAP1"
},
{
"pc": 375,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 377,
"name": "PUSH1",
"push": "0x04"
},
{
"pc": 379,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 381,
"name": "DUP5"
},
{
"pc": 382,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 384,
"name": "ADD"
},
{
"pc": 385,
"name": "DIV"
},
{
"pc": 386,
"name": "PUSH1",
"push": "0x0f"
},
{
"pc": 388,
"name": "MUL"
},
{
"pc": 389,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 391,
"name": "ADD"
},
{
"pc": 392,
"name": "CALL"
},
{
"pc": 393,
"name": "POP"
},
{
"pc": 394,
"name": "SWAP1"
},
{
"pc": 395,
"name": "POP"
},
{
"pc": 396,
"name": "SWAP1"
},
{
"pc": 397,
"name": "DUP2"
},
{
"pc": 398,
"name": "ADD"
},
{
"pc": 399,
"name": "SWAP1"
},
{
"pc": 400,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 402,
"name": "AND"
},
{
"pc": 403,
"name": "DUP1"
},
{
"pc": 404,
"name": "ISZERO"
},
{
"pc": 405,
"name": "PUSH2",
"push": "0x01b2"
},
{
"pc": 408,
"name": "JUMPI"
},
{
"pc": 409,
"name": "DUP1"
},
{
"pc": 410,
"name": "DUP3"
},
{
"pc": 411,
"name": "SUB"
},
{
"pc": 412,
"name": "DUP1"
},
{
"pc": 413,
"name": "MLOAD"
},
{
"pc": 414,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 416,
"name": "DUP4"
},
{
"pc": 417,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 419,
"name": "SUB"
},
{
"pc": 420,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 423,
"name": "EXP"
},
{
"pc": 424,
"name": "SUB"
},
{
"pc": 425,
"name": "NOT"
},
{
"pc": 426,
"name": "AND"
},
{
"pc": 427,
"name": "DUP2"
},
{
"pc": 428,
"name": "MSTORE"
},
{
"pc": 429,
"name": "PUSH1",
"push": "0x20"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[
{
"pc": 240,
"name": "PUSH1",
"push": "0x80"
},
{
"pc": 242,
"name": "SWAP1"
},
{
"pc": 243,
"name": "DUP2"
},
{
"pc": 244,
"name": "ADD"
},
{
"pc": 245,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 247,
"name": "MSTORE"
},
{
"pc": 248,
"name": "PUSH1",
"push": "0x60"
},
{
"pc": 250,
"name": "DUP3"
},
{
"pc": 251,
"name": "DUP2"
},
{
"pc": 252,
"name": "MSTORE"
},
{
"pc": 253,
"name": "SWAP3"
},
{
"pc": 254,
"name": "SWAP2"
},
{
"pc": 255,
"name": "SWAP1"
},
{
"pc": 256,
"name": "DUP3"
},
{
"pc": 257,
"name": "DUP3"
},
{
"pc": 258,
"name": "DUP1"
},
{
"pc": 259,
"name": "ISZERO"
},
{
"pc": 260,
"name": "PUSH2",
"push": "0x01f5"
},
{
"pc": 263,
"name": "JUMPI"
},
{
"pc": 264,
"name": "DUP1"
},
{
"pc": 265,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 267,
"name": "LT"
},
{
"pc": 268,
"name": "PUSH2",
"push": "0x01ca"
},
{
"pc": 271,
"name": "JUMPI"
},
{
"pc": 272,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 275,
"name": "DUP1"
},
{
"pc": 276,
"name": "DUP4"
},
{
"pc": 277,
"name": "SLOAD"
},
{
"pc": 278,
"name": "DIV"
},
{
"pc": 279,
"name": "MUL"
},
{
"pc": 280,
"name": "DUP4"
},
{
"pc": 281,
"name": "MSTORE"
},
{
"pc": 282,
"name": "SWAP2"
},
{
"pc": 283,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 285,
"name": "ADD"
},
{
"pc": 286,
"name": "SWAP2"
},
{
"pc": 287,
"name": "PUSH2",
"push": "0x01f5"
},
{
"pc": 290,
"name": "JUMP"
},
{
"pc": 291,
"name": "JUMPDEST"
},
{
"pc": 292,
"name": "PUSH2",
"push": "0x0045"
},
{
"pc": 295,
"name": "PUSH1",
"push": "0x04"
},
{
"pc": 297,
"name": "CALLDATALOAD"
},
{
"pc": 298,
"name": "PUSH1",
"push": "0x24"
},
{
"pc": 300,
"name": "CALLDATALOAD"
},
{
"pc": 301,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 303,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 305,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 307,
"name": "EXP"
},
{
"pc": 308,
"name": "SUB"
},
{
"pc": 309,
"name": "CALLER"
},
{
"pc": 310,
"name": "AND"
},
{
"pc": 311,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 313,
"name": "SWAP1"
},
{
"pc": 314,
"name": "DUP2"
},
{
"pc": 315,
"name": "MSTORE"
},
{
"pc": 316,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 318,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 320,
"name": "MSTORE"
},
{
"pc": 321,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 323,
"name": "SWAP1"
},
{
"pc": 324,
"name": "SHA3"
},
{
"pc": 325,
"name": "SLOAD"
},
{
"pc": 326,
"name": "DUP2"
},
{
"pc": 327,
"name": "SWAP1"
},
{
"pc": 328,
"name": "LT"
},
{
"pc": 329,
"name": "ISZERO"
},
{
"pc": 330,
"name": "PUSH2",
"push": "0x01fd"
},
{
"pc": 333,
"name": "JUMPI"
},
{
"pc": 334,
"name": "PUSH2",
"push": "0x0002"
},
{
"pc": 337,
"name": "JUMP"
},
{
"pc": 338,
"name": "JUMPDEST"
},
{
"pc": 339,
"name": "PUSH1",
"push": "0x40"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[
{
"pc": 339,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 341,
"name": "MLOAD"
},
{
"pc": 342,
"name": "DUP1"
},
{
"pc": 343,
"name": "DUP1"
},
{
"pc": 344,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 346,
"name": "ADD"
},
{
"pc": 347,
"name": "DUP3"
},
{
"pc": 348,
"name": "DUP2"
},
{
"pc": 349,
"name": "SUB"
},
{
"pc": 350,
"name": "DUP3"
},
{
"pc": 351,
"name": "MSTORE"
},
{
"pc": 352,
"name": "DUP4"
},
{
"pc": 353,
"name": "DUP2"
},
{
"pc": 354,
"name": "DUP2"
},
{
"pc": 355,
"name": "MLOAD"
},
{
"pc": 356,
"name": "DUP2"
},
{
"pc": 357,
"name": "MSTORE"
},
{
"pc": 358,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 360,
"name": "ADD"
},
{
"pc": 361,
"name": "SWAP2"
},
{
"pc": 362,
"name": "POP"
},
{
"pc": 363,
"name": "DUP1"
},
{
"pc": 364,
"name": "MLOAD"
},
{
"pc": 365,
"name": "SWAP1"
},
{
"pc": 366,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 368,
"name": "ADD"
},
{
"pc": 369,
"name": "SWAP1"
},
{
"pc": 370,
"name": "DUP1"
},
{
"pc": 371,
"name": "DUP4"
},
{
"pc": 372,
"name": "DUP4"
},
{
"pc": 373,
"name": "DUP3"
},
{
"pc": 374,
"name": "SWAP1"
},
{
"pc": 375,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 377,
"name": "PUSH1",
"push": "0x04"
},
{
"pc": 379,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 381,
"name": "DUP5"
},
{
"pc": 382,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 384,
"name": "ADD"
},
{
"pc": 385,
"name": "DIV"
},
{
"pc": 386,
"name": "PUSH1",
"push": "0x0f"
},
{
"pc": 388,
"name": "MUL"
},
{
"pc": 389,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 391,
"name": "ADD"
},
{
"pc": 392,
"name": "CALL"
},
{
"pc": 393,
"name": "POP"
},
{
"pc": 394,
"name": "SWAP1"
},
{
"pc": 395,
"name": "POP"
},
{
"pc": 396,
"name": "SWAP1"
},
{
"pc": 397,
"name": "DUP2"
},
{
"pc": 398,
"name": "ADD"
},
{
"pc": 399,
"name": "SWAP1"
},
{
"pc": 400,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 402,
"name": "AND"
},
{
"pc": 403,
"name": "DUP1"
},
{
"pc": 404,
"name": "ISZERO"
},
{
"pc": 405,
"name": "PUSH2",
"push": "0x01b2"
},
{
"pc": 408,
"name": "JUMPI"
},
{
"pc": 409,
"name": "DUP1"
},
{
"pc": 410,
"name": "DUP3"
},
{
"pc": 411,
"name": "SUB"
},
{
"pc": 412,
"name": "DUP1"
},
{
"pc": 413,
"name": "MLOAD"
},
{
"pc": 414,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 416,
"name": "DUP4"
},
{
"pc": 417,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 419,
"name": "SUB"
},
{
"pc": 420,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 423,
"name": "EXP"
},
{
"pc": 424,
"name": "SUB"
},
{
"pc": 425,
"name": "NOT"
},
{
"pc": 426,
"name": "AND"
},
{
"pc": 427,
"name": "DUP2"
},
{
"pc": 428,
"name": "MSTORE"
},
{
"pc": 429,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 431,
"name": "ADD"
},
{
"pc": 432,
"name": "SWAP2"
},
{
"pc": 433,
"name": "POP"
},
{
"pc": 434,
"name": "JUMPDEST"
},
{
"pc": 435,
"name": "POP"
},
{
"pc": 436,
"name": "SWAP3"
},
{
"pc": 437,
"name": "POP"
},
{
"pc": 438,
"name": "POP"
},
{
"pc": 439,
"name": "POP"
},
{
"pc": 440,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 442,
"name": "MLOAD"
},
{
"pc": 443,
"name": "DUP1"
},
{
"pc": 444,
"name": "SWAP2"
},
{
"pc": 445,
"name": "SUB"
},
{
"pc": 446,
"name": "SWAP1"
},
{
"pc": 447,
"name": "RETURN"
},
{
"pc": 448,
"name": "JUMPDEST"
},
{
"pc": 449,
"name": "PUSH1",
"push": "0x60"
},
{
"pc": 451,
"name": "SWAP1"
},
{
"pc": 452,
"name": "DUP2"
},
{
"pc": 453,
"name": "MSTORE"
},
{
"pc": 454,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 456,
"name": "SWAP1"
},
{
"pc": 457,
"name": "RETURN"
},
{
"pc": 458,
"name": "JUMPDEST"
},
{
"pc": 459,
"name": "DUP3"
},
{
"pc": 460,
"name": "ADD"
},
{
"pc": 461,
"name": "SWAP2"
},
{
"pc": 462,
"name": "SWAP1"
},
{
"pc": 463,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 465,
"name": "MSTORE"
},
{
"pc": 466,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 468,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 470,
"name": "SHA3"
},
{
"pc": 471,
"name": "SWAP1"
},
{
"pc": 472,
"name": "JUMPDEST"
},
{
"pc": 473,
"name": "DUP2"
},
{
"pc": 474,
"name": "SLOAD"
},
{
"pc": 475,
"name": "DUP2"
},
{
"pc": 476,
"name": "MSTORE"
},
{
"pc": 477,
"name": "SWAP1"
},
{
"pc": 478,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 480,
"name": "ADD"
},
{
"pc": 481,
"name": "SWAP1"
},
{
"pc": 482,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 484,
"name": "ADD"
},
{
"pc": 485,
"name": "DUP1"
},
{
"pc": 486,
"name": "DUP4"
},
{
"pc": 487,
"name": "GT"
},
{
"pc": 488,
"name": "PUSH2",
"push": "0x01d8"
},
{
"pc": 491,
"name": "JUMPI"
},
{
"pc": 492,
"name": "DUP3"
},
{
"pc": 493,
"name": "SWAP1"
},
{
"pc": 494,
"name": "SUB"
},
{
"pc": 495,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 497,
"name": "AND"
},
{
"pc": 498,
"name": "DUP3"
},
{
"pc": 499,
"name": "ADD"
},
{
"pc": 500,
"name": "SWAP2"
},
{
"pc": 501,
"name": "JUMPDEST"
},
{
"pc": 502,
"name": "POP"
},
{
"pc": 503,
"name": "POP"
},
{
"pc": 504,
"name": "POP"
},
{
"pc": 505,
"name": "POP"
},
{
"pc": 506,
"name": "POP"
},
{
"pc": 507,
"name": "DUP2"
},
{
"pc": 508,
"name": "JUMP"
},
{
"pc": 509,
"name": "JUMPDEST"
},
{
"pc": 510,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 512,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 514,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 516,
"name": "EXP"
},
{
"pc": 517,
"name": "SUB"
},
{
"pc": 518,
"name": "DUP3"
},
{
"pc": 519,
"name": "AND"
},
{
"pc": 520,
"name": "PUSH1",
"push": "0x00"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[
{
"pc": 520,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 522,
"name": "SWAP1"
},
{
"pc": 523,
"name": "DUP2"
},
{
"pc": 524,
"name": "MSTORE"
},
{
"pc": 525,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 527,
"name": "SWAP1"
},
{
"pc": 528,
"name": "SHA3"
},
{
"pc": 529,
"name": "SLOAD"
},
{
"pc": 530,
"name": "DUP1"
},
{
"pc": 531,
"name": "DUP3"
},
{
"pc": 532,
"name": "ADD"
},
{
"pc": 533,
"name": "LT"
},
{
"pc": 534,
"name": "ISZERO"
},
{
"pc": 535,
"name": "PUSH2",
"push": "0x021f"
},
{
"pc": 538,
"name": "JUMPI"
},
{
"pc": 539,
"name": "PUSH2",
"push": "0x0002"
},
{
"pc": 542,
"name": "JUMP"
},
{
"pc": 543,
"name": "JUMPDEST"
},
{
"pc": 544,
"name": "DUP1"
},
{
"pc": 545,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 547,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 549,
"name": "POP"
},
{
"pc": 550,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 552,
"name": "CALLER"
},
{
"pc": 553,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 555,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 557,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 559,
"name": "EXP"
},
{
"pc": 560,
"name": "SUB"
},
{
"pc": 561,
"name": "AND"
},
{
"pc": 562,
"name": "DUP2"
},
{
"pc": 563,
"name": "MSTORE"
},
{
"pc": 564,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 566,
"name": "ADD"
},
{
"pc": 567,
"name": "SWAP1"
},
{
"pc": 568,
"name": "DUP2"
},
{
"pc": 569,
"name": "MSTORE"
},
{
"pc": 570,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 572,
"name": "ADD"
},
{
"pc": 573,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 575,
"name": "SHA3"
},
{
"pc": 576,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 578,
"name": "DUP3"
},
{
"pc": 579,
"name": "DUP3"
},
{
"pc": 580,
"name": "DUP3"
},
{
"pc": 581,
"name": "POP"
},
{
"pc": 582,
"name": "SLOAD"
},
{
"pc": 583,
"name": "SUB"
},
{
"pc": 584,
"name": "SWAP3"
},
{
"pc": 585,
"name": "POP"
},
{
"pc": 586,
"name": "POP"
},
{
"pc": 587,
"name": "DUP2"
},
{
"pc": 588,
"name": "SWAP1"
},
{
"pc": 589,
"name": "SSTORE"
},
{
"pc": 590,
"name": "POP"
},
{
"pc": 591,
"name": "DUP1"
},
{
"pc": 592,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 594,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 596,
"name": "POP"
},
{
"pc": 597,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 599,
"name": "DUP5"
},
{
"pc": 600,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 602,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 604,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 606,
"name": "EXP"
},
{
"pc": 607,
"name": "SUB"
},
{
"pc": 608,
"name": "AND"
},
{
"pc": 609,
"name": "DUP2"
},
{
"pc": 610,
"name": "MSTORE"
},
{
"pc": 611,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 613,
"name": "ADD"
},
{
"pc": 614,
"name": "SWAP1"
},
{
"pc": 615,
"name": "DUP2"
},
{
"pc": 616,
"name": "MSTORE"
},
{
"pc": 617,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 619,
"name": "ADD"
},
{
"pc": 620,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 622,
"name": "SHA3"
},
{
"pc": 623,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 625,
"name": "DUP3"
},
{
"pc": 626,
"name": "DUP3"
},
{
"pc": 627,
"name": "DUP3"
},
{
"pc": 628,
"name": "POP"
},
{
"pc": 629,
"name": "SLOAD"
},
{
"pc": 630,
"name": "ADD"
},
{
"pc": 631,
"name": "SWAP3"
},
{
"pc": 632,
"name": "POP"
},
{
"pc": 633,
"name": "POP"
},
{
"pc": 634,
"name": "DUP2"
},
{
"pc": 635,
"name": "SWAP1"
},
{
"pc": 636,
"name": "SSTORE"
},
{
"pc": 637,
"name": "POP"
},
{
"pc": 638,
"name": "DUP2"
},
{
"pc": 639,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 641,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 643,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 645,
"name": "EXP"
},
{
"pc": 646,
"name": "SUB"
},
{
"pc": 647,
"name": "AND"
},
{
"pc": 648,
"name": "CALLER"
},
{
"pc": 649,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 651,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 653,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 655,
"name": "EXP"
},
{
"pc": 656,
"name": "SUB"
},
{
"pc": 657,
"name": "AND"
},
{
"pc": 658,
"name": "PUSH32",
"push": "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef"
},
{
"pc": 691,
"name": "DUP4"
},
{
"pc": 692,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 694,
"name": "MLOAD"
},
{
"pc": 695,
"name": "DUP1"
},
{
"pc": 696,
"name": "DUP3"
},
{
"pc": 697,
"name": "DUP2"
},
{
"pc": 698,
"name": "MSTORE"
},
{
"pc": 699,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 701,
"name": "ADD"
},
{
"pc": 702,
"name": "SWAP2"
},
{
"pc": 703,
"name": "POP"
},
{
"pc": 704,
"name": "POP"
},
{
"pc": 705,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 707,
"name": "MLOAD"
},
{
"pc": 708,
"name": "DUP1"
},
{
"pc": 709,
"name": "SWAP2"
},
{
"pc": 710,
"name": "SUB"
},
{
"pc": 711,
"name": "SWAP1"
},
{
"pc": 712,
"name": "LOG3"
},
{
"pc": 713,
"name": "POP"
},
{
"pc": 714,
"name": "POP"
},
{
"pc": 715,
"name": "JUMP"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[
{
"pc": 0,
"name": "PUSH1",
"push": "0x60"
},
{
"pc": 2,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 4,
"name": "MSTORE"
},
{
"pc": 5,
"name": "PUSH1",
"push": "0xe0"
},
{
"pc": 7,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 9,
"name": "EXP"
},
{
"pc": 10,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 12,
"name": "CALLDATALOAD"
},
{
"pc": 13,
"name": "DIV"
},
{
"pc": 14,
"name": "PUSH4",
"push": "0x06fdde03"
},
{
"pc": 19,
"name": "DUP2"
},
{
"pc": 20,
"name": "EQ"
},
{
"pc": 21,
"name": "PUSH2",
"push": "0x0047"
},
{
"pc": 24,
"name": "JUMPI"
},
{
"pc": 25,
"name": "DUP1"
},
{
"pc": 26,
"name": "PUSH4",
"push": "0x313ce567"
},
{
"pc": 31,
"name": "EQ"
},
{
"pc": 32,
"name": "PUSH2",
"push": "0x00a4"
},
{
"pc": 35,
"name": "JUMPI"
},
{
"pc": 36,
"name": "DUP1"
},
{
"pc": 37,
"name": "PUSH4",
"push": "0x70a08231"
},
{
"pc": 42,
"name": "EQ"
},
{
"pc": 43,
"name": "PUSH2",
"push": "0x00b0"
},
{
"pc": 46,
"name": "JUMPI"
},
{
"pc": 47,
"name": "DUP1"
},
{
"pc": 48,
"name": "PUSH4",
"push": "0x95d89b41"
},
{
"pc": 53,
"name": "EQ"
},
{
"pc": 54,
"name": "PUSH2",
"push": "0x00c8"
},
{
"pc": 57,
"name": "JUMPI"
},
{
"pc": 58,
"name": "DUP1"
},
{
"pc": 59,
"name": "PUSH4",
"push": "0xa9059cbb"
},
{
"pc": 64,
"name": "EQ"
},
{
"pc": 65,
"name": "PUSH2",
"push": "0x0123"
},
{
"pc": 68,
"name": "JUMPI"
},
{
"pc": 69,
"name": "JUMPDEST"
},
{
"pc": 70,
"name": "STOP"
},
{
"pc": 71,
"name": "JUMPDEST"
},
{
"pc": 72,
"name": "PUSH2",
"push": "0x0152"
},
{
"pc": 75,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 77,
"name": "DUP1"
},
{
"pc": 78,
"name": "SLOAD"
},
{
"pc": 79,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 81,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 83,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 85,
"name": "DUP4"
},
{
"pc": 86,
"name": "AND"
},
{
"pc": 87,
"name": "ISZERO"
},
{
"pc": 88,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 91,
"name": "MUL"
},
{
"pc": 92,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 94,
"name": "NOT"
},
{
"pc": 95,
"name": "ADD"
},
{
"pc": 96,
"name": "SWAP1"
},
{
"pc": 97,
"name": "SWAP3"
},
{
"pc": 98,
"name": "AND"
},
{
"pc": 99,
"name": "SWAP2"
},
{
"pc": 100,
"name": "SWAP1"
},
{
"pc": 101,
"name": "SWAP2"
},
{
"pc": 102,
"name": "DIV"
},
{
"pc": 103,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 105,
"name": "DUP2"
},
{
"pc": 106,
"name": "ADD"
},
{
"pc": 107,
"name": "DUP3"
},
{
"pc": 108,
"name": "SWAP1"
},
{
"pc": 109,
"name": "DIV"
},
{
"pc": 110,
"name": "SWAP1"
},
{
"pc": 111,
"name": "SWAP2"
},
{
"pc": 112,
"name": "MUL"
},
{
"pc": 113,
"name": "PUSH1",
"push": "0x80"
},
{
"pc": 115,
"name": "SWAP1"
},
{
"pc": 116,
"name": "DUP2"
},
{
"pc": 117,
"name": "ADD"
},
{
"pc": 118,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 120,
"name": "MSTORE"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[
{
"pc": 120,
"name": "MSTORE"
},
{
"pc": 121,
"name": "PUSH1",
"push": "0x60"
},
{
"pc": 123,
"name": "DUP3"
},
{
"pc": 124,
"name": "DUP2"
},
{
"pc": 125,
"name": "MSTORE"
},
{
"pc": 126,
"name": "SWAP3"
},
{
"pc": 127,
"name": "SWAP2"
},
{
"pc": 128,
"name": "SWAP1"
},
{
"pc": 129,
"name": "DUP3"
},
{
"pc": 130,
"name": "DUP3"
},
{
"pc": 131,
"name": "DUP1"
},
{
"pc": 132,
"name": "ISZERO"
},
{
"pc": 133,
"name": "PUSH2",
"push": "0x01f5"
},
{
"pc": 136,
"name": "JUMPI"
},
{
"pc": 137,
"name": "DUP1"
},
{
"pc": 138,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 140,
"name": "LT"
},
{
"pc": 141,
"name": "PUSH2",
"push": "0x01ca"
},
{
"pc": 144,
"name": "JUMPI"
},
{
"pc": 145,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 148,
"name": "DUP1"
},
{
"pc": 149,
"name": "DUP4"
},
{
"pc": 150,
"name": "SLOAD"
},
{
"pc": 151,
"name": "DIV"
},
{
"pc": 152,
"name": "MUL"
},
{
"pc": 153,
"name": "DUP4"
},
{
"pc": 154,
"name": "MSTORE"
},
{
"pc": 155,
"name": "SWAP2"
},
{
"pc": 156,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 158,
"name": "ADD"
},
{
"pc": 159,
"name": "SWAP2"
},
{
"pc": 160,
"name": "PUSH2",
"push": "0x01f5"
},
{
"pc": 163,
"name": "JUMP"
},
{
"pc": 164,
"name": "JUMPDEST"
},
{
"pc": 165,
"name": "PUSH2",
"push": "0x01c0"
},
{
"pc": 168,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 170,
"name": "SLOAD"
},
{
"pc": 171,
"name": "PUSH1",
"push": "0xff"
},
{
"pc": 173,
"name": "AND"
},
{
"pc": 174,
"name": "DUP2"
},
{
"pc": 175,
"name": "JUMP"
},
{
"pc": 176,
"name": "JUMPDEST"
},
{
"pc": 177,
"name": "PUSH2",
"push": "0x01c0"
},
{
"pc": 180,
"name": "PUSH1",
"push": "0x04"
},
{
"pc": 182,
"name": "CALLDATALOAD"
},
{
"pc": 183,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 185,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 187,
"name": "MSTORE"
},
{
"pc": 188,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 190,
"name": "SWAP1"
},
{
"pc": 191,
"name": "DUP2"
},
{
"pc": 192,
"name": "MSTORE"
},
{
"pc": 193,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 195,
"name": "SWAP1"
},
{
"pc": 196,
"name": "SHA3"
},
{
"pc": 197,
"name": "SLOAD"
},
{
"pc": 198,
"name": "DUP2"
},
{
"pc": 199,
"name": "JUMP"
},
{
"pc": 200,
"name": "JUMPDEST"
},
{
"pc": 201,
"name": "PUSH2",
"push": "0x0152"
},
{
"pc": 204,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 206,
"name": "DUP1"
},
{
"pc": 207,
"name": "SLOAD"
},
{
"pc": 208,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 210,
"name": "PUSH1",
"push": "0x1f"
},
{
"pc": 212,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 214,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 216,
"name": "NOT"
},
{
"pc": 217,
"name": "PUSH2",
"push": "0x0100"
},
{
"pc": 220,
"name": "DUP6"
},
{
"pc": 221,
"name": "DUP8"
},
{
"pc": 222,
"name": "AND"
},
{
"pc": 223,
"name": "ISZERO"
},
{
"pc": 224,
"name": "MUL"
},
{
"pc": 225,
"name": "ADD"
},
{
"pc": 226,
"name": "SWAP1"
},
{
"pc": 227,
"name": "SWAP4"
},
{
"pc": 228,
"name": "AND"
},
{
"pc": 229,
"name": "SWAP3"
},
{
"pc": 230,
"name": "SWAP1"
},
{
"pc": 231,
"name": "SWAP3"
},
{
"pc": 232,
"name": "DIV"
},
{
"pc": 233,
"name": "SWAP2"
},
{
"pc": 234,
"name": "DUP3"
},
{
"pc": 235,
"name": "ADD"
},
{
"pc": 236,
"name": "DUP2"
},
{
"pc": 237,
"name": "SWAP1"
},
{
"pc": 238,
"name": "DIV"
},
{
"pc": 239,
"name": "MUL"
},
{
"pc": 240,
"name": "PUSH1",
"push": "0x80"
}
]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[]
exec
js_repl in /tmp/codex-dozt461b
succeeded in 1ms:
[]
exec
/bin/bash -lc "jq '.artifact.compiler_json' BYTECODE_BUNDLE.json" in /tmp/codex-dozt461b
succeeded in 0ms:
{
"etherscan": {
"skipped": true
}
}
exec
js_repl in /tmp/codex-dozt461b
succeeded in 0ms:
[
{
"pc": 509,
"name": "JUMPDEST"
},
{
"pc": 510,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 512,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 514,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 516,
"name": "EXP"
},
{
"pc": 517,
"name": "SUB"
},
{
"pc": 518,
"name": "DUP3"
},
{
"pc": 519,
"name": "AND"
},
{
"pc": 520,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 522,
"name": "SWAP1"
},
{
"pc": 523,
"name": "DUP2"
},
{
"pc": 524,
"name": "MSTORE"
},
{
"pc": 525,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 527,
"name": "SWAP1"
},
{
"pc": 528,
"name": "SHA3"
},
{
"pc": 529,
"name": "SLOAD"
},
{
"pc": 530,
"name": "DUP1"
},
{
"pc": 531,
"name": "DUP3"
},
{
"pc": 532,
"name": "ADD"
},
{
"pc": 533,
"name": "LT"
},
{
"pc": 534,
"name": "ISZERO"
},
{
"pc": 535,
"name": "PUSH2",
"push": "0x021f"
},
{
"pc": 538,
"name": "JUMPI"
},
{
"pc": 539,
"name": "PUSH2",
"push": "0x0002"
},
{
"pc": 542,
"name": "JUMP"
},
{
"pc": 543,
"name": "JUMPDEST"
},
{
"pc": 544,
"name": "DUP1"
},
{
"pc": 545,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 547,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 549,
"name": "POP"
},
{
"pc": 550,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 552,
"name": "CALLER"
},
{
"pc": 553,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 555,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 557,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 559,
"name": "EXP"
},
{
"pc": 560,
"name": "SUB"
},
{
"pc": 561,
"name": "AND"
},
{
"pc": 562,
"name": "DUP2"
},
{
"pc": 563,
"name": "MSTORE"
},
{
"pc": 564,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 566,
"name": "ADD"
},
{
"pc": 567,
"name": "SWAP1"
},
{
"pc": 568,
"name": "DUP2"
},
{
"pc": 569,
"name": "MSTORE"
},
{
"pc": 570,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 572,
"name": "ADD"
},
{
"pc": 573,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 575,
"name": "SHA3"
},
{
"pc": 576,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 578,
"name": "DUP3"
},
{
"pc": 579,
"name": "DUP3"
},
{
"pc": 580,
"name": "DUP3"
},
{
"pc": 581,
"name": "POP"
},
{
"pc": 582,
"name": "SLOAD"
},
{
"pc": 583,
"name": "SUB"
},
{
"pc": 584,
"name": "SWAP3"
},
{
"pc": 585,
"name": "POP"
},
{
"pc": 586,
"name": "POP"
},
{
"pc": 587,
"name": "DUP2"
},
{
"pc": 588,
"name": "SWAP1"
},
{
"pc": 589,
"name": "SSTORE"
},
{
"pc": 590,
"name": "POP"
},
{
"pc": 591,
"name": "DUP1"
},
{
"pc": 592,
"name": "PUSH1",
"push": "0x03"
},
{
"pc": 594,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 596,
"name": "POP"
},
{
"pc": 597,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 599,
"name": "DUP5"
},
{
"pc": 600,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 602,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 604,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 606,
"name": "EXP"
},
{
"pc": 607,
"name": "SUB"
},
{
"pc": 608,
"name": "AND"
},
{
"pc": 609,
"name": "DUP2"
},
{
"pc": 610,
"name": "MSTORE"
},
{
"pc": 611,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 613,
"name": "ADD"
},
{
"pc": 614,
"name": "SWAP1"
},
{
"pc": 615,
"name": "DUP2"
},
{
"pc": 616,
"name": "MSTORE"
},
{
"pc": 617,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 619,
"name": "ADD"
},
{
"pc": 620,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 622,
"name": "SHA3"
},
{
"pc": 623,
"name": "PUSH1",
"push": "0x00"
},
{
"pc": 625,
"name": "DUP3"
},
{
"pc": 626,
"name": "DUP3"
},
{
"pc": 627,
"name": "DUP3"
},
{
"pc": 628,
"name": "POP"
},
{
"pc": 629,
"name": "SLOAD"
},
{
"pc": 630,
"name": "ADD"
},
{
"pc": 631,
"name": "SWAP3"
},
{
"pc": 632,
"name": "POP"
},
{
"pc": 633,
"name": "POP"
},
{
"pc": 634,
"name": "DUP2"
},
{
"pc": 635,
"name": "SWAP1"
},
{
"pc": 636,
"name": "SSTORE"
},
{
"pc": 637,
"name": "POP"
},
{
"pc": 638,
"name": "DUP2"
},
{
"pc": 639,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 641,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 643,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 645,
"name": "EXP"
},
{
"pc": 646,
"name": "SUB"
},
{
"pc": 647,
"name": "AND"
},
{
"pc": 648,
"name": "CALLER"
},
{
"pc": 649,
"name": "PUSH1",
"push": "0x01"
},
{
"pc": 651,
"name": "PUSH1",
"push": "0xa0"
},
{
"pc": 653,
"name": "PUSH1",
"push": "0x02"
},
{
"pc": 655,
"name": "EXP"
},
{
"pc": 656,
"name": "SUB"
},
{
"pc": 657,
"name": "AND"
},
{
"pc": 658,
"name": "PUSH32",
"push": "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef"
},
{
"pc": 691,
"name": "DUP4"
},
{
"pc": 692,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 694,
"name": "MLOAD"
},
{
"pc": 695,
"name": "DUP1"
},
{
"pc": 696,
"name": "DUP3"
},
{
"pc": 697,
"name": "DUP2"
},
{
"pc": 698,
"name": "MSTORE"
},
{
"pc": 699,
"name": "PUSH1",
"push": "0x20"
},
{
"pc": 701,
"name": "ADD"
},
{
"pc": 702,
"name": "SWAP2"
},
{
"pc": 703,
"name": "POP"
},
{
"pc": 704,
"name": "POP"
},
{
"pc": 705,
"name": "PUSH1",
"push": "0x40"
},
{
"pc": 707,
"name": "MLOAD"
},
{
"pc": 708,
"name": "DUP1"
},
{
"pc": 709,
"name": "SWAP2"
},
{
"pc": 710,
"name": "SUB"
},
{
"pc": 711,
"name": "SWAP1"
},
{
"pc": 712,
"name": "LOG3"
},
{
"pc": 713,
"name": "POP"
},
{
"pc": 714,
"name": "POP"
},
{
"pc": 715,
"name": "JUMP"
}
]
I correlated the selector table, transfer path, storage updates, and the lone CALL site. The external-call detector appears to be a false positive from the string-return helper; the meaningful risks are trapped ETH due to fully payable entrypoints and missing zero-address validation in the transfer path.
✓ Inspect BYTECODE_BUNDLE.json structure and contents
✓ Correlate selectors, callsites, storage slots, and detector findings into concrete risks
→ Return a schema-valid JSON report with conservative severity and explicit uncertainty
codex
{"no_findings":false,"summary":"Bytecode review suggests a small token-like contract with selectors matching `name`, `decimals`, `balanceOf`, `symbol`, and `transfer`. The lone `CALL` at `pc:0x188` is more consistent with an old-solc dynamic-string return helper than with an untrusted external call. The meaningful issues visible from runtime bytecode are silent ETH acceptance/locking and a missing zero-address guard on the inferred transfer path.","findings":[{"severity":"medium","category":"other","title":"All entrypoints appear payable, so ETH can be accepted and trapped permanently","exploit_scenario":"An integrator or user sends ETH alongside `transfer(...)`, `name()`, or even plain empty calldata. Because the runtime has no `CALLVALUE` rejection and unmatched selectors fall through to `STOP`, the call can succeed while ETH remains on the contract. With no visible withdrawal path in the bytecode, that ETH is likely unrecoverable.","recommendation":"Add a standard nonpayable guard (`CALLVALUE`/revert) to nonpayable functions and the fallback path, or add an explicit, access-controlled withdrawal/receive design if ETH custody is intended.","evidence":"The runtime contains no `CALLVALUE` opcode at all, the dispatcher falls through to `STOP` on unknown selectors at `pc:0x45`, and the only observed `CALL` is the helper call at `pc:0x188` rather than an obvious withdrawal/value-send path. From bytecode alone, this strongly suggests accidental ETH transfers are accepted but not recoverable.","locations":["pc:0x0","pc:0x45","pc:0x188"]},{"severity":"low","category":"other","title":"Inferred `transfer(address,uint256)` path lacks a zero-address recipient check","exploit_scenario":"If selector inference is correct for `0xa9059cbb`, a caller can transfer tokens to `address(0)`. That balance is then credited to the zero address and becomes effectively unreachable, causing accidental token loss and ERC20-incompatible accounting/burn behavior.","recommendation":"On the `transfer` path, explicitly revert when `to == address(0)` unless zero-address burns are intentionally supported and documented with matching supply semantics.","evidence":"Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. That path loads the recipient from calldata at `pc:0x129`, checks sender balance before jumping into the write path, then updates sender storage at `pc:0x24d` and recipient storage at `pc:0x27c`, and emits a `Transfer`-shaped `LOG3` at `pc:0x2c8`. I do not see any equality/zero check on the recipient before those writes, so this finding is low severity but well supported by the bytecode.","locations":["selector:0xa9059cbb","pc:0x129","pc:0x24d","pc:0x27c","pc:0x2c8"]}]}
tokens used
37,942
{
"codex": {
"ran_at": "2026-04-05T03:38:44.821218+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1434,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode review suggests a small token-like contract with selectors matching `name`, `decimals`, `balanceOf`, `symbol`, and `transfer`. The lone `CALL` at `pc:0x188` is more consistent with an old-solc dynamic-string return helper than with an untrusted external call. The meaningful issues visible from runtime bytecode are silent ETH acceptance/locking and a missing zero-address guard on the inferred transfer path.",
"raw_final": {
"summary": "Bytecode review suggests a small token-like contract with selectors matching `name`, `decimals`, `balanceOf`, `symbol`, and `transfer`. The lone `CALL` at `pc:0x188` is more consistent with an old-solc dynamic-string return helper than with an untrusted external call. The meaningful issues visible from runtime bytecode are silent ETH acceptance/locking and a missing zero-address guard on the inferred transfer path.",
"findings": [
{
"title": "All entrypoints appear payable, so ETH can be accepted and trapped permanently",
"category": "other",
"evidence": "The runtime contains no `CALLVALUE` opcode at all, the dispatcher falls through to `STOP` on unknown selectors at `pc:0x45`, and the only observed `CALL` is the helper call at `pc:0x188` rather than an obvious withdrawal/value-send path. From bytecode alone, this strongly suggests accidental ETH transfers are accepted but not recoverable.",
"severity": "medium",
"locations": [
"pc:0x0",
"pc:0x45",
"pc:0x188"
],
"recommendation": "Add a standard nonpayable guard (`CALLVALUE`/revert) to nonpayable functions and the fallback path, or add an explicit, access-controlled withdrawal/receive design if ETH custody is intended.",
"exploit_scenario": "An integrator or user sends ETH alongside `transfer(...)`, `name()`, or even plain empty calldata. Because the runtime has no `CALLVALUE` rejection and unmatched selectors fall through to `STOP`, the call can succeed while ETH remains on the contract. With no visible withdrawal path in the bytecode, that ETH is likely unrecoverable."
},
{
"title": "Inferred `transfer(address,uint256)` path lacks a zero-address recipient check",
"category": "other",
"evidence": "Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. That path loads the recipient from calldata at `pc:0x129`, checks sender balance before jumping into the write path, then updates sender storage at `pc:0x24d` and recipient storage at `pc:0x27c`, and emits a `Transfer`-shaped `LOG3` at `pc:0x2c8`. I do not see any equality/zero check on the recipient before those writes, so this finding is low severity but well supported by the bytecode.",
"severity": "low",
"locations": [
"selector:0xa9059cbb",
"pc:0x129",
"pc:0x24d",
"pc:0x27c",
"pc:0x2c8"
],
"recommendation": "On the `transfer` path, explicitly revert when `to == address(0)` unless zero-address burns are intentionally supported and documented with matching supply semantics.",
"exploit_scenario": "If selector inference is correct for `0xa9059cbb`, a caller can transfer tokens to `address(0)`. That balance is then credited to the zero address and becomes effectively unreachable, causing accidental token loss and ERC20-incompatible accounting/burn behavior."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0152 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x01f5 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x01ca 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x01f5 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01c0 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01c0 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0152 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x01f5 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x01ca 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x01f5 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: ISZERO 0000014a: PUSH2 0x01fd 0000014d: JUMPI 0000014e: PUSH2 0x0002 00000151: JUMP 00000152: JUMPDEST 00000153: PUSH1 0x40 00000155: MLOAD 00000156: DUP1 00000157: DUP1 00000158: PUSH1 0x20 0000015a: ADD 0000015b: DUP3 0000015c: DUP2 0000015d: SUB 0000015e: DUP3 0000015f: MSTORE 00000160: DUP4 00000161: DUP2 00000162: DUP2 00000163: MLOAD 00000164: DUP2 00000165: MSTORE 00000166: PUSH1 0x20 00000168: ADD 00000169: SWAP2 0000016a: POP 0000016b: DUP1 0000016c: MLOAD 0000016d: SWAP1 0000016e: PUSH1 0x20 00000170: ADD 00000171: SWAP1 00000172: DUP1 00000173: DUP4 00000174: DUP4 00000175: DUP3 00000176: SWAP1 00000177: PUSH1 0x00 00000179: PUSH1 0x04 0000017b: PUSH1 0x20 0000017d: DUP5 0000017e: PUSH1 0x1f 00000180: ADD 00000181: DIV 00000182: PUSH1 0x0f 00000184: MUL 00000185: PUSH1 0x03 00000187: ADD 00000188: CALL 00000189: POP 0000018a: SWAP1 0000018b: POP 0000018c: SWAP1 0000018d: DUP2 0000018e: ADD 0000018f: SWAP1 00000190: PUSH1 0x1f 00000192: AND 00000193: DUP1 00000194: ISZERO 00000195: PUSH2 0x01b2 00000198: JUMPI 00000199: DUP1 0000019a: DUP3 0000019b: SUB 0000019c: DUP1 0000019d: MLOAD 0000019e: PUSH1 0x01 000001a0: DUP4 000001a1: PUSH1 0x20 000001a3: SUB 000001a4: PUSH2 0x0100 000001a7: EXP 000001a8: SUB 000001a9: NOT 000001aa: AND 000001ab: DUP2 000001ac: MSTORE 000001ad: PUSH1 0x20 000001af: ADD 000001b0: SWAP2 000001b1: POP 000001b2: JUMPDEST 000001b3: POP 000001b4: SWAP3 000001b5: POP 000001b6: POP 000001b7: POP 000001b8: PUSH1 0x40 000001ba: MLOAD 000001bb: DUP1 000001bc: SWAP2 000001bd: SUB 000001be: SWAP1 000001bf: RETURN 000001c0: JUMPDEST 000001c1: PUSH1 0x60 000001c3: SWAP1 000001c4: DUP2 000001c5: MSTORE 000001c6: PUSH1 0x20 000001c8: SWAP1 000001c9: RETURN 000001ca: JUMPDEST 000001cb: DUP3 000001cc: ADD 000001cd: SWAP2 000001ce: SWAP1 000001cf: PUSH1 0x00 000001d1: MSTORE 000001d2: PUSH1 0x20 000001d4: PUSH1 0x00 000001d6: KECCAK256 000001d7: SWAP1 000001d8: JUMPDEST 000001d9: DUP2 000001da: SLOAD 000001db: DUP2 000001dc: MSTORE 000001dd: SWAP1 000001de: PUSH1 0x01 000001e0: ADD 000001e1: SWAP1 000001e2: PUSH1 0x20 000001e4: ADD 000001e5: DUP1 000001e6: DUP4 000001e7: GT 000001e8: PUSH2 0x01d8 000001eb: JUMPI 000001ec: DUP3 000001ed: SWAP1 000001ee: SUB 000001ef: PUSH1 0x1f 000001f1: AND 000001f2: DUP3 000001f3: ADD 000001f4: SWAP2 000001f5: JUMPDEST 000001f6: POP 000001f7: POP 000001f8: POP 000001f9: POP 000001fa: POP 000001fb: DUP2 000001fc: JUMP 000001fd: JUMPDEST 000001fe: PUSH1 0x01 00000200: PUSH1 0xa0 00000202: PUSH1 0x02 00000204: EXP 00000205: SUB 00000206: DUP3 00000207: AND 00000208: PUSH1 0x00 0000020a: SWAP1 0000020b: DUP2 0000020c: MSTORE 0000020d: PUSH1 0x40 0000020f: SWAP1 00000210: KECCAK256 00000211: SLOAD 00000212: DUP1 00000213: DUP3 00000214: ADD 00000215: LT 00000216: ISZERO 00000217: PUSH2 0x021f 0000021a: JUMPI 0000021b: PUSH2 0x0002 0000021e: JUMP 0000021f: JUMPDEST 00000220: DUP1 00000221: PUSH1 0x03 00000223: PUSH1 0x00 00000225: POP 00000226: PUSH1 0x00 00000228: CALLER 00000229: PUSH1 0x01 0000022b: PUSH1 0xa0 0000022d: PUSH1 0x02 0000022f: EXP 00000230: SUB 00000231: AND 00000232: DUP2 00000233: MSTORE 00000234: PUSH1 0x20 00000236: ADD 00000237: SWAP1 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: PUSH1 0x00 0000023f: KECCAK256 00000240: PUSH1 0x00 00000242: DUP3 00000243: DUP3 00000244: DUP3 00000245: POP 00000246: SLOAD 00000247: SUB 00000248: SWAP3 00000249: POP 0000024a: POP 0000024b: DUP2 0000024c: SWAP1 0000024d: SSTORE 0000024e: POP 0000024f: DUP1 00000250: PUSH1 0x03 00000252: PUSH1 0x00 00000254: POP 00000255: PUSH1 0x00 00000257: DUP5 00000258: PUSH1 0x01 0000025a: PUSH1 0xa0 0000025c: PUSH1 0x02 0000025e: EXP 0000025f: SUB 00000260: AND 00000261: DUP2 00000262: MSTORE 00000263: PUSH1 0x20 00000265: ADD 00000266: SWAP1 00000267: DUP2 00000268: MSTORE 00000269: PUSH1 0x20 0000026b: ADD 0000026c: PUSH1 0x00 0000026e: KECCAK256 0000026f: PUSH1 0x00 00000271: DUP3 00000272: DUP3 00000273: DUP3 00000274: POP 00000275: SLOAD 00000276: ADD 00000277: SWAP3 00000278: POP 00000279: POP 0000027a: DUP2 0000027b: SWAP1 0000027c: SSTORE 0000027d: POP 0000027e: DUP2 0000027f: PUSH1 0x01 00000281: PUSH1 0xa0 00000283: PUSH1 0x02 00000285: EXP 00000286: SUB 00000287: AND 00000288: CALLER 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000002b3: DUP4 000002b4: PUSH1 0x40 000002b6: MLOAD 000002b7: DUP1 000002b8: DUP3 000002b9: DUP2 000002ba: MSTORE 000002bb: PUSH1 0x20 000002bd: ADD 000002be: SWAP2 000002bf: POP 000002c0: POP 000002c1: PUSH1 0x40 000002c3: MLOAD 000002c4: DUP1 000002c5: SWAP2 000002c6: SUB 000002c7: SWAP1 000002c8: LOG3 000002c9: POP 000002ca: POP 000002cb: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab
call_targets:
0x0000000000000000000000000000000000000004, 0x629634c639d291516b0767aa328332d301ccfd19
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x629634c639d291516b0767aa328332d301ccfd19"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab
call_targets:
0x0000000000000000000000000000000000000004, 0x629634c639d291516b0767aa328332d301ccfd19
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xede064af764855b50c1616ce6c13f51791b2415ff995b0dc772f356a0bd1dbab",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x629634c639d291516b0767aa328332d301ccfd19"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| medium | other | codex | All entrypoints appear payable, so ETH can be accepted and trapped permanently | 75 | no | — |
viewevidence_json{
"evidence": "The runtime contains no `CALLVALUE` opcode at all, the dispatcher falls through to `STOP` on unknown selectors at `pc:0x45`, and the only observed `CALL` is the helper call at `pc:0x188` rather than an obvious withdrawal/value-send path. From bytecode alone, this strongly suggests accidental ETH transfers are accepted but not recoverable.",
"locations": [
"pc:0x0",
"pc:0x45",
"pc:0x188"
],
"recommendation": "Add a standard nonpayable guard (`CALLVALUE`/revert) to nonpayable functions and the fallback path, or add an explicit, access-controlled withdrawal/receive design if ETH custody is intended.",
"exploit_scenario": "An integrator or user sends ETH alongside `transfer(...)`, `name()`, or even plain empty calldata. Because the runtime has no `CALLVALUE` rejection and unmatched selectors fall through to `STOP`, the call can succeed while ETH remains on the contract. With no visible withdrawal path in the bytecode, that ETH is likely unrecoverable."
}
|
| low | other | codex | Inferred `transfer(address,uint256)` path lacks a zero-address recipient check | 65 | no | — |
viewevidence_json{
"evidence": "Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. That path loads the recipient from calldata at `pc:0x129`, checks sender balance before jumping into the write path, then updates sender storage at `pc:0x24d` and recipient storage at `pc:0x27c`, and emits a `Transfer`-shaped `LOG3` at `pc:0x2c8`. I do not see any equality/zero check on the recipient before those writes, so this finding is low severity but well supported by the bytecode.",
"locations": [
"selector:0xa9059cbb",
"pc:0x129",
"pc:0x24d",
"pc:0x27c",
"pc:0x2c8"
],
"recommendation": "On the `transfer` path, explicitly revert when `to == address(0)` unless zero-address burns are intentionally supported and documented with matching supply semantics.",
"exploit_scenario": "If selector inference is correct for `0xa9059cbb`, a caller can transfer tokens to `address(0)`. That balance is then credited to the zero address and becomes effectively unreachable, causing accidental token loss and ERC20-incompatible accounting/burn behavior."
}
|