TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-321a-708c-9422-f6f026c9f5a2

complete
Chain ID
1
Address
0x8d4a168bfabd4bfb4e2539828ad966a72b4ffc70
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
2899 artifact.fetch complete 1 / 3 3 months ago
2900 tool.cast_disasm complete 1 / 3 3 months ago
79819 analysis.bundle complete 1 / 3 1 week ago
79820 capability.graph complete 1 / 3 1 week ago
79821 detector.run complete 1 / 3 1 week ago
79822 validation.fork complete 1 / 3 1 week ago
113600 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-_bzaxb89
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c98-a14d-7ed1-9f5e-17f79903d28f
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:43:21.519674+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2332,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
0
Total opcodes
827
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0xe0
00000007: PUSH1 0x02
00000009: EXP
0000000a: PUSH1 0x00
0000000c: CALLDATALOAD
0000000d: DIV
0000000e: PUSH4 0x1f63a350
00000013: DUP2
00000014: EQ
00000015: PUSH2 0x0047
00000018: JUMPI
00000019: DUP1
0000001a: PUSH4 0x7795820c
0000001f: EQ
00000020: PUSH2 0x0105
00000023: JUMPI
00000024: DUP1
00000025: PUSH4 0x8337680a
0000002a: EQ
0000002b: PUSH2 0x0170
0000002e: JUMPI
0000002f: DUP1
00000030: PUSH4 0xe9f2dbfb
00000035: EQ
00000036: PUSH2 0x019c
00000039: JUMPI
0000003a: DUP1
0000003b: PUSH4 0xf0437a36
00000040: EQ
00000041: PUSH2 0x0304
00000044: JUMPI
00000045: JUMPDEST
00000046: STOP
00000047: JUMPDEST
00000048: PUSH2 0x018a
0000004b: PUSH1 0x04
0000004d: CALLDATALOAD
0000004e: PUSH1 0x24
00000050: CALLDATALOAD
00000051: PUSH1 0x44
00000053: CALLDATALOAD
00000054: PUSH1 0x64
00000056: CALLDATALOAD
00000057: PUSH1 0x84
00000059: CALLDATALOAD
0000005a: PUSH1 0x00
0000005c: DUP6
0000005d: DUP2
0000005e: MSTORE
0000005f: PUSH1 0x20
00000061: DUP2
00000062: DUP2
00000063: MSTORE
00000064: PUSH1 0x40
00000066: DUP1
00000067: DUP4
00000068: KECCAK256
00000069: PUSH1 0x02
0000006b: DUP2
0000006c: ADD
0000006d: SLOAD
0000006e: PUSH1 0x60
00000070: SWAP1
00000071: DUP2
00000072: MSTORE
00000073: PUSH1 0x80
00000075: DUP10
00000076: DUP2
00000077: MSTORE
00000078: SWAP3
00000079: DUP2
0000007a: KECCAK256
0000007b: DUP1
0000007c: DUP3
0000007d: MSTORE
0000007e: PUSH1 0xff
00000080: DUP10
00000081: AND
00000082: DUP5
00000083: MSTORE
00000084: PUSH1 0xa0
00000086: DUP9
00000087: SWAP1
00000088: MSTORE
00000089: PUSH1 0xc0
0000008b: DUP8
0000008c: SWAP1
0000008d: MSTORE
0000008e: SWAP2
0000008f: SWAP4
00000090: SWAP2
00000091: SWAP3
00000092: DUP6
00000093: SWAP3
00000094: PUSH1 0x01
00000096: SWAP3
00000097: PUSH1 0xe0
00000099: SWAP3
0000009a: DUP2
0000009b: DUP7
0000009c: DUP7
0000009d: PUSH2 0x61da
000000a0: GAS
000000a1: SUB
000000a2: CALL
000000a3: ISZERO
000000a4: PUSH2 0x0002
000000a7: JUMPI
000000a8: POP
000000a9: POP
000000aa: PUSH1 0x40
000000ac: MLOAD
000000ad: DUP1
000000ae: MLOAD
000000af: SWAP1
000000b0: PUSH1 0x20
000000b2: ADD
000000b3: POP
000000b4: SWAP1
000000b5: POP
000000b6: DUP3
000000b7: PUSH1 0x00
000000b9: ADD
000000ba: PUSH1 0x00
000000bc: SWAP1
000000bd: SLOAD
000000be: SWAP1
000000bf: PUSH2 0x0100
000000c2: EXP
000000c3: SWAP1
000000c4: DIV
000000c5: PUSH1 0xff
000000c7: AND
000000c8: DUP1
000000c9: PUSH2 0x00fb
000000cc: JUMPI
000000cd: POP
000000ce: DUP3
000000cf: PUSH1 0x06
000000d1: ADD
000000d2: PUSH1 0x00
000000d4: SWAP1
000000d5: SLOAD
000000d6: SWAP1
000000d7: PUSH2 0x0100
000000da: EXP
000000db: SWAP1
000000dc: DIV
000000dd: PUSH1 0x01
000000df: PUSH1 0xa0
000000e1: PUSH1 0x02
000000e3: EXP
000000e4: SUB
000000e5: AND
000000e6: PUSH1 0x01
000000e8: PUSH1 0xa0
000000ea: PUSH1 0x02
000000ec: EXP
000000ed: SUB
000000ee: AND
000000ef: DUP2
000000f0: PUSH1 0x01
000000f2: PUSH1 0xa0
000000f4: PUSH1 0x02
000000f6: EXP
000000f7: SUB
000000f8: AND
000000f9: EQ
000000fa: ISZERO
000000fb: JUMPDEST
000000fc: ISZERO
000000fd: PUSH2 0x0339
00000100: JUMPI
00000101: PUSH2 0x045b
00000104: JUMP
00000105: JUMPDEST
00000106: PUSH1 0x04
00000108: DUP1
00000109: CALLDATALOAD
0000010a: PUSH1 0x00
0000010c: SWAP1
0000010d: DUP2
0000010e: MSTORE
0000010f: PUSH1 0x20
00000111: DUP2
00000112: SWAP1
00000113: MSTORE
00000114: PUSH1 0x40
00000116: SWAP1
00000117: KECCAK256
00000118: DUP1
00000119: SLOAD
0000011a: PUSH1 0x01
0000011c: DUP3
0000011d: ADD
0000011e: SLOAD
0000011f: PUSH1 0x02
00000121: DUP4
00000122: ADD
00000123: SLOAD
00000124: PUSH1 0x03
00000126: DUP5
00000127: ADD
00000128: SLOAD
00000129: SWAP5
0000012a: DUP5
0000012b: ADD
0000012c: SLOAD
0000012d: PUSH1 0x05
0000012f: DUP6
00000130: ADD
00000131: SLOAD
00000132: PUSH1 0x06
00000134: SWAP1
00000135: SWAP6
00000136: ADD
00000137: SLOAD
00000138: PUSH1 0x60
0000013a: SWAP4
0000013b: DUP5
0000013c: MSTORE
0000013d: PUSH1 0x80
0000013f: SWAP3
00000140: SWAP1
00000141: SWAP3
00000142: MSTORE
00000143: PUSH1 0xa0
00000145: SWAP6
00000146: SWAP1
00000147: SWAP6
00000148: MSTORE
00000149: PUSH1 0x01
0000014b: PUSH1 0xa0
0000014d: PUSH1 0x02
0000014f: EXP
00000150: SUB
00000151: SWAP5
00000152: DUP6
00000153: AND
00000154: PUSH1 0xc0
00000156: MSTORE
00000157: SWAP3
00000158: DUP5
00000159: AND
0000015a: PUSH1 0xe0
0000015c: SWAP1
0000015d: DUP2
0000015e: MSTORE
0000015f: SWAP3
00000160: SWAP1
00000161: SWAP4
00000162: AND
00000163: PUSH2 0x0100
00000166: MSTORE
00000167: PUSH1 0xff
00000169: AND
0000016a: PUSH2 0x0120
0000016d: MSTORE
0000016e: SWAP1
0000016f: RETURN
00000170: JUMPDEST
00000171: CALLER
00000172: PUSH1 0x01
00000174: PUSH1 0xa0
00000176: PUSH1 0x02
00000178: EXP
00000179: SUB
0000017a: AND
0000017b: PUSH1 0x00
0000017d: SWAP1
0000017e: DUP2
0000017f: MSTORE
00000180: PUSH1 0x01
00000182: PUSH1 0x20
00000184: MSTORE
00000185: PUSH1 0x40
00000187: SWAP1
00000188: KECCAK256
00000189: SLOAD
0000018a: JUMPDEST
0000018b: PUSH1 0x40
0000018d: DUP1
0000018e: MLOAD
0000018f: SWAP2
00000190: DUP3
00000191: MSTORE
00000192: MLOAD
00000193: SWAP1
00000194: DUP2
00000195: SWAP1
00000196: SUB
00000197: PUSH1 0x20
00000199: ADD
0000019a: SWAP1
0000019b: RETURN
0000019c: JUMPDEST
0000019d: PUSH2 0x018a
000001a0: PUSH1 0x04
000001a2: CALLDATALOAD
000001a3: PUSH1 0x24
000001a5: CALLDATALOAD
000001a6: PUSH1 0x44
000001a8: CALLDATALOAD
000001a9: PUSH1 0x64
000001ab: CALLDATALOAD
000001ac: PUSH1 0x00
000001ae: ADDRESS
000001af: CALLER
000001b0: CALLVALUE
000001b1: PUSH1 0x00
000001b3: CALLDATASIZE
000001b4: PUSH1 0x40
000001b6: MLOAD
000001b7: DUP1
000001b8: DUP7
000001b9: PUSH1 0x01
000001bb: PUSH1 0xa0
000001bd: PUSH1 0x02
000001bf: EXP
000001c0: SUB
000001c1: AND
000001c2: PUSH13 0x01000000000000000000000000
000001d0: MUL
000001d1: DUP2
000001d2: MSTORE
000001d3: PUSH1 0x14
000001d5: ADD
000001d6: DUP6
000001d7: PUSH1 0x01
000001d9: PUSH1 0xa0
000001db: PUSH1 0x02
000001dd: EXP
000001de: SUB
000001df: AND
000001e0: PUSH13 0x01000000000000000000000000
000001ee: MUL
000001ef: DUP2
000001f0: MSTORE
000001f1: PUSH1 0x14
000001f3: ADD
000001f4: DUP5
000001f5: DUP2
000001f6: MSTORE
000001f7: PUSH1 0x20
000001f9: ADD
000001fa: DUP4
000001fb: DUP4
000001fc: DUP1
000001fd: DUP3
000001fe: DUP5
000001ff: CALLDATACOPY
00000200: POP
00000201: POP
00000202: PUSH1 0x40
00000204: DUP1
00000205: MLOAD
00000206: SWAP4
00000207: DUP5
00000208: SWAP1
00000209: SUB
0000020a: SWAP1
0000020b: SWAP2
0000020c: ADD
0000020d: DUP4
0000020e: KECCAK256
0000020f: PUSH1 0xe0
00000211: DUP5
00000212: ADD
00000213: DUP3
00000214: MSTORE
00000215: SWAP4
00000216: DUP4
00000217: MSTORE
00000218: PUSH1 0x20
0000021a: DUP4
0000021b: DUP2
0000021c: ADD
0000021d: DUP14
0000021e: DUP2
0000021f: MSTORE
00000220: DUP5
00000221: DUP4
00000222: ADD
00000223: DUP14
00000224: DUP2
00000225: MSTORE
00000226: SWAP4
00000227: DUP6
00000228: ADD
00000229: SWAP7
0000022a: DUP8
0000022b: MSTORE
0000022c: PUSH1 0x80
0000022e: DUP6
0000022f: ADD
00000230: DUP9
00000231: DUP2
00000232: MSTORE
00000233: PUSH1 0xa0
00000235: DUP7
00000236: ADD
00000237: DUP14
00000238: DUP2
00000239: MSTORE
0000023a: PUSH1 0xc0
0000023c: DUP8
0000023d: ADD
0000023e: DUP14
0000023f: DUP2
00000240: MSTORE
00000241: DUP9
00000242: DUP14
00000243: MSTORE
00000244: DUP13
00000245: DUP6
00000246: MSTORE
00000247: DUP6
00000248: DUP14
00000249: KECCAK256
0000024a: SWAP8
0000024b: MLOAD
0000024c: DUP9
0000024d: SLOAD
0000024e: PUSH1 0xff
00000250: NOT
00000251: AND
00000252: OR
00000253: DUP9
00000254: SSTORE
00000255: SWAP3
00000256: MLOAD
00000257: PUSH1 0x01
00000259: DUP9
0000025a: DUP2
0000025b: ADD
0000025c: SWAP2
0000025d: SWAP1
0000025e: SWAP2
0000025f: SSTORE
00000260: SWAP6
00000261: MLOAD
00000262: PUSH1 0x02
00000264: DUP9
00000265: ADD
00000266: SSTORE
00000267: SWAP8
00000268: MLOAD
00000269: PUSH1 0x03
0000026b: DUP8
0000026c: ADD
0000026d: SSTORE
0000026e: MLOAD
0000026f: PUSH1 0x04
00000271: DUP7
00000272: ADD
00000273: DUP1
00000274: SLOAD
00000275: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000028a: NOT
0000028b: SWAP1
0000028c: DUP2
0000028d: AND
0000028e: SWAP1
0000028f: SWAP3
00000290: OR
00000291: SWAP1
00000292: SSTORE
00000293: SWAP7
00000294: MLOAD
00000295: PUSH1 0x05
00000297: DUP7
00000298: ADD
00000299: DUP1
0000029a: SLOAD
0000029b: DUP10
0000029c: AND
0000029d: SWAP1
0000029e: SWAP2
0000029f: OR
000002a0: SWAP1
000002a1: SSTORE
000002a2: MLOAD
000002a3: PUSH1 0x06
000002a5: SWAP1
000002a6: SWAP5
000002a7: ADD
000002a8: DUP1
000002a9: SLOAD
000002aa: SWAP1
000002ab: SWAP7
000002ac: AND
000002ad: SWAP1
000002ae: SWAP4
000002af: OR
000002b0: SWAP1
000002b1: SWAP5
000002b2: SSTORE
000002b3: PUSH1 0x01
000002b5: PUSH1 0xa0
000002b7: PUSH1 0x02
000002b9: EXP
000002ba: SUB
000002bb: SWAP1
000002bc: SWAP5
000002bd: AND
000002be: DUP7
000002bf: MSTORE
000002c0: DUP4
000002c1: SWAP1
000002c2: MSTORE
000002c3: SWAP4
000002c4: KECCAK256
000002c5: DUP1
000002c6: SLOAD
000002c7: SWAP2
000002c8: DUP3
000002c9: ADD
000002ca: DUP1
000002cb: DUP3
000002cc: SSTORE
000002cd: SWAP1
000002ce: SWAP3
000002cf: POP
000002d0: DUP3
000002d1: DUP2
000002d2: DUP4
000002d3: DUP1
000002d4: ISZERO
000002d5: DUP3
000002d6: SWAP1
000002d7: GT
000002d8: PUSH2 0x0467
000002db: JUMPI
000002dc: DUP2
000002dd: DUP4
000002de: PUSH1 0x00
000002e0: MSTORE
000002e1: PUSH1 0x20
000002e3: PUSH1 0x00
000002e5: KECCAK256
000002e6: SWAP2
000002e7: DUP3
000002e8: ADD
000002e9: SWAP2
000002ea: ADD
000002eb: PUSH2 0x0467
000002ee: SWAP2
000002ef: SWAP1
000002f0: JUMPDEST
000002f1: DUP1
000002f2: DUP3
000002f3: GT
000002f4: ISZERO
000002f5: PUSH2 0x0489
000002f8: JUMPI
000002f9: PUSH1 0x00
000002fb: DUP2
000002fc: SSTORE
000002fd: PUSH1 0x01
000002ff: ADD
00000300: PUSH2 0x02f0
00000303: JUMP
00000304: JUMPDEST
00000305: PUSH2 0x018a
00000308: PUSH1 0x04
0000030a: CALLDATALOAD
0000030b: PUSH1 0x01
0000030d: PUSH1 0xa0
0000030f: PUSH1 0x02
00000311: EXP
00000312: SUB
00000313: CALLER
00000314: AND
00000315: PUSH1 0x00
00000317: SWAP1
00000318: DUP2
00000319: MSTORE
0000031a: PUSH1 0x01
0000031c: PUSH1 0x20
0000031e: MSTORE
0000031f: PUSH1 0x40
00000321: DUP2
00000322: KECCAK256
00000323: DUP1
00000324: SLOAD
00000325: DUP4
00000326: SWAP1
00000327: DUP2
00000328: LT
00000329: ISZERO
0000032a: PUSH2 0x0002
0000032d: JUMPI
0000032e: POP
0000032f: DUP2
00000330: MSTORE
00000331: PUSH1 0x20
00000333: SWAP1
00000334: KECCAK256
00000335: ADD
00000336: SLOAD
00000337: SWAP1
00000338: JUMP
00000339: JUMPDEST
0000033a: PUSH1 0x01
0000033c: DUP4
0000033d: PUSH1 0x00
0000033f: ADD
00000340: PUSH1 0x00
00000342: PUSH2 0x0100
00000345: EXP
00000346: DUP2
00000347: SLOAD
00000348: DUP2
00000349: PUSH1 0xff
0000034b: MUL
0000034c: NOT
0000034d: AND
0000034e: SWAP1
0000034f: DUP4
00000350: MUL
00000351: OR
00000352: SWAP1
00000353: SSTORE
00000354: POP
00000355: PUSH1 0x00
00000357: DUP9
00000358: PUSH1 0x01
0000035a: SWAP1
0000035b: DIV
0000035c: GT
0000035d: ISZERO
0000035e: PUSH2 0x03e4
00000361: JUMPI
00000362: DUP3
00000363: PUSH1 0x04
00000365: ADD
00000366: PUSH1 0x00
00000368: SWAP1
00000369: SLOAD
0000036a: SWAP1
0000036b: PUSH2 0x0100
0000036e: EXP
0000036f: SWAP1
00000370: DIV
00000371: PUSH1 0x01
00000373: PUSH1 0xa0
00000375: PUSH1 0x02
00000377: EXP
00000378: SUB
00000379: AND
0000037a: PUSH1 0x01
0000037c: PUSH1 0xa0
0000037e: PUSH1 0x02
00000380: EXP
00000381: SUB
00000382: AND
00000383: PUSH1 0x00
00000385: DUP5
00000386: PUSH1 0x03
00000388: ADD
00000389: PUSH1 0x00
0000038b: POP
0000038c: SLOAD
0000038d: PUSH1 0x40
0000038f: MLOAD
00000390: DUP1
00000391: SWAP1
00000392: POP
00000393: PUSH1 0x00
00000395: PUSH1 0x40
00000397: MLOAD
00000398: DUP1
00000399: DUP4
0000039a: SUB
0000039b: DUP2
0000039c: DUP6
0000039d: DUP9
0000039e: DUP9
0000039f: CALL
000003a0: POP
000003a1: POP
000003a2: PUSH1 0x40
000003a4: DUP1
000003a5: MLOAD
000003a6: PUSH1 0x01
000003a8: DUP2
000003a9: MSTORE
000003aa: SWAP1
000003ab: MLOAD
000003ac: DUP14
000003ad: SWAP5
000003ae: POP
000003af: PUSH32 0x3c5f8551efa9ba60f8d11f93f4af3a1840a236b5a9af0b974b36dd0869b842b9
000003d0: SWAP4
000003d1: POP
000003d2: SWAP1
000003d3: DUP2
000003d4: SWAP1
000003d5: SUB
000003d6: PUSH1 0x20
000003d8: ADD
000003d9: SWAP2
000003da: POP
000003db: LOG2
000003dc: PUSH1 0x01
000003de: SWAP4
000003df: POP
000003e0: PUSH2 0x045b
000003e3: JUMP
000003e4: JUMPDEST
000003e5: DUP3
000003e6: PUSH1 0x05
000003e8: ADD
000003e9: PUSH1 0x00
000003eb: SWAP1
000003ec: SLOAD
000003ed: SWAP1
000003ee: PUSH2 0x0100
000003f1: EXP
000003f2: SWAP1
000003f3: DIV
000003f4: PUSH1 0x01
000003f6: PUSH1 0xa0
000003f8: PUSH1 0x02
000003fa: EXP
000003fb: SUB
000003fc: AND
000003fd: PUSH1 0x01
000003ff: PUSH1 0xa0
00000401: PUSH1 0x02
00000403: EXP
00000404: SUB
00000405: AND
00000406: PUSH1 0x00
00000408: DUP5
00000409: PUSH1 0x03
0000040b: ADD
0000040c: PUSH1 0x00
0000040e: POP
0000040f: SLOAD
00000410: PUSH1 0x40
00000412: MLOAD
00000413: DUP1
00000414: SWAP1
00000415: POP
00000416: PUSH1 0x00
00000418: PUSH1 0x40
0000041a: MLOAD
0000041b: DUP1
0000041c: DUP4
0000041d: SUB
0000041e: DUP2
0000041f: DUP6
00000420: DUP9
00000421: DUP9
00000422: CALL
00000423: POP
00000424: POP
00000425: PUSH1 0x40
00000427: DUP1
00000428: MLOAD
00000429: SWAP3
0000042a: DUP4
0000042b: MSTORE
0000042c: MLOAD
0000042d: DUP13
0000042e: SWAP4
0000042f: POP
00000430: PUSH32 0x3c5f8551efa9ba60f8d11f93f4af3a1840a236b5a9af0b974b36dd0869b842b9
00000451: SWAP3
00000452: DUP2
00000453: SWAP1
00000454: SUB
00000455: PUSH1 0x20
00000457: ADD
00000458: SWAP2
00000459: POP
0000045a: LOG2
0000045b: JUMPDEST
0000045c: POP
0000045d: POP
0000045e: POP
0000045f: SWAP6
00000460: SWAP5
00000461: POP
00000462: POP
00000463: POP
00000464: POP
00000465: POP
00000466: JUMP
00000467: JUMPDEST
00000468: POP
00000469: POP
0000046a: POP
0000046b: SWAP2
0000046c: SWAP1
0000046d: SWAP1
0000046e: PUSH1 0x00
00000470: MSTORE
00000471: PUSH1 0x20
00000473: PUSH1 0x00
00000475: KECCAK256
00000476: SWAP1
00000477: ADD
00000478: PUSH1 0x00
0000047a: DUP4
0000047b: SWAP1
0000047c: SWAP2
0000047d: SWAP1
0000047e: SWAP2
0000047f: POP
00000480: SSTORE
00000481: POP
00000482: SWAP5
00000483: SWAP4
00000484: POP
00000485: POP
00000486: POP
00000487: POP
00000488: JUMP
00000489: JUMPDEST
0000048a: POP
0000048b: SWAP1
0000048c: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x0c453215eb8f434fccdcded2ead4be3f1186e206bfab85b2a3242183516f32fc
call_targets: 0x0000000000000000000000000000000000000001, 0x8d4a168bfabd4bfb4e2539828ad966a72b4ffc70
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x0c453215eb8f434fccdcded2ead4be3f1186e206bfab85b2a3242183516f32fc",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000001",
        "0x8d4a168bfabd4bfb4e2539828ad966a72b4ffc70"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x1f63a350",
            "selector": "0x1f63a350",
            "calldata_variants": [
                "0x1f63a350",
                "0x1f63a3500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7795820c",
            "selector": "0x7795820c",
            "calldata_variants": [
                "0x7795820c",
                "0x7795820c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8337680a",
            "selector": "0x8337680a",
            "calldata_variants": [
                "0x8337680a",
                "0x8337680a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe9f2dbfb",
            "selector": "0xe9f2dbfb",
            "calldata_variants": [
                "0xe9f2dbfb",
                "0xe9f2dbfb0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf0437a36",
            "selector": "0xf0437a36",
            "calldata_variants": [
                "0xf0437a36",
                "0xf0437a360000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 162,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant",
            "target_expression_category": "computed"
        },
        {
            "pc": 927,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1058,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x0c453215eb8f434fccdcded2ead4be3f1186e206bfab85b2a3242183516f32fc
call_targets: 0x0000000000000000000000000000000000000001, 0x8d4a168bfabd4bfb4e2539828ad966a72b4ffc70
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x0c453215eb8f434fccdcded2ead4be3f1186e206bfab85b2a3242183516f32fc",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000001",
        "0x8d4a168bfabd4bfb4e2539828ad966a72b4ffc70"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x1f63a350",
            "selector": "0x1f63a350",
            "calldata_variants": [
                "0x1f63a350",
                "0x1f63a3500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7795820c",
            "selector": "0x7795820c",
            "calldata_variants": [
                "0x7795820c",
                "0x7795820c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8337680a",
            "selector": "0x8337680a",
            "calldata_variants": [
                "0x8337680a",
                "0x8337680a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe9f2dbfb",
            "selector": "0xe9f2dbfb",
            "calldata_variants": [
                "0xe9f2dbfb",
                "0xe9f2dbfb0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf0437a36",
            "selector": "0xf0437a36",
            "calldata_variants": [
                "0xf0437a36",
                "0xf0437a360000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 162,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant",
            "target_expression_category": "computed"
        },
        {
            "pc": 927,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1058,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}