019b3836-352d-7269-a56d-dfd328dac9e7
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3381 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3382 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46632 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46633 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46634 | detector.run | complete | 1 / 3 | 1 week ago |
| 46635 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113269 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Runtime bytecode looks like a minimal ERC20-style token with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. I did not find bytecode evidence of reentrancy, delegatecall/proxy upgradeability, signature validation logic, or privileged admin paths. The detector-reported `CALL` at `pc:0x1a7` is more consistent with Solidity's old identity-precompile string-copy helper than an attacker-controlled external call, so I do not treat it as a material issue. The main issue visible from bytecode alone is the permissive fallback/receive behavior.","findings":[{"severity":"low","category":"other","title":"Fallback silently accepts ETH and unknown selectors","exploit_scenario":"Any call whose selector is not one of the five recognized entries falls through to `STOP` instead of reverting. That means a user or integrating protocol can send ETH or invoke an unsupported low-level call and still observe `success=true` even though no intended function ran. Because no withdrawal/recovery path is visible in the runtime bytecode, ETH sent this way appears permanently stuck. Integrations that only check low-level call success could also proceed under a false assumption that an unsupported operation succeeded.","recommendation":"Treat the contract as non-payable in integrations and never rely on low-level `call` success alone; require the expected selector/returndata. If this code is ever redeployed, add an explicit reverting `fallback`/`receive` unless ETH reception is intentional, and add a deliberate recovery path if holding ETH is required.","evidence":"The dispatcher at `pc:0x0` only recognizes selectors `0x06fdde03`, `0x313ce567`, `0x70a08231`, `0x95d89b41`, and `0xa9059cbb`. Unmatched calls flow to `JUMPDEST; STOP` at `pc:0x45` with no preceding `CALLVALUE` rejection. The artifact also shows no proxy/admin surface and no visible ETH-withdrawal function.","locations":["pc:0x0","pc:0x45"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-kcral4wx
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5be6-8341-7a01-bb97-ddbda8f1c7b1
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "pwd && rg --files -g 'BYTECODE_BUNDLE.json' -g 'AGENTS.md' -g '*.json'" in /tmp/codex-kcral4wx
succeeded in 0ms:
/tmp/codex-kcral4wx
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x59e584653fc41fe9a0780c754ae5bcbc950f0269",
"artifact_hash": "0xff66b52ab72621c0811f0b0776659bee4592040493e489fb493cb83fe07354c1",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 25
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 36
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 47
},
{
"end_pc": 68,
"hash": "0x3a122683470ea7901e31e80e6378780a829a06da64b04e691b5d5c5621392507",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 58
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 69
},
{
"end_pc": 136,
"hash": "0xf40449b02dac3d8f47855034813de568b98c652f9830a133b3073a9873212a05",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 71
},
{
"end_pc": 144,
"hash": "0x7a355623b8b883b4699f46760b468c692676e190c7e929634fc8cc91b960e828",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 137
},
{
"end_pc": 163,
"hash": "0xecf2c5af628c9d14e5484dd92b242b3443b71f5fbb56ef3bb6d6ecc43488b865",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 145
},
{
"end_pc": 175,
"hash": "0xf62eccf39e21b0e7c82cfcb3b9161109c9cde5dd5c779dfdf9d7973b15a1f6f4",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 164
},
{
"end_pc": 199,
"hash": "0x05f97e1fd71d0e615e61d36d6d9fc9f3a8acf10fd5fb739c2455360490997f41",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 176
},
{
"end_pc": 263,
"hash": "0x3b9a3c0e7fbbf4ecb17a787b5a04fc83590949a51a6fd3d3f767311abf7a0c87",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_85",
"OP_87",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_93",
"AND",
"OP_92",
"OP_90",
"OP_92",
"DIV",
"OP_91",
"OP_82",
"ADD",
"OP_81",
"OP_90",
"DIV",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 200
},
{
"end_pc": 271,
"hash": "0x7090146e9b5fc2309802dbb79ccb9ee86583359c5c3be96451826d65ecdc85ad",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 264
},
{
"end_pc": 290,
"hash": "0x10fb4a62e31f9d523fba9e254b0a1cdf4088252f3ab9207bbb88b56ad78999f5",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 272
},
{
"end_pc": 333,
"hash": "0xd2efc930fda1fda27663cef7ff064d3b5644e25c73944457c5b247a2a2b5ebc0",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"OP_80",
"PUSH2",
"JUMPI"
],
"start_pc": 291
},
{
"end_pc": 358,
"hash": "0x0cb281f02dafac7bc5747ea2ef6cc0ac9cd79b706be48c09434fe236d62304c0",
"opcodes": [
"POP",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT"
],
"start_pc": 334
},
{
"end_pc": 364,
"hash": "0x4814088d1abceba7bce3d4b5b89f161d17c093265433f37367be8adf0dc5d9aa",
"opcodes": [
"JUMPDEST",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 359
},
{
"end_pc": 368,
"hash": "0xac36dca57ddb5fc789957ffad51730f7f53229ca3982b5d74ea2101757b9905f",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 365
},
{
"end_pc": 439,
"hash": "0x4a2fafd97023c8a8f31f1ac7c9d6df99ecfea6a6c1f4b93506db3ef9cb749e5e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 369
},
{
"end_pc": 464,
"hash": "0xebb6ccfb60657a2ed3d1a377dfa457bf2b13b45b75c03c3302572d286824ebdf",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 440
},
{
"end_pc": 478,
"hash": "0xd8b1d5b723eaa7895bcb21e965231688c1662a1902dec4aabd2354f749c4df07",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 465
},
{
"end_pc": 488,
"hash": "0x672c26154dc00d7172790e8e1de59fd7d9ca445474687406424f70df4450fe25",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 479
},
{
"end_pc": 502,
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
"hash": "0x7bde65d6a9816da073cced29f6f34d22c241ed00ffe7e5bdc351d09cf32af2b7",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 489
},
{
"end_pc": 522,
"hash": "0xe65d9d6443f3a673e82c38fd7dd0017f03525f100e05bc5fcf0baddb948cdeb4",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 503
},
{
"end_pc": 531,
"hash": "0xaa71a205054de33589ec835473fdc578d8c5d518fbca97c609b111c4b5d7237f",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 523
},
{
"end_pc": 539,
"hash": "0xb6701d2440ac796fa26fd00c5144c1da1ea113aa11d54563da929fd75db3e96a",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 532
},
{
"end_pc": 712,
"hash": "0x1bf824d37500e40fbaa54fddc78cc7c83681f362412140bde6c660277afad52a",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 540
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
"from": "bb:137",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:264",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:272",
"type": "control_flow_fallthrough"
},
{
"from": "bb:272",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:359",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:334",
"type": "control_flow_fallthrough"
},
{
"from": "bb:334",
"to": "bb:359",
"type": "control_flow_fallthrough"
},
{
"from": "bb:359",
"to": "bb:540",
"type": "control_flow"
},
{
"from": "bb:359",
"to": "bb:365",
"type": "control_flow_fallthrough"
},
{
"from": "bb:369",
"to": "bb:465",
"type": "control_flow"
},
{
"from": "bb:369",
"to": "bb:440",
"type": "control_flow_fallthrough"
},
{
"from": "bb:440",
"to": "bb:465",
"type": "control_flow_fallthrough"
},
{
"from": "bb:489",
"to": "bb:503",
"type": "control_flow_fallthrough"
},
{
"from": "bb:503",
"to": "bb:503",
"type": "control_flow"
},
{
"from": "bb:503",
"to": "bb:523",
"type": "control_flow_fallthrough"
},
{
"from": "bb:523",
"to": "bb:532",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x62bc9d91060a7d906e3ed62fa92d1796a7bd561a18943a9a9e8c6074c19a14b8",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
],
"selectors": [
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"created_at": "2026-04-04T19:55:58.000000Z",
"id": 2315,
"updated_at": "2026-04-04T19:55:58.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x59e584653fc41fe9a0780c754ae5bcbc950f0269",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:55.000000Z",
"id": "019b3836-352d-7269-a56d-dfd328dac9e7",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:55:58.000000Z"
},
"artifact": {
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
"head": null,
"length": 1428,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x59e584653fc41fe9a0780c754ae5bcbc950f0269",
"block_number": null,
"chain_id": 1,
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"created_at": "2026-04-04T19:55:58.000000Z",
"graph_hash": "0x8de325a24b2afd792ab9a468e6edee3adedaa775bc08e5d275cefe9a3b40f325",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:532",
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|callsites|storage|proxy|delegatecall|reentr|owner|allowance|transferFrom|approve|selectors|summary' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
710: "callsites": [
914: "delegatecall": 0,
918: "storage": {
958: "delegatecall": 0,
962: "storage": {
1002: "delegatecall": 0,
1006: "storage": {
1046: "delegatecall": 0,
1050: "storage": {
1090: "delegatecall": 0,
1094: "storage": {
1127: "selectors": [
1138: "delegatecall": 0,
1143: "storage": {
1204: "is_proxy": false,
1646: "detector_findings": [
1649: "evidence_json": {
1688: "evidence_json": {
1726: "heuristics_summary": {
1728: "delegatecall_count": 0,
exec
/bin/bash -lc "sed -n '1600,1775p' BYTECODE_BUNDLE.json" in /tmp/codex-kcral4wx
succeeded in 0ms:
"id": "call:423",
"opcode": "CALL",
"pc": 423,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2315,
"updated_at": "2026-04-04T19:55:58.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x59e584653fc41fe9a0780c754ae5bcbc950f0269"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x59e584653fc41fe9a0780c754ae5bcbc950f0269"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const data = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex = data.artifact.runtime_bytecode.full.slice(2);
const bytes = Buffer.from(hex,'hex');
const opnames = {};
for (let i=0;i<=255;i++) opnames[i]='OP_'+i.toString(16);
const base={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'};
Object.assign(opnames, base);
for(let i=1;i<=32;i++) opnames[0x5f+i]='PUSH'+i;
for(let i=1;i<=16;i++) opnames[0x7f+i]='DUP'+i;
for(let i=1;i<=16;i++) opnames[0x8f+i]='SWAP'+i;
for(let i=0;i<=4;i++) opnames[0xa0+i]='LOG'+i;
let pc=0;
while(pc<bytes.length){
const op=bytes[pc];
let name=opnames[op]||('OP_'+op.toString(16));
let out=pc.toString().padStart(4)+' '+name;
if(op>=0x60&&op<=0x7f){
const n=op-0x5f;
const imm=bytes.slice(pc+1,pc+1+n).toString('hex');
out+=' 0x'+imm;
pc+=1+n;
} else {
pc+=1;
}
if (pc>=360 && pc<=440 || (pc-1)>=360 && (pc-1)<=440) console.log(out);
}
NODE" in /tmp/codex-kcral4wx
succeeded in 0ms:
359 JUMPDEST
360 ISZERO
361 PUSH2 0x021c
364 JUMPI
365 PUSH2 0x0002
368 JUMP
369 JUMPDEST
370 PUSH1 0x40
372 MLOAD
373 DUP1
374 DUP1
375 PUSH1 0x20
377 ADD
378 DUP3
379 DUP2
380 SUB
381 DUP3
382 MSTORE
383 DUP4
384 DUP2
385 DUP2
386 MLOAD
387 DUP2
388 MSTORE
389 PUSH1 0x20
391 ADD
392 SWAP2
393 POP
394 DUP1
395 MLOAD
396 SWAP1
397 PUSH1 0x20
399 ADD
400 SWAP1
401 DUP1
402 DUP4
403 DUP4
404 DUP3
405 SWAP1
406 PUSH1 0x00
408 PUSH1 0x04
410 PUSH1 0x20
412 DUP5
413 PUSH1 0x1f
415 ADD
416 DIV
417 PUSH1 0x0f
419 MUL
420 PUSH1 0x03
422 ADD
423 CALL
424 POP
425 SWAP1
426 POP
427 SWAP1
428 DUP2
429 ADD
430 SWAP1
431 PUSH1 0x1f
433 AND
434 DUP1
435 ISZERO
436 PUSH2 0x01d1
439 JUMPI
440 DUP1
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const data = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex = data.artifact.runtime_bytecode.full.slice(2);
const bytes = Buffer.from(hex,'hex');
const names={};
const base={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'};
Object.assign(names, base);
for(let i=1;i<=32;i++) names[0x5f+i]='PUSH'+i;
for(let i=1;i<=16;i++) names[0x7f+i]='DUP'+i;
for(let i=1;i<=16;i++) names[0x8f+i]='SWAP'+i;
for(let i=0;i<=4;i++) names[0xa0+i]='LOG'+i;
let pc=0; while(pc<bytes.length){const start=pc; const op=bytes[pc++]; let out=String(start).padStart(4)+' '+(names[op]||('OP_'+op.toString(16))); if(op>=0x60&&op<=0x7f){const n=op-0x5f; out+=' 0x'+bytes.slice(pc,pc+n).toString('hex'); pc+=n;} if(start>=291 && start<=439) console.log(out);}
NODE" in /tmp/codex-kcral4wx
succeeded in 0ms:
291 JUMPDEST
292 PUSH2 0x0045
295 PUSH1 0x04
297 CALLDATALOAD
298 PUSH1 0x24
300 CALLDATALOAD
301 PUSH1 0x01
303 PUSH1 0xa0
305 PUSH1 0x02
307 EXP
308 SUB
309 CALLER
310 AND
311 PUSH1 0x00
313 SWAP1
314 DUP2
315 MSTORE
316 PUSH1 0x03
318 PUSH1 0x20
320 MSTORE
321 PUSH1 0x40
323 SWAP1
324 SHA3
325 SLOAD
326 DUP2
327 SWAP1
328 LT
329 DUP1
330 PUSH2 0x0167
333 JUMPI
334 POP
335 PUSH1 0x01
337 PUSH1 0xa0
339 PUSH1 0x02
341 EXP
342 SUB
343 DUP3
344 AND
345 PUSH1 0x00
347 SWAP1
348 DUP2
349 MSTORE
350 PUSH1 0x40
352 SWAP1
353 SHA3
354 SLOAD
355 DUP1
356 DUP3
357 ADD
358 LT
359 JUMPDEST
360 ISZERO
361 PUSH2 0x021c
364 JUMPI
365 PUSH2 0x0002
368 JUMP
369 JUMPDEST
370 PUSH1 0x40
372 MLOAD
373 DUP1
374 DUP1
375 PUSH1 0x20
377 ADD
378 DUP3
379 DUP2
380 SUB
381 DUP3
382 MSTORE
383 DUP4
384 DUP2
385 DUP2
386 MLOAD
387 DUP2
388 MSTORE
389 PUSH1 0x20
391 ADD
392 SWAP2
393 POP
394 DUP1
395 MLOAD
396 SWAP1
397 PUSH1 0x20
399 ADD
400 SWAP1
401 DUP1
402 DUP4
403 DUP4
404 DUP3
405 SWAP1
406 PUSH1 0x00
408 PUSH1 0x04
410 PUSH1 0x20
412 DUP5
413 PUSH1 0x1f
415 ADD
416 DIV
417 PUSH1 0x0f
419 MUL
420 PUSH1 0x03
422 ADD
423 CALL
424 POP
425 SWAP1
426 POP
427 SWAP1
428 DUP2
429 ADD
430 SWAP1
431 PUSH1 0x1f
433 AND
434 DUP1
435 ISZERO
436 PUSH2 0x01d1
439 JUMPI
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const data = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex = data.artifact.runtime_bytecode.full.slice(2);
const bytes = Buffer.from(hex,'hex');
const names={};
const base={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'};
Object.assign(names, base);
for(let i=1;i<=32;i++) names[0x5f+i]='PUSH'+i;
for(let i=1;i<=16;i++) names[0x7f+i]='DUP'+i;
for(let i=1;i<=16;i++) names[0x8f+i]='SWAP'+i;
for(let i=0;i<=4;i++) names[0xa0+i]='LOG'+i;
let pc=0; while(pc<bytes.length){const start=pc; const op=bytes[pc++]; let out=String(start).padStart(4)+' '+(names[op]||('OP_'+op.toString(16))); if(op>=0x60&&op<=0x7f){const n=op-0x5f; out+=' 0x'+bytes.slice(pc,pc+n).toString('hex'); pc+=n;} if(start<=80) console.log(out);}
NODE" in /tmp/codex-kcral4wx
succeeded in 0ms:
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0xe0
7 PUSH1 0x02
9 EXP
10 PUSH1 0x00
12 CALLDATALOAD
13 DIV
14 PUSH4 0x06fdde03
19 DUP2
20 EQ
21 PUSH2 0x0047
24 JUMPI
25 DUP1
26 PUSH4 0x313ce567
31 EQ
32 PUSH2 0x00a4
35 JUMPI
36 DUP1
37 PUSH4 0x70a08231
42 EQ
43 PUSH2 0x00b0
46 JUMPI
47 DUP1
48 PUSH4 0x95d89b41
53 EQ
54 PUSH2 0x00c8
57 JUMPI
58 DUP1
59 PUSH4 0xa9059cbb
64 EQ
65 PUSH2 0x0123
68 JUMPI
69 JUMPDEST
70 STOP
71 JUMPDEST
72 PUSH2 0x0171
75 PUSH1 0x00
77 DUP1
78 SLOAD
79 PUSH1 0x20
codex
{"no_findings":false,"summary":"Runtime bytecode looks like a minimal ERC20-style token with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. I did not find bytecode evidence of reentrancy, delegatecall/proxy upgradeability, signature validation logic, or privileged admin paths. The detector-reported `CALL` at `pc:0x1a7` is more consistent with Solidity's old identity-precompile string-copy helper than an attacker-controlled external call, so I do not treat it as a material issue. The main issue visible from bytecode alone is the permissive fallback/receive behavior.","findings":[{"severity":"low","category":"other","title":"Fallback silently accepts ETH and unknown selectors","exploit_scenario":"Any call whose selector is not one of the five recognized entries falls through to `STOP` instead of reverting. That means a user or integrating protocol can send ETH or invoke an unsupported low-level call and still observe `success=true` even though no intended function ran. Because no withdrawal/recovery path is visible in the runtime bytecode, ETH sent this way appears permanently stuck. Integrations that only check low-level call success could also proceed under a false assumption that an unsupported operation succeeded.","recommendation":"Treat the contract as non-payable in integrations and never rely on low-level `call` success alone; require the expected selector/returndata. If this code is ever redeployed, add an explicit reverting `fallback`/`receive` unless ETH reception is intentional, and add a deliberate recovery path if holding ETH is required.","evidence":"The dispatcher at `pc:0x0` only recognizes selectors `0x06fdde03`, `0x313ce567`, `0x70a08231`, `0x95d89b41`, and `0xa9059cbb`. Unmatched calls flow to `JUMPDEST; STOP` at `pc:0x45` with no preceding `CALLVALUE` rejection. The artifact also shows no proxy/admin surface and no visible ETH-withdrawal function.","locations":["pc:0x0","pc:0x45"]}]}
tokens used
47,804
{
"codex": {
"ran_at": "2026-04-05T04:30:59.547234+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1428,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Runtime bytecode looks like a minimal ERC20-style token with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. I did not find bytecode evidence of reentrancy, delegatecall/proxy upgradeability, signature validation logic, or privileged admin paths. The detector-reported `CALL` at `pc:0x1a7` is more consistent with Solidity's old identity-precompile string-copy helper than an attacker-controlled external call, so I do not treat it as a material issue. The main issue visible from bytecode alone is the permissive fallback/receive behavior.",
"raw_final": {
"summary": "Runtime bytecode looks like a minimal ERC20-style token with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. I did not find bytecode evidence of reentrancy, delegatecall/proxy upgradeability, signature validation logic, or privileged admin paths. The detector-reported `CALL` at `pc:0x1a7` is more consistent with Solidity's old identity-precompile string-copy helper than an attacker-controlled external call, so I do not treat it as a material issue. The main issue visible from bytecode alone is the permissive fallback/receive behavior.",
"findings": [
{
"title": "Fallback silently accepts ETH and unknown selectors",
"category": "other",
"evidence": "The dispatcher at `pc:0x0` only recognizes selectors `0x06fdde03`, `0x313ce567`, `0x70a08231`, `0x95d89b41`, and `0xa9059cbb`. Unmatched calls flow to `JUMPDEST; STOP` at `pc:0x45` with no preceding `CALLVALUE` rejection. The artifact also shows no proxy/admin surface and no visible ETH-withdrawal function.",
"severity": "low",
"locations": [
"pc:0x0",
"pc:0x45"
],
"recommendation": "Treat the contract as non-payable in integrations and never rely on low-level `call` success alone; require the expected selector/returndata. If this code is ever redeployed, add an explicit reverting `fallback`/`receive` unless ETH reception is intentional, and add a deliberate recovery path if holding ETH is required.",
"exploit_scenario": "Any call whose selector is not one of the five recognized entries falls through to `STOP` instead of reverting. That means a user or integrating protocol can send ETH or invoke an unsupported low-level call and still observe `success=true` even though no intended function ran. Because no withdrawal/recovery path is visible in the runtime bytecode, ETH sent this way appears permanently stuck. Integrations that only check low-level call success could also proceed under a false assumption that an unsupported operation succeeded."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0171 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x0214 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x01e9 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x0214 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01df 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01df 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0171 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x0214 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x01e9 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x0214 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: DUP1 0000014a: PUSH2 0x0167 0000014d: JUMPI 0000014e: POP 0000014f: PUSH1 0x01 00000151: PUSH1 0xa0 00000153: PUSH1 0x02 00000155: EXP 00000156: SUB 00000157: DUP3 00000158: AND 00000159: PUSH1 0x00 0000015b: SWAP1 0000015c: DUP2 0000015d: MSTORE 0000015e: PUSH1 0x40 00000160: SWAP1 00000161: KECCAK256 00000162: SLOAD 00000163: DUP1 00000164: DUP3 00000165: ADD 00000166: LT 00000167: JUMPDEST 00000168: ISZERO 00000169: PUSH2 0x021c 0000016c: JUMPI 0000016d: PUSH2 0x0002 00000170: JUMP 00000171: JUMPDEST 00000172: PUSH1 0x40 00000174: MLOAD 00000175: DUP1 00000176: DUP1 00000177: PUSH1 0x20 00000179: ADD 0000017a: DUP3 0000017b: DUP2 0000017c: SUB 0000017d: DUP3 0000017e: MSTORE 0000017f: DUP4 00000180: DUP2 00000181: DUP2 00000182: MLOAD 00000183: DUP2 00000184: MSTORE 00000185: PUSH1 0x20 00000187: ADD 00000188: SWAP2 00000189: POP 0000018a: DUP1 0000018b: MLOAD 0000018c: SWAP1 0000018d: PUSH1 0x20 0000018f: ADD 00000190: SWAP1 00000191: DUP1 00000192: DUP4 00000193: DUP4 00000194: DUP3 00000195: SWAP1 00000196: PUSH1 0x00 00000198: PUSH1 0x04 0000019a: PUSH1 0x20 0000019c: DUP5 0000019d: PUSH1 0x1f 0000019f: ADD 000001a0: DIV 000001a1: PUSH1 0x0f 000001a3: MUL 000001a4: PUSH1 0x03 000001a6: ADD 000001a7: CALL 000001a8: POP 000001a9: SWAP1 000001aa: POP 000001ab: SWAP1 000001ac: DUP2 000001ad: ADD 000001ae: SWAP1 000001af: PUSH1 0x1f 000001b1: AND 000001b2: DUP1 000001b3: ISZERO 000001b4: PUSH2 0x01d1 000001b7: JUMPI 000001b8: DUP1 000001b9: DUP3 000001ba: SUB 000001bb: DUP1 000001bc: MLOAD 000001bd: PUSH1 0x01 000001bf: DUP4 000001c0: PUSH1 0x20 000001c2: SUB 000001c3: PUSH2 0x0100 000001c6: EXP 000001c7: SUB 000001c8: NOT 000001c9: AND 000001ca: DUP2 000001cb: MSTORE 000001cc: PUSH1 0x20 000001ce: ADD 000001cf: SWAP2 000001d0: POP 000001d1: JUMPDEST 000001d2: POP 000001d3: SWAP3 000001d4: POP 000001d5: POP 000001d6: POP 000001d7: PUSH1 0x40 000001d9: MLOAD 000001da: DUP1 000001db: SWAP2 000001dc: SUB 000001dd: SWAP1 000001de: RETURN 000001df: JUMPDEST 000001e0: PUSH1 0x60 000001e2: SWAP1 000001e3: DUP2 000001e4: MSTORE 000001e5: PUSH1 0x20 000001e7: SWAP1 000001e8: RETURN 000001e9: JUMPDEST 000001ea: DUP3 000001eb: ADD 000001ec: SWAP2 000001ed: SWAP1 000001ee: PUSH1 0x00 000001f0: MSTORE 000001f1: PUSH1 0x20 000001f3: PUSH1 0x00 000001f5: KECCAK256 000001f6: SWAP1 000001f7: JUMPDEST 000001f8: DUP2 000001f9: SLOAD 000001fa: DUP2 000001fb: MSTORE 000001fc: SWAP1 000001fd: PUSH1 0x01 000001ff: ADD 00000200: SWAP1 00000201: PUSH1 0x20 00000203: ADD 00000204: DUP1 00000205: DUP4 00000206: GT 00000207: PUSH2 0x01f7 0000020a: JUMPI 0000020b: DUP3 0000020c: SWAP1 0000020d: SUB 0000020e: PUSH1 0x1f 00000210: AND 00000211: DUP3 00000212: ADD 00000213: SWAP2 00000214: JUMPDEST 00000215: POP 00000216: POP 00000217: POP 00000218: POP 00000219: POP 0000021a: DUP2 0000021b: JUMP 0000021c: JUMPDEST 0000021d: DUP1 0000021e: PUSH1 0x03 00000220: PUSH1 0x00 00000222: POP 00000223: PUSH1 0x00 00000225: CALLER 00000226: PUSH1 0x01 00000228: PUSH1 0xa0 0000022a: PUSH1 0x02 0000022c: EXP 0000022d: SUB 0000022e: AND 0000022f: DUP2 00000230: MSTORE 00000231: PUSH1 0x20 00000233: ADD 00000234: SWAP1 00000235: DUP2 00000236: MSTORE 00000237: PUSH1 0x20 00000239: ADD 0000023a: PUSH1 0x00 0000023c: KECCAK256 0000023d: PUSH1 0x00 0000023f: DUP3 00000240: DUP3 00000241: DUP3 00000242: POP 00000243: SLOAD 00000244: SUB 00000245: SWAP3 00000246: POP 00000247: POP 00000248: DUP2 00000249: SWAP1 0000024a: SSTORE 0000024b: POP 0000024c: DUP1 0000024d: PUSH1 0x03 0000024f: PUSH1 0x00 00000251: POP 00000252: PUSH1 0x00 00000254: DUP5 00000255: PUSH1 0x01 00000257: PUSH1 0xa0 00000259: PUSH1 0x02 0000025b: EXP 0000025c: SUB 0000025d: AND 0000025e: DUP2 0000025f: MSTORE 00000260: PUSH1 0x20 00000262: ADD 00000263: SWAP1 00000264: DUP2 00000265: MSTORE 00000266: PUSH1 0x20 00000268: ADD 00000269: PUSH1 0x00 0000026b: KECCAK256 0000026c: PUSH1 0x00 0000026e: DUP3 0000026f: DUP3 00000270: DUP3 00000271: POP 00000272: SLOAD 00000273: ADD 00000274: SWAP3 00000275: POP 00000276: POP 00000277: DUP2 00000278: SWAP1 00000279: SSTORE 0000027a: POP 0000027b: DUP2 0000027c: PUSH1 0x01 0000027e: PUSH1 0xa0 00000280: PUSH1 0x02 00000282: EXP 00000283: SUB 00000284: AND 00000285: CALLER 00000286: PUSH1 0x01 00000288: PUSH1 0xa0 0000028a: PUSH1 0x02 0000028c: EXP 0000028d: SUB 0000028e: AND 0000028f: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000002b0: DUP4 000002b1: PUSH1 0x40 000002b3: MLOAD 000002b4: DUP1 000002b5: DUP3 000002b6: DUP2 000002b7: MSTORE 000002b8: PUSH1 0x20 000002ba: ADD 000002bb: SWAP2 000002bc: POP 000002bd: POP 000002be: PUSH1 0x40 000002c0: MLOAD 000002c1: DUP1 000002c2: SWAP2 000002c3: SUB 000002c4: SWAP1 000002c5: LOG3 000002c6: POP 000002c7: POP 000002c8: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69
call_targets:
0x0000000000000000000000000000000000000004, 0x59e584653fc41fe9a0780c754ae5bcbc950f0269
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x59e584653fc41fe9a0780c754ae5bcbc950f0269"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 423,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69
call_targets:
0x0000000000000000000000000000000000000004, 0x59e584653fc41fe9a0780c754ae5bcbc950f0269
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x58fc90dde1303c54b2b79d9abd5ae4e6afb95618d350da5e453855c82b001e69",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x59e584653fc41fe9a0780c754ae5bcbc950f0269"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 423,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| low | other | codex | Fallback silently accepts ETH and unknown selectors | 65 | no | — |
viewevidence_json{
"evidence": "The dispatcher at `pc:0x0` only recognizes selectors `0x06fdde03`, `0x313ce567`, `0x70a08231`, `0x95d89b41`, and `0xa9059cbb`. Unmatched calls flow to `JUMPDEST; STOP` at `pc:0x45` with no preceding `CALLVALUE` rejection. The artifact also shows no proxy/admin surface and no visible ETH-withdrawal function.",
"locations": [
"pc:0x0",
"pc:0x45"
],
"recommendation": "Treat the contract as non-payable in integrations and never rely on low-level `call` success alone; require the expected selector/returndata. If this code is ever redeployed, add an explicit reverting `fallback`/`receive` unless ETH reception is intentional, and add a deliberate recovery path if holding ETH is required.",
"exploit_scenario": "Any call whose selector is not one of the five recognized entries falls through to `STOP` instead of reverting. That means a user or integrating protocol can send ETH or invoke an unsupported low-level call and still observe `success=true` even though no intended function ran. Because no withdrawal/recovery path is visible in the runtime bytecode, ETH sent this way appears permanently stuck. Integrations that only check low-level call success could also proceed under a false assumption that an unsupported operation succeeded."
}
|