019b3836-3552-7107-8e60-11c183a7fd83
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3403 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3404 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46584 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46585 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46586 | detector.run | complete | 1 / 3 | 1 week ago |
| 46587 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113268 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"The bundle describes a non-proxy ERC20-like token with no delegatecall, selfdestruct, or upgrade-slot activity. After separating detector noise from the identity precompile at address 0x04, the main concrete issue visible in bytecode is non-standard allowance accounting: the standard `allowance` selector appears to report the configured approval cap, while actual spendability is tracked separately in another mapping. This conclusion is based on bytecode storage patterns and best-effort selector inference, so exact source-level names remain uncertain.","findings":[{"severity":"low","category":"other","title":"`allowance()` appears to return the approval cap, not the remaining spendable allowance","exploit_scenario":"A holder grants a spender an approval cap through the custom approval path at selector `0xcae9ca51`. After the spender uses `transferFrom` for part of that cap, off-chain systems and integrators that query the standard ERC20 `allowance(owner,spender)` function can still observe the original cap and assume more allowance remains than is actually usable. This can cause routers, vaults, or wallets to make failing calls, mis-handle approval state, or leave a user with less usable allowance than reported after re-approvals, because the spend tracker appears to persist separately.","recommendation":"Make the ERC20 `allowance` view return the remaining spendable amount, or decrement the approval mapping directly during `transferFrom`. If cumulative-spend accounting is intentional, expose it behind clearly non-standard interfaces and reset the spend-tracker state when overwriting approvals so external integrations cannot misinterpret approval state.","evidence":"`selector:0xdd62ed3e` is a direct getter over one nested mapping at `pc:0x341`-`pc:0x35e`. In `selector:0x23b872dd`, the bytecode reads two nested mappings before the allowance check (`pc:0x52b`-`pc:0x54f`), then later increments the second mapping at `pc:0x5bb`-`pc:0x605` without decrementing the first one. The custom approval-like entrypoint `selector:0xcae9ca51` writes the first mapping at `pc:0x205`-`pc:0x24b` and does not clear the second mapping. The resulting pattern is consistent with `approved_cap` plus separate `spent_so_far`, while the standard `allowance()` getter exposes only `approved_cap`. Selector inference is best-effort, but the storage-access pattern is strong.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","pc:0x24b","pc:0x54f","pc:0x605"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-zs7fgfe9
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5be3-2d3b-78b2-be28-d014f7ae0c05
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-zs7fgfe9
succeeded in 0ms:
/tmp/codex-zs7fgfe9
exec
/bin/bash -lc 'rg --files' in /tmp/codex-zs7fgfe9
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "jq '.artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
]
exec
/bin/bash -lc "jq '.analysis_artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"address",
"artifact_hash",
"artifact_json",
"block_number",
"chain_id",
"codehash",
"created_at",
"id",
"updated_at",
"version"
]
→ Inspect BYTECODE_BUNDLE.json structure, detector findings, and proxy metadata
• Review callsites, storage slots, and evidence for concrete security issues
• Assemble conservative JSON findings with explicit uncertainty
exec
/bin/bash -lc "jq '{is_proxy:.artifact.is_proxy, implementation_address:.artifact.implementation_address, verified_source:.artifact.verified_source, codehash:.artifact.codehash, heuristics_summary:.heuristics_summary}' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{
"is_proxy": false,
"implementation_address": null,
"verified_source": false,
"codehash": "0x874efed0297ce2055816a3736c8d2293d47cabbd37cf73418ace9a48771a70c9",
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xddda8fb5460883e68854d62d1eff8046a28c0352"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xddda8fb5460883e68854d62d1eff8046a28c0352"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "jq '.capability_graph | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"address",
"block_number",
"chain_id",
"codehash",
"created_at",
"graph_hash",
"graph_json",
"id",
"updated_at",
"version"
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"edges",
"nodes",
"version"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '.analysis_run | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"address",
"block_number",
"chain_id",
"child_links",
"created_at",
"id",
"parent_links",
"status",
"updated_at"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
"0x06fdde03",
"0x23b872dd",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 869,
"selector": "0xdd62ed3e"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{
"keccak_count": 22,
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 869,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.auth' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{
"guards": []
}
exec
/bin/bash -lc 'which evm' in /tmp/codex-zs7fgfe9
exited 1 in 0ms:
exec
/bin/bash -lc 'which cast' in /tmp/codex-zs7fgfe9
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
exec
/bin/bash -lc "jq -r '.artifact.runtime_bytecode' BYTECODE_BUNDLE.json | awk '{print length("'$0)}'"'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
1
3263
15
17
15
20
1
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode | ltrimstr(\"0x\") | length' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
5
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
{
"full": "0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063dc3080f21461031c578063dd62ed3e14610341575b610365610002565b61036760008054602060026001831615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b6103d5600435602435604435600160a060020a038316600090815260036020526040812054829010156104f357610002565b6103e760025460ff1681565b6103d560043560036020526000908152604090205481565b610367600180546020600282841615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b610365600435602435600160a060020a0333166000908152600360205260409020548190101561042457610002565b60806020604435600481810135601f8101849004909302840160405260608381526103d5948235946024803595606494939101919081908382808284375094965050505050505060006000836004600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102f25780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257505050509392505050565b6005602090815260043560009081526040808220909252602435815220546103d59081565b60046020818152903560009081526040808220909252602435815220546103d59081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103c75780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116103ff57829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561044657610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561051257610002565b600160a060020a0380851680835260046020908152604080852033949094168086529382528085205492855260058252808520938552929052908220548301111561055c57610002565b816003600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816003600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816005600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3939250505056",
"head": null,
"length": 3250,
"tail": null,
"truncated": false
}
exec
/bin/bash -lc "cast disassemble --help | sed -n '1,120p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
Disassembles a hex-encoded bytecode into a human-readable representation
Usage: cast disassemble [OPTIONS] [BYTECODE]
Arguments:
[BYTECODE]
The hex-encoded bytecode
Options:
-h, --help
Print help (see a summary with '-h')
-j, --threads <THREADS>
Number of threads to use. Specifying 0 defaults to the number of logical cores
[aliases: --jobs]
Display options:
--color <COLOR>
The color of the log messages
Possible values:
- auto: Intelligently guess whether to use color output (default)
- always: Force color output
- never: Force disable color output
--json
Format log messages as JSON
--md
Format log messages as Markdown
-q, --quiet
Do not print log messages
-v, --verbosity...
Verbosity level of the log messages.
Pass multiple times to increase the verbosity (e.g. -v, -vv, -vvv).
Depending on the context the verbosity levels have different meanings.
For example, the verbosity levels of the EVM are:
- 2 (-vv): Print logs for all tests.
- 3 (-vvv): Print execution traces for failing tests.
- 4 (-vvvv): Print execution traces for all tests, and setup traces for failing tests.
- 5 (-vvvvv): Print execution and setup traces for all tests, including storage changes
and
backtraces with line numbers.
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1,220p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0077
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x007f
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x23b872dd
00000025: EQ
00000026: PUSH2 0x00dc
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x313ce567
00000030: EQ
00000031: PUSH2 0x010e
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x70a08231
0000003b: EQ
0000003c: PUSH2 0x011a
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x95d89b41
00000046: EQ
00000047: PUSH2 0x0132
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xa9059cbb
00000051: EQ
00000052: PUSH2 0x018e
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xcae9ca51
0000005c: EQ
0000005d: PUSH2 0x01bd
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xdc3080f2
00000067: EQ
00000068: PUSH2 0x031c
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xdd62ed3e
00000072: EQ
00000073: PUSH2 0x0341
00000076: JUMPI
00000077: JUMPDEST
00000078: PUSH2 0x0365
0000007b: PUSH2 0x0002
0000007e: JUMP
0000007f: JUMPDEST
00000080: PUSH2 0x0367
00000083: PUSH1 0x00
00000085: DUP1
00000086: SLOAD
00000087: PUSH1 0x20
00000089: PUSH1 0x02
0000008b: PUSH1 0x01
0000008d: DUP4
0000008e: AND
0000008f: ISZERO
00000090: PUSH2 0x0100
00000093: MUL
00000094: PUSH1 0x00
00000096: NOT
00000097: ADD
00000098: SWAP1
00000099: SWAP3
0000009a: AND
0000009b: SWAP2
0000009c: SWAP1
0000009d: SWAP2
0000009e: DIV
0000009f: PUSH1 0x1f
000000a1: DUP2
000000a2: ADD
000000a3: DUP3
000000a4: SWAP1
000000a5: DIV
000000a6: SWAP1
000000a7: SWAP2
000000a8: MUL
000000a9: PUSH1 0x80
000000ab: SWAP1
000000ac: DUP2
000000ad: ADD
000000ae: PUSH1 0x40
000000b0: MSTORE
000000b1: PUSH1 0x60
000000b3: DUP3
000000b4: DUP2
000000b5: MSTORE
000000b6: SWAP3
000000b7: SWAP2
000000b8: SWAP1
000000b9: DUP3
000000ba: DUP3
000000bb: DUP1
000000bc: ISZERO
000000bd: PUSH2 0x041c
000000c0: JUMPI
000000c1: DUP1
000000c2: PUSH1 0x1f
000000c4: LT
000000c5: PUSH2 0x03f1
000000c8: JUMPI
000000c9: PUSH2 0x0100
000000cc: DUP1
000000cd: DUP4
000000ce: SLOAD
000000cf: DIV
000000d0: MUL
000000d1: DUP4
000000d2: MSTORE
000000d3: SWAP2
000000d4: PUSH1 0x20
000000d6: ADD
000000d7: SWAP2
000000d8: PUSH2 0x041c
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH2 0x03d5
000000e0: PUSH1 0x04
000000e2: CALLDATALOAD
000000e3: PUSH1 0x24
000000e5: CALLDATALOAD
000000e6: PUSH1 0x44
000000e8: CALLDATALOAD
000000e9: PUSH1 0x01
000000eb: PUSH1 0xa0
000000ed: PUSH1 0x02
000000ef: EXP
000000f0: SUB
000000f1: DUP4
000000f2: AND
000000f3: PUSH1 0x00
000000f5: SWAP1
000000f6: DUP2
000000f7: MSTORE
000000f8: PUSH1 0x03
000000fa: PUSH1 0x20
000000fc: MSTORE
000000fd: PUSH1 0x40
000000ff: DUP2
00000100: KECCAK256
00000101: SLOAD
00000102: DUP3
00000103: SWAP1
00000104: LT
00000105: ISZERO
00000106: PUSH2 0x04f3
00000109: JUMPI
0000010a: PUSH2 0x0002
0000010d: JUMP
0000010e: JUMPDEST
0000010f: PUSH2 0x03e7
00000112: PUSH1 0x02
00000114: SLOAD
00000115: PUSH1 0xff
00000117: AND
00000118: DUP2
00000119: JUMP
0000011a: JUMPDEST
0000011b: PUSH2 0x03d5
0000011e: PUSH1 0x04
00000120: CALLDATALOAD
00000121: PUSH1 0x03
00000123: PUSH1 0x20
00000125: MSTORE
00000126: PUSH1 0x00
00000128: SWAP1
00000129: DUP2
0000012a: MSTORE
0000012b: PUSH1 0x40
0000012d: SWAP1
0000012e: KECCAK256
0000012f: SLOAD
00000130: DUP2
00000131: JUMP
00000132: JUMPDEST
00000133: PUSH2 0x0367
00000136: PUSH1 0x01
00000138: DUP1
00000139: SLOAD
0000013a: PUSH1 0x20
0000013c: PUSH1 0x02
0000013e: DUP3
0000013f: DUP5
00000140: AND
00000141: ISZERO
00000142: PUSH2 0x0100
00000145: MUL
00000146: PUSH1 0x00
00000148: NOT
00000149: ADD
0000014a: SWAP1
0000014b: SWAP3
0000014c: AND
0000014d: SWAP2
0000014e: SWAP1
0000014f: SWAP2
00000150: DIV
00000151: PUSH1 0x1f
00000153: DUP2
00000154: ADD
00000155: DUP3
00000156: SWAP1
00000157: DIV
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '220,520p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
00000157: DIV
00000158: SWAP1
00000159: SWAP2
0000015a: MUL
0000015b: PUSH1 0x80
0000015d: SWAP1
0000015e: DUP2
0000015f: ADD
00000160: PUSH1 0x40
00000162: MSTORE
00000163: PUSH1 0x60
00000165: DUP3
00000166: DUP2
00000167: MSTORE
00000168: SWAP3
00000169: SWAP2
0000016a: SWAP1
0000016b: DUP3
0000016c: DUP3
0000016d: DUP1
0000016e: ISZERO
0000016f: PUSH2 0x041c
00000172: JUMPI
00000173: DUP1
00000174: PUSH1 0x1f
00000176: LT
00000177: PUSH2 0x03f1
0000017a: JUMPI
0000017b: PUSH2 0x0100
0000017e: DUP1
0000017f: DUP4
00000180: SLOAD
00000181: DIV
00000182: MUL
00000183: DUP4
00000184: MSTORE
00000185: SWAP2
00000186: PUSH1 0x20
00000188: ADD
00000189: SWAP2
0000018a: PUSH2 0x041c
0000018d: JUMP
0000018e: JUMPDEST
0000018f: PUSH2 0x0365
00000192: PUSH1 0x04
00000194: CALLDATALOAD
00000195: PUSH1 0x24
00000197: CALLDATALOAD
00000198: PUSH1 0x01
0000019a: PUSH1 0xa0
0000019c: PUSH1 0x02
0000019e: EXP
0000019f: SUB
000001a0: CALLER
000001a1: AND
000001a2: PUSH1 0x00
000001a4: SWAP1
000001a5: DUP2
000001a6: MSTORE
000001a7: PUSH1 0x03
000001a9: PUSH1 0x20
000001ab: MSTORE
000001ac: PUSH1 0x40
000001ae: SWAP1
000001af: KECCAK256
000001b0: SLOAD
000001b1: DUP2
000001b2: SWAP1
000001b3: LT
000001b4: ISZERO
000001b5: PUSH2 0x0424
000001b8: JUMPI
000001b9: PUSH2 0x0002
000001bc: JUMP
000001bd: JUMPDEST
000001be: PUSH1 0x80
000001c0: PUSH1 0x20
000001c2: PUSH1 0x44
000001c4: CALLDATALOAD
000001c5: PUSH1 0x04
000001c7: DUP2
000001c8: DUP2
000001c9: ADD
000001ca: CALLDATALOAD
000001cb: PUSH1 0x1f
000001cd: DUP2
000001ce: ADD
000001cf: DUP5
000001d0: SWAP1
000001d1: DIV
000001d2: SWAP1
000001d3: SWAP4
000001d4: MUL
000001d5: DUP5
000001d6: ADD
000001d7: PUSH1 0x40
000001d9: MSTORE
000001da: PUSH1 0x60
000001dc: DUP4
000001dd: DUP2
000001de: MSTORE
000001df: PUSH2 0x03d5
000001e2: SWAP5
000001e3: DUP3
000001e4: CALLDATALOAD
000001e5: SWAP5
000001e6: PUSH1 0x24
000001e8: DUP1
000001e9: CALLDATALOAD
000001ea: SWAP6
000001eb: PUSH1 0x64
000001ed: SWAP5
000001ee: SWAP4
000001ef: SWAP2
000001f0: ADD
000001f1: SWAP2
000001f2: SWAP1
000001f3: DUP2
000001f4: SWAP1
000001f5: DUP4
000001f6: DUP3
000001f7: DUP1
000001f8: DUP3
000001f9: DUP5
000001fa: CALLDATACOPY
000001fb: POP
000001fc: SWAP5
000001fd: SWAP7
000001fe: POP
000001ff: POP
00000200: POP
00000201: POP
00000202: POP
00000203: POP
00000204: POP
00000205: PUSH1 0x00
00000207: PUSH1 0x00
00000209: DUP4
0000020a: PUSH1 0x04
0000020c: PUSH1 0x00
0000020e: POP
0000020f: PUSH1 0x00
00000211: CALLER
00000212: PUSH1 0x01
00000214: PUSH1 0xa0
00000216: PUSH1 0x02
00000218: EXP
00000219: SUB
0000021a: AND
0000021b: DUP2
0000021c: MSTORE
0000021d: PUSH1 0x20
0000021f: ADD
00000220: SWAP1
00000221: DUP2
00000222: MSTORE
00000223: PUSH1 0x20
00000225: ADD
00000226: PUSH1 0x00
00000228: KECCAK256
00000229: PUSH1 0x00
0000022b: POP
0000022c: PUSH1 0x00
0000022e: DUP8
0000022f: PUSH1 0x01
00000231: PUSH1 0xa0
00000233: PUSH1 0x02
00000235: EXP
00000236: SUB
00000237: AND
00000238: DUP2
00000239: MSTORE
0000023a: PUSH1 0x20
0000023c: ADD
0000023d: SWAP1
0000023e: DUP2
0000023f: MSTORE
00000240: PUSH1 0x20
00000242: ADD
00000243: PUSH1 0x00
00000245: KECCAK256
00000246: PUSH1 0x00
00000248: POP
00000249: DUP2
0000024a: SWAP1
0000024b: SSTORE
0000024c: POP
0000024d: DUP5
0000024e: SWAP1
0000024f: POP
00000250: DUP1
00000251: PUSH1 0x01
00000253: PUSH1 0xa0
00000255: PUSH1 0x02
00000257: EXP
00000258: SUB
00000259: AND
0000025a: PUSH4 0x8f4ffcb1
0000025f: CALLER
00000260: DUP7
00000261: ADDRESS
00000262: DUP8
00000263: PUSH1 0x40
00000265: MLOAD
00000266: DUP6
00000267: PUSH1 0xe0
00000269: PUSH1 0x02
0000026b: EXP
0000026c: MUL
0000026d: DUP2
0000026e: MSTORE
0000026f: PUSH1 0x04
00000271: ADD
00000272: DUP1
00000273: DUP6
00000274: PUSH1 0x01
00000276: PUSH1 0xa0
00000278: PUSH1 0x02
0000027a: EXP
0000027b: SUB
0000027c: AND
0000027d: DUP2
0000027e: MSTORE
0000027f: PUSH1 0x20
00000281: ADD
00000282: DUP5
00000283: DUP2
00000284: MSTORE
00000285: PUSH1 0x20
00000287: ADD
00000288: DUP4
00000289: PUSH1 0x01
0000028b: PUSH1 0xa0
0000028d: PUSH1 0x02
0000028f: EXP
00000290: SUB
00000291: AND
00000292: DUP2
00000293: MSTORE
00000294: PUSH1 0x20
00000296: ADD
00000297: DUP1
00000298: PUSH1 0x20
0000029a: ADD
0000029b: DUP3
0000029c: DUP2
0000029d: SUB
0000029e: DUP3
0000029f: MSTORE
000002a0: DUP4
000002a1: DUP2
000002a2: DUP2
000002a3: MLOAD
000002a4: DUP2
000002a5: MSTORE
000002a6: PUSH1 0x20
000002a8: ADD
000002a9: SWAP2
000002aa: POP
000002ab: DUP1
000002ac: MLOAD
000002ad: SWAP1
000002ae: PUSH1 0x20
000002b0: ADD
000002b1: SWAP1
000002b2: DUP1
000002b3: DUP4
000002b4: DUP4
000002b5: DUP3
000002b6: SWAP1
000002b7: PUSH1 0x00
000002b9: PUSH1 0x04
000002bb: PUSH1 0x20
000002bd: DUP5
000002be: PUSH1 0x1f
000002c0: ADD
000002c1: DIV
000002c2: PUSH1 0x0f
000002c4: MUL
000002c5: PUSH1 0x03
000002c7: ADD
000002c8: CALL
000002c9: POP
000002ca: SWAP1
000002cb: POP
000002cc: SWAP1
000002cd: DUP2
000002ce: ADD
000002cf: SWAP1
000002d0: PUSH1 0x1f
000002d2: AND
000002d3: DUP1
000002d4: ISZERO
000002d5: PUSH2 0x02f2
000002d8: JUMPI
000002d9: DUP1
000002da: DUP3
000002db: SUB
000002dc: DUP1
000002dd: MLOAD
000002de: PUSH1 0x01
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '520,760p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
000002de: PUSH1 0x01
000002e0: DUP4
000002e1: PUSH1 0x20
000002e3: SUB
000002e4: PUSH2 0x0100
000002e7: EXP
000002e8: SUB
000002e9: NOT
000002ea: AND
000002eb: DUP2
000002ec: MSTORE
000002ed: PUSH1 0x20
000002ef: ADD
000002f0: SWAP2
000002f1: POP
000002f2: JUMPDEST
000002f3: POP
000002f4: SWAP6
000002f5: POP
000002f6: POP
000002f7: POP
000002f8: POP
000002f9: POP
000002fa: POP
000002fb: PUSH1 0x00
000002fd: PUSH1 0x40
000002ff: MLOAD
00000300: DUP1
00000301: DUP4
00000302: SUB
00000303: DUP2
00000304: PUSH1 0x00
00000306: DUP8
00000307: PUSH2 0x61da
0000030a: GAS
0000030b: SUB
0000030c: CALL
0000030d: ISZERO
0000030e: PUSH2 0x0002
00000311: JUMPI
00000312: POP
00000313: POP
00000314: POP
00000315: POP
00000316: SWAP4
00000317: SWAP3
00000318: POP
00000319: POP
0000031a: POP
0000031b: JUMP
0000031c: JUMPDEST
0000031d: PUSH1 0x05
0000031f: PUSH1 0x20
00000321: SWAP1
00000322: DUP2
00000323: MSTORE
00000324: PUSH1 0x04
00000326: CALLDATALOAD
00000327: PUSH1 0x00
00000329: SWAP1
0000032a: DUP2
0000032b: MSTORE
0000032c: PUSH1 0x40
0000032e: DUP1
0000032f: DUP3
00000330: KECCAK256
00000331: SWAP1
00000332: SWAP3
00000333: MSTORE
00000334: PUSH1 0x24
00000336: CALLDATALOAD
00000337: DUP2
00000338: MSTORE
00000339: KECCAK256
0000033a: SLOAD
0000033b: PUSH2 0x03d5
0000033e: SWAP1
0000033f: DUP2
00000340: JUMP
00000341: JUMPDEST
00000342: PUSH1 0x04
00000344: PUSH1 0x20
00000346: DUP2
00000347: DUP2
00000348: MSTORE
00000349: SWAP1
0000034a: CALLDATALOAD
0000034b: PUSH1 0x00
0000034d: SWAP1
0000034e: DUP2
0000034f: MSTORE
00000350: PUSH1 0x40
00000352: DUP1
00000353: DUP3
00000354: KECCAK256
00000355: SWAP1
00000356: SWAP3
00000357: MSTORE
00000358: PUSH1 0x24
0000035a: CALLDATALOAD
0000035b: DUP2
0000035c: MSTORE
0000035d: KECCAK256
0000035e: SLOAD
0000035f: PUSH2 0x03d5
00000362: SWAP1
00000363: DUP2
00000364: JUMP
00000365: JUMPDEST
00000366: STOP
00000367: JUMPDEST
00000368: PUSH1 0x40
0000036a: MLOAD
0000036b: DUP1
0000036c: DUP1
0000036d: PUSH1 0x20
0000036f: ADD
00000370: DUP3
00000371: DUP2
00000372: SUB
00000373: DUP3
00000374: MSTORE
00000375: DUP4
00000376: DUP2
00000377: DUP2
00000378: MLOAD
00000379: DUP2
0000037a: MSTORE
0000037b: PUSH1 0x20
0000037d: ADD
0000037e: SWAP2
0000037f: POP
00000380: DUP1
00000381: MLOAD
00000382: SWAP1
00000383: PUSH1 0x20
00000385: ADD
00000386: SWAP1
00000387: DUP1
00000388: DUP4
00000389: DUP4
0000038a: DUP3
0000038b: SWAP1
0000038c: PUSH1 0x00
0000038e: PUSH1 0x04
00000390: PUSH1 0x20
00000392: DUP5
00000393: PUSH1 0x1f
00000395: ADD
00000396: DIV
00000397: PUSH1 0x0f
00000399: MUL
0000039a: PUSH1 0x03
0000039c: ADD
0000039d: CALL
0000039e: POP
0000039f: SWAP1
000003a0: POP
000003a1: SWAP1
000003a2: DUP2
000003a3: ADD
000003a4: SWAP1
000003a5: PUSH1 0x1f
000003a7: AND
000003a8: DUP1
000003a9: ISZERO
000003aa: PUSH2 0x03c7
000003ad: JUMPI
000003ae: DUP1
000003af: DUP3
000003b0: SUB
000003b1: DUP1
000003b2: MLOAD
000003b3: PUSH1 0x01
000003b5: DUP4
000003b6: PUSH1 0x20
000003b8: SUB
000003b9: PUSH2 0x0100
000003bc: EXP
000003bd: SUB
000003be: NOT
000003bf: AND
000003c0: DUP2
000003c1: MSTORE
000003c2: PUSH1 0x20
000003c4: ADD
000003c5: SWAP2
000003c6: POP
000003c7: JUMPDEST
000003c8: POP
000003c9: SWAP3
000003ca: POP
000003cb: POP
000003cc: POP
000003cd: PUSH1 0x40
000003cf: MLOAD
000003d0: DUP1
000003d1: SWAP2
000003d2: SUB
000003d3: SWAP1
000003d4: RETURN
000003d5: JUMPDEST
000003d6: PUSH1 0x40
000003d8: DUP1
000003d9: MLOAD
000003da: SWAP2
000003db: DUP3
000003dc: MSTORE
000003dd: MLOAD
000003de: SWAP1
000003df: DUP2
000003e0: SWAP1
000003e1: SUB
000003e2: PUSH1 0x20
000003e4: ADD
000003e5: SWAP1
000003e6: RETURN
000003e7: JUMPDEST
000003e8: PUSH1 0x60
000003ea: SWAP1
000003eb: DUP2
000003ec: MSTORE
000003ed: PUSH1 0x20
000003ef: SWAP1
000003f0: RETURN
000003f1: JUMPDEST
000003f2: DUP3
000003f3: ADD
000003f4: SWAP2
000003f5: SWAP1
000003f6: PUSH1 0x00
000003f8: MSTORE
000003f9: PUSH1 0x20
000003fb: PUSH1 0x00
000003fd: KECCAK256
000003fe: SWAP1
000003ff: JUMPDEST
00000400: DUP2
00000401: SLOAD
00000402: DUP2
00000403: MSTORE
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '760,920p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
00000403: MSTORE
00000404: SWAP1
00000405: PUSH1 0x01
00000407: ADD
00000408: SWAP1
00000409: PUSH1 0x20
0000040b: ADD
0000040c: DUP1
0000040d: DUP4
0000040e: GT
0000040f: PUSH2 0x03ff
00000412: JUMPI
00000413: DUP3
00000414: SWAP1
00000415: SUB
00000416: PUSH1 0x1f
00000418: AND
00000419: DUP3
0000041a: ADD
0000041b: SWAP2
0000041c: JUMPDEST
0000041d: POP
0000041e: POP
0000041f: POP
00000420: POP
00000421: POP
00000422: DUP2
00000423: JUMP
00000424: JUMPDEST
00000425: PUSH1 0x01
00000427: PUSH1 0xa0
00000429: PUSH1 0x02
0000042b: EXP
0000042c: SUB
0000042d: DUP3
0000042e: AND
0000042f: PUSH1 0x00
00000431: SWAP1
00000432: DUP2
00000433: MSTORE
00000434: PUSH1 0x40
00000436: SWAP1
00000437: KECCAK256
00000438: SLOAD
00000439: DUP1
0000043a: DUP3
0000043b: ADD
0000043c: LT
0000043d: ISZERO
0000043e: PUSH2 0x0446
00000441: JUMPI
00000442: PUSH2 0x0002
00000445: JUMP
00000446: JUMPDEST
00000447: DUP1
00000448: PUSH1 0x03
0000044a: PUSH1 0x00
0000044c: POP
0000044d: PUSH1 0x00
0000044f: CALLER
00000450: PUSH1 0x01
00000452: PUSH1 0xa0
00000454: PUSH1 0x02
00000456: EXP
00000457: SUB
00000458: AND
00000459: DUP2
0000045a: MSTORE
0000045b: PUSH1 0x20
0000045d: ADD
0000045e: SWAP1
0000045f: DUP2
00000460: MSTORE
00000461: PUSH1 0x20
00000463: ADD
00000464: PUSH1 0x00
00000466: KECCAK256
00000467: PUSH1 0x00
00000469: DUP3
0000046a: DUP3
0000046b: DUP3
0000046c: POP
0000046d: SLOAD
0000046e: SUB
0000046f: SWAP3
00000470: POP
00000471: POP
00000472: DUP2
00000473: SWAP1
00000474: SSTORE
00000475: POP
00000476: DUP1
00000477: PUSH1 0x03
00000479: PUSH1 0x00
0000047b: POP
0000047c: PUSH1 0x00
0000047e: DUP5
0000047f: PUSH1 0x01
00000481: PUSH1 0xa0
00000483: PUSH1 0x02
00000485: EXP
00000486: SUB
00000487: AND
00000488: DUP2
00000489: MSTORE
0000048a: PUSH1 0x20
0000048c: ADD
0000048d: SWAP1
0000048e: DUP2
0000048f: MSTORE
00000490: PUSH1 0x20
00000492: ADD
00000493: PUSH1 0x00
00000495: KECCAK256
00000496: PUSH1 0x00
00000498: DUP3
00000499: DUP3
0000049a: DUP3
0000049b: POP
0000049c: SLOAD
0000049d: ADD
0000049e: SWAP3
0000049f: POP
000004a0: POP
000004a1: DUP2
000004a2: SWAP1
000004a3: SSTORE
000004a4: POP
000004a5: DUP2
000004a6: PUSH1 0x01
000004a8: PUSH1 0xa0
000004aa: PUSH1 0x02
000004ac: EXP
000004ad: SUB
000004ae: AND
000004af: CALLER
000004b0: PUSH1 0x01
000004b2: PUSH1 0xa0
000004b4: PUSH1 0x02
000004b6: EXP
000004b7: SUB
000004b8: AND
000004b9: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000004da: DUP4
000004db: PUSH1 0x40
000004dd: MLOAD
000004de: DUP1
000004df: DUP3
000004e0: DUP2
000004e1: MSTORE
000004e2: PUSH1 0x20
000004e4: ADD
000004e5: SWAP2
000004e6: POP
000004e7: POP
000004e8: PUSH1 0x40
000004ea: MLOAD
000004eb: DUP1
000004ec: SWAP2
000004ed: SUB
000004ee: SWAP1
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '920,1040p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
000004ee: SWAP1
000004ef: LOG3
000004f0: POP
000004f1: POP
000004f2: JUMP
000004f3: JUMPDEST
000004f4: PUSH1 0x01
000004f6: PUSH1 0xa0
000004f8: PUSH1 0x02
000004fa: EXP
000004fb: SUB
000004fc: DUP4
000004fd: AND
000004fe: DUP2
000004ff: MSTORE
00000500: PUSH1 0x40
00000502: DUP2
00000503: KECCAK256
00000504: SLOAD
00000505: DUP1
00000506: DUP4
00000507: ADD
00000508: LT
00000509: ISZERO
0000050a: PUSH2 0x0512
0000050d: JUMPI
0000050e: PUSH2 0x0002
00000511: JUMP
00000512: JUMPDEST
00000513: PUSH1 0x01
00000515: PUSH1 0xa0
00000517: PUSH1 0x02
00000519: EXP
0000051a: SUB
0000051b: DUP1
0000051c: DUP6
0000051d: AND
0000051e: DUP1
0000051f: DUP4
00000520: MSTORE
00000521: PUSH1 0x04
00000523: PUSH1 0x20
00000525: SWAP1
00000526: DUP2
00000527: MSTORE
00000528: PUSH1 0x40
0000052a: DUP1
0000052b: DUP6
0000052c: KECCAK256
0000052d: CALLER
0000052e: SWAP5
0000052f: SWAP1
00000530: SWAP5
00000531: AND
00000532: DUP1
00000533: DUP7
00000534: MSTORE
00000535: SWAP4
00000536: DUP3
00000537: MSTORE
00000538: DUP1
00000539: DUP6
0000053a: KECCAK256
0000053b: SLOAD
0000053c: SWAP3
0000053d: DUP6
0000053e: MSTORE
0000053f: PUSH1 0x05
00000541: DUP3
00000542: MSTORE
00000543: DUP1
00000544: DUP6
00000545: KECCAK256
00000546: SWAP4
00000547: DUP6
00000548: MSTORE
00000549: SWAP3
0000054a: SWAP1
0000054b: MSTORE
0000054c: SWAP1
0000054d: DUP3
0000054e: KECCAK256
0000054f: SLOAD
00000550: DUP4
00000551: ADD
00000552: GT
00000553: ISZERO
00000554: PUSH2 0x055c
00000557: JUMPI
00000558: PUSH2 0x0002
0000055b: JUMP
0000055c: JUMPDEST
0000055d: DUP2
0000055e: PUSH1 0x03
00000560: PUSH1 0x00
00000562: POP
00000563: PUSH1 0x00
00000565: DUP7
00000566: PUSH1 0x01
00000568: PUSH1 0xa0
0000056a: PUSH1 0x02
0000056c: EXP
0000056d: SUB
0000056e: AND
0000056f: DUP2
00000570: MSTORE
00000571: PUSH1 0x20
00000573: ADD
00000574: SWAP1
00000575: DUP2
00000576: MSTORE
00000577: PUSH1 0x20
00000579: ADD
0000057a: PUSH1 0x00
0000057c: KECCAK256
0000057d: PUSH1 0x00
0000057f: DUP3
00000580: DUP3
00000581: DUP3
00000582: POP
00000583: SLOAD
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1040,1140p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
00000583: SLOAD
00000584: SUB
00000585: SWAP3
00000586: POP
00000587: POP
00000588: DUP2
00000589: SWAP1
0000058a: SSTORE
0000058b: POP
0000058c: DUP2
0000058d: PUSH1 0x03
0000058f: PUSH1 0x00
00000591: POP
00000592: PUSH1 0x00
00000594: DUP6
00000595: PUSH1 0x01
00000597: PUSH1 0xa0
00000599: PUSH1 0x02
0000059b: EXP
0000059c: SUB
0000059d: AND
0000059e: DUP2
0000059f: MSTORE
000005a0: PUSH1 0x20
000005a2: ADD
000005a3: SWAP1
000005a4: DUP2
000005a5: MSTORE
000005a6: PUSH1 0x20
000005a8: ADD
000005a9: PUSH1 0x00
000005ab: KECCAK256
000005ac: PUSH1 0x00
000005ae: DUP3
000005af: DUP3
000005b0: DUP3
000005b1: POP
000005b2: SLOAD
000005b3: ADD
000005b4: SWAP3
000005b5: POP
000005b6: POP
000005b7: DUP2
000005b8: SWAP1
000005b9: SSTORE
000005ba: POP
000005bb: DUP2
000005bc: PUSH1 0x05
000005be: PUSH1 0x00
000005c0: POP
000005c1: PUSH1 0x00
000005c3: DUP7
000005c4: PUSH1 0x01
000005c6: PUSH1 0xa0
000005c8: PUSH1 0x02
000005ca: EXP
000005cb: SUB
000005cc: AND
000005cd: DUP2
000005ce: MSTORE
000005cf: PUSH1 0x20
000005d1: ADD
000005d2: SWAP1
000005d3: DUP2
000005d4: MSTORE
000005d5: PUSH1 0x20
000005d7: ADD
000005d8: PUSH1 0x00
000005da: KECCAK256
000005db: PUSH1 0x00
000005dd: POP
000005de: PUSH1 0x00
000005e0: CALLER
000005e1: PUSH1 0x01
000005e3: PUSH1 0xa0
000005e5: PUSH1 0x02
000005e7: EXP
000005e8: SUB
000005e9: AND
000005ea: DUP2
000005eb: MSTORE
000005ec: PUSH1 0x20
000005ee: ADD
000005ef: SWAP1
000005f0: DUP2
000005f1: MSTORE
000005f2: PUSH1 0x20
000005f4: ADD
000005f5: PUSH1 0x00
000005f7: KECCAK256
000005f8: PUSH1 0x00
000005fa: DUP3
000005fb: DUP3
000005fc: DUP3
000005fd: POP
000005fe: SLOAD
000005ff: ADD
00000600: SWAP3
00000601: POP
00000602: POP
00000603: DUP2
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1140,1240p'" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
00000603: DUP2
00000604: SWAP1
00000605: SSTORE
00000606: POP
00000607: DUP3
00000608: PUSH1 0x01
0000060a: PUSH1 0xa0
0000060c: PUSH1 0x02
0000060e: EXP
0000060f: SUB
00000610: AND
00000611: CALLER
00000612: PUSH1 0x01
00000614: PUSH1 0xa0
00000616: PUSH1 0x02
00000618: EXP
00000619: SUB
0000061a: AND
0000061b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
0000063c: DUP5
0000063d: PUSH1 0x40
0000063f: MLOAD
00000640: DUP1
00000641: DUP3
00000642: DUP2
00000643: MSTORE
00000644: PUSH1 0x20
00000646: ADD
00000647: SWAP2
00000648: POP
00000649: POP
0000064a: PUSH1 0x40
0000064c: MLOAD
0000064d: DUP1
0000064e: SWAP2
0000064f: SUB
00000650: SWAP1
00000651: LOG3
00000652: SWAP4
00000653: SWAP3
00000654: POP
00000655: POP
00000656: POP
00000657: JUMP
exec
/bin/bash -lc "jq '.capability_graph.graph_json.nodes' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"id": "bb:127",
"start_pc": 127,
"type": "basic_block"
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"id": "bb:193",
"start_pc": 193,
"type": "basic_block"
},
{
"end_pc": 219,
"hash": "0x2e794b922f2e688929521016738957b2566468ea69b3419d8d40755853cff20c",
"id": "bb:201",
"start_pc": 201,
"type": "basic_block"
},
{
"end_pc": 265,
"hash": "0x190bf08b5e08d77b3005616766a2ab7fa4adb77ba20b16951d4633d8293f7ebf",
"id": "bb:220",
"start_pc": 220,
"type": "basic_block"
},
{
"end_pc": 269,
"hash": "0x52ba0293f3ad0d0d22b2cd189312666c2f198fe85fd7e8cf364ca30124e6b6de",
"id": "bb:266",
"start_pc": 266,
"type": "basic_block"
},
{
"end_pc": 281,
"hash": "0x9362fd1a8491aafd33b18515eb8ae7f6ce985746e9a8743c6fc6c84b7c52c518",
"id": "bb:270",
"start_pc": 270,
"type": "basic_block"
},
{
"end_pc": 305,
"hash": "0xbb87a2a93bcc6d42ab9c1e8a369ca3651c37d9a9372dc06f6964d3866ab8b291",
"id": "bb:282",
"start_pc": 282,
"type": "basic_block"
},
{
"end_pc": 370,
"hash": "0x1f128a54ab36e4a650a39c43969da7a18d0606125668c0a3aa64a761d230287a",
"id": "bb:306",
"start_pc": 306,
"type": "basic_block"
},
{
"end_pc": 378,
"hash": "0x58b1c56e0bff7ba093cef9b7a74d11611cf4b15773f76d97991c3d49c38766a6",
"id": "bb:371",
"start_pc": 371,
"type": "basic_block"
},
{
"end_pc": 397,
"hash": "0xe9187216f47e087c3deca70ab4be2937fbf4de2fca127d2dfd92abe17b4781fa",
"id": "bb:379",
"start_pc": 379,
"type": "basic_block"
},
{
"end_pc": 440,
"hash": "0xa101c9d6bb187e5dd34f4e8bfce81941261c9b79f1205d8650c4885bb3726448",
"id": "bb:398",
"start_pc": 398,
"type": "basic_block"
},
{
"end_pc": 444,
"hash": "0x97405cdd6e6b60c9e9daa38cfb2e6d1ae50968b4bd9967a97fd59f851bba10c4",
"id": "bb:441",
"start_pc": 441,
"type": "basic_block"
},
{
"end_pc": 728,
"hash": "0x4c004680333ea937e41a95e0aaa7be8791bcc43b3d6e6b44ac5f9f25fec29fb6",
"id": "bb:445",
"start_pc": 445,
"type": "basic_block"
},
{
"end_pc": 753,
"hash": "0x6c0260a2c143f4bf49ef1833a76637a7016a5027a6eb39e9b989cd2fa2ad3bc9",
"id": "bb:729",
"start_pc": 729,
"type": "basic_block"
},
{
"end_pc": 785,
"hash": "0xbffc64f35b18e95e2103ddef4b4c5fdccee241aff0e0782c74d7b7bb3e9692bb",
"id": "bb:754",
"start_pc": 754,
"type": "basic_block"
},
{
"end_pc": 795,
"hash": "0xd31cae8e0c5c35d864bd5508dadbe36913d0b7616723327ad7fa8cbf04a9d090",
"id": "bb:786",
"start_pc": 786,
"type": "basic_block"
},
{
"end_pc": 832,
"hash": "0x671f80614b2161acd8baa164519b56d80b0369a1cfcd4471f9660911fdec58ed",
"id": "bb:796",
"start_pc": 796,
"type": "basic_block"
},
{
"end_pc": 868,
"hash": "0x4967a576c664bf96bf266de1e139b435ea940fc359da4af5fde4d4a32032cb10",
"id": "bb:833",
"start_pc": 833,
"type": "basic_block"
},
{
"end_pc": 870,
"hash": "0x5cf4c5f8e3b1ba7f3983055ae21aff82972bf273cf483cb99b22716738730c8f",
"id": "bb:869",
"start_pc": 869,
"type": "basic_block"
},
{
"end_pc": 941,
"hash": "0x4e015292933284ecba012bf1ac6370f2ee89eaecf8846a17e70652092e826368",
"id": "bb:871",
"start_pc": 871,
"type": "basic_block"
},
{
"end_pc": 966,
"hash": "0x726883ac335db6396460a65951f8781b271477760da9f313537d6d2c8f4c2787",
"id": "bb:942",
"start_pc": 942,
"type": "basic_block"
},
{
"end_pc": 980,
"hash": "0x6e647b035fdb58d4be1d1d7fe777d3d819158f76ffe11d2517debc73a4271c9d",
"id": "bb:967",
"start_pc": 967,
"type": "basic_block"
},
{
"end_pc": 998,
"hash": "0xe72f2d49734f00bbcdcd0e24a06397f3639aa1d959474ef092b3e85596206ed4",
"id": "bb:981",
"start_pc": 981,
"type": "basic_block"
},
{
"end_pc": 1008,
"hash": "0xca01593542ab5509a9e9f91cd2fe5d9ff3fefd59976afd43d053e24d9681d7ad",
"id": "bb:999",
"start_pc": 999,
"type": "basic_block"
},
{
"end_pc": 1022,
"hash": "0x3487ce969fde324c21ec4897a771b6a6c9366d06c0ccf7c7eb59128e3da699d9",
"id": "bb:1009",
"start_pc": 1009,
"type": "basic_block"
},
{
"end_pc": 1042,
"hash": "0x9843d5bef793075e621a5db739863e9598a10bb1dac83aff33020ccd4235e068",
"id": "bb:1023",
"start_pc": 1023,
"type": "basic_block"
},
{
"end_pc": 1051,
"hash": "0x538abb38eabdfe29129b607eb8ae0b8d2e44521c45ee2c110943f458fd664324",
"id": "bb:1043",
"start_pc": 1043,
"type": "basic_block"
},
{
"end_pc": 1059,
"hash": "0x472c08278b028b0cdb59aad605c5706d03de3e93dcdf16a3641f8a640a00e731",
"id": "bb:1052",
"start_pc": 1052,
"type": "basic_block"
},
{
"end_pc": 1089,
"hash": "0x5c8c6f156ae992e2a7da3273c349575c878684bc6e974dcab67cad2204a8ac15",
"id": "bb:1060",
"start_pc": 1060,
"type": "basic_block"
},
{
"end_pc": 1093,
"hash": "0x027da33ba0ef47e5382be6e0e7e5f7de28c5fa90f629adef43b8d86b4fdc7dbf",
"id": "bb:1090",
"start_pc": 1090,
"type": "basic_block"
},
{
"end_pc": 1266,
"hash": "0x5798335e65fa03c08b530140688de4533b35e5acc6a62cf1bbb7f4a3b8990728",
"id": "bb:1094",
"start_pc": 1094,
"type": "basic_block"
},
{
"end_pc": 1293,
"hash": "0x1efeed91c466c5566d1ebe14449767f50a1426b1e1762279016703ac747c47c2",
"id": "bb:1267",
"start_pc": 1267,
"type": "basic_block"
},
{
"end_pc": 1297,
"hash": "0xde573111b2e71d42614970a01648d50ed903636ae22a28be2f9f344df8c3a808",
"id": "bb:1294",
"start_pc": 1294,
"type": "basic_block"
},
{
"end_pc": 1367,
"hash": "0xc6099e4bd9cdeda0d19333ac44aa52a84c0014cf573ae2bac4ba956c98bbef7c",
"id": "bb:1298",
"start_pc": 1298,
"type": "basic_block"
},
{
"end_pc": 1371,
"hash": "0xe2811e1ab2e138a0c1623f56ff5e31cf15a81dd9389e0ed886e676b2ee65e741",
"id": "bb:1368",
"start_pc": 1368,
"type": "basic_block"
},
{
"end_pc": 1623,
"hash": "0x6aa5714a3416ed580f6559a1e111b4bd0099b7d16b65705910a895433cc3041c",
"id": "bb:1372",
"start_pc": 1372,
"type": "basic_block"
},
{
"id": "call:712",
"opcode": "CALL",
"pc": 712,
"type": "callsite"
},
{
"id": "call:780",
"opcode": "CALL",
"pc": 780,
"type": "callsite"
},
{
"id": "call:925",
"opcode": "CALL",
"pc": 925,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x23b872dd",
"selector": "0x23b872dd",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": 3404319313,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
},
{
"entry_pc": 3694166258,
"id": "fn:0xcae9ca51",
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 869,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json.edges' BYTECODE_BUNDLE.json" in /tmp/codex-zs7fgfe9
succeeded in 0ms:
[
{
"from": "bb:0",
"to": "bb:119",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:127",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:220",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:270",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:282",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:306",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:398",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:445",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:833",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:127",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:127",
"to": "bb:193",
"type": "control_flow_fallthrough"
},
{
"from": "bb:193",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:201",
"type": "control_flow_fallthrough"
},
{
"from": "bb:201",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:1267",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:266",
"type": "control_flow_fallthrough"
},
{
"from": "bb:306",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:306",
"to": "bb:371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:371",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:371",
"to": "bb:379",
"type": "control_flow_fallthrough"
},
{
"from": "bb:379",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:1060",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:441",
"type": "control_flow_fallthrough"
},
{
"from": "bb:445",
"to": "bb:754",
"type": "control_flow"
},
{
"from": "bb:445",
"to": "bb:729",
"type": "control_flow_fallthrough"
},
{
"from": "bb:729",
"to": "bb:754",
"type": "control_flow_fallthrough"
},
{
"from": "bb:754",
"to": "bb:786",
"type": "control_flow_fallthrough"
},
{
"from": "bb:871",
"to": "bb:967",
"type": "control_flow"
},
{
"from": "bb:871",
"to": "bb:942",
"type": "control_flow_fallthrough"
},
{
"from": "bb:942",
"to": "bb:967",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1009",
"to": "bb:1023",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1023",
"to": "bb:1023",
"type": "control_flow"
},
{
"from": "bb:1023",
"to": "bb:1043",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1043",
"to": "bb:1052",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1060",
"to": "bb:1094",
"type": "control_flow"
},
{
"from": "bb:1060",
"to": "bb:1090",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1267",
"to": "bb:1298",
"type": "control_flow"
},
{
"from": "bb:1267",
"to": "bb:1294",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1298",
"to": "bb:1372",
"type": "control_flow"
},
{
"from": "bb:1298",
"to": "bb:1368",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "fn:0xa9059cbb",
"to": "bb:3404319313",
"type": "entry"
},
{
"from": "fn:0xcae9ca51",
"to": "bb:3694166258",
"type": "entry"
},
{
"from": "fn:0xdc3080f2",
"to": "bb:3714247998",
"type": "entry"
},
{
"from": "fn:0xdd62ed3e",
"to": "bb:869",
"type": "entry"
},
{
"from": "bb:445",
"to": "call:712",
"type": "contains"
},
{
"from": "call:712",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:754",
"to": "call:780",
"type": "contains"
},
{
"from": "call:780",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:871",
"to": "call:925",
"type": "contains"
},
{
"from": "call:925",
"to": "sink:call",
"type": "capability"
}
]
The bytecode is a compact ERC20-like token with one custom approval callback path. I inspected the risky CALL sites and the allowance/storage flow to separate detector noise from a concrete accounting deviation.
✓ Inspect BYTECODE_BUNDLE.json structure, detector findings, and proxy metadata
✓ Review callsites, storage slots, and evidence for concrete security issues
→ Assemble conservative JSON findings with explicit uncertainty
codex
{"no_findings":false,"summary":"The bundle describes a non-proxy ERC20-like token with no delegatecall, selfdestruct, or upgrade-slot activity. After separating detector noise from the identity precompile at address 0x04, the main concrete issue visible in bytecode is non-standard allowance accounting: the standard `allowance` selector appears to report the configured approval cap, while actual spendability is tracked separately in another mapping. This conclusion is based on bytecode storage patterns and best-effort selector inference, so exact source-level names remain uncertain.","findings":[{"severity":"low","category":"other","title":"`allowance()` appears to return the approval cap, not the remaining spendable allowance","exploit_scenario":"A holder grants a spender an approval cap through the custom approval path at selector `0xcae9ca51`. After the spender uses `transferFrom` for part of that cap, off-chain systems and integrators that query the standard ERC20 `allowance(owner,spender)` function can still observe the original cap and assume more allowance remains than is actually usable. This can cause routers, vaults, or wallets to make failing calls, mis-handle approval state, or leave a user with less usable allowance than reported after re-approvals, because the spend tracker appears to persist separately.","recommendation":"Make the ERC20 `allowance` view return the remaining spendable amount, or decrement the approval mapping directly during `transferFrom`. If cumulative-spend accounting is intentional, expose it behind clearly non-standard interfaces and reset the spend-tracker state when overwriting approvals so external integrations cannot misinterpret approval state.","evidence":"`selector:0xdd62ed3e` is a direct getter over one nested mapping at `pc:0x341`-`pc:0x35e`. In `selector:0x23b872dd`, the bytecode reads two nested mappings before the allowance check (`pc:0x52b`-`pc:0x54f`), then later increments the second mapping at `pc:0x5bb`-`pc:0x605` without decrementing the first one. The custom approval-like entrypoint `selector:0xcae9ca51` writes the first mapping at `pc:0x205`-`pc:0x24b` and does not clear the second mapping. The resulting pattern is consistent with `approved_cap` plus separate `spent_so_far`, while the standard `allowance()` getter exposes only `approved_cap`. Selector inference is best-effort, but the storage-access pattern is strong.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","pc:0x24b","pc:0x54f","pc:0x605"]}]}
tokens used
63,291
{
"codex": {
"ran_at": "2026-04-05T04:28:46.409564+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3250,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "The bundle describes a non-proxy ERC20-like token with no delegatecall, selfdestruct, or upgrade-slot activity. After separating detector noise from the identity precompile at address 0x04, the main concrete issue visible in bytecode is non-standard allowance accounting: the standard `allowance` selector appears to report the configured approval cap, while actual spendability is tracked separately in another mapping. This conclusion is based on bytecode storage patterns and best-effort selector inference, so exact source-level names remain uncertain.",
"raw_final": {
"summary": "The bundle describes a non-proxy ERC20-like token with no delegatecall, selfdestruct, or upgrade-slot activity. After separating detector noise from the identity precompile at address 0x04, the main concrete issue visible in bytecode is non-standard allowance accounting: the standard `allowance` selector appears to report the configured approval cap, while actual spendability is tracked separately in another mapping. This conclusion is based on bytecode storage patterns and best-effort selector inference, so exact source-level names remain uncertain.",
"findings": [
{
"title": "`allowance()` appears to return the approval cap, not the remaining spendable allowance",
"category": "other",
"evidence": "`selector:0xdd62ed3e` is a direct getter over one nested mapping at `pc:0x341`-`pc:0x35e`. In `selector:0x23b872dd`, the bytecode reads two nested mappings before the allowance check (`pc:0x52b`-`pc:0x54f`), then later increments the second mapping at `pc:0x5bb`-`pc:0x605` without decrementing the first one. The custom approval-like entrypoint `selector:0xcae9ca51` writes the first mapping at `pc:0x205`-`pc:0x24b` and does not clear the second mapping. The resulting pattern is consistent with `approved_cap` plus separate `spent_so_far`, while the standard `allowance()` getter exposes only `approved_cap`. Selector inference is best-effort, but the storage-access pattern is strong.",
"severity": "low",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x54f",
"pc:0x605"
],
"recommendation": "Make the ERC20 `allowance` view return the remaining spendable amount, or decrement the approval mapping directly during `transferFrom`. If cumulative-spend accounting is intentional, expose it behind clearly non-standard interfaces and reset the spend-tracker state when overwriting approvals so external integrations cannot misinterpret approval state.",
"exploit_scenario": "A holder grants a spender an approval cap through the custom approval path at selector `0xcae9ca51`. After the spender uses `transferFrom` for part of that cap, off-chain systems and integrators that query the standard ERC20 `allowance(owner,spender)` function can still observe the original cap and assume more allowance remains than is actually usable. This can cause routers, vaults, or wallets to make failing calls, mis-handle approval state, or leave a user with less usable allowance than reported after re-approvals, because the spend tracker appears to persist separately."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0077 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x007f 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x23b872dd 00000025: EQ 00000026: PUSH2 0x00dc 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x010e 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x70a08231 0000003b: EQ 0000003c: PUSH2 0x011a 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x95d89b41 00000046: EQ 00000047: PUSH2 0x0132 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xa9059cbb 00000051: EQ 00000052: PUSH2 0x018e 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xcae9ca51 0000005c: EQ 0000005d: PUSH2 0x01bd 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xdc3080f2 00000067: EQ 00000068: PUSH2 0x031c 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xdd62ed3e 00000072: EQ 00000073: PUSH2 0x0341 00000076: JUMPI 00000077: JUMPDEST 00000078: PUSH2 0x0365 0000007b: PUSH2 0x0002 0000007e: JUMP 0000007f: JUMPDEST 00000080: PUSH2 0x0367 00000083: PUSH1 0x00 00000085: DUP1 00000086: SLOAD 00000087: PUSH1 0x20 00000089: PUSH1 0x02 0000008b: PUSH1 0x01 0000008d: DUP4 0000008e: AND 0000008f: ISZERO 00000090: PUSH2 0x0100 00000093: MUL 00000094: PUSH1 0x00 00000096: NOT 00000097: ADD 00000098: SWAP1 00000099: SWAP3 0000009a: AND 0000009b: SWAP2 0000009c: SWAP1 0000009d: SWAP2 0000009e: DIV 0000009f: PUSH1 0x1f 000000a1: DUP2 000000a2: ADD 000000a3: DUP3 000000a4: SWAP1 000000a5: DIV 000000a6: SWAP1 000000a7: SWAP2 000000a8: MUL 000000a9: PUSH1 0x80 000000ab: SWAP1 000000ac: DUP2 000000ad: ADD 000000ae: PUSH1 0x40 000000b0: MSTORE 000000b1: PUSH1 0x60 000000b3: DUP3 000000b4: DUP2 000000b5: MSTORE 000000b6: SWAP3 000000b7: SWAP2 000000b8: SWAP1 000000b9: DUP3 000000ba: DUP3 000000bb: DUP1 000000bc: ISZERO 000000bd: PUSH2 0x041c 000000c0: JUMPI 000000c1: DUP1 000000c2: PUSH1 0x1f 000000c4: LT 000000c5: PUSH2 0x03f1 000000c8: JUMPI 000000c9: PUSH2 0x0100 000000cc: DUP1 000000cd: DUP4 000000ce: SLOAD 000000cf: DIV 000000d0: MUL 000000d1: DUP4 000000d2: MSTORE 000000d3: SWAP2 000000d4: PUSH1 0x20 000000d6: ADD 000000d7: SWAP2 000000d8: PUSH2 0x041c 000000db: JUMP 000000dc: JUMPDEST 000000dd: PUSH2 0x03d5 000000e0: PUSH1 0x04 000000e2: CALLDATALOAD 000000e3: PUSH1 0x24 000000e5: CALLDATALOAD 000000e6: PUSH1 0x44 000000e8: CALLDATALOAD 000000e9: PUSH1 0x01 000000eb: PUSH1 0xa0 000000ed: PUSH1 0x02 000000ef: EXP 000000f0: SUB 000000f1: DUP4 000000f2: AND 000000f3: PUSH1 0x00 000000f5: SWAP1 000000f6: DUP2 000000f7: MSTORE 000000f8: PUSH1 0x03 000000fa: PUSH1 0x20 000000fc: MSTORE 000000fd: PUSH1 0x40 000000ff: DUP2 00000100: KECCAK256 00000101: SLOAD 00000102: DUP3 00000103: SWAP1 00000104: LT 00000105: ISZERO 00000106: PUSH2 0x04f3 00000109: JUMPI 0000010a: PUSH2 0x0002 0000010d: JUMP 0000010e: JUMPDEST 0000010f: PUSH2 0x03e7 00000112: PUSH1 0x02 00000114: SLOAD 00000115: PUSH1 0xff 00000117: AND 00000118: DUP2 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH2 0x03d5 0000011e: PUSH1 0x04 00000120: CALLDATALOAD 00000121: PUSH1 0x03 00000123: PUSH1 0x20 00000125: MSTORE 00000126: PUSH1 0x00 00000128: SWAP1 00000129: DUP2 0000012a: MSTORE 0000012b: PUSH1 0x40 0000012d: SWAP1 0000012e: KECCAK256 0000012f: SLOAD 00000130: DUP2 00000131: JUMP 00000132: JUMPDEST 00000133: PUSH2 0x0367 00000136: PUSH1 0x01 00000138: DUP1 00000139: SLOAD 0000013a: PUSH1 0x20 0000013c: PUSH1 0x02 0000013e: DUP3 0000013f: DUP5 00000140: AND 00000141: ISZERO 00000142: PUSH2 0x0100 00000145: MUL 00000146: PUSH1 0x00 00000148: NOT 00000149: ADD 0000014a: SWAP1 0000014b: SWAP3 0000014c: AND 0000014d: SWAP2 0000014e: SWAP1 0000014f: SWAP2 00000150: DIV 00000151: PUSH1 0x1f 00000153: DUP2 00000154: ADD 00000155: DUP3 00000156: SWAP1 00000157: DIV 00000158: SWAP1 00000159: SWAP2 0000015a: MUL 0000015b: PUSH1 0x80 0000015d: SWAP1 0000015e: DUP2 0000015f: ADD 00000160: PUSH1 0x40 00000162: MSTORE 00000163: PUSH1 0x60 00000165: DUP3 00000166: DUP2 00000167: MSTORE 00000168: SWAP3 00000169: SWAP2 0000016a: SWAP1 0000016b: DUP3 0000016c: DUP3 0000016d: DUP1 0000016e: ISZERO 0000016f: PUSH2 0x041c 00000172: JUMPI 00000173: DUP1 00000174: PUSH1 0x1f 00000176: LT 00000177: PUSH2 0x03f1 0000017a: JUMPI 0000017b: PUSH2 0x0100 0000017e: DUP1 0000017f: DUP4 00000180: SLOAD 00000181: DIV 00000182: MUL 00000183: DUP4 00000184: MSTORE 00000185: SWAP2 00000186: PUSH1 0x20 00000188: ADD 00000189: SWAP2 0000018a: PUSH2 0x041c 0000018d: JUMP 0000018e: JUMPDEST 0000018f: PUSH2 0x0365 00000192: PUSH1 0x04 00000194: CALLDATALOAD 00000195: PUSH1 0x24 00000197: CALLDATALOAD 00000198: PUSH1 0x01 0000019a: PUSH1 0xa0 0000019c: PUSH1 0x02 0000019e: EXP 0000019f: SUB 000001a0: CALLER 000001a1: AND 000001a2: PUSH1 0x00 000001a4: SWAP1 000001a5: DUP2 000001a6: MSTORE 000001a7: PUSH1 0x03 000001a9: PUSH1 0x20 000001ab: MSTORE 000001ac: PUSH1 0x40 000001ae: SWAP1 000001af: KECCAK256 000001b0: SLOAD 000001b1: DUP2 000001b2: SWAP1 000001b3: LT 000001b4: ISZERO 000001b5: PUSH2 0x0424 000001b8: JUMPI 000001b9: PUSH2 0x0002 000001bc: JUMP 000001bd: JUMPDEST 000001be: PUSH1 0x80 000001c0: PUSH1 0x20 000001c2: PUSH1 0x44 000001c4: CALLDATALOAD 000001c5: PUSH1 0x04 000001c7: DUP2 000001c8: DUP2 000001c9: ADD 000001ca: CALLDATALOAD 000001cb: PUSH1 0x1f 000001cd: DUP2 000001ce: ADD 000001cf: DUP5 000001d0: SWAP1 000001d1: DIV 000001d2: SWAP1 000001d3: SWAP4 000001d4: MUL 000001d5: DUP5 000001d6: ADD 000001d7: PUSH1 0x40 000001d9: MSTORE 000001da: PUSH1 0x60 000001dc: DUP4 000001dd: DUP2 000001de: MSTORE 000001df: PUSH2 0x03d5 000001e2: SWAP5 000001e3: DUP3 000001e4: CALLDATALOAD 000001e5: SWAP5 000001e6: PUSH1 0x24 000001e8: DUP1 000001e9: CALLDATALOAD 000001ea: SWAP6 000001eb: PUSH1 0x64 000001ed: SWAP5 000001ee: SWAP4 000001ef: SWAP2 000001f0: ADD 000001f1: SWAP2 000001f2: SWAP1 000001f3: DUP2 000001f4: SWAP1 000001f5: DUP4 000001f6: DUP3 000001f7: DUP1 000001f8: DUP3 000001f9: DUP5 000001fa: CALLDATACOPY 000001fb: POP 000001fc: SWAP5 000001fd: SWAP7 000001fe: POP 000001ff: POP 00000200: POP 00000201: POP 00000202: POP 00000203: POP 00000204: POP 00000205: PUSH1 0x00 00000207: PUSH1 0x00 00000209: DUP4 0000020a: PUSH1 0x04 0000020c: PUSH1 0x00 0000020e: POP 0000020f: PUSH1 0x00 00000211: CALLER 00000212: PUSH1 0x01 00000214: PUSH1 0xa0 00000216: PUSH1 0x02 00000218: EXP 00000219: SUB 0000021a: AND 0000021b: DUP2 0000021c: MSTORE 0000021d: PUSH1 0x20 0000021f: ADD 00000220: SWAP1 00000221: DUP2 00000222: MSTORE 00000223: PUSH1 0x20 00000225: ADD 00000226: PUSH1 0x00 00000228: KECCAK256 00000229: PUSH1 0x00 0000022b: POP 0000022c: PUSH1 0x00 0000022e: DUP8 0000022f: PUSH1 0x01 00000231: PUSH1 0xa0 00000233: PUSH1 0x02 00000235: EXP 00000236: SUB 00000237: AND 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP1 0000023e: DUP2 0000023f: MSTORE 00000240: PUSH1 0x20 00000242: ADD 00000243: PUSH1 0x00 00000245: KECCAK256 00000246: PUSH1 0x00 00000248: POP 00000249: DUP2 0000024a: SWAP1 0000024b: SSTORE 0000024c: POP 0000024d: DUP5 0000024e: SWAP1 0000024f: POP 00000250: DUP1 00000251: PUSH1 0x01 00000253: PUSH1 0xa0 00000255: PUSH1 0x02 00000257: EXP 00000258: SUB 00000259: AND 0000025a: PUSH4 0x8f4ffcb1 0000025f: CALLER 00000260: DUP7 00000261: ADDRESS 00000262: DUP8 00000263: PUSH1 0x40 00000265: MLOAD 00000266: DUP6 00000267: PUSH1 0xe0 00000269: PUSH1 0x02 0000026b: EXP 0000026c: MUL 0000026d: DUP2 0000026e: MSTORE 0000026f: PUSH1 0x04 00000271: ADD 00000272: DUP1 00000273: DUP6 00000274: PUSH1 0x01 00000276: PUSH1 0xa0 00000278: PUSH1 0x02 0000027a: EXP 0000027b: SUB 0000027c: AND 0000027d: DUP2 0000027e: MSTORE 0000027f: PUSH1 0x20 00000281: ADD 00000282: DUP5 00000283: DUP2 00000284: MSTORE 00000285: PUSH1 0x20 00000287: ADD 00000288: DUP4 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: DUP2 00000293: MSTORE 00000294: PUSH1 0x20 00000296: ADD 00000297: DUP1 00000298: PUSH1 0x20 0000029a: ADD 0000029b: DUP3 0000029c: DUP2 0000029d: SUB 0000029e: DUP3 0000029f: MSTORE 000002a0: DUP4 000002a1: DUP2 000002a2: DUP2 000002a3: MLOAD 000002a4: DUP2 000002a5: MSTORE 000002a6: PUSH1 0x20 000002a8: ADD 000002a9: SWAP2 000002aa: POP 000002ab: DUP1 000002ac: MLOAD 000002ad: SWAP1 000002ae: PUSH1 0x20 000002b0: ADD 000002b1: SWAP1 000002b2: DUP1 000002b3: DUP4 000002b4: DUP4 000002b5: DUP3 000002b6: SWAP1 000002b7: PUSH1 0x00 000002b9: PUSH1 0x04 000002bb: PUSH1 0x20 000002bd: DUP5 000002be: PUSH1 0x1f 000002c0: ADD 000002c1: DIV 000002c2: PUSH1 0x0f 000002c4: MUL 000002c5: PUSH1 0x03 000002c7: ADD 000002c8: CALL 000002c9: POP 000002ca: SWAP1 000002cb: POP 000002cc: SWAP1 000002cd: DUP2 000002ce: ADD 000002cf: SWAP1 000002d0: PUSH1 0x1f 000002d2: AND 000002d3: DUP1 000002d4: ISZERO 000002d5: PUSH2 0x02f2 000002d8: JUMPI 000002d9: DUP1 000002da: DUP3 000002db: SUB 000002dc: DUP1 000002dd: MLOAD 000002de: PUSH1 0x01 000002e0: DUP4 000002e1: PUSH1 0x20 000002e3: SUB 000002e4: PUSH2 0x0100 000002e7: EXP 000002e8: SUB 000002e9: NOT 000002ea: AND 000002eb: DUP2 000002ec: MSTORE 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: SWAP2 000002f1: POP 000002f2: JUMPDEST 000002f3: POP 000002f4: SWAP6 000002f5: POP 000002f6: POP 000002f7: POP 000002f8: POP 000002f9: POP 000002fa: POP 000002fb: PUSH1 0x00 000002fd: PUSH1 0x40 000002ff: MLOAD 00000300: DUP1 00000301: DUP4 00000302: SUB 00000303: DUP2 00000304: PUSH1 0x00 00000306: DUP8 00000307: PUSH2 0x61da 0000030a: GAS 0000030b: SUB 0000030c: CALL 0000030d: ISZERO 0000030e: PUSH2 0x0002 00000311: JUMPI 00000312: POP 00000313: POP 00000314: POP 00000315: POP 00000316: SWAP4 00000317: SWAP3 00000318: POP 00000319: POP 0000031a: POP 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH1 0x05 0000031f: PUSH1 0x20 00000321: SWAP1 00000322: DUP2 00000323: MSTORE 00000324: PUSH1 0x04 00000326: CALLDATALOAD 00000327: PUSH1 0x00 00000329: SWAP1 0000032a: DUP2 0000032b: MSTORE 0000032c: PUSH1 0x40 0000032e: DUP1 0000032f: DUP3 00000330: KECCAK256 00000331: SWAP1 00000332: SWAP3 00000333: MSTORE 00000334: PUSH1 0x24 00000336: CALLDATALOAD 00000337: DUP2 00000338: MSTORE 00000339: KECCAK256 0000033a: SLOAD 0000033b: PUSH2 0x03d5 0000033e: SWAP1 0000033f: DUP2 00000340: JUMP 00000341: JUMPDEST 00000342: PUSH1 0x04 00000344: PUSH1 0x20 00000346: DUP2 00000347: DUP2 00000348: MSTORE 00000349: SWAP1 0000034a: CALLDATALOAD 0000034b: PUSH1 0x00 0000034d: SWAP1 0000034e: DUP2 0000034f: MSTORE 00000350: PUSH1 0x40 00000352: DUP1 00000353: DUP3 00000354: KECCAK256 00000355: SWAP1 00000356: SWAP3 00000357: MSTORE 00000358: PUSH1 0x24 0000035a: CALLDATALOAD 0000035b: DUP2 0000035c: MSTORE 0000035d: KECCAK256 0000035e: SLOAD 0000035f: PUSH2 0x03d5 00000362: SWAP1 00000363: DUP2 00000364: JUMP 00000365: JUMPDEST 00000366: STOP 00000367: JUMPDEST 00000368: PUSH1 0x40 0000036a: MLOAD 0000036b: DUP1 0000036c: DUP1 0000036d: PUSH1 0x20 0000036f: ADD 00000370: DUP3 00000371: DUP2 00000372: SUB 00000373: DUP3 00000374: MSTORE 00000375: DUP4 00000376: DUP2 00000377: DUP2 00000378: MLOAD 00000379: DUP2 0000037a: MSTORE 0000037b: PUSH1 0x20 0000037d: ADD 0000037e: SWAP2 0000037f: POP 00000380: DUP1 00000381: MLOAD 00000382: SWAP1 00000383: PUSH1 0x20 00000385: ADD 00000386: SWAP1 00000387: DUP1 00000388: DUP4 00000389: DUP4 0000038a: DUP3 0000038b: SWAP1 0000038c: PUSH1 0x00 0000038e: PUSH1 0x04 00000390: PUSH1 0x20 00000392: DUP5 00000393: PUSH1 0x1f 00000395: ADD 00000396: DIV 00000397: PUSH1 0x0f 00000399: MUL 0000039a: PUSH1 0x03 0000039c: ADD 0000039d: CALL 0000039e: POP 0000039f: SWAP1 000003a0: POP 000003a1: SWAP1 000003a2: DUP2 000003a3: ADD 000003a4: SWAP1 000003a5: PUSH1 0x1f 000003a7: AND 000003a8: DUP1 000003a9: ISZERO 000003aa: PUSH2 0x03c7 000003ad: JUMPI 000003ae: DUP1 000003af: DUP3 000003b0: SUB 000003b1: DUP1 000003b2: MLOAD 000003b3: PUSH1 0x01 000003b5: DUP4 000003b6: PUSH1 0x20 000003b8: SUB 000003b9: PUSH2 0x0100 000003bc: EXP 000003bd: SUB 000003be: NOT 000003bf: AND 000003c0: DUP2 000003c1: MSTORE 000003c2: PUSH1 0x20 000003c4: ADD 000003c5: SWAP2 000003c6: POP 000003c7: JUMPDEST 000003c8: POP 000003c9: SWAP3 000003ca: POP 000003cb: POP 000003cc: POP 000003cd: PUSH1 0x40 000003cf: MLOAD 000003d0: DUP1 000003d1: SWAP2 000003d2: SUB 000003d3: SWAP1 000003d4: RETURN 000003d5: JUMPDEST 000003d6: PUSH1 0x40 000003d8: DUP1 000003d9: MLOAD 000003da: SWAP2 000003db: DUP3 000003dc: MSTORE 000003dd: MLOAD 000003de: SWAP1 000003df: DUP2 000003e0: SWAP1 000003e1: SUB 000003e2: PUSH1 0x20 000003e4: ADD 000003e5: SWAP1 000003e6: RETURN 000003e7: JUMPDEST 000003e8: PUSH1 0x60 000003ea: SWAP1 000003eb: DUP2 000003ec: MSTORE 000003ed: PUSH1 0x20 000003ef: SWAP1 000003f0: RETURN 000003f1: JUMPDEST 000003f2: DUP3 000003f3: ADD 000003f4: SWAP2 000003f5: SWAP1 000003f6: PUSH1 0x00 000003f8: MSTORE 000003f9: PUSH1 0x20 000003fb: PUSH1 0x00 000003fd: KECCAK256 000003fe: SWAP1 000003ff: JUMPDEST 00000400: DUP2 00000401: SLOAD 00000402: DUP2 00000403: MSTORE 00000404: SWAP1 00000405: PUSH1 0x01 00000407: ADD 00000408: SWAP1 00000409: PUSH1 0x20 0000040b: ADD 0000040c: DUP1 0000040d: DUP4 0000040e: GT 0000040f: PUSH2 0x03ff 00000412: JUMPI 00000413: DUP3 00000414: SWAP1 00000415: SUB 00000416: PUSH1 0x1f 00000418: AND 00000419: DUP3 0000041a: ADD 0000041b: SWAP2 0000041c: JUMPDEST 0000041d: POP 0000041e: POP 0000041f: POP 00000420: POP 00000421: POP 00000422: DUP2 00000423: JUMP 00000424: JUMPDEST 00000425: PUSH1 0x01 00000427: PUSH1 0xa0 00000429: PUSH1 0x02 0000042b: EXP 0000042c: SUB 0000042d: DUP3 0000042e: AND 0000042f: PUSH1 0x00 00000431: SWAP1 00000432: DUP2 00000433: MSTORE 00000434: PUSH1 0x40 00000436: SWAP1 00000437: KECCAK256 00000438: SLOAD 00000439: DUP1 0000043a: DUP3 0000043b: ADD 0000043c: LT 0000043d: ISZERO 0000043e: PUSH2 0x0446 00000441: JUMPI 00000442: PUSH2 0x0002 00000445: JUMP 00000446: JUMPDEST 00000447: DUP1 00000448: PUSH1 0x03 0000044a: PUSH1 0x00 0000044c: POP 0000044d: PUSH1 0x00 0000044f: CALLER 00000450: PUSH1 0x01 00000452: PUSH1 0xa0 00000454: PUSH1 0x02 00000456: EXP 00000457: SUB 00000458: AND 00000459: DUP2 0000045a: MSTORE 0000045b: PUSH1 0x20 0000045d: ADD 0000045e: SWAP1 0000045f: DUP2 00000460: MSTORE 00000461: PUSH1 0x20 00000463: ADD 00000464: PUSH1 0x00 00000466: KECCAK256 00000467: PUSH1 0x00 00000469: DUP3 0000046a: DUP3 0000046b: DUP3 0000046c: POP 0000046d: SLOAD 0000046e: SUB 0000046f: SWAP3 00000470: POP 00000471: POP 00000472: DUP2 00000473: SWAP1 00000474: SSTORE 00000475: POP 00000476: DUP1 00000477: PUSH1 0x03 00000479: PUSH1 0x00 0000047b: POP 0000047c: PUSH1 0x00 0000047e: DUP5 0000047f: PUSH1 0x01 00000481: PUSH1 0xa0 00000483: PUSH1 0x02 00000485: EXP 00000486: SUB 00000487: AND 00000488: DUP2 00000489: MSTORE 0000048a: PUSH1 0x20 0000048c: ADD 0000048d: SWAP1 0000048e: DUP2 0000048f: MSTORE 00000490: PUSH1 0x20 00000492: ADD 00000493: PUSH1 0x00 00000495: KECCAK256 00000496: PUSH1 0x00 00000498: DUP3 00000499: DUP3 0000049a: DUP3 0000049b: POP 0000049c: SLOAD 0000049d: ADD 0000049e: SWAP3 0000049f: POP 000004a0: POP 000004a1: DUP2 000004a2: SWAP1 000004a3: SSTORE 000004a4: POP 000004a5: DUP2 000004a6: PUSH1 0x01 000004a8: PUSH1 0xa0 000004aa: PUSH1 0x02 000004ac: EXP 000004ad: SUB 000004ae: AND 000004af: CALLER 000004b0: PUSH1 0x01 000004b2: PUSH1 0xa0 000004b4: PUSH1 0x02 000004b6: EXP 000004b7: SUB 000004b8: AND 000004b9: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004da: DUP4 000004db: PUSH1 0x40 000004dd: MLOAD 000004de: DUP1 000004df: DUP3 000004e0: DUP2 000004e1: MSTORE 000004e2: PUSH1 0x20 000004e4: ADD 000004e5: SWAP2 000004e6: POP 000004e7: POP 000004e8: PUSH1 0x40 000004ea: MLOAD 000004eb: DUP1 000004ec: SWAP2 000004ed: SUB 000004ee: SWAP1 000004ef: LOG3 000004f0: POP 000004f1: POP 000004f2: JUMP 000004f3: JUMPDEST 000004f4: PUSH1 0x01 000004f6: PUSH1 0xa0 000004f8: PUSH1 0x02 000004fa: EXP 000004fb: SUB 000004fc: DUP4 000004fd: AND 000004fe: DUP2 000004ff: MSTORE 00000500: PUSH1 0x40 00000502: DUP2 00000503: KECCAK256 00000504: SLOAD 00000505: DUP1 00000506: DUP4 00000507: ADD 00000508: LT 00000509: ISZERO 0000050a: PUSH2 0x0512 0000050d: JUMPI 0000050e: PUSH2 0x0002 00000511: JUMP 00000512: JUMPDEST 00000513: PUSH1 0x01 00000515: PUSH1 0xa0 00000517: PUSH1 0x02 00000519: EXP 0000051a: SUB 0000051b: DUP1 0000051c: DUP6 0000051d: AND 0000051e: DUP1 0000051f: DUP4 00000520: MSTORE 00000521: PUSH1 0x04 00000523: PUSH1 0x20 00000525: SWAP1 00000526: DUP2 00000527: MSTORE 00000528: PUSH1 0x40 0000052a: DUP1 0000052b: DUP6 0000052c: KECCAK256 0000052d: CALLER 0000052e: SWAP5 0000052f: SWAP1 00000530: SWAP5 00000531: AND 00000532: DUP1 00000533: DUP7 00000534: MSTORE 00000535: SWAP4 00000536: DUP3 00000537: MSTORE 00000538: DUP1 00000539: DUP6 0000053a: KECCAK256 0000053b: SLOAD 0000053c: SWAP3 0000053d: DUP6 0000053e: MSTORE 0000053f: PUSH1 0x05 00000541: DUP3 00000542: MSTORE 00000543: DUP1 00000544: DUP6 00000545: KECCAK256 00000546: SWAP4 00000547: DUP6 00000548: MSTORE 00000549: SWAP3 0000054a: SWAP1 0000054b: MSTORE 0000054c: SWAP1 0000054d: DUP3 0000054e: KECCAK256 0000054f: SLOAD 00000550: DUP4 00000551: ADD 00000552: GT 00000553: ISZERO 00000554: PUSH2 0x055c 00000557: JUMPI 00000558: PUSH2 0x0002 0000055b: JUMP 0000055c: JUMPDEST 0000055d: DUP2 0000055e: PUSH1 0x03 00000560: PUSH1 0x00 00000562: POP 00000563: PUSH1 0x00 00000565: DUP7 00000566: PUSH1 0x01 00000568: PUSH1 0xa0 0000056a: PUSH1 0x02 0000056c: EXP 0000056d: SUB 0000056e: AND 0000056f: DUP2 00000570: MSTORE 00000571: PUSH1 0x20 00000573: ADD 00000574: SWAP1 00000575: DUP2 00000576: MSTORE 00000577: PUSH1 0x20 00000579: ADD 0000057a: PUSH1 0x00 0000057c: KECCAK256 0000057d: PUSH1 0x00 0000057f: DUP3 00000580: DUP3 00000581: DUP3 00000582: POP 00000583: SLOAD 00000584: SUB 00000585: SWAP3 00000586: POP 00000587: POP 00000588: DUP2 00000589: SWAP1 0000058a: SSTORE 0000058b: POP 0000058c: DUP2 0000058d: PUSH1 0x03 0000058f: PUSH1 0x00 00000591: POP 00000592: PUSH1 0x00 00000594: DUP6 00000595: PUSH1 0x01 00000597: PUSH1 0xa0 00000599: PUSH1 0x02 0000059b: EXP 0000059c: SUB 0000059d: AND 0000059e: DUP2 0000059f: MSTORE 000005a0: PUSH1 0x20 000005a2: ADD 000005a3: SWAP1 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x20 000005a8: ADD 000005a9: PUSH1 0x00 000005ab: KECCAK256 000005ac: PUSH1 0x00 000005ae: DUP3 000005af: DUP3 000005b0: DUP3 000005b1: POP 000005b2: SLOAD 000005b3: ADD 000005b4: SWAP3 000005b5: POP 000005b6: POP 000005b7: DUP2 000005b8: SWAP1 000005b9: SSTORE 000005ba: POP 000005bb: DUP2 000005bc: PUSH1 0x05 000005be: PUSH1 0x00 000005c0: POP 000005c1: PUSH1 0x00 000005c3: DUP7 000005c4: PUSH1 0x01 000005c6: PUSH1 0xa0 000005c8: PUSH1 0x02 000005ca: EXP 000005cb: SUB 000005cc: AND 000005cd: DUP2 000005ce: MSTORE 000005cf: PUSH1 0x20 000005d1: ADD 000005d2: SWAP1 000005d3: DUP2 000005d4: MSTORE 000005d5: PUSH1 0x20 000005d7: ADD 000005d8: PUSH1 0x00 000005da: KECCAK256 000005db: PUSH1 0x00 000005dd: POP 000005de: PUSH1 0x00 000005e0: CALLER 000005e1: PUSH1 0x01 000005e3: PUSH1 0xa0 000005e5: PUSH1 0x02 000005e7: EXP 000005e8: SUB 000005e9: AND 000005ea: DUP2 000005eb: MSTORE 000005ec: PUSH1 0x20 000005ee: ADD 000005ef: SWAP1 000005f0: DUP2 000005f1: MSTORE 000005f2: PUSH1 0x20 000005f4: ADD 000005f5: PUSH1 0x00 000005f7: KECCAK256 000005f8: PUSH1 0x00 000005fa: DUP3 000005fb: DUP3 000005fc: DUP3 000005fd: POP 000005fe: SLOAD 000005ff: ADD 00000600: SWAP3 00000601: POP 00000602: POP 00000603: DUP2 00000604: SWAP1 00000605: SSTORE 00000606: POP 00000607: DUP3 00000608: PUSH1 0x01 0000060a: PUSH1 0xa0 0000060c: PUSH1 0x02 0000060e: EXP 0000060f: SUB 00000610: AND 00000611: CALLER 00000612: PUSH1 0x01 00000614: PUSH1 0xa0 00000616: PUSH1 0x02 00000618: EXP 00000619: SUB 0000061a: AND 0000061b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000063c: DUP5 0000063d: PUSH1 0x40 0000063f: MLOAD 00000640: DUP1 00000641: DUP3 00000642: DUP2 00000643: MSTORE 00000644: PUSH1 0x20 00000646: ADD 00000647: SWAP2 00000648: POP 00000649: POP 0000064a: PUSH1 0x40 0000064c: MLOAD 0000064d: DUP1 0000064e: SWAP2 0000064f: SUB 00000650: SWAP1 00000651: LOG3 00000652: SWAP4 00000653: SWAP3 00000654: POP 00000655: POP 00000656: POP 00000657: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e
call_targets:
0x0000000000000000000000000000000000000004, 0xddda8fb5460883e68854d62d1eff8046a28c0352
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xddda8fb5460883e68854d62d1eff8046a28c0352"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e
call_targets:
0x0000000000000000000000000000000000000004, 0xddda8fb5460883e68854d62d1eff8046a28c0352
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xa75b1d7a703ecb1b51e83f7910157d54412df26c8e73d6e9e97b5803826e094e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xddda8fb5460883e68854d62d1eff8046a28c0352"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| low | other | codex | `allowance()` appears to return the approval cap, not the remaining spendable allowance | 65 | no | — |
viewevidence_json{
"evidence": "`selector:0xdd62ed3e` is a direct getter over one nested mapping at `pc:0x341`-`pc:0x35e`. In `selector:0x23b872dd`, the bytecode reads two nested mappings before the allowance check (`pc:0x52b`-`pc:0x54f`), then later increments the second mapping at `pc:0x5bb`-`pc:0x605` without decrementing the first one. The custom approval-like entrypoint `selector:0xcae9ca51` writes the first mapping at `pc:0x205`-`pc:0x24b` and does not clear the second mapping. The resulting pattern is consistent with `approved_cap` plus separate `spent_so_far`, while the standard `allowance()` getter exposes only `approved_cap`. Selector inference is best-effort, but the storage-access pattern is strong.",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x54f",
"pc:0x605"
],
"recommendation": "Make the ERC20 `allowance` view return the remaining spendable amount, or decrement the approval mapping directly during `transferFrom`. If cumulative-spend accounting is intentional, expose it behind clearly non-standard interfaces and reset the spend-tracker state when overwriting approvals so external integrations cannot misinterpret approval state.",
"exploit_scenario": "A holder grants a spender an approval cap through the custom approval path at selector `0xcae9ca51`. After the spender uses `transferFrom` for part of that cap, off-chain systems and integrators that query the standard ERC20 `allowance(owner,spender)` function can still observe the original cap and assume more allowance remains than is actually usable. This can cause routers, vaults, or wallets to make failing calls, mis-handle approval state, or leave a user with less usable allowance than reported after re-approvals, because the spend tracker appears to persist separately."
}
|