019b3836-35cc-723a-bcf6-7567ef2a2215
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3481 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3482 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46452 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46453 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46454 | detector.run | complete | 1 / 3 | 1 week ago |
| 46455 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113264 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"The bytecode looks like an ERC20-style token with one custom callback-style approval entrypoint at selector 0xcae9ca51. I did not substantiate the bundle's generic 'ETH value transfer' detector because two CALL sites match old Solidity identity-precompile memcpy patterns and the remaining low-level call appears to push zero value before CALL. The meaningful risk is the callback-style external call path itself.","findings":[{"severity":"medium","category":"reentrancy","title":"Allowance is written before an untrusted callback-style external CALL","exploit_scenario":"Selector 0xcae9ca51 appears to be an approve-and-callback flow: it stores a nested mapping entry (base slot 0x04) at pc 0x024b and then performs a low-level CALL at pc 0x030c with calldata beginning with selector 0x8f4ffcb1. Because no guard was detected in the bundle, a malicious spender/callback target can reenter while the fresh approval is already live and synchronously invoke token methods such as transferFrom. That behavior may be intended for an approveAndCall pattern, but any integrator assuming the approval step is non-reentrant can be broken.","recommendation":"Treat selector 0xcae9ca51 as fully reentrant. If callback behavior is required, add an explicit reentrancy guard or redesign to a pull pattern. At minimum, document that the callee may synchronously consume the newly written approval during the same transaction.","evidence":"Bundle auth heuristics report no guards. In the 0xcae9ca51 path, storage is updated via SSTORE at pc 0x024b before the low-level CALL at pc 0x030c. The surrounding CALL sites at pc 0x02c8 and pc 0x039d match old Solidity identity-precompile copy patterns, so the material external interaction is the pc 0x030c callback.","locations":["selector:0xcae9ca51","pc:0x24b","pc:0x30c"]},{"severity":"low","category":"other","title":"Callback success is checked only at the CALL bit level; hook execution is not semantically validated","exploit_scenario":"After the low-level CALL at pc 0x030c, the code checks only the CALL success bit (pc 0x030d-0x0311). The artifact also marks returndata_checked as unknown/null for this callsite. A target with a permissive fallback can therefore make the function succeed even if the expected callback hook was never actually executed. In an approve-and-callback flow, this can leave allowance state changed while upstream code assumes the receiver processed the hook.","recommendation":"Prefer an explicit interface call and require expected returndata or a known magic value. If low-level CALL must remain, validate that the target is a contract and that the callback semantics actually occurred rather than relying on the raw CALL success bit alone.","evidence":"At pc 0x030c the contract performs a low-level CALL from selector 0xcae9ca51. The immediate post-call sequence is ISZERO -> JUMPI to failure, with no visible returndata decoding or magic-value check. The bundle's callsite metadata for this pc reports returndata_checked: null.","locations":["selector:0xcae9ca51","pc:0x30c","pc:0x30d","pc:0x311"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-9fdhl0rc
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5bd1-dcc9-7ff0-91e1-b6f055f39a5e
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "wc -c BYTECODE_BUNDLE.json && sed -n '1,220p' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
84463 BYTECODE_BUNDLE.json
{
"analysis_artifact": {
"address": "0xaf04889fcd67560580b0dc544566e93743652020",
"artifact_hash": "0x3ad6d630e4ccbe57cfbf8e2e26ef37ee7a25fd69555a8d558beec9198bf5c635",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 119
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 127
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 193
},
{
"end_pc": 219,
exec
/bin/bash -lc 'pwd && ls -la && rg --files' in /tmp/codex-9fdhl0rc
succeeded in 0ms:
/tmp/codex-9fdhl0rc
total 120
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 04:06 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 04:06 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 84463 Apr 5 04:06 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 04:06 codex-output-schema.json
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_selectors, .analysis_artifact.artifact_json.callsite_summary, .analysis_artifact.artifact_json.storage_layout, .analysis_artifact.artifact_json.proxy, .analysis_artifact.artifact_json.auth, .analysis_artifact.artifact_json.detectors' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
null
null
null
null
{
"guards": []
}
null
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json && echo --- && jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json && echo --- && jq '.analysis_artifact.artifact_json.detectors | keys' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
exited 5 in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
---
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
---
jq: error (at BYTECODE_BUNDLE.json:3243): null (null) has no keys
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xaf04889fcd67560580b0dc544566e93743652020"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xaf04889fcd67560580b0dc544566e93743652020"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "jq '.heuristics_summary' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
{
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
exec
/bin/bash -lc "jq '.capability_graph' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
{
"address": "0xaf04889fcd67560580b0dc544566e93743652020",
"block_number": null,
"chain_id": 1,
"codehash": "0x874efed0297ce2055816a3736c8d2293d47cabbd37cf73418ace9a48771a70c9",
"created_at": "2026-04-04T19:55:34.000000Z",
"graph_hash": "0x08ed0ee3a40777d05d4b865b7bdeaabaa821e2bacf435a18cce4ce5743674a5e",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:119",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:127",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:220",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:270",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:282",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:306",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:398",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:445",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:833",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:127",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:127",
"to": "bb:193",
"type": "control_flow_fallthrough"
},
{
"from": "bb:193",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:201",
"type": "control_flow_fallthrough"
},
{
"from": "bb:201",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:1267",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:266",
"type": "control_flow_fallthrough"
},
{
"from": "bb:306",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:306",
"to": "bb:371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:371",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:371",
"to": "bb:379",
"type": "control_flow_fallthrough"
},
{
"from": "bb:379",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:1060",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:441",
"type": "control_flow_fallthrough"
},
{
"from": "bb:445",
"to": "bb:754",
"type": "control_flow"
},
{
"from": "bb:445",
"to": "bb:729",
"type": "control_flow_fallthrough"
},
{
"from": "bb:729",
"to": "bb:754",
"type": "control_flow_fallthrough"
},
{
"from": "bb:754",
"to": "bb:786",
"type": "control_flow_fallthrough"
},
{
"from": "bb:871",
"to": "bb:967",
"type": "control_flow"
},
{
"from": "bb:871",
"to": "bb:942",
"type": "control_flow_fallthrough"
},
{
"from": "bb:942",
"to": "bb:967",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1009",
"to": "bb:1023",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1023",
"to": "bb:1023",
"type": "control_flow"
},
{
"from": "bb:1023",
"to": "bb:1043",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1043",
"to": "bb:1052",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1060",
"to": "bb:1094",
"type": "control_flow"
},
{
"from": "bb:1060",
"to": "bb:1090",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1267",
"to": "bb:1298",
"type": "control_flow"
},
{
"from": "bb:1267",
"to": "bb:1294",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1298",
"to": "bb:1372",
"type": "control_flow"
},
{
"from": "bb:1298",
"to": "bb:1368",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "fn:0xa9059cbb",
"to": "bb:3404319313",
"type": "entry"
},
{
"from": "fn:0xcae9ca51",
"to": "bb:3694166258",
"type": "entry"
},
{
"from": "fn:0xdc3080f2",
"to": "bb:3714247998",
"type": "entry"
},
{
"from": "fn:0xdd62ed3e",
"to": "bb:869",
"type": "entry"
},
{
"from": "bb:445",
"to": "call:712",
"type": "contains"
},
{
"from": "call:712",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:754",
"to": "call:780",
"type": "contains"
},
{
"from": "call:780",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:871",
"to": "call:925",
"type": "contains"
},
{
"from": "call:925",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"id": "bb:127",
"start_pc": 127,
"type": "basic_block"
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"id": "bb:193",
"start_pc": 193,
"type": "basic_block"
},
{
"end_pc": 219,
"hash": "0x2e794b922f2e688929521016738957b2566468ea69b3419d8d40755853cff20c",
"id": "bb:201",
"start_pc": 201,
"type": "basic_block"
},
{
"end_pc": 265,
"hash": "0x190bf08b5e08d77b3005616766a2ab7fa4adb77ba20b16951d4633d8293f7ebf",
"id": "bb:220",
"start_pc": 220,
"type": "basic_block"
},
{
"end_pc": 269,
"hash": "0x52ba0293f3ad0d0d22b2cd189312666c2f198fe85fd7e8cf364ca30124e6b6de",
"id": "bb:266",
"start_pc": 266,
"type": "basic_block"
},
{
"end_pc": 281,
"hash": "0x9362fd1a8491aafd33b18515eb8ae7f6ce985746e9a8743c6fc6c84b7c52c518",
"id": "bb:270",
"start_pc": 270,
"type": "basic_block"
},
{
"end_pc": 305,
"hash": "0xbb87a2a93bcc6d42ab9c1e8a369ca3651c37d9a9372dc06f6964d3866ab8b291",
"id": "bb:282",
"start_pc": 282,
"type": "basic_block"
},
{
"end_pc": 370,
"hash": "0x1f128a54ab36e4a650a39c43969da7a18d0606125668c0a3aa64a761d230287a",
"id": "bb:306",
"start_pc": 306,
"type": "basic_block"
},
{
"end_pc": 378,
"hash": "0x58b1c56e0bff7ba093cef9b7a74d11611cf4b15773f76d97991c3d49c38766a6",
"id": "bb:371",
"start_pc": 371,
"type": "basic_block"
},
{
"end_pc": 397,
"hash": "0xe9187216f47e087c3deca70ab4be2937fbf4de2fca127d2dfd92abe17b4781fa",
"id": "bb:379",
"start_pc": 379,
"type": "basic_block"
},
{
"end_pc": 440,
"hash": "0xa101c9d6bb187e5dd34f4e8bfce81941261c9b79f1205d8650c4885bb3726448",
"id": "bb:398",
"start_pc": 398,
"type": "basic_block"
},
{
"end_pc": 444,
"hash": "0x97405cdd6e6b60c9e9daa38cfb2e6d1ae50968b4bd9967a97fd59f851bba10c4",
"id": "bb:441",
"start_pc": 441,
"type": "basic_block"
},
{
"end_pc": 728,
"hash": "0x4c004680333ea937e41a95e0aaa7be8791bcc43b3d6e6b44ac5f9f25fec29fb6",
"id": "bb:445",
"start_pc": 445,
"type": "basic_block"
},
{
"end_pc": 753,
"hash": "0x6c0260a2c143f4bf49ef1833a76637a7016a5027a6eb39e9b989cd2fa2ad3bc9",
"id": "bb:729",
"start_pc": 729,
"type": "basic_block"
},
{
"end_pc": 785,
"hash": "0xbffc64f35b18e95e2103ddef4b4c5fdccee241aff0e0782c74d7b7bb3e9692bb",
"id": "bb:754",
"start_pc": 754,
"type": "basic_block"
},
{
"end_pc": 795,
"hash": "0xd31cae8e0c5c35d864bd5508dadbe36913d0b7616723327ad7fa8cbf04a9d090",
"id": "bb:786",
"start_pc": 786,
"type": "basic_block"
},
{
"end_pc": 832,
"hash": "0x671f80614b2161acd8baa164519b56d80b0369a1cfcd4471f9660911fdec58ed",
"id": "bb:796",
"start_pc": 796,
"type": "basic_block"
},
{
"end_pc": 868,
"hash": "0x4967a576c664bf96bf266de1e139b435ea940fc359da4af5fde4d4a32032cb10",
"id": "bb:833",
"start_pc": 833,
"type": "basic_block"
},
{
"end_pc": 870,
"hash": "0x5cf4c5f8e3b1ba7f3983055ae21aff82972bf273cf483cb99b22716738730c8f",
"id": "bb:869",
"start_pc": 869,
"type": "basic_block"
},
{
"end_pc": 941,
"hash": "0x4e015292933284ecba012bf1ac6370f2ee89eaecf8846a17e70652092e826368",
"id": "bb:871",
"start_pc": 871,
"type": "basic_block"
},
{
"end_pc": 966,
"hash": "0x726883ac335db6396460a65951f8781b271477760da9f313537d6d2c8f4c2787",
"id": "bb:942",
"start_pc": 942,
"type": "basic_block"
},
{
"end_pc": 980,
"hash": "0x6e647b035fdb58d4be1d1d7fe777d3d819158f76ffe11d2517debc73a4271c9d",
"id": "bb:967",
"start_pc": 967,
"type": "basic_block"
},
{
"end_pc": 998,
"hash": "0xe72f2d49734f00bbcdcd0e24a06397f3639aa1d959474ef092b3e85596206ed4",
"id": "bb:981",
"start_pc": 981,
"type": "basic_block"
},
{
"end_pc": 1008,
"hash": "0xca01593542ab5509a9e9f91cd2fe5d9ff3fefd59976afd43d053e24d9681d7ad",
"id": "bb:999",
"start_pc": 999,
"type": "basic_block"
},
{
"end_pc": 1022,
"hash": "0x3487ce969fde324c21ec4897a771b6a6c9366d06c0ccf7c7eb59128e3da699d9",
"id": "bb:1009",
"start_pc": 1009,
"type": "basic_block"
},
{
"end_pc": 1042,
"hash": "0x9843d5bef793075e621a5db739863e9598a10bb1dac83aff33020ccd4235e068",
"id": "bb:1023",
"start_pc": 1023,
"type": "basic_block"
},
{
"end_pc": 1051,
"hash": "0x538abb38eabdfe29129b607eb8ae0b8d2e44521c45ee2c110943f458fd664324",
"id": "bb:1043",
"start_pc": 1043,
"type": "basic_block"
},
{
"end_pc": 1059,
"hash": "0x472c08278b028b0cdb59aad605c5706d03de3e93dcdf16a3641f8a640a00e731",
"id": "bb:1052",
"start_pc": 1052,
"type": "basic_block"
},
{
"end_pc": 1089,
"hash": "0x5c8c6f156ae992e2a7da3273c349575c878684bc6e974dcab67cad2204a8ac15",
"id": "bb:1060",
"start_pc": 1060,
"type": "basic_block"
},
{
"end_pc": 1093,
"hash": "0x027da33ba0ef47e5382be6e0e7e5f7de28c5fa90f629adef43b8d86b4fdc7dbf",
"id": "bb:1090",
"start_pc": 1090,
"type": "basic_block"
},
{
"end_pc": 1266,
"hash": "0x5798335e65fa03c08b530140688de4533b35e5acc6a62cf1bbb7f4a3b8990728",
"id": "bb:1094",
"start_pc": 1094,
"type": "basic_block"
},
{
"end_pc": 1293,
"hash": "0x1efeed91c466c5566d1ebe14449767f50a1426b1e1762279016703ac747c47c2",
"id": "bb:1267",
"start_pc": 1267,
"type": "basic_block"
},
{
"end_pc": 1297,
"hash": "0xde573111b2e71d42614970a01648d50ed903636ae22a28be2f9f344df8c3a808",
"id": "bb:1294",
"start_pc": 1294,
"type": "basic_block"
},
{
"end_pc": 1367,
"hash": "0xc6099e4bd9cdeda0d19333ac44aa52a84c0014cf573ae2bac4ba956c98bbef7c",
"id": "bb:1298",
"start_pc": 1298,
"type": "basic_block"
},
{
"end_pc": 1371,
"hash": "0xe2811e1ab2e138a0c1623f56ff5e31cf15a81dd9389e0ed886e676b2ee65e741",
"id": "bb:1368",
"start_pc": 1368,
"type": "basic_block"
},
{
"end_pc": 1623,
"hash": "0x6aa5714a3416ed580f6559a1e111b4bd0099b7d16b65705910a895433cc3041c",
"id": "bb:1372",
"start_pc": 1372,
"type": "basic_block"
},
{
"id": "call:712",
"opcode": "CALL",
"pc": 712,
"type": "callsite"
},
{
"id": "call:780",
"opcode": "CALL",
"pc": 780,
"type": "callsite"
},
{
"id": "call:925",
"opcode": "CALL",
"pc": 925,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x23b872dd",
"selector": "0x23b872dd",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": 3404319313,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
},
{
"entry_pc": 3694166258,
"id": "fn:0xcae9ca51",
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 869,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2270,
"updated_at": "2026-04-04T19:55:34.000000Z",
"version": "capability_graph_v1"
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
"0x06fdde03",
"0x23b872dd",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 869,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
{
"keccak_count": 22,
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "jq '.artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
]
exec
/bin/bash -lc "jq '.artifact' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
{
"codehash": "0x874efed0297ce2055816a3736c8d2293d47cabbd37cf73418ace9a48771a70c9",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063dc3080f21461031c578063dd62ed3e14610341575b610365610002565b61036760008054602060026001831615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b6103d5600435602435604435600160a060020a038316600090815260036020526040812054829010156104f357610002565b6103e760025460ff1681565b6103d560043560036020526000908152604090205481565b610367600180546020600282841615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b610365600435602435600160a060020a0333166000908152600360205260409020548190101561042457610002565b60806020604435600481810135601f8101849004909302840160405260608381526103d5948235946024803595606494939101919081908382808284375094965050505050505060006000836004600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102f25780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257505050509392505050565b6005602090815260043560009081526040808220909252602435815220546103d59081565b60046020818152903560009081526040808220909252602435815220546103d59081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103c75780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116103ff57829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561044657610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561051257610002565b600160a060020a0380851680835260046020908152604080852033949094168086529382528085205492855260058252808520938552929052908220548301111561055c57610002565b816003600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816003600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816005600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3939250505056",
"head": null,
"length": 3250,
"tail": null,
"truncated": false
},
"verified_source": false
}
exec
/bin/bash -lc "jq '.analysis_run' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
{
"address": "0xaf04889fcd67560580b0dc544566e93743652020",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:55.000000Z",
"id": "019b3836-35cc-723a-bcf6-7567ef2a2215",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:55:34.000000Z"
}
exec
/bin/bash -lc 'command -v evm || true
command -v cast || true
command -v python3 || true' in /tmp/codex-9fdhl0rc
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
/var/www/tripwire/.venv/bin/python3
exec
/bin/bash -lc "jq -r '.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json | cut -c1-200" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063
exec
/bin/bash -lc "cast --help | sed -n '1,120p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
A Swiss Army knife for interacting with Ethereum applications from the command line
Usage: cast [OPTIONS] <COMMAND>
Commands:
4byte Get the function signatures for the given selector from
<https://openchain.xyz> [aliases: 4, 4b]
4byte-calldata Decode ABI-encoded calldata using <https://openchain.xyz> [aliases: 4c,
4bc]
4byte-event Get the event signature for a given topic 0 from <https://openchain.xyz>
[aliases: 4e, 4be, topic0-event, t0e]
abi-encode ABI encode the given function argument, excluding the selector [aliases:
ae]
abi-encode-event ABI encode an event and its arguments to generate topics and data [aliases:
aee]
access-list Create an access list for a transaction [aliases: ac, acl]
address-zero Prints the zero address [aliases: --address-zero, az]
admin Fetch the EIP-1967 admin account [aliases: adm]
age Get the timestamp of a block [aliases: a]
artifact Generate an artifact file, that can be used to deploy a contract locally
[aliases: ar]
b2e-payload Convert Beacon payload to execution payload [aliases: b2e]
balance Get the balance of an account in wei [aliases: b]
base-fee Get the basefee of a block [aliases: ba, fee, basefee]
bind Generate a rust binding from a given ABI [aliases: bi]
block Get information about a block [aliases: bl]
block-number Get the latest block number [aliases: bn]
call Perform a call on an account without publishing a transaction [aliases: c]
calldata ABI-encode a function with arguments [aliases: cd]
chain Get the symbolic name of the current chain
chain-id Get the Ethereum chain ID [aliases: ci, cid]
client Get the current client version [aliases: cl]
code Get the runtime bytecode of a contract [aliases: co]
codehash Get the codehash for an account
codesize Get the runtime bytecode size of a contract [aliases: cs]
completions Generate shell completions script [aliases: com]
compute-address Compute the contract address from a given nonce and deployer address
[aliases: ca]
concat-hex Concatenate hex strings [aliases: --concat-hex, ch]
constructor-args Display constructor arguments used for the contract initialization
[aliases: cra]
create2 Generate a deterministic contract address using CREATE2 [aliases: c2]
creation-code Download a contract creation code from Etherscan and RPC [aliases: cc]
da-estimate Estimates the data availability size of a given opstack block
decode-abi Decode ABI-encoded input or output data [aliases: abi-decode, --abi-decode,
ad]
decode-calldata Decode ABI-encoded input data [aliases: calldata-decode, --calldata-decode,
cdd]
decode-error Decode custom error data [aliases: error-decode, --error-decode, erd]
decode-event Decode event data [aliases: event-decode, --event-decode, ed]
decode-string Decode ABI-encoded string [aliases: string-decode, --string-decode, sd]
decode-transaction Decodes a raw signed EIP 2718 typed transaction [aliases: dt, decode-tx]
disassemble Disassembles a hex-encoded bytecode into a human-readable representation
[aliases: da]
erc20-token ERC20 token operations [aliases: erc20]
estimate Estimate the gas cost of a transaction [aliases: e]
find-block Get the block number closest to the provided timestamp [aliases: f]
format-bytes32-string Formats a string into bytes32 encoding [aliases: --format-bytes32-string]
format-units Format a number from smallest unit to decimal with arbitrary decimals
[aliases: --format-units, fun]
from-bin Convert binary data into hex data [aliases: --from-bin, from-binx, fb]
from-fixed-point Convert a fixed point number into an integer [aliases: --from-fix, ff]
from-rlp Decodes RLP hex-encoded data [aliases: --from-rlp]
from-utf8 Convert UTF8 text to hex [aliases: --from-ascii, --from-utf8, from-ascii,
fu, fa]
from-wei Convert wei into an ETH amount [aliases: --from-wei, fw]
gas-price Get the current gas price [aliases: g]
hash-message Hash a message according to EIP-191 [aliases: --hash-message, hm]
hash-zero Prints the zero hash [aliases: --hash-zero, hz]
help Print this message or the help of the given subcommand(s)
implementation Fetch the EIP-1967 implementation for a contract Can read from the
implementation slot or the beacon slot [aliases: impl]
index Compute the storage slot for an entry in a mapping [aliases: in]
index-erc7201 Compute storage slots as specified by `ERC-7201: Namespaced Storage Layout`
[aliases: index7201, in7201]
interface Generate a Solidity interface from a given ABI [aliases: i]
keccak Hash arbitrary data using Keccak-256 [aliases: k, keccak256]
logs Get logs by signature or topic [aliases: l]
lookup-address Perform an ENS reverse lookup [aliases: la]
max-int Prints the maximum value of the given integer type [aliases: --max-int,
maxi]
max-uint Prints the maximum value of the given integer type [aliases: --max-uint,
maxu]
min-int Prints the minimum value of the given integer type [aliases: --min-int,
mini]
mktx Build and sign a transaction [aliases: m]
namehash Calculate the ENS namehash of a name [aliases: na, nh]
nonce Get the nonce for an account [aliases: n]
pad Pads hex data to a specified length [aliases: pd]
parse-bytes32-address Parses a checksummed address from bytes32 encoding. [aliases:
--parse-bytes32-address]
parse-bytes32-string Parses a string from bytes32 encoding [aliases: --parse-bytes32-string]
parse-units Convert a number from decimal to smallest unit with arbitrary decimals
[aliases: --parse-units, pun]
pretty-calldata Pretty print calldata [aliases: pc]
proof Generate a storage proof for a given storage slot [aliases: pr]
publish Publish a raw transaction to the network [aliases: p]
receipt Get the transaction receipt for a transaction [aliases: re]
recover-authority Recovery an EIP-7702 authority from a Authorization JSON string [aliases:
decode-auth]
resolve-name Perform an ENS lookup [aliases: rn]
rpc Perform a raw JSON-RPC request [aliases: rp]
run Runs a published transaction in a local environment and prints the trace
[aliases: r]
selectors Extracts function selectors and arguments from bytecode [aliases: sel]
send Sign and publish a transaction [aliases: s]
shl Perform a left shifting operation
shr Perform a right shifting operation
sig Get the selector for a function [aliases: si]
sig-event Generate event signatures from event string [aliases: se]
source Get the source code of a contract from a block explorer [aliases: et, src]
storage Get the raw value of a contract's storage slot [aliases: st]
storage-root Get the storage root for an account [aliases: sr]
to-ascii Convert hex data to an ASCII string [aliases: --to-ascii, tas, 2as]
to-base Converts a number of one base to another [aliases: --to-base, --to-radix,
to-radix, tr, 2r]
to-bytes32 Right-pads hex data to 32 bytes [aliases: --to-bytes32, tb, 2b]
to-check-sum-address Convert an address to a checksummed format (EIP-55) [aliases:
--to-checksum-address, --to-checksum, to-checksum, ta, 2a]
to-dec Converts a number of one base to decimal [aliases: --to-dec, td, 2d]
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1,220p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0077
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x007f
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x23b872dd
00000025: EQ
00000026: PUSH2 0x00dc
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x313ce567
00000030: EQ
00000031: PUSH2 0x010e
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x70a08231
0000003b: EQ
0000003c: PUSH2 0x011a
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x95d89b41
00000046: EQ
00000047: PUSH2 0x0132
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xa9059cbb
00000051: EQ
00000052: PUSH2 0x018e
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xcae9ca51
0000005c: EQ
0000005d: PUSH2 0x01bd
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xdc3080f2
00000067: EQ
00000068: PUSH2 0x031c
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xdd62ed3e
00000072: EQ
00000073: PUSH2 0x0341
00000076: JUMPI
00000077: JUMPDEST
00000078: PUSH2 0x0365
0000007b: PUSH2 0x0002
0000007e: JUMP
0000007f: JUMPDEST
00000080: PUSH2 0x0367
00000083: PUSH1 0x00
00000085: DUP1
00000086: SLOAD
00000087: PUSH1 0x20
00000089: PUSH1 0x02
0000008b: PUSH1 0x01
0000008d: DUP4
0000008e: AND
0000008f: ISZERO
00000090: PUSH2 0x0100
00000093: MUL
00000094: PUSH1 0x00
00000096: NOT
00000097: ADD
00000098: SWAP1
00000099: SWAP3
0000009a: AND
0000009b: SWAP2
0000009c: SWAP1
0000009d: SWAP2
0000009e: DIV
0000009f: PUSH1 0x1f
000000a1: DUP2
000000a2: ADD
000000a3: DUP3
000000a4: SWAP1
000000a5: DIV
000000a6: SWAP1
000000a7: SWAP2
000000a8: MUL
000000a9: PUSH1 0x80
000000ab: SWAP1
000000ac: DUP2
000000ad: ADD
000000ae: PUSH1 0x40
000000b0: MSTORE
000000b1: PUSH1 0x60
000000b3: DUP3
000000b4: DUP2
000000b5: MSTORE
000000b6: SWAP3
000000b7: SWAP2
000000b8: SWAP1
000000b9: DUP3
000000ba: DUP3
000000bb: DUP1
000000bc: ISZERO
000000bd: PUSH2 0x041c
000000c0: JUMPI
000000c1: DUP1
000000c2: PUSH1 0x1f
000000c4: LT
000000c5: PUSH2 0x03f1
000000c8: JUMPI
000000c9: PUSH2 0x0100
000000cc: DUP1
000000cd: DUP4
000000ce: SLOAD
000000cf: DIV
000000d0: MUL
000000d1: DUP4
000000d2: MSTORE
000000d3: SWAP2
000000d4: PUSH1 0x20
000000d6: ADD
000000d7: SWAP2
000000d8: PUSH2 0x041c
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH2 0x03d5
000000e0: PUSH1 0x04
000000e2: CALLDATALOAD
000000e3: PUSH1 0x24
000000e5: CALLDATALOAD
000000e6: PUSH1 0x44
000000e8: CALLDATALOAD
000000e9: PUSH1 0x01
000000eb: PUSH1 0xa0
000000ed: PUSH1 0x02
000000ef: EXP
000000f0: SUB
000000f1: DUP4
000000f2: AND
000000f3: PUSH1 0x00
000000f5: SWAP1
000000f6: DUP2
000000f7: MSTORE
000000f8: PUSH1 0x03
000000fa: PUSH1 0x20
000000fc: MSTORE
000000fd: PUSH1 0x40
000000ff: DUP2
00000100: KECCAK256
00000101: SLOAD
00000102: DUP3
00000103: SWAP1
00000104: LT
00000105: ISZERO
00000106: PUSH2 0x04f3
00000109: JUMPI
0000010a: PUSH2 0x0002
0000010d: JUMP
0000010e: JUMPDEST
0000010f: PUSH2 0x03e7
00000112: PUSH1 0x02
00000114: SLOAD
00000115: PUSH1 0xff
00000117: AND
00000118: DUP2
00000119: JUMP
0000011a: JUMPDEST
0000011b: PUSH2 0x03d5
0000011e: PUSH1 0x04
00000120: CALLDATALOAD
00000121: PUSH1 0x03
00000123: PUSH1 0x20
00000125: MSTORE
00000126: PUSH1 0x00
00000128: SWAP1
00000129: DUP2
0000012a: MSTORE
0000012b: PUSH1 0x40
0000012d: SWAP1
0000012e: KECCAK256
0000012f: SLOAD
00000130: DUP2
00000131: JUMP
00000132: JUMPDEST
00000133: PUSH2 0x0367
00000136: PUSH1 0x01
00000138: DUP1
00000139: SLOAD
0000013a: PUSH1 0x20
0000013c: PUSH1 0x02
0000013e: DUP3
0000013f: DUP5
00000140: AND
00000141: ISZERO
00000142: PUSH2 0x0100
00000145: MUL
00000146: PUSH1 0x00
00000148: NOT
00000149: ADD
0000014a: SWAP1
0000014b: SWAP3
0000014c: AND
0000014d: SWAP2
0000014e: SWAP1
0000014f: SWAP2
00000150: DIV
00000151: PUSH1 0x1f
00000153: DUP2
00000154: ADD
00000155: DUP3
00000156: SWAP1
00000157: DIV
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'220,520p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
00000157: DIV
00000158: SWAP1
00000159: SWAP2
0000015a: MUL
0000015b: PUSH1 0x80
0000015d: SWAP1
0000015e: DUP2
0000015f: ADD
00000160: PUSH1 0x40
00000162: MSTORE
00000163: PUSH1 0x60
00000165: DUP3
00000166: DUP2
00000167: MSTORE
00000168: SWAP3
00000169: SWAP2
0000016a: SWAP1
0000016b: DUP3
0000016c: DUP3
0000016d: DUP1
0000016e: ISZERO
0000016f: PUSH2 0x041c
00000172: JUMPI
00000173: DUP1
00000174: PUSH1 0x1f
00000176: LT
00000177: PUSH2 0x03f1
0000017a: JUMPI
0000017b: PUSH2 0x0100
0000017e: DUP1
0000017f: DUP4
00000180: SLOAD
00000181: DIV
00000182: MUL
00000183: DUP4
00000184: MSTORE
00000185: SWAP2
00000186: PUSH1 0x20
00000188: ADD
00000189: SWAP2
0000018a: PUSH2 0x041c
0000018d: JUMP
0000018e: JUMPDEST
0000018f: PUSH2 0x0365
00000192: PUSH1 0x04
00000194: CALLDATALOAD
00000195: PUSH1 0x24
00000197: CALLDATALOAD
00000198: PUSH1 0x01
0000019a: PUSH1 0xa0
0000019c: PUSH1 0x02
0000019e: EXP
0000019f: SUB
000001a0: CALLER
000001a1: AND
000001a2: PUSH1 0x00
000001a4: SWAP1
000001a5: DUP2
000001a6: MSTORE
000001a7: PUSH1 0x03
000001a9: PUSH1 0x20
000001ab: MSTORE
000001ac: PUSH1 0x40
000001ae: SWAP1
000001af: KECCAK256
000001b0: SLOAD
000001b1: DUP2
000001b2: SWAP1
000001b3: LT
000001b4: ISZERO
000001b5: PUSH2 0x0424
000001b8: JUMPI
000001b9: PUSH2 0x0002
000001bc: JUMP
000001bd: JUMPDEST
000001be: PUSH1 0x80
000001c0: PUSH1 0x20
000001c2: PUSH1 0x44
000001c4: CALLDATALOAD
000001c5: PUSH1 0x04
000001c7: DUP2
000001c8: DUP2
000001c9: ADD
000001ca: CALLDATALOAD
000001cb: PUSH1 0x1f
000001cd: DUP2
000001ce: ADD
000001cf: DUP5
000001d0: SWAP1
000001d1: DIV
000001d2: SWAP1
000001d3: SWAP4
000001d4: MUL
000001d5: DUP5
000001d6: ADD
000001d7: PUSH1 0x40
000001d9: MSTORE
000001da: PUSH1 0x60
000001dc: DUP4
000001dd: DUP2
000001de: MSTORE
000001df: PUSH2 0x03d5
000001e2: SWAP5
000001e3: DUP3
000001e4: CALLDATALOAD
000001e5: SWAP5
000001e6: PUSH1 0x24
000001e8: DUP1
000001e9: CALLDATALOAD
000001ea: SWAP6
000001eb: PUSH1 0x64
000001ed: SWAP5
000001ee: SWAP4
000001ef: SWAP2
000001f0: ADD
000001f1: SWAP2
000001f2: SWAP1
000001f3: DUP2
000001f4: SWAP1
000001f5: DUP4
000001f6: DUP3
000001f7: DUP1
000001f8: DUP3
000001f9: DUP5
000001fa: CALLDATACOPY
000001fb: POP
000001fc: SWAP5
000001fd: SWAP7
000001fe: POP
000001ff: POP
00000200: POP
00000201: POP
00000202: POP
00000203: POP
00000204: POP
00000205: PUSH1 0x00
00000207: PUSH1 0x00
00000209: DUP4
0000020a: PUSH1 0x04
0000020c: PUSH1 0x00
0000020e: POP
0000020f: PUSH1 0x00
00000211: CALLER
00000212: PUSH1 0x01
00000214: PUSH1 0xa0
00000216: PUSH1 0x02
00000218: EXP
00000219: SUB
0000021a: AND
0000021b: DUP2
0000021c: MSTORE
0000021d: PUSH1 0x20
0000021f: ADD
00000220: SWAP1
00000221: DUP2
00000222: MSTORE
00000223: PUSH1 0x20
00000225: ADD
00000226: PUSH1 0x00
00000228: KECCAK256
00000229: PUSH1 0x00
0000022b: POP
0000022c: PUSH1 0x00
0000022e: DUP8
0000022f: PUSH1 0x01
00000231: PUSH1 0xa0
00000233: PUSH1 0x02
00000235: EXP
00000236: SUB
00000237: AND
00000238: DUP2
00000239: MSTORE
0000023a: PUSH1 0x20
0000023c: ADD
0000023d: SWAP1
0000023e: DUP2
0000023f: MSTORE
00000240: PUSH1 0x20
00000242: ADD
00000243: PUSH1 0x00
00000245: KECCAK256
00000246: PUSH1 0x00
00000248: POP
00000249: DUP2
0000024a: SWAP1
0000024b: SSTORE
0000024c: POP
0000024d: DUP5
0000024e: SWAP1
0000024f: POP
00000250: DUP1
00000251: PUSH1 0x01
00000253: PUSH1 0xa0
00000255: PUSH1 0x02
00000257: EXP
00000258: SUB
00000259: AND
0000025a: PUSH4 0x8f4ffcb1
0000025f: CALLER
00000260: DUP7
00000261: ADDRESS
00000262: DUP8
00000263: PUSH1 0x40
00000265: MLOAD
00000266: DUP6
00000267: PUSH1 0xe0
00000269: PUSH1 0x02
0000026b: EXP
0000026c: MUL
0000026d: DUP2
0000026e: MSTORE
0000026f: PUSH1 0x04
00000271: ADD
00000272: DUP1
00000273: DUP6
00000274: PUSH1 0x01
00000276: PUSH1 0xa0
00000278: PUSH1 0x02
0000027a: EXP
0000027b: SUB
0000027c: AND
0000027d: DUP2
0000027e: MSTORE
0000027f: PUSH1 0x20
00000281: ADD
00000282: DUP5
00000283: DUP2
00000284: MSTORE
00000285: PUSH1 0x20
00000287: ADD
00000288: DUP4
00000289: PUSH1 0x01
0000028b: PUSH1 0xa0
0000028d: PUSH1 0x02
0000028f: EXP
00000290: SUB
00000291: AND
00000292: DUP2
00000293: MSTORE
00000294: PUSH1 0x20
00000296: ADD
00000297: DUP1
00000298: PUSH1 0x20
0000029a: ADD
0000029b: DUP3
0000029c: DUP2
0000029d: SUB
0000029e: DUP3
0000029f: MSTORE
000002a0: DUP4
000002a1: DUP2
000002a2: DUP2
000002a3: MLOAD
000002a4: DUP2
000002a5: MSTORE
000002a6: PUSH1 0x20
000002a8: ADD
000002a9: SWAP2
000002aa: POP
000002ab: DUP1
000002ac: MLOAD
000002ad: SWAP1
000002ae: PUSH1 0x20
000002b0: ADD
000002b1: SWAP1
000002b2: DUP1
000002b3: DUP4
000002b4: DUP4
000002b5: DUP3
000002b6: SWAP1
000002b7: PUSH1 0x00
000002b9: PUSH1 0x04
000002bb: PUSH1 0x20
000002bd: DUP5
000002be: PUSH1 0x1f
000002c0: ADD
000002c1: DIV
000002c2: PUSH1 0x0f
000002c4: MUL
000002c5: PUSH1 0x03
000002c7: ADD
000002c8: CALL
000002c9: POP
000002ca: SWAP1
000002cb: POP
000002cc: SWAP1
000002cd: DUP2
000002ce: ADD
000002cf: SWAP1
000002d0: PUSH1 0x1f
000002d2: AND
000002d3: DUP1
000002d4: ISZERO
000002d5: PUSH2 0x02f2
000002d8: JUMPI
000002d9: DUP1
000002da: DUP3
000002db: SUB
000002dc: DUP1
000002dd: MLOAD
000002de: PUSH1 0x01
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'520,820p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
000002de: PUSH1 0x01
000002e0: DUP4
000002e1: PUSH1 0x20
000002e3: SUB
000002e4: PUSH2 0x0100
000002e7: EXP
000002e8: SUB
000002e9: NOT
000002ea: AND
000002eb: DUP2
000002ec: MSTORE
000002ed: PUSH1 0x20
000002ef: ADD
000002f0: SWAP2
000002f1: POP
000002f2: JUMPDEST
000002f3: POP
000002f4: SWAP6
000002f5: POP
000002f6: POP
000002f7: POP
000002f8: POP
000002f9: POP
000002fa: POP
000002fb: PUSH1 0x00
000002fd: PUSH1 0x40
000002ff: MLOAD
00000300: DUP1
00000301: DUP4
00000302: SUB
00000303: DUP2
00000304: PUSH1 0x00
00000306: DUP8
00000307: PUSH2 0x61da
0000030a: GAS
0000030b: SUB
0000030c: CALL
0000030d: ISZERO
0000030e: PUSH2 0x0002
00000311: JUMPI
00000312: POP
00000313: POP
00000314: POP
00000315: POP
00000316: SWAP4
00000317: SWAP3
00000318: POP
00000319: POP
0000031a: POP
0000031b: JUMP
0000031c: JUMPDEST
0000031d: PUSH1 0x05
0000031f: PUSH1 0x20
00000321: SWAP1
00000322: DUP2
00000323: MSTORE
00000324: PUSH1 0x04
00000326: CALLDATALOAD
00000327: PUSH1 0x00
00000329: SWAP1
0000032a: DUP2
0000032b: MSTORE
0000032c: PUSH1 0x40
0000032e: DUP1
0000032f: DUP3
00000330: KECCAK256
00000331: SWAP1
00000332: SWAP3
00000333: MSTORE
00000334: PUSH1 0x24
00000336: CALLDATALOAD
00000337: DUP2
00000338: MSTORE
00000339: KECCAK256
0000033a: SLOAD
0000033b: PUSH2 0x03d5
0000033e: SWAP1
0000033f: DUP2
00000340: JUMP
00000341: JUMPDEST
00000342: PUSH1 0x04
00000344: PUSH1 0x20
00000346: DUP2
00000347: DUP2
00000348: MSTORE
00000349: SWAP1
0000034a: CALLDATALOAD
0000034b: PUSH1 0x00
0000034d: SWAP1
0000034e: DUP2
0000034f: MSTORE
00000350: PUSH1 0x40
00000352: DUP1
00000353: DUP3
00000354: KECCAK256
00000355: SWAP1
00000356: SWAP3
00000357: MSTORE
00000358: PUSH1 0x24
0000035a: CALLDATALOAD
0000035b: DUP2
0000035c: MSTORE
0000035d: KECCAK256
0000035e: SLOAD
0000035f: PUSH2 0x03d5
00000362: SWAP1
00000363: DUP2
00000364: JUMP
00000365: JUMPDEST
00000366: STOP
00000367: JUMPDEST
00000368: PUSH1 0x40
0000036a: MLOAD
0000036b: DUP1
0000036c: DUP1
0000036d: PUSH1 0x20
0000036f: ADD
00000370: DUP3
00000371: DUP2
00000372: SUB
00000373: DUP3
00000374: MSTORE
00000375: DUP4
00000376: DUP2
00000377: DUP2
00000378: MLOAD
00000379: DUP2
0000037a: MSTORE
0000037b: PUSH1 0x20
0000037d: ADD
0000037e: SWAP2
0000037f: POP
00000380: DUP1
00000381: MLOAD
00000382: SWAP1
00000383: PUSH1 0x20
00000385: ADD
00000386: SWAP1
00000387: DUP1
00000388: DUP4
00000389: DUP4
0000038a: DUP3
0000038b: SWAP1
0000038c: PUSH1 0x00
0000038e: PUSH1 0x04
00000390: PUSH1 0x20
00000392: DUP5
00000393: PUSH1 0x1f
00000395: ADD
00000396: DIV
00000397: PUSH1 0x0f
00000399: MUL
0000039a: PUSH1 0x03
0000039c: ADD
0000039d: CALL
0000039e: POP
0000039f: SWAP1
000003a0: POP
000003a1: SWAP1
000003a2: DUP2
000003a3: ADD
000003a4: SWAP1
000003a5: PUSH1 0x1f
000003a7: AND
000003a8: DUP1
000003a9: ISZERO
000003aa: PUSH2 0x03c7
000003ad: JUMPI
000003ae: DUP1
000003af: DUP3
000003b0: SUB
000003b1: DUP1
000003b2: MLOAD
000003b3: PUSH1 0x01
000003b5: DUP4
000003b6: PUSH1 0x20
000003b8: SUB
000003b9: PUSH2 0x0100
000003bc: EXP
000003bd: SUB
000003be: NOT
000003bf: AND
000003c0: DUP2
000003c1: MSTORE
000003c2: PUSH1 0x20
000003c4: ADD
000003c5: SWAP2
000003c6: POP
000003c7: JUMPDEST
000003c8: POP
000003c9: SWAP3
000003ca: POP
000003cb: POP
000003cc: POP
000003cd: PUSH1 0x40
000003cf: MLOAD
000003d0: DUP1
000003d1: SWAP2
000003d2: SUB
000003d3: SWAP1
000003d4: RETURN
000003d5: JUMPDEST
000003d6: PUSH1 0x40
000003d8: DUP1
000003d9: MLOAD
000003da: SWAP2
000003db: DUP3
000003dc: MSTORE
000003dd: MLOAD
000003de: SWAP1
000003df: DUP2
000003e0: SWAP1
000003e1: SUB
000003e2: PUSH1 0x20
000003e4: ADD
000003e5: SWAP1
000003e6: RETURN
000003e7: JUMPDEST
000003e8: PUSH1 0x60
000003ea: SWAP1
000003eb: DUP2
000003ec: MSTORE
000003ed: PUSH1 0x20
000003ef: SWAP1
000003f0: RETURN
000003f1: JUMPDEST
000003f2: DUP3
000003f3: ADD
000003f4: SWAP2
000003f5: SWAP1
000003f6: PUSH1 0x00
000003f8: MSTORE
000003f9: PUSH1 0x20
000003fb: PUSH1 0x00
000003fd: KECCAK256
000003fe: SWAP1
000003ff: JUMPDEST
00000400: DUP2
00000401: SLOAD
00000402: DUP2
00000403: MSTORE
00000404: SWAP1
00000405: PUSH1 0x01
00000407: ADD
00000408: SWAP1
00000409: PUSH1 0x20
0000040b: ADD
0000040c: DUP1
0000040d: DUP4
0000040e: GT
0000040f: PUSH2 0x03ff
00000412: JUMPI
00000413: DUP3
00000414: SWAP1
00000415: SUB
00000416: PUSH1 0x1f
00000418: AND
00000419: DUP3
0000041a: ADD
0000041b: SWAP2
0000041c: JUMPDEST
0000041d: POP
0000041e: POP
0000041f: POP
00000420: POP
00000421: POP
00000422: DUP2
00000423: JUMP
00000424: JUMPDEST
00000425: PUSH1 0x01
00000427: PUSH1 0xa0
00000429: PUSH1 0x02
0000042b: EXP
0000042c: SUB
0000042d: DUP3
0000042e: AND
0000042f: PUSH1 0x00
00000431: SWAP1
00000432: DUP2
00000433: MSTORE
00000434: PUSH1 0x40
00000436: SWAP1
00000437: KECCAK256
00000438: SLOAD
00000439: DUP1
0000043a: DUP3
0000043b: ADD
0000043c: LT
0000043d: ISZERO
0000043e: PUSH2 0x0446
00000441: JUMPI
00000442: PUSH2 0x0002
00000445: JUMP
00000446: JUMPDEST
00000447: DUP1
00000448: PUSH1 0x03
0000044a: PUSH1 0x00
0000044c: POP
0000044d: PUSH1 0x00
0000044f: CALLER
00000450: PUSH1 0x01
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'820,1120p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
00000450: PUSH1 0x01
00000452: PUSH1 0xa0
00000454: PUSH1 0x02
00000456: EXP
00000457: SUB
00000458: AND
00000459: DUP2
0000045a: MSTORE
0000045b: PUSH1 0x20
0000045d: ADD
0000045e: SWAP1
0000045f: DUP2
00000460: MSTORE
00000461: PUSH1 0x20
00000463: ADD
00000464: PUSH1 0x00
00000466: KECCAK256
00000467: PUSH1 0x00
00000469: DUP3
0000046a: DUP3
0000046b: DUP3
0000046c: POP
0000046d: SLOAD
0000046e: SUB
0000046f: SWAP3
00000470: POP
00000471: POP
00000472: DUP2
00000473: SWAP1
00000474: SSTORE
00000475: POP
00000476: DUP1
00000477: PUSH1 0x03
00000479: PUSH1 0x00
0000047b: POP
0000047c: PUSH1 0x00
0000047e: DUP5
0000047f: PUSH1 0x01
00000481: PUSH1 0xa0
00000483: PUSH1 0x02
00000485: EXP
00000486: SUB
00000487: AND
00000488: DUP2
00000489: MSTORE
0000048a: PUSH1 0x20
0000048c: ADD
0000048d: SWAP1
0000048e: DUP2
0000048f: MSTORE
00000490: PUSH1 0x20
00000492: ADD
00000493: PUSH1 0x00
00000495: KECCAK256
00000496: PUSH1 0x00
00000498: DUP3
00000499: DUP3
0000049a: DUP3
0000049b: POP
0000049c: SLOAD
0000049d: ADD
0000049e: SWAP3
0000049f: POP
000004a0: POP
000004a1: DUP2
000004a2: SWAP1
000004a3: SSTORE
000004a4: POP
000004a5: DUP2
000004a6: PUSH1 0x01
000004a8: PUSH1 0xa0
000004aa: PUSH1 0x02
000004ac: EXP
000004ad: SUB
000004ae: AND
000004af: CALLER
000004b0: PUSH1 0x01
000004b2: PUSH1 0xa0
000004b4: PUSH1 0x02
000004b6: EXP
000004b7: SUB
000004b8: AND
000004b9: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000004da: DUP4
000004db: PUSH1 0x40
000004dd: MLOAD
000004de: DUP1
000004df: DUP3
000004e0: DUP2
000004e1: MSTORE
000004e2: PUSH1 0x20
000004e4: ADD
000004e5: SWAP2
000004e6: POP
000004e7: POP
000004e8: PUSH1 0x40
000004ea: MLOAD
000004eb: DUP1
000004ec: SWAP2
000004ed: SUB
000004ee: SWAP1
000004ef: LOG3
000004f0: POP
000004f1: POP
000004f2: JUMP
000004f3: JUMPDEST
000004f4: PUSH1 0x01
000004f6: PUSH1 0xa0
000004f8: PUSH1 0x02
000004fa: EXP
000004fb: SUB
000004fc: DUP4
000004fd: AND
000004fe: DUP2
000004ff: MSTORE
00000500: PUSH1 0x40
00000502: DUP2
00000503: KECCAK256
00000504: SLOAD
00000505: DUP1
00000506: DUP4
00000507: ADD
00000508: LT
00000509: ISZERO
0000050a: PUSH2 0x0512
0000050d: JUMPI
0000050e: PUSH2 0x0002
00000511: JUMP
00000512: JUMPDEST
00000513: PUSH1 0x01
00000515: PUSH1 0xa0
00000517: PUSH1 0x02
00000519: EXP
0000051a: SUB
0000051b: DUP1
0000051c: DUP6
0000051d: AND
0000051e: DUP1
0000051f: DUP4
00000520: MSTORE
00000521: PUSH1 0x04
00000523: PUSH1 0x20
00000525: SWAP1
00000526: DUP2
00000527: MSTORE
00000528: PUSH1 0x40
0000052a: DUP1
0000052b: DUP6
0000052c: KECCAK256
0000052d: CALLER
0000052e: SWAP5
0000052f: SWAP1
00000530: SWAP5
00000531: AND
00000532: DUP1
00000533: DUP7
00000534: MSTORE
00000535: SWAP4
00000536: DUP3
00000537: MSTORE
00000538: DUP1
00000539: DUP6
0000053a: KECCAK256
0000053b: SLOAD
0000053c: SWAP3
0000053d: DUP6
0000053e: MSTORE
0000053f: PUSH1 0x05
00000541: DUP3
00000542: MSTORE
00000543: DUP1
00000544: DUP6
00000545: KECCAK256
00000546: SWAP4
00000547: DUP6
00000548: MSTORE
00000549: SWAP3
0000054a: SWAP1
0000054b: MSTORE
0000054c: SWAP1
0000054d: DUP3
0000054e: KECCAK256
0000054f: SLOAD
00000550: DUP4
00000551: ADD
00000552: GT
00000553: ISZERO
00000554: PUSH2 0x055c
00000557: JUMPI
00000558: PUSH2 0x0002
0000055b: JUMP
0000055c: JUMPDEST
0000055d: DUP2
0000055e: PUSH1 0x03
00000560: PUSH1 0x00
00000562: POP
00000563: PUSH1 0x00
00000565: DUP7
00000566: PUSH1 0x01
00000568: PUSH1 0xa0
0000056a: PUSH1 0x02
0000056c: EXP
0000056d: SUB
0000056e: AND
0000056f: DUP2
00000570: MSTORE
00000571: PUSH1 0x20
00000573: ADD
00000574: SWAP1
00000575: DUP2
00000576: MSTORE
00000577: PUSH1 0x20
00000579: ADD
0000057a: PUSH1 0x00
0000057c: KECCAK256
0000057d: PUSH1 0x00
0000057f: DUP3
00000580: DUP3
00000581: DUP3
00000582: POP
00000583: SLOAD
00000584: SUB
00000585: SWAP3
00000586: POP
00000587: POP
00000588: DUP2
00000589: SWAP1
0000058a: SSTORE
0000058b: POP
0000058c: DUP2
0000058d: PUSH1 0x03
0000058f: PUSH1 0x00
00000591: POP
00000592: PUSH1 0x00
00000594: DUP6
00000595: PUSH1 0x01
00000597: PUSH1 0xa0
00000599: PUSH1 0x02
0000059b: EXP
0000059c: SUB
0000059d: AND
0000059e: DUP2
0000059f: MSTORE
000005a0: PUSH1 0x20
000005a2: ADD
000005a3: SWAP1
000005a4: DUP2
000005a5: MSTORE
000005a6: PUSH1 0x20
000005a8: ADD
000005a9: PUSH1 0x00
000005ab: KECCAK256
000005ac: PUSH1 0x00
000005ae: DUP3
000005af: DUP3
000005b0: DUP3
000005b1: POP
000005b2: SLOAD
000005b3: ADD
000005b4: SWAP3
000005b5: POP
000005b6: POP
000005b7: DUP2
000005b8: SWAP1
000005b9: SSTORE
000005ba: POP
000005bb: DUP2
000005bc: PUSH1 0x05
000005be: PUSH1 0x00
000005c0: POP
000005c1: PUSH1 0x00
000005c3: DUP7
000005c4: PUSH1 0x01
000005c6: PUSH1 0xa0
000005c8: PUSH1 0x02
000005ca: EXP
000005cb: SUB
000005cc: AND
000005cd: DUP2
000005ce: MSTORE
000005cf: PUSH1 0x20
000005d1: ADD
000005d2: SWAP1
000005d3: DUP2
000005d4: MSTORE
000005d5: PUSH1 0x20
000005d7: ADD
000005d8: PUSH1 0x00
000005da: KECCAK256
000005db: PUSH1 0x00
000005dd: POP
000005de: PUSH1 0x00
000005e0: CALLER
000005e1: PUSH1 0x01
000005e3: PUSH1 0xa0
000005e5: PUSH1 0x02
000005e7: EXP
000005e8: SUB
000005e9: AND
000005ea: DUP2
000005eb: MSTORE
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1120,1360p'" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
000005eb: MSTORE
000005ec: PUSH1 0x20
000005ee: ADD
000005ef: SWAP1
000005f0: DUP2
000005f1: MSTORE
000005f2: PUSH1 0x20
000005f4: ADD
000005f5: PUSH1 0x00
000005f7: KECCAK256
000005f8: PUSH1 0x00
000005fa: DUP3
000005fb: DUP3
000005fc: DUP3
000005fd: POP
000005fe: SLOAD
000005ff: ADD
00000600: SWAP3
00000601: POP
00000602: POP
00000603: DUP2
00000604: SWAP1
00000605: SSTORE
00000606: POP
00000607: DUP3
00000608: PUSH1 0x01
0000060a: PUSH1 0xa0
0000060c: PUSH1 0x02
0000060e: EXP
0000060f: SUB
00000610: AND
00000611: CALLER
00000612: PUSH1 0x01
00000614: PUSH1 0xa0
00000616: PUSH1 0x02
00000618: EXP
00000619: SUB
0000061a: AND
0000061b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
0000063c: DUP5
0000063d: PUSH1 0x40
0000063f: MLOAD
00000640: DUP1
00000641: DUP3
00000642: DUP2
00000643: MSTORE
00000644: PUSH1 0x20
00000646: ADD
00000647: SWAP2
00000648: POP
00000649: POP
0000064a: PUSH1 0x40
0000064c: MLOAD
0000064d: DUP1
0000064e: SWAP2
0000064f: SUB
00000650: SWAP1
00000651: LOG3
00000652: SWAP4
00000653: SWAP3
00000654: POP
00000655: POP
00000656: POP
00000657: JUMP
exec
/bin/bash -lc "rg -n '8f4ffcb1|callTracer|trace_id|returndata|712|780|925|0xcae9ca51|0xdc3080f2' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
1526: "pc": 712,
1527: "returndata_checked": null,
1533: "pc": 780,
1534: "returndata_checked": null,
1540: "pc": 925,
1541: "returndata_checked": null,
1832: "selector": "0xcae9ca51"
1836: "selector": "0xdc3080f2"
2143: "selector": "0xcae9ca51",
2192: "selector": "0xdc3080f2",
2293: "0xcae9ca51",
2294: "0xdc3080f2",
2374: "full": "0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063dc3080f21461031c578063dd62ed3e14610341575b610365610002565b61036760008054602060026001831615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b6103d5600435602435604435600160a060020a038316600090815260036020526040812054829010156104f357610002565b6103e760025460ff1681565b6103d560043560036020526000908152604090205481565b610367600180546020600282841615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b610365600435602435600160a060020a0333166000908152600360205260409020548190101561042457610002565b60806020604435600481810135601f8101849004909302840160405260608381526103d5948235946024803595606494939101919081908382808284375094965050505050505060006000836004600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102f25780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257505050509392505050565b6005602090815260043560009081526040808220909252602435815220546103d59081565b60046020818152903560009081526040808220909252602435815220546103d59081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103c75780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116103ff57829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561044657610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561051257610002565b600160a060020a0380851680835260046020908152604080852033949094168086529382528085205492855260058252808520938552929052908220548301111561055c57610002565b816003600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816003600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816005600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3939250505056",
2672: "from": "fn:0xcae9ca51",
2677: "from": "fn:0xdc3080f2",
2688: "to": "call:712",
2692: "from": "call:712",
2698: "to": "call:780",
2702: "from": "call:780",
2708: "to": "call:925",
2712: "from": "call:925",
3048: "id": "call:712",
3050: "pc": 712,
3054: "id": "call:780",
3056: "pc": 780,
3060: "id": "call:925",
3062: "pc": 925,
3107: "id": "fn:0xcae9ca51",
3108: "selector": "0xcae9ca51",
3113: "id": "fn:0xdc3080f2",
3114: "selector": "0xdc3080f2",
3138: "pc": 712,
3139: "returndata_checked": null,
3145: "pc": 780,
3146: "returndata_checked": null,
3152: "pc": 925,
3153: "returndata_checked": null,
3180: "trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
3181: "trace_mode": "callTracer"
3191: "pc": 712,
3192: "returndata_checked": null,
3198: "pc": 780,
3199: "returndata_checked": null,
3205: "pc": 925,
3206: "returndata_checked": null,
3233: "trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
3234: "trace_mode": "callTracer"
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
[
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 869,
"selector": "0xdd62ed3e"
}
]
exec
/bin/bash -lc "python3 - <<'PY'
from collections import deque
# manual symbolic simulation for 0x00dc block through 0x010a using top at end
ops = [
('PUSH2','ret'),('CALLDATALOAD','a1'),('CALLDATALOAD','a2'),('CALLDATALOAD','a3'),
('PUSH1','1'),('PUSH1','a0'),('PUSH1','2'),('EXP',None),('SUB',None),('DUP4',None),('AND',None),('PUSH1','0'),('SWAP1',None),('DUP2',None),('MSTORE',None),('PUSH1','3'),('PUSH1','20'),('MSTORE',None),('PUSH1','40'),('DUP2',None),('KECCAK256',None),('SLOAD',None),('DUP3',None),('SWAP1',None),('LT',None),('ISZERO',None)
]
stack=[]
mem=[]
for i,(op,arg) in enumerate(ops,1):
if op.startswith('PUSH'):
stack.append(arg)
elif op=='CALLDATALOAD':
stack.append(arg)
elif op.startswith('DUP'):
n=int(op[3:])
stack.append(stack[-n])
elif op.startswith('SWAP'):
n=int(op[4:])
stack[-1],stack[-1-n]=stack[-1-n],stack[-1]
elif op=='EXP':
b=stack.pop(); a=stack.pop(); stack.append(f'({a}**{b})')
elif op=='SUB':
b=stack.pop(); a=stack.pop(); stack.append(f'({a}-{b})')
elif op=='AND':
b=stack.pop(); a=stack.pop(); stack.append(f'({a}&{b})')
elif op=='MSTORE':
off=stack.pop(); val=stack.pop(); mem.append((off,val))
elif op=='KECCAK256':
size=stack.pop(); off=stack.pop(); stack.append(f'keccak(mem[{off}:{size}])')
elif op=='SLOAD':
slot=stack.pop(); stack.append(f'sload({slot})')
elif op=='LT':
b=stack.pop(); a=stack.pop(); stack.append(f'({a}<{b})')
elif op=='ISZERO':
a=stack.pop(); stack.append(f'iszero({a})')
print(i, op, arg, 'stack=', stack, 'mem=', mem)
PY" in /tmp/codex-9fdhl0rc
succeeded in 0ms:
1 PUSH2 ret stack= ['ret'] mem= []
2 CALLDATALOAD a1 stack= ['ret', 'a1'] mem= []
3 CALLDATALOAD a2 stack= ['ret', 'a1', 'a2'] mem= []
4 CALLDATALOAD a3 stack= ['ret', 'a1', 'a2', 'a3'] mem= []
5 PUSH1 1 stack= ['ret', 'a1', 'a2', 'a3', '1'] mem= []
6 PUSH1 a0 stack= ['ret', 'a1', 'a2', 'a3', '1', 'a0'] mem= []
7 PUSH1 2 stack= ['ret', 'a1', 'a2', 'a3', '1', 'a0', '2'] mem= []
8 EXP None stack= ['ret', 'a1', 'a2', 'a3', '1', '(a0**2)'] mem= []
9 SUB None stack= ['ret', 'a1', 'a2', 'a3', '(1-(a0**2))'] mem= []
10 DUP4 None stack= ['ret', 'a1', 'a2', 'a3', '(1-(a0**2))', 'a1'] mem= []
11 AND None stack= ['ret', 'a1', 'a2', 'a3', '((1-(a0**2))&a1)'] mem= []
12 PUSH1 0 stack= ['ret', 'a1', 'a2', 'a3', '((1-(a0**2))&a1)', '0'] mem= []
13 SWAP1 None stack= ['ret', 'a1', 'a2', 'a3', '0', '((1-(a0**2))&a1)'] mem= []
14 DUP2 None stack= ['ret', 'a1', 'a2', 'a3', '0', '((1-(a0**2))&a1)', '0'] mem= []
15 MSTORE None stack= ['ret', 'a1', 'a2', 'a3', '0'] mem= [('0', '((1-(a0**2))&a1)')]
16 PUSH1 3 stack= ['ret', 'a1', 'a2', 'a3', '0', '3'] mem= [('0', '((1-(a0**2))&a1)')]
17 PUSH1 20 stack= ['ret', 'a1', 'a2', 'a3', '0', '3', '20'] mem= [('0', '((1-(a0**2))&a1)')]
18 MSTORE None stack= ['ret', 'a1', 'a2', 'a3', '0'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
19 PUSH1 40 stack= ['ret', 'a1', 'a2', 'a3', '0', '40'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
20 DUP2 None stack= ['ret', 'a1', 'a2', 'a3', '0', '40', '0'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
21 KECCAK256 None stack= ['ret', 'a1', 'a2', 'a3', '0', 'keccak(mem[40:0])'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
22 SLOAD None stack= ['ret', 'a1', 'a2', 'a3', '0', 'sload(keccak(mem[40:0]))'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
23 DUP3 None stack= ['ret', 'a1', 'a2', 'a3', '0', 'sload(keccak(mem[40:0]))', 'a3'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
24 SWAP1 None stack= ['ret', 'a1', 'a2', 'a3', '0', 'a3', 'sload(keccak(mem[40:0]))'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
25 LT None stack= ['ret', 'a1', 'a2', 'a3', '0', '(a3<sload(keccak(mem[40:0])))'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
26 ISZERO None stack= ['ret', 'a1', 'a2', 'a3', '0', 'iszero((a3<sload(keccak(mem[40:0]))))'] mem= [('0', '((1-(a0**2))&a1)'), ('20', '3')]
codex
{"no_findings":false,"summary":"The bytecode looks like an ERC20-style token with one custom callback-style approval entrypoint at selector 0xcae9ca51. I did not substantiate the bundle's generic 'ETH value transfer' detector because two CALL sites match old Solidity identity-precompile memcpy patterns and the remaining low-level call appears to push zero value before CALL. The meaningful risk is the callback-style external call path itself.","findings":[{"severity":"medium","category":"reentrancy","title":"Allowance is written before an untrusted callback-style external CALL","exploit_scenario":"Selector 0xcae9ca51 appears to be an approve-and-callback flow: it stores a nested mapping entry (base slot 0x04) at pc 0x024b and then performs a low-level CALL at pc 0x030c with calldata beginning with selector 0x8f4ffcb1. Because no guard was detected in the bundle, a malicious spender/callback target can reenter while the fresh approval is already live and synchronously invoke token methods such as transferFrom. That behavior may be intended for an approveAndCall pattern, but any integrator assuming the approval step is non-reentrant can be broken.","recommendation":"Treat selector 0xcae9ca51 as fully reentrant. If callback behavior is required, add an explicit reentrancy guard or redesign to a pull pattern. At minimum, document that the callee may synchronously consume the newly written approval during the same transaction.","evidence":"Bundle auth heuristics report no guards. In the 0xcae9ca51 path, storage is updated via SSTORE at pc 0x024b before the low-level CALL at pc 0x030c. The surrounding CALL sites at pc 0x02c8 and pc 0x039d match old Solidity identity-precompile copy patterns, so the material external interaction is the pc 0x030c callback.","locations":["selector:0xcae9ca51","pc:0x24b","pc:0x30c"]},{"severity":"low","category":"other","title":"Callback success is checked only at the CALL bit level; hook execution is not semantically validated","exploit_scenario":"After the low-level CALL at pc 0x030c, the code checks only the CALL success bit (pc 0x030d-0x0311). The artifact also marks returndata_checked as unknown/null for this callsite. A target with a permissive fallback can therefore make the function succeed even if the expected callback hook was never actually executed. In an approve-and-callback flow, this can leave allowance state changed while upstream code assumes the receiver processed the hook.","recommendation":"Prefer an explicit interface call and require expected returndata or a known magic value. If low-level CALL must remain, validate that the target is a contract and that the callback semantics actually occurred rather than relying on the raw CALL success bit alone.","evidence":"At pc 0x030c the contract performs a low-level CALL from selector 0xcae9ca51. The immediate post-call sequence is ISZERO -> JUMPI to failure, with no visible returndata decoding or magic-value check. The bundle's callsite metadata for this pc reports returndata_checked: null.","locations":["selector:0xcae9ca51","pc:0x30c","pc:0x30d","pc:0x311"]}]}
tokens used
49,037
{
"codex": {
"ran_at": "2026-04-05T04:09:34.155796+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3250,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "The bytecode looks like an ERC20-style token with one custom callback-style approval entrypoint at selector 0xcae9ca51. I did not substantiate the bundle's generic 'ETH value transfer' detector because two CALL sites match old Solidity identity-precompile memcpy patterns and the remaining low-level call appears to push zero value before CALL. The meaningful risk is the callback-style external call path itself.",
"raw_final": {
"summary": "The bytecode looks like an ERC20-style token with one custom callback-style approval entrypoint at selector 0xcae9ca51. I did not substantiate the bundle's generic 'ETH value transfer' detector because two CALL sites match old Solidity identity-precompile memcpy patterns and the remaining low-level call appears to push zero value before CALL. The meaningful risk is the callback-style external call path itself.",
"findings": [
{
"title": "Allowance is written before an untrusted callback-style external CALL",
"category": "reentrancy",
"evidence": "Bundle auth heuristics report no guards. In the 0xcae9ca51 path, storage is updated via SSTORE at pc 0x024b before the low-level CALL at pc 0x030c. The surrounding CALL sites at pc 0x02c8 and pc 0x039d match old Solidity identity-precompile copy patterns, so the material external interaction is the pc 0x030c callback.",
"severity": "medium",
"locations": [
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x30c"
],
"recommendation": "Treat selector 0xcae9ca51 as fully reentrant. If callback behavior is required, add an explicit reentrancy guard or redesign to a pull pattern. At minimum, document that the callee may synchronously consume the newly written approval during the same transaction.",
"exploit_scenario": "Selector 0xcae9ca51 appears to be an approve-and-callback flow: it stores a nested mapping entry (base slot 0x04) at pc 0x024b and then performs a low-level CALL at pc 0x030c with calldata beginning with selector 0x8f4ffcb1. Because no guard was detected in the bundle, a malicious spender/callback target can reenter while the fresh approval is already live and synchronously invoke token methods such as transferFrom. That behavior may be intended for an approveAndCall pattern, but any integrator assuming the approval step is non-reentrant can be broken."
},
{
"title": "Callback success is checked only at the CALL bit level; hook execution is not semantically validated",
"category": "other",
"evidence": "At pc 0x030c the contract performs a low-level CALL from selector 0xcae9ca51. The immediate post-call sequence is ISZERO -> JUMPI to failure, with no visible returndata decoding or magic-value check. The bundle's callsite metadata for this pc reports returndata_checked: null.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x30c",
"pc:0x30d",
"pc:0x311"
],
"recommendation": "Prefer an explicit interface call and require expected returndata or a known magic value. If low-level CALL must remain, validate that the target is a contract and that the callback semantics actually occurred rather than relying on the raw CALL success bit alone.",
"exploit_scenario": "After the low-level CALL at pc 0x030c, the code checks only the CALL success bit (pc 0x030d-0x0311). The artifact also marks returndata_checked as unknown/null for this callsite. A target with a permissive fallback can therefore make the function succeed even if the expected callback hook was never actually executed. In an approve-and-callback flow, this can leave allowance state changed while upstream code assumes the receiver processed the hook."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0077 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x007f 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x23b872dd 00000025: EQ 00000026: PUSH2 0x00dc 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x010e 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x70a08231 0000003b: EQ 0000003c: PUSH2 0x011a 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x95d89b41 00000046: EQ 00000047: PUSH2 0x0132 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xa9059cbb 00000051: EQ 00000052: PUSH2 0x018e 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xcae9ca51 0000005c: EQ 0000005d: PUSH2 0x01bd 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xdc3080f2 00000067: EQ 00000068: PUSH2 0x031c 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xdd62ed3e 00000072: EQ 00000073: PUSH2 0x0341 00000076: JUMPI 00000077: JUMPDEST 00000078: PUSH2 0x0365 0000007b: PUSH2 0x0002 0000007e: JUMP 0000007f: JUMPDEST 00000080: PUSH2 0x0367 00000083: PUSH1 0x00 00000085: DUP1 00000086: SLOAD 00000087: PUSH1 0x20 00000089: PUSH1 0x02 0000008b: PUSH1 0x01 0000008d: DUP4 0000008e: AND 0000008f: ISZERO 00000090: PUSH2 0x0100 00000093: MUL 00000094: PUSH1 0x00 00000096: NOT 00000097: ADD 00000098: SWAP1 00000099: SWAP3 0000009a: AND 0000009b: SWAP2 0000009c: SWAP1 0000009d: SWAP2 0000009e: DIV 0000009f: PUSH1 0x1f 000000a1: DUP2 000000a2: ADD 000000a3: DUP3 000000a4: SWAP1 000000a5: DIV 000000a6: SWAP1 000000a7: SWAP2 000000a8: MUL 000000a9: PUSH1 0x80 000000ab: SWAP1 000000ac: DUP2 000000ad: ADD 000000ae: PUSH1 0x40 000000b0: MSTORE 000000b1: PUSH1 0x60 000000b3: DUP3 000000b4: DUP2 000000b5: MSTORE 000000b6: SWAP3 000000b7: SWAP2 000000b8: SWAP1 000000b9: DUP3 000000ba: DUP3 000000bb: DUP1 000000bc: ISZERO 000000bd: PUSH2 0x041c 000000c0: JUMPI 000000c1: DUP1 000000c2: PUSH1 0x1f 000000c4: LT 000000c5: PUSH2 0x03f1 000000c8: JUMPI 000000c9: PUSH2 0x0100 000000cc: DUP1 000000cd: DUP4 000000ce: SLOAD 000000cf: DIV 000000d0: MUL 000000d1: DUP4 000000d2: MSTORE 000000d3: SWAP2 000000d4: PUSH1 0x20 000000d6: ADD 000000d7: SWAP2 000000d8: PUSH2 0x041c 000000db: JUMP 000000dc: JUMPDEST 000000dd: PUSH2 0x03d5 000000e0: PUSH1 0x04 000000e2: CALLDATALOAD 000000e3: PUSH1 0x24 000000e5: CALLDATALOAD 000000e6: PUSH1 0x44 000000e8: CALLDATALOAD 000000e9: PUSH1 0x01 000000eb: PUSH1 0xa0 000000ed: PUSH1 0x02 000000ef: EXP 000000f0: SUB 000000f1: DUP4 000000f2: AND 000000f3: PUSH1 0x00 000000f5: SWAP1 000000f6: DUP2 000000f7: MSTORE 000000f8: PUSH1 0x03 000000fa: PUSH1 0x20 000000fc: MSTORE 000000fd: PUSH1 0x40 000000ff: DUP2 00000100: KECCAK256 00000101: SLOAD 00000102: DUP3 00000103: SWAP1 00000104: LT 00000105: ISZERO 00000106: PUSH2 0x04f3 00000109: JUMPI 0000010a: PUSH2 0x0002 0000010d: JUMP 0000010e: JUMPDEST 0000010f: PUSH2 0x03e7 00000112: PUSH1 0x02 00000114: SLOAD 00000115: PUSH1 0xff 00000117: AND 00000118: DUP2 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH2 0x03d5 0000011e: PUSH1 0x04 00000120: CALLDATALOAD 00000121: PUSH1 0x03 00000123: PUSH1 0x20 00000125: MSTORE 00000126: PUSH1 0x00 00000128: SWAP1 00000129: DUP2 0000012a: MSTORE 0000012b: PUSH1 0x40 0000012d: SWAP1 0000012e: KECCAK256 0000012f: SLOAD 00000130: DUP2 00000131: JUMP 00000132: JUMPDEST 00000133: PUSH2 0x0367 00000136: PUSH1 0x01 00000138: DUP1 00000139: SLOAD 0000013a: PUSH1 0x20 0000013c: PUSH1 0x02 0000013e: DUP3 0000013f: DUP5 00000140: AND 00000141: ISZERO 00000142: PUSH2 0x0100 00000145: MUL 00000146: PUSH1 0x00 00000148: NOT 00000149: ADD 0000014a: SWAP1 0000014b: SWAP3 0000014c: AND 0000014d: SWAP2 0000014e: SWAP1 0000014f: SWAP2 00000150: DIV 00000151: PUSH1 0x1f 00000153: DUP2 00000154: ADD 00000155: DUP3 00000156: SWAP1 00000157: DIV 00000158: SWAP1 00000159: SWAP2 0000015a: MUL 0000015b: PUSH1 0x80 0000015d: SWAP1 0000015e: DUP2 0000015f: ADD 00000160: PUSH1 0x40 00000162: MSTORE 00000163: PUSH1 0x60 00000165: DUP3 00000166: DUP2 00000167: MSTORE 00000168: SWAP3 00000169: SWAP2 0000016a: SWAP1 0000016b: DUP3 0000016c: DUP3 0000016d: DUP1 0000016e: ISZERO 0000016f: PUSH2 0x041c 00000172: JUMPI 00000173: DUP1 00000174: PUSH1 0x1f 00000176: LT 00000177: PUSH2 0x03f1 0000017a: JUMPI 0000017b: PUSH2 0x0100 0000017e: DUP1 0000017f: DUP4 00000180: SLOAD 00000181: DIV 00000182: MUL 00000183: DUP4 00000184: MSTORE 00000185: SWAP2 00000186: PUSH1 0x20 00000188: ADD 00000189: SWAP2 0000018a: PUSH2 0x041c 0000018d: JUMP 0000018e: JUMPDEST 0000018f: PUSH2 0x0365 00000192: PUSH1 0x04 00000194: CALLDATALOAD 00000195: PUSH1 0x24 00000197: CALLDATALOAD 00000198: PUSH1 0x01 0000019a: PUSH1 0xa0 0000019c: PUSH1 0x02 0000019e: EXP 0000019f: SUB 000001a0: CALLER 000001a1: AND 000001a2: PUSH1 0x00 000001a4: SWAP1 000001a5: DUP2 000001a6: MSTORE 000001a7: PUSH1 0x03 000001a9: PUSH1 0x20 000001ab: MSTORE 000001ac: PUSH1 0x40 000001ae: SWAP1 000001af: KECCAK256 000001b0: SLOAD 000001b1: DUP2 000001b2: SWAP1 000001b3: LT 000001b4: ISZERO 000001b5: PUSH2 0x0424 000001b8: JUMPI 000001b9: PUSH2 0x0002 000001bc: JUMP 000001bd: JUMPDEST 000001be: PUSH1 0x80 000001c0: PUSH1 0x20 000001c2: PUSH1 0x44 000001c4: CALLDATALOAD 000001c5: PUSH1 0x04 000001c7: DUP2 000001c8: DUP2 000001c9: ADD 000001ca: CALLDATALOAD 000001cb: PUSH1 0x1f 000001cd: DUP2 000001ce: ADD 000001cf: DUP5 000001d0: SWAP1 000001d1: DIV 000001d2: SWAP1 000001d3: SWAP4 000001d4: MUL 000001d5: DUP5 000001d6: ADD 000001d7: PUSH1 0x40 000001d9: MSTORE 000001da: PUSH1 0x60 000001dc: DUP4 000001dd: DUP2 000001de: MSTORE 000001df: PUSH2 0x03d5 000001e2: SWAP5 000001e3: DUP3 000001e4: CALLDATALOAD 000001e5: SWAP5 000001e6: PUSH1 0x24 000001e8: DUP1 000001e9: CALLDATALOAD 000001ea: SWAP6 000001eb: PUSH1 0x64 000001ed: SWAP5 000001ee: SWAP4 000001ef: SWAP2 000001f0: ADD 000001f1: SWAP2 000001f2: SWAP1 000001f3: DUP2 000001f4: SWAP1 000001f5: DUP4 000001f6: DUP3 000001f7: DUP1 000001f8: DUP3 000001f9: DUP5 000001fa: CALLDATACOPY 000001fb: POP 000001fc: SWAP5 000001fd: SWAP7 000001fe: POP 000001ff: POP 00000200: POP 00000201: POP 00000202: POP 00000203: POP 00000204: POP 00000205: PUSH1 0x00 00000207: PUSH1 0x00 00000209: DUP4 0000020a: PUSH1 0x04 0000020c: PUSH1 0x00 0000020e: POP 0000020f: PUSH1 0x00 00000211: CALLER 00000212: PUSH1 0x01 00000214: PUSH1 0xa0 00000216: PUSH1 0x02 00000218: EXP 00000219: SUB 0000021a: AND 0000021b: DUP2 0000021c: MSTORE 0000021d: PUSH1 0x20 0000021f: ADD 00000220: SWAP1 00000221: DUP2 00000222: MSTORE 00000223: PUSH1 0x20 00000225: ADD 00000226: PUSH1 0x00 00000228: KECCAK256 00000229: PUSH1 0x00 0000022b: POP 0000022c: PUSH1 0x00 0000022e: DUP8 0000022f: PUSH1 0x01 00000231: PUSH1 0xa0 00000233: PUSH1 0x02 00000235: EXP 00000236: SUB 00000237: AND 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP1 0000023e: DUP2 0000023f: MSTORE 00000240: PUSH1 0x20 00000242: ADD 00000243: PUSH1 0x00 00000245: KECCAK256 00000246: PUSH1 0x00 00000248: POP 00000249: DUP2 0000024a: SWAP1 0000024b: SSTORE 0000024c: POP 0000024d: DUP5 0000024e: SWAP1 0000024f: POP 00000250: DUP1 00000251: PUSH1 0x01 00000253: PUSH1 0xa0 00000255: PUSH1 0x02 00000257: EXP 00000258: SUB 00000259: AND 0000025a: PUSH4 0x8f4ffcb1 0000025f: CALLER 00000260: DUP7 00000261: ADDRESS 00000262: DUP8 00000263: PUSH1 0x40 00000265: MLOAD 00000266: DUP6 00000267: PUSH1 0xe0 00000269: PUSH1 0x02 0000026b: EXP 0000026c: MUL 0000026d: DUP2 0000026e: MSTORE 0000026f: PUSH1 0x04 00000271: ADD 00000272: DUP1 00000273: DUP6 00000274: PUSH1 0x01 00000276: PUSH1 0xa0 00000278: PUSH1 0x02 0000027a: EXP 0000027b: SUB 0000027c: AND 0000027d: DUP2 0000027e: MSTORE 0000027f: PUSH1 0x20 00000281: ADD 00000282: DUP5 00000283: DUP2 00000284: MSTORE 00000285: PUSH1 0x20 00000287: ADD 00000288: DUP4 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: DUP2 00000293: MSTORE 00000294: PUSH1 0x20 00000296: ADD 00000297: DUP1 00000298: PUSH1 0x20 0000029a: ADD 0000029b: DUP3 0000029c: DUP2 0000029d: SUB 0000029e: DUP3 0000029f: MSTORE 000002a0: DUP4 000002a1: DUP2 000002a2: DUP2 000002a3: MLOAD 000002a4: DUP2 000002a5: MSTORE 000002a6: PUSH1 0x20 000002a8: ADD 000002a9: SWAP2 000002aa: POP 000002ab: DUP1 000002ac: MLOAD 000002ad: SWAP1 000002ae: PUSH1 0x20 000002b0: ADD 000002b1: SWAP1 000002b2: DUP1 000002b3: DUP4 000002b4: DUP4 000002b5: DUP3 000002b6: SWAP1 000002b7: PUSH1 0x00 000002b9: PUSH1 0x04 000002bb: PUSH1 0x20 000002bd: DUP5 000002be: PUSH1 0x1f 000002c0: ADD 000002c1: DIV 000002c2: PUSH1 0x0f 000002c4: MUL 000002c5: PUSH1 0x03 000002c7: ADD 000002c8: CALL 000002c9: POP 000002ca: SWAP1 000002cb: POP 000002cc: SWAP1 000002cd: DUP2 000002ce: ADD 000002cf: SWAP1 000002d0: PUSH1 0x1f 000002d2: AND 000002d3: DUP1 000002d4: ISZERO 000002d5: PUSH2 0x02f2 000002d8: JUMPI 000002d9: DUP1 000002da: DUP3 000002db: SUB 000002dc: DUP1 000002dd: MLOAD 000002de: PUSH1 0x01 000002e0: DUP4 000002e1: PUSH1 0x20 000002e3: SUB 000002e4: PUSH2 0x0100 000002e7: EXP 000002e8: SUB 000002e9: NOT 000002ea: AND 000002eb: DUP2 000002ec: MSTORE 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: SWAP2 000002f1: POP 000002f2: JUMPDEST 000002f3: POP 000002f4: SWAP6 000002f5: POP 000002f6: POP 000002f7: POP 000002f8: POP 000002f9: POP 000002fa: POP 000002fb: PUSH1 0x00 000002fd: PUSH1 0x40 000002ff: MLOAD 00000300: DUP1 00000301: DUP4 00000302: SUB 00000303: DUP2 00000304: PUSH1 0x00 00000306: DUP8 00000307: PUSH2 0x61da 0000030a: GAS 0000030b: SUB 0000030c: CALL 0000030d: ISZERO 0000030e: PUSH2 0x0002 00000311: JUMPI 00000312: POP 00000313: POP 00000314: POP 00000315: POP 00000316: SWAP4 00000317: SWAP3 00000318: POP 00000319: POP 0000031a: POP 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH1 0x05 0000031f: PUSH1 0x20 00000321: SWAP1 00000322: DUP2 00000323: MSTORE 00000324: PUSH1 0x04 00000326: CALLDATALOAD 00000327: PUSH1 0x00 00000329: SWAP1 0000032a: DUP2 0000032b: MSTORE 0000032c: PUSH1 0x40 0000032e: DUP1 0000032f: DUP3 00000330: KECCAK256 00000331: SWAP1 00000332: SWAP3 00000333: MSTORE 00000334: PUSH1 0x24 00000336: CALLDATALOAD 00000337: DUP2 00000338: MSTORE 00000339: KECCAK256 0000033a: SLOAD 0000033b: PUSH2 0x03d5 0000033e: SWAP1 0000033f: DUP2 00000340: JUMP 00000341: JUMPDEST 00000342: PUSH1 0x04 00000344: PUSH1 0x20 00000346: DUP2 00000347: DUP2 00000348: MSTORE 00000349: SWAP1 0000034a: CALLDATALOAD 0000034b: PUSH1 0x00 0000034d: SWAP1 0000034e: DUP2 0000034f: MSTORE 00000350: PUSH1 0x40 00000352: DUP1 00000353: DUP3 00000354: KECCAK256 00000355: SWAP1 00000356: SWAP3 00000357: MSTORE 00000358: PUSH1 0x24 0000035a: CALLDATALOAD 0000035b: DUP2 0000035c: MSTORE 0000035d: KECCAK256 0000035e: SLOAD 0000035f: PUSH2 0x03d5 00000362: SWAP1 00000363: DUP2 00000364: JUMP 00000365: JUMPDEST 00000366: STOP 00000367: JUMPDEST 00000368: PUSH1 0x40 0000036a: MLOAD 0000036b: DUP1 0000036c: DUP1 0000036d: PUSH1 0x20 0000036f: ADD 00000370: DUP3 00000371: DUP2 00000372: SUB 00000373: DUP3 00000374: MSTORE 00000375: DUP4 00000376: DUP2 00000377: DUP2 00000378: MLOAD 00000379: DUP2 0000037a: MSTORE 0000037b: PUSH1 0x20 0000037d: ADD 0000037e: SWAP2 0000037f: POP 00000380: DUP1 00000381: MLOAD 00000382: SWAP1 00000383: PUSH1 0x20 00000385: ADD 00000386: SWAP1 00000387: DUP1 00000388: DUP4 00000389: DUP4 0000038a: DUP3 0000038b: SWAP1 0000038c: PUSH1 0x00 0000038e: PUSH1 0x04 00000390: PUSH1 0x20 00000392: DUP5 00000393: PUSH1 0x1f 00000395: ADD 00000396: DIV 00000397: PUSH1 0x0f 00000399: MUL 0000039a: PUSH1 0x03 0000039c: ADD 0000039d: CALL 0000039e: POP 0000039f: SWAP1 000003a0: POP 000003a1: SWAP1 000003a2: DUP2 000003a3: ADD 000003a4: SWAP1 000003a5: PUSH1 0x1f 000003a7: AND 000003a8: DUP1 000003a9: ISZERO 000003aa: PUSH2 0x03c7 000003ad: JUMPI 000003ae: DUP1 000003af: DUP3 000003b0: SUB 000003b1: DUP1 000003b2: MLOAD 000003b3: PUSH1 0x01 000003b5: DUP4 000003b6: PUSH1 0x20 000003b8: SUB 000003b9: PUSH2 0x0100 000003bc: EXP 000003bd: SUB 000003be: NOT 000003bf: AND 000003c0: DUP2 000003c1: MSTORE 000003c2: PUSH1 0x20 000003c4: ADD 000003c5: SWAP2 000003c6: POP 000003c7: JUMPDEST 000003c8: POP 000003c9: SWAP3 000003ca: POP 000003cb: POP 000003cc: POP 000003cd: PUSH1 0x40 000003cf: MLOAD 000003d0: DUP1 000003d1: SWAP2 000003d2: SUB 000003d3: SWAP1 000003d4: RETURN 000003d5: JUMPDEST 000003d6: PUSH1 0x40 000003d8: DUP1 000003d9: MLOAD 000003da: SWAP2 000003db: DUP3 000003dc: MSTORE 000003dd: MLOAD 000003de: SWAP1 000003df: DUP2 000003e0: SWAP1 000003e1: SUB 000003e2: PUSH1 0x20 000003e4: ADD 000003e5: SWAP1 000003e6: RETURN 000003e7: JUMPDEST 000003e8: PUSH1 0x60 000003ea: SWAP1 000003eb: DUP2 000003ec: MSTORE 000003ed: PUSH1 0x20 000003ef: SWAP1 000003f0: RETURN 000003f1: JUMPDEST 000003f2: DUP3 000003f3: ADD 000003f4: SWAP2 000003f5: SWAP1 000003f6: PUSH1 0x00 000003f8: MSTORE 000003f9: PUSH1 0x20 000003fb: PUSH1 0x00 000003fd: KECCAK256 000003fe: SWAP1 000003ff: JUMPDEST 00000400: DUP2 00000401: SLOAD 00000402: DUP2 00000403: MSTORE 00000404: SWAP1 00000405: PUSH1 0x01 00000407: ADD 00000408: SWAP1 00000409: PUSH1 0x20 0000040b: ADD 0000040c: DUP1 0000040d: DUP4 0000040e: GT 0000040f: PUSH2 0x03ff 00000412: JUMPI 00000413: DUP3 00000414: SWAP1 00000415: SUB 00000416: PUSH1 0x1f 00000418: AND 00000419: DUP3 0000041a: ADD 0000041b: SWAP2 0000041c: JUMPDEST 0000041d: POP 0000041e: POP 0000041f: POP 00000420: POP 00000421: POP 00000422: DUP2 00000423: JUMP 00000424: JUMPDEST 00000425: PUSH1 0x01 00000427: PUSH1 0xa0 00000429: PUSH1 0x02 0000042b: EXP 0000042c: SUB 0000042d: DUP3 0000042e: AND 0000042f: PUSH1 0x00 00000431: SWAP1 00000432: DUP2 00000433: MSTORE 00000434: PUSH1 0x40 00000436: SWAP1 00000437: KECCAK256 00000438: SLOAD 00000439: DUP1 0000043a: DUP3 0000043b: ADD 0000043c: LT 0000043d: ISZERO 0000043e: PUSH2 0x0446 00000441: JUMPI 00000442: PUSH2 0x0002 00000445: JUMP 00000446: JUMPDEST 00000447: DUP1 00000448: PUSH1 0x03 0000044a: PUSH1 0x00 0000044c: POP 0000044d: PUSH1 0x00 0000044f: CALLER 00000450: PUSH1 0x01 00000452: PUSH1 0xa0 00000454: PUSH1 0x02 00000456: EXP 00000457: SUB 00000458: AND 00000459: DUP2 0000045a: MSTORE 0000045b: PUSH1 0x20 0000045d: ADD 0000045e: SWAP1 0000045f: DUP2 00000460: MSTORE 00000461: PUSH1 0x20 00000463: ADD 00000464: PUSH1 0x00 00000466: KECCAK256 00000467: PUSH1 0x00 00000469: DUP3 0000046a: DUP3 0000046b: DUP3 0000046c: POP 0000046d: SLOAD 0000046e: SUB 0000046f: SWAP3 00000470: POP 00000471: POP 00000472: DUP2 00000473: SWAP1 00000474: SSTORE 00000475: POP 00000476: DUP1 00000477: PUSH1 0x03 00000479: PUSH1 0x00 0000047b: POP 0000047c: PUSH1 0x00 0000047e: DUP5 0000047f: PUSH1 0x01 00000481: PUSH1 0xa0 00000483: PUSH1 0x02 00000485: EXP 00000486: SUB 00000487: AND 00000488: DUP2 00000489: MSTORE 0000048a: PUSH1 0x20 0000048c: ADD 0000048d: SWAP1 0000048e: DUP2 0000048f: MSTORE 00000490: PUSH1 0x20 00000492: ADD 00000493: PUSH1 0x00 00000495: KECCAK256 00000496: PUSH1 0x00 00000498: DUP3 00000499: DUP3 0000049a: DUP3 0000049b: POP 0000049c: SLOAD 0000049d: ADD 0000049e: SWAP3 0000049f: POP 000004a0: POP 000004a1: DUP2 000004a2: SWAP1 000004a3: SSTORE 000004a4: POP 000004a5: DUP2 000004a6: PUSH1 0x01 000004a8: PUSH1 0xa0 000004aa: PUSH1 0x02 000004ac: EXP 000004ad: SUB 000004ae: AND 000004af: CALLER 000004b0: PUSH1 0x01 000004b2: PUSH1 0xa0 000004b4: PUSH1 0x02 000004b6: EXP 000004b7: SUB 000004b8: AND 000004b9: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004da: DUP4 000004db: PUSH1 0x40 000004dd: MLOAD 000004de: DUP1 000004df: DUP3 000004e0: DUP2 000004e1: MSTORE 000004e2: PUSH1 0x20 000004e4: ADD 000004e5: SWAP2 000004e6: POP 000004e7: POP 000004e8: PUSH1 0x40 000004ea: MLOAD 000004eb: DUP1 000004ec: SWAP2 000004ed: SUB 000004ee: SWAP1 000004ef: LOG3 000004f0: POP 000004f1: POP 000004f2: JUMP 000004f3: JUMPDEST 000004f4: PUSH1 0x01 000004f6: PUSH1 0xa0 000004f8: PUSH1 0x02 000004fa: EXP 000004fb: SUB 000004fc: DUP4 000004fd: AND 000004fe: DUP2 000004ff: MSTORE 00000500: PUSH1 0x40 00000502: DUP2 00000503: KECCAK256 00000504: SLOAD 00000505: DUP1 00000506: DUP4 00000507: ADD 00000508: LT 00000509: ISZERO 0000050a: PUSH2 0x0512 0000050d: JUMPI 0000050e: PUSH2 0x0002 00000511: JUMP 00000512: JUMPDEST 00000513: PUSH1 0x01 00000515: PUSH1 0xa0 00000517: PUSH1 0x02 00000519: EXP 0000051a: SUB 0000051b: DUP1 0000051c: DUP6 0000051d: AND 0000051e: DUP1 0000051f: DUP4 00000520: MSTORE 00000521: PUSH1 0x04 00000523: PUSH1 0x20 00000525: SWAP1 00000526: DUP2 00000527: MSTORE 00000528: PUSH1 0x40 0000052a: DUP1 0000052b: DUP6 0000052c: KECCAK256 0000052d: CALLER 0000052e: SWAP5 0000052f: SWAP1 00000530: SWAP5 00000531: AND 00000532: DUP1 00000533: DUP7 00000534: MSTORE 00000535: SWAP4 00000536: DUP3 00000537: MSTORE 00000538: DUP1 00000539: DUP6 0000053a: KECCAK256 0000053b: SLOAD 0000053c: SWAP3 0000053d: DUP6 0000053e: MSTORE 0000053f: PUSH1 0x05 00000541: DUP3 00000542: MSTORE 00000543: DUP1 00000544: DUP6 00000545: KECCAK256 00000546: SWAP4 00000547: DUP6 00000548: MSTORE 00000549: SWAP3 0000054a: SWAP1 0000054b: MSTORE 0000054c: SWAP1 0000054d: DUP3 0000054e: KECCAK256 0000054f: SLOAD 00000550: DUP4 00000551: ADD 00000552: GT 00000553: ISZERO 00000554: PUSH2 0x055c 00000557: JUMPI 00000558: PUSH2 0x0002 0000055b: JUMP 0000055c: JUMPDEST 0000055d: DUP2 0000055e: PUSH1 0x03 00000560: PUSH1 0x00 00000562: POP 00000563: PUSH1 0x00 00000565: DUP7 00000566: PUSH1 0x01 00000568: PUSH1 0xa0 0000056a: PUSH1 0x02 0000056c: EXP 0000056d: SUB 0000056e: AND 0000056f: DUP2 00000570: MSTORE 00000571: PUSH1 0x20 00000573: ADD 00000574: SWAP1 00000575: DUP2 00000576: MSTORE 00000577: PUSH1 0x20 00000579: ADD 0000057a: PUSH1 0x00 0000057c: KECCAK256 0000057d: PUSH1 0x00 0000057f: DUP3 00000580: DUP3 00000581: DUP3 00000582: POP 00000583: SLOAD 00000584: SUB 00000585: SWAP3 00000586: POP 00000587: POP 00000588: DUP2 00000589: SWAP1 0000058a: SSTORE 0000058b: POP 0000058c: DUP2 0000058d: PUSH1 0x03 0000058f: PUSH1 0x00 00000591: POP 00000592: PUSH1 0x00 00000594: DUP6 00000595: PUSH1 0x01 00000597: PUSH1 0xa0 00000599: PUSH1 0x02 0000059b: EXP 0000059c: SUB 0000059d: AND 0000059e: DUP2 0000059f: MSTORE 000005a0: PUSH1 0x20 000005a2: ADD 000005a3: SWAP1 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x20 000005a8: ADD 000005a9: PUSH1 0x00 000005ab: KECCAK256 000005ac: PUSH1 0x00 000005ae: DUP3 000005af: DUP3 000005b0: DUP3 000005b1: POP 000005b2: SLOAD 000005b3: ADD 000005b4: SWAP3 000005b5: POP 000005b6: POP 000005b7: DUP2 000005b8: SWAP1 000005b9: SSTORE 000005ba: POP 000005bb: DUP2 000005bc: PUSH1 0x05 000005be: PUSH1 0x00 000005c0: POP 000005c1: PUSH1 0x00 000005c3: DUP7 000005c4: PUSH1 0x01 000005c6: PUSH1 0xa0 000005c8: PUSH1 0x02 000005ca: EXP 000005cb: SUB 000005cc: AND 000005cd: DUP2 000005ce: MSTORE 000005cf: PUSH1 0x20 000005d1: ADD 000005d2: SWAP1 000005d3: DUP2 000005d4: MSTORE 000005d5: PUSH1 0x20 000005d7: ADD 000005d8: PUSH1 0x00 000005da: KECCAK256 000005db: PUSH1 0x00 000005dd: POP 000005de: PUSH1 0x00 000005e0: CALLER 000005e1: PUSH1 0x01 000005e3: PUSH1 0xa0 000005e5: PUSH1 0x02 000005e7: EXP 000005e8: SUB 000005e9: AND 000005ea: DUP2 000005eb: MSTORE 000005ec: PUSH1 0x20 000005ee: ADD 000005ef: SWAP1 000005f0: DUP2 000005f1: MSTORE 000005f2: PUSH1 0x20 000005f4: ADD 000005f5: PUSH1 0x00 000005f7: KECCAK256 000005f8: PUSH1 0x00 000005fa: DUP3 000005fb: DUP3 000005fc: DUP3 000005fd: POP 000005fe: SLOAD 000005ff: ADD 00000600: SWAP3 00000601: POP 00000602: POP 00000603: DUP2 00000604: SWAP1 00000605: SSTORE 00000606: POP 00000607: DUP3 00000608: PUSH1 0x01 0000060a: PUSH1 0xa0 0000060c: PUSH1 0x02 0000060e: EXP 0000060f: SUB 00000610: AND 00000611: CALLER 00000612: PUSH1 0x01 00000614: PUSH1 0xa0 00000616: PUSH1 0x02 00000618: EXP 00000619: SUB 0000061a: AND 0000061b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000063c: DUP5 0000063d: PUSH1 0x40 0000063f: MLOAD 00000640: DUP1 00000641: DUP3 00000642: DUP2 00000643: MSTORE 00000644: PUSH1 0x20 00000646: ADD 00000647: SWAP2 00000648: POP 00000649: POP 0000064a: PUSH1 0x40 0000064c: MLOAD 0000064d: DUP1 0000064e: SWAP2 0000064f: SUB 00000650: SWAP1 00000651: LOG3 00000652: SWAP4 00000653: SWAP3 00000654: POP 00000655: POP 00000656: POP 00000657: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db
call_targets:
0x0000000000000000000000000000000000000004, 0xaf04889fcd67560580b0dc544566e93743652020
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xaf04889fcd67560580b0dc544566e93743652020"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db
call_targets:
0x0000000000000000000000000000000000000004, 0xaf04889fcd67560580b0dc544566e93743652020
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x933a1ec7422f661720249aad19793b327997ab63ed6766fdaad27e6683c174db",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xaf04889fcd67560580b0dc544566e93743652020"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | reentrancy | codex | Allowance is written before an untrusted callback-style external CALL | 75 | no | — |
viewevidence_json{
"evidence": "Bundle auth heuristics report no guards. In the 0xcae9ca51 path, storage is updated via SSTORE at pc 0x024b before the low-level CALL at pc 0x030c. The surrounding CALL sites at pc 0x02c8 and pc 0x039d match old Solidity identity-precompile copy patterns, so the material external interaction is the pc 0x030c callback.",
"locations": [
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x30c"
],
"recommendation": "Treat selector 0xcae9ca51 as fully reentrant. If callback behavior is required, add an explicit reentrancy guard or redesign to a pull pattern. At minimum, document that the callee may synchronously consume the newly written approval during the same transaction.",
"exploit_scenario": "Selector 0xcae9ca51 appears to be an approve-and-callback flow: it stores a nested mapping entry (base slot 0x04) at pc 0x024b and then performs a low-level CALL at pc 0x030c with calldata beginning with selector 0x8f4ffcb1. Because no guard was detected in the bundle, a malicious spender/callback target can reenter while the fresh approval is already live and synchronously invoke token methods such as transferFrom. That behavior may be intended for an approveAndCall pattern, but any integrator assuming the approval step is non-reentrant can be broken."
}
|
| low | other | codex | Callback success is checked only at the CALL bit level; hook execution is not semantically validated | 65 | no | — |
viewevidence_json{
"evidence": "At pc 0x030c the contract performs a low-level CALL from selector 0xcae9ca51. The immediate post-call sequence is ISZERO -> JUMPI to failure, with no visible returndata decoding or magic-value check. The bundle's callsite metadata for this pc reports returndata_checked: null.",
"locations": [
"selector:0xcae9ca51",
"pc:0x30c",
"pc:0x30d",
"pc:0x311"
],
"recommendation": "Prefer an explicit interface call and require expected returndata or a known magic value. If low-level CALL must remain, validate that the target is a contract and that the callback semantics actually occurred rather than relying on the raw CALL success bit alone.",
"exploit_scenario": "After the low-level CALL at pc 0x030c, the code checks only the CALL success bit (pc 0x030d-0x0311). The artifact also marks returndata_checked as unknown/null for this callsite. A target with a permissive fallback can therefore make the function succeed even if the expected callback hook was never actually executed. In an approve-and-callback flow, this can leave allowance state changed while upstream code assumes the receiver processed the hook."
}
|