019b3836-361b-70a4-9b0e-3b9627dda5c8
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3529 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3530 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46812 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46813 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46814 | detector.run | complete | 1 / 3 | 1 week ago |
| 46815 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113272 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"ERC20-like runtime bytecode with custom approval/callback logic. No proxy/delegatecall path was evident from the bundle. The meaningful issues are a non-standard two-slot allowance model that makes `allowance()` over-report spendable value, and an `approveAndCall`-style external callback that can reenter after approval is written.","findings":[{"severity":"medium","category":"other","title":"`allowance()` appears to report approved ceiling, not remaining spendable allowance","exploit_scenario":"A wallet, DEX, or vault reads `allowance(owner, spender)` via `0xdd62ed3e` and believes that full amount is still spendable. If the spender has already consumed part of the approval, `transferFrom` can still revert because the contract also tracks a separate spent counter. This can break pull-based integrations, leave approvals seemingly usable when they are not, and make allowance changes behave unexpectedly unless an integrator knows about the custom second mapping.","recommendation":"If this contract must present an ERC20-compatible surface, make `allowance()` return remaining allowance, or decrement the same allowance slot that `allowance()` reads. At minimum, document the non-standard behavior prominently and require integrators to account for the extra spent-allowance state (best-effort inferred from selector `0xdc3080f2`).","evidence":"Best-effort bytecode inference shows `0xdd62ed3e` reading only one nested mapping rooted at slot `0x04` (`pc:0x35e`). In `0x23b872dd`, the transferFrom path reads slot `0x04` (`pc:0x53b`) and a second nested mapping rooted at slot `0x05` (`pc:0x54f`), checks the combination, then updates slot `0x05` at `pc:0x605` instead of decrementing slot `0x04`. That implies standard `allowance()` does not expose the true remaining spendable amount.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xdc3080f2","pc:0x35e","pc:0x53b","pc:0x54f","pc:0x605"]},{"severity":"low","category":"reentrancy","title":"Approval callback performs a full-gas external call after writing approval","exploit_scenario":"If selector `0xcae9ca51` is the expected `approveAndCall(address,uint256,bytes)`-style entrypoint, a malicious spender contract can receive the callback and immediately reenter the token using the just-written approval before the outer call returns. From the bytecode alone, this looks intentional, but any integrator assuming the callback is non-reentrant could be surprised.","recommendation":"Treat this entrypoint as reentrant-by-design. Avoid using it with untrusted spender contracts. If behavior can be changed, add an explicit reentrancy guard or refactor so callbacks cannot observe freshly written approval without tighter controls.","evidence":"Selector `0xcae9ca51` accepts calldata shaped like `(address,uint256,bytes)` and writes to the allowance-like mapping at `pc:0x24b`. It then builds calldata containing selector `0x8f4ffcb1` at `pc:0x25a` and performs a low-level `CALL` to the calldata-derived target at `pc:0x30c`, with no detected guard. The other CALLs at `pc:0x2c8`/`pc:0x39d` are consistent with identity-precompile/string-copy helpers and are lower concern.","locations":["selector:0xcae9ca51","pc:0x24b","pc:0x25a","pc:0x30c"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-zsh1ke7u
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5bed-8c4e-7b51-8fd8-05fafafe2319
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-zsh1ke7u
succeeded in 0ms:
/tmp/codex-zsh1ke7u
exec
/bin/bash -lc 'rg --files' in /tmp/codex-zsh1ke7u
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a",
"artifact_hash": "0x3ad6d630e4ccbe57cfbf8e2e26ef37ee7a25fd69555a8d558beec9198bf5c635",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 119
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 127
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 193
},
{
"end_pc": 219,
"hash": "0x2e794b922f2e688929521016738957b2566468ea69b3419d8d40755853cff20c",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 201
},
{
"end_pc": 265,
"hash": "0x190bf08b5e08d77b3005616766a2ab7fa4adb77ba20b16951d4633d8293f7ebf",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"PUSH1",
"OP_90",
exec
/bin/bash -lc "sed -n '1,220p' codex-output-schema.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
"0x06fdde03",
"0x23b872dd",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 869,
"selector": "0xdd62ed3e"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"keccak_count": 22,
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "jq '.heuristics_summary' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 869,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
]
exec
/bin/bash -lc "jq '.artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
[
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
]
exec
/bin/bash -lc "jq '.analysis_run' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"address": "0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:55.000000Z",
"id": "019b3836-361b-70a4-9b0e-3b9627dda5c8",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:56:23.000000Z"
}
exec
/bin/bash -lc "jq '.artifact' BYTECODE_BUNDLE.json | sed -n '1,240p'" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"codehash": "0x874efed0297ce2055816a3736c8d2293d47cabbd37cf73418ace9a48771a70c9",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063dc3080f21461031c578063dd62ed3e14610341575b610365610002565b61036760008054602060026001831615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b6103d5600435602435604435600160a060020a038316600090815260036020526040812054829010156104f357610002565b6103e760025460ff1681565b6103d560043560036020526000908152604090205481565b610367600180546020600282841615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b610365600435602435600160a060020a0333166000908152600360205260409020548190101561042457610002565b60806020604435600481810135601f8101849004909302840160405260608381526103d5948235946024803595606494939101919081908382808284375094965050505050505060006000836004600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102f25780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257505050509392505050565b6005602090815260043560009081526040808220909252602435815220546103d59081565b60046020818152903560009081526040808220909252602435815220546103d59081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103c75780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116103ff57829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561044657610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561051257610002565b600160a060020a0380851680835260046020908152604080852033949094168086529382528085205492855260058252808520938552929052908220548301111561055c57610002565b816003600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816003600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816005600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3939250505056",
"head": null,
"length": 3250,
"tail": null,
"truncated": false
},
"verified_source": false
}
exec
/bin/bash -lc "jq '.capability_graph' BYTECODE_BUNDLE.json" in /tmp/codex-zsh1ke7u
succeeded in 0ms:
{
"address": "0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a",
"block_number": null,
"chain_id": 1,
"codehash": "0x874efed0297ce2055816a3736c8d2293d47cabbd37cf73418ace9a48771a70c9",
"created_at": "2026-04-04T19:56:23.000000Z",
"graph_hash": "0x08ed0ee3a40777d05d4b865b7bdeaabaa821e2bacf435a18cce4ce5743674a5e",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:119",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:127",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:220",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:270",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:282",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:306",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:398",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:445",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:833",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:127",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:127",
"to": "bb:193",
"type": "control_flow_fallthrough"
},
{
"from": "bb:193",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:201",
"type": "control_flow_fallthrough"
},
{
"from": "bb:201",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:1267",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:266",
"type": "control_flow_fallthrough"
},
{
"from": "bb:306",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:306",
"to": "bb:371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:371",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:371",
"to": "bb:379",
"type": "control_flow_fallthrough"
},
{
"from": "bb:379",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:1060",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:441",
"type": "control_flow_fallthrough"
},
{
"from": "bb:445",
"to": "bb:754",
"type": "control_flow"
},
{
"from": "bb:445",
"to": "bb:729",
"type": "control_flow_fallthrough"
},
{
"from": "bb:729",
"to": "bb:754",
"type": "control_flow_fallthrough"
},
{
"from": "bb:754",
"to": "bb:786",
"type": "control_flow_fallthrough"
},
{
"from": "bb:871",
"to": "bb:967",
"type": "control_flow"
},
{
"from": "bb:871",
"to": "bb:942",
"type": "control_flow_fallthrough"
},
{
"from": "bb:942",
"to": "bb:967",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1009",
"to": "bb:1023",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1023",
"to": "bb:1023",
"type": "control_flow"
},
{
"from": "bb:1023",
"to": "bb:1043",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1043",
"to": "bb:1052",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1060",
"to": "bb:1094",
"type": "control_flow"
},
{
"from": "bb:1060",
"to": "bb:1090",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1267",
"to": "bb:1298",
"type": "control_flow"
},
{
"from": "bb:1267",
"to": "bb:1294",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1298",
"to": "bb:1372",
"type": "control_flow"
},
{
"from": "bb:1298",
"to": "bb:1368",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "fn:0xa9059cbb",
"to": "bb:3404319313",
"type": "entry"
},
{
"from": "fn:0xcae9ca51",
"to": "bb:3694166258",
"type": "entry"
},
{
"from": "fn:0xdc3080f2",
"to": "bb:3714247998",
"type": "entry"
},
{
"from": "fn:0xdd62ed3e",
"to": "bb:869",
"type": "entry"
},
{
"from": "bb:445",
"to": "call:712",
"type": "contains"
},
{
"from": "call:712",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:754",
"to": "call:780",
"type": "contains"
},
{
"from": "call:780",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:871",
"to": "call:925",
"type": "contains"
},
{
"from": "call:925",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"id": "bb:127",
"start_pc": 127,
"type": "basic_block"
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"id": "bb:193",
"start_pc": 193,
"type": "basic_block"
},
{
"end_pc": 219,
"hash": "0x2e794b922f2e688929521016738957b2566468ea69b3419d8d40755853cff20c",
"id": "bb:201",
"start_pc": 201,
"type": "basic_block"
},
{
"end_pc": 265,
"hash": "0x190bf08b5e08d77b3005616766a2ab7fa4adb77ba20b16951d4633d8293f7ebf",
"id": "bb:220",
"start_pc": 220,
"type": "basic_block"
},
{
"end_pc": 269,
"hash": "0x52ba0293f3ad0d0d22b2cd189312666c2f198fe85fd7e8cf364ca30124e6b6de",
"id": "bb:266",
"start_pc": 266,
"type": "basic_block"
},
{
"end_pc": 281,
"hash": "0x9362fd1a8491aafd33b18515eb8ae7f6ce985746e9a8743c6fc6c84b7c52c518",
"id": "bb:270",
"start_pc": 270,
"type": "basic_block"
},
{
"end_pc": 305,
"hash": "0xbb87a2a93bcc6d42ab9c1e8a369ca3651c37d9a9372dc06f6964d3866ab8b291",
"id": "bb:282",
"start_pc": 282,
"type": "basic_block"
},
{
"end_pc": 370,
"hash": "0x1f128a54ab36e4a650a39c43969da7a18d0606125668c0a3aa64a761d230287a",
"id": "bb:306",
"start_pc": 306,
"type": "basic_block"
},
{
"end_pc": 378,
"hash": "0x58b1c56e0bff7ba093cef9b7a74d11611cf4b15773f76d97991c3d49c38766a6",
"id": "bb:371",
"start_pc": 371,
"type": "basic_block"
},
{
"end_pc": 397,
"hash": "0xe9187216f47e087c3deca70ab4be2937fbf4de2fca127d2dfd92abe17b4781fa",
"id": "bb:379",
"start_pc": 379,
"type": "basic_block"
},
{
"end_pc": 440,
"hash": "0xa101c9d6bb187e5dd34f4e8bfce81941261c9b79f1205d8650c4885bb3726448",
"id": "bb:398",
"start_pc": 398,
"type": "basic_block"
},
{
"end_pc": 444,
"hash": "0x97405cdd6e6b60c9e9daa38cfb2e6d1ae50968b4bd9967a97fd59f851bba10c4",
"id": "bb:441",
"start_pc": 441,
"type": "basic_block"
},
{
"end_pc": 728,
"hash": "0x4c004680333ea937e41a95e0aaa7be8791bcc43b3d6e6b44ac5f9f25fec29fb6",
"id": "bb:445",
"start_pc": 445,
"type": "basic_block"
},
{
"end_pc": 753,
"hash": "0x6c0260a2c143f4bf49ef1833a76637a7016a5027a6eb39e9b989cd2fa2ad3bc9",
"id": "bb:729",
"start_pc": 729,
"type": "basic_block"
},
{
"end_pc": 785,
"hash": "0xbffc64f35b18e95e2103ddef4b4c5fdccee241aff0e0782c74d7b7bb3e9692bb",
"id": "bb:754",
"start_pc": 754,
"type": "basic_block"
},
{
"end_pc": 795,
"hash": "0xd31cae8e0c5c35d864bd5508dadbe36913d0b7616723327ad7fa8cbf04a9d090",
"id": "bb:786",
"start_pc": 786,
"type": "basic_block"
},
{
"end_pc": 832,
"hash": "0x671f80614b2161acd8baa164519b56d80b0369a1cfcd4471f9660911fdec58ed",
"id": "bb:796",
"start_pc": 796,
"type": "basic_block"
},
{
"end_pc": 868,
"hash": "0x4967a576c664bf96bf266de1e139b435ea940fc359da4af5fde4d4a32032cb10",
"id": "bb:833",
"start_pc": 833,
"type": "basic_block"
},
{
"end_pc": 870,
"hash": "0x5cf4c5f8e3b1ba7f3983055ae21aff82972bf273cf483cb99b22716738730c8f",
"id": "bb:869",
"start_pc": 869,
"type": "basic_block"
},
{
"end_pc": 941,
"hash": "0x4e015292933284ecba012bf1ac6370f2ee89eaecf8846a17e70652092e826368",
"id": "bb:871",
"start_pc": 871,
"type": "basic_block"
},
{
"end_pc": 966,
"hash": "0x726883ac335db6396460a65951f8781b271477760da9f313537d6d2c8f4c2787",
"id": "bb:942",
"start_pc": 942,
"type": "basic_block"
},
{
"end_pc": 980,
"hash": "0x6e647b035fdb58d4be1d1d7fe777d3d819158f76ffe11d2517debc73a4271c9d",
"id": "bb:967",
"start_pc": 967,
"type": "basic_block"
},
{
"end_pc": 998,
"hash": "0xe72f2d49734f00bbcdcd0e24a06397f3639aa1d959474ef092b3e85596206ed4",
"id": "bb:981",
"start_pc": 981,
"type": "basic_block"
},
{
"end_pc": 1008,
"hash": "0xca01593542ab5509a9e9f91cd2fe5d9ff3fefd59976afd43d053e24d9681d7ad",
"id": "bb:999",
"start_pc": 999,
"type": "basic_block"
},
{
"end_pc": 1022,
"hash": "0x3487ce969fde324c21ec4897a771b6a6c9366d06c0ccf7c7eb59128e3da699d9",
"id": "bb:1009",
"start_pc": 1009,
"type": "basic_block"
},
{
"end_pc": 1042,
"hash": "0x9843d5bef793075e621a5db739863e9598a10bb1dac83aff33020ccd4235e068",
"id": "bb:1023",
"start_pc": 1023,
"type": "basic_block"
},
{
"end_pc": 1051,
"hash": "0x538abb38eabdfe29129b607eb8ae0b8d2e44521c45ee2c110943f458fd664324",
"id": "bb:1043",
"start_pc": 1043,
"type": "basic_block"
},
{
"end_pc": 1059,
"hash": "0x472c08278b028b0cdb59aad605c5706d03de3e93dcdf16a3641f8a640a00e731",
"id": "bb:1052",
"start_pc": 1052,
"type": "basic_block"
},
{
"end_pc": 1089,
"hash": "0x5c8c6f156ae992e2a7da3273c349575c878684bc6e974dcab67cad2204a8ac15",
"id": "bb:1060",
"start_pc": 1060,
"type": "basic_block"
},
{
"end_pc": 1093,
"hash": "0x027da33ba0ef47e5382be6e0e7e5f7de28c5fa90f629adef43b8d86b4fdc7dbf",
"id": "bb:1090",
"start_pc": 1090,
"type": "basic_block"
},
{
"end_pc": 1266,
"hash": "0x5798335e65fa03c08b530140688de4533b35e5acc6a62cf1bbb7f4a3b8990728",
"id": "bb:1094",
"start_pc": 1094,
"type": "basic_block"
},
{
"end_pc": 1293,
"hash": "0x1efeed91c466c5566d1ebe14449767f50a1426b1e1762279016703ac747c47c2",
"id": "bb:1267",
"start_pc": 1267,
"type": "basic_block"
},
{
"end_pc": 1297,
"hash": "0xde573111b2e71d42614970a01648d50ed903636ae22a28be2f9f344df8c3a808",
"id": "bb:1294",
"start_pc": 1294,
"type": "basic_block"
},
{
"end_pc": 1367,
"hash": "0xc6099e4bd9cdeda0d19333ac44aa52a84c0014cf573ae2bac4ba956c98bbef7c",
"id": "bb:1298",
"start_pc": 1298,
"type": "basic_block"
},
{
"end_pc": 1371,
"hash": "0xe2811e1ab2e138a0c1623f56ff5e31cf15a81dd9389e0ed886e676b2ee65e741",
"id": "bb:1368",
"start_pc": 1368,
"type": "basic_block"
},
{
"end_pc": 1623,
"hash": "0x6aa5714a3416ed580f6559a1e111b4bd0099b7d16b65705910a895433cc3041c",
"id": "bb:1372",
"start_pc": 1372,
"type": "basic_block"
},
{
"id": "call:712",
"opcode": "CALL",
"pc": 712,
"type": "callsite"
},
{
"id": "call:780",
"opcode": "CALL",
"pc": 780,
"type": "callsite"
},
{
"id": "call:925",
"opcode": "CALL",
"pc": 925,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x23b872dd",
"selector": "0x23b872dd",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": 3404319313,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
},
{
"entry_pc": 3694166258,
"id": "fn:0xcae9ca51",
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 869,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2360,
"updated_at": "2026-04-04T19:56:23.000000Z",
"version": "capability_graph_v1"
}
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 99ms:
669: SUB
670: DUP3
671: MSTORE
672: DUP4
673: DUP2
674: DUP2
675: MLOAD
676: DUP2
677: MSTORE
678: PUSH1 0x20
680: ADD
681: SWAP2
682: POP
683: DUP1
684: MLOAD
685: SWAP1
686: PUSH1 0x20
688: ADD
689: SWAP1
690: DUP1
691: DUP4
692: DUP4
693: DUP3
694: SWAP1
695: PUSH1 0x00
697: PUSH1 0x04
699: PUSH1 0x20
701: DUP5
702: PUSH1 0x1f
704: ADD
705: DIV
706: PUSH1 0x0f
708: MUL
709: PUSH1 0x03
711: ADD
712: CALL
713: POP
714: SWAP1
715: POP
716: SWAP1
717: DUP2
718: ADD
719: SWAP1
720: PUSH1 0x1f
722: AND
723: DUP1
724: ISZERO
725: PUSH2 0x02f2
728: JUMPI
729: DUP1
730: DUP3
731: SUB
732: DUP1
733: MLOAD
734: PUSH1 0x01
736: DUP4
737: PUSH1 0x20
739: SUB
740: PUSH2 0x0100
743: EXP
744: SUB
745: NOT
746: AND
747: DUP2
748: MSTORE
749: PUSH1 0x20
751: ADD
752: SWAP2
753: POP
754: JUMPDEST
---
749: PUSH1 0x20
751: ADD
752: SWAP2
753: POP
754: JUMPDEST
755: POP
756: SWAP6
757: POP
758: POP
759: POP
760: POP
761: POP
762: POP
763: PUSH1 0x00
765: PUSH1 0x40
767: MLOAD
768: DUP1
769: DUP4
770: SUB
771: DUP2
772: PUSH1 0x00
774: DUP8
775: PUSH2 0x61da
778: GAS
779: SUB
780: CALL
781: ISZERO
782: PUSH2 0x0002
785: JUMPI
786: POP
787: POP
788: POP
789: POP
790: SWAP4
791: SWAP3
792: POP
793: POP
794: POP
795: JUMP
796: JUMPDEST
797: PUSH1 0x05
799: PUSH1 0x20
801: SWAP1
802: DUP2
803: MSTORE
804: PUSH1 0x04
806: CALLDATALOAD
807: PUSH1 0x00
809: SWAP1
810: DUP2
---
893: ADD
894: SWAP2
895: POP
896: DUP1
897: MLOAD
898: SWAP1
899: PUSH1 0x20
901: ADD
902: SWAP1
903: DUP1
904: DUP4
905: DUP4
906: DUP3
907: SWAP1
908: PUSH1 0x00
910: PUSH1 0x04
912: PUSH1 0x20
914: DUP5
915: PUSH1 0x1f
917: ADD
918: DIV
919: PUSH1 0x0f
921: MUL
922: PUSH1 0x03
924: ADD
925: CALL
926: POP
927: SWAP1
928: POP
929: SWAP1
930: DUP2
931: ADD
932: SWAP1
933: PUSH1 0x1f
935: AND
936: DUP1
937: ISZERO
938: PUSH2 0x03c7
941: JUMPI
942: DUP1
943: DUP3
944: SUB
945: DUP1
946: MLOAD
947: PUSH1 0x01
949: DUP4
950: PUSH1 0x20
952: SUB
953: PUSH2 0x0100
956: EXP
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 2ms:
398: JUMPDEST
399: PUSH2 0x0365
402: PUSH1 0x04
404: CALLDATALOAD
405: PUSH1 0x24
407: CALLDATALOAD
408: PUSH1 0x01
410: PUSH1 0xa0
412: PUSH1 0x02
414: EXP
415: SUB
416: CALLER
417: AND
418: PUSH1 0x00
420: SWAP1
421: DUP2
422: MSTORE
423: PUSH1 0x03
425: PUSH1 0x20
427: MSTORE
428: PUSH1 0x40
430: SWAP1
431: SHA3
432: SLOAD
433: DUP2
434: SWAP1
435: LT
436: ISZERO
437: PUSH2 0x0424
440: JUMPI
441: PUSH2 0x0002
444: JUMP
445: JUMPDEST
446: PUSH1 0x80
448: PUSH1 0x20
450: PUSH1 0x44
452: CALLDATALOAD
453: PUSH1 0x04
455: DUP2
456: DUP2
457: ADD
458: CALLDATALOAD
459: PUSH1 0x1f
461: DUP2
462: ADD
463: DUP5
464: SWAP1
465: DIV
466: SWAP1
467: SWAP4
468: MUL
469: DUP5
470: ADD
471: PUSH1 0x40
473: MSTORE
474: PUSH1 0x60
476: DUP4
477: DUP2
478: MSTORE
479: PUSH2 0x03d5
482: SWAP5
483: DUP3
484: CALLDATALOAD
485: SWAP5
486: PUSH1 0x24
488: DUP1
489: CALLDATALOAD
490: SWAP6
491: PUSH1 0x64
493: SWAP5
494: SWAP4
495: SWAP2
496: ADD
497: SWAP2
498: SWAP1
499: DUP2
500: SWAP1
501: DUP4
502: DUP3
503: DUP1
504: DUP3
505: DUP5
506: CALLDATACOPY
507: POP
508: SWAP5
509: SWAP7
510: POP
511: POP
512: POP
513: POP
514: POP
515: POP
516: POP
517: PUSH1 0x00
519: PUSH1 0x00
521: DUP4
522: PUSH1 0x04
524: PUSH1 0x00
526: POP
527: PUSH1 0x00
529: CALLER
530: PUSH1 0x01
532: PUSH1 0xa0
534: PUSH1 0x02
536: EXP
537: SUB
538: AND
539: DUP2
540: MSTORE
541: PUSH1 0x20
543: ADD
544: SWAP1
545: DUP2
546: MSTORE
547: PUSH1 0x20
549: ADD
550: PUSH1 0x00
552: SHA3
553: PUSH1 0x00
555: POP
556: PUSH1 0x00
558: DUP8
559: PUSH1 0x01
561: PUSH1 0xa0
563: PUSH1 0x02
565: EXP
566: SUB
567: AND
568: DUP2
569: MSTORE
570: PUSH1 0x20
572: ADD
573: SWAP1
574: DUP2
575: MSTORE
576: PUSH1 0x20
578: ADD
579: PUSH1 0x00
581: SHA3
582: PUSH1 0x00
584: POP
585: DUP2
586: SWAP1
587: SSTORE
588: POP
589: DUP5
590: SWAP1
591: POP
592: DUP1
593: PUSH1 0x01
595: PUSH1 0xa0
597: PUSH1 0x02
599: EXP
600: SUB
601: AND
602: PUSH4 0x8f4ffcb1
607: CALLER
608: DUP7
609: ADDRESS
610: DUP8
611: PUSH1 0x40
613: MLOAD
614: DUP6
615: PUSH1 0xe0
617: PUSH1 0x02
619: EXP
620: MUL
621: DUP2
622: MSTORE
623: PUSH1 0x04
625: ADD
626: DUP1
627: DUP6
628: PUSH1 0x01
630: PUSH1 0xa0
632: PUSH1 0x02
634: EXP
635: SUB
636: AND
637: DUP2
638: MSTORE
639: PUSH1 0x20
641: ADD
642: DUP5
643: DUP2
644: MSTORE
645: PUSH1 0x20
647: ADD
648: DUP4
649: PUSH1 0x01
651: PUSH1 0xa0
653: PUSH1 0x02
655: EXP
656: SUB
657: AND
658: DUP2
659: MSTORE
660: PUSH1 0x20
662: ADD
663: DUP1
664: PUSH1 0x20
666: ADD
667: DUP3
668: DUP2
669: SUB
670: DUP3
671: MSTORE
672: DUP4
673: DUP2
674: DUP2
675: MLOAD
676: DUP2
677: MSTORE
678: PUSH1 0x20
680: ADD
681: SWAP2
682: POP
683: DUP1
684: MLOAD
685: SWAP1
686: PUSH1 0x20
688: ADD
689: SWAP1
690: DUP1
691: DUP4
692: DUP4
693: DUP3
694: SWAP1
695: PUSH1 0x00
697: PUSH1 0x04
699: PUSH1 0x20
701: DUP5
702: PUSH1 0x1f
704: ADD
705: DIV
706: PUSH1 0x0f
708: MUL
709: PUSH1 0x03
711: ADD
712: CALL
713: POP
714: SWAP1
715: POP
716: SWAP1
717: DUP2
718: ADD
719: SWAP1
720: PUSH1 0x1f
722: AND
723: DUP1
724: ISZERO
725: PUSH2 0x02f2
728: JUMPI
729: DUP1
730: DUP3
731: SUB
732: DUP1
733: MLOAD
734: PUSH1 0x01
736: DUP4
737: PUSH1 0x20
739: SUB
740: PUSH2 0x0100
743: EXP
744: SUB
745: NOT
746: AND
747: DUP2
748: MSTORE
749: PUSH1 0x20
751: ADD
752: SWAP2
753: POP
754: JUMPDEST
755: POP
756: SWAP6
757: POP
758: POP
759: POP
760: POP
761: POP
762: POP
763: PUSH1 0x00
765: PUSH1 0x40
767: MLOAD
768: DUP1
769: DUP4
770: SUB
771: DUP2
772: PUSH1 0x00
774: DUP8
775: PUSH2 0x61da
778: GAS
779: SUB
780: CALL
781: ISZERO
782: PUSH2 0x0002
785: JUMPI
786: POP
787: POP
788: POP
789: POP
790: SWAP4
791: SWAP3
792: POP
793: POP
794: POP
795: JUMP
===
796: JUMPDEST
797: PUSH1 0x05
799: PUSH1 0x20
801: SWAP1
802: DUP2
803: MSTORE
804: PUSH1 0x04
806: CALLDATALOAD
807: PUSH1 0x00
809: SWAP1
810: DUP2
811: MSTORE
812: PUSH1 0x40
814: DUP1
815: DUP3
816: SHA3
817: SWAP1
818: SWAP3
819: MSTORE
820: PUSH1 0x24
822: CALLDATALOAD
823: DUP2
824: MSTORE
825: SHA3
826: SLOAD
827: PUSH2 0x03d5
830: SWAP1
831: DUP2
832: JUMP
833: JUMPDEST
834: PUSH1 0x04
836: PUSH1 0x20
838: DUP2
839: DUP2
840: MSTORE
841: SWAP1
842: CALLDATALOAD
843: PUSH1 0x00
845: SWAP1
846: DUP2
847: MSTORE
848: PUSH1 0x40
850: DUP1
851: DUP3
852: SHA3
853: SWAP1
854: SWAP3
855: MSTORE
856: PUSH1 0x24
858: CALLDATALOAD
859: DUP2
860: MSTORE
861: SHA3
862: SLOAD
863: PUSH2 0x03d5
866: SWAP1
867: DUP2
868: JUMP
869: JUMPDEST
870: STOP
871: JUMPDEST
872: PUSH1 0x40
874: MLOAD
875: DUP1
876: DUP1
877: PUSH1 0x20
879: ADD
880: DUP3
881: DUP2
882: SUB
883: DUP3
884: MSTORE
885: DUP4
886: DUP2
887: DUP2
888: MLOAD
889: DUP2
890: MSTORE
891: PUSH1 0x20
893: ADD
894: SWAP2
895: POP
896: DUP1
897: MLOAD
898: SWAP1
899: PUSH1 0x20
901: ADD
902: SWAP1
903: DUP1
904: DUP4
905: DUP4
906: DUP3
907: SWAP1
908: PUSH1 0x00
910: PUSH1 0x04
912: PUSH1 0x20
914: DUP5
915: PUSH1 0x1f
917: ADD
918: DIV
919: PUSH1 0x0f
921: MUL
922: PUSH1 0x03
924: ADD
925: CALL
926: POP
927: SWAP1
928: POP
929: SWAP1
930: DUP2
931: ADD
932: SWAP1
933: PUSH1 0x1f
935: AND
936: DUP1
937: ISZERO
938: PUSH2 0x03c7
941: JUMPI
942: DUP1
943: DUP3
944: SUB
945: DUP1
946: MLOAD
947: PUSH1 0x01
949: DUP4
950: PUSH1 0x20
952: SUB
953: PUSH2 0x0100
956: EXP
957: SUB
958: NOT
959: AND
960: DUP2
961: MSTORE
962: PUSH1 0x20
964: ADD
965: SWAP2
966: POP
967: JUMPDEST
968: POP
969: SWAP3
970: POP
971: POP
972: POP
973: PUSH1 0x40
975: MLOAD
976: DUP1
977: SWAP2
978: SUB
979: SWAP1
980: RETURN
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 2ms:
981: JUMPDEST
982: PUSH1 0x40
984: DUP1
985: MLOAD
986: SWAP2
987: DUP3
988: MSTORE
989: MLOAD
990: SWAP1
991: DUP2
992: SWAP1
993: SUB
994: PUSH1 0x20
996: ADD
997: SWAP1
998: RETURN
999: JUMPDEST
1000: PUSH1 0x60
1002: SWAP1
1003: DUP2
1004: MSTORE
1005: PUSH1 0x20
1007: SWAP1
1008: RETURN
1009: JUMPDEST
1010: DUP3
1011: ADD
1012: SWAP2
1013: SWAP1
1014: PUSH1 0x00
1016: MSTORE
1017: PUSH1 0x20
1019: PUSH1 0x00
1021: SHA3
1022: SWAP1
1023: JUMPDEST
1024: DUP2
1025: SLOAD
1026: DUP2
1027: MSTORE
1028: SWAP1
1029: PUSH1 0x01
1031: ADD
1032: SWAP1
1033: PUSH1 0x20
1035: ADD
1036: DUP1
1037: DUP4
1038: GT
1039: PUSH2 0x03ff
1042: JUMPI
1043: DUP3
1044: SWAP1
1045: SUB
1046: PUSH1 0x1f
1048: AND
1049: DUP3
1050: ADD
1051: SWAP2
1052: JUMPDEST
1053: POP
1054: POP
1055: POP
1056: POP
1057: POP
1058: DUP2
1059: JUMP
1060: JUMPDEST
1061: PUSH1 0x01
1063: PUSH1 0xa0
1065: PUSH1 0x02
1067: EXP
1068: SUB
1069: DUP3
1070: AND
1071: PUSH1 0x00
1073: SWAP1
1074: DUP2
1075: MSTORE
1076: PUSH1 0x40
1078: SWAP1
1079: SHA3
1080: SLOAD
1081: DUP1
1082: DUP3
1083: ADD
1084: LT
1085: ISZERO
1086: PUSH2 0x0446
1089: JUMPI
1090: PUSH2 0x0002
1093: JUMP
1094: JUMPDEST
1095: DUP1
1096: PUSH1 0x03
1098: PUSH1 0x00
1100: POP
1101: PUSH1 0x00
1103: CALLER
1104: PUSH1 0x01
1106: PUSH1 0xa0
1108: PUSH1 0x02
1110: EXP
1111: SUB
1112: AND
1113: DUP2
1114: MSTORE
1115: PUSH1 0x20
1117: ADD
1118: SWAP1
1119: DUP2
1120: MSTORE
1121: PUSH1 0x20
1123: ADD
1124: PUSH1 0x00
1126: SHA3
1127: PUSH1 0x00
1129: DUP3
1130: DUP3
1131: DUP3
1132: POP
1133: SLOAD
1134: SUB
1135: SWAP3
1136: POP
1137: POP
1138: DUP2
1139: SWAP1
1140: SSTORE
1141: POP
1142: DUP1
1143: PUSH1 0x03
1145: PUSH1 0x00
1147: POP
1148: PUSH1 0x00
1150: DUP5
1151: PUSH1 0x01
1153: PUSH1 0xa0
1155: PUSH1 0x02
1157: EXP
1158: SUB
1159: AND
1160: DUP2
1161: MSTORE
1162: PUSH1 0x20
1164: ADD
1165: SWAP1
1166: DUP2
1167: MSTORE
1168: PUSH1 0x20
1170: ADD
1171: PUSH1 0x00
1173: SHA3
1174: PUSH1 0x00
1176: DUP3
1177: DUP3
1178: DUP3
1179: POP
1180: SLOAD
1181: ADD
1182: SWAP3
1183: POP
1184: POP
1185: DUP2
1186: SWAP1
1187: SSTORE
1188: POP
1189: DUP2
1190: PUSH1 0x01
1192: PUSH1 0xa0
1194: PUSH1 0x02
1196: EXP
1197: SUB
1198: AND
1199: CALLER
1200: PUSH1 0x01
1202: PUSH1 0xa0
1204: PUSH1 0x02
1206: EXP
1207: SUB
1208: AND
1209: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
1242: DUP4
1243: PUSH1 0x40
1245: MLOAD
1246: DUP1
1247: DUP3
1248: DUP2
1249: MSTORE
1250: PUSH1 0x20
1252: ADD
1253: SWAP2
1254: POP
1255: POP
1256: PUSH1 0x40
1258: MLOAD
1259: DUP1
1260: SWAP2
1261: SUB
1262: SWAP1
1263: LOG3
1264: POP
1265: POP
1266: JUMP
1267: JUMPDEST
1268: PUSH1 0x01
1270: PUSH1 0xa0
1272: PUSH1 0x02
1274: EXP
1275: SUB
1276: DUP4
1277: AND
1278: DUP2
1279: MSTORE
1280: PUSH1 0x40
1282: DUP2
1283: SHA3
1284: SLOAD
1285: DUP1
1286: DUP4
1287: ADD
1288: LT
1289: ISZERO
1290: PUSH2 0x0512
1293: JUMPI
1294: PUSH2 0x0002
1297: JUMP
1298: JUMPDEST
1299: PUSH1 0x01
1301: PUSH1 0xa0
1303: PUSH1 0x02
1305: EXP
1306: SUB
1307: DUP1
1308: DUP6
1309: AND
1310: DUP1
1311: DUP4
1312: MSTORE
1313: PUSH1 0x04
1315: PUSH1 0x20
1317: SWAP1
1318: DUP2
1319: MSTORE
1320: PUSH1 0x40
1322: DUP1
1323: DUP6
1324: SHA3
1325: CALLER
1326: SWAP5
1327: SWAP1
1328: SWAP5
1329: AND
1330: DUP1
1331: DUP7
1332: MSTORE
1333: SWAP4
1334: DUP3
1335: MSTORE
1336: DUP1
1337: DUP6
1338: SHA3
1339: SLOAD
1340: SWAP3
1341: DUP6
1342: MSTORE
1343: PUSH1 0x05
1345: DUP3
1346: MSTORE
1347: DUP1
1348: DUP6
1349: SHA3
1350: SWAP4
1351: DUP6
1352: MSTORE
1353: SWAP3
1354: SWAP1
1355: MSTORE
1356: SWAP1
1357: DUP3
1358: SHA3
1359: SLOAD
1360: DUP4
1361: ADD
1362: GT
1363: ISZERO
1364: PUSH2 0x055c
1367: JUMPI
1368: PUSH2 0x0002
1371: JUMP
1372: JUMPDEST
1373: DUP2
1374: PUSH1 0x03
1376: PUSH1 0x00
1378: POP
1379: PUSH1 0x00
1381: DUP7
1382: PUSH1 0x01
1384: PUSH1 0xa0
1386: PUSH1 0x02
1388: EXP
1389: SUB
1390: AND
1391: DUP2
1392: MSTORE
1393: PUSH1 0x20
1395: ADD
1396: SWAP1
1397: DUP2
1398: MSTORE
1399: PUSH1 0x20
1401: ADD
1402: PUSH1 0x00
1404: SHA3
1405: PUSH1 0x00
1407: DUP3
1408: DUP3
1409: DUP3
1410: POP
1411: SLOAD
1412: SUB
1413: SWAP3
1414: POP
1415: POP
1416: DUP2
1417: SWAP1
1418: SSTORE
1419: POP
1420: DUP2
1421: PUSH1 0x03
1423: PUSH1 0x00
1425: POP
1426: PUSH1 0x00
1428: DUP6
1429: PUSH1 0x01
1431: PUSH1 0xa0
1433: PUSH1 0x02
1435: EXP
1436: SUB
1437: AND
1438: DUP2
1439: MSTORE
1440: PUSH1 0x20
1442: ADD
1443: SWAP1
1444: DUP2
1445: MSTORE
1446: PUSH1 0x20
1448: ADD
1449: PUSH1 0x00
1451: SHA3
1452: PUSH1 0x00
1454: DUP3
1455: DUP3
1456: DUP3
1457: POP
1458: SLOAD
1459: ADD
1460: SWAP3
1461: POP
1462: POP
1463: DUP2
1464: SWAP1
1465: SSTORE
1466: POP
1467: DUP2
1468: PUSH1 0x05
1470: PUSH1 0x00
1472: POP
1473: PUSH1 0x00
1475: DUP7
1476: PUSH1 0x01
1478: PUSH1 0xa0
1480: PUSH1 0x02
1482: EXP
1483: SUB
1484: AND
1485: DUP2
1486: MSTORE
1487: PUSH1 0x20
1489: ADD
1490: SWAP1
1491: DUP2
1492: MSTORE
1493: PUSH1 0x20
1495: ADD
1496: PUSH1 0x00
1498: SHA3
1499: PUSH1 0x00
1501: POP
1502: PUSH1 0x00
1504: CALLER
1505: PUSH1 0x01
1507: PUSH1 0xa0
1509: PUSH1 0x02
1511: EXP
1512: SUB
1513: AND
1514: DUP2
1515: MSTORE
1516: PUSH1 0x20
1518: ADD
1519: SWAP1
1520: DUP2
1521: MSTORE
1522: PUSH1 0x20
1524: ADD
1525: PUSH1 0x00
1527: SHA3
1528: PUSH1 0x00
1530: DUP3
1531: DUP3
1532: DUP3
1533: POP
1534: SLOAD
1535: ADD
1536: SWAP3
1537: POP
1538: POP
1539: DUP2
1540: SWAP1
1541: SSTORE
1542: POP
1543: DUP3
1544: PUSH1 0x01
1546: PUSH1 0xa0
1548: PUSH1 0x02
1550: EXP
1551: SUB
1552: AND
1553: CALLER
1554: PUSH1 0x01
1556: PUSH1 0xa0
1558: PUSH1 0x02
1560: EXP
1561: SUB
1562: AND
1563: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
1596: DUP5
1597: PUSH1 0x40
1599: MLOAD
1600: DUP1
1601: DUP3
1602: DUP2
1603: MSTORE
1604: PUSH1 0x20
1606: ADD
1607: SWAP2
1608: POP
1609: POP
1610: PUSH1 0x40
1612: MLOAD
1613: DUP1
1614: SWAP2
1615: SUB
1616: SWAP1
1617: LOG3
1618: SWAP4
1619: SWAP3
1620: POP
1621: POP
1622: POP
1623: JUMP
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 5ms:
119: JUMPDEST
120: PUSH2 0x0365
123: PUSH2 0x0002
126: JUMP
127: JUMPDEST
128: PUSH2 0x0367
131: PUSH1 0x00
133: DUP1
134: SLOAD
135: PUSH1 0x20
137: PUSH1 0x02
139: PUSH1 0x01
141: DUP4
142: AND
143: ISZERO
144: PUSH2 0x0100
147: MUL
148: PUSH1 0x00
150: NOT
151: ADD
152: SWAP1
153: SWAP3
154: AND
155: SWAP2
156: SWAP1
157: SWAP2
158: DIV
159: PUSH1 0x1f
161: DUP2
162: ADD
163: DUP3
164: SWAP1
165: DIV
166: SWAP1
167: SWAP2
168: MUL
169: PUSH1 0x80
171: SWAP1
172: DUP2
173: ADD
174: PUSH1 0x40
176: MSTORE
177: PUSH1 0x60
179: DUP3
180: DUP2
181: MSTORE
182: SWAP3
183: SWAP2
184: SWAP1
185: DUP3
186: DUP3
187: DUP1
188: ISZERO
189: PUSH2 0x041c
192: JUMPI
193: DUP1
194: PUSH1 0x1f
196: LT
197: PUSH2 0x03f1
200: JUMPI
201: PUSH2 0x0100
204: DUP1
205: DUP4
206: SLOAD
207: DIV
208: MUL
209: DUP4
210: MSTORE
211: SWAP2
212: PUSH1 0x20
214: ADD
215: SWAP2
216: PUSH2 0x041c
219: JUMP
220: JUMPDEST
221: PUSH2 0x03d5
224: PUSH1 0x04
226: CALLDATALOAD
227: PUSH1 0x24
229: CALLDATALOAD
230: PUSH1 0x44
232: CALLDATALOAD
233: PUSH1 0x01
235: PUSH1 0xa0
237: PUSH1 0x02
239: EXP
240: SUB
241: DUP4
242: AND
243: PUSH1 0x00
245: SWAP1
246: DUP2
247: MSTORE
248: PUSH1 0x03
250: PUSH1 0x20
252: MSTORE
253: PUSH1 0x40
255: DUP2
256: SHA3
257: SLOAD
258: DUP3
259: SWAP1
260: LT
261: ISZERO
262: PUSH2 0x04f3
265: JUMPI
266: PUSH2 0x0002
269: JUMP
270: JUMPDEST
271: PUSH2 0x03e7
274: PUSH1 0x02
276: SLOAD
277: PUSH1 0xff
279: AND
280: DUP2
281: JUMP
282: JUMPDEST
283: PUSH2 0x03d5
286: PUSH1 0x04
288: CALLDATALOAD
289: PUSH1 0x03
291: PUSH1 0x20
293: MSTORE
294: PUSH1 0x00
296: SWAP1
297: DUP2
298: MSTORE
299: PUSH1 0x40
301: SWAP1
302: SHA3
303: SLOAD
304: DUP2
305: JUMP
306: JUMPDEST
307: PUSH2 0x0367
310: PUSH1 0x01
312: DUP1
313: SLOAD
314: PUSH1 0x20
316: PUSH1 0x02
318: DUP3
319: DUP5
320: AND
321: ISZERO
322: PUSH2 0x0100
325: MUL
326: PUSH1 0x00
328: NOT
329: ADD
330: SWAP1
331: SWAP3
332: AND
333: SWAP2
334: SWAP1
335: SWAP2
336: DIV
337: PUSH1 0x1f
339: DUP2
340: ADD
341: DUP3
342: SWAP1
343: DIV
344: SWAP1
345: SWAP2
346: MUL
347: PUSH1 0x80
349: SWAP1
350: DUP2
351: ADD
352: PUSH1 0x40
354: MSTORE
355: PUSH1 0x60
357: DUP3
358: DUP2
359: MSTORE
360: SWAP3
361: SWAP2
362: SWAP1
363: DUP3
364: DUP3
365: DUP1
366: ISZERO
367: PUSH2 0x041c
370: JUMPI
371: DUP1
372: PUSH1 0x1f
374: LT
375: PUSH2 0x03f1
378: JUMPI
379: PUSH2 0x0100
382: DUP1
383: DUP4
384: SLOAD
385: DIV
386: MUL
387: DUP4
388: MSTORE
389: SWAP2
390: PUSH1 0x20
392: ADD
393: SWAP2
394: PUSH2 0x041c
397: JUMP
398: JUMPDEST
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 1ms:
75: DUP1
76: PUSH4 0xa9059cbb
81: EQ
82: PUSH2 0x018e
85: JUMPI
86: DUP1
87: PUSH4 0xcae9ca51
92: EQ
93: PUSH2 0x01bd
96: JUMPI
97: DUP1
98: PUSH4 0xdc3080f2
103: EQ
104: PUSH2 0x031c
107: JUMPI
108: DUP1
109: PUSH4 0xdd62ed3e
114: EQ
115: PUSH2 0x0341
118: JUMPI
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 15ms:
unhandled 445 JUMPDEST stack top [ 'ret_pc' ]
final stack [ 'ret_pc' ]
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 29ms:
CALLDATACOPY 0x80 add(cd[0x44],0x24) cd[add(cd[0x44],0x04)]
SSTORE at 587 slot sha3(add(add(0x00,0x20),0x20),0x00) val cd[0x24]
CALL at 712 {
gas: 'add(mul(div(0x20,add(cd[add(cd[0x44],0x04)],0x1f)),0x0f),0x03)',
to: '0x04',
value: '0x00',
inOff: 'add(0x60,0x20)',
inSize: 'cd[add(cd[0x44],0x04)]',
outOff: 'add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20)',
outSize: 'cd[add(cd[0x44],0x04)]'
}
JUMPI 728 dest 0x02f2 cond iszero(and(cd[add(cd[0x44],0x04)],0x1f))
unhandled 745 NOT stack [
'0x03d5',
'cd[0x04]',
'cd[0x24]',
'0x60',
'0x00',
'cd[0x04]',
'and(cd[0x04],sub(0x01,exp(0xa0,0x02)))',
'0x8f4ffcb1',
'caller',
'cd[0x24]',
'address(this)',
'0x60',
'add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04)',
'add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20)',
'add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)])',
'and(cd[add(cd[0x44],0x04)],0x1f)',
'sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)]))',
'm[sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)]))]',
'sub(0x01,exp(sub(and(cd[add(cd[0x44],0x04)],0x1f),0x20),0x0100))'
]
end stack [
'0x03d5',
'cd[0x04]',
'cd[0x24]',
'0x60',
'0x00',
'cd[0x04]',
'and(cd[0x04],sub(0x01,exp(0xa0,0x02)))',
'0x8f4ffcb1',
'caller',
'cd[0x24]',
'address(this)',
'0x60',
'add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04)',
'add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20)',
'add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)])',
'and(cd[add(cd[0x44],0x04)],0x1f)',
'sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)]))',
'm[sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)]))]',
'sub(0x01,exp(sub(and(cd[add(cd[0x44],0x04)],0x1f),0x20),0x0100))'
]
exec
js_repl in /tmp/codex-zsh1ke7u
succeeded in 7ms:
CALLDATACOPY 0x80 add(cd[0x44],0x24) cd[add(cd[0x44],0x04)]
SSTORE at 587 slot sha3(add(add(0x00,0x20),0x20),0x00) val cd[0x24]
CALL at 712 {
gas: 'add(mul(div(0x20,add(cd[add(cd[0x44],0x04)],0x1f)),0x0f),0x03)',
to: '0x04',
value: '0x00',
inOff: 'add(0x60,0x20)',
inSize: 'cd[add(cd[0x44],0x04)]',
outOff: 'add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20)',
outSize: 'cd[add(cd[0x44],0x04)]'
}
JUMPI 728 dest 0x02f2 cond iszero(and(cd[add(cd[0x44],0x04)],0x1f))
CALL at 780 {
gas: 'sub(0x61da,gas())',
to: 'and(cd[0x04],sub(0x01,exp(0xa0,0x02)))',
value: '0x00',
inOff: 'add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80)',
inSize: 'sub(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),add(sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)])),0x20))',
outOff: 'add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80)',
outSize: '0x00'
}
end stack [
'0x03d5',
'cd[0x04]',
'cd[0x24]',
'0x60',
'0x00',
'cd[0x04]',
'and(cd[0x04],sub(0x01,exp(0xa0,0x02)))',
'0x8f4ffcb1',
'add(sub(and(cd[add(cd[0x44],0x04)],0x1f),add(add(add(add(add(add(add(add(mul(div(0x20,add(0x1f,cd[add(cd[0x44],0x04)])),0x20),0x80),0x04),0x20),0x20),0x20),0x20),0x20),cd[add(cd[0x44],0x04)])),0x20)',
'call_result@780'
]
codex
{"no_findings":false,"summary":"ERC20-like runtime bytecode with custom approval/callback logic. No proxy/delegatecall path was evident from the bundle. The meaningful issues are a non-standard two-slot allowance model that makes `allowance()` over-report spendable value, and an `approveAndCall`-style external callback that can reenter after approval is written.","findings":[{"severity":"medium","category":"other","title":"`allowance()` appears to report approved ceiling, not remaining spendable allowance","exploit_scenario":"A wallet, DEX, or vault reads `allowance(owner, spender)` via `0xdd62ed3e` and believes that full amount is still spendable. If the spender has already consumed part of the approval, `transferFrom` can still revert because the contract also tracks a separate spent counter. This can break pull-based integrations, leave approvals seemingly usable when they are not, and make allowance changes behave unexpectedly unless an integrator knows about the custom second mapping.","recommendation":"If this contract must present an ERC20-compatible surface, make `allowance()` return remaining allowance, or decrement the same allowance slot that `allowance()` reads. At minimum, document the non-standard behavior prominently and require integrators to account for the extra spent-allowance state (best-effort inferred from selector `0xdc3080f2`).","evidence":"Best-effort bytecode inference shows `0xdd62ed3e` reading only one nested mapping rooted at slot `0x04` (`pc:0x35e`). In `0x23b872dd`, the transferFrom path reads slot `0x04` (`pc:0x53b`) and a second nested mapping rooted at slot `0x05` (`pc:0x54f`), checks the combination, then updates slot `0x05` at `pc:0x605` instead of decrementing slot `0x04`. That implies standard `allowance()` does not expose the true remaining spendable amount.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xdc3080f2","pc:0x35e","pc:0x53b","pc:0x54f","pc:0x605"]},{"severity":"low","category":"reentrancy","title":"Approval callback performs a full-gas external call after writing approval","exploit_scenario":"If selector `0xcae9ca51` is the expected `approveAndCall(address,uint256,bytes)`-style entrypoint, a malicious spender contract can receive the callback and immediately reenter the token using the just-written approval before the outer call returns. From the bytecode alone, this looks intentional, but any integrator assuming the callback is non-reentrant could be surprised.","recommendation":"Treat this entrypoint as reentrant-by-design. Avoid using it with untrusted spender contracts. If behavior can be changed, add an explicit reentrancy guard or refactor so callbacks cannot observe freshly written approval without tighter controls.","evidence":"Selector `0xcae9ca51` accepts calldata shaped like `(address,uint256,bytes)` and writes to the allowance-like mapping at `pc:0x24b`. It then builds calldata containing selector `0x8f4ffcb1` at `pc:0x25a` and performs a low-level `CALL` to the calldata-derived target at `pc:0x30c`, with no detected guard. The other CALLs at `pc:0x2c8`/`pc:0x39d` are consistent with identity-precompile/string-copy helpers and are lower concern.","locations":["selector:0xcae9ca51","pc:0x24b","pc:0x25a","pc:0x30c"]}]}
tokens used
70,225
{
"codex": {
"ran_at": "2026-04-05T04:40:26.286238+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3250,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "ERC20-like runtime bytecode with custom approval/callback logic. No proxy/delegatecall path was evident from the bundle. The meaningful issues are a non-standard two-slot allowance model that makes `allowance()` over-report spendable value, and an `approveAndCall`-style external callback that can reenter after approval is written.",
"raw_final": {
"summary": "ERC20-like runtime bytecode with custom approval/callback logic. No proxy/delegatecall path was evident from the bundle. The meaningful issues are a non-standard two-slot allowance model that makes `allowance()` over-report spendable value, and an `approveAndCall`-style external callback that can reenter after approval is written.",
"findings": [
{
"title": "`allowance()` appears to report approved ceiling, not remaining spendable allowance",
"category": "other",
"evidence": "Best-effort bytecode inference shows `0xdd62ed3e` reading only one nested mapping rooted at slot `0x04` (`pc:0x35e`). In `0x23b872dd`, the transferFrom path reads slot `0x04` (`pc:0x53b`) and a second nested mapping rooted at slot `0x05` (`pc:0x54f`), checks the combination, then updates slot `0x05` at `pc:0x605` instead of decrementing slot `0x04`. That implies standard `allowance()` does not expose the true remaining spendable amount.",
"severity": "medium",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xdc3080f2",
"pc:0x35e",
"pc:0x53b",
"pc:0x54f",
"pc:0x605"
],
"recommendation": "If this contract must present an ERC20-compatible surface, make `allowance()` return remaining allowance, or decrement the same allowance slot that `allowance()` reads. At minimum, document the non-standard behavior prominently and require integrators to account for the extra spent-allowance state (best-effort inferred from selector `0xdc3080f2`).",
"exploit_scenario": "A wallet, DEX, or vault reads `allowance(owner, spender)` via `0xdd62ed3e` and believes that full amount is still spendable. If the spender has already consumed part of the approval, `transferFrom` can still revert because the contract also tracks a separate spent counter. This can break pull-based integrations, leave approvals seemingly usable when they are not, and make allowance changes behave unexpectedly unless an integrator knows about the custom second mapping."
},
{
"title": "Approval callback performs a full-gas external call after writing approval",
"category": "reentrancy",
"evidence": "Selector `0xcae9ca51` accepts calldata shaped like `(address,uint256,bytes)` and writes to the allowance-like mapping at `pc:0x24b`. It then builds calldata containing selector `0x8f4ffcb1` at `pc:0x25a` and performs a low-level `CALL` to the calldata-derived target at `pc:0x30c`, with no detected guard. The other CALLs at `pc:0x2c8`/`pc:0x39d` are consistent with identity-precompile/string-copy helpers and are lower concern.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x25a",
"pc:0x30c"
],
"recommendation": "Treat this entrypoint as reentrant-by-design. Avoid using it with untrusted spender contracts. If behavior can be changed, add an explicit reentrancy guard or refactor so callbacks cannot observe freshly written approval without tighter controls.",
"exploit_scenario": "If selector `0xcae9ca51` is the expected `approveAndCall(address,uint256,bytes)`-style entrypoint, a malicious spender contract can receive the callback and immediately reenter the token using the just-written approval before the outer call returns. From the bytecode alone, this looks intentional, but any integrator assuming the callback is non-reentrant could be surprised."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0077 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x007f 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x23b872dd 00000025: EQ 00000026: PUSH2 0x00dc 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x010e 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x70a08231 0000003b: EQ 0000003c: PUSH2 0x011a 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x95d89b41 00000046: EQ 00000047: PUSH2 0x0132 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xa9059cbb 00000051: EQ 00000052: PUSH2 0x018e 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xcae9ca51 0000005c: EQ 0000005d: PUSH2 0x01bd 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xdc3080f2 00000067: EQ 00000068: PUSH2 0x031c 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xdd62ed3e 00000072: EQ 00000073: PUSH2 0x0341 00000076: JUMPI 00000077: JUMPDEST 00000078: PUSH2 0x0365 0000007b: PUSH2 0x0002 0000007e: JUMP 0000007f: JUMPDEST 00000080: PUSH2 0x0367 00000083: PUSH1 0x00 00000085: DUP1 00000086: SLOAD 00000087: PUSH1 0x20 00000089: PUSH1 0x02 0000008b: PUSH1 0x01 0000008d: DUP4 0000008e: AND 0000008f: ISZERO 00000090: PUSH2 0x0100 00000093: MUL 00000094: PUSH1 0x00 00000096: NOT 00000097: ADD 00000098: SWAP1 00000099: SWAP3 0000009a: AND 0000009b: SWAP2 0000009c: SWAP1 0000009d: SWAP2 0000009e: DIV 0000009f: PUSH1 0x1f 000000a1: DUP2 000000a2: ADD 000000a3: DUP3 000000a4: SWAP1 000000a5: DIV 000000a6: SWAP1 000000a7: SWAP2 000000a8: MUL 000000a9: PUSH1 0x80 000000ab: SWAP1 000000ac: DUP2 000000ad: ADD 000000ae: PUSH1 0x40 000000b0: MSTORE 000000b1: PUSH1 0x60 000000b3: DUP3 000000b4: DUP2 000000b5: MSTORE 000000b6: SWAP3 000000b7: SWAP2 000000b8: SWAP1 000000b9: DUP3 000000ba: DUP3 000000bb: DUP1 000000bc: ISZERO 000000bd: PUSH2 0x041c 000000c0: JUMPI 000000c1: DUP1 000000c2: PUSH1 0x1f 000000c4: LT 000000c5: PUSH2 0x03f1 000000c8: JUMPI 000000c9: PUSH2 0x0100 000000cc: DUP1 000000cd: DUP4 000000ce: SLOAD 000000cf: DIV 000000d0: MUL 000000d1: DUP4 000000d2: MSTORE 000000d3: SWAP2 000000d4: PUSH1 0x20 000000d6: ADD 000000d7: SWAP2 000000d8: PUSH2 0x041c 000000db: JUMP 000000dc: JUMPDEST 000000dd: PUSH2 0x03d5 000000e0: PUSH1 0x04 000000e2: CALLDATALOAD 000000e3: PUSH1 0x24 000000e5: CALLDATALOAD 000000e6: PUSH1 0x44 000000e8: CALLDATALOAD 000000e9: PUSH1 0x01 000000eb: PUSH1 0xa0 000000ed: PUSH1 0x02 000000ef: EXP 000000f0: SUB 000000f1: DUP4 000000f2: AND 000000f3: PUSH1 0x00 000000f5: SWAP1 000000f6: DUP2 000000f7: MSTORE 000000f8: PUSH1 0x03 000000fa: PUSH1 0x20 000000fc: MSTORE 000000fd: PUSH1 0x40 000000ff: DUP2 00000100: KECCAK256 00000101: SLOAD 00000102: DUP3 00000103: SWAP1 00000104: LT 00000105: ISZERO 00000106: PUSH2 0x04f3 00000109: JUMPI 0000010a: PUSH2 0x0002 0000010d: JUMP 0000010e: JUMPDEST 0000010f: PUSH2 0x03e7 00000112: PUSH1 0x02 00000114: SLOAD 00000115: PUSH1 0xff 00000117: AND 00000118: DUP2 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH2 0x03d5 0000011e: PUSH1 0x04 00000120: CALLDATALOAD 00000121: PUSH1 0x03 00000123: PUSH1 0x20 00000125: MSTORE 00000126: PUSH1 0x00 00000128: SWAP1 00000129: DUP2 0000012a: MSTORE 0000012b: PUSH1 0x40 0000012d: SWAP1 0000012e: KECCAK256 0000012f: SLOAD 00000130: DUP2 00000131: JUMP 00000132: JUMPDEST 00000133: PUSH2 0x0367 00000136: PUSH1 0x01 00000138: DUP1 00000139: SLOAD 0000013a: PUSH1 0x20 0000013c: PUSH1 0x02 0000013e: DUP3 0000013f: DUP5 00000140: AND 00000141: ISZERO 00000142: PUSH2 0x0100 00000145: MUL 00000146: PUSH1 0x00 00000148: NOT 00000149: ADD 0000014a: SWAP1 0000014b: SWAP3 0000014c: AND 0000014d: SWAP2 0000014e: SWAP1 0000014f: SWAP2 00000150: DIV 00000151: PUSH1 0x1f 00000153: DUP2 00000154: ADD 00000155: DUP3 00000156: SWAP1 00000157: DIV 00000158: SWAP1 00000159: SWAP2 0000015a: MUL 0000015b: PUSH1 0x80 0000015d: SWAP1 0000015e: DUP2 0000015f: ADD 00000160: PUSH1 0x40 00000162: MSTORE 00000163: PUSH1 0x60 00000165: DUP3 00000166: DUP2 00000167: MSTORE 00000168: SWAP3 00000169: SWAP2 0000016a: SWAP1 0000016b: DUP3 0000016c: DUP3 0000016d: DUP1 0000016e: ISZERO 0000016f: PUSH2 0x041c 00000172: JUMPI 00000173: DUP1 00000174: PUSH1 0x1f 00000176: LT 00000177: PUSH2 0x03f1 0000017a: JUMPI 0000017b: PUSH2 0x0100 0000017e: DUP1 0000017f: DUP4 00000180: SLOAD 00000181: DIV 00000182: MUL 00000183: DUP4 00000184: MSTORE 00000185: SWAP2 00000186: PUSH1 0x20 00000188: ADD 00000189: SWAP2 0000018a: PUSH2 0x041c 0000018d: JUMP 0000018e: JUMPDEST 0000018f: PUSH2 0x0365 00000192: PUSH1 0x04 00000194: CALLDATALOAD 00000195: PUSH1 0x24 00000197: CALLDATALOAD 00000198: PUSH1 0x01 0000019a: PUSH1 0xa0 0000019c: PUSH1 0x02 0000019e: EXP 0000019f: SUB 000001a0: CALLER 000001a1: AND 000001a2: PUSH1 0x00 000001a4: SWAP1 000001a5: DUP2 000001a6: MSTORE 000001a7: PUSH1 0x03 000001a9: PUSH1 0x20 000001ab: MSTORE 000001ac: PUSH1 0x40 000001ae: SWAP1 000001af: KECCAK256 000001b0: SLOAD 000001b1: DUP2 000001b2: SWAP1 000001b3: LT 000001b4: ISZERO 000001b5: PUSH2 0x0424 000001b8: JUMPI 000001b9: PUSH2 0x0002 000001bc: JUMP 000001bd: JUMPDEST 000001be: PUSH1 0x80 000001c0: PUSH1 0x20 000001c2: PUSH1 0x44 000001c4: CALLDATALOAD 000001c5: PUSH1 0x04 000001c7: DUP2 000001c8: DUP2 000001c9: ADD 000001ca: CALLDATALOAD 000001cb: PUSH1 0x1f 000001cd: DUP2 000001ce: ADD 000001cf: DUP5 000001d0: SWAP1 000001d1: DIV 000001d2: SWAP1 000001d3: SWAP4 000001d4: MUL 000001d5: DUP5 000001d6: ADD 000001d7: PUSH1 0x40 000001d9: MSTORE 000001da: PUSH1 0x60 000001dc: DUP4 000001dd: DUP2 000001de: MSTORE 000001df: PUSH2 0x03d5 000001e2: SWAP5 000001e3: DUP3 000001e4: CALLDATALOAD 000001e5: SWAP5 000001e6: PUSH1 0x24 000001e8: DUP1 000001e9: CALLDATALOAD 000001ea: SWAP6 000001eb: PUSH1 0x64 000001ed: SWAP5 000001ee: SWAP4 000001ef: SWAP2 000001f0: ADD 000001f1: SWAP2 000001f2: SWAP1 000001f3: DUP2 000001f4: SWAP1 000001f5: DUP4 000001f6: DUP3 000001f7: DUP1 000001f8: DUP3 000001f9: DUP5 000001fa: CALLDATACOPY 000001fb: POP 000001fc: SWAP5 000001fd: SWAP7 000001fe: POP 000001ff: POP 00000200: POP 00000201: POP 00000202: POP 00000203: POP 00000204: POP 00000205: PUSH1 0x00 00000207: PUSH1 0x00 00000209: DUP4 0000020a: PUSH1 0x04 0000020c: PUSH1 0x00 0000020e: POP 0000020f: PUSH1 0x00 00000211: CALLER 00000212: PUSH1 0x01 00000214: PUSH1 0xa0 00000216: PUSH1 0x02 00000218: EXP 00000219: SUB 0000021a: AND 0000021b: DUP2 0000021c: MSTORE 0000021d: PUSH1 0x20 0000021f: ADD 00000220: SWAP1 00000221: DUP2 00000222: MSTORE 00000223: PUSH1 0x20 00000225: ADD 00000226: PUSH1 0x00 00000228: KECCAK256 00000229: PUSH1 0x00 0000022b: POP 0000022c: PUSH1 0x00 0000022e: DUP8 0000022f: PUSH1 0x01 00000231: PUSH1 0xa0 00000233: PUSH1 0x02 00000235: EXP 00000236: SUB 00000237: AND 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP1 0000023e: DUP2 0000023f: MSTORE 00000240: PUSH1 0x20 00000242: ADD 00000243: PUSH1 0x00 00000245: KECCAK256 00000246: PUSH1 0x00 00000248: POP 00000249: DUP2 0000024a: SWAP1 0000024b: SSTORE 0000024c: POP 0000024d: DUP5 0000024e: SWAP1 0000024f: POP 00000250: DUP1 00000251: PUSH1 0x01 00000253: PUSH1 0xa0 00000255: PUSH1 0x02 00000257: EXP 00000258: SUB 00000259: AND 0000025a: PUSH4 0x8f4ffcb1 0000025f: CALLER 00000260: DUP7 00000261: ADDRESS 00000262: DUP8 00000263: PUSH1 0x40 00000265: MLOAD 00000266: DUP6 00000267: PUSH1 0xe0 00000269: PUSH1 0x02 0000026b: EXP 0000026c: MUL 0000026d: DUP2 0000026e: MSTORE 0000026f: PUSH1 0x04 00000271: ADD 00000272: DUP1 00000273: DUP6 00000274: PUSH1 0x01 00000276: PUSH1 0xa0 00000278: PUSH1 0x02 0000027a: EXP 0000027b: SUB 0000027c: AND 0000027d: DUP2 0000027e: MSTORE 0000027f: PUSH1 0x20 00000281: ADD 00000282: DUP5 00000283: DUP2 00000284: MSTORE 00000285: PUSH1 0x20 00000287: ADD 00000288: DUP4 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: DUP2 00000293: MSTORE 00000294: PUSH1 0x20 00000296: ADD 00000297: DUP1 00000298: PUSH1 0x20 0000029a: ADD 0000029b: DUP3 0000029c: DUP2 0000029d: SUB 0000029e: DUP3 0000029f: MSTORE 000002a0: DUP4 000002a1: DUP2 000002a2: DUP2 000002a3: MLOAD 000002a4: DUP2 000002a5: MSTORE 000002a6: PUSH1 0x20 000002a8: ADD 000002a9: SWAP2 000002aa: POP 000002ab: DUP1 000002ac: MLOAD 000002ad: SWAP1 000002ae: PUSH1 0x20 000002b0: ADD 000002b1: SWAP1 000002b2: DUP1 000002b3: DUP4 000002b4: DUP4 000002b5: DUP3 000002b6: SWAP1 000002b7: PUSH1 0x00 000002b9: PUSH1 0x04 000002bb: PUSH1 0x20 000002bd: DUP5 000002be: PUSH1 0x1f 000002c0: ADD 000002c1: DIV 000002c2: PUSH1 0x0f 000002c4: MUL 000002c5: PUSH1 0x03 000002c7: ADD 000002c8: CALL 000002c9: POP 000002ca: SWAP1 000002cb: POP 000002cc: SWAP1 000002cd: DUP2 000002ce: ADD 000002cf: SWAP1 000002d0: PUSH1 0x1f 000002d2: AND 000002d3: DUP1 000002d4: ISZERO 000002d5: PUSH2 0x02f2 000002d8: JUMPI 000002d9: DUP1 000002da: DUP3 000002db: SUB 000002dc: DUP1 000002dd: MLOAD 000002de: PUSH1 0x01 000002e0: DUP4 000002e1: PUSH1 0x20 000002e3: SUB 000002e4: PUSH2 0x0100 000002e7: EXP 000002e8: SUB 000002e9: NOT 000002ea: AND 000002eb: DUP2 000002ec: MSTORE 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: SWAP2 000002f1: POP 000002f2: JUMPDEST 000002f3: POP 000002f4: SWAP6 000002f5: POP 000002f6: POP 000002f7: POP 000002f8: POP 000002f9: POP 000002fa: POP 000002fb: PUSH1 0x00 000002fd: PUSH1 0x40 000002ff: MLOAD 00000300: DUP1 00000301: DUP4 00000302: SUB 00000303: DUP2 00000304: PUSH1 0x00 00000306: DUP8 00000307: PUSH2 0x61da 0000030a: GAS 0000030b: SUB 0000030c: CALL 0000030d: ISZERO 0000030e: PUSH2 0x0002 00000311: JUMPI 00000312: POP 00000313: POP 00000314: POP 00000315: POP 00000316: SWAP4 00000317: SWAP3 00000318: POP 00000319: POP 0000031a: POP 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH1 0x05 0000031f: PUSH1 0x20 00000321: SWAP1 00000322: DUP2 00000323: MSTORE 00000324: PUSH1 0x04 00000326: CALLDATALOAD 00000327: PUSH1 0x00 00000329: SWAP1 0000032a: DUP2 0000032b: MSTORE 0000032c: PUSH1 0x40 0000032e: DUP1 0000032f: DUP3 00000330: KECCAK256 00000331: SWAP1 00000332: SWAP3 00000333: MSTORE 00000334: PUSH1 0x24 00000336: CALLDATALOAD 00000337: DUP2 00000338: MSTORE 00000339: KECCAK256 0000033a: SLOAD 0000033b: PUSH2 0x03d5 0000033e: SWAP1 0000033f: DUP2 00000340: JUMP 00000341: JUMPDEST 00000342: PUSH1 0x04 00000344: PUSH1 0x20 00000346: DUP2 00000347: DUP2 00000348: MSTORE 00000349: SWAP1 0000034a: CALLDATALOAD 0000034b: PUSH1 0x00 0000034d: SWAP1 0000034e: DUP2 0000034f: MSTORE 00000350: PUSH1 0x40 00000352: DUP1 00000353: DUP3 00000354: KECCAK256 00000355: SWAP1 00000356: SWAP3 00000357: MSTORE 00000358: PUSH1 0x24 0000035a: CALLDATALOAD 0000035b: DUP2 0000035c: MSTORE 0000035d: KECCAK256 0000035e: SLOAD 0000035f: PUSH2 0x03d5 00000362: SWAP1 00000363: DUP2 00000364: JUMP 00000365: JUMPDEST 00000366: STOP 00000367: JUMPDEST 00000368: PUSH1 0x40 0000036a: MLOAD 0000036b: DUP1 0000036c: DUP1 0000036d: PUSH1 0x20 0000036f: ADD 00000370: DUP3 00000371: DUP2 00000372: SUB 00000373: DUP3 00000374: MSTORE 00000375: DUP4 00000376: DUP2 00000377: DUP2 00000378: MLOAD 00000379: DUP2 0000037a: MSTORE 0000037b: PUSH1 0x20 0000037d: ADD 0000037e: SWAP2 0000037f: POP 00000380: DUP1 00000381: MLOAD 00000382: SWAP1 00000383: PUSH1 0x20 00000385: ADD 00000386: SWAP1 00000387: DUP1 00000388: DUP4 00000389: DUP4 0000038a: DUP3 0000038b: SWAP1 0000038c: PUSH1 0x00 0000038e: PUSH1 0x04 00000390: PUSH1 0x20 00000392: DUP5 00000393: PUSH1 0x1f 00000395: ADD 00000396: DIV 00000397: PUSH1 0x0f 00000399: MUL 0000039a: PUSH1 0x03 0000039c: ADD 0000039d: CALL 0000039e: POP 0000039f: SWAP1 000003a0: POP 000003a1: SWAP1 000003a2: DUP2 000003a3: ADD 000003a4: SWAP1 000003a5: PUSH1 0x1f 000003a7: AND 000003a8: DUP1 000003a9: ISZERO 000003aa: PUSH2 0x03c7 000003ad: JUMPI 000003ae: DUP1 000003af: DUP3 000003b0: SUB 000003b1: DUP1 000003b2: MLOAD 000003b3: PUSH1 0x01 000003b5: DUP4 000003b6: PUSH1 0x20 000003b8: SUB 000003b9: PUSH2 0x0100 000003bc: EXP 000003bd: SUB 000003be: NOT 000003bf: AND 000003c0: DUP2 000003c1: MSTORE 000003c2: PUSH1 0x20 000003c4: ADD 000003c5: SWAP2 000003c6: POP 000003c7: JUMPDEST 000003c8: POP 000003c9: SWAP3 000003ca: POP 000003cb: POP 000003cc: POP 000003cd: PUSH1 0x40 000003cf: MLOAD 000003d0: DUP1 000003d1: SWAP2 000003d2: SUB 000003d3: SWAP1 000003d4: RETURN 000003d5: JUMPDEST 000003d6: PUSH1 0x40 000003d8: DUP1 000003d9: MLOAD 000003da: SWAP2 000003db: DUP3 000003dc: MSTORE 000003dd: MLOAD 000003de: SWAP1 000003df: DUP2 000003e0: SWAP1 000003e1: SUB 000003e2: PUSH1 0x20 000003e4: ADD 000003e5: SWAP1 000003e6: RETURN 000003e7: JUMPDEST 000003e8: PUSH1 0x60 000003ea: SWAP1 000003eb: DUP2 000003ec: MSTORE 000003ed: PUSH1 0x20 000003ef: SWAP1 000003f0: RETURN 000003f1: JUMPDEST 000003f2: DUP3 000003f3: ADD 000003f4: SWAP2 000003f5: SWAP1 000003f6: PUSH1 0x00 000003f8: MSTORE 000003f9: PUSH1 0x20 000003fb: PUSH1 0x00 000003fd: KECCAK256 000003fe: SWAP1 000003ff: JUMPDEST 00000400: DUP2 00000401: SLOAD 00000402: DUP2 00000403: MSTORE 00000404: SWAP1 00000405: PUSH1 0x01 00000407: ADD 00000408: SWAP1 00000409: PUSH1 0x20 0000040b: ADD 0000040c: DUP1 0000040d: DUP4 0000040e: GT 0000040f: PUSH2 0x03ff 00000412: JUMPI 00000413: DUP3 00000414: SWAP1 00000415: SUB 00000416: PUSH1 0x1f 00000418: AND 00000419: DUP3 0000041a: ADD 0000041b: SWAP2 0000041c: JUMPDEST 0000041d: POP 0000041e: POP 0000041f: POP 00000420: POP 00000421: POP 00000422: DUP2 00000423: JUMP 00000424: JUMPDEST 00000425: PUSH1 0x01 00000427: PUSH1 0xa0 00000429: PUSH1 0x02 0000042b: EXP 0000042c: SUB 0000042d: DUP3 0000042e: AND 0000042f: PUSH1 0x00 00000431: SWAP1 00000432: DUP2 00000433: MSTORE 00000434: PUSH1 0x40 00000436: SWAP1 00000437: KECCAK256 00000438: SLOAD 00000439: DUP1 0000043a: DUP3 0000043b: ADD 0000043c: LT 0000043d: ISZERO 0000043e: PUSH2 0x0446 00000441: JUMPI 00000442: PUSH2 0x0002 00000445: JUMP 00000446: JUMPDEST 00000447: DUP1 00000448: PUSH1 0x03 0000044a: PUSH1 0x00 0000044c: POP 0000044d: PUSH1 0x00 0000044f: CALLER 00000450: PUSH1 0x01 00000452: PUSH1 0xa0 00000454: PUSH1 0x02 00000456: EXP 00000457: SUB 00000458: AND 00000459: DUP2 0000045a: MSTORE 0000045b: PUSH1 0x20 0000045d: ADD 0000045e: SWAP1 0000045f: DUP2 00000460: MSTORE 00000461: PUSH1 0x20 00000463: ADD 00000464: PUSH1 0x00 00000466: KECCAK256 00000467: PUSH1 0x00 00000469: DUP3 0000046a: DUP3 0000046b: DUP3 0000046c: POP 0000046d: SLOAD 0000046e: SUB 0000046f: SWAP3 00000470: POP 00000471: POP 00000472: DUP2 00000473: SWAP1 00000474: SSTORE 00000475: POP 00000476: DUP1 00000477: PUSH1 0x03 00000479: PUSH1 0x00 0000047b: POP 0000047c: PUSH1 0x00 0000047e: DUP5 0000047f: PUSH1 0x01 00000481: PUSH1 0xa0 00000483: PUSH1 0x02 00000485: EXP 00000486: SUB 00000487: AND 00000488: DUP2 00000489: MSTORE 0000048a: PUSH1 0x20 0000048c: ADD 0000048d: SWAP1 0000048e: DUP2 0000048f: MSTORE 00000490: PUSH1 0x20 00000492: ADD 00000493: PUSH1 0x00 00000495: KECCAK256 00000496: PUSH1 0x00 00000498: DUP3 00000499: DUP3 0000049a: DUP3 0000049b: POP 0000049c: SLOAD 0000049d: ADD 0000049e: SWAP3 0000049f: POP 000004a0: POP 000004a1: DUP2 000004a2: SWAP1 000004a3: SSTORE 000004a4: POP 000004a5: DUP2 000004a6: PUSH1 0x01 000004a8: PUSH1 0xa0 000004aa: PUSH1 0x02 000004ac: EXP 000004ad: SUB 000004ae: AND 000004af: CALLER 000004b0: PUSH1 0x01 000004b2: PUSH1 0xa0 000004b4: PUSH1 0x02 000004b6: EXP 000004b7: SUB 000004b8: AND 000004b9: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004da: DUP4 000004db: PUSH1 0x40 000004dd: MLOAD 000004de: DUP1 000004df: DUP3 000004e0: DUP2 000004e1: MSTORE 000004e2: PUSH1 0x20 000004e4: ADD 000004e5: SWAP2 000004e6: POP 000004e7: POP 000004e8: PUSH1 0x40 000004ea: MLOAD 000004eb: DUP1 000004ec: SWAP2 000004ed: SUB 000004ee: SWAP1 000004ef: LOG3 000004f0: POP 000004f1: POP 000004f2: JUMP 000004f3: JUMPDEST 000004f4: PUSH1 0x01 000004f6: PUSH1 0xa0 000004f8: PUSH1 0x02 000004fa: EXP 000004fb: SUB 000004fc: DUP4 000004fd: AND 000004fe: DUP2 000004ff: MSTORE 00000500: PUSH1 0x40 00000502: DUP2 00000503: KECCAK256 00000504: SLOAD 00000505: DUP1 00000506: DUP4 00000507: ADD 00000508: LT 00000509: ISZERO 0000050a: PUSH2 0x0512 0000050d: JUMPI 0000050e: PUSH2 0x0002 00000511: JUMP 00000512: JUMPDEST 00000513: PUSH1 0x01 00000515: PUSH1 0xa0 00000517: PUSH1 0x02 00000519: EXP 0000051a: SUB 0000051b: DUP1 0000051c: DUP6 0000051d: AND 0000051e: DUP1 0000051f: DUP4 00000520: MSTORE 00000521: PUSH1 0x04 00000523: PUSH1 0x20 00000525: SWAP1 00000526: DUP2 00000527: MSTORE 00000528: PUSH1 0x40 0000052a: DUP1 0000052b: DUP6 0000052c: KECCAK256 0000052d: CALLER 0000052e: SWAP5 0000052f: SWAP1 00000530: SWAP5 00000531: AND 00000532: DUP1 00000533: DUP7 00000534: MSTORE 00000535: SWAP4 00000536: DUP3 00000537: MSTORE 00000538: DUP1 00000539: DUP6 0000053a: KECCAK256 0000053b: SLOAD 0000053c: SWAP3 0000053d: DUP6 0000053e: MSTORE 0000053f: PUSH1 0x05 00000541: DUP3 00000542: MSTORE 00000543: DUP1 00000544: DUP6 00000545: KECCAK256 00000546: SWAP4 00000547: DUP6 00000548: MSTORE 00000549: SWAP3 0000054a: SWAP1 0000054b: MSTORE 0000054c: SWAP1 0000054d: DUP3 0000054e: KECCAK256 0000054f: SLOAD 00000550: DUP4 00000551: ADD 00000552: GT 00000553: ISZERO 00000554: PUSH2 0x055c 00000557: JUMPI 00000558: PUSH2 0x0002 0000055b: JUMP 0000055c: JUMPDEST 0000055d: DUP2 0000055e: PUSH1 0x03 00000560: PUSH1 0x00 00000562: POP 00000563: PUSH1 0x00 00000565: DUP7 00000566: PUSH1 0x01 00000568: PUSH1 0xa0 0000056a: PUSH1 0x02 0000056c: EXP 0000056d: SUB 0000056e: AND 0000056f: DUP2 00000570: MSTORE 00000571: PUSH1 0x20 00000573: ADD 00000574: SWAP1 00000575: DUP2 00000576: MSTORE 00000577: PUSH1 0x20 00000579: ADD 0000057a: PUSH1 0x00 0000057c: KECCAK256 0000057d: PUSH1 0x00 0000057f: DUP3 00000580: DUP3 00000581: DUP3 00000582: POP 00000583: SLOAD 00000584: SUB 00000585: SWAP3 00000586: POP 00000587: POP 00000588: DUP2 00000589: SWAP1 0000058a: SSTORE 0000058b: POP 0000058c: DUP2 0000058d: PUSH1 0x03 0000058f: PUSH1 0x00 00000591: POP 00000592: PUSH1 0x00 00000594: DUP6 00000595: PUSH1 0x01 00000597: PUSH1 0xa0 00000599: PUSH1 0x02 0000059b: EXP 0000059c: SUB 0000059d: AND 0000059e: DUP2 0000059f: MSTORE 000005a0: PUSH1 0x20 000005a2: ADD 000005a3: SWAP1 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x20 000005a8: ADD 000005a9: PUSH1 0x00 000005ab: KECCAK256 000005ac: PUSH1 0x00 000005ae: DUP3 000005af: DUP3 000005b0: DUP3 000005b1: POP 000005b2: SLOAD 000005b3: ADD 000005b4: SWAP3 000005b5: POP 000005b6: POP 000005b7: DUP2 000005b8: SWAP1 000005b9: SSTORE 000005ba: POP 000005bb: DUP2 000005bc: PUSH1 0x05 000005be: PUSH1 0x00 000005c0: POP 000005c1: PUSH1 0x00 000005c3: DUP7 000005c4: PUSH1 0x01 000005c6: PUSH1 0xa0 000005c8: PUSH1 0x02 000005ca: EXP 000005cb: SUB 000005cc: AND 000005cd: DUP2 000005ce: MSTORE 000005cf: PUSH1 0x20 000005d1: ADD 000005d2: SWAP1 000005d3: DUP2 000005d4: MSTORE 000005d5: PUSH1 0x20 000005d7: ADD 000005d8: PUSH1 0x00 000005da: KECCAK256 000005db: PUSH1 0x00 000005dd: POP 000005de: PUSH1 0x00 000005e0: CALLER 000005e1: PUSH1 0x01 000005e3: PUSH1 0xa0 000005e5: PUSH1 0x02 000005e7: EXP 000005e8: SUB 000005e9: AND 000005ea: DUP2 000005eb: MSTORE 000005ec: PUSH1 0x20 000005ee: ADD 000005ef: SWAP1 000005f0: DUP2 000005f1: MSTORE 000005f2: PUSH1 0x20 000005f4: ADD 000005f5: PUSH1 0x00 000005f7: KECCAK256 000005f8: PUSH1 0x00 000005fa: DUP3 000005fb: DUP3 000005fc: DUP3 000005fd: POP 000005fe: SLOAD 000005ff: ADD 00000600: SWAP3 00000601: POP 00000602: POP 00000603: DUP2 00000604: SWAP1 00000605: SSTORE 00000606: POP 00000607: DUP3 00000608: PUSH1 0x01 0000060a: PUSH1 0xa0 0000060c: PUSH1 0x02 0000060e: EXP 0000060f: SUB 00000610: AND 00000611: CALLER 00000612: PUSH1 0x01 00000614: PUSH1 0xa0 00000616: PUSH1 0x02 00000618: EXP 00000619: SUB 0000061a: AND 0000061b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000063c: DUP5 0000063d: PUSH1 0x40 0000063f: MLOAD 00000640: DUP1 00000641: DUP3 00000642: DUP2 00000643: MSTORE 00000644: PUSH1 0x20 00000646: ADD 00000647: SWAP2 00000648: POP 00000649: POP 0000064a: PUSH1 0x40 0000064c: MLOAD 0000064d: DUP1 0000064e: SWAP2 0000064f: SUB 00000650: SWAP1 00000651: LOG3 00000652: SWAP4 00000653: SWAP3 00000654: POP 00000655: POP 00000656: POP 00000657: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2
call_targets:
0x0000000000000000000000000000000000000004, 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2
call_targets:
0x0000000000000000000000000000000000000004, 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd0d1f54c57c3ec80eb36f43e3e817632ecd4d3e3e835d54b3c34ab97d14c1ed2",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | other | codex | `allowance()` appears to report approved ceiling, not remaining spendable allowance | 75 | no | — |
viewevidence_json{
"evidence": "Best-effort bytecode inference shows `0xdd62ed3e` reading only one nested mapping rooted at slot `0x04` (`pc:0x35e`). In `0x23b872dd`, the transferFrom path reads slot `0x04` (`pc:0x53b`) and a second nested mapping rooted at slot `0x05` (`pc:0x54f`), checks the combination, then updates slot `0x05` at `pc:0x605` instead of decrementing slot `0x04`. That implies standard `allowance()` does not expose the true remaining spendable amount.",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xdc3080f2",
"pc:0x35e",
"pc:0x53b",
"pc:0x54f",
"pc:0x605"
],
"recommendation": "If this contract must present an ERC20-compatible surface, make `allowance()` return remaining allowance, or decrement the same allowance slot that `allowance()` reads. At minimum, document the non-standard behavior prominently and require integrators to account for the extra spent-allowance state (best-effort inferred from selector `0xdc3080f2`).",
"exploit_scenario": "A wallet, DEX, or vault reads `allowance(owner, spender)` via `0xdd62ed3e` and believes that full amount is still spendable. If the spender has already consumed part of the approval, `transferFrom` can still revert because the contract also tracks a separate spent counter. This can break pull-based integrations, leave approvals seemingly usable when they are not, and make allowance changes behave unexpectedly unless an integrator knows about the custom second mapping."
}
|
| low | reentrancy | codex | Approval callback performs a full-gas external call after writing approval | 65 | no | — |
viewevidence_json{
"evidence": "Selector `0xcae9ca51` accepts calldata shaped like `(address,uint256,bytes)` and writes to the allowance-like mapping at `pc:0x24b`. It then builds calldata containing selector `0x8f4ffcb1` at `pc:0x25a` and performs a low-level `CALL` to the calldata-derived target at `pc:0x30c`, with no detected guard. The other CALLs at `pc:0x2c8`/`pc:0x39d` are consistent with identity-precompile/string-copy helpers and are lower concern.",
"locations": [
"selector:0xcae9ca51",
"pc:0x24b",
"pc:0x25a",
"pc:0x30c"
],
"recommendation": "Treat this entrypoint as reentrant-by-design. Avoid using it with untrusted spender contracts. If behavior can be changed, add an explicit reentrancy guard or refactor so callbacks cannot observe freshly written approval without tighter controls.",
"exploit_scenario": "If selector `0xcae9ca51` is the expected `approveAndCall(address,uint256,bytes)`-style entrypoint, a malicious spender contract can receive the callback and immediately reenter the token using the just-written approval before the outer call returns. From the bytecode alone, this looks intentional, but any integrator assuming the callback is non-reentrant could be surprised."
}
|