019b3836-37c1-705c-9971-0d72c6032c76
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3807 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3808 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 47012 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 47013 | capability.graph | complete | 1 / 3 | 1 week ago |
| 47014 | detector.run | complete | 1 / 3 | 1 week ago |
| 47015 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113277 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode-only review indicates a nonstandard approval model and one intentional but reentrant callback surface. Selector inference for `0xcae9ca51` and `0xdc3080f2` is supported by local keccak matches to `approveAndCall(address,uint256,bytes)` and `spentAllowance(address,address)`, but storage names remain inferred from raw slots.","findings":[{"severity":"medium","category":"other","title":"Approval accounting is cumulative and can permanently brick future approvals for a spender","exploit_scenario":"A user approves spender `S` for 100 tokens and `S` spends them, which increments the separate spent counter. Later the user calls `approveAndCall(S, 50, ...)`. The approval write succeeds and `allowance(user,S)` returns 50, but `transferFrom` checks `spentAllowance + amount <= allowance`, so no transfer can succeed until the user approves more than the entire historical spent amount. Because `approveAndCall` also requires `currentBalance >= newAllowance`, a user whose current balance is below their historical spent total can become unable to grant any usable future allowance to that spender.","recommendation":"If this is meant to behave like ERC-20 allowance, reset the spent counter whenever a new allowance is set, or store and decrement remaining allowance directly. If lifetime-cap semantics are intentional, do not expose it as standard `allowance`; rename the getters and add an explicit reset/cancel path so spenders cannot become permanently unusable.","evidence":"`approveAndCall` (`selector:0xcae9ca51`) checks caller balance before setting approval, then writes only the slot-6 approval mapping (`SSTORE` at `pc:0x2c4`). `transferFrom` (`selector:0x23b872dd`) reads slot 6 and a second nested mapping in slot 7, enforces `slot7 + amount <= slot6` (`pc:0x5b8`, `pc:0x5cc`, `pc:0x5cf`), and then increments slot 7 (`SSTORE` at `pc:0x682`). The extra getter `selector:0xdc3080f2` returns slot 7, matching `spentAllowance(address,address)`. No bytecode path was found that clears slot 7 when a new approval is issued.","locations":["selector:0xcae9ca51","selector:0x23b872dd","selector:0xdc3080f2","selector:0xdd62ed3e","pc:0x2c4","pc:0x5b8","pc:0x5cc","pc:0x682"]},{"severity":"low","category":"reentrancy","title":"`approveAndCall` grants allowance before an untrusted external callback","exploit_scenario":"A malicious spender contract can be approved through `approveAndCall`, receive the callback, and reenter the token immediately via `transferFrom` or other entrypoints while the outer call is still active. In this token that appears to be the intended extension behavior, so the impact is mainly on integrators that assume `approveAndCall` is a simple notification rather than a fully reentrant interaction.","recommendation":"Treat `approveAndCall` as a reentrant entrypoint. If this callback is not required, remove it in favor of standard allowance flow. If it is required, document the behavior clearly and consider a stricter callback interface or reentrancy protections around any future stateful logic added to this contract.","evidence":"`selector:0xcae9ca51` matches `approveAndCall(address,uint256,bytes)` and builds calldata for `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`). The approval state is persisted first (`pc:0x2c4`), then the contract performs a low-level `CALL` to the spender at `pc:0x385`. The artifact reports no detected guards, and the only non-precompile untrusted external callsite validated from this runtime is this callback path.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-wht8v9t9
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5bff-5112-7231-97d3-32c9bcdbeae2
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-wht8v9t9
succeeded in 0ms:
/tmp/codex-wht8v9t9
exec
/bin/bash -lc 'rg --files' in /tmp/codex-wht8v9t9
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0xb8b1a141a0307667042b2b937c52884b19801dfd",
"artifact_hash": "0x14dc18e8d4ed8581a63b0e3f7c4b6e5bf79f1dc75306e636aede1e8bdb622a5f",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 119
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 130
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 141
},
{
"end_pc": 214,
"hash": "0xe609e0ed9fe314086b3e9de794dd44b20d87ca760b64cb10b18bf10296c9c261",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 149
},
{
"end_pc": 222,
"hash": "0x713d916f0f4e584f87becb6a1021c80b61b6eab700136f83388fb94075937cbc",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 215
},
{
"end_pc": 241,
"hash": "0x2f79bc67d75c98e761a38ea55d57bbcec6eb30f1ddbfa0b3c70fe9fa8caae013",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
],
"start_pc": 223
},
{
"end_pc": 250,
"hash": "0x3a3669e009b49c0068eabc67adae73ab5360d61101f63d22efd34c572eabf879",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 242
},
{
"end_pc": 296,
"hash": "0x134b838f5b1eb4a24caec565da344d7d1576794d6831fca55be9ca2b2adfffb9",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_82",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 251
},
{
"end_pc": 300,
"hash": "0xd7fd16f2f78e22206387c4b4c199cc3784df86884d46b4e8dd4e28c06e9c719b",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 297
},
{
"end_pc": 312,
"hash": "0x54cdaef02fe32a41536f7b77cc4b8e1e29196b55e9e9c5c0b363a6a6aa9c99a4",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 301
},
{
"end_pc": 375,
"hash": "0x065d75eb6b549e2d9e52557e72162860fb8a67c9ce48721015f0e439fa1d1e89",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_91",
"AND",
"OP_82",
"OP_90",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 313
},
{
"end_pc": 383,
"hash": "0x82102ab93046b910b00335cceb519faa394c48a0dd44f8b9ef781e5949123608",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 376
},
{
"end_pc": 402,
"hash": "0x46de8bd45f0718554d354f3e8e4dae2cf02db5bc8ec8689d4e01481c9077f9e5",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 384
},
{
"end_pc": 426,
"hash": "0x6472e63b2c46d825395a5e8969cb8973555892225ea26d88bb52e23180f24c8f",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 403
},
{
"end_pc": 491,
"hash": "0xc29e37c0240c3dc5861eed142650b4f620a74393e700e2bd1c840d5da4385300",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"OP_84",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 427
},
{
"end_pc": 499,
"hash": "0x06eb886f2c95ad9be5ab1095a29c584ad76b46878e496ee9b0ad5b5baa5b2fde",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"start_pc": 492
},
{
"end_pc": 518,
"hash": "0x8363413c8d4ac8548a1b22aee091b30460476a8d238acee876d4d15960026b23",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 500
},
{
"end_pc": 561,
"hash": "0xfbb8ee7400f187e328414753f1511d7f3459b7bd28e1dc4900850996e0a16e06",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 519
},
{
"end_pc": 565,
"hash": "0xa4a4ae061ef386f7d7486aaf3298058f26a9f17e111d4eb1ba437f6d2a947101",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 562
},
{
"end_pc": 849,
"hash": "0x63fec82cc0f41e798d0c39011f364e5f0e1428e47413786caf13f0a0fb1f1a52",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"OP_81",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_84",
"OP_90",
"DIV",
"OP_90",
"OP_93",
"MUL",
"OP_84",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_83",
"OP_81",
"MSTORE",
"PUSH2",
"OP_94",
"OP_82",
"CALLDATALOAD",
"OP_94",
"PUSH1",
"OP_80",
"CALLDATALOAD",
"OP_95",
"PUSH1",
"OP_94",
"OP_93",
"OP_91",
"ADD",
"OP_91",
"OP_90",
"OP_81",
"OP_90",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"OP_94",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"OP_83",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"OP_87",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_84",
"OP_90",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH4",
"CALLER",
"OP_86",
"ADDRESS",
"OP_87",
"PUSH1",
"MLOAD",
"OP_85",
"PUSH1",
"PUSH1",
"EXP",
"MUL",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_84",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_83",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 566
},
{
"end_pc": 874,
"hash": "0x17f7deb342002d7b4a616129a837954148eb0171e6fa8c57aac90d77236f888b",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 850
},
{
"end_pc": 906,
"hash": "0x84229ca8d3771a6156324b47011bcdb0a683777a4d2a1f266849cf7ca40d8a04",
"opcodes": [
"JUMPDEST",
"POP",
"OP_95",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"MLOAD",
"OP_80",
"OP_83",
"SUB",
"OP_81",
"PUSH1",
"OP_87",
"PUSH2",
"GAS",
"SUB",
"CALL",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 875
},
{
"end_pc": 919,
"hash": "0xfa6321d1a087cb91c03b5652829eb3bd5f4d3c5a25f3637a26c05f6fbe498a43",
"opcodes": [
"POP",
"PUSH1",
"OP_97",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 907
},
{
"end_pc": 956,
"hash": "0x7e02ca16c778428ad3d0810dfc23c433b033732b606e505f38f6145112c184a8",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 920
},
{
"end_pc": 993,
"hash": "0x042c1afb96f235fc54f29cf1b2f30ed811fb81afeff6e474f6e7b29d53f24c7e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 957
},
{
"end_pc": 995,
"hash": "0x0f692128e76a1124821e667bb073ac313d488f7fcdbc8d9fbbf13d26ceb31f0b",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 994
},
{
"end_pc": 1066,
"hash": "0x9aa34f2fb0626cb939c113c9be278794f8c988658f24ca2507bb497607223c81",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 996
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
},
{
"end_pc": 1091,
"hash": "0xfa2051631966675ac33e4879826a9d4b2735cb21b292a65e73b1461d671f1a28",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 1067
},
{
"end_pc": 1105,
"hash": "0xed2e9a49cde9ace4b4babfac1c4ae1c15310169c3a36e4ec83145a57a85f40a9",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 1092
},
{
"end_pc": 1123,
"hash": "0xa96f242abd52ace13a743ee9f25b502cd9acd559a9fab18eae38fca805ee16e2",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"OP_91",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 1106
},
{
"end_pc": 1133,
"hash": "0x773879341b32f5b6026d79ed82eef4857b55f8e358550abf4f6fb17e0034783d",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 1124
},
{
"end_pc": 1147,
"hash": "0x4d3914a00f718ab6d4928a2bcf44b13898a223fdccf8c82eb5d7e72e3359d1e0",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 1134
},
{
"end_pc": 1167,
"hash": "0x35c9b1f1b8d1461f9ad9a3a0e3ef6c7c780fb4df296d6e6f25b6e9a26330b66c",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 1148
},
{
"end_pc": 1176,
"hash": "0x9a131963af637fd293336c656b8f5cfd1cbb3c5bb17a60985de1e81ebb00d94a",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 1168
},
{
"end_pc": 1184,
"hash": "0x3d6eae6fe9f522f9d58c979085d8baa032b39e7a5551816caffe353f0a086e5d",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 1177
},
{
"end_pc": 1214,
"hash": "0x89e0d746eaac977ccdfb9e9ee1b7851a4ae7e6d28eb62e274ba474d571e9bdbb",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1185
},
{
"end_pc": 1218,
"hash": "0x14f5af4e64a2c0d71041fb55838f80b124022b2cef1965d4e5d23a91ce81cd2a",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1215
},
{
"end_pc": 1391,
"hash": "0xd4adb1c5b002c205ffa609c4bb2e6eb90617f8941aeca6d64be90a7a0e51b84c",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
exec
/bin/bash -lc "sed -n '1301,1560p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 1219
},
{
"end_pc": 1418,
"hash": "0x79d77a860b5a1028902eea3d392923f8e26f81981924cb0de16eedaaea3739c9",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_80",
"OP_83",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1392
},
{
"end_pc": 1422,
"hash": "0xaf06b85100f91f22fda825ba8a61da151f4ee7596eadcc15430d588f09eebe42",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1419
},
{
"end_pc": 1492,
"hash": "0x7d18243074b0fe05b65108dc67aad23a0d90969361c4147a7fb867c696f7ddc1",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_80",
"OP_85",
"AND",
"OP_80",
"OP_83",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_85",
"SHA3",
"CALLER",
"OP_94",
"OP_90",
"OP_94",
"AND",
"OP_80",
"OP_86",
"MSTORE",
"OP_93",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"SLOAD",
"OP_92",
"OP_85",
"MSTORE",
"PUSH1",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"OP_93",
"OP_85",
"MSTORE",
"OP_92",
"OP_90",
"MSTORE",
"OP_90",
"OP_82",
"SHA3",
"SLOAD",
"OP_83",
"ADD",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1423
},
{
"end_pc": 1496,
"hash": "0x674a4dc9db49e5bd0fdf46083652f77654a557525b3650a1ccf9ee2cab0ab70e",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1493
},
{
"end_pc": 1751,
"hash": "0xc7b4210203fdf2caa0c0843fa589bfdbc8f427a1e34e1ff0ce973bb9175bd376",
"opcodes": [
"JUMPDEST",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
exec
/bin/bash -lc "sed -n '1561,1820p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_82",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_84",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"PUSH1",
"OP_93",
"OP_92",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 1497
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:149",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:242",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:251",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:301",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:403",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:427",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:519",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:566",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:119",
"to": "bb:920",
"type": "control_flow"
},
{
"from": "bb:119",
"to": "bb:130",
"type": "control_flow_fallthrough"
},
{
"from": "bb:130",
"to": "bb:957",
"type": "control_flow"
},
{
"from": "bb:130",
"to": "bb:141",
"type": "control_flow_fallthrough"
},
{
"from": "bb:149",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:149",
"to": "bb:215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:215",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:215",
"to": "bb:223",
"type": "control_flow_fallthrough"
},
{
"from": "bb:223",
"to": "bb:1177",
"type": "control_flow"
exec
/bin/bash -lc "sed -n '1821,2080p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
},
{
"from": "bb:251",
"to": "bb:1392",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:297",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:376",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:376",
"to": "bb:384",
"type": "control_flow_fallthrough"
},
{
"from": "bb:384",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:492",
"to": "bb:500",
"type": "control_flow_fallthrough"
},
{
"from": "bb:500",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:1185",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:562",
"type": "control_flow_fallthrough"
},
{
"from": "bb:566",
"to": "bb:875",
"type": "control_flow"
},
{
"from": "bb:566",
"to": "bb:850",
"type": "control_flow_fallthrough"
},
{
"from": "bb:850",
"to": "bb:875",
"type": "control_flow_fallthrough"
},
{
"from": "bb:875",
"to": "bb:907",
"type": "control_flow_fallthrough"
},
{
"from": "bb:996",
"to": "bb:1092",
"type": "control_flow"
},
{
"from": "bb:996",
"to": "bb:1067",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1067",
"to": "bb:1092",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1134",
"to": "bb:1148",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1148",
"to": "bb:1148",
"type": "control_flow"
},
{
"from": "bb:1148",
"to": "bb:1168",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1168",
"to": "bb:1177",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1185",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:1185",
"to": "bb:1215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1392",
"to": "bb:1423",
"type": "control_flow"
},
{
"from": "bb:1392",
"to": "bb:1419",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1423",
"to": "bb:1497",
"type": "control_flow"
},
{
"from": "bb:1423",
"to": "bb:1493",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0xe056c46d75ff7ed3a591a475ed7c0ba3bed4ec94bddbc14f5d1bfcd40b49f333",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 599290589,
"selector": "0x18160ddd"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1425886544,
"selector": "0x313ce567"
},
{
"entry_pc": 1889567281,
"selector": "0x54fd4d50"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 994,
"selector": "0xdd62ed3e"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
exec
/bin/bash -lc "sed -n '2081,2340p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 599290589,
"selector": "0x18160ddd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1425886544,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x54fd4d50",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
exec
/bin/bash -lc "sed -n '2341,2600p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
exec
/bin/bash -lc "sed -n '2601,2860p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 994,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
],
"selectors": [
"0x06fdde03",
"0x18160ddd",
"0x23b872dd",
"0x313ce567",
"0x54fd4d50",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
],
"sinks": {
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 22,
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"created_at": "2026-04-04T19:56:49.000000Z",
"id": 2410,
"updated_at": "2026-04-04T19:56:49.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0xb8b1a141a0307667042b2b937c52884b19801dfd",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:55.000000Z",
"id": "019b3836-37c1-705c-9971-0d72c6032c76",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:56:49.000000Z"
},
"artifact": {
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561057057610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b6103e2600435602435600160a060020a033316600090815260056020526040902054819010156104a157610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b81548152906001019060200180831161047c57829003601f168201915b505050505081565b600160a060020a0382166000908152604090205480820110156104c357610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561058f57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156105d957610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3506001939250505056",
"head": null,
"length": 3506,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0xb8b1a141a0307667042b2b937c52884b19801dfd",
"block_number": null,
"chain_id": 1,
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"created_at": "2026-04-04T19:56:49.000000Z",
"graph_hash": "0x5b2e5758f6f3b4facc5f35afd7626b3ebe439081e524f976a9520b3d3de08cae",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|summary|selector_names|slot|proxy|reentr|delegatecall|allowance|approve|transferFrom' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
2035: "delegatecall": 0,
2041: "slots": [
2045: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2050: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2055: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2060: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2065: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2070: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2075: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2080: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2085: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2099: "delegatecall": 0,
2105: "slots": [
2109: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2114: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2119: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2124: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2129: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2134: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2139: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2144: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2149: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2163: "delegatecall": 0,
2169: "slots": [
2173: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2178: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2183: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2188: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2193: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2198: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2203: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2208: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2213: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2227: "delegatecall": 0,
2233: "slots": [
2237: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2242: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2247: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2252: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2257: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2262: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2267: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2272: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2277: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2291: "delegatecall": 0,
2297: "slots": [
2301: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2306: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2311: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2316: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2321: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2326: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2331: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2336: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2341: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2355: "delegatecall": 0,
2361: "slots": [
2365: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2370: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2375: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2380: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2385: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2390: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2395: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2400: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2405: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2419: "delegatecall": 0,
2425: "slots": [
2429: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2434: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2439: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2444: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2449: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2454: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2459: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2464: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2469: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2483: "delegatecall": 0,
2489: "slots": [
2493: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2498: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2503: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2508: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2513: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2518: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2523: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2528: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2533: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2547: "delegatecall": 0,
2553: "slots": [
2557: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2562: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2567: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2572: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2577: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2582: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2587: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2592: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2597: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2611: "delegatecall": 0,
2617: "slots": [
2621: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2626: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2631: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2636: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2641: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2646: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2651: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2656: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2661: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2675: "delegatecall": 0,
2681: "slots": [
2685: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2690: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2695: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2700: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2705: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2710: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2715: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2720: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2725: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2749: "delegatecall": 0,
2752: "upgrade_slot_write_suspected": false
2757: "slots": [
2761: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2766: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2771: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2776: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2781: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2786: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2791: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2796: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2801: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2835: "is_proxy": false,
3702: "detector_findings": [
3705: "evidence_json": {
3758: "evidence_json": {
3810: "heuristics_summary": {
3812: "delegatecall_count": 0,
exec
/bin/bash -lc "sed -n '1,220p' codex-output-schema.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "sed -n '3680,3860p' BYTECODE_BUNDLE.json" in /tmp/codex-wht8v9t9
succeeded in 0ms:
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 994,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2410,
"updated_at": "2026-04-04T19:56:49.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb8b1a141a0307667042b2b937c52884b19801dfd"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb8b1a141a0307667042b2b937c52884b19801dfd"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc 'which evm || true' in /tmp/codex-wht8v9t9
succeeded in 0ms:
exec
/bin/bash -lc 'which cast || true' in /tmp/codex-wht8v9t9
exec
/bin/bash -lc 'which python3 || true' in /tmp/codex-wht8v9t9
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
succeeded in 0ms:
/var/www/tripwire/.venv/bin/python3
exec
/bin/bash -lc 'which node || true' in /tmp/codex-wht8v9t9
succeeded in 0ms:
/home/noahkuhn/.nvm/versions/node/v23.3.0/bin/node
exec
/bin/bash -lc "python3 - <<'PY'
import json, textwrap
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
print(data['artifact']['runtime_bytecode']['full'])
PY" in /tmp/codex-wht8v9t9
succeeded in 0ms:
0x6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561057057610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b6103e2600435602435600160a060020a033316600090815260056020526040902054819010156104a157610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b81548152906001019060200180831161047c57829003601f168201915b505050505081565b600160a060020a0382166000908152604090205480820110156104c357610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561058f57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156105d957610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3506001939250505056
exec
/bin/bash -lc "python3 - <<'PY'
import json, subprocess, tempfile, os
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode=data['artifact']['runtime_bytecode']['full']
# cast disassemble can take bytecode directly
res=subprocess.run(['/home/noahkuhn/.foundry/bin/cast','disassemble',bytecode],capture_output=True,text=True)
print(res.stdout)
print(res.stderr)
PY" in /tmp/codex-wht8v9t9
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x008d
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0095
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x18160ddd
00000025: EQ
00000026: PUSH2 0x00f2
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x23b872dd
00000030: EQ
00000031: PUSH2 0x00fb
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x313ce567
0000003b: EQ
0000003c: PUSH2 0x012d
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x54fd4d50
00000046: EQ
00000047: PUSH2 0x0139
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x70a08231
00000051: EQ
00000052: PUSH2 0x0193
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0x95d89b41
0000005c: EQ
0000005d: PUSH2 0x01ab
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xa9059cbb
00000067: EQ
00000068: PUSH2 0x0207
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xcae9ca51
00000072: EQ
00000073: PUSH2 0x0236
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0xdc3080f2
0000007d: EQ
0000007e: PUSH2 0x0398
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0xdd62ed3e
00000088: EQ
00000089: PUSH2 0x03bd
0000008c: JUMPI
0000008d: JUMPDEST
0000008e: PUSH2 0x03e2
00000091: PUSH2 0x0002
00000094: JUMP
00000095: JUMPDEST
00000096: PUSH2 0x03e4
00000099: PUSH1 0x00
0000009b: DUP1
0000009c: SLOAD
0000009d: PUSH1 0x20
0000009f: PUSH1 0x02
000000a1: PUSH1 0x01
000000a3: DUP4
000000a4: AND
000000a5: ISZERO
000000a6: PUSH2 0x0100
000000a9: MUL
000000aa: PUSH1 0x00
000000ac: NOT
000000ad: ADD
000000ae: SWAP1
000000af: SWAP3
000000b0: AND
000000b1: SWAP2
000000b2: SWAP1
000000b3: SWAP2
000000b4: DIV
000000b5: PUSH1 0x1f
000000b7: DUP2
000000b8: ADD
000000b9: DUP3
000000ba: SWAP1
000000bb: DIV
000000bc: SWAP1
000000bd: SWAP2
000000be: MUL
000000bf: PUSH1 0x80
000000c1: SWAP1
000000c2: DUP2
000000c3: ADD
000000c4: PUSH1 0x40
000000c6: MSTORE
000000c7: PUSH1 0x60
000000c9: DUP3
000000ca: DUP2
000000cb: MSTORE
000000cc: SWAP3
000000cd: SWAP2
000000ce: SWAP1
000000cf: DUP3
000000d0: DUP3
000000d1: DUP1
000000d2: ISZERO
000000d3: PUSH2 0x0499
000000d6: JUMPI
000000d7: DUP1
000000d8: PUSH1 0x1f
000000da: LT
000000db: PUSH2 0x046e
000000de: JUMPI
000000df: PUSH2 0x0100
000000e2: DUP1
000000e3: DUP4
000000e4: SLOAD
000000e5: DIV
000000e6: MUL
000000e7: DUP4
000000e8: MSTORE
000000e9: SWAP2
000000ea: PUSH1 0x20
000000ec: ADD
000000ed: SWAP2
000000ee: PUSH2 0x0499
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH2 0x0452
000000f6: PUSH1 0x04
000000f8: SLOAD
000000f9: DUP2
000000fa: JUMP
000000fb: JUMPDEST
000000fc: PUSH2 0x0452
000000ff: PUSH1 0x04
00000101: CALLDATALOAD
00000102: PUSH1 0x24
00000104: CALLDATALOAD
00000105: PUSH1 0x44
00000107: CALLDATALOAD
00000108: PUSH1 0x01
0000010a: PUSH1 0xa0
0000010c: PUSH1 0x02
0000010e: EXP
0000010f: SUB
00000110: DUP4
00000111: AND
00000112: PUSH1 0x00
00000114: SWAP1
00000115: DUP2
00000116: MSTORE
00000117: PUSH1 0x05
00000119: PUSH1 0x20
0000011b: MSTORE
0000011c: PUSH1 0x40
0000011e: DUP2
0000011f: KECCAK256
00000120: SLOAD
00000121: DUP3
00000122: SWAP1
00000123: LT
00000124: ISZERO
00000125: PUSH2 0x0570
00000128: JUMPI
00000129: PUSH2 0x0002
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH2 0x0464
00000131: PUSH1 0x03
00000133: SLOAD
00000134: PUSH1 0xff
00000136: AND
00000137: DUP2
00000138: JUMP
00000139: JUMPDEST
0000013a: PUSH2 0x03e4
0000013d: PUSH1 0x02
0000013f: DUP1
00000140: SLOAD
00000141: PUSH1 0x20
00000143: PUSH1 0x01
00000145: DUP3
00000146: AND
00000147: ISZERO
00000148: PUSH2 0x0100
0000014b: MUL
0000014c: PUSH1 0x00
0000014e: NOT
0000014f: ADD
00000150: SWAP1
00000151: SWAP2
00000152: AND
00000153: DUP3
00000154: SWAP1
00000155: DIV
00000156: PUSH1 0x1f
00000158: DUP2
00000159: ADD
0000015a: DUP3
0000015b: SWAP1
0000015c: DIV
0000015d: SWAP1
0000015e: SWAP2
0000015f: MUL
00000160: PUSH1 0x80
00000162: SWAP1
00000163: DUP2
00000164: ADD
00000165: PUSH1 0x40
00000167: MSTORE
00000168: PUSH1 0x60
0000016a: DUP3
0000016b: DUP2
0000016c: MSTORE
0000016d: SWAP3
0000016e: SWAP2
0000016f: SWAP1
00000170: DUP3
00000171: DUP3
00000172: DUP1
00000173: ISZERO
00000174: PUSH2 0x0499
00000177: JUMPI
00000178: DUP1
00000179: PUSH1 0x1f
0000017b: LT
0000017c: PUSH2 0x046e
0000017f: JUMPI
00000180: PUSH2 0x0100
00000183: DUP1
00000184: DUP4
00000185: SLOAD
00000186: DIV
00000187: MUL
00000188: DUP4
00000189: MSTORE
0000018a: SWAP2
0000018b: PUSH1 0x20
0000018d: ADD
0000018e: SWAP2
0000018f: PUSH2 0x0499
00000192: JUMP
00000193: JUMPDEST
00000194: PUSH2 0x0452
00000197: PUSH1 0x04
00000199: CALLDATALOAD
0000019a: PUSH1 0x05
0000019c: PUSH1 0x20
0000019e: MSTORE
0000019f: PUSH1 0x00
000001a1: SWAP1
000001a2: DUP2
000001a3: MSTORE
000001a4: PUSH1 0x40
000001a6: SWAP1
000001a7: KECCAK256
000001a8: SLOAD
000001a9: DUP2
000001aa: JUMP
000001ab: JUMPDEST
000001ac: PUSH2 0x03e4
000001af: PUSH1 0x01
000001b1: DUP1
000001b2: SLOAD
000001b3: PUSH1 0x20
000001b5: PUSH1 0x02
000001b7: DUP3
000001b8: DUP5
000001b9: AND
000001ba: ISZERO
000001bb: PUSH2 0x0100
000001be: MUL
000001bf: PUSH1 0x00
000001c1: NOT
000001c2: ADD
000001c3: SWAP1
000001c4: SWAP3
000001c5: AND
000001c6: SWAP2
000001c7: SWAP1
000001c8: SWAP2
000001c9: DIV
000001ca: PUSH1 0x1f
000001cc: DUP2
000001cd: ADD
000001ce: DUP3
000001cf: SWAP1
000001d0: DIV
000001d1: SWAP1
000001d2: SWAP2
000001d3: MUL
000001d4: PUSH1 0x80
000001d6: SWAP1
000001d7: DUP2
000001d8: ADD
000001d9: PUSH1 0x40
000001db: MSTORE
000001dc: PUSH1 0x60
000001de: DUP3
000001df: DUP2
000001e0: MSTORE
000001e1: SWAP3
000001e2: SWAP2
000001e3: SWAP1
000001e4: DUP3
000001e5: DUP3
000001e6: DUP1
000001e7: ISZERO
000001e8: PUSH2 0x0499
000001eb: JUMPI
000001ec: DUP1
000001ed: PUSH1 0x1f
000001ef: LT
000001f0: PUSH2 0x046e
000001f3: JUMPI
000001f4: PUSH2 0x0100
000001f7: DUP1
000001f8: DUP4
000001f9: SLOAD
000001fa: DIV
000001fb: MUL
000001fc: DUP4
000001fd: MSTORE
000001fe: SWAP2
000001ff: PUSH1 0x20
00000201: ADD
00000202: SWAP2
00000203: PUSH2 0x0499
00000206: JUMP
00000207: JUMPDEST
00000208: PUSH2 0x03e2
0000020b: PUSH1 0x04
0000020d: CALLDATALOAD
0000020e: PUSH1 0x24
00000210: CALLDATALOAD
00000211: PUSH1 0x01
00000213: PUSH1 0xa0
00000215: PUSH1 0x02
00000217: EXP
00000218: SUB
00000219: CALLER
0000021a: AND
0000021b: PUSH1 0x00
0000021d: SWAP1
0000021e: DUP2
0000021f: MSTORE
00000220: PUSH1 0x05
00000222: PUSH1 0x20
00000224: MSTORE
00000225: PUSH1 0x40
00000227: SWAP1
00000228: KECCAK256
00000229: SLOAD
0000022a: DUP2
0000022b: SWAP1
0000022c: LT
0000022d: ISZERO
0000022e: PUSH2 0x04a1
00000231: JUMPI
00000232: PUSH2 0x0002
00000235: JUMP
00000236: JUMPDEST
00000237: PUSH1 0x80
00000239: PUSH1 0x20
0000023b: PUSH1 0x44
0000023d: CALLDATALOAD
0000023e: PUSH1 0x04
00000240: DUP2
00000241: DUP2
00000242: ADD
00000243: CALLDATALOAD
00000244: PUSH1 0x1f
00000246: DUP2
00000247: ADD
00000248: DUP5
00000249: SWAP1
0000024a: DIV
0000024b: SWAP1
0000024c: SWAP4
0000024d: MUL
0000024e: DUP5
0000024f: ADD
00000250: PUSH1 0x40
00000252: MSTORE
00000253: PUSH1 0x60
00000255: DUP4
00000256: DUP2
00000257: MSTORE
00000258: PUSH2 0x0452
0000025b: SWAP5
0000025c: DUP3
0000025d: CALLDATALOAD
0000025e: SWAP5
0000025f: PUSH1 0x24
00000261: DUP1
00000262: CALLDATALOAD
00000263: SWAP6
00000264: PUSH1 0x64
00000266: SWAP5
00000267: SWAP4
00000268: SWAP2
00000269: ADD
0000026a: SWAP2
0000026b: SWAP1
0000026c: DUP2
0000026d: SWAP1
0000026e: DUP4
0000026f: DUP3
00000270: DUP1
00000271: DUP3
00000272: DUP5
00000273: CALLDATACOPY
00000274: POP
00000275: SWAP5
00000276: SWAP7
00000277: POP
00000278: POP
00000279: POP
0000027a: POP
0000027b: POP
0000027c: POP
0000027d: POP
0000027e: PUSH1 0x00
00000280: PUSH1 0x00
00000282: DUP4
00000283: PUSH1 0x06
00000285: PUSH1 0x00
00000287: POP
00000288: PUSH1 0x00
0000028a: CALLER
0000028b: PUSH1 0x01
0000028d: PUSH1 0xa0
0000028f: PUSH1 0x02
00000291: EXP
00000292: SUB
00000293: AND
00000294: DUP2
00000295: MSTORE
00000296: PUSH1 0x20
00000298: ADD
00000299: SWAP1
0000029a: DUP2
0000029b: MSTORE
0000029c: PUSH1 0x20
0000029e: ADD
0000029f: PUSH1 0x00
000002a1: KECCAK256
000002a2: PUSH1 0x00
000002a4: POP
000002a5: PUSH1 0x00
000002a7: DUP8
000002a8: PUSH1 0x01
000002aa: PUSH1 0xa0
000002ac: PUSH1 0x02
000002ae: EXP
000002af: SUB
000002b0: AND
000002b1: DUP2
000002b2: MSTORE
000002b3: PUSH1 0x20
000002b5: ADD
000002b6: SWAP1
000002b7: DUP2
000002b8: MSTORE
000002b9: PUSH1 0x20
000002bb: ADD
000002bc: PUSH1 0x00
000002be: KECCAK256
000002bf: PUSH1 0x00
000002c1: POP
000002c2: DUP2
000002c3: SWAP1
000002c4: SSTORE
000002c5: POP
000002c6: DUP5
000002c7: SWAP1
000002c8: POP
000002c9: DUP1
000002ca: PUSH1 0x01
000002cc: PUSH1 0xa0
000002ce: PUSH1 0x02
000002d0: EXP
000002d1: SUB
000002d2: AND
000002d3: PUSH4 0x8f4ffcb1
000002d8: CALLER
000002d9: DUP7
000002da: ADDRESS
000002db: DUP8
000002dc: PUSH1 0x40
000002de: MLOAD
000002df: DUP6
000002e0: PUSH1 0xe0
000002e2: PUSH1 0x02
000002e4: EXP
000002e5: MUL
000002e6: DUP2
000002e7: MSTORE
000002e8: PUSH1 0x04
000002ea: ADD
000002eb: DUP1
000002ec: DUP6
000002ed: PUSH1 0x01
000002ef: PUSH1 0xa0
000002f1: PUSH1 0x02
000002f3: EXP
000002f4: SUB
000002f5: AND
000002f6: DUP2
000002f7: MSTORE
000002f8: PUSH1 0x20
000002fa: ADD
000002fb: DUP5
000002fc: DUP2
000002fd: MSTORE
000002fe: PUSH1 0x20
00000300: ADD
00000301: DUP4
00000302: PUSH1 0x01
00000304: PUSH1 0xa0
00000306: PUSH1 0x02
00000308: EXP
00000309: SUB
0000030a: AND
0000030b: DUP2
0000030c: MSTORE
0000030d: PUSH1 0x20
0000030f: ADD
00000310: DUP1
00000311: PUSH1 0x20
00000313: ADD
00000314: DUP3
00000315: DUP2
00000316: SUB
00000317: DUP3
00000318: MSTORE
00000319: DUP4
0000031a: DUP2
0000031b: DUP2
0000031c: MLOAD
0000031d: DUP2
0000031e: MSTORE
0000031f: PUSH1 0x20
00000321: ADD
00000322: SWAP2
00000323: POP
00000324: DUP1
00000325: MLOAD
00000326: SWAP1
00000327: PUSH1 0x20
00000329: ADD
0000032a: SWAP1
0000032b: DUP1
0000032c: DUP4
0000032d: DUP4
0000032e: DUP3
0000032f: SWAP1
00000330: PUSH1 0x00
00000332: PUSH1 0x04
00000334: PUSH1 0x20
00000336: DUP5
00000337: PUSH1 0x1f
00000339: ADD
0000033a: DIV
0000033b: PUSH1 0x0f
0000033d: MUL
0000033e: PUSH1 0x03
00000340: ADD
00000341: CALL
00000342: POP
00000343: SWAP1
00000344: POP
00000345: SWAP1
00000346: DUP2
00000347: ADD
00000348: SWAP1
00000349: PUSH1 0x1f
0000034b: AND
0000034c: DUP1
0000034d: ISZERO
0000034e: PUSH2 0x036b
00000351: JUMPI
00000352: DUP1
00000353: DUP3
00000354: SUB
00000355: DUP1
00000356: MLOAD
00000357: PUSH1 0x01
00000359: DUP4
0000035a: PUSH1 0x20
0000035c: SUB
0000035d: PUSH2 0x0100
00000360: EXP
00000361: SUB
00000362: NOT
00000363: AND
00000364: DUP2
00000365: MSTORE
00000366: PUSH1 0x20
00000368: ADD
00000369: SWAP2
0000036a: POP
0000036b: JUMPDEST
0000036c: POP
0000036d: SWAP6
0000036e: POP
0000036f: POP
00000370: POP
00000371: POP
00000372: POP
00000373: POP
00000374: PUSH1 0x00
00000376: PUSH1 0x40
00000378: MLOAD
00000379: DUP1
0000037a: DUP4
0000037b: SUB
0000037c: DUP2
0000037d: PUSH1 0x00
0000037f: DUP8
00000380: PUSH2 0x61da
00000383: GAS
00000384: SUB
00000385: CALL
00000386: ISZERO
00000387: PUSH2 0x0002
0000038a: JUMPI
0000038b: POP
0000038c: PUSH1 0x01
0000038e: SWAP8
0000038f: SWAP7
00000390: POP
00000391: POP
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: POP
00000397: JUMP
00000398: JUMPDEST
00000399: PUSH1 0x07
0000039b: PUSH1 0x20
0000039d: SWAP1
0000039e: DUP2
0000039f: MSTORE
000003a0: PUSH1 0x04
000003a2: CALLDATALOAD
000003a3: PUSH1 0x00
000003a5: SWAP1
000003a6: DUP2
000003a7: MSTORE
000003a8: PUSH1 0x40
000003aa: DUP1
000003ab: DUP3
000003ac: KECCAK256
000003ad: SWAP1
000003ae: SWAP3
000003af: MSTORE
000003b0: PUSH1 0x24
000003b2: CALLDATALOAD
000003b3: DUP2
000003b4: MSTORE
000003b5: KECCAK256
000003b6: SLOAD
000003b7: PUSH2 0x0452
000003ba: SWAP1
000003bb: DUP2
000003bc: JUMP
000003bd: JUMPDEST
000003be: PUSH1 0x06
000003c0: PUSH1 0x20
000003c2: SWAP1
000003c3: DUP2
000003c4: MSTORE
000003c5: PUSH1 0x04
000003c7: CALLDATALOAD
000003c8: PUSH1 0x00
000003ca: SWAP1
000003cb: DUP2
000003cc: MSTORE
000003cd: PUSH1 0x40
000003cf: DUP1
000003d0: DUP3
000003d1: KECCAK256
000003d2: SWAP1
000003d3: SWAP3
000003d4: MSTORE
000003d5: PUSH1 0x24
000003d7: CALLDATALOAD
000003d8: DUP2
000003d9: MSTORE
000003da: KECCAK256
000003db: SLOAD
000003dc: PUSH2 0x0452
000003df: SWAP1
000003e0: DUP2
000003e1: JUMP
000003e2: JUMPDEST
000003e3: STOP
000003e4: JUMPDEST
000003e5: PUSH1 0x40
000003e7: MLOAD
000003e8: DUP1
000003e9: DUP1
000003ea: PUSH1 0x20
000003ec: ADD
000003ed: DUP3
000003ee: DUP2
000003ef: SUB
000003f0: DUP3
000003f1: MSTORE
000003f2: DUP4
000003f3: DUP2
000003f4: DUP2
000003f5: MLOAD
000003f6: DUP2
000003f7: MSTORE
000003f8: PUSH1 0x20
000003fa: ADD
000003fb: SWAP2
000003fc: POP
000003fd: DUP1
000003fe: MLOAD
000003ff: SWAP1
00000400: PUSH1 0x20
00000402: ADD
00000403: SWAP1
00000404: DUP1
00000405: DUP4
00000406: DUP4
00000407: DUP3
00000408: SWAP1
00000409: PUSH1 0x00
0000040b: PUSH1 0x04
0000040d: PUSH1 0x20
0000040f: DUP5
00000410: PUSH1 0x1f
00000412: ADD
00000413: DIV
00000414: PUSH1 0x0f
00000416: MUL
00000417: PUSH1 0x03
00000419: ADD
0000041a: CALL
0000041b: POP
0000041c: SWAP1
0000041d: POP
0000041e: SWAP1
0000041f: DUP2
00000420: ADD
00000421: SWAP1
00000422: PUSH1 0x1f
00000424: AND
00000425: DUP1
00000426: ISZERO
00000427: PUSH2 0x0444
0000042a: JUMPI
0000042b: DUP1
0000042c: DUP3
0000042d: SUB
0000042e: DUP1
0000042f: MLOAD
00000430: PUSH1 0x01
00000432: DUP4
00000433: PUSH1 0x20
00000435: SUB
00000436: PUSH2 0x0100
00000439: EXP
0000043a: SUB
0000043b: NOT
0000043c: AND
0000043d: DUP2
0000043e: MSTORE
0000043f: PUSH1 0x20
00000441: ADD
00000442: SWAP2
00000443: POP
00000444: JUMPDEST
00000445: POP
00000446: SWAP3
00000447: POP
00000448: POP
00000449: POP
0000044a: PUSH1 0x40
0000044c: MLOAD
0000044d: DUP1
0000044e: SWAP2
0000044f: SUB
00000450: SWAP1
00000451: RETURN
00000452: JUMPDEST
00000453: PUSH1 0x40
00000455: DUP1
00000456: MLOAD
00000457: SWAP2
00000458: DUP3
00000459: MSTORE
0000045a: MLOAD
0000045b: SWAP1
0000045c: DUP2
0000045d: SWAP1
0000045e: SUB
0000045f: PUSH1 0x20
00000461: ADD
00000462: SWAP1
00000463: RETURN
00000464: JUMPDEST
00000465: PUSH1 0x60
00000467: SWAP1
00000468: DUP2
00000469: MSTORE
0000046a: PUSH1 0x20
0000046c: SWAP1
0000046d: RETURN
0000046e: JUMPDEST
0000046f: DUP3
00000470: ADD
00000471: SWAP2
00000472: SWAP1
00000473: PUSH1 0x00
00000475: MSTORE
00000476: PUSH1 0x20
00000478: PUSH1 0x00
0000047a: KECCAK256
0000047b: SWAP1
0000047c: JUMPDEST
0000047d: DUP2
0000047e: SLOAD
0000047f: DUP2
00000480: MSTORE
00000481: SWAP1
00000482: PUSH1 0x01
00000484: ADD
00000485: SWAP1
00000486: PUSH1 0x20
00000488: ADD
00000489: DUP1
0000048a: DUP4
0000048b: GT
0000048c: PUSH2 0x047c
0000048f: JUMPI
00000490: DUP3
00000491: SWAP1
00000492: SUB
00000493: PUSH1 0x1f
00000495: AND
00000496: DUP3
00000497: ADD
00000498: SWAP2
00000499: JUMPDEST
0000049a: POP
0000049b: POP
0000049c: POP
0000049d: POP
0000049e: POP
0000049f: DUP2
000004a0: JUMP
000004a1: JUMPDEST
000004a2: PUSH1 0x01
000004a4: PUSH1 0xa0
000004a6: PUSH1 0x02
000004a8: EXP
000004a9: SUB
000004aa: DUP3
000004ab: AND
000004ac: PUSH1 0x00
000004ae: SWAP1
000004af: DUP2
000004b0: MSTORE
000004b1: PUSH1 0x40
000004b3: SWAP1
000004b4: KECCAK256
000004b5: SLOAD
000004b6: DUP1
000004b7: DUP3
000004b8: ADD
000004b9: LT
000004ba: ISZERO
000004bb: PUSH2 0x04c3
000004be: JUMPI
000004bf: PUSH2 0x0002
000004c2: JUMP
000004c3: JUMPDEST
000004c4: DUP1
000004c5: PUSH1 0x05
000004c7: PUSH1 0x00
000004c9: POP
000004ca: PUSH1 0x00
000004cc: CALLER
000004cd: PUSH1 0x01
000004cf: PUSH1 0xa0
000004d1: PUSH1 0x02
000004d3: EXP
000004d4: SUB
000004d5: AND
000004d6: DUP2
000004d7: MSTORE
000004d8: PUSH1 0x20
000004da: ADD
000004db: SWAP1
000004dc: DUP2
000004dd: MSTORE
000004de: PUSH1 0x20
000004e0: ADD
000004e1: PUSH1 0x00
000004e3: KECCAK256
000004e4: PUSH1 0x00
000004e6: DUP3
000004e7: DUP3
000004e8: DUP3
000004e9: POP
000004ea: SLOAD
000004eb: SUB
000004ec: SWAP3
000004ed: POP
000004ee: POP
000004ef: DUP2
000004f0: SWAP1
000004f1: SSTORE
000004f2: POP
000004f3: DUP1
000004f4: PUSH1 0x05
000004f6: PUSH1 0x00
000004f8: POP
000004f9: PUSH1 0x00
000004fb: DUP5
000004fc: PUSH1 0x01
000004fe: PUSH1 0xa0
00000500: PUSH1 0x02
00000502: EXP
00000503: SUB
00000504: AND
00000505: DUP2
00000506: MSTORE
00000507: PUSH1 0x20
00000509: ADD
0000050a: SWAP1
0000050b: DUP2
0000050c: MSTORE
0000050d: PUSH1 0x20
0000050f: ADD
00000510: PUSH1 0x00
00000512: KECCAK256
00000513: PUSH1 0x00
00000515: DUP3
00000516: DUP3
00000517: DUP3
00000518: POP
00000519: SLOAD
0000051a: ADD
0000051b: SWAP3
0000051c: POP
0000051d: POP
0000051e: DUP2
0000051f: SWAP1
00000520: SSTORE
00000521: POP
00000522: DUP2
00000523: PUSH1 0x01
00000525: PUSH1 0xa0
00000527: PUSH1 0x02
00000529: EXP
0000052a: SUB
0000052b: AND
0000052c: CALLER
0000052d: PUSH1 0x01
0000052f: PUSH1 0xa0
00000531: PUSH1 0x02
00000533: EXP
00000534: SUB
00000535: AND
00000536: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
00000557: DUP4
00000558: PUSH1 0x40
0000055a: MLOAD
0000055b: DUP1
0000055c: DUP3
0000055d: DUP2
0000055e: MSTORE
0000055f: PUSH1 0x20
00000561: ADD
00000562: SWAP2
00000563: POP
00000564: POP
00000565: PUSH1 0x40
00000567: MLOAD
00000568: DUP1
00000569: SWAP2
0000056a: SUB
0000056b: SWAP1
0000056c: LOG3
0000056d: POP
0000056e: POP
0000056f: JUMP
00000570: JUMPDEST
00000571: PUSH1 0x01
00000573: PUSH1 0xa0
00000575: PUSH1 0x02
00000577: EXP
00000578: SUB
00000579: DUP4
0000057a: AND
0000057b: DUP2
0000057c: MSTORE
0000057d: PUSH1 0x40
0000057f: DUP2
00000580: KECCAK256
00000581: SLOAD
00000582: DUP1
00000583: DUP4
00000584: ADD
00000585: LT
00000586: ISZERO
00000587: PUSH2 0x058f
0000058a: JUMPI
0000058b: PUSH2 0x0002
0000058e: JUMP
0000058f: JUMPDEST
00000590: PUSH1 0x01
00000592: PUSH1 0xa0
00000594: PUSH1 0x02
00000596: EXP
00000597: SUB
00000598: DUP1
00000599: DUP6
0000059a: AND
0000059b: DUP1
0000059c: DUP4
0000059d: MSTORE
0000059e: PUSH1 0x06
000005a0: PUSH1 0x20
000005a2: SWAP1
000005a3: DUP2
000005a4: MSTORE
000005a5: PUSH1 0x40
000005a7: DUP1
000005a8: DUP6
000005a9: KECCAK256
000005aa: CALLER
000005ab: SWAP5
000005ac: SWAP1
000005ad: SWAP5
000005ae: AND
000005af: DUP1
000005b0: DUP7
000005b1: MSTORE
000005b2: SWAP4
000005b3: DUP3
000005b4: MSTORE
000005b5: DUP1
000005b6: DUP6
000005b7: KECCAK256
000005b8: SLOAD
000005b9: SWAP3
000005ba: DUP6
000005bb: MSTORE
000005bc: PUSH1 0x07
000005be: DUP3
000005bf: MSTORE
000005c0: DUP1
000005c1: DUP6
000005c2: KECCAK256
000005c3: SWAP4
000005c4: DUP6
000005c5: MSTORE
000005c6: SWAP3
000005c7: SWAP1
000005c8: MSTORE
000005c9: SWAP1
000005ca: DUP3
000005cb: KECCAK256
000005cc: SLOAD
000005cd: DUP4
000005ce: ADD
000005cf: GT
000005d0: ISZERO
000005d1: PUSH2 0x05d9
000005d4: JUMPI
000005d5: PUSH2 0x0002
000005d8: JUMP
000005d9: JUMPDEST
000005da: DUP2
000005db: PUSH1 0x05
000005dd: PUSH1 0x00
000005df: POP
000005e0: PUSH1 0x00
000005e2: DUP7
000005e3: PUSH1 0x01
000005e5: PUSH1 0xa0
000005e7: PUSH1 0x02
000005e9: EXP
000005ea: SUB
000005eb: AND
000005ec: DUP2
000005ed: MSTORE
000005ee: PUSH1 0x20
000005f0: ADD
000005f1: SWAP1
000005f2: DUP2
000005f3: MSTORE
000005f4: PUSH1 0x20
000005f6: ADD
000005f7: PUSH1 0x00
000005f9: KECCAK256
000005fa: PUSH1 0x00
000005fc: DUP3
000005fd: DUP3
000005fe: DUP3
000005ff: POP
00000600: SLOAD
00000601: SUB
00000602: SWAP3
00000603: POP
00000604: POP
00000605: DUP2
00000606: SWAP1
00000607: SSTORE
00000608: POP
00000609: DUP2
0000060a: PUSH1 0x05
0000060c: PUSH1 0x00
0000060e: POP
0000060f: PUSH1 0x00
00000611: DUP6
00000612: PUSH1 0x01
00000614: PUSH1 0xa0
00000616: PUSH1 0x02
00000618: EXP
00000619: SUB
0000061a: AND
0000061b: DUP2
0000061c: MSTORE
0000061d: PUSH1 0x20
0000061f: ADD
00000620: SWAP1
00000621: DUP2
00000622: MSTORE
00000623: PUSH1 0x20
00000625: ADD
00000626: PUSH1 0x00
00000628: KECCAK256
00000629: PUSH1 0x00
0000062b: DUP3
0000062c: DUP3
0000062d: DUP3
0000062e: POP
0000062f: SLOAD
00000630: ADD
00000631: SWAP3
00000632: POP
00000633: POP
00000634: DUP2
00000635: SWAP1
00000636: SSTORE
00000637: POP
00000638: DUP2
00000639: PUSH1 0x07
0000063b: PUSH1 0x00
0000063d: POP
0000063e: PUSH1 0x00
00000640: DUP7
00000641: PUSH1 0x01
00000643: PUSH1 0xa0
00000645: PUSH1 0x02
00000647: EXP
00000648: SUB
00000649: AND
0000064a: DUP2
0000064b: MSTORE
0000064c: PUSH1 0x20
0000064e: ADD
0000064f: SWAP1
00000650: DUP2
00000651: MSTORE
00000652: PUSH1 0x20
00000654: ADD
00000655: PUSH1 0x00
00000657: KECCAK256
00000658: PUSH1 0x00
0000065a: POP
0000065b: PUSH1 0x00
0000065d: CALLER
0000065e: PUSH1 0x01
00000660: PUSH1 0xa0
00000662: PUSH1 0x02
00000664: EXP
00000665: SUB
00000666: AND
00000667: DUP2
00000668: MSTORE
00000669: PUSH1 0x20
0000066b: ADD
0000066c: SWAP1
0000066d: DUP2
0000066e: MSTORE
0000066f: PUSH1 0x20
00000671: ADD
00000672: PUSH1 0x00
00000674: KECCAK256
00000675: PUSH1 0x00
00000677: DUP3
00000678: DUP3
00000679: DUP3
0000067a: POP
0000067b: SLOAD
0000067c: ADD
0000067d: SWAP3
0000067e: POP
0000067f: POP
00000680: DUP2
00000681: SWAP1
00000682: SSTORE
00000683: POP
00000684: DUP3
00000685: PUSH1 0x01
00000687: PUSH1 0xa0
00000689: PUSH1 0x02
0000068b: EXP
0000068c: SUB
0000068d: AND
0000068e: DUP5
0000068f: PUSH1 0x01
00000691: PUSH1 0xa0
00000693: PUSH1 0x02
00000695: EXP
00000696: SUB
00000697: AND
00000698: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000006b9: DUP5
000006ba: PUSH1 0x40
000006bc: MLOAD
000006bd: DUP1
000006be: DUP3
000006bf: DUP2
000006c0: MSTORE
000006c1: PUSH1 0x20
000006c3: ADD
000006c4: SWAP2
000006c5: POP
000006c6: POP
000006c7: PUSH1 0x40
000006c9: MLOAD
000006ca: DUP1
000006cb: SWAP2
000006cc: SUB
000006cd: SWAP1
000006ce: LOG3
000006cf: POP
000006d0: PUSH1 0x01
000006d2: SWAP4
000006d3: SWAP3
000006d4: POP
000006d5: POP
000006d6: POP
000006d7: JUMP
exec
/bin/bash -lc "node - <<'NODE'
const { keccak256, toUtf8Bytes } = require('ethers');
for (const sig of [
'approveAndCall(address,uint256,bytes)',
'receiveApproval(address,uint256,address,bytes)',
'spentAllowance(address,address)',
'usedAllowance(address,address)',
'allowanceUsed(address,address)',
'allowanceSpent(address,address)'
]) {
console.log(sig, keccak256(toUtf8Bytes(sig)).slice(0,10));
}
NODE" in /tmp/codex-wht8v9t9
exited 1 in 0ms:
node:internal/modules/cjs/loader:1242
throw err;
^
Error: Cannot find module 'ethers'
Require stack:
- /tmp/codex-wht8v9t9/[stdin]
at Function._resolveFilename (node:internal/modules/cjs/loader:1239:15)
at Function._load (node:internal/modules/cjs/loader:1064:27)
at TracingChannel.traceSync (node:diagnostics_channel:322:14)
at wrapModuleLoad (node:internal/modules/cjs/loader:218:24)
at Module.require (node:internal/modules/cjs/loader:1325:12)
at require (node:internal/modules/helpers:136:16)
at [stdin]:1:36
at runScriptInThisContext (node:internal/vm:209:10)
at node:internal/process/execution:118:14
at [stdin]-wrapper:6:24 {
code: 'MODULE_NOT_FOUND',
requireStack: [ '/tmp/codex-wht8v9t9/[stdin]' ]
}
Node.js v23.3.0
exec
/bin/bash -lc "for s in 'approveAndCall(address,uint256,bytes)' 'receiveApproval(address,uint256,address,bytes)' 'spentAllowance(address,address)' 'usedAllowance(address,address)' 'allowanceUsed(address,address)' 'allowanceSpent(address,address)'; do printf '%s ' \""'$s"; /home/noahkuhn/.foundry/bin/cast keccak "$s" | cut -c1-10; done' in /tmp/codex-wht8v9t9
succeeded in 0ms:
approveAndCall(address,uint256,bytes) 0xcae9ca51
receiveApproval(address,uint256,address,bytes) 0x8f4ffcb1
spentAllowance(address,address) 0xdc3080f2
usedAllowance(address,address) 0x62ee7c28
allowanceUsed(address,address) 0xd1e4466d
allowanceSpent(address,address) 0x2c346109
codex
{"no_findings":false,"summary":"Bytecode-only review indicates a nonstandard approval model and one intentional but reentrant callback surface. Selector inference for `0xcae9ca51` and `0xdc3080f2` is supported by local keccak matches to `approveAndCall(address,uint256,bytes)` and `spentAllowance(address,address)`, but storage names remain inferred from raw slots.","findings":[{"severity":"medium","category":"other","title":"Approval accounting is cumulative and can permanently brick future approvals for a spender","exploit_scenario":"A user approves spender `S` for 100 tokens and `S` spends them, which increments the separate spent counter. Later the user calls `approveAndCall(S, 50, ...)`. The approval write succeeds and `allowance(user,S)` returns 50, but `transferFrom` checks `spentAllowance + amount <= allowance`, so no transfer can succeed until the user approves more than the entire historical spent amount. Because `approveAndCall` also requires `currentBalance >= newAllowance`, a user whose current balance is below their historical spent total can become unable to grant any usable future allowance to that spender.","recommendation":"If this is meant to behave like ERC-20 allowance, reset the spent counter whenever a new allowance is set, or store and decrement remaining allowance directly. If lifetime-cap semantics are intentional, do not expose it as standard `allowance`; rename the getters and add an explicit reset/cancel path so spenders cannot become permanently unusable.","evidence":"`approveAndCall` (`selector:0xcae9ca51`) checks caller balance before setting approval, then writes only the slot-6 approval mapping (`SSTORE` at `pc:0x2c4`). `transferFrom` (`selector:0x23b872dd`) reads slot 6 and a second nested mapping in slot 7, enforces `slot7 + amount <= slot6` (`pc:0x5b8`, `pc:0x5cc`, `pc:0x5cf`), and then increments slot 7 (`SSTORE` at `pc:0x682`). The extra getter `selector:0xdc3080f2` returns slot 7, matching `spentAllowance(address,address)`. No bytecode path was found that clears slot 7 when a new approval is issued.","locations":["selector:0xcae9ca51","selector:0x23b872dd","selector:0xdc3080f2","selector:0xdd62ed3e","pc:0x2c4","pc:0x5b8","pc:0x5cc","pc:0x682"]},{"severity":"low","category":"reentrancy","title":"`approveAndCall` grants allowance before an untrusted external callback","exploit_scenario":"A malicious spender contract can be approved through `approveAndCall`, receive the callback, and reenter the token immediately via `transferFrom` or other entrypoints while the outer call is still active. In this token that appears to be the intended extension behavior, so the impact is mainly on integrators that assume `approveAndCall` is a simple notification rather than a fully reentrant interaction.","recommendation":"Treat `approveAndCall` as a reentrant entrypoint. If this callback is not required, remove it in favor of standard allowance flow. If it is required, document the behavior clearly and consider a stricter callback interface or reentrancy protections around any future stateful logic added to this contract.","evidence":"`selector:0xcae9ca51` matches `approveAndCall(address,uint256,bytes)` and builds calldata for `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`). The approval state is persisted first (`pc:0x2c4`), then the contract performs a low-level `CALL` to the spender at `pc:0x385`. The artifact reports no detected guards, and the only non-precompile untrusted external callsite validated from this runtime is this callback path.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
tokens used
118,684
{
"codex": {
"ran_at": "2026-04-05T05:00:39.525451+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3506,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode-only review indicates a nonstandard approval model and one intentional but reentrant callback surface. Selector inference for `0xcae9ca51` and `0xdc3080f2` is supported by local keccak matches to `approveAndCall(address,uint256,bytes)` and `spentAllowance(address,address)`, but storage names remain inferred from raw slots.",
"raw_final": {
"summary": "Bytecode-only review indicates a nonstandard approval model and one intentional but reentrant callback surface. Selector inference for `0xcae9ca51` and `0xdc3080f2` is supported by local keccak matches to `approveAndCall(address,uint256,bytes)` and `spentAllowance(address,address)`, but storage names remain inferred from raw slots.",
"findings": [
{
"title": "Approval accounting is cumulative and can permanently brick future approvals for a spender",
"category": "other",
"evidence": "`approveAndCall` (`selector:0xcae9ca51`) checks caller balance before setting approval, then writes only the slot-6 approval mapping (`SSTORE` at `pc:0x2c4`). `transferFrom` (`selector:0x23b872dd`) reads slot 6 and a second nested mapping in slot 7, enforces `slot7 + amount <= slot6` (`pc:0x5b8`, `pc:0x5cc`, `pc:0x5cf`), and then increments slot 7 (`SSTORE` at `pc:0x682`). The extra getter `selector:0xdc3080f2` returns slot 7, matching `spentAllowance(address,address)`. No bytecode path was found that clears slot 7 when a new approval is issued.",
"severity": "medium",
"locations": [
"selector:0xcae9ca51",
"selector:0x23b872dd",
"selector:0xdc3080f2",
"selector:0xdd62ed3e",
"pc:0x2c4",
"pc:0x5b8",
"pc:0x5cc",
"pc:0x682"
],
"recommendation": "If this is meant to behave like ERC-20 allowance, reset the spent counter whenever a new allowance is set, or store and decrement remaining allowance directly. If lifetime-cap semantics are intentional, do not expose it as standard `allowance`; rename the getters and add an explicit reset/cancel path so spenders cannot become permanently unusable.",
"exploit_scenario": "A user approves spender `S` for 100 tokens and `S` spends them, which increments the separate spent counter. Later the user calls `approveAndCall(S, 50, ...)`. The approval write succeeds and `allowance(user,S)` returns 50, but `transferFrom` checks `spentAllowance + amount <= allowance`, so no transfer can succeed until the user approves more than the entire historical spent amount. Because `approveAndCall` also requires `currentBalance >= newAllowance`, a user whose current balance is below their historical spent total can become unable to grant any usable future allowance to that spender."
},
{
"title": "`approveAndCall` grants allowance before an untrusted external callback",
"category": "reentrancy",
"evidence": "`selector:0xcae9ca51` matches `approveAndCall(address,uint256,bytes)` and builds calldata for `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`). The approval state is persisted first (`pc:0x2c4`), then the contract performs a low-level `CALL` to the spender at `pc:0x385`. The artifact reports no detected guards, and the only non-precompile untrusted external callsite validated from this runtime is this callback path.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "Treat `approveAndCall` as a reentrant entrypoint. If this callback is not required, remove it in favor of standard allowance flow. If it is required, document the behavior clearly and consider a stricter callback interface or reentrancy protections around any future stateful logic added to this contract.",
"exploit_scenario": "A malicious spender contract can be approved through `approveAndCall`, receive the callback, and reenter the token immediately via `transferFrom` or other entrypoints while the outer call is still active. In this token that appears to be the intended extension behavior, so the impact is mainly on integrators that assume `approveAndCall` is a simple notification rather than a fully reentrant interaction."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0095 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x00f2 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x23b872dd 00000030: EQ 00000031: PUSH2 0x00fb 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x012d 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x0139 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x0193 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x95d89b41 0000005c: EQ 0000005d: PUSH2 0x01ab 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa9059cbb 00000067: EQ 00000068: PUSH2 0x0207 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcae9ca51 00000072: EQ 00000073: PUSH2 0x0236 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdc3080f2 0000007d: EQ 0000007e: PUSH2 0x0398 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xdd62ed3e 00000088: EQ 00000089: PUSH2 0x03bd 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x03e2 00000091: PUSH2 0x0002 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH2 0x03e4 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: SLOAD 0000009d: PUSH1 0x20 0000009f: PUSH1 0x02 000000a1: PUSH1 0x01 000000a3: DUP4 000000a4: AND 000000a5: ISZERO 000000a6: PUSH2 0x0100 000000a9: MUL 000000aa: PUSH1 0x00 000000ac: NOT 000000ad: ADD 000000ae: SWAP1 000000af: SWAP3 000000b0: AND 000000b1: SWAP2 000000b2: SWAP1 000000b3: SWAP2 000000b4: DIV 000000b5: PUSH1 0x1f 000000b7: DUP2 000000b8: ADD 000000b9: DUP3 000000ba: SWAP1 000000bb: DIV 000000bc: SWAP1 000000bd: SWAP2 000000be: MUL 000000bf: PUSH1 0x80 000000c1: SWAP1 000000c2: DUP2 000000c3: ADD 000000c4: PUSH1 0x40 000000c6: MSTORE 000000c7: PUSH1 0x60 000000c9: DUP3 000000ca: DUP2 000000cb: MSTORE 000000cc: SWAP3 000000cd: SWAP2 000000ce: SWAP1 000000cf: DUP3 000000d0: DUP3 000000d1: DUP1 000000d2: ISZERO 000000d3: PUSH2 0x0499 000000d6: JUMPI 000000d7: DUP1 000000d8: PUSH1 0x1f 000000da: LT 000000db: PUSH2 0x046e 000000de: JUMPI 000000df: PUSH2 0x0100 000000e2: DUP1 000000e3: DUP4 000000e4: SLOAD 000000e5: DIV 000000e6: MUL 000000e7: DUP4 000000e8: MSTORE 000000e9: SWAP2 000000ea: PUSH1 0x20 000000ec: ADD 000000ed: SWAP2 000000ee: PUSH2 0x0499 000000f1: JUMP 000000f2: JUMPDEST 000000f3: PUSH2 0x0452 000000f6: PUSH1 0x04 000000f8: SLOAD 000000f9: DUP2 000000fa: JUMP 000000fb: JUMPDEST 000000fc: PUSH2 0x0452 000000ff: PUSH1 0x04 00000101: CALLDATALOAD 00000102: PUSH1 0x24 00000104: CALLDATALOAD 00000105: PUSH1 0x44 00000107: CALLDATALOAD 00000108: PUSH1 0x01 0000010a: PUSH1 0xa0 0000010c: PUSH1 0x02 0000010e: EXP 0000010f: SUB 00000110: DUP4 00000111: AND 00000112: PUSH1 0x00 00000114: SWAP1 00000115: DUP2 00000116: MSTORE 00000117: PUSH1 0x05 00000119: PUSH1 0x20 0000011b: MSTORE 0000011c: PUSH1 0x40 0000011e: DUP2 0000011f: KECCAK256 00000120: SLOAD 00000121: DUP3 00000122: SWAP1 00000123: LT 00000124: ISZERO 00000125: PUSH2 0x0570 00000128: JUMPI 00000129: PUSH2 0x0002 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x0464 00000131: PUSH1 0x03 00000133: SLOAD 00000134: PUSH1 0xff 00000136: AND 00000137: DUP2 00000138: JUMP 00000139: JUMPDEST 0000013a: PUSH2 0x03e4 0000013d: PUSH1 0x02 0000013f: DUP1 00000140: SLOAD 00000141: PUSH1 0x20 00000143: PUSH1 0x01 00000145: DUP3 00000146: AND 00000147: ISZERO 00000148: PUSH2 0x0100 0000014b: MUL 0000014c: PUSH1 0x00 0000014e: NOT 0000014f: ADD 00000150: SWAP1 00000151: SWAP2 00000152: AND 00000153: DUP3 00000154: SWAP1 00000155: DIV 00000156: PUSH1 0x1f 00000158: DUP2 00000159: ADD 0000015a: DUP3 0000015b: SWAP1 0000015c: DIV 0000015d: SWAP1 0000015e: SWAP2 0000015f: MUL 00000160: PUSH1 0x80 00000162: SWAP1 00000163: DUP2 00000164: ADD 00000165: PUSH1 0x40 00000167: MSTORE 00000168: PUSH1 0x60 0000016a: DUP3 0000016b: DUP2 0000016c: MSTORE 0000016d: SWAP3 0000016e: SWAP2 0000016f: SWAP1 00000170: DUP3 00000171: DUP3 00000172: DUP1 00000173: ISZERO 00000174: PUSH2 0x0499 00000177: JUMPI 00000178: DUP1 00000179: PUSH1 0x1f 0000017b: LT 0000017c: PUSH2 0x046e 0000017f: JUMPI 00000180: PUSH2 0x0100 00000183: DUP1 00000184: DUP4 00000185: SLOAD 00000186: DIV 00000187: MUL 00000188: DUP4 00000189: MSTORE 0000018a: SWAP2 0000018b: PUSH1 0x20 0000018d: ADD 0000018e: SWAP2 0000018f: PUSH2 0x0499 00000192: JUMP 00000193: JUMPDEST 00000194: PUSH2 0x0452 00000197: PUSH1 0x04 00000199: CALLDATALOAD 0000019a: PUSH1 0x05 0000019c: PUSH1 0x20 0000019e: MSTORE 0000019f: PUSH1 0x00 000001a1: SWAP1 000001a2: DUP2 000001a3: MSTORE 000001a4: PUSH1 0x40 000001a6: SWAP1 000001a7: KECCAK256 000001a8: SLOAD 000001a9: DUP2 000001aa: JUMP 000001ab: JUMPDEST 000001ac: PUSH2 0x03e4 000001af: PUSH1 0x01 000001b1: DUP1 000001b2: SLOAD 000001b3: PUSH1 0x20 000001b5: PUSH1 0x02 000001b7: DUP3 000001b8: DUP5 000001b9: AND 000001ba: ISZERO 000001bb: PUSH2 0x0100 000001be: MUL 000001bf: PUSH1 0x00 000001c1: NOT 000001c2: ADD 000001c3: SWAP1 000001c4: SWAP3 000001c5: AND 000001c6: SWAP2 000001c7: SWAP1 000001c8: SWAP2 000001c9: DIV 000001ca: PUSH1 0x1f 000001cc: DUP2 000001cd: ADD 000001ce: DUP3 000001cf: SWAP1 000001d0: DIV 000001d1: SWAP1 000001d2: SWAP2 000001d3: MUL 000001d4: PUSH1 0x80 000001d6: SWAP1 000001d7: DUP2 000001d8: ADD 000001d9: PUSH1 0x40 000001db: MSTORE 000001dc: PUSH1 0x60 000001de: DUP3 000001df: DUP2 000001e0: MSTORE 000001e1: SWAP3 000001e2: SWAP2 000001e3: SWAP1 000001e4: DUP3 000001e5: DUP3 000001e6: DUP1 000001e7: ISZERO 000001e8: PUSH2 0x0499 000001eb: JUMPI 000001ec: DUP1 000001ed: PUSH1 0x1f 000001ef: LT 000001f0: PUSH2 0x046e 000001f3: JUMPI 000001f4: PUSH2 0x0100 000001f7: DUP1 000001f8: DUP4 000001f9: SLOAD 000001fa: DIV 000001fb: MUL 000001fc: DUP4 000001fd: MSTORE 000001fe: SWAP2 000001ff: PUSH1 0x20 00000201: ADD 00000202: SWAP2 00000203: PUSH2 0x0499 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH2 0x03e2 0000020b: PUSH1 0x04 0000020d: CALLDATALOAD 0000020e: PUSH1 0x24 00000210: CALLDATALOAD 00000211: PUSH1 0x01 00000213: PUSH1 0xa0 00000215: PUSH1 0x02 00000217: EXP 00000218: SUB 00000219: CALLER 0000021a: AND 0000021b: PUSH1 0x00 0000021d: SWAP1 0000021e: DUP2 0000021f: MSTORE 00000220: PUSH1 0x05 00000222: PUSH1 0x20 00000224: MSTORE 00000225: PUSH1 0x40 00000227: SWAP1 00000228: KECCAK256 00000229: SLOAD 0000022a: DUP2 0000022b: SWAP1 0000022c: LT 0000022d: ISZERO 0000022e: PUSH2 0x04a1 00000231: JUMPI 00000232: PUSH2 0x0002 00000235: JUMP 00000236: JUMPDEST 00000237: PUSH1 0x80 00000239: PUSH1 0x20 0000023b: PUSH1 0x44 0000023d: CALLDATALOAD 0000023e: PUSH1 0x04 00000240: DUP2 00000241: DUP2 00000242: ADD 00000243: CALLDATALOAD 00000244: PUSH1 0x1f 00000246: DUP2 00000247: ADD 00000248: DUP5 00000249: SWAP1 0000024a: DIV 0000024b: SWAP1 0000024c: SWAP4 0000024d: MUL 0000024e: DUP5 0000024f: ADD 00000250: PUSH1 0x40 00000252: MSTORE 00000253: PUSH1 0x60 00000255: DUP4 00000256: DUP2 00000257: MSTORE 00000258: PUSH2 0x0452 0000025b: SWAP5 0000025c: DUP3 0000025d: CALLDATALOAD 0000025e: SWAP5 0000025f: PUSH1 0x24 00000261: DUP1 00000262: CALLDATALOAD 00000263: SWAP6 00000264: PUSH1 0x64 00000266: SWAP5 00000267: SWAP4 00000268: SWAP2 00000269: ADD 0000026a: SWAP2 0000026b: SWAP1 0000026c: DUP2 0000026d: SWAP1 0000026e: DUP4 0000026f: DUP3 00000270: DUP1 00000271: DUP3 00000272: DUP5 00000273: CALLDATACOPY 00000274: POP 00000275: SWAP5 00000276: SWAP7 00000277: POP 00000278: POP 00000279: POP 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: POP 0000027e: PUSH1 0x00 00000280: PUSH1 0x00 00000282: DUP4 00000283: PUSH1 0x06 00000285: PUSH1 0x00 00000287: POP 00000288: PUSH1 0x00 0000028a: CALLER 0000028b: PUSH1 0x01 0000028d: PUSH1 0xa0 0000028f: PUSH1 0x02 00000291: EXP 00000292: SUB 00000293: AND 00000294: DUP2 00000295: MSTORE 00000296: PUSH1 0x20 00000298: ADD 00000299: SWAP1 0000029a: DUP2 0000029b: MSTORE 0000029c: PUSH1 0x20 0000029e: ADD 0000029f: PUSH1 0x00 000002a1: KECCAK256 000002a2: PUSH1 0x00 000002a4: POP 000002a5: PUSH1 0x00 000002a7: DUP8 000002a8: PUSH1 0x01 000002aa: PUSH1 0xa0 000002ac: PUSH1 0x02 000002ae: EXP 000002af: SUB 000002b0: AND 000002b1: DUP2 000002b2: MSTORE 000002b3: PUSH1 0x20 000002b5: ADD 000002b6: SWAP1 000002b7: DUP2 000002b8: MSTORE 000002b9: PUSH1 0x20 000002bb: ADD 000002bc: PUSH1 0x00 000002be: KECCAK256 000002bf: PUSH1 0x00 000002c1: POP 000002c2: DUP2 000002c3: SWAP1 000002c4: SSTORE 000002c5: POP 000002c6: DUP5 000002c7: SWAP1 000002c8: POP 000002c9: DUP1 000002ca: PUSH1 0x01 000002cc: PUSH1 0xa0 000002ce: PUSH1 0x02 000002d0: EXP 000002d1: SUB 000002d2: AND 000002d3: PUSH4 0x8f4ffcb1 000002d8: CALLER 000002d9: DUP7 000002da: ADDRESS 000002db: DUP8 000002dc: PUSH1 0x40 000002de: MLOAD 000002df: DUP6 000002e0: PUSH1 0xe0 000002e2: PUSH1 0x02 000002e4: EXP 000002e5: MUL 000002e6: DUP2 000002e7: MSTORE 000002e8: PUSH1 0x04 000002ea: ADD 000002eb: DUP1 000002ec: DUP6 000002ed: PUSH1 0x01 000002ef: PUSH1 0xa0 000002f1: PUSH1 0x02 000002f3: EXP 000002f4: SUB 000002f5: AND 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: ADD 000002fb: DUP5 000002fc: DUP2 000002fd: MSTORE 000002fe: PUSH1 0x20 00000300: ADD 00000301: DUP4 00000302: PUSH1 0x01 00000304: PUSH1 0xa0 00000306: PUSH1 0x02 00000308: EXP 00000309: SUB 0000030a: AND 0000030b: DUP2 0000030c: MSTORE 0000030d: PUSH1 0x20 0000030f: ADD 00000310: DUP1 00000311: PUSH1 0x20 00000313: ADD 00000314: DUP3 00000315: DUP2 00000316: SUB 00000317: DUP3 00000318: MSTORE 00000319: DUP4 0000031a: DUP2 0000031b: DUP2 0000031c: MLOAD 0000031d: DUP2 0000031e: MSTORE 0000031f: PUSH1 0x20 00000321: ADD 00000322: SWAP2 00000323: POP 00000324: DUP1 00000325: MLOAD 00000326: SWAP1 00000327: PUSH1 0x20 00000329: ADD 0000032a: SWAP1 0000032b: DUP1 0000032c: DUP4 0000032d: DUP4 0000032e: DUP3 0000032f: SWAP1 00000330: PUSH1 0x00 00000332: PUSH1 0x04 00000334: PUSH1 0x20 00000336: DUP5 00000337: PUSH1 0x1f 00000339: ADD 0000033a: DIV 0000033b: PUSH1 0x0f 0000033d: MUL 0000033e: PUSH1 0x03 00000340: ADD 00000341: CALL 00000342: POP 00000343: SWAP1 00000344: POP 00000345: SWAP1 00000346: DUP2 00000347: ADD 00000348: SWAP1 00000349: PUSH1 0x1f 0000034b: AND 0000034c: DUP1 0000034d: ISZERO 0000034e: PUSH2 0x036b 00000351: JUMPI 00000352: DUP1 00000353: DUP3 00000354: SUB 00000355: DUP1 00000356: MLOAD 00000357: PUSH1 0x01 00000359: DUP4 0000035a: PUSH1 0x20 0000035c: SUB 0000035d: PUSH2 0x0100 00000360: EXP 00000361: SUB 00000362: NOT 00000363: AND 00000364: DUP2 00000365: MSTORE 00000366: PUSH1 0x20 00000368: ADD 00000369: SWAP2 0000036a: POP 0000036b: JUMPDEST 0000036c: POP 0000036d: SWAP6 0000036e: POP 0000036f: POP 00000370: POP 00000371: POP 00000372: POP 00000373: POP 00000374: PUSH1 0x00 00000376: PUSH1 0x40 00000378: MLOAD 00000379: DUP1 0000037a: DUP4 0000037b: SUB 0000037c: DUP2 0000037d: PUSH1 0x00 0000037f: DUP8 00000380: PUSH2 0x61da 00000383: GAS 00000384: SUB 00000385: CALL 00000386: ISZERO 00000387: PUSH2 0x0002 0000038a: JUMPI 0000038b: POP 0000038c: PUSH1 0x01 0000038e: SWAP8 0000038f: SWAP7 00000390: POP 00000391: POP 00000392: POP 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: JUMP 00000398: JUMPDEST 00000399: PUSH1 0x07 0000039b: PUSH1 0x20 0000039d: SWAP1 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x04 000003a2: CALLDATALOAD 000003a3: PUSH1 0x00 000003a5: SWAP1 000003a6: DUP2 000003a7: MSTORE 000003a8: PUSH1 0x40 000003aa: DUP1 000003ab: DUP3 000003ac: KECCAK256 000003ad: SWAP1 000003ae: SWAP3 000003af: MSTORE 000003b0: PUSH1 0x24 000003b2: CALLDATALOAD 000003b3: DUP2 000003b4: MSTORE 000003b5: KECCAK256 000003b6: SLOAD 000003b7: PUSH2 0x0452 000003ba: SWAP1 000003bb: DUP2 000003bc: JUMP 000003bd: JUMPDEST 000003be: PUSH1 0x06 000003c0: PUSH1 0x20 000003c2: SWAP1 000003c3: DUP2 000003c4: MSTORE 000003c5: PUSH1 0x04 000003c7: CALLDATALOAD 000003c8: PUSH1 0x00 000003ca: SWAP1 000003cb: DUP2 000003cc: MSTORE 000003cd: PUSH1 0x40 000003cf: DUP1 000003d0: DUP3 000003d1: KECCAK256 000003d2: SWAP1 000003d3: SWAP3 000003d4: MSTORE 000003d5: PUSH1 0x24 000003d7: CALLDATALOAD 000003d8: DUP2 000003d9: MSTORE 000003da: KECCAK256 000003db: SLOAD 000003dc: PUSH2 0x0452 000003df: SWAP1 000003e0: DUP2 000003e1: JUMP 000003e2: JUMPDEST 000003e3: STOP 000003e4: JUMPDEST 000003e5: PUSH1 0x40 000003e7: MLOAD 000003e8: DUP1 000003e9: DUP1 000003ea: PUSH1 0x20 000003ec: ADD 000003ed: DUP3 000003ee: DUP2 000003ef: SUB 000003f0: DUP3 000003f1: MSTORE 000003f2: DUP4 000003f3: DUP2 000003f4: DUP2 000003f5: MLOAD 000003f6: DUP2 000003f7: MSTORE 000003f8: PUSH1 0x20 000003fa: ADD 000003fb: SWAP2 000003fc: POP 000003fd: DUP1 000003fe: MLOAD 000003ff: SWAP1 00000400: PUSH1 0x20 00000402: ADD 00000403: SWAP1 00000404: DUP1 00000405: DUP4 00000406: DUP4 00000407: DUP3 00000408: SWAP1 00000409: PUSH1 0x00 0000040b: PUSH1 0x04 0000040d: PUSH1 0x20 0000040f: DUP5 00000410: PUSH1 0x1f 00000412: ADD 00000413: DIV 00000414: PUSH1 0x0f 00000416: MUL 00000417: PUSH1 0x03 00000419: ADD 0000041a: CALL 0000041b: POP 0000041c: SWAP1 0000041d: POP 0000041e: SWAP1 0000041f: DUP2 00000420: ADD 00000421: SWAP1 00000422: PUSH1 0x1f 00000424: AND 00000425: DUP1 00000426: ISZERO 00000427: PUSH2 0x0444 0000042a: JUMPI 0000042b: DUP1 0000042c: DUP3 0000042d: SUB 0000042e: DUP1 0000042f: MLOAD 00000430: PUSH1 0x01 00000432: DUP4 00000433: PUSH1 0x20 00000435: SUB 00000436: PUSH2 0x0100 00000439: EXP 0000043a: SUB 0000043b: NOT 0000043c: AND 0000043d: DUP2 0000043e: MSTORE 0000043f: PUSH1 0x20 00000441: ADD 00000442: SWAP2 00000443: POP 00000444: JUMPDEST 00000445: POP 00000446: SWAP3 00000447: POP 00000448: POP 00000449: POP 0000044a: PUSH1 0x40 0000044c: MLOAD 0000044d: DUP1 0000044e: SWAP2 0000044f: SUB 00000450: SWAP1 00000451: RETURN 00000452: JUMPDEST 00000453: PUSH1 0x40 00000455: DUP1 00000456: MLOAD 00000457: SWAP2 00000458: DUP3 00000459: MSTORE 0000045a: MLOAD 0000045b: SWAP1 0000045c: DUP2 0000045d: SWAP1 0000045e: SUB 0000045f: PUSH1 0x20 00000461: ADD 00000462: SWAP1 00000463: RETURN 00000464: JUMPDEST 00000465: PUSH1 0x60 00000467: SWAP1 00000468: DUP2 00000469: MSTORE 0000046a: PUSH1 0x20 0000046c: SWAP1 0000046d: RETURN 0000046e: JUMPDEST 0000046f: DUP3 00000470: ADD 00000471: SWAP2 00000472: SWAP1 00000473: PUSH1 0x00 00000475: MSTORE 00000476: PUSH1 0x20 00000478: PUSH1 0x00 0000047a: KECCAK256 0000047b: SWAP1 0000047c: JUMPDEST 0000047d: DUP2 0000047e: SLOAD 0000047f: DUP2 00000480: MSTORE 00000481: SWAP1 00000482: PUSH1 0x01 00000484: ADD 00000485: SWAP1 00000486: PUSH1 0x20 00000488: ADD 00000489: DUP1 0000048a: DUP4 0000048b: GT 0000048c: PUSH2 0x047c 0000048f: JUMPI 00000490: DUP3 00000491: SWAP1 00000492: SUB 00000493: PUSH1 0x1f 00000495: AND 00000496: DUP3 00000497: ADD 00000498: SWAP2 00000499: JUMPDEST 0000049a: POP 0000049b: POP 0000049c: POP 0000049d: POP 0000049e: POP 0000049f: DUP2 000004a0: JUMP 000004a1: JUMPDEST 000004a2: PUSH1 0x01 000004a4: PUSH1 0xa0 000004a6: PUSH1 0x02 000004a8: EXP 000004a9: SUB 000004aa: DUP3 000004ab: AND 000004ac: PUSH1 0x00 000004ae: SWAP1 000004af: DUP2 000004b0: MSTORE 000004b1: PUSH1 0x40 000004b3: SWAP1 000004b4: KECCAK256 000004b5: SLOAD 000004b6: DUP1 000004b7: DUP3 000004b8: ADD 000004b9: LT 000004ba: ISZERO 000004bb: PUSH2 0x04c3 000004be: JUMPI 000004bf: PUSH2 0x0002 000004c2: JUMP 000004c3: JUMPDEST 000004c4: DUP1 000004c5: PUSH1 0x05 000004c7: PUSH1 0x00 000004c9: POP 000004ca: PUSH1 0x00 000004cc: CALLER 000004cd: PUSH1 0x01 000004cf: PUSH1 0xa0 000004d1: PUSH1 0x02 000004d3: EXP 000004d4: SUB 000004d5: AND 000004d6: DUP2 000004d7: MSTORE 000004d8: PUSH1 0x20 000004da: ADD 000004db: SWAP1 000004dc: DUP2 000004dd: MSTORE 000004de: PUSH1 0x20 000004e0: ADD 000004e1: PUSH1 0x00 000004e3: KECCAK256 000004e4: PUSH1 0x00 000004e6: DUP3 000004e7: DUP3 000004e8: DUP3 000004e9: POP 000004ea: SLOAD 000004eb: SUB 000004ec: SWAP3 000004ed: POP 000004ee: POP 000004ef: DUP2 000004f0: SWAP1 000004f1: SSTORE 000004f2: POP 000004f3: DUP1 000004f4: PUSH1 0x05 000004f6: PUSH1 0x00 000004f8: POP 000004f9: PUSH1 0x00 000004fb: DUP5 000004fc: PUSH1 0x01 000004fe: PUSH1 0xa0 00000500: PUSH1 0x02 00000502: EXP 00000503: SUB 00000504: AND 00000505: DUP2 00000506: MSTORE 00000507: PUSH1 0x20 00000509: ADD 0000050a: SWAP1 0000050b: DUP2 0000050c: MSTORE 0000050d: PUSH1 0x20 0000050f: ADD 00000510: PUSH1 0x00 00000512: KECCAK256 00000513: PUSH1 0x00 00000515: DUP3 00000516: DUP3 00000517: DUP3 00000518: POP 00000519: SLOAD 0000051a: ADD 0000051b: SWAP3 0000051c: POP 0000051d: POP 0000051e: DUP2 0000051f: SWAP1 00000520: SSTORE 00000521: POP 00000522: DUP2 00000523: PUSH1 0x01 00000525: PUSH1 0xa0 00000527: PUSH1 0x02 00000529: EXP 0000052a: SUB 0000052b: AND 0000052c: CALLER 0000052d: PUSH1 0x01 0000052f: PUSH1 0xa0 00000531: PUSH1 0x02 00000533: EXP 00000534: SUB 00000535: AND 00000536: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 00000557: DUP4 00000558: PUSH1 0x40 0000055a: MLOAD 0000055b: DUP1 0000055c: DUP3 0000055d: DUP2 0000055e: MSTORE 0000055f: PUSH1 0x20 00000561: ADD 00000562: SWAP2 00000563: POP 00000564: POP 00000565: PUSH1 0x40 00000567: MLOAD 00000568: DUP1 00000569: SWAP2 0000056a: SUB 0000056b: SWAP1 0000056c: LOG3 0000056d: POP 0000056e: POP 0000056f: JUMP 00000570: JUMPDEST 00000571: PUSH1 0x01 00000573: PUSH1 0xa0 00000575: PUSH1 0x02 00000577: EXP 00000578: SUB 00000579: DUP4 0000057a: AND 0000057b: DUP2 0000057c: MSTORE 0000057d: PUSH1 0x40 0000057f: DUP2 00000580: KECCAK256 00000581: SLOAD 00000582: DUP1 00000583: DUP4 00000584: ADD 00000585: LT 00000586: ISZERO 00000587: PUSH2 0x058f 0000058a: JUMPI 0000058b: PUSH2 0x0002 0000058e: JUMP 0000058f: JUMPDEST 00000590: PUSH1 0x01 00000592: PUSH1 0xa0 00000594: PUSH1 0x02 00000596: EXP 00000597: SUB 00000598: DUP1 00000599: DUP6 0000059a: AND 0000059b: DUP1 0000059c: DUP4 0000059d: MSTORE 0000059e: PUSH1 0x06 000005a0: PUSH1 0x20 000005a2: SWAP1 000005a3: DUP2 000005a4: MSTORE 000005a5: PUSH1 0x40 000005a7: DUP1 000005a8: DUP6 000005a9: KECCAK256 000005aa: CALLER 000005ab: SWAP5 000005ac: SWAP1 000005ad: SWAP5 000005ae: AND 000005af: DUP1 000005b0: DUP7 000005b1: MSTORE 000005b2: SWAP4 000005b3: DUP3 000005b4: MSTORE 000005b5: DUP1 000005b6: DUP6 000005b7: KECCAK256 000005b8: SLOAD 000005b9: SWAP3 000005ba: DUP6 000005bb: MSTORE 000005bc: PUSH1 0x07 000005be: DUP3 000005bf: MSTORE 000005c0: DUP1 000005c1: DUP6 000005c2: KECCAK256 000005c3: SWAP4 000005c4: DUP6 000005c5: MSTORE 000005c6: SWAP3 000005c7: SWAP1 000005c8: MSTORE 000005c9: SWAP1 000005ca: DUP3 000005cb: KECCAK256 000005cc: SLOAD 000005cd: DUP4 000005ce: ADD 000005cf: GT 000005d0: ISZERO 000005d1: PUSH2 0x05d9 000005d4: JUMPI 000005d5: PUSH2 0x0002 000005d8: JUMP 000005d9: JUMPDEST 000005da: DUP2 000005db: PUSH1 0x05 000005dd: PUSH1 0x00 000005df: POP 000005e0: PUSH1 0x00 000005e2: DUP7 000005e3: PUSH1 0x01 000005e5: PUSH1 0xa0 000005e7: PUSH1 0x02 000005e9: EXP 000005ea: SUB 000005eb: AND 000005ec: DUP2 000005ed: MSTORE 000005ee: PUSH1 0x20 000005f0: ADD 000005f1: SWAP1 000005f2: DUP2 000005f3: MSTORE 000005f4: PUSH1 0x20 000005f6: ADD 000005f7: PUSH1 0x00 000005f9: KECCAK256 000005fa: PUSH1 0x00 000005fc: DUP3 000005fd: DUP3 000005fe: DUP3 000005ff: POP 00000600: SLOAD 00000601: SUB 00000602: SWAP3 00000603: POP 00000604: POP 00000605: DUP2 00000606: SWAP1 00000607: SSTORE 00000608: POP 00000609: DUP2 0000060a: PUSH1 0x05 0000060c: PUSH1 0x00 0000060e: POP 0000060f: PUSH1 0x00 00000611: DUP6 00000612: PUSH1 0x01 00000614: PUSH1 0xa0 00000616: PUSH1 0x02 00000618: EXP 00000619: SUB 0000061a: AND 0000061b: DUP2 0000061c: MSTORE 0000061d: PUSH1 0x20 0000061f: ADD 00000620: SWAP1 00000621: DUP2 00000622: MSTORE 00000623: PUSH1 0x20 00000625: ADD 00000626: PUSH1 0x00 00000628: KECCAK256 00000629: PUSH1 0x00 0000062b: DUP3 0000062c: DUP3 0000062d: DUP3 0000062e: POP 0000062f: SLOAD 00000630: ADD 00000631: SWAP3 00000632: POP 00000633: POP 00000634: DUP2 00000635: SWAP1 00000636: SSTORE 00000637: POP 00000638: DUP2 00000639: PUSH1 0x07 0000063b: PUSH1 0x00 0000063d: POP 0000063e: PUSH1 0x00 00000640: DUP7 00000641: PUSH1 0x01 00000643: PUSH1 0xa0 00000645: PUSH1 0x02 00000647: EXP 00000648: SUB 00000649: AND 0000064a: DUP2 0000064b: MSTORE 0000064c: PUSH1 0x20 0000064e: ADD 0000064f: SWAP1 00000650: DUP2 00000651: MSTORE 00000652: PUSH1 0x20 00000654: ADD 00000655: PUSH1 0x00 00000657: KECCAK256 00000658: PUSH1 0x00 0000065a: POP 0000065b: PUSH1 0x00 0000065d: CALLER 0000065e: PUSH1 0x01 00000660: PUSH1 0xa0 00000662: PUSH1 0x02 00000664: EXP 00000665: SUB 00000666: AND 00000667: DUP2 00000668: MSTORE 00000669: PUSH1 0x20 0000066b: ADD 0000066c: SWAP1 0000066d: DUP2 0000066e: MSTORE 0000066f: PUSH1 0x20 00000671: ADD 00000672: PUSH1 0x00 00000674: KECCAK256 00000675: PUSH1 0x00 00000677: DUP3 00000678: DUP3 00000679: DUP3 0000067a: POP 0000067b: SLOAD 0000067c: ADD 0000067d: SWAP3 0000067e: POP 0000067f: POP 00000680: DUP2 00000681: SWAP1 00000682: SSTORE 00000683: POP 00000684: DUP3 00000685: PUSH1 0x01 00000687: PUSH1 0xa0 00000689: PUSH1 0x02 0000068b: EXP 0000068c: SUB 0000068d: AND 0000068e: DUP5 0000068f: PUSH1 0x01 00000691: PUSH1 0xa0 00000693: PUSH1 0x02 00000695: EXP 00000696: SUB 00000697: AND 00000698: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000006b9: DUP5 000006ba: PUSH1 0x40 000006bc: MLOAD 000006bd: DUP1 000006be: DUP3 000006bf: DUP2 000006c0: MSTORE 000006c1: PUSH1 0x20 000006c3: ADD 000006c4: SWAP2 000006c5: POP 000006c6: POP 000006c7: PUSH1 0x40 000006c9: MLOAD 000006ca: DUP1 000006cb: SWAP2 000006cc: SUB 000006cd: SWAP1 000006ce: LOG3 000006cf: POP 000006d0: PUSH1 0x01 000006d2: SWAP4 000006d3: SWAP3 000006d4: POP 000006d5: POP 000006d6: POP 000006d7: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb
call_targets:
0x0000000000000000000000000000000000000004, 0xb8b1a141a0307667042b2b937c52884b19801dfd
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb8b1a141a0307667042b2b937c52884b19801dfd"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb
call_targets:
0x0000000000000000000000000000000000000004, 0xb8b1a141a0307667042b2b937c52884b19801dfd
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x245e26cfe0be905ef91b66394e4469756c253312ce56ab4d8fab2d718fd303fb",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb8b1a141a0307667042b2b937c52884b19801dfd"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | other | codex | Approval accounting is cumulative and can permanently brick future approvals for a spender | 75 | no | — |
viewevidence_json{
"evidence": "`approveAndCall` (`selector:0xcae9ca51`) checks caller balance before setting approval, then writes only the slot-6 approval mapping (`SSTORE` at `pc:0x2c4`). `transferFrom` (`selector:0x23b872dd`) reads slot 6 and a second nested mapping in slot 7, enforces `slot7 + amount <= slot6` (`pc:0x5b8`, `pc:0x5cc`, `pc:0x5cf`), and then increments slot 7 (`SSTORE` at `pc:0x682`). The extra getter `selector:0xdc3080f2` returns slot 7, matching `spentAllowance(address,address)`. No bytecode path was found that clears slot 7 when a new approval is issued.",
"locations": [
"selector:0xcae9ca51",
"selector:0x23b872dd",
"selector:0xdc3080f2",
"selector:0xdd62ed3e",
"pc:0x2c4",
"pc:0x5b8",
"pc:0x5cc",
"pc:0x682"
],
"recommendation": "If this is meant to behave like ERC-20 allowance, reset the spent counter whenever a new allowance is set, or store and decrement remaining allowance directly. If lifetime-cap semantics are intentional, do not expose it as standard `allowance`; rename the getters and add an explicit reset/cancel path so spenders cannot become permanently unusable.",
"exploit_scenario": "A user approves spender `S` for 100 tokens and `S` spends them, which increments the separate spent counter. Later the user calls `approveAndCall(S, 50, ...)`. The approval write succeeds and `allowance(user,S)` returns 50, but `transferFrom` checks `spentAllowance + amount <= allowance`, so no transfer can succeed until the user approves more than the entire historical spent amount. Because `approveAndCall` also requires `currentBalance >= newAllowance`, a user whose current balance is below their historical spent total can become unable to grant any usable future allowance to that spender."
}
|
| low | reentrancy | codex | `approveAndCall` grants allowance before an untrusted external callback | 65 | no | — |
viewevidence_json{
"evidence": "`selector:0xcae9ca51` matches `approveAndCall(address,uint256,bytes)` and builds calldata for `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`). The approval state is persisted first (`pc:0x2c4`), then the contract performs a low-level `CALL` to the spender at `pc:0x385`. The artifact reports no detected guards, and the only non-precompile untrusted external callsite validated from this runtime is this callback path.",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "Treat `approveAndCall` as a reentrant entrypoint. If this callback is not required, remove it in favor of standard allowance flow. If it is required, document the behavior clearly and consider a stricter callback interface or reentrancy protections around any future stateful logic added to this contract.",
"exploit_scenario": "A malicious spender contract can be approved through `approveAndCall`, receive the callback, and reenter the token immediately via `transferFrom` or other entrypoints while the outer call is still active. In this token that appears to be the intended extension behavior, so the impact is mainly on integrators that assume `approveAndCall` is a simple notification rather than a fully reentrant interaction."
}
|