019b3836-37c7-73c3-8dfa-3e196246c127
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 3811 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 3812 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 46952 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 46953 | capability.graph | complete | 1 / 3 | 1 week ago |
| 46954 | detector.run | complete | 1 / 3 | 1 week ago |
| 46955 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113273 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode bundle shows an ERC20-like token with a non-standard allowance/spent accounting model and one callback-style approval entrypoint that performs an external CALL after updating approval state. No proxy, delegatecall, or privileged upgrade path was evidenced in the runtime bytecode provided.","findings":[{"severity":"medium","category":"other","title":"`allowance()` appears to report gross approved amount, not remaining spendable allowance","exploit_scenario":"Best-effort selector inference indicates `0xdd62ed3e` is `allowance(address,address)` and `0x23b872dd` is `transferFrom(address,address,uint256)`. The contract reads one mapping for approvals and a separate mapping for cumulative spent allowance, then enforces `spent + amount <= approved` during `transferFrom`. Because `0xdd62ed3e` returns only the approval mapping, integrators can observe an allowance that is larger than the actual remaining spendable amount. After partial spending, wallets, routers, or vaults may believe they can pull tokens and then fail unexpectedly; re-approving through the custom approval path also appears to leave prior spent state in place, so a user who 're-approves 100' may still have much less than 100 actually spendable.","recommendation":"Align the ERC20 allowance invariant with standard behavior: either decrement the stored allowance on `transferFrom`, or make `allowance()` return remaining allowance and reset/reinitialize the spent tracker on new approvals. If the cumulative-spend model is intentional, do not expose it behind the standard `0xdd62ed3e` selector without clear compatibility warnings.","evidence":"`0xdd62ed3e` loads from the slot-6 double mapping and returns it directly. `transferFrom` checks slot-6 approval against slot-7 cumulative spent (`SLOAD` around pc 0x4b6 and 0x4ca) and then increments slot-7 (`SSTORE` around pc 0x580). This means reported allowance and actually spendable allowance diverge after spending.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","pc:0x3bd","pc:0x4b6","pc:0x4ca","pc:0x580"]},{"severity":"low","category":"reentrancy","title":"Approval callback entrypoint performs an unguarded external CALL after approval state is written","exploit_scenario":"Best-effort selector inference suggests `0xcae9ca51` is an `approveAndCall(address,uint256,bytes)`-style function. It writes approval state for `caller -> spender`, then performs an external CALL to the spender with callback selector `0x8f4ffcb1`. A malicious spender can synchronously reenter token methods such as `transferFrom` while the freshly written approval is already live. This may be intended behavior for approve-and-callback tokens, so the issue is low severity, but any upstream integrator that assumes approval has no same-transaction side effects can be broken.","recommendation":"If this callback flow is required, document that approval is immediately usable during the callback. Otherwise, remove the callback feature or add reentrancy protection / safer two-step approval semantics. At minimum, treat pc 0x385 as the relevant untrusted CALL site; the other CALLs in the artifact look consistent with helper/precompile memory-copy patterns and should not be treated as the primary risk.","evidence":"In selector `0xcae9ca51`, the contract stores the approval mapping first (`SSTORE` at pc 0x2c4), builds calldata for selector `0x8f4ffcb1`, and then executes a CALL at pc 0x385 with no detected guard. The bundle's detector flagged reachable CALLs, but manual reconstruction indicates pc 0x385 is the spender callback, while pc 0x341/0x41a are likely helper calls.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x2d3","pc:0x385"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-ggwgbsva
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5bf1-3167-7171-8cd5-6fd86fcdb87b
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
→ Inspect BYTECODE_BUNDLE.json structure and key artifacts
• Analyze bytecode evidence for security-relevant behaviors
• Produce JSON findings with evidence and locations
exec
/bin/bash -lc "ls -la && printf '\\n---\\n' && wc -c BYTECODE_BUNDLE.json && printf '\\n---\\n' && sed -n '1,220p' BYTECODE_BUNDLE.json" in /tmp/codex-ggwgbsva
succeeded in 0ms:
total 136
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 04:40 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 04:40 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 101465 Apr 5 04:40 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 04:40 codex-output-schema.json
---
101465 BYTECODE_BUNDLE.json
---
{
"analysis_artifact": {
"address": "0x3e485b680d8dff45e7d7880490ebe5514d369797",
"artifact_hash": "0xff77a22f0fcb34af7ea5325e5258111792f6afb6eefe6864efbd5d35371f7292",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 119
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 130
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 141
},
{
"end_pc": 214,
"hash": "0x52861e116eb55f2549b78de50da53428f9fdadcfcca9d04a812677c13dba7608",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json && printf '\\n---artifact keys---\\n' && jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json && printf '\\n---top detector summary---\\n' && jq '.analysis_artifact.artifact_json.detectors // .analysis_artifact.artifact_json.detector_findings // .detector_findings // empty' BYTECODE_BUNDLE.json | sed -n '1,240p'" in /tmp/codex-ggwgbsva
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
---artifact keys---
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
---top detector summary---
[
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e485b680d8dff45e7d7880490ebe5514d369797"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e485b680d8dff45e7d7880490ebe5514d369797"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "printf '%s\\n' '---selectors---' && jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json && printf '\\n---function entries---\\n' && jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json && printf '\\n---functions---\\n' && jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json | sed -n '1,260p' && printf '\\n---callsites---\\n' && jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json | sed -n '1,320p' && printf '\\n---sinks---\\n' && jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json && printf '\\n---storage---\\n' && jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-ggwgbsva
succeeded in 123ms:
{
"keccak_count": 22,
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "printf '%s\\n' '---heuristics_summary---' && jq '.heuristics_summary' BYTECODE_BUNDLE.json | sed -n '1,260p' && printf '\\n---analysis_run---\\n' && jq '.analysis_run' BYTECODE_BUNDLE.json | sed -n '1,260p' && printf '\\n---artifact meta---\\n' && jq '.artifact' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-ggwgbsva
succeeded in 104ms:
{
"codehash": "0x6768303283d1a2f43531e7ca92fc85cb6449bc7c070dc8854deee3a310cb8fc2",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561046e57610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b6103e2600435602435600160a060020a0333166000908152600560205260409020548190101561060957610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b600160a060020a03831681526040812054808301101561048d57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156104d757610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a35060019392505050565b820191906000526020600020905b8154815290600101906020018083116105e457829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561062b57610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
"head": null,
"length": 3506,
"tail": null,
"truncated": false
},
"verified_source": false
}
exec
/bin/bash -lc "python - <<'PY'
from binascii import unhexlify
code='6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561046e57610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b6103e2600435602435600160a060020a0333166000908152600560205260409020548190101561060957610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b600160a060020a03831681526040812054808301101561048d57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156104d757610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a35060019392505050565b820191906000526020600020905b8154815290600101906020018083116105e457829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561062b57610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056'
code=unhexlify(code)
ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
for i in range(1,33): ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17): ops[0x7f+i]=f'DUP{i}'
for i in range(1,17): ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5): ops[0xa0+i]=f'LOG{i}'
pc=0
while pc<len(code):
op=code[pc]
name=ops.get(op,f'OP_{op:02x}')
if name.startswith('PUSH'):
n=int(name[4:])
data=code[pc+1:pc+1+n]
print(f'{pc:04x}: {name} 0x{data.hex()}')
pc+=1+n
else:
print(f'{pc:04x}: {name}')
pc+=1
PY" in /tmp/codex-ggwgbsva
succeeded in 0ms:
0000: PUSH1 0x60
0002: PUSH1 0x40
0004: MSTORE
0005: CALLDATASIZE
0006: ISZERO
0007: PUSH2 0x008d
000a: JUMPI
000b: PUSH1 0xe0
000d: PUSH1 0x02
000f: EXP
0010: PUSH1 0x00
0012: CALLDATALOAD
0013: DIV
0014: PUSH4 0x06fdde03
0019: DUP2
001a: EQ
001b: PUSH2 0x0095
001e: JUMPI
001f: DUP1
0020: PUSH4 0x18160ddd
0025: EQ
0026: PUSH2 0x00f2
0029: JUMPI
002a: DUP1
002b: PUSH4 0x23b872dd
0030: EQ
0031: PUSH2 0x00fb
0034: JUMPI
0035: DUP1
0036: PUSH4 0x313ce567
003b: EQ
003c: PUSH2 0x012d
003f: JUMPI
0040: DUP1
0041: PUSH4 0x54fd4d50
0046: EQ
0047: PUSH2 0x0139
004a: JUMPI
004b: DUP1
004c: PUSH4 0x70a08231
0051: EQ
0052: PUSH2 0x0193
0055: JUMPI
0056: DUP1
0057: PUSH4 0x95d89b41
005c: EQ
005d: PUSH2 0x01ab
0060: JUMPI
0061: DUP1
0062: PUSH4 0xa9059cbb
0067: EQ
0068: PUSH2 0x0207
006b: JUMPI
006c: DUP1
006d: PUSH4 0xcae9ca51
0072: EQ
0073: PUSH2 0x0236
0076: JUMPI
0077: DUP1
0078: PUSH4 0xdc3080f2
007d: EQ
007e: PUSH2 0x0398
0081: JUMPI
0082: DUP1
0083: PUSH4 0xdd62ed3e
0088: EQ
0089: PUSH2 0x03bd
008c: JUMPI
008d: JUMPDEST
008e: PUSH2 0x03e2
0091: PUSH2 0x0002
0094: JUMP
0095: JUMPDEST
0096: PUSH2 0x03e4
0099: PUSH1 0x00
009b: DUP1
009c: SLOAD
009d: PUSH1 0x20
009f: PUSH1 0x02
00a1: PUSH1 0x01
00a3: DUP4
00a4: AND
00a5: ISZERO
00a6: PUSH2 0x0100
00a9: MUL
00aa: PUSH1 0x00
00ac: NOT
00ad: ADD
00ae: SWAP1
00af: SWAP3
00b0: AND
00b1: SWAP2
00b2: SWAP1
00b3: SWAP2
00b4: DIV
00b5: PUSH1 0x1f
00b7: DUP2
00b8: ADD
00b9: DUP3
00ba: SWAP1
00bb: DIV
00bc: SWAP1
00bd: SWAP2
00be: MUL
00bf: PUSH1 0x80
00c1: SWAP1
00c2: DUP2
00c3: ADD
00c4: PUSH1 0x40
00c6: MSTORE
00c7: PUSH1 0x60
00c9: DUP3
00ca: DUP2
00cb: MSTORE
00cc: SWAP3
00cd: SWAP2
00ce: SWAP1
00cf: DUP3
00d0: DUP3
00d1: DUP1
00d2: ISZERO
00d3: PUSH2 0x0601
00d6: JUMPI
00d7: DUP1
00d8: PUSH1 0x1f
00da: LT
00db: PUSH2 0x05d6
00de: JUMPI
00df: PUSH2 0x0100
00e2: DUP1
00e3: DUP4
00e4: SLOAD
00e5: DIV
00e6: MUL
00e7: DUP4
00e8: MSTORE
00e9: SWAP2
00ea: PUSH1 0x20
00ec: ADD
00ed: SWAP2
00ee: PUSH2 0x0601
00f1: JUMP
00f2: JUMPDEST
00f3: PUSH2 0x0452
00f6: PUSH1 0x04
00f8: SLOAD
00f9: DUP2
00fa: JUMP
00fb: JUMPDEST
00fc: PUSH2 0x0452
00ff: PUSH1 0x04
0101: CALLDATALOAD
0102: PUSH1 0x24
0104: CALLDATALOAD
0105: PUSH1 0x44
0107: CALLDATALOAD
0108: PUSH1 0x01
010a: PUSH1 0xa0
010c: PUSH1 0x02
010e: EXP
010f: SUB
0110: DUP4
0111: AND
0112: PUSH1 0x00
0114: SWAP1
0115: DUP2
0116: MSTORE
0117: PUSH1 0x05
0119: PUSH1 0x20
011b: MSTORE
011c: PUSH1 0x40
011e: DUP2
011f: SHA3
0120: SLOAD
0121: DUP3
0122: SWAP1
0123: LT
0124: ISZERO
0125: PUSH2 0x046e
0128: JUMPI
0129: PUSH2 0x0002
012c: JUMP
012d: JUMPDEST
012e: PUSH2 0x0464
0131: PUSH1 0x03
0133: SLOAD
0134: PUSH1 0xff
0136: AND
0137: DUP2
0138: JUMP
0139: JUMPDEST
013a: PUSH2 0x03e4
013d: PUSH1 0x02
013f: DUP1
0140: SLOAD
0141: PUSH1 0x20
0143: PUSH1 0x01
0145: DUP3
0146: AND
0147: ISZERO
0148: PUSH2 0x0100
014b: MUL
014c: PUSH1 0x00
014e: NOT
014f: ADD
0150: SWAP1
0151: SWAP2
0152: AND
0153: DUP3
0154: SWAP1
0155: DIV
0156: PUSH1 0x1f
0158: DUP2
0159: ADD
015a: DUP3
015b: SWAP1
015c: DIV
015d: SWAP1
015e: SWAP2
015f: MUL
0160: PUSH1 0x80
0162: SWAP1
0163: DUP2
0164: ADD
0165: PUSH1 0x40
0167: MSTORE
0168: PUSH1 0x60
016a: DUP3
016b: DUP2
016c: MSTORE
016d: SWAP3
016e: SWAP2
016f: SWAP1
0170: DUP3
0171: DUP3
0172: DUP1
0173: ISZERO
0174: PUSH2 0x0601
0177: JUMPI
0178: DUP1
0179: PUSH1 0x1f
017b: LT
017c: PUSH2 0x05d6
017f: JUMPI
0180: PUSH2 0x0100
0183: DUP1
0184: DUP4
0185: SLOAD
0186: DIV
0187: MUL
0188: DUP4
0189: MSTORE
018a: SWAP2
018b: PUSH1 0x20
018d: ADD
018e: SWAP2
018f: PUSH2 0x0601
0192: JUMP
0193: JUMPDEST
0194: PUSH2 0x0452
0197: PUSH1 0x04
0199: CALLDATALOAD
019a: PUSH1 0x05
019c: PUSH1 0x20
019e: MSTORE
019f: PUSH1 0x00
01a1: SWAP1
01a2: DUP2
01a3: MSTORE
01a4: PUSH1 0x40
01a6: SWAP1
01a7: SHA3
01a8: SLOAD
01a9: DUP2
01aa: JUMP
01ab: JUMPDEST
01ac: PUSH2 0x03e4
01af: PUSH1 0x01
01b1: DUP1
01b2: SLOAD
01b3: PUSH1 0x20
01b5: PUSH1 0x02
01b7: DUP3
01b8: DUP5
01b9: AND
01ba: ISZERO
01bb: PUSH2 0x0100
01be: MUL
01bf: PUSH1 0x00
01c1: NOT
01c2: ADD
01c3: SWAP1
01c4: SWAP3
01c5: AND
01c6: SWAP2
01c7: SWAP1
01c8: SWAP2
01c9: DIV
01ca: PUSH1 0x1f
01cc: DUP2
01cd: ADD
01ce: DUP3
01cf: SWAP1
01d0: DIV
01d1: SWAP1
01d2: SWAP2
01d3: MUL
01d4: PUSH1 0x80
01d6: SWAP1
01d7: DUP2
01d8: ADD
01d9: PUSH1 0x40
01db: MSTORE
01dc: PUSH1 0x60
01de: DUP3
01df: DUP2
01e0: MSTORE
01e1: SWAP3
01e2: SWAP2
01e3: SWAP1
01e4: DUP3
01e5: DUP3
01e6: DUP1
01e7: ISZERO
01e8: PUSH2 0x0601
01eb: JUMPI
01ec: DUP1
01ed: PUSH1 0x1f
01ef: LT
01f0: PUSH2 0x05d6
01f3: JUMPI
01f4: PUSH2 0x0100
01f7: DUP1
01f8: DUP4
01f9: SLOAD
01fa: DIV
01fb: MUL
01fc: DUP4
01fd: MSTORE
01fe: SWAP2
01ff: PUSH1 0x20
0201: ADD
0202: SWAP2
0203: PUSH2 0x0601
0206: JUMP
0207: JUMPDEST
0208: PUSH2 0x03e2
020b: PUSH1 0x04
020d: CALLDATALOAD
020e: PUSH1 0x24
0210: CALLDATALOAD
0211: PUSH1 0x01
0213: PUSH1 0xa0
0215: PUSH1 0x02
0217: EXP
0218: SUB
0219: CALLER
021a: AND
021b: PUSH1 0x00
021d: SWAP1
021e: DUP2
021f: MSTORE
0220: PUSH1 0x05
0222: PUSH1 0x20
0224: MSTORE
0225: PUSH1 0x40
0227: SWAP1
0228: SHA3
0229: SLOAD
022a: DUP2
022b: SWAP1
022c: LT
022d: ISZERO
022e: PUSH2 0x0609
0231: JUMPI
0232: PUSH2 0x0002
0235: JUMP
0236: JUMPDEST
0237: PUSH1 0x80
0239: PUSH1 0x20
023b: PUSH1 0x44
023d: CALLDATALOAD
023e: PUSH1 0x04
0240: DUP2
0241: DUP2
0242: ADD
0243: CALLDATALOAD
0244: PUSH1 0x1f
0246: DUP2
0247: ADD
0248: DUP5
0249: SWAP1
024a: DIV
024b: SWAP1
024c: SWAP4
024d: MUL
024e: DUP5
024f: ADD
0250: PUSH1 0x40
0252: MSTORE
0253: PUSH1 0x60
0255: DUP4
0256: DUP2
0257: MSTORE
0258: PUSH2 0x0452
025b: SWAP5
025c: DUP3
025d: CALLDATALOAD
025e: SWAP5
025f: PUSH1 0x24
0261: DUP1
0262: CALLDATALOAD
0263: SWAP6
0264: PUSH1 0x64
0266: SWAP5
0267: SWAP4
0268: SWAP2
0269: ADD
026a: SWAP2
026b: SWAP1
026c: DUP2
026d: SWAP1
026e: DUP4
026f: DUP3
0270: DUP1
0271: DUP3
0272: DUP5
0273: CALLDATACOPY
0274: POP
0275: SWAP5
0276: SWAP7
0277: POP
0278: POP
0279: POP
027a: POP
027b: POP
027c: POP
027d: POP
027e: PUSH1 0x00
0280: PUSH1 0x00
0282: DUP4
0283: PUSH1 0x06
0285: PUSH1 0x00
0287: POP
0288: PUSH1 0x00
028a: CALLER
028b: PUSH1 0x01
028d: PUSH1 0xa0
028f: PUSH1 0x02
0291: EXP
0292: SUB
0293: AND
0294: DUP2
0295: MSTORE
0296: PUSH1 0x20
0298: ADD
0299: SWAP1
029a: DUP2
029b: MSTORE
029c: PUSH1 0x20
029e: ADD
029f: PUSH1 0x00
02a1: SHA3
02a2: PUSH1 0x00
02a4: POP
02a5: PUSH1 0x00
02a7: DUP8
02a8: PUSH1 0x01
02aa: PUSH1 0xa0
02ac: PUSH1 0x02
02ae: EXP
02af: SUB
02b0: AND
02b1: DUP2
02b2: MSTORE
02b3: PUSH1 0x20
02b5: ADD
02b6: SWAP1
02b7: DUP2
02b8: MSTORE
02b9: PUSH1 0x20
02bb: ADD
02bc: PUSH1 0x00
02be: SHA3
02bf: PUSH1 0x00
02c1: POP
02c2: DUP2
02c3: SWAP1
02c4: SSTORE
02c5: POP
02c6: DUP5
02c7: SWAP1
02c8: POP
02c9: DUP1
02ca: PUSH1 0x01
02cc: PUSH1 0xa0
02ce: PUSH1 0x02
02d0: EXP
02d1: SUB
02d2: AND
02d3: PUSH4 0x8f4ffcb1
02d8: CALLER
02d9: DUP7
02da: ADDRESS
02db: DUP8
02dc: PUSH1 0x40
02de: MLOAD
02df: DUP6
02e0: PUSH1 0xe0
02e2: PUSH1 0x02
02e4: EXP
02e5: MUL
02e6: DUP2
02e7: MSTORE
02e8: PUSH1 0x04
02ea: ADD
02eb: DUP1
02ec: DUP6
02ed: PUSH1 0x01
02ef: PUSH1 0xa0
02f1: PUSH1 0x02
02f3: EXP
02f4: SUB
02f5: AND
02f6: DUP2
02f7: MSTORE
02f8: PUSH1 0x20
02fa: ADD
02fb: DUP5
02fc: DUP2
02fd: MSTORE
02fe: PUSH1 0x20
0300: ADD
0301: DUP4
0302: PUSH1 0x01
0304: PUSH1 0xa0
0306: PUSH1 0x02
0308: EXP
0309: SUB
030a: AND
030b: DUP2
030c: MSTORE
030d: PUSH1 0x20
030f: ADD
0310: DUP1
0311: PUSH1 0x20
0313: ADD
0314: DUP3
0315: DUP2
0316: SUB
0317: DUP3
0318: MSTORE
0319: DUP4
031a: DUP2
031b: DUP2
031c: MLOAD
031d: DUP2
031e: MSTORE
031f: PUSH1 0x20
0321: ADD
0322: SWAP2
0323: POP
0324: DUP1
0325: MLOAD
0326: SWAP1
0327: PUSH1 0x20
0329: ADD
032a: SWAP1
032b: DUP1
032c: DUP4
032d: DUP4
032e: DUP3
032f: SWAP1
0330: PUSH1 0x00
0332: PUSH1 0x04
0334: PUSH1 0x20
0336: DUP5
0337: PUSH1 0x1f
0339: ADD
033a: DIV
033b: PUSH1 0x0f
033d: MUL
033e: PUSH1 0x03
0340: ADD
0341: CALL
0342: POP
0343: SWAP1
0344: POP
0345: SWAP1
0346: DUP2
0347: ADD
0348: SWAP1
0349: PUSH1 0x1f
034b: AND
034c: DUP1
034d: ISZERO
034e: PUSH2 0x036b
0351: JUMPI
0352: DUP1
0353: DUP3
0354: SUB
0355: DUP1
0356: MLOAD
0357: PUSH1 0x01
0359: DUP4
035a: PUSH1 0x20
035c: SUB
035d: PUSH2 0x0100
0360: EXP
0361: SUB
0362: NOT
0363: AND
0364: DUP2
0365: MSTORE
0366: PUSH1 0x20
0368: ADD
0369: SWAP2
036a: POP
036b: JUMPDEST
036c: POP
036d: SWAP6
036e: POP
036f: POP
0370: POP
0371: POP
0372: POP
0373: POP
0374: PUSH1 0x00
0376: PUSH1 0x40
0378: MLOAD
0379: DUP1
037a: DUP4
037b: SUB
037c: DUP2
037d: PUSH1 0x00
037f: DUP8
0380: PUSH2 0x61da
0383: GAS
0384: SUB
0385: CALL
0386: ISZERO
0387: PUSH2 0x0002
038a: JUMPI
038b: POP
038c: PUSH1 0x01
038e: SWAP8
038f: SWAP7
0390: POP
0391: POP
0392: POP
0393: POP
0394: POP
0395: POP
0396: POP
0397: JUMP
0398: JUMPDEST
0399: PUSH1 0x07
039b: PUSH1 0x20
039d: SWAP1
039e: DUP2
039f: MSTORE
03a0: PUSH1 0x04
03a2: CALLDATALOAD
03a3: PUSH1 0x00
03a5: SWAP1
03a6: DUP2
03a7: MSTORE
03a8: PUSH1 0x40
03aa: DUP1
03ab: DUP3
03ac: SHA3
03ad: SWAP1
03ae: SWAP3
03af: MSTORE
03b0: PUSH1 0x24
03b2: CALLDATALOAD
03b3: DUP2
03b4: MSTORE
03b5: SHA3
03b6: SLOAD
03b7: PUSH2 0x0452
03ba: SWAP1
03bb: DUP2
03bc: JUMP
03bd: JUMPDEST
03be: PUSH1 0x06
03c0: PUSH1 0x20
03c2: SWAP1
03c3: DUP2
03c4: MSTORE
03c5: PUSH1 0x04
03c7: CALLDATALOAD
03c8: PUSH1 0x00
03ca: SWAP1
03cb: DUP2
03cc: MSTORE
03cd: PUSH1 0x40
03cf: DUP1
03d0: DUP3
03d1: SHA3
03d2: SWAP1
03d3: SWAP3
03d4: MSTORE
03d5: PUSH1 0x24
03d7: CALLDATALOAD
03d8: DUP2
03d9: MSTORE
03da: SHA3
03db: SLOAD
03dc: PUSH2 0x0452
03df: SWAP1
03e0: DUP2
03e1: JUMP
03e2: JUMPDEST
03e3: STOP
03e4: JUMPDEST
03e5: PUSH1 0x40
03e7: MLOAD
03e8: DUP1
03e9: DUP1
03ea: PUSH1 0x20
03ec: ADD
03ed: DUP3
03ee: DUP2
03ef: SUB
03f0: DUP3
03f1: MSTORE
03f2: DUP4
03f3: DUP2
03f4: DUP2
03f5: MLOAD
03f6: DUP2
03f7: MSTORE
03f8: PUSH1 0x20
03fa: ADD
03fb: SWAP2
03fc: POP
03fd: DUP1
03fe: MLOAD
03ff: SWAP1
0400: PUSH1 0x20
0402: ADD
0403: SWAP1
0404: DUP1
0405: DUP4
0406: DUP4
0407: DUP3
0408: SWAP1
0409: PUSH1 0x00
040b: PUSH1 0x04
040d: PUSH1 0x20
040f: DUP5
0410: PUSH1 0x1f
0412: ADD
0413: DIV
0414: PUSH1 0x0f
0416: MUL
0417: PUSH1 0x03
0419: ADD
041a: CALL
041b: POP
041c: SWAP1
041d: POP
041e: SWAP1
041f: DUP2
0420: ADD
0421: SWAP1
0422: PUSH1 0x1f
0424: AND
0425: DUP1
0426: ISZERO
0427: PUSH2 0x0444
042a: JUMPI
042b: DUP1
042c: DUP3
042d: SUB
042e: DUP1
042f: MLOAD
0430: PUSH1 0x01
0432: DUP4
0433: PUSH1 0x20
0435: SUB
0436: PUSH2 0x0100
0439: EXP
043a: SUB
043b: NOT
043c: AND
043d: DUP2
043e: MSTORE
043f: PUSH1 0x20
0441: ADD
0442: SWAP2
0443: POP
0444: JUMPDEST
0445: POP
0446: SWAP3
0447: POP
0448: POP
0449: POP
044a: PUSH1 0x40
044c: MLOAD
044d: DUP1
044e: SWAP2
044f: SUB
0450: SWAP1
0451: RETURN
0452: JUMPDEST
0453: PUSH1 0x40
0455: DUP1
0456: MLOAD
0457: SWAP2
0458: DUP3
0459: MSTORE
045a: MLOAD
045b: SWAP1
045c: DUP2
045d: SWAP1
045e: SUB
045f: PUSH1 0x20
0461: ADD
0462: SWAP1
0463: RETURN
0464: JUMPDEST
0465: PUSH1 0x60
0467: SWAP1
0468: DUP2
0469: MSTORE
046a: PUSH1 0x20
046c: SWAP1
046d: RETURN
046e: JUMPDEST
046f: PUSH1 0x01
0471: PUSH1 0xa0
0473: PUSH1 0x02
0475: EXP
0476: SUB
0477: DUP4
0478: AND
0479: DUP2
047a: MSTORE
047b: PUSH1 0x40
047d: DUP2
047e: SHA3
047f: SLOAD
0480: DUP1
0481: DUP4
0482: ADD
0483: LT
0484: ISZERO
0485: PUSH2 0x048d
0488: JUMPI
0489: PUSH2 0x0002
048c: JUMP
048d: JUMPDEST
048e: PUSH1 0x01
0490: PUSH1 0xa0
0492: PUSH1 0x02
0494: EXP
0495: SUB
0496: DUP1
0497: DUP6
0498: AND
0499: DUP1
049a: DUP4
049b: MSTORE
049c: PUSH1 0x06
049e: PUSH1 0x20
04a0: SWAP1
04a1: DUP2
04a2: MSTORE
04a3: PUSH1 0x40
04a5: DUP1
04a6: DUP6
04a7: SHA3
04a8: CALLER
04a9: SWAP5
04aa: SWAP1
04ab: SWAP5
04ac: AND
04ad: DUP1
04ae: DUP7
04af: MSTORE
04b0: SWAP4
04b1: DUP3
04b2: MSTORE
04b3: DUP1
04b4: DUP6
04b5: SHA3
04b6: SLOAD
04b7: SWAP3
04b8: DUP6
04b9: MSTORE
04ba: PUSH1 0x07
04bc: DUP3
04bd: MSTORE
04be: DUP1
04bf: DUP6
04c0: SHA3
04c1: SWAP4
04c2: DUP6
04c3: MSTORE
04c4: SWAP3
04c5: SWAP1
04c6: MSTORE
04c7: SWAP1
04c8: DUP3
04c9: SHA3
04ca: SLOAD
04cb: DUP4
04cc: ADD
04cd: GT
04ce: ISZERO
04cf: PUSH2 0x04d7
04d2: JUMPI
04d3: PUSH2 0x0002
04d6: JUMP
04d7: JUMPDEST
04d8: DUP2
04d9: PUSH1 0x05
04db: PUSH1 0x00
04dd: POP
04de: PUSH1 0x00
04e0: DUP7
04e1: PUSH1 0x01
04e3: PUSH1 0xa0
04e5: PUSH1 0x02
04e7: EXP
04e8: SUB
04e9: AND
04ea: DUP2
04eb: MSTORE
04ec: PUSH1 0x20
04ee: ADD
04ef: SWAP1
04f0: DUP2
04f1: MSTORE
04f2: PUSH1 0x20
04f4: ADD
04f5: PUSH1 0x00
04f7: SHA3
04f8: PUSH1 0x00
04fa: DUP3
04fb: DUP3
04fc: DUP3
04fd: POP
04fe: SLOAD
04ff: SUB
0500: SWAP3
0501: POP
0502: POP
0503: DUP2
0504: SWAP1
0505: SSTORE
0506: POP
0507: DUP2
0508: PUSH1 0x05
050a: PUSH1 0x00
050c: POP
050d: PUSH1 0x00
050f: DUP6
0510: PUSH1 0x01
0512: PUSH1 0xa0
0514: PUSH1 0x02
0516: EXP
0517: SUB
0518: AND
0519: DUP2
051a: MSTORE
051b: PUSH1 0x20
051d: ADD
051e: SWAP1
051f: DUP2
0520: MSTORE
0521: PUSH1 0x20
0523: ADD
0524: PUSH1 0x00
0526: SHA3
0527: PUSH1 0x00
0529: DUP3
052a: DUP3
052b: DUP3
052c: POP
052d: SLOAD
052e: ADD
052f: SWAP3
0530: POP
0531: POP
0532: DUP2
0533: SWAP1
0534: SSTORE
0535: POP
0536: DUP2
0537: PUSH1 0x07
0539: PUSH1 0x00
053b: POP
053c: PUSH1 0x00
053e: DUP7
053f: PUSH1 0x01
0541: PUSH1 0xa0
0543: PUSH1 0x02
0545: EXP
0546: SUB
0547: AND
0548: DUP2
0549: MSTORE
054a: PUSH1 0x20
054c: ADD
054d: SWAP1
054e: DUP2
054f: MSTORE
0550: PUSH1 0x20
0552: ADD
0553: PUSH1 0x00
0555: SHA3
0556: PUSH1 0x00
0558: POP
0559: PUSH1 0x00
055b: CALLER
055c: PUSH1 0x01
055e: PUSH1 0xa0
0560: PUSH1 0x02
0562: EXP
0563: SUB
0564: AND
0565: DUP2
0566: MSTORE
0567: PUSH1 0x20
0569: ADD
056a: SWAP1
056b: DUP2
056c: MSTORE
056d: PUSH1 0x20
056f: ADD
0570: PUSH1 0x00
0572: SHA3
0573: PUSH1 0x00
0575: DUP3
0576: DUP3
0577: DUP3
0578: POP
0579: SLOAD
057a: ADD
057b: SWAP3
057c: POP
057d: POP
057e: DUP2
057f: SWAP1
0580: SSTORE
0581: POP
0582: DUP3
0583: PUSH1 0x01
0585: PUSH1 0xa0
0587: PUSH1 0x02
0589: EXP
058a: SUB
058b: AND
058c: DUP5
058d: PUSH1 0x01
058f: PUSH1 0xa0
0591: PUSH1 0x02
0593: EXP
0594: SUB
0595: AND
0596: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
05b7: DUP5
05b8: PUSH1 0x40
05ba: MLOAD
05bb: DUP1
05bc: DUP3
05bd: DUP2
05be: MSTORE
05bf: PUSH1 0x20
05c1: ADD
05c2: SWAP2
05c3: POP
05c4: POP
05c5: PUSH1 0x40
05c7: MLOAD
05c8: DUP1
05c9: SWAP2
05ca: SUB
05cb: SWAP1
05cc: LOG3
05cd: POP
05ce: PUSH1 0x01
05d0: SWAP4
05d1: SWAP3
05d2: POP
05d3: POP
05d4: POP
05d5: JUMP
05d6: JUMPDEST
05d7: DUP3
05d8: ADD
05d9: SWAP2
05da: SWAP1
05db: PUSH1 0x00
05dd: MSTORE
05de: PUSH1 0x20
05e0: PUSH1 0x00
05e2: SHA3
05e3: SWAP1
05e4: JUMPDEST
05e5: DUP2
05e6: SLOAD
05e7: DUP2
05e8: MSTORE
05e9: SWAP1
05ea: PUSH1 0x01
05ec: ADD
05ed: SWAP1
05ee: PUSH1 0x20
05f0: ADD
05f1: DUP1
05f2: DUP4
05f3: GT
05f4: PUSH2 0x05e4
05f7: JUMPI
05f8: DUP3
05f9: SWAP1
05fa: SUB
05fb: PUSH1 0x1f
05fd: AND
05fe: DUP3
05ff: ADD
0600: SWAP2
0601: JUMPDEST
0602: POP
0603: POP
0604: POP
0605: POP
0606: POP
0607: DUP2
0608: JUMP
0609: JUMPDEST
060a: PUSH1 0x01
060c: PUSH1 0xa0
060e: PUSH1 0x02
0610: EXP
0611: SUB
0612: DUP3
0613: AND
0614: PUSH1 0x00
0616: SWAP1
0617: DUP2
0618: MSTORE
0619: PUSH1 0x40
061b: SWAP1
061c: SHA3
061d: SLOAD
061e: DUP1
061f: DUP3
0620: ADD
0621: LT
0622: ISZERO
0623: PUSH2 0x062b
0626: JUMPI
0627: PUSH2 0x0002
062a: JUMP
062b: JUMPDEST
062c: DUP1
062d: PUSH1 0x05
062f: PUSH1 0x00
0631: POP
0632: PUSH1 0x00
0634: CALLER
0635: PUSH1 0x01
0637: PUSH1 0xa0
0639: PUSH1 0x02
063b: EXP
063c: SUB
063d: AND
063e: DUP2
063f: MSTORE
0640: PUSH1 0x20
0642: ADD
0643: SWAP1
0644: DUP2
0645: MSTORE
0646: PUSH1 0x20
0648: ADD
0649: PUSH1 0x00
064b: SHA3
064c: PUSH1 0x00
064e: DUP3
064f: DUP3
0650: DUP3
0651: POP
0652: SLOAD
0653: SUB
0654: SWAP3
0655: POP
0656: POP
0657: DUP2
0658: SWAP1
0659: SSTORE
065a: POP
065b: DUP1
065c: PUSH1 0x05
065e: PUSH1 0x00
0660: POP
0661: PUSH1 0x00
0663: DUP5
0664: PUSH1 0x01
0666: PUSH1 0xa0
0668: PUSH1 0x02
066a: EXP
066b: SUB
066c: AND
066d: DUP2
066e: MSTORE
066f: PUSH1 0x20
0671: ADD
0672: SWAP1
0673: DUP2
0674: MSTORE
0675: PUSH1 0x20
0677: ADD
0678: PUSH1 0x00
067a: SHA3
067b: PUSH1 0x00
067d: DUP3
067e: DUP3
067f: DUP3
0680: POP
0681: SLOAD
0682: ADD
0683: SWAP3
0684: POP
0685: POP
0686: DUP2
0687: SWAP1
0688: SSTORE
0689: POP
068a: DUP2
068b: PUSH1 0x01
068d: PUSH1 0xa0
068f: PUSH1 0x02
0691: EXP
0692: SUB
0693: AND
0694: CALLER
0695: PUSH1 0x01
0697: PUSH1 0xa0
0699: PUSH1 0x02
069b: EXP
069c: SUB
069d: AND
069e: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
06bf: DUP4
06c0: PUSH1 0x40
06c2: MLOAD
06c3: DUP1
06c4: DUP3
06c5: DUP2
06c6: MSTORE
06c7: PUSH1 0x20
06c9: ADD
06ca: SWAP2
06cb: POP
06cc: POP
06cd: PUSH1 0x40
06cf: MLOAD
06d0: DUP1
06d1: SWAP2
06d2: SUB
06d3: SWAP1
06d4: LOG3
06d5: POP
06d6: POP
06d7: JUMP
exec
/bin/bash -lc "rg -n '8f4ffcb1|cae9ca51|dc3080f2|54fd4d50|allow|spent|receiveApproval|callTracer|pc.: 385|pc\": 385|pc\":385' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-ggwgbsva
succeeded in 0ms:
1999: "selector": "0x54fd4d50"
2015: "selector": "0xcae9ca51"
2019: "selector": "0xdc3080f2"
2288: "selector": "0x54fd4d50",
2544: "selector": "0xcae9ca51",
2608: "selector": "0xdc3080f2",
2737: "0x54fd4d50",
2741: "0xcae9ca51",
2742: "0xdc3080f2",
2837: "full": "0x6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561046e57610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156106015780601f106105d657610100808354040283529160200191610601565b6103e2600435602435600160a060020a0333166000908152600560205260409020548190101561060957610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b600160a060020a03831681526040812054808301101561048d57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156104d757610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a35060019392505050565b820191906000526020600020905b8154815290600101906020018083116105e457829003601f168201915b505050505081565b600160a060020a03821660009081526040902054808201101561062b57610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
3170: "from": "fn:0x54fd4d50",
3190: "from": "fn:0xcae9ca51",
3195: "from": "fn:0xdc3080f2",
3655: "id": "fn:0x54fd4d50",
3656: "selector": "0x54fd4d50",
3679: "id": "fn:0xcae9ca51",
3680: "selector": "0xcae9ca51",
3685: "id": "fn:0xdc3080f2",
3686: "selector": "0xdc3080f2",
3753: "trace_mode": "callTracer"
3806: "trace_mode": "callTracer"
exec
/bin/bash -lc "jq '.capability_graph' BYTECODE_BUNDLE.json | sed -n '3120,3720p'" in /tmp/codex-ggwgbsva
succeeded in 0ms:
exec
/bin/bash -lc "jq '.capability_graph | keys' BYTECODE_BUNDLE.json && printf '\\n---nodes sample---\\n' && jq '.capability_graph.nodes[0:20]' BYTECODE_BUNDLE.json && printf '\\n---edges sample---\\n' && jq '.capability_graph.edges[0:40]' BYTECODE_BUNDLE.json" in /tmp/codex-ggwgbsva
succeeded in 0ms:
[
"address",
"block_number",
"chain_id",
"codehash",
"created_at",
"graph_hash",
"graph_json",
"id",
"updated_at",
"version"
]
---nodes sample---
null
---edges sample---
null
exec
/bin/bash -lc "jq '.capability_graph.graph_json | keys' BYTECODE_BUNDLE.json && printf '\\n---nodes---\\n' && jq '.capability_graph.graph_json.nodes' BYTECODE_BUNDLE.json | sed -n '1,260p' && printf '\\n---edges---\\n' && jq '.capability_graph.graph_json.edges' BYTECODE_BUNDLE.json | sed -n '1,320p'" in /tmp/codex-ggwgbsva
succeeded in 0ms:
[
"edges",
"nodes",
"version"
]
---nodes---
[
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"id": "bb:130",
"start_pc": 130,
"type": "basic_block"
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"id": "bb:141",
"start_pc": 141,
"type": "basic_block"
},
{
"end_pc": 214,
"hash": "0x52861e116eb55f2549b78de50da53428f9fdadcfcca9d04a812677c13dba7608",
"id": "bb:149",
"start_pc": 149,
"type": "basic_block"
},
{
"end_pc": 222,
"hash": "0x077ebfa1f9c2d20c800e0e55fa750b723269da7a7f8011c22b1b3bec9be4ea0d",
"id": "bb:215",
"start_pc": 215,
"type": "basic_block"
},
{
"end_pc": 241,
"hash": "0x0350f3b9d4270218a0ad1b4ec46904c8ad61ffe1f7806c49e79ad3b0038b9884",
"id": "bb:223",
"start_pc": 223,
"type": "basic_block"
},
{
"end_pc": 250,
"hash": "0x3a3669e009b49c0068eabc67adae73ab5360d61101f63d22efd34c572eabf879",
"id": "bb:242",
"start_pc": 242,
"type": "basic_block"
},
{
"end_pc": 296,
"hash": "0xbd781e67b3b061d9b613393fb1cb1db1dc593270c907049d810ef540f6d96639",
"id": "bb:251",
"start_pc": 251,
"type": "basic_block"
},
{
"end_pc": 300,
"hash": "0xd7fd16f2f78e22206387c4b4c199cc3784df86884d46b4e8dd4e28c06e9c719b",
"id": "bb:297",
"start_pc": 297,
"type": "basic_block"
},
{
"end_pc": 312,
"hash": "0x54cdaef02fe32a41536f7b77cc4b8e1e29196b55e9e9c5c0b363a6a6aa9c99a4",
"id": "bb:301",
"start_pc": 301,
"type": "basic_block"
},
{
"end_pc": 375,
"hash": "0xcb7f9de1a9aff3f6cd792aaac249e4b9470b36ed02df379d5e345d300245e40a",
"id": "bb:313",
"start_pc": 313,
"type": "basic_block"
},
{
"end_pc": 383,
"hash": "0xe40ef11fe8c31d3583d5d5d783e1716b0eccbf0b4445f3c93188999b56a32696",
"id": "bb:376",
"start_pc": 376,
"type": "basic_block"
},
{
"end_pc": 402,
"hash": "0x4cc9d9db2caa4a98d8c6e48756c9b479f57aec858fca5af75986a53bd4fc2d72",
"id": "bb:384",
"start_pc": 384,
"type": "basic_block"
},
{
"end_pc": 426,
"hash": "0x6472e63b2c46d825395a5e8969cb8973555892225ea26d88bb52e23180f24c8f",
"id": "bb:403",
"start_pc": 403,
"type": "basic_block"
},
{
"end_pc": 491,
"hash": "0x09b2b05782250da3b10c046da1b8d38a77c2a39dd1cee30c8578f1394e13f65b",
"id": "bb:427",
"start_pc": 427,
"type": "basic_block"
},
{
"end_pc": 499,
"hash": "0xdf48cc08ba77aa9249942224308dcbe30f5f035da2a00bc97cdb4523e620ebd1",
"id": "bb:492",
"start_pc": 492,
"type": "basic_block"
},
{
"end_pc": 518,
"hash": "0x70c8ab4d7c40a93cd4dc864a4cad39f60d5e8536d04cd58f87aad62a3779c313",
"id": "bb:500",
"start_pc": 500,
"type": "basic_block"
},
{
"end_pc": 561,
"hash": "0xaeedd8bdcc909d20d5f367dad7524f2440382a817922adc39693e1012e358fd7",
"id": "bb:519",
"start_pc": 519,
"type": "basic_block"
},
{
"end_pc": 565,
"hash": "0xa4a4ae061ef386f7d7486aaf3298058f26a9f17e111d4eb1ba437f6d2a947101",
"id": "bb:562",
"start_pc": 562,
"type": "basic_block"
},
{
"end_pc": 849,
"hash": "0x63fec82cc0f41e798d0c39011f364e5f0e1428e47413786caf13f0a0fb1f1a52",
"id": "bb:566",
"start_pc": 566,
"type": "basic_block"
},
{
"end_pc": 874,
"hash": "0x17f7deb342002d7b4a616129a837954148eb0171e6fa8c57aac90d77236f888b",
"id": "bb:850",
"start_pc": 850,
"type": "basic_block"
},
{
"end_pc": 906,
"hash": "0x84229ca8d3771a6156324b47011bcdb0a683777a4d2a1f266849cf7ca40d8a04",
"id": "bb:875",
"start_pc": 875,
"type": "basic_block"
},
{
"end_pc": 919,
"hash": "0xfa6321d1a087cb91c03b5652829eb3bd5f4d3c5a25f3637a26c05f6fbe498a43",
"id": "bb:907",
"start_pc": 907,
"type": "basic_block"
},
{
"end_pc": 956,
"hash": "0x7e02ca16c778428ad3d0810dfc23c433b033732b606e505f38f6145112c184a8",
"id": "bb:920",
"start_pc": 920,
"type": "basic_block"
},
{
"end_pc": 993,
"hash": "0x042c1afb96f235fc54f29cf1b2f30ed811fb81afeff6e474f6e7b29d53f24c7e",
"id": "bb:957",
"start_pc": 957,
"type": "basic_block"
},
{
"end_pc": 995,
"hash": "0x0f692128e76a1124821e667bb073ac313d488f7fcdbc8d9fbbf13d26ceb31f0b",
"id": "bb:994",
"start_pc": 994,
"type": "basic_block"
},
{
"end_pc": 1066,
"hash": "0x9aa34f2fb0626cb939c113c9be278794f8c988658f24ca2507bb497607223c81",
"id": "bb:996",
"start_pc": 996,
"type": "basic_block"
},
---edges---
[
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:149",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:242",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:251",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:301",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:403",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:427",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:519",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:566",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:119",
"to": "bb:920",
"type": "control_flow"
},
{
"from": "bb:119",
"to": "bb:130",
"type": "control_flow_fallthrough"
},
{
"from": "bb:130",
"to": "bb:957",
"type": "control_flow"
},
{
"from": "bb:130",
"to": "bb:141",
"type": "control_flow_fallthrough"
},
{
"from": "bb:149",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:149",
"to": "bb:215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:215",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:215",
"to": "bb:223",
"type": "control_flow_fallthrough"
},
{
"from": "bb:223",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:297",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:376",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:376",
"to": "bb:384",
"type": "control_flow_fallthrough"
},
{
"from": "bb:384",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:492",
"to": "bb:500",
"type": "control_flow_fallthrough"
},
{
"from": "bb:500",
"to": "bb:1537",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:1545",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:562",
"type": "control_flow_fallthrough"
},
{
"from": "bb:566",
"to": "bb:875",
"type": "control_flow"
},
{
"from": "bb:566",
"to": "bb:850",
"type": "control_flow_fallthrough"
},
{
"from": "bb:850",
"to": "bb:875",
"type": "control_flow_fallthrough"
},
{
"from": "bb:875",
"to": "bb:907",
"type": "control_flow_fallthrough"
},
{
"from": "bb:996",
"to": "bb:1092",
"type": "control_flow"
},
{
"from": "bb:996",
"to": "bb:1067",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1067",
"to": "bb:1092",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1134",
"to": "bb:1165",
"type": "control_flow"
},
{
"from": "bb:1134",
"to": "bb:1161",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1165",
"to": "bb:1239",
"type": "control_flow"
},
{
"from": "bb:1165",
"to": "bb:1235",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1494",
"to": "bb:1508",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1508",
"to": "bb:1508",
"type": "control_flow"
},
{
"from": "bb:1508",
"to": "bb:1528",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1528",
"to": "bb:1537",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1545",
"to": "bb:1579",
"type": "control_flow"
},
{
"from": "bb:1545",
"to": "bb:1575",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x18160ddd",
"to": "bb:599290589",
"type": "entry"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1425886544",
"type": "entry"
},
{
"from": "fn:0x54fd4d50",
"to": "bb:1889567281",
"type": "entry"
Read the bytecode bundle, reconstructed the dispatch and key storage/call paths, and narrowed the report to a concrete allowance-accounting issue plus a lower-confidence callback/reentrancy surface note.
✓ Inspect BYTECODE_BUNDLE.json structure and key artifacts
✓ Analyze bytecode evidence for security-relevant behaviors
→ Produce JSON findings with evidence and locations
codex
{"no_findings":false,"summary":"Bytecode bundle shows an ERC20-like token with a non-standard allowance/spent accounting model and one callback-style approval entrypoint that performs an external CALL after updating approval state. No proxy, delegatecall, or privileged upgrade path was evidenced in the runtime bytecode provided.","findings":[{"severity":"medium","category":"other","title":"`allowance()` appears to report gross approved amount, not remaining spendable allowance","exploit_scenario":"Best-effort selector inference indicates `0xdd62ed3e` is `allowance(address,address)` and `0x23b872dd` is `transferFrom(address,address,uint256)`. The contract reads one mapping for approvals and a separate mapping for cumulative spent allowance, then enforces `spent + amount <= approved` during `transferFrom`. Because `0xdd62ed3e` returns only the approval mapping, integrators can observe an allowance that is larger than the actual remaining spendable amount. After partial spending, wallets, routers, or vaults may believe they can pull tokens and then fail unexpectedly; re-approving through the custom approval path also appears to leave prior spent state in place, so a user who 're-approves 100' may still have much less than 100 actually spendable.","recommendation":"Align the ERC20 allowance invariant with standard behavior: either decrement the stored allowance on `transferFrom`, or make `allowance()` return remaining allowance and reset/reinitialize the spent tracker on new approvals. If the cumulative-spend model is intentional, do not expose it behind the standard `0xdd62ed3e` selector without clear compatibility warnings.","evidence":"`0xdd62ed3e` loads from the slot-6 double mapping and returns it directly. `transferFrom` checks slot-6 approval against slot-7 cumulative spent (`SLOAD` around pc 0x4b6 and 0x4ca) and then increments slot-7 (`SSTORE` around pc 0x580). This means reported allowance and actually spendable allowance diverge after spending.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","pc:0x3bd","pc:0x4b6","pc:0x4ca","pc:0x580"]},{"severity":"low","category":"reentrancy","title":"Approval callback entrypoint performs an unguarded external CALL after approval state is written","exploit_scenario":"Best-effort selector inference suggests `0xcae9ca51` is an `approveAndCall(address,uint256,bytes)`-style function. It writes approval state for `caller -> spender`, then performs an external CALL to the spender with callback selector `0x8f4ffcb1`. A malicious spender can synchronously reenter token methods such as `transferFrom` while the freshly written approval is already live. This may be intended behavior for approve-and-callback tokens, so the issue is low severity, but any upstream integrator that assumes approval has no same-transaction side effects can be broken.","recommendation":"If this callback flow is required, document that approval is immediately usable during the callback. Otherwise, remove the callback feature or add reentrancy protection / safer two-step approval semantics. At minimum, treat pc 0x385 as the relevant untrusted CALL site; the other CALLs in the artifact look consistent with helper/precompile memory-copy patterns and should not be treated as the primary risk.","evidence":"In selector `0xcae9ca51`, the contract stores the approval mapping first (`SSTORE` at pc 0x2c4), builds calldata for selector `0x8f4ffcb1`, and then executes a CALL at pc 0x385 with no detected guard. The bundle's detector flagged reachable CALLs, but manual reconstruction indicates pc 0x385 is the spender callback, while pc 0x341/0x41a are likely helper calls.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x2d3","pc:0x385"]}]}
tokens used
56,029
{
"codex": {
"ran_at": "2026-04-05T04:43:09.234689+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3506,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode bundle shows an ERC20-like token with a non-standard allowance/spent accounting model and one callback-style approval entrypoint that performs an external CALL after updating approval state. No proxy, delegatecall, or privileged upgrade path was evidenced in the runtime bytecode provided.",
"raw_final": {
"summary": "Bytecode bundle shows an ERC20-like token with a non-standard allowance/spent accounting model and one callback-style approval entrypoint that performs an external CALL after updating approval state. No proxy, delegatecall, or privileged upgrade path was evidenced in the runtime bytecode provided.",
"findings": [
{
"title": "`allowance()` appears to report gross approved amount, not remaining spendable allowance",
"category": "other",
"evidence": "`0xdd62ed3e` loads from the slot-6 double mapping and returns it directly. `transferFrom` checks slot-6 approval against slot-7 cumulative spent (`SLOAD` around pc 0x4b6 and 0x4ca) and then increments slot-7 (`SSTORE` around pc 0x580). This means reported allowance and actually spendable allowance diverge after spending.",
"severity": "medium",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"pc:0x3bd",
"pc:0x4b6",
"pc:0x4ca",
"pc:0x580"
],
"recommendation": "Align the ERC20 allowance invariant with standard behavior: either decrement the stored allowance on `transferFrom`, or make `allowance()` return remaining allowance and reset/reinitialize the spent tracker on new approvals. If the cumulative-spend model is intentional, do not expose it behind the standard `0xdd62ed3e` selector without clear compatibility warnings.",
"exploit_scenario": "Best-effort selector inference indicates `0xdd62ed3e` is `allowance(address,address)` and `0x23b872dd` is `transferFrom(address,address,uint256)`. The contract reads one mapping for approvals and a separate mapping for cumulative spent allowance, then enforces `spent + amount <= approved` during `transferFrom`. Because `0xdd62ed3e` returns only the approval mapping, integrators can observe an allowance that is larger than the actual remaining spendable amount. After partial spending, wallets, routers, or vaults may believe they can pull tokens and then fail unexpectedly; re-approving through the custom approval path also appears to leave prior spent state in place, so a user who 're-approves 100' may still have much less than 100 actually spendable."
},
{
"title": "Approval callback entrypoint performs an unguarded external CALL after approval state is written",
"category": "reentrancy",
"evidence": "In selector `0xcae9ca51`, the contract stores the approval mapping first (`SSTORE` at pc 0x2c4), builds calldata for selector `0x8f4ffcb1`, and then executes a CALL at pc 0x385 with no detected guard. The bundle's detector flagged reachable CALLs, but manual reconstruction indicates pc 0x385 is the spender callback, while pc 0x341/0x41a are likely helper calls.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x2d3",
"pc:0x385"
],
"recommendation": "If this callback flow is required, document that approval is immediately usable during the callback. Otherwise, remove the callback feature or add reentrancy protection / safer two-step approval semantics. At minimum, treat pc 0x385 as the relevant untrusted CALL site; the other CALLs in the artifact look consistent with helper/precompile memory-copy patterns and should not be treated as the primary risk.",
"exploit_scenario": "Best-effort selector inference suggests `0xcae9ca51` is an `approveAndCall(address,uint256,bytes)`-style function. It writes approval state for `caller -> spender`, then performs an external CALL to the spender with callback selector `0x8f4ffcb1`. A malicious spender can synchronously reenter token methods such as `transferFrom` while the freshly written approval is already live. This may be intended behavior for approve-and-callback tokens, so the issue is low severity, but any upstream integrator that assumes approval has no same-transaction side effects can be broken."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0095 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x00f2 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x23b872dd 00000030: EQ 00000031: PUSH2 0x00fb 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x012d 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x0139 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x0193 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x95d89b41 0000005c: EQ 0000005d: PUSH2 0x01ab 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa9059cbb 00000067: EQ 00000068: PUSH2 0x0207 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcae9ca51 00000072: EQ 00000073: PUSH2 0x0236 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdc3080f2 0000007d: EQ 0000007e: PUSH2 0x0398 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xdd62ed3e 00000088: EQ 00000089: PUSH2 0x03bd 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x03e2 00000091: PUSH2 0x0002 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH2 0x03e4 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: SLOAD 0000009d: PUSH1 0x20 0000009f: PUSH1 0x02 000000a1: PUSH1 0x01 000000a3: DUP4 000000a4: AND 000000a5: ISZERO 000000a6: PUSH2 0x0100 000000a9: MUL 000000aa: PUSH1 0x00 000000ac: NOT 000000ad: ADD 000000ae: SWAP1 000000af: SWAP3 000000b0: AND 000000b1: SWAP2 000000b2: SWAP1 000000b3: SWAP2 000000b4: DIV 000000b5: PUSH1 0x1f 000000b7: DUP2 000000b8: ADD 000000b9: DUP3 000000ba: SWAP1 000000bb: DIV 000000bc: SWAP1 000000bd: SWAP2 000000be: MUL 000000bf: PUSH1 0x80 000000c1: SWAP1 000000c2: DUP2 000000c3: ADD 000000c4: PUSH1 0x40 000000c6: MSTORE 000000c7: PUSH1 0x60 000000c9: DUP3 000000ca: DUP2 000000cb: MSTORE 000000cc: SWAP3 000000cd: SWAP2 000000ce: SWAP1 000000cf: DUP3 000000d0: DUP3 000000d1: DUP1 000000d2: ISZERO 000000d3: PUSH2 0x0601 000000d6: JUMPI 000000d7: DUP1 000000d8: PUSH1 0x1f 000000da: LT 000000db: PUSH2 0x05d6 000000de: JUMPI 000000df: PUSH2 0x0100 000000e2: DUP1 000000e3: DUP4 000000e4: SLOAD 000000e5: DIV 000000e6: MUL 000000e7: DUP4 000000e8: MSTORE 000000e9: SWAP2 000000ea: PUSH1 0x20 000000ec: ADD 000000ed: SWAP2 000000ee: PUSH2 0x0601 000000f1: JUMP 000000f2: JUMPDEST 000000f3: PUSH2 0x0452 000000f6: PUSH1 0x04 000000f8: SLOAD 000000f9: DUP2 000000fa: JUMP 000000fb: JUMPDEST 000000fc: PUSH2 0x0452 000000ff: PUSH1 0x04 00000101: CALLDATALOAD 00000102: PUSH1 0x24 00000104: CALLDATALOAD 00000105: PUSH1 0x44 00000107: CALLDATALOAD 00000108: PUSH1 0x01 0000010a: PUSH1 0xa0 0000010c: PUSH1 0x02 0000010e: EXP 0000010f: SUB 00000110: DUP4 00000111: AND 00000112: PUSH1 0x00 00000114: SWAP1 00000115: DUP2 00000116: MSTORE 00000117: PUSH1 0x05 00000119: PUSH1 0x20 0000011b: MSTORE 0000011c: PUSH1 0x40 0000011e: DUP2 0000011f: KECCAK256 00000120: SLOAD 00000121: DUP3 00000122: SWAP1 00000123: LT 00000124: ISZERO 00000125: PUSH2 0x046e 00000128: JUMPI 00000129: PUSH2 0x0002 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x0464 00000131: PUSH1 0x03 00000133: SLOAD 00000134: PUSH1 0xff 00000136: AND 00000137: DUP2 00000138: JUMP 00000139: JUMPDEST 0000013a: PUSH2 0x03e4 0000013d: PUSH1 0x02 0000013f: DUP1 00000140: SLOAD 00000141: PUSH1 0x20 00000143: PUSH1 0x01 00000145: DUP3 00000146: AND 00000147: ISZERO 00000148: PUSH2 0x0100 0000014b: MUL 0000014c: PUSH1 0x00 0000014e: NOT 0000014f: ADD 00000150: SWAP1 00000151: SWAP2 00000152: AND 00000153: DUP3 00000154: SWAP1 00000155: DIV 00000156: PUSH1 0x1f 00000158: DUP2 00000159: ADD 0000015a: DUP3 0000015b: SWAP1 0000015c: DIV 0000015d: SWAP1 0000015e: SWAP2 0000015f: MUL 00000160: PUSH1 0x80 00000162: SWAP1 00000163: DUP2 00000164: ADD 00000165: PUSH1 0x40 00000167: MSTORE 00000168: PUSH1 0x60 0000016a: DUP3 0000016b: DUP2 0000016c: MSTORE 0000016d: SWAP3 0000016e: SWAP2 0000016f: SWAP1 00000170: DUP3 00000171: DUP3 00000172: DUP1 00000173: ISZERO 00000174: PUSH2 0x0601 00000177: JUMPI 00000178: DUP1 00000179: PUSH1 0x1f 0000017b: LT 0000017c: PUSH2 0x05d6 0000017f: JUMPI 00000180: PUSH2 0x0100 00000183: DUP1 00000184: DUP4 00000185: SLOAD 00000186: DIV 00000187: MUL 00000188: DUP4 00000189: MSTORE 0000018a: SWAP2 0000018b: PUSH1 0x20 0000018d: ADD 0000018e: SWAP2 0000018f: PUSH2 0x0601 00000192: JUMP 00000193: JUMPDEST 00000194: PUSH2 0x0452 00000197: PUSH1 0x04 00000199: CALLDATALOAD 0000019a: PUSH1 0x05 0000019c: PUSH1 0x20 0000019e: MSTORE 0000019f: PUSH1 0x00 000001a1: SWAP1 000001a2: DUP2 000001a3: MSTORE 000001a4: PUSH1 0x40 000001a6: SWAP1 000001a7: KECCAK256 000001a8: SLOAD 000001a9: DUP2 000001aa: JUMP 000001ab: JUMPDEST 000001ac: PUSH2 0x03e4 000001af: PUSH1 0x01 000001b1: DUP1 000001b2: SLOAD 000001b3: PUSH1 0x20 000001b5: PUSH1 0x02 000001b7: DUP3 000001b8: DUP5 000001b9: AND 000001ba: ISZERO 000001bb: PUSH2 0x0100 000001be: MUL 000001bf: PUSH1 0x00 000001c1: NOT 000001c2: ADD 000001c3: SWAP1 000001c4: SWAP3 000001c5: AND 000001c6: SWAP2 000001c7: SWAP1 000001c8: SWAP2 000001c9: DIV 000001ca: PUSH1 0x1f 000001cc: DUP2 000001cd: ADD 000001ce: DUP3 000001cf: SWAP1 000001d0: DIV 000001d1: SWAP1 000001d2: SWAP2 000001d3: MUL 000001d4: PUSH1 0x80 000001d6: SWAP1 000001d7: DUP2 000001d8: ADD 000001d9: PUSH1 0x40 000001db: MSTORE 000001dc: PUSH1 0x60 000001de: DUP3 000001df: DUP2 000001e0: MSTORE 000001e1: SWAP3 000001e2: SWAP2 000001e3: SWAP1 000001e4: DUP3 000001e5: DUP3 000001e6: DUP1 000001e7: ISZERO 000001e8: PUSH2 0x0601 000001eb: JUMPI 000001ec: DUP1 000001ed: PUSH1 0x1f 000001ef: LT 000001f0: PUSH2 0x05d6 000001f3: JUMPI 000001f4: PUSH2 0x0100 000001f7: DUP1 000001f8: DUP4 000001f9: SLOAD 000001fa: DIV 000001fb: MUL 000001fc: DUP4 000001fd: MSTORE 000001fe: SWAP2 000001ff: PUSH1 0x20 00000201: ADD 00000202: SWAP2 00000203: PUSH2 0x0601 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH2 0x03e2 0000020b: PUSH1 0x04 0000020d: CALLDATALOAD 0000020e: PUSH1 0x24 00000210: CALLDATALOAD 00000211: PUSH1 0x01 00000213: PUSH1 0xa0 00000215: PUSH1 0x02 00000217: EXP 00000218: SUB 00000219: CALLER 0000021a: AND 0000021b: PUSH1 0x00 0000021d: SWAP1 0000021e: DUP2 0000021f: MSTORE 00000220: PUSH1 0x05 00000222: PUSH1 0x20 00000224: MSTORE 00000225: PUSH1 0x40 00000227: SWAP1 00000228: KECCAK256 00000229: SLOAD 0000022a: DUP2 0000022b: SWAP1 0000022c: LT 0000022d: ISZERO 0000022e: PUSH2 0x0609 00000231: JUMPI 00000232: PUSH2 0x0002 00000235: JUMP 00000236: JUMPDEST 00000237: PUSH1 0x80 00000239: PUSH1 0x20 0000023b: PUSH1 0x44 0000023d: CALLDATALOAD 0000023e: PUSH1 0x04 00000240: DUP2 00000241: DUP2 00000242: ADD 00000243: CALLDATALOAD 00000244: PUSH1 0x1f 00000246: DUP2 00000247: ADD 00000248: DUP5 00000249: SWAP1 0000024a: DIV 0000024b: SWAP1 0000024c: SWAP4 0000024d: MUL 0000024e: DUP5 0000024f: ADD 00000250: PUSH1 0x40 00000252: MSTORE 00000253: PUSH1 0x60 00000255: DUP4 00000256: DUP2 00000257: MSTORE 00000258: PUSH2 0x0452 0000025b: SWAP5 0000025c: DUP3 0000025d: CALLDATALOAD 0000025e: SWAP5 0000025f: PUSH1 0x24 00000261: DUP1 00000262: CALLDATALOAD 00000263: SWAP6 00000264: PUSH1 0x64 00000266: SWAP5 00000267: SWAP4 00000268: SWAP2 00000269: ADD 0000026a: SWAP2 0000026b: SWAP1 0000026c: DUP2 0000026d: SWAP1 0000026e: DUP4 0000026f: DUP3 00000270: DUP1 00000271: DUP3 00000272: DUP5 00000273: CALLDATACOPY 00000274: POP 00000275: SWAP5 00000276: SWAP7 00000277: POP 00000278: POP 00000279: POP 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: POP 0000027e: PUSH1 0x00 00000280: PUSH1 0x00 00000282: DUP4 00000283: PUSH1 0x06 00000285: PUSH1 0x00 00000287: POP 00000288: PUSH1 0x00 0000028a: CALLER 0000028b: PUSH1 0x01 0000028d: PUSH1 0xa0 0000028f: PUSH1 0x02 00000291: EXP 00000292: SUB 00000293: AND 00000294: DUP2 00000295: MSTORE 00000296: PUSH1 0x20 00000298: ADD 00000299: SWAP1 0000029a: DUP2 0000029b: MSTORE 0000029c: PUSH1 0x20 0000029e: ADD 0000029f: PUSH1 0x00 000002a1: KECCAK256 000002a2: PUSH1 0x00 000002a4: POP 000002a5: PUSH1 0x00 000002a7: DUP8 000002a8: PUSH1 0x01 000002aa: PUSH1 0xa0 000002ac: PUSH1 0x02 000002ae: EXP 000002af: SUB 000002b0: AND 000002b1: DUP2 000002b2: MSTORE 000002b3: PUSH1 0x20 000002b5: ADD 000002b6: SWAP1 000002b7: DUP2 000002b8: MSTORE 000002b9: PUSH1 0x20 000002bb: ADD 000002bc: PUSH1 0x00 000002be: KECCAK256 000002bf: PUSH1 0x00 000002c1: POP 000002c2: DUP2 000002c3: SWAP1 000002c4: SSTORE 000002c5: POP 000002c6: DUP5 000002c7: SWAP1 000002c8: POP 000002c9: DUP1 000002ca: PUSH1 0x01 000002cc: PUSH1 0xa0 000002ce: PUSH1 0x02 000002d0: EXP 000002d1: SUB 000002d2: AND 000002d3: PUSH4 0x8f4ffcb1 000002d8: CALLER 000002d9: DUP7 000002da: ADDRESS 000002db: DUP8 000002dc: PUSH1 0x40 000002de: MLOAD 000002df: DUP6 000002e0: PUSH1 0xe0 000002e2: PUSH1 0x02 000002e4: EXP 000002e5: MUL 000002e6: DUP2 000002e7: MSTORE 000002e8: PUSH1 0x04 000002ea: ADD 000002eb: DUP1 000002ec: DUP6 000002ed: PUSH1 0x01 000002ef: PUSH1 0xa0 000002f1: PUSH1 0x02 000002f3: EXP 000002f4: SUB 000002f5: AND 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: ADD 000002fb: DUP5 000002fc: DUP2 000002fd: MSTORE 000002fe: PUSH1 0x20 00000300: ADD 00000301: DUP4 00000302: PUSH1 0x01 00000304: PUSH1 0xa0 00000306: PUSH1 0x02 00000308: EXP 00000309: SUB 0000030a: AND 0000030b: DUP2 0000030c: MSTORE 0000030d: PUSH1 0x20 0000030f: ADD 00000310: DUP1 00000311: PUSH1 0x20 00000313: ADD 00000314: DUP3 00000315: DUP2 00000316: SUB 00000317: DUP3 00000318: MSTORE 00000319: DUP4 0000031a: DUP2 0000031b: DUP2 0000031c: MLOAD 0000031d: DUP2 0000031e: MSTORE 0000031f: PUSH1 0x20 00000321: ADD 00000322: SWAP2 00000323: POP 00000324: DUP1 00000325: MLOAD 00000326: SWAP1 00000327: PUSH1 0x20 00000329: ADD 0000032a: SWAP1 0000032b: DUP1 0000032c: DUP4 0000032d: DUP4 0000032e: DUP3 0000032f: SWAP1 00000330: PUSH1 0x00 00000332: PUSH1 0x04 00000334: PUSH1 0x20 00000336: DUP5 00000337: PUSH1 0x1f 00000339: ADD 0000033a: DIV 0000033b: PUSH1 0x0f 0000033d: MUL 0000033e: PUSH1 0x03 00000340: ADD 00000341: CALL 00000342: POP 00000343: SWAP1 00000344: POP 00000345: SWAP1 00000346: DUP2 00000347: ADD 00000348: SWAP1 00000349: PUSH1 0x1f 0000034b: AND 0000034c: DUP1 0000034d: ISZERO 0000034e: PUSH2 0x036b 00000351: JUMPI 00000352: DUP1 00000353: DUP3 00000354: SUB 00000355: DUP1 00000356: MLOAD 00000357: PUSH1 0x01 00000359: DUP4 0000035a: PUSH1 0x20 0000035c: SUB 0000035d: PUSH2 0x0100 00000360: EXP 00000361: SUB 00000362: NOT 00000363: AND 00000364: DUP2 00000365: MSTORE 00000366: PUSH1 0x20 00000368: ADD 00000369: SWAP2 0000036a: POP 0000036b: JUMPDEST 0000036c: POP 0000036d: SWAP6 0000036e: POP 0000036f: POP 00000370: POP 00000371: POP 00000372: POP 00000373: POP 00000374: PUSH1 0x00 00000376: PUSH1 0x40 00000378: MLOAD 00000379: DUP1 0000037a: DUP4 0000037b: SUB 0000037c: DUP2 0000037d: PUSH1 0x00 0000037f: DUP8 00000380: PUSH2 0x61da 00000383: GAS 00000384: SUB 00000385: CALL 00000386: ISZERO 00000387: PUSH2 0x0002 0000038a: JUMPI 0000038b: POP 0000038c: PUSH1 0x01 0000038e: SWAP8 0000038f: SWAP7 00000390: POP 00000391: POP 00000392: POP 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: JUMP 00000398: JUMPDEST 00000399: PUSH1 0x07 0000039b: PUSH1 0x20 0000039d: SWAP1 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x04 000003a2: CALLDATALOAD 000003a3: PUSH1 0x00 000003a5: SWAP1 000003a6: DUP2 000003a7: MSTORE 000003a8: PUSH1 0x40 000003aa: DUP1 000003ab: DUP3 000003ac: KECCAK256 000003ad: SWAP1 000003ae: SWAP3 000003af: MSTORE 000003b0: PUSH1 0x24 000003b2: CALLDATALOAD 000003b3: DUP2 000003b4: MSTORE 000003b5: KECCAK256 000003b6: SLOAD 000003b7: PUSH2 0x0452 000003ba: SWAP1 000003bb: DUP2 000003bc: JUMP 000003bd: JUMPDEST 000003be: PUSH1 0x06 000003c0: PUSH1 0x20 000003c2: SWAP1 000003c3: DUP2 000003c4: MSTORE 000003c5: PUSH1 0x04 000003c7: CALLDATALOAD 000003c8: PUSH1 0x00 000003ca: SWAP1 000003cb: DUP2 000003cc: MSTORE 000003cd: PUSH1 0x40 000003cf: DUP1 000003d0: DUP3 000003d1: KECCAK256 000003d2: SWAP1 000003d3: SWAP3 000003d4: MSTORE 000003d5: PUSH1 0x24 000003d7: CALLDATALOAD 000003d8: DUP2 000003d9: MSTORE 000003da: KECCAK256 000003db: SLOAD 000003dc: PUSH2 0x0452 000003df: SWAP1 000003e0: DUP2 000003e1: JUMP 000003e2: JUMPDEST 000003e3: STOP 000003e4: JUMPDEST 000003e5: PUSH1 0x40 000003e7: MLOAD 000003e8: DUP1 000003e9: DUP1 000003ea: PUSH1 0x20 000003ec: ADD 000003ed: DUP3 000003ee: DUP2 000003ef: SUB 000003f0: DUP3 000003f1: MSTORE 000003f2: DUP4 000003f3: DUP2 000003f4: DUP2 000003f5: MLOAD 000003f6: DUP2 000003f7: MSTORE 000003f8: PUSH1 0x20 000003fa: ADD 000003fb: SWAP2 000003fc: POP 000003fd: DUP1 000003fe: MLOAD 000003ff: SWAP1 00000400: PUSH1 0x20 00000402: ADD 00000403: SWAP1 00000404: DUP1 00000405: DUP4 00000406: DUP4 00000407: DUP3 00000408: SWAP1 00000409: PUSH1 0x00 0000040b: PUSH1 0x04 0000040d: PUSH1 0x20 0000040f: DUP5 00000410: PUSH1 0x1f 00000412: ADD 00000413: DIV 00000414: PUSH1 0x0f 00000416: MUL 00000417: PUSH1 0x03 00000419: ADD 0000041a: CALL 0000041b: POP 0000041c: SWAP1 0000041d: POP 0000041e: SWAP1 0000041f: DUP2 00000420: ADD 00000421: SWAP1 00000422: PUSH1 0x1f 00000424: AND 00000425: DUP1 00000426: ISZERO 00000427: PUSH2 0x0444 0000042a: JUMPI 0000042b: DUP1 0000042c: DUP3 0000042d: SUB 0000042e: DUP1 0000042f: MLOAD 00000430: PUSH1 0x01 00000432: DUP4 00000433: PUSH1 0x20 00000435: SUB 00000436: PUSH2 0x0100 00000439: EXP 0000043a: SUB 0000043b: NOT 0000043c: AND 0000043d: DUP2 0000043e: MSTORE 0000043f: PUSH1 0x20 00000441: ADD 00000442: SWAP2 00000443: POP 00000444: JUMPDEST 00000445: POP 00000446: SWAP3 00000447: POP 00000448: POP 00000449: POP 0000044a: PUSH1 0x40 0000044c: MLOAD 0000044d: DUP1 0000044e: SWAP2 0000044f: SUB 00000450: SWAP1 00000451: RETURN 00000452: JUMPDEST 00000453: PUSH1 0x40 00000455: DUP1 00000456: MLOAD 00000457: SWAP2 00000458: DUP3 00000459: MSTORE 0000045a: MLOAD 0000045b: SWAP1 0000045c: DUP2 0000045d: SWAP1 0000045e: SUB 0000045f: PUSH1 0x20 00000461: ADD 00000462: SWAP1 00000463: RETURN 00000464: JUMPDEST 00000465: PUSH1 0x60 00000467: SWAP1 00000468: DUP2 00000469: MSTORE 0000046a: PUSH1 0x20 0000046c: SWAP1 0000046d: RETURN 0000046e: JUMPDEST 0000046f: PUSH1 0x01 00000471: PUSH1 0xa0 00000473: PUSH1 0x02 00000475: EXP 00000476: SUB 00000477: DUP4 00000478: AND 00000479: DUP2 0000047a: MSTORE 0000047b: PUSH1 0x40 0000047d: DUP2 0000047e: KECCAK256 0000047f: SLOAD 00000480: DUP1 00000481: DUP4 00000482: ADD 00000483: LT 00000484: ISZERO 00000485: PUSH2 0x048d 00000488: JUMPI 00000489: PUSH2 0x0002 0000048c: JUMP 0000048d: JUMPDEST 0000048e: PUSH1 0x01 00000490: PUSH1 0xa0 00000492: PUSH1 0x02 00000494: EXP 00000495: SUB 00000496: DUP1 00000497: DUP6 00000498: AND 00000499: DUP1 0000049a: DUP4 0000049b: MSTORE 0000049c: PUSH1 0x06 0000049e: PUSH1 0x20 000004a0: SWAP1 000004a1: DUP2 000004a2: MSTORE 000004a3: PUSH1 0x40 000004a5: DUP1 000004a6: DUP6 000004a7: KECCAK256 000004a8: CALLER 000004a9: SWAP5 000004aa: SWAP1 000004ab: SWAP5 000004ac: AND 000004ad: DUP1 000004ae: DUP7 000004af: MSTORE 000004b0: SWAP4 000004b1: DUP3 000004b2: MSTORE 000004b3: DUP1 000004b4: DUP6 000004b5: KECCAK256 000004b6: SLOAD 000004b7: SWAP3 000004b8: DUP6 000004b9: MSTORE 000004ba: PUSH1 0x07 000004bc: DUP3 000004bd: MSTORE 000004be: DUP1 000004bf: DUP6 000004c0: KECCAK256 000004c1: SWAP4 000004c2: DUP6 000004c3: MSTORE 000004c4: SWAP3 000004c5: SWAP1 000004c6: MSTORE 000004c7: SWAP1 000004c8: DUP3 000004c9: KECCAK256 000004ca: SLOAD 000004cb: DUP4 000004cc: ADD 000004cd: GT 000004ce: ISZERO 000004cf: PUSH2 0x04d7 000004d2: JUMPI 000004d3: PUSH2 0x0002 000004d6: JUMP 000004d7: JUMPDEST 000004d8: DUP2 000004d9: PUSH1 0x05 000004db: PUSH1 0x00 000004dd: POP 000004de: PUSH1 0x00 000004e0: DUP7 000004e1: PUSH1 0x01 000004e3: PUSH1 0xa0 000004e5: PUSH1 0x02 000004e7: EXP 000004e8: SUB 000004e9: AND 000004ea: DUP2 000004eb: MSTORE 000004ec: PUSH1 0x20 000004ee: ADD 000004ef: SWAP1 000004f0: DUP2 000004f1: MSTORE 000004f2: PUSH1 0x20 000004f4: ADD 000004f5: PUSH1 0x00 000004f7: KECCAK256 000004f8: PUSH1 0x00 000004fa: DUP3 000004fb: DUP3 000004fc: DUP3 000004fd: POP 000004fe: SLOAD 000004ff: SUB 00000500: SWAP3 00000501: POP 00000502: POP 00000503: DUP2 00000504: SWAP1 00000505: SSTORE 00000506: POP 00000507: DUP2 00000508: PUSH1 0x05 0000050a: PUSH1 0x00 0000050c: POP 0000050d: PUSH1 0x00 0000050f: DUP6 00000510: PUSH1 0x01 00000512: PUSH1 0xa0 00000514: PUSH1 0x02 00000516: EXP 00000517: SUB 00000518: AND 00000519: DUP2 0000051a: MSTORE 0000051b: PUSH1 0x20 0000051d: ADD 0000051e: SWAP1 0000051f: DUP2 00000520: MSTORE 00000521: PUSH1 0x20 00000523: ADD 00000524: PUSH1 0x00 00000526: KECCAK256 00000527: PUSH1 0x00 00000529: DUP3 0000052a: DUP3 0000052b: DUP3 0000052c: POP 0000052d: SLOAD 0000052e: ADD 0000052f: SWAP3 00000530: POP 00000531: POP 00000532: DUP2 00000533: SWAP1 00000534: SSTORE 00000535: POP 00000536: DUP2 00000537: PUSH1 0x07 00000539: PUSH1 0x00 0000053b: POP 0000053c: PUSH1 0x00 0000053e: DUP7 0000053f: PUSH1 0x01 00000541: PUSH1 0xa0 00000543: PUSH1 0x02 00000545: EXP 00000546: SUB 00000547: AND 00000548: DUP2 00000549: MSTORE 0000054a: PUSH1 0x20 0000054c: ADD 0000054d: SWAP1 0000054e: DUP2 0000054f: MSTORE 00000550: PUSH1 0x20 00000552: ADD 00000553: PUSH1 0x00 00000555: KECCAK256 00000556: PUSH1 0x00 00000558: POP 00000559: PUSH1 0x00 0000055b: CALLER 0000055c: PUSH1 0x01 0000055e: PUSH1 0xa0 00000560: PUSH1 0x02 00000562: EXP 00000563: SUB 00000564: AND 00000565: DUP2 00000566: MSTORE 00000567: PUSH1 0x20 00000569: ADD 0000056a: SWAP1 0000056b: DUP2 0000056c: MSTORE 0000056d: PUSH1 0x20 0000056f: ADD 00000570: PUSH1 0x00 00000572: KECCAK256 00000573: PUSH1 0x00 00000575: DUP3 00000576: DUP3 00000577: DUP3 00000578: POP 00000579: SLOAD 0000057a: ADD 0000057b: SWAP3 0000057c: POP 0000057d: POP 0000057e: DUP2 0000057f: SWAP1 00000580: SSTORE 00000581: POP 00000582: DUP3 00000583: PUSH1 0x01 00000585: PUSH1 0xa0 00000587: PUSH1 0x02 00000589: EXP 0000058a: SUB 0000058b: AND 0000058c: DUP5 0000058d: PUSH1 0x01 0000058f: PUSH1 0xa0 00000591: PUSH1 0x02 00000593: EXP 00000594: SUB 00000595: AND 00000596: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000005b7: DUP5 000005b8: PUSH1 0x40 000005ba: MLOAD 000005bb: DUP1 000005bc: DUP3 000005bd: DUP2 000005be: MSTORE 000005bf: PUSH1 0x20 000005c1: ADD 000005c2: SWAP2 000005c3: POP 000005c4: POP 000005c5: PUSH1 0x40 000005c7: MLOAD 000005c8: DUP1 000005c9: SWAP2 000005ca: SUB 000005cb: SWAP1 000005cc: LOG3 000005cd: POP 000005ce: PUSH1 0x01 000005d0: SWAP4 000005d1: SWAP3 000005d2: POP 000005d3: POP 000005d4: POP 000005d5: JUMP 000005d6: JUMPDEST 000005d7: DUP3 000005d8: ADD 000005d9: SWAP2 000005da: SWAP1 000005db: PUSH1 0x00 000005dd: MSTORE 000005de: PUSH1 0x20 000005e0: PUSH1 0x00 000005e2: KECCAK256 000005e3: SWAP1 000005e4: JUMPDEST 000005e5: DUP2 000005e6: SLOAD 000005e7: DUP2 000005e8: MSTORE 000005e9: SWAP1 000005ea: PUSH1 0x01 000005ec: ADD 000005ed: SWAP1 000005ee: PUSH1 0x20 000005f0: ADD 000005f1: DUP1 000005f2: DUP4 000005f3: GT 000005f4: PUSH2 0x05e4 000005f7: JUMPI 000005f8: DUP3 000005f9: SWAP1 000005fa: SUB 000005fb: PUSH1 0x1f 000005fd: AND 000005fe: DUP3 000005ff: ADD 00000600: SWAP2 00000601: JUMPDEST 00000602: POP 00000603: POP 00000604: POP 00000605: POP 00000606: POP 00000607: DUP2 00000608: JUMP 00000609: JUMPDEST 0000060a: PUSH1 0x01 0000060c: PUSH1 0xa0 0000060e: PUSH1 0x02 00000610: EXP 00000611: SUB 00000612: DUP3 00000613: AND 00000614: PUSH1 0x00 00000616: SWAP1 00000617: DUP2 00000618: MSTORE 00000619: PUSH1 0x40 0000061b: SWAP1 0000061c: KECCAK256 0000061d: SLOAD 0000061e: DUP1 0000061f: DUP3 00000620: ADD 00000621: LT 00000622: ISZERO 00000623: PUSH2 0x062b 00000626: JUMPI 00000627: PUSH2 0x0002 0000062a: JUMP 0000062b: JUMPDEST 0000062c: DUP1 0000062d: PUSH1 0x05 0000062f: PUSH1 0x00 00000631: POP 00000632: PUSH1 0x00 00000634: CALLER 00000635: PUSH1 0x01 00000637: PUSH1 0xa0 00000639: PUSH1 0x02 0000063b: EXP 0000063c: SUB 0000063d: AND 0000063e: DUP2 0000063f: MSTORE 00000640: PUSH1 0x20 00000642: ADD 00000643: SWAP1 00000644: DUP2 00000645: MSTORE 00000646: PUSH1 0x20 00000648: ADD 00000649: PUSH1 0x00 0000064b: KECCAK256 0000064c: PUSH1 0x00 0000064e: DUP3 0000064f: DUP3 00000650: DUP3 00000651: POP 00000652: SLOAD 00000653: SUB 00000654: SWAP3 00000655: POP 00000656: POP 00000657: DUP2 00000658: SWAP1 00000659: SSTORE 0000065a: POP 0000065b: DUP1 0000065c: PUSH1 0x05 0000065e: PUSH1 0x00 00000660: POP 00000661: PUSH1 0x00 00000663: DUP5 00000664: PUSH1 0x01 00000666: PUSH1 0xa0 00000668: PUSH1 0x02 0000066a: EXP 0000066b: SUB 0000066c: AND 0000066d: DUP2 0000066e: MSTORE 0000066f: PUSH1 0x20 00000671: ADD 00000672: SWAP1 00000673: DUP2 00000674: MSTORE 00000675: PUSH1 0x20 00000677: ADD 00000678: PUSH1 0x00 0000067a: KECCAK256 0000067b: PUSH1 0x00 0000067d: DUP3 0000067e: DUP3 0000067f: DUP3 00000680: POP 00000681: SLOAD 00000682: ADD 00000683: SWAP3 00000684: POP 00000685: POP 00000686: DUP2 00000687: SWAP1 00000688: SSTORE 00000689: POP 0000068a: DUP2 0000068b: PUSH1 0x01 0000068d: PUSH1 0xa0 0000068f: PUSH1 0x02 00000691: EXP 00000692: SUB 00000693: AND 00000694: CALLER 00000695: PUSH1 0x01 00000697: PUSH1 0xa0 00000699: PUSH1 0x02 0000069b: EXP 0000069c: SUB 0000069d: AND 0000069e: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000006bf: DUP4 000006c0: PUSH1 0x40 000006c2: MLOAD 000006c3: DUP1 000006c4: DUP3 000006c5: DUP2 000006c6: MSTORE 000006c7: PUSH1 0x20 000006c9: ADD 000006ca: SWAP2 000006cb: POP 000006cc: POP 000006cd: PUSH1 0x40 000006cf: MLOAD 000006d0: DUP1 000006d1: SWAP2 000006d2: SUB 000006d3: SWAP1 000006d4: LOG3 000006d5: POP 000006d6: POP 000006d7: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a
call_targets:
0x0000000000000000000000000000000000000004, 0x3e485b680d8dff45e7d7880490ebe5514d369797
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e485b680d8dff45e7d7880490ebe5514d369797"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a
call_targets:
0x0000000000000000000000000000000000000004, 0x3e485b680d8dff45e7d7880490ebe5514d369797
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd27b2a30ebe3f97cad2f6274370a076d3649f888325b46ed6d97faf32829603a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e485b680d8dff45e7d7880490ebe5514d369797"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | other | codex | `allowance()` appears to report gross approved amount, not remaining spendable allowance | 75 | no | — |
viewevidence_json{
"evidence": "`0xdd62ed3e` loads from the slot-6 double mapping and returns it directly. `transferFrom` checks slot-6 approval against slot-7 cumulative spent (`SLOAD` around pc 0x4b6 and 0x4ca) and then increments slot-7 (`SSTORE` around pc 0x580). This means reported allowance and actually spendable allowance diverge after spending.",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"pc:0x3bd",
"pc:0x4b6",
"pc:0x4ca",
"pc:0x580"
],
"recommendation": "Align the ERC20 allowance invariant with standard behavior: either decrement the stored allowance on `transferFrom`, or make `allowance()` return remaining allowance and reset/reinitialize the spent tracker on new approvals. If the cumulative-spend model is intentional, do not expose it behind the standard `0xdd62ed3e` selector without clear compatibility warnings.",
"exploit_scenario": "Best-effort selector inference indicates `0xdd62ed3e` is `allowance(address,address)` and `0x23b872dd` is `transferFrom(address,address,uint256)`. The contract reads one mapping for approvals and a separate mapping for cumulative spent allowance, then enforces `spent + amount <= approved` during `transferFrom`. Because `0xdd62ed3e` returns only the approval mapping, integrators can observe an allowance that is larger than the actual remaining spendable amount. After partial spending, wallets, routers, or vaults may believe they can pull tokens and then fail unexpectedly; re-approving through the custom approval path also appears to leave prior spent state in place, so a user who 're-approves 100' may still have much less than 100 actually spendable."
}
|
| low | reentrancy | codex | Approval callback entrypoint performs an unguarded external CALL after approval state is written | 65 | no | — |
viewevidence_json{
"evidence": "In selector `0xcae9ca51`, the contract stores the approval mapping first (`SSTORE` at pc 0x2c4), builds calldata for selector `0x8f4ffcb1`, and then executes a CALL at pc 0x385 with no detected guard. The bundle's detector flagged reachable CALLs, but manual reconstruction indicates pc 0x385 is the spender callback, while pc 0x341/0x41a are likely helper calls.",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x2d3",
"pc:0x385"
],
"recommendation": "If this callback flow is required, document that approval is immediately usable during the callback. Otherwise, remove the callback feature or add reentrancy protection / safer two-step approval semantics. At minimum, treat pc 0x385 as the relevant untrusted CALL site; the other CALLs in the artifact look consistent with helper/precompile memory-copy patterns and should not be treated as the primary risk.",
"exploit_scenario": "Best-effort selector inference suggests `0xcae9ca51` is an `approveAndCall(address,uint256,bytes)`-style function. It writes approval state for `caller -> spender`, then performs an external CALL to the spender with callback selector `0x8f4ffcb1`. A malicious spender can synchronously reenter token methods such as `transferFrom` while the freshly written approval is already live. This may be intended behavior for approve-and-callback tokens, so the issue is low severity, but any upstream integrator that assumes approval has no same-transaction side effects can be broken."
}
|