019b3836-3904-71b0-912b-5d7f7586dc30
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 4015 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 4016 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 80339 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 80340 | capability.graph | complete | 1 / 3 | 1 week ago |
| 80341 | detector.run | complete | 1 / 3 | 1 week ago |
| 80342 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113611 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
OpenAI Codex v0.118.0 (research preview) -------- workdir: /tmp/codex-biea317w model: gpt-5.4 provider: openai approval: never sandbox: read-only reasoning effort: high reasoning summaries: none session id: 019d5c99-07a7-7a03-a154-eb7b80ee546c -------- user You are a security auditor. You ONLY have runtime bytecode + analysis artifacts. You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary, evidence bundle, callsites, storage slots, and detector findings. Special cases when reasoning from bytecode (be explicit about uncertainty): - Selector inference is best-effort; missing selectors are common. - Fallback/receive paths may be the only entrypoints. - CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage. - Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative. - Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown. - Guard detection is heuristic; absence of guards does NOT mean unguarded. - Returndata checking is unknown unless explicitly shown in evidence. - Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim. Output MUST be valid JSON matching the provided schema. - If you find nothing meaningful: set no_findings=true and findings=[]. - Otherwise: set no_findings=false and include findings with severity/category/title. - Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb". Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, accounting/invariant breaks, dangerous delegatecall, and untrusted external calls. Be conservative: if evidence is weak, mark severity low/medium and explain why. warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
{
"codex": {
"ran_at": "2026-04-05T07:43:47.685280+00:00",
"returncode": 1
},
"project": {
"mode": "bytecode",
"bytecode_length": 3932,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": null,
"no_findings": null,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00ae 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x2431f164 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x00b9 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x27dc297e 00000025: EQ 00000026: PUSH2 0x00de 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x41c0e1b5 00000030: EQ 00000031: PUSH2 0x01ef 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x8da5cb5b 0000003b: EQ 0000003c: PUSH2 0x0219 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x9ed1e4c6 00000046: EQ 00000047: PUSH2 0x022b 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xa4be64a4 00000051: EQ 00000052: PUSH2 0x0234 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xcc181ca8 0000005c: EQ 0000005d: PUSH2 0x023d 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xccbac9f5 00000067: EQ 00000068: PUSH2 0x024f 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xd0302051 00000072: EQ 00000073: PUSH2 0x0258 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdde7af32 0000007d: EQ 0000007e: PUSH2 0x0261 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xe3f52c99 00000088: EQ 00000089: PUSH2 0x026a 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0xe97dcb62 00000093: EQ 00000094: PUSH2 0x027c 00000097: JUMPI 00000098: DUP1 00000099: PUSH4 0xee7cf9f2 0000009e: EQ 0000009f: PUSH2 0x02b6 000000a2: JUMPI 000000a3: DUP1 000000a4: PUSH4 0xf6b4dfb4 000000a9: EQ 000000aa: PUSH2 0x02bf 000000ad: JUMPI 000000ae: JUMPDEST 000000af: PUSH2 0x02d1 000000b2: PUSH2 0x02d3 000000b5: PUSH2 0x0280 000000b8: JUMP 000000b9: JUMPDEST 000000ba: PUSH2 0x02d1 000000bd: JUMPDEST 000000be: PUSH1 0x08 000000c0: SLOAD 000000c1: PUSH1 0x00 000000c3: DUP1 000000c4: DUP1 000000c5: JUMPDEST 000000c6: PUSH3 0x0f4240 000000ca: DUP5 000000cb: GT 000000cc: ISZERO 000000cd: PUSH2 0x0539 000000d0: JUMPI 000000d1: PUSH3 0x0f423f 000000d5: NOT 000000d6: SWAP1 000000d7: SWAP4 000000d8: ADD 000000d9: SWAP3 000000da: PUSH2 0x00c5 000000dd: JUMP 000000de: JUMPDEST 000000df: PUSH1 0x40 000000e1: DUP1 000000e2: MLOAD 000000e3: PUSH1 0x20 000000e5: PUSH1 0x24 000000e7: DUP1 000000e8: CALLDATALOAD 000000e9: PUSH1 0x04 000000eb: DUP2 000000ec: DUP2 000000ed: ADD 000000ee: CALLDATALOAD 000000ef: PUSH1 0x1f 000000f1: DUP2 000000f2: ADD 000000f3: DUP6 000000f4: SWAP1 000000f5: DIV 000000f6: DUP6 000000f7: MUL 000000f8: DUP7 000000f9: ADD 000000fa: DUP6 000000fb: ADD 000000fc: SWAP1 000000fd: SWAP7 000000fe: MSTORE 000000ff: DUP6 00000100: DUP6 00000101: MSTORE 00000102: PUSH2 0x02d1 00000105: SWAP6 00000106: DUP2 00000107: CALLDATALOAD 00000108: SWAP6 00000109: SWAP2 0000010a: SWAP5 0000010b: PUSH1 0x44 0000010d: SWAP5 0000010e: SWAP3 0000010f: SWAP4 00000110: SWAP1 00000111: SWAP3 00000112: ADD 00000113: SWAP2 00000114: DUP2 00000115: SWAP1 00000116: DUP5 00000117: ADD 00000118: DUP4 00000119: DUP3 0000011a: DUP1 0000011b: DUP3 0000011c: DUP5 0000011d: CALLDATACOPY 0000011e: POP 0000011f: SWAP5 00000120: SWAP7 00000121: POP 00000122: POP 00000123: POP 00000124: POP 00000125: POP 00000126: POP 00000127: POP 00000128: PUSH2 0x04dc 0000012b: PUSH1 0x40 0000012d: DUP1 0000012e: MLOAD 0000012f: PUSH1 0x00 00000131: DUP1 00000132: SLOAD 00000133: PUSH1 0xe0 00000135: PUSH1 0x02 00000137: EXP 00000138: PUSH4 0x38cc4831 0000013d: MUL 0000013e: DUP4 0000013f: MSTORE 00000140: SWAP3 00000141: MLOAD 00000142: SWAP1 00000143: SWAP3 00000144: PUSH1 0x01 00000146: PUSH1 0xa0 00000148: PUSH1 0x02 0000014a: EXP 0000014b: SUB 0000014c: AND 0000014d: SWAP2 0000014e: PUSH4 0x38cc4831 00000153: SWAP2 00000154: PUSH1 0x04 00000156: DUP3 00000157: DUP2 00000158: ADD 00000159: SWAP3 0000015a: PUSH1 0x20 0000015c: SWAP3 0000015d: SWAP2 0000015e: SWAP1 0000015f: DUP3 00000160: SWAP1 00000161: SUB 00000162: ADD 00000163: DUP2 00000164: DUP8 00000165: DUP8 00000166: PUSH2 0x61da 00000169: GAS 0000016a: SUB 0000016b: CALL 0000016c: ISZERO 0000016d: PUSH2 0x0002 00000170: JUMPI 00000171: POP 00000172: POP 00000173: PUSH1 0x40 00000175: DUP1 00000176: MLOAD 00000177: DUP1 00000178: MLOAD 00000179: PUSH1 0x01 0000017b: DUP1 0000017c: SLOAD 0000017d: PUSH1 0x01 0000017f: PUSH1 0xa0 00000181: PUSH1 0x02 00000183: EXP 00000184: SUB 00000185: NOT 00000186: AND 00000187: SWAP1 00000188: SWAP2 00000189: OR 0000018a: SWAP1 0000018b: DUP2 0000018c: SWAP1 0000018d: SSTORE 0000018e: PUSH32 0xc281d19e00000000000000000000000000000000000000000000000000000000 000001af: DUP3 000001b0: MSTORE 000001b1: SWAP2 000001b2: MLOAD 000001b3: PUSH1 0x01 000001b5: PUSH1 0xa0 000001b7: PUSH1 0x02 000001b9: EXP 000001ba: SUB 000001bb: SWAP3 000001bc: SWAP1 000001bd: SWAP3 000001be: AND 000001bf: SWAP3 000001c0: POP 000001c1: PUSH4 0xc281d19e 000001c6: SWAP2 000001c7: PUSH1 0x04 000001c9: DUP3 000001ca: DUP2 000001cb: ADD 000001cc: SWAP3 000001cd: PUSH1 0x20 000001cf: SWAP3 000001d0: SWAP2 000001d1: SWAP1 000001d2: DUP3 000001d3: SWAP1 000001d4: SUB 000001d5: ADD 000001d6: DUP2 000001d7: DUP8 000001d8: DUP8 000001d9: PUSH2 0x61da 000001dc: GAS 000001dd: SUB 000001de: CALL 000001df: ISZERO 000001e0: PUSH2 0x0002 000001e3: JUMPI 000001e4: POP 000001e5: POP 000001e6: PUSH1 0x40 000001e8: MLOAD 000001e9: MLOAD 000001ea: SWAP2 000001eb: POP 000001ec: POP 000001ed: SWAP1 000001ee: JUMP 000001ef: JUMPDEST 000001f0: PUSH2 0x02d1 000001f3: PUSH1 0x02 000001f5: SLOAD 000001f6: PUSH1 0x01 000001f8: PUSH1 0xa0 000001fa: PUSH1 0x02 000001fc: EXP 000001fd: SUB 000001fe: SWAP1 000001ff: DUP2 00000200: AND 00000201: CALLER 00000202: SWAP2 00000203: SWAP1 00000204: SWAP2 00000205: AND 00000206: EQ 00000207: ISZERO 00000208: PUSH2 0x02d3 0000020b: JUMPI 0000020c: PUSH1 0x02 0000020e: SLOAD 0000020f: PUSH1 0x01 00000211: PUSH1 0xa0 00000213: PUSH1 0x02 00000215: EXP 00000216: SUB 00000217: AND 00000218: SELFDESTRUCT 00000219: JUMPDEST 0000021a: PUSH2 0x02d5 0000021d: PUSH1 0x02 0000021f: SLOAD 00000220: PUSH1 0x01 00000222: PUSH1 0xa0 00000224: PUSH1 0x02 00000226: EXP 00000227: SUB 00000228: AND 00000229: DUP2 0000022a: JUMP 0000022b: JUMPDEST 0000022c: PUSH2 0x02f2 0000022f: PUSH1 0x0a 00000231: SLOAD 00000232: DUP2 00000233: JUMP 00000234: JUMPDEST 00000235: PUSH2 0x02f2 00000238: PUSH1 0x08 0000023a: SLOAD 0000023b: DUP2 0000023c: JUMP 0000023d: JUMPDEST 0000023e: PUSH2 0x02d5 00000241: PUSH1 0x03 00000243: SLOAD 00000244: PUSH1 0x01 00000246: PUSH1 0xa0 00000248: PUSH1 0x02 0000024a: EXP 0000024b: SUB 0000024c: AND 0000024d: DUP2 0000024e: JUMP 0000024f: JUMPDEST 00000250: PUSH2 0x02f2 00000253: PUSH1 0x09 00000255: SLOAD 00000256: DUP2 00000257: JUMP 00000258: JUMPDEST 00000259: PUSH2 0x02f2 0000025c: PUSH1 0x06 0000025e: SLOAD 0000025f: DUP2 00000260: JUMP 00000261: JUMPDEST 00000262: PUSH2 0x02f2 00000265: PUSH1 0x0b 00000267: SLOAD 00000268: DUP2 00000269: JUMP 0000026a: JUMPDEST 0000026b: PUSH2 0x02d5 0000026e: PUSH1 0x04 00000270: SLOAD 00000271: PUSH1 0x01 00000273: PUSH1 0xa0 00000275: PUSH1 0x02 00000277: EXP 00000278: SUB 00000279: AND 0000027a: DUP2 0000027b: JUMP 0000027c: JUMPDEST 0000027d: PUSH2 0x02d1 00000280: JUMPDEST 00000281: PUSH1 0x00 00000283: PUSH7 0xb1a2bc2ec50000 0000028b: CALLVALUE 0000028c: LT 0000028d: ISZERO 0000028e: PUSH2 0x030a 00000291: JUMPI 00000292: PUSH1 0x40 00000294: MLOAD 00000295: PUSH1 0x01 00000297: PUSH1 0xa0 00000299: PUSH1 0x02 0000029b: EXP 0000029c: SUB 0000029d: CALLER 0000029e: AND 0000029f: SWAP1 000002a0: DUP3 000002a1: SWAP1 000002a2: CALLVALUE 000002a3: SWAP1 000002a4: DUP3 000002a5: DUP2 000002a6: DUP2 000002a7: DUP2 000002a8: DUP6 000002a9: DUP9 000002aa: DUP4 000002ab: CALL 000002ac: SWAP4 000002ad: POP 000002ae: POP 000002af: POP 000002b0: POP 000002b1: POP 000002b2: PUSH2 0x0307 000002b5: JUMP 000002b6: JUMPDEST 000002b7: PUSH2 0x02f2 000002ba: PUSH1 0x07 000002bc: SLOAD 000002bd: DUP2 000002be: JUMP 000002bf: JUMPDEST 000002c0: PUSH2 0x02d5 000002c3: PUSH1 0x05 000002c5: SLOAD 000002c6: PUSH1 0x01 000002c8: PUSH1 0xa0 000002ca: PUSH1 0x02 000002cc: EXP 000002cd: SUB 000002ce: AND 000002cf: DUP2 000002d0: JUMP 000002d1: JUMPDEST 000002d2: STOP 000002d3: JUMPDEST 000002d4: JUMP 000002d5: JUMPDEST 000002d6: PUSH1 0x40 000002d8: DUP1 000002d9: MLOAD 000002da: PUSH1 0x01 000002dc: PUSH1 0xa0 000002de: PUSH1 0x02 000002e0: EXP 000002e1: SUB 000002e2: SWAP3 000002e3: SWAP1 000002e4: SWAP3 000002e5: AND 000002e6: DUP3 000002e7: MSTORE 000002e8: MLOAD 000002e9: SWAP1 000002ea: DUP2 000002eb: SWAP1 000002ec: SUB 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: SWAP1 000002f1: RETURN 000002f2: JUMPDEST 000002f3: PUSH1 0x40 000002f5: DUP1 000002f6: MLOAD 000002f7: SWAP2 000002f8: DUP3 000002f9: MSTORE 000002fa: MLOAD 000002fb: SWAP1 000002fc: DUP2 000002fd: SWAP1 000002fe: SUB 000002ff: PUSH1 0x20 00000301: ADD 00000302: SWAP1 00000303: RETURN 00000304: JUMPDEST 00000305: SWAP1 00000306: POP 00000307: JUMPDEST 00000308: POP 00000309: JUMP 0000030a: JUMPDEST 0000030b: PUSH1 0x04 0000030d: DUP1 0000030e: SLOAD 0000030f: PUSH1 0x01 00000311: PUSH1 0xa0 00000313: PUSH1 0x02 00000315: EXP 00000316: SUB 00000317: NOT 00000318: AND 00000319: CALLER 0000031a: OR 0000031b: SWAP1 0000031c: SSTORE 0000031d: CALLVALUE 0000031e: PUSH1 0x0b 00000320: SSTORE 00000321: NUMBER 00000322: PUSH1 0x08 00000324: SSTORE 00000325: PUSH1 0x40 00000327: DUP1 00000328: MLOAD 00000329: DUP1 0000032a: DUP3 0000032b: ADD 0000032c: DUP3 0000032d: MSTORE 0000032e: PUSH1 0x0c 00000330: DUP2 00000331: MSTORE 00000332: PUSH32 0x576f6c6672616d416c7068610000000000000000000000000000000000000000 00000353: PUSH1 0x20 00000355: DUP3 00000356: DUP2 00000357: ADD 00000358: SWAP2 00000359: SWAP1 0000035a: SWAP2 0000035b: MSTORE 0000035c: DUP3 0000035d: MLOAD 0000035e: DUP1 0000035f: DUP5 00000360: ADD 00000361: SWAP1 00000362: SWAP4 00000363: MSTORE 00000364: PUSH1 0x1d 00000366: DUP4 00000367: MSTORE 00000368: PUSH32 0x72616e646f6d206e756d626572206265747765656e203120616e642039000000 00000389: SWAP1 0000038a: DUP4 0000038b: ADD 0000038c: MSTORE 0000038d: PUSH2 0x0304 00000390: SWAP2 00000391: PUSH1 0x00 00000393: SWAP2 00000394: SWAP1 00000395: PUSH1 0x00 00000397: DUP1 00000398: SLOAD 00000399: PUSH1 0x40 0000039b: DUP1 0000039c: MLOAD 0000039d: PUSH1 0xe0 0000039f: PUSH1 0x02 000003a1: EXP 000003a2: PUSH4 0x38cc4831 000003a7: MUL 000003a8: DUP2 000003a9: MSTORE 000003aa: SWAP1 000003ab: MLOAD 000003ac: DUP4 000003ad: SWAP3 000003ae: PUSH1 0x01 000003b0: PUSH1 0xa0 000003b2: PUSH1 0x02 000003b4: EXP 000003b5: SUB 000003b6: AND 000003b7: SWAP2 000003b8: PUSH4 0x38cc4831 000003bd: SWAP2 000003be: PUSH1 0x04 000003c0: DUP3 000003c1: DUP2 000003c2: ADD 000003c3: SWAP3 000003c4: PUSH1 0x20 000003c6: SWAP3 000003c7: SWAP2 000003c8: SWAP1 000003c9: DUP3 000003ca: SWAP1 000003cb: SUB 000003cc: ADD 000003cd: DUP2 000003ce: DUP8 000003cf: DUP8 000003d0: PUSH2 0x61da 000003d3: GAS 000003d4: SUB 000003d5: CALL 000003d6: ISZERO 000003d7: PUSH2 0x0002 000003da: JUMPI 000003db: POP 000003dc: POP 000003dd: PUSH1 0x40 000003df: MLOAD 000003e0: DUP1 000003e1: MLOAD 000003e2: PUSH1 0x01 000003e4: DUP1 000003e5: SLOAD 000003e6: PUSH1 0x01 000003e8: PUSH1 0xa0 000003ea: PUSH1 0x02 000003ec: EXP 000003ed: SUB 000003ee: NOT 000003ef: AND 000003f0: SWAP1 000003f1: SWAP2 000003f2: OR 000003f3: SWAP1 000003f4: DUP2 000003f5: SWAP1 000003f6: SSTORE 000003f7: PUSH32 0x524f388900000000000000000000000000000000000000000000000000000000 00000418: DUP3 00000419: MSTORE 0000041a: PUSH1 0x20 0000041c: PUSH1 0x04 0000041e: DUP4 0000041f: DUP2 00000420: ADD 00000421: DUP3 00000422: DUP2 00000423: MSTORE 00000424: DUP10 00000425: MLOAD 00000426: PUSH1 0x24 00000428: DUP7 00000429: ADD 0000042a: MSTORE 0000042b: DUP10 0000042c: MLOAD 0000042d: PUSH1 0x01 0000042f: PUSH1 0xa0 00000431: PUSH1 0x02 00000433: EXP 00000434: SUB 00000435: SWAP5 00000436: SWAP1 00000437: SWAP5 00000438: AND 00000439: SWAP6 0000043a: POP 0000043b: PUSH4 0x524f3889 00000440: SWAP5 00000441: DUP11 00000442: SWAP5 00000443: SWAP2 00000444: SWAP4 00000445: DUP5 00000446: SWAP4 00000447: PUSH1 0x44 00000449: SWAP1 0000044a: SWAP3 0000044b: ADD 0000044c: SWAP3 0000044d: DUP7 0000044e: DUP3 0000044f: ADD 00000450: SWAP3 00000451: SWAP1 00000452: SWAP2 00000453: DUP3 00000454: SWAP2 00000455: DUP6 00000456: SWAP2 00000457: DUP4 00000458: SWAP2 00000459: DUP7 0000045a: SWAP2 0000045b: DUP15 0000045c: SWAP2 0000045d: SWAP1 0000045e: PUSH1 0x1f 00000460: DUP6 00000461: ADD 00000462: DIV 00000463: PUSH1 0x0f 00000465: MUL 00000466: PUSH1 0x03 00000468: ADD 00000469: CALL 0000046a: POP 0000046b: SWAP1 0000046c: POP 0000046d: SWAP1 0000046e: DUP2 0000046f: ADD 00000470: SWAP1 00000471: PUSH1 0x1f 00000473: AND 00000474: DUP1 00000475: ISZERO 00000476: PUSH2 0x0493 00000479: JUMPI 0000047a: DUP1 0000047b: DUP3 0000047c: SUB 0000047d: DUP1 0000047e: MLOAD 0000047f: PUSH1 0x01 00000481: DUP4 00000482: PUSH1 0x20 00000484: SUB 00000485: PUSH2 0x0100 00000488: EXP 00000489: SUB 0000048a: NOT 0000048b: AND 0000048c: DUP2 0000048d: MSTORE 0000048e: PUSH1 0x20 00000490: ADD 00000491: SWAP2 00000492: POP 00000493: JUMPDEST 00000494: POP 00000495: SWAP3 00000496: POP 00000497: POP 00000498: POP 00000499: PUSH1 0x20 0000049b: PUSH1 0x40 0000049d: MLOAD 0000049e: DUP1 0000049f: DUP4 000004a0: SUB 000004a1: DUP2 000004a2: PUSH1 0x00 000004a4: DUP8 000004a5: PUSH2 0x61da 000004a8: GAS 000004a9: SUB 000004aa: CALL 000004ab: ISZERO 000004ac: PUSH2 0x0002 000004af: JUMPI 000004b0: POP 000004b1: POP 000004b2: PUSH1 0x40 000004b4: MLOAD 000004b5: MLOAD 000004b6: SWAP2 000004b7: POP 000004b8: POP 000004b9: PUSH8 0x0de0b6b3a7640000 000004c2: PUSH3 0x030d40 000004c6: GASPRICE 000004c7: MUL 000004c8: ADD 000004c9: DUP2 000004ca: GT 000004cb: ISZERO 000004cc: PUSH2 0x0688 000004cf: JUMPI 000004d0: PUSH1 0x00 000004d2: SWAP2 000004d3: POP 000004d4: JUMPDEST 000004d5: POP 000004d6: SWAP4 000004d7: SWAP3 000004d8: POP 000004d9: POP 000004da: POP 000004db: JUMP 000004dc: JUMPDEST 000004dd: PUSH1 0x01 000004df: PUSH1 0xa0 000004e1: PUSH1 0x02 000004e3: EXP 000004e4: SUB 000004e5: AND 000004e6: CALLER 000004e7: PUSH1 0x01 000004e9: PUSH1 0xa0 000004eb: PUSH1 0x02 000004ed: EXP 000004ee: SUB 000004ef: AND 000004f0: EQ 000004f1: ISZERO 000004f2: ISZERO 000004f3: PUSH2 0x04fb 000004f6: JUMPI 000004f7: PUSH2 0x0002 000004fa: JUMP 000004fb: JUMPDEST 000004fc: PUSH1 0x30 000004fe: DUP2 000004ff: PUSH1 0x00 00000501: DUP2 00000502: MLOAD 00000503: DUP2 00000504: LT 00000505: ISZERO 00000506: PUSH2 0x0002 00000509: JUMPI 0000050a: SWAP1 0000050b: PUSH1 0x20 0000050d: ADD 0000050e: ADD 0000050f: MLOAD 00000510: PUSH1 0xf8 00000512: PUSH1 0x02 00000514: EXP 00000515: SWAP1 00000516: DIV 00000517: PUSH1 0xf8 00000519: PUSH1 0x02 0000051b: EXP 0000051c: MUL 0000051d: PUSH1 0xf8 0000051f: PUSH1 0x02 00000521: EXP 00000522: SWAP1 00000523: DIV 00000524: SUB 00000525: PUSH1 0x09 00000527: PUSH1 0x00 00000529: POP 0000052a: DUP2 0000052b: SWAP1 0000052c: SSTORE 0000052d: POP 0000052e: PUSH2 0x0535 00000531: PUSH2 0x00bd 00000534: JUMP 00000535: JUMPDEST 00000536: POP 00000537: POP 00000538: JUMP 00000539: JUMPDEST 0000053a: JUMPDEST 0000053b: PUSH3 0x0186a0 0000053f: DUP5 00000540: GT 00000541: ISZERO 00000542: PUSH2 0x0553 00000545: JUMPI 00000546: PUSH3 0x01869f 0000054a: NOT 0000054b: SWAP1 0000054c: SWAP4 0000054d: ADD 0000054e: SWAP3 0000054f: PUSH2 0x053a 00000552: JUMP 00000553: JUMPDEST 00000554: JUMPDEST 00000555: PUSH2 0x2710 00000558: DUP5 00000559: GT 0000055a: ISZERO 0000055b: PUSH2 0x056b 0000055e: JUMPI 0000055f: PUSH2 0x270f 00000562: NOT 00000563: SWAP1 00000564: SWAP4 00000565: ADD 00000566: SWAP3 00000567: PUSH2 0x0554 0000056a: JUMP 0000056b: JUMPDEST 0000056c: JUMPDEST 0000056d: PUSH2 0x03e8 00000570: DUP5 00000571: GT 00000572: ISZERO 00000573: PUSH2 0x0583 00000576: JUMPI 00000577: PUSH2 0x03e7 0000057a: NOT 0000057b: SWAP1 0000057c: SWAP4 0000057d: ADD 0000057e: SWAP3 0000057f: PUSH2 0x056c 00000582: JUMP 00000583: JUMPDEST 00000584: JUMPDEST 00000585: PUSH1 0x64 00000587: DUP5 00000588: GT 00000589: ISZERO 0000058a: PUSH2 0x059a 0000058d: JUMPI 0000058e: PUSH1 0x63 00000590: NOT 00000591: SWAP4 00000592: SWAP1 00000593: SWAP4 00000594: ADD 00000595: SWAP3 00000596: PUSH2 0x0584 00000599: JUMP 0000059a: JUMPDEST 0000059b: JUMPDEST 0000059c: PUSH1 0x0a 0000059e: DUP5 0000059f: GT 000005a0: ISZERO 000005a1: PUSH2 0x05b0 000005a4: JUMPI 000005a5: PUSH1 0x09 000005a7: NOT 000005a8: SWAP1 000005a9: SWAP4 000005aa: ADD 000005ab: SWAP3 000005ac: PUSH2 0x059b 000005af: JUMP 000005b0: JUMPDEST 000005b1: DUP4 000005b2: PUSH1 0x0a 000005b4: EQ 000005b5: ISZERO 000005b6: PUSH2 0x05be 000005b9: JUMPI 000005ba: PUSH1 0x00 000005bc: SWAP4 000005bd: POP 000005be: JUMPDEST 000005bf: PUSH1 0x0a 000005c1: DUP5 000005c2: SWAP1 000005c3: SSTORE 000005c4: PUSH1 0x09 000005c6: SLOAD 000005c7: DUP5 000005c8: EQ 000005c9: ISZERO 000005ca: PUSH2 0x0612 000005cd: JUMPI 000005ce: PUSH1 0x32 000005d0: PUSH1 0x06 000005d2: SSTORE 000005d3: PUSH1 0x0b 000005d5: SLOAD 000005d6: PUSH8 0x0ddd2935029d8000 000005df: SWAP1 000005e0: GT 000005e1: ISZERO 000005e2: PUSH2 0x05eb 000005e5: JUMPI 000005e6: PUSH1 0x4b 000005e8: PUSH1 0x06 000005ea: SSTORE 000005eb: JUMPDEST 000005ec: PUSH1 0x03 000005ee: DUP1 000005ef: SLOAD 000005f0: PUSH1 0x04 000005f2: SLOAD 000005f3: PUSH1 0x01 000005f5: PUSH1 0xa0 000005f7: PUSH1 0x02 000005f9: EXP 000005fa: SUB 000005fb: AND 000005fc: PUSH1 0x01 000005fe: PUSH1 0xa0 00000600: PUSH1 0x02 00000602: EXP 00000603: SUB 00000604: NOT 00000605: SWAP2 00000606: SWAP1 00000607: SWAP2 00000608: AND 00000609: OR 0000060a: SWAP1 0000060b: SSTORE 0000060c: PUSH1 0x08 0000060e: SLOAD 0000060f: PUSH1 0x07 00000611: SSTORE 00000612: JUMPDEST 00000613: PUSH1 0x06 00000615: SLOAD 00000616: PUSH1 0x08 00000618: SLOAD 00000619: PUSH1 0x07 0000061b: SLOAD 0000061c: SUB 0000061d: SWAP4 0000061e: POP 0000061f: SWAP2 00000620: POP 00000621: PUSH2 0x07d0 00000624: DUP4 00000625: GT 00000626: ISZERO 00000627: PUSH2 0x062f 0000062a: JUMPI 0000062b: PUSH1 0x5a 0000062d: SWAP2 0000062e: POP 0000062f: JUMPDEST 00000630: POP 00000631: PUSH1 0x05 00000633: SLOAD 00000634: PUSH1 0x03 00000636: SLOAD 00000637: PUSH1 0x40 00000639: MLOAD 0000063a: PUSH1 0x64 0000063c: PUSH1 0x01 0000063e: PUSH1 0xa0 00000640: PUSH1 0x02 00000642: EXP 00000643: SUB 00000644: SWAP4 00000645: DUP5 00000646: AND 00000647: BALANCE 00000648: DUP6 00000649: MUL 0000064a: DIV 0000064b: SWAP3 0000064c: SWAP2 0000064d: SWAP1 0000064e: SWAP2 0000064f: AND 00000650: SWAP1 00000651: PUSH1 0x00 00000653: SWAP1 00000654: DUP4 00000655: SWAP1 00000656: DUP3 00000657: DUP2 00000658: DUP2 00000659: DUP2 0000065a: DUP6 0000065b: DUP9 0000065c: DUP4 0000065d: CALL 0000065e: POP 0000065f: PUSH1 0x05 00000661: SLOAD 00000662: PUSH1 0x02 00000664: SLOAD 00000665: PUSH1 0x01 00000667: PUSH1 0xa0 00000669: PUSH1 0x02 0000066b: EXP 0000066c: SUB 0000066d: SWAP1 0000066e: DUP2 0000066f: AND 00000670: SWAP6 00000671: POP 00000672: AND 00000673: BALANCE 00000674: SWAP2 00000675: POP 00000676: DUP3 00000677: DUP2 00000678: DUP2 00000679: DUP2 0000067a: DUP6 0000067b: DUP9 0000067c: DUP4 0000067d: CALL 0000067e: POP 0000067f: POP 00000680: POP 00000681: POP 00000682: POP 00000683: POP 00000684: POP 00000685: POP 00000686: POP 00000687: JUMP 00000688: JUMPDEST 00000689: PUSH1 0x01 0000068b: PUSH1 0x00 0000068d: SWAP1 0000068e: SLOAD 0000068f: SWAP1 00000690: PUSH2 0x0100 00000693: EXP 00000694: SWAP1 00000695: DIV 00000696: PUSH1 0x01 00000698: PUSH1 0xa0 0000069a: PUSH1 0x02 0000069c: EXP 0000069d: SUB 0000069e: AND 0000069f: PUSH1 0x01 000006a1: PUSH1 0xa0 000006a3: PUSH1 0x02 000006a5: EXP 000006a6: SUB 000006a7: AND 000006a8: PUSH4 0xadf59f99 000006ad: DUP3 000006ae: DUP8 000006af: DUP8 000006b0: DUP8 000006b1: PUSH1 0x40 000006b3: MLOAD 000006b4: DUP6 000006b5: PUSH1 0xe0 000006b7: PUSH1 0x02 000006b9: EXP 000006ba: MUL 000006bb: DUP2 000006bc: MSTORE 000006bd: PUSH1 0x04 000006bf: ADD 000006c0: DUP1 000006c1: DUP5 000006c2: DUP2 000006c3: MSTORE 000006c4: PUSH1 0x20 000006c6: ADD 000006c7: DUP1 000006c8: PUSH1 0x20 000006ca: ADD 000006cb: DUP1 000006cc: PUSH1 0x20 000006ce: ADD 000006cf: DUP4 000006d0: DUP2 000006d1: SUB 000006d2: DUP4 000006d3: MSTORE 000006d4: DUP6 000006d5: DUP2 000006d6: DUP2 000006d7: MLOAD 000006d8: DUP2 000006d9: MSTORE 000006da: PUSH1 0x20 000006dc: ADD 000006dd: SWAP2 000006de: POP 000006df: DUP1 000006e0: MLOAD 000006e1: SWAP1 000006e2: PUSH1 0x20 000006e4: ADD 000006e5: SWAP1 000006e6: DUP1 000006e7: DUP4 000006e8: DUP4 000006e9: DUP3 000006ea: SWAP1 000006eb: PUSH1 0x00 000006ed: PUSH1 0x04 000006ef: PUSH1 0x20 000006f1: DUP5 000006f2: PUSH1 0x1f 000006f4: ADD 000006f5: DIV 000006f6: PUSH1 0x0f 000006f8: MUL 000006f9: PUSH1 0x03 000006fb: ADD 000006fc: CALL 000006fd: POP 000006fe: SWAP1 000006ff: POP 00000700: SWAP1 00000701: DUP2 00000702: ADD 00000703: SWAP1 00000704: PUSH1 0x1f 00000706: AND 00000707: DUP1 00000708: ISZERO 00000709: PUSH2 0x0726 0000070c: JUMPI 0000070d: DUP1 0000070e: DUP3 0000070f: SUB 00000710: DUP1 00000711: MLOAD 00000712: PUSH1 0x01 00000714: DUP4 00000715: PUSH1 0x20 00000717: SUB 00000718: PUSH2 0x0100 0000071b: EXP 0000071c: SUB 0000071d: NOT 0000071e: AND 0000071f: DUP2 00000720: MSTORE 00000721: PUSH1 0x20 00000723: ADD 00000724: SWAP2 00000725: POP 00000726: JUMPDEST 00000727: POP 00000728: DUP4 00000729: DUP2 0000072a: SUB 0000072b: DUP3 0000072c: MSTORE 0000072d: DUP5 0000072e: DUP2 0000072f: DUP2 00000730: MLOAD 00000731: DUP2 00000732: MSTORE 00000733: PUSH1 0x20 00000735: ADD 00000736: SWAP2 00000737: POP 00000738: DUP1 00000739: MLOAD 0000073a: SWAP1 0000073b: PUSH1 0x20 0000073d: ADD 0000073e: SWAP1 0000073f: DUP1 00000740: DUP4 00000741: DUP4 00000742: DUP3 00000743: SWAP1 00000744: PUSH1 0x00 00000746: PUSH1 0x04 00000748: PUSH1 0x20 0000074a: DUP5 0000074b: PUSH1 0x1f 0000074d: ADD 0000074e: DIV 0000074f: PUSH1 0x0f 00000751: MUL 00000752: PUSH1 0x03 00000754: ADD 00000755: CALL 00000756: POP 00000757: SWAP1 00000758: POP 00000759: SWAP1 0000075a: DUP2 0000075b: ADD 0000075c: SWAP1 0000075d: PUSH1 0x1f 0000075f: AND 00000760: DUP1 00000761: ISZERO 00000762: PUSH2 0x077f 00000765: JUMPI 00000766: DUP1 00000767: DUP3 00000768: SUB 00000769: DUP1 0000076a: MLOAD 0000076b: PUSH1 0x01 0000076d: DUP4 0000076e: PUSH1 0x20 00000770: SUB 00000771: PUSH2 0x0100 00000774: EXP 00000775: SUB 00000776: NOT 00000777: AND 00000778: DUP2 00000779: MSTORE 0000077a: PUSH1 0x20 0000077c: ADD 0000077d: SWAP2 0000077e: POP 0000077f: JUMPDEST 00000780: POP 00000781: SWAP6 00000782: POP 00000783: POP 00000784: POP 00000785: POP 00000786: POP 00000787: POP 00000788: PUSH1 0x20 0000078a: PUSH1 0x40 0000078c: MLOAD 0000078d: DUP1 0000078e: DUP4 0000078f: SUB 00000790: DUP2 00000791: DUP6 00000792: DUP9 00000793: PUSH2 0x8502 00000796: GAS 00000797: SUB 00000798: CALL 00000799: ISZERO 0000079a: PUSH2 0x0002 0000079d: JUMPI 0000079e: POP 0000079f: POP 000007a0: PUSH1 0x40 000007a2: MLOAD 000007a3: MLOAD 000007a4: SWAP4 000007a5: POP 000007a6: PUSH2 0x04d4 000007a9: SWAP2 000007aa: POP 000007ab: POP 000007ac: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x77d2826cef26fe6ca843037f8a57f6a6032aff20ded74c6418d17b4cd8406e77
call_targets:
0x3ad14db4e5a658d8d20f8836deabe9d5286f79e1, 0xdce0898b0fb2d632d6ef53d88343ce7806b1867d
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x77d2826cef26fe6ca843037f8a57f6a6032aff20ded74c6418d17b4cd8406e77",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x3ad14db4e5a658d8d20f8836deabe9d5286f79e1",
"0xdce0898b0fb2d632d6ef53d88343ce7806b1867d"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2431f164",
"selector": "0x2431f164",
"calldata_variants": [
"0x2431f164",
"0x2431f1640000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9ed1e4c6",
"selector": "0x9ed1e4c6",
"calldata_variants": [
"0x9ed1e4c6",
"0x9ed1e4c60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4be64a4",
"selector": "0xa4be64a4",
"calldata_variants": [
"0xa4be64a4",
"0xa4be64a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcc181ca8",
"selector": "0xcc181ca8",
"calldata_variants": [
"0xcc181ca8",
"0xcc181ca80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xccbac9f5",
"selector": "0xccbac9f5",
"calldata_variants": [
"0xccbac9f5",
"0xccbac9f50000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 363,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 478,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 683,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 11,
"guards_detected": [],
"untrusted_call_count": 11
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x77d2826cef26fe6ca843037f8a57f6a6032aff20ded74c6418d17b4cd8406e77
call_targets:
0x3ad14db4e5a658d8d20f8836deabe9d5286f79e1, 0xdce0898b0fb2d632d6ef53d88343ce7806b1867d
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x77d2826cef26fe6ca843037f8a57f6a6032aff20ded74c6418d17b4cd8406e77",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x3ad14db4e5a658d8d20f8836deabe9d5286f79e1",
"0xdce0898b0fb2d632d6ef53d88343ce7806b1867d"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2431f164",
"selector": "0x2431f164",
"calldata_variants": [
"0x2431f164",
"0x2431f1640000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9ed1e4c6",
"selector": "0x9ed1e4c6",
"calldata_variants": [
"0x9ed1e4c6",
"0x9ed1e4c60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4be64a4",
"selector": "0xa4be64a4",
"calldata_variants": [
"0xa4be64a4",
"0xa4be64a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcc181ca8",
"selector": "0xcc181ca8",
"calldata_variants": [
"0xcc181ca8",
"0xcc181ca80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xccbac9f5",
"selector": "0xccbac9f5",
"calldata_variants": [
"0xccbac9f5",
"0xccbac9f50000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 363,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 478,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 683,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 11,
"guards_detected": []
}
|
| high | other | detector | SELFDESTRUCT reachable | 65 | no | no |
viewtrace_id: 0x0bcb4aa18e9ae1698c889ed861d9a25e18dffd5c71915e6abe1eb80d77f66d71
validation_json{
"sink": "SELFDESTRUCT",
"errors": 0,
"status": "unknown",
"attempts": 28,
"trace_id": "0x0bcb4aa18e9ae1698c889ed861d9a25e18dffd5c71915e6abe1eb80d77f66d71",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2431f164",
"selector": "0x2431f164",
"calldata_variants": [
"0x2431f164",
"0x2431f1640000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9ed1e4c6",
"selector": "0x9ed1e4c6",
"calldata_variants": [
"0x9ed1e4c6",
"0x9ed1e4c60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4be64a4",
"selector": "0xa4be64a4",
"calldata_variants": [
"0xa4be64a4",
"0xa4be64a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcc181ca8",
"selector": "0xcc181ca8",
"calldata_variants": [
"0xcc181ca8",
"0xcc181ca80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xccbac9f5",
"selector": "0xccbac9f5",
"calldata_variants": [
"0xccbac9f5",
"0xccbac9f50000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [],
"selfdestruct_count": 1
}
|