019b3836-39c4-7362-8ad4-f82efcfdfaf7
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 4139 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 4140 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 47768 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 47769 | capability.graph | complete | 1 / 3 | 1 week ago |
| 47770 | detector.run | complete | 1 / 3 | 1 week ago |
| 47771 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113281 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode matches a non-proxy ERC20-like token with custom `version()`, `approveAndCall(address,uint256,bytes)`, and an extra allowance-related view. The strongest issue is nonstandard allowance accounting: `transferFrom` enforces against a cumulative-spent counter in slot 7 while `allowance()` returns only the raw approved amount from slot 6. There is also a low-confidence reentrancy surface in `approveAndCall`, which performs an untrusted callback after writing approval state.","findings":[{"severity":"medium","category":"math","title":"Allowance accounting is nonstandard and can break ERC20 approval invariants","exploit_scenario":"A spender uses part of an approval, for example 60 out of 100. The owner then calls `approveAndCall(spender, 50, ...)` expecting a fresh allowance of 50. However, `transferFrom` checks `spent[from][spender] + amount <= approved[from][spender]`, so the historical spent value 60 remains in force and every further `transferFrom` reverts until the owner approves more than 60. At the same time, standard `allowance(owner,spender)` still reports 50, so wallets, routers, and other integrations can be misled into attempting transfers that always fail.","recommendation":"Use standard remaining-allowance semantics: either decrement the approval slot directly on `transferFrom`, or reset the cumulative-spent slot whenever a new approval is written. If the cumulative model is intentional, expose only custom interfaces and do not advertise ERC20-compatible `allowance`/`transferFrom` behavior.","evidence":"`approveAndCall` (`selector:0xcae9ca51`) writes slot 6 at `pc:0x2c4`. Standard `allowance` (`selector:0xdd62ed3e`) reads slot 6, while custom view `selector:0xdc3080f2` reads slot 7. `transferFrom` (`selector:0x23b872dd`) checks slot7+amount against slot6 around `pc:0x5c9`-`pc:0x5d1`, then increments slot 7 at `pc:0x682` instead of decrementing slot 6. This is strong bytecode evidence of cumulative-spent accounting rather than remaining allowance.","locations":["selector:0xcae9ca51","selector:0x23b872dd","selector:0xdd62ed3e","selector:0xdc3080f2","pc:0x2c4","pc:0x5cc","pc:0x682"]},{"severity":"low","category":"reentrancy","title":"`approveAndCall` performs an untrusted callback after writing approval state","exploit_scenario":"A malicious spender contract can be approved through `approveAndCall` and immediately reenter the token during its `receiveApproval(address,uint256,address,bytes)` callback. Because the approval is written before the external call, the spender can use the newly granted allowance inside the callback before the outer function returns. This may be intended behavior for this pattern, but it still creates a reentrancy surface and can surprise integrators that assume approval and post-approval effects are separated.","recommendation":"If callback-based approvals are required, restrict them to trusted spender contracts or add explicit reentrancy protection/documentation. Otherwise prefer a plain approval flow without an external callback.","evidence":"In `approveAndCall` (`selector:0xcae9ca51`), the contract stores approval state before building calldata for selector `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`) and performing an external `CALL` at `pc:0x385`. The callback target is calldata-derived. Guard detection found no lock, though bytecode-only analysis cannot prove a guard is absent in every path. The external call appears success-checked and likely sends zero ETH, so this is an interaction-order risk rather than a confirmed fund-loss bug.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-jte0ym1a
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c0f-25ea-7311-b60f-8e093cce4be0
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-jte0ym1a
succeeded in 0ms:
/tmp/codex-jte0ym1a
exec
/bin/bash -lc 'rg --files' in /tmp/codex-jte0ym1a
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,240p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0",
"artifact_hash": "0x14dc18e8d4ed8581a63b0e3f7c4b6e5bf79f1dc75306e636aede1e8bdb622a5f",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 119
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 130
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 141
},
{
"end_pc": 214,
"hash": "0xe609e0ed9fe314086b3e9de794dd44b20d87ca760b64cb10b18bf10296c9c261",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 149
},
{
"end_pc": 222,
"hash": "0x713d916f0f4e584f87becb6a1021c80b61b6eab700136f83388fb94075937cbc",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
exec
/bin/bash -lc "sed -n '241,520p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"start_pc": 215
},
{
"end_pc": 241,
"hash": "0x2f79bc67d75c98e761a38ea55d57bbcec6eb30f1ddbfa0b3c70fe9fa8caae013",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 223
},
{
"end_pc": 250,
"hash": "0x3a3669e009b49c0068eabc67adae73ab5360d61101f63d22efd34c572eabf879",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 242
},
{
"end_pc": 296,
"hash": "0x134b838f5b1eb4a24caec565da344d7d1576794d6831fca55be9ca2b2adfffb9",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_82",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 251
},
{
"end_pc": 300,
"hash": "0xd7fd16f2f78e22206387c4b4c199cc3784df86884d46b4e8dd4e28c06e9c719b",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 297
},
{
"end_pc": 312,
"hash": "0x54cdaef02fe32a41536f7b77cc4b8e1e29196b55e9e9c5c0b363a6a6aa9c99a4",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 301
},
{
"end_pc": 375,
"hash": "0x065d75eb6b549e2d9e52557e72162860fb8a67c9ce48721015f0e439fa1d1e89",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_91",
"AND",
"OP_82",
"OP_90",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 313
},
{
"end_pc": 383,
"hash": "0x82102ab93046b910b00335cceb519faa394c48a0dd44f8b9ef781e5949123608",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 376
},
{
"end_pc": 402,
"hash": "0x46de8bd45f0718554d354f3e8e4dae2cf02db5bc8ec8689d4e01481c9077f9e5",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 384
},
{
"end_pc": 426,
"hash": "0x6472e63b2c46d825395a5e8969cb8973555892225ea26d88bb52e23180f24c8f",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 403
},
{
"end_pc": 491,
"hash": "0xc29e37c0240c3dc5861eed142650b4f620a74393e700e2bd1c840d5da4385300",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"OP_84",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 427
},
{
"end_pc": 499,
"hash": "0x06eb886f2c95ad9be5ab1095a29c584ad76b46878e496ee9b0ad5b5baa5b2fde",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
exec
/bin/bash -lc "sed -n '521,880p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"start_pc": 492
},
{
"end_pc": 518,
"hash": "0x8363413c8d4ac8548a1b22aee091b30460476a8d238acee876d4d15960026b23",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 500
},
{
"end_pc": 561,
"hash": "0xfbb8ee7400f187e328414753f1511d7f3459b7bd28e1dc4900850996e0a16e06",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 519
},
{
"end_pc": 565,
"hash": "0xa4a4ae061ef386f7d7486aaf3298058f26a9f17e111d4eb1ba437f6d2a947101",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 562
},
{
"end_pc": 849,
"hash": "0x63fec82cc0f41e798d0c39011f364e5f0e1428e47413786caf13f0a0fb1f1a52",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"OP_81",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_84",
"OP_90",
"DIV",
"OP_90",
"OP_93",
"MUL",
"OP_84",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_83",
"OP_81",
"MSTORE",
"PUSH2",
"OP_94",
"OP_82",
"CALLDATALOAD",
"OP_94",
"PUSH1",
"OP_80",
"CALLDATALOAD",
"OP_95",
"PUSH1",
"OP_94",
"OP_93",
"OP_91",
"ADD",
"OP_91",
"OP_90",
"OP_81",
"OP_90",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"OP_94",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"OP_83",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"OP_87",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_84",
"OP_90",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH4",
"CALLER",
"OP_86",
"ADDRESS",
"OP_87",
"PUSH1",
"MLOAD",
"OP_85",
"PUSH1",
"PUSH1",
"EXP",
"MUL",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_84",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_83",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 566
},
{
"end_pc": 874,
"hash": "0x17f7deb342002d7b4a616129a837954148eb0171e6fa8c57aac90d77236f888b",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 850
},
{
"end_pc": 906,
"hash": "0x84229ca8d3771a6156324b47011bcdb0a683777a4d2a1f266849cf7ca40d8a04",
"opcodes": [
"JUMPDEST",
"POP",
"OP_95",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"MLOAD",
"OP_80",
"OP_83",
"SUB",
"OP_81",
"PUSH1",
"OP_87",
"PUSH2",
"GAS",
"SUB",
"CALL",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 875
},
{
"end_pc": 919,
"hash": "0xfa6321d1a087cb91c03b5652829eb3bd5f4d3c5a25f3637a26c05f6fbe498a43",
"opcodes": [
exec
/bin/bash -lc "sed -n '881,1240p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"POP",
"PUSH1",
"OP_97",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 907
},
{
"end_pc": 956,
"hash": "0x7e02ca16c778428ad3d0810dfc23c433b033732b606e505f38f6145112c184a8",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 920
},
{
"end_pc": 993,
"hash": "0x042c1afb96f235fc54f29cf1b2f30ed811fb81afeff6e474f6e7b29d53f24c7e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 957
},
{
"end_pc": 995,
"hash": "0x0f692128e76a1124821e667bb073ac313d488f7fcdbc8d9fbbf13d26ceb31f0b",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 994
},
{
"end_pc": 1066,
"hash": "0x9aa34f2fb0626cb939c113c9be278794f8c988658f24ca2507bb497607223c81",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 996
},
{
"end_pc": 1091,
"hash": "0xfa2051631966675ac33e4879826a9d4b2735cb21b292a65e73b1461d671f1a28",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 1067
},
{
"end_pc": 1105,
"hash": "0xed2e9a49cde9ace4b4babfac1c4ae1c15310169c3a36e4ec83145a57a85f40a9",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 1092
},
{
"end_pc": 1123,
"hash": "0xa96f242abd52ace13a743ee9f25b502cd9acd559a9fab18eae38fca805ee16e2",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"OP_91",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 1106
},
{
"end_pc": 1133,
"hash": "0x773879341b32f5b6026d79ed82eef4857b55f8e358550abf4f6fb17e0034783d",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 1124
},
{
"end_pc": 1147,
"hash": "0x4d3914a00f718ab6d4928a2bcf44b13898a223fdccf8c82eb5d7e72e3359d1e0",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 1134
},
{
"end_pc": 1167,
"hash": "0x35c9b1f1b8d1461f9ad9a3a0e3ef6c7c780fb4df296d6e6f25b6e9a26330b66c",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 1148
},
{
"end_pc": 1176,
"hash": "0x9a131963af637fd293336c656b8f5cfd1cbb3c5bb17a60985de1e81ebb00d94a",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 1168
},
{
"end_pc": 1184,
"hash": "0x3d6eae6fe9f522f9d58c979085d8baa032b39e7a5551816caffe353f0a086e5d",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 1177
},
{
"end_pc": 1214,
"hash": "0x89e0d746eaac977ccdfb9e9ee1b7851a4ae7e6d28eb62e274ba474d571e9bdbb",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1185
},
{
"end_pc": 1218,
"hash": "0x14f5af4e64a2c0d71041fb55838f80b124022b2cef1965d4e5d23a91ce81cd2a",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1215
},
{
"end_pc": 1391,
"hash": "0xd4adb1c5b002c205ffa609c4bb2e6eb90617f8941aeca6d64be90a7a0e51b84c",
"opcodes": [
exec
/bin/bash -lc "sed -n '1241,1600p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 1219
},
{
"end_pc": 1418,
"hash": "0x79d77a860b5a1028902eea3d392923f8e26f81981924cb0de16eedaaea3739c9",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_80",
"OP_83",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1392
},
{
"end_pc": 1422,
"hash": "0xaf06b85100f91f22fda825ba8a61da151f4ee7596eadcc15430d588f09eebe42",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1419
},
{
"end_pc": 1492,
"hash": "0x7d18243074b0fe05b65108dc67aad23a0d90969361c4147a7fb867c696f7ddc1",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_80",
"OP_85",
"AND",
"OP_80",
"OP_83",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_85",
"SHA3",
"CALLER",
"OP_94",
"OP_90",
"OP_94",
"AND",
"OP_80",
"OP_86",
"MSTORE",
"OP_93",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"SLOAD",
"OP_92",
"OP_85",
"MSTORE",
"PUSH1",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"OP_93",
"OP_85",
"MSTORE",
"OP_92",
"OP_90",
"MSTORE",
"OP_90",
"OP_82",
"SHA3",
"SLOAD",
"OP_83",
"ADD",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1423
},
{
"end_pc": 1496,
"hash": "0x674a4dc9db49e5bd0fdf46083652f77654a557525b3650a1ccf9ee2cab0ab70e",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1493
},
{
"end_pc": 1751,
"hash": "0xc7b4210203fdf2caa0c0843fa589bfdbc8f427a1e34e1ff0ce973bb9175bd376",
"opcodes": [
"JUMPDEST",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
exec
/bin/bash -lc "sed -n '1601,1960p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_82",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_84",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"PUSH1",
"OP_93",
"OP_92",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 1497
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:149",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:242",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:251",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:301",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:403",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:427",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:519",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:566",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:119",
"to": "bb:920",
"type": "control_flow"
},
{
"from": "bb:119",
"to": "bb:130",
"type": "control_flow_fallthrough"
},
{
"from": "bb:130",
"to": "bb:957",
"type": "control_flow"
},
{
"from": "bb:130",
"to": "bb:141",
"type": "control_flow_fallthrough"
},
{
"from": "bb:149",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:149",
"to": "bb:215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:215",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:215",
"to": "bb:223",
"type": "control_flow_fallthrough"
},
{
"from": "bb:223",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:1392",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:297",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:376",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:376",
"to": "bb:384",
"type": "control_flow_fallthrough"
},
{
"from": "bb:384",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:492",
"to": "bb:500",
"type": "control_flow_fallthrough"
},
{
"from": "bb:500",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:1185",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:562",
"type": "control_flow_fallthrough"
},
{
"from": "bb:566",
"to": "bb:875",
"type": "control_flow"
},
{
"from": "bb:566",
"to": "bb:850",
"type": "control_flow_fallthrough"
},
{
"from": "bb:850",
"to": "bb:875",
"type": "control_flow_fallthrough"
},
{
"from": "bb:875",
"to": "bb:907",
"type": "control_flow_fallthrough"
},
{
"from": "bb:996",
"to": "bb:1092",
"type": "control_flow"
},
{
"from": "bb:996",
"to": "bb:1067",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1067",
"to": "bb:1092",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1134",
"to": "bb:1148",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1148",
"to": "bb:1148",
"type": "control_flow"
},
{
"from": "bb:1148",
"to": "bb:1168",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1168",
"to": "bb:1177",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1185",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:1185",
"to": "bb:1215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1392",
"to": "bb:1423",
"type": "control_flow"
exec
/bin/bash -lc "sed -n '1961,2320p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
},
{
"from": "bb:1392",
"to": "bb:1419",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1423",
"to": "bb:1497",
"type": "control_flow"
},
{
"from": "bb:1423",
"to": "bb:1493",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0xe056c46d75ff7ed3a591a475ed7c0ba3bed4ec94bddbc14f5d1bfcd40b49f333",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 599290589,
"selector": "0x18160ddd"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1425886544,
"selector": "0x313ce567"
},
{
"entry_pc": 1889567281,
"selector": "0x54fd4d50"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 994,
"selector": "0xdd62ed3e"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 599290589,
"selector": "0x18160ddd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1425886544,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x54fd4d50",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
exec
/bin/bash -lc "rg -n 'detector|evidence|summary|proxy|delegatecall|selector|slot|findings|events|pc\": 833|pc\": 901|pc\": 1050|0xa9059cbb|0x23b872dd|0x06fdde03' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
1656: "pc": 833,
1663: "pc": 901,
1670: "pc": 1050,
1979: "dispatcher_type": "selector_jump_table",
1983: "selector": "0x06fdde03"
1987: "selector": "0x18160ddd"
1991: "selector": "0x23b872dd"
1995: "selector": "0x313ce567"
1999: "selector": "0x54fd4d50"
2003: "selector": "0x70a08231"
2007: "selector": "0x95d89b41"
2011: "selector": "0xa9059cbb"
2015: "selector": "0xcae9ca51"
2019: "selector": "0xdc3080f2"
2023: "selector": "0xdd62ed3e"
2032: "selector": "0x06fdde03",
2035: "delegatecall": 0,
2041: "slots": [
2045: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2050: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2055: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2060: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2065: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2070: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2075: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2080: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2085: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2096: "selector": "0x18160ddd",
2099: "delegatecall": 0,
2105: "slots": [
2109: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2114: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2119: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2124: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2129: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2134: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2139: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2144: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2149: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2160: "selector": "0x23b872dd",
2163: "delegatecall": 0,
2169: "slots": [
2173: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2178: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2183: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2188: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2193: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2198: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2203: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2208: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2213: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2224: "selector": "0x313ce567",
2227: "delegatecall": 0,
2233: "slots": [
2237: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2242: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2247: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2252: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2257: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2262: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2267: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2272: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2277: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2288: "selector": "0x54fd4d50",
2291: "delegatecall": 0,
2297: "slots": [
2301: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2306: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2311: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2316: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2321: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2326: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2331: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2336: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2341: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2352: "selector": "0x70a08231",
2355: "delegatecall": 0,
2361: "slots": [
2365: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2370: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2375: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2380: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2385: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2390: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2395: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2400: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2405: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2416: "selector": "0x95d89b41",
2419: "delegatecall": 0,
2425: "slots": [
2429: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2434: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2439: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2444: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2449: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2454: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2459: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2464: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2469: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2480: "selector": "0xa9059cbb",
2483: "delegatecall": 0,
2489: "slots": [
2493: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2498: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2503: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2508: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2513: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2518: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2523: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2528: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2533: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2544: "selector": "0xcae9ca51",
2547: "delegatecall": 0,
2553: "slots": [
2557: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2562: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2567: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2572: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2577: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2582: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2587: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2592: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2597: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2608: "selector": "0xdc3080f2",
2611: "delegatecall": 0,
2617: "slots": [
2621: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2626: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2631: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2636: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2641: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2646: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2651: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2656: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2661: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2672: "selector": "0xdd62ed3e",
2675: "delegatecall": 0,
2681: "slots": [
2685: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2690: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2695: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2700: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2705: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2710: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2715: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2720: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2725: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2732: "selectors": [
2733: "0x06fdde03",
2735: "0x23b872dd",
2740: "0xa9059cbb",
2749: "delegatecall": 0,
2752: "upgrade_slot_write_suspected": false
2757: "slots": [
2761: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2766: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2771: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2776: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2781: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2786: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2791: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2796: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2801: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2835: "is_proxy": false,
3160: "from": "fn:0x23b872dd",
3185: "from": "fn:0xa9059cbb",
3610: "pc": 833,
3616: "pc": 901,
3622: "pc": 1050,
3631: "id": "fn:0x06fdde03",
3632: "selector": "0x06fdde03",
3638: "selector": "0x18160ddd",
3643: "id": "fn:0x23b872dd",
3644: "selector": "0x23b872dd",
3650: "selector": "0x313ce567",
3656: "selector": "0x54fd4d50",
3662: "selector": "0x70a08231",
3668: "selector": "0x95d89b41",
3673: "id": "fn:0xa9059cbb",
3674: "selector": "0xa9059cbb",
3680: "selector": "0xcae9ca51",
3686: "selector": "0xdc3080f2",
3692: "selector": "0xdd62ed3e",
3702: "detector_findings": [
3705: "evidence_json": {
3710: "pc": 833,
3717: "pc": 901,
3724: "pc": 1050,
3758: "evidence_json": {
3763: "pc": 833,
3770: "pc": 901,
3777: "pc": 1050,
3810: "heuristics_summary": {
3812: "delegatecall_count": 0,
exec
/bin/bash -lc "sed -n '2321,2800p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 994,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
],
"selectors": [
"0x06fdde03",
"0x18160ddd",
"0x23b872dd",
"0x313ce567",
"0x54fd4d50",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
],
"sinks": {
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 22,
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
exec
/bin/bash -lc "sed -n '2801,3860p' BYTECODE_BUNDLE.json" in /tmp/codex-jte0ym1a
succeeded in 0ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"created_at": "2026-04-04T19:57:11.000000Z",
"id": 2444,
"updated_at": "2026-04-04T19:57:11.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:56.000000Z",
"id": "019b3836-39c4-7362-8ad4-f82efcfdfaf7",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:57:11.000000Z"
},
"artifact": {
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x6060604052361561008d5760e060020a600035046306fdde03811461009557806318160ddd146100f257806323b872dd146100fb578063313ce5671461012d57806354fd4d501461013957806370a082311461019357806395d89b41146101ab578063a9059cbb14610207578063cae9ca5114610236578063dc3080f214610398578063dd62ed3e146103bd575b6103e2610002565b6103e460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260045481565b610452600435602435604435600160a060020a0383166000908152600560205260408120548290101561057057610002565b61046460035460ff1681565b6103e460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b61045260043560056020526000908152604090205481565b6103e4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156104995780601f1061046e57610100808354040283529160200191610499565b6103e2600435602435600160a060020a033316600090815260056020526040902054819010156104a157610002565b60806020604435600481810135601f810184900490930284016040526060838152610452948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f16801561036b5780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6007602090815260043560009081526040808220909252602435815220546104529081565b6006602090815260043560009081526040808220909252602435815220546104529081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104445780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b81548152906001019060200180831161047c57829003601f168201915b505050505081565b600160a060020a0382166000908152604090205480820110156104c357610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b600160a060020a03831681526040812054808301101561058f57610002565b600160a060020a038085168083526006602090815260408085203394909416808652938252808520549285526007825280852093855292905290822054830111156105d957610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816007600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3506001939250505056",
"head": null,
"length": 3506,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0",
"block_number": null,
"chain_id": 1,
"codehash": "0xd2d6c3ecadc70a6be8e1435fc3f34d92a3eb1c4eec8df279b9409eae0f868877",
"created_at": "2026-04-04T19:57:11.000000Z",
"graph_hash": "0x5b2e5758f6f3b4facc5f35afd7626b3ebe439081e524f976a9520b3d3de08cae",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:149",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:242",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:251",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:301",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:403",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:427",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:519",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:566",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:119",
"to": "bb:920",
"type": "control_flow"
},
{
"from": "bb:119",
"to": "bb:130",
"type": "control_flow_fallthrough"
},
{
"from": "bb:130",
"to": "bb:957",
"type": "control_flow"
},
{
"from": "bb:130",
"to": "bb:141",
"type": "control_flow_fallthrough"
},
{
"from": "bb:149",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:149",
"to": "bb:215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:215",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:215",
"to": "bb:223",
"type": "control_flow_fallthrough"
},
{
"from": "bb:223",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:1392",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:297",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:376",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:376",
"to": "bb:384",
"type": "control_flow_fallthrough"
},
{
"from": "bb:384",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:492",
"to": "bb:500",
"type": "control_flow_fallthrough"
},
{
"from": "bb:500",
"to": "bb:1177",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:1185",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:562",
"type": "control_flow_fallthrough"
},
{
"from": "bb:566",
"to": "bb:875",
"type": "control_flow"
},
{
"from": "bb:566",
"to": "bb:850",
"type": "control_flow_fallthrough"
},
{
"from": "bb:850",
"to": "bb:875",
"type": "control_flow_fallthrough"
},
{
"from": "bb:875",
"to": "bb:907",
"type": "control_flow_fallthrough"
},
{
"from": "bb:996",
"to": "bb:1092",
"type": "control_flow"
},
{
"from": "bb:996",
"to": "bb:1067",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1067",
"to": "bb:1092",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1134",
"to": "bb:1148",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1148",
"to": "bb:1148",
"type": "control_flow"
},
{
"from": "bb:1148",
"to": "bb:1168",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1168",
"to": "bb:1177",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1185",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:1185",
"to": "bb:1215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1392",
"to": "bb:1423",
"type": "control_flow"
},
{
"from": "bb:1392",
"to": "bb:1419",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1423",
"to": "bb:1497",
"type": "control_flow"
},
{
"from": "bb:1423",
"to": "bb:1493",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x18160ddd",
"to": "bb:599290589",
"type": "entry"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1425886544",
"type": "entry"
},
{
"from": "fn:0x54fd4d50",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "fn:0xa9059cbb",
"to": "bb:3404319313",
"type": "entry"
},
{
"from": "fn:0xcae9ca51",
"to": "bb:3694166258",
"type": "entry"
},
{
"from": "fn:0xdc3080f2",
"to": "bb:3714247998",
"type": "entry"
},
{
"from": "fn:0xdd62ed3e",
"to": "bb:994",
"type": "entry"
},
{
"from": "bb:566",
"to": "call:833",
"type": "contains"
},
{
"from": "call:833",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:875",
"to": "call:901",
"type": "contains"
},
{
"from": "call:901",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:996",
"to": "call:1050",
"type": "contains"
},
{
"from": "call:1050",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"id": "bb:130",
"start_pc": 130,
"type": "basic_block"
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"id": "bb:141",
"start_pc": 141,
"type": "basic_block"
},
{
"end_pc": 214,
"hash": "0xe609e0ed9fe314086b3e9de794dd44b20d87ca760b64cb10b18bf10296c9c261",
"id": "bb:149",
"start_pc": 149,
"type": "basic_block"
},
{
"end_pc": 222,
"hash": "0x713d916f0f4e584f87becb6a1021c80b61b6eab700136f83388fb94075937cbc",
"id": "bb:215",
"start_pc": 215,
"type": "basic_block"
},
{
"end_pc": 241,
"hash": "0x2f79bc67d75c98e761a38ea55d57bbcec6eb30f1ddbfa0b3c70fe9fa8caae013",
"id": "bb:223",
"start_pc": 223,
"type": "basic_block"
},
{
"end_pc": 250,
"hash": "0x3a3669e009b49c0068eabc67adae73ab5360d61101f63d22efd34c572eabf879",
"id": "bb:242",
"start_pc": 242,
"type": "basic_block"
},
{
"end_pc": 296,
"hash": "0x134b838f5b1eb4a24caec565da344d7d1576794d6831fca55be9ca2b2adfffb9",
"id": "bb:251",
"start_pc": 251,
"type": "basic_block"
},
{
"end_pc": 300,
"hash": "0xd7fd16f2f78e22206387c4b4c199cc3784df86884d46b4e8dd4e28c06e9c719b",
"id": "bb:297",
"start_pc": 297,
"type": "basic_block"
},
{
"end_pc": 312,
"hash": "0x54cdaef02fe32a41536f7b77cc4b8e1e29196b55e9e9c5c0b363a6a6aa9c99a4",
"id": "bb:301",
"start_pc": 301,
"type": "basic_block"
},
{
"end_pc": 375,
"hash": "0x065d75eb6b549e2d9e52557e72162860fb8a67c9ce48721015f0e439fa1d1e89",
"id": "bb:313",
"start_pc": 313,
"type": "basic_block"
},
{
"end_pc": 383,
"hash": "0x82102ab93046b910b00335cceb519faa394c48a0dd44f8b9ef781e5949123608",
"id": "bb:376",
"start_pc": 376,
"type": "basic_block"
},
{
"end_pc": 402,
"hash": "0x46de8bd45f0718554d354f3e8e4dae2cf02db5bc8ec8689d4e01481c9077f9e5",
"id": "bb:384",
"start_pc": 384,
"type": "basic_block"
},
{
"end_pc": 426,
"hash": "0x6472e63b2c46d825395a5e8969cb8973555892225ea26d88bb52e23180f24c8f",
"id": "bb:403",
"start_pc": 403,
"type": "basic_block"
},
{
"end_pc": 491,
"hash": "0xc29e37c0240c3dc5861eed142650b4f620a74393e700e2bd1c840d5da4385300",
"id": "bb:427",
"start_pc": 427,
"type": "basic_block"
},
{
"end_pc": 499,
"hash": "0x06eb886f2c95ad9be5ab1095a29c584ad76b46878e496ee9b0ad5b5baa5b2fde",
"id": "bb:492",
"start_pc": 492,
"type": "basic_block"
},
{
"end_pc": 518,
"hash": "0x8363413c8d4ac8548a1b22aee091b30460476a8d238acee876d4d15960026b23",
"id": "bb:500",
"start_pc": 500,
"type": "basic_block"
},
{
"end_pc": 561,
"hash": "0xfbb8ee7400f187e328414753f1511d7f3459b7bd28e1dc4900850996e0a16e06",
"id": "bb:519",
"start_pc": 519,
"type": "basic_block"
},
{
"end_pc": 565,
"hash": "0xa4a4ae061ef386f7d7486aaf3298058f26a9f17e111d4eb1ba437f6d2a947101",
"id": "bb:562",
"start_pc": 562,
"type": "basic_block"
},
{
"end_pc": 849,
"hash": "0x63fec82cc0f41e798d0c39011f364e5f0e1428e47413786caf13f0a0fb1f1a52",
"id": "bb:566",
"start_pc": 566,
"type": "basic_block"
},
{
"end_pc": 874,
"hash": "0x17f7deb342002d7b4a616129a837954148eb0171e6fa8c57aac90d77236f888b",
"id": "bb:850",
"start_pc": 850,
"type": "basic_block"
},
{
"end_pc": 906,
"hash": "0x84229ca8d3771a6156324b47011bcdb0a683777a4d2a1f266849cf7ca40d8a04",
"id": "bb:875",
"start_pc": 875,
"type": "basic_block"
},
{
"end_pc": 919,
"hash": "0xfa6321d1a087cb91c03b5652829eb3bd5f4d3c5a25f3637a26c05f6fbe498a43",
"id": "bb:907",
"start_pc": 907,
"type": "basic_block"
},
{
"end_pc": 956,
"hash": "0x7e02ca16c778428ad3d0810dfc23c433b033732b606e505f38f6145112c184a8",
"id": "bb:920",
"start_pc": 920,
"type": "basic_block"
},
{
"end_pc": 993,
"hash": "0x042c1afb96f235fc54f29cf1b2f30ed811fb81afeff6e474f6e7b29d53f24c7e",
"id": "bb:957",
"start_pc": 957,
"type": "basic_block"
},
{
"end_pc": 995,
"hash": "0x0f692128e76a1124821e667bb073ac313d488f7fcdbc8d9fbbf13d26ceb31f0b",
"id": "bb:994",
"start_pc": 994,
"type": "basic_block"
},
{
"end_pc": 1066,
"hash": "0x9aa34f2fb0626cb939c113c9be278794f8c988658f24ca2507bb497607223c81",
"id": "bb:996",
"start_pc": 996,
"type": "basic_block"
},
{
"end_pc": 1091,
"hash": "0xfa2051631966675ac33e4879826a9d4b2735cb21b292a65e73b1461d671f1a28",
"id": "bb:1067",
"start_pc": 1067,
"type": "basic_block"
},
{
"end_pc": 1105,
"hash": "0xed2e9a49cde9ace4b4babfac1c4ae1c15310169c3a36e4ec83145a57a85f40a9",
"id": "bb:1092",
"start_pc": 1092,
"type": "basic_block"
},
{
"end_pc": 1123,
"hash": "0xa96f242abd52ace13a743ee9f25b502cd9acd559a9fab18eae38fca805ee16e2",
"id": "bb:1106",
"start_pc": 1106,
"type": "basic_block"
},
{
"end_pc": 1133,
"hash": "0x773879341b32f5b6026d79ed82eef4857b55f8e358550abf4f6fb17e0034783d",
"id": "bb:1124",
"start_pc": 1124,
"type": "basic_block"
},
{
"end_pc": 1147,
"hash": "0x4d3914a00f718ab6d4928a2bcf44b13898a223fdccf8c82eb5d7e72e3359d1e0",
"id": "bb:1134",
"start_pc": 1134,
"type": "basic_block"
},
{
"end_pc": 1167,
"hash": "0x35c9b1f1b8d1461f9ad9a3a0e3ef6c7c780fb4df296d6e6f25b6e9a26330b66c",
"id": "bb:1148",
"start_pc": 1148,
"type": "basic_block"
},
{
"end_pc": 1176,
"hash": "0x9a131963af637fd293336c656b8f5cfd1cbb3c5bb17a60985de1e81ebb00d94a",
"id": "bb:1168",
"start_pc": 1168,
"type": "basic_block"
},
{
"end_pc": 1184,
"hash": "0x3d6eae6fe9f522f9d58c979085d8baa032b39e7a5551816caffe353f0a086e5d",
"id": "bb:1177",
"start_pc": 1177,
"type": "basic_block"
},
{
"end_pc": 1214,
"hash": "0x89e0d746eaac977ccdfb9e9ee1b7851a4ae7e6d28eb62e274ba474d571e9bdbb",
"id": "bb:1185",
"start_pc": 1185,
"type": "basic_block"
},
{
"end_pc": 1218,
"hash": "0x14f5af4e64a2c0d71041fb55838f80b124022b2cef1965d4e5d23a91ce81cd2a",
"id": "bb:1215",
"start_pc": 1215,
"type": "basic_block"
},
{
"end_pc": 1391,
"hash": "0xd4adb1c5b002c205ffa609c4bb2e6eb90617f8941aeca6d64be90a7a0e51b84c",
"id": "bb:1219",
"start_pc": 1219,
"type": "basic_block"
},
{
"end_pc": 1418,
"hash": "0x79d77a860b5a1028902eea3d392923f8e26f81981924cb0de16eedaaea3739c9",
"id": "bb:1392",
"start_pc": 1392,
"type": "basic_block"
},
{
"end_pc": 1422,
"hash": "0xaf06b85100f91f22fda825ba8a61da151f4ee7596eadcc15430d588f09eebe42",
"id": "bb:1419",
"start_pc": 1419,
"type": "basic_block"
},
{
"end_pc": 1492,
"hash": "0x7d18243074b0fe05b65108dc67aad23a0d90969361c4147a7fb867c696f7ddc1",
"id": "bb:1423",
"start_pc": 1423,
"type": "basic_block"
},
{
"end_pc": 1496,
"hash": "0x674a4dc9db49e5bd0fdf46083652f77654a557525b3650a1ccf9ee2cab0ab70e",
"id": "bb:1493",
"start_pc": 1493,
"type": "basic_block"
},
{
"end_pc": 1751,
"hash": "0xc7b4210203fdf2caa0c0843fa589bfdbc8f427a1e34e1ff0ce973bb9175bd376",
"id": "bb:1497",
"start_pc": 1497,
"type": "basic_block"
},
{
"id": "call:833",
"opcode": "CALL",
"pc": 833,
"type": "callsite"
},
{
"id": "call:901",
"opcode": "CALL",
"pc": 901,
"type": "callsite"
},
{
"id": "call:1050",
"opcode": "CALL",
"pc": 1050,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 599290589,
"id": "fn:0x18160ddd",
"selector": "0x18160ddd",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x23b872dd",
"selector": "0x23b872dd",
"type": "function"
},
{
"entry_pc": 1425886544,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x54fd4d50",
"selector": "0x54fd4d50",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": 3404319313,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
},
{
"entry_pc": 3694166258,
"id": "fn:0xcae9ca51",
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 994,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2443,
"updated_at": "2026-04-04T19:57:11.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084",
"trace_mode": "callTracer"
}
},
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc 'which cast' in /tmp/codex-jte0ym1a
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
exec
/bin/bash -lc 'which evm' in /tmp/codex-jte0ym1a
exited 1 in 0ms:
exec
/bin/bash -lc 'which python3' in /tmp/codex-jte0ym1a
succeeded in 0ms:
/var/www/tripwire/.venv/bin/python3
exec
/bin/bash -lc "for s in 'receiveApproval(address,uint256,address,bytes)' 'approveAndCall(address,uint256,bytes)' 'transfer(address,uint256,bytes)' 'transferAndCall(address,uint256,bytes)' 'onTokenTransfer(address,uint256,bytes)' 'tokenFallback(address,uint256,bytes)' 'increaseApproval(address,uint256)' 'decreaseApproval(address,uint256)' 'version()'; do printf '%s ' \""'$s"; cast sig "$s"; done' in /tmp/codex-jte0ym1a
succeeded in 0ms:
receiveApproval(address,uint256,address,bytes) 0x8f4ffcb1
approveAndCall(address,uint256,bytes) 0xcae9ca51
transfer(address,uint256,bytes) 0xbe45fd62
transferAndCall(address,uint256,bytes) 0x4000aea0
onTokenTransfer(address,uint256,bytes) 0xa4c0ed36
tokenFallback(address,uint256,bytes) 0xc0ee0b8a
increaseApproval(address,uint256) 0xd73dd623
decreaseApproval(address,uint256) 0x66188463
version() 0x54fd4d50
exec
/bin/bash -lc "cast disassemble --help | sed -n '1,120p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
Disassembles a hex-encoded bytecode into a human-readable representation
Usage: cast disassemble [OPTIONS] [BYTECODE]
Arguments:
[BYTECODE]
The hex-encoded bytecode
Options:
-h, --help
Print help (see a summary with '-h')
-j, --threads <THREADS>
Number of threads to use. Specifying 0 defaults to the number of logical cores
[aliases: --jobs]
Display options:
--color <COLOR>
The color of the log messages
Possible values:
- auto: Intelligently guess whether to use color output (default)
- always: Force color output
- never: Force disable color output
--json
Format log messages as JSON
--md
Format log messages as Markdown
-q, --quiet
Do not print log messages
-v, --verbosity...
Verbosity level of the log messages.
Pass multiple times to increase the verbosity (e.g. -v, -vv, -vvv).
Depending on the context the verbosity levels have different meanings.
For example, the verbosity levels of the EVM are:
- 2 (-vv): Print logs for all tests.
- 3 (-vvv): Print execution traces for failing tests.
- 4 (-vvvv): Print execution traces for all tests, and setup traces for failing tests.
- 5 (-vvvvv): Print execution and setup traces for all tests, including storage changes
and
backtraces with line numbers.
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'160,300p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
0000010e: EXP
0000010f: SUB
00000110: DUP4
00000111: AND
00000112: PUSH1 0x00
00000114: SWAP1
00000115: DUP2
00000116: MSTORE
00000117: PUSH1 0x05
00000119: PUSH1 0x20
0000011b: MSTORE
0000011c: PUSH1 0x40
0000011e: DUP2
0000011f: KECCAK256
00000120: SLOAD
00000121: DUP3
00000122: SWAP1
00000123: LT
00000124: ISZERO
00000125: PUSH2 0x0570
00000128: JUMPI
00000129: PUSH2 0x0002
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH2 0x0464
00000131: PUSH1 0x03
00000133: SLOAD
00000134: PUSH1 0xff
00000136: AND
00000137: DUP2
00000138: JUMP
00000139: JUMPDEST
0000013a: PUSH2 0x03e4
0000013d: PUSH1 0x02
0000013f: DUP1
00000140: SLOAD
00000141: PUSH1 0x20
00000143: PUSH1 0x01
00000145: DUP3
00000146: AND
00000147: ISZERO
00000148: PUSH2 0x0100
0000014b: MUL
0000014c: PUSH1 0x00
0000014e: NOT
0000014f: ADD
00000150: SWAP1
00000151: SWAP2
00000152: AND
00000153: DUP3
00000154: SWAP1
00000155: DIV
00000156: PUSH1 0x1f
00000158: DUP2
00000159: ADD
0000015a: DUP3
0000015b: SWAP1
0000015c: DIV
0000015d: SWAP1
0000015e: SWAP2
0000015f: MUL
00000160: PUSH1 0x80
00000162: SWAP1
00000163: DUP2
00000164: ADD
00000165: PUSH1 0x40
00000167: MSTORE
00000168: PUSH1 0x60
0000016a: DUP3
0000016b: DUP2
0000016c: MSTORE
0000016d: SWAP3
0000016e: SWAP2
0000016f: SWAP1
00000170: DUP3
00000171: DUP3
00000172: DUP1
00000173: ISZERO
00000174: PUSH2 0x0499
00000177: JUMPI
00000178: DUP1
00000179: PUSH1 0x1f
0000017b: LT
0000017c: PUSH2 0x046e
0000017f: JUMPI
00000180: PUSH2 0x0100
00000183: DUP1
00000184: DUP4
00000185: SLOAD
00000186: DIV
00000187: MUL
00000188: DUP4
00000189: MSTORE
0000018a: SWAP2
0000018b: PUSH1 0x20
0000018d: ADD
0000018e: SWAP2
0000018f: PUSH2 0x0499
00000192: JUMP
00000193: JUMPDEST
00000194: PUSH2 0x0452
00000197: PUSH1 0x04
00000199: CALLDATALOAD
0000019a: PUSH1 0x05
0000019c: PUSH1 0x20
0000019e: MSTORE
0000019f: PUSH1 0x00
000001a1: SWAP1
000001a2: DUP2
000001a3: MSTORE
000001a4: PUSH1 0x40
000001a6: SWAP1
000001a7: KECCAK256
000001a8: SLOAD
000001a9: DUP2
000001aa: JUMP
000001ab: JUMPDEST
000001ac: PUSH2 0x03e4
000001af: PUSH1 0x01
000001b1: DUP1
000001b2: SLOAD
000001b3: PUSH1 0x20
000001b5: PUSH1 0x02
000001b7: DUP3
000001b8: DUP5
000001b9: AND
000001ba: ISZERO
000001bb: PUSH2 0x0100
000001be: MUL
000001bf: PUSH1 0x00
000001c1: NOT
000001c2: ADD
000001c3: SWAP1
000001c4: SWAP3
000001c5: AND
000001c6: SWAP2
000001c7: SWAP1
000001c8: SWAP2
000001c9: DIV
000001ca: PUSH1 0x1f
000001cc: DUP2
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'300,520p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
000001cc: DUP2
000001cd: ADD
000001ce: DUP3
000001cf: SWAP1
000001d0: DIV
000001d1: SWAP1
000001d2: SWAP2
000001d3: MUL
000001d4: PUSH1 0x80
000001d6: SWAP1
000001d7: DUP2
000001d8: ADD
000001d9: PUSH1 0x40
000001db: MSTORE
000001dc: PUSH1 0x60
000001de: DUP3
000001df: DUP2
000001e0: MSTORE
000001e1: SWAP3
000001e2: SWAP2
000001e3: SWAP1
000001e4: DUP3
000001e5: DUP3
000001e6: DUP1
000001e7: ISZERO
000001e8: PUSH2 0x0499
000001eb: JUMPI
000001ec: DUP1
000001ed: PUSH1 0x1f
000001ef: LT
000001f0: PUSH2 0x046e
000001f3: JUMPI
000001f4: PUSH2 0x0100
000001f7: DUP1
000001f8: DUP4
000001f9: SLOAD
000001fa: DIV
000001fb: MUL
000001fc: DUP4
000001fd: MSTORE
000001fe: SWAP2
000001ff: PUSH1 0x20
00000201: ADD
00000202: SWAP2
00000203: PUSH2 0x0499
00000206: JUMP
00000207: JUMPDEST
00000208: PUSH2 0x03e2
0000020b: PUSH1 0x04
0000020d: CALLDATALOAD
0000020e: PUSH1 0x24
00000210: CALLDATALOAD
00000211: PUSH1 0x01
00000213: PUSH1 0xa0
00000215: PUSH1 0x02
00000217: EXP
00000218: SUB
00000219: CALLER
0000021a: AND
0000021b: PUSH1 0x00
0000021d: SWAP1
0000021e: DUP2
0000021f: MSTORE
00000220: PUSH1 0x05
00000222: PUSH1 0x20
00000224: MSTORE
00000225: PUSH1 0x40
00000227: SWAP1
00000228: KECCAK256
00000229: SLOAD
0000022a: DUP2
0000022b: SWAP1
0000022c: LT
0000022d: ISZERO
0000022e: PUSH2 0x04a1
00000231: JUMPI
00000232: PUSH2 0x0002
00000235: JUMP
00000236: JUMPDEST
00000237: PUSH1 0x80
00000239: PUSH1 0x20
0000023b: PUSH1 0x44
0000023d: CALLDATALOAD
0000023e: PUSH1 0x04
00000240: DUP2
00000241: DUP2
00000242: ADD
00000243: CALLDATALOAD
00000244: PUSH1 0x1f
00000246: DUP2
00000247: ADD
00000248: DUP5
00000249: SWAP1
0000024a: DIV
0000024b: SWAP1
0000024c: SWAP4
0000024d: MUL
0000024e: DUP5
0000024f: ADD
00000250: PUSH1 0x40
00000252: MSTORE
00000253: PUSH1 0x60
00000255: DUP4
00000256: DUP2
00000257: MSTORE
00000258: PUSH2 0x0452
0000025b: SWAP5
0000025c: DUP3
0000025d: CALLDATALOAD
0000025e: SWAP5
0000025f: PUSH1 0x24
00000261: DUP1
00000262: CALLDATALOAD
00000263: SWAP6
00000264: PUSH1 0x64
00000266: SWAP5
00000267: SWAP4
00000268: SWAP2
00000269: ADD
0000026a: SWAP2
0000026b: SWAP1
0000026c: DUP2
0000026d: SWAP1
0000026e: DUP4
0000026f: DUP3
00000270: DUP1
00000271: DUP3
00000272: DUP5
00000273: CALLDATACOPY
00000274: POP
00000275: SWAP5
00000276: SWAP7
00000277: POP
00000278: POP
00000279: POP
0000027a: POP
0000027b: POP
0000027c: POP
0000027d: POP
0000027e: PUSH1 0x00
00000280: PUSH1 0x00
00000282: DUP4
00000283: PUSH1 0x06
00000285: PUSH1 0x00
00000287: POP
00000288: PUSH1 0x00
0000028a: CALLER
0000028b: PUSH1 0x01
0000028d: PUSH1 0xa0
0000028f: PUSH1 0x02
00000291: EXP
00000292: SUB
00000293: AND
00000294: DUP2
00000295: MSTORE
00000296: PUSH1 0x20
00000298: ADD
00000299: SWAP1
0000029a: DUP2
0000029b: MSTORE
0000029c: PUSH1 0x20
0000029e: ADD
0000029f: PUSH1 0x00
000002a1: KECCAK256
000002a2: PUSH1 0x00
000002a4: POP
000002a5: PUSH1 0x00
000002a7: DUP8
000002a8: PUSH1 0x01
000002aa: PUSH1 0xa0
000002ac: PUSH1 0x02
000002ae: EXP
000002af: SUB
000002b0: AND
000002b1: DUP2
000002b2: MSTORE
000002b3: PUSH1 0x20
000002b5: ADD
000002b6: SWAP1
000002b7: DUP2
000002b8: MSTORE
000002b9: PUSH1 0x20
000002bb: ADD
000002bc: PUSH1 0x00
000002be: KECCAK256
000002bf: PUSH1 0x00
000002c1: POP
000002c2: DUP2
000002c3: SWAP1
000002c4: SSTORE
000002c5: POP
000002c6: DUP5
000002c7: SWAP1
000002c8: POP
000002c9: DUP1
000002ca: PUSH1 0x01
000002cc: PUSH1 0xa0
000002ce: PUSH1 0x02
000002d0: EXP
000002d1: SUB
000002d2: AND
000002d3: PUSH4 0x8f4ffcb1
000002d8: CALLER
000002d9: DUP7
000002da: ADDRESS
000002db: DUP8
000002dc: PUSH1 0x40
000002de: MLOAD
000002df: DUP6
000002e0: PUSH1 0xe0
000002e2: PUSH1 0x02
000002e4: EXP
000002e5: MUL
000002e6: DUP2
000002e7: MSTORE
000002e8: PUSH1 0x04
000002ea: ADD
000002eb: DUP1
000002ec: DUP6
000002ed: PUSH1 0x01
000002ef: PUSH1 0xa0
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'520,700p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
000002ef: PUSH1 0xa0
000002f1: PUSH1 0x02
000002f3: EXP
000002f4: SUB
000002f5: AND
000002f6: DUP2
000002f7: MSTORE
000002f8: PUSH1 0x20
000002fa: ADD
000002fb: DUP5
000002fc: DUP2
000002fd: MSTORE
000002fe: PUSH1 0x20
00000300: ADD
00000301: DUP4
00000302: PUSH1 0x01
00000304: PUSH1 0xa0
00000306: PUSH1 0x02
00000308: EXP
00000309: SUB
0000030a: AND
0000030b: DUP2
0000030c: MSTORE
0000030d: PUSH1 0x20
0000030f: ADD
00000310: DUP1
00000311: PUSH1 0x20
00000313: ADD
00000314: DUP3
00000315: DUP2
00000316: SUB
00000317: DUP3
00000318: MSTORE
00000319: DUP4
0000031a: DUP2
0000031b: DUP2
0000031c: MLOAD
0000031d: DUP2
0000031e: MSTORE
0000031f: PUSH1 0x20
00000321: ADD
00000322: SWAP2
00000323: POP
00000324: DUP1
00000325: MLOAD
00000326: SWAP1
00000327: PUSH1 0x20
00000329: ADD
0000032a: SWAP1
0000032b: DUP1
0000032c: DUP4
0000032d: DUP4
0000032e: DUP3
0000032f: SWAP1
00000330: PUSH1 0x00
00000332: PUSH1 0x04
00000334: PUSH1 0x20
00000336: DUP5
00000337: PUSH1 0x1f
00000339: ADD
0000033a: DIV
0000033b: PUSH1 0x0f
0000033d: MUL
0000033e: PUSH1 0x03
00000340: ADD
00000341: CALL
00000342: POP
00000343: SWAP1
00000344: POP
00000345: SWAP1
00000346: DUP2
00000347: ADD
00000348: SWAP1
00000349: PUSH1 0x1f
0000034b: AND
0000034c: DUP1
0000034d: ISZERO
0000034e: PUSH2 0x036b
00000351: JUMPI
00000352: DUP1
00000353: DUP3
00000354: SUB
00000355: DUP1
00000356: MLOAD
00000357: PUSH1 0x01
00000359: DUP4
0000035a: PUSH1 0x20
0000035c: SUB
0000035d: PUSH2 0x0100
00000360: EXP
00000361: SUB
00000362: NOT
00000363: AND
00000364: DUP2
00000365: MSTORE
00000366: PUSH1 0x20
00000368: ADD
00000369: SWAP2
0000036a: POP
0000036b: JUMPDEST
0000036c: POP
0000036d: SWAP6
0000036e: POP
0000036f: POP
00000370: POP
00000371: POP
00000372: POP
00000373: POP
00000374: PUSH1 0x00
00000376: PUSH1 0x40
00000378: MLOAD
00000379: DUP1
0000037a: DUP4
0000037b: SUB
0000037c: DUP2
0000037d: PUSH1 0x00
0000037f: DUP8
00000380: PUSH2 0x61da
00000383: GAS
00000384: SUB
00000385: CALL
00000386: ISZERO
00000387: PUSH2 0x0002
0000038a: JUMPI
0000038b: POP
0000038c: PUSH1 0x01
0000038e: SWAP8
0000038f: SWAP7
00000390: POP
00000391: POP
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: POP
00000397: JUMP
00000398: JUMPDEST
00000399: PUSH1 0x07
0000039b: PUSH1 0x20
0000039d: SWAP1
0000039e: DUP2
0000039f: MSTORE
000003a0: PUSH1 0x04
000003a2: CALLDATALOAD
000003a3: PUSH1 0x00
000003a5: SWAP1
000003a6: DUP2
000003a7: MSTORE
000003a8: PUSH1 0x40
000003aa: DUP1
000003ab: DUP3
000003ac: KECCAK256
000003ad: SWAP1
000003ae: SWAP3
000003af: MSTORE
000003b0: PUSH1 0x24
000003b2: CALLDATALOAD
000003b3: DUP2
000003b4: MSTORE
000003b5: KECCAK256
000003b6: SLOAD
000003b7: PUSH2 0x0452
000003ba: SWAP1
000003bb: DUP2
000003bc: JUMP
000003bd: JUMPDEST
000003be: PUSH1 0x06
000003c0: PUSH1 0x20
000003c2: SWAP1
000003c3: DUP2
000003c4: MSTORE
000003c5: PUSH1 0x04
000003c7: CALLDATALOAD
000003c8: PUSH1 0x00
000003ca: SWAP1
000003cb: DUP2
000003cc: MSTORE
000003cd: PUSH1 0x40
000003cf: DUP1
000003d0: DUP3
000003d1: KECCAK256
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'700,860p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
000003d1: KECCAK256
000003d2: SWAP1
000003d3: SWAP3
000003d4: MSTORE
000003d5: PUSH1 0x24
000003d7: CALLDATALOAD
000003d8: DUP2
000003d9: MSTORE
000003da: KECCAK256
000003db: SLOAD
000003dc: PUSH2 0x0452
000003df: SWAP1
000003e0: DUP2
000003e1: JUMP
000003e2: JUMPDEST
000003e3: STOP
000003e4: JUMPDEST
000003e5: PUSH1 0x40
000003e7: MLOAD
000003e8: DUP1
000003e9: DUP1
000003ea: PUSH1 0x20
000003ec: ADD
000003ed: DUP3
000003ee: DUP2
000003ef: SUB
000003f0: DUP3
000003f1: MSTORE
000003f2: DUP4
000003f3: DUP2
000003f4: DUP2
000003f5: MLOAD
000003f6: DUP2
000003f7: MSTORE
000003f8: PUSH1 0x20
000003fa: ADD
000003fb: SWAP2
000003fc: POP
000003fd: DUP1
000003fe: MLOAD
000003ff: SWAP1
00000400: PUSH1 0x20
00000402: ADD
00000403: SWAP1
00000404: DUP1
00000405: DUP4
00000406: DUP4
00000407: DUP3
00000408: SWAP1
00000409: PUSH1 0x00
0000040b: PUSH1 0x04
0000040d: PUSH1 0x20
0000040f: DUP5
00000410: PUSH1 0x1f
00000412: ADD
00000413: DIV
00000414: PUSH1 0x0f
00000416: MUL
00000417: PUSH1 0x03
00000419: ADD
0000041a: CALL
0000041b: POP
0000041c: SWAP1
0000041d: POP
0000041e: SWAP1
0000041f: DUP2
00000420: ADD
00000421: SWAP1
00000422: PUSH1 0x1f
00000424: AND
00000425: DUP1
00000426: ISZERO
00000427: PUSH2 0x0444
0000042a: JUMPI
0000042b: DUP1
0000042c: DUP3
0000042d: SUB
0000042e: DUP1
0000042f: MLOAD
00000430: PUSH1 0x01
00000432: DUP4
00000433: PUSH1 0x20
00000435: SUB
00000436: PUSH2 0x0100
00000439: EXP
0000043a: SUB
0000043b: NOT
0000043c: AND
0000043d: DUP2
0000043e: MSTORE
0000043f: PUSH1 0x20
00000441: ADD
00000442: SWAP2
00000443: POP
00000444: JUMPDEST
00000445: POP
00000446: SWAP3
00000447: POP
00000448: POP
00000449: POP
0000044a: PUSH1 0x40
0000044c: MLOAD
0000044d: DUP1
0000044e: SWAP2
0000044f: SUB
00000450: SWAP1
00000451: RETURN
00000452: JUMPDEST
00000453: PUSH1 0x40
00000455: DUP1
00000456: MLOAD
00000457: SWAP2
00000458: DUP3
00000459: MSTORE
0000045a: MLOAD
0000045b: SWAP1
0000045c: DUP2
0000045d: SWAP1
0000045e: SUB
0000045f: PUSH1 0x20
00000461: ADD
00000462: SWAP1
00000463: RETURN
00000464: JUMPDEST
00000465: PUSH1 0x60
00000467: SWAP1
00000468: DUP2
00000469: MSTORE
0000046a: PUSH1 0x20
0000046c: SWAP1
0000046d: RETURN
0000046e: JUMPDEST
0000046f: DUP3
00000470: ADD
00000471: SWAP2
00000472: SWAP1
00000473: PUSH1 0x00
00000475: MSTORE
00000476: PUSH1 0x20
00000478: PUSH1 0x00
0000047a: KECCAK256
0000047b: SWAP1
0000047c: JUMPDEST
0000047d: DUP2
0000047e: SLOAD
0000047f: DUP2
00000480: MSTORE
00000481: SWAP1
00000482: PUSH1 0x01
00000484: ADD
00000485: SWAP1
00000486: PUSH1 0x20
00000488: ADD
00000489: DUP1
0000048a: DUP4
0000048b: GT
0000048c: PUSH2 0x047c
0000048f: JUMPI
00000490: DUP3
00000491: SWAP1
00000492: SUB
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'860,1080p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
00000492: SUB
00000493: PUSH1 0x1f
00000495: AND
00000496: DUP3
00000497: ADD
00000498: SWAP2
00000499: JUMPDEST
0000049a: POP
0000049b: POP
0000049c: POP
0000049d: POP
0000049e: POP
0000049f: DUP2
000004a0: JUMP
000004a1: JUMPDEST
000004a2: PUSH1 0x01
000004a4: PUSH1 0xa0
000004a6: PUSH1 0x02
000004a8: EXP
000004a9: SUB
000004aa: DUP3
000004ab: AND
000004ac: PUSH1 0x00
000004ae: SWAP1
000004af: DUP2
000004b0: MSTORE
000004b1: PUSH1 0x40
000004b3: SWAP1
000004b4: KECCAK256
000004b5: SLOAD
000004b6: DUP1
000004b7: DUP3
000004b8: ADD
000004b9: LT
000004ba: ISZERO
000004bb: PUSH2 0x04c3
000004be: JUMPI
000004bf: PUSH2 0x0002
000004c2: JUMP
000004c3: JUMPDEST
000004c4: DUP1
000004c5: PUSH1 0x05
000004c7: PUSH1 0x00
000004c9: POP
000004ca: PUSH1 0x00
000004cc: CALLER
000004cd: PUSH1 0x01
000004cf: PUSH1 0xa0
000004d1: PUSH1 0x02
000004d3: EXP
000004d4: SUB
000004d5: AND
000004d6: DUP2
000004d7: MSTORE
000004d8: PUSH1 0x20
000004da: ADD
000004db: SWAP1
000004dc: DUP2
000004dd: MSTORE
000004de: PUSH1 0x20
000004e0: ADD
000004e1: PUSH1 0x00
000004e3: KECCAK256
000004e4: PUSH1 0x00
000004e6: DUP3
000004e7: DUP3
000004e8: DUP3
000004e9: POP
000004ea: SLOAD
000004eb: SUB
000004ec: SWAP3
000004ed: POP
000004ee: POP
000004ef: DUP2
000004f0: SWAP1
000004f1: SSTORE
000004f2: POP
000004f3: DUP1
000004f4: PUSH1 0x05
000004f6: PUSH1 0x00
000004f8: POP
000004f9: PUSH1 0x00
000004fb: DUP5
000004fc: PUSH1 0x01
000004fe: PUSH1 0xa0
00000500: PUSH1 0x02
00000502: EXP
00000503: SUB
00000504: AND
00000505: DUP2
00000506: MSTORE
00000507: PUSH1 0x20
00000509: ADD
0000050a: SWAP1
0000050b: DUP2
0000050c: MSTORE
0000050d: PUSH1 0x20
0000050f: ADD
00000510: PUSH1 0x00
00000512: KECCAK256
00000513: PUSH1 0x00
00000515: DUP3
00000516: DUP3
00000517: DUP3
00000518: POP
00000519: SLOAD
0000051a: ADD
0000051b: SWAP3
0000051c: POP
0000051d: POP
0000051e: DUP2
0000051f: SWAP1
00000520: SSTORE
00000521: POP
00000522: DUP2
00000523: PUSH1 0x01
00000525: PUSH1 0xa0
00000527: PUSH1 0x02
00000529: EXP
0000052a: SUB
0000052b: AND
0000052c: CALLER
0000052d: PUSH1 0x01
0000052f: PUSH1 0xa0
00000531: PUSH1 0x02
00000533: EXP
00000534: SUB
00000535: AND
00000536: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
00000557: DUP4
00000558: PUSH1 0x40
0000055a: MLOAD
0000055b: DUP1
0000055c: DUP3
0000055d: DUP2
0000055e: MSTORE
0000055f: PUSH1 0x20
00000561: ADD
00000562: SWAP2
00000563: POP
00000564: POP
00000565: PUSH1 0x40
00000567: MLOAD
00000568: DUP1
00000569: SWAP2
0000056a: SUB
0000056b: SWAP1
0000056c: LOG3
0000056d: POP
0000056e: POP
0000056f: JUMP
00000570: JUMPDEST
00000571: PUSH1 0x01
00000573: PUSH1 0xa0
00000575: PUSH1 0x02
00000577: EXP
00000578: SUB
00000579: DUP4
0000057a: AND
0000057b: DUP2
0000057c: MSTORE
0000057d: PUSH1 0x40
0000057f: DUP2
00000580: KECCAK256
00000581: SLOAD
00000582: DUP1
00000583: DUP4
00000584: ADD
00000585: LT
00000586: ISZERO
00000587: PUSH2 0x058f
0000058a: JUMPI
0000058b: PUSH2 0x0002
0000058e: JUMP
0000058f: JUMPDEST
00000590: PUSH1 0x01
00000592: PUSH1 0xa0
00000594: PUSH1 0x02
00000596: EXP
00000597: SUB
00000598: DUP1
00000599: DUP6
0000059a: AND
0000059b: DUP1
0000059c: DUP4
0000059d: MSTORE
0000059e: PUSH1 0x06
000005a0: PUSH1 0x20
000005a2: SWAP1
000005a3: DUP2
000005a4: MSTORE
000005a5: PUSH1 0x40
000005a7: DUP1
000005a8: DUP6
000005a9: KECCAK256
000005aa: CALLER
000005ab: SWAP5
000005ac: SWAP1
000005ad: SWAP5
000005ae: AND
000005af: DUP1
000005b0: DUP7
000005b1: MSTORE
000005b2: SWAP4
000005b3: DUP3
000005b4: MSTORE
000005b5: DUP1
000005b6: DUP6
000005b7: KECCAK256
000005b8: SLOAD
000005b9: SWAP3
000005ba: DUP6
000005bb: MSTORE
000005bc: PUSH1 0x07
000005be: DUP3
000005bf: MSTORE
000005c0: DUP1
000005c1: DUP6
000005c2: KECCAK256
000005c3: SWAP4
000005c4: DUP6
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1080,1260p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
000005c4: DUP6
000005c5: MSTORE
000005c6: SWAP3
000005c7: SWAP1
000005c8: MSTORE
000005c9: SWAP1
000005ca: DUP3
000005cb: KECCAK256
000005cc: SLOAD
000005cd: DUP4
000005ce: ADD
000005cf: GT
000005d0: ISZERO
000005d1: PUSH2 0x05d9
000005d4: JUMPI
000005d5: PUSH2 0x0002
000005d8: JUMP
000005d9: JUMPDEST
000005da: DUP2
000005db: PUSH1 0x05
000005dd: PUSH1 0x00
000005df: POP
000005e0: PUSH1 0x00
000005e2: DUP7
000005e3: PUSH1 0x01
000005e5: PUSH1 0xa0
000005e7: PUSH1 0x02
000005e9: EXP
000005ea: SUB
000005eb: AND
000005ec: DUP2
000005ed: MSTORE
000005ee: PUSH1 0x20
000005f0: ADD
000005f1: SWAP1
000005f2: DUP2
000005f3: MSTORE
000005f4: PUSH1 0x20
000005f6: ADD
000005f7: PUSH1 0x00
000005f9: KECCAK256
000005fa: PUSH1 0x00
000005fc: DUP3
000005fd: DUP3
000005fe: DUP3
000005ff: POP
00000600: SLOAD
00000601: SUB
00000602: SWAP3
00000603: POP
00000604: POP
00000605: DUP2
00000606: SWAP1
00000607: SSTORE
00000608: POP
00000609: DUP2
0000060a: PUSH1 0x05
0000060c: PUSH1 0x00
0000060e: POP
0000060f: PUSH1 0x00
00000611: DUP6
00000612: PUSH1 0x01
00000614: PUSH1 0xa0
00000616: PUSH1 0x02
00000618: EXP
00000619: SUB
0000061a: AND
0000061b: DUP2
0000061c: MSTORE
0000061d: PUSH1 0x20
0000061f: ADD
00000620: SWAP1
00000621: DUP2
00000622: MSTORE
00000623: PUSH1 0x20
00000625: ADD
00000626: PUSH1 0x00
00000628: KECCAK256
00000629: PUSH1 0x00
0000062b: DUP3
0000062c: DUP3
0000062d: DUP3
0000062e: POP
0000062f: SLOAD
00000630: ADD
00000631: SWAP3
00000632: POP
00000633: POP
00000634: DUP2
00000635: SWAP1
00000636: SSTORE
00000637: POP
00000638: DUP2
00000639: PUSH1 0x07
0000063b: PUSH1 0x00
0000063d: POP
0000063e: PUSH1 0x00
00000640: DUP7
00000641: PUSH1 0x01
00000643: PUSH1 0xa0
00000645: PUSH1 0x02
00000647: EXP
00000648: SUB
00000649: AND
0000064a: DUP2
0000064b: MSTORE
0000064c: PUSH1 0x20
0000064e: ADD
0000064f: SWAP1
00000650: DUP2
00000651: MSTORE
00000652: PUSH1 0x20
00000654: ADD
00000655: PUSH1 0x00
00000657: KECCAK256
00000658: PUSH1 0x00
0000065a: POP
0000065b: PUSH1 0x00
0000065d: CALLER
0000065e: PUSH1 0x01
00000660: PUSH1 0xa0
00000662: PUSH1 0x02
00000664: EXP
00000665: SUB
00000666: AND
00000667: DUP2
00000668: MSTORE
00000669: PUSH1 0x20
0000066b: ADD
0000066c: SWAP1
0000066d: DUP2
0000066e: MSTORE
0000066f: PUSH1 0x20
00000671: ADD
00000672: PUSH1 0x00
00000674: KECCAK256
00000675: PUSH1 0x00
00000677: DUP3
00000678: DUP3
00000679: DUP3
0000067a: POP
0000067b: SLOAD
0000067c: ADD
0000067d: SWAP3
0000067e: POP
0000067f: POP
00000680: DUP2
00000681: SWAP1
00000682: SSTORE
00000683: POP
00000684: DUP3
00000685: PUSH1 0x01
00000687: PUSH1 0xa0
00000689: PUSH1 0x02
0000068b: EXP
0000068c: SUB
0000068d: AND
0000068e: DUP5
0000068f: PUSH1 0x01
00000691: PUSH1 0xa0
00000693: PUSH1 0x02
00000695: EXP
00000696: SUB
00000697: AND
00000698: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000006b9: DUP5
000006ba: PUSH1 0x40
000006bc: MLOAD
000006bd: DUP1
000006be: DUP3
000006bf: DUP2
000006c0: MSTORE
000006c1: PUSH1 0x20
000006c3: ADD
000006c4: SWAP2
000006c5: POP
000006c6: POP
000006c7: PUSH1 0x40
000006c9: MLOAD
000006ca: DUP1
000006cb: SWAP2
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1260,1325p'" in /tmp/codex-jte0ym1a
succeeded in 0ms:
000006cb: SWAP2
000006cc: SUB
000006cd: SWAP1
000006ce: LOG3
000006cf: POP
000006d0: PUSH1 0x01
000006d2: SWAP4
000006d3: SWAP3
000006d4: POP
000006d5: POP
000006d6: POP
000006d7: JUMP
codex
{"no_findings":false,"summary":"Bytecode matches a non-proxy ERC20-like token with custom `version()`, `approveAndCall(address,uint256,bytes)`, and an extra allowance-related view. The strongest issue is nonstandard allowance accounting: `transferFrom` enforces against a cumulative-spent counter in slot 7 while `allowance()` returns only the raw approved amount from slot 6. There is also a low-confidence reentrancy surface in `approveAndCall`, which performs an untrusted callback after writing approval state.","findings":[{"severity":"medium","category":"math","title":"Allowance accounting is nonstandard and can break ERC20 approval invariants","exploit_scenario":"A spender uses part of an approval, for example 60 out of 100. The owner then calls `approveAndCall(spender, 50, ...)` expecting a fresh allowance of 50. However, `transferFrom` checks `spent[from][spender] + amount <= approved[from][spender]`, so the historical spent value 60 remains in force and every further `transferFrom` reverts until the owner approves more than 60. At the same time, standard `allowance(owner,spender)` still reports 50, so wallets, routers, and other integrations can be misled into attempting transfers that always fail.","recommendation":"Use standard remaining-allowance semantics: either decrement the approval slot directly on `transferFrom`, or reset the cumulative-spent slot whenever a new approval is written. If the cumulative model is intentional, expose only custom interfaces and do not advertise ERC20-compatible `allowance`/`transferFrom` behavior.","evidence":"`approveAndCall` (`selector:0xcae9ca51`) writes slot 6 at `pc:0x2c4`. Standard `allowance` (`selector:0xdd62ed3e`) reads slot 6, while custom view `selector:0xdc3080f2` reads slot 7. `transferFrom` (`selector:0x23b872dd`) checks slot7+amount against slot6 around `pc:0x5c9`-`pc:0x5d1`, then increments slot 7 at `pc:0x682` instead of decrementing slot 6. This is strong bytecode evidence of cumulative-spent accounting rather than remaining allowance.","locations":["selector:0xcae9ca51","selector:0x23b872dd","selector:0xdd62ed3e","selector:0xdc3080f2","pc:0x2c4","pc:0x5cc","pc:0x682"]},{"severity":"low","category":"reentrancy","title":"`approveAndCall` performs an untrusted callback after writing approval state","exploit_scenario":"A malicious spender contract can be approved through `approveAndCall` and immediately reenter the token during its `receiveApproval(address,uint256,address,bytes)` callback. Because the approval is written before the external call, the spender can use the newly granted allowance inside the callback before the outer function returns. This may be intended behavior for this pattern, but it still creates a reentrancy surface and can surprise integrators that assume approval and post-approval effects are separated.","recommendation":"If callback-based approvals are required, restrict them to trusted spender contracts or add explicit reentrancy protection/documentation. Otherwise prefer a plain approval flow without an external callback.","evidence":"In `approveAndCall` (`selector:0xcae9ca51`), the contract stores approval state before building calldata for selector `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`) and performing an external `CALL` at `pc:0x385`. The callback target is calldata-derived. Guard detection found no lock, though bytecode-only analysis cannot prove a guard is absent in every path. The external call appears success-checked and likely sends zero ETH, so this is an interaction-order risk rather than a confirmed fund-loss bug.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
tokens used
85,514
{
"codex": {
"ran_at": "2026-04-05T05:16:51.374987+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3506,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode matches a non-proxy ERC20-like token with custom `version()`, `approveAndCall(address,uint256,bytes)`, and an extra allowance-related view. The strongest issue is nonstandard allowance accounting: `transferFrom` enforces against a cumulative-spent counter in slot 7 while `allowance()` returns only the raw approved amount from slot 6. There is also a low-confidence reentrancy surface in `approveAndCall`, which performs an untrusted callback after writing approval state.",
"raw_final": {
"summary": "Bytecode matches a non-proxy ERC20-like token with custom `version()`, `approveAndCall(address,uint256,bytes)`, and an extra allowance-related view. The strongest issue is nonstandard allowance accounting: `transferFrom` enforces against a cumulative-spent counter in slot 7 while `allowance()` returns only the raw approved amount from slot 6. There is also a low-confidence reentrancy surface in `approveAndCall`, which performs an untrusted callback after writing approval state.",
"findings": [
{
"title": "Allowance accounting is nonstandard and can break ERC20 approval invariants",
"category": "math",
"evidence": "`approveAndCall` (`selector:0xcae9ca51`) writes slot 6 at `pc:0x2c4`. Standard `allowance` (`selector:0xdd62ed3e`) reads slot 6, while custom view `selector:0xdc3080f2` reads slot 7. `transferFrom` (`selector:0x23b872dd`) checks slot7+amount against slot6 around `pc:0x5c9`-`pc:0x5d1`, then increments slot 7 at `pc:0x682` instead of decrementing slot 6. This is strong bytecode evidence of cumulative-spent accounting rather than remaining allowance.",
"severity": "medium",
"locations": [
"selector:0xcae9ca51",
"selector:0x23b872dd",
"selector:0xdd62ed3e",
"selector:0xdc3080f2",
"pc:0x2c4",
"pc:0x5cc",
"pc:0x682"
],
"recommendation": "Use standard remaining-allowance semantics: either decrement the approval slot directly on `transferFrom`, or reset the cumulative-spent slot whenever a new approval is written. If the cumulative model is intentional, expose only custom interfaces and do not advertise ERC20-compatible `allowance`/`transferFrom` behavior.",
"exploit_scenario": "A spender uses part of an approval, for example 60 out of 100. The owner then calls `approveAndCall(spender, 50, ...)` expecting a fresh allowance of 50. However, `transferFrom` checks `spent[from][spender] + amount <= approved[from][spender]`, so the historical spent value 60 remains in force and every further `transferFrom` reverts until the owner approves more than 60. At the same time, standard `allowance(owner,spender)` still reports 50, so wallets, routers, and other integrations can be misled into attempting transfers that always fail."
},
{
"title": "`approveAndCall` performs an untrusted callback after writing approval state",
"category": "reentrancy",
"evidence": "In `approveAndCall` (`selector:0xcae9ca51`), the contract stores approval state before building calldata for selector `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`) and performing an external `CALL` at `pc:0x385`. The callback target is calldata-derived. Guard detection found no lock, though bytecode-only analysis cannot prove a guard is absent in every path. The external call appears success-checked and likely sends zero ETH, so this is an interaction-order risk rather than a confirmed fund-loss bug.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "If callback-based approvals are required, restrict them to trusted spender contracts or add explicit reentrancy protection/documentation. Otherwise prefer a plain approval flow without an external callback.",
"exploit_scenario": "A malicious spender contract can be approved through `approveAndCall` and immediately reenter the token during its `receiveApproval(address,uint256,address,bytes)` callback. Because the approval is written before the external call, the spender can use the newly granted allowance inside the callback before the outer function returns. This may be intended behavior for this pattern, but it still creates a reentrancy surface and can surprise integrators that assume approval and post-approval effects are separated."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0095 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x00f2 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x23b872dd 00000030: EQ 00000031: PUSH2 0x00fb 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x012d 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x0139 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x0193 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x95d89b41 0000005c: EQ 0000005d: PUSH2 0x01ab 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa9059cbb 00000067: EQ 00000068: PUSH2 0x0207 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcae9ca51 00000072: EQ 00000073: PUSH2 0x0236 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdc3080f2 0000007d: EQ 0000007e: PUSH2 0x0398 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xdd62ed3e 00000088: EQ 00000089: PUSH2 0x03bd 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x03e2 00000091: PUSH2 0x0002 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH2 0x03e4 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: SLOAD 0000009d: PUSH1 0x20 0000009f: PUSH1 0x02 000000a1: PUSH1 0x01 000000a3: DUP4 000000a4: AND 000000a5: ISZERO 000000a6: PUSH2 0x0100 000000a9: MUL 000000aa: PUSH1 0x00 000000ac: NOT 000000ad: ADD 000000ae: SWAP1 000000af: SWAP3 000000b0: AND 000000b1: SWAP2 000000b2: SWAP1 000000b3: SWAP2 000000b4: DIV 000000b5: PUSH1 0x1f 000000b7: DUP2 000000b8: ADD 000000b9: DUP3 000000ba: SWAP1 000000bb: DIV 000000bc: SWAP1 000000bd: SWAP2 000000be: MUL 000000bf: PUSH1 0x80 000000c1: SWAP1 000000c2: DUP2 000000c3: ADD 000000c4: PUSH1 0x40 000000c6: MSTORE 000000c7: PUSH1 0x60 000000c9: DUP3 000000ca: DUP2 000000cb: MSTORE 000000cc: SWAP3 000000cd: SWAP2 000000ce: SWAP1 000000cf: DUP3 000000d0: DUP3 000000d1: DUP1 000000d2: ISZERO 000000d3: PUSH2 0x0499 000000d6: JUMPI 000000d7: DUP1 000000d8: PUSH1 0x1f 000000da: LT 000000db: PUSH2 0x046e 000000de: JUMPI 000000df: PUSH2 0x0100 000000e2: DUP1 000000e3: DUP4 000000e4: SLOAD 000000e5: DIV 000000e6: MUL 000000e7: DUP4 000000e8: MSTORE 000000e9: SWAP2 000000ea: PUSH1 0x20 000000ec: ADD 000000ed: SWAP2 000000ee: PUSH2 0x0499 000000f1: JUMP 000000f2: JUMPDEST 000000f3: PUSH2 0x0452 000000f6: PUSH1 0x04 000000f8: SLOAD 000000f9: DUP2 000000fa: JUMP 000000fb: JUMPDEST 000000fc: PUSH2 0x0452 000000ff: PUSH1 0x04 00000101: CALLDATALOAD 00000102: PUSH1 0x24 00000104: CALLDATALOAD 00000105: PUSH1 0x44 00000107: CALLDATALOAD 00000108: PUSH1 0x01 0000010a: PUSH1 0xa0 0000010c: PUSH1 0x02 0000010e: EXP 0000010f: SUB 00000110: DUP4 00000111: AND 00000112: PUSH1 0x00 00000114: SWAP1 00000115: DUP2 00000116: MSTORE 00000117: PUSH1 0x05 00000119: PUSH1 0x20 0000011b: MSTORE 0000011c: PUSH1 0x40 0000011e: DUP2 0000011f: KECCAK256 00000120: SLOAD 00000121: DUP3 00000122: SWAP1 00000123: LT 00000124: ISZERO 00000125: PUSH2 0x0570 00000128: JUMPI 00000129: PUSH2 0x0002 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x0464 00000131: PUSH1 0x03 00000133: SLOAD 00000134: PUSH1 0xff 00000136: AND 00000137: DUP2 00000138: JUMP 00000139: JUMPDEST 0000013a: PUSH2 0x03e4 0000013d: PUSH1 0x02 0000013f: DUP1 00000140: SLOAD 00000141: PUSH1 0x20 00000143: PUSH1 0x01 00000145: DUP3 00000146: AND 00000147: ISZERO 00000148: PUSH2 0x0100 0000014b: MUL 0000014c: PUSH1 0x00 0000014e: NOT 0000014f: ADD 00000150: SWAP1 00000151: SWAP2 00000152: AND 00000153: DUP3 00000154: SWAP1 00000155: DIV 00000156: PUSH1 0x1f 00000158: DUP2 00000159: ADD 0000015a: DUP3 0000015b: SWAP1 0000015c: DIV 0000015d: SWAP1 0000015e: SWAP2 0000015f: MUL 00000160: PUSH1 0x80 00000162: SWAP1 00000163: DUP2 00000164: ADD 00000165: PUSH1 0x40 00000167: MSTORE 00000168: PUSH1 0x60 0000016a: DUP3 0000016b: DUP2 0000016c: MSTORE 0000016d: SWAP3 0000016e: SWAP2 0000016f: SWAP1 00000170: DUP3 00000171: DUP3 00000172: DUP1 00000173: ISZERO 00000174: PUSH2 0x0499 00000177: JUMPI 00000178: DUP1 00000179: PUSH1 0x1f 0000017b: LT 0000017c: PUSH2 0x046e 0000017f: JUMPI 00000180: PUSH2 0x0100 00000183: DUP1 00000184: DUP4 00000185: SLOAD 00000186: DIV 00000187: MUL 00000188: DUP4 00000189: MSTORE 0000018a: SWAP2 0000018b: PUSH1 0x20 0000018d: ADD 0000018e: SWAP2 0000018f: PUSH2 0x0499 00000192: JUMP 00000193: JUMPDEST 00000194: PUSH2 0x0452 00000197: PUSH1 0x04 00000199: CALLDATALOAD 0000019a: PUSH1 0x05 0000019c: PUSH1 0x20 0000019e: MSTORE 0000019f: PUSH1 0x00 000001a1: SWAP1 000001a2: DUP2 000001a3: MSTORE 000001a4: PUSH1 0x40 000001a6: SWAP1 000001a7: KECCAK256 000001a8: SLOAD 000001a9: DUP2 000001aa: JUMP 000001ab: JUMPDEST 000001ac: PUSH2 0x03e4 000001af: PUSH1 0x01 000001b1: DUP1 000001b2: SLOAD 000001b3: PUSH1 0x20 000001b5: PUSH1 0x02 000001b7: DUP3 000001b8: DUP5 000001b9: AND 000001ba: ISZERO 000001bb: PUSH2 0x0100 000001be: MUL 000001bf: PUSH1 0x00 000001c1: NOT 000001c2: ADD 000001c3: SWAP1 000001c4: SWAP3 000001c5: AND 000001c6: SWAP2 000001c7: SWAP1 000001c8: SWAP2 000001c9: DIV 000001ca: PUSH1 0x1f 000001cc: DUP2 000001cd: ADD 000001ce: DUP3 000001cf: SWAP1 000001d0: DIV 000001d1: SWAP1 000001d2: SWAP2 000001d3: MUL 000001d4: PUSH1 0x80 000001d6: SWAP1 000001d7: DUP2 000001d8: ADD 000001d9: PUSH1 0x40 000001db: MSTORE 000001dc: PUSH1 0x60 000001de: DUP3 000001df: DUP2 000001e0: MSTORE 000001e1: SWAP3 000001e2: SWAP2 000001e3: SWAP1 000001e4: DUP3 000001e5: DUP3 000001e6: DUP1 000001e7: ISZERO 000001e8: PUSH2 0x0499 000001eb: JUMPI 000001ec: DUP1 000001ed: PUSH1 0x1f 000001ef: LT 000001f0: PUSH2 0x046e 000001f3: JUMPI 000001f4: PUSH2 0x0100 000001f7: DUP1 000001f8: DUP4 000001f9: SLOAD 000001fa: DIV 000001fb: MUL 000001fc: DUP4 000001fd: MSTORE 000001fe: SWAP2 000001ff: PUSH1 0x20 00000201: ADD 00000202: SWAP2 00000203: PUSH2 0x0499 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH2 0x03e2 0000020b: PUSH1 0x04 0000020d: CALLDATALOAD 0000020e: PUSH1 0x24 00000210: CALLDATALOAD 00000211: PUSH1 0x01 00000213: PUSH1 0xa0 00000215: PUSH1 0x02 00000217: EXP 00000218: SUB 00000219: CALLER 0000021a: AND 0000021b: PUSH1 0x00 0000021d: SWAP1 0000021e: DUP2 0000021f: MSTORE 00000220: PUSH1 0x05 00000222: PUSH1 0x20 00000224: MSTORE 00000225: PUSH1 0x40 00000227: SWAP1 00000228: KECCAK256 00000229: SLOAD 0000022a: DUP2 0000022b: SWAP1 0000022c: LT 0000022d: ISZERO 0000022e: PUSH2 0x04a1 00000231: JUMPI 00000232: PUSH2 0x0002 00000235: JUMP 00000236: JUMPDEST 00000237: PUSH1 0x80 00000239: PUSH1 0x20 0000023b: PUSH1 0x44 0000023d: CALLDATALOAD 0000023e: PUSH1 0x04 00000240: DUP2 00000241: DUP2 00000242: ADD 00000243: CALLDATALOAD 00000244: PUSH1 0x1f 00000246: DUP2 00000247: ADD 00000248: DUP5 00000249: SWAP1 0000024a: DIV 0000024b: SWAP1 0000024c: SWAP4 0000024d: MUL 0000024e: DUP5 0000024f: ADD 00000250: PUSH1 0x40 00000252: MSTORE 00000253: PUSH1 0x60 00000255: DUP4 00000256: DUP2 00000257: MSTORE 00000258: PUSH2 0x0452 0000025b: SWAP5 0000025c: DUP3 0000025d: CALLDATALOAD 0000025e: SWAP5 0000025f: PUSH1 0x24 00000261: DUP1 00000262: CALLDATALOAD 00000263: SWAP6 00000264: PUSH1 0x64 00000266: SWAP5 00000267: SWAP4 00000268: SWAP2 00000269: ADD 0000026a: SWAP2 0000026b: SWAP1 0000026c: DUP2 0000026d: SWAP1 0000026e: DUP4 0000026f: DUP3 00000270: DUP1 00000271: DUP3 00000272: DUP5 00000273: CALLDATACOPY 00000274: POP 00000275: SWAP5 00000276: SWAP7 00000277: POP 00000278: POP 00000279: POP 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: POP 0000027e: PUSH1 0x00 00000280: PUSH1 0x00 00000282: DUP4 00000283: PUSH1 0x06 00000285: PUSH1 0x00 00000287: POP 00000288: PUSH1 0x00 0000028a: CALLER 0000028b: PUSH1 0x01 0000028d: PUSH1 0xa0 0000028f: PUSH1 0x02 00000291: EXP 00000292: SUB 00000293: AND 00000294: DUP2 00000295: MSTORE 00000296: PUSH1 0x20 00000298: ADD 00000299: SWAP1 0000029a: DUP2 0000029b: MSTORE 0000029c: PUSH1 0x20 0000029e: ADD 0000029f: PUSH1 0x00 000002a1: KECCAK256 000002a2: PUSH1 0x00 000002a4: POP 000002a5: PUSH1 0x00 000002a7: DUP8 000002a8: PUSH1 0x01 000002aa: PUSH1 0xa0 000002ac: PUSH1 0x02 000002ae: EXP 000002af: SUB 000002b0: AND 000002b1: DUP2 000002b2: MSTORE 000002b3: PUSH1 0x20 000002b5: ADD 000002b6: SWAP1 000002b7: DUP2 000002b8: MSTORE 000002b9: PUSH1 0x20 000002bb: ADD 000002bc: PUSH1 0x00 000002be: KECCAK256 000002bf: PUSH1 0x00 000002c1: POP 000002c2: DUP2 000002c3: SWAP1 000002c4: SSTORE 000002c5: POP 000002c6: DUP5 000002c7: SWAP1 000002c8: POP 000002c9: DUP1 000002ca: PUSH1 0x01 000002cc: PUSH1 0xa0 000002ce: PUSH1 0x02 000002d0: EXP 000002d1: SUB 000002d2: AND 000002d3: PUSH4 0x8f4ffcb1 000002d8: CALLER 000002d9: DUP7 000002da: ADDRESS 000002db: DUP8 000002dc: PUSH1 0x40 000002de: MLOAD 000002df: DUP6 000002e0: PUSH1 0xe0 000002e2: PUSH1 0x02 000002e4: EXP 000002e5: MUL 000002e6: DUP2 000002e7: MSTORE 000002e8: PUSH1 0x04 000002ea: ADD 000002eb: DUP1 000002ec: DUP6 000002ed: PUSH1 0x01 000002ef: PUSH1 0xa0 000002f1: PUSH1 0x02 000002f3: EXP 000002f4: SUB 000002f5: AND 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: ADD 000002fb: DUP5 000002fc: DUP2 000002fd: MSTORE 000002fe: PUSH1 0x20 00000300: ADD 00000301: DUP4 00000302: PUSH1 0x01 00000304: PUSH1 0xa0 00000306: PUSH1 0x02 00000308: EXP 00000309: SUB 0000030a: AND 0000030b: DUP2 0000030c: MSTORE 0000030d: PUSH1 0x20 0000030f: ADD 00000310: DUP1 00000311: PUSH1 0x20 00000313: ADD 00000314: DUP3 00000315: DUP2 00000316: SUB 00000317: DUP3 00000318: MSTORE 00000319: DUP4 0000031a: DUP2 0000031b: DUP2 0000031c: MLOAD 0000031d: DUP2 0000031e: MSTORE 0000031f: PUSH1 0x20 00000321: ADD 00000322: SWAP2 00000323: POP 00000324: DUP1 00000325: MLOAD 00000326: SWAP1 00000327: PUSH1 0x20 00000329: ADD 0000032a: SWAP1 0000032b: DUP1 0000032c: DUP4 0000032d: DUP4 0000032e: DUP3 0000032f: SWAP1 00000330: PUSH1 0x00 00000332: PUSH1 0x04 00000334: PUSH1 0x20 00000336: DUP5 00000337: PUSH1 0x1f 00000339: ADD 0000033a: DIV 0000033b: PUSH1 0x0f 0000033d: MUL 0000033e: PUSH1 0x03 00000340: ADD 00000341: CALL 00000342: POP 00000343: SWAP1 00000344: POP 00000345: SWAP1 00000346: DUP2 00000347: ADD 00000348: SWAP1 00000349: PUSH1 0x1f 0000034b: AND 0000034c: DUP1 0000034d: ISZERO 0000034e: PUSH2 0x036b 00000351: JUMPI 00000352: DUP1 00000353: DUP3 00000354: SUB 00000355: DUP1 00000356: MLOAD 00000357: PUSH1 0x01 00000359: DUP4 0000035a: PUSH1 0x20 0000035c: SUB 0000035d: PUSH2 0x0100 00000360: EXP 00000361: SUB 00000362: NOT 00000363: AND 00000364: DUP2 00000365: MSTORE 00000366: PUSH1 0x20 00000368: ADD 00000369: SWAP2 0000036a: POP 0000036b: JUMPDEST 0000036c: POP 0000036d: SWAP6 0000036e: POP 0000036f: POP 00000370: POP 00000371: POP 00000372: POP 00000373: POP 00000374: PUSH1 0x00 00000376: PUSH1 0x40 00000378: MLOAD 00000379: DUP1 0000037a: DUP4 0000037b: SUB 0000037c: DUP2 0000037d: PUSH1 0x00 0000037f: DUP8 00000380: PUSH2 0x61da 00000383: GAS 00000384: SUB 00000385: CALL 00000386: ISZERO 00000387: PUSH2 0x0002 0000038a: JUMPI 0000038b: POP 0000038c: PUSH1 0x01 0000038e: SWAP8 0000038f: SWAP7 00000390: POP 00000391: POP 00000392: POP 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: JUMP 00000398: JUMPDEST 00000399: PUSH1 0x07 0000039b: PUSH1 0x20 0000039d: SWAP1 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x04 000003a2: CALLDATALOAD 000003a3: PUSH1 0x00 000003a5: SWAP1 000003a6: DUP2 000003a7: MSTORE 000003a8: PUSH1 0x40 000003aa: DUP1 000003ab: DUP3 000003ac: KECCAK256 000003ad: SWAP1 000003ae: SWAP3 000003af: MSTORE 000003b0: PUSH1 0x24 000003b2: CALLDATALOAD 000003b3: DUP2 000003b4: MSTORE 000003b5: KECCAK256 000003b6: SLOAD 000003b7: PUSH2 0x0452 000003ba: SWAP1 000003bb: DUP2 000003bc: JUMP 000003bd: JUMPDEST 000003be: PUSH1 0x06 000003c0: PUSH1 0x20 000003c2: SWAP1 000003c3: DUP2 000003c4: MSTORE 000003c5: PUSH1 0x04 000003c7: CALLDATALOAD 000003c8: PUSH1 0x00 000003ca: SWAP1 000003cb: DUP2 000003cc: MSTORE 000003cd: PUSH1 0x40 000003cf: DUP1 000003d0: DUP3 000003d1: KECCAK256 000003d2: SWAP1 000003d3: SWAP3 000003d4: MSTORE 000003d5: PUSH1 0x24 000003d7: CALLDATALOAD 000003d8: DUP2 000003d9: MSTORE 000003da: KECCAK256 000003db: SLOAD 000003dc: PUSH2 0x0452 000003df: SWAP1 000003e0: DUP2 000003e1: JUMP 000003e2: JUMPDEST 000003e3: STOP 000003e4: JUMPDEST 000003e5: PUSH1 0x40 000003e7: MLOAD 000003e8: DUP1 000003e9: DUP1 000003ea: PUSH1 0x20 000003ec: ADD 000003ed: DUP3 000003ee: DUP2 000003ef: SUB 000003f0: DUP3 000003f1: MSTORE 000003f2: DUP4 000003f3: DUP2 000003f4: DUP2 000003f5: MLOAD 000003f6: DUP2 000003f7: MSTORE 000003f8: PUSH1 0x20 000003fa: ADD 000003fb: SWAP2 000003fc: POP 000003fd: DUP1 000003fe: MLOAD 000003ff: SWAP1 00000400: PUSH1 0x20 00000402: ADD 00000403: SWAP1 00000404: DUP1 00000405: DUP4 00000406: DUP4 00000407: DUP3 00000408: SWAP1 00000409: PUSH1 0x00 0000040b: PUSH1 0x04 0000040d: PUSH1 0x20 0000040f: DUP5 00000410: PUSH1 0x1f 00000412: ADD 00000413: DIV 00000414: PUSH1 0x0f 00000416: MUL 00000417: PUSH1 0x03 00000419: ADD 0000041a: CALL 0000041b: POP 0000041c: SWAP1 0000041d: POP 0000041e: SWAP1 0000041f: DUP2 00000420: ADD 00000421: SWAP1 00000422: PUSH1 0x1f 00000424: AND 00000425: DUP1 00000426: ISZERO 00000427: PUSH2 0x0444 0000042a: JUMPI 0000042b: DUP1 0000042c: DUP3 0000042d: SUB 0000042e: DUP1 0000042f: MLOAD 00000430: PUSH1 0x01 00000432: DUP4 00000433: PUSH1 0x20 00000435: SUB 00000436: PUSH2 0x0100 00000439: EXP 0000043a: SUB 0000043b: NOT 0000043c: AND 0000043d: DUP2 0000043e: MSTORE 0000043f: PUSH1 0x20 00000441: ADD 00000442: SWAP2 00000443: POP 00000444: JUMPDEST 00000445: POP 00000446: SWAP3 00000447: POP 00000448: POP 00000449: POP 0000044a: PUSH1 0x40 0000044c: MLOAD 0000044d: DUP1 0000044e: SWAP2 0000044f: SUB 00000450: SWAP1 00000451: RETURN 00000452: JUMPDEST 00000453: PUSH1 0x40 00000455: DUP1 00000456: MLOAD 00000457: SWAP2 00000458: DUP3 00000459: MSTORE 0000045a: MLOAD 0000045b: SWAP1 0000045c: DUP2 0000045d: SWAP1 0000045e: SUB 0000045f: PUSH1 0x20 00000461: ADD 00000462: SWAP1 00000463: RETURN 00000464: JUMPDEST 00000465: PUSH1 0x60 00000467: SWAP1 00000468: DUP2 00000469: MSTORE 0000046a: PUSH1 0x20 0000046c: SWAP1 0000046d: RETURN 0000046e: JUMPDEST 0000046f: DUP3 00000470: ADD 00000471: SWAP2 00000472: SWAP1 00000473: PUSH1 0x00 00000475: MSTORE 00000476: PUSH1 0x20 00000478: PUSH1 0x00 0000047a: KECCAK256 0000047b: SWAP1 0000047c: JUMPDEST 0000047d: DUP2 0000047e: SLOAD 0000047f: DUP2 00000480: MSTORE 00000481: SWAP1 00000482: PUSH1 0x01 00000484: ADD 00000485: SWAP1 00000486: PUSH1 0x20 00000488: ADD 00000489: DUP1 0000048a: DUP4 0000048b: GT 0000048c: PUSH2 0x047c 0000048f: JUMPI 00000490: DUP3 00000491: SWAP1 00000492: SUB 00000493: PUSH1 0x1f 00000495: AND 00000496: DUP3 00000497: ADD 00000498: SWAP2 00000499: JUMPDEST 0000049a: POP 0000049b: POP 0000049c: POP 0000049d: POP 0000049e: POP 0000049f: DUP2 000004a0: JUMP 000004a1: JUMPDEST 000004a2: PUSH1 0x01 000004a4: PUSH1 0xa0 000004a6: PUSH1 0x02 000004a8: EXP 000004a9: SUB 000004aa: DUP3 000004ab: AND 000004ac: PUSH1 0x00 000004ae: SWAP1 000004af: DUP2 000004b0: MSTORE 000004b1: PUSH1 0x40 000004b3: SWAP1 000004b4: KECCAK256 000004b5: SLOAD 000004b6: DUP1 000004b7: DUP3 000004b8: ADD 000004b9: LT 000004ba: ISZERO 000004bb: PUSH2 0x04c3 000004be: JUMPI 000004bf: PUSH2 0x0002 000004c2: JUMP 000004c3: JUMPDEST 000004c4: DUP1 000004c5: PUSH1 0x05 000004c7: PUSH1 0x00 000004c9: POP 000004ca: PUSH1 0x00 000004cc: CALLER 000004cd: PUSH1 0x01 000004cf: PUSH1 0xa0 000004d1: PUSH1 0x02 000004d3: EXP 000004d4: SUB 000004d5: AND 000004d6: DUP2 000004d7: MSTORE 000004d8: PUSH1 0x20 000004da: ADD 000004db: SWAP1 000004dc: DUP2 000004dd: MSTORE 000004de: PUSH1 0x20 000004e0: ADD 000004e1: PUSH1 0x00 000004e3: KECCAK256 000004e4: PUSH1 0x00 000004e6: DUP3 000004e7: DUP3 000004e8: DUP3 000004e9: POP 000004ea: SLOAD 000004eb: SUB 000004ec: SWAP3 000004ed: POP 000004ee: POP 000004ef: DUP2 000004f0: SWAP1 000004f1: SSTORE 000004f2: POP 000004f3: DUP1 000004f4: PUSH1 0x05 000004f6: PUSH1 0x00 000004f8: POP 000004f9: PUSH1 0x00 000004fb: DUP5 000004fc: PUSH1 0x01 000004fe: PUSH1 0xa0 00000500: PUSH1 0x02 00000502: EXP 00000503: SUB 00000504: AND 00000505: DUP2 00000506: MSTORE 00000507: PUSH1 0x20 00000509: ADD 0000050a: SWAP1 0000050b: DUP2 0000050c: MSTORE 0000050d: PUSH1 0x20 0000050f: ADD 00000510: PUSH1 0x00 00000512: KECCAK256 00000513: PUSH1 0x00 00000515: DUP3 00000516: DUP3 00000517: DUP3 00000518: POP 00000519: SLOAD 0000051a: ADD 0000051b: SWAP3 0000051c: POP 0000051d: POP 0000051e: DUP2 0000051f: SWAP1 00000520: SSTORE 00000521: POP 00000522: DUP2 00000523: PUSH1 0x01 00000525: PUSH1 0xa0 00000527: PUSH1 0x02 00000529: EXP 0000052a: SUB 0000052b: AND 0000052c: CALLER 0000052d: PUSH1 0x01 0000052f: PUSH1 0xa0 00000531: PUSH1 0x02 00000533: EXP 00000534: SUB 00000535: AND 00000536: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 00000557: DUP4 00000558: PUSH1 0x40 0000055a: MLOAD 0000055b: DUP1 0000055c: DUP3 0000055d: DUP2 0000055e: MSTORE 0000055f: PUSH1 0x20 00000561: ADD 00000562: SWAP2 00000563: POP 00000564: POP 00000565: PUSH1 0x40 00000567: MLOAD 00000568: DUP1 00000569: SWAP2 0000056a: SUB 0000056b: SWAP1 0000056c: LOG3 0000056d: POP 0000056e: POP 0000056f: JUMP 00000570: JUMPDEST 00000571: PUSH1 0x01 00000573: PUSH1 0xa0 00000575: PUSH1 0x02 00000577: EXP 00000578: SUB 00000579: DUP4 0000057a: AND 0000057b: DUP2 0000057c: MSTORE 0000057d: PUSH1 0x40 0000057f: DUP2 00000580: KECCAK256 00000581: SLOAD 00000582: DUP1 00000583: DUP4 00000584: ADD 00000585: LT 00000586: ISZERO 00000587: PUSH2 0x058f 0000058a: JUMPI 0000058b: PUSH2 0x0002 0000058e: JUMP 0000058f: JUMPDEST 00000590: PUSH1 0x01 00000592: PUSH1 0xa0 00000594: PUSH1 0x02 00000596: EXP 00000597: SUB 00000598: DUP1 00000599: DUP6 0000059a: AND 0000059b: DUP1 0000059c: DUP4 0000059d: MSTORE 0000059e: PUSH1 0x06 000005a0: PUSH1 0x20 000005a2: SWAP1 000005a3: DUP2 000005a4: MSTORE 000005a5: PUSH1 0x40 000005a7: DUP1 000005a8: DUP6 000005a9: KECCAK256 000005aa: CALLER 000005ab: SWAP5 000005ac: SWAP1 000005ad: SWAP5 000005ae: AND 000005af: DUP1 000005b0: DUP7 000005b1: MSTORE 000005b2: SWAP4 000005b3: DUP3 000005b4: MSTORE 000005b5: DUP1 000005b6: DUP6 000005b7: KECCAK256 000005b8: SLOAD 000005b9: SWAP3 000005ba: DUP6 000005bb: MSTORE 000005bc: PUSH1 0x07 000005be: DUP3 000005bf: MSTORE 000005c0: DUP1 000005c1: DUP6 000005c2: KECCAK256 000005c3: SWAP4 000005c4: DUP6 000005c5: MSTORE 000005c6: SWAP3 000005c7: SWAP1 000005c8: MSTORE 000005c9: SWAP1 000005ca: DUP3 000005cb: KECCAK256 000005cc: SLOAD 000005cd: DUP4 000005ce: ADD 000005cf: GT 000005d0: ISZERO 000005d1: PUSH2 0x05d9 000005d4: JUMPI 000005d5: PUSH2 0x0002 000005d8: JUMP 000005d9: JUMPDEST 000005da: DUP2 000005db: PUSH1 0x05 000005dd: PUSH1 0x00 000005df: POP 000005e0: PUSH1 0x00 000005e2: DUP7 000005e3: PUSH1 0x01 000005e5: PUSH1 0xa0 000005e7: PUSH1 0x02 000005e9: EXP 000005ea: SUB 000005eb: AND 000005ec: DUP2 000005ed: MSTORE 000005ee: PUSH1 0x20 000005f0: ADD 000005f1: SWAP1 000005f2: DUP2 000005f3: MSTORE 000005f4: PUSH1 0x20 000005f6: ADD 000005f7: PUSH1 0x00 000005f9: KECCAK256 000005fa: PUSH1 0x00 000005fc: DUP3 000005fd: DUP3 000005fe: DUP3 000005ff: POP 00000600: SLOAD 00000601: SUB 00000602: SWAP3 00000603: POP 00000604: POP 00000605: DUP2 00000606: SWAP1 00000607: SSTORE 00000608: POP 00000609: DUP2 0000060a: PUSH1 0x05 0000060c: PUSH1 0x00 0000060e: POP 0000060f: PUSH1 0x00 00000611: DUP6 00000612: PUSH1 0x01 00000614: PUSH1 0xa0 00000616: PUSH1 0x02 00000618: EXP 00000619: SUB 0000061a: AND 0000061b: DUP2 0000061c: MSTORE 0000061d: PUSH1 0x20 0000061f: ADD 00000620: SWAP1 00000621: DUP2 00000622: MSTORE 00000623: PUSH1 0x20 00000625: ADD 00000626: PUSH1 0x00 00000628: KECCAK256 00000629: PUSH1 0x00 0000062b: DUP3 0000062c: DUP3 0000062d: DUP3 0000062e: POP 0000062f: SLOAD 00000630: ADD 00000631: SWAP3 00000632: POP 00000633: POP 00000634: DUP2 00000635: SWAP1 00000636: SSTORE 00000637: POP 00000638: DUP2 00000639: PUSH1 0x07 0000063b: PUSH1 0x00 0000063d: POP 0000063e: PUSH1 0x00 00000640: DUP7 00000641: PUSH1 0x01 00000643: PUSH1 0xa0 00000645: PUSH1 0x02 00000647: EXP 00000648: SUB 00000649: AND 0000064a: DUP2 0000064b: MSTORE 0000064c: PUSH1 0x20 0000064e: ADD 0000064f: SWAP1 00000650: DUP2 00000651: MSTORE 00000652: PUSH1 0x20 00000654: ADD 00000655: PUSH1 0x00 00000657: KECCAK256 00000658: PUSH1 0x00 0000065a: POP 0000065b: PUSH1 0x00 0000065d: CALLER 0000065e: PUSH1 0x01 00000660: PUSH1 0xa0 00000662: PUSH1 0x02 00000664: EXP 00000665: SUB 00000666: AND 00000667: DUP2 00000668: MSTORE 00000669: PUSH1 0x20 0000066b: ADD 0000066c: SWAP1 0000066d: DUP2 0000066e: MSTORE 0000066f: PUSH1 0x20 00000671: ADD 00000672: PUSH1 0x00 00000674: KECCAK256 00000675: PUSH1 0x00 00000677: DUP3 00000678: DUP3 00000679: DUP3 0000067a: POP 0000067b: SLOAD 0000067c: ADD 0000067d: SWAP3 0000067e: POP 0000067f: POP 00000680: DUP2 00000681: SWAP1 00000682: SSTORE 00000683: POP 00000684: DUP3 00000685: PUSH1 0x01 00000687: PUSH1 0xa0 00000689: PUSH1 0x02 0000068b: EXP 0000068c: SUB 0000068d: AND 0000068e: DUP5 0000068f: PUSH1 0x01 00000691: PUSH1 0xa0 00000693: PUSH1 0x02 00000695: EXP 00000696: SUB 00000697: AND 00000698: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000006b9: DUP5 000006ba: PUSH1 0x40 000006bc: MLOAD 000006bd: DUP1 000006be: DUP3 000006bf: DUP2 000006c0: MSTORE 000006c1: PUSH1 0x20 000006c3: ADD 000006c4: SWAP2 000006c5: POP 000006c6: POP 000006c7: PUSH1 0x40 000006c9: MLOAD 000006ca: DUP1 000006cb: SWAP2 000006cc: SUB 000006cd: SWAP1 000006ce: LOG3 000006cf: POP 000006d0: PUSH1 0x01 000006d2: SWAP4 000006d3: SWAP3 000006d4: POP 000006d5: POP 000006d6: POP 000006d7: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084
call_targets:
0x0000000000000000000000000000000000000004, 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084
call_targets:
0x0000000000000000000000000000000000000004, 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xc66dbe66c6018b9b03ee8e71ecbb897bfa98ce2328e8e28fc4ccbbfd5a2a9084",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| medium | math | codex | Allowance accounting is nonstandard and can break ERC20 approval invariants | 75 | no | — |
viewevidence_json{
"evidence": "`approveAndCall` (`selector:0xcae9ca51`) writes slot 6 at `pc:0x2c4`. Standard `allowance` (`selector:0xdd62ed3e`) reads slot 6, while custom view `selector:0xdc3080f2` reads slot 7. `transferFrom` (`selector:0x23b872dd`) checks slot7+amount against slot6 around `pc:0x5c9`-`pc:0x5d1`, then increments slot 7 at `pc:0x682` instead of decrementing slot 6. This is strong bytecode evidence of cumulative-spent accounting rather than remaining allowance.",
"locations": [
"selector:0xcae9ca51",
"selector:0x23b872dd",
"selector:0xdd62ed3e",
"selector:0xdc3080f2",
"pc:0x2c4",
"pc:0x5cc",
"pc:0x682"
],
"recommendation": "Use standard remaining-allowance semantics: either decrement the approval slot directly on `transferFrom`, or reset the cumulative-spent slot whenever a new approval is written. If the cumulative model is intentional, expose only custom interfaces and do not advertise ERC20-compatible `allowance`/`transferFrom` behavior.",
"exploit_scenario": "A spender uses part of an approval, for example 60 out of 100. The owner then calls `approveAndCall(spender, 50, ...)` expecting a fresh allowance of 50. However, `transferFrom` checks `spent[from][spender] + amount <= approved[from][spender]`, so the historical spent value 60 remains in force and every further `transferFrom` reverts until the owner approves more than 60. At the same time, standard `allowance(owner,spender)` still reports 50, so wallets, routers, and other integrations can be misled into attempting transfers that always fail."
}
|
| low | reentrancy | codex | `approveAndCall` performs an untrusted callback after writing approval state | 65 | no | — |
viewevidence_json{
"evidence": "In `approveAndCall` (`selector:0xcae9ca51`), the contract stores approval state before building calldata for selector `0x8f4ffcb1` (`receiveApproval(address,uint256,address,bytes)`) and performing an external `CALL` at `pc:0x385`. The callback target is calldata-derived. Guard detection found no lock, though bytecode-only analysis cannot prove a guard is absent in every path. The external call appears success-checked and likely sends zero ETH, so this is an interaction-order risk rather than a confirmed fund-loss bug.",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "If callback-based approvals are required, restrict them to trusted spender contracts or add explicit reentrancy protection/documentation. Otherwise prefer a plain approval flow without an external callback.",
"exploit_scenario": "A malicious spender contract can be approved through `approveAndCall` and immediately reenter the token during its `receiveApproval(address,uint256,address,bytes)` callback. Because the approval is written before the external call, the spender can use the newly granted allowance inside the callback before the outer function returns. This may be intended behavior for this pattern, but it still creates a reentrancy surface and can surprise integrators that assume approval and post-approval effects are separated."
}
|