019b3836-39f1-72d0-8749-e1e69dbd631b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 4165 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 4166 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 47728 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 47729 | capability.graph | complete | 1 / 3 | 1 week ago |
| 47730 | detector.run | complete | 1 / 3 | 1 week ago |
| 47731 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113279 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Two bytecode-supported issues stand out: the apparent oracle callback path does not bind callbacks to a request id, and multiple low-level ETH transfers ignore call success. I did not raise the detected SELFDESTRUCT as a standalone finding because the bytecode shows an explicit caller==slot2 check before pc 0x1a8, so that path appears owner-gated.","findings":[{"severity":"medium","category":"oracle","title":"Oracle callback appears to ignore the request id and operate on global state","exploit_scenario":"The payable request path (fallback/selector 0xe97dcb62) makes Oraclize-style external calls, including selectors 0x524f3889 and 0xadf59f99, so multiple requests can plausibly be outstanding at once. The callback-like selector 0x27dc297e decodes only the dynamic string argument and never loads the first 32-byte calldata word, which is consistent with an ignored bytes32 query id. If callbacks arrive out of order, the handler will still write to one shared storage area and execute payout logic against shared slots instead of proving which request is being settled. An attacker can spam new requests before older callbacks return, then let legitimate delayed callbacks overwrite the global result and trigger settlement against the latest shared state.","recommendation":"Track each outbound oracle query by its returned id and require the callback to match a stored pending request before mutating state or paying out. Use a mapping keyed by request id, clear it on first use, and reject unknown or already-settled ids. If only one request should ever be live, enforce that invariant explicitly.","evidence":"Selector inference is best-effort, but the pattern is strong: selector 0x27dc297e looks like an Oraclize-style __callback(bytes32,string) because calldata decoding starts from the second ABI slot (pc 0x6b / pc 0x8a) and the first 32-byte argument is never read. The callback path then writes one global dynamic storage value (slot 4 storage logic at pc 0x51e-0x5a4) and uses shared slots 2/3 during payout (pc 0x5a7 onward). The artifact reports only two keccak patterns, both consistent with dynamic storage encoding rather than a mapping keyed by query id.","locations":["selector:0x27dc297e","selector:0xe97dcb62","pc:0x6b","pc:0x8a","pc:0x5a7","pc:0x6e6"]},{"severity":"medium","category":"other","title":"Refund and payout paths use unchecked low-level CALLs","exploit_scenario":"If a caller sends less than the minimum payment, the contract attempts to refund via a raw CALL to msg.sender at pc 0x248 and then continues without checking success. A malicious or incompatible recipient contract can revert or consume gas so the refund silently fails, leaving funds trapped. Likewise, the callback settlement path performs another value-bearing CALL at pc 0x5c9 and ignores the result, so payout failure can leave ETH stuck while the contract still updates global state/result storage as if settlement succeeded.","recommendation":"Replace raw value-transferring CALLs with checked interactions. Revert on failed refunds/payouts, or move to a pull-payment model where balances are credited in storage and withdrawn explicitly. If raw CALL is required, capture the boolean result and handle failure before any state is treated as finalized.","evidence":"The disassembly shows pc 0x248 executing CALL in the under-minimum branch and immediately POPing the result instead of branching on it. The payout path at pc 0x5c9 does the same. The artifact callsite list also marks CALLs with returndata_checked=null. Because these are value-bearing calls and at least one target is untrusted msg.sender, silent failure creates accounting ambiguity and potential stuck funds.","locations":["pc:0x248","pc:0x5c9","selector:0xe97dcb62","selector:0x27dc297e"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-9myv9c09
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c06-3d90-75e0-86d3-3ee7835327ba
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "pwd && ls -la && rg --files -g 'BYTECODE_BUNDLE.json' -g 'AGENTS.md'" in /tmp/codex-9myv9c09
succeeded in 0ms:
/tmp/codex-9myv9c09
total 140
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 05:03 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 05:03 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 103058 Apr 5 05:03 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 05:03 codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "jq '. | {contract_name, chain_id, deployed_bytecode_length, summary_keys:(.summary|keys?), evidence_keys:(.evidence|keys?), callsites_count:(.callsites|length?), storage_slots_count:(.storage_slots|length?), detector_findings_count:(.detector_findings|length?)}' BYTECODE_BUNDLE.json" in /tmp/codex-9myv9c09
succeeded in 0ms:
exec
/bin/bash -lc "jq '.summary' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
null
exec
/bin/bash -lc "jq '.analysis_artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
"address",
"artifact_hash",
"artifact_json",
"block_number",
"chain_id",
"codehash",
"created_at",
"id",
"updated_at",
"version"
]
exec
/bin/bash -lc "jq '.heuristics_summary' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"create2_count": 0,
"delegatecall_count": 0,
"flags": [
"selfdestruct_present"
],
"selfdestruct_count": 1
}
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 11,
"examples": [
{
"opcode": "CALL",
"pc": 238,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 366,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 584,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 11
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x1d11e5eae3112dbd44f99266872ff1d07c77dce8",
"0x33b202966bef633b952747c4955e404a0011fc63",
"0x6f28b146804dba2d6f944c03528a8fdbc673df2c"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 11,
"examples": [
{
"opcode": "CALL",
"pc": 238,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 366,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 584,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x1d11e5eae3112dbd44f99266872ff1d07c77dce8",
"0x33b202966bef633b952747c4955e404a0011fc63",
"0x6f28b146804dba2d6f944c03528a8fdbc673df2c"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17",
"trace_mode": "callTracer"
}
},
{
"confidence": 65,
"evidence_json": {
"guards_detected": [],
"selfdestruct_count": 1
},
"normalized_json": {
"sink": "SELFDESTRUCT"
},
"severity": "high",
"title": "SELFDESTRUCT reachable",
"validated": false,
"validation_json": {
"attempts": 12,
"call_targets": null,
"classification": "no_sink",
"confirmed": false,
"errors": 0,
"matched_probe": null,
"sink": "SELFDESTRUCT",
"status": "unknown",
"target_varies": null,
"trace_id": "0xdf08f04b98fcc6776bc9b6dec997a6985ee85bf1eef97369f379010b63e81287",
"trace_mode": "structLogs"
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '.artifact' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"codehash": "0xf1d621d50175845e12972983eeef9c75411356b0ce6bfc85f5e4ee327ca1b05c",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100565760e060020a600035046327dc297e811461006157806341c0e1b51461017f5780638da5cb5b146101a95780638f655c96146101bb578063e97dcb6214610219578063f6b4dfb414610253575b61026561026761021d565b60408051602060248035600481810135601f810185900485028601850190965285855261026595813595919460449492939092019181908401838280828437509496505050505050506104ee604080516000805460e060020a6338cc483102835292519092600160a060020a0316916338cc4831916004828101926020929190829003018187876161da5a03f1156100025750506040805180516001805473ffffffffffffffffffffffffffffffffffffffff1916909117908190557fc281d19e0000000000000000000000000000000000000000000000000000000082529151600160a060020a0392909216925063c281d19e916004828101926020929190829003018187876161da5a03f1156100025750506040515191505090565b610265600254600160a060020a039081163391909116141561026757600254600160a060020a0316ff5b610269600254600160a060020a031681565b6040805160048054602060026001831615610100026000190190921691909104601f8101829004820284018201909452838352610286939083018282801561031f5780601f106102f45761010080835404028352916020019161031f565b6102655b600066b1a2bc2ec5000034101561032d57604051600160a060020a033316908290349082818181858883f193505050505061032a565b610269600354600160a060020a031681565b005b565b60408051600160a060020a03929092168252519081900360200190f35b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102e65780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b820191906000526020600020905b81548152906001019060200180831161030257829003601f168201915b505050505081565b90505b50565b604080518082018252600c81527f576f6c6672616d416c706861000000000000000000000000000000000000000060208281019190915282518084018452601d81527f72616e646f6d206e756d626572206265747765656e203120616e6420390000008183015260008054855160e060020a6338cc483102815295516103279692959486938493600160a060020a0316926338cc483192600483810193919291829003018187876161da5a03f11561000257505060405180516001805473ffffffffffffffffffffffffffffffffffffffff1916909117908190557f524f388900000000000000000000000000000000000000000000000000000000825260206004838101828152895160248601528951600160a060020a0394909416955063524f3889948a949193849360449092019286820192909182918591839186918e9190601f850104600f02600301f150905090810190601f1680156104a55780820380516001836020036101000a031916815260200191505b50925050506020604051808303816000876161da5a03f11561000257505060405151915050670de0b6b3a764000062030d403a02018111156105d657600091505b509392505050565b600160a060020a031633600160a060020a031614151561050d57610002565b8060046000509080519060200190828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061057457805160ff19168380011785555b506105a49291505b808211156105d25760008155600101610560565b82800160010185558215610558579182015b82811115610558578251826000505591602001919060010190610586565b5050600254600354604051600160a060020a039283169260009216319082818181858883f150505050505050565b5090565b600160009054906101000a9004600160a060020a0316600160a060020a031663adf59f99828787876040518560e060020a0281526004018084815260200180602001806020018381038352858181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156106745780820380516001836020036101000a031916815260200191505b508381038252848181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156106cd5780820380516001836020036101000a031916815260200191505b509550505050505060206040518083038185886185025a03f1156100025750506040515193506104e691505056",
"head": null,
"length": 3576,
"tail": null,
"truncated": false
},
"verified_source": false
}
exec
/bin/bash -lc "jq '.analysis_run' BYTECODE_BUNDLE.json | sed -n '1,220p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"address": "0x33b202966bef633b952747c4955e404a0011fc63",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:56.000000Z",
"id": "019b3836-39f1-72d0-8749-e1e69dbd631b",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:57:06.000000Z"
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.dispatcher_type, .analysis_artifact.artifact_json.selectors, .analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
"selector_jump_table"
[
"0x27dc297e",
"0x41c0e1b5",
"0x8da5cb5b",
"0x8f655c96",
"0xe97dcb62",
"0xf6b4dfb4"
]
[
{
"entry_pc": null,
"selector": "0x27dc297e"
},
{
"entry_pc": 2376452955,
"selector": "0x41c0e1b5"
},
{
"entry_pc": 2405784726,
"selector": "0x8da5cb5b"
},
{
"entry_pc": 3917335394,
"selector": "0x8f655c96"
},
{
"entry_pc": 4139048884,
"selector": "0xe97dcb62"
},
{
"entry_pc": 613,
"selector": "0xf6b4dfb4"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.auth' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"guards": []
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"keccak_count": 2,
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 181,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 255,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 414,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 431,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 451,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 523,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 601,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 920,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1002,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1449,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 1452,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 1500,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json | sed -n '1,320p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 238,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 366,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 584,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 700,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 986,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1147,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1212,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1481,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1610,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1699,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1766,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json | sed -n '1,320p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"call": 11,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 1,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json | sed -n '1,320p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x27dc297e",
"sinks": {
"call": 11,
"delegatecall": 0,
"selfdestruct": 1,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 181,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 255,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 414,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 431,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 451,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 523,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 601,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 920,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1002,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1449,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 1452,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 1500,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2376452955,
"selector": "0x41c0e1b5",
"sinks": {
"call": 11,
"delegatecall": 0,
"selfdestruct": 1,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 181,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 255,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 414,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 431,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 451,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 523,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 601,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 920,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1002,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1449,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 1452,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 1500,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2405784726,
"selector": "0x8da5cb5b",
"sinks": {
"call": 11,
"delegatecall": 0,
"selfdestruct": 1,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 181,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 255,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 414,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 431,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 451,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 523,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 601,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 920,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1002,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1449,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 1452,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 1500,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3917335394,
"selector": "0x8f655c96",
"sinks": {
"call": 11,
"delegatecall": 0,
"selfdestruct": 1,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 181,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 255,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 414,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 431,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 451,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 523,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 601,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 920,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1002,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
exec
/bin/bash -lc 'command -v evm || true; command -v cast || true; command -v hevm || true; command -v python3 || true' in /tmp/codex-9myv9c09
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
/var/www/tripwire/.venv/bin/python3
exec
/bin/bash -lc "jq -r '.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json | cut -c1-420" in /tmp/codex-9myv9c09
succeeded in 0ms:
0x606060405236156100565760e060020a600035046327dc297e811461006157806341c0e1b51461017f5780638da5cb5b146101a95780638f655c96146101bb578063e97dcb6214610219578063f6b4dfb414610253575b61026561026761021d565b60408051602060248035600481810135601f810185900485028601850190965285855261026595813595919460449492939092019181908401838280828437509496505050505050506104ee604080516000805460e060020a6338cc483102835292519092600160a060020a031691
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.basic_blocks | length' BYTECODE_BUNDLE.json" in /tmp/codex-9myv9c09
succeeded in 0ms:
59
exec
/bin/bash -lc "cast disassemble --help | sed -n '1,120p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
Disassembles a hex-encoded bytecode into a human-readable representation
Usage: cast disassemble [OPTIONS] [BYTECODE]
Arguments:
[BYTECODE]
The hex-encoded bytecode
Options:
-h, --help
Print help (see a summary with '-h')
-j, --threads <THREADS>
Number of threads to use. Specifying 0 defaults to the number of logical cores
[aliases: --jobs]
Display options:
--color <COLOR>
The color of the log messages
Possible values:
- auto: Intelligently guess whether to use color output (default)
- always: Force color output
- never: Force disable color output
--json
Format log messages as JSON
--md
Format log messages as Markdown
-q, --quiet
Do not print log messages
-v, --verbosity...
Verbosity level of the log messages.
Pass multiple times to increase the verbosity (e.g. -v, -vv, -vvv).
Depending on the context the verbosity levels have different meanings.
For example, the verbosity levels of the EVM are:
- 2 (-vv): Print logs for all tests.
- 3 (-vvv): Print execution traces for failing tests.
- 4 (-vvvv): Print execution traces for all tests, and setup traces for failing tests.
- 5 (-vvvvv): Print execution and setup traces for all tests, including storage changes
and
backtraces with line numbers.
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0056
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x27dc297e
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0061
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x41c0e1b5
00000025: EQ
00000026: PUSH2 0x017f
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x8da5cb5b
00000030: EQ
00000031: PUSH2 0x01a9
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x8f655c96
0000003b: EQ
0000003c: PUSH2 0x01bb
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0xe97dcb62
00000046: EQ
00000047: PUSH2 0x0219
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xf6b4dfb4
00000051: EQ
00000052: PUSH2 0x0253
00000055: JUMPI
00000056: JUMPDEST
00000057: PUSH2 0x0265
0000005a: PUSH2 0x0267
0000005d: PUSH2 0x021d
00000060: JUMP
00000061: JUMPDEST
00000062: PUSH1 0x40
00000064: DUP1
00000065: MLOAD
00000066: PUSH1 0x20
00000068: PUSH1 0x24
0000006a: DUP1
0000006b: CALLDATALOAD
0000006c: PUSH1 0x04
0000006e: DUP2
0000006f: DUP2
00000070: ADD
00000071: CALLDATALOAD
00000072: PUSH1 0x1f
00000074: DUP2
00000075: ADD
00000076: DUP6
00000077: SWAP1
00000078: DIV
00000079: DUP6
0000007a: MUL
0000007b: DUP7
0000007c: ADD
0000007d: DUP6
0000007e: ADD
0000007f: SWAP1
00000080: SWAP7
00000081: MSTORE
00000082: DUP6
00000083: DUP6
00000084: MSTORE
00000085: PUSH2 0x0265
00000088: SWAP6
00000089: DUP2
0000008a: CALLDATALOAD
0000008b: SWAP6
0000008c: SWAP2
0000008d: SWAP5
0000008e: PUSH1 0x44
00000090: SWAP5
00000091: SWAP3
00000092: SWAP4
00000093: SWAP1
00000094: SWAP3
00000095: ADD
00000096: SWAP2
00000097: DUP2
00000098: SWAP1
00000099: DUP5
0000009a: ADD
0000009b: DUP4
0000009c: DUP3
0000009d: DUP1
0000009e: DUP3
0000009f: DUP5
000000a0: CALLDATACOPY
000000a1: POP
000000a2: SWAP5
000000a3: SWAP7
000000a4: POP
000000a5: POP
000000a6: POP
000000a7: POP
000000a8: POP
000000a9: POP
000000aa: POP
000000ab: PUSH2 0x04ee
000000ae: PUSH1 0x40
000000b0: DUP1
000000b1: MLOAD
000000b2: PUSH1 0x00
000000b4: DUP1
000000b5: SLOAD
000000b6: PUSH1 0xe0
000000b8: PUSH1 0x02
000000ba: EXP
000000bb: PUSH4 0x38cc4831
000000c0: MUL
000000c1: DUP4
000000c2: MSTORE
000000c3: SWAP3
000000c4: MLOAD
000000c5: SWAP1
000000c6: SWAP3
000000c7: PUSH1 0x01
000000c9: PUSH1 0xa0
000000cb: PUSH1 0x02
000000cd: EXP
000000ce: SUB
000000cf: AND
000000d0: SWAP2
000000d1: PUSH4 0x38cc4831
000000d6: SWAP2
000000d7: PUSH1 0x04
000000d9: DUP3
000000da: DUP2
000000db: ADD
000000dc: SWAP3
000000dd: PUSH1 0x20
000000df: SWAP3
000000e0: SWAP2
000000e1: SWAP1
000000e2: DUP3
000000e3: SWAP1
000000e4: SUB
000000e5: ADD
000000e6: DUP2
000000e7: DUP8
000000e8: DUP8
000000e9: PUSH2 0x61da
000000ec: GAS
000000ed: SUB
000000ee: CALL
000000ef: ISZERO
000000f0: PUSH2 0x0002
000000f3: JUMPI
000000f4: POP
000000f5: POP
000000f6: PUSH1 0x40
000000f8: DUP1
000000f9: MLOAD
000000fa: DUP1
000000fb: MLOAD
000000fc: PUSH1 0x01
000000fe: DUP1
000000ff: SLOAD
00000100: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000115: NOT
00000116: AND
00000117: SWAP1
00000118: SWAP2
00000119: OR
0000011a: SWAP1
0000011b: DUP2
0000011c: SWAP1
0000011d: SSTORE
0000011e: PUSH32 0xc281d19e00000000000000000000000000000000000000000000000000000000
0000013f: DUP3
00000140: MSTORE
00000141: SWAP2
00000142: MLOAD
00000143: PUSH1 0x01
00000145: PUSH1 0xa0
00000147: PUSH1 0x02
00000149: EXP
0000014a: SUB
0000014b: SWAP3
0000014c: SWAP1
0000014d: SWAP3
0000014e: AND
0000014f: SWAP3
00000150: POP
00000151: PUSH4 0xc281d19e
00000156: SWAP2
00000157: PUSH1 0x04
00000159: DUP3
0000015a: DUP2
0000015b: ADD
0000015c: SWAP3
0000015d: PUSH1 0x20
0000015f: SWAP3
00000160: SWAP2
00000161: SWAP1
00000162: DUP3
00000163: SWAP1
00000164: SUB
00000165: ADD
00000166: DUP2
00000167: DUP8
00000168: DUP8
00000169: PUSH2 0x61da
0000016c: GAS
0000016d: SUB
0000016e: CALL
0000016f: ISZERO
00000170: PUSH2 0x0002
00000173: JUMPI
00000174: POP
00000175: POP
00000176: PUSH1 0x40
00000178: MLOAD
00000179: MLOAD
0000017a: SWAP2
0000017b: POP
0000017c: POP
0000017d: SWAP1
0000017e: JUMP
0000017f: JUMPDEST
00000180: PUSH2 0x0265
00000183: PUSH1 0x02
00000185: SLOAD
00000186: PUSH1 0x01
00000188: PUSH1 0xa0
0000018a: PUSH1 0x02
0000018c: EXP
0000018d: SUB
0000018e: SWAP1
0000018f: DUP2
00000190: AND
00000191: CALLER
00000192: SWAP2
00000193: SWAP1
00000194: SWAP2
00000195: AND
00000196: EQ
00000197: ISZERO
00000198: PUSH2 0x0267
0000019b: JUMPI
0000019c: PUSH1 0x02
0000019e: SLOAD
0000019f: PUSH1 0x01
000001a1: PUSH1 0xa0
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'260,520p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
000001a1: PUSH1 0xa0
000001a3: PUSH1 0x02
000001a5: EXP
000001a6: SUB
000001a7: AND
000001a8: SELFDESTRUCT
000001a9: JUMPDEST
000001aa: PUSH2 0x0269
000001ad: PUSH1 0x02
000001af: SLOAD
000001b0: PUSH1 0x01
000001b2: PUSH1 0xa0
000001b4: PUSH1 0x02
000001b6: EXP
000001b7: SUB
000001b8: AND
000001b9: DUP2
000001ba: JUMP
000001bb: JUMPDEST
000001bc: PUSH1 0x40
000001be: DUP1
000001bf: MLOAD
000001c0: PUSH1 0x04
000001c2: DUP1
000001c3: SLOAD
000001c4: PUSH1 0x20
000001c6: PUSH1 0x02
000001c8: PUSH1 0x01
000001ca: DUP4
000001cb: AND
000001cc: ISZERO
000001cd: PUSH2 0x0100
000001d0: MUL
000001d1: PUSH1 0x00
000001d3: NOT
000001d4: ADD
000001d5: SWAP1
000001d6: SWAP3
000001d7: AND
000001d8: SWAP2
000001d9: SWAP1
000001da: SWAP2
000001db: DIV
000001dc: PUSH1 0x1f
000001de: DUP2
000001df: ADD
000001e0: DUP3
000001e1: SWAP1
000001e2: DIV
000001e3: DUP3
000001e4: MUL
000001e5: DUP5
000001e6: ADD
000001e7: DUP3
000001e8: ADD
000001e9: SWAP1
000001ea: SWAP5
000001eb: MSTORE
000001ec: DUP4
000001ed: DUP4
000001ee: MSTORE
000001ef: PUSH2 0x0286
000001f2: SWAP4
000001f3: SWAP1
000001f4: DUP4
000001f5: ADD
000001f6: DUP3
000001f7: DUP3
000001f8: DUP1
000001f9: ISZERO
000001fa: PUSH2 0x031f
000001fd: JUMPI
000001fe: DUP1
000001ff: PUSH1 0x1f
00000201: LT
00000202: PUSH2 0x02f4
00000205: JUMPI
00000206: PUSH2 0x0100
00000209: DUP1
0000020a: DUP4
0000020b: SLOAD
0000020c: DIV
0000020d: MUL
0000020e: DUP4
0000020f: MSTORE
00000210: SWAP2
00000211: PUSH1 0x20
00000213: ADD
00000214: SWAP2
00000215: PUSH2 0x031f
00000218: JUMP
00000219: JUMPDEST
0000021a: PUSH2 0x0265
0000021d: JUMPDEST
0000021e: PUSH1 0x00
00000220: PUSH7 0xb1a2bc2ec50000
00000228: CALLVALUE
00000229: LT
0000022a: ISZERO
0000022b: PUSH2 0x032d
0000022e: JUMPI
0000022f: PUSH1 0x40
00000231: MLOAD
00000232: PUSH1 0x01
00000234: PUSH1 0xa0
00000236: PUSH1 0x02
00000238: EXP
00000239: SUB
0000023a: CALLER
0000023b: AND
0000023c: SWAP1
0000023d: DUP3
0000023e: SWAP1
0000023f: CALLVALUE
00000240: SWAP1
00000241: DUP3
00000242: DUP2
00000243: DUP2
00000244: DUP2
00000245: DUP6
00000246: DUP9
00000247: DUP4
00000248: CALL
00000249: SWAP4
0000024a: POP
0000024b: POP
0000024c: POP
0000024d: POP
0000024e: POP
0000024f: PUSH2 0x032a
00000252: JUMP
00000253: JUMPDEST
00000254: PUSH2 0x0269
00000257: PUSH1 0x03
00000259: SLOAD
0000025a: PUSH1 0x01
0000025c: PUSH1 0xa0
0000025e: PUSH1 0x02
00000260: EXP
00000261: SUB
00000262: AND
00000263: DUP2
00000264: JUMP
00000265: JUMPDEST
00000266: STOP
00000267: JUMPDEST
00000268: JUMP
00000269: JUMPDEST
0000026a: PUSH1 0x40
0000026c: DUP1
0000026d: MLOAD
0000026e: PUSH1 0x01
00000270: PUSH1 0xa0
00000272: PUSH1 0x02
00000274: EXP
00000275: SUB
00000276: SWAP3
00000277: SWAP1
00000278: SWAP3
00000279: AND
0000027a: DUP3
0000027b: MSTORE
0000027c: MLOAD
0000027d: SWAP1
0000027e: DUP2
0000027f: SWAP1
00000280: SUB
00000281: PUSH1 0x20
00000283: ADD
00000284: SWAP1
00000285: RETURN
00000286: JUMPDEST
00000287: PUSH1 0x40
00000289: MLOAD
0000028a: DUP1
0000028b: DUP1
0000028c: PUSH1 0x20
0000028e: ADD
0000028f: DUP3
00000290: DUP2
00000291: SUB
00000292: DUP3
00000293: MSTORE
00000294: DUP4
00000295: DUP2
00000296: DUP2
00000297: MLOAD
00000298: DUP2
00000299: MSTORE
0000029a: PUSH1 0x20
0000029c: ADD
0000029d: SWAP2
0000029e: POP
0000029f: DUP1
000002a0: MLOAD
000002a1: SWAP1
000002a2: PUSH1 0x20
000002a4: ADD
000002a5: SWAP1
000002a6: DUP1
000002a7: DUP4
000002a8: DUP4
000002a9: DUP3
000002aa: SWAP1
000002ab: PUSH1 0x00
000002ad: PUSH1 0x04
000002af: PUSH1 0x20
000002b1: DUP5
000002b2: PUSH1 0x1f
000002b4: ADD
000002b5: DIV
000002b6: PUSH1 0x0f
000002b8: MUL
000002b9: PUSH1 0x03
000002bb: ADD
000002bc: CALL
000002bd: POP
000002be: SWAP1
000002bf: POP
000002c0: SWAP1
000002c1: DUP2
000002c2: ADD
000002c3: SWAP1
000002c4: PUSH1 0x1f
000002c6: AND
000002c7: DUP1
000002c8: ISZERO
000002c9: PUSH2 0x02e6
000002cc: JUMPI
000002cd: DUP1
000002ce: DUP3
000002cf: SUB
000002d0: DUP1
000002d1: MLOAD
000002d2: PUSH1 0x01
000002d4: DUP4
000002d5: PUSH1 0x20
000002d7: SUB
000002d8: PUSH2 0x0100
000002db: EXP
000002dc: SUB
000002dd: NOT
000002de: AND
000002df: DUP2
000002e0: MSTORE
000002e1: PUSH1 0x20
000002e3: ADD
000002e4: SWAP2
000002e5: POP
000002e6: JUMPDEST
000002e7: POP
000002e8: SWAP3
000002e9: POP
000002ea: POP
000002eb: POP
000002ec: PUSH1 0x40
000002ee: MLOAD
000002ef: DUP1
000002f0: SWAP2
000002f1: SUB
000002f2: SWAP1
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'520,760p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
000002f2: SWAP1
000002f3: RETURN
000002f4: JUMPDEST
000002f5: DUP3
000002f6: ADD
000002f7: SWAP2
000002f8: SWAP1
000002f9: PUSH1 0x00
000002fb: MSTORE
000002fc: PUSH1 0x20
000002fe: PUSH1 0x00
00000300: KECCAK256
00000301: SWAP1
00000302: JUMPDEST
00000303: DUP2
00000304: SLOAD
00000305: DUP2
00000306: MSTORE
00000307: SWAP1
00000308: PUSH1 0x01
0000030a: ADD
0000030b: SWAP1
0000030c: PUSH1 0x20
0000030e: ADD
0000030f: DUP1
00000310: DUP4
00000311: GT
00000312: PUSH2 0x0302
00000315: JUMPI
00000316: DUP3
00000317: SWAP1
00000318: SUB
00000319: PUSH1 0x1f
0000031b: AND
0000031c: DUP3
0000031d: ADD
0000031e: SWAP2
0000031f: JUMPDEST
00000320: POP
00000321: POP
00000322: POP
00000323: POP
00000324: POP
00000325: DUP2
00000326: JUMP
00000327: JUMPDEST
00000328: SWAP1
00000329: POP
0000032a: JUMPDEST
0000032b: POP
0000032c: JUMP
0000032d: JUMPDEST
0000032e: PUSH1 0x40
00000330: DUP1
00000331: MLOAD
00000332: DUP1
00000333: DUP3
00000334: ADD
00000335: DUP3
00000336: MSTORE
00000337: PUSH1 0x0c
00000339: DUP2
0000033a: MSTORE
0000033b: PUSH32 0x576f6c6672616d416c7068610000000000000000000000000000000000000000
0000035c: PUSH1 0x20
0000035e: DUP3
0000035f: DUP2
00000360: ADD
00000361: SWAP2
00000362: SWAP1
00000363: SWAP2
00000364: MSTORE
00000365: DUP3
00000366: MLOAD
00000367: DUP1
00000368: DUP5
00000369: ADD
0000036a: DUP5
0000036b: MSTORE
0000036c: PUSH1 0x1d
0000036e: DUP2
0000036f: MSTORE
00000370: PUSH32 0x72616e646f6d206e756d626572206265747765656e203120616e642039000000
00000391: DUP2
00000392: DUP4
00000393: ADD
00000394: MSTORE
00000395: PUSH1 0x00
00000397: DUP1
00000398: SLOAD
00000399: DUP6
0000039a: MLOAD
0000039b: PUSH1 0xe0
0000039d: PUSH1 0x02
0000039f: EXP
000003a0: PUSH4 0x38cc4831
000003a5: MUL
000003a6: DUP2
000003a7: MSTORE
000003a8: SWAP6
000003a9: MLOAD
000003aa: PUSH2 0x0327
000003ad: SWAP7
000003ae: SWAP3
000003af: SWAP6
000003b0: SWAP5
000003b1: DUP7
000003b2: SWAP4
000003b3: DUP5
000003b4: SWAP4
000003b5: PUSH1 0x01
000003b7: PUSH1 0xa0
000003b9: PUSH1 0x02
000003bb: EXP
000003bc: SUB
000003bd: AND
000003be: SWAP3
000003bf: PUSH4 0x38cc4831
000003c4: SWAP3
000003c5: PUSH1 0x04
000003c7: DUP4
000003c8: DUP2
000003c9: ADD
000003ca: SWAP4
000003cb: SWAP2
000003cc: SWAP3
000003cd: SWAP2
000003ce: DUP3
000003cf: SWAP1
000003d0: SUB
000003d1: ADD
000003d2: DUP2
000003d3: DUP8
000003d4: DUP8
000003d5: PUSH2 0x61da
000003d8: GAS
000003d9: SUB
000003da: CALL
000003db: ISZERO
000003dc: PUSH2 0x0002
000003df: JUMPI
000003e0: POP
000003e1: POP
000003e2: PUSH1 0x40
000003e4: MLOAD
000003e5: DUP1
000003e6: MLOAD
000003e7: PUSH1 0x01
000003e9: DUP1
000003ea: SLOAD
000003eb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000400: NOT
00000401: AND
00000402: SWAP1
00000403: SWAP2
00000404: OR
00000405: SWAP1
00000406: DUP2
00000407: SWAP1
00000408: SSTORE
00000409: PUSH32 0x524f388900000000000000000000000000000000000000000000000000000000
0000042a: DUP3
0000042b: MSTORE
0000042c: PUSH1 0x20
0000042e: PUSH1 0x04
00000430: DUP4
00000431: DUP2
00000432: ADD
00000433: DUP3
00000434: DUP2
00000435: MSTORE
00000436: DUP10
00000437: MLOAD
00000438: PUSH1 0x24
0000043a: DUP7
0000043b: ADD
0000043c: MSTORE
0000043d: DUP10
0000043e: MLOAD
0000043f: PUSH1 0x01
00000441: PUSH1 0xa0
00000443: PUSH1 0x02
00000445: EXP
00000446: SUB
00000447: SWAP5
00000448: SWAP1
00000449: SWAP5
0000044a: AND
0000044b: SWAP6
0000044c: POP
0000044d: PUSH4 0x524f3889
00000452: SWAP5
00000453: DUP11
00000454: SWAP5
00000455: SWAP2
00000456: SWAP4
00000457: DUP5
00000458: SWAP4
00000459: PUSH1 0x44
0000045b: SWAP1
0000045c: SWAP3
0000045d: ADD
0000045e: SWAP3
0000045f: DUP7
00000460: DUP3
00000461: ADD
00000462: SWAP3
00000463: SWAP1
00000464: SWAP2
00000465: DUP3
00000466: SWAP2
00000467: DUP6
00000468: SWAP2
00000469: DUP4
0000046a: SWAP2
0000046b: DUP7
0000046c: SWAP2
0000046d: DUP15
0000046e: SWAP2
0000046f: SWAP1
00000470: PUSH1 0x1f
00000472: DUP6
00000473: ADD
00000474: DIV
00000475: PUSH1 0x0f
00000477: MUL
00000478: PUSH1 0x03
0000047a: ADD
0000047b: CALL
0000047c: POP
0000047d: SWAP1
0000047e: POP
0000047f: SWAP1
00000480: DUP2
00000481: ADD
00000482: SWAP1
00000483: PUSH1 0x1f
00000485: AND
00000486: DUP1
00000487: ISZERO
00000488: PUSH2 0x04a5
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'760,980p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
00000488: PUSH2 0x04a5
0000048b: JUMPI
0000048c: DUP1
0000048d: DUP3
0000048e: SUB
0000048f: DUP1
00000490: MLOAD
00000491: PUSH1 0x01
00000493: DUP4
00000494: PUSH1 0x20
00000496: SUB
00000497: PUSH2 0x0100
0000049a: EXP
0000049b: SUB
0000049c: NOT
0000049d: AND
0000049e: DUP2
0000049f: MSTORE
000004a0: PUSH1 0x20
000004a2: ADD
000004a3: SWAP2
000004a4: POP
000004a5: JUMPDEST
000004a6: POP
000004a7: SWAP3
000004a8: POP
000004a9: POP
000004aa: POP
000004ab: PUSH1 0x20
000004ad: PUSH1 0x40
000004af: MLOAD
000004b0: DUP1
000004b1: DUP4
000004b2: SUB
000004b3: DUP2
000004b4: PUSH1 0x00
000004b6: DUP8
000004b7: PUSH2 0x61da
000004ba: GAS
000004bb: SUB
000004bc: CALL
000004bd: ISZERO
000004be: PUSH2 0x0002
000004c1: JUMPI
000004c2: POP
000004c3: POP
000004c4: PUSH1 0x40
000004c6: MLOAD
000004c7: MLOAD
000004c8: SWAP2
000004c9: POP
000004ca: POP
000004cb: PUSH8 0x0de0b6b3a7640000
000004d4: PUSH3 0x030d40
000004d8: GASPRICE
000004d9: MUL
000004da: ADD
000004db: DUP2
000004dc: GT
000004dd: ISZERO
000004de: PUSH2 0x05d6
000004e1: JUMPI
000004e2: PUSH1 0x00
000004e4: SWAP2
000004e5: POP
000004e6: JUMPDEST
000004e7: POP
000004e8: SWAP4
000004e9: SWAP3
000004ea: POP
000004eb: POP
000004ec: POP
000004ed: JUMP
000004ee: JUMPDEST
000004ef: PUSH1 0x01
000004f1: PUSH1 0xa0
000004f3: PUSH1 0x02
000004f5: EXP
000004f6: SUB
000004f7: AND
000004f8: CALLER
000004f9: PUSH1 0x01
000004fb: PUSH1 0xa0
000004fd: PUSH1 0x02
000004ff: EXP
00000500: SUB
00000501: AND
00000502: EQ
00000503: ISZERO
00000504: ISZERO
00000505: PUSH2 0x050d
00000508: JUMPI
00000509: PUSH2 0x0002
0000050c: JUMP
0000050d: JUMPDEST
0000050e: DUP1
0000050f: PUSH1 0x04
00000511: PUSH1 0x00
00000513: POP
00000514: SWAP1
00000515: DUP1
00000516: MLOAD
00000517: SWAP1
00000518: PUSH1 0x20
0000051a: ADD
0000051b: SWAP1
0000051c: DUP3
0000051d: DUP1
0000051e: SLOAD
0000051f: PUSH1 0x01
00000521: DUP2
00000522: PUSH1 0x01
00000524: AND
00000525: ISZERO
00000526: PUSH2 0x0100
00000529: MUL
0000052a: SUB
0000052b: AND
0000052c: PUSH1 0x02
0000052e: SWAP1
0000052f: DIV
00000530: SWAP1
00000531: PUSH1 0x00
00000533: MSTORE
00000534: PUSH1 0x20
00000536: PUSH1 0x00
00000538: KECCAK256
00000539: SWAP1
0000053a: PUSH1 0x1f
0000053c: ADD
0000053d: PUSH1 0x20
0000053f: SWAP1
00000540: DIV
00000541: DUP2
00000542: ADD
00000543: SWAP3
00000544: DUP3
00000545: PUSH1 0x1f
00000547: LT
00000548: PUSH2 0x0574
0000054b: JUMPI
0000054c: DUP1
0000054d: MLOAD
0000054e: PUSH1 0xff
00000550: NOT
00000551: AND
00000552: DUP4
00000553: DUP1
00000554: ADD
00000555: OR
00000556: DUP6
00000557: SSTORE
00000558: JUMPDEST
00000559: POP
0000055a: PUSH2 0x05a4
0000055d: SWAP3
0000055e: SWAP2
0000055f: POP
00000560: JUMPDEST
00000561: DUP1
00000562: DUP3
00000563: GT
00000564: ISZERO
00000565: PUSH2 0x05d2
00000568: JUMPI
00000569: PUSH1 0x00
0000056b: DUP2
0000056c: SSTORE
0000056d: PUSH1 0x01
0000056f: ADD
00000570: PUSH2 0x0560
00000573: JUMP
00000574: JUMPDEST
00000575: DUP3
00000576: DUP1
00000577: ADD
00000578: PUSH1 0x01
0000057a: ADD
0000057b: DUP6
0000057c: SSTORE
0000057d: DUP3
0000057e: ISZERO
0000057f: PUSH2 0x0558
00000582: JUMPI
00000583: SWAP2
00000584: DUP3
00000585: ADD
00000586: JUMPDEST
00000587: DUP3
00000588: DUP2
00000589: GT
0000058a: ISZERO
0000058b: PUSH2 0x0558
0000058e: JUMPI
0000058f: DUP3
00000590: MLOAD
00000591: DUP3
00000592: PUSH1 0x00
00000594: POP
00000595: SSTORE
00000596: SWAP2
00000597: PUSH1 0x20
00000599: ADD
0000059a: SWAP2
0000059b: SWAP1
0000059c: PUSH1 0x01
0000059e: ADD
0000059f: SWAP1
000005a0: PUSH2 0x0586
000005a3: JUMP
000005a4: JUMPDEST
000005a5: POP
000005a6: POP
000005a7: PUSH1 0x02
000005a9: SLOAD
000005aa: PUSH1 0x03
000005ac: SLOAD
000005ad: PUSH1 0x40
000005af: MLOAD
000005b0: PUSH1 0x01
000005b2: PUSH1 0xa0
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'980,1160p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
000005b2: PUSH1 0xa0
000005b4: PUSH1 0x02
000005b6: EXP
000005b7: SUB
000005b8: SWAP3
000005b9: DUP4
000005ba: AND
000005bb: SWAP3
000005bc: PUSH1 0x00
000005be: SWAP3
000005bf: AND
000005c0: BALANCE
000005c1: SWAP1
000005c2: DUP3
000005c3: DUP2
000005c4: DUP2
000005c5: DUP2
000005c6: DUP6
000005c7: DUP9
000005c8: DUP4
000005c9: CALL
000005ca: POP
000005cb: POP
000005cc: POP
000005cd: POP
000005ce: POP
000005cf: POP
000005d0: POP
000005d1: JUMP
000005d2: JUMPDEST
000005d3: POP
000005d4: SWAP1
000005d5: JUMP
000005d6: JUMPDEST
000005d7: PUSH1 0x01
000005d9: PUSH1 0x00
000005db: SWAP1
000005dc: SLOAD
000005dd: SWAP1
000005de: PUSH2 0x0100
000005e1: EXP
000005e2: SWAP1
000005e3: DIV
000005e4: PUSH1 0x01
000005e6: PUSH1 0xa0
000005e8: PUSH1 0x02
000005ea: EXP
000005eb: SUB
000005ec: AND
000005ed: PUSH1 0x01
000005ef: PUSH1 0xa0
000005f1: PUSH1 0x02
000005f3: EXP
000005f4: SUB
000005f5: AND
000005f6: PUSH4 0xadf59f99
000005fb: DUP3
000005fc: DUP8
000005fd: DUP8
000005fe: DUP8
000005ff: PUSH1 0x40
00000601: MLOAD
00000602: DUP6
00000603: PUSH1 0xe0
00000605: PUSH1 0x02
00000607: EXP
00000608: MUL
00000609: DUP2
0000060a: MSTORE
0000060b: PUSH1 0x04
0000060d: ADD
0000060e: DUP1
0000060f: DUP5
00000610: DUP2
00000611: MSTORE
00000612: PUSH1 0x20
00000614: ADD
00000615: DUP1
00000616: PUSH1 0x20
00000618: ADD
00000619: DUP1
0000061a: PUSH1 0x20
0000061c: ADD
0000061d: DUP4
0000061e: DUP2
0000061f: SUB
00000620: DUP4
00000621: MSTORE
00000622: DUP6
00000623: DUP2
00000624: DUP2
00000625: MLOAD
00000626: DUP2
00000627: MSTORE
00000628: PUSH1 0x20
0000062a: ADD
0000062b: SWAP2
0000062c: POP
0000062d: DUP1
0000062e: MLOAD
0000062f: SWAP1
00000630: PUSH1 0x20
00000632: ADD
00000633: SWAP1
00000634: DUP1
00000635: DUP4
00000636: DUP4
00000637: DUP3
00000638: SWAP1
00000639: PUSH1 0x00
0000063b: PUSH1 0x04
0000063d: PUSH1 0x20
0000063f: DUP5
00000640: PUSH1 0x1f
00000642: ADD
00000643: DIV
00000644: PUSH1 0x0f
00000646: MUL
00000647: PUSH1 0x03
00000649: ADD
0000064a: CALL
0000064b: POP
0000064c: SWAP1
0000064d: POP
0000064e: SWAP1
0000064f: DUP2
00000650: ADD
00000651: SWAP1
00000652: PUSH1 0x1f
00000654: AND
00000655: DUP1
00000656: ISZERO
00000657: PUSH2 0x0674
0000065a: JUMPI
0000065b: DUP1
0000065c: DUP3
0000065d: SUB
0000065e: DUP1
0000065f: MLOAD
00000660: PUSH1 0x01
00000662: DUP4
00000663: PUSH1 0x20
00000665: SUB
00000666: PUSH2 0x0100
00000669: EXP
0000066a: SUB
0000066b: NOT
0000066c: AND
0000066d: DUP2
0000066e: MSTORE
0000066f: PUSH1 0x20
00000671: ADD
00000672: SWAP2
00000673: POP
00000674: JUMPDEST
00000675: POP
00000676: DUP4
00000677: DUP2
00000678: SUB
00000679: DUP3
0000067a: MSTORE
0000067b: DUP5
0000067c: DUP2
0000067d: DUP2
0000067e: MLOAD
0000067f: DUP2
00000680: MSTORE
00000681: PUSH1 0x20
00000683: ADD
00000684: SWAP2
00000685: POP
00000686: DUP1
00000687: MLOAD
00000688: SWAP1
00000689: PUSH1 0x20
0000068b: ADD
0000068c: SWAP1
0000068d: DUP1
0000068e: DUP4
0000068f: DUP4
00000690: DUP3
exec
/bin/bash -lc 'BYTECODE=$(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json); cast disassemble \""'$BYTECODE" | sed -n '"'1160,1320p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
00000690: DUP3
00000691: SWAP1
00000692: PUSH1 0x00
00000694: PUSH1 0x04
00000696: PUSH1 0x20
00000698: DUP5
00000699: PUSH1 0x1f
0000069b: ADD
0000069c: DIV
0000069d: PUSH1 0x0f
0000069f: MUL
000006a0: PUSH1 0x03
000006a2: ADD
000006a3: CALL
000006a4: POP
000006a5: SWAP1
000006a6: POP
000006a7: SWAP1
000006a8: DUP2
000006a9: ADD
000006aa: SWAP1
000006ab: PUSH1 0x1f
000006ad: AND
000006ae: DUP1
000006af: ISZERO
000006b0: PUSH2 0x06cd
000006b3: JUMPI
000006b4: DUP1
000006b5: DUP3
000006b6: SUB
000006b7: DUP1
000006b8: MLOAD
000006b9: PUSH1 0x01
000006bb: DUP4
000006bc: PUSH1 0x20
000006be: SUB
000006bf: PUSH2 0x0100
000006c2: EXP
000006c3: SUB
000006c4: NOT
000006c5: AND
000006c6: DUP2
000006c7: MSTORE
000006c8: PUSH1 0x20
000006ca: ADD
000006cb: SWAP2
000006cc: POP
000006cd: JUMPDEST
000006ce: POP
000006cf: SWAP6
000006d0: POP
000006d1: POP
000006d2: POP
000006d3: POP
000006d4: POP
000006d5: POP
000006d6: PUSH1 0x20
000006d8: PUSH1 0x40
000006da: MLOAD
000006db: DUP1
000006dc: DUP4
000006dd: SUB
000006de: DUP2
000006df: DUP6
000006e0: DUP9
000006e1: PUSH2 0x8502
000006e4: GAS
000006e5: SUB
000006e6: CALL
000006e7: ISZERO
000006e8: PUSH2 0x0002
000006eb: JUMPI
000006ec: POP
000006ed: POP
000006ee: PUSH1 0x40
000006f0: MLOAD
000006f1: MLOAD
000006f2: SWAP4
000006f3: POP
000006f4: PUSH2 0x04e6
000006f7: SWAP2
000006f8: POP
000006f9: POP
000006fa: JUMP
exec
/bin/bash -lc "jq '.capability_graph' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
{
"address": "0x33b202966bef633b952747c4955e404a0011fc63",
"block_number": null,
"chain_id": 1,
"codehash": "0xf1d621d50175845e12972983eeef9c75411356b0ce6bfc85f5e4ee327ca1b05c",
"created_at": "2026-04-04T19:57:06.000000Z",
"graph_hash": "0x5fa5c8ed7625709d219cbe37ed344911995d5c3129dc3f7ff89b46fdd784f1c1",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:86",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:97",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:383",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:425",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:443",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:537",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:595",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:541",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:244",
"type": "control_flow_fallthrough"
},
{
"from": "bb:244",
"to": "bb:372",
"type": "control_flow_fallthrough"
},
{
"from": "bb:383",
"to": "bb:615",
"type": "control_flow"
},
{
"from": "bb:383",
"to": "bb:412",
"type": "control_flow_fallthrough"
},
{
"from": "bb:443",
"to": "bb:799",
"type": "control_flow"
},
{
"from": "bb:443",
"to": "bb:510",
"type": "control_flow_fallthrough"
},
{
"from": "bb:510",
"to": "bb:756",
"type": "control_flow"
},
{
"from": "bb:510",
"to": "bb:518",
"type": "control_flow_fallthrough"
},
{
"from": "bb:518",
"to": "bb:799",
"type": "control_flow"
},
{
"from": "bb:537",
"to": "bb:541",
"type": "control_flow_fallthrough"
},
{
"from": "bb:541",
"to": "bb:813",
"type": "control_flow"
},
{
"from": "bb:541",
"to": "bb:559",
"type": "control_flow_fallthrough"
},
{
"from": "bb:559",
"to": "bb:810",
"type": "control_flow"
},
{
"from": "bb:646",
"to": "bb:742",
"type": "control_flow"
},
{
"from": "bb:646",
"to": "bb:717",
"type": "control_flow_fallthrough"
},
{
"from": "bb:717",
"to": "bb:742",
"type": "control_flow_fallthrough"
},
{
"from": "bb:756",
"to": "bb:770",
"type": "control_flow_fallthrough"
},
{
"from": "bb:770",
"to": "bb:770",
"type": "control_flow"
},
{
"from": "bb:770",
"to": "bb:790",
"type": "control_flow_fallthrough"
},
{
"from": "bb:790",
"to": "bb:799",
"type": "control_flow_fallthrough"
},
{
"from": "bb:807",
"to": "bb:810",
"type": "control_flow_fallthrough"
},
{
"from": "bb:813",
"to": "bb:992",
"type": "control_flow_fallthrough"
},
{
"from": "bb:992",
"to": "bb:1189",
"type": "control_flow"
},
{
"from": "bb:992",
"to": "bb:1164",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1164",
"to": "bb:1189",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1189",
"to": "bb:1218",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1218",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:1218",
"to": "bb:1250",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1250",
"to": "bb:1254",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1262",
"to": "bb:1293",
"type": "control_flow"
},
{
"from": "bb:1262",
"to": "bb:1289",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1293",
"to": "bb:1396",
"type": "control_flow"
},
{
"from": "bb:1293",
"to": "bb:1356",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1356",
"to": "bb:1368",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1368",
"to": "bb:1376",
"type": "control_flow_fallthrough"
},
{
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.cfg_edges[:120]' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
{
"from": "bb:0",
"to": "bb:86",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:97",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:383",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:425",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:443",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:537",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:595",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:541",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:244",
"type": "control_flow_fallthrough"
},
{
"from": "bb:244",
"to": "bb:372",
"type": "control_flow_fallthrough"
},
{
"from": "bb:383",
"to": "bb:615",
"type": "control_flow"
},
{
"from": "bb:383",
"to": "bb:412",
"type": "control_flow_fallthrough"
},
{
"from": "bb:443",
"to": "bb:799",
"type": "control_flow"
},
{
"from": "bb:443",
"to": "bb:510",
"type": "control_flow_fallthrough"
},
{
"from": "bb:510",
"to": "bb:756",
"type": "control_flow"
},
{
"from": "bb:510",
"to": "bb:518",
"type": "control_flow_fallthrough"
},
{
"from": "bb:518",
"to": "bb:799",
"type": "control_flow"
},
{
"from": "bb:537",
"to": "bb:541",
"type": "control_flow_fallthrough"
},
{
"from": "bb:541",
"to": "bb:813",
"type": "control_flow"
},
{
"from": "bb:541",
"to": "bb:559",
"type": "control_flow_fallthrough"
},
{
"from": "bb:559",
"to": "bb:810",
"type": "control_flow"
},
{
"from": "bb:646",
"to": "bb:742",
"type": "control_flow"
},
{
"from": "bb:646",
"to": "bb:717",
"type": "control_flow_fallthrough"
},
{
"from": "bb:717",
"to": "bb:742",
"type": "control_flow_fallthrough"
},
{
"from": "bb:756",
"to": "bb:770",
"type": "control_flow_fallthrough"
},
{
"from": "bb:770",
"to": "bb:770",
"type": "control_flow"
},
{
"from": "bb:770",
"to": "bb:790",
"type": "control_flow_fallthrough"
},
{
"from": "bb:790",
"to": "bb:799",
"type": "control_flow_fallthrough"
},
{
"from": "bb:807",
"to": "bb:810",
"type": "control_flow_fallthrough"
},
{
"from": "bb:813",
"to": "bb:992",
"type": "control_flow_fallthrough"
},
{
"from": "bb:992",
"to": "bb:1189",
"type": "control_flow"
},
{
"from": "bb:992",
"to": "bb:1164",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1164",
"to": "bb:1189",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1189",
"to": "bb:1218",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1218",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:1218",
"to": "bb:1250",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1250",
"to": "bb:1254",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1262",
"to": "bb:1293",
"type": "control_flow"
},
{
"from": "bb:1262",
"to": "bb:1289",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1293",
"to": "bb:1396",
"type": "control_flow"
},
{
"from": "bb:1293",
"to": "bb:1356",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1356",
"to": "bb:1368",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1368",
"to": "bb:1376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1376",
"to": "bb:1490",
"type": "control_flow"
},
{
"from": "bb:1376",
"to": "bb:1385",
"type": "control_flow_fallthrough"
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.basic_blocks[:40]' BYTECODE_BUNDLE.json | sed -n '1,260p'" in /tmp/codex-9myv9c09
succeeded in 0ms:
[
{
"end_pc": 10,
"hash": "0xd3735ca9c20e935b30a407d576a537251104b99507f47da2b56ac0d6547da5e0",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x0f08f13f8459407321e5a60eefd53a675ee39026f476ddd0534a0c47875c1bfd",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0x5497194539be33a0a420def65f3b7dd2160efef896c49c273e5ea5a9a5c20755",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x87543067d5af0fef116e7914a302ae9f3bc254aaad274f1adcdb545925a9b044",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x7fa7dbad01a383a30afe6974ec531ea1362580d318477286e4d38863ba1c23f3",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0x6d4814f11bc64d148c26746138a53bbb46153a01e522f000a419834a15aae726",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x72a75ce969333868b449873eb503acaeefe107eae24b34562e21f568550dbe50",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0xd3299cf07a9f5f20915f03e35eed64160070502fbac6992b3bffbc979823beb5",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 86
},
{
"end_pc": 243,
"hash": "0x1aad83bfdea78313ea343e15e43b5a045af772616807090950125da7bf4fd180",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"PUSH1",
"OP_80",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"OP_81",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_85",
"OP_90",
"DIV",
"OP_85",
"MUL",
"OP_86",
"ADD",
"OP_85",
"ADD",
"OP_90",
"OP_96",
"MSTORE",
"OP_85",
"OP_85",
"MSTORE",
"PUSH2",
"OP_95",
"OP_81",
"CALLDATALOAD",
"OP_95",
"OP_91",
"OP_94",
"PUSH1",
"OP_94",
"OP_92",
"OP_93",
"OP_90",
"OP_92",
"ADD",
"OP_91",
"OP_81",
"OP_90",
"OP_84",
"ADD",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"OP_94",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH2",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"EXP",
"PUSH4",
"MUL",
"OP_83",
"MSTORE",
"OP_92",
"MLOAD",
"OP_90",
"OP_92",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_91",
"PUSH4",
"OP_91",
"PUSH1",
"OP_82",
"OP_81",
"ADD",
"OP_92",
"PUSH1",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_90",
"SUB",
"ADD",
"OP_81",
"OP_87",
"OP_87",
"PUSH2",
"GAS",
"SUB",
"CALL",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 371,
"hash": "0xb0a3b751ca97e9523581a96cf748d6d22c9c7aea544dc45927cfbbe3faf908f5",
"opcodes": [
"POP",
"POP",
"PUSH1",
"OP_80",
"MLOAD",
"OP_80",
"MLOAD",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH20",
"NOT",
"AND",
"OP_90",
"OP_91",
"OR",
"OP_90",
"OP_81",
"OP_90",
"SSTORE",
"PUSH32",
"OP_82",
"MSTORE",
"OP_91",
"MLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
web search:
web search: 4byte 0x38cc4831
web search:
web search: site:4byte.directory 0x38cc4831
web search:
web search: https://www.4byte.directory/signatures/?page=253&sort=bytes_signature
web search:
web search: site:4byte.directory "0x38cc4831" "Ethereum Signature Database"
web search:
web search:
web search:
web search: "0x38cc4831"
web search:
web search: site:4byte.directory "0xc281d19e"
web search:
web search: "0xc281d19e" ethereum
web search:
web search: "0x33b202966bef633b952747c4955e404a0011fc63"
web search:
web search: site:etherscan.io/address "0x33b202966bef633b952747c4955e404a0011fc63"
web search:
web search: "0x1d11e5eae3112dbd44f99266872ff1d07c77dce8"
web search:
web search: "0x6f28b146804dba2d6f944c03528a8fdbc673df2c"
web search:
web search: "WolframAlpha" "random number between 1 and 9" solidity
web search:
web search: "WolframAlpha" "random number between 1 and 9" "owner()" solidity
web search:
web search: "0x41c0e1b5" solidity
web search:
web search: site:ethervm.io/decompile "0x33b202966bef633b952747c4955e404a0011fc63"
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-9myv9c09
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
codex
{"no_findings":false,"summary":"Two bytecode-supported issues stand out: the apparent oracle callback path does not bind callbacks to a request id, and multiple low-level ETH transfers ignore call success. I did not raise the detected SELFDESTRUCT as a standalone finding because the bytecode shows an explicit caller==slot2 check before pc 0x1a8, so that path appears owner-gated.","findings":[{"severity":"medium","category":"oracle","title":"Oracle callback appears to ignore the request id and operate on global state","exploit_scenario":"The payable request path (fallback/selector 0xe97dcb62) makes Oraclize-style external calls, including selectors 0x524f3889 and 0xadf59f99, so multiple requests can plausibly be outstanding at once. The callback-like selector 0x27dc297e decodes only the dynamic string argument and never loads the first 32-byte calldata word, which is consistent with an ignored bytes32 query id. If callbacks arrive out of order, the handler will still write to one shared storage area and execute payout logic against shared slots instead of proving which request is being settled. An attacker can spam new requests before older callbacks return, then let legitimate delayed callbacks overwrite the global result and trigger settlement against the latest shared state.","recommendation":"Track each outbound oracle query by its returned id and require the callback to match a stored pending request before mutating state or paying out. Use a mapping keyed by request id, clear it on first use, and reject unknown or already-settled ids. If only one request should ever be live, enforce that invariant explicitly.","evidence":"Selector inference is best-effort, but the pattern is strong: selector 0x27dc297e looks like an Oraclize-style __callback(bytes32,string) because calldata decoding starts from the second ABI slot (pc 0x6b / pc 0x8a) and the first 32-byte argument is never read. The callback path then writes one global dynamic storage value (slot 4 storage logic at pc 0x51e-0x5a4) and uses shared slots 2/3 during payout (pc 0x5a7 onward). The artifact reports only two keccak patterns, both consistent with dynamic storage encoding rather than a mapping keyed by query id.","locations":["selector:0x27dc297e","selector:0xe97dcb62","pc:0x6b","pc:0x8a","pc:0x5a7","pc:0x6e6"]},{"severity":"medium","category":"other","title":"Refund and payout paths use unchecked low-level CALLs","exploit_scenario":"If a caller sends less than the minimum payment, the contract attempts to refund via a raw CALL to msg.sender at pc 0x248 and then continues without checking success. A malicious or incompatible recipient contract can revert or consume gas so the refund silently fails, leaving funds trapped. Likewise, the callback settlement path performs another value-bearing CALL at pc 0x5c9 and ignores the result, so payout failure can leave ETH stuck while the contract still updates global state/result storage as if settlement succeeded.","recommendation":"Replace raw value-transferring CALLs with checked interactions. Revert on failed refunds/payouts, or move to a pull-payment model where balances are credited in storage and withdrawn explicitly. If raw CALL is required, capture the boolean result and handle failure before any state is treated as finalized.","evidence":"The disassembly shows pc 0x248 executing CALL in the under-minimum branch and immediately POPing the result instead of branching on it. The payout path at pc 0x5c9 does the same. The artifact callsite list also marks CALLs with returndata_checked=null. Because these are value-bearing calls and at least one target is untrusted msg.sender, silent failure creates accounting ambiguity and potential stuck funds.","locations":["pc:0x248","pc:0x5c9","selector:0xe97dcb62","selector:0x27dc297e"]}]}
tokens used
128,909
{
"codex": {
"ran_at": "2026-04-05T05:08:43.871780+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3576,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Two bytecode-supported issues stand out: the apparent oracle callback path does not bind callbacks to a request id, and multiple low-level ETH transfers ignore call success. I did not raise the detected SELFDESTRUCT as a standalone finding because the bytecode shows an explicit caller==slot2 check before pc 0x1a8, so that path appears owner-gated.",
"raw_final": {
"summary": "Two bytecode-supported issues stand out: the apparent oracle callback path does not bind callbacks to a request id, and multiple low-level ETH transfers ignore call success. I did not raise the detected SELFDESTRUCT as a standalone finding because the bytecode shows an explicit caller==slot2 check before pc 0x1a8, so that path appears owner-gated.",
"findings": [
{
"title": "Oracle callback appears to ignore the request id and operate on global state",
"category": "oracle",
"evidence": "Selector inference is best-effort, but the pattern is strong: selector 0x27dc297e looks like an Oraclize-style __callback(bytes32,string) because calldata decoding starts from the second ABI slot (pc 0x6b / pc 0x8a) and the first 32-byte argument is never read. The callback path then writes one global dynamic storage value (slot 4 storage logic at pc 0x51e-0x5a4) and uses shared slots 2/3 during payout (pc 0x5a7 onward). The artifact reports only two keccak patterns, both consistent with dynamic storage encoding rather than a mapping keyed by query id.",
"severity": "medium",
"locations": [
"selector:0x27dc297e",
"selector:0xe97dcb62",
"pc:0x6b",
"pc:0x8a",
"pc:0x5a7",
"pc:0x6e6"
],
"recommendation": "Track each outbound oracle query by its returned id and require the callback to match a stored pending request before mutating state or paying out. Use a mapping keyed by request id, clear it on first use, and reject unknown or already-settled ids. If only one request should ever be live, enforce that invariant explicitly.",
"exploit_scenario": "The payable request path (fallback/selector 0xe97dcb62) makes Oraclize-style external calls, including selectors 0x524f3889 and 0xadf59f99, so multiple requests can plausibly be outstanding at once. The callback-like selector 0x27dc297e decodes only the dynamic string argument and never loads the first 32-byte calldata word, which is consistent with an ignored bytes32 query id. If callbacks arrive out of order, the handler will still write to one shared storage area and execute payout logic against shared slots instead of proving which request is being settled. An attacker can spam new requests before older callbacks return, then let legitimate delayed callbacks overwrite the global result and trigger settlement against the latest shared state."
},
{
"title": "Refund and payout paths use unchecked low-level CALLs",
"category": "other",
"evidence": "The disassembly shows pc 0x248 executing CALL in the under-minimum branch and immediately POPing the result instead of branching on it. The payout path at pc 0x5c9 does the same. The artifact callsite list also marks CALLs with returndata_checked=null. Because these are value-bearing calls and at least one target is untrusted msg.sender, silent failure creates accounting ambiguity and potential stuck funds.",
"severity": "medium",
"locations": [
"pc:0x248",
"pc:0x5c9",
"selector:0xe97dcb62",
"selector:0x27dc297e"
],
"recommendation": "Replace raw value-transferring CALLs with checked interactions. Revert on failed refunds/payouts, or move to a pull-payment model where balances are credited in storage and withdrawn explicitly. If raw CALL is required, capture the boolean result and handle failure before any state is treated as finalized.",
"exploit_scenario": "If a caller sends less than the minimum payment, the contract attempts to refund via a raw CALL to msg.sender at pc 0x248 and then continues without checking success. A malicious or incompatible recipient contract can revert or consume gas so the refund silently fails, leaving funds trapped. Likewise, the callback settlement path performs another value-bearing CALL at pc 0x5c9 and ignores the result, so payout failure can leave ETH stuck while the contract still updates global state/result storage as if settlement succeeded."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0056 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x27dc297e 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0061 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x41c0e1b5 00000025: EQ 00000026: PUSH2 0x017f 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x8da5cb5b 00000030: EQ 00000031: PUSH2 0x01a9 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x8f655c96 0000003b: EQ 0000003c: PUSH2 0x01bb 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0xe97dcb62 00000046: EQ 00000047: PUSH2 0x0219 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xf6b4dfb4 00000051: EQ 00000052: PUSH2 0x0253 00000055: JUMPI 00000056: JUMPDEST 00000057: PUSH2 0x0265 0000005a: PUSH2 0x0267 0000005d: PUSH2 0x021d 00000060: JUMP 00000061: JUMPDEST 00000062: PUSH1 0x40 00000064: DUP1 00000065: MLOAD 00000066: PUSH1 0x20 00000068: PUSH1 0x24 0000006a: DUP1 0000006b: CALLDATALOAD 0000006c: PUSH1 0x04 0000006e: DUP2 0000006f: DUP2 00000070: ADD 00000071: CALLDATALOAD 00000072: PUSH1 0x1f 00000074: DUP2 00000075: ADD 00000076: DUP6 00000077: SWAP1 00000078: DIV 00000079: DUP6 0000007a: MUL 0000007b: DUP7 0000007c: ADD 0000007d: DUP6 0000007e: ADD 0000007f: SWAP1 00000080: SWAP7 00000081: MSTORE 00000082: DUP6 00000083: DUP6 00000084: MSTORE 00000085: PUSH2 0x0265 00000088: SWAP6 00000089: DUP2 0000008a: CALLDATALOAD 0000008b: SWAP6 0000008c: SWAP2 0000008d: SWAP5 0000008e: PUSH1 0x44 00000090: SWAP5 00000091: SWAP3 00000092: SWAP4 00000093: SWAP1 00000094: SWAP3 00000095: ADD 00000096: SWAP2 00000097: DUP2 00000098: SWAP1 00000099: DUP5 0000009a: ADD 0000009b: DUP4 0000009c: DUP3 0000009d: DUP1 0000009e: DUP3 0000009f: DUP5 000000a0: CALLDATACOPY 000000a1: POP 000000a2: SWAP5 000000a3: SWAP7 000000a4: POP 000000a5: POP 000000a6: POP 000000a7: POP 000000a8: POP 000000a9: POP 000000aa: POP 000000ab: PUSH2 0x04ee 000000ae: PUSH1 0x40 000000b0: DUP1 000000b1: MLOAD 000000b2: PUSH1 0x00 000000b4: DUP1 000000b5: SLOAD 000000b6: PUSH1 0xe0 000000b8: PUSH1 0x02 000000ba: EXP 000000bb: PUSH4 0x38cc4831 000000c0: MUL 000000c1: DUP4 000000c2: MSTORE 000000c3: SWAP3 000000c4: MLOAD 000000c5: SWAP1 000000c6: SWAP3 000000c7: PUSH1 0x01 000000c9: PUSH1 0xa0 000000cb: PUSH1 0x02 000000cd: EXP 000000ce: SUB 000000cf: AND 000000d0: SWAP2 000000d1: PUSH4 0x38cc4831 000000d6: SWAP2 000000d7: PUSH1 0x04 000000d9: DUP3 000000da: DUP2 000000db: ADD 000000dc: SWAP3 000000dd: PUSH1 0x20 000000df: SWAP3 000000e0: SWAP2 000000e1: SWAP1 000000e2: DUP3 000000e3: SWAP1 000000e4: SUB 000000e5: ADD 000000e6: DUP2 000000e7: DUP8 000000e8: DUP8 000000e9: PUSH2 0x61da 000000ec: GAS 000000ed: SUB 000000ee: CALL 000000ef: ISZERO 000000f0: PUSH2 0x0002 000000f3: JUMPI 000000f4: POP 000000f5: POP 000000f6: PUSH1 0x40 000000f8: DUP1 000000f9: MLOAD 000000fa: DUP1 000000fb: MLOAD 000000fc: PUSH1 0x01 000000fe: DUP1 000000ff: SLOAD 00000100: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000115: NOT 00000116: AND 00000117: SWAP1 00000118: SWAP2 00000119: OR 0000011a: SWAP1 0000011b: DUP2 0000011c: SWAP1 0000011d: SSTORE 0000011e: PUSH32 0xc281d19e00000000000000000000000000000000000000000000000000000000 0000013f: DUP3 00000140: MSTORE 00000141: SWAP2 00000142: MLOAD 00000143: PUSH1 0x01 00000145: PUSH1 0xa0 00000147: PUSH1 0x02 00000149: EXP 0000014a: SUB 0000014b: SWAP3 0000014c: SWAP1 0000014d: SWAP3 0000014e: AND 0000014f: SWAP3 00000150: POP 00000151: PUSH4 0xc281d19e 00000156: SWAP2 00000157: PUSH1 0x04 00000159: DUP3 0000015a: DUP2 0000015b: ADD 0000015c: SWAP3 0000015d: PUSH1 0x20 0000015f: SWAP3 00000160: SWAP2 00000161: SWAP1 00000162: DUP3 00000163: SWAP1 00000164: SUB 00000165: ADD 00000166: DUP2 00000167: DUP8 00000168: DUP8 00000169: PUSH2 0x61da 0000016c: GAS 0000016d: SUB 0000016e: CALL 0000016f: ISZERO 00000170: PUSH2 0x0002 00000173: JUMPI 00000174: POP 00000175: POP 00000176: PUSH1 0x40 00000178: MLOAD 00000179: MLOAD 0000017a: SWAP2 0000017b: POP 0000017c: POP 0000017d: SWAP1 0000017e: JUMP 0000017f: JUMPDEST 00000180: PUSH2 0x0265 00000183: PUSH1 0x02 00000185: SLOAD 00000186: PUSH1 0x01 00000188: PUSH1 0xa0 0000018a: PUSH1 0x02 0000018c: EXP 0000018d: SUB 0000018e: SWAP1 0000018f: DUP2 00000190: AND 00000191: CALLER 00000192: SWAP2 00000193: SWAP1 00000194: SWAP2 00000195: AND 00000196: EQ 00000197: ISZERO 00000198: PUSH2 0x0267 0000019b: JUMPI 0000019c: PUSH1 0x02 0000019e: SLOAD 0000019f: PUSH1 0x01 000001a1: PUSH1 0xa0 000001a3: PUSH1 0x02 000001a5: EXP 000001a6: SUB 000001a7: AND 000001a8: SELFDESTRUCT 000001a9: JUMPDEST 000001aa: PUSH2 0x0269 000001ad: PUSH1 0x02 000001af: SLOAD 000001b0: PUSH1 0x01 000001b2: PUSH1 0xa0 000001b4: PUSH1 0x02 000001b6: EXP 000001b7: SUB 000001b8: AND 000001b9: DUP2 000001ba: JUMP 000001bb: JUMPDEST 000001bc: PUSH1 0x40 000001be: DUP1 000001bf: MLOAD 000001c0: PUSH1 0x04 000001c2: DUP1 000001c3: SLOAD 000001c4: PUSH1 0x20 000001c6: PUSH1 0x02 000001c8: PUSH1 0x01 000001ca: DUP4 000001cb: AND 000001cc: ISZERO 000001cd: PUSH2 0x0100 000001d0: MUL 000001d1: PUSH1 0x00 000001d3: NOT 000001d4: ADD 000001d5: SWAP1 000001d6: SWAP3 000001d7: AND 000001d8: SWAP2 000001d9: SWAP1 000001da: SWAP2 000001db: DIV 000001dc: PUSH1 0x1f 000001de: DUP2 000001df: ADD 000001e0: DUP3 000001e1: SWAP1 000001e2: DIV 000001e3: DUP3 000001e4: MUL 000001e5: DUP5 000001e6: ADD 000001e7: DUP3 000001e8: ADD 000001e9: SWAP1 000001ea: SWAP5 000001eb: MSTORE 000001ec: DUP4 000001ed: DUP4 000001ee: MSTORE 000001ef: PUSH2 0x0286 000001f2: SWAP4 000001f3: SWAP1 000001f4: DUP4 000001f5: ADD 000001f6: DUP3 000001f7: DUP3 000001f8: DUP1 000001f9: ISZERO 000001fa: PUSH2 0x031f 000001fd: JUMPI 000001fe: DUP1 000001ff: PUSH1 0x1f 00000201: LT 00000202: PUSH2 0x02f4 00000205: JUMPI 00000206: PUSH2 0x0100 00000209: DUP1 0000020a: DUP4 0000020b: SLOAD 0000020c: DIV 0000020d: MUL 0000020e: DUP4 0000020f: MSTORE 00000210: SWAP2 00000211: PUSH1 0x20 00000213: ADD 00000214: SWAP2 00000215: PUSH2 0x031f 00000218: JUMP 00000219: JUMPDEST 0000021a: PUSH2 0x0265 0000021d: JUMPDEST 0000021e: PUSH1 0x00 00000220: PUSH7 0xb1a2bc2ec50000 00000228: CALLVALUE 00000229: LT 0000022a: ISZERO 0000022b: PUSH2 0x032d 0000022e: JUMPI 0000022f: PUSH1 0x40 00000231: MLOAD 00000232: PUSH1 0x01 00000234: PUSH1 0xa0 00000236: PUSH1 0x02 00000238: EXP 00000239: SUB 0000023a: CALLER 0000023b: AND 0000023c: SWAP1 0000023d: DUP3 0000023e: SWAP1 0000023f: CALLVALUE 00000240: SWAP1 00000241: DUP3 00000242: DUP2 00000243: DUP2 00000244: DUP2 00000245: DUP6 00000246: DUP9 00000247: DUP4 00000248: CALL 00000249: SWAP4 0000024a: POP 0000024b: POP 0000024c: POP 0000024d: POP 0000024e: POP 0000024f: PUSH2 0x032a 00000252: JUMP 00000253: JUMPDEST 00000254: PUSH2 0x0269 00000257: PUSH1 0x03 00000259: SLOAD 0000025a: PUSH1 0x01 0000025c: PUSH1 0xa0 0000025e: PUSH1 0x02 00000260: EXP 00000261: SUB 00000262: AND 00000263: DUP2 00000264: JUMP 00000265: JUMPDEST 00000266: STOP 00000267: JUMPDEST 00000268: JUMP 00000269: JUMPDEST 0000026a: PUSH1 0x40 0000026c: DUP1 0000026d: MLOAD 0000026e: PUSH1 0x01 00000270: PUSH1 0xa0 00000272: PUSH1 0x02 00000274: EXP 00000275: SUB 00000276: SWAP3 00000277: SWAP1 00000278: SWAP3 00000279: AND 0000027a: DUP3 0000027b: MSTORE 0000027c: MLOAD 0000027d: SWAP1 0000027e: DUP2 0000027f: SWAP1 00000280: SUB 00000281: PUSH1 0x20 00000283: ADD 00000284: SWAP1 00000285: RETURN 00000286: JUMPDEST 00000287: PUSH1 0x40 00000289: MLOAD 0000028a: DUP1 0000028b: DUP1 0000028c: PUSH1 0x20 0000028e: ADD 0000028f: DUP3 00000290: DUP2 00000291: SUB 00000292: DUP3 00000293: MSTORE 00000294: DUP4 00000295: DUP2 00000296: DUP2 00000297: MLOAD 00000298: DUP2 00000299: MSTORE 0000029a: PUSH1 0x20 0000029c: ADD 0000029d: SWAP2 0000029e: POP 0000029f: DUP1 000002a0: MLOAD 000002a1: SWAP1 000002a2: PUSH1 0x20 000002a4: ADD 000002a5: SWAP1 000002a6: DUP1 000002a7: DUP4 000002a8: DUP4 000002a9: DUP3 000002aa: SWAP1 000002ab: PUSH1 0x00 000002ad: PUSH1 0x04 000002af: PUSH1 0x20 000002b1: DUP5 000002b2: PUSH1 0x1f 000002b4: ADD 000002b5: DIV 000002b6: PUSH1 0x0f 000002b8: MUL 000002b9: PUSH1 0x03 000002bb: ADD 000002bc: CALL 000002bd: POP 000002be: SWAP1 000002bf: POP 000002c0: SWAP1 000002c1: DUP2 000002c2: ADD 000002c3: SWAP1 000002c4: PUSH1 0x1f 000002c6: AND 000002c7: DUP1 000002c8: ISZERO 000002c9: PUSH2 0x02e6 000002cc: JUMPI 000002cd: DUP1 000002ce: DUP3 000002cf: SUB 000002d0: DUP1 000002d1: MLOAD 000002d2: PUSH1 0x01 000002d4: DUP4 000002d5: PUSH1 0x20 000002d7: SUB 000002d8: PUSH2 0x0100 000002db: EXP 000002dc: SUB 000002dd: NOT 000002de: AND 000002df: DUP2 000002e0: MSTORE 000002e1: PUSH1 0x20 000002e3: ADD 000002e4: SWAP2 000002e5: POP 000002e6: JUMPDEST 000002e7: POP 000002e8: SWAP3 000002e9: POP 000002ea: POP 000002eb: POP 000002ec: PUSH1 0x40 000002ee: MLOAD 000002ef: DUP1 000002f0: SWAP2 000002f1: SUB 000002f2: SWAP1 000002f3: RETURN 000002f4: JUMPDEST 000002f5: DUP3 000002f6: ADD 000002f7: SWAP2 000002f8: SWAP1 000002f9: PUSH1 0x00 000002fb: MSTORE 000002fc: PUSH1 0x20 000002fe: PUSH1 0x00 00000300: KECCAK256 00000301: SWAP1 00000302: JUMPDEST 00000303: DUP2 00000304: SLOAD 00000305: DUP2 00000306: MSTORE 00000307: SWAP1 00000308: PUSH1 0x01 0000030a: ADD 0000030b: SWAP1 0000030c: PUSH1 0x20 0000030e: ADD 0000030f: DUP1 00000310: DUP4 00000311: GT 00000312: PUSH2 0x0302 00000315: JUMPI 00000316: DUP3 00000317: SWAP1 00000318: SUB 00000319: PUSH1 0x1f 0000031b: AND 0000031c: DUP3 0000031d: ADD 0000031e: SWAP2 0000031f: JUMPDEST 00000320: POP 00000321: POP 00000322: POP 00000323: POP 00000324: POP 00000325: DUP2 00000326: JUMP 00000327: JUMPDEST 00000328: SWAP1 00000329: POP 0000032a: JUMPDEST 0000032b: POP 0000032c: JUMP 0000032d: JUMPDEST 0000032e: PUSH1 0x40 00000330: DUP1 00000331: MLOAD 00000332: DUP1 00000333: DUP3 00000334: ADD 00000335: DUP3 00000336: MSTORE 00000337: PUSH1 0x0c 00000339: DUP2 0000033a: MSTORE 0000033b: PUSH32 0x576f6c6672616d416c7068610000000000000000000000000000000000000000 0000035c: PUSH1 0x20 0000035e: DUP3 0000035f: DUP2 00000360: ADD 00000361: SWAP2 00000362: SWAP1 00000363: SWAP2 00000364: MSTORE 00000365: DUP3 00000366: MLOAD 00000367: DUP1 00000368: DUP5 00000369: ADD 0000036a: DUP5 0000036b: MSTORE 0000036c: PUSH1 0x1d 0000036e: DUP2 0000036f: MSTORE 00000370: PUSH32 0x72616e646f6d206e756d626572206265747765656e203120616e642039000000 00000391: DUP2 00000392: DUP4 00000393: ADD 00000394: MSTORE 00000395: PUSH1 0x00 00000397: DUP1 00000398: SLOAD 00000399: DUP6 0000039a: MLOAD 0000039b: PUSH1 0xe0 0000039d: PUSH1 0x02 0000039f: EXP 000003a0: PUSH4 0x38cc4831 000003a5: MUL 000003a6: DUP2 000003a7: MSTORE 000003a8: SWAP6 000003a9: MLOAD 000003aa: PUSH2 0x0327 000003ad: SWAP7 000003ae: SWAP3 000003af: SWAP6 000003b0: SWAP5 000003b1: DUP7 000003b2: SWAP4 000003b3: DUP5 000003b4: SWAP4 000003b5: PUSH1 0x01 000003b7: PUSH1 0xa0 000003b9: PUSH1 0x02 000003bb: EXP 000003bc: SUB 000003bd: AND 000003be: SWAP3 000003bf: PUSH4 0x38cc4831 000003c4: SWAP3 000003c5: PUSH1 0x04 000003c7: DUP4 000003c8: DUP2 000003c9: ADD 000003ca: SWAP4 000003cb: SWAP2 000003cc: SWAP3 000003cd: SWAP2 000003ce: DUP3 000003cf: SWAP1 000003d0: SUB 000003d1: ADD 000003d2: DUP2 000003d3: DUP8 000003d4: DUP8 000003d5: PUSH2 0x61da 000003d8: GAS 000003d9: SUB 000003da: CALL 000003db: ISZERO 000003dc: PUSH2 0x0002 000003df: JUMPI 000003e0: POP 000003e1: POP 000003e2: PUSH1 0x40 000003e4: MLOAD 000003e5: DUP1 000003e6: MLOAD 000003e7: PUSH1 0x01 000003e9: DUP1 000003ea: SLOAD 000003eb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000400: NOT 00000401: AND 00000402: SWAP1 00000403: SWAP2 00000404: OR 00000405: SWAP1 00000406: DUP2 00000407: SWAP1 00000408: SSTORE 00000409: PUSH32 0x524f388900000000000000000000000000000000000000000000000000000000 0000042a: DUP3 0000042b: MSTORE 0000042c: PUSH1 0x20 0000042e: PUSH1 0x04 00000430: DUP4 00000431: DUP2 00000432: ADD 00000433: DUP3 00000434: DUP2 00000435: MSTORE 00000436: DUP10 00000437: MLOAD 00000438: PUSH1 0x24 0000043a: DUP7 0000043b: ADD 0000043c: MSTORE 0000043d: DUP10 0000043e: MLOAD 0000043f: PUSH1 0x01 00000441: PUSH1 0xa0 00000443: PUSH1 0x02 00000445: EXP 00000446: SUB 00000447: SWAP5 00000448: SWAP1 00000449: SWAP5 0000044a: AND 0000044b: SWAP6 0000044c: POP 0000044d: PUSH4 0x524f3889 00000452: SWAP5 00000453: DUP11 00000454: SWAP5 00000455: SWAP2 00000456: SWAP4 00000457: DUP5 00000458: SWAP4 00000459: PUSH1 0x44 0000045b: SWAP1 0000045c: SWAP3 0000045d: ADD 0000045e: SWAP3 0000045f: DUP7 00000460: DUP3 00000461: ADD 00000462: SWAP3 00000463: SWAP1 00000464: SWAP2 00000465: DUP3 00000466: SWAP2 00000467: DUP6 00000468: SWAP2 00000469: DUP4 0000046a: SWAP2 0000046b: DUP7 0000046c: SWAP2 0000046d: DUP15 0000046e: SWAP2 0000046f: SWAP1 00000470: PUSH1 0x1f 00000472: DUP6 00000473: ADD 00000474: DIV 00000475: PUSH1 0x0f 00000477: MUL 00000478: PUSH1 0x03 0000047a: ADD 0000047b: CALL 0000047c: POP 0000047d: SWAP1 0000047e: POP 0000047f: SWAP1 00000480: DUP2 00000481: ADD 00000482: SWAP1 00000483: PUSH1 0x1f 00000485: AND 00000486: DUP1 00000487: ISZERO 00000488: PUSH2 0x04a5 0000048b: JUMPI 0000048c: DUP1 0000048d: DUP3 0000048e: SUB 0000048f: DUP1 00000490: MLOAD 00000491: PUSH1 0x01 00000493: DUP4 00000494: PUSH1 0x20 00000496: SUB 00000497: PUSH2 0x0100 0000049a: EXP 0000049b: SUB 0000049c: NOT 0000049d: AND 0000049e: DUP2 0000049f: MSTORE 000004a0: PUSH1 0x20 000004a2: ADD 000004a3: SWAP2 000004a4: POP 000004a5: JUMPDEST 000004a6: POP 000004a7: SWAP3 000004a8: POP 000004a9: POP 000004aa: POP 000004ab: PUSH1 0x20 000004ad: PUSH1 0x40 000004af: MLOAD 000004b0: DUP1 000004b1: DUP4 000004b2: SUB 000004b3: DUP2 000004b4: PUSH1 0x00 000004b6: DUP8 000004b7: PUSH2 0x61da 000004ba: GAS 000004bb: SUB 000004bc: CALL 000004bd: ISZERO 000004be: PUSH2 0x0002 000004c1: JUMPI 000004c2: POP 000004c3: POP 000004c4: PUSH1 0x40 000004c6: MLOAD 000004c7: MLOAD 000004c8: SWAP2 000004c9: POP 000004ca: POP 000004cb: PUSH8 0x0de0b6b3a7640000 000004d4: PUSH3 0x030d40 000004d8: GASPRICE 000004d9: MUL 000004da: ADD 000004db: DUP2 000004dc: GT 000004dd: ISZERO 000004de: PUSH2 0x05d6 000004e1: JUMPI 000004e2: PUSH1 0x00 000004e4: SWAP2 000004e5: POP 000004e6: JUMPDEST 000004e7: POP 000004e8: SWAP4 000004e9: SWAP3 000004ea: POP 000004eb: POP 000004ec: POP 000004ed: JUMP 000004ee: JUMPDEST 000004ef: PUSH1 0x01 000004f1: PUSH1 0xa0 000004f3: PUSH1 0x02 000004f5: EXP 000004f6: SUB 000004f7: AND 000004f8: CALLER 000004f9: PUSH1 0x01 000004fb: PUSH1 0xa0 000004fd: PUSH1 0x02 000004ff: EXP 00000500: SUB 00000501: AND 00000502: EQ 00000503: ISZERO 00000504: ISZERO 00000505: PUSH2 0x050d 00000508: JUMPI 00000509: PUSH2 0x0002 0000050c: JUMP 0000050d: JUMPDEST 0000050e: DUP1 0000050f: PUSH1 0x04 00000511: PUSH1 0x00 00000513: POP 00000514: SWAP1 00000515: DUP1 00000516: MLOAD 00000517: SWAP1 00000518: PUSH1 0x20 0000051a: ADD 0000051b: SWAP1 0000051c: DUP3 0000051d: DUP1 0000051e: SLOAD 0000051f: PUSH1 0x01 00000521: DUP2 00000522: PUSH1 0x01 00000524: AND 00000525: ISZERO 00000526: PUSH2 0x0100 00000529: MUL 0000052a: SUB 0000052b: AND 0000052c: PUSH1 0x02 0000052e: SWAP1 0000052f: DIV 00000530: SWAP1 00000531: PUSH1 0x00 00000533: MSTORE 00000534: PUSH1 0x20 00000536: PUSH1 0x00 00000538: KECCAK256 00000539: SWAP1 0000053a: PUSH1 0x1f 0000053c: ADD 0000053d: PUSH1 0x20 0000053f: SWAP1 00000540: DIV 00000541: DUP2 00000542: ADD 00000543: SWAP3 00000544: DUP3 00000545: PUSH1 0x1f 00000547: LT 00000548: PUSH2 0x0574 0000054b: JUMPI 0000054c: DUP1 0000054d: MLOAD 0000054e: PUSH1 0xff 00000550: NOT 00000551: AND 00000552: DUP4 00000553: DUP1 00000554: ADD 00000555: OR 00000556: DUP6 00000557: SSTORE 00000558: JUMPDEST 00000559: POP 0000055a: PUSH2 0x05a4 0000055d: SWAP3 0000055e: SWAP2 0000055f: POP 00000560: JUMPDEST 00000561: DUP1 00000562: DUP3 00000563: GT 00000564: ISZERO 00000565: PUSH2 0x05d2 00000568: JUMPI 00000569: PUSH1 0x00 0000056b: DUP2 0000056c: SSTORE 0000056d: PUSH1 0x01 0000056f: ADD 00000570: PUSH2 0x0560 00000573: JUMP 00000574: JUMPDEST 00000575: DUP3 00000576: DUP1 00000577: ADD 00000578: PUSH1 0x01 0000057a: ADD 0000057b: DUP6 0000057c: SSTORE 0000057d: DUP3 0000057e: ISZERO 0000057f: PUSH2 0x0558 00000582: JUMPI 00000583: SWAP2 00000584: DUP3 00000585: ADD 00000586: JUMPDEST 00000587: DUP3 00000588: DUP2 00000589: GT 0000058a: ISZERO 0000058b: PUSH2 0x0558 0000058e: JUMPI 0000058f: DUP3 00000590: MLOAD 00000591: DUP3 00000592: PUSH1 0x00 00000594: POP 00000595: SSTORE 00000596: SWAP2 00000597: PUSH1 0x20 00000599: ADD 0000059a: SWAP2 0000059b: SWAP1 0000059c: PUSH1 0x01 0000059e: ADD 0000059f: SWAP1 000005a0: PUSH2 0x0586 000005a3: JUMP 000005a4: JUMPDEST 000005a5: POP 000005a6: POP 000005a7: PUSH1 0x02 000005a9: SLOAD 000005aa: PUSH1 0x03 000005ac: SLOAD 000005ad: PUSH1 0x40 000005af: MLOAD 000005b0: PUSH1 0x01 000005b2: PUSH1 0xa0 000005b4: PUSH1 0x02 000005b6: EXP 000005b7: SUB 000005b8: SWAP3 000005b9: DUP4 000005ba: AND 000005bb: SWAP3 000005bc: PUSH1 0x00 000005be: SWAP3 000005bf: AND 000005c0: BALANCE 000005c1: SWAP1 000005c2: DUP3 000005c3: DUP2 000005c4: DUP2 000005c5: DUP2 000005c6: DUP6 000005c7: DUP9 000005c8: DUP4 000005c9: CALL 000005ca: POP 000005cb: POP 000005cc: POP 000005cd: POP 000005ce: POP 000005cf: POP 000005d0: POP 000005d1: JUMP 000005d2: JUMPDEST 000005d3: POP 000005d4: SWAP1 000005d5: JUMP 000005d6: JUMPDEST 000005d7: PUSH1 0x01 000005d9: PUSH1 0x00 000005db: SWAP1 000005dc: SLOAD 000005dd: SWAP1 000005de: PUSH2 0x0100 000005e1: EXP 000005e2: SWAP1 000005e3: DIV 000005e4: PUSH1 0x01 000005e6: PUSH1 0xa0 000005e8: PUSH1 0x02 000005ea: EXP 000005eb: SUB 000005ec: AND 000005ed: PUSH1 0x01 000005ef: PUSH1 0xa0 000005f1: PUSH1 0x02 000005f3: EXP 000005f4: SUB 000005f5: AND 000005f6: PUSH4 0xadf59f99 000005fb: DUP3 000005fc: DUP8 000005fd: DUP8 000005fe: DUP8 000005ff: PUSH1 0x40 00000601: MLOAD 00000602: DUP6 00000603: PUSH1 0xe0 00000605: PUSH1 0x02 00000607: EXP 00000608: MUL 00000609: DUP2 0000060a: MSTORE 0000060b: PUSH1 0x04 0000060d: ADD 0000060e: DUP1 0000060f: DUP5 00000610: DUP2 00000611: MSTORE 00000612: PUSH1 0x20 00000614: ADD 00000615: DUP1 00000616: PUSH1 0x20 00000618: ADD 00000619: DUP1 0000061a: PUSH1 0x20 0000061c: ADD 0000061d: DUP4 0000061e: DUP2 0000061f: SUB 00000620: DUP4 00000621: MSTORE 00000622: DUP6 00000623: DUP2 00000624: DUP2 00000625: MLOAD 00000626: DUP2 00000627: MSTORE 00000628: PUSH1 0x20 0000062a: ADD 0000062b: SWAP2 0000062c: POP 0000062d: DUP1 0000062e: MLOAD 0000062f: SWAP1 00000630: PUSH1 0x20 00000632: ADD 00000633: SWAP1 00000634: DUP1 00000635: DUP4 00000636: DUP4 00000637: DUP3 00000638: SWAP1 00000639: PUSH1 0x00 0000063b: PUSH1 0x04 0000063d: PUSH1 0x20 0000063f: DUP5 00000640: PUSH1 0x1f 00000642: ADD 00000643: DIV 00000644: PUSH1 0x0f 00000646: MUL 00000647: PUSH1 0x03 00000649: ADD 0000064a: CALL 0000064b: POP 0000064c: SWAP1 0000064d: POP 0000064e: SWAP1 0000064f: DUP2 00000650: ADD 00000651: SWAP1 00000652: PUSH1 0x1f 00000654: AND 00000655: DUP1 00000656: ISZERO 00000657: PUSH2 0x0674 0000065a: JUMPI 0000065b: DUP1 0000065c: DUP3 0000065d: SUB 0000065e: DUP1 0000065f: MLOAD 00000660: PUSH1 0x01 00000662: DUP4 00000663: PUSH1 0x20 00000665: SUB 00000666: PUSH2 0x0100 00000669: EXP 0000066a: SUB 0000066b: NOT 0000066c: AND 0000066d: DUP2 0000066e: MSTORE 0000066f: PUSH1 0x20 00000671: ADD 00000672: SWAP2 00000673: POP 00000674: JUMPDEST 00000675: POP 00000676: DUP4 00000677: DUP2 00000678: SUB 00000679: DUP3 0000067a: MSTORE 0000067b: DUP5 0000067c: DUP2 0000067d: DUP2 0000067e: MLOAD 0000067f: DUP2 00000680: MSTORE 00000681: PUSH1 0x20 00000683: ADD 00000684: SWAP2 00000685: POP 00000686: DUP1 00000687: MLOAD 00000688: SWAP1 00000689: PUSH1 0x20 0000068b: ADD 0000068c: SWAP1 0000068d: DUP1 0000068e: DUP4 0000068f: DUP4 00000690: DUP3 00000691: SWAP1 00000692: PUSH1 0x00 00000694: PUSH1 0x04 00000696: PUSH1 0x20 00000698: DUP5 00000699: PUSH1 0x1f 0000069b: ADD 0000069c: DIV 0000069d: PUSH1 0x0f 0000069f: MUL 000006a0: PUSH1 0x03 000006a2: ADD 000006a3: CALL 000006a4: POP 000006a5: SWAP1 000006a6: POP 000006a7: SWAP1 000006a8: DUP2 000006a9: ADD 000006aa: SWAP1 000006ab: PUSH1 0x1f 000006ad: AND 000006ae: DUP1 000006af: ISZERO 000006b0: PUSH2 0x06cd 000006b3: JUMPI 000006b4: DUP1 000006b5: DUP3 000006b6: SUB 000006b7: DUP1 000006b8: MLOAD 000006b9: PUSH1 0x01 000006bb: DUP4 000006bc: PUSH1 0x20 000006be: SUB 000006bf: PUSH2 0x0100 000006c2: EXP 000006c3: SUB 000006c4: NOT 000006c5: AND 000006c6: DUP2 000006c7: MSTORE 000006c8: PUSH1 0x20 000006ca: ADD 000006cb: SWAP2 000006cc: POP 000006cd: JUMPDEST 000006ce: POP 000006cf: SWAP6 000006d0: POP 000006d1: POP 000006d2: POP 000006d3: POP 000006d4: POP 000006d5: POP 000006d6: PUSH1 0x20 000006d8: PUSH1 0x40 000006da: MLOAD 000006db: DUP1 000006dc: DUP4 000006dd: SUB 000006de: DUP2 000006df: DUP6 000006e0: DUP9 000006e1: PUSH2 0x8502 000006e4: GAS 000006e5: SUB 000006e6: CALL 000006e7: ISZERO 000006e8: PUSH2 0x0002 000006eb: JUMPI 000006ec: POP 000006ed: POP 000006ee: PUSH1 0x40 000006f0: MLOAD 000006f1: MLOAD 000006f2: SWAP4 000006f3: POP 000006f4: PUSH2 0x04e6 000006f7: SWAP2 000006f8: POP 000006f9: POP 000006fa: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17
call_targets:
0x1d11e5eae3112dbd44f99266872ff1d07c77dce8, 0x33b202966bef633b952747c4955e404a0011fc63, 0x6f28b146804dba2d6f944c03528a8fdbc673df2c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x1d11e5eae3112dbd44f99266872ff1d07c77dce8",
"0x33b202966bef633b952747c4955e404a0011fc63",
"0x6f28b146804dba2d6f944c03528a8fdbc673df2c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f655c96",
"selector": "0x8f655c96",
"calldata_variants": [
"0x8f655c96",
"0x8f655c960000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe97dcb62",
"selector": "0xe97dcb62",
"calldata_variants": [
"0xe97dcb62",
"0xe97dcb620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6b4dfb4",
"selector": "0xf6b4dfb4",
"calldata_variants": [
"0xf6b4dfb4",
"0xf6b4dfb40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 238,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 366,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 584,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 11,
"guards_detected": [],
"untrusted_call_count": 11
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17
call_targets:
0x1d11e5eae3112dbd44f99266872ff1d07c77dce8, 0x33b202966bef633b952747c4955e404a0011fc63, 0x6f28b146804dba2d6f944c03528a8fdbc673df2c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xbf2c95d03edf756d345bdf8cf6c04f4729519ca48c199e9651a68de883319f17",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x1d11e5eae3112dbd44f99266872ff1d07c77dce8",
"0x33b202966bef633b952747c4955e404a0011fc63",
"0x6f28b146804dba2d6f944c03528a8fdbc673df2c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f655c96",
"selector": "0x8f655c96",
"calldata_variants": [
"0x8f655c96",
"0x8f655c960000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe97dcb62",
"selector": "0xe97dcb62",
"calldata_variants": [
"0xe97dcb62",
"0xe97dcb620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6b4dfb4",
"selector": "0xf6b4dfb4",
"calldata_variants": [
"0xf6b4dfb4",
"0xf6b4dfb40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 238,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 366,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 584,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 11,
"guards_detected": []
}
|
| high | other | detector | SELFDESTRUCT reachable | 65 | no | no |
viewtrace_id: 0xdf08f04b98fcc6776bc9b6dec997a6985ee85bf1eef97369f379010b63e81287
validation_json{
"sink": "SELFDESTRUCT",
"errors": 0,
"status": "unknown",
"attempts": 12,
"trace_id": "0xdf08f04b98fcc6776bc9b6dec997a6985ee85bf1eef97369f379010b63e81287",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x41c0e1b5",
"selector": "0x41c0e1b5",
"calldata_variants": [
"0x41c0e1b5",
"0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f655c96",
"selector": "0x8f655c96",
"calldata_variants": [
"0x8f655c96",
"0x8f655c960000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe97dcb62",
"selector": "0xe97dcb62",
"calldata_variants": [
"0xe97dcb62",
"0xe97dcb620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6b4dfb4",
"selector": "0xf6b4dfb4",
"calldata_variants": [
"0xf6b4dfb4",
"0xf6b4dfb40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [],
"selfdestruct_count": 1
}
|
| medium | oracle | codex | Oracle callback appears to ignore the request id and operate on global state | 75 | no | — |
viewevidence_json{
"evidence": "Selector inference is best-effort, but the pattern is strong: selector 0x27dc297e looks like an Oraclize-style __callback(bytes32,string) because calldata decoding starts from the second ABI slot (pc 0x6b / pc 0x8a) and the first 32-byte argument is never read. The callback path then writes one global dynamic storage value (slot 4 storage logic at pc 0x51e-0x5a4) and uses shared slots 2/3 during payout (pc 0x5a7 onward). The artifact reports only two keccak patterns, both consistent with dynamic storage encoding rather than a mapping keyed by query id.",
"locations": [
"selector:0x27dc297e",
"selector:0xe97dcb62",
"pc:0x6b",
"pc:0x8a",
"pc:0x5a7",
"pc:0x6e6"
],
"recommendation": "Track each outbound oracle query by its returned id and require the callback to match a stored pending request before mutating state or paying out. Use a mapping keyed by request id, clear it on first use, and reject unknown or already-settled ids. If only one request should ever be live, enforce that invariant explicitly.",
"exploit_scenario": "The payable request path (fallback/selector 0xe97dcb62) makes Oraclize-style external calls, including selectors 0x524f3889 and 0xadf59f99, so multiple requests can plausibly be outstanding at once. The callback-like selector 0x27dc297e decodes only the dynamic string argument and never loads the first 32-byte calldata word, which is consistent with an ignored bytes32 query id. If callbacks arrive out of order, the handler will still write to one shared storage area and execute payout logic against shared slots instead of proving which request is being settled. An attacker can spam new requests before older callbacks return, then let legitimate delayed callbacks overwrite the global result and trigger settlement against the latest shared state."
}
|
| medium | other | codex | Refund and payout paths use unchecked low-level CALLs | 75 | no | — |
viewevidence_json{
"evidence": "The disassembly shows pc 0x248 executing CALL in the under-minimum branch and immediately POPing the result instead of branching on it. The payout path at pc 0x5c9 does the same. The artifact callsite list also marks CALLs with returndata_checked=null. Because these are value-bearing calls and at least one target is untrusted msg.sender, silent failure creates accounting ambiguity and potential stuck funds.",
"locations": [
"pc:0x248",
"pc:0x5c9",
"selector:0xe97dcb62",
"selector:0x27dc297e"
],
"recommendation": "Replace raw value-transferring CALLs with checked interactions. Revert on failed refunds/payouts, or move to a pull-payment model where balances are credited in storage and withdrawn explicitly. If raw CALL is required, capture the boolean result and handle failure before any state is treated as finalized.",
"exploit_scenario": "If a caller sends less than the minimum payment, the contract attempts to refund via a raw CALL to msg.sender at pc 0x248 and then continues without checking success. A malicious or incompatible recipient contract can revert or consume gas so the refund silently fails, leaving funds trapped. Likewise, the callback settlement path performs another value-bearing CALL at pc 0x5c9 and ignores the result, so payout failure can leave ETH stuck while the contract still updates global state/result storage as if settlement succeeded."
}
|