019b3836-3c1c-73f1-8d3d-ffdb519bf95c
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 4507 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 4508 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 48408 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 48409 | capability.graph | complete | 1 / 3 | 1 week ago |
| 48410 | detector.run | complete | 1 / 3 | 1 week ago |
| 48411 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113290 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode looks like an ERC20-like token with standard `name`/`symbol`/`decimals`/`balanceOf`/`transfer` selectors plus one unknown public selector (`0x1d2bca17`). The meaningful issue is that this unknown selector appears to be an unguarded initializer/admin path reachable in runtime: it writes caller-controlled metadata and credits `msg.sender` in the balance mapping with no observable authorization check. I did not treat the detector's `CALL` finding as exploitable because the only `CALL` at `pc:0x2fb` matches the old-solc identity-precompile memcpy pattern used while returning dynamic strings, and the traced `0x04` target is consistent with that.","findings":[{"severity":"critical","category":"access_control","title":"Public selector `0x1d2bca17` can assign arbitrary balance to the caller","exploit_scenario":"An attacker calls selector `0x1d2bca17` with crafted calldata so the amount-like argument is set to any desired value. The function hashes `CALLER` with storage slot `0x04` and performs `SSTORE`, crediting the caller in the same mapping later enforced by `transfer(0xa9059cbb)`. The attacker can then use `transfer` to move the forged balance to other accounts or liquidity venues.","recommendation":"Remove or strictly gate this selector with explicit authorization, or move one-time initialization into constructor/immutable deployment code. If the intent is minting, enforce minter roles and update all supply/accounting variables consistently.","evidence":"Dispatcher routes `0x1d2bca17` to `pc:0x0c1` (`pc:31-41`). That path contains no visible auth check before state writes. At `pc:0x14f-0x16b` it derives `keccak256(msg.sender, 0x04)` and executes `SSTORE`, so a calldata-derived value is written into the caller's balance slot. The spend path for `transfer` starts at `pc:0x277`; it reads the same `keccak256(msg.sender, 0x04)` mapping at `pc:0x299` and the recipient mapping at `pc:0x2b5`, then updates balances at `pc:0x37f` and `pc:0x38f` and emits the standard `Transfer` topic at `pc:0x399-0x3c3`. This is strong bytecode evidence of an unguarded mint/balance-setter reachable at runtime.","locations":["selector:0x1d2bca17","selector:0xa9059cbb","pc:0x0c1","pc:0x14f","pc:0x16b","pc:0x277","pc:0x299","pc:0x37f","pc:0x38f"]},{"severity":"medium","category":"auth","title":"Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`)","exploit_scenario":"A caller invokes `0x1d2bca17` after deployment and overwrites the storage later returned by standard ERC20 metadata selectors. Wallets, explorers, bridges, and indexers can then observe a different name/symbol/decimals than the one originally deployed, causing UI spoofing and accounting confusion.","recommendation":"Make metadata immutable after deployment, or restrict any metadata-update path to a trusted admin plus an explicit one-time/paused governance flow. If mutability is required, emit dedicated events and document the trust model clearly.","evidence":"Standard selector inference is best-effort, but `0x06fdde03`, `0x95d89b41`, and `0x313ce567` are the canonical ERC20 metadata selectors. Their read paths load slot `0x00` (`pc:0x63-0xC0`), slot `0x01` (`pc:0x218-0x276`), and the low byte of slot `0x02` (`pc:0x1eb-0x1f6`). The mutable selector `0x1d2bca17` reaches helper writers that store dynamic data and a packed byte into those same slots: packed write into slot `0x02` at `pc:0x3c7-0x3d5`, plus dynamic-storage write helpers at `pc:0x3db-0x40a` and `pc:0x468-0x497`, which are the matching old-solc routines for bytes/string storage used by the slot-0/slot-1 getters.","locations":["selector:0x1d2bca17","selector:0x06fdde03","selector:0x95d89b41","selector:0x313ce567","pc:0x1eb","pc:0x218","pc:0x3c7","pc:0x3db","pc:0x468"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-oqmedeti
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c2d-120e-7360-b0f6-762743a471f1
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-oqmedeti
succeeded in 0ms:
/tmp/codex-oqmedeti
exec
/bin/bash -lc 'rg --files' in /tmp/codex-oqmedeti
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x5fb7f726249ded65635bcebda9b292b026088a87",
"artifact_hash": "0x243a81780c4bc0515f0b2457849163d08c7943248185cbd6a313b2c5047eaec2",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xf9379be67bf0d681af837933f0f4af1f87650997fa5ffba869eb61e5b6669abc",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0xb538f28e11e6ef92d156ea0778f08f0d25f432343dc502c932827bf1a71848d7",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0xe6b92846aaa238ddba59dd9178dbef5b37f5d0bf996853223c5f0b160333c3d0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0xb78623d57cf41f8e09aaa2cde3d3c25b2af521b5e0917d3536b239d0bb9e3dab",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x70432bc001f7b62f931805f97adf48eee0617bf87f691e325e0af47ac7c649e1",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xd41428e9c5e2ccf70f954214eab59e826c0692098bd5cdc158c560f72d70e763",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0xcbf928fa4d0d28b1ec2436e29e0c83fc4a4f55e103e9737bd1778850123bfefe",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0xb5237f32debb8e544249c9fa8b3cb174112bfd901539529f2c575d34f883dd26",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 98,
"hash": "0x011d7733279593b193d892dad40bef80419b3811155f2f8f98f219cbc67bebd8",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 97
},
{
"end_pc": 165,
"hash": "0x4b6c575a66e77a92e3b26268dccc311ba295f2f9352e11d15575c8bf4bd3c104",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_85",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_94",
"AND",
"OP_93",
"OP_90",
"OP_93",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_84",
"OP_90",
"DIV",
"OP_84",
"MUL",
"OP_82",
"ADD",
"OP_84",
"ADD",
"OP_90",
"OP_92",
"MSTORE",
"OP_81",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_83",
"ADD",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 99
},
{
"end_pc": 173,
"hash": "0x2098c9b03079ddfa1c5c4e38a7fb6f08ee8d9e64be8df3f9bfe81ecb7b175075",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 166
},
{
"end_pc": 192,
"hash": "0xca6a7048f08e206406e15427541021e9c59cd761a6b71e012bc43773861a449f",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 174
},
{
"end_pc": 450,
"hash": "0x24b1cf60c3940cc9bf6014e603f8dec4b1d6656c9b42e2d600f2e7ab22ba7d4f",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"PUSH1",
"OP_80",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"OP_81",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_85",
"OP_90",
"DIV",
"OP_85",
"MUL",
"OP_86",
"ADD",
"OP_85",
"ADD",
"OP_90",
"OP_96",
"MSTORE",
"OP_85",
"OP_85",
"MSTORE",
"PUSH2",
"OP_95",
"OP_81",
"CALLDATALOAD",
"OP_95",
"OP_91",
"OP_94",
"PUSH1",
"OP_94",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"OP_92",
"OP_93",
"OP_90",
"OP_92",
"ADD",
"OP_91",
"OP_81",
"OP_90",
"OP_84",
"ADD",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"POP",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"PUSH1",
"CALLDATALOAD",
"OP_80",
"OP_8B",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_83",
"OP_90",
"DIV",
"OP_83",
"MUL",
"OP_84",
"ADD",
"OP_83",
"ADD",
"OP_90",
"OP_94",
"MSTORE",
"OP_83",
"OP_83",
"MSTORE",
"OP_97",
"OP_99",
"OP_98",
"CALLDATALOAD",
"OP_98",
"OP_97",
"PUSH1",
"OP_97",
"POP",
"OP_91",
"OP_95",
"POP",
"PUSH1",
"OP_91",
"OP_90",
"OP_91",
"ADD",
"OP_93",
"POP",
"OP_90",
"OP_91",
"POP",
"OP_81",
"OP_90",
"OP_84",
"ADD",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"OP_94",
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_82",
"SHA3",
"OP_86",
"OP_90",
"SSTORE",
"OP_81",
"SLOAD",
"OP_85",
"MLOAD",
"OP_83",
"OP_80",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"OP_83",
"OP_90",
"DIV",
"PUSH32",
"OP_90",
"OP_81",
"ADD",
"OP_93",
"OP_90",
"OP_91",
"OP_90",
"OP_88",
"ADD",
"OP_90",
"OP_83",
"OP_90",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 193
},
{
"end_pc": 462,
"hash": "0x6ced3d23568c7e01a23440b8eb714cfc722b55a4adf50f1a463980318f15db86",
"opcodes": [
"OP_80",
"MLOAD",
"PUSH1",
"NOT",
"AND",
"OP_83",
"OP_80",
"ADD",
"OR",
"OP_85",
"SSTORE"
],
"start_pc": 451
},
{
"end_pc": 470,
"hash": "0x0b969ff619a6e4d094b2107b2eb4d7a640913b786c0ce77d29c3f06e283d298c",
"opcodes": [
"JUMPDEST",
"POP",
"PUSH2",
"OP_92",
"OP_91",
"POP"
],
"start_pc": 463
},
{
"end_pc": 479,
"hash": "0xca8e7d73f8bc8c691a77c26f5e573ff5f1b84106928a3b7f5ca4d3e2794c3fb9",
"opcodes": [
"JUMPDEST",
"OP_80",
"OP_82",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 471
},
{
"end_pc": 490,
"hash": "0x9306a5321324d84c0b1c3023a06201bbc19f01410d31fa4b60979cf69be07493",
"opcodes": [
"PUSH1",
"OP_81",
"SSTORE",
"PUSH1",
"ADD",
"PUSH2",
"JUMP"
],
"start_pc": 480
},
{
"end_pc": 502,
"hash": "0x4d77c72561ba9d4e67fa03014b0ca1663b12e751b52f77a32a00329a60a607b0",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 491
},
{
"end_pc": 526,
"hash": "0x7f7964833ff81062ad4d654ce65ca9456830e1ea868b67fe0be5ef78023db9e2",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 503
},
{
"end_pc": 535,
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"hash": "0x0fce7a04206c4943c1efdb9022cd2bd40fc0bd2d2fa50968db348bb076174719",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 527
},
{
"end_pc": 603,
"hash": "0xbd33e5674348fe8ec81ed50948318a8e6e5782a52183bbaaac5e482230bca401",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_87",
"OP_89",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_95",
"AND",
"OP_94",
"OP_90",
"OP_94",
"DIV",
"OP_93",
"OP_84",
"ADD",
"OP_81",
"OP_90",
"DIV",
"OP_81",
"MUL",
"OP_82",
"ADD",
"OP_81",
"ADD",
"OP_90",
"OP_92",
"MSTORE",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_83",
"ADD",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 536
},
{
"end_pc": 611,
"hash": "0x9bce0c413da0edcb3457922d79942ddc4047230c89ff41a2f203a30b39acc773",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 604
},
{
"end_pc": 630,
"hash": "0xf77238bcf95f061d988227ee23f2bcd39133a350de8707f7e69dcfedc03aa665",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 612
},
{
"end_pc": 673,
"hash": "0xde1d6659e799b74cc601542a20dc3d2d53200dee73b9584ee7aae2fdf9693312",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"OP_80",
"PUSH2",
"JUMPI"
],
"start_pc": 631
},
{
"end_pc": 698,
"hash": "0xa105640c68938656532354cb50252bcbe8b2c841ba3044d310887eb6a0e78bc4",
"opcodes": [
"POP",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_81",
"ADD",
"LT"
],
"start_pc": 674
},
{
"end_pc": 704,
"hash": "0xd57e839f17136f9fddba0107bec75ae6547c58cc0413aba2b3cb9c53791390b9",
"opcodes": [
"JUMPDEST",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 699
},
{
"end_pc": 708,
"hash": "0x4fc322e82873296e925bc5c77dddcf16e2da414527df1fad08d970d061406600",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 705
},
{
"end_pc": 779,
"hash": "0xdfba1d0367128c3b1baeb09e501ccd8a69d9cccff31b649efcc69290d1f72790",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 709
},
{
"end_pc": 804,
"hash": "0xa4a30f4aa2550f00e8e3c0fdb43672b79248233f72f232d94ca02aa74fb01551",
"opcodes": [
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 780
},
{
"end_pc": 818,
"hash": "0x559f15c422d58b68352542fe9f28fb63115a3ff7a6b5f0dc03e4a07144c8e5e6",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 805
},
{
"end_pc": 841,
"hash": "0xc7a1e8bade594a09026f41fddbdbe58a38a691cd85b9a6d1613f5cdb062891a4",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"PUSH1",
"OP_92",
"OP_90",
"OP_92",
"AND",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 819
},
{
"end_pc": 859,
"hash": "0x882b5a291076a99c7e6a4f322657d1df031102c11497d720bcbe34c915f6e23d",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"OP_91",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 842
},
{
"end_pc": 966,
"hash": "0xf0f134be1b0edca28bc641632b4a8e139bd793ccda7d1be8c017818af6d8bfda",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"OP_81",
"AND",
"PUSH1",
"OP_81",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_83",
"SHA3",
"OP_80",
"SLOAD",
"OP_87",
"OP_90",
"SUB",
"OP_90",
"SSTORE",
"OP_93",
"OP_86",
"AND",
"OP_80",
"OP_83",
"MSTORE",
"OP_91",
"OP_84",
"OP_90",
"SHA3",
"OP_80",
"SLOAD",
"OP_86",
"ADD",
"OP_90",
"SSTORE",
"OP_83",
"MLOAD",
"OP_85",
"OP_81",
"MSTORE",
"OP_93",
"MLOAD",
"OP_91",
"OP_93",
"PUSH32",
"OP_92",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"OP_90",
"OP_91",
"ADD",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 860
},
{
"end_pc": 986,
"hash": "0x318d8d1615d9191f00fb200c099821097f78bb1f36a77ec71a0cbc9a72261f44",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"NOT",
"AND",
"OP_83",
"OR",
"OP_90",
"SSTORE",
"POP",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 967
},
{
"end_pc": 1001,
"hash": "0xb017ab1e6c2caf880be2907ada5909d7ed8f4ce582307be8e8bc6fd0a40ab92a",
"opcodes": [
"JUMPDEST",
"OP_82",
"OP_80",
"ADD",
"PUSH1",
"ADD",
"OP_85",
"SSTORE",
"OP_82",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 987
},
{
"end_pc": 1004,
"hash": "0xcdb90071299966403c340e60e404c96e0dd5fa84bc06f175dd9f911fa0f2b371",
"opcodes": [
"OP_91",
"OP_82",
"ADD"
],
"start_pc": 1002
},
{
"end_pc": 1013,
"hash": "0x3da810d2aa079584d285ac3b38834672c781552132600f85afa379d4b7645590",
"opcodes": [
"JUMPDEST",
"OP_82",
"OP_81",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1005
},
{
"end_pc": 1034,
"hash": "0xb2c5e160954e79a9e7d982f8ecb1651101fccb0e32b45677dbe36ead6d76413a",
"opcodes": [
"OP_82",
"MLOAD",
"OP_82",
"PUSH1",
"POP",
"SSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH2",
"JUMP"
],
"start_pc": 1014
},
{
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"end_pc": 1099,
"hash": "0x4e7341733f80608fc94052eafc77a5313bb5ce504b07b80c88a72aadcb08ed02",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"OP_90",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_82",
"OP_80",
"SLOAD",
"PUSH1",
"OP_81",
"PUSH1",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"SUB",
"AND",
"PUSH1",
"OP_90",
"DIV",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90",
"PUSH1",
"ADD",
"PUSH1",
"OP_90",
"DIV",
"OP_81",
"ADD",
"OP_92",
"OP_82",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 1035
},
{
"end_pc": 1111,
"hash": "0x0a9cd18cf68ffd2a8c4a0064004acec5f1be5b69a57765f5283b92d3be08df98",
"opcodes": [
"OP_80",
"MLOAD",
"PUSH1",
"NOT",
"AND",
"OP_83",
"OP_80",
"ADD",
"OR",
"OP_85",
"SSTORE"
],
"start_pc": 1100
},
{
"end_pc": 1123,
"hash": "0x8047cbec4598d79c0796304eb0ff25e6674f6ea6bbac5afe80c5b18e73c9129f",
"opcodes": [
"JUMPDEST",
"POP",
"PUSH2",
"OP_92",
"OP_91",
"POP",
"PUSH2",
"JUMP"
],
"start_pc": 1112
},
{
"end_pc": 1127,
"hash": "0xbddd9d87bd1f1eeb6c4e4be86a3640ffd09524c3532e1b6e488b4fa3b47c32eb",
"opcodes": [
"JUMPDEST",
"POP",
"OP_90",
"JUMP"
],
"start_pc": 1124
},
{
"end_pc": 1142,
"hash": "0x74b4b5aa40674bf924bd1021c30458e3603e4b148bff4e73fbba30e6da168d0f",
"opcodes": [
"JUMPDEST",
"OP_82",
"OP_80",
"ADD",
"PUSH1",
"ADD",
"OP_85",
"SSTORE",
"OP_82",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1128
},
{
"end_pc": 1145,
"hash": "0xd1afbc90ce2be9eb8aa517dfce23fee3d6283ffad6455f28a12a968402eaaae9",
"opcodes": [
"OP_91",
"OP_82",
"ADD"
],
"start_pc": 1143
},
{
"end_pc": 1154,
"hash": "0x9469457c950455bdcb86cedb7984812f34ad1e1a21e35624f86e2834ab45dacb",
"opcodes": [
"JUMPDEST",
"OP_82",
"OP_81",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1146
},
{
"end_pc": 1175,
"hash": "0x16e37b24b60bbb03e90e17ee208898c61b2b1be00aa48aa5ac9b0efb24efd297",
"opcodes": [
"OP_82",
"MLOAD",
"OP_82",
"PUSH1",
"POP",
"SSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH2",
"JUMP"
],
"start_pc": 1155
},
{
"end_pc": 1189,
"hash": "0x45cf5f9cbd050b4c019cd389d95591287adde0537581f812de58df9161758b12",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 1176
},
{
"end_pc": 1209,
"hash": "0x5b158ea2936f6395b587a944a983589ee4ade06d533c5e979fc39e481fdefc15",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 1190
},
{
"end_pc": 1218,
"hash": "0xbf11f14b5827ed03d1e1aaa49aea850890a6410a4e91af655e7c3a26d534d96d",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 1210
},
{
"end_pc": 1226,
"hash": "0x8aa06c3595e6fd2cee1af1a07280561927df1c7364518de8aad3716d9213a4ad",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 1219
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 763,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:97",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:99",
exec
/bin/bash -lc "sed -n '1301,1560p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:193",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:491",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:503",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:527",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:536",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:631",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:99",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:99",
"to": "bb:166",
"type": "control_flow_fallthrough"
},
{
"from": "bb:166",
"to": "bb:1176",
"type": "control_flow"
},
{
"from": "bb:166",
"to": "bb:174",
"type": "control_flow_fallthrough"
},
{
"from": "bb:174",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:987",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:451",
"type": "control_flow_fallthrough"
},
{
"from": "bb:451",
"to": "bb:463",
"type": "control_flow_fallthrough"
},
{
"from": "bb:463",
"to": "bb:471",
"type": "control_flow_fallthrough"
},
{
"from": "bb:471",
"to": "bb:1124",
"type": "control_flow"
},
{
"from": "bb:471",
"to": "bb:480",
"type": "control_flow_fallthrough"
},
{
"from": "bb:480",
"to": "bb:471",
"type": "control_flow"
},
{
"from": "bb:536",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:536",
"to": "bb:604",
"type": "control_flow_fallthrough"
},
{
"from": "bb:604",
"to": "bb:1176",
"type": "control_flow"
},
{
"from": "bb:604",
"to": "bb:612",
"type": "control_flow_fallthrough"
},
{
"from": "bb:612",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:631",
"to": "bb:699",
"type": "control_flow"
},
{
"from": "bb:631",
"to": "bb:674",
"type": "control_flow_fallthrough"
},
{
"from": "bb:674",
"to": "bb:699",
"type": "control_flow_fallthrough"
},
{
"from": "bb:699",
"to": "bb:860",
"type": "control_flow"
},
{
"from": "bb:699",
"to": "bb:705",
"type": "control_flow_fallthrough"
},
{
"from": "bb:709",
"to": "bb:805",
"type": "control_flow"
},
{
"from": "bb:709",
"to": "bb:780",
"type": "control_flow_fallthrough"
},
{
"from": "bb:780",
"to": "bb:805",
"type": "control_flow_fallthrough"
},
{
"from": "bb:987",
"to": "bb:463",
"type": "control_flow"
},
{
"from": "bb:987",
"to": "bb:1002",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1002",
"to": "bb:1005",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1005",
"to": "bb:463",
"type": "control_flow"
},
{
"from": "bb:1005",
"to": "bb:1014",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1014",
"to": "bb:1005",
"type": "control_flow"
},
{
"from": "bb:1035",
"to": "bb:1128",
"type": "control_flow"
},
{
"from": "bb:1035",
"to": "bb:1100",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1100",
"to": "bb:1112",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1112",
"to": "bb:471",
"type": "control_flow"
},
{
"from": "bb:1128",
"to": "bb:1112",
"type": "control_flow"
},
{
"from": "bb:1128",
"to": "bb:1143",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1143",
"to": "bb:1146",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1146",
"to": "bb:1112",
exec
/bin/bash -lc "sed -n '1561,1820p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"type": "control_flow"
},
{
"from": "bb:1146",
"to": "bb:1155",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1155",
"to": "bb:1146",
"type": "control_flow"
},
{
"from": "bb:1176",
"to": "bb:1190",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1190",
"to": "bb:1190",
"type": "control_flow"
},
{
"from": "bb:1190",
"to": "bb:1210",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1210",
"to": "bb:1219",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x24445732fef48fc9c604646b3aec56de60316d671691d3d9286f46fd5d9df31b",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 826074471,
"selector": "0x1d2bca17"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 1927107227,
"selector": "0x70a08231"
},
{
"entry_pc": 2514000705,
"selector": "0x72dd529b"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x1d2bca17",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1927107227,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
exec
/bin/bash -lc "sed -n '1821,2080p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x72dd529b",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
}
}
],
"selectors": [
"0x06fdde03",
"0x1d2bca17",
"0x313ce567",
"0x70a08231",
"0x72dd529b",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 8,
"reads": 15,
"slots": [
{
"op": "SLOAD",
"pc": 106,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 179,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 497,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 533,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 543,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 617,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 973,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
}
],
"writes": 11
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x5776ebb5e2724081026d107c5152fae5713d938973a3ee94956b0a576edcbded",
"created_at": "2026-04-04T19:58:32.000000Z",
"id": 2602,
"updated_at": "2026-04-04T19:58:32.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x5fb7f726249ded65635bcebda9b292b026088a87",
"block_number": null,
"chain_id": 1,
"child_links": [],
exec
/bin/bash -lc "sed -n '2081,2360p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"created_at": "2025-12-19T20:03:57.000000Z",
"id": "019b3836-3c1c-73f1-8d3d-ffdb519bf95c",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:58:32.000000Z"
},
"artifact": {
"codehash": "0x5776ebb5e2724081026d107c5152fae5713d938973a3ee94956b0a576edcbded",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100615760e060020a600035046306fdde0381146100635780631d2bca17146100c1578063313ce567146101eb57806370a08231146101f757806372dd529b1461020f57806395d89b4114610218578063a9059cbb14610277575b005b6102c56000805460408051602060026001851615610100026000190190941693909304601f810184900484028201840190925281815292918301828280156104c35780601f10610498576101008083540402835291602001916104c3565b60408051602060248035600481810135601f8101859004850286018501909652858552610061958135959194604494929390920191819084018382808284375050604080516020606435808b0135601f81018390048302840183019094528383529799983598976084975091955060249190910193509091508190840183828082843750949650505050505050600160a060020a033316600090815260046020908152604082208690558154855183805260026001831615610100026000190190921691909104601f9081018390047f290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563908101939091908801908390106103db57805160ff19168380011785555b5061040b9291505b8082111561046457600081556001016101d7565b61033360025460ff1681565b61034a60043560046020526000908152604090205481565b61034a60035481565b6102c560018054604080516020601f6002600019610100878916150201909516949094049384018190048102820181019092528281529291908301828280156104c35780601f10610498576101008083540402835291602001916104c3565b610061600435602435600160a060020a033316600090815260046020526040902054819010806102bb5750600160a060020a03821660009081526040902054818101105b1561035c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103255780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6040805160ff929092168252519081900360200190f35b60408051918252519081900360200190f35b600160a060020a03338116600081815260046020908152604080832080548790039055938616808352918490208054860190558351858152935191937fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef929081900390910190a35050565b50506002805460ff19168317905550505050565b828001600101855582156101cf579182015b828111156101cf5782518260005055916020019190600101906103ed565b50508060016000509080519060200190828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061046857805160ff19168380011785555b506103c79291506101d7565b5090565b82800160010185558215610458579182015b8281111561045857825182600050559160200191906001019061047a565b820191906000526020600020905b8154815290600101906020018083116104a657829003601f168201915b50505050508156",
"head": null,
"length": 2456,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x5fb7f726249ded65635bcebda9b292b026088a87",
"block_number": null,
"chain_id": 1,
"codehash": "0x5776ebb5e2724081026d107c5152fae5713d938973a3ee94956b0a576edcbded",
"created_at": "2026-04-04T19:58:33.000000Z",
"graph_hash": "0x0d0d518a0685cb0ca078076e0437ce421da41636ffb2e9bf36f295cfd98bd8de",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:97",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:99",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:193",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:491",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:503",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:527",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:536",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:631",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:99",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:99",
"to": "bb:166",
"type": "control_flow_fallthrough"
},
{
"from": "bb:166",
"to": "bb:1176",
"type": "control_flow"
},
{
"from": "bb:166",
"to": "bb:174",
"type": "control_flow_fallthrough"
},
{
"from": "bb:174",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:987",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:451",
"type": "control_flow_fallthrough"
},
{
"from": "bb:451",
"to": "bb:463",
"type": "control_flow_fallthrough"
},
{
"from": "bb:463",
"to": "bb:471",
"type": "control_flow_fallthrough"
},
{
"from": "bb:471",
"to": "bb:1124",
"type": "control_flow"
},
{
"from": "bb:471",
"to": "bb:480",
"type": "control_flow_fallthrough"
},
{
"from": "bb:480",
"to": "bb:471",
"type": "control_flow"
},
{
"from": "bb:536",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:536",
"to": "bb:604",
"type": "control_flow_fallthrough"
},
{
"from": "bb:604",
"to": "bb:1176",
"type": "control_flow"
},
{
"from": "bb:604",
"to": "bb:612",
"type": "control_flow_fallthrough"
},
{
"from": "bb:612",
"to": "bb:1219",
"type": "control_flow"
},
{
"from": "bb:631",
"to": "bb:699",
"type": "control_flow"
},
{
"from": "bb:631",
"to": "bb:674",
"type": "control_flow_fallthrough"
},
{
"from": "bb:674",
"to": "bb:699",
"type": "control_flow_fallthrough"
},
{
"from": "bb:699",
"to": "bb:860",
"type": "control_flow"
},
{
"from": "bb:699",
"to": "bb:705",
"type": "control_flow_fallthrough"
},
{
"from": "bb:709",
"to": "bb:805",
"type": "control_flow"
},
{
"from": "bb:709",
"to": "bb:780",
"type": "control_flow_fallthrough"
},
{
"from": "bb:780",
"to": "bb:805",
"type": "control_flow_fallthrough"
},
{
"from": "bb:987",
"to": "bb:463",
"type": "control_flow"
},
{
"from": "bb:987",
"to": "bb:1002",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1002",
"to": "bb:1005",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1005",
"to": "bb:463",
"type": "control_flow"
},
{
"from": "bb:1005",
"to": "bb:1014",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1014",
"to": "bb:1005",
"type": "control_flow"
},
{
"from": "bb:1035",
"to": "bb:1128",
"type": "control_flow"
},
{
"from": "bb:1035",
"to": "bb:1100",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1100",
exec
/bin/bash -lc "rg -n 'detector|evidence|finding|name|symbol|transfer|approve|allowance|balanceOf|totalSupply|callsite|slot_labels|proxy|reentr|delegatecall|selfdestruct|external call' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
1278: "callsites": [
1635: "delegatecall": 0,
1636: "selfdestruct": 0,
1689: "delegatecall": 0,
1690: "selfdestruct": 0,
1743: "delegatecall": 0,
1744: "selfdestruct": 0,
1797: "delegatecall": 0,
1798: "selfdestruct": 0,
1851: "delegatecall": 0,
1852: "selfdestruct": 0,
1905: "delegatecall": 0,
1906: "selfdestruct": 0,
1959: "delegatecall": 0,
1960: "selfdestruct": 0,
2019: "delegatecall": 0,
2020: "selfdestruct": 0,
2095: "is_proxy": false,
2810: "type": "callsite"
2865: "detector_findings": [
2868: "evidence_json": {
2907: "evidence_json": {
2925: "title": "ETH value transfer possible",
2947: "delegatecall_count": 0,
2949: "selfdestruct_count": 0
exec
/bin/bash -lc "sed -n '2760,2985p' BYTECODE_BUNDLE.json" in /tmp/codex-oqmedeti
succeeded in 0ms:
"id": "bb:1143",
"start_pc": 1143,
"type": "basic_block"
},
{
"end_pc": 1154,
"hash": "0x9469457c950455bdcb86cedb7984812f34ad1e1a21e35624f86e2834ab45dacb",
"id": "bb:1146",
"start_pc": 1146,
"type": "basic_block"
},
{
"end_pc": 1175,
"hash": "0x16e37b24b60bbb03e90e17ee208898c61b2b1be00aa48aa5ac9b0efb24efd297",
"id": "bb:1155",
"start_pc": 1155,
"type": "basic_block"
},
{
"end_pc": 1189,
"hash": "0x45cf5f9cbd050b4c019cd389d95591287adde0537581f812de58df9161758b12",
"id": "bb:1176",
"start_pc": 1176,
"type": "basic_block"
},
{
"end_pc": 1209,
"hash": "0x5b158ea2936f6395b587a944a983589ee4ade06d533c5e979fc39e481fdefc15",
"id": "bb:1190",
"start_pc": 1190,
"type": "basic_block"
},
{
"end_pc": 1218,
"hash": "0xbf11f14b5827ed03d1e1aaa49aea850890a6410a4e91af655e7c3a26d534d96d",
"id": "bb:1210",
"start_pc": 1210,
"type": "basic_block"
},
{
"end_pc": 1226,
"hash": "0x8aa06c3595e6fd2cee1af1a07280561927df1c7364518de8aad3716d9213a4ad",
"id": "bb:1219",
"start_pc": 1219,
"type": "basic_block"
},
{
"id": "call:763",
"opcode": "CALL",
"pc": 763,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x1d2bca17",
"selector": "0x1d2bca17",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 1927107227,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x72dd529b",
"selector": "0x72dd529b",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2601,
"updated_at": "2026-04-04T19:58:33.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 763,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x5fb7f726249ded65635bcebda9b292b026088a87"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 763,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x5fb7f726249ded65635bcebda9b292b026088a87"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "node -e 'const fs=require(\"fs\"); const j=JSON.parse(fs.readFileSync(\"BYTECODE_BUNDLE.json\",\"utf8\")); const hex=j.artifact.runtime_bytecode.full.slice(2); const op={0x00:[\"STOP\",0],0x01:[\"ADD\",0],0x02:[\"MUL\",0],0x03:[\"SUB\",0],0x04:[\"DIV\",0],0x05:[\"SDIV\",0],0x06:[\"MOD\",0],0x07:[\"SMOD\",0],0x08:[\"ADDMOD\",0],0x09:[\"MULMOD\",0],0x0a:[\"EXP\",0],0x0b:[\"SIGNEXTEND\",0],0x10:[\"LT\",0],0x11:[\"GT\",0],0x12:[\"SLT\",0],0x13:[\"SGT\",0],0x14:[\"EQ\",0],0x15:[\"ISZERO\",0],0x16:[\"AND\",0],0x17:[\"OR\",0],0x18:[\"XOR\",0],0x19:[\"NOT\",0],0x1a:[\"BYTE\",0],0x20:[\"SHA3\",0],0x30:[\"ADDRESS\",0],0x31:[\"BALANCE\",0],0x32:[\"ORIGIN\",0],0x33:[\"CALLER\",0],0x34:[\"CALLVALUE\",0],0x35:[\"CALLDATALOAD\",0],0x36:[\"CALLDATASIZE\",0],0x37:[\"CALLDATACOPY\",0],0x38:[\"CODESIZE\",0],0x39:[\"CODECOPY\",0],0x3a:[\"GASPRICE\",0],0x3b:[\"EXTCODESIZE\",0],0x3c:[\"EXTCODECOPY\",0],0x3d:[\"RETURNDATASIZE\",0],0x3e:[\"RETURNDATACOPY\",0],0x40:[\"BLOCKHASH\",0],0x41:[\"COINBASE\",0],0x42:[\"TIMESTAMP\",0],0x43:[\"NUMBER\",0],0x44:[\"DIFFICULTY\",0],0x45:[\"GASLIMIT\",0],0x50:[\"POP\",0],0x51:[\"MLOAD\",0],0x52:[\"MSTORE\",0],0x53:[\"MSTORE8\",0],0x54:[\"SLOAD\",0],0x55:[\"SSTORE\",0],0x56:[\"JUMP\",0],0x57:[\"JUMPI\",0],0x58:[\"PC\",0],0x59:[\"MSIZE\",0],0x5a:[\"GAS\",0],0x5b:[\"JUMPDEST\",0],0xf0:[\"CREATE\",0],0xf1:[\"CALL\",0],0xf2:[\"CALLCODE\",0],0xf3:[\"RETURN\",0],0xf4:[\"DELEGATECALL\",0],0xf5:[\"CREATE2\",0],0xfa:[\"STATICCALL\",0],0xfd:[\"REVERT\",0],0xfe:[\"INVALID\",0],0xff:[\"SELFDESTRUCT\",0]}; for(let i=0;i<16;i++){op[0x60+i]=["'`PUSH${i+1}`,i+1];op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];op[0xa0+i]=[`LOG${i}`,0];} let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm=""; if(n){imm=hex.slice(pc*2+2,pc*2+2+n*2);} if(pc>=680&&pc<=790) console.log(pc.toString().padStart(4), name, imm?`0x${imm}`:""); pc+=1+n; }'"'" in /tmp/codex-oqmedeti
succeeded in 0ms:
681 EXP
682 SUB
683 DUP3
684 AND
685 PUSH1 0x00
687 SWAP1
688 DUP2
689 MSTORE
690 PUSH1 0x40
692 SWAP1
693 SHA3
694 SLOAD
695 DUP2
696 DUP2
697 ADD
698 LT
699 JUMPDEST
700 ISZERO
701 PUSH2 0x035c
704 JUMPI
705 PUSH2 0x0002
708 JUMP
709 JUMPDEST
710 PUSH1 0x40
712 MLOAD
713 DUP1
714 DUP1
715 PUSH1 0x20
717 ADD
718 DUP3
719 DUP2
720 SUB
721 DUP3
722 MSTORE
723 DUP4
724 DUP2
725 DUP2
726 MLOAD
727 DUP2
728 MSTORE
729 PUSH1 0x20
731 ADD
732 SWAP2
733 POP
734 DUP1
735 MLOAD
736 SWAP1
737 PUSH1 0x20
739 ADD
740 SWAP1
741 DUP1
742 DUP4
743 DUP4
744 DUP3
745 SWAP1
746 PUSH1 0x00
748 PUSH1 0x04
750 PUSH1 0x20
752 DUP5
753 PUSH1 0x1f
755 ADD
756 DIV
757 PUSH1 0x0f
759 MUL
760 PUSH1 0x03
762 ADD
763 CALL
764 POP
765 SWAP1
766 POP
767 SWAP1
768 DUP2
769 ADD
770 SWAP1
771 PUSH1 0x1f
773 AND
774 DUP1
775 ISZERO
776 PUSH2 0x0325
779 JUMPI
780 DUP1
781 DUP3
782 SUB
783 DUP1
784 MLOAD
785 PUSH1 0x01
787 DUP4
788 PUSH1 0x20
790 SUB
exec
/bin/bash -lc "node -e 'const fs=require(\"fs\"); const j=JSON.parse(fs.readFileSync(\"BYTECODE_BUNDLE.json\",\"utf8\")); const hex=j.artifact.runtime_bytecode.full.slice(2); const op={0x00:[\"STOP\",0],0x01:[\"ADD\",0],0x02:[\"MUL\",0],0x03:[\"SUB\",0],0x04:[\"DIV\",0],0x05:[\"SDIV\",0],0x06:[\"MOD\",0],0x07:[\"SMOD\",0],0x08:[\"ADDMOD\",0],0x09:[\"MULMOD\",0],0x0a:[\"EXP\",0],0x0b:[\"SIGNEXTEND\",0],0x10:[\"LT\",0],0x11:[\"GT\",0],0x14:[\"EQ\",0],0x15:[\"ISZERO\",0],0x16:[\"AND\",0],0x17:[\"OR\",0],0x19:[\"NOT\",0],0x20:[\"SHA3\",0],0x30:[\"ADDRESS\",0],0x31:[\"BALANCE\",0],0x33:[\"CALLER\",0],0x34:[\"CALLVALUE\",0],0x35:[\"CALLDATALOAD\",0],0x36:[\"CALLDATASIZE\",0],0x37:[\"CALLDATACOPY\",0],0x39:[\"CODECOPY\",0],0x50:[\"POP\",0],0x51:[\"MLOAD\",0],0x52:[\"MSTORE\",0],0x54:[\"SLOAD\",0],0x55:[\"SSTORE\",0],0x56:[\"JUMP\",0],0x57:[\"JUMPI\",0],0x5a:[\"GAS\",0],0x5b:[\"JUMPDEST\",0],0xf1:[\"CALL\",0],0xf3:[\"RETURN\",0],0xfd:[\"REVERT\",0]}; for(let i=0;i<16;i++){op[0x60+i]=["'`PUSH${i+1}`,i+1];op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];op[0xa0+i]=[`LOG${i}`,0];} let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm=""; if(n){imm=hex.slice(pc*2+2,pc*2+2+n*2);} if(pc<=120) console.log(pc.toString().padStart(4), name, imm?`0x${imm}`:""); pc+=1+n; }'"'" in /tmp/codex-oqmedeti
succeeded in 0ms:
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 CALLDATASIZE
6 ISZERO
7 PUSH2 0x0061
10 JUMPI
11 PUSH1 0xe0
13 PUSH1 0x02
15 EXP
16 PUSH1 0x00
18 CALLDATALOAD
19 DIV
20 PUSH4 0x06fdde03
25 DUP2
26 EQ
27 PUSH2 0x0063
30 JUMPI
31 DUP1
32 PUSH4 0x1d2bca17
37 EQ
38 PUSH2 0x00c1
41 JUMPI
42 DUP1
43 PUSH4 0x313ce567
48 EQ
49 PUSH2 0x01eb
52 JUMPI
53 DUP1
54 PUSH4 0x70a08231
59 EQ
60 PUSH2 0x01f7
63 JUMPI
64 DUP1
65 PUSH4 0x72dd529b
70 EQ
71 PUSH2 0x020f
74 JUMPI
75 DUP1
76 PUSH4 0x95d89b41
81 EQ
82 PUSH2 0x0218
85 JUMPI
86 DUP1
87 PUSH4 0xa9059cbb
92 EQ
93 PUSH2 0x0277
96 JUMPI
97 JUMPDEST
98 STOP
99 JUMPDEST
100 PUSH2 0x02c5
103 PUSH1 0x00
105 DUP1
106 SLOAD
107 PUSH1 0x40
109 DUP1
110 MLOAD
111 PUSH1 0x20
113 PUSH1 0x02
115 PUSH1 0x01
117 DUP6
118 AND
119 ISZERO
120 PUSH2 0x0100
exec
/bin/bash -lc "node -e 'const fs=require(\"fs\"); const j=JSON.parse(fs.readFileSync(\"BYTECODE_BUNDLE.json\",\"utf8\")); const hex=j.artifact.runtime_bytecode.full.slice(2); const op={0x00:[\"STOP\",0],0x01:[\"ADD\",0],0x02:[\"MUL\",0],0x03:[\"SUB\",0],0x04:[\"DIV\",0],0x0a:[\"EXP\",0],0x10:[\"LT\",0],0x11:[\"GT\",0],0x14:[\"EQ\",0],0x15:[\"ISZERO\",0],0x16:[\"AND\",0],0x17:[\"OR\",0],0x19:[\"NOT\",0],0x20:[\"SHA3\",0],0x33:[\"CALLER\",0],0x35:[\"CALLDATALOAD\",0],0x50:[\"POP\",0],0x51:[\"MLOAD\",0],0x52:[\"MSTORE\",0],0x54:[\"SLOAD\",0],0x55:[\"SSTORE\",0],0x56:[\"JUMP\",0],0x57:[\"JUMPI\",0],0x5b:[\"JUMPDEST\",0],0xf3:[\"RETURN\",0]}; for(let i=0;i<16;i++){op[0x60+i]=["'`PUSH${i+1}`,i+1];op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];op[0xa0+i]=[`LOG${i}`,0];} let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm=""; if(n){imm=hex.slice(pc*2+2,pc*2+2+n*2);} if(pc>=491&&pc<=540) console.log(pc.toString().padStart(4), name, imm?`0x${imm}`:""); pc+=1+n; }'"'" in /tmp/codex-oqmedeti
succeeded in 0ms:
491 JUMPDEST
492 PUSH2 0x0333
495 PUSH1 0x02
497 SLOAD
498 PUSH1 0xff
500 AND
501 DUP2
502 JUMP
503 JUMPDEST
504 PUSH2 0x034a
507 PUSH1 0x04
509 CALLDATALOAD
510 PUSH1 0x04
512 PUSH1 0x20
514 MSTORE
515 PUSH1 0x00
517 SWAP1
518 DUP2
519 MSTORE
520 PUSH1 0x40
522 SWAP1
523 SHA3
524 SLOAD
525 DUP2
526 JUMP
527 JUMPDEST
528 PUSH2 0x034a
531 PUSH1 0x03
533 SLOAD
534 DUP2
535 JUMP
536 JUMPDEST
537 PUSH2 0x02c5
540 PUSH1 0x01
exec
/bin/bash -lc "node -e 'const fs=require(\"fs\"); const j=JSON.parse(fs.readFileSync(\"BYTECODE_BUNDLE.json\",\"utf8\")); const hex=j.artifact.runtime_bytecode.full.slice(2); const op={0x00:[\"STOP\",0],0x01:[\"ADD\",0],0x02:[\"MUL\",0],0x03:[\"SUB\",0],0x04:[\"DIV\",0],0x0a:[\"EXP\",0],0x10:[\"LT\",0],0x11:[\"GT\",0],0x14:[\"EQ\",0],0x15:[\"ISZERO\",0],0x16:[\"AND\",0],0x17:[\"OR\",0],0x20:[\"SHA3\",0],0x33:[\"CALLER\",0],0x35:[\"CALLDATALOAD\",0],0x50:[\"POP\",0],0x51:[\"MLOAD\",0],0x52:[\"MSTORE\",0],0x54:[\"SLOAD\",0],0x55:[\"SSTORE\",0],0x56:[\"JUMP\",0],0x57:[\"JUMPI\",0],0x5b:[\"JUMPDEST\",0],0xa3:[\"LOG3\",0],0xf3:[\"RETURN\",0]}; for(let i=0;i<16;i++){op[0x60+i]=["'`PUSH${i+1}`,i+1];op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];} let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm=""; if(n){imm=hex.slice(pc*2+2,pc*2+2+n*2);} if(pc>=631&&pc<=966) console.log(pc.toString().padStart(4), name, imm?`0x${imm}`:""); pc+=1+n; }'"'" in /tmp/codex-oqmedeti
succeeded in 0ms:
631 JUMPDEST
632 PUSH2 0x0061
635 PUSH1 0x04
637 CALLDATALOAD
638 PUSH1 0x24
640 CALLDATALOAD
641 PUSH1 0x01
643 PUSH1 0xa0
645 PUSH1 0x02
647 EXP
648 SUB
649 CALLER
650 AND
651 PUSH1 0x00
653 SWAP1
654 DUP2
655 MSTORE
656 PUSH1 0x04
658 PUSH1 0x20
660 MSTORE
661 PUSH1 0x40
663 SWAP1
664 SHA3
665 SLOAD
666 DUP2
667 SWAP1
668 LT
669 DUP1
670 PUSH2 0x02bb
673 JUMPI
674 POP
675 PUSH1 0x01
677 PUSH1 0xa0
679 PUSH1 0x02
681 EXP
682 SUB
683 DUP3
684 AND
685 PUSH1 0x00
687 SWAP1
688 DUP2
689 MSTORE
690 PUSH1 0x40
692 SWAP1
693 SHA3
694 SLOAD
695 DUP2
696 DUP2
697 ADD
698 LT
699 JUMPDEST
700 ISZERO
701 PUSH2 0x035c
704 JUMPI
705 PUSH2 0x0002
708 JUMP
709 JUMPDEST
710 PUSH1 0x40
712 MLOAD
713 DUP1
714 DUP1
715 PUSH1 0x20
717 ADD
718 DUP3
719 DUP2
720 SUB
721 DUP3
722 MSTORE
723 DUP4
724 DUP2
725 DUP2
726 MLOAD
727 DUP2
728 MSTORE
729 PUSH1 0x20
731 ADD
732 SWAP2
733 POP
734 DUP1
735 MLOAD
736 SWAP1
737 PUSH1 0x20
739 ADD
740 SWAP1
741 DUP1
742 DUP4
743 DUP4
744 DUP3
745 SWAP1
746 PUSH1 0x00
748 PUSH1 0x04
750 PUSH1 0x20
752 DUP5
753 PUSH1 0x1f
755 ADD
756 DIV
757 PUSH1 0x0f
759 MUL
760 PUSH1 0x03
762 ADD
763 OP_f1
764 POP
765 SWAP1
766 POP
767 SWAP1
768 DUP2
769 ADD
770 SWAP1
771 PUSH1 0x1f
773 AND
774 DUP1
775 ISZERO
776 PUSH2 0x0325
779 JUMPI
780 DUP1
781 DUP3
782 SUB
783 DUP1
784 MLOAD
785 PUSH1 0x01
787 DUP4
788 PUSH1 0x20
790 SUB
791 PUSH2 0x0100
794 EXP
795 SUB
796 OP_19
797 AND
798 DUP2
799 MSTORE
800 PUSH1 0x20
802 ADD
803 SWAP2
804 POP
805 JUMPDEST
806 POP
807 SWAP3
808 POP
809 POP
810 POP
811 PUSH1 0x40
813 MLOAD
814 DUP1
815 SWAP2
816 SUB
817 SWAP1
818 RETURN
819 JUMPDEST
820 PUSH1 0x40
822 DUP1
823 MLOAD
824 PUSH1 0xff
826 SWAP3
827 SWAP1
828 SWAP3
829 AND
830 DUP3
831 MSTORE
832 MLOAD
833 SWAP1
834 DUP2
835 SWAP1
836 SUB
837 PUSH1 0x20
839 ADD
840 SWAP1
841 RETURN
842 JUMPDEST
843 PUSH1 0x40
845 DUP1
846 MLOAD
847 SWAP2
848 DUP3
849 MSTORE
850 MLOAD
851 SWAP1
852 DUP2
853 SWAP1
854 SUB
855 PUSH1 0x20
857 ADD
858 SWAP1
859 RETURN
860 JUMPDEST
861 PUSH1 0x01
863 PUSH1 0xa0
865 PUSH1 0x02
867 EXP
868 SUB
869 CALLER
870 DUP2
871 AND
872 PUSH1 0x00
874 DUP2
875 DUP2
876 MSTORE
877 PUSH1 0x04
879 PUSH1 0x20
881 SWAP1
882 DUP2
883 MSTORE
884 PUSH1 0x40
886 DUP1
887 DUP4
888 SHA3
889 DUP1
890 SLOAD
891 DUP8
892 SWAP1
893 SUB
894 SWAP1
895 SSTORE
896 SWAP4
897 DUP7
898 AND
899 DUP1
900 DUP4
901 MSTORE
902 SWAP2
903 DUP5
904 SWAP1
905 SHA3
906 DUP1
907 SLOAD
908 DUP7
909 ADD
910 SWAP1
911 SSTORE
912 DUP4
913 MLOAD
914 DUP6
915 DUP2
916 MSTORE
917 SWAP4
918 MLOAD
919 SWAP2
920 SWAP4
921 OP_7f
922 OP_dd
923 OP_f2
924 MSTORE
925 OP_ad
926 OP_1b
927 OP_e2
928 OP_c8
929 SWAP12
930 PUSH10 0xc2b068fc378daa952ba7
941 OP_f1
942 PUSH4 0xc4a11628
947 OP_f5
948 OP_5a
949 OP_4d
950 OP_f5
951 OP_23
952 OP_b3
953 OP_ef
954 SWAP3
955 SWAP1
956 DUP2
957 SWAP1
958 SUB
959 SWAP1
960 SWAP2
961 ADD
962 SWAP1
963 LOG3
964 POP
965 POP
966 JUMP
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex=j.artifact.runtime_bytecode.full.slice(2);
const op={0x00:['STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x05:['SDIV',0],0x06:['MOD',0],0x07:['SMOD',0],0x08:['ADDMOD',0],0x09:['MULMOD',0],0x0a:['EXP',0],0x0b:['SIGNEXTEND',0],0x10:['LT',0],0x11:['GT',0],0x12:['SLT',0],0x13:['SGT',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x18:['XOR',0],0x19:['NOT',0],0x1a:['BYTE',0],0x20:['SHA3',0],0x30:['ADDRESS',0],0x31:['BALANCE',0],0x32:['ORIGIN',0],0x33:['CALLER',0],0x34:['CALLVALUE',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x38:['CODESIZE',0],0x39:['CODECOPY',0],0x3a:['GASPRICE',0],0x3b:['EXTCODESIZE',0],0x3c:['EXTCODECOPY',0],0x3d:['RETURNDATASIZE',0],0x3e:['RETURNDATACOPY',0],0x40:['BLOCKHASH',0],0x41:['COINBASE',0],0x42:['TIMESTAMP',0],0x43:['NUMBER',0],0x44:['PREVRANDAO',0],0x45:['GASLIMIT',0],0x46:['CHAINID',0],0x47:['SELFBALANCE',0],0x48:['BASEFEE',0],0x50:['POP',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x53:['MSTORE8',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x58:['PC',0],0x59:['MSIZE',0],0x5a:['GAS',0],0x5b:['JUMPDEST',0],0xf0:['CREATE',0],0xf1:['CALL',0],0xf2:['CALLCODE',0],0xf3:['RETURN',0],0xf4:['DELEGATECALL',0],0xf5:['CREATE2',0],0xfa:['STATICCALL',0],0xfd:['REVERT',0],0xfe:['INVALID',0],0xff:['SELFDESTRUCT',0]};
for(let i=0;i<32;i++) op[0x60+i]=["'`PUSH${i+1}`,i+1];
for(let i=0;i<16;i++) {op[0x80+i]=[`DUP${i+1}`,0]; op[0x90+i]=[`SWAP${i+1}`,0]; op[0xa0+i]=[`LOG${i}`,0];}
let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm='"''; if(n) imm=hex.slice(pc*2+2,pc*2+2+n*2); if(pc>=193&&pc<=490) console.log(String(pc).padStart(4), name, imm?"'`0x${imm}`:'"''); pc+=1+n; }
NODE" in /tmp/codex-oqmedeti
succeeded in 0ms:
193 JUMPDEST
194 PUSH1 0x40
196 DUP1
197 MLOAD
198 PUSH1 0x20
200 PUSH1 0x24
202 DUP1
203 CALLDATALOAD
204 PUSH1 0x04
206 DUP2
207 DUP2
208 ADD
209 CALLDATALOAD
210 PUSH1 0x1f
212 DUP2
213 ADD
214 DUP6
215 SWAP1
216 DIV
217 DUP6
218 MUL
219 DUP7
220 ADD
221 DUP6
222 ADD
223 SWAP1
224 SWAP7
225 MSTORE
226 DUP6
227 DUP6
228 MSTORE
229 PUSH2 0x0061
232 SWAP6
233 DUP2
234 CALLDATALOAD
235 SWAP6
236 SWAP2
237 SWAP5
238 PUSH1 0x44
240 SWAP5
241 SWAP3
242 SWAP4
243 SWAP1
244 SWAP3
245 ADD
246 SWAP2
247 DUP2
248 SWAP1
249 DUP5
250 ADD
251 DUP4
252 DUP3
253 DUP1
254 DUP3
255 DUP5
256 CALLDATACOPY
257 POP
258 POP
259 PUSH1 0x40
261 DUP1
262 MLOAD
263 PUSH1 0x20
265 PUSH1 0x64
267 CALLDATALOAD
268 DUP1
269 DUP12
270 ADD
271 CALLDATALOAD
272 PUSH1 0x1f
274 DUP2
275 ADD
276 DUP4
277 SWAP1
278 DIV
279 DUP4
280 MUL
281 DUP5
282 ADD
283 DUP4
284 ADD
285 SWAP1
286 SWAP5
287 MSTORE
288 DUP4
289 DUP4
290 MSTORE
291 SWAP8
292 SWAP10
293 SWAP9
294 CALLDATALOAD
295 SWAP9
296 SWAP8
297 PUSH1 0x84
299 SWAP8
300 POP
301 SWAP2
302 SWAP6
303 POP
304 PUSH1 0x24
306 SWAP2
307 SWAP1
308 SWAP2
309 ADD
310 SWAP4
311 POP
312 SWAP1
313 SWAP2
314 POP
315 DUP2
316 SWAP1
317 DUP5
318 ADD
319 DUP4
320 DUP3
321 DUP1
322 DUP3
323 DUP5
324 CALLDATACOPY
325 POP
326 SWAP5
327 SWAP7
328 POP
329 POP
330 POP
331 POP
332 POP
333 POP
334 POP
335 PUSH1 0x01
337 PUSH1 0xa0
339 PUSH1 0x02
341 EXP
342 SUB
343 CALLER
344 AND
345 PUSH1 0x00
347 SWAP1
348 DUP2
349 MSTORE
350 PUSH1 0x04
352 PUSH1 0x20
354 SWAP1
355 DUP2
356 MSTORE
357 PUSH1 0x40
359 DUP3
360 SHA3
361 DUP7
362 SWAP1
363 SSTORE
364 DUP2
365 SLOAD
366 DUP6
367 MLOAD
368 DUP4
369 DUP1
370 MSTORE
371 PUSH1 0x02
373 PUSH1 0x01
375 DUP4
376 AND
377 ISZERO
378 PUSH2 0x0100
381 MUL
382 PUSH1 0x00
384 NOT
385 ADD
386 SWAP1
387 SWAP3
388 AND
389 SWAP2
390 SWAP1
391 SWAP2
392 DIV
393 PUSH1 0x1f
395 SWAP1
396 DUP2
397 ADD
398 DUP4
399 SWAP1
400 DIV
401 PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
434 SWAP1
435 DUP2
436 ADD
437 SWAP4
438 SWAP1
439 SWAP2
440 SWAP1
441 DUP9
442 ADD
443 SWAP1
444 DUP4
445 SWAP1
446 LT
447 PUSH2 0x03db
450 JUMPI
451 DUP1
452 MLOAD
453 PUSH1 0xff
455 NOT
456 AND
457 DUP4
458 DUP1
459 ADD
460 OR
461 DUP6
462 SSTORE
463 JUMPDEST
464 POP
465 PUSH2 0x040b
468 SWAP3
469 SWAP2
470 POP
471 JUMPDEST
472 DUP1
473 DUP3
474 GT
475 ISZERO
476 PUSH2 0x0464
479 JUMPI
480 PUSH1 0x00
482 DUP2
483 SSTORE
484 PUSH1 0x01
486 ADD
487 PUSH2 0x01d7
490 JUMP
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex=j.artifact.runtime_bytecode.full.slice(2);
const op={0x00:['STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x0a:['EXP',0],0x10:['LT',0],0x11:['GT',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x19:['NOT',0],0x20:['SHA3',0],0x33:['CALLER',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x50:['POP',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x5b:['JUMPDEST',0],0xa3:['LOG3',0],0xf1:['CALL',0],0xf3:['RETURN',0],0xfd:['REVERT',0]};
for(let i=0;i<32;i++) op[0x60+i]=["'`PUSH${i+1}`,i+1];
for(let i=0;i<16;i++) {op[0x80+i]=[`DUP${i+1}`,0]; op[0x90+i]=[`SWAP${i+1}`,0]; op[0xa0+i]=[`LOG${i}`,0];}
let pc=0; while(pc<hex.length/2){ const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||[`OP_${b.toString(16)}`,0]; let imm='"''; if(n) imm=hex.slice(pc*2+2,pc*2+2+n*2); if(pc>=967&&pc<=1219) console.log(String(pc).padStart(4), name, imm?"'`0x${imm}`:'"''); pc+=1+n; }
NODE" in /tmp/codex-oqmedeti
succeeded in 0ms:
967 JUMPDEST
968 POP
969 POP
970 PUSH1 0x02
972 DUP1
973 SLOAD
974 PUSH1 0xff
976 NOT
977 AND
978 DUP4
979 OR
980 SWAP1
981 SSTORE
982 POP
983 POP
984 POP
985 POP
986 JUMP
987 JUMPDEST
988 DUP3
989 DUP1
990 ADD
991 PUSH1 0x01
993 ADD
994 DUP6
995 SSTORE
996 DUP3
997 ISZERO
998 PUSH2 0x01cf
1001 JUMPI
1002 SWAP2
1003 DUP3
1004 ADD
1005 JUMPDEST
1006 DUP3
1007 DUP2
1008 GT
1009 ISZERO
1010 PUSH2 0x01cf
1013 JUMPI
1014 DUP3
1015 MLOAD
1016 DUP3
1017 PUSH1 0x00
1019 POP
1020 SSTORE
1021 SWAP2
1022 PUSH1 0x20
1024 ADD
1025 SWAP2
1026 SWAP1
1027 PUSH1 0x01
1029 ADD
1030 SWAP1
1031 PUSH2 0x03ed
1034 JUMP
1035 JUMPDEST
1036 POP
1037 POP
1038 DUP1
1039 PUSH1 0x01
1041 PUSH1 0x00
1043 POP
1044 SWAP1
1045 DUP1
1046 MLOAD
1047 SWAP1
1048 PUSH1 0x20
1050 ADD
1051 SWAP1
1052 DUP3
1053 DUP1
1054 SLOAD
1055 PUSH1 0x01
1057 DUP2
1058 PUSH1 0x01
1060 AND
1061 ISZERO
1062 PUSH2 0x0100
1065 MUL
1066 SUB
1067 AND
1068 PUSH1 0x02
1070 SWAP1
1071 DIV
1072 SWAP1
1073 PUSH1 0x00
1075 MSTORE
1076 PUSH1 0x20
1078 PUSH1 0x00
1080 SHA3
1081 SWAP1
1082 PUSH1 0x1f
1084 ADD
1085 PUSH1 0x20
1087 SWAP1
1088 DIV
1089 DUP2
1090 ADD
1091 SWAP3
1092 DUP3
1093 PUSH1 0x1f
1095 LT
1096 PUSH2 0x0468
1099 JUMPI
1100 DUP1
1101 MLOAD
1102 PUSH1 0xff
1104 NOT
1105 AND
1106 DUP4
1107 DUP1
1108 ADD
1109 OR
1110 DUP6
1111 SSTORE
1112 JUMPDEST
1113 POP
1114 PUSH2 0x03c7
1117 SWAP3
1118 SWAP2
1119 POP
1120 PUSH2 0x01d7
1123 JUMP
1124 JUMPDEST
1125 POP
1126 SWAP1
1127 JUMP
1128 JUMPDEST
1129 DUP3
1130 DUP1
1131 ADD
1132 PUSH1 0x01
1134 ADD
1135 DUP6
1136 SSTORE
1137 DUP3
1138 ISZERO
1139 PUSH2 0x0458
1142 JUMPI
1143 SWAP2
1144 DUP3
1145 ADD
1146 JUMPDEST
1147 DUP3
1148 DUP2
1149 GT
1150 ISZERO
1151 PUSH2 0x0458
1154 JUMPI
1155 DUP3
1156 MLOAD
1157 DUP3
1158 PUSH1 0x00
1160 POP
1161 SSTORE
1162 SWAP2
1163 PUSH1 0x20
1165 ADD
1166 SWAP2
1167 SWAP1
1168 PUSH1 0x01
1170 ADD
1171 SWAP1
1172 PUSH2 0x047a
1175 JUMP
1176 JUMPDEST
1177 DUP3
1178 ADD
1179 SWAP2
1180 SWAP1
1181 PUSH1 0x00
1183 MSTORE
1184 PUSH1 0x20
1186 PUSH1 0x00
1188 SHA3
1189 SWAP1
1190 JUMPDEST
1191 DUP2
1192 SLOAD
1193 DUP2
1194 MSTORE
1195 SWAP1
1196 PUSH1 0x01
1198 ADD
1199 SWAP1
1200 PUSH1 0x20
1202 ADD
1203 DUP1
1204 DUP4
1205 GT
1206 PUSH2 0x04a6
1209 JUMPI
1210 DUP3
1211 SWAP1
1212 SUB
1213 PUSH1 0x1f
1215 AND
1216 DUP3
1217 ADD
1218 SWAP2
1219 JUMPDEST
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex=j.artifact.runtime_bytecode.full.slice(2);
const op={};for(let i=0;i<32;i++) op[0x60+i]=["'`PUSH${i+1}`,i+1];for(let i=0;i<16;i++){op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];op[0xa0+i]=[`LOG${i}`,0];}
Object.assign(op,{0x00:['"'STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x0a:['EXP',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x19:['NOT',0],0x20:['SHA3',0],0x33:['CALLER',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x5b:['JUMPDEST',0],0xf1:['CALL',0],0xf3:['RETURN',0]});
let pc=0; while(pc<hex.length/2){const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||["'`OP_${b.toString(16)}`,0]; let imm='"''; if(n) imm=hex.slice(pc*2+2,pc*2+2+n*2); if(name==='SSTORE'||name==='SLOAD') console.log(pc, name, imm?imm:''); pc+=1+n;}
NODE" in /tmp/codex-oqmedeti
succeeded in 0ms:
106 SLOAD
179 SLOAD
363 SSTORE
365 SLOAD
462 SSTORE
483 SSTORE
497 SLOAD
524 SLOAD
533 SLOAD
543 SLOAD
617 SLOAD
665 SLOAD
694 SLOAD
890 SLOAD
895 SSTORE
907 SLOAD
911 SSTORE
973 SLOAD
981 SSTORE
995 SSTORE
1020 SSTORE
1054 SLOAD
1111 SSTORE
1136 SSTORE
1161 SSTORE
1192 SLOAD
exec
/bin/bash -lc "node - <<'NODE'
const fs=require('fs');
const j=JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const hex=j.artifact.runtime_bytecode.full.slice(2);
const op={};for(let i=0;i<32;i++) op[0x60+i]=["'`PUSH${i+1}`,i+1];for(let i=0;i<16;i++){op[0x80+i]=[`DUP${i+1}`,0];op[0x90+i]=[`SWAP${i+1}`,0];op[0xa0+i]=[`LOG${i}`,0];}
Object.assign(op,{0x00:['"'STOP',0],0x01:['ADD',0],0x02:['MUL',0],0x03:['SUB',0],0x04:['DIV',0],0x0a:['EXP',0],0x10:['LT',0],0x11:['GT',0],0x14:['EQ',0],0x15:['ISZERO',0],0x16:['AND',0],0x17:['OR',0],0x19:['NOT',0],0x20:['SHA3',0],0x33:['CALLER',0],0x35:['CALLDATALOAD',0],0x36:['CALLDATASIZE',0],0x37:['CALLDATACOPY',0],0x50:['POP',0],0x51:['MLOAD',0],0x52:['MSTORE',0],0x54:['SLOAD',0],0x55:['SSTORE',0],0x56:['JUMP',0],0x57:['JUMPI',0],0x5b:['JUMPDEST',0],0xf1:['CALL',0],0xf3:['RETURN',0]});
let pc=0, arr=[]; while(pc<hex.length/2){const b=parseInt(hex.slice(pc*2,pc*2+2),16); const [name,n]=op[b]||["'`OP_${b.toString(16)}`,0]; let imm='"''; if(n) imm=hex.slice(pc*2+2,pc*2+2+n*2); arr.push({pc,name,imm}); pc+=1+n;}
for(let i=0;i<arr.length;i++) if(arr[i].name==='PUSH1'&&arr[i].imm==='03') console.log(arr.slice(Math.max(0,i-5),Math.min(arr.length,i+6)).map(x=>"'`${x.pc} ${x.name} ${x.imm||'"''}"'`).join('"'\\n')+'\\n---');
NODE" in /tmp/codex-oqmedeti
succeeded in 0ms:
524 SLOAD
525 DUP2
526 JUMP
527 JUMPDEST
528 PUSH2 034a
531 PUSH1 03
533 SLOAD
534 DUP2
535 JUMP
536 JUMPDEST
537 PUSH2 02c5
---
753 PUSH1 1f
755 ADD
756 DIV
757 PUSH1 0f
759 MUL
760 PUSH1 03
762 ADD
763 CALL
764 POP
765 SWAP1
766 POP
---
codex
{"no_findings":false,"summary":"Bytecode looks like an ERC20-like token with standard `name`/`symbol`/`decimals`/`balanceOf`/`transfer` selectors plus one unknown public selector (`0x1d2bca17`). The meaningful issue is that this unknown selector appears to be an unguarded initializer/admin path reachable in runtime: it writes caller-controlled metadata and credits `msg.sender` in the balance mapping with no observable authorization check. I did not treat the detector's `CALL` finding as exploitable because the only `CALL` at `pc:0x2fb` matches the old-solc identity-precompile memcpy pattern used while returning dynamic strings, and the traced `0x04` target is consistent with that.","findings":[{"severity":"critical","category":"access_control","title":"Public selector `0x1d2bca17` can assign arbitrary balance to the caller","exploit_scenario":"An attacker calls selector `0x1d2bca17` with crafted calldata so the amount-like argument is set to any desired value. The function hashes `CALLER` with storage slot `0x04` and performs `SSTORE`, crediting the caller in the same mapping later enforced by `transfer(0xa9059cbb)`. The attacker can then use `transfer` to move the forged balance to other accounts or liquidity venues.","recommendation":"Remove or strictly gate this selector with explicit authorization, or move one-time initialization into constructor/immutable deployment code. If the intent is minting, enforce minter roles and update all supply/accounting variables consistently.","evidence":"Dispatcher routes `0x1d2bca17` to `pc:0x0c1` (`pc:31-41`). That path contains no visible auth check before state writes. At `pc:0x14f-0x16b` it derives `keccak256(msg.sender, 0x04)` and executes `SSTORE`, so a calldata-derived value is written into the caller's balance slot. The spend path for `transfer` starts at `pc:0x277`; it reads the same `keccak256(msg.sender, 0x04)` mapping at `pc:0x299` and the recipient mapping at `pc:0x2b5`, then updates balances at `pc:0x37f` and `pc:0x38f` and emits the standard `Transfer` topic at `pc:0x399-0x3c3`. This is strong bytecode evidence of an unguarded mint/balance-setter reachable at runtime.","locations":["selector:0x1d2bca17","selector:0xa9059cbb","pc:0x0c1","pc:0x14f","pc:0x16b","pc:0x277","pc:0x299","pc:0x37f","pc:0x38f"]},{"severity":"medium","category":"auth","title":"Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`)","exploit_scenario":"A caller invokes `0x1d2bca17` after deployment and overwrites the storage later returned by standard ERC20 metadata selectors. Wallets, explorers, bridges, and indexers can then observe a different name/symbol/decimals than the one originally deployed, causing UI spoofing and accounting confusion.","recommendation":"Make metadata immutable after deployment, or restrict any metadata-update path to a trusted admin plus an explicit one-time/paused governance flow. If mutability is required, emit dedicated events and document the trust model clearly.","evidence":"Standard selector inference is best-effort, but `0x06fdde03`, `0x95d89b41`, and `0x313ce567` are the canonical ERC20 metadata selectors. Their read paths load slot `0x00` (`pc:0x63-0xC0`), slot `0x01` (`pc:0x218-0x276`), and the low byte of slot `0x02` (`pc:0x1eb-0x1f6`). The mutable selector `0x1d2bca17` reaches helper writers that store dynamic data and a packed byte into those same slots: packed write into slot `0x02` at `pc:0x3c7-0x3d5`, plus dynamic-storage write helpers at `pc:0x3db-0x40a` and `pc:0x468-0x497`, which are the matching old-solc routines for bytes/string storage used by the slot-0/slot-1 getters.","locations":["selector:0x1d2bca17","selector:0x06fdde03","selector:0x95d89b41","selector:0x313ce567","pc:0x1eb","pc:0x218","pc:0x3c7","pc:0x3db","pc:0x468"]}]}
tokens used
47,708
{
"codex": {
"ran_at": "2026-04-05T05:49:42.386348+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 2456,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode looks like an ERC20-like token with standard `name`/`symbol`/`decimals`/`balanceOf`/`transfer` selectors plus one unknown public selector (`0x1d2bca17`). The meaningful issue is that this unknown selector appears to be an unguarded initializer/admin path reachable in runtime: it writes caller-controlled metadata and credits `msg.sender` in the balance mapping with no observable authorization check. I did not treat the detector's `CALL` finding as exploitable because the only `CALL` at `pc:0x2fb` matches the old-solc identity-precompile memcpy pattern used while returning dynamic strings, and the traced `0x04` target is consistent with that.",
"raw_final": {
"summary": "Bytecode looks like an ERC20-like token with standard `name`/`symbol`/`decimals`/`balanceOf`/`transfer` selectors plus one unknown public selector (`0x1d2bca17`). The meaningful issue is that this unknown selector appears to be an unguarded initializer/admin path reachable in runtime: it writes caller-controlled metadata and credits `msg.sender` in the balance mapping with no observable authorization check. I did not treat the detector's `CALL` finding as exploitable because the only `CALL` at `pc:0x2fb` matches the old-solc identity-precompile memcpy pattern used while returning dynamic strings, and the traced `0x04` target is consistent with that.",
"findings": [
{
"title": "Public selector `0x1d2bca17` can assign arbitrary balance to the caller",
"category": "access_control",
"evidence": "Dispatcher routes `0x1d2bca17` to `pc:0x0c1` (`pc:31-41`). That path contains no visible auth check before state writes. At `pc:0x14f-0x16b` it derives `keccak256(msg.sender, 0x04)` and executes `SSTORE`, so a calldata-derived value is written into the caller's balance slot. The spend path for `transfer` starts at `pc:0x277`; it reads the same `keccak256(msg.sender, 0x04)` mapping at `pc:0x299` and the recipient mapping at `pc:0x2b5`, then updates balances at `pc:0x37f` and `pc:0x38f` and emits the standard `Transfer` topic at `pc:0x399-0x3c3`. This is strong bytecode evidence of an unguarded mint/balance-setter reachable at runtime.",
"severity": "critical",
"locations": [
"selector:0x1d2bca17",
"selector:0xa9059cbb",
"pc:0x0c1",
"pc:0x14f",
"pc:0x16b",
"pc:0x277",
"pc:0x299",
"pc:0x37f",
"pc:0x38f"
],
"recommendation": "Remove or strictly gate this selector with explicit authorization, or move one-time initialization into constructor/immutable deployment code. If the intent is minting, enforce minter roles and update all supply/accounting variables consistently.",
"exploit_scenario": "An attacker calls selector `0x1d2bca17` with crafted calldata so the amount-like argument is set to any desired value. The function hashes `CALLER` with storage slot `0x04` and performs `SSTORE`, crediting the caller in the same mapping later enforced by `transfer(0xa9059cbb)`. The attacker can then use `transfer` to move the forged balance to other accounts or liquidity venues."
},
{
"title": "Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`)",
"category": "auth",
"evidence": "Standard selector inference is best-effort, but `0x06fdde03`, `0x95d89b41`, and `0x313ce567` are the canonical ERC20 metadata selectors. Their read paths load slot `0x00` (`pc:0x63-0xC0`), slot `0x01` (`pc:0x218-0x276`), and the low byte of slot `0x02` (`pc:0x1eb-0x1f6`). The mutable selector `0x1d2bca17` reaches helper writers that store dynamic data and a packed byte into those same slots: packed write into slot `0x02` at `pc:0x3c7-0x3d5`, plus dynamic-storage write helpers at `pc:0x3db-0x40a` and `pc:0x468-0x497`, which are the matching old-solc routines for bytes/string storage used by the slot-0/slot-1 getters.",
"severity": "medium",
"locations": [
"selector:0x1d2bca17",
"selector:0x06fdde03",
"selector:0x95d89b41",
"selector:0x313ce567",
"pc:0x1eb",
"pc:0x218",
"pc:0x3c7",
"pc:0x3db",
"pc:0x468"
],
"recommendation": "Make metadata immutable after deployment, or restrict any metadata-update path to a trusted admin plus an explicit one-time/paused governance flow. If mutability is required, emit dedicated events and document the trust model clearly.",
"exploit_scenario": "A caller invokes `0x1d2bca17` after deployment and overwrites the storage later returned by standard ERC20 metadata selectors. Wallets, explorers, bridges, and indexers can then observe a different name/symbol/decimals than the one originally deployed, causing UI spoofing and accounting confusion."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0061 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0063 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x1d2bca17 00000025: EQ 00000026: PUSH2 0x00c1 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x01eb 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x70a08231 0000003b: EQ 0000003c: PUSH2 0x01f7 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x72dd529b 00000046: EQ 00000047: PUSH2 0x020f 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x95d89b41 00000051: EQ 00000052: PUSH2 0x0218 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xa9059cbb 0000005c: EQ 0000005d: PUSH2 0x0277 00000060: JUMPI 00000061: JUMPDEST 00000062: STOP 00000063: JUMPDEST 00000064: PUSH2 0x02c5 00000067: PUSH1 0x00 00000069: DUP1 0000006a: SLOAD 0000006b: PUSH1 0x40 0000006d: DUP1 0000006e: MLOAD 0000006f: PUSH1 0x20 00000071: PUSH1 0x02 00000073: PUSH1 0x01 00000075: DUP6 00000076: AND 00000077: ISZERO 00000078: PUSH2 0x0100 0000007b: MUL 0000007c: PUSH1 0x00 0000007e: NOT 0000007f: ADD 00000080: SWAP1 00000081: SWAP5 00000082: AND 00000083: SWAP4 00000084: SWAP1 00000085: SWAP4 00000086: DIV 00000087: PUSH1 0x1f 00000089: DUP2 0000008a: ADD 0000008b: DUP5 0000008c: SWAP1 0000008d: DIV 0000008e: DUP5 0000008f: MUL 00000090: DUP3 00000091: ADD 00000092: DUP5 00000093: ADD 00000094: SWAP1 00000095: SWAP3 00000096: MSTORE 00000097: DUP2 00000098: DUP2 00000099: MSTORE 0000009a: SWAP3 0000009b: SWAP2 0000009c: DUP4 0000009d: ADD 0000009e: DUP3 0000009f: DUP3 000000a0: DUP1 000000a1: ISZERO 000000a2: PUSH2 0x04c3 000000a5: JUMPI 000000a6: DUP1 000000a7: PUSH1 0x1f 000000a9: LT 000000aa: PUSH2 0x0498 000000ad: JUMPI 000000ae: PUSH2 0x0100 000000b1: DUP1 000000b2: DUP4 000000b3: SLOAD 000000b4: DIV 000000b5: MUL 000000b6: DUP4 000000b7: MSTORE 000000b8: SWAP2 000000b9: PUSH1 0x20 000000bb: ADD 000000bc: SWAP2 000000bd: PUSH2 0x04c3 000000c0: JUMP 000000c1: JUMPDEST 000000c2: PUSH1 0x40 000000c4: DUP1 000000c5: MLOAD 000000c6: PUSH1 0x20 000000c8: PUSH1 0x24 000000ca: DUP1 000000cb: CALLDATALOAD 000000cc: PUSH1 0x04 000000ce: DUP2 000000cf: DUP2 000000d0: ADD 000000d1: CALLDATALOAD 000000d2: PUSH1 0x1f 000000d4: DUP2 000000d5: ADD 000000d6: DUP6 000000d7: SWAP1 000000d8: DIV 000000d9: DUP6 000000da: MUL 000000db: DUP7 000000dc: ADD 000000dd: DUP6 000000de: ADD 000000df: SWAP1 000000e0: SWAP7 000000e1: MSTORE 000000e2: DUP6 000000e3: DUP6 000000e4: MSTORE 000000e5: PUSH2 0x0061 000000e8: SWAP6 000000e9: DUP2 000000ea: CALLDATALOAD 000000eb: SWAP6 000000ec: SWAP2 000000ed: SWAP5 000000ee: PUSH1 0x44 000000f0: SWAP5 000000f1: SWAP3 000000f2: SWAP4 000000f3: SWAP1 000000f4: SWAP3 000000f5: ADD 000000f6: SWAP2 000000f7: DUP2 000000f8: SWAP1 000000f9: DUP5 000000fa: ADD 000000fb: DUP4 000000fc: DUP3 000000fd: DUP1 000000fe: DUP3 000000ff: DUP5 00000100: CALLDATACOPY 00000101: POP 00000102: POP 00000103: PUSH1 0x40 00000105: DUP1 00000106: MLOAD 00000107: PUSH1 0x20 00000109: PUSH1 0x64 0000010b: CALLDATALOAD 0000010c: DUP1 0000010d: DUP12 0000010e: ADD 0000010f: CALLDATALOAD 00000110: PUSH1 0x1f 00000112: DUP2 00000113: ADD 00000114: DUP4 00000115: SWAP1 00000116: DIV 00000117: DUP4 00000118: MUL 00000119: DUP5 0000011a: ADD 0000011b: DUP4 0000011c: ADD 0000011d: SWAP1 0000011e: SWAP5 0000011f: MSTORE 00000120: DUP4 00000121: DUP4 00000122: MSTORE 00000123: SWAP8 00000124: SWAP10 00000125: SWAP9 00000126: CALLDATALOAD 00000127: SWAP9 00000128: SWAP8 00000129: PUSH1 0x84 0000012b: SWAP8 0000012c: POP 0000012d: SWAP2 0000012e: SWAP6 0000012f: POP 00000130: PUSH1 0x24 00000132: SWAP2 00000133: SWAP1 00000134: SWAP2 00000135: ADD 00000136: SWAP4 00000137: POP 00000138: SWAP1 00000139: SWAP2 0000013a: POP 0000013b: DUP2 0000013c: SWAP1 0000013d: DUP5 0000013e: ADD 0000013f: DUP4 00000140: DUP3 00000141: DUP1 00000142: DUP3 00000143: DUP5 00000144: CALLDATACOPY 00000145: POP 00000146: SWAP5 00000147: SWAP7 00000148: POP 00000149: POP 0000014a: POP 0000014b: POP 0000014c: POP 0000014d: POP 0000014e: POP 0000014f: PUSH1 0x01 00000151: PUSH1 0xa0 00000153: PUSH1 0x02 00000155: EXP 00000156: SUB 00000157: CALLER 00000158: AND 00000159: PUSH1 0x00 0000015b: SWAP1 0000015c: DUP2 0000015d: MSTORE 0000015e: PUSH1 0x04 00000160: PUSH1 0x20 00000162: SWAP1 00000163: DUP2 00000164: MSTORE 00000165: PUSH1 0x40 00000167: DUP3 00000168: KECCAK256 00000169: DUP7 0000016a: SWAP1 0000016b: SSTORE 0000016c: DUP2 0000016d: SLOAD 0000016e: DUP6 0000016f: MLOAD 00000170: DUP4 00000171: DUP1 00000172: MSTORE 00000173: PUSH1 0x02 00000175: PUSH1 0x01 00000177: DUP4 00000178: AND 00000179: ISZERO 0000017a: PUSH2 0x0100 0000017d: MUL 0000017e: PUSH1 0x00 00000180: NOT 00000181: ADD 00000182: SWAP1 00000183: SWAP3 00000184: AND 00000185: SWAP2 00000186: SWAP1 00000187: SWAP2 00000188: DIV 00000189: PUSH1 0x1f 0000018b: SWAP1 0000018c: DUP2 0000018d: ADD 0000018e: DUP4 0000018f: SWAP1 00000190: DIV 00000191: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563 000001b2: SWAP1 000001b3: DUP2 000001b4: ADD 000001b5: SWAP4 000001b6: SWAP1 000001b7: SWAP2 000001b8: SWAP1 000001b9: DUP9 000001ba: ADD 000001bb: SWAP1 000001bc: DUP4 000001bd: SWAP1 000001be: LT 000001bf: PUSH2 0x03db 000001c2: JUMPI 000001c3: DUP1 000001c4: MLOAD 000001c5: PUSH1 0xff 000001c7: NOT 000001c8: AND 000001c9: DUP4 000001ca: DUP1 000001cb: ADD 000001cc: OR 000001cd: DUP6 000001ce: SSTORE 000001cf: JUMPDEST 000001d0: POP 000001d1: PUSH2 0x040b 000001d4: SWAP3 000001d5: SWAP2 000001d6: POP 000001d7: JUMPDEST 000001d8: DUP1 000001d9: DUP3 000001da: GT 000001db: ISZERO 000001dc: PUSH2 0x0464 000001df: JUMPI 000001e0: PUSH1 0x00 000001e2: DUP2 000001e3: SSTORE 000001e4: PUSH1 0x01 000001e6: ADD 000001e7: PUSH2 0x01d7 000001ea: JUMP 000001eb: JUMPDEST 000001ec: PUSH2 0x0333 000001ef: PUSH1 0x02 000001f1: SLOAD 000001f2: PUSH1 0xff 000001f4: AND 000001f5: DUP2 000001f6: JUMP 000001f7: JUMPDEST 000001f8: PUSH2 0x034a 000001fb: PUSH1 0x04 000001fd: CALLDATALOAD 000001fe: PUSH1 0x04 00000200: PUSH1 0x20 00000202: MSTORE 00000203: PUSH1 0x00 00000205: SWAP1 00000206: DUP2 00000207: MSTORE 00000208: PUSH1 0x40 0000020a: SWAP1 0000020b: KECCAK256 0000020c: SLOAD 0000020d: DUP2 0000020e: JUMP 0000020f: JUMPDEST 00000210: PUSH2 0x034a 00000213: PUSH1 0x03 00000215: SLOAD 00000216: DUP2 00000217: JUMP 00000218: JUMPDEST 00000219: PUSH2 0x02c5 0000021c: PUSH1 0x01 0000021e: DUP1 0000021f: SLOAD 00000220: PUSH1 0x40 00000222: DUP1 00000223: MLOAD 00000224: PUSH1 0x20 00000226: PUSH1 0x1f 00000228: PUSH1 0x02 0000022a: PUSH1 0x00 0000022c: NOT 0000022d: PUSH2 0x0100 00000230: DUP8 00000231: DUP10 00000232: AND 00000233: ISZERO 00000234: MUL 00000235: ADD 00000236: SWAP1 00000237: SWAP6 00000238: AND 00000239: SWAP5 0000023a: SWAP1 0000023b: SWAP5 0000023c: DIV 0000023d: SWAP4 0000023e: DUP5 0000023f: ADD 00000240: DUP2 00000241: SWAP1 00000242: DIV 00000243: DUP2 00000244: MUL 00000245: DUP3 00000246: ADD 00000247: DUP2 00000248: ADD 00000249: SWAP1 0000024a: SWAP3 0000024b: MSTORE 0000024c: DUP3 0000024d: DUP2 0000024e: MSTORE 0000024f: SWAP3 00000250: SWAP2 00000251: SWAP1 00000252: DUP4 00000253: ADD 00000254: DUP3 00000255: DUP3 00000256: DUP1 00000257: ISZERO 00000258: PUSH2 0x04c3 0000025b: JUMPI 0000025c: DUP1 0000025d: PUSH1 0x1f 0000025f: LT 00000260: PUSH2 0x0498 00000263: JUMPI 00000264: PUSH2 0x0100 00000267: DUP1 00000268: DUP4 00000269: SLOAD 0000026a: DIV 0000026b: MUL 0000026c: DUP4 0000026d: MSTORE 0000026e: SWAP2 0000026f: PUSH1 0x20 00000271: ADD 00000272: SWAP2 00000273: PUSH2 0x04c3 00000276: JUMP 00000277: JUMPDEST 00000278: PUSH2 0x0061 0000027b: PUSH1 0x04 0000027d: CALLDATALOAD 0000027e: PUSH1 0x24 00000280: CALLDATALOAD 00000281: PUSH1 0x01 00000283: PUSH1 0xa0 00000285: PUSH1 0x02 00000287: EXP 00000288: SUB 00000289: CALLER 0000028a: AND 0000028b: PUSH1 0x00 0000028d: SWAP1 0000028e: DUP2 0000028f: MSTORE 00000290: PUSH1 0x04 00000292: PUSH1 0x20 00000294: MSTORE 00000295: PUSH1 0x40 00000297: SWAP1 00000298: KECCAK256 00000299: SLOAD 0000029a: DUP2 0000029b: SWAP1 0000029c: LT 0000029d: DUP1 0000029e: PUSH2 0x02bb 000002a1: JUMPI 000002a2: POP 000002a3: PUSH1 0x01 000002a5: PUSH1 0xa0 000002a7: PUSH1 0x02 000002a9: EXP 000002aa: SUB 000002ab: DUP3 000002ac: AND 000002ad: PUSH1 0x00 000002af: SWAP1 000002b0: DUP2 000002b1: MSTORE 000002b2: PUSH1 0x40 000002b4: SWAP1 000002b5: KECCAK256 000002b6: SLOAD 000002b7: DUP2 000002b8: DUP2 000002b9: ADD 000002ba: LT 000002bb: JUMPDEST 000002bc: ISZERO 000002bd: PUSH2 0x035c 000002c0: JUMPI 000002c1: PUSH2 0x0002 000002c4: JUMP 000002c5: JUMPDEST 000002c6: PUSH1 0x40 000002c8: MLOAD 000002c9: DUP1 000002ca: DUP1 000002cb: PUSH1 0x20 000002cd: ADD 000002ce: DUP3 000002cf: DUP2 000002d0: SUB 000002d1: DUP3 000002d2: MSTORE 000002d3: DUP4 000002d4: DUP2 000002d5: DUP2 000002d6: MLOAD 000002d7: DUP2 000002d8: MSTORE 000002d9: PUSH1 0x20 000002db: ADD 000002dc: SWAP2 000002dd: POP 000002de: DUP1 000002df: MLOAD 000002e0: SWAP1 000002e1: PUSH1 0x20 000002e3: ADD 000002e4: SWAP1 000002e5: DUP1 000002e6: DUP4 000002e7: DUP4 000002e8: DUP3 000002e9: SWAP1 000002ea: PUSH1 0x00 000002ec: PUSH1 0x04 000002ee: PUSH1 0x20 000002f0: DUP5 000002f1: PUSH1 0x1f 000002f3: ADD 000002f4: DIV 000002f5: PUSH1 0x0f 000002f7: MUL 000002f8: PUSH1 0x03 000002fa: ADD 000002fb: CALL 000002fc: POP 000002fd: SWAP1 000002fe: POP 000002ff: SWAP1 00000300: DUP2 00000301: ADD 00000302: SWAP1 00000303: PUSH1 0x1f 00000305: AND 00000306: DUP1 00000307: ISZERO 00000308: PUSH2 0x0325 0000030b: JUMPI 0000030c: DUP1 0000030d: DUP3 0000030e: SUB 0000030f: DUP1 00000310: MLOAD 00000311: PUSH1 0x01 00000313: DUP4 00000314: PUSH1 0x20 00000316: SUB 00000317: PUSH2 0x0100 0000031a: EXP 0000031b: SUB 0000031c: NOT 0000031d: AND 0000031e: DUP2 0000031f: MSTORE 00000320: PUSH1 0x20 00000322: ADD 00000323: SWAP2 00000324: POP 00000325: JUMPDEST 00000326: POP 00000327: SWAP3 00000328: POP 00000329: POP 0000032a: POP 0000032b: PUSH1 0x40 0000032d: MLOAD 0000032e: DUP1 0000032f: SWAP2 00000330: SUB 00000331: SWAP1 00000332: RETURN 00000333: JUMPDEST 00000334: PUSH1 0x40 00000336: DUP1 00000337: MLOAD 00000338: PUSH1 0xff 0000033a: SWAP3 0000033b: SWAP1 0000033c: SWAP3 0000033d: AND 0000033e: DUP3 0000033f: MSTORE 00000340: MLOAD 00000341: SWAP1 00000342: DUP2 00000343: SWAP1 00000344: SUB 00000345: PUSH1 0x20 00000347: ADD 00000348: SWAP1 00000349: RETURN 0000034a: JUMPDEST 0000034b: PUSH1 0x40 0000034d: DUP1 0000034e: MLOAD 0000034f: SWAP2 00000350: DUP3 00000351: MSTORE 00000352: MLOAD 00000353: SWAP1 00000354: DUP2 00000355: SWAP1 00000356: SUB 00000357: PUSH1 0x20 00000359: ADD 0000035a: SWAP1 0000035b: RETURN 0000035c: JUMPDEST 0000035d: PUSH1 0x01 0000035f: PUSH1 0xa0 00000361: PUSH1 0x02 00000363: EXP 00000364: SUB 00000365: CALLER 00000366: DUP2 00000367: AND 00000368: PUSH1 0x00 0000036a: DUP2 0000036b: DUP2 0000036c: MSTORE 0000036d: PUSH1 0x04 0000036f: PUSH1 0x20 00000371: SWAP1 00000372: DUP2 00000373: MSTORE 00000374: PUSH1 0x40 00000376: DUP1 00000377: DUP4 00000378: KECCAK256 00000379: DUP1 0000037a: SLOAD 0000037b: DUP8 0000037c: SWAP1 0000037d: SUB 0000037e: SWAP1 0000037f: SSTORE 00000380: SWAP4 00000381: DUP7 00000382: AND 00000383: DUP1 00000384: DUP4 00000385: MSTORE 00000386: SWAP2 00000387: DUP5 00000388: SWAP1 00000389: KECCAK256 0000038a: DUP1 0000038b: SLOAD 0000038c: DUP7 0000038d: ADD 0000038e: SWAP1 0000038f: SSTORE 00000390: DUP4 00000391: MLOAD 00000392: DUP6 00000393: DUP2 00000394: MSTORE 00000395: SWAP4 00000396: MLOAD 00000397: SWAP2 00000398: SWAP4 00000399: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000003ba: SWAP3 000003bb: SWAP1 000003bc: DUP2 000003bd: SWAP1 000003be: SUB 000003bf: SWAP1 000003c0: SWAP2 000003c1: ADD 000003c2: SWAP1 000003c3: LOG3 000003c4: POP 000003c5: POP 000003c6: JUMP 000003c7: JUMPDEST 000003c8: POP 000003c9: POP 000003ca: PUSH1 0x02 000003cc: DUP1 000003cd: SLOAD 000003ce: PUSH1 0xff 000003d0: NOT 000003d1: AND 000003d2: DUP4 000003d3: OR 000003d4: SWAP1 000003d5: SSTORE 000003d6: POP 000003d7: POP 000003d8: POP 000003d9: POP 000003da: JUMP 000003db: JUMPDEST 000003dc: DUP3 000003dd: DUP1 000003de: ADD 000003df: PUSH1 0x01 000003e1: ADD 000003e2: DUP6 000003e3: SSTORE 000003e4: DUP3 000003e5: ISZERO 000003e6: PUSH2 0x01cf 000003e9: JUMPI 000003ea: SWAP2 000003eb: DUP3 000003ec: ADD 000003ed: JUMPDEST 000003ee: DUP3 000003ef: DUP2 000003f0: GT 000003f1: ISZERO 000003f2: PUSH2 0x01cf 000003f5: JUMPI 000003f6: DUP3 000003f7: MLOAD 000003f8: DUP3 000003f9: PUSH1 0x00 000003fb: POP 000003fc: SSTORE 000003fd: SWAP2 000003fe: PUSH1 0x20 00000400: ADD 00000401: SWAP2 00000402: SWAP1 00000403: PUSH1 0x01 00000405: ADD 00000406: SWAP1 00000407: PUSH2 0x03ed 0000040a: JUMP 0000040b: JUMPDEST 0000040c: POP 0000040d: POP 0000040e: DUP1 0000040f: PUSH1 0x01 00000411: PUSH1 0x00 00000413: POP 00000414: SWAP1 00000415: DUP1 00000416: MLOAD 00000417: SWAP1 00000418: PUSH1 0x20 0000041a: ADD 0000041b: SWAP1 0000041c: DUP3 0000041d: DUP1 0000041e: SLOAD 0000041f: PUSH1 0x01 00000421: DUP2 00000422: PUSH1 0x01 00000424: AND 00000425: ISZERO 00000426: PUSH2 0x0100 00000429: MUL 0000042a: SUB 0000042b: AND 0000042c: PUSH1 0x02 0000042e: SWAP1 0000042f: DIV 00000430: SWAP1 00000431: PUSH1 0x00 00000433: MSTORE 00000434: PUSH1 0x20 00000436: PUSH1 0x00 00000438: KECCAK256 00000439: SWAP1 0000043a: PUSH1 0x1f 0000043c: ADD 0000043d: PUSH1 0x20 0000043f: SWAP1 00000440: DIV 00000441: DUP2 00000442: ADD 00000443: SWAP3 00000444: DUP3 00000445: PUSH1 0x1f 00000447: LT 00000448: PUSH2 0x0468 0000044b: JUMPI 0000044c: DUP1 0000044d: MLOAD 0000044e: PUSH1 0xff 00000450: NOT 00000451: AND 00000452: DUP4 00000453: DUP1 00000454: ADD 00000455: OR 00000456: DUP6 00000457: SSTORE 00000458: JUMPDEST 00000459: POP 0000045a: PUSH2 0x03c7 0000045d: SWAP3 0000045e: SWAP2 0000045f: POP 00000460: PUSH2 0x01d7 00000463: JUMP 00000464: JUMPDEST 00000465: POP 00000466: SWAP1 00000467: JUMP 00000468: JUMPDEST 00000469: DUP3 0000046a: DUP1 0000046b: ADD 0000046c: PUSH1 0x01 0000046e: ADD 0000046f: DUP6 00000470: SSTORE 00000471: DUP3 00000472: ISZERO 00000473: PUSH2 0x0458 00000476: JUMPI 00000477: SWAP2 00000478: DUP3 00000479: ADD 0000047a: JUMPDEST 0000047b: DUP3 0000047c: DUP2 0000047d: GT 0000047e: ISZERO 0000047f: PUSH2 0x0458 00000482: JUMPI 00000483: DUP3 00000484: MLOAD 00000485: DUP3 00000486: PUSH1 0x00 00000488: POP 00000489: SSTORE 0000048a: SWAP2 0000048b: PUSH1 0x20 0000048d: ADD 0000048e: SWAP2 0000048f: SWAP1 00000490: PUSH1 0x01 00000492: ADD 00000493: SWAP1 00000494: PUSH2 0x047a 00000497: JUMP 00000498: JUMPDEST 00000499: DUP3 0000049a: ADD 0000049b: SWAP2 0000049c: SWAP1 0000049d: PUSH1 0x00 0000049f: MSTORE 000004a0: PUSH1 0x20 000004a2: PUSH1 0x00 000004a4: KECCAK256 000004a5: SWAP1 000004a6: JUMPDEST 000004a7: DUP2 000004a8: SLOAD 000004a9: DUP2 000004aa: MSTORE 000004ab: SWAP1 000004ac: PUSH1 0x01 000004ae: ADD 000004af: SWAP1 000004b0: PUSH1 0x20 000004b2: ADD 000004b3: DUP1 000004b4: DUP4 000004b5: GT 000004b6: PUSH2 0x04a6 000004b9: JUMPI 000004ba: DUP3 000004bb: SWAP1 000004bc: SUB 000004bd: PUSH1 0x1f 000004bf: AND 000004c0: DUP3 000004c1: ADD 000004c2: SWAP2 000004c3: JUMPDEST 000004c4: POP 000004c5: POP 000004c6: POP 000004c7: POP 000004c8: POP 000004c9: DUP2 000004ca: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | access_control | codex | Public selector `0x1d2bca17` can assign arbitrary balance to the caller | 90 | no | — |
viewevidence_json{
"evidence": "Dispatcher routes `0x1d2bca17` to `pc:0x0c1` (`pc:31-41`). That path contains no visible auth check before state writes. At `pc:0x14f-0x16b` it derives `keccak256(msg.sender, 0x04)` and executes `SSTORE`, so a calldata-derived value is written into the caller's balance slot. The spend path for `transfer` starts at `pc:0x277`; it reads the same `keccak256(msg.sender, 0x04)` mapping at `pc:0x299` and the recipient mapping at `pc:0x2b5`, then updates balances at `pc:0x37f` and `pc:0x38f` and emits the standard `Transfer` topic at `pc:0x399-0x3c3`. This is strong bytecode evidence of an unguarded mint/balance-setter reachable at runtime.",
"locations": [
"selector:0x1d2bca17",
"selector:0xa9059cbb",
"pc:0x0c1",
"pc:0x14f",
"pc:0x16b",
"pc:0x277",
"pc:0x299",
"pc:0x37f",
"pc:0x38f"
],
"recommendation": "Remove or strictly gate this selector with explicit authorization, or move one-time initialization into constructor/immutable deployment code. If the intent is minting, enforce minter roles and update all supply/accounting variables consistently.",
"exploit_scenario": "An attacker calls selector `0x1d2bca17` with crafted calldata so the amount-like argument is set to any desired value. The function hashes `CALLER` with storage slot `0x04` and performs `SSTORE`, crediting the caller in the same mapping later enforced by `transfer(0xa9059cbb)`. The attacker can then use `transfer` to move the forged balance to other accounts or liquidity venues."
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8
call_targets:
0x0000000000000000000000000000000000000004, 0x5fb7f726249ded65635bcebda9b292b026088a87
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x5fb7f726249ded65635bcebda9b292b026088a87"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1d2bca17",
"selector": "0x1d2bca17",
"calldata_variants": [
"0x1d2bca17",
"0x1d2bca170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x72dd529b",
"selector": "0x72dd529b",
"calldata_variants": [
"0x72dd529b",
"0x72dd529b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 763,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8
call_targets:
0x0000000000000000000000000000000000000004, 0x5fb7f726249ded65635bcebda9b292b026088a87
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xafc4c6f3e40721d8822258c68b2daa3ba76e4e2c22f18350e95ec49872a49db8",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x5fb7f726249ded65635bcebda9b292b026088a87"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1d2bca17",
"selector": "0x1d2bca17",
"calldata_variants": [
"0x1d2bca17",
"0x1d2bca170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x72dd529b",
"selector": "0x72dd529b",
"calldata_variants": [
"0x72dd529b",
"0x72dd529b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 763,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| medium | auth | codex | Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`) | 75 | no | — |
viewevidence_json{
"evidence": "Standard selector inference is best-effort, but `0x06fdde03`, `0x95d89b41`, and `0x313ce567` are the canonical ERC20 metadata selectors. Their read paths load slot `0x00` (`pc:0x63-0xC0`), slot `0x01` (`pc:0x218-0x276`), and the low byte of slot `0x02` (`pc:0x1eb-0x1f6`). The mutable selector `0x1d2bca17` reaches helper writers that store dynamic data and a packed byte into those same slots: packed write into slot `0x02` at `pc:0x3c7-0x3d5`, plus dynamic-storage write helpers at `pc:0x3db-0x40a` and `pc:0x468-0x497`, which are the matching old-solc routines for bytes/string storage used by the slot-0/slot-1 getters.",
"locations": [
"selector:0x1d2bca17",
"selector:0x06fdde03",
"selector:0x95d89b41",
"selector:0x313ce567",
"pc:0x1eb",
"pc:0x218",
"pc:0x3c7",
"pc:0x3db",
"pc:0x468"
],
"recommendation": "Make metadata immutable after deployment, or restrict any metadata-update path to a trusted admin plus an explicit one-time/paused governance flow. If mutability is required, emit dedicated events and document the trust model clearly.",
"exploit_scenario": "A caller invokes `0x1d2bca17` after deployment and overwrites the storage later returned by standard ERC20 metadata selectors. Wallets, explorers, bridges, and indexers can then observe a different name/symbol/decimals than the one originally deployed, causing UI spoofing and accounting confusion."
}
|