019b3836-3c58-7035-a958-137635a8c9c1
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 4543 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 4544 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 48344 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 48345 | capability.graph | complete | 1 / 3 | 1 week ago |
| 48346 | detector.run | complete | 1 / 3 | 1 week ago |
| 48347 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113289 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Reviewed BYTECODE_BUNDLE.json. The runtime matches an old non-proxy token-style contract with selectors consistent with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. The only observed `CALL` at `pc:0x1a7` is most consistent with the old Solidity string-copy helper calling precompile `0x04`, so I did not treat the detector's untrusted-CALL alert as a confirmed exploitable sink. The meaningful bytecode-backed risks are legacy calldata decoding in `transfer` and acceptance of ETH on the fallback path.","findings":[{"severity":"medium","category":"other","title":"`transfer` decodes calldata without a length check","exploit_scenario":"Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. Its entry path reads the recipient and amount directly from calldata. If an integration or user submits malformed short calldata, missing bytes are zero-padded by `CALLDATALOAD`, which can change the decoded recipient/amount pair. This is the classic short-calldata/short-address class of ERC20 issue and can cause unintended token transfers when upstream callers do not strictly ABI-encode inputs.","recommendation":"If this code is upgradeable, add an explicit `calldatasize >= 68` check before decoding `transfer` arguments, or route calls through a modern ABI decoder that reverts on malformed calldata. If it is immutable, document that only standard ABI-encoded calls are safe and avoid integrating through systems that may emit truncated calldata.","evidence":"The dispatcher only matches the 4-byte selector, then the `transfer` path begins at `pc:0x123` and immediately executes `CALLDATALOAD` for argument 1 at `pc:0x127` and argument 2 at `pc:0x12c`. There is no visible `CALLDATASIZE` guard in the function body before those loads, and failed cases revert only after balance/overflow logic.","locations":["selector:0xa9059cbb","pc:0x123","pc:0x127","pc:0x12c"]},{"severity":"low","category":"other","title":"Fallback path appears to accept ETH and likely traps it permanently","exploit_scenario":"A plain ETH transfer or a call with an unknown selector can hit the fallback path and succeed instead of reverting. Because the analyzed bytecode exposes no obvious withdrawal or rescue function, ETH sent to this contract is likely unrecoverable. Users can also attach ETH to token method calls on this legacy bytecode, causing the token action to proceed while the ETH remains stuck.","recommendation":"If the contract is upgradeable, make the fallback/receive path revert on nonzero `msg.value` or add an explicit recovery mechanism. If it is immutable, operational guidance should state that no ETH must ever be sent to this address.","evidence":"The selector jump table falls through to a `STOP` at `pc:0x45` for unmatched calls, and there is no visible `CALLVALUE` check in the dispatcher or token entry paths. The artifact marks `is_proxy=false`, and the exposed selectors do not include an obvious admin or withdrawal routine. The only `CALL` in the runtime is the old Solidity string helper around `pc:0x1a7`, not a general ETH-withdraw path.","locations":["pc:0x0","pc:0x45","pc:0x1a7"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-o9ngr52t
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c2a-1e22-7071-88ae-3ea3cad345f8
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-o9ngr52t
succeeded in 0ms:
/tmp/codex-o9ngr52t
exec
/bin/bash -lc 'rg --files' in /tmp/codex-o9ngr52t
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x9b1e3948d22a1a56b2c49154c8768b3826d565dc",
"artifact_hash": "0xff66b52ab72621c0811f0b0776659bee4592040493e489fb493cb83fe07354c1",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 25
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 36
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 47
},
{
"end_pc": 68,
"hash": "0x3a122683470ea7901e31e80e6378780a829a06da64b04e691b5d5c5621392507",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 58
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 69
},
{
"end_pc": 136,
"hash": "0xf40449b02dac3d8f47855034813de568b98c652f9830a133b3073a9873212a05",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 71
},
{
"end_pc": 144,
"hash": "0x7a355623b8b883b4699f46760b468c692676e190c7e929634fc8cc91b960e828",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 137
},
{
"end_pc": 163,
"hash": "0xecf2c5af628c9d14e5484dd92b242b3443b71f5fbb56ef3bb6d6ecc43488b865",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 145
},
{
"end_pc": 175,
"hash": "0xf62eccf39e21b0e7c82cfcb3b9161109c9cde5dd5c779dfdf9d7973b15a1f6f4",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 164
},
{
"end_pc": 199,
"hash": "0x05f97e1fd71d0e615e61d36d6d9fc9f3a8acf10fd5fb739c2455360490997f41",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 176
},
{
"end_pc": 263,
"hash": "0x3b9a3c0e7fbbf4ecb17a787b5a04fc83590949a51a6fd3d3f767311abf7a0c87",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_85",
"OP_87",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_93",
"AND",
"OP_92",
"OP_90",
"OP_92",
"DIV",
"OP_91",
"OP_82",
"ADD",
"OP_81",
"OP_90",
"DIV",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 200
},
{
"end_pc": 271,
"hash": "0x7090146e9b5fc2309802dbb79ccb9ee86583359c5c3be96451826d65ecdc85ad",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 264
},
{
"end_pc": 290,
"hash": "0x10fb4a62e31f9d523fba9e254b0a1cdf4088252f3ab9207bbb88b56ad78999f5",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 272
},
{
"end_pc": 333,
"hash": "0xd2efc930fda1fda27663cef7ff064d3b5644e25c73944457c5b247a2a2b5ebc0",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"OP_80",
"PUSH2",
"JUMPI"
],
"start_pc": 291
},
{
"end_pc": 358,
"hash": "0x0cb281f02dafac7bc5747ea2ef6cc0ac9cd79b706be48c09434fe236d62304c0",
"opcodes": [
"POP",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT"
],
"start_pc": 334
},
{
"end_pc": 364,
"hash": "0x4814088d1abceba7bce3d4b5b89f161d17c093265433f37367be8adf0dc5d9aa",
"opcodes": [
"JUMPDEST",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 359
},
{
"end_pc": 368,
"hash": "0xac36dca57ddb5fc789957ffad51730f7f53229ca3982b5d74ea2101757b9905f",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 365
},
{
"end_pc": 439,
"hash": "0x4a2fafd97023c8a8f31f1ac7c9d6df99ecfea6a6c1f4b93506db3ef9cb749e5e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 369
},
{
"end_pc": 464,
"hash": "0xebb6ccfb60657a2ed3d1a377dfa457bf2b13b45b75c03c3302572d286824ebdf",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 440
},
{
"end_pc": 478,
"hash": "0xd8b1d5b723eaa7895bcb21e965231688c1662a1902dec4aabd2354f749c4df07",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 465
},
{
"end_pc": 488,
"hash": "0x672c26154dc00d7172790e8e1de59fd7d9ca445474687406424f70df4450fe25",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 479
},
{
"end_pc": 502,
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
"hash": "0x7bde65d6a9816da073cced29f6f34d22c241ed00ffe7e5bdc351d09cf32af2b7",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 489
},
{
"end_pc": 522,
"hash": "0xe65d9d6443f3a673e82c38fd7dd0017f03525f100e05bc5fcf0baddb948cdeb4",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 503
},
{
"end_pc": 531,
"hash": "0xaa71a205054de33589ec835473fdc578d8c5d518fbca97c609b111c4b5d7237f",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 523
},
{
"end_pc": 539,
"hash": "0xb6701d2440ac796fa26fd00c5144c1da1ea113aa11d54563da929fd75db3e96a",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 532
},
{
"end_pc": 712,
"hash": "0x1bf824d37500e40fbaa54fddc78cc7c83681f362412140bde6c660277afad52a",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 540
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
"from": "bb:137",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:264",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:272",
"type": "control_flow_fallthrough"
},
{
"from": "bb:272",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:359",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:334",
"type": "control_flow_fallthrough"
},
{
"from": "bb:334",
"to": "bb:359",
"type": "control_flow_fallthrough"
},
{
"from": "bb:359",
"to": "bb:540",
"type": "control_flow"
},
{
"from": "bb:359",
"to": "bb:365",
"type": "control_flow_fallthrough"
},
{
"from": "bb:369",
"to": "bb:465",
"type": "control_flow"
},
{
"from": "bb:369",
"to": "bb:440",
"type": "control_flow_fallthrough"
},
{
"from": "bb:440",
"to": "bb:465",
"type": "control_flow_fallthrough"
},
{
"from": "bb:489",
"to": "bb:503",
"type": "control_flow_fallthrough"
},
{
"from": "bb:503",
"to": "bb:503",
"type": "control_flow"
},
{
"from": "bb:503",
"to": "bb:523",
"type": "control_flow_fallthrough"
},
{
"from": "bb:523",
"to": "bb:532",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x62bc9d91060a7d906e3ed62fa92d1796a7bd561a18943a9a9e8c6074c19a14b8",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
],
"selectors": [
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 277,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"created_at": "2026-04-04T19:58:24.000000Z",
"id": 2587,
"updated_at": "2026-04-04T19:58:24.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x9b1e3948d22a1a56b2c49154c8768b3826d565dc",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:57.000000Z",
"id": "019b3836-3c58-7035-a958-137635a8c9c1",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:58:24.000000Z"
},
"artifact": {
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
"head": null,
"length": 1428,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x9b1e3948d22a1a56b2c49154c8768b3826d565dc",
"block_number": null,
"chain_id": 1,
"codehash": "0x000d13dda2843fe929be00661f96552e3f1e851c177f0c270f65088f35b0c09b",
"created_at": "2026-04-04T19:58:24.000000Z",
"graph_hash": "0x8de325a24b2afd792ab9a468e6edee3adedaa775bc08e5d275cefe9a3b40f325",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:291",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:532",
exec
/bin/bash -lc "sed -n '1301,1700p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:264",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:489",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:272",
"type": "control_flow_fallthrough"
},
{
"from": "bb:272",
"to": "bb:532",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:359",
"type": "control_flow"
},
{
"from": "bb:291",
"to": "bb:334",
"type": "control_flow_fallthrough"
},
{
"from": "bb:334",
"to": "bb:359",
"type": "control_flow_fallthrough"
},
{
"from": "bb:359",
"to": "bb:540",
"type": "control_flow"
},
{
"from": "bb:359",
"to": "bb:365",
"type": "control_flow_fallthrough"
},
{
"from": "bb:369",
"to": "bb:465",
"type": "control_flow"
},
{
"from": "bb:369",
"to": "bb:440",
"type": "control_flow_fallthrough"
},
{
"from": "bb:440",
"to": "bb:465",
"type": "control_flow_fallthrough"
},
{
"from": "bb:489",
"to": "bb:503",
"type": "control_flow_fallthrough"
},
{
"from": "bb:503",
"to": "bb:503",
"type": "control_flow"
},
{
"from": "bb:503",
"to": "bb:523",
"type": "control_flow_fallthrough"
},
{
"from": "bb:523",
"to": "bb:532",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x313ce567",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "bb:369",
"to": "call:423",
"type": "contains"
},
{
"from": "call:423",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"id": "bb:25",
"start_pc": 25,
"type": "basic_block"
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"id": "bb:36",
"start_pc": 36,
"type": "basic_block"
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"id": "bb:47",
"start_pc": 47,
"type": "basic_block"
},
{
"end_pc": 68,
"hash": "0x3a122683470ea7901e31e80e6378780a829a06da64b04e691b5d5c5621392507",
"id": "bb:58",
"start_pc": 58,
"type": "basic_block"
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"id": "bb:69",
"start_pc": 69,
"type": "basic_block"
},
{
"end_pc": 136,
"hash": "0xf40449b02dac3d8f47855034813de568b98c652f9830a133b3073a9873212a05",
"id": "bb:71",
"start_pc": 71,
"type": "basic_block"
},
{
"end_pc": 144,
"hash": "0x7a355623b8b883b4699f46760b468c692676e190c7e929634fc8cc91b960e828",
"id": "bb:137",
"start_pc": 137,
"type": "basic_block"
},
{
"end_pc": 163,
"hash": "0xecf2c5af628c9d14e5484dd92b242b3443b71f5fbb56ef3bb6d6ecc43488b865",
"id": "bb:145",
"start_pc": 145,
"type": "basic_block"
},
{
"end_pc": 175,
"hash": "0xf62eccf39e21b0e7c82cfcb3b9161109c9cde5dd5c779dfdf9d7973b15a1f6f4",
"id": "bb:164",
"start_pc": 164,
"type": "basic_block"
},
{
"end_pc": 199,
"hash": "0x05f97e1fd71d0e615e61d36d6d9fc9f3a8acf10fd5fb739c2455360490997f41",
"id": "bb:176",
"start_pc": 176,
"type": "basic_block"
},
{
"end_pc": 263,
"hash": "0x3b9a3c0e7fbbf4ecb17a787b5a04fc83590949a51a6fd3d3f767311abf7a0c87",
"id": "bb:200",
"start_pc": 200,
"type": "basic_block"
},
{
"end_pc": 271,
"hash": "0x7090146e9b5fc2309802dbb79ccb9ee86583359c5c3be96451826d65ecdc85ad",
"id": "bb:264",
"start_pc": 264,
"type": "basic_block"
},
{
"end_pc": 290,
"hash": "0x10fb4a62e31f9d523fba9e254b0a1cdf4088252f3ab9207bbb88b56ad78999f5",
"id": "bb:272",
"start_pc": 272,
"type": "basic_block"
},
{
"end_pc": 333,
"hash": "0xd2efc930fda1fda27663cef7ff064d3b5644e25c73944457c5b247a2a2b5ebc0",
"id": "bb:291",
"start_pc": 291,
"type": "basic_block"
},
{
"end_pc": 358,
"hash": "0x0cb281f02dafac7bc5747ea2ef6cc0ac9cd79b706be48c09434fe236d62304c0",
"id": "bb:334",
"start_pc": 334,
"type": "basic_block"
},
{
"end_pc": 364,
"hash": "0x4814088d1abceba7bce3d4b5b89f161d17c093265433f37367be8adf0dc5d9aa",
"id": "bb:359",
"start_pc": 359,
"type": "basic_block"
},
{
"end_pc": 368,
"hash": "0xac36dca57ddb5fc789957ffad51730f7f53229ca3982b5d74ea2101757b9905f",
"id": "bb:365",
"start_pc": 365,
"type": "basic_block"
},
{
"end_pc": 439,
"hash": "0x4a2fafd97023c8a8f31f1ac7c9d6df99ecfea6a6c1f4b93506db3ef9cb749e5e",
"id": "bb:369",
"start_pc": 369,
"type": "basic_block"
},
{
"end_pc": 464,
"hash": "0xebb6ccfb60657a2ed3d1a377dfa457bf2b13b45b75c03c3302572d286824ebdf",
"id": "bb:440",
"start_pc": 440,
"type": "basic_block"
},
{
"end_pc": 478,
"hash": "0xd8b1d5b723eaa7895bcb21e965231688c1662a1902dec4aabd2354f749c4df07",
"id": "bb:465",
"start_pc": 465,
"type": "basic_block"
},
{
"end_pc": 488,
"hash": "0x672c26154dc00d7172790e8e1de59fd7d9ca445474687406424f70df4450fe25",
"id": "bb:479",
"start_pc": 479,
"type": "basic_block"
},
{
"end_pc": 502,
"hash": "0x7bde65d6a9816da073cced29f6f34d22c241ed00ffe7e5bdc351d09cf32af2b7",
"id": "bb:489",
"start_pc": 489,
"type": "basic_block"
},
{
"end_pc": 522,
"hash": "0xe65d9d6443f3a673e82c38fd7dd0017f03525f100e05bc5fcf0baddb948cdeb4",
"id": "bb:503",
"start_pc": 503,
"type": "basic_block"
},
{
"end_pc": 531,
"hash": "0xaa71a205054de33589ec835473fdc578d8c5d518fbca97c609b111c4b5d7237f",
"id": "bb:523",
"start_pc": 523,
"type": "basic_block"
},
{
"end_pc": 539,
"hash": "0xb6701d2440ac796fa26fd00c5144c1da1ea113aa11d54563da929fd75db3e96a",
"id": "bb:532",
"start_pc": 532,
"type": "basic_block"
},
{
"end_pc": 712,
"hash": "0x1bf824d37500e40fbaa54fddc78cc7c83681f362412140bde6c660277afad52a",
"id": "bb:540",
"start_pc": 540,
"type": "basic_block"
},
{
"id": "call:423",
"opcode": "CALL",
"pc": 423,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2586,
"updated_at": "2026-04-04T19:58:24.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x9b1e3948d22a1a56b2c49154c8768b3826d565dc"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 423,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|proxy|delegatecall|callsite|storage slot|selector' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
710: "callsites": [
882: "dispatcher_type": "selector_jump_table",
886: "selector": "0x06fdde03"
890: "selector": "0x313ce567"
894: "selector": "0x70a08231"
898: "selector": "0x95d89b41"
902: "selector": "0xa9059cbb"
911: "selector": "0x06fdde03",
914: "delegatecall": 0,
955: "selector": "0x313ce567",
958: "delegatecall": 0,
999: "selector": "0x70a08231",
1002: "delegatecall": 0,
1043: "selector": "0x95d89b41",
1046: "delegatecall": 0,
1087: "selector": "0xa9059cbb",
1090: "delegatecall": 0,
1127: "selectors": [
1138: "delegatecall": 0,
1204: "is_proxy": false,
1603: "type": "callsite"
1612: "selector": "0x06fdde03",
1618: "selector": "0x313ce567",
1624: "selector": "0x70a08231",
1630: "selector": "0x95d89b41",
1636: "selector": "0xa9059cbb",
1646: "detector_findings": [
1649: "evidence_json": {
1688: "evidence_json": {
1728: "delegatecall_count": 0,
exec
/bin/bash -lc "sed -n '1701,1825p' BYTECODE_BUNDLE.json" in /tmp/codex-o9ngr52t
succeeded in 0ms:
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x9b1e3948d22a1a56b2c49154c8768b3826d565dc"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "node -e 'const hex="'`606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056`; const opcodes={0x00:'"'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}; const bytes=hex.match(/../g).map(x=>parseInt(x,16)); for(let pc=360;pc<440;){ const b=bytes[pc]; const name=opcodes[b]||('OP_'+b.toString(16)); let out=pc.toString().padStart(4)+': '+name; pc++; if(b>=0x60&&b<=0x7f){ const n=b-0x5f; const data=bytes.slice(pc,pc+n).map(x=>x.toString(16).padStart(2,'0')).join(''); out+=' 0x'+data; pc+=n;} console.log(out);} '" in /tmp/codex-o9ngr52t
exited 1 in 0ms:
[eval]:1
const hex=`606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056`; const opcodes={0x00:STOP,0x01:ADD,0x02:MUL,0x03:SUB,0x04:DIV,0x05:SDIV,0x06:MOD,0x07:SMOD,0x08:ADDMOD,0x09:MULMOD,0x0a:EXP,0x0b:SIGNEXTEND,0x10:LT,0x11:GT,0x12:SLT,0x13:SGT,0x14:EQ,0x15:ISZERO,0x16:AND,0x17:OR,0x18:XOR,0x19:NOT,0x1a:BYTE,0x20:SHA3,0x30:ADDRESS,0x31:BALANCE,0x32:ORIGIN,0x33:CALLER,0x34:CALLVALUE,0x35:CALLDATALOAD,0x36:CALLDATASIZE,0x37:CALLDATACOPY,0x38:CODESIZE,0x39:CODECOPY,0x3a:GASPRICE,0x3b:EXTCODESIZE,0x3c:EXTCODECOPY,0x3d:RETURNDATASIZE,0x3e:RETURNDATACOPY,0x40:BLOCKHASH,0x41:COINBASE,0x42:TIMESTAMP,0x43:NUMBER,0x44:DIFFICULTY,0x45:GASLIMIT,0x50:POP,0x51:MLOAD,0x52:MSTORE,0x53:MSTORE8,0x54:SLOAD,0x55:SSTORE,0x56:JUMP,0x57:JUMPI,0x58:PC,0x59:MSIZE,0x5a:GAS,0x5b:JUMPDEST,0x60:PUSH1,0x61:PUSH2,0x62:PUSH3,0x63:PUSH4,0x64:PUSH5,0x65:PUSH6,0x66:PUSH7,0x67:PUSH8,0x68:PUSH9,0x69:PUSH10,0x6a:PUSH11,0x6b:PUSH12,0x6c:PUSH13,0x6d:PUSH14,0x6e:PUSH15,0x6f:PUSH16,0x70:PUSH17,0x71:PUSH18,0x72:PUSH19,0x73:PUSH20,0x74:PUSH21,0x75:PUSH22,0x76:PUSH23,0x77:PUSH24,0x78:PUSH25,0x79:PUSH26,0x7a:PUSH27,0x7b:PUSH28,0x7c:PUSH29,0x7d:PUSH30,0x7e:PUSH31,0x7f:PUSH32,0x80:DUP1,0x81:DUP2,0x82:DUP3,0x83:DUP4,0x84:DUP5,0x85:DUP6,0x86:DUP7,0x87:DUP8,0x88:DUP9,0x89:DUP10,0x8a:DUP11,0x8b:DUP12,0x8c:DUP13,0x8d:DUP14,0x8e:DUP15,0x8f:DUP16,0x90:SWAP1,0x91:SWAP2,0x92:SWAP3,0x93:SWAP4,0x94:SWAP5,0x95:SWAP6,0x96:SWAP7,0x97:SWAP8,0x98:SWAP9,0x99:SWAP10,0x9a:SWAP11,0x9b:SWAP12,0x9c:SWAP13,0x9d:SWAP14,0x9e:SWAP15,0x9f:SWAP16,0xa0:LOG0,0xa1:LOG1,0xa2:LOG2,0xa3:LOG3,0xa4:LOG4,0xf0:CREATE,0xf1:CALL,0xf2:CALLCODE,0xf3:RETURN,0xf4:DELEGATECALL,0xf5:CREATE2,0xfa:STATICCALL,0xfd:REVERT,0xfe:INVALID,0xff:SELFDESTRUCT}; const bytes=hex.match(/../g).map(x=>parseInt(x,16)); for(let pc=360;pc<440;){ const b=bytes[pc]; const name=opcodes[b]||(OP_+b.toString(16)); let out=pc.toString().padStart(4)+:
SyntaxError: Unexpected token ':'
at makeContextifyScript (node:internal/vm:185:14)
at node:internal/process/execution:107:22
at [eval]-wrapper:6:24
at runScript (node:internal/process/execution:101:62)
at evalScript (node:internal/process/execution:136:3)
at node:internal/main/eval_string:53:3
Node.js v23.3.0
exec
js_repl in /tmp/codex-o9ngr52t
succeeded in 162ms:
exec
/bin/bash -lc "node <<'EOF'
const hex = '606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056';
const opcodes = {0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'};
const bytes = hex.match(/../g).map(x => parseInt(x, 16));
for (let pc = 369; pc < 440;) {
const b = bytes[pc];
let name = opcodes[b] || "'`OP_${b.toString(16)}`;
let line = `${pc}: ${name}`;
pc++;
if (b >= 0x60 && b <= 0x7f) {
const n = b - 0x5f;
const data = bytes.slice(pc, pc + n).map(x => x.toString(16).padStart(2, '"'0')).join('');
line += "'` 0x${data}`;
pc += n;
}
console.log(line);
}
EOF' in /tmp/codex-o9ngr52t
succeeded in 0ms:
369: JUMPDEST
370: PUSH1 0x40
372: MLOAD
373: DUP1
374: DUP1
375: PUSH1 0x20
377: ADD
378: DUP3
379: DUP2
380: SUB
381: DUP3
382: MSTORE
383: DUP4
384: DUP2
385: DUP2
386: MLOAD
387: DUP2
388: MSTORE
389: PUSH1 0x20
391: ADD
392: SWAP2
393: POP
394: DUP1
395: MLOAD
396: SWAP1
397: PUSH1 0x20
399: ADD
400: SWAP1
401: DUP1
402: DUP4
403: DUP4
404: DUP3
405: SWAP1
406: PUSH1 0x00
408: PUSH1 0x04
410: PUSH1 0x20
412: DUP5
413: PUSH1 0x1f
415: ADD
416: DIV
417: PUSH1 0x0f
419: MUL
420: PUSH1 0x03
422: ADD
423: CALL
424: POP
425: SWAP1
426: POP
427: SWAP1
428: DUP2
429: ADD
430: SWAP1
431: PUSH1 0x1f
433: AND
434: DUP1
435: ISZERO
436: PUSH2 0x01d1
439: JUMPI
exec
/bin/bash -lc "node <<'EOF'
const hex = '606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610123575b005b61017160008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b6101df60025460ff1681565b6101df60043560036020526000908152604090205481565b610171600180546020601f6002600019610100858716150201909316929092049182018190040260809081016040526060828152929190828280156102145780601f106101e957610100808354040283529160200191610214565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101675750600160a060020a03821660009081526040902054808201105b1561021c57610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d15780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116101f757829003601f168201915b505050505081565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056';
const opcodes = {0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'};
const bytes = hex.match(/../g).map(x => parseInt(x, 16));
for (const [start,end] of [[291,368],[540,712]]) {
console.log('RANGE',start,end);
for (let pc = start; pc < end;) {
const b = bytes[pc];
let name = opcodes[b] || "'`OP_${b.toString(16)}`;
let line = `${pc}: ${name}`;
pc++;
if (b >= 0x60 && b <= 0x7f) {
const n = b - 0x5f;
const data = bytes.slice(pc, pc + n).map(x => x.toString(16).padStart(2, '"'0')).join('');
line += "'` 0x${data}`;
pc += n;
}
console.log(line);
}
}
EOF' in /tmp/codex-o9ngr52t
succeeded in 0ms:
RANGE 291 368
291: JUMPDEST
292: PUSH2 0x0045
295: PUSH1 0x04
297: CALLDATALOAD
298: PUSH1 0x24
300: CALLDATALOAD
301: PUSH1 0x01
303: PUSH1 0xa0
305: PUSH1 0x02
307: EXP
308: SUB
309: CALLER
310: AND
311: PUSH1 0x00
313: SWAP1
314: DUP2
315: MSTORE
316: PUSH1 0x03
318: PUSH1 0x20
320: MSTORE
321: PUSH1 0x40
323: SWAP1
324: SHA3
325: SLOAD
326: DUP2
327: SWAP1
328: LT
329: DUP1
330: PUSH2 0x0167
333: JUMPI
334: POP
335: PUSH1 0x01
337: PUSH1 0xa0
339: PUSH1 0x02
341: EXP
342: SUB
343: DUP3
344: AND
345: PUSH1 0x00
347: SWAP1
348: DUP2
349: MSTORE
350: PUSH1 0x40
352: SWAP1
353: SHA3
354: SLOAD
355: DUP1
356: DUP3
357: ADD
358: LT
359: JUMPDEST
360: ISZERO
361: PUSH2 0x021c
364: JUMPI
365: PUSH2 0x0002
RANGE 540 712
540: JUMPDEST
541: DUP1
542: PUSH1 0x03
544: PUSH1 0x00
546: POP
547: PUSH1 0x00
549: CALLER
550: PUSH1 0x01
552: PUSH1 0xa0
554: PUSH1 0x02
556: EXP
557: SUB
558: AND
559: DUP2
560: MSTORE
561: PUSH1 0x20
563: ADD
564: SWAP1
565: DUP2
566: MSTORE
567: PUSH1 0x20
569: ADD
570: PUSH1 0x00
572: SHA3
573: PUSH1 0x00
575: DUP3
576: DUP3
577: DUP3
578: POP
579: SLOAD
580: SUB
581: SWAP3
582: POP
583: POP
584: DUP2
585: SWAP1
586: SSTORE
587: POP
588: DUP1
589: PUSH1 0x03
591: PUSH1 0x00
593: POP
594: PUSH1 0x00
596: DUP5
597: PUSH1 0x01
599: PUSH1 0xa0
601: PUSH1 0x02
603: EXP
604: SUB
605: AND
606: DUP2
607: MSTORE
608: PUSH1 0x20
610: ADD
611: SWAP1
612: DUP2
613: MSTORE
614: PUSH1 0x20
616: ADD
617: PUSH1 0x00
619: SHA3
620: PUSH1 0x00
622: DUP3
623: DUP3
624: DUP3
625: POP
626: SLOAD
627: ADD
628: SWAP3
629: POP
630: POP
631: DUP2
632: SWAP1
633: SSTORE
634: POP
635: DUP2
636: PUSH1 0x01
638: PUSH1 0xa0
640: PUSH1 0x02
642: EXP
643: SUB
644: AND
645: CALLER
646: PUSH1 0x01
648: PUSH1 0xa0
650: PUSH1 0x02
652: EXP
653: SUB
654: AND
655: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
688: DUP4
689: PUSH1 0x40
691: MLOAD
692: DUP1
693: DUP3
694: DUP2
695: MSTORE
696: PUSH1 0x20
698: ADD
699: SWAP2
700: POP
701: POP
702: PUSH1 0x40
704: MLOAD
705: DUP1
706: SWAP2
707: SUB
708: SWAP1
709: LOG3
710: POP
711: POP
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-o9ngr52t
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
codex
{"no_findings":false,"summary":"Reviewed BYTECODE_BUNDLE.json. The runtime matches an old non-proxy token-style contract with selectors consistent with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. The only observed `CALL` at `pc:0x1a7` is most consistent with the old Solidity string-copy helper calling precompile `0x04`, so I did not treat the detector's untrusted-CALL alert as a confirmed exploitable sink. The meaningful bytecode-backed risks are legacy calldata decoding in `transfer` and acceptance of ETH on the fallback path.","findings":[{"severity":"medium","category":"other","title":"`transfer` decodes calldata without a length check","exploit_scenario":"Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. Its entry path reads the recipient and amount directly from calldata. If an integration or user submits malformed short calldata, missing bytes are zero-padded by `CALLDATALOAD`, which can change the decoded recipient/amount pair. This is the classic short-calldata/short-address class of ERC20 issue and can cause unintended token transfers when upstream callers do not strictly ABI-encode inputs.","recommendation":"If this code is upgradeable, add an explicit `calldatasize >= 68` check before decoding `transfer` arguments, or route calls through a modern ABI decoder that reverts on malformed calldata. If it is immutable, document that only standard ABI-encoded calls are safe and avoid integrating through systems that may emit truncated calldata.","evidence":"The dispatcher only matches the 4-byte selector, then the `transfer` path begins at `pc:0x123` and immediately executes `CALLDATALOAD` for argument 1 at `pc:0x127` and argument 2 at `pc:0x12c`. There is no visible `CALLDATASIZE` guard in the function body before those loads, and failed cases revert only after balance/overflow logic.","locations":["selector:0xa9059cbb","pc:0x123","pc:0x127","pc:0x12c"]},{"severity":"low","category":"other","title":"Fallback path appears to accept ETH and likely traps it permanently","exploit_scenario":"A plain ETH transfer or a call with an unknown selector can hit the fallback path and succeed instead of reverting. Because the analyzed bytecode exposes no obvious withdrawal or rescue function, ETH sent to this contract is likely unrecoverable. Users can also attach ETH to token method calls on this legacy bytecode, causing the token action to proceed while the ETH remains stuck.","recommendation":"If the contract is upgradeable, make the fallback/receive path revert on nonzero `msg.value` or add an explicit recovery mechanism. If it is immutable, operational guidance should state that no ETH must ever be sent to this address.","evidence":"The selector jump table falls through to a `STOP` at `pc:0x45` for unmatched calls, and there is no visible `CALLVALUE` check in the dispatcher or token entry paths. The artifact marks `is_proxy=false`, and the exposed selectors do not include an obvious admin or withdrawal routine. The only `CALL` in the runtime is the old Solidity string helper around `pc:0x1a7`, not a general ETH-withdraw path.","locations":["pc:0x0","pc:0x45","pc:0x1a7"]}]}
tokens used
39,563
{
"codex": {
"ran_at": "2026-04-05T05:45:50.391381+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1428,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Reviewed BYTECODE_BUNDLE.json. The runtime matches an old non-proxy token-style contract with selectors consistent with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. The only observed `CALL` at `pc:0x1a7` is most consistent with the old Solidity string-copy helper calling precompile `0x04`, so I did not treat the detector's untrusted-CALL alert as a confirmed exploitable sink. The meaningful bytecode-backed risks are legacy calldata decoding in `transfer` and acceptance of ETH on the fallback path.",
"raw_final": {
"summary": "Reviewed BYTECODE_BUNDLE.json. The runtime matches an old non-proxy token-style contract with selectors consistent with `name`, `symbol`, `decimals`, `balanceOf`, and `transfer`. The only observed `CALL` at `pc:0x1a7` is most consistent with the old Solidity string-copy helper calling precompile `0x04`, so I did not treat the detector's untrusted-CALL alert as a confirmed exploitable sink. The meaningful bytecode-backed risks are legacy calldata decoding in `transfer` and acceptance of ETH on the fallback path.",
"findings": [
{
"title": "`transfer` decodes calldata without a length check",
"category": "other",
"evidence": "The dispatcher only matches the 4-byte selector, then the `transfer` path begins at `pc:0x123` and immediately executes `CALLDATALOAD` for argument 1 at `pc:0x127` and argument 2 at `pc:0x12c`. There is no visible `CALLDATASIZE` guard in the function body before those loads, and failed cases revert only after balance/overflow logic.",
"severity": "medium",
"locations": [
"selector:0xa9059cbb",
"pc:0x123",
"pc:0x127",
"pc:0x12c"
],
"recommendation": "If this code is upgradeable, add an explicit `calldatasize >= 68` check before decoding `transfer` arguments, or route calls through a modern ABI decoder that reverts on malformed calldata. If it is immutable, document that only standard ABI-encoded calls are safe and avoid integrating through systems that may emit truncated calldata.",
"exploit_scenario": "Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. Its entry path reads the recipient and amount directly from calldata. If an integration or user submits malformed short calldata, missing bytes are zero-padded by `CALLDATALOAD`, which can change the decoded recipient/amount pair. This is the classic short-calldata/short-address class of ERC20 issue and can cause unintended token transfers when upstream callers do not strictly ABI-encode inputs."
},
{
"title": "Fallback path appears to accept ETH and likely traps it permanently",
"category": "other",
"evidence": "The selector jump table falls through to a `STOP` at `pc:0x45` for unmatched calls, and there is no visible `CALLVALUE` check in the dispatcher or token entry paths. The artifact marks `is_proxy=false`, and the exposed selectors do not include an obvious admin or withdrawal routine. The only `CALL` in the runtime is the old Solidity string helper around `pc:0x1a7`, not a general ETH-withdraw path.",
"severity": "low",
"locations": [
"pc:0x0",
"pc:0x45",
"pc:0x1a7"
],
"recommendation": "If the contract is upgradeable, make the fallback/receive path revert on nonzero `msg.value` or add an explicit recovery mechanism. If it is immutable, operational guidance should state that no ETH must ever be sent to this address.",
"exploit_scenario": "A plain ETH transfer or a call with an unknown selector can hit the fallback path and succeed instead of reverting. Because the analyzed bytecode exposes no obvious withdrawal or rescue function, ETH sent to this contract is likely unrecoverable. Users can also attach ETH to token method calls on this legacy bytecode, causing the token action to proceed while the ETH remains stuck."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0171 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x0214 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x01e9 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x0214 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01df 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01df 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0171 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x0214 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x01e9 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x0214 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: DUP1 0000014a: PUSH2 0x0167 0000014d: JUMPI 0000014e: POP 0000014f: PUSH1 0x01 00000151: PUSH1 0xa0 00000153: PUSH1 0x02 00000155: EXP 00000156: SUB 00000157: DUP3 00000158: AND 00000159: PUSH1 0x00 0000015b: SWAP1 0000015c: DUP2 0000015d: MSTORE 0000015e: PUSH1 0x40 00000160: SWAP1 00000161: KECCAK256 00000162: SLOAD 00000163: DUP1 00000164: DUP3 00000165: ADD 00000166: LT 00000167: JUMPDEST 00000168: ISZERO 00000169: PUSH2 0x021c 0000016c: JUMPI 0000016d: PUSH2 0x0002 00000170: JUMP 00000171: JUMPDEST 00000172: PUSH1 0x40 00000174: MLOAD 00000175: DUP1 00000176: DUP1 00000177: PUSH1 0x20 00000179: ADD 0000017a: DUP3 0000017b: DUP2 0000017c: SUB 0000017d: DUP3 0000017e: MSTORE 0000017f: DUP4 00000180: DUP2 00000181: DUP2 00000182: MLOAD 00000183: DUP2 00000184: MSTORE 00000185: PUSH1 0x20 00000187: ADD 00000188: SWAP2 00000189: POP 0000018a: DUP1 0000018b: MLOAD 0000018c: SWAP1 0000018d: PUSH1 0x20 0000018f: ADD 00000190: SWAP1 00000191: DUP1 00000192: DUP4 00000193: DUP4 00000194: DUP3 00000195: SWAP1 00000196: PUSH1 0x00 00000198: PUSH1 0x04 0000019a: PUSH1 0x20 0000019c: DUP5 0000019d: PUSH1 0x1f 0000019f: ADD 000001a0: DIV 000001a1: PUSH1 0x0f 000001a3: MUL 000001a4: PUSH1 0x03 000001a6: ADD 000001a7: CALL 000001a8: POP 000001a9: SWAP1 000001aa: POP 000001ab: SWAP1 000001ac: DUP2 000001ad: ADD 000001ae: SWAP1 000001af: PUSH1 0x1f 000001b1: AND 000001b2: DUP1 000001b3: ISZERO 000001b4: PUSH2 0x01d1 000001b7: JUMPI 000001b8: DUP1 000001b9: DUP3 000001ba: SUB 000001bb: DUP1 000001bc: MLOAD 000001bd: PUSH1 0x01 000001bf: DUP4 000001c0: PUSH1 0x20 000001c2: SUB 000001c3: PUSH2 0x0100 000001c6: EXP 000001c7: SUB 000001c8: NOT 000001c9: AND 000001ca: DUP2 000001cb: MSTORE 000001cc: PUSH1 0x20 000001ce: ADD 000001cf: SWAP2 000001d0: POP 000001d1: JUMPDEST 000001d2: POP 000001d3: SWAP3 000001d4: POP 000001d5: POP 000001d6: POP 000001d7: PUSH1 0x40 000001d9: MLOAD 000001da: DUP1 000001db: SWAP2 000001dc: SUB 000001dd: SWAP1 000001de: RETURN 000001df: JUMPDEST 000001e0: PUSH1 0x60 000001e2: SWAP1 000001e3: DUP2 000001e4: MSTORE 000001e5: PUSH1 0x20 000001e7: SWAP1 000001e8: RETURN 000001e9: JUMPDEST 000001ea: DUP3 000001eb: ADD 000001ec: SWAP2 000001ed: SWAP1 000001ee: PUSH1 0x00 000001f0: MSTORE 000001f1: PUSH1 0x20 000001f3: PUSH1 0x00 000001f5: KECCAK256 000001f6: SWAP1 000001f7: JUMPDEST 000001f8: DUP2 000001f9: SLOAD 000001fa: DUP2 000001fb: MSTORE 000001fc: SWAP1 000001fd: PUSH1 0x01 000001ff: ADD 00000200: SWAP1 00000201: PUSH1 0x20 00000203: ADD 00000204: DUP1 00000205: DUP4 00000206: GT 00000207: PUSH2 0x01f7 0000020a: JUMPI 0000020b: DUP3 0000020c: SWAP1 0000020d: SUB 0000020e: PUSH1 0x1f 00000210: AND 00000211: DUP3 00000212: ADD 00000213: SWAP2 00000214: JUMPDEST 00000215: POP 00000216: POP 00000217: POP 00000218: POP 00000219: POP 0000021a: DUP2 0000021b: JUMP 0000021c: JUMPDEST 0000021d: DUP1 0000021e: PUSH1 0x03 00000220: PUSH1 0x00 00000222: POP 00000223: PUSH1 0x00 00000225: CALLER 00000226: PUSH1 0x01 00000228: PUSH1 0xa0 0000022a: PUSH1 0x02 0000022c: EXP 0000022d: SUB 0000022e: AND 0000022f: DUP2 00000230: MSTORE 00000231: PUSH1 0x20 00000233: ADD 00000234: SWAP1 00000235: DUP2 00000236: MSTORE 00000237: PUSH1 0x20 00000239: ADD 0000023a: PUSH1 0x00 0000023c: KECCAK256 0000023d: PUSH1 0x00 0000023f: DUP3 00000240: DUP3 00000241: DUP3 00000242: POP 00000243: SLOAD 00000244: SUB 00000245: SWAP3 00000246: POP 00000247: POP 00000248: DUP2 00000249: SWAP1 0000024a: SSTORE 0000024b: POP 0000024c: DUP1 0000024d: PUSH1 0x03 0000024f: PUSH1 0x00 00000251: POP 00000252: PUSH1 0x00 00000254: DUP5 00000255: PUSH1 0x01 00000257: PUSH1 0xa0 00000259: PUSH1 0x02 0000025b: EXP 0000025c: SUB 0000025d: AND 0000025e: DUP2 0000025f: MSTORE 00000260: PUSH1 0x20 00000262: ADD 00000263: SWAP1 00000264: DUP2 00000265: MSTORE 00000266: PUSH1 0x20 00000268: ADD 00000269: PUSH1 0x00 0000026b: KECCAK256 0000026c: PUSH1 0x00 0000026e: DUP3 0000026f: DUP3 00000270: DUP3 00000271: POP 00000272: SLOAD 00000273: ADD 00000274: SWAP3 00000275: POP 00000276: POP 00000277: DUP2 00000278: SWAP1 00000279: SSTORE 0000027a: POP 0000027b: DUP2 0000027c: PUSH1 0x01 0000027e: PUSH1 0xa0 00000280: PUSH1 0x02 00000282: EXP 00000283: SUB 00000284: AND 00000285: CALLER 00000286: PUSH1 0x01 00000288: PUSH1 0xa0 0000028a: PUSH1 0x02 0000028c: EXP 0000028d: SUB 0000028e: AND 0000028f: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000002b0: DUP4 000002b1: PUSH1 0x40 000002b3: MLOAD 000002b4: DUP1 000002b5: DUP3 000002b6: DUP2 000002b7: MSTORE 000002b8: PUSH1 0x20 000002ba: ADD 000002bb: SWAP2 000002bc: POP 000002bd: POP 000002be: PUSH1 0x40 000002c0: MLOAD 000002c1: DUP1 000002c2: SWAP2 000002c3: SUB 000002c4: SWAP1 000002c5: LOG3 000002c6: POP 000002c7: POP 000002c8: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13
call_targets:
0x0000000000000000000000000000000000000004, 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x9b1e3948d22a1a56b2c49154c8768b3826d565dc"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 423,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13
call_targets:
0x0000000000000000000000000000000000000004, 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xff69df060c2b7c1756b61eb6a0f5ddb0b0abbc14a045ae6f9aef3fb36e38ab13",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x9b1e3948d22a1a56b2c49154c8768b3826d565dc"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 423,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| medium | other | codex | `transfer` decodes calldata without a length check | 75 | no | — |
viewevidence_json{
"evidence": "The dispatcher only matches the 4-byte selector, then the `transfer` path begins at `pc:0x123` and immediately executes `CALLDATALOAD` for argument 1 at `pc:0x127` and argument 2 at `pc:0x12c`. There is no visible `CALLDATASIZE` guard in the function body before those loads, and failed cases revert only after balance/overflow logic.",
"locations": [
"selector:0xa9059cbb",
"pc:0x123",
"pc:0x127",
"pc:0x12c"
],
"recommendation": "If this code is upgradeable, add an explicit `calldatasize >= 68` check before decoding `transfer` arguments, or route calls through a modern ABI decoder that reverts on malformed calldata. If it is immutable, document that only standard ABI-encoded calls are safe and avoid integrating through systems that may emit truncated calldata.",
"exploit_scenario": "Best-effort selector inference identifies `0xa9059cbb` as `transfer(address,uint256)`. Its entry path reads the recipient and amount directly from calldata. If an integration or user submits malformed short calldata, missing bytes are zero-padded by `CALLDATALOAD`, which can change the decoded recipient/amount pair. This is the classic short-calldata/short-address class of ERC20 issue and can cause unintended token transfers when upstream callers do not strictly ABI-encode inputs."
}
|
| low | other | codex | Fallback path appears to accept ETH and likely traps it permanently | 65 | no | — |
viewevidence_json{
"evidence": "The selector jump table falls through to a `STOP` at `pc:0x45` for unmatched calls, and there is no visible `CALLVALUE` check in the dispatcher or token entry paths. The artifact marks `is_proxy=false`, and the exposed selectors do not include an obvious admin or withdrawal routine. The only `CALL` in the runtime is the old Solidity string helper around `pc:0x1a7`, not a general ETH-withdraw path.",
"locations": [
"pc:0x0",
"pc:0x45",
"pc:0x1a7"
],
"recommendation": "If the contract is upgradeable, make the fallback/receive path revert on nonzero `msg.value` or add an explicit recovery mechanism. If it is immutable, operational guidance should state that no ETH must ever be sent to this address.",
"exploit_scenario": "A plain ETH transfer or a call with an unknown selector can hit the fallback path and succeed instead of reverting. Because the analyzed bytecode exposes no obvious withdrawal or rescue function, ETH sent to this contract is likely unrecoverable. Users can also attach ETH to token method calls on this legacy bytecode, causing the token action to proceed while the ETH remains stuck."
}
|