019b3836-3fdf-71bd-9857-e2eaab3fa946
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 5121 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 5122 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 48864 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 48865 | capability.graph | complete | 1 / 3 | 1 week ago |
| 48866 | detector.run | complete | 1 / 3 | 1 week ago |
| 48867 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113308 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":true,"summary":"Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. This is an ERC20-like, non-proxy contract with selectors best-effort matching `name()`, `decimals()`, `balanceOf(address)`, `symbol()`, and `transfer(address,uint256)`. I did not find a meaningful reentrancy, access-control, upgradeability, signature-validation, delegatecall, or accounting-break issue from the available bytecode. The only detected `CALL` at `pc:0x1a6` (`pc:422`) appears consistent with the legacy identity precompile (`address(0x04)`) used for dynamic string copying in metadata-return paths, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` findings look like false positives from bytecode-only analysis. Transfer logic appears to check sender balance and recipient overflow before updating the two balance mapping slots. Residual uncertainty remains because this is runtime-bytecode-only analysis and selector inference / returndata semantics are heuristic.","findings":[]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-1utrrwb_
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c79-9620-7f62-b21a-4b709bde3d27
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26",
"artifact_hash": "0xafe071f33cd2e92d41078cd1d11da9317ea426c20d65cea01cb404c6e00eed00",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 24,
"hash": "0x6a350686911b120d699f8e8d1e9440d4ce17c4434492baee43484e2ef083a112",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 35,
"hash": "0x09fc75e3aa8fb02b98e24881cc463925488c7dfa7ef308570a5930c5c420c614",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 25
},
{
"end_pc": 46,
"hash": "0x976103db32485bde438fb5c3f9f54ee02f48623f2e3b08249411cd4aee3c334a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 36
},
{
"end_pc": 57,
"hash": "0x3c19c073e27395dc44272beb525b6373ad140a4045aabbd1b653e498e1806824",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 47
},
{
"end_pc": 68,
"hash": "0x94ba32cd72572b6619d5a13bdfaace6702fd36b799e35790c4fc3160c731a2e2",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 58
},
{
"end_pc": 70,
"hash": "0x55afd043d32294d5f0189f5a0aa04f3174e4c087a31c85396f49b5f17813cb96",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 69
},
{
"end_pc": 136,
"hash": "0x575a397e1852fe12f892e4de31935564849b296efc97db91ac80ba412a2dab5c",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 71
},
{
"end_pc": 144,
"hash": "0x0afe97dec15307b987dea70cca4f65fa45811abea5f5a702cf118ec3a68eb464",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 137
},
{
"end_pc": 163,
"hash": "0xc4cb4f4177eb728b0dd05ac840e47fbd41d64f66642fa8b58c5b813045f39c5e",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 145
},
{
"end_pc": 175,
"hash": "0x07ae2d457decb97e845265ba369140557af432c8d15b1c4e863d78ea27d831e6",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 164
},
{
"end_pc": 199,
"hash": "0x4fee5ba9ad9d06c8f51bc5f6688427f6f3ac8e11b82d9f8f0e9737354d3d06db",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 176
},
{
"end_pc": 262,
"hash": "0xdf8e4d5ba42ba1f434ea4331fc763c86f508f0d6beac4f52a590348301330226",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"PUSH1",
"NOT",
"PUSH2",
"OP_86",
"OP_88",
"AND",
"ISZERO",
"MUL",
"ADD",
"OP_90",
"OP_94",
"AND",
"OP_93",
"OP_90",
"OP_93",
"DIV",
"OP_92",
"OP_83",
"ADD",
"OP_81",
"OP_90",
"DIV",
"MUL",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
exec
/bin/bash -lc 'pwd && ls -la && rg --files' in /tmp/codex-1utrrwb_
succeeded in 0ms:
/tmp/codex-1utrrwb_
total 80
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 07:09 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 07:09 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 44271 Apr 5 07:09 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 07:09 codex-output-schema.json
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 200
},
{
"end_pc": 270,
"hash": "0xbb28d104147740e34eeb422671891e1d538e03ef611a4ac79d50e627bd5012b1",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 263
},
{
"end_pc": 289,
"hash": "0xdd378fce7b55544f44d7f0d190d4ad5e9d9477537f3d31e0a50bdf9df740ae71",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 271
},
{
"end_pc": 332,
"hash": "0xc953ecd87e22f7df2252a3fa03ed59895720c1af05f9e2b4f8f4c33e6dabd3c0",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"OP_80",
"PUSH2",
"JUMPI"
],
"start_pc": 290
},
{
"end_pc": 357,
"hash": "0x1d936d270dd556890f5d628b06f1df0f1d6688f4b63280d8e77dc15b22e06e80",
"opcodes": [
"POP",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT"
],
"start_pc": 333
},
{
"end_pc": 363,
"hash": "0xe6913152057f62254de7762d0d9d61a6079c52e749d196a8024d46d59c9d2d2d",
"opcodes": [
"JUMPDEST",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 358
},
{
"end_pc": 367,
"hash": "0xd521bef609f0c2d060476550763a7b41800e5fbb96a5a4b1f938e3a9ec1bfaf3",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 364
},
{
"end_pc": 438,
"hash": "0x64ee4263c0df053af2281f31a97deaac137e642a49a14c61b31bcf8eeffbc115",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 368
},
{
"end_pc": 463,
"hash": "0xc5d33dda268cd327b49438a2ae7c34706328c80b90acc90bd6a8bd98fc2e0ef4",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 439
},
{
"end_pc": 477,
"hash": "0xeaadc2392f9640cdc545a7e3495f5d07d513f75694b99e4ddca61053f97e2e80",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 464
},
{
"end_pc": 487,
"hash": "0x16622883f5db0ee97b6a78f845dac71e0f8d878a005d1e34a77c4b98dbbcc78e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 478
},
{
"end_pc": 585,
"hash": "0x63ade9e578cec65c2073abcdcea185c437269ab1c78b951b6fab84e4f2933583",
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 488
},
{
"end_pc": 599,
"hash": "0x5cd93f90fb25d806342d7b56bf64d3c2f65721b6b635c6fb605bc8fba68c93e4",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 586
},
{
"end_pc": 619,
"hash": "0x96cce66d763f6f6f5a985fe8648390d732abf5b6b60755e03b9d7a07fb8ae913",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 600
},
{
"end_pc": 628,
"hash": "0x1a833ccd90aef753ab339b70f12552611bab8d225892fd955c7aa82c774689fa",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 620
},
{
"end_pc": 636,
"hash": "0x0b6b87f9afcefe8746e938689620f0ad9bde30ad848451c61dc7b5296b771925",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 629
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 422,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:290",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:586",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:263",
"type": "control_flow_fallthrough"
},
{
"from": "bb:263",
"to": "bb:586",
"type": "control_flow"
},
{
"from": "bb:263",
"to": "bb:271",
"type": "control_flow_fallthrough"
},
{
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
"from": "bb:271",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:290",
"to": "bb:358",
"type": "control_flow"
},
{
"from": "bb:290",
"to": "bb:333",
"type": "control_flow_fallthrough"
},
{
"from": "bb:333",
"to": "bb:358",
"type": "control_flow_fallthrough"
},
{
"from": "bb:358",
"to": "bb:488",
"type": "control_flow"
},
{
"from": "bb:358",
"to": "bb:364",
"type": "control_flow_fallthrough"
},
{
"from": "bb:368",
"to": "bb:464",
"type": "control_flow"
},
{
"from": "bb:368",
"to": "bb:439",
"type": "control_flow_fallthrough"
},
{
"from": "bb:439",
"to": "bb:464",
"type": "control_flow_fallthrough"
},
{
"from": "bb:586",
"to": "bb:600",
"type": "control_flow_fallthrough"
},
{
"from": "bb:600",
"to": "bb:600",
"type": "control_flow"
},
{
"from": "bb:600",
"to": "bb:620",
"type": "control_flow_fallthrough"
},
{
"from": "bb:620",
"to": "bb:629",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x1b1917b74682cc87806027d14dfdbb730a6b0cd9cacea97615343d7bb1f9b605",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": null,
"selector": "0xa9059cbb"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
},
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0xa9059cbb",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
}
}
],
"selectors": [
"0x06fdde03",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 6,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 78,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 150,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 170,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 207,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
}
],
"writes": 2
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0x58d2ecef97f091ac58068fd594c0714409a534dfa51e7c669c2d82dc4a1c84b2",
"created_at": "2026-04-04T19:59:35.000000Z",
"id": 2716,
"updated_at": "2026-04-04T19:59:35.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:58.000000Z",
"id": "019b3836-3fdf-71bd-9857-e2eaab3fa946",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:59:35.000000Z"
},
"artifact": {
"codehash": "0x58d2ecef97f091ac58068fd594c0714409a534dfa51e7c669c2d82dc4a1c84b2",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405260e060020a600035046306fdde038114610047578063313ce567146100a457806370a08231146100b057806395d89b41146100c8578063a9059cbb14610122575b005b61017060008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156102755780601f1061024a57610100808354040283529160200191610275565b6101de60025460ff1681565b6101de60043560036020526000908152604090205481565b6101706001805460806020601f6002600019610100868816150201909416939093049283018190040281016040526060828152929190828280156102755780601f1061024a57610100808354040283529160200191610275565b610045600435602435600160a060020a033316600090815260036020526040902054819010806101665750600160a060020a03821660009081526040902054808201105b156101e857610002565b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156101d05780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6060908152602090f35b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a031681526020019081526020016000206000828282505401925050819055505050565b820191906000526020600020905b81548152906001019060200180831161025857829003601f168201915b50505050508156",
"head": null,
"length": 1276,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26",
"block_number": null,
"chain_id": 1,
"codehash": "0x58d2ecef97f091ac58068fd594c0714409a534dfa51e7c669c2d82dc4a1c84b2",
"created_at": "2026-04-04T19:59:35.000000Z",
"graph_hash": "0xae29f7ee5879fd6b940dee060db898d5123a56bba2e61d05f0059a668e940b3f",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:71",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:25",
"type": "control_flow_fallthrough"
},
{
"from": "bb:25",
"to": "bb:164",
"type": "control_flow"
},
{
"from": "bb:25",
"to": "bb:36",
"type": "control_flow_fallthrough"
},
{
"from": "bb:36",
"to": "bb:176",
"type": "control_flow"
},
{
"from": "bb:36",
"to": "bb:47",
"type": "control_flow_fallthrough"
},
{
"from": "bb:47",
"to": "bb:200",
"type": "control_flow"
},
{
"from": "bb:47",
"to": "bb:58",
"type": "control_flow_fallthrough"
},
{
"from": "bb:58",
"to": "bb:290",
"type": "control_flow"
},
{
"from": "bb:58",
"to": "bb:69",
"type": "control_flow_fallthrough"
},
{
"from": "bb:71",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:71",
"to": "bb:137",
"type": "control_flow_fallthrough"
},
{
"from": "bb:137",
"to": "bb:586",
"type": "control_flow"
},
{
"from": "bb:137",
"to": "bb:145",
"type": "control_flow_fallthrough"
},
{
"from": "bb:145",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:200",
"to": "bb:263",
"type": "control_flow_fallthrough"
},
{
"from": "bb:263",
"to": "bb:586",
"type": "control_flow"
},
{
"from": "bb:263",
"to": "bb:271",
"type": "control_flow_fallthrough"
},
{
"from": "bb:271",
"to": "bb:629",
"type": "control_flow"
},
{
"from": "bb:290",
"to": "bb:358",
"type": "control_flow"
},
{
"from": "bb:290",
"to": "bb:333",
"type": "control_flow_fallthrough"
},
{
"from": "bb:333",
"to": "bb:358",
exec
/bin/bash -lc "rg -n 'detector|finding|evidence|callsites|proxy|delegatecall|reentr' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
675: "callsites": [
879: "delegatecall": 0,
923: "delegatecall": 0,
967: "delegatecall": 0,
1011: "delegatecall": 0,
1055: "delegatecall": 0,
1103: "delegatecall": 0,
1169: "is_proxy": false,
1611: "detector_findings": [
1614: "evidence_json": {
1653: "evidence_json": {
1693: "delegatecall_count": 0,
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "sed -n '1580,1725p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
{
"entry_pc": 1889567281,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 2715,
"updated_at": "2026-04-04T19:59:35.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 422,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 422,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "sed -n '1726,1785p' BYTECODE_BUNDLE.json" in /tmp/codex-1utrrwb_
succeeded in 0ms:
exec
/bin/bash -lc 'which evm || true' in /tmp/codex-1utrrwb_
succeeded in 0ms:
exec
/bin/bash -lc 'which cast || true' in /tmp/codex-1utrrwb_
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
exec
/bin/bash -lc 'which hevm || true' in /tmp/codex-1utrrwb_
succeeded in 0ms:
exec
/bin/bash -lc "cast --help | sed -n '1,220p'" in /tmp/codex-1utrrwb_
succeeded in 0ms:
A Swiss Army knife for interacting with Ethereum applications from the command line
Usage: cast [OPTIONS] <COMMAND>
Commands:
4byte Get the function signatures for the given selector from
<https://openchain.xyz> [aliases: 4, 4b]
4byte-calldata Decode ABI-encoded calldata using <https://openchain.xyz> [aliases: 4c,
4bc]
4byte-event Get the event signature for a given topic 0 from <https://openchain.xyz>
[aliases: 4e, 4be, topic0-event, t0e]
abi-encode ABI encode the given function argument, excluding the selector [aliases:
ae]
abi-encode-event ABI encode an event and its arguments to generate topics and data [aliases:
aee]
access-list Create an access list for a transaction [aliases: ac, acl]
address-zero Prints the zero address [aliases: --address-zero, az]
admin Fetch the EIP-1967 admin account [aliases: adm]
age Get the timestamp of a block [aliases: a]
artifact Generate an artifact file, that can be used to deploy a contract locally
[aliases: ar]
b2e-payload Convert Beacon payload to execution payload [aliases: b2e]
balance Get the balance of an account in wei [aliases: b]
base-fee Get the basefee of a block [aliases: ba, fee, basefee]
bind Generate a rust binding from a given ABI [aliases: bi]
block Get information about a block [aliases: bl]
block-number Get the latest block number [aliases: bn]
call Perform a call on an account without publishing a transaction [aliases: c]
calldata ABI-encode a function with arguments [aliases: cd]
chain Get the symbolic name of the current chain
chain-id Get the Ethereum chain ID [aliases: ci, cid]
client Get the current client version [aliases: cl]
code Get the runtime bytecode of a contract [aliases: co]
codehash Get the codehash for an account
codesize Get the runtime bytecode size of a contract [aliases: cs]
completions Generate shell completions script [aliases: com]
compute-address Compute the contract address from a given nonce and deployer address
[aliases: ca]
concat-hex Concatenate hex strings [aliases: --concat-hex, ch]
constructor-args Display constructor arguments used for the contract initialization
[aliases: cra]
create2 Generate a deterministic contract address using CREATE2 [aliases: c2]
creation-code Download a contract creation code from Etherscan and RPC [aliases: cc]
da-estimate Estimates the data availability size of a given opstack block
decode-abi Decode ABI-encoded input or output data [aliases: abi-decode, --abi-decode,
ad]
decode-calldata Decode ABI-encoded input data [aliases: calldata-decode, --calldata-decode,
cdd]
decode-error Decode custom error data [aliases: error-decode, --error-decode, erd]
decode-event Decode event data [aliases: event-decode, --event-decode, ed]
decode-string Decode ABI-encoded string [aliases: string-decode, --string-decode, sd]
decode-transaction Decodes a raw signed EIP 2718 typed transaction [aliases: dt, decode-tx]
disassemble Disassembles a hex-encoded bytecode into a human-readable representation
[aliases: da]
erc20-token ERC20 token operations [aliases: erc20]
estimate Estimate the gas cost of a transaction [aliases: e]
find-block Get the block number closest to the provided timestamp [aliases: f]
format-bytes32-string Formats a string into bytes32 encoding [aliases: --format-bytes32-string]
format-units Format a number from smallest unit to decimal with arbitrary decimals
[aliases: --format-units, fun]
from-bin Convert binary data into hex data [aliases: --from-bin, from-binx, fb]
from-fixed-point Convert a fixed point number into an integer [aliases: --from-fix, ff]
from-rlp Decodes RLP hex-encoded data [aliases: --from-rlp]
from-utf8 Convert UTF8 text to hex [aliases: --from-ascii, --from-utf8, from-ascii,
fu, fa]
from-wei Convert wei into an ETH amount [aliases: --from-wei, fw]
gas-price Get the current gas price [aliases: g]
hash-message Hash a message according to EIP-191 [aliases: --hash-message, hm]
hash-zero Prints the zero hash [aliases: --hash-zero, hz]
help Print this message or the help of the given subcommand(s)
implementation Fetch the EIP-1967 implementation for a contract Can read from the
implementation slot or the beacon slot [aliases: impl]
index Compute the storage slot for an entry in a mapping [aliases: in]
index-erc7201 Compute storage slots as specified by `ERC-7201: Namespaced Storage Layout`
[aliases: index7201, in7201]
interface Generate a Solidity interface from a given ABI [aliases: i]
keccak Hash arbitrary data using Keccak-256 [aliases: k, keccak256]
logs Get logs by signature or topic [aliases: l]
lookup-address Perform an ENS reverse lookup [aliases: la]
max-int Prints the maximum value of the given integer type [aliases: --max-int,
maxi]
max-uint Prints the maximum value of the given integer type [aliases: --max-uint,
maxu]
min-int Prints the minimum value of the given integer type [aliases: --min-int,
mini]
mktx Build and sign a transaction [aliases: m]
namehash Calculate the ENS namehash of a name [aliases: na, nh]
nonce Get the nonce for an account [aliases: n]
pad Pads hex data to a specified length [aliases: pd]
parse-bytes32-address Parses a checksummed address from bytes32 encoding. [aliases:
--parse-bytes32-address]
parse-bytes32-string Parses a string from bytes32 encoding [aliases: --parse-bytes32-string]
parse-units Convert a number from decimal to smallest unit with arbitrary decimals
[aliases: --parse-units, pun]
pretty-calldata Pretty print calldata [aliases: pc]
proof Generate a storage proof for a given storage slot [aliases: pr]
publish Publish a raw transaction to the network [aliases: p]
receipt Get the transaction receipt for a transaction [aliases: re]
recover-authority Recovery an EIP-7702 authority from a Authorization JSON string [aliases:
decode-auth]
resolve-name Perform an ENS lookup [aliases: rn]
rpc Perform a raw JSON-RPC request [aliases: rp]
run Runs a published transaction in a local environment and prints the trace
[aliases: r]
selectors Extracts function selectors and arguments from bytecode [aliases: sel]
send Sign and publish a transaction [aliases: s]
shl Perform a left shifting operation
shr Perform a right shifting operation
sig Get the selector for a function [aliases: si]
sig-event Generate event signatures from event string [aliases: se]
source Get the source code of a contract from a block explorer [aliases: et, src]
storage Get the raw value of a contract's storage slot [aliases: st]
storage-root Get the storage root for an account [aliases: sr]
to-ascii Convert hex data to an ASCII string [aliases: --to-ascii, tas, 2as]
to-base Converts a number of one base to another [aliases: --to-base, --to-radix,
to-radix, tr, 2r]
to-bytes32 Right-pads hex data to 32 bytes [aliases: --to-bytes32, tb, 2b]
to-check-sum-address Convert an address to a checksummed format (EIP-55) [aliases:
--to-checksum-address, --to-checksum, to-checksum, ta, 2a]
to-dec Converts a number of one base to decimal [aliases: --to-dec, td, 2d]
to-fixed-point Convert an integer into a fixed point number [aliases: --to-fix, tf, 2f]
to-hex Converts a number of one base to another [aliases: --to-hex, th, 2h]
to-hexdata Normalize the input to lowercase, 0x-prefixed hex [aliases: --to-hexdata,
thd, 2hd]
to-int256 Convert a number to a hex-encoded int256 [aliases: --to-int256, ti, 2i]
to-rlp RLP encodes hex data, or an array of hex data [aliases: --to-rlp]
to-uint256 Convert a number to a hex-encoded uint256 [aliases: --to-uint256, tu, 2u]
to-unit Convert an ETH amount into another unit (ether, gwei or wei) [aliases:
--to-unit, tun, 2un]
to-utf8 Convert hex data to a utf-8 string [aliases: --to-utf8, tu8, 2u8]
to-wei Convert an ETH amount to wei [aliases: --to-wei, tw, 2w]
trace CLI arguments for `cast trace`
tx Get information about a transaction [aliases: t]
tx-pool Inspect the TxPool of a node [aliases: tp]
upload-signature Upload the given signatures to <https://openchain.xyz> [aliases: ups]
wallet Wallet management utilities [aliases: w]
Options:
-h, --help
Print help (see a summary with '-h')
-j, --threads <THREADS>
Number of threads to use. Specifying 0 defaults to the number of logical cores
[aliases: --jobs]
-V, --version
Print version
Display options:
--color <COLOR>
The color of the log messages
Possible values:
- auto: Intelligently guess whether to use color output (default)
- always: Force color output
- never: Force disable color output
--json
Format log messages as JSON
--md
Format log messages as Markdown
-q, --quiet
Do not print log messages
-v, --verbosity...
Verbosity level of the log messages.
Pass multiple times to increase the verbosity (e.g. -v, -vv, -vvv).
Depending on the context the verbosity levels have different meanings.
For example, the verbosity levels of the EVM are:
- 2 (-vv): Print logs for all tests.
- 3 (-vvv): Print execution traces for failing tests.
- 4 (-vvvv): Print execution traces for all tests, and setup traces for failing tests.
- 5 (-vvvvv): Print execution and setup traces for all tests, including storage changes
and
backtraces with line numbers.
Find more information in the book: https://getfoundry.sh/cast/overview
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1,220p'" in /tmp/codex-1utrrwb_
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0xe0
00000007: PUSH1 0x02
00000009: EXP
0000000a: PUSH1 0x00
0000000c: CALLDATALOAD
0000000d: DIV
0000000e: PUSH4 0x06fdde03
00000013: DUP2
00000014: EQ
00000015: PUSH2 0x0047
00000018: JUMPI
00000019: DUP1
0000001a: PUSH4 0x313ce567
0000001f: EQ
00000020: PUSH2 0x00a4
00000023: JUMPI
00000024: DUP1
00000025: PUSH4 0x70a08231
0000002a: EQ
0000002b: PUSH2 0x00b0
0000002e: JUMPI
0000002f: DUP1
00000030: PUSH4 0x95d89b41
00000035: EQ
00000036: PUSH2 0x00c8
00000039: JUMPI
0000003a: DUP1
0000003b: PUSH4 0xa9059cbb
00000040: EQ
00000041: PUSH2 0x0122
00000044: JUMPI
00000045: JUMPDEST
00000046: STOP
00000047: JUMPDEST
00000048: PUSH2 0x0170
0000004b: PUSH1 0x00
0000004d: DUP1
0000004e: SLOAD
0000004f: PUSH1 0x20
00000051: PUSH1 0x02
00000053: PUSH1 0x01
00000055: DUP4
00000056: AND
00000057: ISZERO
00000058: PUSH2 0x0100
0000005b: MUL
0000005c: PUSH1 0x00
0000005e: NOT
0000005f: ADD
00000060: SWAP1
00000061: SWAP3
00000062: AND
00000063: SWAP2
00000064: SWAP1
00000065: SWAP2
00000066: DIV
00000067: PUSH1 0x1f
00000069: DUP2
0000006a: ADD
0000006b: DUP3
0000006c: SWAP1
0000006d: DIV
0000006e: SWAP1
0000006f: SWAP2
00000070: MUL
00000071: PUSH1 0x80
00000073: SWAP1
00000074: DUP2
00000075: ADD
00000076: PUSH1 0x40
00000078: MSTORE
00000079: PUSH1 0x60
0000007b: DUP3
0000007c: DUP2
0000007d: MSTORE
0000007e: SWAP3
0000007f: SWAP2
00000080: SWAP1
00000081: DUP3
00000082: DUP3
00000083: DUP1
00000084: ISZERO
00000085: PUSH2 0x0275
00000088: JUMPI
00000089: DUP1
0000008a: PUSH1 0x1f
0000008c: LT
0000008d: PUSH2 0x024a
00000090: JUMPI
00000091: PUSH2 0x0100
00000094: DUP1
00000095: DUP4
00000096: SLOAD
00000097: DIV
00000098: MUL
00000099: DUP4
0000009a: MSTORE
0000009b: SWAP2
0000009c: PUSH1 0x20
0000009e: ADD
0000009f: SWAP2
000000a0: PUSH2 0x0275
000000a3: JUMP
000000a4: JUMPDEST
000000a5: PUSH2 0x01de
000000a8: PUSH1 0x02
000000aa: SLOAD
000000ab: PUSH1 0xff
000000ad: AND
000000ae: DUP2
000000af: JUMP
000000b0: JUMPDEST
000000b1: PUSH2 0x01de
000000b4: PUSH1 0x04
000000b6: CALLDATALOAD
000000b7: PUSH1 0x03
000000b9: PUSH1 0x20
000000bb: MSTORE
000000bc: PUSH1 0x00
000000be: SWAP1
000000bf: DUP2
000000c0: MSTORE
000000c1: PUSH1 0x40
000000c3: SWAP1
000000c4: KECCAK256
000000c5: SLOAD
000000c6: DUP2
000000c7: JUMP
000000c8: JUMPDEST
000000c9: PUSH2 0x0170
000000cc: PUSH1 0x01
000000ce: DUP1
000000cf: SLOAD
000000d0: PUSH1 0x80
000000d2: PUSH1 0x20
000000d4: PUSH1 0x1f
000000d6: PUSH1 0x02
000000d8: PUSH1 0x00
000000da: NOT
000000db: PUSH2 0x0100
000000de: DUP7
000000df: DUP9
000000e0: AND
000000e1: ISZERO
000000e2: MUL
000000e3: ADD
000000e4: SWAP1
000000e5: SWAP5
000000e6: AND
000000e7: SWAP4
000000e8: SWAP1
000000e9: SWAP4
000000ea: DIV
000000eb: SWAP3
000000ec: DUP4
000000ed: ADD
000000ee: DUP2
000000ef: SWAP1
000000f0: DIV
000000f1: MUL
000000f2: DUP2
000000f3: ADD
000000f4: PUSH1 0x40
000000f6: MSTORE
000000f7: PUSH1 0x60
000000f9: DUP3
000000fa: DUP2
000000fb: MSTORE
000000fc: SWAP3
000000fd: SWAP2
000000fe: SWAP1
000000ff: DUP3
00000100: DUP3
00000101: DUP1
00000102: ISZERO
00000103: PUSH2 0x0275
00000106: JUMPI
00000107: DUP1
00000108: PUSH1 0x1f
0000010a: LT
0000010b: PUSH2 0x024a
0000010e: JUMPI
0000010f: PUSH2 0x0100
00000112: DUP1
00000113: DUP4
00000114: SLOAD
00000115: DIV
00000116: MUL
00000117: DUP4
00000118: MSTORE
00000119: SWAP2
0000011a: PUSH1 0x20
0000011c: ADD
0000011d: SWAP2
0000011e: PUSH2 0x0275
00000121: JUMP
00000122: JUMPDEST
00000123: PUSH2 0x0045
00000126: PUSH1 0x04
00000128: CALLDATALOAD
00000129: PUSH1 0x24
0000012b: CALLDATALOAD
0000012c: PUSH1 0x01
0000012e: PUSH1 0xa0
00000130: PUSH1 0x02
00000132: EXP
00000133: SUB
00000134: CALLER
00000135: AND
00000136: PUSH1 0x00
00000138: SWAP1
00000139: DUP2
0000013a: MSTORE
0000013b: PUSH1 0x03
0000013d: PUSH1 0x20
0000013f: MSTORE
00000140: PUSH1 0x40
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '221,420p'" in /tmp/codex-1utrrwb_
succeeded in 0ms:
00000142: SWAP1
00000143: KECCAK256
00000144: SLOAD
00000145: DUP2
00000146: SWAP1
00000147: LT
00000148: DUP1
00000149: PUSH2 0x0166
0000014c: JUMPI
0000014d: POP
0000014e: PUSH1 0x01
00000150: PUSH1 0xa0
00000152: PUSH1 0x02
00000154: EXP
00000155: SUB
00000156: DUP3
00000157: AND
00000158: PUSH1 0x00
0000015a: SWAP1
0000015b: DUP2
0000015c: MSTORE
0000015d: PUSH1 0x40
0000015f: SWAP1
00000160: KECCAK256
00000161: SLOAD
00000162: DUP1
00000163: DUP3
00000164: ADD
00000165: LT
00000166: JUMPDEST
00000167: ISZERO
00000168: PUSH2 0x01e8
0000016b: JUMPI
0000016c: PUSH2 0x0002
0000016f: JUMP
00000170: JUMPDEST
00000171: PUSH1 0x40
00000173: MLOAD
00000174: DUP1
00000175: DUP1
00000176: PUSH1 0x20
00000178: ADD
00000179: DUP3
0000017a: DUP2
0000017b: SUB
0000017c: DUP3
0000017d: MSTORE
0000017e: DUP4
0000017f: DUP2
00000180: DUP2
00000181: MLOAD
00000182: DUP2
00000183: MSTORE
00000184: PUSH1 0x20
00000186: ADD
00000187: SWAP2
00000188: POP
00000189: DUP1
0000018a: MLOAD
0000018b: SWAP1
0000018c: PUSH1 0x20
0000018e: ADD
0000018f: SWAP1
00000190: DUP1
00000191: DUP4
00000192: DUP4
00000193: DUP3
00000194: SWAP1
00000195: PUSH1 0x00
00000197: PUSH1 0x04
00000199: PUSH1 0x20
0000019b: DUP5
0000019c: PUSH1 0x1f
0000019e: ADD
0000019f: DIV
000001a0: PUSH1 0x0f
000001a2: MUL
000001a3: PUSH1 0x03
000001a5: ADD
000001a6: CALL
000001a7: POP
000001a8: SWAP1
000001a9: POP
000001aa: SWAP1
000001ab: DUP2
000001ac: ADD
000001ad: SWAP1
000001ae: PUSH1 0x1f
000001b0: AND
000001b1: DUP1
000001b2: ISZERO
000001b3: PUSH2 0x01d0
000001b6: JUMPI
000001b7: DUP1
000001b8: DUP3
000001b9: SUB
000001ba: DUP1
000001bb: MLOAD
000001bc: PUSH1 0x01
000001be: DUP4
000001bf: PUSH1 0x20
000001c1: SUB
000001c2: PUSH2 0x0100
000001c5: EXP
000001c6: SUB
000001c7: NOT
000001c8: AND
000001c9: DUP2
000001ca: MSTORE
000001cb: PUSH1 0x20
000001cd: ADD
000001ce: SWAP2
000001cf: POP
000001d0: JUMPDEST
000001d1: POP
000001d2: SWAP3
000001d3: POP
000001d4: POP
000001d5: POP
000001d6: PUSH1 0x40
000001d8: MLOAD
000001d9: DUP1
000001da: SWAP2
000001db: SUB
000001dc: SWAP1
000001dd: RETURN
000001de: JUMPDEST
000001df: PUSH1 0x60
000001e1: SWAP1
000001e2: DUP2
000001e3: MSTORE
000001e4: PUSH1 0x20
000001e6: SWAP1
000001e7: RETURN
000001e8: JUMPDEST
000001e9: DUP1
000001ea: PUSH1 0x03
000001ec: PUSH1 0x00
000001ee: POP
000001ef: PUSH1 0x00
000001f1: CALLER
000001f2: PUSH1 0x01
000001f4: PUSH1 0xa0
000001f6: PUSH1 0x02
000001f8: EXP
000001f9: SUB
000001fa: AND
000001fb: DUP2
000001fc: MSTORE
000001fd: PUSH1 0x20
000001ff: ADD
00000200: SWAP1
00000201: DUP2
00000202: MSTORE
00000203: PUSH1 0x20
00000205: ADD
00000206: PUSH1 0x00
00000208: KECCAK256
00000209: PUSH1 0x00
0000020b: DUP3
0000020c: DUP3
0000020d: DUP3
0000020e: POP
0000020f: SLOAD
00000210: SUB
00000211: SWAP3
00000212: POP
00000213: POP
00000214: DUP2
00000215: SWAP1
00000216: SSTORE
00000217: POP
00000218: DUP1
00000219: PUSH1 0x03
0000021b: PUSH1 0x00
0000021d: POP
0000021e: PUSH1 0x00
00000220: DUP5
00000221: PUSH1 0x01
00000223: PUSH1 0xa0
00000225: PUSH1 0x02
00000227: EXP
00000228: SUB
00000229: AND
0000022a: DUP2
0000022b: MSTORE
0000022c: PUSH1 0x20
0000022e: ADD
0000022f: SWAP1
00000230: DUP2
00000231: MSTORE
00000232: PUSH1 0x20
00000234: ADD
00000235: PUSH1 0x00
00000237: KECCAK256
00000238: PUSH1 0x00
0000023a: DUP3
0000023b: DUP3
0000023c: DUP3
0000023d: POP
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '421,520p'" in /tmp/codex-1utrrwb_
succeeded in 0ms:
0000023e: SLOAD
0000023f: ADD
00000240: SWAP3
00000241: POP
00000242: POP
00000243: DUP2
00000244: SWAP1
00000245: SSTORE
00000246: POP
00000247: POP
00000248: POP
00000249: JUMP
0000024a: JUMPDEST
0000024b: DUP3
0000024c: ADD
0000024d: SWAP2
0000024e: SWAP1
0000024f: PUSH1 0x00
00000251: MSTORE
00000252: PUSH1 0x20
00000254: PUSH1 0x00
00000256: KECCAK256
00000257: SWAP1
00000258: JUMPDEST
00000259: DUP2
0000025a: SLOAD
0000025b: DUP2
0000025c: MSTORE
0000025d: SWAP1
0000025e: PUSH1 0x01
00000260: ADD
00000261: SWAP1
00000262: PUSH1 0x20
00000264: ADD
00000265: DUP1
00000266: DUP4
00000267: GT
00000268: PUSH2 0x0258
0000026b: JUMPI
0000026c: DUP3
0000026d: SWAP1
0000026e: SUB
0000026f: PUSH1 0x1f
00000271: AND
00000272: DUP3
00000273: ADD
00000274: SWAP2
00000275: JUMPDEST
00000276: POP
00000277: POP
00000278: POP
00000279: POP
0000027a: POP
0000027b: DUP2
0000027c: JUMP
codex
{"no_findings":true,"summary":"Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. This is an ERC20-like, non-proxy contract with selectors best-effort matching `name()`, `decimals()`, `balanceOf(address)`, `symbol()`, and `transfer(address,uint256)`. I did not find a meaningful reentrancy, access-control, upgradeability, signature-validation, delegatecall, or accounting-break issue from the available bytecode. The only detected `CALL` at `pc:0x1a6` (`pc:422`) appears consistent with the legacy identity precompile (`address(0x04)`) used for dynamic string copying in metadata-return paths, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` findings look like false positives from bytecode-only analysis. Transfer logic appears to check sender balance and recipient overflow before updating the two balance mapping slots. Residual uncertainty remains because this is runtime-bytecode-only analysis and selector inference / returndata semantics are heuristic.","findings":[]}
tokens used
24,729
{
"codex": {
"ran_at": "2026-04-05T07:10:28.699032+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 1276,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. This is an ERC20-like, non-proxy contract with selectors best-effort matching `name()`, `decimals()`, `balanceOf(address)`, `symbol()`, and `transfer(address,uint256)`. I did not find a meaningful reentrancy, access-control, upgradeability, signature-validation, delegatecall, or accounting-break issue from the available bytecode. The only detected `CALL` at `pc:0x1a6` (`pc:422`) appears consistent with the legacy identity precompile (`address(0x04)`) used for dynamic string copying in metadata-return paths, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` findings look like false positives from bytecode-only analysis. Transfer logic appears to check sender balance and recipient overflow before updating the two balance mapping slots. Residual uncertainty remains because this is runtime-bytecode-only analysis and selector inference / returndata semantics are heuristic.",
"raw_final": {
"summary": "Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. This is an ERC20-like, non-proxy contract with selectors best-effort matching `name()`, `decimals()`, `balanceOf(address)`, `symbol()`, and `transfer(address,uint256)`. I did not find a meaningful reentrancy, access-control, upgradeability, signature-validation, delegatecall, or accounting-break issue from the available bytecode. The only detected `CALL` at `pc:0x1a6` (`pc:422`) appears consistent with the legacy identity precompile (`address(0x04)`) used for dynamic string copying in metadata-return paths, so the detector's `Untrusted CALL target/value reachable` and `ETH value transfer possible` findings look like false positives from bytecode-only analysis. Transfer logic appears to check sender balance and recipient overflow before updating the two balance mapping slots. Residual uncertainty remains because this is runtime-bytecode-only analysis and selector inference / returndata semantics are heuristic.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0122 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0170 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x0275 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x024a 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x0275 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01de 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01de 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0170 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x80 000000d2: PUSH1 0x20 000000d4: PUSH1 0x1f 000000d6: PUSH1 0x02 000000d8: PUSH1 0x00 000000da: NOT 000000db: PUSH2 0x0100 000000de: DUP7 000000df: DUP9 000000e0: AND 000000e1: ISZERO 000000e2: MUL 000000e3: ADD 000000e4: SWAP1 000000e5: SWAP5 000000e6: AND 000000e7: SWAP4 000000e8: SWAP1 000000e9: SWAP4 000000ea: DIV 000000eb: SWAP3 000000ec: DUP4 000000ed: ADD 000000ee: DUP2 000000ef: SWAP1 000000f0: DIV 000000f1: MUL 000000f2: DUP2 000000f3: ADD 000000f4: PUSH1 0x40 000000f6: MSTORE 000000f7: PUSH1 0x60 000000f9: DUP3 000000fa: DUP2 000000fb: MSTORE 000000fc: SWAP3 000000fd: SWAP2 000000fe: SWAP1 000000ff: DUP3 00000100: DUP3 00000101: DUP1 00000102: ISZERO 00000103: PUSH2 0x0275 00000106: JUMPI 00000107: DUP1 00000108: PUSH1 0x1f 0000010a: LT 0000010b: PUSH2 0x024a 0000010e: JUMPI 0000010f: PUSH2 0x0100 00000112: DUP1 00000113: DUP4 00000114: SLOAD 00000115: DIV 00000116: MUL 00000117: DUP4 00000118: MSTORE 00000119: SWAP2 0000011a: PUSH1 0x20 0000011c: ADD 0000011d: SWAP2 0000011e: PUSH2 0x0275 00000121: JUMP 00000122: JUMPDEST 00000123: PUSH2 0x0045 00000126: PUSH1 0x04 00000128: CALLDATALOAD 00000129: PUSH1 0x24 0000012b: CALLDATALOAD 0000012c: PUSH1 0x01 0000012e: PUSH1 0xa0 00000130: PUSH1 0x02 00000132: EXP 00000133: SUB 00000134: CALLER 00000135: AND 00000136: PUSH1 0x00 00000138: SWAP1 00000139: DUP2 0000013a: MSTORE 0000013b: PUSH1 0x03 0000013d: PUSH1 0x20 0000013f: MSTORE 00000140: PUSH1 0x40 00000142: SWAP1 00000143: KECCAK256 00000144: SLOAD 00000145: DUP2 00000146: SWAP1 00000147: LT 00000148: DUP1 00000149: PUSH2 0x0166 0000014c: JUMPI 0000014d: POP 0000014e: PUSH1 0x01 00000150: PUSH1 0xa0 00000152: PUSH1 0x02 00000154: EXP 00000155: SUB 00000156: DUP3 00000157: AND 00000158: PUSH1 0x00 0000015a: SWAP1 0000015b: DUP2 0000015c: MSTORE 0000015d: PUSH1 0x40 0000015f: SWAP1 00000160: KECCAK256 00000161: SLOAD 00000162: DUP1 00000163: DUP3 00000164: ADD 00000165: LT 00000166: JUMPDEST 00000167: ISZERO 00000168: PUSH2 0x01e8 0000016b: JUMPI 0000016c: PUSH2 0x0002 0000016f: JUMP 00000170: JUMPDEST 00000171: PUSH1 0x40 00000173: MLOAD 00000174: DUP1 00000175: DUP1 00000176: PUSH1 0x20 00000178: ADD 00000179: DUP3 0000017a: DUP2 0000017b: SUB 0000017c: DUP3 0000017d: MSTORE 0000017e: DUP4 0000017f: DUP2 00000180: DUP2 00000181: MLOAD 00000182: DUP2 00000183: MSTORE 00000184: PUSH1 0x20 00000186: ADD 00000187: SWAP2 00000188: POP 00000189: DUP1 0000018a: MLOAD 0000018b: SWAP1 0000018c: PUSH1 0x20 0000018e: ADD 0000018f: SWAP1 00000190: DUP1 00000191: DUP4 00000192: DUP4 00000193: DUP3 00000194: SWAP1 00000195: PUSH1 0x00 00000197: PUSH1 0x04 00000199: PUSH1 0x20 0000019b: DUP5 0000019c: PUSH1 0x1f 0000019e: ADD 0000019f: DIV 000001a0: PUSH1 0x0f 000001a2: MUL 000001a3: PUSH1 0x03 000001a5: ADD 000001a6: CALL 000001a7: POP 000001a8: SWAP1 000001a9: POP 000001aa: SWAP1 000001ab: DUP2 000001ac: ADD 000001ad: SWAP1 000001ae: PUSH1 0x1f 000001b0: AND 000001b1: DUP1 000001b2: ISZERO 000001b3: PUSH2 0x01d0 000001b6: JUMPI 000001b7: DUP1 000001b8: DUP3 000001b9: SUB 000001ba: DUP1 000001bb: MLOAD 000001bc: PUSH1 0x01 000001be: DUP4 000001bf: PUSH1 0x20 000001c1: SUB 000001c2: PUSH2 0x0100 000001c5: EXP 000001c6: SUB 000001c7: NOT 000001c8: AND 000001c9: DUP2 000001ca: MSTORE 000001cb: PUSH1 0x20 000001cd: ADD 000001ce: SWAP2 000001cf: POP 000001d0: JUMPDEST 000001d1: POP 000001d2: SWAP3 000001d3: POP 000001d4: POP 000001d5: POP 000001d6: PUSH1 0x40 000001d8: MLOAD 000001d9: DUP1 000001da: SWAP2 000001db: SUB 000001dc: SWAP1 000001dd: RETURN 000001de: JUMPDEST 000001df: PUSH1 0x60 000001e1: SWAP1 000001e2: DUP2 000001e3: MSTORE 000001e4: PUSH1 0x20 000001e6: SWAP1 000001e7: RETURN 000001e8: JUMPDEST 000001e9: DUP1 000001ea: PUSH1 0x03 000001ec: PUSH1 0x00 000001ee: POP 000001ef: PUSH1 0x00 000001f1: CALLER 000001f2: PUSH1 0x01 000001f4: PUSH1 0xa0 000001f6: PUSH1 0x02 000001f8: EXP 000001f9: SUB 000001fa: AND 000001fb: DUP2 000001fc: MSTORE 000001fd: PUSH1 0x20 000001ff: ADD 00000200: SWAP1 00000201: DUP2 00000202: MSTORE 00000203: PUSH1 0x20 00000205: ADD 00000206: PUSH1 0x00 00000208: KECCAK256 00000209: PUSH1 0x00 0000020b: DUP3 0000020c: DUP3 0000020d: DUP3 0000020e: POP 0000020f: SLOAD 00000210: SUB 00000211: SWAP3 00000212: POP 00000213: POP 00000214: DUP2 00000215: SWAP1 00000216: SSTORE 00000217: POP 00000218: DUP1 00000219: PUSH1 0x03 0000021b: PUSH1 0x00 0000021d: POP 0000021e: PUSH1 0x00 00000220: DUP5 00000221: PUSH1 0x01 00000223: PUSH1 0xa0 00000225: PUSH1 0x02 00000227: EXP 00000228: SUB 00000229: AND 0000022a: DUP2 0000022b: MSTORE 0000022c: PUSH1 0x20 0000022e: ADD 0000022f: SWAP1 00000230: DUP2 00000231: MSTORE 00000232: PUSH1 0x20 00000234: ADD 00000235: PUSH1 0x00 00000237: KECCAK256 00000238: PUSH1 0x00 0000023a: DUP3 0000023b: DUP3 0000023c: DUP3 0000023d: POP 0000023e: SLOAD 0000023f: ADD 00000240: SWAP3 00000241: POP 00000242: POP 00000243: DUP2 00000244: SWAP1 00000245: SSTORE 00000246: POP 00000247: POP 00000248: POP 00000249: JUMP 0000024a: JUMPDEST 0000024b: DUP3 0000024c: ADD 0000024d: SWAP2 0000024e: SWAP1 0000024f: PUSH1 0x00 00000251: MSTORE 00000252: PUSH1 0x20 00000254: PUSH1 0x00 00000256: KECCAK256 00000257: SWAP1 00000258: JUMPDEST 00000259: DUP2 0000025a: SLOAD 0000025b: DUP2 0000025c: MSTORE 0000025d: SWAP1 0000025e: PUSH1 0x01 00000260: ADD 00000261: SWAP1 00000262: PUSH1 0x20 00000264: ADD 00000265: DUP1 00000266: DUP4 00000267: GT 00000268: PUSH2 0x0258 0000026b: JUMPI 0000026c: DUP3 0000026d: SWAP1 0000026e: SUB 0000026f: PUSH1 0x1f 00000271: AND 00000272: DUP3 00000273: ADD 00000274: SWAP2 00000275: JUMPDEST 00000276: POP 00000277: POP 00000278: POP 00000279: POP 0000027a: POP 0000027b: DUP2 0000027c: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791
call_targets:
0x0000000000000000000000000000000000000004, 0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 422,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791
call_targets:
0x0000000000000000000000000000000000000004, 0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x512543029b7cc55fa5a861c1d99bd3ee3851405661594d2851cb84df3079a791",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xdb9daf3fc70fa8c1b7d5998618a5ad8bffbbac26"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 422,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|