019b3836-4043-7330-b23a-393c16cc71e9
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 5189 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 5190 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 48736 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 48737 | capability.graph | complete | 1 / 3 | 1 week ago |
| 48738 | detector.run | complete | 1 / 3 | 1 week ago |
| 48739 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113299 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode-only review of BYTECODE_BUNDLE.json found one concrete ERC20 accounting/invariant issue and one low-confidence reentrancy/callback risk around approveAndCall. No proxy or delegatecall behavior was present in the artifact.","findings":[{"severity":"medium","category":"other","title":"allowance() is decoupled from transferFrom spendability","exploit_scenario":"The contract appears to store the approved amount in one mapping and cumulative spent amount in a second mapping. After a spender uses transferFrom, allowance(owner,spender) still returns the original approval, while transferFrom only succeeds if priorSpent + amount <= approved. A user who re-approves the same spender can therefore see allowance() report a value that is not actually spendable, and historical usage can permanently reduce or brick future approvals unless the new approval exceeds lifetime spent. Integrations that rely on ERC20-standard allowance semantics can fail unexpectedly or get stuck.","recommendation":"Use standard ERC20 allowance semantics: decrement the allowance mapping on transferFrom, or make allowance() return the remaining spendable amount and reset the spent-tracking slot on new approvals. Re-test wallet and protocol compatibility after changing this logic.","evidence":"selector 0xdd62ed3e reads and returns only the slot-6 double mapping at pc:0x03bd-0x03db. selector 0x23b872dd checks a separate slot-7 double mapping before spending at pc:0x04be-0x04cf and then increments that slot-7 mapping at pc:0x0536-0x0580. selector 0xcae9ca51 writes the slot-6 approval at pc:0x02c2-0x02c4, but no slot-7 reset is visible in that path. selector 0xdc3080f2 exposes the slot-7 mapping directly at pc:0x0398-0x03bc, reinforcing the dual-accounting interpretation. This conclusion is based on bytecode reconstruction, so variable names are inferred rather than known.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","selector:0xdc3080f2","pc:0x2c4","pc:0x4ca","pc:0x536"]},{"severity":"low","category":"reentrancy","title":"approveAndCall performs an untrusted external callback after recording approval","exploit_scenario":"The inferred approveAndCall(address,uint256,bytes) path writes approval state first and then performs a low-level CALL to the user-supplied spender contract. A malicious spender can immediately reenter and use transferFrom before approveAndCall returns. Because this callback behavior is explicit, this is not automatically exploitable beyond the granted allowance, but any caller or integrator that assumes approveAndCall only records approval and does not invoke arbitrary code can be broken.","recommendation":"If approveAndCall is intentional, document it as reentrancy-capable and avoid using it with untrusted spenders. For stronger safety, constrain callback targets, add a reentrancy guard around sensitive state transitions, or remove the callback pattern in favor of a plain approve flow.","evidence":"selector 0xcae9ca51 matches approveAndCall(address,uint256,bytes) and writes approval state before the external interaction (SSTORE at pc:0x02c4). It then builds calldata for receiveApproval(address,uint256,address,bytes) and performs a CALL at pc:0x0385 to a computed/user-controlled target. The bundle's validated call finding also marks CALL targets as varying. Returndata validation beyond the CALL success bit is not evidenced in the artifact. Note: the other CALL sites at pc:0x0341 and pc:0x041a are consistent with identity-precompile-style memory copy helpers and are less concerning.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-20j0y2wa
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c50-1d36-7e93-8fef-ddc349fa8ccd
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "pwd && ls -la && printf '\\n---\\n' && rg --files -g 'BYTECODE_BUNDLE.json' -g 'AGENTS.md' -g '*.json'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
/tmp/codex-20j0y2wa
total 136
drwx------ 2 noahkuhn noahkuhn 4096 Apr 5 06:24 .
drwxrwxrwt 270 nobody nogroup 24576 Apr 5 06:24 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 101465 Apr 5 06:24 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 5 06:24 codex-output-schema.json
---
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "jq '{summary: .summary|keys, detectors: (.detector_findings|length), callsites: (.callsites|length), storage_slots: (.storage_slots|length)}' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
exited 5 in 0ms:
jq: error (at BYTECODE_BUNDLE.json:3815): null (null) has no keys
exec
/bin/bash -lc "jq '{analysis_artifact: (.analysis_artifact|keys), artifact: (.artifact|keys), heuristics_summary: (.heuristics_summary|keys), capability_graph: (.capability_graph|keys), detector_findings_type:(.detector_findings|type), detector_findings_len:(.detector_findings|length)}' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"analysis_artifact": [
"address",
"artifact_hash",
"artifact_json",
"block_number",
"chain_id",
"codehash",
"created_at",
"id",
"updated_at",
"version"
],
"artifact": [
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
],
"heuristics_summary": [
"create2_count",
"delegatecall_count",
"flags",
"selfdestruct_count"
],
"capability_graph": [
"address",
"block_number",
"chain_id",
"codehash",
"created_at",
"graph_hash",
"graph_json",
"id",
"updated_at",
"version"
],
"detector_findings_type": "array",
"detector_findings_len": 2
}
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
exec
/bin/bash -lc "jq '{artifact_json_type:(.analysis_artifact.artifact_json|type), graph_json_type:(.capability_graph.graph_json|type), verified_source:.artifact.verified_source, is_proxy:.artifact.is_proxy, implementation_address:.artifact.implementation_address, flags:.heuristics_summary.flags, delegatecall_count:.heuristics_summary.delegatecall_count, create2_count:.heuristics_summary.create2_count, selfdestruct_count:.heuristics_summary.selfdestruct_count}' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe",
"trace_mode": "callTracer"
}
}
]
succeeded in 0ms:
{
"artifact_json_type": "object",
"graph_json_type": "object",
"verified_source": false,
"is_proxy": false,
"implementation_address": null,
"flags": [],
"delegatecall_count": 0,
"create2_count": 0,
"selfdestruct_count": 0
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
"edges",
"nodes",
"version"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.dispatcher_type, .analysis_artifact.artifact_json.auth, .analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
"selector_jump_table"
{
"guards": []
}
[
"0x06fdde03",
"0x18160ddd",
"0x23b872dd",
"0x313ce567",
"0x54fd4d50",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
]
exec
/bin/bash -lc "jq '{function_entries: .analysis_artifact.artifact_json.function_entries, functions_len: (.analysis_artifact.artifact_json.functions|length), callsites_len:(.analysis_artifact.artifact_json.callsites|length), sinks_len:(.analysis_artifact.artifact_json.sinks|length), storage_keys:(.analysis_artifact.artifact_json.storage|keys)}' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 599290589,
"selector": "0x18160ddd"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1425886544,
"selector": "0x313ce567"
},
{
"entry_pc": 1889567281,
"selector": "0x54fd4d50"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 994,
"selector": "0xdd62ed3e"
}
],
"functions_len": 11,
"callsites_len": 3,
"sinks_len": 7,
"storage_keys": [
"keccak_count",
"reads",
"slots",
"writes"
]
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 599290589,
"selector": "0x18160ddd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1425886544,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x54fd4d50",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 994,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 833,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 901,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1050,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"keccak_count": 22,
"reads": 23,
"slots": [
{
"op": "SLOAD",
"pc": 156,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 228,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 248,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 307,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 320,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 389,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 434,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 505,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 708,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.basic_blocks[0]' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.basic_blocks | length' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
53
exec
/bin/bash -lc 'which evm || which cast || which hevm || which forge || which python3 || which node' in /tmp/codex-20j0y2wa
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
exec
/bin/bash -lc "cast --help | sed -n '1,140p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
A Swiss Army knife for interacting with Ethereum applications from the command line
Usage: cast [OPTIONS] <COMMAND>
Commands:
4byte Get the function signatures for the given selector from
<https://openchain.xyz> [aliases: 4, 4b]
4byte-calldata Decode ABI-encoded calldata using <https://openchain.xyz> [aliases: 4c,
4bc]
4byte-event Get the event signature for a given topic 0 from <https://openchain.xyz>
[aliases: 4e, 4be, topic0-event, t0e]
abi-encode ABI encode the given function argument, excluding the selector [aliases:
ae]
abi-encode-event ABI encode an event and its arguments to generate topics and data [aliases:
aee]
access-list Create an access list for a transaction [aliases: ac, acl]
address-zero Prints the zero address [aliases: --address-zero, az]
admin Fetch the EIP-1967 admin account [aliases: adm]
age Get the timestamp of a block [aliases: a]
artifact Generate an artifact file, that can be used to deploy a contract locally
[aliases: ar]
b2e-payload Convert Beacon payload to execution payload [aliases: b2e]
balance Get the balance of an account in wei [aliases: b]
base-fee Get the basefee of a block [aliases: ba, fee, basefee]
bind Generate a rust binding from a given ABI [aliases: bi]
block Get information about a block [aliases: bl]
block-number Get the latest block number [aliases: bn]
call Perform a call on an account without publishing a transaction [aliases: c]
calldata ABI-encode a function with arguments [aliases: cd]
chain Get the symbolic name of the current chain
chain-id Get the Ethereum chain ID [aliases: ci, cid]
client Get the current client version [aliases: cl]
code Get the runtime bytecode of a contract [aliases: co]
codehash Get the codehash for an account
codesize Get the runtime bytecode size of a contract [aliases: cs]
completions Generate shell completions script [aliases: com]
compute-address Compute the contract address from a given nonce and deployer address
[aliases: ca]
concat-hex Concatenate hex strings [aliases: --concat-hex, ch]
constructor-args Display constructor arguments used for the contract initialization
[aliases: cra]
create2 Generate a deterministic contract address using CREATE2 [aliases: c2]
creation-code Download a contract creation code from Etherscan and RPC [aliases: cc]
da-estimate Estimates the data availability size of a given opstack block
decode-abi Decode ABI-encoded input or output data [aliases: abi-decode, --abi-decode,
ad]
decode-calldata Decode ABI-encoded input data [aliases: calldata-decode, --calldata-decode,
cdd]
decode-error Decode custom error data [aliases: error-decode, --error-decode, erd]
decode-event Decode event data [aliases: event-decode, --event-decode, ed]
decode-string Decode ABI-encoded string [aliases: string-decode, --string-decode, sd]
decode-transaction Decodes a raw signed EIP 2718 typed transaction [aliases: dt, decode-tx]
disassemble Disassembles a hex-encoded bytecode into a human-readable representation
[aliases: da]
erc20-token ERC20 token operations [aliases: erc20]
estimate Estimate the gas cost of a transaction [aliases: e]
find-block Get the block number closest to the provided timestamp [aliases: f]
format-bytes32-string Formats a string into bytes32 encoding [aliases: --format-bytes32-string]
format-units Format a number from smallest unit to decimal with arbitrary decimals
[aliases: --format-units, fun]
from-bin Convert binary data into hex data [aliases: --from-bin, from-binx, fb]
from-fixed-point Convert a fixed point number into an integer [aliases: --from-fix, ff]
from-rlp Decodes RLP hex-encoded data [aliases: --from-rlp]
from-utf8 Convert UTF8 text to hex [aliases: --from-ascii, --from-utf8, from-ascii,
fu, fa]
from-wei Convert wei into an ETH amount [aliases: --from-wei, fw]
gas-price Get the current gas price [aliases: g]
hash-message Hash a message according to EIP-191 [aliases: --hash-message, hm]
hash-zero Prints the zero hash [aliases: --hash-zero, hz]
help Print this message or the help of the given subcommand(s)
implementation Fetch the EIP-1967 implementation for a contract Can read from the
implementation slot or the beacon slot [aliases: impl]
index Compute the storage slot for an entry in a mapping [aliases: in]
index-erc7201 Compute storage slots as specified by `ERC-7201: Namespaced Storage Layout`
[aliases: index7201, in7201]
interface Generate a Solidity interface from a given ABI [aliases: i]
keccak Hash arbitrary data using Keccak-256 [aliases: k, keccak256]
logs Get logs by signature or topic [aliases: l]
lookup-address Perform an ENS reverse lookup [aliases: la]
max-int Prints the maximum value of the given integer type [aliases: --max-int,
maxi]
max-uint Prints the maximum value of the given integer type [aliases: --max-uint,
maxu]
min-int Prints the minimum value of the given integer type [aliases: --min-int,
mini]
mktx Build and sign a transaction [aliases: m]
namehash Calculate the ENS namehash of a name [aliases: na, nh]
nonce Get the nonce for an account [aliases: n]
pad Pads hex data to a specified length [aliases: pd]
parse-bytes32-address Parses a checksummed address from bytes32 encoding. [aliases:
--parse-bytes32-address]
parse-bytes32-string Parses a string from bytes32 encoding [aliases: --parse-bytes32-string]
parse-units Convert a number from decimal to smallest unit with arbitrary decimals
[aliases: --parse-units, pun]
pretty-calldata Pretty print calldata [aliases: pc]
proof Generate a storage proof for a given storage slot [aliases: pr]
publish Publish a raw transaction to the network [aliases: p]
receipt Get the transaction receipt for a transaction [aliases: re]
recover-authority Recovery an EIP-7702 authority from a Authorization JSON string [aliases:
decode-auth]
resolve-name Perform an ENS lookup [aliases: rn]
rpc Perform a raw JSON-RPC request [aliases: rp]
run Runs a published transaction in a local environment and prints the trace
[aliases: r]
selectors Extracts function selectors and arguments from bytecode [aliases: sel]
send Sign and publish a transaction [aliases: s]
shl Perform a left shifting operation
shr Perform a right shifting operation
sig Get the selector for a function [aliases: si]
sig-event Generate event signatures from event string [aliases: se]
source Get the source code of a contract from a block explorer [aliases: et, src]
storage Get the raw value of a contract's storage slot [aliases: st]
storage-root Get the storage root for an account [aliases: sr]
to-ascii Convert hex data to an ASCII string [aliases: --to-ascii, tas, 2as]
to-base Converts a number of one base to another [aliases: --to-base, --to-radix,
to-radix, tr, 2r]
to-bytes32 Right-pads hex data to 32 bytes [aliases: --to-bytes32, tb, 2b]
to-check-sum-address Convert an address to a checksummed format (EIP-55) [aliases:
--to-checksum-address, --to-checksum, to-checksum, ta, 2a]
to-dec Converts a number of one base to decimal [aliases: --to-dec, td, 2d]
to-fixed-point Convert an integer into a fixed point number [aliases: --to-fix, tf, 2f]
to-hex Converts a number of one base to another [aliases: --to-hex, th, 2h]
to-hexdata Normalize the input to lowercase, 0x-prefixed hex [aliases: --to-hexdata,
thd, 2hd]
to-int256 Convert a number to a hex-encoded int256 [aliases: --to-int256, ti, 2i]
to-rlp RLP encodes hex data, or an array of hex data [aliases: --to-rlp]
to-uint256 Convert a number to a hex-encoded uint256 [aliases: --to-uint256, tu, 2u]
to-unit Convert an ETH amount into another unit (ether, gwei or wei) [aliases:
--to-unit, tun, 2un]
to-utf8 Convert hex data to a utf-8 string [aliases: --to-utf8, tu8, 2u8]
to-wei Convert an ETH amount to wei [aliases: --to-wei, tw, 2w]
trace CLI arguments for `cast trace`
tx Get information about a transaction [aliases: t]
tx-pool Inspect the TxPool of a node [aliases: tp]
upload-signature Upload the given signatures to <https://openchain.xyz> [aliases: ups]
wallet Wallet management utilities [aliases: w]
Options:
-h, --help
Print help (see a summary with '-h')
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode' BYTECODE_BUNDLE.json) | sed -n '1,260p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
error: unexpected argument '"full":' found
Usage: cast disassemble [OPTIONS] [BYTECODE]
For more information, try '--help'.
exec
/bin/bash -lc "jq '{runtime_type:(.artifact.runtime_bytecode|type), runtime_keys:(if (.artifact.runtime_bytecode|type)==\"object\" then (.artifact.runtime_bytecode|keys) else null end)}' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
{
"runtime_type": "object",
"runtime_keys": [
"full",
"head",
"length",
"tail",
"truncated"
]
}
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1,260p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x008d
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0095
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x18160ddd
00000025: EQ
00000026: PUSH2 0x00f2
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x23b872dd
00000030: EQ
00000031: PUSH2 0x00fb
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x313ce567
0000003b: EQ
0000003c: PUSH2 0x012d
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x54fd4d50
00000046: EQ
00000047: PUSH2 0x0139
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x70a08231
00000051: EQ
00000052: PUSH2 0x0193
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0x95d89b41
0000005c: EQ
0000005d: PUSH2 0x01ab
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xa9059cbb
00000067: EQ
00000068: PUSH2 0x0207
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xcae9ca51
00000072: EQ
00000073: PUSH2 0x0236
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0xdc3080f2
0000007d: EQ
0000007e: PUSH2 0x0398
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0xdd62ed3e
00000088: EQ
00000089: PUSH2 0x03bd
0000008c: JUMPI
0000008d: JUMPDEST
0000008e: PUSH2 0x03e2
00000091: PUSH2 0x0002
00000094: JUMP
00000095: JUMPDEST
00000096: PUSH2 0x03e4
00000099: PUSH1 0x00
0000009b: DUP1
0000009c: SLOAD
0000009d: PUSH1 0x20
0000009f: PUSH1 0x02
000000a1: PUSH1 0x01
000000a3: DUP4
000000a4: AND
000000a5: ISZERO
000000a6: PUSH2 0x0100
000000a9: MUL
000000aa: PUSH1 0x00
000000ac: NOT
000000ad: ADD
000000ae: SWAP1
000000af: SWAP3
000000b0: AND
000000b1: SWAP2
000000b2: SWAP1
000000b3: SWAP2
000000b4: DIV
000000b5: PUSH1 0x1f
000000b7: DUP2
000000b8: ADD
000000b9: DUP3
000000ba: SWAP1
000000bb: DIV
000000bc: SWAP1
000000bd: SWAP2
000000be: MUL
000000bf: PUSH1 0x80
000000c1: SWAP1
000000c2: DUP2
000000c3: ADD
000000c4: PUSH1 0x40
000000c6: MSTORE
000000c7: PUSH1 0x60
000000c9: DUP3
000000ca: DUP2
000000cb: MSTORE
000000cc: SWAP3
000000cd: SWAP2
000000ce: SWAP1
000000cf: DUP3
000000d0: DUP3
000000d1: DUP1
000000d2: ISZERO
000000d3: PUSH2 0x06d0
000000d6: JUMPI
000000d7: DUP1
000000d8: PUSH1 0x1f
000000da: LT
000000db: PUSH2 0x06a5
000000de: JUMPI
000000df: PUSH2 0x0100
000000e2: DUP1
000000e3: DUP4
000000e4: SLOAD
000000e5: DIV
000000e6: MUL
000000e7: DUP4
000000e8: MSTORE
000000e9: SWAP2
000000ea: PUSH1 0x20
000000ec: ADD
000000ed: SWAP2
000000ee: PUSH2 0x06d0
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH2 0x0452
000000f6: PUSH1 0x04
000000f8: SLOAD
000000f9: DUP2
000000fa: JUMP
000000fb: JUMPDEST
000000fc: PUSH2 0x0452
000000ff: PUSH1 0x04
00000101: CALLDATALOAD
00000102: PUSH1 0x24
00000104: CALLDATALOAD
00000105: PUSH1 0x44
00000107: CALLDATALOAD
00000108: PUSH1 0x01
0000010a: PUSH1 0xa0
0000010c: PUSH1 0x02
0000010e: EXP
0000010f: SUB
00000110: DUP4
00000111: AND
00000112: PUSH1 0x00
00000114: SWAP1
00000115: DUP2
00000116: MSTORE
00000117: PUSH1 0x05
00000119: PUSH1 0x20
0000011b: MSTORE
0000011c: PUSH1 0x40
0000011e: DUP2
0000011f: KECCAK256
00000120: SLOAD
00000121: DUP3
00000122: SWAP1
00000123: LT
00000124: ISZERO
00000125: PUSH2 0x046e
00000128: JUMPI
00000129: PUSH2 0x0002
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH2 0x0464
00000131: PUSH1 0x03
00000133: SLOAD
00000134: PUSH1 0xff
00000136: AND
00000137: DUP2
00000138: JUMP
00000139: JUMPDEST
0000013a: PUSH2 0x03e4
0000013d: PUSH1 0x02
0000013f: DUP1
00000140: SLOAD
00000141: PUSH1 0x20
00000143: PUSH1 0x01
00000145: DUP3
00000146: AND
00000147: ISZERO
00000148: PUSH2 0x0100
0000014b: MUL
0000014c: PUSH1 0x00
0000014e: NOT
0000014f: ADD
00000150: SWAP1
00000151: SWAP2
00000152: AND
00000153: DUP3
00000154: SWAP1
00000155: DIV
00000156: PUSH1 0x1f
00000158: DUP2
00000159: ADD
0000015a: DUP3
0000015b: SWAP1
0000015c: DIV
0000015d: SWAP1
0000015e: SWAP2
0000015f: MUL
00000160: PUSH1 0x80
00000162: SWAP1
00000163: DUP2
00000164: ADD
00000165: PUSH1 0x40
00000167: MSTORE
00000168: PUSH1 0x60
0000016a: DUP3
0000016b: DUP2
0000016c: MSTORE
0000016d: SWAP3
0000016e: SWAP2
0000016f: SWAP1
00000170: DUP3
00000171: DUP3
00000172: DUP1
00000173: ISZERO
00000174: PUSH2 0x06d0
00000177: JUMPI
00000178: DUP1
00000179: PUSH1 0x1f
0000017b: LT
0000017c: PUSH2 0x06a5
0000017f: JUMPI
00000180: PUSH2 0x0100
00000183: DUP1
00000184: DUP4
00000185: SLOAD
00000186: DIV
00000187: MUL
00000188: DUP4
00000189: MSTORE
0000018a: SWAP2
0000018b: PUSH1 0x20
0000018d: ADD
0000018e: SWAP2
0000018f: PUSH2 0x06d0
00000192: JUMP
00000193: JUMPDEST
00000194: PUSH2 0x0452
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '261,520p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
00000197: PUSH1 0x04
00000199: CALLDATALOAD
0000019a: PUSH1 0x05
0000019c: PUSH1 0x20
0000019e: MSTORE
0000019f: PUSH1 0x00
000001a1: SWAP1
000001a2: DUP2
000001a3: MSTORE
000001a4: PUSH1 0x40
000001a6: SWAP1
000001a7: KECCAK256
000001a8: SLOAD
000001a9: DUP2
000001aa: JUMP
000001ab: JUMPDEST
000001ac: PUSH2 0x03e4
000001af: PUSH1 0x01
000001b1: DUP1
000001b2: SLOAD
000001b3: PUSH1 0x20
000001b5: PUSH1 0x02
000001b7: DUP3
000001b8: DUP5
000001b9: AND
000001ba: ISZERO
000001bb: PUSH2 0x0100
000001be: MUL
000001bf: PUSH1 0x00
000001c1: NOT
000001c2: ADD
000001c3: SWAP1
000001c4: SWAP3
000001c5: AND
000001c6: SWAP2
000001c7: SWAP1
000001c8: SWAP2
000001c9: DIV
000001ca: PUSH1 0x1f
000001cc: DUP2
000001cd: ADD
000001ce: DUP3
000001cf: SWAP1
000001d0: DIV
000001d1: SWAP1
000001d2: SWAP2
000001d3: MUL
000001d4: PUSH1 0x80
000001d6: SWAP1
000001d7: DUP2
000001d8: ADD
000001d9: PUSH1 0x40
000001db: MSTORE
000001dc: PUSH1 0x60
000001de: DUP3
000001df: DUP2
000001e0: MSTORE
000001e1: SWAP3
000001e2: SWAP2
000001e3: SWAP1
000001e4: DUP3
000001e5: DUP3
000001e6: DUP1
000001e7: ISZERO
000001e8: PUSH2 0x06d0
000001eb: JUMPI
000001ec: DUP1
000001ed: PUSH1 0x1f
000001ef: LT
000001f0: PUSH2 0x06a5
000001f3: JUMPI
000001f4: PUSH2 0x0100
000001f7: DUP1
000001f8: DUP4
000001f9: SLOAD
000001fa: DIV
000001fb: MUL
000001fc: DUP4
000001fd: MSTORE
000001fe: SWAP2
000001ff: PUSH1 0x20
00000201: ADD
00000202: SWAP2
00000203: PUSH2 0x06d0
00000206: JUMP
00000207: JUMPDEST
00000208: PUSH2 0x03e2
0000020b: PUSH1 0x04
0000020d: CALLDATALOAD
0000020e: PUSH1 0x24
00000210: CALLDATALOAD
00000211: PUSH1 0x01
00000213: PUSH1 0xa0
00000215: PUSH1 0x02
00000217: EXP
00000218: SUB
00000219: CALLER
0000021a: AND
0000021b: PUSH1 0x00
0000021d: SWAP1
0000021e: DUP2
0000021f: MSTORE
00000220: PUSH1 0x05
00000222: PUSH1 0x20
00000224: MSTORE
00000225: PUSH1 0x40
00000227: SWAP1
00000228: KECCAK256
00000229: SLOAD
0000022a: DUP2
0000022b: SWAP1
0000022c: LT
0000022d: ISZERO
0000022e: PUSH2 0x05d6
00000231: JUMPI
00000232: PUSH2 0x0002
00000235: JUMP
00000236: JUMPDEST
00000237: PUSH1 0x80
00000239: PUSH1 0x20
0000023b: PUSH1 0x44
0000023d: CALLDATALOAD
0000023e: PUSH1 0x04
00000240: DUP2
00000241: DUP2
00000242: ADD
00000243: CALLDATALOAD
00000244: PUSH1 0x1f
00000246: DUP2
00000247: ADD
00000248: DUP5
00000249: SWAP1
0000024a: DIV
0000024b: SWAP1
0000024c: SWAP4
0000024d: MUL
0000024e: DUP5
0000024f: ADD
00000250: PUSH1 0x40
00000252: MSTORE
00000253: PUSH1 0x60
00000255: DUP4
00000256: DUP2
00000257: MSTORE
00000258: PUSH2 0x0452
0000025b: SWAP5
0000025c: DUP3
0000025d: CALLDATALOAD
0000025e: SWAP5
0000025f: PUSH1 0x24
00000261: DUP1
00000262: CALLDATALOAD
00000263: SWAP6
00000264: PUSH1 0x64
00000266: SWAP5
00000267: SWAP4
00000268: SWAP2
00000269: ADD
0000026a: SWAP2
0000026b: SWAP1
0000026c: DUP2
0000026d: SWAP1
0000026e: DUP4
0000026f: DUP3
00000270: DUP1
00000271: DUP3
00000272: DUP5
00000273: CALLDATACOPY
00000274: POP
00000275: SWAP5
00000276: SWAP7
00000277: POP
00000278: POP
00000279: POP
0000027a: POP
0000027b: POP
0000027c: POP
0000027d: POP
0000027e: PUSH1 0x00
00000280: PUSH1 0x00
00000282: DUP4
00000283: PUSH1 0x06
00000285: PUSH1 0x00
00000287: POP
00000288: PUSH1 0x00
0000028a: CALLER
0000028b: PUSH1 0x01
0000028d: PUSH1 0xa0
0000028f: PUSH1 0x02
00000291: EXP
00000292: SUB
00000293: AND
00000294: DUP2
00000295: MSTORE
00000296: PUSH1 0x20
00000298: ADD
00000299: SWAP1
0000029a: DUP2
0000029b: MSTORE
0000029c: PUSH1 0x20
0000029e: ADD
0000029f: PUSH1 0x00
000002a1: KECCAK256
000002a2: PUSH1 0x00
000002a4: POP
000002a5: PUSH1 0x00
000002a7: DUP8
000002a8: PUSH1 0x01
000002aa: PUSH1 0xa0
000002ac: PUSH1 0x02
000002ae: EXP
000002af: SUB
000002b0: AND
000002b1: DUP2
000002b2: MSTORE
000002b3: PUSH1 0x20
000002b5: ADD
000002b6: SWAP1
000002b7: DUP2
000002b8: MSTORE
000002b9: PUSH1 0x20
000002bb: ADD
000002bc: PUSH1 0x00
000002be: KECCAK256
000002bf: PUSH1 0x00
000002c1: POP
000002c2: DUP2
000002c3: SWAP1
000002c4: SSTORE
000002c5: POP
000002c6: DUP5
000002c7: SWAP1
000002c8: POP
000002c9: DUP1
000002ca: PUSH1 0x01
000002cc: PUSH1 0xa0
000002ce: PUSH1 0x02
000002d0: EXP
000002d1: SUB
000002d2: AND
000002d3: PUSH4 0x8f4ffcb1
000002d8: CALLER
000002d9: DUP7
000002da: ADDRESS
000002db: DUP8
000002dc: PUSH1 0x40
000002de: MLOAD
000002df: DUP6
000002e0: PUSH1 0xe0
000002e2: PUSH1 0x02
000002e4: EXP
000002e5: MUL
000002e6: DUP2
000002e7: MSTORE
000002e8: PUSH1 0x04
000002ea: ADD
000002eb: DUP1
000002ec: DUP6
000002ed: PUSH1 0x01
000002ef: PUSH1 0xa0
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '521,780p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
000002f1: PUSH1 0x02
000002f3: EXP
000002f4: SUB
000002f5: AND
000002f6: DUP2
000002f7: MSTORE
000002f8: PUSH1 0x20
000002fa: ADD
000002fb: DUP5
000002fc: DUP2
000002fd: MSTORE
000002fe: PUSH1 0x20
00000300: ADD
00000301: DUP4
00000302: PUSH1 0x01
00000304: PUSH1 0xa0
00000306: PUSH1 0x02
00000308: EXP
00000309: SUB
0000030a: AND
0000030b: DUP2
0000030c: MSTORE
0000030d: PUSH1 0x20
0000030f: ADD
00000310: DUP1
00000311: PUSH1 0x20
00000313: ADD
00000314: DUP3
00000315: DUP2
00000316: SUB
00000317: DUP3
00000318: MSTORE
00000319: DUP4
0000031a: DUP2
0000031b: DUP2
0000031c: MLOAD
0000031d: DUP2
0000031e: MSTORE
0000031f: PUSH1 0x20
00000321: ADD
00000322: SWAP2
00000323: POP
00000324: DUP1
00000325: MLOAD
00000326: SWAP1
00000327: PUSH1 0x20
00000329: ADD
0000032a: SWAP1
0000032b: DUP1
0000032c: DUP4
0000032d: DUP4
0000032e: DUP3
0000032f: SWAP1
00000330: PUSH1 0x00
00000332: PUSH1 0x04
00000334: PUSH1 0x20
00000336: DUP5
00000337: PUSH1 0x1f
00000339: ADD
0000033a: DIV
0000033b: PUSH1 0x0f
0000033d: MUL
0000033e: PUSH1 0x03
00000340: ADD
00000341: CALL
00000342: POP
00000343: SWAP1
00000344: POP
00000345: SWAP1
00000346: DUP2
00000347: ADD
00000348: SWAP1
00000349: PUSH1 0x1f
0000034b: AND
0000034c: DUP1
0000034d: ISZERO
0000034e: PUSH2 0x036b
00000351: JUMPI
00000352: DUP1
00000353: DUP3
00000354: SUB
00000355: DUP1
00000356: MLOAD
00000357: PUSH1 0x01
00000359: DUP4
0000035a: PUSH1 0x20
0000035c: SUB
0000035d: PUSH2 0x0100
00000360: EXP
00000361: SUB
00000362: NOT
00000363: AND
00000364: DUP2
00000365: MSTORE
00000366: PUSH1 0x20
00000368: ADD
00000369: SWAP2
0000036a: POP
0000036b: JUMPDEST
0000036c: POP
0000036d: SWAP6
0000036e: POP
0000036f: POP
00000370: POP
00000371: POP
00000372: POP
00000373: POP
00000374: PUSH1 0x00
00000376: PUSH1 0x40
00000378: MLOAD
00000379: DUP1
0000037a: DUP4
0000037b: SUB
0000037c: DUP2
0000037d: PUSH1 0x00
0000037f: DUP8
00000380: PUSH2 0x61da
00000383: GAS
00000384: SUB
00000385: CALL
00000386: ISZERO
00000387: PUSH2 0x0002
0000038a: JUMPI
0000038b: POP
0000038c: PUSH1 0x01
0000038e: SWAP8
0000038f: SWAP7
00000390: POP
00000391: POP
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: POP
00000397: JUMP
00000398: JUMPDEST
00000399: PUSH1 0x07
0000039b: PUSH1 0x20
0000039d: SWAP1
0000039e: DUP2
0000039f: MSTORE
000003a0: PUSH1 0x04
000003a2: CALLDATALOAD
000003a3: PUSH1 0x00
000003a5: SWAP1
000003a6: DUP2
000003a7: MSTORE
000003a8: PUSH1 0x40
000003aa: DUP1
000003ab: DUP3
000003ac: KECCAK256
000003ad: SWAP1
000003ae: SWAP3
000003af: MSTORE
000003b0: PUSH1 0x24
000003b2: CALLDATALOAD
000003b3: DUP2
000003b4: MSTORE
000003b5: KECCAK256
000003b6: SLOAD
000003b7: PUSH2 0x0452
000003ba: SWAP1
000003bb: DUP2
000003bc: JUMP
000003bd: JUMPDEST
000003be: PUSH1 0x06
000003c0: PUSH1 0x20
000003c2: SWAP1
000003c3: DUP2
000003c4: MSTORE
000003c5: PUSH1 0x04
000003c7: CALLDATALOAD
000003c8: PUSH1 0x00
000003ca: SWAP1
000003cb: DUP2
000003cc: MSTORE
000003cd: PUSH1 0x40
000003cf: DUP1
000003d0: DUP3
000003d1: KECCAK256
000003d2: SWAP1
000003d3: SWAP3
000003d4: MSTORE
000003d5: PUSH1 0x24
000003d7: CALLDATALOAD
000003d8: DUP2
000003d9: MSTORE
000003da: KECCAK256
000003db: SLOAD
000003dc: PUSH2 0x0452
000003df: SWAP1
000003e0: DUP2
000003e1: JUMP
000003e2: JUMPDEST
000003e3: STOP
000003e4: JUMPDEST
000003e5: PUSH1 0x40
000003e7: MLOAD
000003e8: DUP1
000003e9: DUP1
000003ea: PUSH1 0x20
000003ec: ADD
000003ed: DUP3
000003ee: DUP2
000003ef: SUB
000003f0: DUP3
000003f1: MSTORE
000003f2: DUP4
000003f3: DUP2
000003f4: DUP2
000003f5: MLOAD
000003f6: DUP2
000003f7: MSTORE
000003f8: PUSH1 0x20
000003fa: ADD
000003fb: SWAP2
000003fc: POP
000003fd: DUP1
000003fe: MLOAD
000003ff: SWAP1
00000400: PUSH1 0x20
00000402: ADD
00000403: SWAP1
00000404: DUP1
00000405: DUP4
00000406: DUP4
00000407: DUP3
00000408: SWAP1
00000409: PUSH1 0x00
0000040b: PUSH1 0x04
0000040d: PUSH1 0x20
0000040f: DUP5
00000410: PUSH1 0x1f
00000412: ADD
00000413: DIV
00000414: PUSH1 0x0f
00000416: MUL
00000417: PUSH1 0x03
00000419: ADD
0000041a: CALL
0000041b: POP
0000041c: SWAP1
0000041d: POP
0000041e: SWAP1
0000041f: DUP2
00000420: ADD
00000421: SWAP1
00000422: PUSH1 0x1f
00000424: AND
00000425: DUP1
00000426: ISZERO
00000427: PUSH2 0x0444
0000042a: JUMPI
0000042b: DUP1
0000042c: DUP3
0000042d: SUB
0000042e: DUP1
0000042f: MLOAD
00000430: PUSH1 0x01
00000432: DUP4
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '781,1040p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
00000433: PUSH1 0x20
00000435: SUB
00000436: PUSH2 0x0100
00000439: EXP
0000043a: SUB
0000043b: NOT
0000043c: AND
0000043d: DUP2
0000043e: MSTORE
0000043f: PUSH1 0x20
00000441: ADD
00000442: SWAP2
00000443: POP
00000444: JUMPDEST
00000445: POP
00000446: SWAP3
00000447: POP
00000448: POP
00000449: POP
0000044a: PUSH1 0x40
0000044c: MLOAD
0000044d: DUP1
0000044e: SWAP2
0000044f: SUB
00000450: SWAP1
00000451: RETURN
00000452: JUMPDEST
00000453: PUSH1 0x40
00000455: DUP1
00000456: MLOAD
00000457: SWAP2
00000458: DUP3
00000459: MSTORE
0000045a: MLOAD
0000045b: SWAP1
0000045c: DUP2
0000045d: SWAP1
0000045e: SUB
0000045f: PUSH1 0x20
00000461: ADD
00000462: SWAP1
00000463: RETURN
00000464: JUMPDEST
00000465: PUSH1 0x60
00000467: SWAP1
00000468: DUP2
00000469: MSTORE
0000046a: PUSH1 0x20
0000046c: SWAP1
0000046d: RETURN
0000046e: JUMPDEST
0000046f: PUSH1 0x01
00000471: PUSH1 0xa0
00000473: PUSH1 0x02
00000475: EXP
00000476: SUB
00000477: DUP4
00000478: AND
00000479: DUP2
0000047a: MSTORE
0000047b: PUSH1 0x40
0000047d: DUP2
0000047e: KECCAK256
0000047f: SLOAD
00000480: DUP1
00000481: DUP4
00000482: ADD
00000483: LT
00000484: ISZERO
00000485: PUSH2 0x048d
00000488: JUMPI
00000489: PUSH2 0x0002
0000048c: JUMP
0000048d: JUMPDEST
0000048e: PUSH1 0x01
00000490: PUSH1 0xa0
00000492: PUSH1 0x02
00000494: EXP
00000495: SUB
00000496: DUP1
00000497: DUP6
00000498: AND
00000499: DUP1
0000049a: DUP4
0000049b: MSTORE
0000049c: PUSH1 0x06
0000049e: PUSH1 0x20
000004a0: SWAP1
000004a1: DUP2
000004a2: MSTORE
000004a3: PUSH1 0x40
000004a5: DUP1
000004a6: DUP6
000004a7: KECCAK256
000004a8: CALLER
000004a9: SWAP5
000004aa: SWAP1
000004ab: SWAP5
000004ac: AND
000004ad: DUP1
000004ae: DUP7
000004af: MSTORE
000004b0: SWAP4
000004b1: DUP3
000004b2: MSTORE
000004b3: DUP1
000004b4: DUP6
000004b5: KECCAK256
000004b6: SLOAD
000004b7: SWAP3
000004b8: DUP6
000004b9: MSTORE
000004ba: PUSH1 0x07
000004bc: DUP3
000004bd: MSTORE
000004be: DUP1
000004bf: DUP6
000004c0: KECCAK256
000004c1: SWAP4
000004c2: DUP6
000004c3: MSTORE
000004c4: SWAP3
000004c5: SWAP1
000004c6: MSTORE
000004c7: SWAP1
000004c8: DUP3
000004c9: KECCAK256
000004ca: SLOAD
000004cb: DUP4
000004cc: ADD
000004cd: GT
000004ce: ISZERO
000004cf: PUSH2 0x04d7
000004d2: JUMPI
000004d3: PUSH2 0x0002
000004d6: JUMP
000004d7: JUMPDEST
000004d8: DUP2
000004d9: PUSH1 0x05
000004db: PUSH1 0x00
000004dd: POP
000004de: PUSH1 0x00
000004e0: DUP7
000004e1: PUSH1 0x01
000004e3: PUSH1 0xa0
000004e5: PUSH1 0x02
000004e7: EXP
000004e8: SUB
000004e9: AND
000004ea: DUP2
000004eb: MSTORE
000004ec: PUSH1 0x20
000004ee: ADD
000004ef: SWAP1
000004f0: DUP2
000004f1: MSTORE
000004f2: PUSH1 0x20
000004f4: ADD
000004f5: PUSH1 0x00
000004f7: KECCAK256
000004f8: PUSH1 0x00
000004fa: DUP3
000004fb: DUP3
000004fc: DUP3
000004fd: POP
000004fe: SLOAD
000004ff: SUB
00000500: SWAP3
00000501: POP
00000502: POP
00000503: DUP2
00000504: SWAP1
00000505: SSTORE
00000506: POP
00000507: DUP2
00000508: PUSH1 0x05
0000050a: PUSH1 0x00
0000050c: POP
0000050d: PUSH1 0x00
0000050f: DUP6
00000510: PUSH1 0x01
00000512: PUSH1 0xa0
00000514: PUSH1 0x02
00000516: EXP
00000517: SUB
00000518: AND
00000519: DUP2
0000051a: MSTORE
0000051b: PUSH1 0x20
0000051d: ADD
0000051e: SWAP1
0000051f: DUP2
00000520: MSTORE
00000521: PUSH1 0x20
00000523: ADD
00000524: PUSH1 0x00
00000526: KECCAK256
00000527: PUSH1 0x00
00000529: DUP3
0000052a: DUP3
0000052b: DUP3
0000052c: POP
0000052d: SLOAD
0000052e: ADD
0000052f: SWAP3
00000530: POP
00000531: POP
00000532: DUP2
00000533: SWAP1
00000534: SSTORE
00000535: POP
00000536: DUP2
00000537: PUSH1 0x07
00000539: PUSH1 0x00
0000053b: POP
0000053c: PUSH1 0x00
0000053e: DUP7
0000053f: PUSH1 0x01
00000541: PUSH1 0xa0
00000543: PUSH1 0x02
00000545: EXP
00000546: SUB
00000547: AND
00000548: DUP2
00000549: MSTORE
0000054a: PUSH1 0x20
0000054c: ADD
0000054d: SWAP1
0000054e: DUP2
0000054f: MSTORE
00000550: PUSH1 0x20
00000552: ADD
00000553: PUSH1 0x00
00000555: KECCAK256
00000556: PUSH1 0x00
00000558: POP
00000559: PUSH1 0x00
0000055b: CALLER
0000055c: PUSH1 0x01
0000055e: PUSH1 0xa0
00000560: PUSH1 0x02
00000562: EXP
00000563: SUB
00000564: AND
00000565: DUP2
00000566: MSTORE
00000567: PUSH1 0x20
00000569: ADD
0000056a: SWAP1
0000056b: DUP2
0000056c: MSTORE
0000056d: PUSH1 0x20
0000056f: ADD
00000570: PUSH1 0x00
00000572: KECCAK256
00000573: PUSH1 0x00
00000575: DUP3
00000576: DUP3
00000577: DUP3
00000578: POP
exec
/bin/bash -lc 'cast disassemble $(jq -r '"'.artifact.runtime_bytecode.full' BYTECODE_BUNDLE.json) | sed -n '1041,1300p'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
00000579: SLOAD
0000057a: ADD
0000057b: SWAP3
0000057c: POP
0000057d: POP
0000057e: DUP2
0000057f: SWAP1
00000580: SSTORE
00000581: POP
00000582: DUP3
00000583: PUSH1 0x01
00000585: PUSH1 0xa0
00000587: PUSH1 0x02
00000589: EXP
0000058a: SUB
0000058b: AND
0000058c: DUP5
0000058d: PUSH1 0x01
0000058f: PUSH1 0xa0
00000591: PUSH1 0x02
00000593: EXP
00000594: SUB
00000595: AND
00000596: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000005b7: DUP5
000005b8: PUSH1 0x40
000005ba: MLOAD
000005bb: DUP1
000005bc: DUP3
000005bd: DUP2
000005be: MSTORE
000005bf: PUSH1 0x20
000005c1: ADD
000005c2: SWAP2
000005c3: POP
000005c4: POP
000005c5: PUSH1 0x40
000005c7: MLOAD
000005c8: DUP1
000005c9: SWAP2
000005ca: SUB
000005cb: SWAP1
000005cc: LOG3
000005cd: POP
000005ce: PUSH1 0x01
000005d0: SWAP4
000005d1: SWAP3
000005d2: POP
000005d3: POP
000005d4: POP
000005d5: JUMP
000005d6: JUMPDEST
000005d7: PUSH1 0x01
000005d9: PUSH1 0xa0
000005db: PUSH1 0x02
000005dd: EXP
000005de: SUB
000005df: DUP3
000005e0: AND
000005e1: PUSH1 0x00
000005e3: SWAP1
000005e4: DUP2
000005e5: MSTORE
000005e6: PUSH1 0x40
000005e8: SWAP1
000005e9: KECCAK256
000005ea: SLOAD
000005eb: DUP1
000005ec: DUP3
000005ed: ADD
000005ee: LT
000005ef: ISZERO
000005f0: PUSH2 0x05f8
000005f3: JUMPI
000005f4: PUSH2 0x0002
000005f7: JUMP
000005f8: JUMPDEST
000005f9: DUP1
000005fa: PUSH1 0x05
000005fc: PUSH1 0x00
000005fe: POP
000005ff: PUSH1 0x00
00000601: CALLER
00000602: PUSH1 0x01
00000604: PUSH1 0xa0
00000606: PUSH1 0x02
00000608: EXP
00000609: SUB
0000060a: AND
0000060b: DUP2
0000060c: MSTORE
0000060d: PUSH1 0x20
0000060f: ADD
00000610: SWAP1
00000611: DUP2
00000612: MSTORE
00000613: PUSH1 0x20
00000615: ADD
00000616: PUSH1 0x00
00000618: KECCAK256
00000619: PUSH1 0x00
0000061b: DUP3
0000061c: DUP3
0000061d: DUP3
0000061e: POP
0000061f: SLOAD
00000620: SUB
00000621: SWAP3
00000622: POP
00000623: POP
00000624: DUP2
00000625: SWAP1
00000626: SSTORE
00000627: POP
00000628: DUP1
00000629: PUSH1 0x05
0000062b: PUSH1 0x00
0000062d: POP
0000062e: PUSH1 0x00
00000630: DUP5
00000631: PUSH1 0x01
00000633: PUSH1 0xa0
00000635: PUSH1 0x02
00000637: EXP
00000638: SUB
00000639: AND
0000063a: DUP2
0000063b: MSTORE
0000063c: PUSH1 0x20
0000063e: ADD
0000063f: SWAP1
00000640: DUP2
00000641: MSTORE
00000642: PUSH1 0x20
00000644: ADD
00000645: PUSH1 0x00
00000647: KECCAK256
00000648: PUSH1 0x00
0000064a: DUP3
0000064b: DUP3
0000064c: DUP3
0000064d: POP
0000064e: SLOAD
0000064f: ADD
00000650: SWAP3
00000651: POP
00000652: POP
00000653: DUP2
00000654: SWAP1
00000655: SSTORE
00000656: POP
00000657: DUP2
00000658: PUSH1 0x01
0000065a: PUSH1 0xa0
0000065c: PUSH1 0x02
0000065e: EXP
0000065f: SUB
00000660: AND
00000661: CALLER
00000662: PUSH1 0x01
00000664: PUSH1 0xa0
00000666: PUSH1 0x02
00000668: EXP
00000669: SUB
0000066a: AND
0000066b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
0000068c: DUP4
0000068d: PUSH1 0x40
0000068f: MLOAD
00000690: DUP1
00000691: DUP3
00000692: DUP2
00000693: MSTORE
00000694: PUSH1 0x20
00000696: ADD
00000697: SWAP2
00000698: POP
00000699: POP
0000069a: PUSH1 0x40
0000069c: MLOAD
0000069d: DUP1
0000069e: SWAP2
0000069f: SUB
000006a0: SWAP1
000006a1: LOG3
000006a2: POP
000006a3: POP
000006a4: JUMP
000006a5: JUMPDEST
000006a6: DUP3
000006a7: ADD
000006a8: SWAP2
000006a9: SWAP1
000006aa: PUSH1 0x00
000006ac: MSTORE
000006ad: PUSH1 0x20
000006af: PUSH1 0x00
000006b1: KECCAK256
000006b2: SWAP1
000006b3: JUMPDEST
000006b4: DUP2
000006b5: SLOAD
000006b6: DUP2
000006b7: MSTORE
000006b8: SWAP1
000006b9: PUSH1 0x01
000006bb: ADD
000006bc: SWAP1
000006bd: PUSH1 0x20
000006bf: ADD
000006c0: DUP1
000006c1: DUP4
000006c2: GT
000006c3: PUSH2 0x06b3
000006c6: JUMPI
000006c7: DUP3
000006c8: SWAP1
000006c9: SUB
000006ca: PUSH1 0x1f
000006cc: AND
000006cd: DUP3
000006ce: ADD
000006cf: SWAP2
000006d0: JUMPDEST
000006d1: POP
000006d2: POP
000006d3: POP
000006d4: POP
000006d5: POP
000006d6: DUP2
000006d7: JUMP
exec
/bin/bash -lc "jq '.capability_graph.graph_json.nodes' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
{
"end_pc": 10,
"hash": "0xc590080b273074d852d07d86387bb692518eb6057284cadca88ac84fde6f0664",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 30,
"hash": "0x4db61c68c65e3aafb60d5980f9dbe93dfd98998da1cba601a06d76a8f1510248",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 41,
"hash": "0x12cc4e8ed2fdd30122dfac48b782310710c9179137ddfc82c887c065a801b538",
"id": "bb:31",
"start_pc": 31,
"type": "basic_block"
},
{
"end_pc": 52,
"hash": "0x4c296856393777328c11adf4a88cd725c352e0ff8b748e2cbe77f7d082a1d73c",
"id": "bb:42",
"start_pc": 42,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x1fc51f3d6be0da89bc6938488db56fcc2cefd162968e4242adf170575f96f1a2",
"id": "bb:53",
"start_pc": 53,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xe693856b391bfd2874967602ab2a71ee1552f8ffd147a93a96273594bde47bc0",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 85,
"hash": "0x273f47041a78985996d31a122316d7cd4d00c9a6468a62dce547795791ce5ce8",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 96,
"hash": "0x02cc38d89e9aedd0cb62694c3c2f76074e6e3c7faddb9f6851526dbdd16d7198",
"id": "bb:86",
"start_pc": 86,
"type": "basic_block"
},
{
"end_pc": 107,
"hash": "0x2e7d94f9aab0358566009196c567ce053776d6a253790ce0b5ab068301731ed9",
"id": "bb:97",
"start_pc": 97,
"type": "basic_block"
},
{
"end_pc": 118,
"hash": "0xee41d2f8eb040265f75e671bd78e34ad061d03f766f70446f6cc8d3a89530e7d",
"id": "bb:108",
"start_pc": 108,
"type": "basic_block"
},
{
"end_pc": 129,
"hash": "0x6629e4f27300c3d03a41db89f956d36ff6308c4477dc9431c2a7df939b286b1c",
"id": "bb:119",
"start_pc": 119,
"type": "basic_block"
},
{
"end_pc": 140,
"hash": "0x7568c9f5f6718e3d8dea4b1f67093ecabaab4fac1b5cac7859a1b89bcc5c4349",
"id": "bb:130",
"start_pc": 130,
"type": "basic_block"
},
{
"end_pc": 148,
"hash": "0x01c9cbeb31e8809b6ebc4aaaa3fa932054c629171654dec7c3a5870ef8f00be3",
"id": "bb:141",
"start_pc": 141,
"type": "basic_block"
},
{
"end_pc": 214,
"hash": "0xc286897e6da3cc04c68ad2d97373a17342a1f44835bc314301f4b3fb105c4a75",
"id": "bb:149",
"start_pc": 149,
"type": "basic_block"
},
{
"end_pc": 222,
"hash": "0x291c659b55cfbd0bc270d1a8d0905bb6bbfd61912abbf2633b4a9cacdc014243",
"id": "bb:215",
"start_pc": 215,
"type": "basic_block"
},
{
"end_pc": 241,
"hash": "0x687f796dfe6427e93ba1a35b4f20383268ddc6b2c6cca1d614bb71a336a93654",
"id": "bb:223",
"start_pc": 223,
"type": "basic_block"
},
{
"end_pc": 250,
"hash": "0x3a3669e009b49c0068eabc67adae73ab5360d61101f63d22efd34c572eabf879",
"id": "bb:242",
"start_pc": 242,
"type": "basic_block"
},
{
"end_pc": 296,
"hash": "0xbd781e67b3b061d9b613393fb1cb1db1dc593270c907049d810ef540f6d96639",
"id": "bb:251",
"start_pc": 251,
"type": "basic_block"
},
{
"end_pc": 300,
"hash": "0xd7fd16f2f78e22206387c4b4c199cc3784df86884d46b4e8dd4e28c06e9c719b",
"id": "bb:297",
"start_pc": 297,
"type": "basic_block"
},
{
"end_pc": 312,
"hash": "0x54cdaef02fe32a41536f7b77cc4b8e1e29196b55e9e9c5c0b363a6a6aa9c99a4",
"id": "bb:301",
"start_pc": 301,
"type": "basic_block"
},
{
"end_pc": 375,
"hash": "0xdf73ae601a8f66f92422c617c21c9be07e2ebe831d6c5c774c246484b975b35f",
"id": "bb:313",
"start_pc": 313,
"type": "basic_block"
},
{
"end_pc": 383,
"hash": "0xeefa2667bb0127498e363abb63318324edc5fdb7ad0acb4fd0871fae52161f59",
"id": "bb:376",
"start_pc": 376,
"type": "basic_block"
},
{
"end_pc": 402,
"hash": "0x8cdd2640e32d616d53a78fb688e1a5f8369afecf276795c07d88a91a91a99d8a",
"id": "bb:384",
"start_pc": 384,
"type": "basic_block"
},
{
"end_pc": 426,
"hash": "0x6472e63b2c46d825395a5e8969cb8973555892225ea26d88bb52e23180f24c8f",
"id": "bb:403",
"start_pc": 403,
"type": "basic_block"
},
{
"end_pc": 491,
"hash": "0x3008696181dd7a15f9bceab0a98e3c1a3bb464d789625116caede8c593536702",
"id": "bb:427",
"start_pc": 427,
"type": "basic_block"
},
{
"end_pc": 499,
"hash": "0x2c20f895c76a5c64ebbbae3203196d8e45c030dca5acc475b886af58f71691c6",
"id": "bb:492",
"start_pc": 492,
"type": "basic_block"
},
{
"end_pc": 518,
"hash": "0xc80d50cb81c1e1465e355ea038064e7c0bb6172770397844a7b5b0ec013b3080",
"id": "bb:500",
"start_pc": 500,
"type": "basic_block"
},
{
"end_pc": 561,
"hash": "0x2e25627b92a5587a35f77cdfb8348797d0af64035ce33958e7cf254aaffb3078",
"id": "bb:519",
"start_pc": 519,
"type": "basic_block"
},
{
"end_pc": 565,
"hash": "0xa4a4ae061ef386f7d7486aaf3298058f26a9f17e111d4eb1ba437f6d2a947101",
"id": "bb:562",
"start_pc": 562,
"type": "basic_block"
},
{
"end_pc": 849,
"hash": "0x63fec82cc0f41e798d0c39011f364e5f0e1428e47413786caf13f0a0fb1f1a52",
"id": "bb:566",
"start_pc": 566,
"type": "basic_block"
},
{
"end_pc": 874,
"hash": "0x17f7deb342002d7b4a616129a837954148eb0171e6fa8c57aac90d77236f888b",
"id": "bb:850",
"start_pc": 850,
"type": "basic_block"
},
{
"end_pc": 906,
"hash": "0x84229ca8d3771a6156324b47011bcdb0a683777a4d2a1f266849cf7ca40d8a04",
"id": "bb:875",
"start_pc": 875,
"type": "basic_block"
},
{
"end_pc": 919,
"hash": "0xfa6321d1a087cb91c03b5652829eb3bd5f4d3c5a25f3637a26c05f6fbe498a43",
"id": "bb:907",
"start_pc": 907,
"type": "basic_block"
},
{
"end_pc": 956,
"hash": "0x7e02ca16c778428ad3d0810dfc23c433b033732b606e505f38f6145112c184a8",
"id": "bb:920",
"start_pc": 920,
"type": "basic_block"
},
{
"end_pc": 993,
"hash": "0x042c1afb96f235fc54f29cf1b2f30ed811fb81afeff6e474f6e7b29d53f24c7e",
"id": "bb:957",
"start_pc": 957,
"type": "basic_block"
},
{
"end_pc": 995,
"hash": "0x0f692128e76a1124821e667bb073ac313d488f7fcdbc8d9fbbf13d26ceb31f0b",
"id": "bb:994",
"start_pc": 994,
"type": "basic_block"
},
{
"end_pc": 1066,
"hash": "0x9aa34f2fb0626cb939c113c9be278794f8c988658f24ca2507bb497607223c81",
"id": "bb:996",
"start_pc": 996,
"type": "basic_block"
},
{
"end_pc": 1091,
"hash": "0xfa2051631966675ac33e4879826a9d4b2735cb21b292a65e73b1461d671f1a28",
"id": "bb:1067",
"start_pc": 1067,
"type": "basic_block"
},
{
"end_pc": 1105,
"hash": "0xed2e9a49cde9ace4b4babfac1c4ae1c15310169c3a36e4ec83145a57a85f40a9",
"id": "bb:1092",
"start_pc": 1092,
"type": "basic_block"
},
{
"end_pc": 1123,
"hash": "0xa96f242abd52ace13a743ee9f25b502cd9acd559a9fab18eae38fca805ee16e2",
"id": "bb:1106",
"start_pc": 1106,
"type": "basic_block"
},
{
"end_pc": 1133,
"hash": "0x773879341b32f5b6026d79ed82eef4857b55f8e358550abf4f6fb17e0034783d",
"id": "bb:1124",
"start_pc": 1124,
"type": "basic_block"
},
{
"end_pc": 1160,
"hash": "0x27b02c7a508c8ef9b5dafce2cb47cfae33cae0493ef5eaa29816ab8355675871",
"id": "bb:1134",
"start_pc": 1134,
"type": "basic_block"
},
{
"end_pc": 1164,
"hash": "0xb870c2451c872330e47a2f27febb9f221e0d95bb7acd53fea95092ef4a1fef81",
"id": "bb:1161",
"start_pc": 1161,
"type": "basic_block"
},
{
"end_pc": 1234,
"hash": "0x6f1fe87986557c612b30fbc58565f6a70d96d26291dd484dd3c7f186f6e340f4",
"id": "bb:1165",
"start_pc": 1165,
"type": "basic_block"
},
{
"end_pc": 1238,
"hash": "0xa2322d0f620061258f81b0badc511a723277818dc50ef6a3692e1698c4df3bb4",
"id": "bb:1235",
"start_pc": 1235,
"type": "basic_block"
},
{
"end_pc": 1493,
"hash": "0x8aabb90779c205ca802c356bcdb37e5a64a765a37c42f5f51ff387dcd5c064d6",
"id": "bb:1239",
"start_pc": 1239,
"type": "basic_block"
},
{
"end_pc": 1523,
"hash": "0xdf63220e1a3e9ff7156befb192eda4ddad287b66cb2c31191fdb9be38b5d6127",
"id": "bb:1494",
"start_pc": 1494,
"type": "basic_block"
},
{
"end_pc": 1527,
"hash": "0xf9f848a9e4273b83a285b8be15f2fca298cf36e17df498306ad4c7fa1bf0fa11",
"id": "bb:1524",
"start_pc": 1524,
"type": "basic_block"
},
{
"end_pc": 1700,
"hash": "0x25aae69275166e5e7e09dae403334cdbe1514906e6a546d821201a04ddb9e5e9",
"id": "bb:1528",
"start_pc": 1528,
"type": "basic_block"
},
{
"end_pc": 1714,
"hash": "0x32c03aeb8bf3b5a039ac9c824c21ced0cbaf33024872996cf5704ab1fbc993c7",
"id": "bb:1701",
"start_pc": 1701,
"type": "basic_block"
},
{
"end_pc": 1734,
"hash": "0x3ef866c8710d8dee837c4137cac6c200614d8bc349336b37220c4cdf6f1f914b",
"id": "bb:1715",
"start_pc": 1715,
"type": "basic_block"
},
{
"end_pc": 1743,
"hash": "0x48f59fd7061dbd235dc4bcfac1f18773905127c0d4a9b3f379af1563f1ab5fa7",
"id": "bb:1735",
"start_pc": 1735,
"type": "basic_block"
},
{
"end_pc": 1751,
"hash": "0x16164e505e410a889574788b37adc23abd5cff9541103004af56325dbf1a9291",
"id": "bb:1744",
"start_pc": 1744,
"type": "basic_block"
},
{
"id": "call:833",
"opcode": "CALL",
"pc": 833,
"type": "callsite"
},
{
"id": "call:901",
"opcode": "CALL",
"pc": 901,
"type": "callsite"
},
{
"id": "call:1050",
"opcode": "CALL",
"pc": 1050,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x06fdde03",
"selector": "0x06fdde03",
"type": "function"
},
{
"entry_pc": 599290589,
"id": "fn:0x18160ddd",
"selector": "0x18160ddd",
"type": "function"
},
{
"entry_pc": 826074471,
"id": "fn:0x23b872dd",
"selector": "0x23b872dd",
"type": "function"
},
{
"entry_pc": 1425886544,
"id": "fn:0x313ce567",
"selector": "0x313ce567",
"type": "function"
},
{
"entry_pc": 1889567281,
"id": "fn:0x54fd4d50",
"selector": "0x54fd4d50",
"type": "function"
},
{
"entry_pc": 2514000705,
"id": "fn:0x70a08231",
"selector": "0x70a08231",
"type": "function"
},
{
"entry_pc": 2835717307,
"id": "fn:0x95d89b41",
"selector": "0x95d89b41",
"type": "function"
},
{
"entry_pc": 3404319313,
"id": "fn:0xa9059cbb",
"selector": "0xa9059cbb",
"type": "function"
},
{
"entry_pc": 3694166258,
"id": "fn:0xcae9ca51",
"selector": "0xcae9ca51",
"type": "function"
},
{
"entry_pc": 3714247998,
"id": "fn:0xdc3080f2",
"selector": "0xdc3080f2",
"type": "function"
},
{
"entry_pc": 994,
"id": "fn:0xdd62ed3e",
"selector": "0xdd62ed3e",
"type": "function"
}
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json.edges' BYTECODE_BUNDLE.json" in /tmp/codex-20j0y2wa
succeeded in 0ms:
[
{
"from": "bb:0",
"to": "bb:141",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:149",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:242",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:251",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:301",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:403",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:427",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:519",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:566",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:119",
"to": "bb:920",
"type": "control_flow"
},
{
"from": "bb:119",
"to": "bb:130",
"type": "control_flow_fallthrough"
},
{
"from": "bb:130",
"to": "bb:957",
"type": "control_flow"
},
{
"from": "bb:130",
"to": "bb:141",
"type": "control_flow_fallthrough"
},
{
"from": "bb:149",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:149",
"to": "bb:215",
"type": "control_flow_fallthrough"
},
{
"from": "bb:215",
"to": "bb:1701",
"type": "control_flow"
},
{
"from": "bb:215",
"to": "bb:223",
"type": "control_flow_fallthrough"
},
{
"from": "bb:223",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:1134",
"type": "control_flow"
},
{
"from": "bb:251",
"to": "bb:297",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:376",
"type": "control_flow_fallthrough"
},
{
"from": "bb:376",
"to": "bb:1701",
"type": "control_flow"
},
{
"from": "bb:376",
"to": "bb:384",
"type": "control_flow_fallthrough"
},
{
"from": "bb:384",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:427",
"to": "bb:492",
"type": "control_flow_fallthrough"
},
{
"from": "bb:492",
"to": "bb:1701",
"type": "control_flow"
},
{
"from": "bb:492",
"to": "bb:500",
"type": "control_flow_fallthrough"
},
{
"from": "bb:500",
"to": "bb:1744",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:1494",
"type": "control_flow"
},
{
"from": "bb:519",
"to": "bb:562",
"type": "control_flow_fallthrough"
},
{
"from": "bb:566",
"to": "bb:875",
"type": "control_flow"
},
{
"from": "bb:566",
"to": "bb:850",
"type": "control_flow_fallthrough"
},
{
"from": "bb:850",
"to": "bb:875",
"type": "control_flow_fallthrough"
},
{
"from": "bb:875",
"to": "bb:907",
"type": "control_flow_fallthrough"
},
{
"from": "bb:996",
"to": "bb:1092",
"type": "control_flow"
},
{
"from": "bb:996",
"to": "bb:1067",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1067",
"to": "bb:1092",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1134",
"to": "bb:1165",
"type": "control_flow"
},
{
"from": "bb:1134",
"to": "bb:1161",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1165",
"to": "bb:1239",
"type": "control_flow"
},
{
"from": "bb:1165",
"to": "bb:1235",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1494",
"to": "bb:1528",
"type": "control_flow"
},
{
"from": "bb:1494",
"to": "bb:1524",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1701",
"to": "bb:1715",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1715",
"to": "bb:1715",
"type": "control_flow"
},
{
"from": "bb:1715",
"to": "bb:1735",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1735",
"to": "bb:1744",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0x18160ddd",
"to": "bb:599290589",
"type": "entry"
},
{
"from": "fn:0x23b872dd",
"to": "bb:826074471",
"type": "entry"
},
{
"from": "fn:0x313ce567",
"to": "bb:1425886544",
"type": "entry"
},
{
"from": "fn:0x54fd4d50",
"to": "bb:1889567281",
"type": "entry"
},
{
"from": "fn:0x70a08231",
"to": "bb:2514000705",
"type": "entry"
},
{
"from": "fn:0x95d89b41",
"to": "bb:2835717307",
"type": "entry"
},
{
"from": "fn:0xa9059cbb",
"to": "bb:3404319313",
"type": "entry"
},
{
"from": "fn:0xcae9ca51",
"to": "bb:3694166258",
"type": "entry"
},
{
"from": "fn:0xdc3080f2",
"to": "bb:3714247998",
"type": "entry"
},
{
"from": "fn:0xdd62ed3e",
"to": "bb:994",
"type": "entry"
},
{
"from": "bb:566",
"to": "call:833",
"type": "contains"
},
{
"from": "call:833",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:875",
"to": "call:901",
"type": "contains"
},
{
"from": "call:901",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:996",
"to": "call:1050",
"type": "contains"
},
{
"from": "call:1050",
"to": "sink:call",
"type": "capability"
}
]
exec
/bin/bash -lc "cast sig 'approveAndCall(address,uint256,bytes)'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
0xcae9ca51
exec
/bin/bash -lc "cast sig 'receiveApproval(address,uint256,address,bytes)'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
0x8f4ffcb1
exec
/bin/bash -lc "cast sig 'allowance(address,address)'" in /tmp/codex-20j0y2wa
succeeded in 0ms:
0xdd62ed3e
codex
{"no_findings":false,"summary":"Bytecode-only review of BYTECODE_BUNDLE.json found one concrete ERC20 accounting/invariant issue and one low-confidence reentrancy/callback risk around approveAndCall. No proxy or delegatecall behavior was present in the artifact.","findings":[{"severity":"medium","category":"other","title":"allowance() is decoupled from transferFrom spendability","exploit_scenario":"The contract appears to store the approved amount in one mapping and cumulative spent amount in a second mapping. After a spender uses transferFrom, allowance(owner,spender) still returns the original approval, while transferFrom only succeeds if priorSpent + amount <= approved. A user who re-approves the same spender can therefore see allowance() report a value that is not actually spendable, and historical usage can permanently reduce or brick future approvals unless the new approval exceeds lifetime spent. Integrations that rely on ERC20-standard allowance semantics can fail unexpectedly or get stuck.","recommendation":"Use standard ERC20 allowance semantics: decrement the allowance mapping on transferFrom, or make allowance() return the remaining spendable amount and reset the spent-tracking slot on new approvals. Re-test wallet and protocol compatibility after changing this logic.","evidence":"selector 0xdd62ed3e reads and returns only the slot-6 double mapping at pc:0x03bd-0x03db. selector 0x23b872dd checks a separate slot-7 double mapping before spending at pc:0x04be-0x04cf and then increments that slot-7 mapping at pc:0x0536-0x0580. selector 0xcae9ca51 writes the slot-6 approval at pc:0x02c2-0x02c4, but no slot-7 reset is visible in that path. selector 0xdc3080f2 exposes the slot-7 mapping directly at pc:0x0398-0x03bc, reinforcing the dual-accounting interpretation. This conclusion is based on bytecode reconstruction, so variable names are inferred rather than known.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","selector:0xdc3080f2","pc:0x2c4","pc:0x4ca","pc:0x536"]},{"severity":"low","category":"reentrancy","title":"approveAndCall performs an untrusted external callback after recording approval","exploit_scenario":"The inferred approveAndCall(address,uint256,bytes) path writes approval state first and then performs a low-level CALL to the user-supplied spender contract. A malicious spender can immediately reenter and use transferFrom before approveAndCall returns. Because this callback behavior is explicit, this is not automatically exploitable beyond the granted allowance, but any caller or integrator that assumes approveAndCall only records approval and does not invoke arbitrary code can be broken.","recommendation":"If approveAndCall is intentional, document it as reentrancy-capable and avoid using it with untrusted spenders. For stronger safety, constrain callback targets, add a reentrancy guard around sensitive state transitions, or remove the callback pattern in favor of a plain approve flow.","evidence":"selector 0xcae9ca51 matches approveAndCall(address,uint256,bytes) and writes approval state before the external interaction (SSTORE at pc:0x02c4). It then builds calldata for receiveApproval(address,uint256,address,bytes) and performs a CALL at pc:0x0385 to a computed/user-controlled target. The bundle's validated call finding also marks CALL targets as varying. Returndata validation beyond the CALL success bit is not evidenced in the artifact. Note: the other CALL sites at pc:0x0341 and pc:0x041a are consistent with identity-precompile-style memory copy helpers and are less concerning.","locations":["selector:0xcae9ca51","pc:0x2c4","pc:0x385"]}]}
tokens used
68,950
{
"codex": {
"ran_at": "2026-04-05T06:27:00.273128+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3506,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode-only review of BYTECODE_BUNDLE.json found one concrete ERC20 accounting/invariant issue and one low-confidence reentrancy/callback risk around approveAndCall. No proxy or delegatecall behavior was present in the artifact.",
"raw_final": {
"summary": "Bytecode-only review of BYTECODE_BUNDLE.json found one concrete ERC20 accounting/invariant issue and one low-confidence reentrancy/callback risk around approveAndCall. No proxy or delegatecall behavior was present in the artifact.",
"findings": [
{
"title": "allowance() is decoupled from transferFrom spendability",
"category": "other",
"evidence": "selector 0xdd62ed3e reads and returns only the slot-6 double mapping at pc:0x03bd-0x03db. selector 0x23b872dd checks a separate slot-7 double mapping before spending at pc:0x04be-0x04cf and then increments that slot-7 mapping at pc:0x0536-0x0580. selector 0xcae9ca51 writes the slot-6 approval at pc:0x02c2-0x02c4, but no slot-7 reset is visible in that path. selector 0xdc3080f2 exposes the slot-7 mapping directly at pc:0x0398-0x03bc, reinforcing the dual-accounting interpretation. This conclusion is based on bytecode reconstruction, so variable names are inferred rather than known.",
"severity": "medium",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"selector:0xdc3080f2",
"pc:0x2c4",
"pc:0x4ca",
"pc:0x536"
],
"recommendation": "Use standard ERC20 allowance semantics: decrement the allowance mapping on transferFrom, or make allowance() return the remaining spendable amount and reset the spent-tracking slot on new approvals. Re-test wallet and protocol compatibility after changing this logic.",
"exploit_scenario": "The contract appears to store the approved amount in one mapping and cumulative spent amount in a second mapping. After a spender uses transferFrom, allowance(owner,spender) still returns the original approval, while transferFrom only succeeds if priorSpent + amount <= approved. A user who re-approves the same spender can therefore see allowance() report a value that is not actually spendable, and historical usage can permanently reduce or brick future approvals unless the new approval exceeds lifetime spent. Integrations that rely on ERC20-standard allowance semantics can fail unexpectedly or get stuck."
},
{
"title": "approveAndCall performs an untrusted external callback after recording approval",
"category": "reentrancy",
"evidence": "selector 0xcae9ca51 matches approveAndCall(address,uint256,bytes) and writes approval state before the external interaction (SSTORE at pc:0x02c4). It then builds calldata for receiveApproval(address,uint256,address,bytes) and performs a CALL at pc:0x0385 to a computed/user-controlled target. The bundle's validated call finding also marks CALL targets as varying. Returndata validation beyond the CALL success bit is not evidenced in the artifact. Note: the other CALL sites at pc:0x0341 and pc:0x041a are consistent with identity-precompile-style memory copy helpers and are less concerning.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "If approveAndCall is intentional, document it as reentrancy-capable and avoid using it with untrusted spenders. For stronger safety, constrain callback targets, add a reentrancy guard around sensitive state transitions, or remove the callback pattern in favor of a plain approve flow.",
"exploit_scenario": "The inferred approveAndCall(address,uint256,bytes) path writes approval state first and then performs a low-level CALL to the user-supplied spender contract. A malicious spender can immediately reenter and use transferFrom before approveAndCall returns. Because this callback behavior is explicit, this is not automatically exploitable beyond the granted allowance, but any caller or integrator that assumes approveAndCall only records approval and does not invoke arbitrary code can be broken."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0095 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x00f2 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x23b872dd 00000030: EQ 00000031: PUSH2 0x00fb 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x012d 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x0139 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x0193 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x95d89b41 0000005c: EQ 0000005d: PUSH2 0x01ab 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa9059cbb 00000067: EQ 00000068: PUSH2 0x0207 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcae9ca51 00000072: EQ 00000073: PUSH2 0x0236 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdc3080f2 0000007d: EQ 0000007e: PUSH2 0x0398 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xdd62ed3e 00000088: EQ 00000089: PUSH2 0x03bd 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x03e2 00000091: PUSH2 0x0002 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH2 0x03e4 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: SLOAD 0000009d: PUSH1 0x20 0000009f: PUSH1 0x02 000000a1: PUSH1 0x01 000000a3: DUP4 000000a4: AND 000000a5: ISZERO 000000a6: PUSH2 0x0100 000000a9: MUL 000000aa: PUSH1 0x00 000000ac: NOT 000000ad: ADD 000000ae: SWAP1 000000af: SWAP3 000000b0: AND 000000b1: SWAP2 000000b2: SWAP1 000000b3: SWAP2 000000b4: DIV 000000b5: PUSH1 0x1f 000000b7: DUP2 000000b8: ADD 000000b9: DUP3 000000ba: SWAP1 000000bb: DIV 000000bc: SWAP1 000000bd: SWAP2 000000be: MUL 000000bf: PUSH1 0x80 000000c1: SWAP1 000000c2: DUP2 000000c3: ADD 000000c4: PUSH1 0x40 000000c6: MSTORE 000000c7: PUSH1 0x60 000000c9: DUP3 000000ca: DUP2 000000cb: MSTORE 000000cc: SWAP3 000000cd: SWAP2 000000ce: SWAP1 000000cf: DUP3 000000d0: DUP3 000000d1: DUP1 000000d2: ISZERO 000000d3: PUSH2 0x06d0 000000d6: JUMPI 000000d7: DUP1 000000d8: PUSH1 0x1f 000000da: LT 000000db: PUSH2 0x06a5 000000de: JUMPI 000000df: PUSH2 0x0100 000000e2: DUP1 000000e3: DUP4 000000e4: SLOAD 000000e5: DIV 000000e6: MUL 000000e7: DUP4 000000e8: MSTORE 000000e9: SWAP2 000000ea: PUSH1 0x20 000000ec: ADD 000000ed: SWAP2 000000ee: PUSH2 0x06d0 000000f1: JUMP 000000f2: JUMPDEST 000000f3: PUSH2 0x0452 000000f6: PUSH1 0x04 000000f8: SLOAD 000000f9: DUP2 000000fa: JUMP 000000fb: JUMPDEST 000000fc: PUSH2 0x0452 000000ff: PUSH1 0x04 00000101: CALLDATALOAD 00000102: PUSH1 0x24 00000104: CALLDATALOAD 00000105: PUSH1 0x44 00000107: CALLDATALOAD 00000108: PUSH1 0x01 0000010a: PUSH1 0xa0 0000010c: PUSH1 0x02 0000010e: EXP 0000010f: SUB 00000110: DUP4 00000111: AND 00000112: PUSH1 0x00 00000114: SWAP1 00000115: DUP2 00000116: MSTORE 00000117: PUSH1 0x05 00000119: PUSH1 0x20 0000011b: MSTORE 0000011c: PUSH1 0x40 0000011e: DUP2 0000011f: KECCAK256 00000120: SLOAD 00000121: DUP3 00000122: SWAP1 00000123: LT 00000124: ISZERO 00000125: PUSH2 0x046e 00000128: JUMPI 00000129: PUSH2 0x0002 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x0464 00000131: PUSH1 0x03 00000133: SLOAD 00000134: PUSH1 0xff 00000136: AND 00000137: DUP2 00000138: JUMP 00000139: JUMPDEST 0000013a: PUSH2 0x03e4 0000013d: PUSH1 0x02 0000013f: DUP1 00000140: SLOAD 00000141: PUSH1 0x20 00000143: PUSH1 0x01 00000145: DUP3 00000146: AND 00000147: ISZERO 00000148: PUSH2 0x0100 0000014b: MUL 0000014c: PUSH1 0x00 0000014e: NOT 0000014f: ADD 00000150: SWAP1 00000151: SWAP2 00000152: AND 00000153: DUP3 00000154: SWAP1 00000155: DIV 00000156: PUSH1 0x1f 00000158: DUP2 00000159: ADD 0000015a: DUP3 0000015b: SWAP1 0000015c: DIV 0000015d: SWAP1 0000015e: SWAP2 0000015f: MUL 00000160: PUSH1 0x80 00000162: SWAP1 00000163: DUP2 00000164: ADD 00000165: PUSH1 0x40 00000167: MSTORE 00000168: PUSH1 0x60 0000016a: DUP3 0000016b: DUP2 0000016c: MSTORE 0000016d: SWAP3 0000016e: SWAP2 0000016f: SWAP1 00000170: DUP3 00000171: DUP3 00000172: DUP1 00000173: ISZERO 00000174: PUSH2 0x06d0 00000177: JUMPI 00000178: DUP1 00000179: PUSH1 0x1f 0000017b: LT 0000017c: PUSH2 0x06a5 0000017f: JUMPI 00000180: PUSH2 0x0100 00000183: DUP1 00000184: DUP4 00000185: SLOAD 00000186: DIV 00000187: MUL 00000188: DUP4 00000189: MSTORE 0000018a: SWAP2 0000018b: PUSH1 0x20 0000018d: ADD 0000018e: SWAP2 0000018f: PUSH2 0x06d0 00000192: JUMP 00000193: JUMPDEST 00000194: PUSH2 0x0452 00000197: PUSH1 0x04 00000199: CALLDATALOAD 0000019a: PUSH1 0x05 0000019c: PUSH1 0x20 0000019e: MSTORE 0000019f: PUSH1 0x00 000001a1: SWAP1 000001a2: DUP2 000001a3: MSTORE 000001a4: PUSH1 0x40 000001a6: SWAP1 000001a7: KECCAK256 000001a8: SLOAD 000001a9: DUP2 000001aa: JUMP 000001ab: JUMPDEST 000001ac: PUSH2 0x03e4 000001af: PUSH1 0x01 000001b1: DUP1 000001b2: SLOAD 000001b3: PUSH1 0x20 000001b5: PUSH1 0x02 000001b7: DUP3 000001b8: DUP5 000001b9: AND 000001ba: ISZERO 000001bb: PUSH2 0x0100 000001be: MUL 000001bf: PUSH1 0x00 000001c1: NOT 000001c2: ADD 000001c3: SWAP1 000001c4: SWAP3 000001c5: AND 000001c6: SWAP2 000001c7: SWAP1 000001c8: SWAP2 000001c9: DIV 000001ca: PUSH1 0x1f 000001cc: DUP2 000001cd: ADD 000001ce: DUP3 000001cf: SWAP1 000001d0: DIV 000001d1: SWAP1 000001d2: SWAP2 000001d3: MUL 000001d4: PUSH1 0x80 000001d6: SWAP1 000001d7: DUP2 000001d8: ADD 000001d9: PUSH1 0x40 000001db: MSTORE 000001dc: PUSH1 0x60 000001de: DUP3 000001df: DUP2 000001e0: MSTORE 000001e1: SWAP3 000001e2: SWAP2 000001e3: SWAP1 000001e4: DUP3 000001e5: DUP3 000001e6: DUP1 000001e7: ISZERO 000001e8: PUSH2 0x06d0 000001eb: JUMPI 000001ec: DUP1 000001ed: PUSH1 0x1f 000001ef: LT 000001f0: PUSH2 0x06a5 000001f3: JUMPI 000001f4: PUSH2 0x0100 000001f7: DUP1 000001f8: DUP4 000001f9: SLOAD 000001fa: DIV 000001fb: MUL 000001fc: DUP4 000001fd: MSTORE 000001fe: SWAP2 000001ff: PUSH1 0x20 00000201: ADD 00000202: SWAP2 00000203: PUSH2 0x06d0 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH2 0x03e2 0000020b: PUSH1 0x04 0000020d: CALLDATALOAD 0000020e: PUSH1 0x24 00000210: CALLDATALOAD 00000211: PUSH1 0x01 00000213: PUSH1 0xa0 00000215: PUSH1 0x02 00000217: EXP 00000218: SUB 00000219: CALLER 0000021a: AND 0000021b: PUSH1 0x00 0000021d: SWAP1 0000021e: DUP2 0000021f: MSTORE 00000220: PUSH1 0x05 00000222: PUSH1 0x20 00000224: MSTORE 00000225: PUSH1 0x40 00000227: SWAP1 00000228: KECCAK256 00000229: SLOAD 0000022a: DUP2 0000022b: SWAP1 0000022c: LT 0000022d: ISZERO 0000022e: PUSH2 0x05d6 00000231: JUMPI 00000232: PUSH2 0x0002 00000235: JUMP 00000236: JUMPDEST 00000237: PUSH1 0x80 00000239: PUSH1 0x20 0000023b: PUSH1 0x44 0000023d: CALLDATALOAD 0000023e: PUSH1 0x04 00000240: DUP2 00000241: DUP2 00000242: ADD 00000243: CALLDATALOAD 00000244: PUSH1 0x1f 00000246: DUP2 00000247: ADD 00000248: DUP5 00000249: SWAP1 0000024a: DIV 0000024b: SWAP1 0000024c: SWAP4 0000024d: MUL 0000024e: DUP5 0000024f: ADD 00000250: PUSH1 0x40 00000252: MSTORE 00000253: PUSH1 0x60 00000255: DUP4 00000256: DUP2 00000257: MSTORE 00000258: PUSH2 0x0452 0000025b: SWAP5 0000025c: DUP3 0000025d: CALLDATALOAD 0000025e: SWAP5 0000025f: PUSH1 0x24 00000261: DUP1 00000262: CALLDATALOAD 00000263: SWAP6 00000264: PUSH1 0x64 00000266: SWAP5 00000267: SWAP4 00000268: SWAP2 00000269: ADD 0000026a: SWAP2 0000026b: SWAP1 0000026c: DUP2 0000026d: SWAP1 0000026e: DUP4 0000026f: DUP3 00000270: DUP1 00000271: DUP3 00000272: DUP5 00000273: CALLDATACOPY 00000274: POP 00000275: SWAP5 00000276: SWAP7 00000277: POP 00000278: POP 00000279: POP 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: POP 0000027e: PUSH1 0x00 00000280: PUSH1 0x00 00000282: DUP4 00000283: PUSH1 0x06 00000285: PUSH1 0x00 00000287: POP 00000288: PUSH1 0x00 0000028a: CALLER 0000028b: PUSH1 0x01 0000028d: PUSH1 0xa0 0000028f: PUSH1 0x02 00000291: EXP 00000292: SUB 00000293: AND 00000294: DUP2 00000295: MSTORE 00000296: PUSH1 0x20 00000298: ADD 00000299: SWAP1 0000029a: DUP2 0000029b: MSTORE 0000029c: PUSH1 0x20 0000029e: ADD 0000029f: PUSH1 0x00 000002a1: KECCAK256 000002a2: PUSH1 0x00 000002a4: POP 000002a5: PUSH1 0x00 000002a7: DUP8 000002a8: PUSH1 0x01 000002aa: PUSH1 0xa0 000002ac: PUSH1 0x02 000002ae: EXP 000002af: SUB 000002b0: AND 000002b1: DUP2 000002b2: MSTORE 000002b3: PUSH1 0x20 000002b5: ADD 000002b6: SWAP1 000002b7: DUP2 000002b8: MSTORE 000002b9: PUSH1 0x20 000002bb: ADD 000002bc: PUSH1 0x00 000002be: KECCAK256 000002bf: PUSH1 0x00 000002c1: POP 000002c2: DUP2 000002c3: SWAP1 000002c4: SSTORE 000002c5: POP 000002c6: DUP5 000002c7: SWAP1 000002c8: POP 000002c9: DUP1 000002ca: PUSH1 0x01 000002cc: PUSH1 0xa0 000002ce: PUSH1 0x02 000002d0: EXP 000002d1: SUB 000002d2: AND 000002d3: PUSH4 0x8f4ffcb1 000002d8: CALLER 000002d9: DUP7 000002da: ADDRESS 000002db: DUP8 000002dc: PUSH1 0x40 000002de: MLOAD 000002df: DUP6 000002e0: PUSH1 0xe0 000002e2: PUSH1 0x02 000002e4: EXP 000002e5: MUL 000002e6: DUP2 000002e7: MSTORE 000002e8: PUSH1 0x04 000002ea: ADD 000002eb: DUP1 000002ec: DUP6 000002ed: PUSH1 0x01 000002ef: PUSH1 0xa0 000002f1: PUSH1 0x02 000002f3: EXP 000002f4: SUB 000002f5: AND 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: ADD 000002fb: DUP5 000002fc: DUP2 000002fd: MSTORE 000002fe: PUSH1 0x20 00000300: ADD 00000301: DUP4 00000302: PUSH1 0x01 00000304: PUSH1 0xa0 00000306: PUSH1 0x02 00000308: EXP 00000309: SUB 0000030a: AND 0000030b: DUP2 0000030c: MSTORE 0000030d: PUSH1 0x20 0000030f: ADD 00000310: DUP1 00000311: PUSH1 0x20 00000313: ADD 00000314: DUP3 00000315: DUP2 00000316: SUB 00000317: DUP3 00000318: MSTORE 00000319: DUP4 0000031a: DUP2 0000031b: DUP2 0000031c: MLOAD 0000031d: DUP2 0000031e: MSTORE 0000031f: PUSH1 0x20 00000321: ADD 00000322: SWAP2 00000323: POP 00000324: DUP1 00000325: MLOAD 00000326: SWAP1 00000327: PUSH1 0x20 00000329: ADD 0000032a: SWAP1 0000032b: DUP1 0000032c: DUP4 0000032d: DUP4 0000032e: DUP3 0000032f: SWAP1 00000330: PUSH1 0x00 00000332: PUSH1 0x04 00000334: PUSH1 0x20 00000336: DUP5 00000337: PUSH1 0x1f 00000339: ADD 0000033a: DIV 0000033b: PUSH1 0x0f 0000033d: MUL 0000033e: PUSH1 0x03 00000340: ADD 00000341: CALL 00000342: POP 00000343: SWAP1 00000344: POP 00000345: SWAP1 00000346: DUP2 00000347: ADD 00000348: SWAP1 00000349: PUSH1 0x1f 0000034b: AND 0000034c: DUP1 0000034d: ISZERO 0000034e: PUSH2 0x036b 00000351: JUMPI 00000352: DUP1 00000353: DUP3 00000354: SUB 00000355: DUP1 00000356: MLOAD 00000357: PUSH1 0x01 00000359: DUP4 0000035a: PUSH1 0x20 0000035c: SUB 0000035d: PUSH2 0x0100 00000360: EXP 00000361: SUB 00000362: NOT 00000363: AND 00000364: DUP2 00000365: MSTORE 00000366: PUSH1 0x20 00000368: ADD 00000369: SWAP2 0000036a: POP 0000036b: JUMPDEST 0000036c: POP 0000036d: SWAP6 0000036e: POP 0000036f: POP 00000370: POP 00000371: POP 00000372: POP 00000373: POP 00000374: PUSH1 0x00 00000376: PUSH1 0x40 00000378: MLOAD 00000379: DUP1 0000037a: DUP4 0000037b: SUB 0000037c: DUP2 0000037d: PUSH1 0x00 0000037f: DUP8 00000380: PUSH2 0x61da 00000383: GAS 00000384: SUB 00000385: CALL 00000386: ISZERO 00000387: PUSH2 0x0002 0000038a: JUMPI 0000038b: POP 0000038c: PUSH1 0x01 0000038e: SWAP8 0000038f: SWAP7 00000390: POP 00000391: POP 00000392: POP 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: JUMP 00000398: JUMPDEST 00000399: PUSH1 0x07 0000039b: PUSH1 0x20 0000039d: SWAP1 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x04 000003a2: CALLDATALOAD 000003a3: PUSH1 0x00 000003a5: SWAP1 000003a6: DUP2 000003a7: MSTORE 000003a8: PUSH1 0x40 000003aa: DUP1 000003ab: DUP3 000003ac: KECCAK256 000003ad: SWAP1 000003ae: SWAP3 000003af: MSTORE 000003b0: PUSH1 0x24 000003b2: CALLDATALOAD 000003b3: DUP2 000003b4: MSTORE 000003b5: KECCAK256 000003b6: SLOAD 000003b7: PUSH2 0x0452 000003ba: SWAP1 000003bb: DUP2 000003bc: JUMP 000003bd: JUMPDEST 000003be: PUSH1 0x06 000003c0: PUSH1 0x20 000003c2: SWAP1 000003c3: DUP2 000003c4: MSTORE 000003c5: PUSH1 0x04 000003c7: CALLDATALOAD 000003c8: PUSH1 0x00 000003ca: SWAP1 000003cb: DUP2 000003cc: MSTORE 000003cd: PUSH1 0x40 000003cf: DUP1 000003d0: DUP3 000003d1: KECCAK256 000003d2: SWAP1 000003d3: SWAP3 000003d4: MSTORE 000003d5: PUSH1 0x24 000003d7: CALLDATALOAD 000003d8: DUP2 000003d9: MSTORE 000003da: KECCAK256 000003db: SLOAD 000003dc: PUSH2 0x0452 000003df: SWAP1 000003e0: DUP2 000003e1: JUMP 000003e2: JUMPDEST 000003e3: STOP 000003e4: JUMPDEST 000003e5: PUSH1 0x40 000003e7: MLOAD 000003e8: DUP1 000003e9: DUP1 000003ea: PUSH1 0x20 000003ec: ADD 000003ed: DUP3 000003ee: DUP2 000003ef: SUB 000003f0: DUP3 000003f1: MSTORE 000003f2: DUP4 000003f3: DUP2 000003f4: DUP2 000003f5: MLOAD 000003f6: DUP2 000003f7: MSTORE 000003f8: PUSH1 0x20 000003fa: ADD 000003fb: SWAP2 000003fc: POP 000003fd: DUP1 000003fe: MLOAD 000003ff: SWAP1 00000400: PUSH1 0x20 00000402: ADD 00000403: SWAP1 00000404: DUP1 00000405: DUP4 00000406: DUP4 00000407: DUP3 00000408: SWAP1 00000409: PUSH1 0x00 0000040b: PUSH1 0x04 0000040d: PUSH1 0x20 0000040f: DUP5 00000410: PUSH1 0x1f 00000412: ADD 00000413: DIV 00000414: PUSH1 0x0f 00000416: MUL 00000417: PUSH1 0x03 00000419: ADD 0000041a: CALL 0000041b: POP 0000041c: SWAP1 0000041d: POP 0000041e: SWAP1 0000041f: DUP2 00000420: ADD 00000421: SWAP1 00000422: PUSH1 0x1f 00000424: AND 00000425: DUP1 00000426: ISZERO 00000427: PUSH2 0x0444 0000042a: JUMPI 0000042b: DUP1 0000042c: DUP3 0000042d: SUB 0000042e: DUP1 0000042f: MLOAD 00000430: PUSH1 0x01 00000432: DUP4 00000433: PUSH1 0x20 00000435: SUB 00000436: PUSH2 0x0100 00000439: EXP 0000043a: SUB 0000043b: NOT 0000043c: AND 0000043d: DUP2 0000043e: MSTORE 0000043f: PUSH1 0x20 00000441: ADD 00000442: SWAP2 00000443: POP 00000444: JUMPDEST 00000445: POP 00000446: SWAP3 00000447: POP 00000448: POP 00000449: POP 0000044a: PUSH1 0x40 0000044c: MLOAD 0000044d: DUP1 0000044e: SWAP2 0000044f: SUB 00000450: SWAP1 00000451: RETURN 00000452: JUMPDEST 00000453: PUSH1 0x40 00000455: DUP1 00000456: MLOAD 00000457: SWAP2 00000458: DUP3 00000459: MSTORE 0000045a: MLOAD 0000045b: SWAP1 0000045c: DUP2 0000045d: SWAP1 0000045e: SUB 0000045f: PUSH1 0x20 00000461: ADD 00000462: SWAP1 00000463: RETURN 00000464: JUMPDEST 00000465: PUSH1 0x60 00000467: SWAP1 00000468: DUP2 00000469: MSTORE 0000046a: PUSH1 0x20 0000046c: SWAP1 0000046d: RETURN 0000046e: JUMPDEST 0000046f: PUSH1 0x01 00000471: PUSH1 0xa0 00000473: PUSH1 0x02 00000475: EXP 00000476: SUB 00000477: DUP4 00000478: AND 00000479: DUP2 0000047a: MSTORE 0000047b: PUSH1 0x40 0000047d: DUP2 0000047e: KECCAK256 0000047f: SLOAD 00000480: DUP1 00000481: DUP4 00000482: ADD 00000483: LT 00000484: ISZERO 00000485: PUSH2 0x048d 00000488: JUMPI 00000489: PUSH2 0x0002 0000048c: JUMP 0000048d: JUMPDEST 0000048e: PUSH1 0x01 00000490: PUSH1 0xa0 00000492: PUSH1 0x02 00000494: EXP 00000495: SUB 00000496: DUP1 00000497: DUP6 00000498: AND 00000499: DUP1 0000049a: DUP4 0000049b: MSTORE 0000049c: PUSH1 0x06 0000049e: PUSH1 0x20 000004a0: SWAP1 000004a1: DUP2 000004a2: MSTORE 000004a3: PUSH1 0x40 000004a5: DUP1 000004a6: DUP6 000004a7: KECCAK256 000004a8: CALLER 000004a9: SWAP5 000004aa: SWAP1 000004ab: SWAP5 000004ac: AND 000004ad: DUP1 000004ae: DUP7 000004af: MSTORE 000004b0: SWAP4 000004b1: DUP3 000004b2: MSTORE 000004b3: DUP1 000004b4: DUP6 000004b5: KECCAK256 000004b6: SLOAD 000004b7: SWAP3 000004b8: DUP6 000004b9: MSTORE 000004ba: PUSH1 0x07 000004bc: DUP3 000004bd: MSTORE 000004be: DUP1 000004bf: DUP6 000004c0: KECCAK256 000004c1: SWAP4 000004c2: DUP6 000004c3: MSTORE 000004c4: SWAP3 000004c5: SWAP1 000004c6: MSTORE 000004c7: SWAP1 000004c8: DUP3 000004c9: KECCAK256 000004ca: SLOAD 000004cb: DUP4 000004cc: ADD 000004cd: GT 000004ce: ISZERO 000004cf: PUSH2 0x04d7 000004d2: JUMPI 000004d3: PUSH2 0x0002 000004d6: JUMP 000004d7: JUMPDEST 000004d8: DUP2 000004d9: PUSH1 0x05 000004db: PUSH1 0x00 000004dd: POP 000004de: PUSH1 0x00 000004e0: DUP7 000004e1: PUSH1 0x01 000004e3: PUSH1 0xa0 000004e5: PUSH1 0x02 000004e7: EXP 000004e8: SUB 000004e9: AND 000004ea: DUP2 000004eb: MSTORE 000004ec: PUSH1 0x20 000004ee: ADD 000004ef: SWAP1 000004f0: DUP2 000004f1: MSTORE 000004f2: PUSH1 0x20 000004f4: ADD 000004f5: PUSH1 0x00 000004f7: KECCAK256 000004f8: PUSH1 0x00 000004fa: DUP3 000004fb: DUP3 000004fc: DUP3 000004fd: POP 000004fe: SLOAD 000004ff: SUB 00000500: SWAP3 00000501: POP 00000502: POP 00000503: DUP2 00000504: SWAP1 00000505: SSTORE 00000506: POP 00000507: DUP2 00000508: PUSH1 0x05 0000050a: PUSH1 0x00 0000050c: POP 0000050d: PUSH1 0x00 0000050f: DUP6 00000510: PUSH1 0x01 00000512: PUSH1 0xa0 00000514: PUSH1 0x02 00000516: EXP 00000517: SUB 00000518: AND 00000519: DUP2 0000051a: MSTORE 0000051b: PUSH1 0x20 0000051d: ADD 0000051e: SWAP1 0000051f: DUP2 00000520: MSTORE 00000521: PUSH1 0x20 00000523: ADD 00000524: PUSH1 0x00 00000526: KECCAK256 00000527: PUSH1 0x00 00000529: DUP3 0000052a: DUP3 0000052b: DUP3 0000052c: POP 0000052d: SLOAD 0000052e: ADD 0000052f: SWAP3 00000530: POP 00000531: POP 00000532: DUP2 00000533: SWAP1 00000534: SSTORE 00000535: POP 00000536: DUP2 00000537: PUSH1 0x07 00000539: PUSH1 0x00 0000053b: POP 0000053c: PUSH1 0x00 0000053e: DUP7 0000053f: PUSH1 0x01 00000541: PUSH1 0xa0 00000543: PUSH1 0x02 00000545: EXP 00000546: SUB 00000547: AND 00000548: DUP2 00000549: MSTORE 0000054a: PUSH1 0x20 0000054c: ADD 0000054d: SWAP1 0000054e: DUP2 0000054f: MSTORE 00000550: PUSH1 0x20 00000552: ADD 00000553: PUSH1 0x00 00000555: KECCAK256 00000556: PUSH1 0x00 00000558: POP 00000559: PUSH1 0x00 0000055b: CALLER 0000055c: PUSH1 0x01 0000055e: PUSH1 0xa0 00000560: PUSH1 0x02 00000562: EXP 00000563: SUB 00000564: AND 00000565: DUP2 00000566: MSTORE 00000567: PUSH1 0x20 00000569: ADD 0000056a: SWAP1 0000056b: DUP2 0000056c: MSTORE 0000056d: PUSH1 0x20 0000056f: ADD 00000570: PUSH1 0x00 00000572: KECCAK256 00000573: PUSH1 0x00 00000575: DUP3 00000576: DUP3 00000577: DUP3 00000578: POP 00000579: SLOAD 0000057a: ADD 0000057b: SWAP3 0000057c: POP 0000057d: POP 0000057e: DUP2 0000057f: SWAP1 00000580: SSTORE 00000581: POP 00000582: DUP3 00000583: PUSH1 0x01 00000585: PUSH1 0xa0 00000587: PUSH1 0x02 00000589: EXP 0000058a: SUB 0000058b: AND 0000058c: DUP5 0000058d: PUSH1 0x01 0000058f: PUSH1 0xa0 00000591: PUSH1 0x02 00000593: EXP 00000594: SUB 00000595: AND 00000596: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000005b7: DUP5 000005b8: PUSH1 0x40 000005ba: MLOAD 000005bb: DUP1 000005bc: DUP3 000005bd: DUP2 000005be: MSTORE 000005bf: PUSH1 0x20 000005c1: ADD 000005c2: SWAP2 000005c3: POP 000005c4: POP 000005c5: PUSH1 0x40 000005c7: MLOAD 000005c8: DUP1 000005c9: SWAP2 000005ca: SUB 000005cb: SWAP1 000005cc: LOG3 000005cd: POP 000005ce: PUSH1 0x01 000005d0: SWAP4 000005d1: SWAP3 000005d2: POP 000005d3: POP 000005d4: POP 000005d5: JUMP 000005d6: JUMPDEST 000005d7: PUSH1 0x01 000005d9: PUSH1 0xa0 000005db: PUSH1 0x02 000005dd: EXP 000005de: SUB 000005df: DUP3 000005e0: AND 000005e1: PUSH1 0x00 000005e3: SWAP1 000005e4: DUP2 000005e5: MSTORE 000005e6: PUSH1 0x40 000005e8: SWAP1 000005e9: KECCAK256 000005ea: SLOAD 000005eb: DUP1 000005ec: DUP3 000005ed: ADD 000005ee: LT 000005ef: ISZERO 000005f0: PUSH2 0x05f8 000005f3: JUMPI 000005f4: PUSH2 0x0002 000005f7: JUMP 000005f8: JUMPDEST 000005f9: DUP1 000005fa: PUSH1 0x05 000005fc: PUSH1 0x00 000005fe: POP 000005ff: PUSH1 0x00 00000601: CALLER 00000602: PUSH1 0x01 00000604: PUSH1 0xa0 00000606: PUSH1 0x02 00000608: EXP 00000609: SUB 0000060a: AND 0000060b: DUP2 0000060c: MSTORE 0000060d: PUSH1 0x20 0000060f: ADD 00000610: SWAP1 00000611: DUP2 00000612: MSTORE 00000613: PUSH1 0x20 00000615: ADD 00000616: PUSH1 0x00 00000618: KECCAK256 00000619: PUSH1 0x00 0000061b: DUP3 0000061c: DUP3 0000061d: DUP3 0000061e: POP 0000061f: SLOAD 00000620: SUB 00000621: SWAP3 00000622: POP 00000623: POP 00000624: DUP2 00000625: SWAP1 00000626: SSTORE 00000627: POP 00000628: DUP1 00000629: PUSH1 0x05 0000062b: PUSH1 0x00 0000062d: POP 0000062e: PUSH1 0x00 00000630: DUP5 00000631: PUSH1 0x01 00000633: PUSH1 0xa0 00000635: PUSH1 0x02 00000637: EXP 00000638: SUB 00000639: AND 0000063a: DUP2 0000063b: MSTORE 0000063c: PUSH1 0x20 0000063e: ADD 0000063f: SWAP1 00000640: DUP2 00000641: MSTORE 00000642: PUSH1 0x20 00000644: ADD 00000645: PUSH1 0x00 00000647: KECCAK256 00000648: PUSH1 0x00 0000064a: DUP3 0000064b: DUP3 0000064c: DUP3 0000064d: POP 0000064e: SLOAD 0000064f: ADD 00000650: SWAP3 00000651: POP 00000652: POP 00000653: DUP2 00000654: SWAP1 00000655: SSTORE 00000656: POP 00000657: DUP2 00000658: PUSH1 0x01 0000065a: PUSH1 0xa0 0000065c: PUSH1 0x02 0000065e: EXP 0000065f: SUB 00000660: AND 00000661: CALLER 00000662: PUSH1 0x01 00000664: PUSH1 0xa0 00000666: PUSH1 0x02 00000668: EXP 00000669: SUB 0000066a: AND 0000066b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000068c: DUP4 0000068d: PUSH1 0x40 0000068f: MLOAD 00000690: DUP1 00000691: DUP3 00000692: DUP2 00000693: MSTORE 00000694: PUSH1 0x20 00000696: ADD 00000697: SWAP2 00000698: POP 00000699: POP 0000069a: PUSH1 0x40 0000069c: MLOAD 0000069d: DUP1 0000069e: SWAP2 0000069f: SUB 000006a0: SWAP1 000006a1: LOG3 000006a2: POP 000006a3: POP 000006a4: JUMP 000006a5: JUMPDEST 000006a6: DUP3 000006a7: ADD 000006a8: SWAP2 000006a9: SWAP1 000006aa: PUSH1 0x00 000006ac: MSTORE 000006ad: PUSH1 0x20 000006af: PUSH1 0x00 000006b1: KECCAK256 000006b2: SWAP1 000006b3: JUMPDEST 000006b4: DUP2 000006b5: SLOAD 000006b6: DUP2 000006b7: MSTORE 000006b8: SWAP1 000006b9: PUSH1 0x01 000006bb: ADD 000006bc: SWAP1 000006bd: PUSH1 0x20 000006bf: ADD 000006c0: DUP1 000006c1: DUP4 000006c2: GT 000006c3: PUSH2 0x06b3 000006c6: JUMPI 000006c7: DUP3 000006c8: SWAP1 000006c9: SUB 000006ca: PUSH1 0x1f 000006cc: AND 000006cd: DUP3 000006ce: ADD 000006cf: SWAP2 000006d0: JUMPDEST 000006d1: POP 000006d2: POP 000006d3: POP 000006d4: POP 000006d5: POP 000006d6: DUP2 000006d7: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe
call_targets:
0x0000000000000000000000000000000000000004, 0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe
call_targets:
0x0000000000000000000000000000000000000004, 0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x78b6addc7f04d93929b38257343f2fcf6dc94b57a0108c0690235223fdf030fe",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 833,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 901,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1050,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | other | codex | allowance() is decoupled from transferFrom spendability | 75 | no | — |
viewevidence_json{
"evidence": "selector 0xdd62ed3e reads and returns only the slot-6 double mapping at pc:0x03bd-0x03db. selector 0x23b872dd checks a separate slot-7 double mapping before spending at pc:0x04be-0x04cf and then increments that slot-7 mapping at pc:0x0536-0x0580. selector 0xcae9ca51 writes the slot-6 approval at pc:0x02c2-0x02c4, but no slot-7 reset is visible in that path. selector 0xdc3080f2 exposes the slot-7 mapping directly at pc:0x0398-0x03bc, reinforcing the dual-accounting interpretation. This conclusion is based on bytecode reconstruction, so variable names are inferred rather than known.",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"selector:0xdc3080f2",
"pc:0x2c4",
"pc:0x4ca",
"pc:0x536"
],
"recommendation": "Use standard ERC20 allowance semantics: decrement the allowance mapping on transferFrom, or make allowance() return the remaining spendable amount and reset the spent-tracking slot on new approvals. Re-test wallet and protocol compatibility after changing this logic.",
"exploit_scenario": "The contract appears to store the approved amount in one mapping and cumulative spent amount in a second mapping. After a spender uses transferFrom, allowance(owner,spender) still returns the original approval, while transferFrom only succeeds if priorSpent + amount <= approved. A user who re-approves the same spender can therefore see allowance() report a value that is not actually spendable, and historical usage can permanently reduce or brick future approvals unless the new approval exceeds lifetime spent. Integrations that rely on ERC20-standard allowance semantics can fail unexpectedly or get stuck."
}
|
| low | reentrancy | codex | approveAndCall performs an untrusted external callback after recording approval | 65 | no | — |
viewevidence_json{
"evidence": "selector 0xcae9ca51 matches approveAndCall(address,uint256,bytes) and writes approval state before the external interaction (SSTORE at pc:0x02c4). It then builds calldata for receiveApproval(address,uint256,address,bytes) and performs a CALL at pc:0x0385 to a computed/user-controlled target. The bundle's validated call finding also marks CALL targets as varying. Returndata validation beyond the CALL success bit is not evidenced in the artifact. Note: the other CALL sites at pc:0x0341 and pc:0x041a are consistent with identity-precompile-style memory copy helpers and are less concerning.",
"locations": [
"selector:0xcae9ca51",
"pc:0x2c4",
"pc:0x385"
],
"recommendation": "If approveAndCall is intentional, document it as reentrancy-capable and avoid using it with untrusted spenders. For stronger safety, constrain callback targets, add a reentrancy guard around sensitive state transitions, or remove the callback pattern in favor of a plain approve flow.",
"exploit_scenario": "The inferred approveAndCall(address,uint256,bytes) path writes approval state first and then performs a low-level CALL to the user-supplied spender contract. A malicious spender can immediately reenter and use transferFrom before approveAndCall returns. Because this callback behavior is explicit, this is not automatically exploitable beyond the granted allowance, but any caller or integrator that assumes approveAndCall only records approval and does not invoke arbitrary code can be broken."
}
|