019b3836-45c9-71a9-901e-4ae9cf03b8e0
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 6059 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 6060 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 49052 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 49053 | capability.graph | complete | 1 / 3 | 1 week ago |
| 49054 | detector.run | complete | 1 / 3 | 1 week ago |
| 49055 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113312 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"The bytecode appears to implement a legacy ERC20-like token with `approveAndCall(address,uint256,bytes)`, but its allowance accounting is nonstandard: `allowance()` returns an approval ceiling while a separate hidden mapping tracks cumulative spender usage. I did not see proxy/delegatecall sinks or obvious privileged upgrade paths in the provided bytecode bundle.","findings":[{"severity":"medium","category":"math","title":"Nonstandard cumulative allowance accounting breaks ERC20 allowance semantics","exploit_scenario":"A spender is approved and uses part of that approval via `transferFrom`. The owner or an integration later reads `allowance(owner, spender)` and sees the original approved amount, even though the true remaining spendable amount is lower because a second mapping tracks cumulative usage. If the owner tries to refresh approval to a smaller or equal amount, the spender may become permanently unable to spend again unless the owner raises the ceiling above all historical usage. Integrations that assume standard ERC20 remaining-allowance semantics can mis-handle approvals, fail unexpectedly, or present incorrect risk to users.","recommendation":"Use standard ERC20 accounting: store the remaining allowance in a single mapping, decrement that mapping on `transferFrom`, and have `allowance()` return the current remaining amount. If a separate cumulative-spent metric is needed, expose it as auxiliary state but do not use it as the authoritative allowance check. If this behavior is intentional, document it explicitly because many ERC20 integrations will assume standard semantics.","evidence":"Best-effort bytecode inference shows `allowance(address,address)` (`selector:0xdd62ed3e`) loading and returning a nested mapping rooted at slot `0x04` (`pc:0x0341`-`0x035e`). `transferFrom(address,address,uint256)` (`selector:0x23b872dd`) loads that slot-4 value, then separately loads another nested mapping rooted at slot `0x05` and enforces `slot5 + amount <= slot4` (`pc:0x045d`-`0x0484`). It later increments slot 5 instead of decrementing slot 4 (`pc:0x050f`-`0x0536`). `approveAndCall(address,uint256,bytes)` (`selector:0xcae9ca51`) writes the slot-4 mapping (`pc:0x0205`-`0x024b`) but does not reset slot 5, so approvals behave like lifetime ceilings rather than standard remaining allowances. The exact name of `selector:0xdc3080f2` is uncertain, but its getter shape matches the secondary slot-5 mapping.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","selector:0xdc3080f2","pc:0x345","pc:0x45d","pc:0x50f","pc:0x205"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-i7snd9oi
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c85-d2c6-7b51-ab09-12ce69b91b2c
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-i7snd9oi
succeeded in 0ms:
/tmp/codex-i7snd9oi
exec
/bin/bash -lc 'rg --files' in /tmp/codex-i7snd9oi
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x1ba24206d11b5e82886d57491597f04120d14826",
"artifact_hash": "0xc2f918a3fc73687f03dca14c285f3115cb47f4adad458e73b865ed430cda0671",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xda891681de0e2b3d574fbc2e6752bd7a6c50949b7c8f0e66f5e152fca339e5bb",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x0343c66c992fc9a4c8503f012ff68e290b9a312191eba5b0b8a306142ff00f3c",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0xe4a2a78f8950ed63683b804061fb60e06e08588285fb9b3253a672d2132a1193",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0x752a9904e5afd23801f771418b9c90fe3796babbce70e90c3c39fb21f506f4ec",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x4b0ec7be87772895a3ed653adb67737eb056c70686c3ac6c27506a6f17382896",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xf0f2e3b39cdab3ec2f3f442e1c644e1e571921fed2bf26c1f910006798933aa0",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x9d023b9e7a99db6d9f4c6273312ced45f3227b5a37be37eb6dd74f177d375bc9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x52c4eb52d31a3dac316ec8170cd135c991d20d47a07ff4ea42305b4616c62d5f",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0xd6edf2c52a9c50603b1675b631899baf0ccb91474fa0507ba0696c9089d7a916",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0x4411a538b7f5b0c2edf5f9bc731a7e6e08b9ed1d373d25d2cae0440f7e6f866a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 126,
"hash": "0x7d89dda3d0e9e4026fa799e06f15658b5e0c0bdeb160aa8932fe100a5a4104f3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 119
},
{
"end_pc": 192,
"hash": "0xd8efafa5c2d69cae7a3394f72e34adb5fb491d920ba4abab2c968099325a2ca2",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_83",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 127
},
{
"end_pc": 200,
"hash": "0xaab5b85718983e598a7877cbdf95ddc645b3b4a1a51127e103e5153ba06d7598",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 193
},
{
"end_pc": 219,
"hash": "0x2e794b922f2e688929521016738957b2566468ea69b3419d8d40755853cff20c",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 201
},
{
"end_pc": 265,
"hash": "0x30f87a32c83559885a74182bc415cf17bb6937fc25a48e4430ea85b86f54c1cc",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"PUSH1",
"OP_90",
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_82",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 220
},
{
"end_pc": 269,
"hash": "0x52ba0293f3ad0d0d22b2cd189312666c2f198fe85fd7e8cf364ca30124e6b6de",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 266
},
{
"end_pc": 281,
"hash": "0x9362fd1a8491aafd33b18515eb8ae7f6ce985746e9a8743c6fc6c84b7c52c518",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"SLOAD",
"PUSH1",
"AND",
"OP_81",
"JUMP"
],
"start_pc": 270
},
{
"end_pc": 305,
"hash": "0xbb87a2a93bcc6d42ab9c1e8a369ca3651c37d9a9372dc06f6964d3866ab8b291",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 282
},
{
"end_pc": 370,
"hash": "0x1f128a54ab36e4a650a39c43969da7a18d0606125668c0a3aa64a761d230287a",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"OP_84",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 306
},
{
"end_pc": 378,
"hash": "0x58b1c56e0bff7ba093cef9b7a74d11611cf4b15773f76d97991c3d49c38766a6",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 371
},
{
"end_pc": 397,
"hash": "0xe9187216f47e087c3deca70ab4be2937fbf4de2fca127d2dfd92abe17b4781fa",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
"OP_83",
"MSTORE",
"OP_91",
"PUSH1",
"ADD",
"OP_91",
"PUSH2",
"JUMP"
],
"start_pc": 379
},
{
"end_pc": 440,
"hash": "0x2b3f452541e6aaf2a19d8952f106fa6de3d8cfc4dce46c8b29cdb007a14a0cf9",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"CALLER",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_81",
"OP_90",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 398
},
{
"end_pc": 444,
"hash": "0x97405cdd6e6b60c9e9daa38cfb2e6d1ae50968b4bd9967a97fd59f851bba10c4",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 441
},
{
"end_pc": 728,
"hash": "0x4c004680333ea937e41a95e0aaa7be8791bcc43b3d6e6b44ac5f9f25fec29fb6",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"OP_81",
"ADD",
"CALLDATALOAD",
"PUSH1",
"OP_81",
"ADD",
"OP_84",
"OP_90",
"DIV",
"OP_90",
"OP_93",
"MUL",
"OP_84",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_83",
"OP_81",
"MSTORE",
"PUSH2",
"OP_94",
"OP_82",
"CALLDATALOAD",
"OP_94",
"PUSH1",
"OP_80",
"CALLDATALOAD",
"OP_95",
"PUSH1",
"OP_94",
"OP_93",
"OP_91",
"ADD",
"OP_91",
"OP_90",
"OP_81",
"OP_90",
"OP_83",
"OP_82",
"OP_80",
"OP_82",
"OP_84",
"CALLDATACOPY",
"POP",
"OP_94",
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"OP_96",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"OP_83",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"OP_87",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_84",
"OP_90",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH4",
"CALLER",
"OP_86",
"ADDRESS",
"OP_87",
"PUSH1",
"MLOAD",
"OP_85",
"PUSH1",
"PUSH1",
"EXP",
"MUL",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_84",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_83",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 445
},
{
"end_pc": 753,
"hash": "0x6c0260a2c143f4bf49ef1833a76637a7016a5027a6eb39e9b989cd2fa2ad3bc9",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 729
},
{
"end_pc": 785,
"hash": "0xbffc64f35b18e95e2103ddef4b4c5fdccee241aff0e0782c74d7b7bb3e9692bb",
"opcodes": [
"JUMPDEST",
"POP",
"OP_95",
"POP",
"POP",
"POP",
"POP",
"POP",
"POP",
"PUSH1",
"PUSH1",
"MLOAD",
"OP_80",
"OP_83",
"SUB",
"OP_81",
"PUSH1",
"OP_87",
"PUSH2",
"GAS",
"SUB",
"CALL",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 754
},
{
"end_pc": 795,
"hash": "0xd31cae8e0c5c35d864bd5508dadbe36913d0b7616723327ad7fa8cbf04a9d090",
"opcodes": [
"POP",
"POP",
"POP",
"POP",
"OP_93",
"OP_92",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 786
},
{
"end_pc": 832,
"hash": "0x671f80614b2161acd8baa164519b56d80b0369a1cfcd4471f9660911fdec58ed",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"PUSH1",
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 796
},
{
"end_pc": 868,
"hash": "0x4967a576c664bf96bf266de1e139b435ea940fc359da4af5fde4d4a32032cb10",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"OP_81",
"OP_81",
"MSTORE",
"OP_90",
"CALLDATALOAD",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_82",
"SHA3",
"OP_90",
"OP_92",
"MSTORE",
"PUSH1",
"CALLDATALOAD",
"OP_81",
"MSTORE",
"SHA3",
"SLOAD",
"PUSH2",
"OP_90",
"OP_81",
"JUMP"
],
"start_pc": 833
},
{
"end_pc": 870,
"hash": "0x5cf4c5f8e3b1ba7f3983055ae21aff82972bf273cf483cb99b22716738730c8f",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 869
},
{
"end_pc": 941,
"hash": "0x4e015292933284ecba012bf1ac6370f2ee89eaecf8846a17e70652092e826368",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"OP_80",
"OP_80",
"PUSH1",
"ADD",
"OP_82",
"OP_81",
"SUB",
"OP_82",
"MSTORE",
"OP_83",
"OP_81",
"OP_81",
"MLOAD",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"OP_80",
"MLOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_80",
"OP_83",
"OP_83",
"OP_82",
"OP_90",
"PUSH1",
"PUSH1",
"PUSH1",
"OP_84",
"PUSH1",
"ADD",
"DIV",
"PUSH1",
"MUL",
"PUSH1",
"ADD",
"CALL",
"POP",
"OP_90",
"POP",
"OP_90",
"OP_81",
"ADD",
"OP_90",
"PUSH1",
"AND",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 871
},
{
"end_pc": 966,
"hash": "0x726883ac335db6396460a65951f8781b271477760da9f313537d6d2c8f4c2787",
"opcodes": [
"OP_80",
"OP_82",
"SUB",
"OP_80",
"MLOAD",
"PUSH1",
"OP_83",
"PUSH1",
"SUB",
"PUSH2",
"EXP",
"SUB",
"NOT",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP"
],
"start_pc": 942
},
{
"end_pc": 980,
"hash": "0x6e647b035fdb58d4be1d1d7fe777d3d819158f76ffe11d2517debc73a4271c9d",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"POP",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"RETURN"
],
"start_pc": 967
},
{
"end_pc": 998,
"hash": "0xe72f2d49734f00bbcdcd0e24a06397f3639aa1d959474ef092b3e85596206ed4",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"OP_91",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 981
},
{
"end_pc": 1008,
"hash": "0xca01593542ab5509a9e9f91cd2fe5d9ff3fefd59976afd43d053e24d9681d7ad",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"RETURN"
],
"start_pc": 999
},
{
"end_pc": 1022,
"hash": "0x3487ce969fde324c21ec4897a771b6a6c9366d06c0ccf7c7eb59128e3da699d9",
"opcodes": [
"JUMPDEST",
"OP_82",
"ADD",
"OP_91",
"OP_90",
"PUSH1",
"MSTORE",
"PUSH1",
"PUSH1",
"SHA3",
"OP_90"
],
"start_pc": 1009
},
{
"end_pc": 1042,
"hash": "0x9843d5bef793075e621a5db739863e9598a10bb1dac83aff33020ccd4235e068",
"opcodes": [
"JUMPDEST",
"OP_81",
"SLOAD",
"OP_81",
"MSTORE",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"PUSH1",
"ADD",
"OP_80",
"OP_83",
"GT",
"PUSH2",
"JUMPI"
],
"start_pc": 1023
},
{
exec
/bin/bash -lc "sed -n '1041,1300p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"end_pc": 1051,
"hash": "0x538abb38eabdfe29129b607eb8ae0b8d2e44521c45ee2c110943f458fd664324",
"opcodes": [
"OP_82",
"OP_90",
"SUB",
"PUSH1",
"AND",
"OP_82",
"ADD",
"OP_91"
],
"start_pc": 1043
},
{
"end_pc": 1059,
"hash": "0x472c08278b028b0cdb59aad605c5706d03de3e93dcdf16a3641f8a640a00e731",
"opcodes": [
"JUMPDEST",
"POP",
"POP",
"POP",
"POP",
"POP",
"OP_81",
"JUMP"
],
"start_pc": 1052
},
{
"end_pc": 1086,
"hash": "0xe7eb9bfd3be854ce8b6b9e275d355fb6b023ab600e35d4dcf476c9ae634a3d71",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_83",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"OP_81",
"SHA3",
"SLOAD",
"OP_80",
"OP_83",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1060
},
{
"end_pc": 1090,
"hash": "0x9551614ac0717c39a5648ebd930808d50d2dcad9b74465bac215a81948894b2b",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1087
},
{
"end_pc": 1160,
"hash": "0xaf89db1d04869da95f2e47caa10254a9ff21e59bd0ac09ba2d058859a55b4cba",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_80",
"OP_85",
"AND",
"OP_80",
"OP_83",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_80",
"OP_85",
"SHA3",
"CALLER",
"OP_94",
"OP_90",
"OP_94",
"AND",
"OP_80",
"OP_86",
"MSTORE",
"OP_93",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"SLOAD",
"OP_92",
"OP_85",
"MSTORE",
"PUSH1",
"OP_82",
"MSTORE",
"OP_80",
"OP_85",
"SHA3",
"OP_93",
"OP_85",
"MSTORE",
"OP_92",
"OP_90",
"MSTORE",
"OP_90",
"OP_82",
"SHA3",
"SLOAD",
"OP_83",
"ADD",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1091
},
{
"end_pc": 1164,
"hash": "0xb870c2451c872330e47a2f27febb9f221e0d95bb7acd53fea95092ef4a1fef81",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1161
},
{
"end_pc": 1416,
"hash": "0x46db1e16a11143e28204f0b91fca7dd817ebb1badac797df68abaf5c83d8ec57",
"opcodes": [
"JUMPDEST",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_85",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
exec
/bin/bash -lc "sed -n '1301,1560p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_82",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_84",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"OP_93",
"OP_92",
"POP",
"POP",
"POP",
"JUMP"
],
"start_pc": 1165
},
{
"end_pc": 1446,
"hash": "0x76362dbb2faed2c7fd67d8975787c1ef89e3c2c264c154ccf6e13895a72384d2",
"opcodes": [
"JUMPDEST",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"OP_82",
"AND",
"PUSH1",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"OP_90",
"SHA3",
"SLOAD",
"OP_80",
"OP_82",
"ADD",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1417
},
{
"end_pc": 1450,
"hash": "0x2b1838b5c800d72260cc4e733ea8f19d6415f5e2bdf0a2b8ab66350936f51c4b",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 1447
},
{
"end_pc": 1623,
"hash": "0xfad7881988317c808e951cfdbbbc1227b09f44ff4ca642aad25ee8b8314f6992",
"opcodes": [
"JUMPDEST",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"SUB",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_80",
"PUSH1",
"PUSH1",
"POP",
"PUSH1",
"OP_84",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_90",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"PUSH1",
"SHA3",
"PUSH1",
"OP_82",
"OP_82",
"OP_82",
"POP",
"SLOAD",
"ADD",
"OP_92",
"POP",
"POP",
"OP_81",
"OP_90",
"SSTORE",
"POP",
"OP_81",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"CALLER",
"PUSH1",
"PUSH1",
"PUSH1",
"EXP",
"SUB",
"AND",
"PUSH32",
"OP_83",
"PUSH1",
"MLOAD",
"OP_80",
"OP_82",
"OP_81",
"MSTORE",
"PUSH1",
"ADD",
"OP_91",
"POP",
"POP",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"POP",
"POP",
"JUMP"
],
"start_pc": 1451
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 712,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 780,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 925,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:119",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:127",
"type": "control_flow"
exec
/bin/bash -lc "sed -n '1561,1820p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:220",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:270",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:282",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:306",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:398",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:445",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:833",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:127",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:127",
"to": "bb:193",
"type": "control_flow_fallthrough"
},
{
"from": "bb:193",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:201",
"type": "control_flow_fallthrough"
},
{
"from": "bb:201",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:1060",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:266",
"type": "control_flow_fallthrough"
},
{
"from": "bb:306",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:306",
"to": "bb:371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:371",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:371",
"to": "bb:379",
"type": "control_flow_fallthrough"
},
{
"from": "bb:379",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:1417",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:441",
"type": "control_flow_fallthrough"
},
{
"from": "bb:445",
"to": "bb:754",
"type": "control_flow"
},
{
"from": "bb:445",
"to": "bb:729",
"type": "control_flow_fallthrough"
},
{
"from": "bb:729",
"to": "bb:754",
"type": "control_flow_fallthrough"
},
{
"from": "bb:754",
"to": "bb:786",
"type": "control_flow_fallthrough"
},
{
"from": "bb:871",
"to": "bb:967",
"type": "control_flow"
},
{
"from": "bb:871",
"to": "bb:942",
"type": "control_flow_fallthrough"
},
{
"from": "bb:942",
"to": "bb:967",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1009",
"to": "bb:1023",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1023",
"to": "bb:1023",
"type": "control_flow"
},
{
"from": "bb:1023",
"to": "bb:1043",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1043",
"to": "bb:1052",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1060",
"to": "bb:1091",
"type": "control_flow"
},
{
"from": "bb:1060",
"to": "bb:1087",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1091",
"to": "bb:1165",
"type": "control_flow"
},
{
"from": "bb:1091",
"to": "bb:1161",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1417",
"to": "bb:1451",
"type": "control_flow"
},
{
"from": "bb:1417",
"to": "bb:1447",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0xae6b9ce4c7c57e57a431382f3b2ff751d9c84e8060e5a7eda32f9064c8b3a15d",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1889567281,
"selector": "0x313ce567"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
exec
/bin/bash -lc "sed -n '1821,2080p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3694166258,
"selector": "0xcae9ca51"
},
{
"entry_pc": 3714247998,
"selector": "0xdc3080f2"
},
{
"entry_pc": 869,
"selector": "0xdd62ed3e"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
exec
/bin/bash -lc "sed -n '2081,2340p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3694166258,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xdc3080f2",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 869,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
],
"selectors": [
"0x06fdde03",
"0x23b872dd",
"0x313ce567",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdc3080f2",
"0xdd62ed3e"
],
"sinks": {
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 22,
"reads": 20,
"slots": [
{
"op": "SLOAD",
"pc": 134,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 206,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 276,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 313,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 384,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 587,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
exec
/bin/bash -lc "sed -n '2341,2600p' BYTECODE_BUNDLE.json" in /tmp/codex-i7snd9oi
succeeded in 0ms:
"writes": 6
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0xa5c9edd7479b3755a7c236ede1f5166437ef51a53501c812c78128e227d79791",
"created_at": "2026-04-04T20:00:01.000000Z",
"id": 2763,
"updated_at": "2026-04-04T20:00:01.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x1ba24206d11b5e82886d57491597f04120d14826",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:59.000000Z",
"id": "019b3836-45c9-71a9-901e-4ae9cf03b8e0",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T20:00:01.000000Z"
},
"artifact": {
"codehash": "0xa5c9edd7479b3755a7c236ede1f5166437ef51a53501c812c78128e227d79791",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100775760e060020a600035046306fdde03811461007f57806323b872dd146100dc578063313ce5671461010e57806370a082311461011a57806395d89b4114610132578063a9059cbb1461018e578063cae9ca51146101bd578063dc3080f21461031c578063dd62ed3e14610341575b610365610002565b61036760008054602060026001831615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b6103d5600435602435604435600160a060020a0383166000908152600360205260408120548290101561042457610002565b6103e760025460ff1681565b6103d560043560036020526000908152604090205481565b610367600180546020600282841615610100026000190190921691909104601f8101829004909102608090810160405260608281529291908282801561041c5780601f106103f15761010080835404028352916020019161041c565b610365600435602435600160a060020a0333166000908152600360205260409020548190101561058957610002565b60806020604435600481810135601f8101849004909302840160405260608381526103d5948235946024803595606494939101919081908382808284375094965050505050505060006000836004600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156102f25780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257505050509392505050565b6005602090815260043560009081526040808220909252602435815220546103d59081565b60046020818152903560009081526040808220909252602435815220546103d59081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103c75780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b820191906000526020600020905b8154815290600101906020018083116103ff57829003601f168201915b505050505081565b600160a060020a03831681526040812054808301101561044357610002565b600160a060020a0380851680835260046020908152604080852033949094168086529382528085205492855260058252808520938552929052908220548301111561048d57610002565b816003600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816003600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816005600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054019250508190555082600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a39392505050565b600160a060020a0382166000908152604090205480820110156105ab57610002565b806003600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806003600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a3505056",
"head": null,
"length": 3250,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x1ba24206d11b5e82886d57491597f04120d14826",
"block_number": null,
"chain_id": 1,
"codehash": "0xa5c9edd7479b3755a7c236ede1f5166437ef51a53501c812c78128e227d79791",
"created_at": "2026-04-04T20:00:01.000000Z",
"graph_hash": "0x08d5313919282e479f6007d6f897e40a2742ba026d68f3cde60faab39871eefe",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:119",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:127",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:31",
"type": "control_flow_fallthrough"
},
{
"from": "bb:31",
"to": "bb:220",
"type": "control_flow"
},
{
"from": "bb:31",
"to": "bb:42",
"type": "control_flow_fallthrough"
},
{
"from": "bb:42",
"to": "bb:270",
"type": "control_flow"
},
{
"from": "bb:42",
"to": "bb:53",
"type": "control_flow_fallthrough"
},
{
"from": "bb:53",
"to": "bb:282",
"type": "control_flow"
},
{
"from": "bb:53",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:306",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:75",
"to": "bb:398",
"type": "control_flow"
},
{
"from": "bb:75",
"to": "bb:86",
"type": "control_flow_fallthrough"
},
{
"from": "bb:86",
"to": "bb:445",
"type": "control_flow"
},
{
"from": "bb:86",
"to": "bb:97",
"type": "control_flow_fallthrough"
},
{
"from": "bb:97",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:97",
"to": "bb:108",
"type": "control_flow_fallthrough"
},
{
"from": "bb:108",
"to": "bb:833",
"type": "control_flow"
},
{
"from": "bb:108",
"to": "bb:119",
"type": "control_flow_fallthrough"
},
{
"from": "bb:127",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:127",
"to": "bb:193",
"type": "control_flow_fallthrough"
},
{
"from": "bb:193",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:193",
"to": "bb:201",
"type": "control_flow_fallthrough"
},
{
"from": "bb:201",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:1060",
"type": "control_flow"
},
{
"from": "bb:220",
"to": "bb:266",
"type": "control_flow_fallthrough"
},
{
"from": "bb:306",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:306",
"to": "bb:371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:371",
"to": "bb:1009",
"type": "control_flow"
},
{
"from": "bb:371",
"to": "bb:379",
"type": "control_flow_fallthrough"
},
{
"from": "bb:379",
"to": "bb:1052",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:1417",
"type": "control_flow"
},
{
"from": "bb:398",
"to": "bb:441",
"type": "control_flow_fallthrough"
},
{
"from": "bb:445",
"to": "bb:754",
"type": "control_flow"
},
{
"from": "bb:445",
"to": "bb:729",
"type": "control_flow_fallthrough"
},
{
"from": "bb:729",
"to": "bb:754",
"type": "control_flow_fallthrough"
},
{
"from": "bb:754",
"to": "bb:786",
"type": "control_flow_fallthrough"
},
{
"from": "bb:871",
"to": "bb:967",
"type": "control_flow"
},
{
"from": "bb:871",
"to": "bb:942",
"type": "control_flow_fallthrough"
},
{
"from": "bb:942",
"to": "bb:967",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1009",
"to": "bb:1023",
"type": "control_flow_fallthrough"
},
exec
/bin/bash -lc "python - <<'PY'
import hashlib
sigs=[
'approve(address,uint256)',
'approveAndCall(address,uint256,bytes)',
'allowance(address,address)',
'transfer(address,uint256)',
'transferFrom(address,address,uint256)',
'balanceOf(address)',
'name()', 'symbol()','decimals()',
'burn(uint256)','burnFrom(address,uint256)','mint(uint256)','issue(uint256)','withdraw(uint256)','deposit(address,uint256)'
]
try:
import sha3
keccak=lambda x: sha3.keccak_256(x).hexdigest()
except Exception as e:
from Crypto.Hash import keccak
keccak=lambda x: keccak.new(digest_bits=256,data=x).hexdigest()
for s in sigs:
print(s, keccak(s.encode())[:8])
PY" in /tmp/codex-i7snd9oi
exited 1 in 0ms:
Traceback (most recent call last):
File "<stdin>", line 19, in <module>
File "<stdin>", line 17, in <lambda>
AttributeError: 'function' object has no attribute 'new'
exec
/bin/bash -lc "python - <<'PY'
try:
import sha3
def keccak_hex(data):
return sha3.keccak_256(data).hexdigest()
except Exception:
from Crypto.Hash import keccak
def keccak_hex(data):
k=keccak.new(digest_bits=256)
k.update(data)
return k.hexdigest()
sigs=[
'approve(address,uint256)',
'approveAndCall(address,uint256,bytes)',
'allowance(address,address)',
'transfer(address,uint256)',
'transferFrom(address,address,uint256)',
'balanceOf(address)',
'name()','symbol()','decimals()',
'burn(uint256)','burnFrom(address,uint256)','mint(uint256)','issue(uint256)','withdraw(uint256)','deposit(address,uint256)','approveAndCallcode(address,uint256,bytes)','approveAndCall(address,uint256,bytes,bytes4)'
]
for s in sigs:
print(s, keccak_hex(s.encode())[:8])
PY" in /tmp/codex-i7snd9oi
succeeded in 0ms:
approve(address,uint256) 095ea7b3
approveAndCall(address,uint256,bytes) cae9ca51
allowance(address,address) dd62ed3e
transfer(address,uint256) a9059cbb
transferFrom(address,address,uint256) 23b872dd
balanceOf(address) 70a08231
name() 06fdde03
symbol() 95d89b41
decimals() 313ce567
burn(uint256) 42966c68
burnFrom(address,uint256) 79cc6790
mint(uint256) a0712d68
issue(uint256) cc872b66
withdraw(uint256) 2e1a7d4d
deposit(address,uint256) 47e7ef24
approveAndCallcode(address,uint256,bytes) b11c4fd8
approveAndCall(address,uint256,bytes,bytes4) 24796ff1
exec
/bin/bash -lc "python - <<'PY'
from textwrap import wrap
import json, re
j=json.load(open('BYTECODE_BUNDLE.json'))
code=j['artifact']['runtime_bytecode']['full'][2:]
bs=bytes.fromhex(code)
# opcode table
ops={i:f'PUSH{i-0x5f}' for i in range(0x60,0x80)}
ops.update({i:f'DUP{i-0x7f}' for i in range(0x80,0x90)})
ops.update({i:f'SWAP{i-0x8f}' for i in range(0x90,0xa0)})
ops.update({i:f'LOG{i-0xa0}' for i in range(0xa0,0xa5)})
base={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
ops.update(base)
# disassemble selected pc ranges
ranges=[(0,140),(220,470),(445,820),(820,980),(1060,1465)]
for start,end in ranges:
print(f'-- range {start}-{end} --')
pc=0
while pc < len(bs):
op=bs[pc]
name=ops.get(op,f'OP_{op:02x}')
n=0
imm=''
if 0x60<=op<=0x7f:
n=op-0x5f
imm=bs[pc+1:pc+1+n].hex()
if start<=pc<=end:
print(f'{pc:04x}: {name} {imm}'.rstrip())
pc += 1+n
print()
PY" in /tmp/codex-i7snd9oi
succeeded in 0ms:
-- range 0-140 --
0000: PUSH1 60
0002: PUSH1 40
0004: MSTORE
0005: CALLDATASIZE
0006: ISZERO
0007: PUSH2 0077
000a: JUMPI
000b: PUSH1 e0
000d: PUSH1 02
000f: EXP
0010: PUSH1 00
0012: CALLDATALOAD
0013: DIV
0014: PUSH4 06fdde03
0019: DUP2
001a: EQ
001b: PUSH2 007f
001e: JUMPI
001f: DUP1
0020: PUSH4 23b872dd
0025: EQ
0026: PUSH2 00dc
0029: JUMPI
002a: DUP1
002b: PUSH4 313ce567
0030: EQ
0031: PUSH2 010e
0034: JUMPI
0035: DUP1
0036: PUSH4 70a08231
003b: EQ
003c: PUSH2 011a
003f: JUMPI
0040: DUP1
0041: PUSH4 95d89b41
0046: EQ
0047: PUSH2 0132
004a: JUMPI
004b: DUP1
004c: PUSH4 a9059cbb
0051: EQ
0052: PUSH2 018e
0055: JUMPI
0056: DUP1
0057: PUSH4 cae9ca51
005c: EQ
005d: PUSH2 01bd
0060: JUMPI
0061: DUP1
0062: PUSH4 dc3080f2
0067: EQ
0068: PUSH2 031c
006b: JUMPI
006c: DUP1
006d: PUSH4 dd62ed3e
0072: EQ
0073: PUSH2 0341
0076: JUMPI
0077: JUMPDEST
0078: PUSH2 0365
007b: PUSH2 0002
007e: JUMP
007f: JUMPDEST
0080: PUSH2 0367
0083: PUSH1 00
0085: DUP1
0086: SLOAD
0087: PUSH1 20
0089: PUSH1 02
008b: PUSH1 01
-- range 220-470 --
00dc: JUMPDEST
00dd: PUSH2 03d5
00e0: PUSH1 04
00e2: CALLDATALOAD
00e3: PUSH1 24
00e5: CALLDATALOAD
00e6: PUSH1 44
00e8: CALLDATALOAD
00e9: PUSH1 01
00eb: PUSH1 a0
00ed: PUSH1 02
00ef: EXP
00f0: SUB
00f1: DUP4
00f2: AND
00f3: PUSH1 00
00f5: SWAP1
00f6: DUP2
00f7: MSTORE
00f8: PUSH1 03
00fa: PUSH1 20
00fc: MSTORE
00fd: PUSH1 40
00ff: DUP2
0100: SHA3
0101: SLOAD
0102: DUP3
0103: SWAP1
0104: LT
0105: ISZERO
0106: PUSH2 0424
0109: JUMPI
010a: PUSH2 0002
010d: JUMP
010e: JUMPDEST
010f: PUSH2 03e7
0112: PUSH1 02
0114: SLOAD
0115: PUSH1 ff
0117: AND
0118: DUP2
0119: JUMP
011a: JUMPDEST
011b: PUSH2 03d5
011e: PUSH1 04
0120: CALLDATALOAD
0121: PUSH1 03
0123: PUSH1 20
0125: MSTORE
0126: PUSH1 00
0128: SWAP1
0129: DUP2
012a: MSTORE
012b: PUSH1 40
012d: SWAP1
012e: SHA3
012f: SLOAD
0130: DUP2
0131: JUMP
0132: JUMPDEST
0133: PUSH2 0367
0136: PUSH1 01
0138: DUP1
0139: SLOAD
013a: PUSH1 20
013c: PUSH1 02
013e: DUP3
013f: DUP5
0140: AND
0141: ISZERO
0142: PUSH2 0100
0145: MUL
0146: PUSH1 00
0148: NOT
0149: ADD
014a: SWAP1
014b: SWAP3
014c: AND
014d: SWAP2
014e: SWAP1
014f: SWAP2
0150: DIV
0151: PUSH1 1f
0153: DUP2
0154: ADD
0155: DUP3
0156: SWAP1
0157: DIV
0158: SWAP1
0159: SWAP2
015a: MUL
015b: PUSH1 80
015d: SWAP1
015e: DUP2
015f: ADD
0160: PUSH1 40
0162: MSTORE
0163: PUSH1 60
0165: DUP3
0166: DUP2
0167: MSTORE
0168: SWAP3
0169: SWAP2
016a: SWAP1
016b: DUP3
016c: DUP3
016d: DUP1
016e: ISZERO
016f: PUSH2 041c
0172: JUMPI
0173: DUP1
0174: PUSH1 1f
0176: LT
0177: PUSH2 03f1
017a: JUMPI
017b: PUSH2 0100
017e: DUP1
017f: DUP4
0180: SLOAD
0181: DIV
0182: MUL
0183: DUP4
0184: MSTORE
0185: SWAP2
0186: PUSH1 20
0188: ADD
0189: SWAP2
018a: PUSH2 041c
018d: JUMP
018e: JUMPDEST
018f: PUSH2 0365
0192: PUSH1 04
0194: CALLDATALOAD
0195: PUSH1 24
0197: CALLDATALOAD
0198: PUSH1 01
019a: PUSH1 a0
019c: PUSH1 02
019e: EXP
019f: SUB
01a0: CALLER
01a1: AND
01a2: PUSH1 00
01a4: SWAP1
01a5: DUP2
01a6: MSTORE
01a7: PUSH1 03
01a9: PUSH1 20
01ab: MSTORE
01ac: PUSH1 40
01ae: SWAP1
01af: SHA3
01b0: SLOAD
01b1: DUP2
01b2: SWAP1
01b3: LT
01b4: ISZERO
01b5: PUSH2 0589
01b8: JUMPI
01b9: PUSH2 0002
01bc: JUMP
01bd: JUMPDEST
01be: PUSH1 80
01c0: PUSH1 20
01c2: PUSH1 44
01c4: CALLDATALOAD
01c5: PUSH1 04
01c7: DUP2
01c8: DUP2
01c9: ADD
01ca: CALLDATALOAD
01cb: PUSH1 1f
01cd: DUP2
01ce: ADD
01cf: DUP5
01d0: SWAP1
01d1: DIV
01d2: SWAP1
01d3: SWAP4
01d4: MUL
01d5: DUP5
01d6: ADD
-- range 445-820 --
01bd: JUMPDEST
01be: PUSH1 80
01c0: PUSH1 20
01c2: PUSH1 44
01c4: CALLDATALOAD
01c5: PUSH1 04
01c7: DUP2
01c8: DUP2
01c9: ADD
01ca: CALLDATALOAD
01cb: PUSH1 1f
01cd: DUP2
01ce: ADD
01cf: DUP5
01d0: SWAP1
01d1: DIV
01d2: SWAP1
01d3: SWAP4
01d4: MUL
01d5: DUP5
01d6: ADD
01d7: PUSH1 40
01d9: MSTORE
01da: PUSH1 60
01dc: DUP4
01dd: DUP2
01de: MSTORE
01df: PUSH2 03d5
01e2: SWAP5
01e3: DUP3
01e4: CALLDATALOAD
01e5: SWAP5
01e6: PUSH1 24
01e8: DUP1
01e9: CALLDATALOAD
01ea: SWAP6
01eb: PUSH1 64
01ed: SWAP5
01ee: SWAP4
01ef: SWAP2
01f0: ADD
01f1: SWAP2
01f2: SWAP1
01f3: DUP2
01f4: SWAP1
01f5: DUP4
01f6: DUP3
01f7: DUP1
01f8: DUP3
01f9: DUP5
01fa: CALLDATACOPY
01fb: POP
01fc: SWAP5
01fd: SWAP7
01fe: POP
01ff: POP
0200: POP
0201: POP
0202: POP
0203: POP
0204: POP
0205: PUSH1 00
0207: PUSH1 00
0209: DUP4
020a: PUSH1 04
020c: PUSH1 00
020e: POP
020f: PUSH1 00
0211: CALLER
0212: PUSH1 01
0214: PUSH1 a0
0216: PUSH1 02
0218: EXP
0219: SUB
021a: AND
021b: DUP2
021c: MSTORE
021d: PUSH1 20
021f: ADD
0220: SWAP1
0221: DUP2
0222: MSTORE
0223: PUSH1 20
0225: ADD
0226: PUSH1 00
0228: SHA3
0229: PUSH1 00
022b: POP
022c: PUSH1 00
022e: DUP8
022f: PUSH1 01
0231: PUSH1 a0
0233: PUSH1 02
0235: EXP
0236: SUB
0237: AND
0238: DUP2
0239: MSTORE
023a: PUSH1 20
023c: ADD
023d: SWAP1
023e: DUP2
023f: MSTORE
0240: PUSH1 20
0242: ADD
0243: PUSH1 00
0245: SHA3
0246: PUSH1 00
0248: POP
0249: DUP2
024a: SWAP1
024b: SSTORE
024c: POP
024d: DUP5
024e: SWAP1
024f: POP
0250: DUP1
0251: PUSH1 01
0253: PUSH1 a0
0255: PUSH1 02
0257: EXP
0258: SUB
0259: AND
025a: PUSH4 8f4ffcb1
025f: CALLER
0260: DUP7
0261: ADDRESS
0262: DUP8
0263: PUSH1 40
0265: MLOAD
0266: DUP6
0267: PUSH1 e0
0269: PUSH1 02
026b: EXP
026c: MUL
026d: DUP2
026e: MSTORE
026f: PUSH1 04
0271: ADD
0272: DUP1
0273: DUP6
0274: PUSH1 01
0276: PUSH1 a0
0278: PUSH1 02
027a: EXP
027b: SUB
027c: AND
027d: DUP2
027e: MSTORE
027f: PUSH1 20
0281: ADD
0282: DUP5
0283: DUP2
0284: MSTORE
0285: PUSH1 20
0287: ADD
0288: DUP4
0289: PUSH1 01
028b: PUSH1 a0
028d: PUSH1 02
028f: EXP
0290: SUB
0291: AND
0292: DUP2
0293: MSTORE
0294: PUSH1 20
0296: ADD
0297: DUP1
0298: PUSH1 20
029a: ADD
029b: DUP3
029c: DUP2
029d: SUB
029e: DUP3
029f: MSTORE
02a0: DUP4
02a1: DUP2
02a2: DUP2
02a3: MLOAD
02a4: DUP2
02a5: MSTORE
02a6: PUSH1 20
02a8: ADD
02a9: SWAP2
02aa: POP
02ab: DUP1
02ac: MLOAD
02ad: SWAP1
02ae: PUSH1 20
02b0: ADD
02b1: SWAP1
02b2: DUP1
02b3: DUP4
02b4: DUP4
02b5: DUP3
02b6: SWAP1
02b7: PUSH1 00
02b9: PUSH1 04
02bb: PUSH1 20
02bd: DUP5
02be: PUSH1 1f
02c0: ADD
02c1: DIV
02c2: PUSH1 0f
02c4: MUL
02c5: PUSH1 03
02c7: ADD
02c8: CALL
02c9: POP
02ca: SWAP1
02cb: POP
02cc: SWAP1
02cd: DUP2
02ce: ADD
02cf: SWAP1
02d0: PUSH1 1f
02d2: AND
02d3: DUP1
02d4: ISZERO
02d5: PUSH2 02f2
02d8: JUMPI
02d9: DUP1
02da: DUP3
02db: SUB
02dc: DUP1
02dd: MLOAD
02de: PUSH1 01
02e0: DUP4
02e1: PUSH1 20
02e3: SUB
02e4: PUSH2 0100
02e7: EXP
02e8: SUB
02e9: NOT
02ea: AND
02eb: DUP2
02ec: MSTORE
02ed: PUSH1 20
02ef: ADD
02f0: SWAP2
02f1: POP
02f2: JUMPDEST
02f3: POP
02f4: SWAP6
02f5: POP
02f6: POP
02f7: POP
02f8: POP
02f9: POP
02fa: POP
02fb: PUSH1 00
02fd: PUSH1 40
02ff: MLOAD
0300: DUP1
0301: DUP4
0302: SUB
0303: DUP2
0304: PUSH1 00
0306: DUP8
0307: PUSH2 61da
030a: GAS
030b: SUB
030c: CALL
030d: ISZERO
030e: PUSH2 0002
0311: JUMPI
0312: POP
0313: POP
0314: POP
0315: POP
0316: SWAP4
0317: SWAP3
0318: POP
0319: POP
031a: POP
031b: JUMP
031c: JUMPDEST
031d: PUSH1 05
031f: PUSH1 20
0321: SWAP1
0322: DUP2
0323: MSTORE
0324: PUSH1 04
0326: CALLDATALOAD
0327: PUSH1 00
0329: SWAP1
032a: DUP2
032b: MSTORE
032c: PUSH1 40
032e: DUP1
032f: DUP3
0330: SHA3
0331: SWAP1
0332: SWAP3
0333: MSTORE
0334: PUSH1 24
-- range 820-980 --
0334: PUSH1 24
0336: CALLDATALOAD
0337: DUP2
0338: MSTORE
0339: SHA3
033a: SLOAD
033b: PUSH2 03d5
033e: SWAP1
033f: DUP2
0340: JUMP
0341: JUMPDEST
0342: PUSH1 04
0344: PUSH1 20
0346: DUP2
0347: DUP2
0348: MSTORE
0349: SWAP1
034a: CALLDATALOAD
034b: PUSH1 00
034d: SWAP1
034e: DUP2
034f: MSTORE
0350: PUSH1 40
0352: DUP1
0353: DUP3
0354: SHA3
0355: SWAP1
0356: SWAP3
0357: MSTORE
0358: PUSH1 24
035a: CALLDATALOAD
035b: DUP2
035c: MSTORE
035d: SHA3
035e: SLOAD
035f: PUSH2 03d5
0362: SWAP1
0363: DUP2
0364: JUMP
0365: JUMPDEST
0366: STOP
0367: JUMPDEST
0368: PUSH1 40
036a: MLOAD
036b: DUP1
036c: DUP1
036d: PUSH1 20
036f: ADD
0370: DUP3
0371: DUP2
0372: SUB
0373: DUP3
0374: MSTORE
0375: DUP4
0376: DUP2
0377: DUP2
0378: MLOAD
0379: DUP2
037a: MSTORE
037b: PUSH1 20
037d: ADD
037e: SWAP2
037f: POP
0380: DUP1
0381: MLOAD
0382: SWAP1
0383: PUSH1 20
0385: ADD
0386: SWAP1
0387: DUP1
0388: DUP4
0389: DUP4
038a: DUP3
038b: SWAP1
038c: PUSH1 00
038e: PUSH1 04
0390: PUSH1 20
0392: DUP5
0393: PUSH1 1f
0395: ADD
0396: DIV
0397: PUSH1 0f
0399: MUL
039a: PUSH1 03
039c: ADD
039d: CALL
039e: POP
039f: SWAP1
03a0: POP
03a1: SWAP1
03a2: DUP2
03a3: ADD
03a4: SWAP1
03a5: PUSH1 1f
03a7: AND
03a8: DUP1
03a9: ISZERO
03aa: PUSH2 03c7
03ad: JUMPI
03ae: DUP1
03af: DUP3
03b0: SUB
03b1: DUP1
03b2: MLOAD
03b3: PUSH1 01
03b5: DUP4
03b6: PUSH1 20
03b8: SUB
03b9: PUSH2 0100
03bc: EXP
03bd: SUB
03be: NOT
03bf: AND
03c0: DUP2
03c1: MSTORE
03c2: PUSH1 20
03c4: ADD
03c5: SWAP2
03c6: POP
03c7: JUMPDEST
03c8: POP
03c9: SWAP3
03ca: POP
03cb: POP
03cc: POP
03cd: PUSH1 40
03cf: MLOAD
03d0: DUP1
03d1: SWAP2
03d2: SUB
03d3: SWAP1
03d4: RETURN
-- range 1060-1465 --
0424: JUMPDEST
0425: PUSH1 01
0427: PUSH1 a0
0429: PUSH1 02
042b: EXP
042c: SUB
042d: DUP4
042e: AND
042f: DUP2
0430: MSTORE
0431: PUSH1 40
0433: DUP2
0434: SHA3
0435: SLOAD
0436: DUP1
0437: DUP4
0438: ADD
0439: LT
043a: ISZERO
043b: PUSH2 0443
043e: JUMPI
043f: PUSH2 0002
0442: JUMP
0443: JUMPDEST
0444: PUSH1 01
0446: PUSH1 a0
0448: PUSH1 02
044a: EXP
044b: SUB
044c: DUP1
044d: DUP6
044e: AND
044f: DUP1
0450: DUP4
0451: MSTORE
0452: PUSH1 04
0454: PUSH1 20
0456: SWAP1
0457: DUP2
0458: MSTORE
0459: PUSH1 40
045b: DUP1
045c: DUP6
045d: SHA3
045e: CALLER
045f: SWAP5
0460: SWAP1
0461: SWAP5
0462: AND
0463: DUP1
0464: DUP7
0465: MSTORE
0466: SWAP4
0467: DUP3
0468: MSTORE
0469: DUP1
046a: DUP6
046b: SHA3
046c: SLOAD
046d: SWAP3
046e: DUP6
046f: MSTORE
0470: PUSH1 05
0472: DUP3
0473: MSTORE
0474: DUP1
0475: DUP6
0476: SHA3
0477: SWAP4
0478: DUP6
0479: MSTORE
047a: SWAP3
047b: SWAP1
047c: MSTORE
047d: SWAP1
047e: DUP3
047f: SHA3
0480: SLOAD
0481: DUP4
0482: ADD
0483: GT
0484: ISZERO
0485: PUSH2 048d
0488: JUMPI
0489: PUSH2 0002
048c: JUMP
048d: JUMPDEST
048e: DUP2
048f: PUSH1 03
0491: PUSH1 00
0493: POP
0494: PUSH1 00
0496: DUP7
0497: PUSH1 01
0499: PUSH1 a0
049b: PUSH1 02
049d: EXP
049e: SUB
049f: AND
04a0: DUP2
04a1: MSTORE
04a2: PUSH1 20
04a4: ADD
04a5: SWAP1
04a6: DUP2
04a7: MSTORE
04a8: PUSH1 20
04aa: ADD
04ab: PUSH1 00
04ad: SHA3
04ae: PUSH1 00
04b0: DUP3
04b1: DUP3
04b2: DUP3
04b3: POP
04b4: SLOAD
04b5: SUB
04b6: SWAP3
04b7: POP
04b8: POP
04b9: DUP2
04ba: SWAP1
04bb: SSTORE
04bc: POP
04bd: DUP2
04be: PUSH1 03
04c0: PUSH1 00
04c2: POP
04c3: PUSH1 00
04c5: DUP6
04c6: PUSH1 01
04c8: PUSH1 a0
04ca: PUSH1 02
04cc: EXP
04cd: SUB
04ce: AND
04cf: DUP2
04d0: MSTORE
04d1: PUSH1 20
04d3: ADD
04d4: SWAP1
04d5: DUP2
04d6: MSTORE
04d7: PUSH1 20
04d9: ADD
04da: PUSH1 00
04dc: SHA3
04dd: PUSH1 00
04df: DUP3
04e0: DUP3
04e1: DUP3
04e2: POP
04e3: SLOAD
04e4: ADD
04e5: SWAP3
04e6: POP
04e7: POP
04e8: DUP2
04e9: SWAP1
04ea: SSTORE
04eb: POP
04ec: DUP2
04ed: PUSH1 05
04ef: PUSH1 00
04f1: POP
04f2: PUSH1 00
04f4: DUP7
04f5: PUSH1 01
04f7: PUSH1 a0
04f9: PUSH1 02
04fb: EXP
04fc: SUB
04fd: AND
04fe: DUP2
04ff: MSTORE
0500: PUSH1 20
0502: ADD
0503: SWAP1
0504: DUP2
0505: MSTORE
0506: PUSH1 20
0508: ADD
0509: PUSH1 00
050b: SHA3
050c: PUSH1 00
050e: POP
050f: PUSH1 00
0511: CALLER
0512: PUSH1 01
0514: PUSH1 a0
0516: PUSH1 02
0518: EXP
0519: SUB
051a: AND
051b: DUP2
051c: MSTORE
051d: PUSH1 20
051f: ADD
0520: SWAP1
0521: DUP2
0522: MSTORE
0523: PUSH1 20
0525: ADD
0526: PUSH1 00
0528: SHA3
0529: PUSH1 00
052b: DUP3
052c: DUP3
052d: DUP3
052e: POP
052f: SLOAD
0530: ADD
0531: SWAP3
0532: POP
0533: POP
0534: DUP2
0535: SWAP1
0536: SSTORE
0537: POP
0538: DUP3
0539: PUSH1 01
053b: PUSH1 a0
053d: PUSH1 02
053f: EXP
0540: SUB
0541: AND
0542: CALLER
0543: PUSH1 01
0545: PUSH1 a0
0547: PUSH1 02
0549: EXP
054a: SUB
054b: AND
054c: PUSH32 ddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
056d: DUP5
056e: PUSH1 40
0570: MLOAD
0571: DUP1
0572: DUP3
0573: DUP2
0574: MSTORE
0575: PUSH1 20
0577: ADD
0578: SWAP2
0579: POP
057a: POP
057b: PUSH1 40
057d: MLOAD
057e: DUP1
057f: SWAP2
0580: SUB
0581: SWAP1
0582: LOG3
0583: SWAP4
0584: SWAP3
0585: POP
0586: POP
0587: POP
0588: JUMP
0589: JUMPDEST
058a: PUSH1 01
058c: PUSH1 a0
058e: PUSH1 02
0590: EXP
0591: SUB
0592: DUP3
0593: AND
0594: PUSH1 00
0596: SWAP1
0597: DUP2
0598: MSTORE
0599: PUSH1 40
059b: SWAP1
059c: SHA3
059d: SLOAD
059e: DUP1
059f: DUP3
05a0: ADD
05a1: LT
05a2: ISZERO
05a3: PUSH2 05ab
05a6: JUMPI
05a7: PUSH2 0002
05aa: JUMP
05ab: JUMPDEST
05ac: DUP1
05ad: PUSH1 03
05af: PUSH1 00
05b1: POP
05b2: PUSH1 00
05b4: CALLER
05b5: PUSH1 01
05b7: PUSH1 a0
05b9: PUSH1 02
exec
/bin/bash -lc "python - <<'PY'
import json
j=json.load(open('BYTECODE_BUNDLE.json'))
code=j['artifact']['runtime_bytecode']['full'][2:]
bs=bytes.fromhex(code)
ops={i:f'PUSH{i-0x5f}' for i in range(0x60,0x80)}
ops.update({i:f'DUP{i-0x7f}' for i in range(0x80,0x90)})
ops.update({i:f'SWAP{i-0x8f}' for i in range(0x90,0xa0)})
ops.update({i:f'LOG{i-0xa0}' for i in range(0xa0,0xa5)})
base={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
ops.update(base)
for start,end in [(1451,1623)]:
print(f'-- range {start}-{end} --')
pc=0
while pc < len(bs):
op=bs[pc]
name=ops.get(op,f'OP_{op:02x}')
n=0
imm=''
if 0x60<=op<=0x7f:
n=op-0x5f
imm=bs[pc+1:pc+1+n].hex()
if start<=pc<=end:
print(f'{pc:04x}: {name} {imm}'.rstrip())
pc += 1+n
PY" in /tmp/codex-i7snd9oi
succeeded in 0ms:
-- range 1451-1623 --
05ab: JUMPDEST
05ac: DUP1
05ad: PUSH1 03
05af: PUSH1 00
05b1: POP
05b2: PUSH1 00
05b4: CALLER
05b5: PUSH1 01
05b7: PUSH1 a0
05b9: PUSH1 02
05bb: EXP
05bc: SUB
05bd: AND
05be: DUP2
05bf: MSTORE
05c0: PUSH1 20
05c2: ADD
05c3: SWAP1
05c4: DUP2
05c5: MSTORE
05c6: PUSH1 20
05c8: ADD
05c9: PUSH1 00
05cb: SHA3
05cc: PUSH1 00
05ce: DUP3
05cf: DUP3
05d0: DUP3
05d1: POP
05d2: SLOAD
05d3: SUB
05d4: SWAP3
05d5: POP
05d6: POP
05d7: DUP2
05d8: SWAP1
05d9: SSTORE
05da: POP
05db: DUP1
05dc: PUSH1 03
05de: PUSH1 00
05e0: POP
05e1: PUSH1 00
05e3: DUP5
05e4: PUSH1 01
05e6: PUSH1 a0
05e8: PUSH1 02
05ea: EXP
05eb: SUB
05ec: AND
05ed: DUP2
05ee: MSTORE
05ef: PUSH1 20
05f1: ADD
05f2: SWAP1
05f3: DUP2
05f4: MSTORE
05f5: PUSH1 20
05f7: ADD
05f8: PUSH1 00
05fa: SHA3
05fb: PUSH1 00
05fd: DUP3
05fe: DUP3
05ff: DUP3
0600: POP
0601: SLOAD
0602: ADD
0603: SWAP3
0604: POP
0605: POP
0606: DUP2
0607: SWAP1
0608: SSTORE
0609: POP
060a: DUP2
060b: PUSH1 01
060d: PUSH1 a0
060f: PUSH1 02
0611: EXP
0612: SUB
0613: AND
0614: CALLER
0615: PUSH1 01
0617: PUSH1 a0
0619: PUSH1 02
061b: EXP
061c: SUB
061d: AND
061e: PUSH32 ddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
063f: DUP4
0640: PUSH1 40
0642: MLOAD
0643: DUP1
0644: DUP3
0645: DUP2
0646: MSTORE
0647: PUSH1 20
0649: ADD
064a: SWAP2
064b: POP
064c: POP
064d: PUSH1 40
064f: MLOAD
0650: DUP1
0651: SWAP2
0652: SUB
0653: SWAP1
0654: LOG3
0655: POP
0656: POP
0657: JUMP
exec
/bin/bash -lc "python - <<'PY'
try:
import sha3
def keccak_hex(data):
return sha3.keccak_256(data).hexdigest()
except Exception:
from Crypto.Hash import keccak
def keccak_hex(data):
k=keccak.new(digest_bits=256); k.update(data); return k.hexdigest()
for s in ['receiveApproval(address,uint256,address,bytes)','onTokenTransfer(address,uint256,bytes)','receiveApproval(address,address,uint256,bytes)','approveAndCall(address,uint256,bytes)']:
print(s, keccak_hex(s.encode())[:8])
PY" in /tmp/codex-i7snd9oi
succeeded in 0ms:
receiveApproval(address,uint256,address,bytes) 8f4ffcb1
onTokenTransfer(address,uint256,bytes) a4c0ed36
receiveApproval(address,address,uint256,bytes) 56826ee6
approveAndCall(address,uint256,bytes) cae9ca51
codex
{"no_findings":false,"summary":"The bytecode appears to implement a legacy ERC20-like token with `approveAndCall(address,uint256,bytes)`, but its allowance accounting is nonstandard: `allowance()` returns an approval ceiling while a separate hidden mapping tracks cumulative spender usage. I did not see proxy/delegatecall sinks or obvious privileged upgrade paths in the provided bytecode bundle.","findings":[{"severity":"medium","category":"math","title":"Nonstandard cumulative allowance accounting breaks ERC20 allowance semantics","exploit_scenario":"A spender is approved and uses part of that approval via `transferFrom`. The owner or an integration later reads `allowance(owner, spender)` and sees the original approved amount, even though the true remaining spendable amount is lower because a second mapping tracks cumulative usage. If the owner tries to refresh approval to a smaller or equal amount, the spender may become permanently unable to spend again unless the owner raises the ceiling above all historical usage. Integrations that assume standard ERC20 remaining-allowance semantics can mis-handle approvals, fail unexpectedly, or present incorrect risk to users.","recommendation":"Use standard ERC20 accounting: store the remaining allowance in a single mapping, decrement that mapping on `transferFrom`, and have `allowance()` return the current remaining amount. If a separate cumulative-spent metric is needed, expose it as auxiliary state but do not use it as the authoritative allowance check. If this behavior is intentional, document it explicitly because many ERC20 integrations will assume standard semantics.","evidence":"Best-effort bytecode inference shows `allowance(address,address)` (`selector:0xdd62ed3e`) loading and returning a nested mapping rooted at slot `0x04` (`pc:0x0341`-`0x035e`). `transferFrom(address,address,uint256)` (`selector:0x23b872dd`) loads that slot-4 value, then separately loads another nested mapping rooted at slot `0x05` and enforces `slot5 + amount <= slot4` (`pc:0x045d`-`0x0484`). It later increments slot 5 instead of decrementing slot 4 (`pc:0x050f`-`0x0536`). `approveAndCall(address,uint256,bytes)` (`selector:0xcae9ca51`) writes the slot-4 mapping (`pc:0x0205`-`0x024b`) but does not reset slot 5, so approvals behave like lifetime ceilings rather than standard remaining allowances. The exact name of `selector:0xdc3080f2` is uncertain, but its getter shape matches the secondary slot-5 mapping.","locations":["selector:0xdd62ed3e","selector:0x23b872dd","selector:0xcae9ca51","selector:0xdc3080f2","pc:0x345","pc:0x45d","pc:0x50f","pc:0x205"]}]}
tokens used
67,560
{
"codex": {
"ran_at": "2026-04-05T07:25:56.660813+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3250,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "The bytecode appears to implement a legacy ERC20-like token with `approveAndCall(address,uint256,bytes)`, but its allowance accounting is nonstandard: `allowance()` returns an approval ceiling while a separate hidden mapping tracks cumulative spender usage. I did not see proxy/delegatecall sinks or obvious privileged upgrade paths in the provided bytecode bundle.",
"raw_final": {
"summary": "The bytecode appears to implement a legacy ERC20-like token with `approveAndCall(address,uint256,bytes)`, but its allowance accounting is nonstandard: `allowance()` returns an approval ceiling while a separate hidden mapping tracks cumulative spender usage. I did not see proxy/delegatecall sinks or obvious privileged upgrade paths in the provided bytecode bundle.",
"findings": [
{
"title": "Nonstandard cumulative allowance accounting breaks ERC20 allowance semantics",
"category": "math",
"evidence": "Best-effort bytecode inference shows `allowance(address,address)` (`selector:0xdd62ed3e`) loading and returning a nested mapping rooted at slot `0x04` (`pc:0x0341`-`0x035e`). `transferFrom(address,address,uint256)` (`selector:0x23b872dd`) loads that slot-4 value, then separately loads another nested mapping rooted at slot `0x05` and enforces `slot5 + amount <= slot4` (`pc:0x045d`-`0x0484`). It later increments slot 5 instead of decrementing slot 4 (`pc:0x050f`-`0x0536`). `approveAndCall(address,uint256,bytes)` (`selector:0xcae9ca51`) writes the slot-4 mapping (`pc:0x0205`-`0x024b`) but does not reset slot 5, so approvals behave like lifetime ceilings rather than standard remaining allowances. The exact name of `selector:0xdc3080f2` is uncertain, but its getter shape matches the secondary slot-5 mapping.",
"severity": "medium",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"selector:0xdc3080f2",
"pc:0x345",
"pc:0x45d",
"pc:0x50f",
"pc:0x205"
],
"recommendation": "Use standard ERC20 accounting: store the remaining allowance in a single mapping, decrement that mapping on `transferFrom`, and have `allowance()` return the current remaining amount. If a separate cumulative-spent metric is needed, expose it as auxiliary state but do not use it as the authoritative allowance check. If this behavior is intentional, document it explicitly because many ERC20 integrations will assume standard semantics.",
"exploit_scenario": "A spender is approved and uses part of that approval via `transferFrom`. The owner or an integration later reads `allowance(owner, spender)` and sees the original approved amount, even though the true remaining spendable amount is lower because a second mapping tracks cumulative usage. If the owner tries to refresh approval to a smaller or equal amount, the spender may become permanently unable to spend again unless the owner raises the ceiling above all historical usage. Integrations that assume standard ERC20 remaining-allowance semantics can mis-handle approvals, fail unexpectedly, or present incorrect risk to users."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0077 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x007f 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x23b872dd 00000025: EQ 00000026: PUSH2 0x00dc 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x010e 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x70a08231 0000003b: EQ 0000003c: PUSH2 0x011a 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x95d89b41 00000046: EQ 00000047: PUSH2 0x0132 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0xa9059cbb 00000051: EQ 00000052: PUSH2 0x018e 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xcae9ca51 0000005c: EQ 0000005d: PUSH2 0x01bd 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xdc3080f2 00000067: EQ 00000068: PUSH2 0x031c 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xdd62ed3e 00000072: EQ 00000073: PUSH2 0x0341 00000076: JUMPI 00000077: JUMPDEST 00000078: PUSH2 0x0365 0000007b: PUSH2 0x0002 0000007e: JUMP 0000007f: JUMPDEST 00000080: PUSH2 0x0367 00000083: PUSH1 0x00 00000085: DUP1 00000086: SLOAD 00000087: PUSH1 0x20 00000089: PUSH1 0x02 0000008b: PUSH1 0x01 0000008d: DUP4 0000008e: AND 0000008f: ISZERO 00000090: PUSH2 0x0100 00000093: MUL 00000094: PUSH1 0x00 00000096: NOT 00000097: ADD 00000098: SWAP1 00000099: SWAP3 0000009a: AND 0000009b: SWAP2 0000009c: SWAP1 0000009d: SWAP2 0000009e: DIV 0000009f: PUSH1 0x1f 000000a1: DUP2 000000a2: ADD 000000a3: DUP3 000000a4: SWAP1 000000a5: DIV 000000a6: SWAP1 000000a7: SWAP2 000000a8: MUL 000000a9: PUSH1 0x80 000000ab: SWAP1 000000ac: DUP2 000000ad: ADD 000000ae: PUSH1 0x40 000000b0: MSTORE 000000b1: PUSH1 0x60 000000b3: DUP3 000000b4: DUP2 000000b5: MSTORE 000000b6: SWAP3 000000b7: SWAP2 000000b8: SWAP1 000000b9: DUP3 000000ba: DUP3 000000bb: DUP1 000000bc: ISZERO 000000bd: PUSH2 0x041c 000000c0: JUMPI 000000c1: DUP1 000000c2: PUSH1 0x1f 000000c4: LT 000000c5: PUSH2 0x03f1 000000c8: JUMPI 000000c9: PUSH2 0x0100 000000cc: DUP1 000000cd: DUP4 000000ce: SLOAD 000000cf: DIV 000000d0: MUL 000000d1: DUP4 000000d2: MSTORE 000000d3: SWAP2 000000d4: PUSH1 0x20 000000d6: ADD 000000d7: SWAP2 000000d8: PUSH2 0x041c 000000db: JUMP 000000dc: JUMPDEST 000000dd: PUSH2 0x03d5 000000e0: PUSH1 0x04 000000e2: CALLDATALOAD 000000e3: PUSH1 0x24 000000e5: CALLDATALOAD 000000e6: PUSH1 0x44 000000e8: CALLDATALOAD 000000e9: PUSH1 0x01 000000eb: PUSH1 0xa0 000000ed: PUSH1 0x02 000000ef: EXP 000000f0: SUB 000000f1: DUP4 000000f2: AND 000000f3: PUSH1 0x00 000000f5: SWAP1 000000f6: DUP2 000000f7: MSTORE 000000f8: PUSH1 0x03 000000fa: PUSH1 0x20 000000fc: MSTORE 000000fd: PUSH1 0x40 000000ff: DUP2 00000100: KECCAK256 00000101: SLOAD 00000102: DUP3 00000103: SWAP1 00000104: LT 00000105: ISZERO 00000106: PUSH2 0x0424 00000109: JUMPI 0000010a: PUSH2 0x0002 0000010d: JUMP 0000010e: JUMPDEST 0000010f: PUSH2 0x03e7 00000112: PUSH1 0x02 00000114: SLOAD 00000115: PUSH1 0xff 00000117: AND 00000118: DUP2 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH2 0x03d5 0000011e: PUSH1 0x04 00000120: CALLDATALOAD 00000121: PUSH1 0x03 00000123: PUSH1 0x20 00000125: MSTORE 00000126: PUSH1 0x00 00000128: SWAP1 00000129: DUP2 0000012a: MSTORE 0000012b: PUSH1 0x40 0000012d: SWAP1 0000012e: KECCAK256 0000012f: SLOAD 00000130: DUP2 00000131: JUMP 00000132: JUMPDEST 00000133: PUSH2 0x0367 00000136: PUSH1 0x01 00000138: DUP1 00000139: SLOAD 0000013a: PUSH1 0x20 0000013c: PUSH1 0x02 0000013e: DUP3 0000013f: DUP5 00000140: AND 00000141: ISZERO 00000142: PUSH2 0x0100 00000145: MUL 00000146: PUSH1 0x00 00000148: NOT 00000149: ADD 0000014a: SWAP1 0000014b: SWAP3 0000014c: AND 0000014d: SWAP2 0000014e: SWAP1 0000014f: SWAP2 00000150: DIV 00000151: PUSH1 0x1f 00000153: DUP2 00000154: ADD 00000155: DUP3 00000156: SWAP1 00000157: DIV 00000158: SWAP1 00000159: SWAP2 0000015a: MUL 0000015b: PUSH1 0x80 0000015d: SWAP1 0000015e: DUP2 0000015f: ADD 00000160: PUSH1 0x40 00000162: MSTORE 00000163: PUSH1 0x60 00000165: DUP3 00000166: DUP2 00000167: MSTORE 00000168: SWAP3 00000169: SWAP2 0000016a: SWAP1 0000016b: DUP3 0000016c: DUP3 0000016d: DUP1 0000016e: ISZERO 0000016f: PUSH2 0x041c 00000172: JUMPI 00000173: DUP1 00000174: PUSH1 0x1f 00000176: LT 00000177: PUSH2 0x03f1 0000017a: JUMPI 0000017b: PUSH2 0x0100 0000017e: DUP1 0000017f: DUP4 00000180: SLOAD 00000181: DIV 00000182: MUL 00000183: DUP4 00000184: MSTORE 00000185: SWAP2 00000186: PUSH1 0x20 00000188: ADD 00000189: SWAP2 0000018a: PUSH2 0x041c 0000018d: JUMP 0000018e: JUMPDEST 0000018f: PUSH2 0x0365 00000192: PUSH1 0x04 00000194: CALLDATALOAD 00000195: PUSH1 0x24 00000197: CALLDATALOAD 00000198: PUSH1 0x01 0000019a: PUSH1 0xa0 0000019c: PUSH1 0x02 0000019e: EXP 0000019f: SUB 000001a0: CALLER 000001a1: AND 000001a2: PUSH1 0x00 000001a4: SWAP1 000001a5: DUP2 000001a6: MSTORE 000001a7: PUSH1 0x03 000001a9: PUSH1 0x20 000001ab: MSTORE 000001ac: PUSH1 0x40 000001ae: SWAP1 000001af: KECCAK256 000001b0: SLOAD 000001b1: DUP2 000001b2: SWAP1 000001b3: LT 000001b4: ISZERO 000001b5: PUSH2 0x0589 000001b8: JUMPI 000001b9: PUSH2 0x0002 000001bc: JUMP 000001bd: JUMPDEST 000001be: PUSH1 0x80 000001c0: PUSH1 0x20 000001c2: PUSH1 0x44 000001c4: CALLDATALOAD 000001c5: PUSH1 0x04 000001c7: DUP2 000001c8: DUP2 000001c9: ADD 000001ca: CALLDATALOAD 000001cb: PUSH1 0x1f 000001cd: DUP2 000001ce: ADD 000001cf: DUP5 000001d0: SWAP1 000001d1: DIV 000001d2: SWAP1 000001d3: SWAP4 000001d4: MUL 000001d5: DUP5 000001d6: ADD 000001d7: PUSH1 0x40 000001d9: MSTORE 000001da: PUSH1 0x60 000001dc: DUP4 000001dd: DUP2 000001de: MSTORE 000001df: PUSH2 0x03d5 000001e2: SWAP5 000001e3: DUP3 000001e4: CALLDATALOAD 000001e5: SWAP5 000001e6: PUSH1 0x24 000001e8: DUP1 000001e9: CALLDATALOAD 000001ea: SWAP6 000001eb: PUSH1 0x64 000001ed: SWAP5 000001ee: SWAP4 000001ef: SWAP2 000001f0: ADD 000001f1: SWAP2 000001f2: SWAP1 000001f3: DUP2 000001f4: SWAP1 000001f5: DUP4 000001f6: DUP3 000001f7: DUP1 000001f8: DUP3 000001f9: DUP5 000001fa: CALLDATACOPY 000001fb: POP 000001fc: SWAP5 000001fd: SWAP7 000001fe: POP 000001ff: POP 00000200: POP 00000201: POP 00000202: POP 00000203: POP 00000204: POP 00000205: PUSH1 0x00 00000207: PUSH1 0x00 00000209: DUP4 0000020a: PUSH1 0x04 0000020c: PUSH1 0x00 0000020e: POP 0000020f: PUSH1 0x00 00000211: CALLER 00000212: PUSH1 0x01 00000214: PUSH1 0xa0 00000216: PUSH1 0x02 00000218: EXP 00000219: SUB 0000021a: AND 0000021b: DUP2 0000021c: MSTORE 0000021d: PUSH1 0x20 0000021f: ADD 00000220: SWAP1 00000221: DUP2 00000222: MSTORE 00000223: PUSH1 0x20 00000225: ADD 00000226: PUSH1 0x00 00000228: KECCAK256 00000229: PUSH1 0x00 0000022b: POP 0000022c: PUSH1 0x00 0000022e: DUP8 0000022f: PUSH1 0x01 00000231: PUSH1 0xa0 00000233: PUSH1 0x02 00000235: EXP 00000236: SUB 00000237: AND 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP1 0000023e: DUP2 0000023f: MSTORE 00000240: PUSH1 0x20 00000242: ADD 00000243: PUSH1 0x00 00000245: KECCAK256 00000246: PUSH1 0x00 00000248: POP 00000249: DUP2 0000024a: SWAP1 0000024b: SSTORE 0000024c: POP 0000024d: DUP5 0000024e: SWAP1 0000024f: POP 00000250: DUP1 00000251: PUSH1 0x01 00000253: PUSH1 0xa0 00000255: PUSH1 0x02 00000257: EXP 00000258: SUB 00000259: AND 0000025a: PUSH4 0x8f4ffcb1 0000025f: CALLER 00000260: DUP7 00000261: ADDRESS 00000262: DUP8 00000263: PUSH1 0x40 00000265: MLOAD 00000266: DUP6 00000267: PUSH1 0xe0 00000269: PUSH1 0x02 0000026b: EXP 0000026c: MUL 0000026d: DUP2 0000026e: MSTORE 0000026f: PUSH1 0x04 00000271: ADD 00000272: DUP1 00000273: DUP6 00000274: PUSH1 0x01 00000276: PUSH1 0xa0 00000278: PUSH1 0x02 0000027a: EXP 0000027b: SUB 0000027c: AND 0000027d: DUP2 0000027e: MSTORE 0000027f: PUSH1 0x20 00000281: ADD 00000282: DUP5 00000283: DUP2 00000284: MSTORE 00000285: PUSH1 0x20 00000287: ADD 00000288: DUP4 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: DUP2 00000293: MSTORE 00000294: PUSH1 0x20 00000296: ADD 00000297: DUP1 00000298: PUSH1 0x20 0000029a: ADD 0000029b: DUP3 0000029c: DUP2 0000029d: SUB 0000029e: DUP3 0000029f: MSTORE 000002a0: DUP4 000002a1: DUP2 000002a2: DUP2 000002a3: MLOAD 000002a4: DUP2 000002a5: MSTORE 000002a6: PUSH1 0x20 000002a8: ADD 000002a9: SWAP2 000002aa: POP 000002ab: DUP1 000002ac: MLOAD 000002ad: SWAP1 000002ae: PUSH1 0x20 000002b0: ADD 000002b1: SWAP1 000002b2: DUP1 000002b3: DUP4 000002b4: DUP4 000002b5: DUP3 000002b6: SWAP1 000002b7: PUSH1 0x00 000002b9: PUSH1 0x04 000002bb: PUSH1 0x20 000002bd: DUP5 000002be: PUSH1 0x1f 000002c0: ADD 000002c1: DIV 000002c2: PUSH1 0x0f 000002c4: MUL 000002c5: PUSH1 0x03 000002c7: ADD 000002c8: CALL 000002c9: POP 000002ca: SWAP1 000002cb: POP 000002cc: SWAP1 000002cd: DUP2 000002ce: ADD 000002cf: SWAP1 000002d0: PUSH1 0x1f 000002d2: AND 000002d3: DUP1 000002d4: ISZERO 000002d5: PUSH2 0x02f2 000002d8: JUMPI 000002d9: DUP1 000002da: DUP3 000002db: SUB 000002dc: DUP1 000002dd: MLOAD 000002de: PUSH1 0x01 000002e0: DUP4 000002e1: PUSH1 0x20 000002e3: SUB 000002e4: PUSH2 0x0100 000002e7: EXP 000002e8: SUB 000002e9: NOT 000002ea: AND 000002eb: DUP2 000002ec: MSTORE 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: SWAP2 000002f1: POP 000002f2: JUMPDEST 000002f3: POP 000002f4: SWAP6 000002f5: POP 000002f6: POP 000002f7: POP 000002f8: POP 000002f9: POP 000002fa: POP 000002fb: PUSH1 0x00 000002fd: PUSH1 0x40 000002ff: MLOAD 00000300: DUP1 00000301: DUP4 00000302: SUB 00000303: DUP2 00000304: PUSH1 0x00 00000306: DUP8 00000307: PUSH2 0x61da 0000030a: GAS 0000030b: SUB 0000030c: CALL 0000030d: ISZERO 0000030e: PUSH2 0x0002 00000311: JUMPI 00000312: POP 00000313: POP 00000314: POP 00000315: POP 00000316: SWAP4 00000317: SWAP3 00000318: POP 00000319: POP 0000031a: POP 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH1 0x05 0000031f: PUSH1 0x20 00000321: SWAP1 00000322: DUP2 00000323: MSTORE 00000324: PUSH1 0x04 00000326: CALLDATALOAD 00000327: PUSH1 0x00 00000329: SWAP1 0000032a: DUP2 0000032b: MSTORE 0000032c: PUSH1 0x40 0000032e: DUP1 0000032f: DUP3 00000330: KECCAK256 00000331: SWAP1 00000332: SWAP3 00000333: MSTORE 00000334: PUSH1 0x24 00000336: CALLDATALOAD 00000337: DUP2 00000338: MSTORE 00000339: KECCAK256 0000033a: SLOAD 0000033b: PUSH2 0x03d5 0000033e: SWAP1 0000033f: DUP2 00000340: JUMP 00000341: JUMPDEST 00000342: PUSH1 0x04 00000344: PUSH1 0x20 00000346: DUP2 00000347: DUP2 00000348: MSTORE 00000349: SWAP1 0000034a: CALLDATALOAD 0000034b: PUSH1 0x00 0000034d: SWAP1 0000034e: DUP2 0000034f: MSTORE 00000350: PUSH1 0x40 00000352: DUP1 00000353: DUP3 00000354: KECCAK256 00000355: SWAP1 00000356: SWAP3 00000357: MSTORE 00000358: PUSH1 0x24 0000035a: CALLDATALOAD 0000035b: DUP2 0000035c: MSTORE 0000035d: KECCAK256 0000035e: SLOAD 0000035f: PUSH2 0x03d5 00000362: SWAP1 00000363: DUP2 00000364: JUMP 00000365: JUMPDEST 00000366: STOP 00000367: JUMPDEST 00000368: PUSH1 0x40 0000036a: MLOAD 0000036b: DUP1 0000036c: DUP1 0000036d: PUSH1 0x20 0000036f: ADD 00000370: DUP3 00000371: DUP2 00000372: SUB 00000373: DUP3 00000374: MSTORE 00000375: DUP4 00000376: DUP2 00000377: DUP2 00000378: MLOAD 00000379: DUP2 0000037a: MSTORE 0000037b: PUSH1 0x20 0000037d: ADD 0000037e: SWAP2 0000037f: POP 00000380: DUP1 00000381: MLOAD 00000382: SWAP1 00000383: PUSH1 0x20 00000385: ADD 00000386: SWAP1 00000387: DUP1 00000388: DUP4 00000389: DUP4 0000038a: DUP3 0000038b: SWAP1 0000038c: PUSH1 0x00 0000038e: PUSH1 0x04 00000390: PUSH1 0x20 00000392: DUP5 00000393: PUSH1 0x1f 00000395: ADD 00000396: DIV 00000397: PUSH1 0x0f 00000399: MUL 0000039a: PUSH1 0x03 0000039c: ADD 0000039d: CALL 0000039e: POP 0000039f: SWAP1 000003a0: POP 000003a1: SWAP1 000003a2: DUP2 000003a3: ADD 000003a4: SWAP1 000003a5: PUSH1 0x1f 000003a7: AND 000003a8: DUP1 000003a9: ISZERO 000003aa: PUSH2 0x03c7 000003ad: JUMPI 000003ae: DUP1 000003af: DUP3 000003b0: SUB 000003b1: DUP1 000003b2: MLOAD 000003b3: PUSH1 0x01 000003b5: DUP4 000003b6: PUSH1 0x20 000003b8: SUB 000003b9: PUSH2 0x0100 000003bc: EXP 000003bd: SUB 000003be: NOT 000003bf: AND 000003c0: DUP2 000003c1: MSTORE 000003c2: PUSH1 0x20 000003c4: ADD 000003c5: SWAP2 000003c6: POP 000003c7: JUMPDEST 000003c8: POP 000003c9: SWAP3 000003ca: POP 000003cb: POP 000003cc: POP 000003cd: PUSH1 0x40 000003cf: MLOAD 000003d0: DUP1 000003d1: SWAP2 000003d2: SUB 000003d3: SWAP1 000003d4: RETURN 000003d5: JUMPDEST 000003d6: PUSH1 0x40 000003d8: DUP1 000003d9: MLOAD 000003da: SWAP2 000003db: DUP3 000003dc: MSTORE 000003dd: MLOAD 000003de: SWAP1 000003df: DUP2 000003e0: SWAP1 000003e1: SUB 000003e2: PUSH1 0x20 000003e4: ADD 000003e5: SWAP1 000003e6: RETURN 000003e7: JUMPDEST 000003e8: PUSH1 0x60 000003ea: SWAP1 000003eb: DUP2 000003ec: MSTORE 000003ed: PUSH1 0x20 000003ef: SWAP1 000003f0: RETURN 000003f1: JUMPDEST 000003f2: DUP3 000003f3: ADD 000003f4: SWAP2 000003f5: SWAP1 000003f6: PUSH1 0x00 000003f8: MSTORE 000003f9: PUSH1 0x20 000003fb: PUSH1 0x00 000003fd: KECCAK256 000003fe: SWAP1 000003ff: JUMPDEST 00000400: DUP2 00000401: SLOAD 00000402: DUP2 00000403: MSTORE 00000404: SWAP1 00000405: PUSH1 0x01 00000407: ADD 00000408: SWAP1 00000409: PUSH1 0x20 0000040b: ADD 0000040c: DUP1 0000040d: DUP4 0000040e: GT 0000040f: PUSH2 0x03ff 00000412: JUMPI 00000413: DUP3 00000414: SWAP1 00000415: SUB 00000416: PUSH1 0x1f 00000418: AND 00000419: DUP3 0000041a: ADD 0000041b: SWAP2 0000041c: JUMPDEST 0000041d: POP 0000041e: POP 0000041f: POP 00000420: POP 00000421: POP 00000422: DUP2 00000423: JUMP 00000424: JUMPDEST 00000425: PUSH1 0x01 00000427: PUSH1 0xa0 00000429: PUSH1 0x02 0000042b: EXP 0000042c: SUB 0000042d: DUP4 0000042e: AND 0000042f: DUP2 00000430: MSTORE 00000431: PUSH1 0x40 00000433: DUP2 00000434: KECCAK256 00000435: SLOAD 00000436: DUP1 00000437: DUP4 00000438: ADD 00000439: LT 0000043a: ISZERO 0000043b: PUSH2 0x0443 0000043e: JUMPI 0000043f: PUSH2 0x0002 00000442: JUMP 00000443: JUMPDEST 00000444: PUSH1 0x01 00000446: PUSH1 0xa0 00000448: PUSH1 0x02 0000044a: EXP 0000044b: SUB 0000044c: DUP1 0000044d: DUP6 0000044e: AND 0000044f: DUP1 00000450: DUP4 00000451: MSTORE 00000452: PUSH1 0x04 00000454: PUSH1 0x20 00000456: SWAP1 00000457: DUP2 00000458: MSTORE 00000459: PUSH1 0x40 0000045b: DUP1 0000045c: DUP6 0000045d: KECCAK256 0000045e: CALLER 0000045f: SWAP5 00000460: SWAP1 00000461: SWAP5 00000462: AND 00000463: DUP1 00000464: DUP7 00000465: MSTORE 00000466: SWAP4 00000467: DUP3 00000468: MSTORE 00000469: DUP1 0000046a: DUP6 0000046b: KECCAK256 0000046c: SLOAD 0000046d: SWAP3 0000046e: DUP6 0000046f: MSTORE 00000470: PUSH1 0x05 00000472: DUP3 00000473: MSTORE 00000474: DUP1 00000475: DUP6 00000476: KECCAK256 00000477: SWAP4 00000478: DUP6 00000479: MSTORE 0000047a: SWAP3 0000047b: SWAP1 0000047c: MSTORE 0000047d: SWAP1 0000047e: DUP3 0000047f: KECCAK256 00000480: SLOAD 00000481: DUP4 00000482: ADD 00000483: GT 00000484: ISZERO 00000485: PUSH2 0x048d 00000488: JUMPI 00000489: PUSH2 0x0002 0000048c: JUMP 0000048d: JUMPDEST 0000048e: DUP2 0000048f: PUSH1 0x03 00000491: PUSH1 0x00 00000493: POP 00000494: PUSH1 0x00 00000496: DUP7 00000497: PUSH1 0x01 00000499: PUSH1 0xa0 0000049b: PUSH1 0x02 0000049d: EXP 0000049e: SUB 0000049f: AND 000004a0: DUP2 000004a1: MSTORE 000004a2: PUSH1 0x20 000004a4: ADD 000004a5: SWAP1 000004a6: DUP2 000004a7: MSTORE 000004a8: PUSH1 0x20 000004aa: ADD 000004ab: PUSH1 0x00 000004ad: KECCAK256 000004ae: PUSH1 0x00 000004b0: DUP3 000004b1: DUP3 000004b2: DUP3 000004b3: POP 000004b4: SLOAD 000004b5: SUB 000004b6: SWAP3 000004b7: POP 000004b8: POP 000004b9: DUP2 000004ba: SWAP1 000004bb: SSTORE 000004bc: POP 000004bd: DUP2 000004be: PUSH1 0x03 000004c0: PUSH1 0x00 000004c2: POP 000004c3: PUSH1 0x00 000004c5: DUP6 000004c6: PUSH1 0x01 000004c8: PUSH1 0xa0 000004ca: PUSH1 0x02 000004cc: EXP 000004cd: SUB 000004ce: AND 000004cf: DUP2 000004d0: MSTORE 000004d1: PUSH1 0x20 000004d3: ADD 000004d4: SWAP1 000004d5: DUP2 000004d6: MSTORE 000004d7: PUSH1 0x20 000004d9: ADD 000004da: PUSH1 0x00 000004dc: KECCAK256 000004dd: PUSH1 0x00 000004df: DUP3 000004e0: DUP3 000004e1: DUP3 000004e2: POP 000004e3: SLOAD 000004e4: ADD 000004e5: SWAP3 000004e6: POP 000004e7: POP 000004e8: DUP2 000004e9: SWAP1 000004ea: SSTORE 000004eb: POP 000004ec: DUP2 000004ed: PUSH1 0x05 000004ef: PUSH1 0x00 000004f1: POP 000004f2: PUSH1 0x00 000004f4: DUP7 000004f5: PUSH1 0x01 000004f7: PUSH1 0xa0 000004f9: PUSH1 0x02 000004fb: EXP 000004fc: SUB 000004fd: AND 000004fe: DUP2 000004ff: MSTORE 00000500: PUSH1 0x20 00000502: ADD 00000503: SWAP1 00000504: DUP2 00000505: MSTORE 00000506: PUSH1 0x20 00000508: ADD 00000509: PUSH1 0x00 0000050b: KECCAK256 0000050c: PUSH1 0x00 0000050e: POP 0000050f: PUSH1 0x00 00000511: CALLER 00000512: PUSH1 0x01 00000514: PUSH1 0xa0 00000516: PUSH1 0x02 00000518: EXP 00000519: SUB 0000051a: AND 0000051b: DUP2 0000051c: MSTORE 0000051d: PUSH1 0x20 0000051f: ADD 00000520: SWAP1 00000521: DUP2 00000522: MSTORE 00000523: PUSH1 0x20 00000525: ADD 00000526: PUSH1 0x00 00000528: KECCAK256 00000529: PUSH1 0x00 0000052b: DUP3 0000052c: DUP3 0000052d: DUP3 0000052e: POP 0000052f: SLOAD 00000530: ADD 00000531: SWAP3 00000532: POP 00000533: POP 00000534: DUP2 00000535: SWAP1 00000536: SSTORE 00000537: POP 00000538: DUP3 00000539: PUSH1 0x01 0000053b: PUSH1 0xa0 0000053d: PUSH1 0x02 0000053f: EXP 00000540: SUB 00000541: AND 00000542: CALLER 00000543: PUSH1 0x01 00000545: PUSH1 0xa0 00000547: PUSH1 0x02 00000549: EXP 0000054a: SUB 0000054b: AND 0000054c: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000056d: DUP5 0000056e: PUSH1 0x40 00000570: MLOAD 00000571: DUP1 00000572: DUP3 00000573: DUP2 00000574: MSTORE 00000575: PUSH1 0x20 00000577: ADD 00000578: SWAP2 00000579: POP 0000057a: POP 0000057b: PUSH1 0x40 0000057d: MLOAD 0000057e: DUP1 0000057f: SWAP2 00000580: SUB 00000581: SWAP1 00000582: LOG3 00000583: SWAP4 00000584: SWAP3 00000585: POP 00000586: POP 00000587: POP 00000588: JUMP 00000589: JUMPDEST 0000058a: PUSH1 0x01 0000058c: PUSH1 0xa0 0000058e: PUSH1 0x02 00000590: EXP 00000591: SUB 00000592: DUP3 00000593: AND 00000594: PUSH1 0x00 00000596: SWAP1 00000597: DUP2 00000598: MSTORE 00000599: PUSH1 0x40 0000059b: SWAP1 0000059c: KECCAK256 0000059d: SLOAD 0000059e: DUP1 0000059f: DUP3 000005a0: ADD 000005a1: LT 000005a2: ISZERO 000005a3: PUSH2 0x05ab 000005a6: JUMPI 000005a7: PUSH2 0x0002 000005aa: JUMP 000005ab: JUMPDEST 000005ac: DUP1 000005ad: PUSH1 0x03 000005af: PUSH1 0x00 000005b1: POP 000005b2: PUSH1 0x00 000005b4: CALLER 000005b5: PUSH1 0x01 000005b7: PUSH1 0xa0 000005b9: PUSH1 0x02 000005bb: EXP 000005bc: SUB 000005bd: AND 000005be: DUP2 000005bf: MSTORE 000005c0: PUSH1 0x20 000005c2: ADD 000005c3: SWAP1 000005c4: DUP2 000005c5: MSTORE 000005c6: PUSH1 0x20 000005c8: ADD 000005c9: PUSH1 0x00 000005cb: KECCAK256 000005cc: PUSH1 0x00 000005ce: DUP3 000005cf: DUP3 000005d0: DUP3 000005d1: POP 000005d2: SLOAD 000005d3: SUB 000005d4: SWAP3 000005d5: POP 000005d6: POP 000005d7: DUP2 000005d8: SWAP1 000005d9: SSTORE 000005da: POP 000005db: DUP1 000005dc: PUSH1 0x03 000005de: PUSH1 0x00 000005e0: POP 000005e1: PUSH1 0x00 000005e3: DUP5 000005e4: PUSH1 0x01 000005e6: PUSH1 0xa0 000005e8: PUSH1 0x02 000005ea: EXP 000005eb: SUB 000005ec: AND 000005ed: DUP2 000005ee: MSTORE 000005ef: PUSH1 0x20 000005f1: ADD 000005f2: SWAP1 000005f3: DUP2 000005f4: MSTORE 000005f5: PUSH1 0x20 000005f7: ADD 000005f8: PUSH1 0x00 000005fa: KECCAK256 000005fb: PUSH1 0x00 000005fd: DUP3 000005fe: DUP3 000005ff: DUP3 00000600: POP 00000601: SLOAD 00000602: ADD 00000603: SWAP3 00000604: POP 00000605: POP 00000606: DUP2 00000607: SWAP1 00000608: SSTORE 00000609: POP 0000060a: DUP2 0000060b: PUSH1 0x01 0000060d: PUSH1 0xa0 0000060f: PUSH1 0x02 00000611: EXP 00000612: SUB 00000613: AND 00000614: CALLER 00000615: PUSH1 0x01 00000617: PUSH1 0xa0 00000619: PUSH1 0x02 0000061b: EXP 0000061c: SUB 0000061d: AND 0000061e: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000063f: DUP4 00000640: PUSH1 0x40 00000642: MLOAD 00000643: DUP1 00000644: DUP3 00000645: DUP2 00000646: MSTORE 00000647: PUSH1 0x20 00000649: ADD 0000064a: SWAP2 0000064b: POP 0000064c: POP 0000064d: PUSH1 0x40 0000064f: MLOAD 00000650: DUP1 00000651: SWAP2 00000652: SUB 00000653: SWAP1 00000654: LOG3 00000655: POP 00000656: POP 00000657: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x8355130070c832b96b6669035097df508e9b7a61c373a818ff507738e0476010
call_targets:
0x0000000000000000000000000000000000000004, 0x1ba24206d11b5e82886d57491597f04120d14826
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x8355130070c832b96b6669035097df508e9b7a61c373a818ff507738e0476010",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x1ba24206d11b5e82886d57491597f04120d14826"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x8355130070c832b96b6669035097df508e9b7a61c373a818ff507738e0476010
call_targets:
0x0000000000000000000000000000000000000004, 0x1ba24206d11b5e82886d57491597f04120d14826
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x8355130070c832b96b6669035097df508e9b7a61c373a818ff507738e0476010",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x1ba24206d11b5e82886d57491597f04120d14826"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcae9ca51",
"selector": "0xcae9ca51",
"calldata_variants": [
"0xcae9ca51",
"0xcae9ca510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdc3080f2",
"selector": "0xdc3080f2",
"calldata_variants": [
"0xdc3080f2",
"0xdc3080f20000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 712,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 780,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 925,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | math | codex | Nonstandard cumulative allowance accounting breaks ERC20 allowance semantics | 75 | no | — |
viewevidence_json{
"evidence": "Best-effort bytecode inference shows `allowance(address,address)` (`selector:0xdd62ed3e`) loading and returning a nested mapping rooted at slot `0x04` (`pc:0x0341`-`0x035e`). `transferFrom(address,address,uint256)` (`selector:0x23b872dd`) loads that slot-4 value, then separately loads another nested mapping rooted at slot `0x05` and enforces `slot5 + amount <= slot4` (`pc:0x045d`-`0x0484`). It later increments slot 5 instead of decrementing slot 4 (`pc:0x050f`-`0x0536`). `approveAndCall(address,uint256,bytes)` (`selector:0xcae9ca51`) writes the slot-4 mapping (`pc:0x0205`-`0x024b`) but does not reset slot 5, so approvals behave like lifetime ceilings rather than standard remaining allowances. The exact name of `selector:0xdc3080f2` is uncertain, but its getter shape matches the secondary slot-5 mapping.",
"locations": [
"selector:0xdd62ed3e",
"selector:0x23b872dd",
"selector:0xcae9ca51",
"selector:0xdc3080f2",
"pc:0x345",
"pc:0x45d",
"pc:0x50f",
"pc:0x205"
],
"recommendation": "Use standard ERC20 accounting: store the remaining allowance in a single mapping, decrement that mapping on `transferFrom`, and have `allowance()` return the current remaining amount. If a separate cumulative-spent metric is needed, expose it as auxiliary state but do not use it as the authoritative allowance check. If this behavior is intentional, document it explicitly because many ERC20 integrations will assume standard semantics.",
"exploit_scenario": "A spender is approved and uses part of that approval via `transferFrom`. The owner or an integration later reads `allowance(owner, spender)` and sees the original approved amount, even though the true remaining spendable amount is lower because a second mapping tracks cumulative usage. If the owner tries to refresh approval to a smaller or equal amount, the spender may become permanently unable to spend again unless the owner raises the ceiling above all historical usage. Integrations that assume standard ERC20 remaining-allowance semantics can mis-handle approvals, fail unexpectedly, or present incorrect risk to users."
}
|