019b3836-45fc-71aa-8579-513441de656c
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 6087 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 6088 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 49008 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 49009 | capability.graph | complete | 1 / 3 | 1 week ago |
| 49010 | detector.run | complete | 1 / 3 | 1 week ago |
| 49011 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113311 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"BYTECODE_BUNDLE.json looks like an old ERC20/HumanStandardToken-style bytecode bundle with `name/symbol/decimals/totalSupply/balanceOf/transfer/transferFrom/allowance` plus an approve-and-callback path. I did not see proxy/delegatecall/selfdestruct behavior, and the raw CALL detector appears to include two identity-precompile style memory-copy calls plus one checked callback call. The meaningful issue is the allowance-overwrite pattern on the approve-and-callback path; selector inference is best-effort, so function naming is inferred from the calldata-building evidence.","findings":[{"severity":"low","category":"auth","title":"Allowance overwrite remains front-runnable on approve-and-callback path","exploit_scenario":"A token holder gives a spender contract an allowance, then later tries to change that allowance to a different nonzero value through the callback-based approval entrypoint. The spender can front-run the change with `transferFrom` and consume the old allowance, then still use the newly written allowance after the approval transaction lands, allowing spend of both values.","recommendation":"Do not overwrite a live allowance directly. Require `oldAllowance == 0 || newAllowance == 0`, or replace this flow with `increaseAllowance`/`decreaseAllowance` style deltas or permit-style nonces. If this callback API must remain, document the race clearly and enforce zero-first updates.","evidence":"Selector inference is heuristic, but `selector:0xcae9ca51` appears to be an approve-and-callback function: it writes a double-keccak allowance slot at `pc:0x2b9`, then builds calldata for selector `0x8f4ffcb1` and performs a checked external `CALL` at `pc:0x37a`. The spender authorization is later consumed by `selector:0x23b872dd` (`transferFrom`-like), which reads the same allowance mapping at `pc:0x585` and decrements it at `pc:0x63a`. No zero-first or nonce-style guard is present in the bundle.","locations":["selector:0xcae9ca51","pc:0x2b9","pc:0x37a","selector:0x23b872dd","pc:0x585","pc:0x63a"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-bsa6whpz
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c81-7c74-7ac3-a7d0-0900e3b54aaf
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
→ Inspect BYTECODE_BUNDLE.json and available analysis artifacts
• Assess bytecode evidence for concrete security issues
• Return JSON findings matching schema
exec
/bin/bash -lc pwd in /tmp/codex-bsa6whpz
succeeded in 0ms:
/tmp/codex-bsa6whpz
exec
/bin/bash -lc 'rg --files' in /tmp/codex-bsa6whpz
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,240p' BYTECODE_BUNDLE.json" in /tmp/codex-bsa6whpz
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b",
"artifact_hash": "0xecade84eeec86920d0a826435b6d89929a25bb900a47911d4516694ef0d8877e",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0xea84cd9b520f9ac15ee69facebf0514d237ae3f350495e573c06816e7e3d08cf",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 30,
"hash": "0x8351f5fd39e1769e53f7b93891e5bf598f6939b3ca7289b6c03bc34019c93201",
"opcodes": [
"PUSH1",
"PUSH1",
"EXP",
"PUSH1",
"CALLDATALOAD",
"DIV",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 41,
"hash": "0x1781f12b41622c7fb2305ca15129ccaae032001a31a62b46edd2164c5652b678",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 31
},
{
"end_pc": 52,
"hash": "0xef96bc0becd3ab26a65ad7098fb403cea42452f543bf6e7ef83a3373b86a76f5",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 42
},
{
"end_pc": 63,
"hash": "0x1f5fca8ac1b4c539410ad9420fdd0774f23f070b93d0fa3b605528fab1c4a085",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 53
},
{
"end_pc": 74,
"hash": "0xb52fea1c03b8e3f6c0f649ed9bf7e2dfd62f4def971cc40f65a1df54d52d8fc3",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 85,
"hash": "0x0ed3799c063130e417d623fcd455f80919ea3a3e5e6c1544c8adcddfef63dfb6",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 75
},
{
"end_pc": 96,
"hash": "0x0f4ee67ca53f7b0e7533b3d45b86f1b805db556000d9d54b1747eafbfaa9dd5a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 86
},
{
"end_pc": 107,
"hash": "0xe3bc4359e4930674413e853aa04378e7da9768ba1262875cd690c03c2b2384a9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 97
},
{
"end_pc": 118,
"hash": "0x299ed009dd1e9da798f570f407f5e6bd49eac17054b3480ea23f9c61cd4fa9e4",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 108
},
{
"end_pc": 129,
"hash": "0x6c9a6e1eff78a7ac544d2102281b13cea1213f54a3c1db55ad4a4ca67161c28b",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 119
},
{
"end_pc": 137,
"hash": "0xf1003f04d6f8790a6f7f962444294519d0bd097e92b80771d3cc87d25aad0ee4",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 130
},
{
"end_pc": 202,
"hash": "0x392347e7c4f50f4d50dcdc05270dc921c281235aaac66f3cf1ceb4196525195a",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"SLOAD",
"PUSH1",
"PUSH1",
"OP_82",
"OP_84",
"AND",
"ISZERO",
"PUSH2",
"MUL",
"PUSH1",
"NOT",
"ADD",
"OP_90",
"OP_92",
"AND",
"OP_91",
"OP_90",
"OP_91",
"DIV",
"PUSH1",
"OP_81",
"ADD",
"OP_82",
"OP_90",
"DIV",
"OP_90",
"OP_91",
"MUL",
"PUSH1",
"OP_90",
"OP_81",
"ADD",
"PUSH1",
"MSTORE",
"PUSH1",
"OP_82",
"OP_81",
"MSTORE",
"OP_92",
"OP_91",
"OP_90",
"OP_82",
"OP_82",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 138
},
{
"end_pc": 210,
"hash": "0x7c4463952fb06273cd87950ea721e5b3b6dec57f3d34f6a4d28e05ee076fd54e",
"opcodes": [
"OP_80",
"PUSH1",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 203
},
{
"end_pc": 229,
"hash": "0x4ced96b699ccd2ce6bb13f5ff8f6a4a42b3e4bb38f341fbc94a3d5b747ae5433",
"opcodes": [
"PUSH2",
"OP_80",
"OP_83",
"SLOAD",
"DIV",
"MUL",
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-bsa6whpz
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "rg -n 'selector|DELEGATECALL|CALLCODE|STATICCALL|CALL\\b|SELFDESTRUCT|SUICIDE|SSTORE|SLOAD|detector|storage|slot|proxy|implementation|upgrade|admin|owner|external_calls|callsites|evidence|findings' BYTECODE_BUNDLE.json" in /tmp/codex-bsa6whpz
succeeded in 0ms:
169: "SLOAD",
238: "SLOAD",
259: "SLOAD",
294: "SLOAD",
320: "SLOAD",
336: "SLOAD",
405: "SLOAD",
437: "SLOAD",
451: "SLOAD",
518: "SLOAD",
559: "SLOAD",
693: "SSTORE",
789: "CALL",
858: "CALL",
912: "SLOAD",
977: "CALL",
1098: "SLOAD",
1151: "SLOAD",
1158: "SSTORE",
1188: "SLOAD",
1195: "SSTORE",
1261: "SLOAD",
1325: "SLOAD",
1381: "SLOAD",
1432: "SLOAD",
1439: "SSTORE",
1469: "SLOAD",
1476: "SSTORE",
1527: "SLOAD",
1534: "SSTORE",
1582: "callsites": [
1584: "opcode": "CALL",
1591: "opcode": "CALL",
1598: "opcode": "CALL",
1898: "dispatcher_type": "selector_jump_table",
1902: "selector": "0x06fdde03"
1906: "selector": "0x18160ddd"
1910: "selector": "0x23b872dd"
1914: "selector": "0x313ce567"
1918: "selector": "0x5a3b7e42"
1922: "selector": "0x70a08231"
1926: "selector": "0x95d89b41"
1930: "selector": "0xa9059cbb"
1934: "selector": "0xcae9ca51"
1938: "selector": "0xdd62ed3e"
1947: "selector": "0x06fdde03",
1954: "storage": {
1956: "slots": [
1958: "op": "SLOAD",
1960: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
1963: "op": "SLOAD",
1965: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1968: "op": "SLOAD",
1970: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
1973: "op": "SLOAD",
1975: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
1978: "op": "SLOAD",
1980: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
1983: "op": "SLOAD",
1985: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1988: "op": "SLOAD",
1990: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
1993: "op": "SLOAD",
1995: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
1998: "op": "SSTORE",
2000: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2011: "selector": "0x18160ddd",
2018: "storage": {
2020: "slots": [
2022: "op": "SLOAD",
2024: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2027: "op": "SLOAD",
2029: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2032: "op": "SLOAD",
2034: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2037: "op": "SLOAD",
2039: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2042: "op": "SLOAD",
2044: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2047: "op": "SLOAD",
2049: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2052: "op": "SLOAD",
2054: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2057: "op": "SLOAD",
2059: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2062: "op": "SSTORE",
2064: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2075: "selector": "0x23b872dd",
2082: "storage": {
2084: "slots": [
2086: "op": "SLOAD",
2088: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2091: "op": "SLOAD",
2093: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2096: "op": "SLOAD",
2098: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2101: "op": "SLOAD",
2103: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2106: "op": "SLOAD",
2108: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2111: "op": "SLOAD",
2113: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2116: "op": "SLOAD",
2118: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2121: "op": "SLOAD",
2123: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2126: "op": "SSTORE",
2128: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2139: "selector": "0x313ce567",
2146: "storage": {
2148: "slots": [
2150: "op": "SLOAD",
2152: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2155: "op": "SLOAD",
2157: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2160: "op": "SLOAD",
2162: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2165: "op": "SLOAD",
2167: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2170: "op": "SLOAD",
2172: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2175: "op": "SLOAD",
2177: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2180: "op": "SLOAD",
2182: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2185: "op": "SLOAD",
2187: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2190: "op": "SSTORE",
2192: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2203: "selector": "0x5a3b7e42",
2210: "storage": {
2212: "slots": [
2214: "op": "SLOAD",
2216: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2219: "op": "SLOAD",
2221: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2224: "op": "SLOAD",
2226: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2229: "op": "SLOAD",
2231: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2234: "op": "SLOAD",
2236: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2239: "op": "SLOAD",
2241: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2244: "op": "SLOAD",
2246: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2249: "op": "SLOAD",
2251: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2254: "op": "SSTORE",
2256: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2267: "selector": "0x70a08231",
2274: "storage": {
2276: "slots": [
2278: "op": "SLOAD",
2280: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2283: "op": "SLOAD",
2285: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2288: "op": "SLOAD",
2290: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2293: "op": "SLOAD",
2295: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2298: "op": "SLOAD",
2300: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2303: "op": "SLOAD",
2305: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2308: "op": "SLOAD",
2310: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2313: "op": "SLOAD",
2315: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2318: "op": "SSTORE",
2320: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2331: "selector": "0x95d89b41",
2338: "storage": {
2340: "slots": [
2342: "op": "SLOAD",
2344: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2347: "op": "SLOAD",
2349: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2352: "op": "SLOAD",
2354: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2357: "op": "SLOAD",
2359: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2362: "op": "SLOAD",
2364: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2367: "op": "SLOAD",
2369: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2372: "op": "SLOAD",
2374: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2377: "op": "SLOAD",
2379: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2382: "op": "SSTORE",
2384: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2395: "selector": "0xa9059cbb",
2402: "storage": {
2404: "slots": [
2406: "op": "SLOAD",
2408: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2411: "op": "SLOAD",
2413: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2416: "op": "SLOAD",
2418: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2421: "op": "SLOAD",
2423: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2426: "op": "SLOAD",
2428: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2431: "op": "SLOAD",
2433: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2436: "op": "SLOAD",
2438: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2441: "op": "SLOAD",
2443: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2446: "op": "SSTORE",
2448: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2459: "selector": "0xcae9ca51",
2466: "storage": {
2468: "slots": [
2470: "op": "SLOAD",
2472: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2475: "op": "SLOAD",
2477: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2480: "op": "SLOAD",
2482: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2485: "op": "SLOAD",
2487: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2490: "op": "SLOAD",
2492: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2495: "op": "SLOAD",
2497: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2500: "op": "SLOAD",
2502: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2505: "op": "SLOAD",
2507: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2510: "op": "SSTORE",
2512: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2523: "selector": "0xdd62ed3e",
2530: "storage": {
2532: "slots": [
2534: "op": "SLOAD",
2536: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2539: "op": "SLOAD",
2541: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2544: "op": "SLOAD",
2546: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2549: "op": "SLOAD",
2551: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2554: "op": "SLOAD",
2556: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2559: "op": "SLOAD",
2561: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2564: "op": "SLOAD",
2566: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2569: "op": "SLOAD",
2571: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2574: "op": "SSTORE",
2576: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2583: "selectors": [
2602: "upgrade_slot_write_suspected": false
2604: "storage": {
2607: "slots": [
2609: "op": "SLOAD",
2611: "slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
2614: "op": "SLOAD",
2616: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2619: "op": "SLOAD",
2621: "slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
2624: "op": "SLOAD",
2626: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2629: "op": "SLOAD",
2631: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2634: "op": "SLOAD",
2636: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2639: "op": "SLOAD",
2641: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2644: "op": "SLOAD",
2646: "slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
2649: "op": "SSTORE",
2651: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2684: "implementation_address": null,
2685: "is_proxy": false,
3430: "opcode": "CALL",
3436: "opcode": "CALL",
3442: "opcode": "CALL",
3453: "selector": "0x06fdde03",
3459: "selector": "0x18160ddd",
3465: "selector": "0x23b872dd",
3471: "selector": "0x313ce567",
3477: "selector": "0x5a3b7e42",
3483: "selector": "0x70a08231",
3489: "selector": "0x95d89b41",
3495: "selector": "0xa9059cbb",
3501: "selector": "0xcae9ca51",
3507: "selector": "0xdd62ed3e",
3517: "detector_findings": [
3520: "evidence_json": {
3524: "opcode": "CALL",
3531: "opcode": "CALL",
3538: "opcode": "CALL",
3549: "sink": "CALL"
3552: "title": "Untrusted CALL target/value reachable",
3564: "sink": "CALL",
3573: "evidence_json": {
3577: "opcode": "CALL",
3584: "opcode": "CALL",
3591: "opcode": "CALL",
3601: "sink": "CALL",
3617: "sink": "CALL",
exec
/bin/bash -lc "sed -n '1888,2688p' BYTECODE_BUNDLE.json" in /tmp/codex-bsa6whpz
succeeded in 0ms:
"to": "bb:1425",
"type": "control_flow"
},
{
"from": "bb:1375",
"to": "bb:1421",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x9e0b094e8850cc77bf0de68a7bb8c6a40ca13554fbee9ff170ad6003fdae99dd",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x06fdde03"
},
{
"entry_pc": 599290589,
"selector": "0x18160ddd"
},
{
"entry_pc": 826074471,
"selector": "0x23b872dd"
},
{
"entry_pc": 1513848386,
"selector": "0x313ce567"
},
{
"entry_pc": 1889567281,
"selector": "0x5a3b7e42"
},
{
"entry_pc": 2514000705,
"selector": "0x70a08231"
},
{
"entry_pc": 2835717307,
"selector": "0x95d89b41"
},
{
"entry_pc": 3404319313,
"selector": "0xa9059cbb"
},
{
"entry_pc": 3714247998,
"selector": "0xcae9ca51"
},
{
"entry_pc": 946,
"selector": "0xdd62ed3e"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": null,
"selector": "0x06fdde03",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 599290589,
"selector": "0x18160ddd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 826074471,
"selector": "0x23b872dd",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1513848386,
"selector": "0x313ce567",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 1889567281,
"selector": "0x5a3b7e42",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2514000705,
"selector": "0x70a08231",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 2835717307,
"selector": "0x95d89b41",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3404319313,
"selector": "0xa9059cbb",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 3714247998,
"selector": "0xcae9ca51",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
},
{
"auth": {
"guards": []
},
"entry_pc": 946,
"selector": "0xdd62ed3e",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
}
}
],
"selectors": [
"0x06fdde03",
"0x18160ddd",
"0x23b872dd",
"0x313ce567",
"0x5a3b7e42",
"0x70a08231",
"0x95d89b41",
"0xa9059cbb",
"0xcae9ca51",
"0xdd62ed3e"
],
"sinks": {
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 18,
"reads": 21,
"slots": [
{
"op": "SLOAD",
"pc": 145,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 216,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 236,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000004"
},
{
"op": "SLOAD",
"pc": 295,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
},
{
"op": "SLOAD",
"pc": 308,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 380,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SLOAD",
"pc": 425,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 494,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000100"
},
{
"op": "SSTORE",
"pc": 697,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 6
},
"version": "analysis_artifact_v1"
},
"block_number": null,
"chain_id": 1,
"codehash": "0xacad8f32dfb30d6ee1c408373038c4de5616c981d8744ca1a7d6007ce4e4ad11",
"created_at": "2026-04-04T19:59:55.000000Z",
"id": 2752,
"updated_at": "2026-04-04T19:59:55.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2025-12-19T20:03:59.000000Z",
"id": "019b3836-45fc-71aa-8579-513441de656c",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T19:59:55.000000Z"
},
"artifact": {
"codehash": "0xacad8f32dfb30d6ee1c408373038c4de5616c981d8744ca1a7d6007ce4e4ad11",
"compiler_json": {
"etherscan": {
"skipped": true
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x606060405236156100825760e060020a600035046306fdde03811461008a57806318160ddd146100e657806323b872dd146100ef578063313ce567146101215780635a3b7e421461012d57806370a082311461018a57806395d89b41146101a2578063a9059cbb146101fc578063cae9ca511461022b578063dd62ed3e1461038d575b6103b2610002565b6103b4600180546020600282841615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156105385780601f1061050d57610100808354040283529160200191610538565b61042260045481565b610422600435602435604435600160a060020a0383166000908152600560205260408120548290101561054057610002565b61043460035460ff1681565b6103b460008054602060026001831615610100026000190190921691909104601f810182900490910260809081016040526060828152929190828280156105385780601f1061050d57610100808354040283529160200191610538565b61042260043560056020526000908152604090205481565b6103b460028054602060018216156101000260001901909116829004601f810182900490910260809081016040526060828152929190828280156105385780601f1061050d57610100808354040283529160200191610538565b6103b2600435602435600160a060020a0333166000908152600560205260409020548190101561043e57610002565b60806020604435600481810135601f810184900490930284016040526060838152610422948235946024803595606494939101919081908382808284375094965050505050505060006000836006600050600033600160a060020a03168152602001908152602001600020600050600087600160a060020a031681526020019081526020016000206000508190555084905080600160a060020a0316638f4ffcb1338630876040518560e060020a0281526004018085600160a060020a0316815260200184815260200183600160a060020a03168152602001806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156103605780820380516001836020036101000a031916815260200191505b50955050505050506000604051808303816000876161da5a03f11561000257506001979650505050505050565b6006602090815260043560009081526040808220909252602435815220546104229081565b005b60405180806020018281038252838181518152602001915080519060200190808383829060006004602084601f0104600f02600301f150905090810190601f1680156104145780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60408051918252519081900360200190f35b6060908152602090f35b600160a060020a03821660009081526040902054808201101561046057610002565b806005600050600033600160a060020a03168152602001908152602001600020600082828250540392505081905550806005600050600084600160a060020a0316815260200190815260200160002060008282825054019250508190555081600160a060020a031633600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a35050565b820191906000526020600020905b81548152906001019060200180831161051b57829003601f168201915b505050505081565b600160a060020a03831681526040812054808301101561055f57610002565b600160a060020a0380851682526006602090815260408084203393909316845291905281205482111561059157610002565b816005600050600086600160a060020a03168152602001908152602001600020600082828250540392505081905550816005600050600085600160a060020a03168152602001908152602001600020600082828250540192505081905550816006600050600086600160a060020a03168152602001908152602001600020600050600033600160a060020a0316815260200190815260200160002060008282825054039250508190555082600160a060020a031684600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a3506001939250505056",
"head": null,
exec
/bin/bash -lc "sed -n '3510,3645p' BYTECODE_BUNDLE.json" in /tmp/codex-bsa6whpz
succeeded in 0ms:
],
"version": "capability_graph_v1"
},
"id": 2751,
"updated_at": "2026-04-04T19:59:55.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 60,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 822,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 890,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1002,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "high",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02",
"trace_mode": "callTracer"
}
},
{
"confidence": 55,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 822,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 890,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1002,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": []
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "high",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5f:'PUSH0',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
};
let pc=0; const ins=[];
for(let i=0;i<code.length;i+=2){
const b=parseInt(code.slice(i,i+2),16);
const name=opcodes[b]||('OP_'+b.toString(16));
let push='';
if(b>=0x60&&b<=0x7f){
const n=b-0x5f;
push=code.slice(i+2,i+2+2*n);
i+=2*n;
}
ins.push({pc,op:name,arg:push});
pc += 1 + (b>=0x60&&b<=0x7f ? (b-0x5f) : 0);
}
for (const target of [760,780,800,820,840,860,880,900,920,940,960,980,1000,1020]) {
console.log('\\n-- around pc', target, '--');
for (const x of ins.filter(x=>x.pc>=target-20 && x.pc<=target+20)) {
console.log(String(x.pc).padStart(4), x.op, x.arg);
}
}
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
-- around pc 760 --
740 PUSH1 a0
742 PUSH1 02
744 EXP
745 SUB
746 AND
747 DUP2
748 MSTORE
749 PUSH1 20
751 ADD
752 DUP5
753 DUP2
754 MSTORE
755 PUSH1 20
757 ADD
758 DUP4
759 PUSH1 01
761 PUSH1 a0
763 PUSH1 02
765 EXP
766 SUB
767 AND
768 DUP2
769 MSTORE
770 PUSH1 20
772 ADD
773 DUP1
774 PUSH1 20
776 ADD
777 DUP3
778 DUP2
779 SUB
780 DUP3
-- around pc 780 --
761 PUSH1 a0
763 PUSH1 02
765 EXP
766 SUB
767 AND
768 DUP2
769 MSTORE
770 PUSH1 20
772 ADD
773 DUP1
774 PUSH1 20
776 ADD
777 DUP3
778 DUP2
779 SUB
780 DUP3
781 MSTORE
782 DUP4
783 DUP2
784 DUP2
785 MLOAD
786 DUP2
787 MSTORE
788 PUSH1 20
790 ADD
791 SWAP2
792 POP
793 DUP1
794 MLOAD
795 SWAP1
796 PUSH1 20
798 ADD
799 SWAP1
800 DUP1
-- around pc 800 --
780 DUP3
781 MSTORE
782 DUP4
783 DUP2
784 DUP2
785 MLOAD
786 DUP2
787 MSTORE
788 PUSH1 20
790 ADD
791 SWAP2
792 POP
793 DUP1
794 MLOAD
795 SWAP1
796 PUSH1 20
798 ADD
799 SWAP1
800 DUP1
801 DUP4
802 DUP4
803 DUP3
804 SWAP1
805 PUSH1 00
807 PUSH1 04
809 PUSH1 20
811 DUP5
812 PUSH1 1f
814 ADD
815 DIV
816 PUSH1 0f
818 MUL
819 PUSH1 03
-- around pc 820 --
800 DUP1
801 DUP4
802 DUP4
803 DUP3
804 SWAP1
805 PUSH1 00
807 PUSH1 04
809 PUSH1 20
811 DUP5
812 PUSH1 1f
814 ADD
815 DIV
816 PUSH1 0f
818 MUL
819 PUSH1 03
821 ADD
822 CALL
823 POP
824 SWAP1
825 POP
826 SWAP1
827 DUP2
828 ADD
829 SWAP1
830 PUSH1 1f
832 AND
833 DUP1
834 ISZERO
835 PUSH2 0360
838 JUMPI
839 DUP1
840 DUP3
-- around pc 840 --
821 ADD
822 CALL
823 POP
824 SWAP1
825 POP
826 SWAP1
827 DUP2
828 ADD
829 SWAP1
830 PUSH1 1f
832 AND
833 DUP1
834 ISZERO
835 PUSH2 0360
838 JUMPI
839 DUP1
840 DUP3
841 SUB
842 DUP1
843 MLOAD
844 PUSH1 01
846 DUP4
847 PUSH1 20
849 SUB
850 PUSH2 0100
853 EXP
854 SUB
855 NOT
856 AND
857 DUP2
858 MSTORE
859 PUSH1 20
-- around pc 860 --
840 DUP3
841 SUB
842 DUP1
843 MLOAD
844 PUSH1 01
846 DUP4
847 PUSH1 20
849 SUB
850 PUSH2 0100
853 EXP
854 SUB
855 NOT
856 AND
857 DUP2
858 MSTORE
859 PUSH1 20
861 ADD
862 SWAP2
863 POP
864 JUMPDEST
865 POP
866 SWAP6
867 POP
868 POP
869 POP
870 POP
871 POP
872 POP
873 PUSH1 00
875 PUSH1 40
877 MLOAD
878 DUP1
879 DUP4
880 SUB
-- around pc 880 --
861 ADD
862 SWAP2
863 POP
864 JUMPDEST
865 POP
866 SWAP6
867 POP
868 POP
869 POP
870 POP
871 POP
872 POP
873 PUSH1 00
875 PUSH1 40
877 MLOAD
878 DUP1
879 DUP4
880 SUB
881 DUP2
882 PUSH1 00
884 DUP8
885 PUSH2 61da
888 GAS
889 SUB
890 CALL
891 ISZERO
892 PUSH2 0002
895 JUMPI
896 POP
897 PUSH1 01
899 SWAP8
900 SWAP7
-- around pc 900 --
880 SUB
881 DUP2
882 PUSH1 00
884 DUP8
885 PUSH2 61da
888 GAS
889 SUB
890 CALL
891 ISZERO
892 PUSH2 0002
895 JUMPI
896 POP
897 PUSH1 01
899 SWAP8
900 SWAP7
901 POP
902 POP
903 POP
904 POP
905 POP
906 POP
907 POP
908 JUMP
909 JUMPDEST
910 PUSH1 06
912 PUSH1 20
914 SWAP1
915 DUP2
916 MSTORE
917 PUSH1 04
919 CALLDATALOAD
920 PUSH1 00
-- around pc 920 --
900 SWAP7
901 POP
902 POP
903 POP
904 POP
905 POP
906 POP
907 POP
908 JUMP
909 JUMPDEST
910 PUSH1 06
912 PUSH1 20
914 SWAP1
915 DUP2
916 MSTORE
917 PUSH1 04
919 CALLDATALOAD
920 PUSH1 00
922 SWAP1
923 DUP2
924 MSTORE
925 PUSH1 40
927 DUP1
928 DUP3
929 SHA3
930 SWAP1
931 SWAP3
932 MSTORE
933 PUSH1 24
935 CALLDATALOAD
936 DUP2
937 MSTORE
938 SHA3
939 SLOAD
940 PUSH2 0422
-- around pc 940 --
920 PUSH1 00
922 SWAP1
923 DUP2
924 MSTORE
925 PUSH1 40
927 DUP1
928 DUP3
929 SHA3
930 SWAP1
931 SWAP3
932 MSTORE
933 PUSH1 24
935 CALLDATALOAD
936 DUP2
937 MSTORE
938 SHA3
939 SLOAD
940 PUSH2 0422
943 SWAP1
944 DUP2
945 JUMP
946 JUMPDEST
947 STOP
948 JUMPDEST
949 PUSH1 40
951 MLOAD
952 DUP1
953 DUP1
954 PUSH1 20
956 ADD
957 DUP3
958 DUP2
959 SUB
960 DUP3
-- around pc 960 --
940 PUSH2 0422
943 SWAP1
944 DUP2
945 JUMP
946 JUMPDEST
947 STOP
948 JUMPDEST
949 PUSH1 40
951 MLOAD
952 DUP1
953 DUP1
954 PUSH1 20
956 ADD
957 DUP3
958 DUP2
959 SUB
960 DUP3
961 MSTORE
962 DUP4
963 DUP2
964 DUP2
965 MLOAD
966 DUP2
967 MSTORE
968 PUSH1 20
970 ADD
971 SWAP2
972 POP
973 DUP1
974 MLOAD
975 SWAP1
976 PUSH1 20
978 ADD
979 SWAP1
980 DUP1
-- around pc 980 --
960 DUP3
961 MSTORE
962 DUP4
963 DUP2
964 DUP2
965 MLOAD
966 DUP2
967 MSTORE
968 PUSH1 20
970 ADD
971 SWAP2
972 POP
973 DUP1
974 MLOAD
975 SWAP1
976 PUSH1 20
978 ADD
979 SWAP1
980 DUP1
981 DUP4
982 DUP4
983 DUP3
984 SWAP1
985 PUSH1 00
987 PUSH1 04
989 PUSH1 20
991 DUP5
992 PUSH1 1f
994 ADD
995 DIV
996 PUSH1 0f
998 MUL
999 PUSH1 03
-- around pc 1000 --
980 DUP1
981 DUP4
982 DUP4
983 DUP3
984 SWAP1
985 PUSH1 00
987 PUSH1 04
989 PUSH1 20
991 DUP5
992 PUSH1 1f
994 ADD
995 DIV
996 PUSH1 0f
998 MUL
999 PUSH1 03
1001 ADD
1002 CALL
1003 POP
1004 SWAP1
1005 POP
1006 SWAP1
1007 DUP2
1008 ADD
1009 SWAP1
1010 PUSH1 1f
1012 AND
1013 DUP1
1014 ISZERO
1015 PUSH2 0414
1018 JUMPI
1019 DUP1
1020 DUP3
-- around pc 1020 --
1001 ADD
1002 CALL
1003 POP
1004 SWAP1
1005 POP
1006 SWAP1
1007 DUP2
1008 ADD
1009 SWAP1
1010 PUSH1 1f
1012 AND
1013 DUP1
1014 ISZERO
1015 PUSH2 0414
1018 JUMPI
1019 DUP1
1020 DUP3
1021 SUB
1022 DUP1
1023 MLOAD
1024 PUSH1 01
1026 DUP4
1027 PUSH1 20
1029 SUB
1030 PUSH2 0100
1033 EXP
1034 SUB
1035 NOT
1036 AND
1037 DUP2
1038 MSTORE
1039 PUSH1 20
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes = {};
for (let i=0;i<=0xff;i++) opcodes[i]='OP_'+i.toString(16);
Object.assign(opcodes,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0; const ins=[];
for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); const op=opcodes[b]; let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op,arg}); pc += 1 + (b>=0x60&&b<=0x7f ? b-0x5f : 0);}
for (const x of ins.filter(x=>x.pc>=560 && x.pc<=910)) console.log(String(x.pc).padStart(4), x.op, x.arg);
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
560 PUSH1 44
562 CALLDATALOAD
563 PUSH1 04
565 DUP2
566 DUP2
567 ADD
568 CALLDATALOAD
569 PUSH1 1f
571 DUP2
572 ADD
573 DUP5
574 SWAP1
575 DIV
576 SWAP1
577 SWAP4
578 MUL
579 DUP5
580 ADD
581 PUSH1 40
583 MSTORE
584 PUSH1 60
586 DUP4
587 DUP2
588 MSTORE
589 PUSH2 0422
592 SWAP5
593 DUP3
594 CALLDATALOAD
595 SWAP5
596 PUSH1 24
598 DUP1
599 CALLDATALOAD
600 SWAP6
601 PUSH1 64
603 SWAP5
604 SWAP4
605 SWAP2
606 ADD
607 SWAP2
608 SWAP1
609 DUP2
610 SWAP1
611 DUP4
612 DUP3
613 DUP1
614 DUP3
615 DUP5
616 CALLDATACOPY
617 POP
618 SWAP5
619 SWAP7
620 POP
621 POP
622 POP
623 POP
624 POP
625 POP
626 POP
627 PUSH1 00
629 PUSH1 00
631 DUP4
632 PUSH1 06
634 PUSH1 00
636 POP
637 PUSH1 00
639 CALLER
640 PUSH1 01
642 PUSH1 a0
644 PUSH1 02
646 EXP
647 SUB
648 AND
649 DUP2
650 MSTORE
651 PUSH1 20
653 ADD
654 SWAP1
655 DUP2
656 MSTORE
657 PUSH1 20
659 ADD
660 PUSH1 00
662 SHA3
663 PUSH1 00
665 POP
666 PUSH1 00
668 DUP8
669 PUSH1 01
671 PUSH1 a0
673 PUSH1 02
675 EXP
676 SUB
677 AND
678 DUP2
679 MSTORE
680 PUSH1 20
682 ADD
683 SWAP1
684 DUP2
685 MSTORE
686 PUSH1 20
688 ADD
689 PUSH1 00
691 SHA3
692 PUSH1 00
694 POP
695 DUP2
696 SWAP1
697 SSTORE
698 POP
699 DUP5
700 SWAP1
701 POP
702 DUP1
703 PUSH1 01
705 PUSH1 a0
707 PUSH1 02
709 EXP
710 SUB
711 AND
712 PUSH4 8f4ffcb1
717 CALLER
718 DUP7
719 ADDRESS
720 DUP8
721 PUSH1 40
723 MLOAD
724 DUP6
725 PUSH1 e0
727 PUSH1 02
729 EXP
730 MUL
731 DUP2
732 MSTORE
733 PUSH1 04
735 ADD
736 DUP1
737 DUP6
738 PUSH1 01
740 PUSH1 a0
742 PUSH1 02
744 EXP
745 SUB
746 AND
747 DUP2
748 MSTORE
749 PUSH1 20
751 ADD
752 DUP5
753 DUP2
754 MSTORE
755 PUSH1 20
757 ADD
758 DUP4
759 PUSH1 01
761 PUSH1 a0
763 PUSH1 02
765 EXP
766 SUB
767 AND
768 DUP2
769 MSTORE
770 PUSH1 20
772 ADD
773 DUP1
774 PUSH1 20
776 ADD
777 DUP3
778 DUP2
779 SUB
780 DUP3
781 MSTORE
782 DUP4
783 DUP2
784 DUP2
785 MLOAD
786 DUP2
787 MSTORE
788 PUSH1 20
790 ADD
791 SWAP2
792 POP
793 DUP1
794 MLOAD
795 SWAP1
796 PUSH1 20
798 ADD
799 SWAP1
800 DUP1
801 DUP4
802 DUP4
803 DUP3
804 SWAP1
805 PUSH1 00
807 PUSH1 04
809 PUSH1 20
811 DUP5
812 PUSH1 1f
814 ADD
815 DIV
816 PUSH1 0f
818 MUL
819 PUSH1 03
821 ADD
822 CALL
823 POP
824 SWAP1
825 POP
826 SWAP1
827 DUP2
828 ADD
829 SWAP1
830 PUSH1 1f
832 AND
833 DUP1
834 ISZERO
835 PUSH2 0360
838 JUMPI
839 DUP1
840 DUP3
841 SUB
842 DUP1
843 MLOAD
844 PUSH1 01
846 DUP4
847 PUSH1 20
849 SUB
850 PUSH2 0100
853 EXP
854 SUB
855 NOT
856 AND
857 DUP2
858 MSTORE
859 PUSH1 20
861 ADD
862 SWAP2
863 POP
864 JUMPDEST
865 POP
866 SWAP6
867 POP
868 POP
869 POP
870 POP
871 POP
872 POP
873 PUSH1 00
875 PUSH1 40
877 MLOAD
878 DUP1
879 DUP4
880 SUB
881 DUP2
882 PUSH1 00
884 DUP8
885 PUSH2 61da
888 GAS
889 SUB
890 CALL
891 ISZERO
892 PUSH2 0002
895 JUMPI
896 POP
897 PUSH1 01
899 SWAP8
900 SWAP7
901 POP
902 POP
903 POP
904 POP
905 POP
906 POP
907 POP
908 JUMP
909 JUMPDEST
910 PUSH1 06
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes={}; for(let i=0;i<=0xff;i++)opcodes[i]='OP_'+i.toString(16); Object.assign(opcodes,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:opcodes[b],arg}); pc+=1+(b>=0x60&&b<=0x7f?b-0x5f:0);}
for (const x of ins.filter(x=>x.pc>=1038 && x.pc<=1595)) console.log(String(x.pc).padStart(4), x.op, x.arg);
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
1038 MSTORE
1039 PUSH1 20
1041 ADD
1042 SWAP2
1043 POP
1044 JUMPDEST
1045 POP
1046 SWAP3
1047 POP
1048 POP
1049 POP
1050 PUSH1 40
1052 MLOAD
1053 DUP1
1054 SWAP2
1055 SUB
1056 SWAP1
1057 RETURN
1058 JUMPDEST
1059 PUSH1 40
1061 DUP1
1062 MLOAD
1063 SWAP2
1064 DUP3
1065 MSTORE
1066 MLOAD
1067 SWAP1
1068 DUP2
1069 SWAP1
1070 SUB
1071 PUSH1 20
1073 ADD
1074 SWAP1
1075 RETURN
1076 JUMPDEST
1077 PUSH1 60
1079 SWAP1
1080 DUP2
1081 MSTORE
1082 PUSH1 20
1084 SWAP1
1085 RETURN
1086 JUMPDEST
1087 PUSH1 01
1089 PUSH1 a0
1091 PUSH1 02
1093 EXP
1094 SUB
1095 DUP3
1096 AND
1097 PUSH1 00
1099 SWAP1
1100 DUP2
1101 MSTORE
1102 PUSH1 40
1104 SWAP1
1105 SHA3
1106 SLOAD
1107 DUP1
1108 DUP3
1109 ADD
1110 LT
1111 ISZERO
1112 PUSH2 0460
1115 JUMPI
1116 PUSH2 0002
1119 JUMP
1120 JUMPDEST
1121 DUP1
1122 PUSH1 05
1124 PUSH1 00
1126 POP
1127 PUSH1 00
1129 CALLER
1130 PUSH1 01
1132 PUSH1 a0
1134 PUSH1 02
1136 EXP
1137 SUB
1138 AND
1139 DUP2
1140 MSTORE
1141 PUSH1 20
1143 ADD
1144 SWAP1
1145 DUP2
1146 MSTORE
1147 PUSH1 20
1149 ADD
1150 PUSH1 00
1152 SHA3
1153 PUSH1 00
1155 DUP3
1156 DUP3
1157 DUP3
1158 POP
1159 SLOAD
1160 SUB
1161 SWAP3
1162 POP
1163 POP
1164 DUP2
1165 SWAP1
1166 SSTORE
1167 POP
1168 DUP1
1169 PUSH1 05
1171 PUSH1 00
1173 POP
1174 PUSH1 00
1176 DUP5
1177 PUSH1 01
1179 PUSH1 a0
1181 PUSH1 02
1183 EXP
1184 SUB
1185 AND
1186 DUP2
1187 MSTORE
1188 PUSH1 20
1190 ADD
1191 SWAP1
1192 DUP2
1193 MSTORE
1194 PUSH1 20
1196 ADD
1197 PUSH1 00
1199 SHA3
1200 PUSH1 00
1202 DUP3
1203 DUP3
1204 DUP3
1205 POP
1206 SLOAD
1207 ADD
1208 SWAP3
1209 POP
1210 POP
1211 DUP2
1212 SWAP1
1213 SSTORE
1214 POP
1215 DUP2
1216 PUSH1 01
1218 PUSH1 a0
1220 PUSH1 02
1222 EXP
1223 SUB
1224 AND
1225 CALLER
1226 PUSH1 01
1228 PUSH1 a0
1230 PUSH1 02
1232 EXP
1233 SUB
1234 AND
1235 PUSH32 ddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
1268 DUP4
1269 PUSH1 40
1271 MLOAD
1272 DUP1
1273 DUP3
1274 DUP2
1275 MSTORE
1276 PUSH1 20
1278 ADD
1279 SWAP2
1280 POP
1281 POP
1282 PUSH1 40
1284 MLOAD
1285 DUP1
1286 SWAP2
1287 SUB
1288 SWAP1
1289 LOG3
1290 POP
1291 POP
1292 JUMP
1293 JUMPDEST
1294 DUP3
1295 ADD
1296 SWAP2
1297 SWAP1
1298 PUSH1 00
1300 MSTORE
1301 PUSH1 20
1303 PUSH1 00
1305 SHA3
1306 SWAP1
1307 JUMPDEST
1308 DUP2
1309 SLOAD
1310 DUP2
1311 MSTORE
1312 SWAP1
1313 PUSH1 01
1315 ADD
1316 SWAP1
1317 PUSH1 20
1319 ADD
1320 DUP1
1321 DUP4
1322 GT
1323 PUSH2 051b
1326 JUMPI
1327 DUP3
1328 SWAP1
1329 SUB
1330 PUSH1 1f
1332 AND
1333 DUP3
1334 ADD
1335 SWAP2
1336 JUMPDEST
1337 POP
1338 POP
1339 POP
1340 POP
1341 POP
1342 DUP2
1343 JUMP
1344 JUMPDEST
1345 PUSH1 01
1347 PUSH1 a0
1349 PUSH1 02
1351 EXP
1352 SUB
1353 DUP4
1354 AND
1355 DUP2
1356 MSTORE
1357 PUSH1 40
1359 DUP2
1360 SHA3
1361 SLOAD
1362 DUP1
1363 DUP4
1364 ADD
1365 LT
1366 ISZERO
1367 PUSH2 055f
1370 JUMPI
1371 PUSH2 0002
1374 JUMP
1375 JUMPDEST
1376 PUSH1 01
1378 PUSH1 a0
1380 PUSH1 02
1382 EXP
1383 SUB
1384 DUP1
1385 DUP6
1386 AND
1387 DUP3
1388 MSTORE
1389 PUSH1 06
1391 PUSH1 20
1393 SWAP1
1394 DUP2
1395 MSTORE
1396 PUSH1 40
1398 DUP1
1399 DUP5
1400 SHA3
1401 CALLER
1402 SWAP4
1403 SWAP1
1404 SWAP4
1405 AND
1406 DUP5
1407 MSTORE
1408 SWAP2
1409 SWAP1
1410 MSTORE
1411 DUP2
1412 SHA3
1413 SLOAD
1414 DUP3
1415 GT
1416 ISZERO
1417 PUSH2 0591
1420 JUMPI
1421 PUSH2 0002
1424 JUMP
1425 JUMPDEST
1426 DUP2
1427 PUSH1 05
1429 PUSH1 00
1431 POP
1432 PUSH1 00
1434 DUP7
1435 PUSH1 01
1437 PUSH1 a0
1439 PUSH1 02
1441 EXP
1442 SUB
1443 AND
1444 DUP2
1445 MSTORE
1446 PUSH1 20
1448 ADD
1449 SWAP1
1450 DUP2
1451 MSTORE
1452 PUSH1 20
1454 ADD
1455 PUSH1 00
1457 SHA3
1458 PUSH1 00
1460 DUP3
1461 DUP3
1462 DUP3
1463 POP
1464 SLOAD
1465 SUB
1466 SWAP3
1467 POP
1468 POP
1469 DUP2
1470 SWAP1
1471 SSTORE
1472 POP
1473 DUP2
1474 PUSH1 05
1476 PUSH1 00
1478 POP
1479 PUSH1 00
1481 DUP6
1482 PUSH1 01
1484 PUSH1 a0
1486 PUSH1 02
1488 EXP
1489 SUB
1490 AND
1491 DUP2
1492 MSTORE
1493 PUSH1 20
1495 ADD
1496 SWAP1
1497 DUP2
1498 MSTORE
1499 PUSH1 20
1501 ADD
1502 PUSH1 00
1504 SHA3
1505 PUSH1 00
1507 DUP3
1508 DUP3
1509 DUP3
1510 POP
1511 SLOAD
1512 ADD
1513 SWAP3
1514 POP
1515 POP
1516 DUP2
1517 SWAP1
1518 SSTORE
1519 POP
1520 DUP2
1521 PUSH1 06
1523 PUSH1 00
1525 POP
1526 PUSH1 00
1528 DUP7
1529 PUSH1 01
1531 PUSH1 a0
1533 PUSH1 02
1535 EXP
1536 SUB
1537 AND
1538 DUP2
1539 MSTORE
1540 PUSH1 20
1542 ADD
1543 SWAP1
1544 DUP2
1545 MSTORE
1546 PUSH1 20
1548 ADD
1549 PUSH1 00
1551 SHA3
1552 PUSH1 00
1554 POP
1555 PUSH1 00
1557 CALLER
1558 PUSH1 01
1560 PUSH1 a0
1562 PUSH1 02
1564 EXP
1565 SUB
1566 AND
1567 DUP2
1568 MSTORE
1569 PUSH1 20
1571 ADD
1572 SWAP1
1573 DUP2
1574 MSTORE
1575 PUSH1 20
1577 ADD
1578 PUSH1 00
1580 SHA3
1581 PUSH1 00
1583 DUP3
1584 DUP3
1585 DUP3
1586 POP
1587 SLOAD
1588 SUB
1589 SWAP3
1590 POP
1591 POP
1592 DUP2
1593 SWAP1
1594 SSTORE
1595 POP
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes={}; for(let i=0;i<=0xff;i++)opcodes[i]='OP_'+i.toString(16); Object.assign(opcodes,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:opcodes[b],arg}); pc+=1+(b>=0x60&&b<=0x7f?b-0x5f:0);}
for (const x of ins.filter(x=>x.pc>=1590 && x.pc<=1705)) console.log(String(x.pc).padStart(4), x.op, x.arg);
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
1590 POP
1591 POP
1592 DUP2
1593 SWAP1
1594 SSTORE
1595 POP
1596 DUP3
1597 PUSH1 01
1599 PUSH1 a0
1601 PUSH1 02
1603 EXP
1604 SUB
1605 AND
1606 DUP5
1607 PUSH1 01
1609 PUSH1 a0
1611 PUSH1 02
1613 EXP
1614 SUB
1615 AND
1616 PUSH32 ddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
1649 DUP5
1650 PUSH1 40
1652 MLOAD
1653 DUP1
1654 DUP3
1655 DUP2
1656 MSTORE
1657 PUSH1 20
1659 ADD
1660 SWAP2
1661 POP
1662 POP
1663 PUSH1 40
1665 MLOAD
1666 DUP1
1667 SWAP2
1668 SUB
1669 SWAP1
1670 LOG3
1671 POP
1672 PUSH1 01
1674 SWAP4
1675 SWAP3
1676 POP
1677 POP
1678 POP
1679 JUMP
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes={}; for(let i=0;i<=0xff;i++)opcodes[i]='OP_'+i.toString(16); Object.assign(opcodes,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:opcodes[b],arg}); pc+=1+(b>=0x60&&b<=0x7f?b-0x5f:0);}
for (const x of ins.filter(x=>x.pc<=160)) console.log(String(x.pc).padStart(4), x.op, x.arg);
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
0 PUSH1 60
2 PUSH1 40
4 MSTORE
5 CALLDATASIZE
6 ISZERO
7 PUSH2 0082
10 JUMPI
11 PUSH1 e0
13 PUSH1 02
15 EXP
16 PUSH1 00
18 CALLDATALOAD
19 DIV
20 PUSH4 06fdde03
25 DUP2
26 EQ
27 PUSH2 008a
30 JUMPI
31 DUP1
32 PUSH4 18160ddd
37 EQ
38 PUSH2 00e6
41 JUMPI
42 DUP1
43 PUSH4 23b872dd
48 EQ
49 PUSH2 00ef
52 JUMPI
53 DUP1
54 PUSH4 313ce567
59 EQ
60 PUSH2 0121
63 JUMPI
64 DUP1
65 PUSH4 5a3b7e42
70 EQ
71 PUSH2 012d
74 JUMPI
75 DUP1
76 PUSH4 70a08231
81 EQ
82 PUSH2 018a
85 JUMPI
86 DUP1
87 PUSH4 95d89b41
92 EQ
93 PUSH2 01a2
96 JUMPI
97 DUP1
98 PUSH4 a9059cbb
103 EQ
104 PUSH2 01fc
107 JUMPI
108 DUP1
109 PUSH4 cae9ca51
114 EQ
115 PUSH2 022b
118 JUMPI
119 DUP1
120 PUSH4 dd62ed3e
125 EQ
126 PUSH2 038d
129 JUMPI
130 JUMPDEST
131 PUSH2 03b2
134 PUSH2 0002
137 JUMP
138 JUMPDEST
139 PUSH2 03b4
142 PUSH1 01
144 DUP1
145 SLOAD
146 PUSH1 20
148 PUSH1 02
150 DUP3
151 DUP5
152 AND
153 ISZERO
154 PUSH2 0100
157 MUL
158 PUSH1 00
160 NOT
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const bundle = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8'));
const code = bundle.artifact.runtime_bytecode.full.slice(2);
const opcodes={}; for(let i=0;i<=0xff;i++)opcodes[i]='OP_'+i.toString(16); Object.assign(opcodes,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:opcodes[b],arg}); pc+=1+(b>=0x60&&b<=0x7f?b-0x5f:0);}
for (const start of [138,230,272,301,354,463,514]) { console.log('\\n-- start', start, '--'); for (const x of ins.filter(x=>x.pc>=start && x.pc<start+70)) console.log(String(x.pc).padStart(4), x.op, x.arg);}
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
-- start 138 --
138 JUMPDEST
139 PUSH2 03b4
142 PUSH1 01
144 DUP1
145 SLOAD
146 PUSH1 20
148 PUSH1 02
150 DUP3
151 DUP5
152 AND
153 ISZERO
154 PUSH2 0100
157 MUL
158 PUSH1 00
160 NOT
161 ADD
162 SWAP1
163 SWAP3
164 AND
165 SWAP2
166 SWAP1
167 SWAP2
168 DIV
169 PUSH1 1f
171 DUP2
172 ADD
173 DUP3
174 SWAP1
175 DIV
176 SWAP1
177 SWAP2
178 MUL
179 PUSH1 80
181 SWAP1
182 DUP2
183 ADD
184 PUSH1 40
186 MSTORE
187 PUSH1 60
189 DUP3
190 DUP2
191 MSTORE
192 SWAP3
193 SWAP2
194 SWAP1
195 DUP3
196 DUP3
197 DUP1
198 ISZERO
199 PUSH2 0538
202 JUMPI
203 DUP1
204 PUSH1 1f
206 LT
207 PUSH2 050d
-- start 230 --
230 JUMPDEST
231 PUSH2 0422
234 PUSH1 04
236 SLOAD
237 DUP2
238 JUMP
239 JUMPDEST
240 PUSH2 0422
243 PUSH1 04
245 CALLDATALOAD
246 PUSH1 24
248 CALLDATALOAD
249 PUSH1 44
251 CALLDATALOAD
252 PUSH1 01
254 PUSH1 a0
256 PUSH1 02
258 EXP
259 SUB
260 DUP4
261 AND
262 PUSH1 00
264 SWAP1
265 DUP2
266 MSTORE
267 PUSH1 05
269 PUSH1 20
271 MSTORE
272 PUSH1 40
274 DUP2
275 SHA3
276 SLOAD
277 DUP3
278 SWAP1
279 LT
280 ISZERO
281 PUSH2 0540
284 JUMPI
285 PUSH2 0002
288 JUMP
289 JUMPDEST
290 PUSH2 0434
293 PUSH1 03
295 SLOAD
296 PUSH1 ff
298 AND
299 DUP2
-- start 272 --
272 PUSH1 40
274 DUP2
275 SHA3
276 SLOAD
277 DUP3
278 SWAP1
279 LT
280 ISZERO
281 PUSH2 0540
284 JUMPI
285 PUSH2 0002
288 JUMP
289 JUMPDEST
290 PUSH2 0434
293 PUSH1 03
295 SLOAD
296 PUSH1 ff
298 AND
299 DUP2
300 JUMP
301 JUMPDEST
302 PUSH2 03b4
305 PUSH1 00
307 DUP1
308 SLOAD
309 PUSH1 20
311 PUSH1 02
313 PUSH1 01
315 DUP4
316 AND
317 ISZERO
318 PUSH2 0100
321 MUL
322 PUSH1 00
324 NOT
325 ADD
326 SWAP1
327 SWAP3
328 AND
329 SWAP2
330 SWAP1
331 SWAP2
332 DIV
333 PUSH1 1f
335 DUP2
336 ADD
337 DUP3
338 SWAP1
339 DIV
340 SWAP1
341 SWAP2
-- start 301 --
301 JUMPDEST
302 PUSH2 03b4
305 PUSH1 00
307 DUP1
308 SLOAD
309 PUSH1 20
311 PUSH1 02
313 PUSH1 01
315 DUP4
316 AND
317 ISZERO
318 PUSH2 0100
321 MUL
322 PUSH1 00
324 NOT
325 ADD
326 SWAP1
327 SWAP3
328 AND
329 SWAP2
330 SWAP1
331 SWAP2
332 DIV
333 PUSH1 1f
335 DUP2
336 ADD
337 DUP3
338 SWAP1
339 DIV
340 SWAP1
341 SWAP2
342 MUL
343 PUSH1 80
345 SWAP1
346 DUP2
347 ADD
348 PUSH1 40
350 MSTORE
351 PUSH1 60
353 DUP3
354 DUP2
355 MSTORE
356 SWAP3
357 SWAP2
358 SWAP1
359 DUP3
360 DUP3
361 DUP1
362 ISZERO
363 PUSH2 0538
366 JUMPI
367 DUP1
368 PUSH1 1f
370 LT
-- start 354 --
354 DUP2
355 MSTORE
356 SWAP3
357 SWAP2
358 SWAP1
359 DUP3
360 DUP3
361 DUP1
362 ISZERO
363 PUSH2 0538
366 JUMPI
367 DUP1
368 PUSH1 1f
370 LT
371 PUSH2 050d
374 JUMPI
375 PUSH2 0100
378 DUP1
379 DUP4
380 SLOAD
381 DIV
382 MUL
383 DUP4
384 MSTORE
385 SWAP2
386 PUSH1 20
388 ADD
389 SWAP2
390 PUSH2 0538
393 JUMP
394 JUMPDEST
395 PUSH2 0422
398 PUSH1 04
400 CALLDATALOAD
401 PUSH1 05
403 PUSH1 20
405 MSTORE
406 PUSH1 00
408 SWAP1
409 DUP2
410 MSTORE
411 PUSH1 40
413 SWAP1
414 SHA3
415 SLOAD
416 DUP2
417 JUMP
418 JUMPDEST
419 PUSH2 03b4
422 PUSH1 02
-- start 463 --
464 MSTORE
465 PUSH1 60
467 DUP3
468 DUP2
469 MSTORE
470 SWAP3
471 SWAP2
472 SWAP1
473 DUP3
474 DUP3
475 DUP1
476 ISZERO
477 PUSH2 0538
480 JUMPI
481 DUP1
482 PUSH1 1f
484 LT
485 PUSH2 050d
488 JUMPI
489 PUSH2 0100
492 DUP1
493 DUP4
494 SLOAD
495 DIV
496 MUL
497 DUP4
498 MSTORE
499 SWAP2
500 PUSH1 20
502 ADD
503 SWAP2
504 PUSH2 0538
507 JUMP
508 JUMPDEST
509 PUSH2 03b2
512 PUSH1 04
514 CALLDATALOAD
515 PUSH1 24
517 CALLDATALOAD
518 PUSH1 01
520 PUSH1 a0
522 PUSH1 02
524 EXP
525 SUB
526 CALLER
527 AND
528 PUSH1 00
530 SWAP1
531 DUP2
532 MSTORE
-- start 514 --
514 CALLDATALOAD
515 PUSH1 24
517 CALLDATALOAD
518 PUSH1 01
520 PUSH1 a0
522 PUSH1 02
524 EXP
525 SUB
526 CALLER
527 AND
528 PUSH1 00
530 SWAP1
531 DUP2
532 MSTORE
533 PUSH1 05
535 PUSH1 20
537 MSTORE
538 PUSH1 40
540 SWAP1
541 SHA3
542 SLOAD
543 DUP2
544 SWAP1
545 LT
546 ISZERO
547 PUSH2 043e
550 JUMPI
551 PUSH2 0002
554 JUMP
555 JUMPDEST
556 PUSH1 80
558 PUSH1 20
560 PUSH1 44
562 CALLDATALOAD
563 PUSH1 04
565 DUP2
566 DUP2
567 ADD
568 CALLDATALOAD
569 PUSH1 1f
571 DUP2
572 ADD
573 DUP5
574 SWAP1
575 DIV
576 SWAP1
577 SWAP4
578 MUL
579 DUP5
580 ADD
581 PUSH1 40
583 MSTORE
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const code = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8')).artifact.runtime_bytecode.full.slice(2);
const names={}; for(let i=0;i<=255;i++)names[i]='OP_'+i.toString(16); Object.assign(names,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:names[b],arg}); pc += 1 + (b>=0x60&&b<=0x7f ? b-0x5f : 0);}
for (const target of [1058,1076,1086]) { console.log('\\n--',target,'--'); for (const x of ins.filter(x=>x.pc>=target && x.pc<target+40)) console.log(String(x.pc).padStart(4), x.op, x.arg); }
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
-- 1058 --
1058 JUMPDEST
1059 PUSH1 40
1061 DUP1
1062 MLOAD
1063 SWAP2
1064 DUP3
1065 MSTORE
1066 MLOAD
1067 SWAP1
1068 DUP2
1069 SWAP1
1070 SUB
1071 PUSH1 20
1073 ADD
1074 SWAP1
1075 RETURN
1076 JUMPDEST
1077 PUSH1 60
1079 SWAP1
1080 DUP2
1081 MSTORE
1082 PUSH1 20
1084 SWAP1
1085 RETURN
1086 JUMPDEST
1087 PUSH1 01
1089 PUSH1 a0
1091 PUSH1 02
1093 EXP
1094 SUB
1095 DUP3
1096 AND
1097 PUSH1 00
-- 1076 --
1076 JUMPDEST
1077 PUSH1 60
1079 SWAP1
1080 DUP2
1081 MSTORE
1082 PUSH1 20
1084 SWAP1
1085 RETURN
1086 JUMPDEST
1087 PUSH1 01
1089 PUSH1 a0
1091 PUSH1 02
1093 EXP
1094 SUB
1095 DUP3
1096 AND
1097 PUSH1 00
1099 SWAP1
1100 DUP2
1101 MSTORE
1102 PUSH1 40
1104 SWAP1
1105 SHA3
1106 SLOAD
1107 DUP1
1108 DUP3
1109 ADD
1110 LT
1111 ISZERO
1112 PUSH2 0460
1115 JUMPI
-- 1086 --
1086 JUMPDEST
1087 PUSH1 01
1089 PUSH1 a0
1091 PUSH1 02
1093 EXP
1094 SUB
1095 DUP3
1096 AND
1097 PUSH1 00
1099 SWAP1
1100 DUP2
1101 MSTORE
1102 PUSH1 40
1104 SWAP1
1105 SHA3
1106 SLOAD
1107 DUP1
1108 DUP3
1109 ADD
1110 LT
1111 ISZERO
1112 PUSH2 0460
1115 JUMPI
1116 PUSH2 0002
1119 JUMP
1120 JUMPDEST
1121 DUP1
1122 PUSH1 05
1124 PUSH1 00
exec
/bin/bash -lc 'which cast || true' in /tmp/codex-bsa6whpz
succeeded in 0ms:
/home/noahkuhn/.foundry/bin/cast
exec
/bin/bash -lc 'rg -n "5a3b7e42|cae9ca51|8f4ffcb1" /usr /home/noahkuhn 2>/dev/null' in /tmp/codex-bsa6whpz
exited 1 in 4679ms:
exec
/bin/bash -lc 'cast 4byte 0x5a3b7e42 || true
cast 4byte 0xcae9ca51 || true
cast 4byte 0x8f4ffcb1 || true' in /tmp/codex-bsa6whpz
succeeded in 0ms:
Error: error sending request for url (https://api.4byte.sourcify.dev/signature-database/v1/lookup?function=0x5a3b7e42)
Context:
- Error #0: client error (Connect)
- Error #1: dns error
- Error #2: failed to lookup address information: Temporary failure in name resolution
Error: error sending request for url (https://api.4byte.sourcify.dev/signature-database/v1/lookup?function=0xcae9ca51)
Context:
- Error #0: client error (Connect)
- Error #1: dns error
- Error #2: failed to lookup address information: Temporary failure in name resolution
Error: error sending request for url (https://api.4byte.sourcify.dev/signature-database/v1/lookup?function=0x8f4ffcb1)
Context:
- Error #0: client error (Connect)
- Error #1: dns error
- Error #2: failed to lookup address information: Temporary failure in name resolution
exec
/bin/bash -lc "node - <<'NODE'
const fs = require('fs');
const code = JSON.parse(fs.readFileSync('BYTECODE_BUNDLE.json','utf8')).artifact.runtime_bytecode.full.slice(2);
const op={}; for(let i=0;i<=255;i++)op[i]='OP_'+i.toString(16); Object.assign(op,{0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'});
let pc=0, ins=[]; for(let i=0;i<code.length;i+=2){const b=parseInt(code.slice(i,i+2),16); let arg=''; if(b>=0x60&&b<=0x7f){const n=b-0x5f; arg=code.slice(i+2,i+2+2*n); i+=2*n;} ins.push({pc,op:op[b],arg}); pc+=1+(b>=0x60&&b<=0x7f?b-0x5f:0);}
for(const x of ins.filter(x=>x.pc>=418 && x.pc<=560)) console.log(String(x.pc).padStart(4), x.op, x.arg)
NODE" in /tmp/codex-bsa6whpz
succeeded in 0ms:
418 JUMPDEST
419 PUSH2 03b4
422 PUSH1 02
424 DUP1
425 SLOAD
426 PUSH1 20
428 PUSH1 01
430 DUP3
431 AND
432 ISZERO
433 PUSH2 0100
436 MUL
437 PUSH1 00
439 NOT
440 ADD
441 SWAP1
442 SWAP2
443 AND
444 DUP3
445 SWAP1
446 DIV
447 PUSH1 1f
449 DUP2
450 ADD
451 DUP3
452 SWAP1
453 DIV
454 SWAP1
455 SWAP2
456 MUL
457 PUSH1 80
459 SWAP1
460 DUP2
461 ADD
462 PUSH1 40
464 MSTORE
465 PUSH1 60
467 DUP3
468 DUP2
469 MSTORE
470 SWAP3
471 SWAP2
472 SWAP1
473 DUP3
474 DUP3
475 DUP1
476 ISZERO
477 PUSH2 0538
480 JUMPI
481 DUP1
482 PUSH1 1f
484 LT
485 PUSH2 050d
488 JUMPI
489 PUSH2 0100
492 DUP1
493 DUP4
494 SLOAD
495 DIV
496 MUL
497 DUP4
498 MSTORE
499 SWAP2
500 PUSH1 20
502 ADD
503 SWAP2
504 PUSH2 0538
507 JUMP
508 JUMPDEST
509 PUSH2 03b2
512 PUSH1 04
514 CALLDATALOAD
515 PUSH1 24
517 CALLDATALOAD
518 PUSH1 01
520 PUSH1 a0
522 PUSH1 02
524 EXP
525 SUB
526 CALLER
527 AND
528 PUSH1 00
530 SWAP1
531 DUP2
532 MSTORE
533 PUSH1 05
535 PUSH1 20
537 MSTORE
538 PUSH1 40
540 SWAP1
541 SHA3
542 SLOAD
543 DUP2
544 SWAP1
545 LT
546 ISZERO
547 PUSH2 043e
550 JUMPI
551 PUSH2 0002
554 JUMP
555 JUMPDEST
556 PUSH1 80
558 PUSH1 20
560 PUSH1 44
exec
/bin/bash -lc "sed -n '1578,1610p' BYTECODE_BUNDLE.json" in /tmp/codex-bsa6whpz
succeeded in 0ms:
],
"start_pc": 1425
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 822,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 890,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1002,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:130",
"type": "control_flow"
},
codex
{"no_findings":false,"summary":"BYTECODE_BUNDLE.json looks like an old ERC20/HumanStandardToken-style bytecode bundle with `name/symbol/decimals/totalSupply/balanceOf/transfer/transferFrom/allowance` plus an approve-and-callback path. I did not see proxy/delegatecall/selfdestruct behavior, and the raw CALL detector appears to include two identity-precompile style memory-copy calls plus one checked callback call. The meaningful issue is the allowance-overwrite pattern on the approve-and-callback path; selector inference is best-effort, so function naming is inferred from the calldata-building evidence.","findings":[{"severity":"low","category":"auth","title":"Allowance overwrite remains front-runnable on approve-and-callback path","exploit_scenario":"A token holder gives a spender contract an allowance, then later tries to change that allowance to a different nonzero value through the callback-based approval entrypoint. The spender can front-run the change with `transferFrom` and consume the old allowance, then still use the newly written allowance after the approval transaction lands, allowing spend of both values.","recommendation":"Do not overwrite a live allowance directly. Require `oldAllowance == 0 || newAllowance == 0`, or replace this flow with `increaseAllowance`/`decreaseAllowance` style deltas or permit-style nonces. If this callback API must remain, document the race clearly and enforce zero-first updates.","evidence":"Selector inference is heuristic, but `selector:0xcae9ca51` appears to be an approve-and-callback function: it writes a double-keccak allowance slot at `pc:0x2b9`, then builds calldata for selector `0x8f4ffcb1` and performs a checked external `CALL` at `pc:0x37a`. The spender authorization is later consumed by `selector:0x23b872dd` (`transferFrom`-like), which reads the same allowance mapping at `pc:0x585` and decrements it at `pc:0x63a`. No zero-first or nonce-style guard is present in the bundle.","locations":["selector:0xcae9ca51","pc:0x2b9","pc:0x37a","selector:0x23b872dd","pc:0x585","pc:0x63a"]}]}
tokens used
153,711
{
"codex": {
"ran_at": "2026-04-05T07:22:46.988264+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3362,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "BYTECODE_BUNDLE.json looks like an old ERC20/HumanStandardToken-style bytecode bundle with `name/symbol/decimals/totalSupply/balanceOf/transfer/transferFrom/allowance` plus an approve-and-callback path. I did not see proxy/delegatecall/selfdestruct behavior, and the raw CALL detector appears to include two identity-precompile style memory-copy calls plus one checked callback call. The meaningful issue is the allowance-overwrite pattern on the approve-and-callback path; selector inference is best-effort, so function naming is inferred from the calldata-building evidence.",
"raw_final": {
"summary": "BYTECODE_BUNDLE.json looks like an old ERC20/HumanStandardToken-style bytecode bundle with `name/symbol/decimals/totalSupply/balanceOf/transfer/transferFrom/allowance` plus an approve-and-callback path. I did not see proxy/delegatecall/selfdestruct behavior, and the raw CALL detector appears to include two identity-precompile style memory-copy calls plus one checked callback call. The meaningful issue is the allowance-overwrite pattern on the approve-and-callback path; selector inference is best-effort, so function naming is inferred from the calldata-building evidence.",
"findings": [
{
"title": "Allowance overwrite remains front-runnable on approve-and-callback path",
"category": "auth",
"evidence": "Selector inference is heuristic, but `selector:0xcae9ca51` appears to be an approve-and-callback function: it writes a double-keccak allowance slot at `pc:0x2b9`, then builds calldata for selector `0x8f4ffcb1` and performs a checked external `CALL` at `pc:0x37a`. The spender authorization is later consumed by `selector:0x23b872dd` (`transferFrom`-like), which reads the same allowance mapping at `pc:0x585` and decrements it at `pc:0x63a`. No zero-first or nonce-style guard is present in the bundle.",
"severity": "low",
"locations": [
"selector:0xcae9ca51",
"pc:0x2b9",
"pc:0x37a",
"selector:0x23b872dd",
"pc:0x585",
"pc:0x63a"
],
"recommendation": "Do not overwrite a live allowance directly. Require `oldAllowance == 0 || newAllowance == 0`, or replace this flow with `increaseAllowance`/`decreaseAllowance` style deltas or permit-style nonces. If this callback API must remain, document the race clearly and enforce zero-first updates.",
"exploit_scenario": "A token holder gives a spender contract an allowance, then later tries to change that allowance to a different nonzero value through the callback-based approval entrypoint. The spender can front-run the change with `transferFrom` and consume the old allowance, then still use the newly written allowance after the approval transaction lands, allowing spend of both values."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0082 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x008a 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x00e6 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x23b872dd 00000030: EQ 00000031: PUSH2 0x00ef 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x0121 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x5a3b7e42 00000046: EQ 00000047: PUSH2 0x012d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x018a 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x95d89b41 0000005c: EQ 0000005d: PUSH2 0x01a2 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa9059cbb 00000067: EQ 00000068: PUSH2 0x01fc 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcae9ca51 00000072: EQ 00000073: PUSH2 0x022b 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xdd62ed3e 0000007d: EQ 0000007e: PUSH2 0x038d 00000081: JUMPI 00000082: JUMPDEST 00000083: PUSH2 0x03b2 00000086: PUSH2 0x0002 00000089: JUMP 0000008a: JUMPDEST 0000008b: PUSH2 0x03b4 0000008e: PUSH1 0x01 00000090: DUP1 00000091: SLOAD 00000092: PUSH1 0x20 00000094: PUSH1 0x02 00000096: DUP3 00000097: DUP5 00000098: AND 00000099: ISZERO 0000009a: PUSH2 0x0100 0000009d: MUL 0000009e: PUSH1 0x00 000000a0: NOT 000000a1: ADD 000000a2: SWAP1 000000a3: SWAP3 000000a4: AND 000000a5: SWAP2 000000a6: SWAP1 000000a7: SWAP2 000000a8: DIV 000000a9: PUSH1 0x1f 000000ab: DUP2 000000ac: ADD 000000ad: DUP3 000000ae: SWAP1 000000af: DIV 000000b0: SWAP1 000000b1: SWAP2 000000b2: MUL 000000b3: PUSH1 0x80 000000b5: SWAP1 000000b6: DUP2 000000b7: ADD 000000b8: PUSH1 0x40 000000ba: MSTORE 000000bb: PUSH1 0x60 000000bd: DUP3 000000be: DUP2 000000bf: MSTORE 000000c0: SWAP3 000000c1: SWAP2 000000c2: SWAP1 000000c3: DUP3 000000c4: DUP3 000000c5: DUP1 000000c6: ISZERO 000000c7: PUSH2 0x0538 000000ca: JUMPI 000000cb: DUP1 000000cc: PUSH1 0x1f 000000ce: LT 000000cf: PUSH2 0x050d 000000d2: JUMPI 000000d3: PUSH2 0x0100 000000d6: DUP1 000000d7: DUP4 000000d8: SLOAD 000000d9: DIV 000000da: MUL 000000db: DUP4 000000dc: MSTORE 000000dd: SWAP2 000000de: PUSH1 0x20 000000e0: ADD 000000e1: SWAP2 000000e2: PUSH2 0x0538 000000e5: JUMP 000000e6: JUMPDEST 000000e7: PUSH2 0x0422 000000ea: PUSH1 0x04 000000ec: SLOAD 000000ed: DUP2 000000ee: JUMP 000000ef: JUMPDEST 000000f0: PUSH2 0x0422 000000f3: PUSH1 0x04 000000f5: CALLDATALOAD 000000f6: PUSH1 0x24 000000f8: CALLDATALOAD 000000f9: PUSH1 0x44 000000fb: CALLDATALOAD 000000fc: PUSH1 0x01 000000fe: PUSH1 0xa0 00000100: PUSH1 0x02 00000102: EXP 00000103: SUB 00000104: DUP4 00000105: AND 00000106: PUSH1 0x00 00000108: SWAP1 00000109: DUP2 0000010a: MSTORE 0000010b: PUSH1 0x05 0000010d: PUSH1 0x20 0000010f: MSTORE 00000110: PUSH1 0x40 00000112: DUP2 00000113: KECCAK256 00000114: SLOAD 00000115: DUP3 00000116: SWAP1 00000117: LT 00000118: ISZERO 00000119: PUSH2 0x0540 0000011c: JUMPI 0000011d: PUSH2 0x0002 00000120: JUMP 00000121: JUMPDEST 00000122: PUSH2 0x0434 00000125: PUSH1 0x03 00000127: SLOAD 00000128: PUSH1 0xff 0000012a: AND 0000012b: DUP2 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x03b4 00000131: PUSH1 0x00 00000133: DUP1 00000134: SLOAD 00000135: PUSH1 0x20 00000137: PUSH1 0x02 00000139: PUSH1 0x01 0000013b: DUP4 0000013c: AND 0000013d: ISZERO 0000013e: PUSH2 0x0100 00000141: MUL 00000142: PUSH1 0x00 00000144: NOT 00000145: ADD 00000146: SWAP1 00000147: SWAP3 00000148: AND 00000149: SWAP2 0000014a: SWAP1 0000014b: SWAP2 0000014c: DIV 0000014d: PUSH1 0x1f 0000014f: DUP2 00000150: ADD 00000151: DUP3 00000152: SWAP1 00000153: DIV 00000154: SWAP1 00000155: SWAP2 00000156: MUL 00000157: PUSH1 0x80 00000159: SWAP1 0000015a: DUP2 0000015b: ADD 0000015c: PUSH1 0x40 0000015e: MSTORE 0000015f: PUSH1 0x60 00000161: DUP3 00000162: DUP2 00000163: MSTORE 00000164: SWAP3 00000165: SWAP2 00000166: SWAP1 00000167: DUP3 00000168: DUP3 00000169: DUP1 0000016a: ISZERO 0000016b: PUSH2 0x0538 0000016e: JUMPI 0000016f: DUP1 00000170: PUSH1 0x1f 00000172: LT 00000173: PUSH2 0x050d 00000176: JUMPI 00000177: PUSH2 0x0100 0000017a: DUP1 0000017b: DUP4 0000017c: SLOAD 0000017d: DIV 0000017e: MUL 0000017f: DUP4 00000180: MSTORE 00000181: SWAP2 00000182: PUSH1 0x20 00000184: ADD 00000185: SWAP2 00000186: PUSH2 0x0538 00000189: JUMP 0000018a: JUMPDEST 0000018b: PUSH2 0x0422 0000018e: PUSH1 0x04 00000190: CALLDATALOAD 00000191: PUSH1 0x05 00000193: PUSH1 0x20 00000195: MSTORE 00000196: PUSH1 0x00 00000198: SWAP1 00000199: DUP2 0000019a: MSTORE 0000019b: PUSH1 0x40 0000019d: SWAP1 0000019e: KECCAK256 0000019f: SLOAD 000001a0: DUP2 000001a1: JUMP 000001a2: JUMPDEST 000001a3: PUSH2 0x03b4 000001a6: PUSH1 0x02 000001a8: DUP1 000001a9: SLOAD 000001aa: PUSH1 0x20 000001ac: PUSH1 0x01 000001ae: DUP3 000001af: AND 000001b0: ISZERO 000001b1: PUSH2 0x0100 000001b4: MUL 000001b5: PUSH1 0x00 000001b7: NOT 000001b8: ADD 000001b9: SWAP1 000001ba: SWAP2 000001bb: AND 000001bc: DUP3 000001bd: SWAP1 000001be: DIV 000001bf: PUSH1 0x1f 000001c1: DUP2 000001c2: ADD 000001c3: DUP3 000001c4: SWAP1 000001c5: DIV 000001c6: SWAP1 000001c7: SWAP2 000001c8: MUL 000001c9: PUSH1 0x80 000001cb: SWAP1 000001cc: DUP2 000001cd: ADD 000001ce: PUSH1 0x40 000001d0: MSTORE 000001d1: PUSH1 0x60 000001d3: DUP3 000001d4: DUP2 000001d5: MSTORE 000001d6: SWAP3 000001d7: SWAP2 000001d8: SWAP1 000001d9: DUP3 000001da: DUP3 000001db: DUP1 000001dc: ISZERO 000001dd: PUSH2 0x0538 000001e0: JUMPI 000001e1: DUP1 000001e2: PUSH1 0x1f 000001e4: LT 000001e5: PUSH2 0x050d 000001e8: JUMPI 000001e9: PUSH2 0x0100 000001ec: DUP1 000001ed: DUP4 000001ee: SLOAD 000001ef: DIV 000001f0: MUL 000001f1: DUP4 000001f2: MSTORE 000001f3: SWAP2 000001f4: PUSH1 0x20 000001f6: ADD 000001f7: SWAP2 000001f8: PUSH2 0x0538 000001fb: JUMP 000001fc: JUMPDEST 000001fd: PUSH2 0x03b2 00000200: PUSH1 0x04 00000202: CALLDATALOAD 00000203: PUSH1 0x24 00000205: CALLDATALOAD 00000206: PUSH1 0x01 00000208: PUSH1 0xa0 0000020a: PUSH1 0x02 0000020c: EXP 0000020d: SUB 0000020e: CALLER 0000020f: AND 00000210: PUSH1 0x00 00000212: SWAP1 00000213: DUP2 00000214: MSTORE 00000215: PUSH1 0x05 00000217: PUSH1 0x20 00000219: MSTORE 0000021a: PUSH1 0x40 0000021c: SWAP1 0000021d: KECCAK256 0000021e: SLOAD 0000021f: DUP2 00000220: SWAP1 00000221: LT 00000222: ISZERO 00000223: PUSH2 0x043e 00000226: JUMPI 00000227: PUSH2 0x0002 0000022a: JUMP 0000022b: JUMPDEST 0000022c: PUSH1 0x80 0000022e: PUSH1 0x20 00000230: PUSH1 0x44 00000232: CALLDATALOAD 00000233: PUSH1 0x04 00000235: DUP2 00000236: DUP2 00000237: ADD 00000238: CALLDATALOAD 00000239: PUSH1 0x1f 0000023b: DUP2 0000023c: ADD 0000023d: DUP5 0000023e: SWAP1 0000023f: DIV 00000240: SWAP1 00000241: SWAP4 00000242: MUL 00000243: DUP5 00000244: ADD 00000245: PUSH1 0x40 00000247: MSTORE 00000248: PUSH1 0x60 0000024a: DUP4 0000024b: DUP2 0000024c: MSTORE 0000024d: PUSH2 0x0422 00000250: SWAP5 00000251: DUP3 00000252: CALLDATALOAD 00000253: SWAP5 00000254: PUSH1 0x24 00000256: DUP1 00000257: CALLDATALOAD 00000258: SWAP6 00000259: PUSH1 0x64 0000025b: SWAP5 0000025c: SWAP4 0000025d: SWAP2 0000025e: ADD 0000025f: SWAP2 00000260: SWAP1 00000261: DUP2 00000262: SWAP1 00000263: DUP4 00000264: DUP3 00000265: DUP1 00000266: DUP3 00000267: DUP5 00000268: CALLDATACOPY 00000269: POP 0000026a: SWAP5 0000026b: SWAP7 0000026c: POP 0000026d: POP 0000026e: POP 0000026f: POP 00000270: POP 00000271: POP 00000272: POP 00000273: PUSH1 0x00 00000275: PUSH1 0x00 00000277: DUP4 00000278: PUSH1 0x06 0000027a: PUSH1 0x00 0000027c: POP 0000027d: PUSH1 0x00 0000027f: CALLER 00000280: PUSH1 0x01 00000282: PUSH1 0xa0 00000284: PUSH1 0x02 00000286: EXP 00000287: SUB 00000288: AND 00000289: DUP2 0000028a: MSTORE 0000028b: PUSH1 0x20 0000028d: ADD 0000028e: SWAP1 0000028f: DUP2 00000290: MSTORE 00000291: PUSH1 0x20 00000293: ADD 00000294: PUSH1 0x00 00000296: KECCAK256 00000297: PUSH1 0x00 00000299: POP 0000029a: PUSH1 0x00 0000029c: DUP8 0000029d: PUSH1 0x01 0000029f: PUSH1 0xa0 000002a1: PUSH1 0x02 000002a3: EXP 000002a4: SUB 000002a5: AND 000002a6: DUP2 000002a7: MSTORE 000002a8: PUSH1 0x20 000002aa: ADD 000002ab: SWAP1 000002ac: DUP2 000002ad: MSTORE 000002ae: PUSH1 0x20 000002b0: ADD 000002b1: PUSH1 0x00 000002b3: KECCAK256 000002b4: PUSH1 0x00 000002b6: POP 000002b7: DUP2 000002b8: SWAP1 000002b9: SSTORE 000002ba: POP 000002bb: DUP5 000002bc: SWAP1 000002bd: POP 000002be: DUP1 000002bf: PUSH1 0x01 000002c1: PUSH1 0xa0 000002c3: PUSH1 0x02 000002c5: EXP 000002c6: SUB 000002c7: AND 000002c8: PUSH4 0x8f4ffcb1 000002cd: CALLER 000002ce: DUP7 000002cf: ADDRESS 000002d0: DUP8 000002d1: PUSH1 0x40 000002d3: MLOAD 000002d4: DUP6 000002d5: PUSH1 0xe0 000002d7: PUSH1 0x02 000002d9: EXP 000002da: MUL 000002db: DUP2 000002dc: MSTORE 000002dd: PUSH1 0x04 000002df: ADD 000002e0: DUP1 000002e1: DUP6 000002e2: PUSH1 0x01 000002e4: PUSH1 0xa0 000002e6: PUSH1 0x02 000002e8: EXP 000002e9: SUB 000002ea: AND 000002eb: DUP2 000002ec: MSTORE 000002ed: PUSH1 0x20 000002ef: ADD 000002f0: DUP5 000002f1: DUP2 000002f2: MSTORE 000002f3: PUSH1 0x20 000002f5: ADD 000002f6: DUP4 000002f7: PUSH1 0x01 000002f9: PUSH1 0xa0 000002fb: PUSH1 0x02 000002fd: EXP 000002fe: SUB 000002ff: AND 00000300: DUP2 00000301: MSTORE 00000302: PUSH1 0x20 00000304: ADD 00000305: DUP1 00000306: PUSH1 0x20 00000308: ADD 00000309: DUP3 0000030a: DUP2 0000030b: SUB 0000030c: DUP3 0000030d: MSTORE 0000030e: DUP4 0000030f: DUP2 00000310: DUP2 00000311: MLOAD 00000312: DUP2 00000313: MSTORE 00000314: PUSH1 0x20 00000316: ADD 00000317: SWAP2 00000318: POP 00000319: DUP1 0000031a: MLOAD 0000031b: SWAP1 0000031c: PUSH1 0x20 0000031e: ADD 0000031f: SWAP1 00000320: DUP1 00000321: DUP4 00000322: DUP4 00000323: DUP3 00000324: SWAP1 00000325: PUSH1 0x00 00000327: PUSH1 0x04 00000329: PUSH1 0x20 0000032b: DUP5 0000032c: PUSH1 0x1f 0000032e: ADD 0000032f: DIV 00000330: PUSH1 0x0f 00000332: MUL 00000333: PUSH1 0x03 00000335: ADD 00000336: CALL 00000337: POP 00000338: SWAP1 00000339: POP 0000033a: SWAP1 0000033b: DUP2 0000033c: ADD 0000033d: SWAP1 0000033e: PUSH1 0x1f 00000340: AND 00000341: DUP1 00000342: ISZERO 00000343: PUSH2 0x0360 00000346: JUMPI 00000347: DUP1 00000348: DUP3 00000349: SUB 0000034a: DUP1 0000034b: MLOAD 0000034c: PUSH1 0x01 0000034e: DUP4 0000034f: PUSH1 0x20 00000351: SUB 00000352: PUSH2 0x0100 00000355: EXP 00000356: SUB 00000357: NOT 00000358: AND 00000359: DUP2 0000035a: MSTORE 0000035b: PUSH1 0x20 0000035d: ADD 0000035e: SWAP2 0000035f: POP 00000360: JUMPDEST 00000361: POP 00000362: SWAP6 00000363: POP 00000364: POP 00000365: POP 00000366: POP 00000367: POP 00000368: POP 00000369: PUSH1 0x00 0000036b: PUSH1 0x40 0000036d: MLOAD 0000036e: DUP1 0000036f: DUP4 00000370: SUB 00000371: DUP2 00000372: PUSH1 0x00 00000374: DUP8 00000375: PUSH2 0x61da 00000378: GAS 00000379: SUB 0000037a: CALL 0000037b: ISZERO 0000037c: PUSH2 0x0002 0000037f: JUMPI 00000380: POP 00000381: PUSH1 0x01 00000383: SWAP8 00000384: SWAP7 00000385: POP 00000386: POP 00000387: POP 00000388: POP 00000389: POP 0000038a: POP 0000038b: POP 0000038c: JUMP 0000038d: JUMPDEST 0000038e: PUSH1 0x06 00000390: PUSH1 0x20 00000392: SWAP1 00000393: DUP2 00000394: MSTORE 00000395: PUSH1 0x04 00000397: CALLDATALOAD 00000398: PUSH1 0x00 0000039a: SWAP1 0000039b: DUP2 0000039c: MSTORE 0000039d: PUSH1 0x40 0000039f: DUP1 000003a0: DUP3 000003a1: KECCAK256 000003a2: SWAP1 000003a3: SWAP3 000003a4: MSTORE 000003a5: PUSH1 0x24 000003a7: CALLDATALOAD 000003a8: DUP2 000003a9: MSTORE 000003aa: KECCAK256 000003ab: SLOAD 000003ac: PUSH2 0x0422 000003af: SWAP1 000003b0: DUP2 000003b1: JUMP 000003b2: JUMPDEST 000003b3: STOP 000003b4: JUMPDEST 000003b5: PUSH1 0x40 000003b7: MLOAD 000003b8: DUP1 000003b9: DUP1 000003ba: PUSH1 0x20 000003bc: ADD 000003bd: DUP3 000003be: DUP2 000003bf: SUB 000003c0: DUP3 000003c1: MSTORE 000003c2: DUP4 000003c3: DUP2 000003c4: DUP2 000003c5: MLOAD 000003c6: DUP2 000003c7: MSTORE 000003c8: PUSH1 0x20 000003ca: ADD 000003cb: SWAP2 000003cc: POP 000003cd: DUP1 000003ce: MLOAD 000003cf: SWAP1 000003d0: PUSH1 0x20 000003d2: ADD 000003d3: SWAP1 000003d4: DUP1 000003d5: DUP4 000003d6: DUP4 000003d7: DUP3 000003d8: SWAP1 000003d9: PUSH1 0x00 000003db: PUSH1 0x04 000003dd: PUSH1 0x20 000003df: DUP5 000003e0: PUSH1 0x1f 000003e2: ADD 000003e3: DIV 000003e4: PUSH1 0x0f 000003e6: MUL 000003e7: PUSH1 0x03 000003e9: ADD 000003ea: CALL 000003eb: POP 000003ec: SWAP1 000003ed: POP 000003ee: SWAP1 000003ef: DUP2 000003f0: ADD 000003f1: SWAP1 000003f2: PUSH1 0x1f 000003f4: AND 000003f5: DUP1 000003f6: ISZERO 000003f7: PUSH2 0x0414 000003fa: JUMPI 000003fb: DUP1 000003fc: DUP3 000003fd: SUB 000003fe: DUP1 000003ff: MLOAD 00000400: PUSH1 0x01 00000402: DUP4 00000403: PUSH1 0x20 00000405: SUB 00000406: PUSH2 0x0100 00000409: EXP 0000040a: SUB 0000040b: NOT 0000040c: AND 0000040d: DUP2 0000040e: MSTORE 0000040f: PUSH1 0x20 00000411: ADD 00000412: SWAP2 00000413: POP 00000414: JUMPDEST 00000415: POP 00000416: SWAP3 00000417: POP 00000418: POP 00000419: POP 0000041a: PUSH1 0x40 0000041c: MLOAD 0000041d: DUP1 0000041e: SWAP2 0000041f: SUB 00000420: SWAP1 00000421: RETURN 00000422: JUMPDEST 00000423: PUSH1 0x40 00000425: DUP1 00000426: MLOAD 00000427: SWAP2 00000428: DUP3 00000429: MSTORE 0000042a: MLOAD 0000042b: SWAP1 0000042c: DUP2 0000042d: SWAP1 0000042e: SUB 0000042f: PUSH1 0x20 00000431: ADD 00000432: SWAP1 00000433: RETURN 00000434: JUMPDEST 00000435: PUSH1 0x60 00000437: SWAP1 00000438: DUP2 00000439: MSTORE 0000043a: PUSH1 0x20 0000043c: SWAP1 0000043d: RETURN 0000043e: JUMPDEST 0000043f: PUSH1 0x01 00000441: PUSH1 0xa0 00000443: PUSH1 0x02 00000445: EXP 00000446: SUB 00000447: DUP3 00000448: AND 00000449: PUSH1 0x00 0000044b: SWAP1 0000044c: DUP2 0000044d: MSTORE 0000044e: PUSH1 0x40 00000450: SWAP1 00000451: KECCAK256 00000452: SLOAD 00000453: DUP1 00000454: DUP3 00000455: ADD 00000456: LT 00000457: ISZERO 00000458: PUSH2 0x0460 0000045b: JUMPI 0000045c: PUSH2 0x0002 0000045f: JUMP 00000460: JUMPDEST 00000461: DUP1 00000462: PUSH1 0x05 00000464: PUSH1 0x00 00000466: POP 00000467: PUSH1 0x00 00000469: CALLER 0000046a: PUSH1 0x01 0000046c: PUSH1 0xa0 0000046e: PUSH1 0x02 00000470: EXP 00000471: SUB 00000472: AND 00000473: DUP2 00000474: MSTORE 00000475: PUSH1 0x20 00000477: ADD 00000478: SWAP1 00000479: DUP2 0000047a: MSTORE 0000047b: PUSH1 0x20 0000047d: ADD 0000047e: PUSH1 0x00 00000480: KECCAK256 00000481: PUSH1 0x00 00000483: DUP3 00000484: DUP3 00000485: DUP3 00000486: POP 00000487: SLOAD 00000488: SUB 00000489: SWAP3 0000048a: POP 0000048b: POP 0000048c: DUP2 0000048d: SWAP1 0000048e: SSTORE 0000048f: POP 00000490: DUP1 00000491: PUSH1 0x05 00000493: PUSH1 0x00 00000495: POP 00000496: PUSH1 0x00 00000498: DUP5 00000499: PUSH1 0x01 0000049b: PUSH1 0xa0 0000049d: PUSH1 0x02 0000049f: EXP 000004a0: SUB 000004a1: AND 000004a2: DUP2 000004a3: MSTORE 000004a4: PUSH1 0x20 000004a6: ADD 000004a7: SWAP1 000004a8: DUP2 000004a9: MSTORE 000004aa: PUSH1 0x20 000004ac: ADD 000004ad: PUSH1 0x00 000004af: KECCAK256 000004b0: PUSH1 0x00 000004b2: DUP3 000004b3: DUP3 000004b4: DUP3 000004b5: POP 000004b6: SLOAD 000004b7: ADD 000004b8: SWAP3 000004b9: POP 000004ba: POP 000004bb: DUP2 000004bc: SWAP1 000004bd: SSTORE 000004be: POP 000004bf: DUP2 000004c0: PUSH1 0x01 000004c2: PUSH1 0xa0 000004c4: PUSH1 0x02 000004c6: EXP 000004c7: SUB 000004c8: AND 000004c9: CALLER 000004ca: PUSH1 0x01 000004cc: PUSH1 0xa0 000004ce: PUSH1 0x02 000004d0: EXP 000004d1: SUB 000004d2: AND 000004d3: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004f4: DUP4 000004f5: PUSH1 0x40 000004f7: MLOAD 000004f8: DUP1 000004f9: DUP3 000004fa: DUP2 000004fb: MSTORE 000004fc: PUSH1 0x20 000004fe: ADD 000004ff: SWAP2 00000500: POP 00000501: POP 00000502: PUSH1 0x40 00000504: MLOAD 00000505: DUP1 00000506: SWAP2 00000507: SUB 00000508: SWAP1 00000509: LOG3 0000050a: POP 0000050b: POP 0000050c: JUMP 0000050d: JUMPDEST 0000050e: DUP3 0000050f: ADD 00000510: SWAP2 00000511: SWAP1 00000512: PUSH1 0x00 00000514: MSTORE 00000515: PUSH1 0x20 00000517: PUSH1 0x00 00000519: KECCAK256 0000051a: SWAP1 0000051b: JUMPDEST 0000051c: DUP2 0000051d: SLOAD 0000051e: DUP2 0000051f: MSTORE 00000520: SWAP1 00000521: PUSH1 0x01 00000523: ADD 00000524: SWAP1 00000525: PUSH1 0x20 00000527: ADD 00000528: DUP1 00000529: DUP4 0000052a: GT 0000052b: PUSH2 0x051b 0000052e: JUMPI 0000052f: DUP3 00000530: SWAP1 00000531: SUB 00000532: PUSH1 0x1f 00000534: AND 00000535: DUP3 00000536: ADD 00000537: SWAP2 00000538: JUMPDEST 00000539: POP 0000053a: POP 0000053b: POP 0000053c: POP 0000053d: POP 0000053e: DUP2 0000053f: JUMP 00000540: JUMPDEST 00000541: PUSH1 0x01 00000543: PUSH1 0xa0 00000545: PUSH1 0x02 00000547: EXP 00000548: SUB 00000549: DUP4 0000054a: AND 0000054b: DUP2 0000054c: MSTORE 0000054d: PUSH1 0x40 0000054f: DUP2 00000550: KECCAK256 00000551: SLOAD 00000552: DUP1 00000553: DUP4 00000554: ADD 00000555: LT 00000556: ISZERO 00000557: PUSH2 0x055f 0000055a: JUMPI 0000055b: PUSH2 0x0002 0000055e: JUMP 0000055f: JUMPDEST 00000560: PUSH1 0x01 00000562: PUSH1 0xa0 00000564: PUSH1 0x02 00000566: EXP 00000567: SUB 00000568: DUP1 00000569: DUP6 0000056a: AND 0000056b: DUP3 0000056c: MSTORE 0000056d: PUSH1 0x06 0000056f: PUSH1 0x20 00000571: SWAP1 00000572: DUP2 00000573: MSTORE 00000574: PUSH1 0x40 00000576: DUP1 00000577: DUP5 00000578: KECCAK256 00000579: CALLER 0000057a: SWAP4 0000057b: SWAP1 0000057c: SWAP4 0000057d: AND 0000057e: DUP5 0000057f: MSTORE 00000580: SWAP2 00000581: SWAP1 00000582: MSTORE 00000583: DUP2 00000584: KECCAK256 00000585: SLOAD 00000586: DUP3 00000587: GT 00000588: ISZERO 00000589: PUSH2 0x0591 0000058c: JUMPI 0000058d: PUSH2 0x0002 00000590: JUMP 00000591: JUMPDEST 00000592: DUP2 00000593: PUSH1 0x05 00000595: PUSH1 0x00 00000597: POP 00000598: PUSH1 0x00 0000059a: DUP7 0000059b: PUSH1 0x01 0000059d: PUSH1 0xa0 0000059f: PUSH1 0x02 000005a1: EXP 000005a2: SUB 000005a3: AND 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x20 000005a8: ADD 000005a9: SWAP1 000005aa: DUP2 000005ab: MSTORE 000005ac: PUSH1 0x20 000005ae: ADD 000005af: PUSH1 0x00 000005b1: KECCAK256 000005b2: PUSH1 0x00 000005b4: DUP3 000005b5: DUP3 000005b6: DUP3 000005b7: POP 000005b8: SLOAD 000005b9: SUB 000005ba: SWAP3 000005bb: POP 000005bc: POP 000005bd: DUP2 000005be: SWAP1 000005bf: SSTORE 000005c0: POP 000005c1: DUP2 000005c2: PUSH1 0x05 000005c4: PUSH1 0x00 000005c6: POP 000005c7: PUSH1 0x00 000005c9: DUP6 000005ca: PUSH1 0x01 000005cc: PUSH1 0xa0 000005ce: PUSH1 0x02 000005d0: EXP 000005d1: SUB 000005d2: AND 000005d3: DUP2 000005d4: MSTORE 000005d5: PUSH1 0x20 000005d7: ADD 000005d8: SWAP1 000005d9: DUP2 000005da: MSTORE 000005db: PUSH1 0x20 000005dd: ADD 000005de: PUSH1 0x00 000005e0: KECCAK256 000005e1: PUSH1 0x00 000005e3: DUP3 000005e4: DUP3 000005e5: DUP3 000005e6: POP 000005e7: SLOAD 000005e8: ADD 000005e9: SWAP3 000005ea: POP 000005eb: POP 000005ec: DUP2 000005ed: SWAP1 000005ee: SSTORE 000005ef: POP 000005f0: DUP2 000005f1: PUSH1 0x06 000005f3: PUSH1 0x00 000005f5: POP 000005f6: PUSH1 0x00 000005f8: DUP7 000005f9: PUSH1 0x01 000005fb: PUSH1 0xa0 000005fd: PUSH1 0x02 000005ff: EXP 00000600: SUB 00000601: AND 00000602: DUP2 00000603: MSTORE 00000604: PUSH1 0x20 00000606: ADD 00000607: SWAP1 00000608: DUP2 00000609: MSTORE 0000060a: PUSH1 0x20 0000060c: ADD 0000060d: PUSH1 0x00 0000060f: KECCAK256 00000610: PUSH1 0x00 00000612: POP 00000613: PUSH1 0x00 00000615: CALLER 00000616: PUSH1 0x01 00000618: PUSH1 0xa0 0000061a: PUSH1 0x02 0000061c: EXP 0000061d: SUB 0000061e: AND 0000061f: DUP2 00000620: MSTORE 00000621: PUSH1 0x20 00000623: ADD 00000624: SWAP1 00000625: DUP2 00000626: MSTORE 00000627: PUSH1 0x20 00000629: ADD 0000062a: PUSH1 0x00 0000062c: KECCAK256 0000062d: PUSH1 0x00 0000062f: DUP3 00000630: DUP3 00000631: DUP3 00000632: POP 00000633: SLOAD 00000634: SUB 00000635: SWAP3 00000636: POP 00000637: POP 00000638: DUP2 00000639: SWAP1 0000063a: SSTORE 0000063b: POP 0000063c: DUP3 0000063d: PUSH1 0x01 0000063f: PUSH1 0xa0 00000641: PUSH1 0x02 00000643: EXP 00000644: SUB 00000645: AND 00000646: DUP5 00000647: PUSH1 0x01 00000649: PUSH1 0xa0 0000064b: PUSH1 0x02 0000064d: EXP 0000064e: SUB 0000064f: AND 00000650: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 00000671: DUP5 00000672: PUSH1 0x40 00000674: MLOAD 00000675: DUP1 00000676: DUP3 00000677: DUP2 00000678: MSTORE 00000679: PUSH1 0x20 0000067b: ADD 0000067c: SWAP2 0000067d: POP 0000067e: POP 0000067f: PUSH1 0x40 00000681: MLOAD 00000682: DUP1 00000683: SWAP2 00000684: SUB 00000685: SWAP1 00000686: LOG3 00000687: POP 00000688: PUSH1 0x01 0000068a: SWAP4 0000068b: SWAP3 0000068c: POP 0000068d: POP 0000068e: POP 0000068f: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02
call_targets:
0x0000000000000000000000000000000000000004, 0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 822,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 890,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02
call_targets:
0x0000000000000000000000000000000000000004, 0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xbec1331939e5ecfb985668096e3f6a1a69fbf11f3689383afab315ba2851ae02",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 822,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 890,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| low | auth | codex | Allowance overwrite remains front-runnable on approve-and-callback path | 65 | no | — |
viewevidence_json{
"evidence": "Selector inference is heuristic, but `selector:0xcae9ca51` appears to be an approve-and-callback function: it writes a double-keccak allowance slot at `pc:0x2b9`, then builds calldata for selector `0x8f4ffcb1` and performs a checked external `CALL` at `pc:0x37a`. The spender authorization is later consumed by `selector:0x23b872dd` (`transferFrom`-like), which reads the same allowance mapping at `pc:0x585` and decrements it at `pc:0x63a`. No zero-first or nonce-style guard is present in the bundle.",
"locations": [
"selector:0xcae9ca51",
"pc:0x2b9",
"pc:0x37a",
"selector:0x23b872dd",
"pc:0x585",
"pc:0x63a"
],
"recommendation": "Do not overwrite a live allowance directly. Require `oldAllowance == 0 || newAllowance == 0`, or replace this flow with `increaseAllowance`/`decreaseAllowance` style deltas or permit-style nonces. If this callback API must remain, document the race clearly and enforce zero-first updates.",
"exploit_scenario": "A token holder gives a spender contract an allowance, then later tries to change that allowance to a different nonzero value through the callback-based approval entrypoint. The spender can front-run the change with `transferFrom` and consume the old allowance, then still use the newly written allowance after the approval transaction lands, allowing spend of both values."
}
|