TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-46e4-719a-872f-5e3715eba29e

complete
Chain ID
1
Address
0x38f9a4fb39e27d6b9a7babb098703596bb16716a
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
ETH value transfer possible
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
6219 artifact.fetch complete 1 / 3 3 months ago
6220 tool.cast_disasm complete 1 / 3 3 months ago
81143 analysis.bundle complete 1 / 3 1 week ago
81144 capability.graph complete 1 / 3 1 week ago
81145 detector.run complete 1 / 3 1 week ago
81146 validation.fork complete 1 / 3 1 week ago
113628 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-s8xmk7ou
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c99-9e12-7271-aaeb-7774104b31e7
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:44:26.595640+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 3306,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
0
Total opcodes
1146
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0098
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x00a0
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x095ea7b3
00000025: EQ
00000026: PUSH2 0x00fd
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x18160ddd
00000030: EQ
00000031: PUSH2 0x0167
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x23b872dd
0000003b: EQ
0000003c: PUSH2 0x0199
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x313ce567
00000046: EQ
00000047: PUSH2 0x02d1
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x378dc3dc
00000051: EQ
00000052: PUSH2 0x02dd
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0x70a08231
0000005c: EQ
0000005d: PUSH2 0x02e6
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0x70d5ae05
00000067: EQ
00000068: PUSH2 0x02fe
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0x95d89b41
00000072: EQ
00000073: PUSH2 0x0310
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0xa9059cbb
0000007d: EQ
0000007e: PUSH2 0x036c
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0xcae9ca51
00000088: EQ
00000089: PUSH2 0x03ff
0000008c: JUMPI
0000008d: DUP1
0000008e: PUSH4 0xdd62ed3e
00000093: EQ
00000094: PUSH2 0x059f
00000097: JUMPI
00000098: JUMPDEST
00000099: PUSH2 0x0000
0000009c: PUSH2 0x0002
0000009f: JUMP
000000a0: JUMPDEST
000000a1: PUSH2 0x05c4
000000a4: PUSH1 0x00
000000a6: DUP1
000000a7: SLOAD
000000a8: PUSH1 0x20
000000aa: PUSH1 0x02
000000ac: PUSH1 0x01
000000ae: DUP4
000000af: AND
000000b0: ISZERO
000000b1: PUSH2 0x0100
000000b4: MUL
000000b5: PUSH1 0x00
000000b7: NOT
000000b8: ADD
000000b9: SWAP1
000000ba: SWAP3
000000bb: AND
000000bc: SWAP2
000000bd: SWAP1
000000be: SWAP2
000000bf: DIV
000000c0: PUSH1 0x1f
000000c2: DUP2
000000c3: ADD
000000c4: DUP3
000000c5: SWAP1
000000c6: DIV
000000c7: SWAP1
000000c8: SWAP2
000000c9: MUL
000000ca: PUSH1 0x80
000000cc: SWAP1
000000cd: DUP2
000000ce: ADD
000000cf: PUSH1 0x40
000000d1: MSTORE
000000d2: PUSH1 0x60
000000d4: DUP3
000000d5: DUP2
000000d6: MSTORE
000000d7: SWAP3
000000d8: SWAP2
000000d9: SWAP1
000000da: DUP3
000000db: DUP3
000000dc: DUP1
000000dd: ISZERO
000000de: PUSH2 0x0667
000000e1: JUMPI
000000e2: DUP1
000000e3: PUSH1 0x1f
000000e5: LT
000000e6: PUSH2 0x063c
000000e9: JUMPI
000000ea: PUSH2 0x0100
000000ed: DUP1
000000ee: DUP4
000000ef: SLOAD
000000f0: DIV
000000f1: MUL
000000f2: DUP4
000000f3: MSTORE
000000f4: SWAP2
000000f5: PUSH1 0x20
000000f7: ADD
000000f8: SWAP2
000000f9: PUSH2 0x0667
000000fc: JUMP
000000fd: JUMPDEST
000000fe: PUSH2 0x0187
00000101: PUSH1 0x04
00000103: CALLDATALOAD
00000104: PUSH1 0x24
00000106: CALLDATALOAD
00000107: PUSH1 0x01
00000109: PUSH1 0xa0
0000010b: PUSH1 0x02
0000010d: EXP
0000010e: SUB
0000010f: CALLER
00000110: DUP2
00000111: AND
00000112: PUSH1 0x00
00000114: DUP2
00000115: DUP2
00000116: MSTORE
00000117: PUSH1 0x06
00000119: PUSH1 0x20
0000011b: SWAP1
0000011c: DUP2
0000011d: MSTORE
0000011e: PUSH1 0x40
00000120: DUP1
00000121: DUP4
00000122: KECCAK256
00000123: SWAP5
00000124: DUP8
00000125: AND
00000126: DUP1
00000127: DUP5
00000128: MSTORE
00000129: SWAP5
0000012a: DUP3
0000012b: MSTORE
0000012c: DUP3
0000012d: KECCAK256
0000012e: DUP6
0000012f: SWAP1
00000130: SSTORE
00000131: PUSH1 0x60
00000133: DUP6
00000134: DUP2
00000135: MSTORE
00000136: SWAP2
00000137: SWAP4
00000138: SWAP3
00000139: SWAP2
0000013a: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
0000015b: SWAP2
0000015c: SWAP1
0000015d: LOG3
0000015e: POP
0000015f: PUSH1 0x01
00000161: JUMPDEST
00000162: SWAP3
00000163: SWAP2
00000164: POP
00000165: POP
00000166: JUMP
00000167: JUMPDEST
00000168: PUSH1 0x04
0000016a: SLOAD
0000016b: PUSH1 0x01
0000016d: PUSH1 0xa0
0000016f: PUSH1 0x02
00000171: EXP
00000172: SUB
00000173: AND
00000174: PUSH1 0x00
00000176: SWAP1
00000177: DUP2
00000178: MSTORE
00000179: PUSH1 0x05
0000017b: PUSH1 0x20
0000017d: MSTORE
0000017e: PUSH1 0x40
00000180: SWAP1
00000181: KECCAK256
00000182: SLOAD
00000183: PUSH1 0x03
00000185: SLOAD
00000186: SUB
00000187: JUMPDEST
00000188: PUSH1 0x40
0000018a: DUP1
0000018b: MLOAD
0000018c: SWAP2
0000018d: DUP3
0000018e: MSTORE
0000018f: MLOAD
00000190: SWAP1
00000191: DUP2
00000192: SWAP1
00000193: SUB
00000194: PUSH1 0x20
00000196: ADD
00000197: SWAP1
00000198: RETURN
00000199: JUMPDEST
0000019a: PUSH2 0x0187
0000019d: PUSH1 0x04
0000019f: CALLDATALOAD
000001a0: PUSH1 0x24
000001a2: CALLDATALOAD
000001a3: PUSH1 0x44
000001a5: CALLDATALOAD
000001a6: PUSH1 0x01
000001a8: PUSH1 0xa0
000001aa: PUSH1 0x02
000001ac: EXP
000001ad: SUB
000001ae: DUP4
000001af: AND
000001b0: PUSH1 0x00
000001b2: SWAP1
000001b3: DUP2
000001b4: MSTORE
000001b5: PUSH1 0x05
000001b7: PUSH1 0x20
000001b9: MSTORE
000001ba: PUSH1 0x40
000001bc: DUP2
000001bd: KECCAK256
000001be: SLOAD
000001bf: DUP3
000001c0: SWAP1
000001c1: LT
000001c2: DUP1
000001c3: ISZERO
000001c4: SWAP1
000001c5: PUSH2 0x01ec
000001c8: JUMPI
000001c9: POP
000001ca: PUSH1 0x06
000001cc: PUSH1 0x20
000001ce: SWAP1
000001cf: DUP2
000001d0: MSTORE
000001d1: PUSH1 0x40
000001d3: DUP1
000001d4: DUP4
000001d5: KECCAK256
000001d6: PUSH1 0x01
000001d8: PUSH1 0xa0
000001da: PUSH1 0x02
000001dc: EXP
000001dd: SUB
000001de: CALLER
000001df: AND
000001e0: DUP5
000001e1: MSTORE
000001e2: SWAP1
000001e3: SWAP2
000001e4: MSTORE
000001e5: DUP2
000001e6: KECCAK256
000001e7: SLOAD
000001e8: DUP3
000001e9: SWAP1
000001ea: LT
000001eb: ISZERO
000001ec: JUMPDEST
000001ed: DUP1
000001ee: ISZERO
000001ef: PUSH2 0x01f8
000001f2: JUMPI
000001f3: POP
000001f4: PUSH1 0x00
000001f6: DUP3
000001f7: GT
000001f8: JUMPDEST
000001f9: ISZERO
000001fa: PUSH2 0x02ca
000001fd: JUMPI
000001fe: PUSH1 0x01
00000200: PUSH1 0xa0
00000202: PUSH1 0x02
00000204: EXP
00000205: SUB
00000206: DUP1
00000207: DUP5
00000208: AND
00000209: DUP1
0000020a: DUP4
0000020b: MSTORE
0000020c: PUSH1 0x05
0000020e: PUSH1 0x20
00000210: SWAP1
00000211: DUP2
00000212: MSTORE
00000213: PUSH1 0x40
00000215: DUP5
00000216: KECCAK256
00000217: DUP1
00000218: SLOAD
00000219: DUP7
0000021a: ADD
0000021b: SWAP1
0000021c: SSTORE
0000021d: PUSH1 0x60
0000021f: DUP6
00000220: DUP2
00000221: MSTORE
00000222: SWAP2
00000223: SWAP3
00000224: DUP8
00000225: AND
00000226: SWAP2
00000227: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
00000248: SWAP2
00000249: SWAP1
0000024a: LOG3
0000024b: DUP2
0000024c: PUSH1 0x05
0000024e: PUSH1 0x00
00000250: POP
00000251: PUSH1 0x00
00000253: DUP7
00000254: PUSH1 0x01
00000256: PUSH1 0xa0
00000258: PUSH1 0x02
0000025a: EXP
0000025b: SUB
0000025c: AND
0000025d: DUP2
0000025e: MSTORE
0000025f: PUSH1 0x20
00000261: ADD
00000262: SWAP1
00000263: DUP2
00000264: MSTORE
00000265: PUSH1 0x20
00000267: ADD
00000268: PUSH1 0x00
0000026a: KECCAK256
0000026b: PUSH1 0x00
0000026d: DUP3
0000026e: DUP3
0000026f: DUP3
00000270: POP
00000271: SLOAD
00000272: SUB
00000273: SWAP3
00000274: POP
00000275: POP
00000276: DUP2
00000277: SWAP1
00000278: SSTORE
00000279: POP
0000027a: DUP2
0000027b: PUSH1 0x06
0000027d: PUSH1 0x00
0000027f: POP
00000280: PUSH1 0x00
00000282: DUP7
00000283: PUSH1 0x01
00000285: PUSH1 0xa0
00000287: PUSH1 0x02
00000289: EXP
0000028a: SUB
0000028b: AND
0000028c: DUP2
0000028d: MSTORE
0000028e: PUSH1 0x20
00000290: ADD
00000291: SWAP1
00000292: DUP2
00000293: MSTORE
00000294: PUSH1 0x20
00000296: ADD
00000297: PUSH1 0x00
00000299: KECCAK256
0000029a: PUSH1 0x00
0000029c: POP
0000029d: PUSH1 0x00
0000029f: CALLER
000002a0: PUSH1 0x01
000002a2: PUSH1 0xa0
000002a4: PUSH1 0x02
000002a6: EXP
000002a7: SUB
000002a8: AND
000002a9: DUP2
000002aa: MSTORE
000002ab: PUSH1 0x20
000002ad: ADD
000002ae: SWAP1
000002af: DUP2
000002b0: MSTORE
000002b1: PUSH1 0x20
000002b3: ADD
000002b4: PUSH1 0x00
000002b6: KECCAK256
000002b7: PUSH1 0x00
000002b9: DUP3
000002ba: DUP3
000002bb: DUP3
000002bc: POP
000002bd: SLOAD
000002be: SUB
000002bf: SWAP3
000002c0: POP
000002c1: POP
000002c2: DUP2
000002c3: SWAP1
000002c4: SSTORE
000002c5: POP
000002c6: PUSH1 0x01
000002c8: SWAP1
000002c9: POP
000002ca: JUMPDEST
000002cb: SWAP4
000002cc: SWAP3
000002cd: POP
000002ce: POP
000002cf: POP
000002d0: JUMP
000002d1: JUMPDEST
000002d2: PUSH2 0x0632
000002d5: PUSH1 0x02
000002d7: SLOAD
000002d8: PUSH1 0xff
000002da: AND
000002db: DUP2
000002dc: JUMP
000002dd: JUMPDEST
000002de: PUSH2 0x0187
000002e1: PUSH1 0x03
000002e3: SLOAD
000002e4: DUP2
000002e5: JUMP
000002e6: JUMPDEST
000002e7: PUSH2 0x0187
000002ea: PUSH1 0x04
000002ec: CALLDATALOAD
000002ed: PUSH1 0x05
000002ef: PUSH1 0x20
000002f1: MSTORE
000002f2: PUSH1 0x00
000002f4: SWAP1
000002f5: DUP2
000002f6: MSTORE
000002f7: PUSH1 0x40
000002f9: SWAP1
000002fa: KECCAK256
000002fb: SLOAD
000002fc: DUP2
000002fd: JUMP
000002fe: JUMPDEST
000002ff: PUSH2 0x0632
00000302: PUSH1 0x04
00000304: SLOAD
00000305: PUSH1 0x01
00000307: PUSH1 0xa0
00000309: PUSH1 0x02
0000030b: EXP
0000030c: SUB
0000030d: AND
0000030e: DUP2
0000030f: JUMP
00000310: JUMPDEST
00000311: PUSH2 0x05c4
00000314: PUSH1 0x01
00000316: DUP1
00000317: SLOAD
00000318: PUSH1 0x20
0000031a: PUSH1 0x02
0000031c: DUP3
0000031d: DUP5
0000031e: AND
0000031f: ISZERO
00000320: PUSH2 0x0100
00000323: MUL
00000324: PUSH1 0x00
00000326: NOT
00000327: ADD
00000328: SWAP1
00000329: SWAP3
0000032a: AND
0000032b: SWAP2
0000032c: SWAP1
0000032d: SWAP2
0000032e: DIV
0000032f: PUSH1 0x1f
00000331: DUP2
00000332: ADD
00000333: DUP3
00000334: SWAP1
00000335: DIV
00000336: SWAP1
00000337: SWAP2
00000338: MUL
00000339: PUSH1 0x80
0000033b: SWAP1
0000033c: DUP2
0000033d: ADD
0000033e: PUSH1 0x40
00000340: MSTORE
00000341: PUSH1 0x60
00000343: DUP3
00000344: DUP2
00000345: MSTORE
00000346: SWAP3
00000347: SWAP2
00000348: SWAP1
00000349: DUP3
0000034a: DUP3
0000034b: DUP1
0000034c: ISZERO
0000034d: PUSH2 0x0667
00000350: JUMPI
00000351: DUP1
00000352: PUSH1 0x1f
00000354: LT
00000355: PUSH2 0x063c
00000358: JUMPI
00000359: PUSH2 0x0100
0000035c: DUP1
0000035d: DUP4
0000035e: SLOAD
0000035f: DIV
00000360: MUL
00000361: DUP4
00000362: MSTORE
00000363: SWAP2
00000364: PUSH1 0x20
00000366: ADD
00000367: SWAP2
00000368: PUSH2 0x0667
0000036b: JUMP
0000036c: JUMPDEST
0000036d: PUSH2 0x0187
00000370: PUSH1 0x04
00000372: CALLDATALOAD
00000373: PUSH1 0x24
00000375: CALLDATALOAD
00000376: PUSH1 0x01
00000378: PUSH1 0xa0
0000037a: PUSH1 0x02
0000037c: EXP
0000037d: SUB
0000037e: CALLER
0000037f: AND
00000380: PUSH1 0x00
00000382: SWAP1
00000383: DUP2
00000384: MSTORE
00000385: PUSH1 0x05
00000387: PUSH1 0x20
00000389: MSTORE
0000038a: PUSH1 0x40
0000038c: DUP2
0000038d: KECCAK256
0000038e: SLOAD
0000038f: DUP3
00000390: SWAP1
00000391: LT
00000392: DUP1
00000393: ISZERO
00000394: SWAP1
00000395: PUSH2 0x039e
00000398: JUMPI
00000399: POP
0000039a: PUSH1 0x00
0000039c: DUP3
0000039d: GT
0000039e: JUMPDEST
0000039f: ISZERO
000003a0: PUSH2 0x066f
000003a3: JUMPI
000003a4: PUSH1 0x40
000003a6: DUP1
000003a7: DUP3
000003a8: KECCAK256
000003a9: DUP1
000003aa: SLOAD
000003ab: DUP5
000003ac: SWAP1
000003ad: SUB
000003ae: SWAP1
000003af: SSTORE
000003b0: PUSH1 0x01
000003b2: PUSH1 0xa0
000003b4: PUSH1 0x02
000003b6: EXP
000003b7: SUB
000003b8: DUP1
000003b9: DUP6
000003ba: AND
000003bb: DUP1
000003bc: DUP5
000003bd: MSTORE
000003be: SWAP2
000003bf: DUP4
000003c0: KECCAK256
000003c1: DUP1
000003c2: SLOAD
000003c3: DUP6
000003c4: ADD
000003c5: SWAP1
000003c6: SSTORE
000003c7: PUSH1 0x60
000003c9: DUP5
000003ca: DUP2
000003cb: MSTORE
000003cc: CALLER
000003cd: SWAP2
000003ce: SWAP1
000003cf: SWAP2
000003d0: AND
000003d1: SWAP1
000003d2: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
000003f3: SWAP1
000003f4: PUSH1 0x20
000003f6: SWAP1
000003f7: LOG3
000003f8: POP
000003f9: PUSH1 0x01
000003fb: PUSH2 0x0161
000003fe: JUMP
000003ff: JUMPDEST
00000400: PUSH1 0x80
00000402: PUSH1 0x20
00000404: PUSH1 0x44
00000406: CALLDATALOAD
00000407: PUSH1 0x04
00000409: DUP2
0000040a: DUP2
0000040b: ADD
0000040c: CALLDATALOAD
0000040d: PUSH1 0x1f
0000040f: DUP2
00000410: ADD
00000411: DUP5
00000412: SWAP1
00000413: DIV
00000414: SWAP1
00000415: SWAP4
00000416: MUL
00000417: DUP5
00000418: ADD
00000419: PUSH1 0x40
0000041b: MSTORE
0000041c: PUSH1 0x60
0000041e: DUP4
0000041f: DUP2
00000420: MSTORE
00000421: PUSH2 0x0187
00000424: SWAP5
00000425: DUP3
00000426: CALLDATALOAD
00000427: SWAP5
00000428: PUSH1 0x24
0000042a: DUP1
0000042b: CALLDATALOAD
0000042c: SWAP6
0000042d: PUSH1 0x64
0000042f: SWAP5
00000430: SWAP4
00000431: SWAP2
00000432: ADD
00000433: SWAP2
00000434: SWAP1
00000435: DUP2
00000436: SWAP1
00000437: DUP4
00000438: DUP3
00000439: DUP1
0000043a: DUP3
0000043b: DUP5
0000043c: CALLDATACOPY
0000043d: POP
0000043e: SWAP5
0000043f: SWAP7
00000440: POP
00000441: POP
00000442: POP
00000443: POP
00000444: POP
00000445: POP
00000446: POP
00000447: PUSH1 0x00
00000449: PUSH1 0x00
0000044b: DUP4
0000044c: PUSH1 0x06
0000044e: PUSH1 0x00
00000450: POP
00000451: PUSH1 0x00
00000453: CALLER
00000454: PUSH1 0x01
00000456: PUSH1 0xa0
00000458: PUSH1 0x02
0000045a: EXP
0000045b: SUB
0000045c: AND
0000045d: DUP2
0000045e: MSTORE
0000045f: PUSH1 0x20
00000461: ADD
00000462: SWAP1
00000463: DUP2
00000464: MSTORE
00000465: PUSH1 0x20
00000467: ADD
00000468: PUSH1 0x00
0000046a: KECCAK256
0000046b: PUSH1 0x00
0000046d: POP
0000046e: PUSH1 0x00
00000470: DUP8
00000471: PUSH1 0x01
00000473: PUSH1 0xa0
00000475: PUSH1 0x02
00000477: EXP
00000478: SUB
00000479: AND
0000047a: DUP2
0000047b: MSTORE
0000047c: PUSH1 0x20
0000047e: ADD
0000047f: SWAP1
00000480: DUP2
00000481: MSTORE
00000482: PUSH1 0x20
00000484: ADD
00000485: PUSH1 0x00
00000487: KECCAK256
00000488: PUSH1 0x00
0000048a: POP
0000048b: DUP2
0000048c: SWAP1
0000048d: SSTORE
0000048e: POP
0000048f: DUP5
00000490: SWAP1
00000491: POP
00000492: DUP1
00000493: PUSH1 0x01
00000495: PUSH1 0xa0
00000497: PUSH1 0x02
00000499: EXP
0000049a: SUB
0000049b: AND
0000049c: PUSH4 0x8f4ffcb1
000004a1: CALLER
000004a2: DUP7
000004a3: ADDRESS
000004a4: DUP8
000004a5: PUSH1 0x40
000004a7: MLOAD
000004a8: DUP6
000004a9: PUSH1 0xe0
000004ab: PUSH1 0x02
000004ad: EXP
000004ae: MUL
000004af: DUP2
000004b0: MSTORE
000004b1: PUSH1 0x04
000004b3: ADD
000004b4: DUP1
000004b5: DUP6
000004b6: PUSH1 0x01
000004b8: PUSH1 0xa0
000004ba: PUSH1 0x02
000004bc: EXP
000004bd: SUB
000004be: AND
000004bf: DUP2
000004c0: MSTORE
000004c1: PUSH1 0x20
000004c3: ADD
000004c4: DUP5
000004c5: DUP2
000004c6: MSTORE
000004c7: PUSH1 0x20
000004c9: ADD
000004ca: DUP4
000004cb: PUSH1 0x01
000004cd: PUSH1 0xa0
000004cf: PUSH1 0x02
000004d1: EXP
000004d2: SUB
000004d3: AND
000004d4: DUP2
000004d5: MSTORE
000004d6: PUSH1 0x20
000004d8: ADD
000004d9: DUP1
000004da: PUSH1 0x20
000004dc: ADD
000004dd: DUP3
000004de: DUP2
000004df: SUB
000004e0: DUP3
000004e1: MSTORE
000004e2: DUP4
000004e3: DUP2
000004e4: DUP2
000004e5: MLOAD
000004e6: DUP2
000004e7: MSTORE
000004e8: PUSH1 0x20
000004ea: ADD
000004eb: SWAP2
000004ec: POP
000004ed: DUP1
000004ee: MLOAD
000004ef: SWAP1
000004f0: PUSH1 0x20
000004f2: ADD
000004f3: SWAP1
000004f4: DUP1
000004f5: DUP4
000004f6: DUP4
000004f7: DUP3
000004f8: SWAP1
000004f9: PUSH1 0x00
000004fb: PUSH1 0x04
000004fd: PUSH1 0x20
000004ff: DUP5
00000500: PUSH1 0x1f
00000502: ADD
00000503: DIV
00000504: PUSH1 0x0f
00000506: MUL
00000507: PUSH1 0x03
00000509: ADD
0000050a: CALL
0000050b: POP
0000050c: SWAP1
0000050d: POP
0000050e: SWAP1
0000050f: DUP2
00000510: ADD
00000511: SWAP1
00000512: PUSH1 0x1f
00000514: AND
00000515: DUP1
00000516: ISZERO
00000517: PUSH2 0x0534
0000051a: JUMPI
0000051b: DUP1
0000051c: DUP3
0000051d: SUB
0000051e: DUP1
0000051f: MLOAD
00000520: PUSH1 0x01
00000522: DUP4
00000523: PUSH1 0x20
00000525: SUB
00000526: PUSH2 0x0100
00000529: EXP
0000052a: SUB
0000052b: NOT
0000052c: AND
0000052d: DUP2
0000052e: MSTORE
0000052f: PUSH1 0x20
00000531: ADD
00000532: SWAP2
00000533: POP
00000534: JUMPDEST
00000535: POP
00000536: SWAP6
00000537: POP
00000538: POP
00000539: POP
0000053a: POP
0000053b: POP
0000053c: POP
0000053d: PUSH1 0x00
0000053f: PUSH1 0x40
00000541: MLOAD
00000542: DUP1
00000543: DUP4
00000544: SUB
00000545: DUP2
00000546: PUSH1 0x00
00000548: DUP8
00000549: PUSH2 0x61da
0000054c: GAS
0000054d: SUB
0000054e: CALL
0000054f: ISZERO
00000550: PUSH2 0x0002
00000553: JUMPI
00000554: POP
00000555: POP
00000556: PUSH1 0x40
00000558: DUP1
00000559: MLOAD
0000055a: DUP7
0000055b: DUP2
0000055c: MSTORE
0000055d: SWAP1
0000055e: MLOAD
0000055f: PUSH1 0x01
00000561: PUSH1 0xa0
00000563: PUSH1 0x02
00000565: EXP
00000566: SUB
00000567: CALLER
00000568: AND
00000569: SWAP2
0000056a: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
0000058b: SWAP2
0000058c: SWAP1
0000058d: DUP2
0000058e: SWAP1
0000058f: SUB
00000590: PUSH1 0x20
00000592: ADD
00000593: SWAP1
00000594: LOG3
00000595: POP
00000596: PUSH1 0x01
00000598: SWAP5
00000599: SWAP4
0000059a: POP
0000059b: POP
0000059c: POP
0000059d: POP
0000059e: JUMP
0000059f: JUMPDEST
000005a0: PUSH1 0x06
000005a2: PUSH1 0x20
000005a4: SWAP1
000005a5: DUP2
000005a6: MSTORE
000005a7: PUSH1 0x04
000005a9: CALLDATALOAD
000005aa: PUSH1 0x00
000005ac: SWAP1
000005ad: DUP2
000005ae: MSTORE
000005af: PUSH1 0x40
000005b1: DUP1
000005b2: DUP3
000005b3: KECCAK256
000005b4: SWAP1
000005b5: SWAP3
000005b6: MSTORE
000005b7: PUSH1 0x24
000005b9: CALLDATALOAD
000005ba: DUP2
000005bb: MSTORE
000005bc: KECCAK256
000005bd: SLOAD
000005be: PUSH2 0x0187
000005c1: SWAP1
000005c2: DUP2
000005c3: JUMP
000005c4: JUMPDEST
000005c5: PUSH1 0x40
000005c7: MLOAD
000005c8: DUP1
000005c9: DUP1
000005ca: PUSH1 0x20
000005cc: ADD
000005cd: DUP3
000005ce: DUP2
000005cf: SUB
000005d0: DUP3
000005d1: MSTORE
000005d2: DUP4
000005d3: DUP2
000005d4: DUP2
000005d5: MLOAD
000005d6: DUP2
000005d7: MSTORE
000005d8: PUSH1 0x20
000005da: ADD
000005db: SWAP2
000005dc: POP
000005dd: DUP1
000005de: MLOAD
000005df: SWAP1
000005e0: PUSH1 0x20
000005e2: ADD
000005e3: SWAP1
000005e4: DUP1
000005e5: DUP4
000005e6: DUP4
000005e7: DUP3
000005e8: SWAP1
000005e9: PUSH1 0x00
000005eb: PUSH1 0x04
000005ed: PUSH1 0x20
000005ef: DUP5
000005f0: PUSH1 0x1f
000005f2: ADD
000005f3: DIV
000005f4: PUSH1 0x0f
000005f6: MUL
000005f7: PUSH1 0x03
000005f9: ADD
000005fa: CALL
000005fb: POP
000005fc: SWAP1
000005fd: POP
000005fe: SWAP1
000005ff: DUP2
00000600: ADD
00000601: SWAP1
00000602: PUSH1 0x1f
00000604: AND
00000605: DUP1
00000606: ISZERO
00000607: PUSH2 0x0624
0000060a: JUMPI
0000060b: DUP1
0000060c: DUP3
0000060d: SUB
0000060e: DUP1
0000060f: MLOAD
00000610: PUSH1 0x01
00000612: DUP4
00000613: PUSH1 0x20
00000615: SUB
00000616: PUSH2 0x0100
00000619: EXP
0000061a: SUB
0000061b: NOT
0000061c: AND
0000061d: DUP2
0000061e: MSTORE
0000061f: PUSH1 0x20
00000621: ADD
00000622: SWAP2
00000623: POP
00000624: JUMPDEST
00000625: POP
00000626: SWAP3
00000627: POP
00000628: POP
00000629: POP
0000062a: PUSH1 0x40
0000062c: MLOAD
0000062d: DUP1
0000062e: SWAP2
0000062f: SUB
00000630: SWAP1
00000631: RETURN
00000632: JUMPDEST
00000633: PUSH1 0x60
00000635: SWAP1
00000636: DUP2
00000637: MSTORE
00000638: PUSH1 0x20
0000063a: SWAP1
0000063b: RETURN
0000063c: JUMPDEST
0000063d: DUP3
0000063e: ADD
0000063f: SWAP2
00000640: SWAP1
00000641: PUSH1 0x00
00000643: MSTORE
00000644: PUSH1 0x20
00000646: PUSH1 0x00
00000648: KECCAK256
00000649: SWAP1
0000064a: JUMPDEST
0000064b: DUP2
0000064c: SLOAD
0000064d: DUP2
0000064e: MSTORE
0000064f: SWAP1
00000650: PUSH1 0x01
00000652: ADD
00000653: SWAP1
00000654: PUSH1 0x20
00000656: ADD
00000657: DUP1
00000658: DUP4
00000659: GT
0000065a: PUSH2 0x064a
0000065d: JUMPI
0000065e: DUP3
0000065f: SWAP1
00000660: SUB
00000661: PUSH1 0x1f
00000663: AND
00000664: DUP3
00000665: ADD
00000666: SWAP2
00000667: JUMPDEST
00000668: POP
00000669: POP
0000066a: POP
0000066b: POP
0000066c: POP
0000066d: DUP2
0000066e: JUMP
0000066f: JUMPDEST
00000670: PUSH2 0x0161
00000673: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x753730ac2f288d9af7aec4484bcb07958598feaf80d5984f190c0b2e595d18fc
call_targets: 0x0000000000000000000000000000000000000004, 0x38f9a4fb39e27d6b9a7babb098703596bb16716a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x753730ac2f288d9af7aec4484bcb07958598feaf80d5984f190c0b2e595d18fc",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0x38f9a4fb39e27d6b9a7babb098703596bb16716a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x095ea7b3",
            "selector": "0x095ea7b3",
            "calldata_variants": [
                "0x095ea7b3",
                "0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x18160ddd",
            "selector": "0x18160ddd",
            "calldata_variants": [
                "0x18160ddd",
                "0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x23b872dd",
            "selector": "0x23b872dd",
            "calldata_variants": [
                "0x23b872dd",
                "0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x378dc3dc",
            "selector": "0x378dc3dc",
            "calldata_variants": [
                "0x378dc3dc",
                "0x378dc3dc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70d5ae05",
            "selector": "0x70d5ae05",
            "calldata_variants": [
                "0x70d5ae05",
                "0x70d5ae050000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1290,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1530,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x753730ac2f288d9af7aec4484bcb07958598feaf80d5984f190c0b2e595d18fc
call_targets: 0x0000000000000000000000000000000000000004, 0x38f9a4fb39e27d6b9a7babb098703596bb16716a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x753730ac2f288d9af7aec4484bcb07958598feaf80d5984f190c0b2e595d18fc",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0x38f9a4fb39e27d6b9a7babb098703596bb16716a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x095ea7b3",
            "selector": "0x095ea7b3",
            "calldata_variants": [
                "0x095ea7b3",
                "0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x18160ddd",
            "selector": "0x18160ddd",
            "calldata_variants": [
                "0x18160ddd",
                "0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x23b872dd",
            "selector": "0x23b872dd",
            "calldata_variants": [
                "0x23b872dd",
                "0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x378dc3dc",
            "selector": "0x378dc3dc",
            "calldata_variants": [
                "0x378dc3dc",
                "0x378dc3dc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70d5ae05",
            "selector": "0x70d5ae05",
            "calldata_variants": [
                "0x70d5ae05",
                "0x70d5ae050000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1290,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1530,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}