019b3836-4abd-7241-87ee-1dadda0bffa2
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 6813 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 6814 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 49420 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 49421 | capability.graph | complete | 1 / 3 | 1 week ago |
| 49422 | detector.run | complete | 1 / 3 | 1 week ago |
| 49423 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113314 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode analysis suggests an owner/authority-style access-control helper gates four state-changing selectors. The main meaningful issue is in the external authority path: it trusts CALL success but does not validate return data, so authorization can be bypassed if the configured authority is a non-contract or a contract that returns no boolean. No delegatecall/proxy behavior was evidenced in the supplied bundle.","findings":[{"severity":"medium","category":"auth","title":"External authority check can fail open on empty returndata","exploit_scenario":"This appears to use a two-mode auth helper: one mode compares `msg.sender` to a stored address, and another mode calls a stored external authority. If the low byte of slot 0 selects the external-authority mode and slot 1 points to an EOA, zero-code address, or a contract that returns success with empty returndata, an attacker can call protected selectors such as `0x0861cda7`, `0x7e1db2a1`, `0x9d118770`, or `0xa3c09644`. The CALL succeeds, no returndata length is checked, and the helper reads stale nonzero memory as the auth result, so the protected function proceeds.","recommendation":"Treat the external authority as valid only if `RETURNDATASIZE >= 32` and the decoded word is exactly a nonzero boolean. Reject zero-code / EOA authority addresses when the external-authority mode is enabled, or perform an `EXTCODESIZE`/codehash check before trusting the result.","evidence":"At `pc:0x03e8` the helper branches on the low byte of storage slot 0. In the external-authority branch, it builds calldata with selector `0xb7009613` and performs `CALL` at `pc:0x0555` to the address loaded from slot 1. After only checking CALL success, it immediately reads memory with `MLOAD` at `pc:0x0562` without any explicit returndata-size validation. That memory region previously held the outbound calldata (starting at the free-memory pointer), so empty returndata leaves a nonzero word in place. The protected entrypoints all consume this helper result and continue on nonzero. Selector names are inferred from bytecode only, so the exact ABI is uncertain.","locations":["pc:0x03e8","pc:0x0555","pc:0x0562","selector:0x0861cda7","selector:0x7e1db2a1","selector:0x9d118770","selector:0xa3c09644"]}]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-crfh82d3
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c8a-d0fa-7a11-9754-cb2905a70afd
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc pwd in /tmp/codex-crfh82d3
succeeded in 0ms:
/tmp/codex-crfh82d3
exec
/bin/bash -lc 'rg --files' in /tmp/codex-crfh82d3
succeeded in 0ms:
codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,220p' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x409f95f4600ffa420d7693f87a4d73e97fc580a6",
"artifact_hash": "0xa3e23977d7652a16833fa81deba391e65eb1655966d9485772c7798871d09243",
"artifact_json": {
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0x748a29201feae50f896e5ed338803f4ae62f135945847ae74839d20e6ccb9aac",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 56,
"hash": "0xb92403e8e69aa3d56fb89b48071cc6271730cb9ee74ac14fc2f3db3fdfb359fe",
"opcodes": [
"PUSH1",
"CALLDATALOAD",
"PUSH29",
"OP_90",
"DIV",
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 11
},
{
"end_pc": 67,
"hash": "0x69b99438c42f7e34b22d8ca74d718096fd5488e958302c63cfdf14c857d48548",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 57
},
{
"end_pc": 78,
"hash": "0xb10eb8b47f25ae9299dd4ec0d16abf6ddeab9fe3273505d240992a8d184f87e6",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 68
},
{
"end_pc": 89,
"hash": "0x7f43bd0992916c9091ee7947b876ee4f289a91ac96a8e313724d7e985627f3b9",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 79
},
{
"end_pc": 100,
"hash": "0xd2fd973b6d237c7f9322c47353776cfda10ed2236176e1444a45471f0866f38a",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 90
},
{
"end_pc": 111,
"hash": "0x694d2387582df6df25838f67e1de4a10d0d41e33efc261b02faf61df7737e238",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 101
},
{
"end_pc": 115,
"hash": "0xa0d7e3d8edbcc96769ddda5f3e83f56f431c21e6f644765ade7e626fb2866a2f",
"opcodes": [
"PUSH2",
"JUMP"
],
"start_pc": 112
},
{
"end_pc": 117,
"hash": "0x2e7f919c95ba817a9a71d2217ddb000fea5a745085e544b4fafabc3a3c719613",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 116
},
{
"end_pc": 139,
"hash": "0x17ce4f24ffbaee0327e40fad76cd7b8e5cb02a18feee27a8f5274d7d04104e96",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"OP_80",
"CALLDATALOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_91",
"OP_90",
"POP",
"POP",
"PUSH2",
"JUMP"
],
"start_pc": 118
},
{
"end_pc": 141,
"hash": "0xaf694ff7f44c22fdafe41f776d4c2e4d64796c3355379ef383f6d109a77410c7",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 140
},
{
"end_pc": 172,
"hash": "0x15839e1cbde46fbf570ac2a871a57e4a724be4e7f34cd5a4e14f17a35631f6a3",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"OP_80",
"CALLDATALOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_91",
"OP_90",
"OP_80",
"CALLDATALOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_91",
"OP_90",
"POP",
"POP",
"PUSH2",
"JUMP"
],
"start_pc": 142
},
{
"end_pc": 174,
"hash": "0x7fae6847b59b6cdc566a36c0a526af982cafe480570e82f6d969f57209dd4276",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 173
},
{
"end_pc": 196,
"hash": "0x0ded3b95cab979d9ae04cb9a5998425e09ae8ab0d4d6b2128b6736473220a23a",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_80",
"OP_80",
"CALLDATALOAD",
"OP_90",
"PUSH1",
"ADD",
"OP_90",
"OP_91",
"OP_90",
"POP",
"POP",
"PUSH2",
"JUMP"
],
"start_pc": 175
},
{
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-crfh82d3
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "jq 'keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"analysis_artifact",
"analysis_run",
"artifact",
"capability_graph",
"detector_findings",
"heuristics_summary"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"auth",
"basic_blocks",
"callsites",
"cfg_edges",
"cfg_hash",
"dispatcher_type",
"function_entries",
"functions",
"selectors",
"sinks",
"storage",
"version"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.detectors' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
null
exec
/bin/bash -lc "jq '.detector_findings' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
{
"confidence": 45,
"evidence_json": {
"call_count": 3,
"examples": [
{
"opcode": "CALL",
"pc": 559,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 755,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1365,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 3
},
"normalized_json": {
"sink": "CALL"
},
"severity": "medium",
"title": "Untrusted CALL target/value reachable",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x409f95f4600ffa420d7693f87a4d73e97fc580a6",
"0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7",
"trace_mode": "callTracer"
}
},
{
"confidence": 40,
"evidence_json": {
"eth_value_calls": 3,
"examples": [
{
"opcode": "CALL",
"pc": 559,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 755,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1365,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "medium",
"title": "ETH value transfer possible",
"validated": true,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x409f95f4600ffa420d7693f87a4d73e97fc580a6",
"0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd"
],
"classification": "target_varies",
"confirmed": true,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "confirmed",
"target_varies": true,
"trace_id": "0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7",
"trace_mode": "callTracer"
}
}
]
exec
/bin/bash -lc "jq '.heuristics_summary' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.selectors' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"0x0861cda7",
"0x7e1db2a1",
"0x9d118770",
"0xa3c09644",
"0xc2205ee1",
"0xd551f601"
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.function_entries' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
{
"entry_pc": 2115875489,
"selector": "0x0861cda7"
},
{
"entry_pc": 2635171696,
"selector": "0x7e1db2a1"
},
{
"entry_pc": 2747307588,
"selector": "0x9d118770"
},
{
"entry_pc": 3256901345,
"selector": "0xa3c09644"
},
{
"entry_pc": 3578918401,
"selector": "0xc2205ee1"
},
{
"entry_pc": null,
"selector": "0xd551f601"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.functions' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": 2115875489,
"selector": "0x0861cda7",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
},
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": 2635171696,
"selector": "0x7e1db2a1",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
},
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": 2747307588,
"selector": "0x9d118770",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
},
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": 3256901345,
"selector": "0xa3c09644",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
},
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": 3578918401,
"selector": "0xc2205ee1",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
},
{
"auth": {
"guards": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": null,
"selector": "0xd551f601",
"sinks": {
"call": 3,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.callsites' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
{
"opcode": "CALL",
"pc": 559,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 755,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
},
{
"opcode": "CALL",
"pc": 1365,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
]
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.storage' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"keccak_count": 0,
"reads": 11,
"slots": [
{
"op": "SLOAD",
"pc": 404,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 600,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 783,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 802,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1010,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1032,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 1122,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1144,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
}
],
"writes": 3
}
exec
/bin/bash -lc "jq '.analysis_artifact.artifact_json.sinks' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"call": 3,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
}
exec
/bin/bash -lc "jq '.artifact | keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"codehash",
"compiler_json",
"implementation_address",
"is_proxy",
"runtime_bytecode",
"verified_source"
]
exec
/bin/bash -lc "jq '.analysis_run | keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"address",
"block_number",
"chain_id",
"child_links",
"created_at",
"id",
"parent_links",
"status",
"updated_at"
]
exec
/bin/bash -lc "jq '.capability_graph | keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"address",
"block_number",
"chain_id",
"codehash",
"created_at",
"graph_hash",
"graph_json",
"id",
"updated_at",
"version"
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json | keys' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
[
"edges",
"nodes",
"version"
]
exec
/bin/bash -lc "jq '.capability_graph.graph_json' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"edges": [
{
"from": "bb:0",
"to": "bb:116",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:11",
"type": "control_flow_fallthrough"
},
{
"from": "bb:11",
"to": "bb:118",
"type": "control_flow"
},
{
"from": "bb:11",
"to": "bb:57",
"type": "control_flow_fallthrough"
},
{
"from": "bb:57",
"to": "bb:142",
"type": "control_flow"
},
{
"from": "bb:57",
"to": "bb:68",
"type": "control_flow_fallthrough"
},
{
"from": "bb:68",
"to": "bb:175",
"type": "control_flow"
},
{
"from": "bb:68",
"to": "bb:79",
"type": "control_flow_fallthrough"
},
{
"from": "bb:79",
"to": "bb:199",
"type": "control_flow"
},
{
"from": "bb:79",
"to": "bb:90",
"type": "control_flow_fallthrough"
},
{
"from": "bb:90",
"to": "bb:223",
"type": "control_flow"
},
{
"from": "bb:90",
"to": "bb:101",
"type": "control_flow_fallthrough"
},
{
"from": "bb:101",
"to": "bb:280",
"type": "control_flow"
},
{
"from": "bb:101",
"to": "bb:112",
"type": "control_flow_fallthrough"
},
{
"from": "bb:112",
"to": "bb:116",
"type": "control_flow"
},
{
"from": "bb:118",
"to": "bb:385",
"type": "control_flow"
},
{
"from": "bb:142",
"to": "bb:834",
"type": "control_flow"
},
{
"from": "bb:175",
"to": "bb:581",
"type": "control_flow"
},
{
"from": "bb:199",
"to": "bb:315",
"type": "control_flow"
},
{
"from": "bb:223",
"to": "bb:796",
"type": "control_flow"
},
{
"from": "bb:280",
"to": "bb:777",
"type": "control_flow"
},
{
"from": "bb:315",
"to": "bb:1000",
"type": "control_flow"
},
{
"from": "bb:323",
"to": "bb:376",
"type": "control_flow"
},
{
"from": "bb:323",
"to": "bb:329",
"type": "control_flow_fallthrough"
},
{
"from": "bb:329",
"to": "bb:381",
"type": "control_flow"
},
{
"from": "bb:381",
"to": "bb:382",
"type": "control_flow_fallthrough"
},
{
"from": "bb:385",
"to": "bb:1000",
"type": "control_flow"
},
{
"from": "bb:393",
"to": "bb:572",
"type": "control_flow"
},
{
"from": "bb:393",
"to": "bb:399",
"type": "control_flow_fallthrough"
},
{
"from": "bb:399",
"to": "bb:565",
"type": "control_flow_fallthrough"
},
{
"from": "bb:565",
"to": "bb:577",
"type": "control_flow"
},
{
"from": "bb:577",
"to": "bb:578",
"type": "control_flow_fallthrough"
},
{
"from": "bb:581",
"to": "bb:1000",
"type": "control_flow"
},
{
"from": "bb:589",
"to": "bb:768",
"type": "control_flow"
},
{
"from": "bb:589",
"to": "bb:595",
"type": "control_flow_fallthrough"
},
{
"from": "bb:595",
"to": "bb:761",
"type": "control_flow_fallthrough"
},
{
"from": "bb:761",
"to": "bb:773",
"type": "control_flow"
},
{
"from": "bb:773",
"to": "bb:774",
"type": "control_flow_fallthrough"
},
{
"from": "bb:834",
"to": "bb:1000",
"type": "control_flow"
},
{
"from": "bb:842",
"to": "bb:990",
"type": "control_flow"
},
{
"from": "bb:842",
"to": "bb:848",
"type": "control_flow_fallthrough"
},
{
"from": "bb:848",
"to": "bb:995",
"type": "control_flow"
},
{
"from": "bb:995",
"to": "bb:996",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1000",
"to": "bb:1114",
"type": "control_flow"
},
{
"from": "bb:1000",
"to": "bb:1027",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1027",
"to": "bb:1395",
"type": "control_flow"
},
{
"from": "bb:1114",
"to": "bb:1390",
"type": "control_flow"
},
{
"from": "bb:1114",
"to": "bb:1139",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1139",
"to": "bb:1371",
"type": "control_flow_fallthrough"
},
{
"from": "bb:1371",
"to": "bb:1395",
"type": "control_flow"
},
{
"from": "fn:0x0861cda7",
"to": "bb:2115875489",
"type": "entry"
},
{
"from": "fn:0x7e1db2a1",
"to": "bb:2635171696",
"type": "entry"
},
{
"from": "fn:0x9d118770",
"to": "bb:2747307588",
"type": "entry"
},
{
"from": "fn:0xa3c09644",
"to": "bb:3256901345",
"type": "entry"
},
{
"from": "fn:0xc2205ee1",
"to": "bb:3578918401",
"type": "entry"
},
{
"from": "bb:399",
"to": "call:559",
"type": "contains"
},
{
"from": "call:559",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:595",
"to": "call:755",
"type": "contains"
},
{
"from": "call:755",
"to": "sink:call",
"type": "capability"
},
{
"from": "bb:1139",
"to": "call:1365",
"type": "contains"
},
{
"from": "call:1365",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 10,
"hash": "0x748a29201feae50f896e5ed338803f4ae62f135945847ae74839d20e6ccb9aac",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 56,
"hash": "0xb92403e8e69aa3d56fb89b48071cc6271730cb9ee74ac14fc2f3db3fdfb359fe",
"id": "bb:11",
"start_pc": 11,
"type": "basic_block"
},
{
"end_pc": 67,
"hash": "0x69b99438c42f7e34b22d8ca74d718096fd5488e958302c63cfdf14c857d48548",
"id": "bb:57",
"start_pc": 57,
"type": "basic_block"
},
{
"end_pc": 78,
"hash": "0xb10eb8b47f25ae9299dd4ec0d16abf6ddeab9fe3273505d240992a8d184f87e6",
"id": "bb:68",
"start_pc": 68,
"type": "basic_block"
},
{
"end_pc": 89,
"hash": "0x7f43bd0992916c9091ee7947b876ee4f289a91ac96a8e313724d7e985627f3b9",
"id": "bb:79",
"start_pc": 79,
"type": "basic_block"
},
{
"end_pc": 100,
"hash": "0xd2fd973b6d237c7f9322c47353776cfda10ed2236176e1444a45471f0866f38a",
"id": "bb:90",
"start_pc": 90,
"type": "basic_block"
},
{
"end_pc": 111,
"hash": "0x694d2387582df6df25838f67e1de4a10d0d41e33efc261b02faf61df7737e238",
"id": "bb:101",
"start_pc": 101,
"type": "basic_block"
},
{
"end_pc": 115,
"hash": "0xa0d7e3d8edbcc96769ddda5f3e83f56f431c21e6f644765ade7e626fb2866a2f",
"id": "bb:112",
"start_pc": 112,
"type": "basic_block"
},
{
"end_pc": 117,
"hash": "0x2e7f919c95ba817a9a71d2217ddb000fea5a745085e544b4fafabc3a3c719613",
"id": "bb:116",
"start_pc": 116,
"type": "basic_block"
},
{
"end_pc": 139,
"hash": "0x17ce4f24ffbaee0327e40fad76cd7b8e5cb02a18feee27a8f5274d7d04104e96",
"id": "bb:118",
"start_pc": 118,
"type": "basic_block"
},
{
"end_pc": 141,
"hash": "0xaf694ff7f44c22fdafe41f776d4c2e4d64796c3355379ef383f6d109a77410c7",
"id": "bb:140",
"start_pc": 140,
"type": "basic_block"
},
{
"end_pc": 172,
"hash": "0x15839e1cbde46fbf570ac2a871a57e4a724be4e7f34cd5a4e14f17a35631f6a3",
"id": "bb:142",
"start_pc": 142,
"type": "basic_block"
},
{
"end_pc": 174,
"hash": "0x7fae6847b59b6cdc566a36c0a526af982cafe480570e82f6d969f57209dd4276",
"id": "bb:173",
"start_pc": 173,
"type": "basic_block"
},
{
"end_pc": 196,
"hash": "0x0ded3b95cab979d9ae04cb9a5998425e09ae8ab0d4d6b2128b6736473220a23a",
"id": "bb:175",
"start_pc": 175,
"type": "basic_block"
},
{
"end_pc": 198,
"hash": "0xcadeac561e9d786bdb0ec72462a29f8005e17a4fba722823bc1460cdfa926b1f",
"id": "bb:197",
"start_pc": 197,
"type": "basic_block"
},
{
"end_pc": 220,
"hash": "0xf0dfd61e27d98e5d771341820c71c6911a889cfd7dbde5bd6b54dba846628e6c",
"id": "bb:199",
"start_pc": 199,
"type": "basic_block"
},
{
"end_pc": 222,
"hash": "0xdaf1c7d72252242e5bb084b1e18e9156f223ab87d002b4f0a3672a03637eaf8f",
"id": "bb:221",
"start_pc": 221,
"type": "basic_block"
},
{
"end_pc": 235,
"hash": "0xb885adb8dd2ad24aa56c0a93a0622ad82ec25665bd1f9e23268f33101cf2ba68",
"id": "bb:223",
"start_pc": 223,
"type": "basic_block"
},
{
"end_pc": 279,
"hash": "0x1cd5ce69e6afdaa83f01b40f29302cb589bd49372f62142b25b974ab8f03c19c",
"id": "bb:236",
"start_pc": 236,
"type": "basic_block"
},
{
"end_pc": 292,
"hash": "0x12e536220e0654d417aaafcf386b9daad82448e767bf22784eb2f50a091dd65c",
"id": "bb:280",
"start_pc": 280,
"type": "basic_block"
},
{
"end_pc": 314,
"hash": "0x52fb069e27ea4776e8712db1ef95d678cd871f0818dd77f375972e46d7611118",
"id": "bb:293",
"start_pc": 293,
"type": "basic_block"
},
{
"end_pc": 322,
"hash": "0xf9b3c28dcbbcd21d71227db16ac9e187821897caf03c36a8a18432c728ef6a0d",
"id": "bb:315",
"start_pc": 315,
"type": "basic_block"
},
{
"end_pc": 328,
"hash": "0x62c9caa19d864ce8510b753dcb99cf686de21782391c2b6506a3d97c75de4337",
"id": "bb:323",
"start_pc": 323,
"type": "basic_block"
},
{
"end_pc": 375,
"hash": "0x95f66117507185b4633362f0076eada976ddc5539ff0a1198bff235b48181d64",
"id": "bb:329",
"start_pc": 329,
"type": "basic_block"
},
{
"end_pc": 380,
"hash": "0xe3e5052c89875bf038803c166f4d76e07ab199fca178ba647227f463c932df79",
"id": "bb:376",
"start_pc": 376,
"type": "basic_block"
},
{
"end_pc": 381,
"hash": "0x5a9938880210d0e48dac2c035e6b3c154a8a9c4ace868fd7c8612705fab62c59",
"id": "bb:381",
"start_pc": 381,
"type": "basic_block"
},
{
"end_pc": 384,
"hash": "0x437c0e72570a7b974596ce247fe99128147fb65c6d5b08e1b3ee31db1c8013b2",
"id": "bb:382",
"start_pc": 382,
"type": "basic_block"
},
{
"end_pc": 392,
"hash": "0x68e48d01e3ef26971db88131f23216567405230994d66eab1a2ef73a109b9720",
"id": "bb:385",
"start_pc": 385,
"type": "basic_block"
},
{
"end_pc": 398,
"hash": "0x17f0edb652cd16120eccdef324a4523f074e1b56b02f6234698b10b8a83a01b3",
"id": "bb:393",
"start_pc": 393,
"type": "basic_block"
},
{
"end_pc": 564,
"hash": "0xe16d8a695e81b7cf2b6133aabc43d0b5b519d50ba5711fc7bdbf25fd6dbc8e39",
"id": "bb:399",
"start_pc": 399,
"type": "basic_block"
},
{
"end_pc": 571,
"hash": "0xc30065368939d093e455335f3b8db16f5aa99b877ed640a80320cf86ccdaee6b",
"id": "bb:565",
"start_pc": 565,
"type": "basic_block"
},
{
"end_pc": 576,
"hash": "0x87bf47615763c991a9fca741b7e537a140d488d80240cc3b1f12034d55b0eb00",
"id": "bb:572",
"start_pc": 572,
"type": "basic_block"
},
{
"end_pc": 577,
"hash": "0x3f279a03070be35943ed3a3e92d254a8fe0c5206108eac4f57f4dc39f9634130",
"id": "bb:577",
"start_pc": 577,
"type": "basic_block"
},
{
"end_pc": 580,
"hash": "0x13c3911bc10337b25667b6092e8e6b00316e88a7dd2e7b03f351d04ba5f1f0b7",
"id": "bb:578",
"start_pc": 578,
"type": "basic_block"
},
{
"end_pc": 588,
"hash": "0x95c4878a1672eab236454477bd9e24df5bca35e5db8e5d3c4c439a745dd2aadb",
"id": "bb:581",
"start_pc": 581,
"type": "basic_block"
},
{
"end_pc": 594,
"hash": "0xcb432f6ef586bdc40c330c99dc2800d47cbf04b18dde9d26d6eeeffc712e5326",
"id": "bb:589",
"start_pc": 589,
"type": "basic_block"
},
{
"end_pc": 760,
"hash": "0x83d58bddb2bd34fa1fe7b2f7ba8bd82ae1945743865ebdfe2f05cd803cf9264b",
"id": "bb:595",
"start_pc": 595,
"type": "basic_block"
},
{
"end_pc": 767,
"hash": "0x4f92488a36e9d92cb7068fda818b9181d80e12aec12555cbaf05e9201c3715fa",
"id": "bb:761",
"start_pc": 761,
"type": "basic_block"
},
{
"end_pc": 772,
"hash": "0xdb9bc02c8fd3b04c4eb348127187b065edf5f3a206bb09d8f291874d2b546e21",
"id": "bb:768",
"start_pc": 768,
"type": "basic_block"
},
{
"end_pc": 773,
"hash": "0xa576e3e5314044ff469d3a1e4c50bbf3bef0b14c728470d835e5db31cb51251c",
"id": "bb:773",
"start_pc": 773,
"type": "basic_block"
},
{
"end_pc": 776,
"hash": "0x23ef4d09f4614b36ac0b6f2905b52ebaa6e7994d7c594e9e4fb0d9e9e2d17b30",
"id": "bb:774",
"start_pc": 774,
"type": "basic_block"
},
{
"end_pc": 795,
"hash": "0xad5f2fa205744a43e8f7a87bf2140aeaed5b5a6fac5a71254ea47c07368fe049",
"id": "bb:777",
"start_pc": 777,
"type": "basic_block"
},
{
"end_pc": 833,
"hash": "0xdd20251a02b05f2f0fd41dcf2b2aaa2a6fd8500ff5a6377541111b162c89c280",
"id": "bb:796",
"start_pc": 796,
"type": "basic_block"
},
{
"end_pc": 841,
"hash": "0x3a5ff89f8bb35b2c003c7272e2a5ec8684ca29f3ce907fe26a84ee970d029fd6",
"id": "bb:834",
"start_pc": 834,
"type": "basic_block"
},
{
"end_pc": 847,
"hash": "0x88b16426e1d50b025345a80d6d679be8fee1ca48fd4a839ad5dfcf8787ae6790",
"id": "bb:842",
"start_pc": 842,
"type": "basic_block"
},
{
"end_pc": 989,
"hash": "0xdd312f7ea8a5ce7c45d562f725210d939e4ba7684dfebdc6b84284fdf6c776dd",
"id": "bb:848",
"start_pc": 848,
"type": "basic_block"
},
{
"end_pc": 994,
"hash": "0x09253aabc24fe6777550ea141394f1dbf59263013cefc54515edda86fa6e29e4",
"id": "bb:990",
"start_pc": 990,
"type": "basic_block"
},
{
"end_pc": 995,
"hash": "0x55f7921f5a50e583f04b3a797418158fb8e24aa912c801684bad2b038d12fc22",
"id": "bb:995",
"start_pc": 995,
"type": "basic_block"
},
{
"end_pc": 999,
"hash": "0x06bd0f36c3d329e87b1cf4aff4e5d2f2bbb28a029f69c1502a934bd4f0a9466f",
"id": "bb:996",
"start_pc": 996,
"type": "basic_block"
},
{
"end_pc": 1026,
"hash": "0x6928e86e83e17da3cefe8c34283dec1c9d0f326d086f1cd00e43f278e8e37156",
"id": "bb:1000",
"start_pc": 1000,
"type": "basic_block"
},
{
"end_pc": 1113,
"hash": "0x51a23054187e398444bf111f3e3c45db27359d3117b92d1ec624b14f5d95f3a0",
"id": "bb:1027",
"start_pc": 1027,
"type": "basic_block"
},
{
"end_pc": 1138,
"hash": "0x7c8933a18f06998bd134f155803570257c482bb5accfed299926a9cddd0547c7",
"id": "bb:1114",
"start_pc": 1114,
"type": "basic_block"
},
{
"end_pc": 1370,
"hash": "0x55eb9ebb0eb0b3e89a473ff872de58a1e48bd8b10155957e15b5ba3183a5b0be",
"id": "bb:1139",
"start_pc": 1139,
"type": "basic_block"
},
{
"end_pc": 1389,
"hash": "0x194af9ba27c13d66a70116f8e75bde16ad96240f656da7f5bead56781a2807b5",
"id": "bb:1371",
"start_pc": 1371,
"type": "basic_block"
},
{
"end_pc": 1394,
"hash": "0x0754cf6b25ec342a13ad2bcd2b3671f59cb0479355548c74ca538b73f7f856cd",
"id": "bb:1390",
"start_pc": 1390,
"type": "basic_block"
},
{
"end_pc": 1397,
"hash": "0x010d280bf5818d598b06e99bde4b509a712e8b2b8a4316b3fb9d8d6b5ca5b025",
"id": "bb:1395",
"start_pc": 1395,
"type": "basic_block"
},
{
"id": "call:559",
"opcode": "CALL",
"pc": 559,
"type": "callsite"
},
{
"id": "call:755",
"opcode": "CALL",
"pc": 755,
"type": "callsite"
},
{
"id": "call:1365",
"opcode": "CALL",
"pc": 1365,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": 2115875489,
"id": "fn:0x0861cda7",
"selector": "0x0861cda7",
"type": "function"
},
{
"entry_pc": 2635171696,
"id": "fn:0x7e1db2a1",
"selector": "0x7e1db2a1",
"type": "function"
},
{
"entry_pc": 2747307588,
"id": "fn:0x9d118770",
"selector": "0x9d118770",
"type": "function"
},
{
"entry_pc": 3256901345,
"id": "fn:0xa3c09644",
"selector": "0xa3c09644",
"type": "function"
},
{
"entry_pc": 3578918401,
"id": "fn:0xc2205ee1",
"selector": "0xc2205ee1",
"type": "function"
},
{
"entry_pc": null,
"id": "fn:0xd551f601",
"selector": "0xd551f601",
"type": "function"
}
],
"version": "capability_graph_v1"
}
exec
/bin/bash -lc "jq '.artifact.compiler_json, .artifact.is_proxy, .artifact.implementation_address, (.artifact.runtime_bytecode | strlen)' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
exited 3 in 0ms:
jq: error: strlen/0 is not defined at <top-level>, line 1:
.artifact.compiler_json, .artifact.is_proxy, .artifact.implementation_address, (.artifact.runtime_bytecode | strlen)
jq: 1 compile error
exec
/bin/bash -lc "jq '.artifact.verified_source' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
false
exec
/bin/bash -lc "jq '.artifact.compiler_json, .artifact.is_proxy, .artifact.implementation_address, (.artifact.runtime_bytecode | length)' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"etherscan": {
"skipped": true
}
}
false
null
5
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode[0:120]' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
exited 5 in 0ms:
jq: error (at BYTECODE_BUNDLE.json:2727): Cannot index object with object
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
{
"full": "0x60606040523615610074576000357c0100000000000000000000000000000000000000000000000000000000900480630861cda7146100765780637e1db2a11461008e5780639d118770146100af578063a3c09644146100c7578063c2205ee1146100df578063d551f6011461011857610074565b005b61008c6004808035906020019091905050610181565b005b6100ad6004808035906020019091908035906020019091905050610342565b005b6100c56004808035906020019091905050610245565b005b6100dd600480803590602001909190505061013b565b005b6100ec600480505061031c565b604051808273ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6101256004805050610309565b6040518082815260200191505060405180910390f35b6101436103e8565b156101785780600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff0219169083021790555061017d565b610002565b5b50565b6101896103e8565b1561023c57600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166321e5383a3383604051837c0100000000000000000000000000000000000000000000000000000000028152600401808373ffffffffffffffffffffffffffffffffffffffff168152602001828152602001925050506000604051808303816000876161da5a03f11561000257505050610241565b610002565b5b50565b61024d6103e8565b1561030057600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663cf8eeb7e3383604051837c0100000000000000000000000000000000000000000000000000000000028152600401808373ffffffffffffffffffffffffffffffffffffffff168152602001828152602001925050506000604051808303816000876161da5a03f11561000257505050610305565b610002565b5b50565b600060009054906101000a900460ff1681565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b61034a6103e8565b156103de5781600060016101000a81548173ffffffffffffffffffffffffffffffffffffffff0219169083021790555080600060006101000a81548160ff02191690830217905550808273ffffffffffffffffffffffffffffffffffffffff167fb96a5204da93e5d7ddd5b0c2616fd5f76322b9c383c5010b94fdc3df11b7be5260405180905060405180910390a36103e3565b610002565b5b5050565b60006000600060009054906101000a900460ff16141561045a57600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16149050610573565b6001600060009054906101000a900460ff16141561056e57600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663b700961333306000357fffffffff0000000000000000000000000000000000000000000000000000000016604051847c0100000000000000000000000000000000000000000000000000000000028152600401808473ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff16815260200182815260200193505050506020604051808303816000876161da5a03f11561000257505050604051805190602001509050610573565b610002565b9056",
"head": null,
"length": 2798,
"tail": null,
"truncated": false
}
exec
/bin/bash -lc "jq '.artifact.runtime_bytecode | type' BYTECODE_BUNDLE.json" in /tmp/codex-crfh82d3
succeeded in 0ms:
"object"
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
obj=json.loads(Path('BYTECODE_BUNDLE.json').read_text())
bytecode=obj['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
code=bytes.fromhex(bytecode)
ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
for i in range(1,33):
ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
ops[0x7f+i]=f'DUP{i}'
for i in range(1,17):
ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
ops[0xa0+i]=f'LOG{i}'
pcs_to_show={315,323,329,376,381,382,385,393,399,559,565,572,577,578,581,589,595,755,761,768,773,774,777,796,834,842,848,990,995,996,1000,1027,1084,1114,1139,1365,1371,1390,1395}
# Print full disassembly with markers around regions.
pc=0
while pc < len(code):
op=code[pc]
name=ops.get(op, f'OP_{op:02x}')
line=f'{pc:04x}: {name}'
start=pc
pc +=1
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc:pc+n]
line += ' 0x'+data.hex()
pc += n
if start in pcs_to_show or any(start>=x-8 and start<=x+8 for x in pcs_to_show):
print(line)
PY" in /tmp/codex-crfh82d3
succeeded in 0ms:
0133: PUSH1 0x40
0135: MLOAD
0136: DUP1
0137: SWAP2
0138: SUB
0139: SWAP1
013a: RETURN
013b: JUMPDEST
013c: PUSH2 0x0143
013f: PUSH2 0x03e8
0142: JUMP
0143: JUMPDEST
0144: ISZERO
0145: PUSH2 0x0178
0148: JUMPI
0149: DUP1
014a: PUSH1 0x01
014c: PUSH1 0x00
014e: PUSH2 0x0100
0151: EXP
0170: OR
0171: SWAP1
0172: SSTORE
0173: POP
0174: PUSH2 0x017d
0177: JUMP
0178: JUMPDEST
0179: PUSH2 0x0002
017c: JUMP
017d: JUMPDEST
017e: JUMPDEST
017f: POP
0180: JUMP
0181: JUMPDEST
0182: PUSH2 0x0189
0185: PUSH2 0x03e8
0188: JUMP
0189: JUMPDEST
018a: ISZERO
018b: PUSH2 0x023c
018e: JUMPI
018f: PUSH1 0x01
0191: PUSH1 0x00
0193: SWAP1
0194: SLOAD
0195: SWAP1
0196: PUSH2 0x0100
0227: PUSH1 0x00
0229: DUP8
022a: PUSH2 0x61da
022d: GAS
022e: SUB
022f: CALL
0230: ISZERO
0231: PUSH2 0x0002
0234: JUMPI
0235: POP
0236: POP
0237: POP
0238: PUSH2 0x0241
023b: JUMP
023c: JUMPDEST
023d: PUSH2 0x0002
0240: JUMP
0241: JUMPDEST
0242: JUMPDEST
0243: POP
0244: JUMP
0245: JUMPDEST
0246: PUSH2 0x024d
0249: PUSH2 0x03e8
024c: JUMP
024d: JUMPDEST
024e: ISZERO
024f: PUSH2 0x0300
0252: JUMPI
0253: PUSH1 0x01
0255: PUSH1 0x00
0257: SWAP1
0258: SLOAD
0259: SWAP1
025a: PUSH2 0x0100
02eb: PUSH1 0x00
02ed: DUP8
02ee: PUSH2 0x61da
02f1: GAS
02f2: SUB
02f3: CALL
02f4: ISZERO
02f5: PUSH2 0x0002
02f8: JUMPI
02f9: POP
02fa: POP
02fb: POP
02fc: PUSH2 0x0305
02ff: JUMP
0300: JUMPDEST
0301: PUSH2 0x0002
0304: JUMP
0305: JUMPDEST
0306: JUMPDEST
0307: POP
0308: JUMP
0309: JUMPDEST
030a: PUSH1 0x00
030c: PUSH1 0x00
030e: SWAP1
030f: SLOAD
0310: SWAP1
0311: PUSH2 0x0100
0314: EXP
0315: SWAP1
0316: DIV
0317: PUSH1 0xff
0319: AND
031a: DUP2
031b: JUMP
031c: JUMPDEST
031d: PUSH1 0x00
031f: PUSH1 0x01
0321: SWAP1
0322: SLOAD
0323: SWAP1
0324: PUSH2 0x0100
033f: AND
0340: DUP2
0341: JUMP
0342: JUMPDEST
0343: PUSH2 0x034a
0346: PUSH2 0x03e8
0349: JUMP
034a: JUMPDEST
034b: ISZERO
034c: PUSH2 0x03de
034f: JUMPI
0350: DUP2
0351: PUSH1 0x00
0353: PUSH1 0x01
0355: PUSH2 0x0100
0358: EXP
03d6: SWAP2
03d7: SUB
03d8: SWAP1
03d9: LOG3
03da: PUSH2 0x03e3
03dd: JUMP
03de: JUMPDEST
03df: PUSH2 0x0002
03e2: JUMP
03e3: JUMPDEST
03e4: JUMPDEST
03e5: POP
03e6: POP
03e7: JUMP
03e8: JUMPDEST
03e9: PUSH1 0x00
03eb: PUSH1 0x00
03ed: PUSH1 0x00
03ef: PUSH1 0x00
03fc: AND
03fd: EQ
03fe: ISZERO
03ff: PUSH2 0x045a
0402: JUMPI
0403: PUSH1 0x00
0405: PUSH1 0x01
0407: SWAP1
0408: SLOAD
0409: SWAP1
040a: PUSH2 0x0100
043b: AND
043c: CALLER
043d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0452: AND
0453: EQ
0454: SWAP1
0455: POP
0456: PUSH2 0x0573
0459: JUMP
045a: JUMPDEST
045b: PUSH1 0x01
045d: PUSH1 0x00
045f: PUSH1 0x00
0461: SWAP1
0462: SLOAD
046c: AND
046d: EQ
046e: ISZERO
046f: PUSH2 0x056e
0472: JUMPI
0473: PUSH1 0x00
0475: PUSH1 0x01
0477: SWAP1
0478: SLOAD
0479: SWAP1
047a: PUSH2 0x0100
054d: PUSH1 0x00
054f: DUP8
0550: PUSH2 0x61da
0553: GAS
0554: SUB
0555: CALL
0556: ISZERO
0557: PUSH2 0x0002
055a: JUMPI
055b: POP
055c: POP
055d: POP
055e: PUSH1 0x40
0560: MLOAD
0561: DUP1
0562: MLOAD
0563: SWAP1
0566: ADD
0567: POP
0568: SWAP1
0569: POP
056a: PUSH2 0x0573
056d: JUMP
056e: JUMPDEST
056f: PUSH2 0x0002
0572: JUMP
0573: JUMPDEST
0574: SWAP1
0575: JUMP
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
obj=json.loads(Path('BYTECODE_BUNDLE.json').read_text())
code=bytes.fromhex(obj['artifact']['runtime_bytecode']['full'][2:])
ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
for i in range(1,33): ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17): ops[0x7f+i]=f'DUP{i}'
for i in range(1,17): ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5): ops[0xa0+i]=f'LOG{i}'
def dis(start,end):
pc=start
while pc<=end and pc < len(code):
op=code[pc]; name=ops.get(op,f'OP_{op:02x}'); line=f'{pc:04x}: {name}'; pc+=1
if 0x60<=op<=0x7f:
n=op-0x5f; data=code[pc:pc+n]; line += ' 0x'+data.hex(); pc+=n
print(line)
print('=== 0x03e8-0x0575 ===')
dis(0x03e8,0x0575)
PY" in /tmp/codex-crfh82d3
succeeded in 0ms:
=== 0x03e8-0x0575 ===
03e8: JUMPDEST
03e9: PUSH1 0x00
03eb: PUSH1 0x00
03ed: PUSH1 0x00
03ef: PUSH1 0x00
03f1: SWAP1
03f2: SLOAD
03f3: SWAP1
03f4: PUSH2 0x0100
03f7: EXP
03f8: SWAP1
03f9: DIV
03fa: PUSH1 0xff
03fc: AND
03fd: EQ
03fe: ISZERO
03ff: PUSH2 0x045a
0402: JUMPI
0403: PUSH1 0x00
0405: PUSH1 0x01
0407: SWAP1
0408: SLOAD
0409: SWAP1
040a: PUSH2 0x0100
040d: EXP
040e: SWAP1
040f: DIV
0410: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0425: AND
0426: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
043b: AND
043c: CALLER
043d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0452: AND
0453: EQ
0454: SWAP1
0455: POP
0456: PUSH2 0x0573
0459: JUMP
045a: JUMPDEST
045b: PUSH1 0x01
045d: PUSH1 0x00
045f: PUSH1 0x00
0461: SWAP1
0462: SLOAD
0463: SWAP1
0464: PUSH2 0x0100
0467: EXP
0468: SWAP1
0469: DIV
046a: PUSH1 0xff
046c: AND
046d: EQ
046e: ISZERO
046f: PUSH2 0x056e
0472: JUMPI
0473: PUSH1 0x00
0475: PUSH1 0x01
0477: SWAP1
0478: SLOAD
0479: SWAP1
047a: PUSH2 0x0100
047d: EXP
047e: SWAP1
047f: DIV
0480: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0495: AND
0496: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
04ab: AND
04ac: PUSH4 0xb7009613
04b1: CALLER
04b2: ADDRESS
04b3: PUSH1 0x00
04b5: CALLDATALOAD
04b6: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
04d7: AND
04d8: PUSH1 0x40
04da: MLOAD
04db: DUP5
04dc: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
04fa: MUL
04fb: DUP2
04fc: MSTORE
04fd: PUSH1 0x04
04ff: ADD
0500: DUP1
0501: DUP5
0502: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0517: AND
0518: DUP2
0519: MSTORE
051a: PUSH1 0x20
051c: ADD
051d: DUP4
051e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0533: AND
0534: DUP2
0535: MSTORE
0536: PUSH1 0x20
0538: ADD
0539: DUP3
053a: DUP2
053b: MSTORE
053c: PUSH1 0x20
053e: ADD
053f: SWAP4
0540: POP
0541: POP
0542: POP
0543: POP
0544: PUSH1 0x20
0546: PUSH1 0x40
0548: MLOAD
0549: DUP1
054a: DUP4
054b: SUB
054c: DUP2
054d: PUSH1 0x00
054f: DUP8
0550: PUSH2 0x61da
0553: GAS
0554: SUB
0555: CALL
0556: ISZERO
0557: PUSH2 0x0002
055a: JUMPI
055b: POP
055c: POP
055d: POP
055e: PUSH1 0x40
0560: MLOAD
0561: DUP1
0562: MLOAD
0563: SWAP1
0564: PUSH1 0x20
0566: ADD
0567: POP
0568: SWAP1
0569: POP
056a: PUSH2 0x0573
056d: JUMP
056e: JUMPDEST
056f: PUSH2 0x0002
0572: JUMP
0573: JUMPDEST
0574: SWAP1
0575: JUMP
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
obj=json.loads(Path('BYTECODE_BUNDLE.json').read_text())
code=bytes.fromhex(obj['artifact']['runtime_bytecode']['full'][2:])
ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
for i in range(1,33): ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17): ops[0x7f+i]=f'DUP{i}'
for i in range(1,17): ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5): ops[0xa0+i]=f'LOG{i}'
def dis(start,end):
pc=start
while pc<=end and pc < len(code):
op=code[pc]; name=ops.get(op,f'OP_{op:02x}'); line=f'{pc:04x}: {name}'; pc+=1
if 0x60<=op<=0x7f:
n=op-0x5f; data=code[pc:pc+n]; line += ' 0x'+data.hex(); pc+=n
print(line)
print('=== 0x0342-0x03e7 ===')
dis(0x0342,0x03e7)
PY" in /tmp/codex-crfh82d3
succeeded in 0ms:
=== 0x0342-0x03e7 ===
0342: JUMPDEST
0343: PUSH2 0x034a
0346: PUSH2 0x03e8
0349: JUMP
034a: JUMPDEST
034b: ISZERO
034c: PUSH2 0x03de
034f: JUMPI
0350: DUP2
0351: PUSH1 0x00
0353: PUSH1 0x01
0355: PUSH2 0x0100
0358: EXP
0359: DUP2
035a: SLOAD
035b: DUP2
035c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0371: MUL
0372: NOT
0373: AND
0374: SWAP1
0375: DUP4
0376: MUL
0377: OR
0378: SWAP1
0379: SSTORE
037a: POP
037b: DUP1
037c: PUSH1 0x00
037e: PUSH1 0x00
0380: PUSH2 0x0100
0383: EXP
0384: DUP2
0385: SLOAD
0386: DUP2
0387: PUSH1 0xff
0389: MUL
038a: NOT
038b: AND
038c: SWAP1
038d: DUP4
038e: MUL
038f: OR
0390: SWAP1
0391: SSTORE
0392: POP
0393: DUP1
0394: DUP3
0395: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
03aa: AND
03ab: PUSH32 0xb96a5204da93e5d7ddd5b0c2616fd5f76322b9c383c5010b94fdc3df11b7be52
03cc: PUSH1 0x40
03ce: MLOAD
03cf: DUP1
03d0: SWAP1
03d1: POP
03d2: PUSH1 0x40
03d4: MLOAD
03d5: DUP1
03d6: SWAP2
03d7: SUB
03d8: SWAP1
03d9: LOG3
03da: PUSH2 0x03e3
03dd: JUMP
03de: JUMPDEST
03df: PUSH2 0x0002
03e2: JUMP
03e3: JUMPDEST
03e4: JUMPDEST
03e5: POP
03e6: POP
03e7: JUMP
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
obj=json.loads(Path('BYTECODE_BUNDLE.json').read_text())
code=bytes.fromhex(obj['artifact']['runtime_bytecode']['full'][2:])
ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
for i in range(1,33): ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17): ops[0x7f+i]=f'DUP{i}'
for i in range(1,17): ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5): ops[0xa0+i]=f'LOG{i}'
def dis(start,end):
pc=start
while pc<=end and pc < len(code):
op=code[pc]; name=ops.get(op,f'OP_{op:02x}'); line=f'{pc:04x}: {name}'; pc+=1
if 0x60<=op<=0x7f:
n=op-0x5f; data=code[pc:pc+n]; line += ' 0x'+data.hex(); pc+=n
print(line)
print('=== 0x013b-0x0180 ===')
dis(0x013b,0x0180)
print('=== 0x0181-0x0244 ===')
dis(0x0181,0x0244)
print('=== 0x0245-0x0308 ===')
dis(0x0245,0x0308)
PY" in /tmp/codex-crfh82d3
succeeded in 0ms:
=== 0x013b-0x0180 ===
013b: JUMPDEST
013c: PUSH2 0x0143
013f: PUSH2 0x03e8
0142: JUMP
0143: JUMPDEST
0144: ISZERO
0145: PUSH2 0x0178
0148: JUMPI
0149: DUP1
014a: PUSH1 0x01
014c: PUSH1 0x00
014e: PUSH2 0x0100
0151: EXP
0152: DUP2
0153: SLOAD
0154: DUP2
0155: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
016a: MUL
016b: NOT
016c: AND
016d: SWAP1
016e: DUP4
016f: MUL
0170: OR
0171: SWAP1
0172: SSTORE
0173: POP
0174: PUSH2 0x017d
0177: JUMP
0178: JUMPDEST
0179: PUSH2 0x0002
017c: JUMP
017d: JUMPDEST
017e: JUMPDEST
017f: POP
0180: JUMP
=== 0x0181-0x0244 ===
0181: JUMPDEST
0182: PUSH2 0x0189
0185: PUSH2 0x03e8
0188: JUMP
0189: JUMPDEST
018a: ISZERO
018b: PUSH2 0x023c
018e: JUMPI
018f: PUSH1 0x01
0191: PUSH1 0x00
0193: SWAP1
0194: SLOAD
0195: SWAP1
0196: PUSH2 0x0100
0199: EXP
019a: SWAP1
019b: DIV
019c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
01b1: AND
01b2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
01c7: AND
01c8: PUSH4 0x21e5383a
01cd: CALLER
01ce: DUP4
01cf: PUSH1 0x40
01d1: MLOAD
01d2: DUP4
01d3: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
01f1: MUL
01f2: DUP2
01f3: MSTORE
01f4: PUSH1 0x04
01f6: ADD
01f7: DUP1
01f8: DUP4
01f9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
020e: AND
020f: DUP2
0210: MSTORE
0211: PUSH1 0x20
0213: ADD
0214: DUP3
0215: DUP2
0216: MSTORE
0217: PUSH1 0x20
0219: ADD
021a: SWAP3
021b: POP
021c: POP
021d: POP
021e: PUSH1 0x00
0220: PUSH1 0x40
0222: MLOAD
0223: DUP1
0224: DUP4
0225: SUB
0226: DUP2
0227: PUSH1 0x00
0229: DUP8
022a: PUSH2 0x61da
022d: GAS
022e: SUB
022f: CALL
0230: ISZERO
0231: PUSH2 0x0002
0234: JUMPI
0235: POP
0236: POP
0237: POP
0238: PUSH2 0x0241
023b: JUMP
023c: JUMPDEST
023d: PUSH2 0x0002
0240: JUMP
0241: JUMPDEST
0242: JUMPDEST
0243: POP
0244: JUMP
=== 0x0245-0x0308 ===
0245: JUMPDEST
0246: PUSH2 0x024d
0249: PUSH2 0x03e8
024c: JUMP
024d: JUMPDEST
024e: ISZERO
024f: PUSH2 0x0300
0252: JUMPI
0253: PUSH1 0x01
0255: PUSH1 0x00
0257: SWAP1
0258: SLOAD
0259: SWAP1
025a: PUSH2 0x0100
025d: EXP
025e: SWAP1
025f: DIV
0260: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0275: AND
0276: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
028b: AND
028c: PUSH4 0xcf8eeb7e
0291: CALLER
0292: DUP4
0293: PUSH1 0x40
0295: MLOAD
0296: DUP4
0297: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
02b5: MUL
02b6: DUP2
02b7: MSTORE
02b8: PUSH1 0x04
02ba: ADD
02bb: DUP1
02bc: DUP4
02bd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
02d2: AND
02d3: DUP2
02d4: MSTORE
02d5: PUSH1 0x20
02d7: ADD
02d8: DUP3
02d9: DUP2
02da: MSTORE
02db: PUSH1 0x20
02dd: ADD
02de: SWAP3
02df: POP
02e0: POP
02e1: POP
02e2: PUSH1 0x00
02e4: PUSH1 0x40
02e6: MLOAD
02e7: DUP1
02e8: DUP4
02e9: SUB
02ea: DUP2
02eb: PUSH1 0x00
02ed: DUP8
02ee: PUSH2 0x61da
02f1: GAS
02f2: SUB
02f3: CALL
02f4: ISZERO
02f5: PUSH2 0x0002
02f8: JUMPI
02f9: POP
02fa: POP
02fb: POP
02fc: PUSH2 0x0305
02ff: JUMP
0300: JUMPDEST
0301: PUSH2 0x0002
0304: JUMP
0305: JUMPDEST
0306: JUMPDEST
0307: POP
0308: JUMP
codex
{"no_findings":false,"summary":"Bytecode analysis suggests an owner/authority-style access-control helper gates four state-changing selectors. The main meaningful issue is in the external authority path: it trusts CALL success but does not validate return data, so authorization can be bypassed if the configured authority is a non-contract or a contract that returns no boolean. No delegatecall/proxy behavior was evidenced in the supplied bundle.","findings":[{"severity":"medium","category":"auth","title":"External authority check can fail open on empty returndata","exploit_scenario":"This appears to use a two-mode auth helper: one mode compares `msg.sender` to a stored address, and another mode calls a stored external authority. If the low byte of slot 0 selects the external-authority mode and slot 1 points to an EOA, zero-code address, or a contract that returns success with empty returndata, an attacker can call protected selectors such as `0x0861cda7`, `0x7e1db2a1`, `0x9d118770`, or `0xa3c09644`. The CALL succeeds, no returndata length is checked, and the helper reads stale nonzero memory as the auth result, so the protected function proceeds.","recommendation":"Treat the external authority as valid only if `RETURNDATASIZE >= 32` and the decoded word is exactly a nonzero boolean. Reject zero-code / EOA authority addresses when the external-authority mode is enabled, or perform an `EXTCODESIZE`/codehash check before trusting the result.","evidence":"At `pc:0x03e8` the helper branches on the low byte of storage slot 0. In the external-authority branch, it builds calldata with selector `0xb7009613` and performs `CALL` at `pc:0x0555` to the address loaded from slot 1. After only checking CALL success, it immediately reads memory with `MLOAD` at `pc:0x0562` without any explicit returndata-size validation. That memory region previously held the outbound calldata (starting at the free-memory pointer), so empty returndata leaves a nonzero word in place. The protected entrypoints all consume this helper result and continue on nonzero. Selector names are inferred from bytecode only, so the exact ABI is uncertain.","locations":["pc:0x03e8","pc:0x0555","pc:0x0562","selector:0x0861cda7","selector:0x7e1db2a1","selector:0x9d118770","selector:0xa3c09644"]}]}
tokens used
64,027
{
"codex": {
"ran_at": "2026-04-05T07:31:39.535669+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 2798,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode analysis suggests an owner/authority-style access-control helper gates four state-changing selectors. The main meaningful issue is in the external authority path: it trusts CALL success but does not validate return data, so authorization can be bypassed if the configured authority is a non-contract or a contract that returns no boolean. No delegatecall/proxy behavior was evidenced in the supplied bundle.",
"raw_final": {
"summary": "Bytecode analysis suggests an owner/authority-style access-control helper gates four state-changing selectors. The main meaningful issue is in the external authority path: it trusts CALL success but does not validate return data, so authorization can be bypassed if the configured authority is a non-contract or a contract that returns no boolean. No delegatecall/proxy behavior was evidenced in the supplied bundle.",
"findings": [
{
"title": "External authority check can fail open on empty returndata",
"category": "auth",
"evidence": "At `pc:0x03e8` the helper branches on the low byte of storage slot 0. In the external-authority branch, it builds calldata with selector `0xb7009613` and performs `CALL` at `pc:0x0555` to the address loaded from slot 1. After only checking CALL success, it immediately reads memory with `MLOAD` at `pc:0x0562` without any explicit returndata-size validation. That memory region previously held the outbound calldata (starting at the free-memory pointer), so empty returndata leaves a nonzero word in place. The protected entrypoints all consume this helper result and continue on nonzero. Selector names are inferred from bytecode only, so the exact ABI is uncertain.",
"severity": "medium",
"locations": [
"pc:0x03e8",
"pc:0x0555",
"pc:0x0562",
"selector:0x0861cda7",
"selector:0x7e1db2a1",
"selector:0x9d118770",
"selector:0xa3c09644"
],
"recommendation": "Treat the external authority as valid only if `RETURNDATASIZE >= 32` and the decoded word is exactly a nonzero boolean. Reject zero-code / EOA authority addresses when the external-authority mode is enabled, or perform an `EXTCODESIZE`/codehash check before trusting the result.",
"exploit_scenario": "This appears to use a two-mode auth helper: one mode compares `msg.sender` to a stored address, and another mode calls a stored external authority. If the low byte of slot 0 selects the external-authority mode and slot 1 points to an EOA, zero-code address, or a contract that returns success with empty returndata, an attacker can call protected selectors such as `0x0861cda7`, `0x7e1db2a1`, `0x9d118770`, or `0xa3c09644`. The CALL succeeds, no returndata length is checked, and the helper reads stale nonzero memory as the auth result, so the protected function proceeds."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0074 0000000a: JUMPI 0000000b: PUSH1 0x00 0000000d: CALLDATALOAD 0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002c: SWAP1 0000002d: DIV 0000002e: DUP1 0000002f: PUSH4 0x0861cda7 00000034: EQ 00000035: PUSH2 0x0076 00000038: JUMPI 00000039: DUP1 0000003a: PUSH4 0x7e1db2a1 0000003f: EQ 00000040: PUSH2 0x008e 00000043: JUMPI 00000044: DUP1 00000045: PUSH4 0x9d118770 0000004a: EQ 0000004b: PUSH2 0x00af 0000004e: JUMPI 0000004f: DUP1 00000050: PUSH4 0xa3c09644 00000055: EQ 00000056: PUSH2 0x00c7 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0xc2205ee1 00000060: EQ 00000061: PUSH2 0x00df 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0xd551f601 0000006b: EQ 0000006c: PUSH2 0x0118 0000006f: JUMPI 00000070: PUSH2 0x0074 00000073: JUMP 00000074: JUMPDEST 00000075: STOP 00000076: JUMPDEST 00000077: PUSH2 0x008c 0000007a: PUSH1 0x04 0000007c: DUP1 0000007d: DUP1 0000007e: CALLDATALOAD 0000007f: SWAP1 00000080: PUSH1 0x20 00000082: ADD 00000083: SWAP1 00000084: SWAP2 00000085: SWAP1 00000086: POP 00000087: POP 00000088: PUSH2 0x0181 0000008b: JUMP 0000008c: JUMPDEST 0000008d: STOP 0000008e: JUMPDEST 0000008f: PUSH2 0x00ad 00000092: PUSH1 0x04 00000094: DUP1 00000095: DUP1 00000096: CALLDATALOAD 00000097: SWAP1 00000098: PUSH1 0x20 0000009a: ADD 0000009b: SWAP1 0000009c: SWAP2 0000009d: SWAP1 0000009e: DUP1 0000009f: CALLDATALOAD 000000a0: SWAP1 000000a1: PUSH1 0x20 000000a3: ADD 000000a4: SWAP1 000000a5: SWAP2 000000a6: SWAP1 000000a7: POP 000000a8: POP 000000a9: PUSH2 0x0342 000000ac: JUMP 000000ad: JUMPDEST 000000ae: STOP 000000af: JUMPDEST 000000b0: PUSH2 0x00c5 000000b3: PUSH1 0x04 000000b5: DUP1 000000b6: DUP1 000000b7: CALLDATALOAD 000000b8: SWAP1 000000b9: PUSH1 0x20 000000bb: ADD 000000bc: SWAP1 000000bd: SWAP2 000000be: SWAP1 000000bf: POP 000000c0: POP 000000c1: PUSH2 0x0245 000000c4: JUMP 000000c5: JUMPDEST 000000c6: STOP 000000c7: JUMPDEST 000000c8: PUSH2 0x00dd 000000cb: PUSH1 0x04 000000cd: DUP1 000000ce: DUP1 000000cf: CALLDATALOAD 000000d0: SWAP1 000000d1: PUSH1 0x20 000000d3: ADD 000000d4: SWAP1 000000d5: SWAP2 000000d6: SWAP1 000000d7: POP 000000d8: POP 000000d9: PUSH2 0x013b 000000dc: JUMP 000000dd: JUMPDEST 000000de: STOP 000000df: JUMPDEST 000000e0: PUSH2 0x00ec 000000e3: PUSH1 0x04 000000e5: DUP1 000000e6: POP 000000e7: POP 000000e8: PUSH2 0x031c 000000eb: JUMP 000000ec: JUMPDEST 000000ed: PUSH1 0x40 000000ef: MLOAD 000000f0: DUP1 000000f1: DUP3 000000f2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000107: AND 00000108: DUP2 00000109: MSTORE 0000010a: PUSH1 0x20 0000010c: ADD 0000010d: SWAP2 0000010e: POP 0000010f: POP 00000110: PUSH1 0x40 00000112: MLOAD 00000113: DUP1 00000114: SWAP2 00000115: SUB 00000116: SWAP1 00000117: RETURN 00000118: JUMPDEST 00000119: PUSH2 0x0125 0000011c: PUSH1 0x04 0000011e: DUP1 0000011f: POP 00000120: POP 00000121: PUSH2 0x0309 00000124: JUMP 00000125: JUMPDEST 00000126: PUSH1 0x40 00000128: MLOAD 00000129: DUP1 0000012a: DUP3 0000012b: DUP2 0000012c: MSTORE 0000012d: PUSH1 0x20 0000012f: ADD 00000130: SWAP2 00000131: POP 00000132: POP 00000133: PUSH1 0x40 00000135: MLOAD 00000136: DUP1 00000137: SWAP2 00000138: SUB 00000139: SWAP1 0000013a: RETURN 0000013b: JUMPDEST 0000013c: PUSH2 0x0143 0000013f: PUSH2 0x03e8 00000142: JUMP 00000143: JUMPDEST 00000144: ISZERO 00000145: PUSH2 0x0178 00000148: JUMPI 00000149: DUP1 0000014a: PUSH1 0x01 0000014c: PUSH1 0x00 0000014e: PUSH2 0x0100 00000151: EXP 00000152: DUP2 00000153: SLOAD 00000154: DUP2 00000155: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000016a: MUL 0000016b: NOT 0000016c: AND 0000016d: SWAP1 0000016e: DUP4 0000016f: MUL 00000170: OR 00000171: SWAP1 00000172: SSTORE 00000173: POP 00000174: PUSH2 0x017d 00000177: JUMP 00000178: JUMPDEST 00000179: PUSH2 0x0002 0000017c: JUMP 0000017d: JUMPDEST 0000017e: JUMPDEST 0000017f: POP 00000180: JUMP 00000181: JUMPDEST 00000182: PUSH2 0x0189 00000185: PUSH2 0x03e8 00000188: JUMP 00000189: JUMPDEST 0000018a: ISZERO 0000018b: PUSH2 0x023c 0000018e: JUMPI 0000018f: PUSH1 0x01 00000191: PUSH1 0x00 00000193: SWAP1 00000194: SLOAD 00000195: SWAP1 00000196: PUSH2 0x0100 00000199: EXP 0000019a: SWAP1 0000019b: DIV 0000019c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001b1: AND 000001b2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001c7: AND 000001c8: PUSH4 0x21e5383a 000001cd: CALLER 000001ce: DUP4 000001cf: PUSH1 0x40 000001d1: MLOAD 000001d2: DUP4 000001d3: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000001f1: MUL 000001f2: DUP2 000001f3: MSTORE 000001f4: PUSH1 0x04 000001f6: ADD 000001f7: DUP1 000001f8: DUP4 000001f9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000020e: AND 0000020f: DUP2 00000210: MSTORE 00000211: PUSH1 0x20 00000213: ADD 00000214: DUP3 00000215: DUP2 00000216: MSTORE 00000217: PUSH1 0x20 00000219: ADD 0000021a: SWAP3 0000021b: POP 0000021c: POP 0000021d: POP 0000021e: PUSH1 0x00 00000220: PUSH1 0x40 00000222: MLOAD 00000223: DUP1 00000224: DUP4 00000225: SUB 00000226: DUP2 00000227: PUSH1 0x00 00000229: DUP8 0000022a: PUSH2 0x61da 0000022d: GAS 0000022e: SUB 0000022f: CALL 00000230: ISZERO 00000231: PUSH2 0x0002 00000234: JUMPI 00000235: POP 00000236: POP 00000237: POP 00000238: PUSH2 0x0241 0000023b: JUMP 0000023c: JUMPDEST 0000023d: PUSH2 0x0002 00000240: JUMP 00000241: JUMPDEST 00000242: JUMPDEST 00000243: POP 00000244: JUMP 00000245: JUMPDEST 00000246: PUSH2 0x024d 00000249: PUSH2 0x03e8 0000024c: JUMP 0000024d: JUMPDEST 0000024e: ISZERO 0000024f: PUSH2 0x0300 00000252: JUMPI 00000253: PUSH1 0x01 00000255: PUSH1 0x00 00000257: SWAP1 00000258: SLOAD 00000259: SWAP1 0000025a: PUSH2 0x0100 0000025d: EXP 0000025e: SWAP1 0000025f: DIV 00000260: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000275: AND 00000276: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000028b: AND 0000028c: PUSH4 0xcf8eeb7e 00000291: CALLER 00000292: DUP4 00000293: PUSH1 0x40 00000295: MLOAD 00000296: DUP4 00000297: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000002b5: MUL 000002b6: DUP2 000002b7: MSTORE 000002b8: PUSH1 0x04 000002ba: ADD 000002bb: DUP1 000002bc: DUP4 000002bd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002d2: AND 000002d3: DUP2 000002d4: MSTORE 000002d5: PUSH1 0x20 000002d7: ADD 000002d8: DUP3 000002d9: DUP2 000002da: MSTORE 000002db: PUSH1 0x20 000002dd: ADD 000002de: SWAP3 000002df: POP 000002e0: POP 000002e1: POP 000002e2: PUSH1 0x00 000002e4: PUSH1 0x40 000002e6: MLOAD 000002e7: DUP1 000002e8: DUP4 000002e9: SUB 000002ea: DUP2 000002eb: PUSH1 0x00 000002ed: DUP8 000002ee: PUSH2 0x61da 000002f1: GAS 000002f2: SUB 000002f3: CALL 000002f4: ISZERO 000002f5: PUSH2 0x0002 000002f8: JUMPI 000002f9: POP 000002fa: POP 000002fb: POP 000002fc: PUSH2 0x0305 000002ff: JUMP 00000300: JUMPDEST 00000301: PUSH2 0x0002 00000304: JUMP 00000305: JUMPDEST 00000306: JUMPDEST 00000307: POP 00000308: JUMP 00000309: JUMPDEST 0000030a: PUSH1 0x00 0000030c: PUSH1 0x00 0000030e: SWAP1 0000030f: SLOAD 00000310: SWAP1 00000311: PUSH2 0x0100 00000314: EXP 00000315: SWAP1 00000316: DIV 00000317: PUSH1 0xff 00000319: AND 0000031a: DUP2 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH1 0x00 0000031f: PUSH1 0x01 00000321: SWAP1 00000322: SLOAD 00000323: SWAP1 00000324: PUSH2 0x0100 00000327: EXP 00000328: SWAP1 00000329: DIV 0000032a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000033f: AND 00000340: DUP2 00000341: JUMP 00000342: JUMPDEST 00000343: PUSH2 0x034a 00000346: PUSH2 0x03e8 00000349: JUMP 0000034a: JUMPDEST 0000034b: ISZERO 0000034c: PUSH2 0x03de 0000034f: JUMPI 00000350: DUP2 00000351: PUSH1 0x00 00000353: PUSH1 0x01 00000355: PUSH2 0x0100 00000358: EXP 00000359: DUP2 0000035a: SLOAD 0000035b: DUP2 0000035c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000371: MUL 00000372: NOT 00000373: AND 00000374: SWAP1 00000375: DUP4 00000376: MUL 00000377: OR 00000378: SWAP1 00000379: SSTORE 0000037a: POP 0000037b: DUP1 0000037c: PUSH1 0x00 0000037e: PUSH1 0x00 00000380: PUSH2 0x0100 00000383: EXP 00000384: DUP2 00000385: SLOAD 00000386: DUP2 00000387: PUSH1 0xff 00000389: MUL 0000038a: NOT 0000038b: AND 0000038c: SWAP1 0000038d: DUP4 0000038e: MUL 0000038f: OR 00000390: SWAP1 00000391: SSTORE 00000392: POP 00000393: DUP1 00000394: DUP3 00000395: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003aa: AND 000003ab: PUSH32 0xb96a5204da93e5d7ddd5b0c2616fd5f76322b9c383c5010b94fdc3df11b7be52 000003cc: PUSH1 0x40 000003ce: MLOAD 000003cf: DUP1 000003d0: SWAP1 000003d1: POP 000003d2: PUSH1 0x40 000003d4: MLOAD 000003d5: DUP1 000003d6: SWAP2 000003d7: SUB 000003d8: SWAP1 000003d9: LOG3 000003da: PUSH2 0x03e3 000003dd: JUMP 000003de: JUMPDEST 000003df: PUSH2 0x0002 000003e2: JUMP 000003e3: JUMPDEST 000003e4: JUMPDEST 000003e5: POP 000003e6: POP 000003e7: JUMP 000003e8: JUMPDEST 000003e9: PUSH1 0x00 000003eb: PUSH1 0x00 000003ed: PUSH1 0x00 000003ef: PUSH1 0x00 000003f1: SWAP1 000003f2: SLOAD 000003f3: SWAP1 000003f4: PUSH2 0x0100 000003f7: EXP 000003f8: SWAP1 000003f9: DIV 000003fa: PUSH1 0xff 000003fc: AND 000003fd: EQ 000003fe: ISZERO 000003ff: PUSH2 0x045a 00000402: JUMPI 00000403: PUSH1 0x00 00000405: PUSH1 0x01 00000407: SWAP1 00000408: SLOAD 00000409: SWAP1 0000040a: PUSH2 0x0100 0000040d: EXP 0000040e: SWAP1 0000040f: DIV 00000410: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000425: AND 00000426: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000043b: AND 0000043c: CALLER 0000043d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000452: AND 00000453: EQ 00000454: SWAP1 00000455: POP 00000456: PUSH2 0x0573 00000459: JUMP 0000045a: JUMPDEST 0000045b: PUSH1 0x01 0000045d: PUSH1 0x00 0000045f: PUSH1 0x00 00000461: SWAP1 00000462: SLOAD 00000463: SWAP1 00000464: PUSH2 0x0100 00000467: EXP 00000468: SWAP1 00000469: DIV 0000046a: PUSH1 0xff 0000046c: AND 0000046d: EQ 0000046e: ISZERO 0000046f: PUSH2 0x056e 00000472: JUMPI 00000473: PUSH1 0x00 00000475: PUSH1 0x01 00000477: SWAP1 00000478: SLOAD 00000479: SWAP1 0000047a: PUSH2 0x0100 0000047d: EXP 0000047e: SWAP1 0000047f: DIV 00000480: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000495: AND 00000496: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004ab: AND 000004ac: PUSH4 0xb7009613 000004b1: CALLER 000004b2: ADDRESS 000004b3: PUSH1 0x00 000004b5: CALLDATALOAD 000004b6: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 000004d7: AND 000004d8: PUSH1 0x40 000004da: MLOAD 000004db: DUP5 000004dc: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000004fa: MUL 000004fb: DUP2 000004fc: MSTORE 000004fd: PUSH1 0x04 000004ff: ADD 00000500: DUP1 00000501: DUP5 00000502: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000517: AND 00000518: DUP2 00000519: MSTORE 0000051a: PUSH1 0x20 0000051c: ADD 0000051d: DUP4 0000051e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000533: AND 00000534: DUP2 00000535: MSTORE 00000536: PUSH1 0x20 00000538: ADD 00000539: DUP3 0000053a: DUP2 0000053b: MSTORE 0000053c: PUSH1 0x20 0000053e: ADD 0000053f: SWAP4 00000540: POP 00000541: POP 00000542: POP 00000543: POP 00000544: PUSH1 0x20 00000546: PUSH1 0x40 00000548: MLOAD 00000549: DUP1 0000054a: DUP4 0000054b: SUB 0000054c: DUP2 0000054d: PUSH1 0x00 0000054f: DUP8 00000550: PUSH2 0x61da 00000553: GAS 00000554: SUB 00000555: CALL 00000556: ISZERO 00000557: PUSH2 0x0002 0000055a: JUMPI 0000055b: POP 0000055c: POP 0000055d: POP 0000055e: PUSH1 0x40 00000560: MLOAD 00000561: DUP1 00000562: MLOAD 00000563: SWAP1 00000564: PUSH1 0x20 00000566: ADD 00000567: POP 00000568: SWAP1 00000569: POP 0000056a: PUSH2 0x0573 0000056d: JUMP 0000056e: JUMPDEST 0000056f: PUSH2 0x0002 00000572: JUMP 00000573: JUMPDEST 00000574: SWAP1 00000575: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | yes | yes |
viewtrace_id: 0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7
call_targets:
0x409f95f4600ffa420d7693f87a4d73e97fc580a6, 0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x409f95f4600ffa420d7693f87a4d73e97fc580a6",
"0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x0861cda7",
"selector": "0x0861cda7",
"calldata_variants": [
"0x0861cda7",
"0x0861cda70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7e1db2a1",
"selector": "0x7e1db2a1",
"calldata_variants": [
"0x7e1db2a1",
"0x7e1db2a10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9d118770",
"selector": "0x9d118770",
"calldata_variants": [
"0x9d118770",
"0x9d1187700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa3c09644",
"selector": "0xa3c09644",
"calldata_variants": [
"0xa3c09644",
"0xa3c096440000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc2205ee1",
"selector": "0xc2205ee1",
"calldata_variants": [
"0xc2205ee1",
"0xc2205ee10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd551f601",
"selector": "0xd551f601",
"calldata_variants": [
"0xd551f601",
"0xd551f6010000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 559,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 755,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1365,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | yes | yes |
viewtrace_id: 0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7
call_targets:
0x409f95f4600ffa420d7693f87a4d73e97fc580a6, 0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x4da5b61e03b1ea50ce3187b9c8e1ddc9b00a69ca571d795d5161ddb68850cfa7",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x409f95f4600ffa420d7693f87a4d73e97fc580a6",
"0x8c4d4c40e1f6b82d0f4508bfd47f40ac2d0284cd"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x0861cda7",
"selector": "0x0861cda7",
"calldata_variants": [
"0x0861cda7",
"0x0861cda70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7e1db2a1",
"selector": "0x7e1db2a1",
"calldata_variants": [
"0x7e1db2a1",
"0x7e1db2a10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9d118770",
"selector": "0x9d118770",
"calldata_variants": [
"0x9d118770",
"0x9d1187700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa3c09644",
"selector": "0xa3c09644",
"calldata_variants": [
"0xa3c09644",
"0xa3c096440000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc2205ee1",
"selector": "0xc2205ee1",
"calldata_variants": [
"0xc2205ee1",
"0xc2205ee10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd551f601",
"selector": "0xd551f601",
"calldata_variants": [
"0xd551f601",
"0xd551f6010000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 559,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 755,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1365,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 1084,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|
| medium | auth | codex | External authority check can fail open on empty returndata | 75 | no | — |
viewevidence_json{
"evidence": "At `pc:0x03e8` the helper branches on the low byte of storage slot 0. In the external-authority branch, it builds calldata with selector `0xb7009613` and performs `CALL` at `pc:0x0555` to the address loaded from slot 1. After only checking CALL success, it immediately reads memory with `MLOAD` at `pc:0x0562` without any explicit returndata-size validation. That memory region previously held the outbound calldata (starting at the free-memory pointer), so empty returndata leaves a nonzero word in place. The protected entrypoints all consume this helper result and continue on nonzero. Selector names are inferred from bytecode only, so the exact ABI is uncertain.",
"locations": [
"pc:0x03e8",
"pc:0x0555",
"pc:0x0562",
"selector:0x0861cda7",
"selector:0x7e1db2a1",
"selector:0x9d118770",
"selector:0xa3c09644"
],
"recommendation": "Treat the external authority as valid only if `RETURNDATASIZE >= 32` and the decoded word is exactly a nonzero boolean. Reject zero-code / EOA authority addresses when the external-authority mode is enabled, or perform an `EXTCODESIZE`/codehash check before trusting the result.",
"exploit_scenario": "This appears to use a two-mode auth helper: one mode compares `msg.sender` to a stored address, and another mode calls a stored external authority. If the low byte of slot 0 selects the external-authority mode and slot 1 points to an EOA, zero-code address, or a contract that returns success with empty returndata, an attacker can call protected selectors such as `0x0861cda7`, `0x7e1db2a1`, `0x9d118770`, or `0xa3c09644`. The CALL succeeds, no returndata length is checked, and the helper reads stale nonzero memory as the auth result, so the protected function proceeds."
}
|