019b3836-5303-70a2-ac0b-5cb285890182
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 7983 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 7984 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 82431 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 82432 | capability.graph | complete | 1 / 3 | 1 week ago |
| 82433 | detector.run | complete | 1 / 3 | 1 week ago |
| 82434 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113653 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
OpenAI Codex v0.118.0 (research preview) -------- workdir: /tmp/codex-7szf_bu4 model: gpt-5.4 provider: openai approval: never sandbox: read-only reasoning effort: high reasoning summaries: none session id: 019d5c9a-74b4-7142-a0d1-fe7eff3a6395 -------- user You are a security auditor. You ONLY have runtime bytecode + analysis artifacts. You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary, evidence bundle, callsites, storage slots, and detector findings. Special cases when reasoning from bytecode (be explicit about uncertainty): - Selector inference is best-effort; missing selectors are common. - Fallback/receive paths may be the only entrypoints. - CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage. - Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative. - Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown. - Guard detection is heuristic; absence of guards does NOT mean unguarded. - Returndata checking is unknown unless explicitly shown in evidence. - Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim. Output MUST be valid JSON matching the provided schema. - If you find nothing meaningful: set no_findings=true and findings=[]. - Otherwise: set no_findings=false and include findings with severity/category/title. - Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb". Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, accounting/invariant breaks, dangerous delegatecall, and untrusted external calls. Be conservative: if evidence is weak, mark severity low/medium and explain why. warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
{
"codex": {
"ran_at": "2026-04-05T07:45:21.162864+00:00",
"returncode": 1
},
"project": {
"mode": "bytecode",
"bytecode_length": 3690,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": null,
"no_findings": null,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00e5 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x00e7 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x0144 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x014d 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x45f09140 0000003b: EQ 0000003c: PUSH2 0x0159 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x492f12af 00000046: EQ 00000047: PUSH2 0x017d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x4958abb7 00000051: EQ 00000052: PUSH2 0x0190 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x5a3b7e42 0000005c: EQ 0000005d: PUSH2 0x01b1 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0x70a08231 00000067: EQ 00000068: PUSH2 0x020e 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0x8da5cb5b 00000072: EQ 00000073: PUSH2 0x0226 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0x95d89b41 0000007d: EQ 0000007e: PUSH2 0x0238 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0x97a5d5b5 00000088: EQ 00000089: PUSH2 0x0294 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0x9d7e2730 00000093: EQ 00000094: PUSH2 0x02ac 00000097: JUMPI 00000098: DUP1 00000099: PUSH4 0xa9059cbb 0000009e: EQ 0000009f: PUSH2 0x02d0 000000a2: JUMPI 000000a3: DUP1 000000a4: PUSH4 0xe343fea6 000000a9: EQ 000000aa: PUSH2 0x030a 000000ad: JUMPI 000000ae: DUP1 000000af: PUSH4 0xf2fde38b 000000b4: EQ 000000b5: PUSH2 0x031b 000000b8: JUMPI 000000b9: DUP1 000000ba: PUSH4 0xfa6f1c7d 000000bf: EQ 000000c0: PUSH2 0x033c 000000c3: JUMPI 000000c4: DUP1 000000c5: PUSH4 0xfde9ffd7 000000ca: EQ 000000cb: PUSH2 0x034e 000000ce: JUMPI 000000cf: DUP1 000000d0: PUSH4 0xff2ea505 000000d5: EQ 000000d6: PUSH2 0x036f 000000d9: JUMPI 000000da: DUP1 000000db: PUSH4 0xffa3e903 000000e0: EQ 000000e1: PUSH2 0x0390 000000e4: JUMPI 000000e5: JUMPDEST 000000e6: STOP 000000e7: JUMPDEST 000000e8: PUSH2 0x03b4 000000eb: PUSH1 0x05 000000ed: DUP1 000000ee: SLOAD 000000ef: PUSH1 0x20 000000f1: PUSH1 0x02 000000f3: PUSH1 0x01 000000f5: DUP4 000000f6: AND 000000f7: ISZERO 000000f8: PUSH2 0x0100 000000fb: MUL 000000fc: PUSH1 0x00 000000fe: NOT 000000ff: ADD 00000100: SWAP1 00000101: SWAP3 00000102: AND 00000103: SWAP2 00000104: SWAP1 00000105: SWAP2 00000106: DIV 00000107: PUSH1 0x1f 00000109: DUP2 0000010a: ADD 0000010b: DUP3 0000010c: SWAP1 0000010d: DIV 0000010e: SWAP1 0000010f: SWAP2 00000110: MUL 00000111: PUSH1 0x80 00000113: SWAP1 00000114: DUP2 00000115: ADD 00000116: PUSH1 0x40 00000118: MSTORE 00000119: PUSH1 0x60 0000011b: DUP3 0000011c: DUP2 0000011d: MSTORE 0000011e: SWAP3 0000011f: SWAP2 00000120: SWAP1 00000121: DUP3 00000122: DUP3 00000123: DUP1 00000124: ISZERO 00000125: PUSH2 0x0463 00000128: JUMPI 00000129: DUP1 0000012a: PUSH1 0x1f 0000012c: LT 0000012d: PUSH2 0x0438 00000130: JUMPI 00000131: PUSH2 0x0100 00000134: DUP1 00000135: DUP4 00000136: SLOAD 00000137: DIV 00000138: MUL 00000139: DUP4 0000013a: MSTORE 0000013b: SWAP2 0000013c: PUSH1 0x20 0000013e: ADD 0000013f: SWAP2 00000140: PUSH2 0x0463 00000143: JUMP 00000144: JUMPDEST 00000145: PUSH2 0x0422 00000148: PUSH1 0x03 0000014a: SLOAD 0000014b: DUP2 0000014c: JUMP 0000014d: JUMPDEST 0000014e: PUSH2 0x0422 00000151: PUSH1 0x07 00000153: SLOAD 00000154: PUSH1 0xff 00000156: AND 00000157: DUP2 00000158: JUMP 00000159: JUMPDEST 0000015a: PUSH2 0x00e5 0000015d: PUSH1 0x04 0000015f: CALLDATALOAD 00000160: PUSH1 0x24 00000162: CALLDATALOAD 00000163: PUSH1 0x00 00000165: SLOAD 00000166: CALLER 00000167: PUSH1 0x01 00000169: PUSH1 0xa0 0000016b: PUSH1 0x02 0000016d: EXP 0000016e: SUB 0000016f: SWAP1 00000170: DUP2 00000171: AND 00000172: SWAP2 00000173: AND 00000174: EQ 00000175: PUSH2 0x04c7 00000178: JUMPI 00000179: PUSH2 0x0002 0000017c: JUMP 0000017d: JUMPDEST 0000017e: PUSH2 0x042c 00000181: PUSH1 0x07 00000183: SLOAD 00000184: PUSH4 0x01000000 00000189: SWAP1 0000018a: DIV 0000018b: PUSH1 0xff 0000018d: AND 0000018e: DUP2 0000018f: JUMP 00000190: JUMPDEST 00000191: PUSH2 0x00e5 00000194: PUSH1 0x04 00000196: CALLDATALOAD 00000197: PUSH1 0x00 00000199: SLOAD 0000019a: CALLER 0000019b: PUSH1 0x01 0000019d: PUSH1 0xa0 0000019f: PUSH1 0x02 000001a1: EXP 000001a2: SUB 000001a3: SWAP1 000001a4: DUP2 000001a5: AND 000001a6: SWAP2 000001a7: AND 000001a8: EQ 000001a9: PUSH2 0x04ee 000001ac: JUMPI 000001ad: PUSH2 0x0002 000001b0: JUMP 000001b1: JUMPDEST 000001b2: PUSH2 0x03b4 000001b5: PUSH1 0x04 000001b7: DUP1 000001b8: SLOAD 000001b9: PUSH1 0x20 000001bb: PUSH1 0x02 000001bd: PUSH1 0x01 000001bf: DUP4 000001c0: AND 000001c1: ISZERO 000001c2: PUSH2 0x0100 000001c5: MUL 000001c6: PUSH1 0x00 000001c8: NOT 000001c9: ADD 000001ca: SWAP1 000001cb: SWAP3 000001cc: AND 000001cd: SWAP2 000001ce: SWAP1 000001cf: SWAP2 000001d0: DIV 000001d1: PUSH1 0x1f 000001d3: DUP2 000001d4: ADD 000001d5: DUP3 000001d6: SWAP1 000001d7: DIV 000001d8: SWAP1 000001d9: SWAP2 000001da: MUL 000001db: PUSH1 0x80 000001dd: SWAP1 000001de: DUP2 000001df: ADD 000001e0: PUSH1 0x40 000001e2: MSTORE 000001e3: PUSH1 0x60 000001e5: DUP3 000001e6: DUP2 000001e7: MSTORE 000001e8: SWAP3 000001e9: SWAP2 000001ea: SWAP1 000001eb: DUP3 000001ec: DUP3 000001ed: DUP1 000001ee: ISZERO 000001ef: PUSH2 0x0463 000001f2: JUMPI 000001f3: DUP1 000001f4: PUSH1 0x1f 000001f6: LT 000001f7: PUSH2 0x0438 000001fa: JUMPI 000001fb: PUSH2 0x0100 000001fe: DUP1 000001ff: DUP4 00000200: SLOAD 00000201: DIV 00000202: MUL 00000203: DUP4 00000204: MSTORE 00000205: SWAP2 00000206: PUSH1 0x20 00000208: ADD 00000209: SWAP2 0000020a: PUSH2 0x0463 0000020d: JUMP 0000020e: JUMPDEST 0000020f: PUSH2 0x0422 00000212: PUSH1 0x04 00000214: CALLDATALOAD 00000215: PUSH1 0x01 00000217: PUSH1 0x20 00000219: MSTORE 0000021a: PUSH1 0x00 0000021c: SWAP1 0000021d: DUP2 0000021e: MSTORE 0000021f: PUSH1 0x40 00000221: SWAP1 00000222: KECCAK256 00000223: SLOAD 00000224: DUP2 00000225: JUMP 00000226: JUMPDEST 00000227: PUSH2 0x0422 0000022a: PUSH1 0x00 0000022c: SLOAD 0000022d: PUSH1 0x01 0000022f: PUSH1 0xa0 00000231: PUSH1 0x02 00000233: EXP 00000234: SUB 00000235: AND 00000236: DUP2 00000237: JUMP 00000238: JUMPDEST 00000239: PUSH2 0x03b4 0000023c: PUSH1 0x06 0000023e: DUP1 0000023f: SLOAD 00000240: PUSH1 0x20 00000242: PUSH1 0x1f 00000244: PUSH1 0x02 00000246: PUSH1 0x00 00000248: NOT 00000249: PUSH1 0x01 0000024b: DUP6 0000024c: AND 0000024d: ISZERO 0000024e: PUSH2 0x0100 00000251: MUL 00000252: ADD 00000253: SWAP1 00000254: SWAP4 00000255: AND 00000256: SWAP3 00000257: SWAP1 00000258: SWAP3 00000259: DIV 0000025a: SWAP2 0000025b: DUP3 0000025c: ADD 0000025d: DUP2 0000025e: SWAP1 0000025f: DIV 00000260: MUL 00000261: PUSH1 0x80 00000263: SWAP1 00000264: DUP2 00000265: ADD 00000266: PUSH1 0x40 00000268: MSTORE 00000269: PUSH1 0x60 0000026b: DUP3 0000026c: DUP2 0000026d: MSTORE 0000026e: SWAP3 0000026f: SWAP2 00000270: SWAP1 00000271: DUP3 00000272: DUP3 00000273: DUP1 00000274: ISZERO 00000275: PUSH2 0x0463 00000278: JUMPI 00000279: DUP1 0000027a: PUSH1 0x1f 0000027c: LT 0000027d: PUSH2 0x0438 00000280: JUMPI 00000281: PUSH2 0x0100 00000284: DUP1 00000285: DUP4 00000286: SLOAD 00000287: DIV 00000288: MUL 00000289: DUP4 0000028a: MSTORE 0000028b: SWAP2 0000028c: PUSH1 0x20 0000028e: ADD 0000028f: SWAP2 00000290: PUSH2 0x0463 00000293: JUMP 00000294: JUMPDEST 00000295: PUSH2 0x0422 00000298: PUSH1 0x04 0000029a: CALLDATALOAD 0000029b: PUSH1 0x02 0000029d: PUSH1 0x20 0000029f: MSTORE 000002a0: PUSH1 0x00 000002a2: SWAP1 000002a3: DUP2 000002a4: MSTORE 000002a5: PUSH1 0x40 000002a7: SWAP1 000002a8: KECCAK256 000002a9: SLOAD 000002aa: DUP2 000002ab: JUMP 000002ac: JUMPDEST 000002ad: PUSH2 0x00e5 000002b0: PUSH1 0x04 000002b2: CALLDATALOAD 000002b3: PUSH1 0x24 000002b5: CALLDATALOAD 000002b6: PUSH1 0x00 000002b8: SLOAD 000002b9: CALLER 000002ba: PUSH1 0x01 000002bc: PUSH1 0xa0 000002be: PUSH1 0x02 000002c0: EXP 000002c1: SUB 000002c2: SWAP1 000002c3: DUP2 000002c4: AND 000002c5: SWAP2 000002c6: AND 000002c7: EQ 000002c8: PUSH2 0x0504 000002cb: JUMPI 000002cc: PUSH2 0x0002 000002cf: JUMP 000002d0: JUMPDEST 000002d1: PUSH2 0x00e5 000002d4: PUSH1 0x04 000002d6: CALLDATALOAD 000002d7: PUSH1 0x24 000002d9: CALLDATALOAD 000002da: PUSH1 0x00 000002dc: DUP2 000002dd: LT 000002de: DUP1 000002df: PUSH2 0x0300 000002e2: JUMPI 000002e3: POP 000002e4: CALLER 000002e5: PUSH1 0x01 000002e7: PUSH1 0xa0 000002e9: PUSH1 0x02 000002eb: EXP 000002ec: SUB 000002ed: AND 000002ee: PUSH1 0x00 000002f0: SWAP1 000002f1: DUP2 000002f2: MSTORE 000002f3: PUSH1 0x01 000002f5: PUSH1 0x20 000002f7: MSTORE 000002f8: PUSH1 0x40 000002fa: SWAP1 000002fb: KECCAK256 000002fc: SLOAD 000002fd: DUP2 000002fe: SWAP1 000002ff: LT 00000300: JUMPDEST 00000301: ISZERO 00000302: PUSH2 0x055f 00000305: JUMPI 00000306: PUSH2 0x0002 00000309: JUMP 0000030a: JUMPDEST 0000030b: PUSH2 0x042c 0000030e: PUSH1 0x07 00000310: SLOAD 00000311: PUSH2 0x0100 00000314: SWAP1 00000315: DIV 00000316: PUSH1 0xff 00000318: AND 00000319: DUP2 0000031a: JUMP 0000031b: JUMPDEST 0000031c: PUSH2 0x00e5 0000031f: PUSH1 0x04 00000321: CALLDATALOAD 00000322: PUSH1 0x00 00000324: SLOAD 00000325: CALLER 00000326: PUSH1 0x01 00000328: PUSH1 0xa0 0000032a: PUSH1 0x02 0000032c: EXP 0000032d: SUB 0000032e: SWAP1 0000032f: DUP2 00000330: AND 00000331: SWAP2 00000332: AND 00000333: EQ 00000334: PUSH2 0x06c4 00000337: JUMPI 00000338: PUSH2 0x0002 0000033b: JUMP 0000033c: JUMPDEST 0000033d: PUSH2 0x042c 00000340: PUSH1 0x07 00000342: SLOAD 00000343: PUSH3 0x010000 00000347: SWAP1 00000348: DIV 00000349: PUSH1 0xff 0000034b: AND 0000034c: DUP2 0000034d: JUMP 0000034e: JUMPDEST 0000034f: PUSH2 0x00e5 00000352: PUSH1 0x04 00000354: CALLDATALOAD 00000355: PUSH1 0x00 00000357: SLOAD 00000358: CALLER 00000359: PUSH1 0x01 0000035b: PUSH1 0xa0 0000035d: PUSH1 0x02 0000035f: EXP 00000360: SUB 00000361: SWAP1 00000362: DUP2 00000363: AND 00000364: SWAP2 00000365: AND 00000366: EQ 00000367: PUSH2 0x06e6 0000036a: JUMPI 0000036b: PUSH2 0x0002 0000036e: JUMP 0000036f: JUMPDEST 00000370: PUSH2 0x00e5 00000373: PUSH1 0x04 00000375: CALLDATALOAD 00000376: PUSH1 0x00 00000378: SLOAD 00000379: CALLER 0000037a: PUSH1 0x01 0000037c: PUSH1 0xa0 0000037e: PUSH1 0x02 00000380: EXP 00000381: SUB 00000382: SWAP1 00000383: DUP2 00000384: AND 00000385: SWAP2 00000386: AND 00000387: EQ 00000388: PUSH2 0x06fe 0000038b: JUMPI 0000038c: PUSH2 0x0002 0000038f: JUMP 00000390: JUMPDEST 00000391: PUSH2 0x00e5 00000394: PUSH1 0x04 00000396: CALLDATALOAD 00000397: PUSH1 0x24 00000399: CALLDATALOAD 0000039a: PUSH1 0x00 0000039c: SLOAD 0000039d: CALLER 0000039e: PUSH1 0x01 000003a0: PUSH1 0xa0 000003a2: PUSH1 0x02 000003a4: EXP 000003a5: SUB 000003a6: SWAP1 000003a7: DUP2 000003a8: AND 000003a9: SWAP2 000003aa: AND 000003ab: EQ 000003ac: PUSH2 0x0718 000003af: JUMPI 000003b0: PUSH2 0x0002 000003b3: JUMP 000003b4: JUMPDEST 000003b5: PUSH1 0x40 000003b7: MLOAD 000003b8: DUP1 000003b9: DUP1 000003ba: PUSH1 0x20 000003bc: ADD 000003bd: DUP3 000003be: DUP2 000003bf: SUB 000003c0: DUP3 000003c1: MSTORE 000003c2: DUP4 000003c3: DUP2 000003c4: DUP2 000003c5: MLOAD 000003c6: DUP2 000003c7: MSTORE 000003c8: PUSH1 0x20 000003ca: ADD 000003cb: SWAP2 000003cc: POP 000003cd: DUP1 000003ce: MLOAD 000003cf: SWAP1 000003d0: PUSH1 0x20 000003d2: ADD 000003d3: SWAP1 000003d4: DUP1 000003d5: DUP4 000003d6: DUP4 000003d7: DUP3 000003d8: SWAP1 000003d9: PUSH1 0x00 000003db: PUSH1 0x04 000003dd: PUSH1 0x20 000003df: DUP5 000003e0: PUSH1 0x1f 000003e2: ADD 000003e3: DIV 000003e4: PUSH1 0x0f 000003e6: MUL 000003e7: PUSH1 0x03 000003e9: ADD 000003ea: CALL 000003eb: POP 000003ec: SWAP1 000003ed: POP 000003ee: SWAP1 000003ef: DUP2 000003f0: ADD 000003f1: SWAP1 000003f2: PUSH1 0x1f 000003f4: AND 000003f5: DUP1 000003f6: ISZERO 000003f7: PUSH2 0x0414 000003fa: JUMPI 000003fb: DUP1 000003fc: DUP3 000003fd: SUB 000003fe: DUP1 000003ff: MLOAD 00000400: PUSH1 0x01 00000402: DUP4 00000403: PUSH1 0x20 00000405: SUB 00000406: PUSH2 0x0100 00000409: EXP 0000040a: SUB 0000040b: NOT 0000040c: AND 0000040d: DUP2 0000040e: MSTORE 0000040f: PUSH1 0x20 00000411: ADD 00000412: SWAP2 00000413: POP 00000414: JUMPDEST 00000415: POP 00000416: SWAP3 00000417: POP 00000418: POP 00000419: POP 0000041a: PUSH1 0x40 0000041c: MLOAD 0000041d: DUP1 0000041e: SWAP2 0000041f: SUB 00000420: SWAP1 00000421: RETURN 00000422: JUMPDEST 00000423: PUSH1 0x60 00000425: SWAP1 00000426: DUP2 00000427: MSTORE 00000428: PUSH1 0x20 0000042a: SWAP1 0000042b: RETURN 0000042c: JUMPDEST 0000042d: ISZERO 0000042e: ISZERO 0000042f: PUSH1 0x60 00000431: SWAP1 00000432: DUP2 00000433: MSTORE 00000434: PUSH1 0x20 00000436: SWAP1 00000437: RETURN 00000438: JUMPDEST 00000439: DUP3 0000043a: ADD 0000043b: SWAP2 0000043c: SWAP1 0000043d: PUSH1 0x00 0000043f: MSTORE 00000440: PUSH1 0x20 00000442: PUSH1 0x00 00000444: KECCAK256 00000445: SWAP1 00000446: JUMPDEST 00000447: DUP2 00000448: SLOAD 00000449: DUP2 0000044a: MSTORE 0000044b: SWAP1 0000044c: PUSH1 0x01 0000044e: ADD 0000044f: SWAP1 00000450: PUSH1 0x20 00000452: ADD 00000453: DUP1 00000454: DUP4 00000455: GT 00000456: PUSH2 0x0446 00000459: JUMPI 0000045a: DUP3 0000045b: SWAP1 0000045c: SUB 0000045d: PUSH1 0x1f 0000045f: AND 00000460: DUP3 00000461: ADD 00000462: SWAP2 00000463: JUMPDEST 00000464: POP 00000465: POP 00000466: POP 00000467: POP 00000468: POP 00000469: DUP2 0000046a: JUMP 0000046b: JUMPDEST 0000046c: PUSH1 0x40 0000046e: PUSH1 0x00 00000470: SWAP1 00000471: DUP2 00000472: KECCAK256 00000473: DUP1 00000474: SLOAD 00000475: DUP5 00000476: SWAP1 00000477: SUB 00000478: SWAP1 00000479: SSTORE 0000047a: PUSH1 0x03 0000047c: DUP1 0000047d: SLOAD 0000047e: DUP5 0000047f: SWAP1 00000480: SUB 00000481: SWAP1 00000482: SSTORE 00000483: DUP1 00000484: SLOAD 00000485: PUSH1 0x00 00000487: NOT 00000488: DUP5 00000489: MUL 0000048a: PUSH1 0x60 0000048c: SWAP1 0000048d: DUP2 0000048e: MSTORE 0000048f: PUSH1 0x01 00000491: PUSH1 0xa0 00000493: PUSH1 0x02 00000495: EXP 00000496: SUB 00000497: SWAP2 00000498: SWAP1 00000499: SWAP2 0000049a: AND 0000049b: SWAP2 0000049c: SWAP1 0000049d: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 000004be: SWAP1 000004bf: PUSH1 0x20 000004c1: SWAP1 000004c2: LOG3 000004c3: JUMPDEST 000004c4: POP 000004c5: POP 000004c6: JUMP 000004c7: JUMPDEST 000004c8: PUSH1 0x01 000004ca: PUSH1 0xa0 000004cc: PUSH1 0x02 000004ce: EXP 000004cf: SUB 000004d0: DUP2 000004d1: AND 000004d2: PUSH1 0x00 000004d4: SWAP1 000004d5: DUP2 000004d6: MSTORE 000004d7: PUSH1 0x01 000004d9: PUSH1 0x20 000004db: MSTORE 000004dc: PUSH1 0x40 000004de: DUP2 000004df: KECCAK256 000004e0: SLOAD 000004e1: DUP4 000004e2: SWAP1 000004e3: SUB 000004e4: LT 000004e5: ISZERO 000004e6: PUSH2 0x046b 000004e9: JUMPI 000004ea: PUSH2 0x0002 000004ed: JUMP 000004ee: JUMPDEST 000004ef: PUSH1 0x07 000004f1: DUP1 000004f2: SLOAD 000004f3: PUSH2 0x0100 000004f6: DUP4 000004f7: MUL 000004f8: PUSH2 0xff00 000004fb: NOT 000004fc: SWAP1 000004fd: SWAP2 000004fe: AND 000004ff: OR 00000500: SWAP1 00000501: SSTORE 00000502: POP 00000503: JUMP 00000504: JUMPDEST 00000505: PUSH1 0x01 00000507: PUSH1 0xa0 00000509: PUSH1 0x02 0000050b: EXP 0000050c: SUB 0000050d: DUP1 0000050e: DUP3 0000050f: AND 00000510: PUSH1 0x00 00000512: SWAP1 00000513: DUP2 00000514: MSTORE 00000515: PUSH1 0x01 00000517: PUSH1 0x20 00000519: SWAP1 0000051a: DUP2 0000051b: MSTORE 0000051c: PUSH1 0x40 0000051e: DUP3 0000051f: KECCAK256 00000520: DUP1 00000521: SLOAD 00000522: DUP7 00000523: ADD 00000524: SWAP1 00000525: SSTORE 00000526: PUSH1 0x03 00000528: DUP1 00000529: SLOAD 0000052a: DUP7 0000052b: ADD 0000052c: SWAP1 0000052d: SSTORE 0000052e: DUP2 0000052f: SLOAD 00000530: PUSH1 0x60 00000532: DUP7 00000533: DUP2 00000534: MSTORE 00000535: SWAP4 00000536: AND 00000537: SWAP3 00000538: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 00000559: SWAP2 0000055a: SWAP1 0000055b: LOG3 0000055c: POP 0000055d: POP 0000055e: JUMP 0000055f: JUMPDEST 00000560: PUSH1 0x07 00000562: SLOAD 00000563: PUSH4 0x01000000 00000568: SWAP1 00000569: DIV 0000056a: PUSH1 0xff 0000056c: AND 0000056d: DUP1 0000056e: ISZERO 0000056f: PUSH2 0x05ae 00000572: JUMPI 00000573: POP 00000574: CALLER 00000575: PUSH1 0x01 00000577: PUSH1 0xa0 00000579: PUSH1 0x02 0000057b: EXP 0000057c: SUB 0000057d: AND 0000057e: PUSH1 0x00 00000580: SWAP1 00000581: DUP2 00000582: MSTORE 00000583: PUSH1 0x02 00000585: PUSH1 0x20 00000587: DUP2 00000588: SWAP1 00000589: MSTORE 0000058a: PUSH1 0x40 0000058c: SWAP1 0000058d: SWAP2 0000058e: KECCAK256 0000058f: SLOAD 00000590: EQ 00000591: DUP1 00000592: PUSH2 0x05ae 00000595: JUMPI 00000596: POP 00000597: PUSH1 0x01 00000599: PUSH1 0xa0 0000059b: PUSH1 0x02 0000059d: EXP 0000059e: SUB 0000059f: DUP3 000005a0: AND 000005a1: PUSH1 0x00 000005a3: SWAP1 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x40 000005a8: SWAP1 000005a9: KECCAK256 000005aa: SLOAD 000005ab: PUSH1 0x02 000005ad: EQ 000005ae: JUMPDEST 000005af: ISZERO 000005b0: PUSH2 0x05b8 000005b3: JUMPI 000005b4: PUSH2 0x0002 000005b7: JUMP 000005b8: JUMPDEST 000005b9: PUSH1 0x07 000005bb: PUSH1 0x02 000005bd: SWAP1 000005be: SLOAD 000005bf: SWAP1 000005c0: PUSH2 0x0100 000005c3: EXP 000005c4: SWAP1 000005c5: DIV 000005c6: PUSH1 0xff 000005c8: AND 000005c9: DUP1 000005ca: ISZERO 000005cb: PUSH2 0x0624 000005ce: JUMPI 000005cf: POP 000005d0: PUSH1 0x01 000005d2: PUSH1 0x02 000005d4: PUSH1 0x00 000005d6: POP 000005d7: PUSH1 0x00 000005d9: CALLER 000005da: PUSH1 0x01 000005dc: PUSH1 0xa0 000005de: PUSH1 0x02 000005e0: EXP 000005e1: SUB 000005e2: AND 000005e3: DUP2 000005e4: MSTORE 000005e5: PUSH1 0x20 000005e7: ADD 000005e8: SWAP1 000005e9: DUP2 000005ea: MSTORE 000005eb: PUSH1 0x20 000005ed: ADD 000005ee: PUSH1 0x00 000005f0: KECCAK256 000005f1: PUSH1 0x00 000005f3: POP 000005f4: SLOAD 000005f5: EQ 000005f6: ISZERO 000005f7: DUP1 000005f8: PUSH2 0x0624 000005fb: JUMPI 000005fc: POP 000005fd: PUSH1 0x01 000005ff: PUSH1 0x02 00000601: PUSH1 0x00 00000603: POP 00000604: PUSH1 0x00 00000606: DUP5 00000607: PUSH1 0x01 00000609: PUSH1 0xa0 0000060b: PUSH1 0x02 0000060d: EXP 0000060e: SUB 0000060f: AND 00000610: DUP2 00000611: MSTORE 00000612: PUSH1 0x20 00000614: ADD 00000615: SWAP1 00000616: DUP2 00000617: MSTORE 00000618: PUSH1 0x20 0000061a: ADD 0000061b: PUSH1 0x00 0000061d: KECCAK256 0000061e: PUSH1 0x00 00000620: POP 00000621: SLOAD 00000622: EQ 00000623: ISZERO 00000624: JUMPDEST 00000625: ISZERO 00000626: PUSH2 0x062e 00000629: JUMPI 0000062a: PUSH2 0x0002 0000062d: JUMP 0000062e: JUMPDEST 0000062f: PUSH1 0x01 00000631: PUSH1 0xa0 00000633: PUSH1 0x02 00000635: EXP 00000636: SUB 00000637: CALLER 00000638: DUP2 00000639: AND 0000063a: PUSH1 0x00 0000063c: DUP2 0000063d: DUP2 0000063e: MSTORE 0000063f: PUSH1 0x01 00000641: PUSH1 0x20 00000643: SWAP1 00000644: DUP2 00000645: MSTORE 00000646: PUSH1 0x40 00000648: DUP1 00000649: DUP4 0000064a: KECCAK256 0000064b: DUP1 0000064c: SLOAD 0000064d: DUP8 0000064e: SWAP1 0000064f: SUB 00000650: SWAP1 00000651: SSTORE 00000652: SWAP4 00000653: DUP7 00000654: AND 00000655: DUP1 00000656: DUP4 00000657: MSTORE 00000658: SWAP4 00000659: SWAP1 0000065a: SWAP2 0000065b: KECCAK256 0000065c: DUP1 0000065d: SLOAD 0000065e: DUP6 0000065f: ADD 00000660: SWAP1 00000661: SSTORE 00000662: PUSH1 0x60 00000664: DUP5 00000665: DUP2 00000666: MSTORE 00000667: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 00000688: SWAP2 00000689: SWAP1 0000068a: LOG3 0000068b: PUSH1 0x07 0000068d: SLOAD 0000068e: PUSH2 0x0100 00000691: SWAP1 00000692: DIV 00000693: PUSH1 0xff 00000695: AND 00000696: DUP1 00000697: ISZERO 00000698: PUSH2 0x06ba 0000069b: JUMPI 0000069c: POP 0000069d: CALLER 0000069e: PUSH1 0x01 000006a0: PUSH1 0xa0 000006a2: PUSH1 0x02 000006a4: EXP 000006a5: SUB 000006a6: AND 000006a7: PUSH1 0x00 000006a9: GASPRICE 000006aa: PUSH1 0x60 000006ac: DUP3 000006ad: DUP2 000006ae: DUP2 000006af: DUP2 000006b0: DUP6 000006b1: DUP9 000006b2: DUP4 000006b3: CALL 000006b4: SWAP4 000006b5: POP 000006b6: POP 000006b7: POP 000006b8: POP 000006b9: ISZERO 000006ba: JUMPDEST 000006bb: ISZERO 000006bc: PUSH2 0x04c3 000006bf: JUMPI 000006c0: PUSH2 0x0002 000006c3: JUMP 000006c4: JUMPDEST 000006c5: PUSH1 0x00 000006c7: DUP1 000006c8: SLOAD 000006c9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006de: NOT 000006df: AND 000006e0: DUP3 000006e1: OR 000006e2: SWAP1 000006e3: SSTORE 000006e4: POP 000006e5: JUMP 000006e6: JUMPDEST 000006e7: PUSH1 0x07 000006e9: DUP1 000006ea: SLOAD 000006eb: PUSH3 0x010000 000006ef: DUP4 000006f0: MUL 000006f1: PUSH3 0xff0000 000006f5: NOT 000006f6: SWAP1 000006f7: SWAP2 000006f8: AND 000006f9: OR 000006fa: SWAP1 000006fb: SSTORE 000006fc: POP 000006fd: JUMP 000006fe: JUMPDEST 000006ff: PUSH1 0x07 00000701: DUP1 00000702: SLOAD 00000703: PUSH4 0x01000000 00000708: DUP4 00000709: MUL 0000070a: PUSH4 0xff000000 0000070f: NOT 00000710: SWAP1 00000711: SWAP2 00000712: AND 00000713: OR 00000714: SWAP1 00000715: SSTORE 00000716: POP 00000717: JUMP 00000718: JUMPDEST 00000719: PUSH1 0x01 0000071b: PUSH1 0xa0 0000071d: PUSH1 0x02 0000071f: EXP 00000720: SUB 00000721: SWAP1 00000722: SWAP2 00000723: AND 00000724: PUSH1 0x00 00000726: SWAP1 00000727: DUP2 00000728: MSTORE 00000729: PUSH1 0x02 0000072b: PUSH1 0x20 0000072d: MSTORE 0000072e: PUSH1 0x40 00000730: SWAP1 00000731: KECCAK256 00000732: SSTORE 00000733: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a
call_targets:
0x0000000000000000000000000000000000000004, 0x37a9679c41e99db270bda88de8ff50c0cd23f326
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x37a9679c41e99db270bda88de8ff50c0cd23f326"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x45f09140",
"selector": "0x45f09140",
"calldata_variants": [
"0x45f09140",
"0x45f091400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492f12af",
"selector": "0x492f12af",
"calldata_variants": [
"0x492f12af",
"0x492f12af0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4958abb7",
"selector": "0x4958abb7",
"calldata_variants": [
"0x4958abb7",
"0x4958abb70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1715,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a
call_targets:
0x0000000000000000000000000000000000000004, 0x37a9679c41e99db270bda88de8ff50c0cd23f326
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x37a9679c41e99db270bda88de8ff50c0cd23f326"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x45f09140",
"selector": "0x45f09140",
"calldata_variants": [
"0x45f09140",
"0x45f091400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492f12af",
"selector": "0x492f12af",
"calldata_variants": [
"0x492f12af",
"0x492f12af0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4958abb7",
"selector": "0x4958abb7",
"calldata_variants": [
"0x4958abb7",
"0x4958abb70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1715,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 2
}
|