019b3836-5589-70f8-a437-7e38dce0ff67
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 8277 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 8278 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 98106 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 98107 | capability.graph | complete | 1 / 3 | 1 week ago |
| 98108 | detector.run | complete | 1 / 3 | 1 week ago |
| 98109 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0077 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x01cb3b20 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0093 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x29dcb0cf 00000025: EQ 00000026: PUSH2 0x010e 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x38af3eed 00000030: EQ 00000031: PUSH2 0x0117 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x6e66f6e9 0000003b: EQ 0000003c: PUSH2 0x0129 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x70a08231 00000046: EQ 00000047: PUSH2 0x013b 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x7a3a0e84 00000051: EQ 00000052: PUSH2 0x0153 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x7b3e5e7b 0000005c: EQ 0000005d: PUSH2 0x015c 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xa035b1fe 00000067: EQ 00000068: PUSH2 0x0165 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xfd6b7ef8 00000072: EQ 00000073: PUSH2 0x016e 00000076: JUMPI 00000077: JUMPDEST 00000078: PUSH2 0x0225 0000007b: PUSH1 0x07 0000007d: SLOAD 0000007e: PUSH1 0x00 00000080: SWAP1 00000081: PUSH1 0xff 00000083: PUSH2 0x0100 00000086: SWAP1 00000087: SWAP2 00000088: DIV 00000089: AND 0000008a: ISZERO 0000008b: PUSH2 0x0227 0000008e: JUMPI 0000008f: PUSH2 0x0002 00000092: JUMP 00000093: JUMPDEST 00000094: PUSH2 0x0225 00000097: PUSH1 0x03 00000099: SLOAD 0000009a: TIMESTAMP 0000009b: LT 0000009c: PUSH2 0x010c 0000009f: JUMPI 000000a0: PUSH1 0x02 000000a2: SLOAD 000000a3: PUSH1 0x01 000000a5: SLOAD 000000a6: SWAP1 000000a7: LT 000000a8: PUSH2 0x00fc 000000ab: JUMPI 000000ac: PUSH1 0x07 000000ae: DUP1 000000af: SLOAD 000000b0: PUSH1 0x02 000000b2: SLOAD 000000b3: PUSH1 0xff 000000b5: NOT 000000b6: SWAP1 000000b7: SWAP2 000000b8: AND 000000b9: PUSH1 0x01 000000bb: OR 000000bc: SWAP1 000000bd: SWAP2 000000be: SSTORE 000000bf: PUSH1 0x00 000000c1: SLOAD 000000c2: PUSH1 0x01 000000c4: PUSH1 0xa0 000000c6: PUSH1 0x02 000000c8: EXP 000000c9: SUB 000000ca: AND 000000cb: PUSH1 0x60 000000cd: SWAP1 000000ce: DUP2 000000cf: MSTORE 000000d0: PUSH1 0x80 000000d2: SWAP2 000000d3: SWAP1 000000d4: SWAP2 000000d5: MSTORE 000000d6: PUSH32 0xec3f991caf7857d61663fd1bba1739e04abd4781238508cde554bb849d790c85 000000f7: SWAP1 000000f8: PUSH1 0x40 000000fa: SWAP1 000000fb: LOG1 000000fc: JUMPDEST 000000fd: PUSH1 0x07 000000ff: DUP1 00000100: SLOAD 00000101: PUSH2 0xff00 00000104: NOT 00000105: AND 00000106: PUSH2 0x0100 00000109: OR 0000010a: SWAP1 0000010b: SSTORE 0000010c: JUMPDEST 0000010d: JUMP 0000010e: JUMPDEST 0000010f: PUSH2 0x02f2 00000112: PUSH1 0x03 00000114: SLOAD 00000115: DUP2 00000116: JUMP 00000117: JUMPDEST 00000118: PUSH2 0x02fc 0000011b: PUSH1 0x00 0000011d: SLOAD 0000011e: PUSH1 0x01 00000120: PUSH1 0xa0 00000122: PUSH1 0x02 00000124: EXP 00000125: SUB 00000126: AND 00000127: DUP2 00000128: JUMP 00000129: JUMPDEST 0000012a: PUSH2 0x02fc 0000012d: PUSH1 0x05 0000012f: SLOAD 00000130: PUSH1 0x01 00000132: PUSH1 0xa0 00000134: PUSH1 0x02 00000136: EXP 00000137: SUB 00000138: AND 00000139: DUP2 0000013a: JUMP 0000013b: JUMPDEST 0000013c: PUSH2 0x02f2 0000013f: PUSH1 0x04 00000141: CALLDATALOAD 00000142: PUSH1 0x06 00000144: PUSH1 0x20 00000146: MSTORE 00000147: PUSH1 0x00 00000149: SWAP1 0000014a: DUP2 0000014b: MSTORE 0000014c: PUSH1 0x40 0000014e: SWAP1 0000014f: KECCAK256 00000150: SLOAD 00000151: DUP2 00000152: JUMP 00000153: JUMPDEST 00000154: PUSH2 0x02f2 00000157: PUSH1 0x01 00000159: SLOAD 0000015a: DUP2 0000015b: JUMP 0000015c: JUMPDEST 0000015d: PUSH2 0x02f2 00000160: PUSH1 0x02 00000162: SLOAD 00000163: DUP2 00000164: JUMP 00000165: JUMPDEST 00000166: PUSH2 0x02f2 00000169: PUSH1 0x04 0000016b: SLOAD 0000016c: DUP2 0000016d: JUMP 0000016e: JUMPDEST 0000016f: PUSH2 0x0225 00000172: PUSH1 0x03 00000174: SLOAD 00000175: PUSH1 0x00 00000177: SWAP1 00000178: TIMESTAMP 00000179: LT 0000017a: PUSH2 0x02ef 0000017d: JUMPI 0000017e: PUSH1 0x07 00000180: SLOAD 00000181: PUSH1 0xff 00000183: AND 00000184: ISZERO 00000185: ISZERO 00000186: PUSH2 0x0337 00000189: JUMPI 0000018a: PUSH1 0x01 0000018c: PUSH1 0xa0 0000018e: PUSH1 0x02 00000190: EXP 00000191: SUB 00000192: CALLER 00000193: AND 00000194: DUP2 00000195: MSTORE 00000196: PUSH1 0x06 00000198: PUSH1 0x20 0000019a: MSTORE 0000019b: PUSH1 0x40 0000019d: DUP2 0000019e: KECCAK256 0000019f: DUP1 000001a0: SLOAD 000001a1: SWAP1 000001a2: DUP3 000001a3: SWAP1 000001a4: SSTORE 000001a5: SWAP1 000001a6: DUP2 000001a7: GT 000001a8: ISZERO 000001a9: PUSH2 0x0337 000001ac: JUMPI 000001ad: PUSH1 0x01 000001af: PUSH1 0xa0 000001b1: PUSH1 0x02 000001b3: EXP 000001b4: SUB 000001b5: CALLER 000001b6: AND 000001b7: PUSH1 0x00 000001b9: DUP3 000001ba: PUSH1 0x60 000001bc: DUP3 000001bd: DUP2 000001be: DUP2 000001bf: DUP2 000001c0: DUP6 000001c1: DUP9 000001c2: DUP4 000001c3: CALL 000001c4: SWAP4 000001c5: POP 000001c6: POP 000001c7: POP 000001c8: POP 000001c9: ISZERO 000001ca: PUSH2 0x030f 000001cd: JUMPI 000001ce: PUSH32 0xe842aea7a5f1b01049d752008c53c52890b1a6daf660cf39e8eec506112bbdf6 000001ef: CALLER 000001f0: DUP3 000001f1: PUSH1 0x00 000001f3: PUSH1 0x40 000001f5: MLOAD 000001f6: DUP1 000001f7: DUP5 000001f8: PUSH1 0x01 000001fa: PUSH1 0xa0 000001fc: PUSH1 0x02 000001fe: EXP 000001ff: SUB 00000200: AND 00000201: DUP2 00000202: MSTORE 00000203: PUSH1 0x20 00000205: ADD 00000206: DUP4 00000207: DUP2 00000208: MSTORE 00000209: PUSH1 0x20 0000020b: ADD 0000020c: DUP3 0000020d: ISZERO 0000020e: ISZERO 0000020f: DUP2 00000210: MSTORE 00000211: PUSH1 0x20 00000213: ADD 00000214: SWAP4 00000215: POP 00000216: POP 00000217: POP 00000218: POP 00000219: PUSH1 0x40 0000021b: MLOAD 0000021c: DUP1 0000021d: SWAP2 0000021e: SUB 0000021f: SWAP1 00000220: LOG1 00000221: PUSH2 0x0337 00000224: JUMP 00000225: JUMPDEST 00000226: STOP 00000227: JUMPDEST 00000228: PUSH1 0x01 0000022a: PUSH1 0xa0 0000022c: PUSH1 0x02 0000022e: EXP 0000022f: SUB 00000230: CALLER 00000231: DUP2 00000232: AND 00000233: DUP1 00000234: DUP4 00000235: MSTORE 00000236: PUSH1 0x06 00000238: PUSH1 0x20 0000023a: MSTORE 0000023b: PUSH1 0x40 0000023d: DUP4 0000023e: KECCAK256 0000023f: CALLVALUE 00000240: SWAP1 00000241: DUP2 00000242: SWAP1 00000243: SSTORE 00000244: PUSH1 0x02 00000246: DUP1 00000247: SLOAD 00000248: DUP3 00000249: ADD 0000024a: SWAP1 0000024b: SSTORE 0000024c: PUSH1 0x05 0000024e: SLOAD 0000024f: PUSH1 0x04 00000251: SLOAD 00000252: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 00000273: PUSH1 0x60 00000275: SWAP1 00000276: DUP2 00000277: MSTORE 00000278: PUSH1 0x64 0000027a: SWAP5 0000027b: SWAP1 0000027c: SWAP5 0000027d: MSTORE 0000027e: DUP3 0000027f: DIV 00000280: PUSH1 0x84 00000282: MSTORE 00000283: SWAP1 00000284: SWAP4 00000285: SWAP3 00000286: AND 00000287: SWAP2 00000288: PUSH4 0xa9059cbb 0000028d: SWAP2 0000028e: PUSH1 0xa4 00000290: SWAP2 00000291: SWAP1 00000292: PUSH1 0x44 00000294: DUP2 00000295: DUP4 00000296: DUP8 00000297: PUSH2 0x61da 0000029a: GAS 0000029b: SUB 0000029c: CALL 0000029d: ISZERO 0000029e: PUSH2 0x0002 000002a1: JUMPI 000002a2: POP 000002a3: POP 000002a4: PUSH1 0x40 000002a6: DUP1 000002a7: MLOAD 000002a8: PUSH1 0x01 000002aa: PUSH1 0xa0 000002ac: PUSH1 0x02 000002ae: EXP 000002af: SUB 000002b0: CALLER 000002b1: AND 000002b2: DUP2 000002b3: MSTORE 000002b4: PUSH1 0x20 000002b6: DUP2 000002b7: ADD 000002b8: DUP5 000002b9: SWAP1 000002ba: MSTORE 000002bb: PUSH1 0x01 000002bd: DUP2 000002be: DUP4 000002bf: ADD 000002c0: MSTORE 000002c1: SWAP1 000002c2: MLOAD 000002c3: PUSH32 0xe842aea7a5f1b01049d752008c53c52890b1a6daf660cf39e8eec506112bbdf6 000002e4: SWAP3 000002e5: POP 000002e6: SWAP1 000002e7: DUP2 000002e8: SWAP1 000002e9: SUB 000002ea: PUSH1 0x60 000002ec: ADD 000002ed: SWAP1 000002ee: LOG1 000002ef: JUMPDEST 000002f0: POP 000002f1: JUMP 000002f2: JUMPDEST 000002f3: PUSH1 0x60 000002f5: SWAP1 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: SWAP1 000002fb: RETURN 000002fc: JUMPDEST 000002fd: PUSH1 0x01 000002ff: PUSH1 0xa0 00000301: PUSH1 0x02 00000303: EXP 00000304: SUB 00000305: AND 00000306: PUSH1 0x60 00000308: SWAP1 00000309: DUP2 0000030a: MSTORE 0000030b: PUSH1 0x20 0000030d: SWAP1 0000030e: RETURN 0000030f: JUMPDEST 00000310: DUP1 00000311: PUSH1 0x06 00000313: PUSH1 0x00 00000315: POP 00000316: PUSH1 0x00 00000318: CALLER 00000319: PUSH1 0x01 0000031b: PUSH1 0xa0 0000031d: PUSH1 0x02 0000031f: EXP 00000320: SUB 00000321: AND 00000322: DUP2 00000323: MSTORE 00000324: PUSH1 0x20 00000326: ADD 00000327: SWAP1 00000328: DUP2 00000329: MSTORE 0000032a: PUSH1 0x20 0000032c: ADD 0000032d: PUSH1 0x00 0000032f: KECCAK256 00000330: PUSH1 0x00 00000332: POP 00000333: DUP2 00000334: SWAP1 00000335: SSTORE 00000336: POP 00000337: JUMPDEST 00000338: PUSH1 0x07 0000033a: SLOAD 0000033b: PUSH1 0xff 0000033d: AND 0000033e: DUP1 0000033f: ISZERO 00000340: PUSH2 0x0358 00000343: JUMPI 00000344: POP 00000345: PUSH1 0x00 00000347: SLOAD 00000348: PUSH1 0x01 0000034a: PUSH1 0xa0 0000034c: PUSH1 0x02 0000034e: EXP 0000034f: SUB 00000350: SWAP1 00000351: DUP2 00000352: AND 00000353: CALLER 00000354: SWAP1 00000355: SWAP2 00000356: AND 00000357: EQ 00000358: JUMPDEST 00000359: ISZERO 0000035a: PUSH2 0x02ef 0000035d: JUMPI 0000035e: PUSH1 0x40 00000360: MLOAD 00000361: PUSH1 0x00 00000363: DUP1 00000364: SLOAD 00000365: PUSH1 0x02 00000367: SLOAD 00000368: PUSH1 0x01 0000036a: PUSH1 0xa0 0000036c: PUSH1 0x02 0000036e: EXP 0000036f: SUB 00000370: SWAP2 00000371: SWAP1 00000372: SWAP2 00000373: AND 00000374: SWAP3 00000375: DUP3 00000376: DUP2 00000377: DUP2 00000378: DUP2 00000379: DUP6 0000037a: DUP9 0000037b: DUP4 0000037c: CALL 0000037d: SWAP4 0000037e: POP 0000037f: POP 00000380: POP 00000381: POP 00000382: ISZERO 00000383: PUSH2 0x03d9 00000386: JUMPI 00000387: PUSH1 0x40 00000389: DUP1 0000038a: MLOAD 0000038b: PUSH1 0x00 0000038d: DUP1 0000038e: SLOAD 0000038f: PUSH1 0x02 00000391: SLOAD 00000392: PUSH1 0x01 00000394: PUSH1 0xa0 00000396: PUSH1 0x02 00000398: EXP 00000399: SUB 0000039a: SWAP2 0000039b: SWAP1 0000039c: SWAP2 0000039d: AND 0000039e: DUP4 0000039f: MSTORE 000003a0: PUSH1 0x20 000003a2: DUP4 000003a3: ADD 000003a4: MSTORE 000003a5: DUP2 000003a6: DUP4 000003a7: ADD 000003a8: MSTORE 000003a9: SWAP1 000003aa: MLOAD 000003ab: PUSH32 0xe842aea7a5f1b01049d752008c53c52890b1a6daf660cf39e8eec506112bbdf6 000003cc: SWAP2 000003cd: DUP2 000003ce: SWAP1 000003cf: SUB 000003d0: PUSH1 0x60 000003d2: ADD 000003d3: SWAP1 000003d4: LOG1 000003d5: PUSH2 0x02ef 000003d8: JUMP 000003d9: JUMPDEST 000003da: PUSH1 0x07 000003dc: DUP1 000003dd: SLOAD 000003de: PUSH1 0xff 000003e0: NOT 000003e1: AND 000003e2: SWAP1 000003e3: SSTORE 000003e4: POP 000003e5: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xec72e11289348c606626d2df950d413615e56ef88d9654a70c87f20dc3e6f1ef
call_targets:
0x73399ece949806ed41830721a4b839d2e018056c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xec72e11289348c606626d2df950d413615e56ef88d9654a70c87f20dc3e6f1ef",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x73399ece949806ed41830721a4b839d2e018056c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x01cb3b20",
"selector": "0x01cb3b20",
"calldata_variants": [
"0x01cb3b20",
"0x01cb3b200000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x29dcb0cf",
"selector": "0x29dcb0cf",
"calldata_variants": [
"0x29dcb0cf",
"0x29dcb0cf0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38af3eed",
"selector": "0x38af3eed",
"calldata_variants": [
"0x38af3eed",
"0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6e66f6e9",
"selector": "0x6e66f6e9",
"calldata_variants": [
"0x6e66f6e9",
"0x6e66f6e90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7a3a0e84",
"selector": "0x7a3a0e84",
"calldata_variants": [
"0x7a3a0e84",
"0x7a3a0e840000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7b3e5e7b",
"selector": "0x7b3e5e7b",
"calldata_variants": [
"0x7b3e5e7b",
"0x7b3e5e7b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa035b1fe",
"selector": "0xa035b1fe",
"calldata_variants": [
"0xa035b1fe",
"0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 451,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 668,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 892,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xec72e11289348c606626d2df950d413615e56ef88d9654a70c87f20dc3e6f1ef
call_targets:
0x73399ece949806ed41830721a4b839d2e018056c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xec72e11289348c606626d2df950d413615e56ef88d9654a70c87f20dc3e6f1ef",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x73399ece949806ed41830721a4b839d2e018056c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x01cb3b20",
"selector": "0x01cb3b20",
"calldata_variants": [
"0x01cb3b20",
"0x01cb3b200000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x29dcb0cf",
"selector": "0x29dcb0cf",
"calldata_variants": [
"0x29dcb0cf",
"0x29dcb0cf0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38af3eed",
"selector": "0x38af3eed",
"calldata_variants": [
"0x38af3eed",
"0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6e66f6e9",
"selector": "0x6e66f6e9",
"calldata_variants": [
"0x6e66f6e9",
"0x6e66f6e90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7a3a0e84",
"selector": "0x7a3a0e84",
"calldata_variants": [
"0x7a3a0e84",
"0x7a3a0e840000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7b3e5e7b",
"selector": "0x7b3e5e7b",
"calldata_variants": [
"0x7b3e5e7b",
"0x7b3e5e7b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa035b1fe",
"selector": "0xa035b1fe",
"calldata_variants": [
"0xa035b1fe",
"0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 451,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 668,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 892,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|