TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-57f8-72f7-b654-7888dda72433

complete
Chain ID
1
Address
0x2bcca955c9200c9a5f888bc2b14b91aaa56cd5c5
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
8579 artifact.fetch complete 1 / 3 3 months ago
8580 tool.cast_disasm complete 1 / 3 3 months ago
98542 analysis.bundle complete 1 / 3 1 week ago
98543 capability.graph complete 1 / 3 1 week ago
98544 detector.run complete 1 / 3 1 week ago
98545 validation.fork complete 1 / 3 1 week ago
113854 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-5bc2i23i
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5ca0-db66-7b41-8fb3-0c33e6c52ac5
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:52:20.908618+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 3948,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
13
EXT*/BALANCE
2
Total opcodes
1339
Flags
call_family_heavy
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x004b
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x041fe13d
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0053
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x5a7a8850
00000025: EQ
00000026: PUSH2 0x00c2
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0xcd5e3c5d
00000030: EQ
00000031: PUSH2 0x00e0
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0xe671f510
0000003b: EQ
0000003c: PUSH2 0x00ed
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0xf9cc0605
00000046: EQ
00000047: PUSH2 0x0105
0000004a: JUMPI
0000004b: JUMPDEST
0000004c: PUSH2 0x011c
0000004f: PUSH2 0x0002
00000052: JUMP
00000053: JUMPDEST
00000054: PUSH2 0x011c
00000057: PUSH1 0x04
00000059: CALLDATALOAD
0000005a: PUSH1 0x24
0000005c: CALLDATALOAD
0000005d: PUSH1 0x00
0000005f: PUSH1 0x00
00000061: PUSH2 0x0132
00000064: JUMPDEST
00000065: PUSH1 0x00
00000067: PUSH1 0x00
00000069: PUSH1 0x00
0000006b: SWAP1
0000006c: SLOAD
0000006d: SWAP1
0000006e: PUSH2 0x0100
00000071: EXP
00000072: SWAP1
00000073: DIV
00000074: PUSH1 0x01
00000076: PUSH1 0xa0
00000078: PUSH1 0x02
0000007a: EXP
0000007b: SUB
0000007c: AND
0000007d: PUSH1 0x01
0000007f: PUSH1 0xa0
00000081: PUSH1 0x02
00000083: EXP
00000084: SUB
00000085: AND
00000086: PUSH4 0x1f6e5117
0000008b: PUSH1 0x40
0000008d: MLOAD
0000008e: DUP2
0000008f: PUSH1 0xe0
00000091: PUSH1 0x02
00000093: EXP
00000094: MUL
00000095: DUP2
00000096: MSTORE
00000097: PUSH1 0x04
00000099: ADD
0000009a: DUP1
0000009b: SWAP1
0000009c: POP
0000009d: PUSH1 0x20
0000009f: PUSH1 0x40
000000a1: MLOAD
000000a2: DUP1
000000a3: DUP4
000000a4: SUB
000000a5: DUP2
000000a6: PUSH1 0x00
000000a8: DUP8
000000a9: PUSH2 0x61da
000000ac: GAS
000000ad: SUB
000000ae: CALL
000000af: ISZERO
000000b0: PUSH2 0x0002
000000b3: JUMPI
000000b4: POP
000000b5: POP
000000b6: PUSH1 0x40
000000b8: MLOAD
000000b9: MLOAD
000000ba: SWAP2
000000bb: POP
000000bc: PUSH2 0x0119
000000bf: SWAP1
000000c0: POP
000000c1: JUMP
000000c2: JUMPDEST
000000c3: PUSH2 0x011c
000000c6: PUSH1 0x04
000000c8: CALLDATALOAD
000000c9: JUMPDEST
000000ca: PUSH1 0x00
000000cc: CALLVALUE
000000cd: PUSH1 0x01
000000cf: EQ
000000d0: ISZERO
000000d1: DUP1
000000d2: PUSH2 0x0261
000000d5: JUMPI
000000d6: POP
000000d7: PUSH1 0x02
000000d9: PUSH2 0x025f
000000dc: PUSH2 0x0109
000000df: JUMP
000000e0: JUMPDEST
000000e1: PUSH2 0x011c
000000e4: PUSH2 0x011e
000000e7: PUSH1 0x00
000000e9: PUSH2 0x00c9
000000ec: JUMP
000000ed: JUMPDEST
000000ee: PUSH2 0x011c
000000f1: PUSH1 0x04
000000f3: CALLDATALOAD
000000f4: PUSH1 0x24
000000f6: CALLDATALOAD
000000f7: PUSH1 0x44
000000f9: CALLDATALOAD
000000fa: PUSH1 0x00
000000fc: PUSH1 0x00
000000fe: PUSH2 0x032b
00000101: PUSH2 0x0064
00000104: JUMP
00000105: JUMPDEST
00000106: PUSH2 0x0120
00000109: JUMPDEST
0000010a: PUSH1 0x03
0000010c: SLOAD
0000010d: PUSH1 0x01
0000010f: PUSH1 0xa0
00000111: PUSH1 0x02
00000113: EXP
00000114: SUB
00000115: ADDRESS
00000116: AND
00000117: BALANCE
00000118: SUB
00000119: JUMPDEST
0000011a: SWAP1
0000011b: JUMP
0000011c: JUMPDEST
0000011d: STOP
0000011e: JUMPDEST
0000011f: JUMP
00000120: JUMPDEST
00000121: PUSH1 0x40
00000123: DUP1
00000124: MLOAD
00000125: SWAP2
00000126: DUP3
00000127: MSTORE
00000128: MLOAD
00000129: SWAP1
0000012a: DUP2
0000012b: SWAP1
0000012c: SUB
0000012d: PUSH1 0x20
0000012f: ADD
00000130: SWAP1
00000131: RETURN
00000132: JUMPDEST
00000133: PUSH1 0x01
00000135: PUSH1 0xa0
00000137: PUSH1 0x02
00000139: EXP
0000013a: SUB
0000013b: AND
0000013c: CALLER
0000013d: PUSH1 0x01
0000013f: PUSH1 0xa0
00000141: PUSH1 0x02
00000143: EXP
00000144: SUB
00000145: AND
00000146: EQ
00000147: ISZERO
00000148: ISZERO
00000149: PUSH2 0x0151
0000014c: JUMPI
0000014d: PUSH2 0x0002
00000150: JUMP
00000151: JUMPDEST
00000152: PUSH1 0x00
00000154: DUP5
00000155: DUP2
00000156: MSTORE
00000157: PUSH1 0x04
00000159: PUSH1 0x20
0000015b: MSTORE
0000015c: PUSH1 0x40
0000015e: SWAP1
0000015f: KECCAK256
00000160: PUSH1 0x01
00000162: DUP2
00000163: ADD
00000164: SLOAD
00000165: SWAP1
00000166: SWAP3
00000167: POP
00000168: PUSH2 0x0201
0000016b: SWAP1
0000016c: DUP5
0000016d: SWAP1
0000016e: PUSH1 0x64
00000170: PUSH1 0x00
00000172: PUSH1 0x00
00000174: PUSH1 0x00
00000176: PUSH1 0x00
00000178: PUSH1 0x00
0000017a: SWAP1
0000017b: SLOAD
0000017c: SWAP1
0000017d: PUSH2 0x0100
00000180: EXP
00000181: SWAP1
00000182: DIV
00000183: PUSH1 0x01
00000185: PUSH1 0xa0
00000187: PUSH1 0x02
00000189: EXP
0000018a: SUB
0000018b: AND
0000018c: PUSH1 0x01
0000018e: PUSH1 0xa0
00000190: PUSH1 0x02
00000192: EXP
00000193: SUB
00000194: AND
00000195: PUSH4 0x32a2c5d0
0000019a: PUSH1 0x40
0000019c: MLOAD
0000019d: DUP2
0000019e: PUSH1 0xe0
000001a0: PUSH1 0x02
000001a2: EXP
000001a3: MUL
000001a4: DUP2
000001a5: MSTORE
000001a6: PUSH1 0x04
000001a8: ADD
000001a9: DUP1
000001aa: SWAP1
000001ab: POP
000001ac: PUSH1 0x20
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: DUP1
000001b2: DUP4
000001b3: SUB
000001b4: DUP2
000001b5: PUSH1 0x00
000001b7: DUP8
000001b8: PUSH2 0x61da
000001bb: GAS
000001bc: SUB
000001bd: CALL
000001be: ISZERO
000001bf: PUSH2 0x0002
000001c2: JUMPI
000001c3: POP
000001c4: POP
000001c5: PUSH1 0x40
000001c7: MLOAD
000001c8: MLOAD
000001c9: SWAP2
000001ca: POP
000001cb: POP
000001cc: PUSH1 0x01
000001ce: PUSH1 0xa0
000001d0: PUSH1 0x02
000001d2: EXP
000001d3: SUB
000001d4: DUP2
000001d5: AND
000001d6: DUP3
000001d7: EQ
000001d8: ISZERO
000001d9: PUSH2 0x0486
000001dc: JUMPI
000001dd: PUSH2 0x042e
000001e0: JUMPDEST
000001e1: PUSH1 0x00
000001e3: PUSH1 0x00
000001e5: PUSH2 0x0724
000001e8: PUSH20 0x5be0372559e0275c0c415ab48eb0e211bc2f52a8
000001fd: JUMPDEST
000001fe: EXTCODESIZE
000001ff: SWAP1
00000200: JUMP
00000201: JUMPDEST
00000202: PUSH1 0x00
00000204: SWAP1
00000205: DUP2
00000206: MSTORE
00000207: PUSH1 0x05
00000209: PUSH1 0x20
0000020b: SWAP1
0000020c: DUP2
0000020d: MSTORE
0000020e: PUSH1 0x40
00000210: DUP1
00000211: DUP4
00000212: KECCAK256
00000213: DUP6
00000214: SLOAD
00000215: DUP2
00000216: SLOAD
00000217: PUSH1 0x01
00000219: PUSH1 0xa0
0000021b: PUSH1 0x02
0000021d: EXP
0000021e: SUB
0000021f: SWAP2
00000220: SWAP1
00000221: SWAP2
00000222: AND
00000223: PUSH1 0x01
00000225: PUSH1 0xa0
00000227: PUSH1 0x02
00000229: EXP
0000022a: SUB
0000022b: NOT
0000022c: SWAP2
0000022d: DUP3
0000022e: AND
0000022f: OR
00000230: DUP3
00000231: SSTORE
00000232: PUSH1 0x01
00000234: SWAP7
00000235: DUP8
00000236: ADD
00000237: SLOAD
00000238: SWAP2
00000239: DUP8
0000023a: ADD
0000023b: SWAP2
0000023c: SWAP1
0000023d: SWAP2
0000023e: SSTORE
0000023f: PUSH1 0x06
00000241: DUP4
00000242: MSTORE
00000243: DUP2
00000244: DUP5
00000245: KECCAK256
00000246: SWAP7
00000247: SWAP1
00000248: SWAP7
00000249: SSTORE
0000024a: SWAP6
0000024b: DUP3
0000024c: MSTORE
0000024d: PUSH1 0x04
0000024f: SWAP1
00000250: MSTORE
00000251: SWAP4
00000252: DUP5
00000253: KECCAK256
00000254: DUP1
00000255: SLOAD
00000256: SWAP1
00000257: SWAP4
00000258: AND
00000259: DUP4
0000025a: SSTORE
0000025b: POP
0000025c: ADD
0000025d: SSTORE
0000025e: JUMP
0000025f: JUMPDEST
00000260: LT
00000261: JUMPDEST
00000262: ISZERO
00000263: PUSH2 0x026b
00000266: JUMPI
00000267: PUSH2 0x0002
0000026a: JUMP
0000026b: JUMPDEST
0000026c: PUSH2 0x02e3
0000026f: PUSH1 0x00
00000271: PUSH1 0x00
00000273: PUSH1 0x00
00000275: PUSH1 0x00
00000277: PUSH1 0x00
00000279: SWAP1
0000027a: SLOAD
0000027b: SWAP1
0000027c: PUSH2 0x0100
0000027f: EXP
00000280: SWAP1
00000281: DIV
00000282: PUSH1 0x01
00000284: PUSH1 0xa0
00000286: PUSH1 0x02
00000288: EXP
00000289: SUB
0000028a: AND
0000028b: PUSH1 0x01
0000028d: PUSH1 0xa0
0000028f: PUSH1 0x02
00000291: EXP
00000292: SUB
00000293: AND
00000294: PUSH4 0x32a2c5d0
00000299: PUSH1 0x40
0000029b: MLOAD
0000029c: DUP2
0000029d: PUSH1 0xe0
0000029f: PUSH1 0x02
000002a1: EXP
000002a2: MUL
000002a3: DUP2
000002a4: MSTORE
000002a5: PUSH1 0x04
000002a7: ADD
000002a8: DUP1
000002a9: SWAP1
000002aa: POP
000002ab: PUSH1 0x20
000002ad: PUSH1 0x40
000002af: MLOAD
000002b0: DUP1
000002b1: DUP4
000002b2: SUB
000002b3: DUP2
000002b4: PUSH1 0x00
000002b6: DUP8
000002b7: PUSH2 0x61da
000002ba: GAS
000002bb: SUB
000002bc: CALL
000002bd: ISZERO
000002be: PUSH2 0x0002
000002c1: JUMPI
000002c2: POP
000002c3: POP
000002c4: PUSH1 0x40
000002c6: MLOAD
000002c7: MLOAD
000002c8: SWAP2
000002c9: POP
000002ca: POP
000002cb: PUSH1 0x01
000002cd: PUSH1 0xa0
000002cf: PUSH1 0x02
000002d1: EXP
000002d2: SUB
000002d3: DUP2
000002d4: AND
000002d5: DUP3
000002d6: EQ
000002d7: ISZERO
000002d8: PUSH2 0x0602
000002db: JUMPI
000002dc: PUSH2 0x05aa
000002df: PUSH2 0x01e0
000002e2: JUMP
000002e3: JUMPDEST
000002e4: PUSH1 0x40
000002e6: DUP1
000002e7: MLOAD
000002e8: DUP1
000002e9: DUP3
000002ea: ADD
000002eb: DUP3
000002ec: MSTORE
000002ed: CALLER
000002ee: DUP2
000002ef: MSTORE
000002f0: PUSH1 0x20
000002f2: DUP2
000002f3: DUP2
000002f4: ADD
000002f5: SWAP6
000002f6: DUP7
000002f7: MSTORE
000002f8: PUSH1 0x00
000002fa: SWAP4
000002fb: DUP5
000002fc: MSTORE
000002fd: PUSH1 0x04
000002ff: SWAP1
00000300: MSTORE
00000301: SWAP2
00000302: KECCAK256
00000303: SWAP1
00000304: MLOAD
00000305: DUP2
00000306: SLOAD
00000307: PUSH1 0x01
00000309: PUSH1 0xa0
0000030b: PUSH1 0x02
0000030d: EXP
0000030e: SUB
0000030f: NOT
00000310: AND
00000311: OR
00000312: DUP2
00000313: SSTORE
00000314: SWAP2
00000315: MLOAD
00000316: PUSH1 0x01
00000318: SWAP3
00000319: SWAP1
0000031a: SWAP3
0000031b: ADD
0000031c: SWAP2
0000031d: SWAP1
0000031e: SWAP2
0000031f: SSTORE
00000320: POP
00000321: PUSH1 0x03
00000323: DUP1
00000324: SLOAD
00000325: PUSH1 0x02
00000327: ADD
00000328: SWAP1
00000329: SSTORE
0000032a: JUMP
0000032b: JUMPDEST
0000032c: PUSH1 0x01
0000032e: PUSH1 0xa0
00000330: PUSH1 0x02
00000332: EXP
00000333: SUB
00000334: AND
00000335: CALLER
00000336: PUSH1 0x01
00000338: PUSH1 0xa0
0000033a: PUSH1 0x02
0000033c: EXP
0000033d: SUB
0000033e: AND
0000033f: EQ
00000340: ISZERO
00000341: ISZERO
00000342: PUSH2 0x034a
00000345: JUMPI
00000346: PUSH2 0x0002
00000349: JUMP
0000034a: JUMPDEST
0000034b: POP
0000034c: POP
0000034d: PUSH1 0x00
0000034f: DUP4
00000350: DUP2
00000351: MSTORE
00000352: PUSH1 0x05
00000354: PUSH1 0x20
00000356: SWAP1
00000357: DUP2
00000358: MSTORE
00000359: PUSH1 0x40
0000035b: DUP1
0000035c: DUP4
0000035d: KECCAK256
0000035e: PUSH1 0x06
00000360: SWAP1
00000361: SWAP3
00000362: MSTORE
00000363: SWAP1
00000364: SWAP2
00000365: KECCAK256
00000366: SLOAD
00000367: PUSH1 0x03
00000369: DUP1
0000036a: SLOAD
0000036b: PUSH1 0x01
0000036d: NOT
0000036e: ADD
0000036f: SWAP1
00000370: SSTORE
00000371: PUSH1 0x01
00000373: DUP3
00000374: ADD
00000375: SLOAD
00000376: PUSH2 0x03a2
00000379: SWAP1
0000037a: DUP3
0000037b: SWAP1
0000037c: DUP7
0000037d: SWAP1
0000037e: PUSH1 0x64
00000380: DUP8
00000381: PUSH1 0x40
00000383: DUP1
00000384: MLOAD
00000385: DUP6
00000386: DUP2
00000387: MSTORE
00000388: SWAP1
00000389: MLOAD
0000038a: SWAP1
0000038b: DUP2
0000038c: SWAP1
0000038d: SUB
0000038e: PUSH1 0x20
00000390: ADD
00000391: SWAP1
00000392: KECCAK256
00000393: PUSH1 0x00
00000395: SWAP1
00000396: DUP2
00000397: SWAP1
00000398: DUP8
00000399: EQ
0000039a: PUSH2 0x070e
0000039d: JUMPI
0000039e: PUSH2 0x071a
000003a1: JUMP
000003a2: JUMPDEST
000003a3: ISZERO
000003a4: PUSH2 0x03d8
000003a7: JUMPI
000003a8: PUSH1 0x32
000003aa: DUP4
000003ab: LT
000003ac: ISZERO
000003ad: PUSH2 0x03d3
000003b0: JUMPI
000003b1: PUSH1 0x40
000003b3: MLOAD
000003b4: DUP3
000003b5: SLOAD
000003b6: PUSH1 0x01
000003b8: PUSH1 0xa0
000003ba: PUSH1 0x02
000003bc: EXP
000003bd: SUB
000003be: AND
000003bf: SWAP1
000003c0: PUSH1 0x00
000003c2: SWAP1
000003c3: PUSH1 0x02
000003c5: SWAP1
000003c6: DUP3
000003c7: DUP2
000003c8: DUP2
000003c9: DUP2
000003ca: DUP6
000003cb: DUP9
000003cc: DUP4
000003cd: CALL
000003ce: POP
000003cf: POP
000003d0: POP
000003d1: POP
000003d2: POP
000003d3: JUMPDEST
000003d4: PUSH2 0x03fb
000003d7: JUMP
000003d8: JUMPDEST
000003d9: PUSH1 0x40
000003db: MLOAD
000003dc: DUP3
000003dd: SLOAD
000003de: PUSH1 0x01
000003e0: PUSH1 0xa0
000003e2: PUSH1 0x02
000003e4: EXP
000003e5: SUB
000003e6: AND
000003e7: SWAP1
000003e8: PUSH1 0x00
000003ea: SWAP1
000003eb: PUSH1 0x01
000003ed: SWAP1
000003ee: DUP3
000003ef: DUP2
000003f0: DUP2
000003f1: DUP2
000003f2: DUP6
000003f3: DUP9
000003f4: DUP4
000003f5: CALL
000003f6: POP
000003f7: POP
000003f8: POP
000003f9: POP
000003fa: POP
000003fb: JUMPDEST
000003fc: POP
000003fd: POP
000003fe: POP
000003ff: PUSH1 0x00
00000401: SWAP2
00000402: DUP3
00000403: MSTORE
00000404: POP
00000405: PUSH1 0x06
00000407: PUSH1 0x20
00000409: SWAP1
0000040a: DUP2
0000040b: MSTORE
0000040c: PUSH1 0x40
0000040e: DUP1
0000040f: DUP4
00000410: KECCAK256
00000411: DUP4
00000412: SWAP1
00000413: SSTORE
00000414: PUSH1 0x05
00000416: SWAP1
00000417: SWAP2
00000418: MSTORE
00000419: DUP2
0000041a: KECCAK256
0000041b: DUP1
0000041c: SLOAD
0000041d: PUSH1 0x01
0000041f: PUSH1 0xa0
00000421: PUSH1 0x02
00000423: EXP
00000424: SUB
00000425: NOT
00000426: AND
00000427: DUP2
00000428: SSTORE
00000429: PUSH1 0x01
0000042b: ADD
0000042c: SSTORE
0000042d: JUMP
0000042e: JUMPDEST
0000042f: POP
00000430: PUSH1 0x00
00000432: PUSH1 0x00
00000434: SWAP1
00000435: SLOAD
00000436: SWAP1
00000437: PUSH2 0x0100
0000043a: EXP
0000043b: SWAP1
0000043c: DIV
0000043d: PUSH1 0x01
0000043f: PUSH1 0xa0
00000441: PUSH1 0x02
00000443: EXP
00000444: SUB
00000445: AND
00000446: PUSH1 0x01
00000448: PUSH1 0xa0
0000044a: PUSH1 0x02
0000044c: EXP
0000044d: SUB
0000044e: AND
0000044f: PUSH4 0x32a2c5d0
00000454: PUSH1 0x40
00000456: MLOAD
00000457: DUP2
00000458: PUSH1 0xe0
0000045a: PUSH1 0x02
0000045c: EXP
0000045d: MUL
0000045e: DUP2
0000045f: MSTORE
00000460: PUSH1 0x04
00000462: ADD
00000463: DUP1
00000464: SWAP1
00000465: POP
00000466: PUSH1 0x20
00000468: PUSH1 0x40
0000046a: MLOAD
0000046b: DUP1
0000046c: DUP4
0000046d: SUB
0000046e: DUP2
0000046f: PUSH1 0x00
00000471: DUP8
00000472: PUSH2 0x61da
00000475: GAS
00000476: SUB
00000477: CALL
00000478: ISZERO
00000479: PUSH2 0x0002
0000047c: JUMPI
0000047d: POP
0000047e: POP
0000047f: PUSH1 0x40
00000481: MLOAD
00000482: MLOAD
00000483: SWAP2
00000484: POP
00000485: POP
00000486: JUMPDEST
00000487: PUSH1 0x01
00000489: DUP1
0000048a: SLOAD
0000048b: PUSH1 0x01
0000048d: PUSH1 0xa0
0000048f: PUSH1 0x02
00000491: EXP
00000492: SUB
00000493: NOT
00000494: AND
00000495: DUP3
00000496: OR
00000497: SWAP1
00000498: DUP2
00000499: SWAP1
0000049a: SSTORE
0000049b: PUSH1 0x40
0000049d: DUP1
0000049e: MLOAD
0000049f: PUSH1 0xe0
000004a1: PUSH1 0x02
000004a3: EXP
000004a4: PUSH4 0xf909d60d
000004a9: MUL
000004aa: DUP2
000004ab: MSTORE
000004ac: SWAP1
000004ad: MLOAD
000004ae: PUSH1 0x01
000004b0: PUSH1 0xa0
000004b2: PUSH1 0x02
000004b4: EXP
000004b5: SUB
000004b6: SWAP3
000004b7: SWAP1
000004b8: SWAP3
000004b9: AND
000004ba: SWAP2
000004bb: PUSH4 0x2fa7cbfb
000004c0: SWAP2
000004c1: DUP4
000004c2: SWAP2
000004c3: PUSH4 0xf909d60d
000004c8: SWAP2
000004c9: PUSH1 0x04
000004cb: DUP2
000004cc: DUP2
000004cd: ADD
000004ce: SWAP3
000004cf: PUSH1 0x20
000004d1: SWAP3
000004d2: SWAP1
000004d3: SWAP2
000004d4: SWAP1
000004d5: DUP3
000004d6: SWAP1
000004d7: SUB
000004d8: ADD
000004d9: DUP2
000004da: PUSH1 0x00
000004dc: DUP8
000004dd: PUSH2 0x61da
000004e0: GAS
000004e1: SUB
000004e2: CALL
000004e3: ISZERO
000004e4: PUSH2 0x0002
000004e7: JUMPI
000004e8: POP
000004e9: POP
000004ea: PUSH1 0x40
000004ec: DUP1
000004ed: MLOAD
000004ee: DUP1
000004ef: MLOAD
000004f0: PUSH1 0xe0
000004f2: PUSH1 0x02
000004f4: EXP
000004f5: DUP6
000004f6: MUL
000004f7: DUP3
000004f8: MSTORE
000004f9: PUSH1 0x04
000004fb: DUP3
000004fc: ADD
000004fd: MSTORE
000004fe: SWAP1
000004ff: MLOAD
00000500: PUSH1 0x24
00000502: DUP3
00000503: DUP2
00000504: ADD
00000505: SWAP4
00000506: POP
00000507: PUSH1 0x20
00000509: SWAP3
0000050a: DUP3
0000050b: SWAP1
0000050c: SUB
0000050d: ADD
0000050e: DUP2
0000050f: PUSH1 0x00
00000511: DUP8
00000512: PUSH2 0x61da
00000515: GAS
00000516: SUB
00000517: CALL
00000518: ISZERO
00000519: PUSH2 0x0002
0000051c: JUMPI
0000051d: POP
0000051e: POP
0000051f: PUSH1 0x40
00000521: DUP1
00000522: MLOAD
00000523: DUP1
00000524: MLOAD
00000525: PUSH1 0x01
00000527: SLOAD
00000528: PUSH32 0x9f87acd000000000000000000000000000000000000000000000000000000000
00000549: DUP4
0000054a: MSTORE
0000054b: PUSH1 0x04
0000054d: DUP4
0000054e: ADD
0000054f: DUP12
00000550: SWAP1
00000551: MSTORE
00000552: PUSH1 0x24
00000554: DUP4
00000555: ADD
00000556: DUP11
00000557: SWAP1
00000558: MSTORE
00000559: PUSH1 0x44
0000055b: DUP4
0000055c: ADD
0000055d: DUP10
0000055e: SWAP1
0000055f: MSTORE
00000560: SWAP3
00000561: MLOAD
00000562: SWAP1
00000563: SWAP6
00000564: POP
00000565: PUSH1 0x01
00000567: PUSH1 0xa0
00000569: PUSH1 0x02
0000056b: EXP
0000056c: SUB
0000056d: SWAP3
0000056e: SWAP1
0000056f: SWAP3
00000570: AND
00000571: SWAP3
00000572: POP
00000573: PUSH4 0x9f87acd0
00000578: SWAP2
00000579: DUP6
0000057a: SWAP2
0000057b: PUSH1 0x64
0000057d: DUP2
0000057e: DUP2
0000057f: ADD
00000580: SWAP3
00000581: PUSH1 0x20
00000583: SWAP3
00000584: SWAP1
00000585: SWAP2
00000586: SWAP1
00000587: DUP3
00000588: SWAP1
00000589: SUB
0000058a: ADD
0000058b: DUP2
0000058c: DUP6
0000058d: DUP9
0000058e: PUSH2 0x8502
00000591: GAS
00000592: SUB
00000593: CALL
00000594: ISZERO
00000595: PUSH2 0x0002
00000598: JUMPI
00000599: POP
0000059a: POP
0000059b: PUSH1 0x40
0000059d: MLOAD
0000059e: MLOAD
0000059f: SWAP9
000005a0: SWAP8
000005a1: POP
000005a2: POP
000005a3: POP
000005a4: POP
000005a5: POP
000005a6: POP
000005a7: POP
000005a8: POP
000005a9: JUMP
000005aa: JUMPDEST
000005ab: POP
000005ac: PUSH1 0x00
000005ae: PUSH1 0x00
000005b0: SWAP1
000005b1: SLOAD
000005b2: SWAP1
000005b3: PUSH2 0x0100
000005b6: EXP
000005b7: SWAP1
000005b8: DIV
000005b9: PUSH1 0x01
000005bb: PUSH1 0xa0
000005bd: PUSH1 0x02
000005bf: EXP
000005c0: SUB
000005c1: AND
000005c2: PUSH1 0x01
000005c4: PUSH1 0xa0
000005c6: PUSH1 0x02
000005c8: EXP
000005c9: SUB
000005ca: AND
000005cb: PUSH4 0x32a2c5d0
000005d0: PUSH1 0x40
000005d2: MLOAD
000005d3: DUP2
000005d4: PUSH1 0xe0
000005d6: PUSH1 0x02
000005d8: EXP
000005d9: MUL
000005da: DUP2
000005db: MSTORE
000005dc: PUSH1 0x04
000005de: ADD
000005df: DUP1
000005e0: SWAP1
000005e1: POP
000005e2: PUSH1 0x20
000005e4: PUSH1 0x40
000005e6: MLOAD
000005e7: DUP1
000005e8: DUP4
000005e9: SUB
000005ea: DUP2
000005eb: PUSH1 0x00
000005ed: DUP8
000005ee: PUSH2 0x61da
000005f1: GAS
000005f2: SUB
000005f3: CALL
000005f4: ISZERO
000005f5: PUSH2 0x0002
000005f8: JUMPI
000005f9: POP
000005fa: POP
000005fb: PUSH1 0x40
000005fd: MLOAD
000005fe: MLOAD
000005ff: SWAP2
00000600: POP
00000601: POP
00000602: JUMPDEST
00000603: PUSH1 0x01
00000605: DUP1
00000606: SLOAD
00000607: PUSH1 0x01
00000609: PUSH1 0xa0
0000060b: PUSH1 0x02
0000060d: EXP
0000060e: SUB
0000060f: NOT
00000610: AND
00000611: DUP3
00000612: OR
00000613: SWAP1
00000614: DUP2
00000615: SWAP1
00000616: SSTORE
00000617: PUSH1 0x40
00000619: DUP1
0000061a: MLOAD
0000061b: PUSH1 0xe0
0000061d: PUSH1 0x02
0000061f: EXP
00000620: PUSH4 0xf909d60d
00000625: MUL
00000626: DUP2
00000627: MSTORE
00000628: SWAP1
00000629: MLOAD
0000062a: PUSH1 0x01
0000062c: PUSH1 0xa0
0000062e: PUSH1 0x02
00000630: EXP
00000631: SUB
00000632: SWAP3
00000633: SWAP1
00000634: SWAP3
00000635: AND
00000636: SWAP2
00000637: PUSH4 0x288c6ed2
0000063c: SWAP2
0000063d: DUP4
0000063e: SWAP2
0000063f: PUSH4 0xf909d60d
00000644: SWAP2
00000645: PUSH1 0x04
00000647: DUP2
00000648: DUP2
00000649: ADD
0000064a: SWAP3
0000064b: PUSH1 0x20
0000064d: SWAP3
0000064e: SWAP1
0000064f: SWAP2
00000650: SWAP1
00000651: DUP3
00000652: SWAP1
00000653: SUB
00000654: ADD
00000655: DUP2
00000656: PUSH1 0x00
00000658: DUP8
00000659: PUSH2 0x61da
0000065c: GAS
0000065d: SUB
0000065e: CALL
0000065f: ISZERO
00000660: PUSH2 0x0002
00000663: JUMPI
00000664: POP
00000665: POP
00000666: PUSH1 0x40
00000668: DUP1
00000669: MLOAD
0000066a: DUP1
0000066b: MLOAD
0000066c: PUSH1 0xe0
0000066e: PUSH1 0x02
00000670: EXP
00000671: DUP6
00000672: MUL
00000673: DUP3
00000674: MSTORE
00000675: PUSH1 0x04
00000677: DUP3
00000678: ADD
00000679: MSTORE
0000067a: SWAP1
0000067b: MLOAD
0000067c: PUSH1 0x24
0000067e: DUP3
0000067f: DUP2
00000680: ADD
00000681: SWAP4
00000682: POP
00000683: PUSH1 0x20
00000685: SWAP3
00000686: DUP3
00000687: SWAP1
00000688: SUB
00000689: ADD
0000068a: DUP2
0000068b: PUSH1 0x00
0000068d: DUP8
0000068e: PUSH2 0x61da
00000691: GAS
00000692: SUB
00000693: CALL
00000694: ISZERO
00000695: PUSH2 0x0002
00000698: JUMPI
00000699: POP
0000069a: POP
0000069b: PUSH1 0x40
0000069d: DUP1
0000069e: MLOAD
0000069f: DUP1
000006a0: MLOAD
000006a1: PUSH1 0x01
000006a3: SLOAD
000006a4: PUSH32 0x7d94792a00000000000000000000000000000000000000000000000000000000
000006c5: DUP4
000006c6: MSTORE
000006c7: SWAP3
000006c8: MLOAD
000006c9: SWAP1
000006ca: SWAP6
000006cb: POP
000006cc: PUSH1 0x01
000006ce: PUSH1 0xa0
000006d0: PUSH1 0x02
000006d2: EXP
000006d3: SUB
000006d4: SWAP3
000006d5: SWAP1
000006d6: SWAP3
000006d7: AND
000006d8: SWAP3
000006d9: POP
000006da: PUSH4 0x7d94792a
000006df: SWAP2
000006e0: DUP6
000006e1: SWAP2
000006e2: PUSH1 0x04
000006e4: DUP2
000006e5: DUP2
000006e6: ADD
000006e7: SWAP3
000006e8: PUSH1 0x20
000006ea: SWAP3
000006eb: SWAP1
000006ec: SWAP2
000006ed: SWAP1
000006ee: DUP3
000006ef: SWAP1
000006f0: SUB
000006f1: ADD
000006f2: DUP2
000006f3: DUP6
000006f4: DUP9
000006f5: PUSH2 0x8502
000006f8: GAS
000006f9: SUB
000006fa: CALL
000006fb: ISZERO
000006fc: PUSH2 0x0002
000006ff: JUMPI
00000700: POP
00000701: POP
00000702: PUSH1 0x40
00000704: MLOAD
00000705: MLOAD
00000706: SWAP5
00000707: POP
00000708: POP
00000709: POP
0000070a: POP
0000070b: POP
0000070c: SWAP1
0000070d: JUMP
0000070e: JUMPDEST
0000070f: DUP4
00000710: DUP6
00000711: DUP8
00000712: ADDMOD
00000713: SWAP1
00000714: POP
00000715: DUP3
00000716: DUP2
00000717: EQ
00000718: SWAP2
00000719: POP
0000071a: JUMPDEST
0000071b: POP
0000071c: SWAP6
0000071d: SWAP5
0000071e: POP
0000071f: POP
00000720: POP
00000721: POP
00000722: POP
00000723: JUMP
00000724: JUMPDEST
00000725: GT
00000726: ISZERO
00000727: PUSH2 0x075a
0000072a: JUMPI
0000072b: POP
0000072c: PUSH1 0x00
0000072e: DUP1
0000072f: SLOAD
00000730: PUSH20 0x5be0372559e0275c0c415ab48eb0e211bc2f52a8
00000745: PUSH1 0x01
00000747: PUSH1 0xa0
00000749: PUSH1 0x02
0000074b: EXP
0000074c: SUB
0000074d: NOT
0000074e: SWAP1
0000074f: SWAP2
00000750: AND
00000751: OR
00000752: SWAP1
00000753: SSTORE
00000754: PUSH1 0x01
00000756: PUSH2 0x0119
00000759: JUMP
0000075a: JUMPDEST
0000075b: PUSH1 0x00
0000075d: PUSH2 0x0779
00000760: PUSH20 0xf6d9979499491c1c0c9ef518860f4476c1cd551a
00000775: PUSH2 0x01fd
00000778: JUMP
00000779: JUMPDEST
0000077a: GT
0000077b: ISZERO
0000077c: PUSH2 0x07ad
0000077f: JUMPI
00000780: POP
00000781: PUSH1 0x00
00000783: DUP1
00000784: SLOAD
00000785: PUSH1 0x01
00000787: PUSH1 0xa0
00000789: PUSH1 0x02
0000078b: EXP
0000078c: SUB
0000078d: NOT
0000078e: AND
0000078f: PUSH20 0xf6d9979499491c1c0c9ef518860f4476c1cd551a
000007a4: OR
000007a5: SWAP1
000007a6: SSTORE
000007a7: PUSH1 0x01
000007a9: PUSH2 0x0119
000007ac: JUMP
000007ad: JUMPDEST
000007ae: POP
000007af: PUSH1 0x00
000007b1: PUSH2 0x0119
000007b4: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x8c1dfc71ded9eb9c5a0a727111dd8ecfa015308d6344872dcb7072b21b3a98da
call_targets: 0x2bcca955c9200c9a5f888bc2b14b91aaa56cd5c5, 0xf6d9979499491c1c0c9ef518860f4476c1cd551a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x8c1dfc71ded9eb9c5a0a727111dd8ecfa015308d6344872dcb7072b21b3a98da",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x2bcca955c9200c9a5f888bc2b14b91aaa56cd5c5",
        "0xf6d9979499491c1c0c9ef518860f4476c1cd551a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x041fe13d",
            "selector": "0x041fe13d",
            "calldata_variants": [
                "0x041fe13d",
                "0x041fe13d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5a7a8850",
            "selector": "0x5a7a8850",
            "calldata_variants": [
                "0x5a7a8850",
                "0x5a7a88500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcd5e3c5d",
            "selector": "0xcd5e3c5d",
            "calldata_variants": [
                "0xcd5e3c5d",
                "0xcd5e3c5d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe671f510",
            "selector": "0xe671f510",
            "calldata_variants": [
                "0xe671f510",
                "0xe671f5100000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf9cc0605",
            "selector": "0xf9cc0605",
            "calldata_variants": [
                "0xf9cc0605",
                "0xf9cc06050000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 174,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 973,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1013,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 13,
    "guards_detected": [],
    "untrusted_call_count": 11
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x8c1dfc71ded9eb9c5a0a727111dd8ecfa015308d6344872dcb7072b21b3a98da
call_targets: 0x2bcca955c9200c9a5f888bc2b14b91aaa56cd5c5, 0xf6d9979499491c1c0c9ef518860f4476c1cd551a
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x8c1dfc71ded9eb9c5a0a727111dd8ecfa015308d6344872dcb7072b21b3a98da",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x2bcca955c9200c9a5f888bc2b14b91aaa56cd5c5",
        "0xf6d9979499491c1c0c9ef518860f4476c1cd551a"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x041fe13d",
            "selector": "0x041fe13d",
            "calldata_variants": [
                "0x041fe13d",
                "0x041fe13d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5a7a8850",
            "selector": "0x5a7a8850",
            "calldata_variants": [
                "0x5a7a8850",
                "0x5a7a88500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcd5e3c5d",
            "selector": "0xcd5e3c5d",
            "calldata_variants": [
                "0xcd5e3c5d",
                "0xcd5e3c5d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe671f510",
            "selector": "0xe671f510",
            "calldata_variants": [
                "0xe671f510",
                "0xe671f5100000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf9cc0605",
            "selector": "0xf9cc0605",
            "calldata_variants": [
                "0xf9cc0605",
                "0xf9cc06050000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 174,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 973,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1013,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 11,
    "guards_detected": []
}