019b3836-5843-705c-87c9-f5c0e1da189a
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 8615 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 8616 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 51860 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 51861 | capability.graph | complete | 1 / 3 | 1 week ago |
| 51862 | detector.run | complete | 1 / 3 | 1 week ago |
| 51863 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113384 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
OpenAI Codex v0.118.0 (research preview) -------- workdir: /tmp/codex-t3ls1ny6 model: gpt-5.4 provider: openai approval: never sandbox: read-only reasoning effort: high reasoning summaries: none session id: 019d5c92-212e-7820-b666-52b715978e12 -------- user You are a security auditor. You ONLY have runtime bytecode + analysis artifacts. You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary, evidence bundle, callsites, storage slots, and detector findings. Special cases when reasoning from bytecode (be explicit about uncertainty): - Selector inference is best-effort; missing selectors are common. - Fallback/receive paths may be the only entrypoints. - CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage. - Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative. - Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown. - Guard detection is heuristic; absence of guards does NOT mean unguarded. - Returndata checking is unknown unless explicitly shown in evidence. - Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim. Output MUST be valid JSON matching the provided schema. - If you find nothing meaningful: set no_findings=true and findings=[]. - Otherwise: set no_findings=false and include findings with severity/category/title. - Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb". Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, accounting/invariant breaks, dangerous delegatecall, and untrusted external calls. Be conservative: if evidence is weak, mark severity low/medium and explain why. warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
{
"codex": {
"ran_at": "2026-04-05T07:36:15.568014+00:00",
"returncode": 1
},
"project": {
"mode": "bytecode",
"bytecode_length": 2572,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": null,
"no_findings": null,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0098 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x13330d7e 00000025: EQ 00000026: PUSH2 0x00f3 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x18160ddd 00000030: EQ 00000031: PUSH2 0x0118 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x313ce567 0000003b: EQ 0000003c: PUSH2 0x0121 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x4ef83a70 00000046: EQ 00000047: PUSH2 0x012d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x70a08231 00000051: EQ 00000052: PUSH2 0x0144 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x8da5cb5b 0000005c: EQ 0000005d: PUSH2 0x0169 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0x95d89b41 00000067: EQ 00000068: PUSH2 0x017b 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xa9059cbb 00000072: EQ 00000073: PUSH2 0x01db 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xb8491317 0000007d: EQ 0000007e: PUSH2 0x020a 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xcdbb2e79 00000088: EQ 00000089: PUSH2 0x0213 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x021c 00000091: PUSH2 0x021e 00000094: PUSH2 0x00f7 00000097: JUMP 00000098: JUMPDEST 00000099: PUSH1 0x40 0000009b: DUP1 0000009c: MLOAD 0000009d: PUSH1 0x02 0000009f: DUP1 000000a0: SLOAD 000000a1: PUSH1 0x20 000000a3: PUSH1 0x01 000000a5: DUP3 000000a6: AND 000000a7: ISZERO 000000a8: PUSH2 0x0100 000000ab: MUL 000000ac: PUSH1 0x00 000000ae: NOT 000000af: ADD 000000b0: SWAP1 000000b1: SWAP2 000000b2: AND 000000b3: DUP3 000000b4: SWAP1 000000b5: DIV 000000b6: PUSH1 0x1f 000000b8: DUP2 000000b9: ADD 000000ba: DUP3 000000bb: SWAP1 000000bc: DIV 000000bd: DUP3 000000be: MUL 000000bf: DUP5 000000c0: ADD 000000c1: DUP3 000000c2: ADD 000000c3: SWAP1 000000c4: SWAP5 000000c5: MSTORE 000000c6: DUP4 000000c7: DUP4 000000c8: MSTORE 000000c9: PUSH2 0x0221 000000cc: SWAP4 000000cd: SWAP1 000000ce: DUP4 000000cf: ADD 000000d0: DUP3 000000d1: DUP3 000000d2: DUP1 000000d3: ISZERO 000000d4: PUSH2 0x03f1 000000d7: JUMPI 000000d8: DUP1 000000d9: PUSH1 0x1f 000000db: LT 000000dc: PUSH2 0x03c6 000000df: JUMPI 000000e0: PUSH2 0x0100 000000e3: DUP1 000000e4: DUP4 000000e5: SLOAD 000000e6: DIV 000000e7: MUL 000000e8: DUP4 000000e9: MSTORE 000000ea: SWAP2 000000eb: PUSH1 0x20 000000ed: ADD 000000ee: SWAP2 000000ef: PUSH2 0x03f1 000000f2: JUMP 000000f3: JUMPDEST 000000f4: PUSH2 0x028f 000000f7: JUMPDEST 000000f8: PUSH1 0x01 000000fa: SLOAD 000000fb: PUSH1 0x00 000000fd: SWAP1 000000fe: DUP2 000000ff: SWAP1 00000100: CALLER 00000101: PUSH1 0x01 00000103: PUSH1 0xa0 00000105: PUSH1 0x02 00000107: EXP 00000108: SUB 00000109: SWAP1 0000010a: DUP2 0000010b: AND 0000010c: SWAP2 0000010d: AND 0000010e: EQ 0000010f: ISZERO 00000110: PUSH2 0x02e8 00000113: JUMPI 00000114: PUSH2 0x0002 00000117: JUMP 00000118: JUMPDEST 00000119: PUSH2 0x02a3 0000011c: PUSH1 0x05 0000011e: SLOAD 0000011f: DUP2 00000120: JUMP 00000121: JUMPDEST 00000122: PUSH2 0x02b5 00000125: PUSH1 0x04 00000127: SLOAD 00000128: PUSH1 0xff 0000012a: AND 0000012b: DUP2 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH2 0x028f 00000131: PUSH1 0x04 00000133: CALLDATALOAD 00000134: PUSH1 0x07 00000136: SLOAD 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: TIMESTAMP 0000013b: GT 0000013c: PUSH2 0x03f9 0000013f: JUMPI 00000140: PUSH2 0x0002 00000143: JUMP 00000144: JUMPDEST 00000145: PUSH2 0x02a3 00000148: PUSH1 0x04 0000014a: CALLDATALOAD 0000014b: PUSH1 0x01 0000014d: PUSH1 0xa0 0000014f: PUSH1 0x02 00000151: EXP 00000152: SUB 00000153: DUP2 00000154: AND 00000155: PUSH1 0x00 00000157: SWAP1 00000158: DUP2 00000159: MSTORE 0000015a: PUSH1 0x20 0000015c: DUP2 0000015d: SWAP1 0000015e: MSTORE 0000015f: PUSH1 0x40 00000161: SWAP1 00000162: KECCAK256 00000163: SLOAD 00000164: JUMPDEST 00000165: SWAP2 00000166: SWAP1 00000167: POP 00000168: JUMP 00000169: JUMPDEST 0000016a: PUSH2 0x02cb 0000016d: PUSH1 0x01 0000016f: SLOAD 00000170: PUSH1 0x01 00000172: PUSH1 0xa0 00000174: PUSH1 0x02 00000176: EXP 00000177: SUB 00000178: AND 00000179: DUP2 0000017a: JUMP 0000017b: JUMPDEST 0000017c: PUSH2 0x0221 0000017f: PUSH1 0x03 00000181: DUP1 00000182: SLOAD 00000183: PUSH1 0x40 00000185: DUP1 00000186: MLOAD 00000187: PUSH1 0x20 00000189: PUSH1 0x1f 0000018b: PUSH1 0x02 0000018d: PUSH1 0x00 0000018f: NOT 00000190: PUSH1 0x01 00000192: DUP8 00000193: AND 00000194: ISZERO 00000195: PUSH2 0x0100 00000198: MUL 00000199: ADD 0000019a: SWAP1 0000019b: SWAP6 0000019c: AND 0000019d: SWAP5 0000019e: SWAP1 0000019f: SWAP5 000001a0: DIV 000001a1: SWAP4 000001a2: DUP5 000001a3: ADD 000001a4: DUP2 000001a5: SWAP1 000001a6: DIV 000001a7: DUP2 000001a8: MUL 000001a9: DUP3 000001aa: ADD 000001ab: DUP2 000001ac: ADD 000001ad: SWAP1 000001ae: SWAP3 000001af: MSTORE 000001b0: DUP3 000001b1: DUP2 000001b2: MSTORE 000001b3: SWAP3 000001b4: SWAP2 000001b5: SWAP1 000001b6: DUP4 000001b7: ADD 000001b8: DUP3 000001b9: DUP3 000001ba: DUP1 000001bb: ISZERO 000001bc: PUSH2 0x03f1 000001bf: JUMPI 000001c0: DUP1 000001c1: PUSH1 0x1f 000001c3: LT 000001c4: PUSH2 0x03c6 000001c7: JUMPI 000001c8: PUSH2 0x0100 000001cb: DUP1 000001cc: DUP4 000001cd: SLOAD 000001ce: DIV 000001cf: MUL 000001d0: DUP4 000001d1: MSTORE 000001d2: SWAP2 000001d3: PUSH1 0x20 000001d5: ADD 000001d6: SWAP2 000001d7: PUSH2 0x03f1 000001da: JUMP 000001db: JUMPDEST 000001dc: PUSH2 0x028f 000001df: PUSH1 0x04 000001e1: CALLDATALOAD 000001e2: PUSH1 0x24 000001e4: CALLDATALOAD 000001e5: CALLER 000001e6: PUSH1 0x01 000001e8: PUSH1 0xa0 000001ea: PUSH1 0x02 000001ec: EXP 000001ed: SUB 000001ee: AND 000001ef: PUSH1 0x00 000001f1: SWAP1 000001f2: DUP2 000001f3: MSTORE 000001f4: PUSH1 0x20 000001f6: DUP2 000001f7: SWAP1 000001f8: MSTORE 000001f9: PUSH1 0x40 000001fb: DUP2 000001fc: KECCAK256 000001fd: SLOAD 000001fe: DUP3 000001ff: SWAP1 00000200: LT 00000201: ISZERO 00000202: PUSH2 0x0461 00000205: JUMPI 00000206: PUSH2 0x0002 00000209: JUMP 0000020a: JUMPDEST 0000020b: PUSH2 0x02a3 0000020e: PUSH1 0x06 00000210: SLOAD 00000211: DUP2 00000212: JUMP 00000213: JUMPDEST 00000214: PUSH2 0x02a3 00000217: PUSH1 0x07 00000219: SLOAD 0000021a: DUP2 0000021b: JUMP 0000021c: JUMPDEST 0000021d: STOP 0000021e: JUMPDEST 0000021f: POP 00000220: JUMP 00000221: JUMPDEST 00000222: PUSH1 0x40 00000224: MLOAD 00000225: DUP1 00000226: DUP1 00000227: PUSH1 0x20 00000229: ADD 0000022a: DUP3 0000022b: DUP2 0000022c: SUB 0000022d: DUP3 0000022e: MSTORE 0000022f: DUP4 00000230: DUP2 00000231: DUP2 00000232: MLOAD 00000233: DUP2 00000234: MSTORE 00000235: PUSH1 0x20 00000237: ADD 00000238: SWAP2 00000239: POP 0000023a: DUP1 0000023b: MLOAD 0000023c: SWAP1 0000023d: PUSH1 0x20 0000023f: ADD 00000240: SWAP1 00000241: DUP1 00000242: DUP4 00000243: DUP4 00000244: DUP3 00000245: SWAP1 00000246: PUSH1 0x00 00000248: PUSH1 0x04 0000024a: PUSH1 0x20 0000024c: DUP5 0000024d: PUSH1 0x1f 0000024f: ADD 00000250: DIV 00000251: PUSH1 0x0f 00000253: MUL 00000254: PUSH1 0x03 00000256: ADD 00000257: CALL 00000258: POP 00000259: SWAP1 0000025a: POP 0000025b: SWAP1 0000025c: DUP2 0000025d: ADD 0000025e: SWAP1 0000025f: PUSH1 0x1f 00000261: AND 00000262: DUP1 00000263: ISZERO 00000264: PUSH2 0x0281 00000267: JUMPI 00000268: DUP1 00000269: DUP3 0000026a: SUB 0000026b: DUP1 0000026c: MLOAD 0000026d: PUSH1 0x01 0000026f: DUP4 00000270: PUSH1 0x20 00000272: SUB 00000273: PUSH2 0x0100 00000276: EXP 00000277: SUB 00000278: NOT 00000279: AND 0000027a: DUP2 0000027b: MSTORE 0000027c: PUSH1 0x20 0000027e: ADD 0000027f: SWAP2 00000280: POP 00000281: JUMPDEST 00000282: POP 00000283: SWAP3 00000284: POP 00000285: POP 00000286: POP 00000287: PUSH1 0x40 00000289: MLOAD 0000028a: DUP1 0000028b: SWAP2 0000028c: SUB 0000028d: SWAP1 0000028e: RETURN 0000028f: JUMPDEST 00000290: PUSH1 0x40 00000292: DUP1 00000293: MLOAD 00000294: SWAP2 00000295: ISZERO 00000296: ISZERO 00000297: DUP3 00000298: MSTORE 00000299: MLOAD 0000029a: SWAP1 0000029b: DUP2 0000029c: SWAP1 0000029d: SUB 0000029e: PUSH1 0x20 000002a0: ADD 000002a1: SWAP1 000002a2: RETURN 000002a3: JUMPDEST 000002a4: PUSH1 0x40 000002a6: DUP1 000002a7: MLOAD 000002a8: SWAP2 000002a9: DUP3 000002aa: MSTORE 000002ab: MLOAD 000002ac: SWAP1 000002ad: DUP2 000002ae: SWAP1 000002af: SUB 000002b0: PUSH1 0x20 000002b2: ADD 000002b3: SWAP1 000002b4: RETURN 000002b5: JUMPDEST 000002b6: PUSH1 0x40 000002b8: DUP1 000002b9: MLOAD 000002ba: PUSH1 0xff 000002bc: SWAP1 000002bd: SWAP3 000002be: AND 000002bf: DUP3 000002c0: MSTORE 000002c1: MLOAD 000002c2: SWAP1 000002c3: DUP2 000002c4: SWAP1 000002c5: SUB 000002c6: PUSH1 0x20 000002c8: ADD 000002c9: SWAP1 000002ca: RETURN 000002cb: JUMPDEST 000002cc: PUSH1 0x40 000002ce: DUP1 000002cf: MLOAD 000002d0: PUSH1 0x01 000002d2: PUSH1 0xa0 000002d4: PUSH1 0x02 000002d6: EXP 000002d7: SUB 000002d8: SWAP3 000002d9: SWAP1 000002da: SWAP3 000002db: AND 000002dc: DUP3 000002dd: MSTORE 000002de: MLOAD 000002df: SWAP1 000002e0: DUP2 000002e1: SWAP1 000002e2: SUB 000002e3: PUSH1 0x20 000002e5: ADD 000002e6: SWAP1 000002e7: RETURN 000002e8: JUMPDEST 000002e9: PUSH1 0x07 000002eb: SLOAD 000002ec: TIMESTAMP 000002ed: GT 000002ee: ISZERO 000002ef: PUSH2 0x02f7 000002f2: JUMPI 000002f3: PUSH2 0x0002 000002f6: JUMP 000002f7: JUMPDEST 000002f8: PUSH1 0x00 000002fa: SWAP1 000002fb: POP 000002fc: TIMESTAMP 000002fd: PUSH3 0x1a5e00 00000301: PUSH1 0x07 00000303: PUSH1 0x00 00000305: POP 00000306: SLOAD 00000307: SUB 00000308: GT 00000309: ISZERO 0000030a: PUSH2 0x0314 0000030d: JUMPI 0000030e: POP 0000030f: CALLVALUE 00000310: PUSH2 0x033c 00000313: JUMP 00000314: JUMPDEST 00000315: TIMESTAMP 00000316: PUSH3 0x0d2f00 0000031a: PUSH1 0x07 0000031c: PUSH1 0x00 0000031e: POP 0000031f: SLOAD 00000320: SUB 00000321: GT 00000322: ISZERO 00000323: PUSH2 0x0333 00000326: JUMPI 00000327: POP 00000328: PUSH1 0x06 0000032a: PUSH1 0x05 0000032c: CALLVALUE 0000032d: MUL 0000032e: DIV 0000032f: PUSH2 0x033c 00000332: JUMP 00000333: JUMPDEST 00000334: POP 00000335: PUSH1 0x07 00000337: PUSH1 0x05 00000339: CALLVALUE 0000033a: MUL 0000033b: DIV 0000033c: JUMPDEST 0000033d: CALLER 0000033e: PUSH1 0x01 00000340: PUSH1 0xa0 00000342: PUSH1 0x02 00000344: EXP 00000345: SUB 00000346: AND 00000347: PUSH1 0x00 00000349: SWAP1 0000034a: DUP2 0000034b: MSTORE 0000034c: PUSH1 0x20 0000034e: DUP2 0000034f: SWAP1 00000350: MSTORE 00000351: PUSH1 0x40 00000353: SWAP1 00000354: KECCAK256 00000355: DUP1 00000356: SLOAD 00000357: DUP3 00000358: ADD 00000359: SWAP1 0000035a: SSTORE 0000035b: PUSH1 0x06 0000035d: DUP1 0000035e: SLOAD 0000035f: DUP3 00000360: ADD 00000361: SWAP1 00000362: DUP2 00000363: SWAP1 00000364: SSTORE 00000365: PUSH1 0x05 00000367: SLOAD 00000368: SWAP1 00000369: GT 0000036a: ISZERO 0000036b: PUSH2 0x0373 0000036e: JUMPI 0000036f: PUSH2 0x0002 00000372: JUMP 00000373: JUMPDEST 00000374: CALLER 00000375: PUSH1 0x01 00000377: PUSH1 0xa0 00000379: PUSH1 0x02 0000037b: EXP 0000037c: SUB 0000037d: AND 0000037e: ADDRESS 0000037f: PUSH1 0x01 00000381: PUSH1 0xa0 00000383: PUSH1 0x02 00000385: EXP 00000386: SUB 00000387: AND 00000388: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000003a9: DUP4 000003aa: PUSH1 0x40 000003ac: MLOAD 000003ad: DUP1 000003ae: DUP3 000003af: DUP2 000003b0: MSTORE 000003b1: PUSH1 0x20 000003b3: ADD 000003b4: SWAP2 000003b5: POP 000003b6: POP 000003b7: PUSH1 0x40 000003b9: MLOAD 000003ba: DUP1 000003bb: SWAP2 000003bc: SUB 000003bd: SWAP1 000003be: LOG3 000003bf: PUSH1 0x01 000003c1: SWAP2 000003c2: POP 000003c3: POP 000003c4: SWAP1 000003c5: JUMP 000003c6: JUMPDEST 000003c7: DUP3 000003c8: ADD 000003c9: SWAP2 000003ca: SWAP1 000003cb: PUSH1 0x00 000003cd: MSTORE 000003ce: PUSH1 0x20 000003d0: PUSH1 0x00 000003d2: KECCAK256 000003d3: SWAP1 000003d4: JUMPDEST 000003d5: DUP2 000003d6: SLOAD 000003d7: DUP2 000003d8: MSTORE 000003d9: SWAP1 000003da: PUSH1 0x01 000003dc: ADD 000003dd: SWAP1 000003de: PUSH1 0x20 000003e0: ADD 000003e1: DUP1 000003e2: DUP4 000003e3: GT 000003e4: PUSH2 0x03d4 000003e7: JUMPI 000003e8: DUP3 000003e9: SWAP1 000003ea: SUB 000003eb: PUSH1 0x1f 000003ed: AND 000003ee: DUP3 000003ef: ADD 000003f0: SWAP2 000003f1: JUMPDEST 000003f2: POP 000003f3: POP 000003f4: POP 000003f5: POP 000003f6: POP 000003f7: DUP2 000003f8: JUMP 000003f9: JUMPDEST 000003fa: DUP2 000003fb: ADDRESS 000003fc: PUSH1 0x01 000003fe: PUSH1 0xa0 00000400: PUSH1 0x02 00000402: EXP 00000403: SUB 00000404: AND 00000405: BALANCE 00000406: LT 00000407: ISZERO 00000408: PUSH2 0x0410 0000040b: JUMPI 0000040c: PUSH2 0x0002 0000040f: JUMP 00000410: JUMPDEST 00000411: PUSH1 0x01 00000413: SLOAD 00000414: CALLER 00000415: PUSH1 0x01 00000417: PUSH1 0xa0 00000419: PUSH1 0x02 0000041b: EXP 0000041c: SUB 0000041d: SWAP1 0000041e: DUP2 0000041f: AND 00000420: SWAP2 00000421: AND 00000422: EQ 00000423: PUSH2 0x042b 00000426: JUMPI 00000427: PUSH2 0x0002 0000042a: JUMP 0000042b: JUMPDEST 0000042c: PUSH1 0x40 0000042e: MLOAD 0000042f: CALLER 00000430: PUSH1 0x01 00000432: PUSH1 0xa0 00000434: PUSH1 0x02 00000436: EXP 00000437: SUB 00000438: AND 00000439: SWAP1 0000043a: PUSH1 0x00 0000043c: SWAP1 0000043d: DUP5 0000043e: SWAP1 0000043f: DUP3 00000440: DUP2 00000441: DUP2 00000442: DUP2 00000443: DUP6 00000444: DUP9 00000445: DUP4 00000446: CALL 00000447: SWAP4 00000448: POP 00000449: POP 0000044a: POP 0000044b: POP 0000044c: ISZERO 0000044d: ISZERO 0000044e: PUSH2 0x0459 00000451: JUMPI 00000452: POP 00000453: PUSH1 0x00 00000455: PUSH2 0x0164 00000458: JUMP 00000459: JUMPDEST 0000045a: POP 0000045b: PUSH1 0x01 0000045d: PUSH2 0x0164 00000460: JUMP 00000461: JUMPDEST 00000462: PUSH1 0x01 00000464: PUSH1 0xa0 00000466: PUSH1 0x02 00000468: EXP 00000469: SUB 0000046a: DUP4 0000046b: AND 0000046c: PUSH1 0x00 0000046e: SWAP1 0000046f: DUP2 00000470: MSTORE 00000471: PUSH1 0x20 00000473: DUP2 00000474: SWAP1 00000475: MSTORE 00000476: PUSH1 0x40 00000478: SWAP1 00000479: KECCAK256 0000047a: SLOAD 0000047b: DUP1 0000047c: DUP4 0000047d: ADD 0000047e: LT 0000047f: ISZERO 00000480: PUSH2 0x0488 00000483: JUMPI 00000484: PUSH2 0x0002 00000487: JUMP 00000488: JUMPDEST 00000489: PUSH1 0x07 0000048b: SLOAD 0000048c: TIMESTAMP 0000048d: LT 0000048e: ISZERO 0000048f: PUSH2 0x0497 00000492: JUMPI 00000493: PUSH2 0x0002 00000496: JUMP 00000497: JUMPDEST 00000498: PUSH1 0x01 0000049a: PUSH1 0xa0 0000049c: PUSH1 0x02 0000049e: EXP 0000049f: SUB 000004a0: CALLER 000004a1: DUP2 000004a2: AND 000004a3: PUSH1 0x00 000004a5: DUP2 000004a6: DUP2 000004a7: MSTORE 000004a8: PUSH1 0x20 000004aa: DUP2 000004ab: DUP2 000004ac: MSTORE 000004ad: PUSH1 0x40 000004af: DUP1 000004b0: DUP4 000004b1: KECCAK256 000004b2: DUP1 000004b3: SLOAD 000004b4: DUP9 000004b5: SWAP1 000004b6: SUB 000004b7: SWAP1 000004b8: SSTORE 000004b9: SWAP4 000004ba: DUP8 000004bb: AND 000004bc: DUP1 000004bd: DUP4 000004be: MSTORE 000004bf: SWAP2 000004c0: DUP5 000004c1: SWAP1 000004c2: KECCAK256 000004c3: DUP1 000004c4: SLOAD 000004c5: DUP8 000004c6: ADD 000004c7: SWAP1 000004c8: SSTORE 000004c9: DUP4 000004ca: MLOAD 000004cb: DUP7 000004cc: DUP2 000004cd: MSTORE 000004ce: SWAP4 000004cf: MLOAD 000004d0: SWAP2 000004d1: SWAP4 000004d2: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004f3: SWAP3 000004f4: SWAP1 000004f5: DUP2 000004f6: SWAP1 000004f7: SUB 000004f8: SWAP1 000004f9: SWAP2 000004fa: ADD 000004fb: SWAP1 000004fc: LOG3 000004fd: POP 000004fe: PUSH1 0x01 00000500: SWAP3 00000501: SWAP2 00000502: POP 00000503: POP 00000504: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x2b8a93eaedc759e5c1451214fff21ea2c0b6ed1bd8eba3d81aad6172341c32b6
call_targets:
0x0000000000000000000000000000000000000004, 0xcee51f865a038aec1900b82f4e784c5ed8ad468c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x2b8a93eaedc759e5c1451214fff21ea2c0b6ed1bd8eba3d81aad6172341c32b6",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xcee51f865a038aec1900b82f4e784c5ed8ad468c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x13330d7e",
"selector": "0x13330d7e",
"calldata_variants": [
"0x13330d7e",
"0x13330d7e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4ef83a70",
"selector": "0x4ef83a70",
"calldata_variants": [
"0x4ef83a70",
"0x4ef83a700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 599,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1094,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 2
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x2b8a93eaedc759e5c1451214fff21ea2c0b6ed1bd8eba3d81aad6172341c32b6
call_targets:
0x0000000000000000000000000000000000000004, 0xcee51f865a038aec1900b82f4e784c5ed8ad468c
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x2b8a93eaedc759e5c1451214fff21ea2c0b6ed1bd8eba3d81aad6172341c32b6",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xcee51f865a038aec1900b82f4e784c5ed8ad468c"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x13330d7e",
"selector": "0x13330d7e",
"calldata_variants": [
"0x13330d7e",
"0x13330d7e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4ef83a70",
"selector": "0x4ef83a70",
"calldata_variants": [
"0x4ef83a70",
"0x4ef83a700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 599,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1094,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|