019b3836-5adf-7352-ab85-296cd22dbd21
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 8971 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 8972 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 98238 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 98239 | capability.graph | complete | 1 / 3 | 1 week ago |
| 98240 | detector.run | complete | 1 / 3 | 1 week ago |
| 98241 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113845 | report.consolidate | complete | 1 / 6 | 1 week ago |
No slither job recorded yet.
OpenAI Codex v0.118.0 (research preview) -------- workdir: /tmp/codex-tkerw_7n model: gpt-5.4 provider: openai approval: never sandbox: read-only reasoning effort: high reasoning summaries: none session id: 019d5ca0-87b8-7de1-be5b-2593dc0f837d -------- user You are a security auditor. You ONLY have runtime bytecode + analysis artifacts. You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary, evidence bundle, callsites, storage slots, and detector findings. Special cases when reasoning from bytecode (be explicit about uncertainty): - Selector inference is best-effort; missing selectors are common. - Fallback/receive paths may be the only entrypoints. - CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage. - Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative. - Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown. - Guard detection is heuristic; absence of guards does NOT mean unguarded. - Returndata checking is unknown unless explicitly shown in evidence. - Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim. Output MUST be valid JSON matching the provided schema. - If you find nothing meaningful: set no_findings=true and findings=[]. - Otherwise: set no_findings=false and include findings with severity/category/title. - Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb". Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, accounting/invariant breaks, dangerous delegatecall, and untrusted external calls. Be conservative: if evidence is weak, mark severity low/medium and explain why. warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
{
"codex": {
"ran_at": "2026-04-05T07:51:59.287634+00:00",
"returncode": 1
},
"project": {
"mode": "bytecode",
"bytecode_length": 3510,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": null,
"no_findings": null,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x008d 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0095 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x095ea7b3 00000025: EQ 00000026: PUSH2 0x00f3 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x18160ddd 00000030: EQ 00000031: PUSH2 0x0168 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x23b872dd 0000003b: EQ 0000003c: PUSH2 0x0171 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x313ce567 00000046: EQ 00000047: PUSH2 0x025c 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x54fd4d50 00000051: EQ 00000052: PUSH2 0x0268 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x70a08231 0000005c: EQ 0000005d: PUSH2 0x02c6 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0x95d89b41 00000067: EQ 00000068: PUSH2 0x02f4 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xa9059cbb 00000072: EQ 00000073: PUSH2 0x0352 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xcae9ca51 0000007d: EQ 0000007e: PUSH2 0x03f7 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xdd62ed3e 00000088: EQ 00000089: PUSH2 0x05be 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH2 0x05f2 00000091: PUSH2 0x0002 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH1 0x40 00000098: DUP1 00000099: MLOAD 0000009a: PUSH1 0x03 0000009c: DUP1 0000009d: SLOAD 0000009e: PUSH1 0x20 000000a0: PUSH1 0x02 000000a2: PUSH1 0x01 000000a4: DUP4 000000a5: AND 000000a6: ISZERO 000000a7: PUSH2 0x0100 000000aa: MUL 000000ab: PUSH1 0x00 000000ad: NOT 000000ae: ADD 000000af: SWAP1 000000b0: SWAP3 000000b1: AND 000000b2: SWAP2 000000b3: SWAP1 000000b4: SWAP2 000000b5: DIV 000000b6: PUSH1 0x1f 000000b8: DUP2 000000b9: ADD 000000ba: DUP3 000000bb: SWAP1 000000bc: DIV 000000bd: DUP3 000000be: MUL 000000bf: DUP5 000000c0: ADD 000000c1: DUP3 000000c2: ADD 000000c3: SWAP1 000000c4: SWAP5 000000c5: MSTORE 000000c6: DUP4 000000c7: DUP4 000000c8: MSTORE 000000c9: PUSH2 0x05f4 000000cc: SWAP4 000000cd: SWAP1 000000ce: DUP4 000000cf: ADD 000000d0: DUP3 000000d1: DUP3 000000d2: DUP1 000000d3: ISZERO 000000d4: PUSH2 0x06b7 000000d7: JUMPI 000000d8: DUP1 000000d9: PUSH1 0x1f 000000db: LT 000000dc: PUSH2 0x068c 000000df: JUMPI 000000e0: PUSH2 0x0100 000000e3: DUP1 000000e4: DUP4 000000e5: SLOAD 000000e6: DIV 000000e7: MUL 000000e8: DUP4 000000e9: MSTORE 000000ea: SWAP2 000000eb: PUSH1 0x20 000000ed: ADD 000000ee: SWAP2 000000ef: PUSH2 0x06b7 000000f2: JUMP 000000f3: JUMPDEST 000000f4: PUSH2 0x0662 000000f7: PUSH1 0x04 000000f9: CALLDATALOAD 000000fa: PUSH1 0x24 000000fc: CALLDATALOAD 000000fd: CALLER 000000fe: PUSH1 0x01 00000100: PUSH1 0xa0 00000102: PUSH1 0x02 00000104: EXP 00000105: SUB 00000106: SWAP1 00000107: DUP2 00000108: AND 00000109: PUSH1 0x00 0000010b: DUP2 0000010c: DUP2 0000010d: MSTORE 0000010e: PUSH1 0x01 00000110: PUSH1 0x20 00000112: SWAP1 00000113: DUP2 00000114: MSTORE 00000115: PUSH1 0x40 00000117: DUP1 00000118: DUP4 00000119: KECCAK256 0000011a: SWAP5 0000011b: DUP8 0000011c: AND 0000011d: DUP1 0000011e: DUP5 0000011f: MSTORE 00000120: SWAP5 00000121: DUP3 00000122: MSTORE 00000123: DUP1 00000124: DUP4 00000125: KECCAK256 00000126: DUP7 00000127: SWAP1 00000128: SSTORE 00000129: DUP1 0000012a: MLOAD 0000012b: DUP7 0000012c: DUP2 0000012d: MSTORE 0000012e: SWAP1 0000012f: MLOAD 00000130: SWAP3 00000131: SWAP5 00000132: SWAP4 00000133: SWAP3 00000134: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925 00000155: SWAP3 00000156: SWAP2 00000157: DUP2 00000158: SWAP1 00000159: SUB 0000015a: SWAP1 0000015b: SWAP2 0000015c: ADD 0000015d: SWAP1 0000015e: LOG3 0000015f: POP 00000160: PUSH1 0x01 00000162: JUMPDEST 00000163: SWAP3 00000164: SWAP2 00000165: POP 00000166: POP 00000167: JUMP 00000168: JUMPDEST 00000169: PUSH2 0x02e2 0000016c: PUSH1 0x02 0000016e: SLOAD 0000016f: DUP2 00000170: JUMP 00000171: JUMPDEST 00000172: PUSH2 0x0662 00000175: PUSH1 0x04 00000177: CALLDATALOAD 00000178: PUSH1 0x24 0000017a: CALLDATALOAD 0000017b: PUSH1 0x44 0000017d: CALLDATALOAD 0000017e: PUSH1 0x01 00000180: PUSH1 0xa0 00000182: PUSH1 0x02 00000184: EXP 00000185: SUB 00000186: DUP4 00000187: AND 00000188: PUSH1 0x00 0000018a: SWAP1 0000018b: DUP2 0000018c: MSTORE 0000018d: PUSH1 0x20 0000018f: DUP2 00000190: SWAP1 00000191: MSTORE 00000192: PUSH1 0x40 00000194: DUP2 00000195: KECCAK256 00000196: SLOAD 00000197: DUP3 00000198: SWAP1 00000199: LT 0000019a: DUP1 0000019b: ISZERO 0000019c: SWAP1 0000019d: PUSH2 0x01c4 000001a0: JUMPI 000001a1: POP 000001a2: PUSH1 0x01 000001a4: PUSH1 0x20 000001a6: SWAP1 000001a7: DUP2 000001a8: MSTORE 000001a9: PUSH1 0x40 000001ab: DUP1 000001ac: DUP4 000001ad: KECCAK256 000001ae: CALLER 000001af: PUSH1 0x01 000001b1: PUSH1 0xa0 000001b3: PUSH1 0x02 000001b5: EXP 000001b6: SUB 000001b7: AND 000001b8: DUP5 000001b9: MSTORE 000001ba: SWAP1 000001bb: SWAP2 000001bc: MSTORE 000001bd: DUP2 000001be: KECCAK256 000001bf: SLOAD 000001c0: DUP3 000001c1: SWAP1 000001c2: LT 000001c3: ISZERO 000001c4: JUMPDEST 000001c5: DUP1 000001c6: ISZERO 000001c7: PUSH2 0x01d0 000001ca: JUMPI 000001cb: POP 000001cc: PUSH1 0x00 000001ce: DUP3 000001cf: GT 000001d0: JUMPDEST 000001d1: ISZERO 000001d2: PUSH2 0x06bf 000001d5: JUMPI 000001d6: PUSH1 0x01 000001d8: PUSH1 0xa0 000001da: PUSH1 0x02 000001dc: EXP 000001dd: SUB 000001de: DUP4 000001df: DUP2 000001e0: AND 000001e1: PUSH1 0x00 000001e3: DUP2 000001e4: DUP2 000001e5: MSTORE 000001e6: PUSH1 0x20 000001e8: DUP2 000001e9: DUP2 000001ea: MSTORE 000001eb: PUSH1 0x40 000001ed: DUP1 000001ee: DUP4 000001ef: KECCAK256 000001f0: DUP1 000001f1: SLOAD 000001f2: DUP9 000001f3: ADD 000001f4: SWAP1 000001f5: SSTORE 000001f6: DUP9 000001f7: DUP6 000001f8: AND 000001f9: DUP1 000001fa: DUP5 000001fb: MSTORE 000001fc: DUP2 000001fd: DUP5 000001fe: KECCAK256 000001ff: DUP1 00000200: SLOAD 00000201: DUP10 00000202: SWAP1 00000203: SUB 00000204: SWAP1 00000205: SSTORE 00000206: PUSH1 0x01 00000208: DUP4 00000209: MSTORE 0000020a: DUP2 0000020b: DUP5 0000020c: KECCAK256 0000020d: CALLER 0000020e: SWAP1 0000020f: SWAP7 00000210: AND 00000211: DUP5 00000212: MSTORE 00000213: SWAP5 00000214: DUP3 00000215: MSTORE 00000216: SWAP2 00000217: DUP3 00000218: SWAP1 00000219: KECCAK256 0000021a: DUP1 0000021b: SLOAD 0000021c: DUP8 0000021d: SWAP1 0000021e: SUB 0000021f: SWAP1 00000220: SSTORE 00000221: DUP2 00000222: MLOAD 00000223: DUP7 00000224: DUP2 00000225: MSTORE 00000226: SWAP2 00000227: MLOAD 00000228: SWAP3 00000229: SWAP4 0000022a: SWAP3 0000022b: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 0000024c: SWAP3 0000024d: DUP2 0000024e: SWAP1 0000024f: SUB 00000250: SWAP1 00000251: SWAP2 00000252: ADD 00000253: SWAP1 00000254: LOG3 00000255: POP 00000256: PUSH1 0x01 00000258: PUSH2 0x06c3 0000025b: JUMP 0000025c: JUMPDEST 0000025d: PUSH2 0x0676 00000260: PUSH1 0x04 00000262: SLOAD 00000263: PUSH1 0xff 00000265: AND 00000266: DUP2 00000267: JUMP 00000268: JUMPDEST 00000269: PUSH1 0x40 0000026b: DUP1 0000026c: MLOAD 0000026d: PUSH1 0x06 0000026f: DUP1 00000270: SLOAD 00000271: PUSH1 0x20 00000273: PUSH1 0x02 00000275: PUSH1 0x01 00000277: DUP4 00000278: AND 00000279: ISZERO 0000027a: PUSH2 0x0100 0000027d: MUL 0000027e: PUSH1 0x00 00000280: NOT 00000281: ADD 00000282: SWAP1 00000283: SWAP3 00000284: AND 00000285: SWAP2 00000286: SWAP1 00000287: SWAP2 00000288: DIV 00000289: PUSH1 0x1f 0000028b: DUP2 0000028c: ADD 0000028d: DUP3 0000028e: SWAP1 0000028f: DIV 00000290: DUP3 00000291: MUL 00000292: DUP5 00000293: ADD 00000294: DUP3 00000295: ADD 00000296: SWAP1 00000297: SWAP5 00000298: MSTORE 00000299: DUP4 0000029a: DUP4 0000029b: MSTORE 0000029c: PUSH2 0x05f4 0000029f: SWAP4 000002a0: SWAP1 000002a1: DUP4 000002a2: ADD 000002a3: DUP3 000002a4: DUP3 000002a5: DUP1 000002a6: ISZERO 000002a7: PUSH2 0x06b7 000002aa: JUMPI 000002ab: DUP1 000002ac: PUSH1 0x1f 000002ae: LT 000002af: PUSH2 0x068c 000002b2: JUMPI 000002b3: PUSH2 0x0100 000002b6: DUP1 000002b7: DUP4 000002b8: SLOAD 000002b9: DIV 000002ba: MUL 000002bb: DUP4 000002bc: MSTORE 000002bd: SWAP2 000002be: PUSH1 0x20 000002c0: ADD 000002c1: SWAP2 000002c2: PUSH2 0x06b7 000002c5: JUMP 000002c6: JUMPDEST 000002c7: PUSH1 0x01 000002c9: PUSH1 0xa0 000002cb: PUSH1 0x02 000002cd: EXP 000002ce: SUB 000002cf: PUSH1 0x04 000002d1: CALLDATALOAD 000002d2: AND 000002d3: PUSH1 0x00 000002d5: SWAP1 000002d6: DUP2 000002d7: MSTORE 000002d8: PUSH1 0x20 000002da: DUP2 000002db: SWAP1 000002dc: MSTORE 000002dd: PUSH1 0x40 000002df: SWAP1 000002e0: KECCAK256 000002e1: SLOAD 000002e2: JUMPDEST 000002e3: PUSH1 0x40 000002e5: DUP1 000002e6: MLOAD 000002e7: SWAP2 000002e8: DUP3 000002e9: MSTORE 000002ea: MLOAD 000002eb: SWAP1 000002ec: DUP2 000002ed: SWAP1 000002ee: SUB 000002ef: PUSH1 0x20 000002f1: ADD 000002f2: SWAP1 000002f3: RETURN 000002f4: JUMPDEST 000002f5: PUSH2 0x05f4 000002f8: PUSH1 0x05 000002fa: DUP1 000002fb: SLOAD 000002fc: PUSH1 0x40 000002fe: DUP1 000002ff: MLOAD 00000300: PUSH1 0x20 00000302: PUSH1 0x02 00000304: PUSH1 0x01 00000306: DUP6 00000307: AND 00000308: ISZERO 00000309: PUSH2 0x0100 0000030c: MUL 0000030d: PUSH1 0x00 0000030f: NOT 00000310: ADD 00000311: SWAP1 00000312: SWAP5 00000313: AND 00000314: SWAP4 00000315: SWAP1 00000316: SWAP4 00000317: DIV 00000318: PUSH1 0x1f 0000031a: DUP2 0000031b: ADD 0000031c: DUP5 0000031d: SWAP1 0000031e: DIV 0000031f: DUP5 00000320: MUL 00000321: DUP3 00000322: ADD 00000323: DUP5 00000324: ADD 00000325: SWAP1 00000326: SWAP3 00000327: MSTORE 00000328: DUP2 00000329: DUP2 0000032a: MSTORE 0000032b: SWAP3 0000032c: SWAP2 0000032d: DUP4 0000032e: ADD 0000032f: DUP3 00000330: DUP3 00000331: DUP1 00000332: ISZERO 00000333: PUSH2 0x06b7 00000336: JUMPI 00000337: DUP1 00000338: PUSH1 0x1f 0000033a: LT 0000033b: PUSH2 0x068c 0000033e: JUMPI 0000033f: PUSH2 0x0100 00000342: DUP1 00000343: DUP4 00000344: SLOAD 00000345: DIV 00000346: MUL 00000347: DUP4 00000348: MSTORE 00000349: SWAP2 0000034a: PUSH1 0x20 0000034c: ADD 0000034d: SWAP2 0000034e: PUSH2 0x06b7 00000351: JUMP 00000352: JUMPDEST 00000353: PUSH2 0x0662 00000356: PUSH1 0x04 00000358: CALLDATALOAD 00000359: PUSH1 0x24 0000035b: CALLDATALOAD 0000035c: CALLER 0000035d: PUSH1 0x01 0000035f: PUSH1 0xa0 00000361: PUSH1 0x02 00000363: EXP 00000364: SUB 00000365: AND 00000366: PUSH1 0x00 00000368: SWAP1 00000369: DUP2 0000036a: MSTORE 0000036b: PUSH1 0x20 0000036d: DUP2 0000036e: SWAP1 0000036f: MSTORE 00000370: PUSH1 0x40 00000372: DUP2 00000373: KECCAK256 00000374: SLOAD 00000375: DUP3 00000376: SWAP1 00000377: LT 00000378: DUP1 00000379: ISZERO 0000037a: SWAP1 0000037b: PUSH2 0x0384 0000037e: JUMPI 0000037f: POP 00000380: PUSH1 0x00 00000382: DUP3 00000383: GT 00000384: JUMPDEST 00000385: ISZERO 00000386: PUSH2 0x06ca 00000389: JUMPI 0000038a: CALLER 0000038b: PUSH1 0x01 0000038d: PUSH1 0xa0 0000038f: PUSH1 0x02 00000391: EXP 00000392: SUB 00000393: SWAP1 00000394: DUP2 00000395: AND 00000396: PUSH1 0x00 00000398: DUP2 00000399: DUP2 0000039a: MSTORE 0000039b: PUSH1 0x20 0000039d: DUP2 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x40 000003a2: DUP1 000003a3: DUP4 000003a4: KECCAK256 000003a5: DUP1 000003a6: SLOAD 000003a7: DUP9 000003a8: SWAP1 000003a9: SUB 000003aa: SWAP1 000003ab: SSTORE 000003ac: SWAP4 000003ad: DUP8 000003ae: AND 000003af: DUP1 000003b0: DUP4 000003b1: MSTORE 000003b2: SWAP2 000003b3: DUP5 000003b4: SWAP1 000003b5: KECCAK256 000003b6: DUP1 000003b7: SLOAD 000003b8: DUP8 000003b9: ADD 000003ba: SWAP1 000003bb: SSTORE 000003bc: DUP4 000003bd: MLOAD 000003be: DUP7 000003bf: DUP2 000003c0: MSTORE 000003c1: SWAP4 000003c2: MLOAD 000003c3: SWAP2 000003c4: SWAP4 000003c5: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000003e6: SWAP3 000003e7: SWAP1 000003e8: DUP2 000003e9: SWAP1 000003ea: SUB 000003eb: SWAP1 000003ec: SWAP2 000003ed: ADD 000003ee: SWAP1 000003ef: LOG3 000003f0: POP 000003f1: PUSH1 0x01 000003f3: PUSH2 0x0162 000003f6: JUMP 000003f7: JUMPDEST 000003f8: PUSH1 0x40 000003fa: DUP1 000003fb: MLOAD 000003fc: PUSH1 0x20 000003fe: PUSH1 0x44 00000400: CALLDATALOAD 00000401: PUSH1 0x04 00000403: DUP2 00000404: DUP2 00000405: ADD 00000406: CALLDATALOAD 00000407: PUSH1 0x1f 00000409: DUP2 0000040a: ADD 0000040b: DUP5 0000040c: SWAP1 0000040d: DIV 0000040e: DUP5 0000040f: MUL 00000410: DUP6 00000411: ADD 00000412: DUP5 00000413: ADD 00000414: SWAP1 00000415: SWAP6 00000416: MSTORE 00000417: DUP5 00000418: DUP5 00000419: MSTORE 0000041a: PUSH2 0x0662 0000041d: SWAP5 0000041e: DUP2 0000041f: CALLDATALOAD 00000420: SWAP5 00000421: PUSH1 0x24 00000423: DUP1 00000424: CALLDATALOAD 00000425: SWAP6 00000426: SWAP4 00000427: SWAP5 00000428: PUSH1 0x64 0000042a: SWAP5 0000042b: SWAP3 0000042c: SWAP4 0000042d: SWAP2 0000042e: ADD 0000042f: SWAP2 00000430: DUP2 00000431: SWAP1 00000432: DUP5 00000433: ADD 00000434: DUP4 00000435: DUP3 00000436: DUP1 00000437: DUP3 00000438: DUP5 00000439: CALLDATACOPY 0000043a: POP 0000043b: SWAP5 0000043c: SWAP7 0000043d: POP 0000043e: POP 0000043f: POP 00000440: POP 00000441: POP 00000442: POP 00000443: POP 00000444: CALLER 00000445: PUSH1 0x01 00000447: PUSH1 0xa0 00000449: PUSH1 0x02 0000044b: EXP 0000044c: SUB 0000044d: SWAP1 0000044e: DUP2 0000044f: AND 00000450: PUSH1 0x00 00000452: DUP2 00000453: DUP2 00000454: MSTORE 00000455: PUSH1 0x01 00000457: PUSH1 0x20 00000459: SWAP1 0000045a: DUP2 0000045b: MSTORE 0000045c: PUSH1 0x40 0000045e: DUP1 0000045f: DUP4 00000460: KECCAK256 00000461: SWAP5 00000462: DUP9 00000463: AND 00000464: DUP1 00000465: DUP5 00000466: MSTORE 00000467: SWAP5 00000468: DUP3 00000469: MSTORE 0000046a: DUP1 0000046b: DUP4 0000046c: KECCAK256 0000046d: DUP8 0000046e: SWAP1 0000046f: SSTORE 00000470: DUP1 00000471: MLOAD 00000472: DUP8 00000473: DUP2 00000474: MSTORE 00000475: SWAP1 00000476: MLOAD 00000477: SWAP3 00000478: SWAP5 00000479: SWAP4 0000047a: SWAP3 0000047b: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925 0000049c: SWAP3 0000049d: SWAP2 0000049e: DUP2 0000049f: SWAP1 000004a0: SUB 000004a1: SWAP1 000004a2: SWAP2 000004a3: ADD 000004a4: SWAP1 000004a5: LOG3 000004a6: DUP4 000004a7: PUSH1 0x01 000004a9: PUSH1 0xa0 000004ab: PUSH1 0x02 000004ad: EXP 000004ae: SUB 000004af: AND 000004b0: PUSH1 0x40 000004b2: MLOAD 000004b3: DUP1 000004b4: DUP1 000004b5: PUSH32 0x72656365697665417070726f76616c28616464726573732c75696e743235362c 000004d6: DUP2 000004d7: MSTORE 000004d8: PUSH1 0x20 000004da: ADD 000004db: PUSH32 0x616464726573732c627974657329000000000000000000000000000000000000 000004fc: DUP2 000004fd: MSTORE 000004fe: PUSH1 0x20 00000500: ADD 00000501: POP 00000502: PUSH1 0x2e 00000504: ADD 00000505: SWAP1 00000506: POP 00000507: PUSH1 0x40 00000509: MLOAD 0000050a: DUP1 0000050b: SWAP2 0000050c: SUB 0000050d: SWAP1 0000050e: KECCAK256 0000050f: PUSH1 0xe0 00000511: PUSH1 0x02 00000513: EXP 00000514: SWAP1 00000515: DIV 00000516: CALLER 00000517: DUP6 00000518: ADDRESS 00000519: DUP7 0000051a: PUSH1 0x40 0000051c: MLOAD 0000051d: DUP6 0000051e: PUSH1 0xe0 00000520: PUSH1 0x02 00000522: EXP 00000523: MUL 00000524: DUP2 00000525: MSTORE 00000526: PUSH1 0x04 00000528: ADD 00000529: DUP1 0000052a: DUP6 0000052b: PUSH1 0x01 0000052d: PUSH1 0xa0 0000052f: PUSH1 0x02 00000531: EXP 00000532: SUB 00000533: AND 00000534: DUP2 00000535: MSTORE 00000536: PUSH1 0x20 00000538: ADD 00000539: DUP5 0000053a: DUP2 0000053b: MSTORE 0000053c: PUSH1 0x20 0000053e: ADD 0000053f: DUP4 00000540: PUSH1 0x01 00000542: PUSH1 0xa0 00000544: PUSH1 0x02 00000546: EXP 00000547: SUB 00000548: AND 00000549: DUP2 0000054a: MSTORE 0000054b: PUSH1 0x20 0000054d: ADD 0000054e: DUP3 0000054f: DUP1 00000550: MLOAD 00000551: SWAP1 00000552: PUSH1 0x20 00000554: ADD 00000555: SWAP1 00000556: DUP1 00000557: DUP4 00000558: DUP4 00000559: DUP3 0000055a: SWAP1 0000055b: PUSH1 0x00 0000055d: PUSH1 0x04 0000055f: PUSH1 0x20 00000561: DUP5 00000562: PUSH1 0x1f 00000564: ADD 00000565: DIV 00000566: PUSH1 0x03 00000568: MUL 00000569: PUSH1 0x0f 0000056b: ADD 0000056c: CALL 0000056d: POP 0000056e: SWAP1 0000056f: POP 00000570: SWAP1 00000571: DUP2 00000572: ADD 00000573: SWAP1 00000574: PUSH1 0x1f 00000576: AND 00000577: DUP1 00000578: ISZERO 00000579: PUSH2 0x0596 0000057c: JUMPI 0000057d: DUP1 0000057e: DUP3 0000057f: SUB 00000580: DUP1 00000581: MLOAD 00000582: PUSH1 0x01 00000584: DUP4 00000585: PUSH1 0x20 00000587: SUB 00000588: PUSH2 0x0100 0000058b: EXP 0000058c: SUB 0000058d: NOT 0000058e: AND 0000058f: DUP2 00000590: MSTORE 00000591: PUSH1 0x20 00000593: ADD 00000594: SWAP2 00000595: POP 00000596: JUMPDEST 00000597: POP 00000598: SWAP5 00000599: POP 0000059a: POP 0000059b: POP 0000059c: POP 0000059d: POP 0000059e: PUSH1 0x00 000005a0: PUSH1 0x40 000005a2: MLOAD 000005a3: DUP1 000005a4: DUP4 000005a5: SUB 000005a6: DUP2 000005a7: PUSH1 0x00 000005a9: DUP8 000005aa: PUSH2 0x61da 000005ad: GAS 000005ae: SUB 000005af: CALL 000005b0: SWAP3 000005b1: POP 000005b2: POP 000005b3: POP 000005b4: ISZERO 000005b5: ISZERO 000005b6: PUSH2 0x06d2 000005b9: JUMPI 000005ba: PUSH2 0x0002 000005bd: JUMP 000005be: JUMPDEST 000005bf: PUSH2 0x02e2 000005c2: PUSH1 0x04 000005c4: CALLDATALOAD 000005c5: PUSH1 0x24 000005c7: CALLDATALOAD 000005c8: PUSH1 0x01 000005ca: PUSH1 0xa0 000005cc: PUSH1 0x02 000005ce: EXP 000005cf: SUB 000005d0: DUP3 000005d1: DUP2 000005d2: AND 000005d3: PUSH1 0x00 000005d5: SWAP1 000005d6: DUP2 000005d7: MSTORE 000005d8: PUSH1 0x01 000005da: PUSH1 0x20 000005dc: SWAP1 000005dd: DUP2 000005de: MSTORE 000005df: PUSH1 0x40 000005e1: DUP1 000005e2: DUP4 000005e3: KECCAK256 000005e4: SWAP4 000005e5: DUP6 000005e6: AND 000005e7: DUP4 000005e8: MSTORE 000005e9: SWAP3 000005ea: SWAP1 000005eb: MSTORE 000005ec: KECCAK256 000005ed: SLOAD 000005ee: PUSH2 0x0162 000005f1: JUMP 000005f2: JUMPDEST 000005f3: STOP 000005f4: JUMPDEST 000005f5: PUSH1 0x40 000005f7: MLOAD 000005f8: DUP1 000005f9: DUP1 000005fa: PUSH1 0x20 000005fc: ADD 000005fd: DUP3 000005fe: DUP2 000005ff: SUB 00000600: DUP3 00000601: MSTORE 00000602: DUP4 00000603: DUP2 00000604: DUP2 00000605: MLOAD 00000606: DUP2 00000607: MSTORE 00000608: PUSH1 0x20 0000060a: ADD 0000060b: SWAP2 0000060c: POP 0000060d: DUP1 0000060e: MLOAD 0000060f: SWAP1 00000610: PUSH1 0x20 00000612: ADD 00000613: SWAP1 00000614: DUP1 00000615: DUP4 00000616: DUP4 00000617: DUP3 00000618: SWAP1 00000619: PUSH1 0x00 0000061b: PUSH1 0x04 0000061d: PUSH1 0x20 0000061f: DUP5 00000620: PUSH1 0x1f 00000622: ADD 00000623: DIV 00000624: PUSH1 0x03 00000626: MUL 00000627: PUSH1 0x0f 00000629: ADD 0000062a: CALL 0000062b: POP 0000062c: SWAP1 0000062d: POP 0000062e: SWAP1 0000062f: DUP2 00000630: ADD 00000631: SWAP1 00000632: PUSH1 0x1f 00000634: AND 00000635: DUP1 00000636: ISZERO 00000637: PUSH2 0x0654 0000063a: JUMPI 0000063b: DUP1 0000063c: DUP3 0000063d: SUB 0000063e: DUP1 0000063f: MLOAD 00000640: PUSH1 0x01 00000642: DUP4 00000643: PUSH1 0x20 00000645: SUB 00000646: PUSH2 0x0100 00000649: EXP 0000064a: SUB 0000064b: NOT 0000064c: AND 0000064d: DUP2 0000064e: MSTORE 0000064f: PUSH1 0x20 00000651: ADD 00000652: SWAP2 00000653: POP 00000654: JUMPDEST 00000655: POP 00000656: SWAP3 00000657: POP 00000658: POP 00000659: POP 0000065a: PUSH1 0x40 0000065c: MLOAD 0000065d: DUP1 0000065e: SWAP2 0000065f: SUB 00000660: SWAP1 00000661: RETURN 00000662: JUMPDEST 00000663: PUSH1 0x40 00000665: DUP1 00000666: MLOAD 00000667: SWAP2 00000668: ISZERO 00000669: ISZERO 0000066a: DUP3 0000066b: MSTORE 0000066c: MLOAD 0000066d: SWAP1 0000066e: DUP2 0000066f: SWAP1 00000670: SUB 00000671: PUSH1 0x20 00000673: ADD 00000674: SWAP1 00000675: RETURN 00000676: JUMPDEST 00000677: PUSH1 0x40 00000679: DUP1 0000067a: MLOAD 0000067b: PUSH1 0xff 0000067d: SWAP1 0000067e: SWAP3 0000067f: AND 00000680: DUP3 00000681: MSTORE 00000682: MLOAD 00000683: SWAP1 00000684: DUP2 00000685: SWAP1 00000686: SUB 00000687: PUSH1 0x20 00000689: ADD 0000068a: SWAP1 0000068b: RETURN 0000068c: JUMPDEST 0000068d: DUP3 0000068e: ADD 0000068f: SWAP2 00000690: SWAP1 00000691: PUSH1 0x00 00000693: MSTORE 00000694: PUSH1 0x20 00000696: PUSH1 0x00 00000698: KECCAK256 00000699: SWAP1 0000069a: JUMPDEST 0000069b: DUP2 0000069c: SLOAD 0000069d: DUP2 0000069e: MSTORE 0000069f: SWAP1 000006a0: PUSH1 0x01 000006a2: ADD 000006a3: SWAP1 000006a4: PUSH1 0x20 000006a6: ADD 000006a7: DUP1 000006a8: DUP4 000006a9: GT 000006aa: PUSH2 0x069a 000006ad: JUMPI 000006ae: DUP3 000006af: SWAP1 000006b0: SUB 000006b1: PUSH1 0x1f 000006b3: AND 000006b4: DUP3 000006b5: ADD 000006b6: SWAP2 000006b7: JUMPDEST 000006b8: POP 000006b9: POP 000006ba: POP 000006bb: POP 000006bc: POP 000006bd: DUP2 000006be: JUMP 000006bf: JUMPDEST 000006c0: POP 000006c1: PUSH1 0x00 000006c3: JUMPDEST 000006c4: SWAP4 000006c5: SWAP3 000006c6: POP 000006c7: POP 000006c8: POP 000006c9: JUMP 000006ca: JUMPDEST 000006cb: POP 000006cc: PUSH1 0x00 000006ce: PUSH2 0x0162 000006d1: JUMP 000006d2: JUMPDEST 000006d3: POP 000006d4: PUSH1 0x01 000006d6: PUSH2 0x06c3 000006d9: JUMP
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x06879103f5bedec3b1c9e9bc59e5e2657885ed1348e6b052faffdf32190b72b2
call_targets:
0x0000000000000000000000000000000000000004, 0xd8912c10681d8b21fd3742244f44658dba12264e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x06879103f5bedec3b1c9e9bc59e5e2657885ed1348e6b052faffdf32190b72b2",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xd8912c10681d8b21fd3742244f44658dba12264e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x095ea7b3",
"selector": "0x095ea7b3",
"calldata_variants": [
"0x095ea7b3",
"0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1388,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1455,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1578,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x06879103f5bedec3b1c9e9bc59e5e2657885ed1348e6b052faffdf32190b72b2
call_targets:
0x0000000000000000000000000000000000000004, 0xd8912c10681d8b21fd3742244f44658dba12264e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x06879103f5bedec3b1c9e9bc59e5e2657885ed1348e6b052faffdf32190b72b2",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xd8912c10681d8b21fd3742244f44658dba12264e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x095ea7b3",
"selector": "0x095ea7b3",
"calldata_variants": [
"0x095ea7b3",
"0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1388,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1455,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1578,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|