TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-5b6a-71c0-b3a7-d3370ce71968

complete
Chain ID
1
Address
0xd66446c10959da460dc06a4106695b38ec5be589
Block Number
Created
Fri, Dec 19, 2025 8:04 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
9045 artifact.fetch complete 1 / 3 3 months ago
9046 tool.cast_disasm complete 1 / 3 3 months ago
52364 analysis.bundle complete 1 / 3 1 week ago
52365 capability.graph complete 1 / 3 1 week ago
52366 detector.run complete 1 / 3 1 week ago
52367 validation.fork complete 1 / 3 1 week ago
113405 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-k7ffspp_
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c92-ea05-7310-b2dc-518a2e6b5855
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:37:07.113380+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2924,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
6
EXT*/BALANCE
1
Total opcodes
1153
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0056
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x2c854a1a
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0058
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x41c0e1b5
00000025: EQ
00000026: PUSH2 0x00fe
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x824d0227
00000030: EQ
00000031: PUSH2 0x011b
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0xe3ac064a
0000003b: EQ
0000003c: PUSH2 0x0229
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0xe3ffc9a3
00000046: EQ
00000047: PUSH2 0x02ce
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xf6a0576d
00000051: EQ
00000052: PUSH2 0x02ed
00000055: JUMPI
00000056: JUMPDEST
00000057: STOP
00000058: JUMPDEST
00000059: PUSH2 0x0390
0000005c: PUSH1 0x04
0000005e: DUP1
0000005f: DUP1
00000060: CALLDATALOAD
00000061: SWAP1
00000062: PUSH1 0x20
00000064: ADD
00000065: SWAP1
00000066: DUP3
00000067: ADD
00000068: DUP1
00000069: CALLDATALOAD
0000006a: SWAP1
0000006b: PUSH1 0x20
0000006d: ADD
0000006e: SWAP2
0000006f: SWAP2
00000070: SWAP1
00000071: DUP1
00000072: DUP1
00000073: PUSH1 0x1f
00000075: ADD
00000076: PUSH1 0x20
00000078: DUP1
00000079: SWAP2
0000007a: DIV
0000007b: MUL
0000007c: PUSH1 0x20
0000007e: ADD
0000007f: PUSH1 0x40
00000081: MLOAD
00000082: SWAP1
00000083: DUP2
00000084: ADD
00000085: PUSH1 0x40
00000087: MSTORE
00000088: DUP1
00000089: SWAP4
0000008a: SWAP3
0000008b: SWAP2
0000008c: SWAP1
0000008d: DUP2
0000008e: DUP2
0000008f: MSTORE
00000090: PUSH1 0x20
00000092: ADD
00000093: DUP4
00000094: DUP4
00000095: DUP1
00000096: DUP3
00000097: DUP5
00000098: CALLDATACOPY
00000099: POP
0000009a: SWAP5
0000009b: SWAP7
0000009c: POP
0000009d: POP
0000009e: POP
0000009f: POP
000000a0: POP
000000a1: POP
000000a2: POP
000000a3: PUSH1 0x00
000000a5: PUSH1 0x01
000000a7: PUSH1 0x00
000000a9: POP
000000aa: DUP3
000000ab: PUSH1 0x40
000000ad: MLOAD
000000ae: DUP1
000000af: DUP3
000000b0: DUP1
000000b1: MLOAD
000000b2: SWAP1
000000b3: PUSH1 0x20
000000b5: ADD
000000b6: SWAP1
000000b7: DUP1
000000b8: DUP4
000000b9: DUP4
000000ba: DUP3
000000bb: SWAP1
000000bc: PUSH1 0x00
000000be: PUSH1 0x04
000000c0: PUSH1 0x20
000000c2: DUP5
000000c3: PUSH1 0x1f
000000c5: ADD
000000c6: DIV
000000c7: PUSH1 0x0f
000000c9: MUL
000000ca: PUSH1 0x03
000000cc: ADD
000000cd: CALL
000000ce: POP
000000cf: SWAP1
000000d0: POP
000000d1: ADD
000000d2: SWAP2
000000d3: POP
000000d4: POP
000000d5: SWAP1
000000d6: DUP2
000000d7: MSTORE
000000d8: PUSH1 0x20
000000da: ADD
000000db: PUSH1 0x40
000000dd: MLOAD
000000de: DUP1
000000df: SWAP2
000000e0: SUB
000000e1: SWAP1
000000e2: KECCAK256
000000e3: PUSH1 0x00
000000e5: POP
000000e6: PUSH1 0x01
000000e8: ADD
000000e9: PUSH1 0x00
000000eb: SWAP1
000000ec: SLOAD
000000ed: SWAP1
000000ee: PUSH2 0x0100
000000f1: EXP
000000f2: SWAP1
000000f3: DIV
000000f4: PUSH1 0xff
000000f6: AND
000000f7: SWAP1
000000f8: POP
000000f9: JUMPDEST
000000fa: SWAP2
000000fb: SWAP1
000000fc: POP
000000fd: JUMP
000000fe: JUMPDEST
000000ff: PUSH2 0x0056
00000102: PUSH1 0x00
00000104: SLOAD
00000105: PUSH1 0x01
00000107: PUSH1 0xa0
00000109: PUSH1 0x02
0000010b: EXP
0000010c: SUB
0000010d: SWAP1
0000010e: DUP2
0000010f: AND
00000110: CALLER
00000111: SWAP1
00000112: SWAP2
00000113: AND
00000114: EQ
00000115: PUSH2 0x0412
00000118: JUMPI
00000119: JUMPDEST
0000011a: JUMP
0000011b: JUMPDEST
0000011c: PUSH2 0x03a4
0000011f: PUSH1 0x04
00000121: DUP1
00000122: DUP1
00000123: CALLDATALOAD
00000124: SWAP1
00000125: PUSH1 0x20
00000127: ADD
00000128: SWAP1
00000129: DUP3
0000012a: ADD
0000012b: DUP1
0000012c: CALLDATALOAD
0000012d: SWAP1
0000012e: PUSH1 0x20
00000130: ADD
00000131: SWAP2
00000132: SWAP2
00000133: SWAP1
00000134: DUP1
00000135: DUP1
00000136: PUSH1 0x1f
00000138: ADD
00000139: PUSH1 0x20
0000013b: DUP1
0000013c: SWAP2
0000013d: DIV
0000013e: MUL
0000013f: PUSH1 0x20
00000141: ADD
00000142: PUSH1 0x40
00000144: MLOAD
00000145: SWAP1
00000146: DUP2
00000147: ADD
00000148: PUSH1 0x40
0000014a: MSTORE
0000014b: DUP1
0000014c: SWAP4
0000014d: SWAP3
0000014e: SWAP2
0000014f: SWAP1
00000150: DUP2
00000151: DUP2
00000152: MSTORE
00000153: PUSH1 0x20
00000155: ADD
00000156: DUP4
00000157: DUP4
00000158: DUP1
00000159: DUP3
0000015a: DUP5
0000015b: CALLDATACOPY
0000015c: POP
0000015d: SWAP5
0000015e: SWAP7
0000015f: POP
00000160: POP
00000161: POP
00000162: POP
00000163: POP
00000164: POP
00000165: POP
00000166: PUSH1 0x20
00000168: PUSH1 0x40
0000016a: MLOAD
0000016b: SWAP1
0000016c: DUP2
0000016d: ADD
0000016e: PUSH1 0x40
00000170: MSTORE
00000171: DUP1
00000172: PUSH1 0x00
00000174: DUP2
00000175: MSTORE
00000176: PUSH1 0x20
00000178: ADD
00000179: POP
0000017a: PUSH1 0x01
0000017c: PUSH1 0x00
0000017e: POP
0000017f: DUP3
00000180: PUSH1 0x40
00000182: MLOAD
00000183: DUP1
00000184: DUP3
00000185: DUP1
00000186: MLOAD
00000187: SWAP1
00000188: PUSH1 0x20
0000018a: ADD
0000018b: SWAP1
0000018c: DUP1
0000018d: DUP4
0000018e: DUP4
0000018f: DUP3
00000190: SWAP1
00000191: PUSH1 0x00
00000193: PUSH1 0x04
00000195: PUSH1 0x20
00000197: DUP5
00000198: PUSH1 0x1f
0000019a: ADD
0000019b: DIV
0000019c: PUSH1 0x0f
0000019e: MUL
0000019f: PUSH1 0x03
000001a1: ADD
000001a2: CALL
000001a3: POP
000001a4: SWAP1
000001a5: POP
000001a6: ADD
000001a7: SWAP2
000001a8: POP
000001a9: POP
000001aa: SWAP1
000001ab: DUP2
000001ac: MSTORE
000001ad: PUSH1 0x20
000001af: ADD
000001b0: PUSH1 0x40
000001b2: MLOAD
000001b3: DUP1
000001b4: SWAP2
000001b5: SUB
000001b6: SWAP1
000001b7: KECCAK256
000001b8: PUSH1 0x00
000001ba: POP
000001bb: PUSH1 0x00
000001bd: ADD
000001be: PUSH1 0x00
000001c0: POP
000001c1: DUP1
000001c2: SLOAD
000001c3: PUSH1 0x01
000001c5: DUP2
000001c6: PUSH1 0x01
000001c8: AND
000001c9: ISZERO
000001ca: PUSH2 0x0100
000001cd: MUL
000001ce: SUB
000001cf: AND
000001d0: PUSH1 0x02
000001d2: SWAP1
000001d3: DIV
000001d4: DUP1
000001d5: PUSH1 0x1f
000001d7: ADD
000001d8: PUSH1 0x20
000001da: DUP1
000001db: SWAP2
000001dc: DIV
000001dd: MUL
000001de: PUSH1 0x20
000001e0: ADD
000001e1: PUSH1 0x40
000001e3: MLOAD
000001e4: SWAP1
000001e5: DUP2
000001e6: ADD
000001e7: PUSH1 0x40
000001e9: MSTORE
000001ea: DUP1
000001eb: SWAP3
000001ec: SWAP2
000001ed: SWAP1
000001ee: DUP2
000001ef: DUP2
000001f0: MSTORE
000001f1: PUSH1 0x20
000001f3: ADD
000001f4: DUP3
000001f5: DUP1
000001f6: SLOAD
000001f7: PUSH1 0x01
000001f9: DUP2
000001fa: PUSH1 0x01
000001fc: AND
000001fd: ISZERO
000001fe: PUSH2 0x0100
00000201: MUL
00000202: SUB
00000203: AND
00000204: PUSH1 0x02
00000206: SWAP1
00000207: DIV
00000208: DUP1
00000209: ISZERO
0000020a: PUSH2 0x044b
0000020d: JUMPI
0000020e: DUP1
0000020f: PUSH1 0x1f
00000211: LT
00000212: PUSH2 0x0420
00000215: JUMPI
00000216: PUSH2 0x0100
00000219: DUP1
0000021a: DUP4
0000021b: SLOAD
0000021c: DIV
0000021d: MUL
0000021e: DUP4
0000021f: MSTORE
00000220: SWAP2
00000221: PUSH1 0x20
00000223: ADD
00000224: SWAP2
00000225: PUSH2 0x044b
00000228: JUMP
00000229: JUMPDEST
0000022a: PUSH2 0x0390
0000022d: PUSH1 0x04
0000022f: DUP1
00000230: DUP1
00000231: CALLDATALOAD
00000232: SWAP1
00000233: PUSH1 0x20
00000235: ADD
00000236: SWAP1
00000237: DUP3
00000238: ADD
00000239: DUP1
0000023a: CALLDATALOAD
0000023b: SWAP1
0000023c: PUSH1 0x20
0000023e: ADD
0000023f: SWAP2
00000240: SWAP2
00000241: SWAP1
00000242: DUP1
00000243: DUP1
00000244: PUSH1 0x1f
00000246: ADD
00000247: PUSH1 0x20
00000249: DUP1
0000024a: SWAP2
0000024b: DIV
0000024c: MUL
0000024d: PUSH1 0x20
0000024f: ADD
00000250: PUSH1 0x40
00000252: MLOAD
00000253: SWAP1
00000254: DUP2
00000255: ADD
00000256: PUSH1 0x40
00000258: MSTORE
00000259: DUP1
0000025a: SWAP4
0000025b: SWAP3
0000025c: SWAP2
0000025d: SWAP1
0000025e: DUP2
0000025f: DUP2
00000260: MSTORE
00000261: PUSH1 0x20
00000263: ADD
00000264: DUP4
00000265: DUP4
00000266: DUP1
00000267: DUP3
00000268: DUP5
00000269: CALLDATACOPY
0000026a: POP
0000026b: SWAP5
0000026c: SWAP7
0000026d: POP
0000026e: POP
0000026f: POP
00000270: POP
00000271: POP
00000272: POP
00000273: POP
00000274: PUSH1 0x00
00000276: PUSH1 0x01
00000278: PUSH1 0x00
0000027a: POP
0000027b: DUP3
0000027c: PUSH1 0x40
0000027e: MLOAD
0000027f: DUP1
00000280: DUP3
00000281: DUP1
00000282: MLOAD
00000283: SWAP1
00000284: PUSH1 0x20
00000286: ADD
00000287: SWAP1
00000288: DUP1
00000289: DUP4
0000028a: DUP4
0000028b: DUP3
0000028c: SWAP1
0000028d: PUSH1 0x00
0000028f: PUSH1 0x04
00000291: PUSH1 0x20
00000293: DUP5
00000294: PUSH1 0x1f
00000296: ADD
00000297: DIV
00000298: PUSH1 0x0f
0000029a: MUL
0000029b: PUSH1 0x03
0000029d: ADD
0000029e: CALL
0000029f: POP
000002a0: SWAP1
000002a1: POP
000002a2: ADD
000002a3: SWAP2
000002a4: POP
000002a5: POP
000002a6: SWAP1
000002a7: DUP2
000002a8: MSTORE
000002a9: PUSH1 0x20
000002ab: ADD
000002ac: PUSH1 0x40
000002ae: MLOAD
000002af: DUP1
000002b0: SWAP2
000002b1: SUB
000002b2: SWAP1
000002b3: KECCAK256
000002b4: PUSH1 0x00
000002b6: POP
000002b7: PUSH1 0x01
000002b9: ADD
000002ba: PUSH1 0x01
000002bc: SWAP1
000002bd: SLOAD
000002be: SWAP1
000002bf: PUSH2 0x0100
000002c2: EXP
000002c3: SWAP1
000002c4: DIV
000002c5: PUSH1 0xff
000002c7: AND
000002c8: SWAP1
000002c9: POP
000002ca: PUSH2 0x00f9
000002cd: JUMP
000002ce: JUMPDEST
000002cf: PUSH2 0x0056
000002d2: PUSH1 0x00
000002d4: SLOAD
000002d5: PUSH1 0x01
000002d7: PUSH1 0xa0
000002d9: PUSH1 0x02
000002db: EXP
000002dc: SUB
000002dd: SWAP1
000002de: DUP2
000002df: AND
000002e0: CALLER
000002e1: SWAP1
000002e2: SWAP2
000002e3: AND
000002e4: EQ
000002e5: PUSH2 0x0457
000002e8: JUMPI
000002e9: PUSH2 0x0119
000002ec: JUMP
000002ed: JUMPDEST
000002ee: PUSH2 0x0056
000002f1: PUSH1 0x04
000002f3: DUP1
000002f4: DUP1
000002f5: CALLDATALOAD
000002f6: SWAP1
000002f7: PUSH1 0x20
000002f9: ADD
000002fa: SWAP1
000002fb: DUP3
000002fc: ADD
000002fd: DUP1
000002fe: CALLDATALOAD
000002ff: SWAP1
00000300: PUSH1 0x20
00000302: ADD
00000303: SWAP2
00000304: SWAP2
00000305: SWAP1
00000306: DUP1
00000307: DUP1
00000308: PUSH1 0x1f
0000030a: ADD
0000030b: PUSH1 0x20
0000030d: DUP1
0000030e: SWAP2
0000030f: DIV
00000310: MUL
00000311: PUSH1 0x20
00000313: ADD
00000314: PUSH1 0x40
00000316: MLOAD
00000317: SWAP1
00000318: DUP2
00000319: ADD
0000031a: PUSH1 0x40
0000031c: MSTORE
0000031d: DUP1
0000031e: SWAP4
0000031f: SWAP3
00000320: SWAP2
00000321: SWAP1
00000322: DUP2
00000323: DUP2
00000324: MSTORE
00000325: PUSH1 0x20
00000327: ADD
00000328: DUP4
00000329: DUP4
0000032a: DUP1
0000032b: DUP3
0000032c: DUP5
0000032d: CALLDATACOPY
0000032e: POP
0000032f: POP
00000330: PUSH1 0x40
00000332: DUP1
00000333: MLOAD
00000334: PUSH1 0x20
00000336: DUP9
00000337: CALLDATALOAD
00000338: DUP1
00000339: DUP12
0000033a: ADD
0000033b: CALLDATALOAD
0000033c: PUSH1 0x1f
0000033e: DUP2
0000033f: ADD
00000340: DUP4
00000341: SWAP1
00000342: DIV
00000343: DUP4
00000344: MUL
00000345: DUP5
00000346: ADD
00000347: DUP4
00000348: ADD
00000349: SWAP1
0000034a: SWAP5
0000034b: MSTORE
0000034c: DUP4
0000034d: DUP4
0000034e: MSTORE
0000034f: SWAP8
00000350: SWAP10
00000351: SWAP9
00000352: PUSH1 0x44
00000354: SWAP9
00000355: SWAP3
00000356: SWAP8
00000357: POP
00000358: SWAP2
00000359: SWAP1
0000035a: SWAP2
0000035b: ADD
0000035c: SWAP5
0000035d: POP
0000035e: SWAP1
0000035f: SWAP3
00000360: POP
00000361: DUP3
00000362: SWAP2
00000363: POP
00000364: DUP5
00000365: ADD
00000366: DUP4
00000367: DUP3
00000368: DUP1
00000369: DUP3
0000036a: DUP5
0000036b: CALLDATACOPY
0000036c: POP
0000036d: SWAP5
0000036e: SWAP7
0000036f: POP
00000370: POP
00000371: POP
00000372: POP
00000373: POP
00000374: POP
00000375: POP
00000376: PUSH1 0x00
00000378: SLOAD
00000379: CALLER
0000037a: PUSH1 0x01
0000037c: PUSH1 0xa0
0000037e: PUSH1 0x02
00000380: EXP
00000381: SUB
00000382: SWAP1
00000383: DUP2
00000384: AND
00000385: SWAP2
00000386: AND
00000387: EQ
00000388: PUSH2 0x04b2
0000038b: JUMPI
0000038c: PUSH2 0x04ae
0000038f: JUMP
00000390: JUMPDEST
00000391: PUSH1 0x40
00000393: DUP1
00000394: MLOAD
00000395: SWAP2
00000396: ISZERO
00000397: ISZERO
00000398: DUP3
00000399: MSTORE
0000039a: MLOAD
0000039b: SWAP1
0000039c: DUP2
0000039d: SWAP1
0000039e: SUB
0000039f: PUSH1 0x20
000003a1: ADD
000003a2: SWAP1
000003a3: RETURN
000003a4: JUMPDEST
000003a5: PUSH1 0x40
000003a7: MLOAD
000003a8: DUP1
000003a9: DUP1
000003aa: PUSH1 0x20
000003ac: ADD
000003ad: DUP3
000003ae: DUP2
000003af: SUB
000003b0: DUP3
000003b1: MSTORE
000003b2: DUP4
000003b3: DUP2
000003b4: DUP2
000003b5: MLOAD
000003b6: DUP2
000003b7: MSTORE
000003b8: PUSH1 0x20
000003ba: ADD
000003bb: SWAP2
000003bc: POP
000003bd: DUP1
000003be: MLOAD
000003bf: SWAP1
000003c0: PUSH1 0x20
000003c2: ADD
000003c3: SWAP1
000003c4: DUP1
000003c5: DUP4
000003c6: DUP4
000003c7: DUP3
000003c8: SWAP1
000003c9: PUSH1 0x00
000003cb: PUSH1 0x04
000003cd: PUSH1 0x20
000003cf: DUP5
000003d0: PUSH1 0x1f
000003d2: ADD
000003d3: DIV
000003d4: PUSH1 0x0f
000003d6: MUL
000003d7: PUSH1 0x03
000003d9: ADD
000003da: CALL
000003db: POP
000003dc: SWAP1
000003dd: POP
000003de: SWAP1
000003df: DUP2
000003e0: ADD
000003e1: SWAP1
000003e2: PUSH1 0x1f
000003e4: AND
000003e5: DUP1
000003e6: ISZERO
000003e7: PUSH2 0x0404
000003ea: JUMPI
000003eb: DUP1
000003ec: DUP3
000003ed: SUB
000003ee: DUP1
000003ef: MLOAD
000003f0: PUSH1 0x01
000003f2: DUP4
000003f3: PUSH1 0x20
000003f5: SUB
000003f6: PUSH2 0x0100
000003f9: EXP
000003fa: SUB
000003fb: NOT
000003fc: AND
000003fd: DUP2
000003fe: MSTORE
000003ff: PUSH1 0x20
00000401: ADD
00000402: SWAP2
00000403: POP
00000404: JUMPDEST
00000405: POP
00000406: SWAP3
00000407: POP
00000408: POP
00000409: POP
0000040a: PUSH1 0x40
0000040c: MLOAD
0000040d: DUP1
0000040e: SWAP2
0000040f: SUB
00000410: SWAP1
00000411: RETURN
00000412: JUMPDEST
00000413: PUSH1 0x00
00000415: SLOAD
00000416: PUSH1 0x01
00000418: PUSH1 0xa0
0000041a: PUSH1 0x02
0000041c: EXP
0000041d: SUB
0000041e: AND
0000041f: SELFDESTRUCT
00000420: JUMPDEST
00000421: DUP3
00000422: ADD
00000423: SWAP2
00000424: SWAP1
00000425: PUSH1 0x00
00000427: MSTORE
00000428: PUSH1 0x20
0000042a: PUSH1 0x00
0000042c: KECCAK256
0000042d: SWAP1
0000042e: JUMPDEST
0000042f: DUP2
00000430: SLOAD
00000431: DUP2
00000432: MSTORE
00000433: SWAP1
00000434: PUSH1 0x01
00000436: ADD
00000437: SWAP1
00000438: PUSH1 0x20
0000043a: ADD
0000043b: DUP1
0000043c: DUP4
0000043d: GT
0000043e: PUSH2 0x042e
00000441: JUMPI
00000442: DUP3
00000443: SWAP1
00000444: SUB
00000445: PUSH1 0x1f
00000447: AND
00000448: DUP3
00000449: ADD
0000044a: SWAP2
0000044b: JUMPDEST
0000044c: POP
0000044d: POP
0000044e: POP
0000044f: POP
00000450: POP
00000451: SWAP1
00000452: POP
00000453: PUSH2 0x00f9
00000456: JUMP
00000457: JUMPDEST
00000458: PUSH1 0x00
0000045a: DUP1
0000045b: SLOAD
0000045c: PUSH1 0x40
0000045e: MLOAD
0000045f: PUSH1 0x01
00000461: PUSH1 0xa0
00000463: PUSH1 0x02
00000465: EXP
00000466: SUB
00000467: SWAP2
00000468: DUP3
00000469: AND
0000046a: SWAP3
0000046b: SWAP2
0000046c: ADDRESS
0000046d: AND
0000046e: BALANCE
0000046f: SWAP1
00000470: DUP3
00000471: DUP2
00000472: DUP2
00000473: DUP2
00000474: DUP6
00000475: DUP9
00000476: DUP4
00000477: CALL
00000478: POP
00000479: POP
0000047a: POP
0000047b: POP
0000047c: POP
0000047d: JUMP
0000047e: JUMPDEST
0000047f: POP
00000480: POP
00000481: PUSH1 0x20
00000483: DUP3
00000484: ADD
00000485: MLOAD
00000486: PUSH1 0x01
00000488: SWAP2
00000489: SWAP1
0000048a: SWAP2
0000048b: ADD
0000048c: DUP1
0000048d: SLOAD
0000048e: PUSH1 0x40
00000490: SWAP4
00000491: SWAP1
00000492: SWAP4
00000493: ADD
00000494: MLOAD
00000495: PUSH2 0x0100
00000498: MUL
00000499: PUSH1 0xff
0000049b: NOT
0000049c: SWAP4
0000049d: SWAP1
0000049e: SWAP4
0000049f: AND
000004a0: SWAP1
000004a1: SWAP2
000004a2: OR
000004a3: PUSH2 0xff00
000004a6: NOT
000004a7: AND
000004a8: SWAP2
000004a9: SWAP1
000004aa: SWAP2
000004ab: OR
000004ac: SWAP1
000004ad: SSTORE
000004ae: JUMPDEST
000004af: POP
000004b0: POP
000004b1: JUMP
000004b2: JUMPDEST
000004b3: PUSH1 0x60
000004b5: PUSH1 0x40
000004b7: MLOAD
000004b8: SWAP1
000004b9: DUP2
000004ba: ADD
000004bb: PUSH1 0x40
000004bd: MSTORE
000004be: DUP1
000004bf: DUP3
000004c0: DUP2
000004c1: MSTORE
000004c2: PUSH1 0x20
000004c4: ADD
000004c5: PUSH1 0x00
000004c7: DUP2
000004c8: MSTORE
000004c9: PUSH1 0x20
000004cb: ADD
000004cc: PUSH1 0x00
000004ce: DUP2
000004cf: MSTORE
000004d0: PUSH1 0x20
000004d2: ADD
000004d3: POP
000004d4: PUSH1 0x01
000004d6: PUSH1 0x00
000004d8: POP
000004d9: DUP4
000004da: PUSH1 0x40
000004dc: MLOAD
000004dd: DUP1
000004de: DUP3
000004df: DUP1
000004e0: MLOAD
000004e1: SWAP1
000004e2: PUSH1 0x20
000004e4: ADD
000004e5: SWAP1
000004e6: DUP1
000004e7: DUP4
000004e8: DUP4
000004e9: DUP3
000004ea: SWAP1
000004eb: PUSH1 0x00
000004ed: PUSH1 0x04
000004ef: PUSH1 0x20
000004f1: DUP5
000004f2: PUSH1 0x1f
000004f4: ADD
000004f5: DIV
000004f6: PUSH1 0x0f
000004f8: MUL
000004f9: PUSH1 0x03
000004fb: ADD
000004fc: CALL
000004fd: POP
000004fe: SWAP1
000004ff: POP
00000500: ADD
00000501: SWAP2
00000502: POP
00000503: POP
00000504: SWAP1
00000505: DUP2
00000506: MSTORE
00000507: PUSH1 0x20
00000509: ADD
0000050a: PUSH1 0x40
0000050c: MLOAD
0000050d: DUP1
0000050e: SWAP2
0000050f: SUB
00000510: SWAP1
00000511: KECCAK256
00000512: PUSH1 0x00
00000514: POP
00000515: PUSH1 0x00
00000517: DUP3
00000518: ADD
00000519: MLOAD
0000051a: DUP2
0000051b: PUSH1 0x00
0000051d: ADD
0000051e: PUSH1 0x00
00000520: POP
00000521: SWAP1
00000522: DUP1
00000523: MLOAD
00000524: SWAP1
00000525: PUSH1 0x20
00000527: ADD
00000528: SWAP1
00000529: DUP3
0000052a: DUP1
0000052b: SLOAD
0000052c: PUSH1 0x01
0000052e: DUP2
0000052f: PUSH1 0x01
00000531: AND
00000532: ISZERO
00000533: PUSH2 0x0100
00000536: MUL
00000537: SUB
00000538: AND
00000539: PUSH1 0x02
0000053b: SWAP1
0000053c: DIV
0000053d: SWAP1
0000053e: PUSH1 0x00
00000540: MSTORE
00000541: PUSH1 0x20
00000543: PUSH1 0x00
00000545: KECCAK256
00000546: SWAP1
00000547: PUSH1 0x1f
00000549: ADD
0000054a: PUSH1 0x20
0000054c: SWAP1
0000054d: DIV
0000054e: DUP2
0000054f: ADD
00000550: SWAP3
00000551: DUP3
00000552: PUSH1 0x1f
00000554: LT
00000555: PUSH2 0x0581
00000558: JUMPI
00000559: DUP1
0000055a: MLOAD
0000055b: PUSH1 0xff
0000055d: NOT
0000055e: AND
0000055f: DUP4
00000560: DUP1
00000561: ADD
00000562: OR
00000563: DUP6
00000564: SSTORE
00000565: JUMPDEST
00000566: POP
00000567: PUSH2 0x047e
0000056a: SWAP3
0000056b: SWAP2
0000056c: POP
0000056d: JUMPDEST
0000056e: DUP1
0000056f: DUP3
00000570: GT
00000571: ISZERO
00000572: PUSH2 0x05b1
00000575: JUMPI
00000576: PUSH1 0x00
00000578: DUP2
00000579: SSTORE
0000057a: PUSH1 0x01
0000057c: ADD
0000057d: PUSH2 0x056d
00000580: JUMP
00000581: JUMPDEST
00000582: DUP3
00000583: DUP1
00000584: ADD
00000585: PUSH1 0x01
00000587: ADD
00000588: DUP6
00000589: SSTORE
0000058a: DUP3
0000058b: ISZERO
0000058c: PUSH2 0x0565
0000058f: JUMPI
00000590: SWAP2
00000591: DUP3
00000592: ADD
00000593: JUMPDEST
00000594: DUP3
00000595: DUP2
00000596: GT
00000597: ISZERO
00000598: PUSH2 0x0565
0000059b: JUMPI
0000059c: DUP3
0000059d: MLOAD
0000059e: DUP3
0000059f: PUSH1 0x00
000005a1: POP
000005a2: SSTORE
000005a3: SWAP2
000005a4: PUSH1 0x20
000005a6: ADD
000005a7: SWAP2
000005a8: SWAP1
000005a9: PUSH1 0x01
000005ab: ADD
000005ac: SWAP1
000005ad: PUSH2 0x0593
000005b0: JUMP
000005b1: JUMPDEST
000005b2: POP
000005b3: SWAP1
000005b4: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x969df43a44b66bd5b17b67c4841fc6de6dd3c55aa962e2bedac1e79d1085ca5a
call_targets: 0x0000000000000000000000000000000000000004, 0xd66446c10959da460dc06a4106695b38ec5be589
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x969df43a44b66bd5b17b67c4841fc6de6dd3c55aa962e2bedac1e79d1085ca5a",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xd66446c10959da460dc06a4106695b38ec5be589"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2c854a1a",
            "selector": "0x2c854a1a",
            "calldata_variants": [
                "0x2c854a1a",
                "0x2c854a1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x824d0227",
            "selector": "0x824d0227",
            "calldata_variants": [
                "0x824d0227",
                "0x824d02270000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ac064a",
            "selector": "0xe3ac064a",
            "calldata_variants": [
                "0xe3ac064a",
                "0xe3ac064a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ffc9a3",
            "selector": "0xe3ffc9a3",
            "calldata_variants": [
                "0xe3ffc9a3",
                "0xe3ffc9a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf6a0576d",
            "selector": "0xf6a0576d",
            "calldata_variants": [
                "0xf6a0576d",
                "0xf6a0576d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 205,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant_zero",
            "target_expression_category": "computed"
        },
        {
            "pc": 418,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 670,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant_zero",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 6,
    "guards_detected": [],
    "untrusted_call_count": 6
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x969df43a44b66bd5b17b67c4841fc6de6dd3c55aa962e2bedac1e79d1085ca5a
call_targets: 0x0000000000000000000000000000000000000004, 0xd66446c10959da460dc06a4106695b38ec5be589
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x969df43a44b66bd5b17b67c4841fc6de6dd3c55aa962e2bedac1e79d1085ca5a",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xd66446c10959da460dc06a4106695b38ec5be589"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2c854a1a",
            "selector": "0x2c854a1a",
            "calldata_variants": [
                "0x2c854a1a",
                "0x2c854a1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x824d0227",
            "selector": "0x824d0227",
            "calldata_variants": [
                "0x824d0227",
                "0x824d02270000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ac064a",
            "selector": "0xe3ac064a",
            "calldata_variants": [
                "0xe3ac064a",
                "0xe3ac064a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ffc9a3",
            "selector": "0xe3ffc9a3",
            "calldata_variants": [
                "0xe3ffc9a3",
                "0xe3ffc9a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf6a0576d",
            "selector": "0xf6a0576d",
            "calldata_variants": [
                "0xf6a0576d",
                "0xf6a0576d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 418,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 986,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1143,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 4,
    "guards_detected": []
}
high other detector SELFDESTRUCT reachable 65 no no
view
trace_id: 0x3b8c1a836f1b1a26de4a40b992346af6587cbda403caa1b80c803bc8f3d249a7
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x3b8c1a836f1b1a26de4a40b992346af6587cbda403caa1b80c803bc8f3d249a7",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2c854a1a",
            "selector": "0x2c854a1a",
            "calldata_variants": [
                "0x2c854a1a",
                "0x2c854a1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x824d0227",
            "selector": "0x824d0227",
            "calldata_variants": [
                "0x824d0227",
                "0x824d02270000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ac064a",
            "selector": "0xe3ac064a",
            "calldata_variants": [
                "0xe3ac064a",
                "0xe3ac064a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe3ffc9a3",
            "selector": "0xe3ffc9a3",
            "calldata_variants": [
                "0xe3ffc9a3",
                "0xe3ffc9a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf6a0576d",
            "selector": "0xf6a0576d",
            "calldata_variants": [
                "0xf6a0576d",
                "0xf6a0576d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [],
    "selfdestruct_count": 1
}