TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-a338-7107-aa51-a1de93558e40

complete
Chain ID
1
Address
0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
15781 artifact.fetch complete 1 / 3 3 months ago
15782 tool.cast_disasm complete 1 / 3 3 months ago
85864 analysis.bundle complete 1 / 3 1 week ago
85865 capability.graph complete 1 / 3 1 week ago
85866 detector.run complete 1 / 3 1 week ago
85867 validation.fork complete 1 / 3 1 week ago
113706 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-maera4ek
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c9c-5ab6-7aa3-b31d-ba26347b9ab9
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:47:25.759374+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 2794,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
6
EXT*/BALANCE
3
Total opcodes
890
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0029
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x3ccfd60b
00000019: EQ
0000001a: PUSH2 0x002b
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xf4f3b200
00000024: EQ
00000025: PUSH2 0x0040
00000028: JUMPI
00000029: JUMPDEST
0000002a: STOP
0000002b: JUMPDEST
0000002c: CALLVALUE
0000002d: DUP1
0000002e: ISZERO
0000002f: PUSH2 0x0037
00000032: JUMPI
00000033: PUSH1 0x00
00000035: DUP1
00000036: REVERT
00000037: JUMPDEST
00000038: POP
00000039: PUSH2 0x0029
0000003c: PUSH2 0x0060
0000003f: JUMP
00000040: JUMPDEST
00000041: CALLVALUE
00000042: DUP1
00000043: ISZERO
00000044: PUSH2 0x004c
00000047: JUMPI
00000048: PUSH1 0x00
0000004a: DUP1
0000004b: REVERT
0000004c: JUMPDEST
0000004d: POP
0000004e: PUSH2 0x0029
00000051: PUSH2 0x005b
00000054: CALLDATASIZE
00000055: PUSH1 0x04
00000057: PUSH2 0x046c
0000005a: JUMP
0000005b: JUMPDEST
0000005c: PUSH2 0x0109
0000005f: JUMP
00000060: JUMPDEST
00000061: PUSH1 0x00
00000063: SELFBALANCE
00000064: SWAP1
00000065: POP
00000066: PUSH1 0x00
00000068: PUSH2 0x0087
0000006b: PUSH1 0x64
0000006d: PUSH2 0x0081
00000070: PUSH1 0x02
00000072: SLOAD
00000073: DUP6
00000074: PUSH2 0x032d
00000077: SWAP1
00000078: SWAP2
00000079: SWAP1
0000007a: PUSH4 0xffffffff
0000007f: AND
00000080: JUMP
00000081: JUMPDEST
00000082: SWAP1
00000083: PUSH2 0x03b5
00000086: JUMP
00000087: JUMPDEST
00000088: PUSH1 0x00
0000008a: DUP1
0000008b: SLOAD
0000008c: PUSH1 0x40
0000008e: MLOAD
0000008f: SWAP3
00000090: SWAP4
00000091: POP
00000092: PUSH1 0x01
00000094: PUSH1 0x01
00000096: PUSH1 0xa0
00000098: SHL
00000099: SUB
0000009a: AND
0000009b: SWAP2
0000009c: DUP4
0000009d: ISZERO
0000009e: PUSH2 0x08fc
000000a1: MUL
000000a2: SWAP2
000000a3: DUP5
000000a4: SWAP2
000000a5: SWAP1
000000a6: DUP2
000000a7: DUP2
000000a8: DUP2
000000a9: DUP6
000000aa: DUP9
000000ab: DUP9
000000ac: CALL
000000ad: SWAP4
000000ae: POP
000000af: POP
000000b0: POP
000000b1: POP
000000b2: ISZERO
000000b3: DUP1
000000b4: ISZERO
000000b5: PUSH2 0x00c2
000000b8: JUMPI
000000b9: RETURNDATASIZE
000000ba: PUSH1 0x00
000000bc: DUP1
000000bd: RETURNDATACOPY
000000be: RETURNDATASIZE
000000bf: PUSH1 0x00
000000c1: REVERT
000000c2: JUMPDEST
000000c3: POP
000000c4: PUSH1 0x01
000000c6: SLOAD
000000c7: PUSH1 0x01
000000c9: PUSH1 0x01
000000cb: PUSH1 0xa0
000000cd: SHL
000000ce: SUB
000000cf: AND
000000d0: PUSH2 0x08fc
000000d3: PUSH2 0x00dc
000000d6: DUP5
000000d7: DUP5
000000d8: PUSH2 0x0410
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH1 0x40
000000df: MLOAD
000000e0: DUP2
000000e1: ISZERO
000000e2: SWAP1
000000e3: SWAP3
000000e4: MUL
000000e5: SWAP2
000000e6: PUSH1 0x00
000000e8: DUP2
000000e9: DUP2
000000ea: DUP2
000000eb: DUP6
000000ec: DUP9
000000ed: DUP9
000000ee: CALL
000000ef: SWAP4
000000f0: POP
000000f1: POP
000000f2: POP
000000f3: POP
000000f4: ISZERO
000000f5: DUP1
000000f6: ISZERO
000000f7: PUSH2 0x0104
000000fa: JUMPI
000000fb: RETURNDATASIZE
000000fc: PUSH1 0x00
000000fe: DUP1
000000ff: RETURNDATACOPY
00000100: RETURNDATASIZE
00000101: PUSH1 0x00
00000103: REVERT
00000104: JUMPDEST
00000105: POP
00000106: POP
00000107: POP
00000108: JUMP
00000109: JUMPDEST
0000010a: PUSH1 0x40
0000010c: MLOAD
0000010d: PUSH4 0x70a08231
00000112: PUSH1 0xe0
00000114: SHL
00000115: DUP2
00000116: MSTORE
00000117: ADDRESS
00000118: PUSH1 0x04
0000011a: DUP3
0000011b: ADD
0000011c: MSTORE
0000011d: DUP2
0000011e: SWAP1
0000011f: PUSH1 0x00
00000121: SWAP1
00000122: PUSH1 0x01
00000124: PUSH1 0x01
00000126: PUSH1 0xa0
00000128: SHL
00000129: SUB
0000012a: DUP4
0000012b: AND
0000012c: SWAP1
0000012d: PUSH4 0x70a08231
00000132: SWAP1
00000133: PUSH1 0x24
00000135: ADD
00000136: PUSH1 0x20
00000138: PUSH1 0x40
0000013a: MLOAD
0000013b: DUP1
0000013c: DUP4
0000013d: SUB
0000013e: DUP2
0000013f: DUP7
00000140: DUP1
00000141: EXTCODESIZE
00000142: ISZERO
00000143: DUP1
00000144: ISZERO
00000145: PUSH2 0x014d
00000148: JUMPI
00000149: PUSH1 0x00
0000014b: DUP1
0000014c: REVERT
0000014d: JUMPDEST
0000014e: POP
0000014f: GAS
00000150: STATICCALL
00000151: ISZERO
00000152: DUP1
00000153: ISZERO
00000154: PUSH2 0x0161
00000157: JUMPI
00000158: RETURNDATASIZE
00000159: PUSH1 0x00
0000015b: DUP1
0000015c: RETURNDATACOPY
0000015d: RETURNDATASIZE
0000015e: PUSH1 0x00
00000160: REVERT
00000161: JUMPDEST
00000162: POP
00000163: POP
00000164: POP
00000165: POP
00000166: PUSH1 0x40
00000168: MLOAD
00000169: RETURNDATASIZE
0000016a: PUSH1 0x1f
0000016c: NOT
0000016d: PUSH1 0x1f
0000016f: DUP3
00000170: ADD
00000171: AND
00000172: DUP3
00000173: ADD
00000174: DUP1
00000175: PUSH1 0x40
00000177: MSTORE
00000178: POP
00000179: DUP2
0000017a: ADD
0000017b: SWAP1
0000017c: PUSH2 0x0185
0000017f: SWAP2
00000180: SWAP1
00000181: PUSH2 0x04b7
00000184: JUMP
00000185: JUMPDEST
00000186: SWAP1
00000187: POP
00000188: PUSH1 0x00
0000018a: PUSH2 0x01a3
0000018d: PUSH1 0x64
0000018f: PUSH2 0x0081
00000192: PUSH1 0x02
00000194: SLOAD
00000195: DUP6
00000196: PUSH2 0x032d
00000199: SWAP1
0000019a: SWAP2
0000019b: SWAP1
0000019c: PUSH4 0xffffffff
000001a1: AND
000001a2: JUMP
000001a3: JUMPDEST
000001a4: SWAP1
000001a5: POP
000001a6: PUSH1 0x00
000001a8: DUP3
000001a9: GT
000001aa: PUSH2 0x01f0
000001ad: JUMPI
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: PUSH3 0x461bcd
000001b5: PUSH1 0xe5
000001b7: SHL
000001b8: DUP2
000001b9: MSTORE
000001ba: PUSH1 0x20
000001bc: PUSH1 0x04
000001be: DUP3
000001bf: ADD
000001c0: MSTORE
000001c1: PUSH1 0x13
000001c3: PUSH1 0x24
000001c5: DUP3
000001c6: ADD
000001c7: MSTORE
000001c8: PUSH19 0x4e6f7468696e6720746f207769746864726177
000001dc: PUSH1 0x68
000001de: SHL
000001df: PUSH1 0x44
000001e1: DUP3
000001e2: ADD
000001e3: MSTORE
000001e4: PUSH1 0x64
000001e6: ADD
000001e7: JUMPDEST
000001e8: PUSH1 0x40
000001ea: MLOAD
000001eb: DUP1
000001ec: SWAP2
000001ed: SUB
000001ee: SWAP1
000001ef: REVERT
000001f0: JUMPDEST
000001f1: PUSH1 0x00
000001f3: SLOAD
000001f4: PUSH1 0x40
000001f6: MLOAD
000001f7: PUSH4 0x23b872dd
000001fc: PUSH1 0xe0
000001fe: SHL
000001ff: DUP2
00000200: MSTORE
00000201: ADDRESS
00000202: PUSH1 0x04
00000204: DUP3
00000205: ADD
00000206: MSTORE
00000207: PUSH1 0x01
00000209: PUSH1 0x01
0000020b: PUSH1 0xa0
0000020d: SHL
0000020e: SUB
0000020f: SWAP2
00000210: DUP3
00000211: AND
00000212: PUSH1 0x24
00000214: DUP3
00000215: ADD
00000216: MSTORE
00000217: PUSH1 0x44
00000219: DUP2
0000021a: ADD
0000021b: DUP4
0000021c: SWAP1
0000021d: MSTORE
0000021e: SWAP1
0000021f: DUP5
00000220: AND
00000221: SWAP1
00000222: PUSH4 0x23b872dd
00000227: SWAP1
00000228: PUSH1 0x64
0000022a: ADD
0000022b: PUSH1 0x20
0000022d: PUSH1 0x40
0000022f: MLOAD
00000230: DUP1
00000231: DUP4
00000232: SUB
00000233: DUP2
00000234: PUSH1 0x00
00000236: DUP8
00000237: DUP1
00000238: EXTCODESIZE
00000239: ISZERO
0000023a: DUP1
0000023b: ISZERO
0000023c: PUSH2 0x0244
0000023f: JUMPI
00000240: PUSH1 0x00
00000242: DUP1
00000243: REVERT
00000244: JUMPDEST
00000245: POP
00000246: GAS
00000247: CALL
00000248: ISZERO
00000249: DUP1
0000024a: ISZERO
0000024b: PUSH2 0x0258
0000024e: JUMPI
0000024f: RETURNDATASIZE
00000250: PUSH1 0x00
00000252: DUP1
00000253: RETURNDATACOPY
00000254: RETURNDATASIZE
00000255: PUSH1 0x00
00000257: REVERT
00000258: JUMPDEST
00000259: POP
0000025a: POP
0000025b: POP
0000025c: POP
0000025d: PUSH1 0x40
0000025f: MLOAD
00000260: RETURNDATASIZE
00000261: PUSH1 0x1f
00000263: NOT
00000264: PUSH1 0x1f
00000266: DUP3
00000267: ADD
00000268: AND
00000269: DUP3
0000026a: ADD
0000026b: DUP1
0000026c: PUSH1 0x40
0000026e: MSTORE
0000026f: POP
00000270: DUP2
00000271: ADD
00000272: SWAP1
00000273: PUSH2 0x027c
00000276: SWAP2
00000277: SWAP1
00000278: PUSH2 0x0495
0000027b: JUMP
0000027c: JUMPDEST
0000027d: POP
0000027e: PUSH1 0x01
00000280: SLOAD
00000281: PUSH1 0x01
00000283: PUSH1 0x01
00000285: PUSH1 0xa0
00000287: SHL
00000288: SUB
00000289: DUP1
0000028a: DUP6
0000028b: AND
0000028c: SWAP2
0000028d: PUSH4 0x23b872dd
00000292: SWAP2
00000293: ADDRESS
00000294: SWAP2
00000295: AND
00000296: PUSH2 0x029f
00000299: DUP7
0000029a: DUP7
0000029b: PUSH2 0x0410
0000029e: JUMP
0000029f: JUMPDEST
000002a0: PUSH1 0x40
000002a2: MLOAD
000002a3: PUSH1 0x01
000002a5: PUSH1 0x01
000002a7: PUSH1 0xe0
000002a9: SHL
000002aa: SUB
000002ab: NOT
000002ac: PUSH1 0xe0
000002ae: DUP7
000002af: SWAP1
000002b0: SHL
000002b1: AND
000002b2: DUP2
000002b3: MSTORE
000002b4: PUSH1 0x01
000002b6: PUSH1 0x01
000002b8: PUSH1 0xa0
000002ba: SHL
000002bb: SUB
000002bc: SWAP4
000002bd: DUP5
000002be: AND
000002bf: PUSH1 0x04
000002c1: DUP3
000002c2: ADD
000002c3: MSTORE
000002c4: SWAP3
000002c5: SWAP1
000002c6: SWAP2
000002c7: AND
000002c8: PUSH1 0x24
000002ca: DUP4
000002cb: ADD
000002cc: MSTORE
000002cd: PUSH1 0x44
000002cf: DUP3
000002d0: ADD
000002d1: MSTORE
000002d2: PUSH1 0x64
000002d4: ADD
000002d5: PUSH1 0x20
000002d7: PUSH1 0x40
000002d9: MLOAD
000002da: DUP1
000002db: DUP4
000002dc: SUB
000002dd: DUP2
000002de: PUSH1 0x00
000002e0: DUP8
000002e1: DUP1
000002e2: EXTCODESIZE
000002e3: ISZERO
000002e4: DUP1
000002e5: ISZERO
000002e6: PUSH2 0x02ee
000002e9: JUMPI
000002ea: PUSH1 0x00
000002ec: DUP1
000002ed: REVERT
000002ee: JUMPDEST
000002ef: POP
000002f0: GAS
000002f1: CALL
000002f2: ISZERO
000002f3: DUP1
000002f4: ISZERO
000002f5: PUSH2 0x0302
000002f8: JUMPI
000002f9: RETURNDATASIZE
000002fa: PUSH1 0x00
000002fc: DUP1
000002fd: RETURNDATACOPY
000002fe: RETURNDATASIZE
000002ff: PUSH1 0x00
00000301: REVERT
00000302: JUMPDEST
00000303: POP
00000304: POP
00000305: POP
00000306: POP
00000307: PUSH1 0x40
00000309: MLOAD
0000030a: RETURNDATASIZE
0000030b: PUSH1 0x1f
0000030d: NOT
0000030e: PUSH1 0x1f
00000310: DUP3
00000311: ADD
00000312: AND
00000313: DUP3
00000314: ADD
00000315: DUP1
00000316: PUSH1 0x40
00000318: MSTORE
00000319: POP
0000031a: DUP2
0000031b: ADD
0000031c: SWAP1
0000031d: PUSH2 0x0326
00000320: SWAP2
00000321: SWAP1
00000322: PUSH2 0x0495
00000325: JUMP
00000326: JUMPDEST
00000327: POP
00000328: POP
00000329: POP
0000032a: POP
0000032b: POP
0000032c: JUMP
0000032d: JUMPDEST
0000032e: PUSH1 0x00
00000330: DUP3
00000331: PUSH2 0x033c
00000334: JUMPI
00000335: POP
00000336: PUSH1 0x00
00000338: PUSH2 0x03af
0000033b: JUMP
0000033c: JUMPDEST
0000033d: PUSH1 0x00
0000033f: PUSH2 0x0348
00000342: DUP4
00000343: DUP6
00000344: PUSH2 0x04f2
00000347: JUMP
00000348: JUMPDEST
00000349: SWAP1
0000034a: POP
0000034b: DUP3
0000034c: PUSH2 0x0355
0000034f: DUP6
00000350: DUP4
00000351: PUSH2 0x04d0
00000354: JUMP
00000355: JUMPDEST
00000356: EQ
00000357: PUSH2 0x03ac
0000035a: JUMPI
0000035b: PUSH1 0x40
0000035d: MLOAD
0000035e: PUSH3 0x461bcd
00000362: PUSH1 0xe5
00000364: SHL
00000365: DUP2
00000366: MSTORE
00000367: PUSH1 0x20
00000369: PUSH1 0x04
0000036b: DUP3
0000036c: ADD
0000036d: MSTORE
0000036e: PUSH1 0x21
00000370: PUSH1 0x24
00000372: DUP3
00000373: ADD
00000374: MSTORE
00000375: PUSH32 0x536166654d6174683a206d756c7469706c69636174696f6e206f766572666c6f
00000396: PUSH1 0x44
00000398: DUP3
00000399: ADD
0000039a: MSTORE
0000039b: PUSH1 0x77
0000039d: PUSH1 0xf8
0000039f: SHL
000003a0: PUSH1 0x64
000003a2: DUP3
000003a3: ADD
000003a4: MSTORE
000003a5: PUSH1 0x84
000003a7: ADD
000003a8: PUSH2 0x01e7
000003ab: JUMP
000003ac: JUMPDEST
000003ad: SWAP1
000003ae: POP
000003af: JUMPDEST
000003b0: SWAP3
000003b1: SWAP2
000003b2: POP
000003b3: POP
000003b4: JUMP
000003b5: JUMPDEST
000003b6: PUSH1 0x00
000003b8: DUP1
000003b9: DUP3
000003ba: GT
000003bb: PUSH2 0x0406
000003be: JUMPI
000003bf: PUSH1 0x40
000003c1: MLOAD
000003c2: PUSH3 0x461bcd
000003c6: PUSH1 0xe5
000003c8: SHL
000003c9: DUP2
000003ca: MSTORE
000003cb: PUSH1 0x20
000003cd: PUSH1 0x04
000003cf: DUP3
000003d0: ADD
000003d1: MSTORE
000003d2: PUSH1 0x1a
000003d4: PUSH1 0x24
000003d6: DUP3
000003d7: ADD
000003d8: MSTORE
000003d9: PUSH32 0x536166654d6174683a206469766973696f6e206279207a65726f000000000000
000003fa: PUSH1 0x44
000003fc: DUP3
000003fd: ADD
000003fe: MSTORE
000003ff: PUSH1 0x64
00000401: ADD
00000402: PUSH2 0x01e7
00000405: JUMP
00000406: JUMPDEST
00000407: PUSH2 0x03ac
0000040a: DUP3
0000040b: DUP5
0000040c: PUSH2 0x04d0
0000040f: JUMP
00000410: JUMPDEST
00000411: PUSH1 0x00
00000413: DUP3
00000414: DUP3
00000415: GT
00000416: ISZERO
00000417: PUSH2 0x0462
0000041a: JUMPI
0000041b: PUSH1 0x40
0000041d: MLOAD
0000041e: PUSH3 0x461bcd
00000422: PUSH1 0xe5
00000424: SHL
00000425: DUP2
00000426: MSTORE
00000427: PUSH1 0x20
00000429: PUSH1 0x04
0000042b: DUP3
0000042c: ADD
0000042d: MSTORE
0000042e: PUSH1 0x1e
00000430: PUSH1 0x24
00000432: DUP3
00000433: ADD
00000434: MSTORE
00000435: PUSH32 0x536166654d6174683a207375627472616374696f6e206f766572666c6f770000
00000456: PUSH1 0x44
00000458: DUP3
00000459: ADD
0000045a: MSTORE
0000045b: PUSH1 0x64
0000045d: ADD
0000045e: PUSH2 0x01e7
00000461: JUMP
00000462: JUMPDEST
00000463: PUSH2 0x03ac
00000466: DUP3
00000467: DUP5
00000468: PUSH2 0x0511
0000046b: JUMP
0000046c: JUMPDEST
0000046d: PUSH1 0x00
0000046f: PUSH1 0x20
00000471: DUP3
00000472: DUP5
00000473: SUB
00000474: SLT
00000475: ISZERO
00000476: PUSH2 0x047e
00000479: JUMPI
0000047a: PUSH1 0x00
0000047c: DUP1
0000047d: REVERT
0000047e: JUMPDEST
0000047f: DUP2
00000480: CALLDATALOAD
00000481: PUSH1 0x01
00000483: PUSH1 0x01
00000485: PUSH1 0xa0
00000487: SHL
00000488: SUB
00000489: DUP2
0000048a: AND
0000048b: DUP2
0000048c: EQ
0000048d: PUSH2 0x03ac
00000490: JUMPI
00000491: PUSH1 0x00
00000493: DUP1
00000494: REVERT
00000495: JUMPDEST
00000496: PUSH1 0x00
00000498: PUSH1 0x20
0000049a: DUP3
0000049b: DUP5
0000049c: SUB
0000049d: SLT
0000049e: ISZERO
0000049f: PUSH2 0x04a7
000004a2: JUMPI
000004a3: PUSH1 0x00
000004a5: DUP1
000004a6: REVERT
000004a7: JUMPDEST
000004a8: DUP2
000004a9: MLOAD
000004aa: DUP1
000004ab: ISZERO
000004ac: ISZERO
000004ad: DUP2
000004ae: EQ
000004af: PUSH2 0x03ac
000004b2: JUMPI
000004b3: PUSH1 0x00
000004b5: DUP1
000004b6: REVERT
000004b7: JUMPDEST
000004b8: PUSH1 0x00
000004ba: PUSH1 0x20
000004bc: DUP3
000004bd: DUP5
000004be: SUB
000004bf: SLT
000004c0: ISZERO
000004c1: PUSH2 0x04c9
000004c4: JUMPI
000004c5: PUSH1 0x00
000004c7: DUP1
000004c8: REVERT
000004c9: JUMPDEST
000004ca: POP
000004cb: MLOAD
000004cc: SWAP2
000004cd: SWAP1
000004ce: POP
000004cf: JUMP
000004d0: JUMPDEST
000004d1: PUSH1 0x00
000004d3: DUP3
000004d4: PUSH2 0x04ed
000004d7: JUMPI
000004d8: PUSH4 0x4e487b71
000004dd: PUSH1 0xe0
000004df: SHL
000004e0: PUSH1 0x00
000004e2: MSTORE
000004e3: PUSH1 0x12
000004e5: PUSH1 0x04
000004e7: MSTORE
000004e8: PUSH1 0x24
000004ea: PUSH1 0x00
000004ec: REVERT
000004ed: JUMPDEST
000004ee: POP
000004ef: DIV
000004f0: SWAP1
000004f1: JUMP
000004f2: JUMPDEST
000004f3: PUSH1 0x00
000004f5: DUP2
000004f6: PUSH1 0x00
000004f8: NOT
000004f9: DIV
000004fa: DUP4
000004fb: GT
000004fc: DUP3
000004fd: ISZERO
000004fe: ISZERO
000004ff: AND
00000500: ISZERO
00000501: PUSH2 0x050c
00000504: JUMPI
00000505: PUSH2 0x050c
00000508: PUSH2 0x0528
0000050b: JUMP
0000050c: JUMPDEST
0000050d: POP
0000050e: MUL
0000050f: SWAP1
00000510: JUMP
00000511: JUMPDEST
00000512: PUSH1 0x00
00000514: DUP3
00000515: DUP3
00000516: LT
00000517: ISZERO
00000518: PUSH2 0x0523
0000051b: JUMPI
0000051c: PUSH2 0x0523
0000051f: PUSH2 0x0528
00000522: JUMP
00000523: JUMPDEST
00000524: POP
00000525: SUB
00000526: SWAP1
00000527: JUMP
00000528: JUMPDEST
00000529: PUSH4 0x4e487b71
0000052e: PUSH1 0xe0
00000530: SHL
00000531: PUSH1 0x00
00000533: MSTORE
00000534: PUSH1 0x11
00000536: PUSH1 0x04
00000538: MSTORE
00000539: PUSH1 0x24
0000053b: PUSH1 0x00
0000053d: REVERT
0000053e: INVALID
0000053f: LOG2
00000540: PUSH5 0x6970667358
00000546: UNKNOWN(0x22)
00000547: SLT
00000548: KECCAK256
00000549: INVALID
0000054a: LOG0
0000054b: DUP5
0000054c: PUSH6 0x1e76a55f5fa2
00000553: UNKNOWN(0xB3)
00000554: UNKNOWN(0x0C)
00000555: SWAP2
00000556: DUP15
00000557: CALL
00000558: UNKNOWN(0xF8)
00000559: UNKNOWN(0xAA)
0000055a: PUSH16 0x2d24e215c7400bcdc0c18423c1926473
0000056b: PUSH16
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e
call_targets: 0x010c1b559e332d8ac0796d9b49031044b3feadb0, 0x38201568a7fece8da2248461810a9d42faccf313, 0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x010c1b559e332d8ac0796d9b49031044b3feadb0",
        "0x38201568a7fece8da2248461810a9d42faccf313",
        "0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf4f3b200",
            "selector": "0xf4f3b200",
            "calldata_variants": [
                "0xf4f3b200",
                "0xf4f3b2000000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 172,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 238,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 583,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 5,
    "guards_detected": [],
    "untrusted_call_count": 5
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e
call_targets: 0x010c1b559e332d8ac0796d9b49031044b3feadb0, 0x38201568a7fece8da2248461810a9d42faccf313, 0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x010c1b559e332d8ac0796d9b49031044b3feadb0",
        "0x38201568a7fece8da2248461810a9d42faccf313",
        "0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf4f3b200",
            "selector": "0xf4f3b200",
            "calldata_variants": [
                "0xf4f3b200",
                "0xf4f3b2000000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 172,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 238,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 583,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 5,
    "guards_detected": []
}