019b477e-a6c7-7173-b0a4-059695908b59
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 20143 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 20144 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 63578 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 63579 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 63580 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 63581 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0035 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x4c8fe526 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x0143 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x6c4470fb 00000025: EQ 00000026: PUSH2 0x0151 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0xb69ef8a8 00000030: EQ 00000031: PUSH2 0x015a 00000034: JUMPI 00000035: JUMPDEST 00000036: PUSH2 0x0163 00000039: PUSH1 0x00 0000003b: DUP1 0000003c: SLOAD 0000003d: CALLVALUE 0000003e: SWAP1 0000003f: DUP2 00000040: ADD 00000041: DUP3 00000042: SSTORE 00000043: DUP2 00000044: SWAP1 00000045: DUP2 00000046: SWAP1 00000047: DUP2 00000048: SWAP1 00000049: PUSH8 0x0de0b6b3a7640000 00000052: SWAP1 00000053: LT 00000054: PUSH2 0x016a 00000057: JUMPI 00000058: PUSH1 0x02 0000005a: DUP1 0000005b: SLOAD 0000005c: PUSH1 0x01 0000005e: DUP2 0000005f: ADD 00000060: SWAP1 00000061: SWAP2 00000062: SSTORE 00000063: PUSH1 0x03 00000065: DUP1 00000066: SLOAD 00000067: CALLER 00000068: SWAP3 00000069: SWAP1 0000006a: DUP2 0000006b: LT 0000006c: ISZERO 0000006d: PUSH2 0x0002 00000070: JUMPI 00000071: SWAP1 00000072: PUSH1 0x00 00000074: MSTORE 00000075: PUSH1 0x20 00000077: PUSH1 0x00 00000079: KECCAK256 0000007a: SWAP1 0000007b: ADD 0000007c: PUSH1 0x00 0000007e: PUSH2 0x0100 00000081: EXP 00000082: DUP2 00000083: SLOAD 00000084: DUP2 00000085: PUSH1 0x01 00000087: PUSH1 0xa0 00000089: PUSH1 0x02 0000008b: EXP 0000008c: SUB 0000008d: MUL 0000008e: NOT 0000008f: AND 00000090: SWAP1 00000091: DUP4 00000092: MUL 00000093: OR 00000094: SWAP1 00000095: SSTORE 00000096: POP 00000097: PUSH1 0x03 00000099: PUSH1 0x00 0000009b: POP 0000009c: SLOAD 0000009d: PUSH1 0x02 0000009f: PUSH1 0x00 000000a1: POP 000000a2: SLOAD 000000a3: EQ 000000a4: ISZERO 000000a5: PUSH2 0x016a 000000a8: JUMPI 000000a9: PUSH1 0x01 000000ab: DUP1 000000ac: SLOAD 000000ad: DUP2 000000ae: ADD 000000af: DUP1 000000b0: DUP3 000000b1: SSTORE 000000b2: GT 000000b3: ISZERO 000000b4: PUSH2 0x018f 000000b7: JUMPI 000000b8: PUSH1 0x01 000000ba: PUSH1 0x01 000000bc: PUSH1 0x00 000000be: POP 000000bf: SLOAD 000000c0: SUB 000000c1: PUSH1 0x03 000000c3: MUL 000000c4: PUSH1 0x02 000000c6: PUSH1 0x00 000000c8: POP 000000c9: SLOAD 000000ca: SUB 000000cb: SWAP2 000000cc: POP 000000cd: DUP2 000000ce: POP 000000cf: PUSH1 0x01 000000d1: PUSH1 0x00 000000d3: POP 000000d4: SLOAD 000000d5: PUSH1 0x02 000000d7: PUSH1 0x00 000000d9: POP 000000da: SLOAD 000000db: SUB 000000dc: SWAP1 000000dd: POP 000000de: DUP1 000000df: POP 000000e0: DUP2 000000e1: SWAP3 000000e2: POP 000000e3: DUP3 000000e4: POP 000000e5: JUMPDEST 000000e6: DUP1 000000e7: DUP4 000000e8: LT 000000e9: ISZERO 000000ea: PUSH2 0x0170 000000ed: JUMPI 000000ee: PUSH1 0x03 000000f0: DUP1 000000f1: SLOAD 000000f2: DUP5 000000f3: SWAP1 000000f4: DUP2 000000f5: LT 000000f6: ISZERO 000000f7: PUSH2 0x0002 000000fa: JUMPI 000000fb: SWAP1 000000fc: DUP6 000000fd: MSTORE 000000fe: PUSH1 0x40 00000100: MLOAD 00000101: PUSH1 0x00 00000103: DUP1 00000104: MLOAD 00000105: PUSH1 0x20 00000107: PUSH2 0x02c3 0000010a: DUP4 0000010b: CODECOPY 0000010c: DUP2 0000010d: MLOAD 0000010e: SWAP2 0000010f: MSTORE 00000110: SWAP2 00000111: SWAP1 00000112: SWAP2 00000113: ADD 00000114: SLOAD 00000115: PUSH1 0x01 00000117: PUSH1 0xa0 00000119: PUSH1 0x02 0000011b: EXP 0000011c: SUB 0000011d: AND 0000011e: SWAP1 0000011f: DUP6 00000120: SWAP1 00000121: PUSH8 0x06f05b59d3b20000 0000012a: SWAP1 0000012b: DUP3 0000012c: DUP2 0000012d: DUP2 0000012e: DUP2 0000012f: DUP6 00000130: DUP9 00000131: DUP4 00000132: CALL 00000133: POP 00000134: POP 00000135: POP 00000136: POP 00000137: POP 00000138: PUSH1 0x01 0000013a: SWAP3 0000013b: SWAP1 0000013c: SWAP3 0000013d: ADD 0000013e: SWAP2 0000013f: PUSH2 0x00e5 00000142: JUMP 00000143: JUMPDEST 00000144: PUSH1 0x03 00000146: SLOAD 00000147: JUMPDEST 00000148: PUSH1 0x60 0000014a: SWAP1 0000014b: DUP2 0000014c: MSTORE 0000014d: PUSH1 0x20 0000014f: SWAP1 00000150: RETURN 00000151: JUMPDEST 00000152: PUSH2 0x0147 00000155: PUSH1 0x02 00000157: SLOAD 00000158: DUP2 00000159: JUMP 0000015a: JUMPDEST 0000015b: PUSH2 0x0147 0000015e: PUSH1 0x00 00000160: SLOAD 00000161: DUP2 00000162: JUMP 00000163: JUMPDEST 00000164: STOP 00000165: JUMPDEST 00000166: POP 00000167: POP 00000168: POP 00000169: POP 0000016a: JUMPDEST 0000016b: POP 0000016c: POP 0000016d: POP 0000016e: POP 0000016f: JUMP 00000170: JUMPDEST 00000171: DUP2 00000172: DUP2 00000173: SUB 00000174: PUSH8 0x06f05b59d3b20000 0000017d: MUL 0000017e: PUSH1 0x00 00000180: PUSH1 0x00 00000182: DUP3 00000183: DUP3 00000184: DUP3 00000185: POP 00000186: SLOAD 00000187: SUB 00000188: SWAP3 00000189: POP 0000018a: POP 0000018b: DUP2 0000018c: SWAP1 0000018d: SSTORE 0000018e: POP 0000018f: JUMPDEST 00000190: PUSH1 0x02 00000192: SLOAD 00000193: PUSH1 0x03 00000195: DUP1 00000196: SLOAD 00000197: SWAP1 00000198: SWAP2 00000199: NUMBER 0000019a: PUSH1 0x00 0000019c: NOT 0000019d: ADD 0000019e: BLOCKHASH 0000019f: MOD 000001a0: SWAP1 000001a1: DUP2 000001a2: LT 000001a3: ISZERO 000001a4: PUSH2 0x0002 000001a7: JUMPI 000001a8: SWAP1 000001a9: DUP6 000001aa: MSTORE 000001ab: PUSH1 0x40 000001ad: MLOAD 000001ae: PUSH1 0x00 000001b0: DUP1 000001b1: MLOAD 000001b2: PUSH1 0x20 000001b4: PUSH2 0x02c3 000001b7: DUP4 000001b8: CODECOPY 000001b9: DUP2 000001ba: MLOAD 000001bb: SWAP2 000001bc: MSTORE 000001bd: SWAP2 000001be: SWAP1 000001bf: SWAP2 000001c0: ADD 000001c1: SLOAD 000001c2: PUSH1 0x01 000001c4: PUSH1 0xa0 000001c6: PUSH1 0x02 000001c8: EXP 000001c9: SUB 000001ca: AND 000001cb: SWAP1 000001cc: DUP6 000001cd: SWAP1 000001ce: PUSH8 0x0de0b6b3a7640000 000001d7: SWAP1 000001d8: DUP3 000001d9: DUP2 000001da: DUP2 000001db: DUP2 000001dc: DUP6 000001dd: DUP9 000001de: DUP4 000001df: CALL 000001e0: POP 000001e1: POP 000001e2: SWAP1 000001e3: SLOAD 000001e4: PUSH8 0x0de0b6b3a763ffff 000001ed: NOT 000001ee: ADD 000001ef: DUP1 000001f0: DUP8 000001f1: SSTORE 000001f2: DUP7 000001f3: SWAP1 000001f4: GT 000001f5: ISZERO 000001f6: SWAP2 000001f7: POP 000001f8: PUSH2 0x0270 000001fb: SWAP1 000001fc: POP 000001fd: JUMPI 000001fe: PUSH1 0x02 00000200: SLOAD 00000201: DUP5 00000202: SLOAD 00000203: DIV 00000204: SWAP4 00000205: SWAP3 00000206: POP 00000207: JUMPDEST 00000208: PUSH1 0x02 0000020a: SLOAD 0000020b: DUP4 0000020c: LT 0000020d: ISZERO 0000020e: PUSH2 0x0260 00000211: JUMPI 00000212: PUSH1 0x03 00000214: DUP1 00000215: SLOAD 00000216: DUP5 00000217: SWAP1 00000218: DUP2 00000219: LT 0000021a: ISZERO 0000021b: PUSH2 0x0002 0000021e: JUMPI 0000021f: PUSH1 0x00 00000221: SWAP2 00000222: DUP3 00000223: MSTORE 00000224: PUSH1 0x40 00000226: MLOAD 00000227: PUSH1 0x00 00000229: DUP1 0000022a: MLOAD 0000022b: PUSH1 0x20 0000022d: PUSH2 0x02c3 00000230: DUP4 00000231: CODECOPY 00000232: DUP2 00000233: MLOAD 00000234: SWAP2 00000235: MSTORE 00000236: SWAP2 00000237: SWAP1 00000238: SWAP2 00000239: ADD 0000023a: SLOAD 0000023b: PUSH1 0x01 0000023d: PUSH1 0xa0 0000023f: PUSH1 0x02 00000241: EXP 00000242: SUB 00000243: AND 00000244: SWAP2 00000245: SWAP1 00000246: DUP7 00000247: SWAP1 00000248: DUP3 00000249: DUP2 0000024a: DUP2 0000024b: DUP2 0000024c: DUP6 0000024d: DUP9 0000024e: DUP4 0000024f: CALL 00000250: POP 00000251: POP 00000252: POP 00000253: POP 00000254: POP 00000255: PUSH1 0x01 00000257: SWAP3 00000258: SWAP1 00000259: SWAP3 0000025a: ADD 0000025b: SWAP2 0000025c: PUSH2 0x0207 0000025f: JUMP 00000260: JUMPDEST 00000261: PUSH1 0x02 00000263: SLOAD 00000264: PUSH1 0x00 00000266: DUP1 00000267: SLOAD 00000268: SWAP2 00000269: DUP7 0000026a: MUL 0000026b: SWAP1 0000026c: SWAP2 0000026d: SUB 0000026e: SWAP1 0000026f: SSTORE 00000270: JUMPDEST 00000271: PUSH1 0x03 00000273: DUP1 00000274: SLOAD 00000275: PUSH1 0x01 00000277: DUP1 00000278: SLOAD 00000279: DUP3 0000027a: ADD 0000027b: ADD 0000027c: DUP1 0000027d: DUP4 0000027e: SSTORE 0000027f: SWAP2 00000280: SWAP1 00000281: DUP3 00000282: SWAP1 00000283: DUP1 00000284: ISZERO 00000285: DUP3 00000286: SWAP1 00000287: GT 00000288: PUSH2 0x0165 0000028b: JUMPI 0000028c: PUSH1 0x00 0000028e: DUP4 0000028f: SWAP1 00000290: MSTORE 00000291: PUSH2 0x0165 00000294: SWAP1 00000295: PUSH1 0x00 00000297: DUP1 00000298: MLOAD 00000299: PUSH1 0x20 0000029b: PUSH2 0x02c3 0000029e: DUP4 0000029f: CODECOPY 000002a0: DUP2 000002a1: MLOAD 000002a2: SWAP2 000002a3: MSTORE 000002a4: SWAP1 000002a5: DUP2 000002a6: ADD 000002a7: SWAP1 000002a8: DUP4 000002a9: ADD 000002aa: JUMPDEST 000002ab: DUP1 000002ac: DUP3 000002ad: GT 000002ae: ISZERO 000002af: PUSH2 0x02be 000002b2: JUMPI 000002b3: PUSH1 0x00 000002b5: DUP2 000002b6: SSTORE 000002b7: PUSH1 0x01 000002b9: ADD 000002ba: PUSH2 0x02aa 000002bd: JUMP 000002be: JUMPDEST 000002bf: POP 000002c0: SWAP1 000002c1: JUMP 000002c2: STOP 000002c3: UNKNOWN(0xC2) 000002c4: JUMPI 000002c5: GAS 000002c6: UNKNOWN(0x0E) 000002c7: SWAP15 000002c8: MSIZE 000002c9: EXTCODECOPY 000002ca: STOP 000002cb: UNKNOWN(0xF9) 000002cc: MSIZE 000002cd: UNKNOWN(0xF8) 000002ce: UNKNOWN(0xC9) 000002cf: UNKNOWN(0x2F) 000002d0: SLT 000002d1: UNKNOWN(0xDB) 000002d2: UNKNOWN(0x28) 000002d3: PUSH10 0xc3395a3b0502d05e2516 000002de: DIFFICULTY 000002df: PUSH16
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xff95ae583690d22538ce1b1f10684400cc56d482764ad964b1654bcf048b6a11
call_targets:
0xfbc128067a2fe13c11bbc6cc55f29aa1f27630da
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xff95ae583690d22538ce1b1f10684400cc56d482764ad964b1654bcf048b6a11",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xfbc128067a2fe13c11bbc6cc55f29aa1f27630da"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x4c8fe526",
"selector": "0x4c8fe526",
"calldata_variants": [
"0x4c8fe526",
"0x4c8fe5260000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6c4470fb",
"selector": "0x6c4470fb",
"calldata_variants": [
"0x6c4470fb",
"0x6c4470fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb69ef8a8",
"selector": "0xb69ef8a8",
"calldata_variants": [
"0xb69ef8a8",
"0xb69ef8a80000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 306,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 479,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 591,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xff95ae583690d22538ce1b1f10684400cc56d482764ad964b1654bcf048b6a11
call_targets:
0xfbc128067a2fe13c11bbc6cc55f29aa1f27630da
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xff95ae583690d22538ce1b1f10684400cc56d482764ad964b1654bcf048b6a11",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xfbc128067a2fe13c11bbc6cc55f29aa1f27630da"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x4c8fe526",
"selector": "0x4c8fe526",
"calldata_variants": [
"0x4c8fe526",
"0x4c8fe5260000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6c4470fb",
"selector": "0x6c4470fb",
"calldata_variants": [
"0x6c4470fb",
"0x6c4470fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb69ef8a8",
"selector": "0xb69ef8a8",
"calldata_variants": [
"0xb69ef8a8",
"0xb69ef8a80000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 306,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 479,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 591,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|