019b477e-a7b9-7350-a0ec-9b78a39940bf
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 20299 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 20300 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 63622 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 63623 | capability.graph | complete | 1 / 3 | 1 week ago |
| 63624 | detector.run | complete | 1 / 3 | 1 week ago |
| 63625 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x0040 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x29652e86 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x005a 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x2df05a3e 00000025: EQ 00000026: PUSH2 0x00bb 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x509d8c72 00000030: EQ 00000031: PUSH2 0x00c4 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0xcff4d6cd 0000003b: EQ 0000003c: PUSH2 0x00d3 0000003f: JUMPI 00000040: JUMPDEST 00000041: PUSH2 0x00dc 00000044: PUSH1 0x00 00000046: PUSH8 0x0c80feb9eea08000 0000004f: CALLVALUE 00000050: LT 00000051: ISZERO 00000052: PUSH2 0x00de 00000055: JUMPI 00000056: PUSH2 0x0002 00000059: JUMP 0000005a: JUMPDEST 0000005b: PUSH2 0x02a3 0000005e: PUSH1 0x04 00000060: CALLDATALOAD 00000061: PUSH1 0x00 00000063: DUP1 00000064: SLOAD 00000065: DUP3 00000066: SWAP1 00000067: DUP2 00000068: LT 00000069: ISZERO 0000006a: PUSH2 0x0002 0000006d: JUMPI 0000006e: POP 0000006f: DUP1 00000070: MSTORE 00000071: PUSH1 0x02 00000073: MUL 00000074: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563 00000095: DUP2 00000096: ADD 00000097: SLOAD 00000098: PUSH1 0x00 0000009a: DUP1 0000009b: MLOAD 0000009c: PUSH1 0x20 0000009e: PUSH2 0x02ba 000000a1: DUP4 000000a2: CODECOPY 000000a3: DUP2 000000a4: MLOAD 000000a5: SWAP2 000000a6: MSTORE 000000a7: SWAP2 000000a8: SWAP1 000000a9: SWAP2 000000aa: ADD 000000ab: SLOAD 000000ac: PUSH1 0x01 000000ae: PUSH1 0xa0 000000b0: PUSH1 0x02 000000b2: EXP 000000b3: SUB 000000b4: SWAP2 000000b5: SWAP1 000000b6: SWAP2 000000b7: AND 000000b8: SWAP1 000000b9: DUP3 000000ba: JUMP 000000bb: JUMPDEST 000000bc: PUSH2 0x02b0 000000bf: PUSH1 0x01 000000c1: SLOAD 000000c2: DUP2 000000c3: JUMP 000000c4: JUMPDEST 000000c5: PUSH2 0x02b0 000000c8: PUSH8 0x0c80feb9eea08000 000000d1: DUP2 000000d2: JUMP 000000d3: JUMPDEST 000000d4: PUSH2 0x02b0 000000d7: PUSH1 0x02 000000d9: SLOAD 000000da: DUP2 000000db: JUMP 000000dc: JUMPDEST 000000dd: STOP 000000de: JUMPDEST 000000df: DUP1 000000e0: SLOAD 000000e1: PUSH1 0x01 000000e3: DUP2 000000e4: ADD 000000e5: DUP1 000000e6: DUP4 000000e7: SSTORE 000000e8: SWAP1 000000e9: SWAP2 000000ea: DUP2 000000eb: DUP4 000000ec: DUP1 000000ed: ISZERO 000000ee: DUP3 000000ef: SWAP1 000000f0: GT 000000f1: PUSH2 0x013d 000000f4: JUMPI 000000f5: PUSH1 0x02 000000f7: MUL 000000f8: DUP2 000000f9: PUSH1 0x02 000000fb: MUL 000000fc: DUP4 000000fd: PUSH1 0x00 000000ff: MSTORE 00000100: PUSH1 0x20 00000102: PUSH1 0x00 00000104: KECCAK256 00000105: SWAP2 00000106: DUP3 00000107: ADD 00000108: SWAP2 00000109: ADD 0000010a: PUSH2 0x013d 0000010d: SWAP2 0000010e: SWAP1 0000010f: JUMPDEST 00000110: DUP1 00000111: DUP3 00000112: GT 00000113: ISZERO 00000114: PUSH2 0x029c 00000117: JUMPI 00000118: DUP1 00000119: SLOAD 0000011a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000012f: NOT 00000130: AND 00000131: DUP2 00000132: SSTORE 00000133: PUSH1 0x01 00000135: ADD 00000136: DUP5 00000137: DUP2 00000138: SSTORE 00000139: PUSH2 0x010f 0000013c: JUMP 0000013d: JUMPDEST 0000013e: POP 0000013f: POP 00000140: POP 00000141: POP 00000142: CALLER 00000143: PUSH1 0x00 00000145: PUSH1 0x00 00000147: POP 00000148: DUP3 00000149: DUP2 0000014a: SLOAD 0000014b: DUP2 0000014c: LT 0000014d: ISZERO 0000014e: PUSH2 0x0002 00000151: JUMPI 00000152: SWAP1 00000153: PUSH1 0x00 00000155: MSTORE 00000156: PUSH1 0x20 00000158: PUSH1 0x00 0000015a: KECCAK256 0000015b: SWAP1 0000015c: PUSH1 0x02 0000015e: MUL 0000015f: ADD 00000160: PUSH1 0x00 00000162: POP 00000163: PUSH1 0x00 00000165: ADD 00000166: PUSH1 0x00 00000168: PUSH2 0x0100 0000016b: EXP 0000016c: DUP2 0000016d: SLOAD 0000016e: DUP2 0000016f: PUSH1 0x01 00000171: PUSH1 0xa0 00000173: PUSH1 0x02 00000175: EXP 00000176: SUB 00000177: MUL 00000178: NOT 00000179: AND 0000017a: SWAP1 0000017b: DUP4 0000017c: MUL 0000017d: OR 0000017e: SWAP1 0000017f: SSTORE 00000180: POP 00000181: PUSH8 0x8ac7230489e80000 0000018a: PUSH1 0x00 0000018c: PUSH1 0x00 0000018e: POP 0000018f: DUP3 00000190: DUP2 00000191: SLOAD 00000192: DUP2 00000193: LT 00000194: ISZERO 00000195: PUSH2 0x0002 00000198: JUMPI 00000199: SWAP1 0000019a: PUSH1 0x00 0000019c: MSTORE 0000019d: PUSH1 0x20 0000019f: PUSH1 0x00 000001a1: KECCAK256 000001a2: SWAP1 000001a3: PUSH1 0x02 000001a5: MUL 000001a6: ADD 000001a7: PUSH1 0x00 000001a9: POP 000001aa: PUSH1 0x01 000001ac: ADD 000001ad: PUSH1 0x00 000001af: POP 000001b0: DUP2 000001b1: SWAP1 000001b2: SSTORE 000001b3: POP 000001b4: JUMPDEST 000001b5: PUSH1 0x01 000001b7: SLOAD 000001b8: PUSH1 0x00 000001ba: DUP1 000001bb: SLOAD 000001bc: ADDRESS 000001bd: PUSH1 0x01 000001bf: PUSH1 0xa0 000001c1: PUSH1 0x02 000001c3: EXP 000001c4: SUB 000001c5: AND 000001c6: BALANCE 000001c7: SWAP3 000001c8: SWAP1 000001c9: DUP2 000001ca: LT 000001cb: ISZERO 000001cc: PUSH2 0x0002 000001cf: JUMPI 000001d0: SWAP1 000001d1: DUP1 000001d2: MSTORE 000001d3: PUSH1 0x02 000001d5: MUL 000001d6: PUSH1 0x00 000001d8: DUP1 000001d9: MLOAD 000001da: PUSH1 0x20 000001dc: PUSH2 0x02ba 000001df: DUP4 000001e0: CODECOPY 000001e1: DUP2 000001e2: MLOAD 000001e3: SWAP2 000001e4: MSTORE 000001e5: ADD 000001e6: SLOAD 000001e7: LT 000001e8: ISZERO 000001e9: PUSH2 0x02a0 000001ec: JUMPI 000001ed: PUSH1 0x01 000001ef: SLOAD 000001f0: PUSH1 0x00 000001f2: DUP1 000001f3: SLOAD 000001f4: SWAP1 000001f5: SWAP2 000001f6: SWAP1 000001f7: DUP2 000001f8: LT 000001f9: ISZERO 000001fa: PUSH2 0x0002 000001fd: JUMPI 000001fe: PUSH1 0x02 00000200: DUP1 00000201: SLOAD 00000202: SWAP2 00000203: DUP2 00000204: MUL 00000205: PUSH1 0x00 00000207: DUP1 00000208: MLOAD 00000209: PUSH1 0x20 0000020b: PUSH2 0x02ba 0000020e: DUP4 0000020f: CODECOPY 00000210: DUP2 00000211: MLOAD 00000212: SWAP2 00000213: MSTORE 00000214: ADD 00000215: SLOAD 00000216: SWAP1 00000217: SWAP2 00000218: ADD 00000219: SWAP1 0000021a: SSTORE 0000021b: PUSH1 0x01 0000021d: SLOAD 0000021e: DUP2 0000021f: SLOAD 00000220: DUP2 00000221: LT 00000222: ISZERO 00000223: PUSH2 0x0002 00000226: JUMPI 00000227: PUSH1 0x02 00000229: MUL 0000022a: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563 0000024b: ADD 0000024c: SWAP1 0000024d: PUSH1 0x01 0000024f: SLOAD 00000250: DUP2 00000251: SLOAD 00000252: SWAP3 00000253: SLOAD 00000254: PUSH1 0x01 00000256: PUSH1 0xa0 00000258: PUSH1 0x02 0000025a: EXP 0000025b: SUB 0000025c: AND 0000025d: SWAP3 0000025e: DUP3 0000025f: SWAP2 00000260: SWAP1 00000261: DUP2 00000262: LT 00000263: ISZERO 00000264: PUSH2 0x0002 00000267: JUMPI 00000268: PUSH1 0x40 0000026a: MLOAD 0000026b: PUSH1 0x02 0000026d: SWAP2 0000026e: SWAP1 0000026f: SWAP2 00000270: MUL 00000271: PUSH1 0x00 00000273: DUP1 00000274: MLOAD 00000275: PUSH1 0x20 00000277: PUSH2 0x02ba 0000027a: DUP4 0000027b: CODECOPY 0000027c: DUP2 0000027d: MLOAD 0000027e: SWAP2 0000027f: MSTORE 00000280: ADD 00000281: SLOAD 00000282: SWAP2 00000283: DUP2 00000284: DUP2 00000285: DUP2 00000286: DUP6 00000287: DUP9 00000288: DUP4 00000289: CALL 0000028a: POP 0000028b: POP 0000028c: PUSH1 0x01 0000028e: DUP1 0000028f: SLOAD 00000290: DUP2 00000291: ADD 00000292: SWAP1 00000293: SSTORE 00000294: POP 00000295: PUSH2 0x01b4 00000298: SWAP2 00000299: POP 0000029a: POP 0000029b: JUMP 0000029c: JUMPDEST 0000029d: POP 0000029e: SWAP1 0000029f: JUMP 000002a0: JUMPDEST 000002a1: POP 000002a2: JUMP 000002a3: JUMPDEST 000002a4: PUSH1 0x60 000002a6: SWAP2 000002a7: DUP3 000002a8: MSTORE 000002a9: PUSH1 0x80 000002ab: MSTORE 000002ac: PUSH1 0x40 000002ae: SWAP1 000002af: RETURN 000002b0: JUMPDEST 000002b1: PUSH1 0x60 000002b3: SWAP1 000002b4: DUP2 000002b5: MSTORE 000002b6: PUSH1 0x20 000002b8: SWAP1 000002b9: RETURN 000002ba: UNKNOWN(0x29) 000002bb: UNKNOWN(0x0D) 000002bc: UNKNOWN(0xEC) 000002bd: UNKNOWN(0xD9) 000002be: SLOAD 000002bf: DUP12 000002c0: PUSH3 0xa8d603 000002c4: GASLIMIT 000002c5: UNKNOWN(0xA9) 000002c6: DUP9 000002c7: CODESIZE 000002c8: PUSH16 0xc84ba6bc95484008f6362f93160ef3e5 000002d9: PUSH5
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xbf38bbe6be1a83a09d426efae515cc7cfbe9ca98a4682bb6e3ec62fb163289d7
call_targets:
0x16a4ff536001405f2b0d7ddafc79f6a10d024640
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xbf38bbe6be1a83a09d426efae515cc7cfbe9ca98a4682bb6e3ec62fb163289d7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x16a4ff536001405f2b0d7ddafc79f6a10d024640"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29652e86",
"selector": "0x29652e86",
"calldata_variants": [
"0x29652e86",
"0x29652e860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2df05a3e",
"selector": "0x2df05a3e",
"calldata_variants": [
"0x2df05a3e",
"0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x509d8c72",
"selector": "0x509d8c72",
"calldata_variants": [
"0x509d8c72",
"0x509d8c720000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcff4d6cd",
"selector": "0xcff4d6cd",
"calldata_variants": [
"0xcff4d6cd",
"0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 649,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xbf38bbe6be1a83a09d426efae515cc7cfbe9ca98a4682bb6e3ec62fb163289d7
call_targets:
0x16a4ff536001405f2b0d7ddafc79f6a10d024640
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xbf38bbe6be1a83a09d426efae515cc7cfbe9ca98a4682bb6e3ec62fb163289d7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x16a4ff536001405f2b0d7ddafc79f6a10d024640"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29652e86",
"selector": "0x29652e86",
"calldata_variants": [
"0x29652e86",
"0x29652e860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2df05a3e",
"selector": "0x2df05a3e",
"calldata_variants": [
"0x2df05a3e",
"0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x509d8c72",
"selector": "0x509d8c72",
"calldata_variants": [
"0x509d8c72",
"0x509d8c720000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcff4d6cd",
"selector": "0xcff4d6cd",
"calldata_variants": [
"0xcff4d6cd",
"0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 649,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|