TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-a8aa-7228-ad50-1bd8014f3e5c

failed
Chain ID
1
Address
0xaec2e87e0a235266d9c5adc9deb4b2e29b54d009
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20473 artifact.fetch complete 1 / 3 3 months ago
20474 tool.cast_disasm complete 1 / 3 3 months ago
88625 analysis.bundle complete 1 / 3 1 week ago
88626 capability.graph complete 1 / 3 1 week ago
88627 detector.run complete 1 / 3 1 week ago
88628 validation.fork complete 1 / 3 1 week ago
113734 report.consolidate complete 1 / 6 1 week ago
113735 tool.slither failed 2 / 2 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither
Status
failed solc version 0.3.5 is too old for supported toolchain
Attempts
2 / 2
Findings
0
Solc
View stderr 
Traceback (most recent call last):
  File "/var/www/tripwire/worker/worker.py", line 198, in main
    payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
  File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
    return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
           ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/www/tripwire/worker/jobs/slither_run.py", line 1056, in run
    solc_path, solc_meta = _prepare_solc(chosen_version, workspace)
                           ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/www/tripwire/worker/jobs/slither_run.py", line 190, in _prepare_solc
    raise RuntimeError(f"solc version {default_version} is too old for supported toolchain")
RuntimeError: solc version 0.3.5 is too old for supported toolchain

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-b3hff4lb
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c9d-0146-76b0-bf20-aea412489d4f
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:48:08.753571+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "source",
        "file_count": 1,
        "import_count": 0,
        "first_party_contracts_count": 1
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
9
EXT*/BALANCE
0
Total opcodes
1229
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0082
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06fdde03
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0084
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x095ea7b3
00000025: EQ
00000026: PUSH2 0x00be
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x18160ddd
00000030: EQ
00000031: PUSH2 0x0133
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x23b872dd
0000003b: EQ
0000003c: PUSH2 0x013c
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x313ce567
00000046: EQ
00000047: PUSH2 0x0158
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x475a9fa9
00000051: EQ
00000052: PUSH2 0x0160
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0x70a08231
0000005c: EQ
0000005d: PUSH2 0x0194
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0x95d89b41
00000067: EQ
00000068: PUSH2 0x01c2
0000006b: JUMPI
0000006c: DUP1
0000006d: PUSH4 0xa9059cbb
00000072: EQ
00000073: PUSH2 0x01fc
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0xdd62ed3e
0000007d: EQ
0000007e: PUSH2 0x0215
00000081: JUMPI
00000082: JUMPDEST
00000083: STOP
00000084: JUMPDEST
00000085: PUSH2 0x0249
00000088: PUSH1 0x40
0000008a: DUP1
0000008b: MLOAD
0000008c: DUP1
0000008d: DUP3
0000008e: ADD
0000008f: SWAP1
00000090: SWAP2
00000091: MSTORE
00000092: PUSH1 0x0b
00000094: DUP2
00000095: MSTORE
00000096: PUSH32 0x53696e67756c6172445456000000000000000000000000000000000000000000
000000b7: PUSH1 0x20
000000b9: DUP3
000000ba: ADD
000000bb: MSTORE
000000bc: DUP2
000000bd: JUMP
000000be: JUMPDEST
000000bf: PUSH2 0x02b7
000000c2: PUSH1 0x04
000000c4: CALLDATALOAD
000000c5: PUSH1 0x24
000000c7: CALLDATALOAD
000000c8: CALLER
000000c9: PUSH1 0x01
000000cb: PUSH1 0xa0
000000cd: PUSH1 0x02
000000cf: EXP
000000d0: SUB
000000d1: SWAP1
000000d2: DUP2
000000d3: AND
000000d4: PUSH1 0x00
000000d6: DUP2
000000d7: DUP2
000000d8: MSTORE
000000d9: PUSH1 0x01
000000db: PUSH1 0x20
000000dd: SWAP1
000000de: DUP2
000000df: MSTORE
000000e0: PUSH1 0x40
000000e2: DUP1
000000e3: DUP4
000000e4: KECCAK256
000000e5: SWAP5
000000e6: DUP8
000000e7: AND
000000e8: DUP1
000000e9: DUP5
000000ea: MSTORE
000000eb: SWAP5
000000ec: DUP3
000000ed: MSTORE
000000ee: DUP1
000000ef: DUP4
000000f0: KECCAK256
000000f1: DUP7
000000f2: SWAP1
000000f3: SSTORE
000000f4: DUP1
000000f5: MLOAD
000000f6: DUP7
000000f7: DUP2
000000f8: MSTORE
000000f9: SWAP1
000000fa: MLOAD
000000fb: SWAP3
000000fc: SWAP5
000000fd: SWAP4
000000fe: SWAP3
000000ff: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
00000120: SWAP3
00000121: SWAP2
00000122: DUP2
00000123: SWAP1
00000124: SUB
00000125: SWAP1
00000126: SWAP2
00000127: ADD
00000128: SWAP1
00000129: LOG3
0000012a: POP
0000012b: PUSH1 0x01
0000012d: JUMPDEST
0000012e: SWAP3
0000012f: SWAP2
00000130: POP
00000131: POP
00000132: JUMP
00000133: JUMPDEST
00000134: PUSH2 0x01b0
00000137: PUSH1 0x02
00000139: SLOAD
0000013a: DUP2
0000013b: JUMP
0000013c: JUMPDEST
0000013d: PUSH2 0x02b7
00000140: PUSH1 0x04
00000142: CALLDATALOAD
00000143: PUSH1 0x24
00000145: CALLDATALOAD
00000146: PUSH1 0x44
00000148: CALLDATALOAD
00000149: PUSH1 0x00
0000014b: PUSH1 0x00
0000014d: CALLVALUE
0000014e: GT
0000014f: ISZERO
00000150: PUSH2 0x02eb
00000153: JUMPI
00000154: PUSH2 0x0002
00000157: JUMP
00000158: JUMPDEST
00000159: PUSH2 0x02cb
0000015c: PUSH1 0x00
0000015e: DUP2
0000015f: JUMP
00000160: JUMPDEST
00000161: PUSH2 0x02b7
00000164: PUSH1 0x04
00000166: CALLDATALOAD
00000167: PUSH1 0x24
00000169: CALLDATALOAD
0000016a: PUSH1 0x00
0000016c: PUSH20 0xbdf5c4f1c1a9d7335a6a68d9aa011d5f40cf5520
00000181: CALLER
00000182: PUSH1 0x01
00000184: PUSH1 0xa0
00000186: PUSH1 0x02
00000188: EXP
00000189: SUB
0000018a: AND
0000018b: EQ
0000018c: PUSH2 0x053e
0000018f: JUMPI
00000190: PUSH2 0x0002
00000193: JUMP
00000194: JUMPDEST
00000195: PUSH1 0x01
00000197: PUSH1 0xa0
00000199: PUSH1 0x02
0000019b: EXP
0000019c: SUB
0000019d: PUSH1 0x04
0000019f: CALLDATALOAD
000001a0: AND
000001a1: PUSH1 0x00
000001a3: SWAP1
000001a4: DUP2
000001a5: MSTORE
000001a6: PUSH1 0x20
000001a8: DUP2
000001a9: SWAP1
000001aa: MSTORE
000001ab: PUSH1 0x40
000001ad: SWAP1
000001ae: KECCAK256
000001af: SLOAD
000001b0: JUMPDEST
000001b1: PUSH1 0x40
000001b3: DUP1
000001b4: MLOAD
000001b5: SWAP2
000001b6: DUP3
000001b7: MSTORE
000001b8: MLOAD
000001b9: SWAP1
000001ba: DUP2
000001bb: SWAP1
000001bc: SUB
000001bd: PUSH1 0x20
000001bf: ADD
000001c0: SWAP1
000001c1: RETURN
000001c2: JUMPDEST
000001c3: PUSH2 0x0249
000001c6: PUSH1 0x40
000001c8: DUP1
000001c9: MLOAD
000001ca: DUP1
000001cb: DUP3
000001cc: ADD
000001cd: SWAP1
000001ce: SWAP2
000001cf: MSTORE
000001d0: PUSH1 0x05
000001d2: DUP2
000001d3: MSTORE
000001d4: PUSH32 0x534e474c53000000000000000000000000000000000000000000000000000000
000001f5: PUSH1 0x20
000001f7: DUP3
000001f8: ADD
000001f9: MSTORE
000001fa: DUP2
000001fb: JUMP
000001fc: JUMPDEST
000001fd: PUSH2 0x02b7
00000200: PUSH1 0x04
00000202: CALLDATALOAD
00000203: PUSH1 0x24
00000205: CALLDATALOAD
00000206: PUSH1 0x00
00000208: PUSH1 0x00
0000020a: CALLVALUE
0000020b: GT
0000020c: ISZERO
0000020d: PUSH2 0x057d
00000210: JUMPI
00000211: PUSH2 0x0002
00000214: JUMP
00000215: JUMPDEST
00000216: PUSH2 0x01b0
00000219: PUSH1 0x04
0000021b: CALLDATALOAD
0000021c: PUSH1 0x24
0000021e: CALLDATALOAD
0000021f: PUSH1 0x01
00000221: PUSH1 0xa0
00000223: PUSH1 0x02
00000225: EXP
00000226: SUB
00000227: DUP3
00000228: DUP2
00000229: AND
0000022a: PUSH1 0x00
0000022c: SWAP1
0000022d: DUP2
0000022e: MSTORE
0000022f: PUSH1 0x01
00000231: PUSH1 0x20
00000233: SWAP1
00000234: DUP2
00000235: MSTORE
00000236: PUSH1 0x40
00000238: DUP1
00000239: DUP4
0000023a: KECCAK256
0000023b: SWAP4
0000023c: DUP6
0000023d: AND
0000023e: DUP4
0000023f: MSTORE
00000240: SWAP3
00000241: SWAP1
00000242: MSTORE
00000243: KECCAK256
00000244: SLOAD
00000245: PUSH2 0x012d
00000248: JUMP
00000249: JUMPDEST
0000024a: PUSH1 0x40
0000024c: MLOAD
0000024d: DUP1
0000024e: DUP1
0000024f: PUSH1 0x20
00000251: ADD
00000252: DUP3
00000253: DUP2
00000254: SUB
00000255: DUP3
00000256: MSTORE
00000257: DUP4
00000258: DUP2
00000259: DUP2
0000025a: MLOAD
0000025b: DUP2
0000025c: MSTORE
0000025d: PUSH1 0x20
0000025f: ADD
00000260: SWAP2
00000261: POP
00000262: DUP1
00000263: MLOAD
00000264: SWAP1
00000265: PUSH1 0x20
00000267: ADD
00000268: SWAP1
00000269: DUP1
0000026a: DUP4
0000026b: DUP4
0000026c: DUP3
0000026d: SWAP1
0000026e: PUSH1 0x00
00000270: PUSH1 0x04
00000272: PUSH1 0x20
00000274: DUP5
00000275: PUSH1 0x1f
00000277: ADD
00000278: DIV
00000279: PUSH1 0x0f
0000027b: MUL
0000027c: PUSH1 0x03
0000027e: ADD
0000027f: CALL
00000280: POP
00000281: SWAP1
00000282: POP
00000283: SWAP1
00000284: DUP2
00000285: ADD
00000286: SWAP1
00000287: PUSH1 0x1f
00000289: AND
0000028a: DUP1
0000028b: ISZERO
0000028c: PUSH2 0x02a9
0000028f: JUMPI
00000290: DUP1
00000291: DUP3
00000292: SUB
00000293: DUP1
00000294: MLOAD
00000295: PUSH1 0x01
00000297: DUP4
00000298: PUSH1 0x20
0000029a: SUB
0000029b: PUSH2 0x0100
0000029e: EXP
0000029f: SUB
000002a0: NOT
000002a1: AND
000002a2: DUP2
000002a3: MSTORE
000002a4: PUSH1 0x20
000002a6: ADD
000002a7: SWAP2
000002a8: POP
000002a9: JUMPDEST
000002aa: POP
000002ab: SWAP3
000002ac: POP
000002ad: POP
000002ae: POP
000002af: PUSH1 0x40
000002b1: MLOAD
000002b2: DUP1
000002b3: SWAP2
000002b4: SUB
000002b5: SWAP1
000002b6: RETURN
000002b7: JUMPDEST
000002b8: PUSH1 0x40
000002ba: DUP1
000002bb: MLOAD
000002bc: SWAP2
000002bd: ISZERO
000002be: ISZERO
000002bf: DUP3
000002c0: MSTORE
000002c1: MLOAD
000002c2: SWAP1
000002c3: DUP2
000002c4: SWAP1
000002c5: SUB
000002c6: PUSH1 0x20
000002c8: ADD
000002c9: SWAP1
000002ca: RETURN
000002cb: JUMPDEST
000002cc: PUSH1 0x40
000002ce: DUP1
000002cf: MLOAD
000002d0: PUSH1 0xff
000002d2: SWAP1
000002d3: SWAP3
000002d4: AND
000002d5: DUP3
000002d6: MSTORE
000002d7: MLOAD
000002d8: SWAP1
000002d9: DUP2
000002da: SWAP1
000002db: SUB
000002dc: PUSH1 0x20
000002de: ADD
000002df: SWAP1
000002e0: RETURN
000002e1: JUMPDEST
000002e2: SWAP1
000002e3: POP
000002e4: JUMPDEST
000002e5: SWAP4
000002e6: SWAP3
000002e7: POP
000002e8: POP
000002e9: POP
000002ea: JUMP
000002eb: JUMPDEST
000002ec: PUSH20 0xe736091fc36f1ad476f5e4e03e4425940822d3ba
00000301: PUSH1 0x01
00000303: PUSH1 0xa0
00000305: PUSH1 0x02
00000307: EXP
00000308: SUB
00000309: AND
0000030a: PUSH4 0x720c4798
0000030f: PUSH1 0x40
00000311: MLOAD
00000312: DUP2
00000313: PUSH1 0xe0
00000315: PUSH1 0x02
00000317: EXP
00000318: MUL
00000319: DUP2
0000031a: MSTORE
0000031b: PUSH1 0x04
0000031d: ADD
0000031e: DUP1
0000031f: SWAP1
00000320: POP
00000321: PUSH1 0x20
00000323: PUSH1 0x40
00000325: MLOAD
00000326: DUP1
00000327: DUP4
00000328: SUB
00000329: DUP2
0000032a: PUSH1 0x00
0000032c: DUP8
0000032d: PUSH2 0x61da
00000330: GAS
00000331: SUB
00000332: CALL
00000333: ISZERO
00000334: PUSH2 0x0002
00000337: JUMPI
00000338: POP
00000339: POP
0000033a: PUSH1 0x40
0000033c: MLOAD
0000033d: MLOAD
0000033e: PUSH1 0x01
00000340: PUSH1 0xa0
00000342: PUSH1 0x02
00000344: EXP
00000345: SUB
00000346: SWAP1
00000347: DUP2
00000348: AND
00000349: CALLER
0000034a: SWAP1
0000034b: SWAP2
0000034c: AND
0000034d: EQ
0000034e: SWAP1
0000034f: POP
00000350: DUP1
00000351: ISZERO
00000352: PUSH2 0x03ac
00000355: JUMPI
00000356: POP
00000357: PUSH20 0xbdf5c4f1c1a9d7335a6a68d9aa011d5f40cf5520
0000036c: PUSH1 0x01
0000036e: PUSH1 0xa0
00000370: PUSH1 0x02
00000372: EXP
00000373: SUB
00000374: AND
00000375: PUSH4 0x49cc954b
0000037a: PUSH1 0x40
0000037c: MLOAD
0000037d: DUP2
0000037e: PUSH1 0xe0
00000380: PUSH1 0x02
00000382: EXP
00000383: MUL
00000384: DUP2
00000385: MSTORE
00000386: PUSH1 0x04
00000388: ADD
00000389: DUP1
0000038a: SWAP1
0000038b: POP
0000038c: PUSH1 0x20
0000038e: PUSH1 0x40
00000390: MLOAD
00000391: DUP1
00000392: DUP4
00000393: SUB
00000394: DUP2
00000395: PUSH1 0x00
00000397: DUP8
00000398: PUSH2 0x61da
0000039b: GAS
0000039c: SUB
0000039d: CALL
0000039e: ISZERO
0000039f: PUSH2 0x0002
000003a2: JUMPI
000003a3: POP
000003a4: POP
000003a5: PUSH1 0x40
000003a7: MLOAD
000003a8: MLOAD
000003a9: ISZERO
000003aa: SWAP1
000003ab: POP
000003ac: JUMPDEST
000003ad: ISZERO
000003ae: PUSH2 0x03b6
000003b1: JUMPI
000003b2: PUSH2 0x0002
000003b5: JUMP
000003b6: JUMPDEST
000003b7: PUSH20 0xe736091fc36f1ad476f5e4e03e4425940822d3ba
000003cc: PUSH1 0x01
000003ce: PUSH1 0xa0
000003d0: PUSH1 0x02
000003d2: EXP
000003d3: SUB
000003d4: AND
000003d5: PUSH4 0x5d0be9de
000003da: DUP6
000003db: PUSH1 0x40
000003dd: MLOAD
000003de: DUP3
000003df: PUSH1 0xe0
000003e1: PUSH1 0x02
000003e3: EXP
000003e4: MUL
000003e5: DUP2
000003e6: MSTORE
000003e7: PUSH1 0x04
000003e9: ADD
000003ea: DUP1
000003eb: DUP3
000003ec: PUSH1 0x01
000003ee: PUSH1 0xa0
000003f0: PUSH1 0x02
000003f2: EXP
000003f3: SUB
000003f4: AND
000003f5: DUP2
000003f6: MSTORE
000003f7: PUSH1 0x20
000003f9: ADD
000003fa: SWAP2
000003fb: POP
000003fc: POP
000003fd: PUSH1 0x20
000003ff: PUSH1 0x40
00000401: MLOAD
00000402: DUP1
00000403: DUP4
00000404: SUB
00000405: DUP2
00000406: PUSH1 0x00
00000408: DUP8
00000409: PUSH2 0x61da
0000040c: GAS
0000040d: SUB
0000040e: CALL
0000040f: ISZERO
00000410: PUSH2 0x0002
00000413: JUMPI
00000414: POP
00000415: PUSH1 0x40
00000417: DUP1
00000418: MLOAD
00000419: PUSH1 0xe1
0000041b: PUSH1 0x02
0000041d: EXP
0000041e: PUSH4 0x2e85f4ef
00000423: MUL
00000424: DUP2
00000425: MSTORE
00000426: PUSH1 0x01
00000428: PUSH1 0xa0
0000042a: PUSH1 0x02
0000042c: EXP
0000042d: SUB
0000042e: DUP8
0000042f: AND
00000430: PUSH1 0x04
00000432: DUP3
00000433: ADD
00000434: MSTORE
00000435: SWAP1
00000436: MLOAD
00000437: PUSH1 0x24
00000439: DUP3
0000043a: DUP2
0000043b: ADD
0000043c: SWAP3
0000043d: PUSH1 0x20
0000043f: SWAP3
00000440: SWAP2
00000441: SWAP1
00000442: DUP3
00000443: SWAP1
00000444: SUB
00000445: ADD
00000446: DUP2
00000447: PUSH1 0x00
00000449: DUP8
0000044a: PUSH2 0x61da
0000044d: GAS
0000044e: SUB
0000044f: CALL
00000450: ISZERO
00000451: PUSH2 0x0002
00000454: JUMPI
00000455: POP
00000456: PUSH2 0x02e1
00000459: SWAP2
0000045a: POP
0000045b: DUP6
0000045c: SWAP1
0000045d: POP
0000045e: DUP5
0000045f: DUP5
00000460: PUSH1 0x01
00000462: PUSH1 0xa0
00000464: PUSH1 0x02
00000466: EXP
00000467: SUB
00000468: DUP4
00000469: AND
0000046a: PUSH1 0x00
0000046c: SWAP1
0000046d: DUP2
0000046e: MSTORE
0000046f: PUSH1 0x20
00000471: DUP2
00000472: SWAP1
00000473: MSTORE
00000474: PUSH1 0x40
00000476: DUP2
00000477: KECCAK256
00000478: SLOAD
00000479: DUP3
0000047a: SWAP1
0000047b: LT
0000047c: DUP1
0000047d: ISZERO
0000047e: SWAP1
0000047f: PUSH2 0x04a6
00000482: JUMPI
00000483: POP
00000484: PUSH1 0x01
00000486: PUSH1 0x20
00000488: SWAP1
00000489: DUP2
0000048a: MSTORE
0000048b: PUSH1 0x40
0000048d: DUP1
0000048e: DUP4
0000048f: KECCAK256
00000490: CALLER
00000491: PUSH1 0x01
00000493: PUSH1 0xa0
00000495: PUSH1 0x02
00000497: EXP
00000498: SUB
00000499: AND
0000049a: DUP5
0000049b: MSTORE
0000049c: SWAP1
0000049d: SWAP2
0000049e: MSTORE
0000049f: DUP2
000004a0: KECCAK256
000004a1: SLOAD
000004a2: DUP3
000004a3: SWAP1
000004a4: LT
000004a5: ISZERO
000004a6: JUMPDEST
000004a7: DUP1
000004a8: ISZERO
000004a9: PUSH2 0x04b2
000004ac: JUMPI
000004ad: POP
000004ae: PUSH1 0x00
000004b0: DUP3
000004b1: GT
000004b2: JUMPDEST
000004b3: ISZERO
000004b4: PUSH2 0x0792
000004b7: JUMPI
000004b8: PUSH1 0x01
000004ba: PUSH1 0xa0
000004bc: PUSH1 0x02
000004be: EXP
000004bf: SUB
000004c0: DUP4
000004c1: DUP2
000004c2: AND
000004c3: PUSH1 0x00
000004c5: DUP2
000004c6: DUP2
000004c7: MSTORE
000004c8: PUSH1 0x20
000004ca: DUP2
000004cb: DUP2
000004cc: MSTORE
000004cd: PUSH1 0x40
000004cf: DUP1
000004d0: DUP4
000004d1: KECCAK256
000004d2: DUP1
000004d3: SLOAD
000004d4: DUP9
000004d5: ADD
000004d6: SWAP1
000004d7: SSTORE
000004d8: DUP9
000004d9: DUP6
000004da: AND
000004db: DUP1
000004dc: DUP5
000004dd: MSTORE
000004de: DUP2
000004df: DUP5
000004e0: KECCAK256
000004e1: DUP1
000004e2: SLOAD
000004e3: DUP10
000004e4: SWAP1
000004e5: SUB
000004e6: SWAP1
000004e7: SSTORE
000004e8: PUSH1 0x01
000004ea: DUP4
000004eb: MSTORE
000004ec: DUP2
000004ed: DUP5
000004ee: KECCAK256
000004ef: CALLER
000004f0: SWAP1
000004f1: SWAP7
000004f2: AND
000004f3: DUP5
000004f4: MSTORE
000004f5: SWAP5
000004f6: DUP3
000004f7: MSTORE
000004f8: SWAP2
000004f9: DUP3
000004fa: SWAP1
000004fb: KECCAK256
000004fc: DUP1
000004fd: SLOAD
000004fe: DUP8
000004ff: SWAP1
00000500: SUB
00000501: SWAP1
00000502: SSTORE
00000503: DUP2
00000504: MLOAD
00000505: DUP7
00000506: DUP2
00000507: MSTORE
00000508: SWAP2
00000509: MLOAD
0000050a: SWAP3
0000050b: SWAP4
0000050c: SWAP3
0000050d: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
0000052e: SWAP3
0000052f: DUP2
00000530: SWAP1
00000531: SUB
00000532: SWAP1
00000533: SWAP2
00000534: ADD
00000535: SWAP1
00000536: LOG3
00000537: POP
00000538: PUSH1 0x01
0000053a: PUSH2 0x02e4
0000053d: JUMP
0000053e: JUMPDEST
0000053f: DUP2
00000540: PUSH1 0x00
00000542: EQ
00000543: ISZERO
00000544: PUSH2 0x054f
00000547: JUMPI
00000548: POP
00000549: PUSH1 0x00
0000054b: PUSH2 0x012d
0000054e: JUMP
0000054f: JUMPDEST
00000550: POP
00000551: PUSH1 0x01
00000553: PUSH1 0xa0
00000555: PUSH1 0x02
00000557: EXP
00000558: SUB
00000559: DUP3
0000055a: AND
0000055b: PUSH1 0x00
0000055d: SWAP1
0000055e: DUP2
0000055f: MSTORE
00000560: PUSH1 0x20
00000562: DUP2
00000563: SWAP1
00000564: MSTORE
00000565: PUSH1 0x40
00000567: SWAP1
00000568: KECCAK256
00000569: DUP1
0000056a: SLOAD
0000056b: DUP3
0000056c: ADD
0000056d: SWAP1
0000056e: SSTORE
0000056f: PUSH1 0x02
00000571: DUP1
00000572: SLOAD
00000573: DUP3
00000574: ADD
00000575: SWAP1
00000576: SSTORE
00000577: PUSH1 0x01
00000579: PUSH2 0x012d
0000057c: JUMP
0000057d: JUMPDEST
0000057e: PUSH20 0xe736091fc36f1ad476f5e4e03e4425940822d3ba
00000593: PUSH1 0x01
00000595: PUSH1 0xa0
00000597: PUSH1 0x02
00000599: EXP
0000059a: SUB
0000059b: AND
0000059c: PUSH4 0x720c4798
000005a1: PUSH1 0x40
000005a3: MLOAD
000005a4: DUP2
000005a5: PUSH1 0xe0
000005a7: PUSH1 0x02
000005a9: EXP
000005aa: MUL
000005ab: DUP2
000005ac: MSTORE
000005ad: PUSH1 0x04
000005af: ADD
000005b0: DUP1
000005b1: SWAP1
000005b2: POP
000005b3: PUSH1 0x20
000005b5: PUSH1 0x40
000005b7: MLOAD
000005b8: DUP1
000005b9: DUP4
000005ba: SUB
000005bb: DUP2
000005bc: PUSH1 0x00
000005be: DUP8
000005bf: PUSH2 0x61da
000005c2: GAS
000005c3: SUB
000005c4: CALL
000005c5: ISZERO
000005c6: PUSH2 0x0002
000005c9: JUMPI
000005ca: POP
000005cb: POP
000005cc: PUSH1 0x40
000005ce: MLOAD
000005cf: MLOAD
000005d0: CALLER
000005d1: PUSH1 0x01
000005d3: PUSH1 0xa0
000005d5: PUSH1 0x02
000005d7: EXP
000005d8: SUB
000005d9: SWAP1
000005da: DUP2
000005db: AND
000005dc: SWAP2
000005dd: AND
000005de: EQ
000005df: SWAP1
000005e0: POP
000005e1: DUP1
000005e2: ISZERO
000005e3: PUSH2 0x063d
000005e6: JUMPI
000005e7: POP
000005e8: PUSH20 0xbdf5c4f1c1a9d7335a6a68d9aa011d5f40cf5520
000005fd: PUSH1 0x01
000005ff: PUSH1 0xa0
00000601: PUSH1 0x02
00000603: EXP
00000604: SUB
00000605: AND
00000606: PUSH4 0x49cc954b
0000060b: PUSH1 0x40
0000060d: MLOAD
0000060e: DUP2
0000060f: PUSH1 0xe0
00000611: PUSH1 0x02
00000613: EXP
00000614: MUL
00000615: DUP2
00000616: MSTORE
00000617: PUSH1 0x04
00000619: ADD
0000061a: DUP1
0000061b: SWAP1
0000061c: POP
0000061d: PUSH1 0x20
0000061f: PUSH1 0x40
00000621: MLOAD
00000622: DUP1
00000623: DUP4
00000624: SUB
00000625: DUP2
00000626: PUSH1 0x00
00000628: DUP8
00000629: PUSH2 0x61da
0000062c: GAS
0000062d: SUB
0000062e: CALL
0000062f: ISZERO
00000630: PUSH2 0x0002
00000633: JUMPI
00000634: POP
00000635: POP
00000636: PUSH1 0x40
00000638: MLOAD
00000639: MLOAD
0000063a: ISZERO
0000063b: SWAP1
0000063c: POP
0000063d: JUMPDEST
0000063e: ISZERO
0000063f: PUSH2 0x0647
00000642: JUMPI
00000643: PUSH2 0x0002
00000646: JUMP
00000647: JUMPDEST
00000648: PUSH20 0xe736091fc36f1ad476f5e4e03e4425940822d3ba
0000065d: PUSH1 0x01
0000065f: PUSH1 0xa0
00000661: PUSH1 0x02
00000663: EXP
00000664: SUB
00000665: AND
00000666: PUSH4 0x5d0be9de
0000066b: CALLER
0000066c: PUSH1 0x40
0000066e: MLOAD
0000066f: DUP3
00000670: PUSH1 0xe0
00000672: PUSH1 0x02
00000674: EXP
00000675: MUL
00000676: DUP2
00000677: MSTORE
00000678: PUSH1 0x04
0000067a: ADD
0000067b: DUP1
0000067c: DUP3
0000067d: PUSH1 0x01
0000067f: PUSH1 0xa0
00000681: PUSH1 0x02
00000683: EXP
00000684: SUB
00000685: AND
00000686: DUP2
00000687: MSTORE
00000688: PUSH1 0x20
0000068a: ADD
0000068b: SWAP2
0000068c: POP
0000068d: POP
0000068e: PUSH1 0x20
00000690: PUSH1 0x40
00000692: MLOAD
00000693: DUP1
00000694: DUP4
00000695: SUB
00000696: DUP2
00000697: PUSH1 0x00
00000699: DUP8
0000069a: PUSH2 0x61da
0000069d: GAS
0000069e: SUB
0000069f: CALL
000006a0: ISZERO
000006a1: PUSH2 0x0002
000006a4: JUMPI
000006a5: POP
000006a6: PUSH1 0x40
000006a8: DUP1
000006a9: MLOAD
000006aa: PUSH1 0xe1
000006ac: PUSH1 0x02
000006ae: EXP
000006af: PUSH4 0x2e85f4ef
000006b4: MUL
000006b5: DUP2
000006b6: MSTORE
000006b7: PUSH1 0x01
000006b9: PUSH1 0xa0
000006bb: PUSH1 0x02
000006bd: EXP
000006be: SUB
000006bf: DUP8
000006c0: AND
000006c1: PUSH1 0x04
000006c3: DUP3
000006c4: ADD
000006c5: MSTORE
000006c6: SWAP1
000006c7: MLOAD
000006c8: PUSH1 0x24
000006ca: DUP3
000006cb: DUP2
000006cc: ADD
000006cd: SWAP3
000006ce: PUSH1 0x20
000006d0: SWAP3
000006d1: SWAP2
000006d2: SWAP1
000006d3: DUP3
000006d4: SWAP1
000006d5: SUB
000006d6: ADD
000006d7: DUP2
000006d8: PUSH1 0x00
000006da: DUP8
000006db: PUSH2 0x61da
000006de: GAS
000006df: SUB
000006e0: CALL
000006e1: ISZERO
000006e2: PUSH2 0x0002
000006e5: JUMPI
000006e6: POP
000006e7: PUSH2 0x078b
000006ea: SWAP2
000006eb: POP
000006ec: DUP5
000006ed: SWAP1
000006ee: POP
000006ef: DUP4
000006f0: CALLER
000006f1: PUSH1 0x01
000006f3: PUSH1 0xa0
000006f5: PUSH1 0x02
000006f7: EXP
000006f8: SUB
000006f9: AND
000006fa: PUSH1 0x00
000006fc: SWAP1
000006fd: DUP2
000006fe: MSTORE
000006ff: PUSH1 0x20
00000701: DUP2
00000702: SWAP1
00000703: MSTORE
00000704: PUSH1 0x40
00000706: DUP2
00000707: KECCAK256
00000708: SLOAD
00000709: DUP3
0000070a: SWAP1
0000070b: LT
0000070c: DUP1
0000070d: ISZERO
0000070e: SWAP1
0000070f: PUSH2 0x0718
00000712: JUMPI
00000713: POP
00000714: PUSH1 0x00
00000716: DUP3
00000717: GT
00000718: JUMPDEST
00000719: ISZERO
0000071a: PUSH2 0x079a
0000071d: JUMPI
0000071e: CALLER
0000071f: PUSH1 0x01
00000721: PUSH1 0xa0
00000723: PUSH1 0x02
00000725: EXP
00000726: SUB
00000727: SWAP1
00000728: DUP2
00000729: AND
0000072a: PUSH1 0x00
0000072c: DUP2
0000072d: DUP2
0000072e: MSTORE
0000072f: PUSH1 0x20
00000731: DUP2
00000732: DUP2
00000733: MSTORE
00000734: PUSH1 0x40
00000736: DUP1
00000737: DUP4
00000738: KECCAK256
00000739: DUP1
0000073a: SLOAD
0000073b: DUP9
0000073c: SWAP1
0000073d: SUB
0000073e: SWAP1
0000073f: SSTORE
00000740: SWAP4
00000741: DUP8
00000742: AND
00000743: DUP1
00000744: DUP4
00000745: MSTORE
00000746: SWAP2
00000747: DUP5
00000748: SWAP1
00000749: KECCAK256
0000074a: DUP1
0000074b: SLOAD
0000074c: DUP8
0000074d: ADD
0000074e: SWAP1
0000074f: SSTORE
00000750: DUP4
00000751: MLOAD
00000752: DUP7
00000753: DUP2
00000754: MSTORE
00000755: SWAP4
00000756: MLOAD
00000757: SWAP2
00000758: SWAP4
00000759: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
0000077a: SWAP3
0000077b: SWAP1
0000077c: DUP2
0000077d: SWAP1
0000077e: SUB
0000077f: SWAP1
00000780: SWAP2
00000781: ADD
00000782: SWAP1
00000783: LOG3
00000784: POP
00000785: PUSH1 0x01
00000787: PUSH2 0x012d
0000078a: JUMP
0000078b: JUMPDEST
0000078c: SWAP1
0000078d: POP
0000078e: PUSH2 0x012d
00000791: JUMP
00000792: JUMPDEST
00000793: POP
00000794: PUSH1 0x00
00000796: PUSH2 0x02e4
00000799: JUMP
0000079a: JUMPDEST
0000079b: POP
0000079c: PUSH1 0x00
0000079e: PUSH2 0x012d
000007a1: JUMP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x061af602f8eb1616cf42e6aca84c3d72669412ab5ef02d862ecf75fb879a438d
call_targets: 0x0000000000000000000000000000000000000004, 0xaec2e87e0a235266d9c5adc9deb4b2e29b54d009
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x061af602f8eb1616cf42e6aca84c3d72669412ab5ef02d862ecf75fb879a438d",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xaec2e87e0a235266d9c5adc9deb4b2e29b54d009"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x095ea7b3",
            "selector": "0x095ea7b3",
            "calldata_variants": [
                "0x095ea7b3",
                "0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x18160ddd",
            "selector": "0x18160ddd",
            "calldata_variants": [
                "0x18160ddd",
                "0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x23b872dd",
            "selector": "0x23b872dd",
            "calldata_variants": [
                "0x23b872dd",
                "0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x475a9fa9",
            "selector": "0x475a9fa9",
            "calldata_variants": [
                "0x475a9fa9",
                "0x475a9fa90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x95d89b41",
            "selector": "0x95d89b41",
            "calldata_variants": [
                "0x95d89b41",
                "0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 639,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 818,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 925,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 9,
    "guards_detected": [],
    "untrusted_call_count": 9
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x061af602f8eb1616cf42e6aca84c3d72669412ab5ef02d862ecf75fb879a438d
call_targets: 0x0000000000000000000000000000000000000004, 0xaec2e87e0a235266d9c5adc9deb4b2e29b54d009
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x061af602f8eb1616cf42e6aca84c3d72669412ab5ef02d862ecf75fb879a438d",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0000000000000000000000000000000000000004",
        "0xaec2e87e0a235266d9c5adc9deb4b2e29b54d009"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06fdde03",
            "selector": "0x06fdde03",
            "calldata_variants": [
                "0x06fdde03",
                "0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x095ea7b3",
            "selector": "0x095ea7b3",
            "calldata_variants": [
                "0x095ea7b3",
                "0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x18160ddd",
            "selector": "0x18160ddd",
            "calldata_variants": [
                "0x18160ddd",
                "0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x23b872dd",
            "selector": "0x23b872dd",
            "calldata_variants": [
                "0x23b872dd",
                "0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x313ce567",
            "selector": "0x313ce567",
            "calldata_variants": [
                "0x313ce567",
                "0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x475a9fa9",
            "selector": "0x475a9fa9",
            "calldata_variants": [
                "0x475a9fa9",
                "0x475a9fa90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x95d89b41",
            "selector": "0x95d89b41",
            "calldata_variants": [
                "0x95d89b41",
                "0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 639,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 818,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 925,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 9,
    "guards_detected": []
}