TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-a8e3-70bc-8689-c0bf2288a068

failed
Chain ID
1
Address
0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 2 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20513 artifact.fetch complete 1 / 3 3 months ago
20514 tool.cast_disasm complete 1 / 3 3 months ago
88549 analysis.bundle complete 1 / 3 1 week ago
88550 capability.graph complete 1 / 3 1 week ago
88551 detector.run complete 1 / 3 1 week ago
88552 validation.fork complete 1 / 3 1 week ago
113725 report.consolidate complete 1 / 6 1 week ago
113726 tool.slither failed 2 / 2 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither
Status
failed solc version 0.4.0 is too old for supported toolchain
Attempts
2 / 2
Findings
0
Solc
View stderr 
Traceback (most recent call last):
  File "/var/www/tripwire/worker/worker.py", line 198, in main
    payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
  File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
    return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
           ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/www/tripwire/worker/jobs/slither_run.py", line 1056, in run
    solc_path, solc_meta = _prepare_solc(chosen_version, workspace)
                           ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/www/tripwire/worker/jobs/slither_run.py", line 190, in _prepare_solc
    raise RuntimeError(f"solc version {default_version} is too old for supported toolchain")
RuntimeError: solc version 0.4.0 is too old for supported toolchain

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-knbiuezf
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c9c-cf3d-76c0-8f39-de950c830566
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:47:55.524634+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "source",
        "file_count": 1,
        "import_count": 0,
        "first_party_contracts_count": 1
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
10
EXT*/BALANCE
10
Total opcodes
1292
Flags
heavy_ext_balance_usage
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x006c
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x2ebec916
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0075
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x36bc32a2
00000025: EQ
00000026: PUSH2 0x0084
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x50148ed2
00000030: EQ
00000031: PUSH2 0x00a6
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x523aee69
0000003b: EQ
0000003c: PUSH2 0x00c5
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x76671808
00000046: EQ
00000047: PUSH2 0x00d7
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0x8da5cb5b
00000051: EQ
00000052: PUSH2 0x00f6
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xaef251a7
0000005c: EQ
0000005d: PUSH2 0x011f
00000060: JUMPI
00000061: DUP1
00000062: PUSH4 0xf2fde38b
00000067: EQ
00000068: PUSH2 0x0148
0000006b: JUMPI
0000006c: JUMPDEST
0000006d: PUSH2 0x0073
00000070: JUMPDEST
00000071: JUMPDEST
00000072: JUMP
00000073: JUMPDEST
00000074: STOP
00000075: JUMPDEST
00000076: CALLVALUE
00000077: PUSH2 0x0000
0000007a: JUMPI
0000007b: PUSH2 0x0073
0000007e: PUSH2 0x015a
00000081: JUMP
00000082: JUMPDEST
00000083: STOP
00000084: JUMPDEST
00000085: CALLVALUE
00000086: PUSH2 0x0000
00000089: JUMPI
0000008a: PUSH2 0x0094
0000008d: PUSH1 0x04
0000008f: CALLDATALOAD
00000090: PUSH2 0x052c
00000093: JUMP
00000094: JUMPDEST
00000095: PUSH1 0x40
00000097: DUP1
00000098: MLOAD
00000099: SWAP2
0000009a: DUP3
0000009b: MSTORE
0000009c: MLOAD
0000009d: SWAP1
0000009e: DUP2
0000009f: SWAP1
000000a0: SUB
000000a1: PUSH1 0x20
000000a3: ADD
000000a4: SWAP1
000000a5: RETURN
000000a6: JUMPDEST
000000a7: CALLVALUE
000000a8: PUSH2 0x0000
000000ab: JUMPI
000000ac: PUSH2 0x0094
000000af: PUSH2 0x0694
000000b2: JUMP
000000b3: JUMPDEST
000000b4: PUSH1 0x40
000000b6: DUP1
000000b7: MLOAD
000000b8: SWAP2
000000b9: DUP3
000000ba: MSTORE
000000bb: MLOAD
000000bc: SWAP1
000000bd: DUP2
000000be: SWAP1
000000bf: SUB
000000c0: PUSH1 0x20
000000c2: ADD
000000c3: SWAP1
000000c4: RETURN
000000c5: JUMPDEST
000000c6: CALLVALUE
000000c7: PUSH2 0x0000
000000ca: JUMPI
000000cb: PUSH2 0x0073
000000ce: PUSH1 0x04
000000d0: CALLDATALOAD
000000d1: PUSH2 0x069a
000000d4: JUMP
000000d5: JUMPDEST
000000d6: STOP
000000d7: JUMPDEST
000000d8: CALLVALUE
000000d9: PUSH2 0x0000
000000dc: JUMPI
000000dd: PUSH2 0x0094
000000e0: PUSH2 0x0739
000000e3: JUMP
000000e4: JUMPDEST
000000e5: PUSH1 0x40
000000e7: DUP1
000000e8: MLOAD
000000e9: SWAP2
000000ea: DUP3
000000eb: MSTORE
000000ec: MLOAD
000000ed: SWAP1
000000ee: DUP2
000000ef: SWAP1
000000f0: SUB
000000f1: PUSH1 0x20
000000f3: ADD
000000f4: SWAP1
000000f5: RETURN
000000f6: JUMPDEST
000000f7: CALLVALUE
000000f8: PUSH2 0x0000
000000fb: JUMPI
000000fc: PUSH2 0x0103
000000ff: PUSH2 0x073f
00000102: JUMP
00000103: JUMPDEST
00000104: PUSH1 0x40
00000106: DUP1
00000107: MLOAD
00000108: PUSH1 0x01
0000010a: PUSH1 0xa0
0000010c: PUSH1 0x02
0000010e: EXP
0000010f: SUB
00000110: SWAP1
00000111: SWAP3
00000112: AND
00000113: DUP3
00000114: MSTORE
00000115: MLOAD
00000116: SWAP1
00000117: DUP2
00000118: SWAP1
00000119: SUB
0000011a: PUSH1 0x20
0000011c: ADD
0000011d: SWAP1
0000011e: RETURN
0000011f: JUMPDEST
00000120: CALLVALUE
00000121: PUSH2 0x0000
00000124: JUMPI
00000125: PUSH2 0x0103
00000128: PUSH2 0x074e
0000012b: JUMP
0000012c: JUMPDEST
0000012d: PUSH1 0x40
0000012f: DUP1
00000130: MLOAD
00000131: PUSH1 0x01
00000133: PUSH1 0xa0
00000135: PUSH1 0x02
00000137: EXP
00000138: SUB
00000139: SWAP1
0000013a: SWAP3
0000013b: AND
0000013c: DUP3
0000013d: MSTORE
0000013e: MLOAD
0000013f: SWAP1
00000140: DUP2
00000141: SWAP1
00000142: SUB
00000143: PUSH1 0x20
00000145: ADD
00000146: SWAP1
00000147: RETURN
00000148: JUMPDEST
00000149: CALLVALUE
0000014a: PUSH2 0x0000
0000014d: JUMPI
0000014e: PUSH2 0x0073
00000151: PUSH1 0x04
00000153: CALLDATALOAD
00000154: PUSH2 0x075d
00000157: JUMP
00000158: JUMPDEST
00000159: STOP
0000015a: JUMPDEST
0000015b: PUSH1 0x00
0000015d: PUSH1 0x00
0000015f: PUSH1 0x00
00000161: PUSH1 0x00
00000163: PUSH1 0x00
00000165: PUSH1 0x04
00000167: PUSH1 0x00
00000169: SWAP1
0000016a: SLOAD
0000016b: SWAP1
0000016c: PUSH2 0x0100
0000016f: EXP
00000170: SWAP1
00000171: DIV
00000172: PUSH1 0x01
00000174: PUSH1 0xa0
00000176: PUSH1 0x02
00000178: EXP
00000179: SUB
0000017a: AND
0000017b: PUSH1 0x01
0000017d: PUSH1 0xa0
0000017f: PUSH1 0x02
00000181: EXP
00000182: SUB
00000183: AND
00000184: PUSH4 0x018e13d0
00000189: PUSH1 0x00
0000018b: PUSH1 0x40
0000018d: MLOAD
0000018e: PUSH1 0x20
00000190: ADD
00000191: MSTORE
00000192: PUSH1 0x40
00000194: MLOAD
00000195: DUP2
00000196: PUSH1 0xe0
00000198: PUSH1 0x02
0000019a: EXP
0000019b: MUL
0000019c: DUP2
0000019d: MSTORE
0000019e: PUSH1 0x04
000001a0: ADD
000001a1: DUP1
000001a2: SWAP1
000001a3: POP
000001a4: PUSH1 0x20
000001a6: PUSH1 0x40
000001a8: MLOAD
000001a9: DUP1
000001aa: DUP4
000001ab: SUB
000001ac: DUP2
000001ad: PUSH1 0x00
000001af: DUP8
000001b0: DUP1
000001b1: EXTCODESIZE
000001b2: ISZERO
000001b3: PUSH2 0x0000
000001b6: JUMPI
000001b7: PUSH1 0x32
000001b9: GAS
000001ba: SUB
000001bb: CALL
000001bc: ISZERO
000001bd: PUSH2 0x0000
000001c0: JUMPI
000001c1: POP
000001c2: POP
000001c3: PUSH1 0x40
000001c5: MLOAD
000001c6: MLOAD
000001c7: PUSH1 0x01
000001c9: SLOAD
000001ca: LT
000001cb: ISZERO
000001cc: SWAP1
000001cd: POP
000001ce: PUSH2 0x026d
000001d1: JUMPI
000001d2: PUSH1 0x04
000001d4: PUSH1 0x00
000001d6: SWAP1
000001d7: SLOAD
000001d8: SWAP1
000001d9: PUSH2 0x0100
000001dc: EXP
000001dd: SWAP1
000001de: DIV
000001df: PUSH1 0x01
000001e1: PUSH1 0xa0
000001e3: PUSH1 0x02
000001e5: EXP
000001e6: SUB
000001e7: AND
000001e8: PUSH1 0x01
000001ea: PUSH1 0xa0
000001ec: PUSH1 0x02
000001ee: EXP
000001ef: SUB
000001f0: AND
000001f1: PUSH4 0x018e13d0
000001f6: PUSH1 0x00
000001f8: PUSH1 0x40
000001fa: MLOAD
000001fb: PUSH1 0x20
000001fd: ADD
000001fe: MSTORE
000001ff: PUSH1 0x40
00000201: MLOAD
00000202: DUP2
00000203: PUSH1 0xe0
00000205: PUSH1 0x02
00000207: EXP
00000208: MUL
00000209: DUP2
0000020a: MSTORE
0000020b: PUSH1 0x04
0000020d: ADD
0000020e: DUP1
0000020f: SWAP1
00000210: POP
00000211: PUSH1 0x20
00000213: PUSH1 0x40
00000215: MLOAD
00000216: DUP1
00000217: DUP4
00000218: SUB
00000219: DUP2
0000021a: PUSH1 0x00
0000021c: DUP8
0000021d: DUP1
0000021e: EXTCODESIZE
0000021f: ISZERO
00000220: PUSH2 0x0000
00000223: JUMPI
00000224: PUSH1 0x32
00000226: GAS
00000227: SUB
00000228: CALL
00000229: ISZERO
0000022a: PUSH2 0x0000
0000022d: JUMPI
0000022e: POP
0000022f: POP
00000230: PUSH1 0x40
00000232: MLOAD
00000233: DUP1
00000234: MLOAD
00000235: PUSH1 0x01
00000237: SSTORE
00000238: PUSH1 0x01
0000023a: PUSH1 0xa0
0000023c: PUSH1 0x02
0000023e: EXP
0000023f: SUB
00000240: ADDRESS
00000241: AND
00000242: BALANCE
00000243: PUSH1 0x02
00000245: SSTORE
00000246: PUSH32 0x66f7d730c9ba098beec19ac6c1d94380c4f8b016455b36cb348ca4c646a075bc
00000267: SWAP2
00000268: POP
00000269: PUSH1 0x00
0000026b: SWAP1
0000026c: LOG1
0000026d: JUMPDEST
0000026e: PUSH1 0x04
00000270: PUSH1 0x00
00000272: SWAP1
00000273: SLOAD
00000274: SWAP1
00000275: PUSH2 0x0100
00000278: EXP
00000279: SWAP1
0000027a: DIV
0000027b: PUSH1 0x01
0000027d: PUSH1 0xa0
0000027f: PUSH1 0x02
00000281: EXP
00000282: SUB
00000283: AND
00000284: PUSH1 0x01
00000286: PUSH1 0xa0
00000288: PUSH1 0x02
0000028a: EXP
0000028b: SUB
0000028c: AND
0000028d: PUSH4 0xf83d08ba
00000292: PUSH1 0x00
00000294: PUSH1 0x40
00000296: MLOAD
00000297: PUSH1 0x20
00000299: ADD
0000029a: MSTORE
0000029b: PUSH1 0x40
0000029d: MLOAD
0000029e: DUP2
0000029f: PUSH1 0xe0
000002a1: PUSH1 0x02
000002a3: EXP
000002a4: MUL
000002a5: DUP2
000002a6: MSTORE
000002a7: PUSH1 0x04
000002a9: ADD
000002aa: DUP1
000002ab: SWAP1
000002ac: POP
000002ad: PUSH1 0x20
000002af: PUSH1 0x40
000002b1: MLOAD
000002b2: DUP1
000002b3: DUP4
000002b4: SUB
000002b5: DUP2
000002b6: PUSH1 0x00
000002b8: DUP8
000002b9: DUP1
000002ba: EXTCODESIZE
000002bb: ISZERO
000002bc: PUSH2 0x0000
000002bf: JUMPI
000002c0: PUSH1 0x32
000002c2: GAS
000002c3: SUB
000002c4: CALL
000002c5: ISZERO
000002c6: PUSH2 0x0000
000002c9: JUMPI
000002ca: POP
000002cb: POP
000002cc: PUSH1 0x40
000002ce: MLOAD
000002cf: MLOAD
000002d0: ISZERO
000002d1: ISZERO
000002d2: SWAP1
000002d3: POP
000002d4: PUSH2 0x02dc
000002d7: JUMPI
000002d8: PUSH2 0x0000
000002db: JUMP
000002dc: JUMPDEST
000002dd: PUSH1 0x01
000002df: SLOAD
000002e0: PUSH1 0x01
000002e2: PUSH1 0xa0
000002e4: PUSH1 0x02
000002e6: EXP
000002e7: SUB
000002e8: CALLER
000002e9: AND
000002ea: PUSH1 0x00
000002ec: SWAP1
000002ed: DUP2
000002ee: MSTORE
000002ef: PUSH1 0x03
000002f1: PUSH1 0x20
000002f3: MSTORE
000002f4: PUSH1 0x40
000002f6: SWAP1
000002f7: KECCAK256
000002f8: SLOAD
000002f9: EQ
000002fa: ISZERO
000002fb: PUSH2 0x0303
000002fe: JUMPI
000002ff: PUSH2 0x0000
00000302: JUMP
00000303: JUMPDEST
00000304: PUSH1 0x04
00000306: PUSH1 0x00
00000308: SWAP1
00000309: SLOAD
0000030a: SWAP1
0000030b: PUSH2 0x0100
0000030e: EXP
0000030f: SWAP1
00000310: DIV
00000311: PUSH1 0x01
00000313: PUSH1 0xa0
00000315: PUSH1 0x02
00000317: EXP
00000318: SUB
00000319: AND
0000031a: PUSH1 0x01
0000031c: PUSH1 0xa0
0000031e: PUSH1 0x02
00000320: EXP
00000321: SUB
00000322: AND
00000323: PUSH4 0x018e13d0
00000328: PUSH1 0x00
0000032a: PUSH1 0x40
0000032c: MLOAD
0000032d: PUSH1 0x20
0000032f: ADD
00000330: MSTORE
00000331: PUSH1 0x40
00000333: MLOAD
00000334: DUP2
00000335: PUSH1 0xe0
00000337: PUSH1 0x02
00000339: EXP
0000033a: MUL
0000033b: DUP2
0000033c: MSTORE
0000033d: PUSH1 0x04
0000033f: ADD
00000340: DUP1
00000341: SWAP1
00000342: POP
00000343: PUSH1 0x20
00000345: PUSH1 0x40
00000347: MLOAD
00000348: DUP1
00000349: DUP4
0000034a: SUB
0000034b: DUP2
0000034c: PUSH1 0x00
0000034e: DUP8
0000034f: DUP1
00000350: EXTCODESIZE
00000351: ISZERO
00000352: PUSH2 0x0000
00000355: JUMPI
00000356: PUSH1 0x32
00000358: GAS
00000359: SUB
0000035a: CALL
0000035b: ISZERO
0000035c: PUSH2 0x0000
0000035f: JUMPI
00000360: POP
00000361: POP
00000362: PUSH1 0x40
00000364: DUP1
00000365: MLOAD
00000366: DUP1
00000367: MLOAD
00000368: PUSH1 0x04
0000036a: DUP1
0000036b: SLOAD
0000036c: PUSH1 0x00
0000036e: PUSH1 0x20
00000370: SWAP5
00000371: DUP6
00000372: ADD
00000373: DUP2
00000374: SWAP1
00000375: MSTORE
00000376: DUP6
00000377: MLOAD
00000378: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000
00000399: DUP2
0000039a: MSTORE
0000039b: PUSH1 0x01
0000039d: PUSH1 0xa0
0000039f: PUSH1 0x02
000003a1: EXP
000003a2: SUB
000003a3: CALLER
000003a4: DUP2
000003a5: AND
000003a6: SWAP5
000003a7: DUP3
000003a8: ADD
000003a9: SWAP5
000003aa: SWAP1
000003ab: SWAP5
000003ac: MSTORE
000003ad: SWAP6
000003ae: MLOAD
000003af: SWAP4
000003b0: SWAP12
000003b1: POP
000003b2: SWAP2
000003b3: AND
000003b4: SWAP5
000003b5: POP
000003b6: PUSH4 0x70a08231
000003bb: SWAP4
000003bc: PUSH1 0x24
000003be: DUP1
000003bf: DUP3
000003c0: ADD
000003c1: SWAP5
000003c2: SWAP4
000003c3: SWAP3
000003c4: SWAP2
000003c5: DUP4
000003c6: SWAP1
000003c7: SUB
000003c8: ADD
000003c9: SWAP1
000003ca: DUP3
000003cb: SWAP1
000003cc: DUP8
000003cd: DUP1
000003ce: EXTCODESIZE
000003cf: ISZERO
000003d0: PUSH2 0x0000
000003d3: JUMPI
000003d4: PUSH1 0x32
000003d6: GAS
000003d7: SUB
000003d8: CALL
000003d9: ISZERO
000003da: PUSH2 0x0000
000003dd: JUMPI
000003de: POP
000003df: POP
000003e0: PUSH1 0x40
000003e2: DUP1
000003e3: MLOAD
000003e4: DUP1
000003e5: MLOAD
000003e6: PUSH1 0x04
000003e8: DUP1
000003e9: SLOAD
000003ea: PUSH1 0x00
000003ec: PUSH1 0x20
000003ee: SWAP5
000003ef: DUP6
000003f0: ADD
000003f1: DUP2
000003f2: SWAP1
000003f3: MSTORE
000003f4: DUP6
000003f5: MLOAD
000003f6: PUSH32 0x18160ddd00000000000000000000000000000000000000000000000000000000
00000417: DUP2
00000418: MSTORE
00000419: SWAP6
0000041a: MLOAD
0000041b: SWAP4
0000041c: SWAP11
0000041d: POP
0000041e: PUSH1 0x01
00000420: PUSH1 0xa0
00000422: PUSH1 0x02
00000424: EXP
00000425: SUB
00000426: SWAP1
00000427: SWAP2
00000428: AND
00000429: SWAP6
0000042a: POP
0000042b: PUSH4 0x18160ddd
00000430: SWAP5
00000431: DUP1
00000432: DUP4
00000433: ADD
00000434: SWAP5
00000435: SWAP4
00000436: SWAP3
00000437: SWAP1
00000438: DUP4
00000439: SWAP1
0000043a: SUB
0000043b: ADD
0000043c: SWAP1
0000043d: DUP3
0000043e: SWAP1
0000043f: DUP8
00000440: DUP1
00000441: EXTCODESIZE
00000442: ISZERO
00000443: PUSH2 0x0000
00000446: JUMPI
00000447: PUSH1 0x32
00000449: GAS
0000044a: SUB
0000044b: CALL
0000044c: ISZERO
0000044d: PUSH2 0x0000
00000450: JUMPI
00000451: POP
00000452: POP
00000453: PUSH1 0x40
00000455: MLOAD
00000456: MLOAD
00000457: SWAP4
00000458: POP
00000459: POP
0000045a: DUP4
0000045b: ISZERO
0000045c: ISZERO
0000045d: PUSH2 0x0465
00000460: JUMPI
00000461: PUSH2 0x0000
00000464: JUMP
00000465: JUMPDEST
00000466: PUSH1 0x01
00000468: PUSH1 0xa0
0000046a: PUSH1 0x02
0000046c: EXP
0000046d: SUB
0000046e: CALLER
0000046f: AND
00000470: PUSH1 0x00
00000472: SWAP1
00000473: DUP2
00000474: MSTORE
00000475: PUSH1 0x03
00000477: PUSH1 0x20
00000479: MSTORE
0000047a: PUSH1 0x40
0000047c: SWAP1
0000047d: KECCAK256
0000047e: DUP6
0000047f: SWAP1
00000480: SSTORE
00000481: PUSH1 0x02
00000483: SLOAD
00000484: PUSH2 0x048e
00000487: SWAP1
00000488: DUP6
00000489: SWAP1
0000048a: PUSH2 0x07bf
0000048d: JUMP
0000048e: JUMPDEST
0000048f: ISZERO
00000490: ISZERO
00000491: PUSH2 0x0499
00000494: JUMPI
00000495: PUSH2 0x0000
00000498: JUMP
00000499: JUMPDEST
0000049a: PUSH1 0x02
0000049c: SLOAD
0000049d: DUP5
0000049e: MUL
0000049f: SWAP2
000004a0: POP
000004a1: DUP3
000004a2: DUP3
000004a3: DUP2
000004a4: ISZERO
000004a5: PUSH2 0x0000
000004a8: JUMPI
000004a9: PUSH1 0x40
000004ab: MLOAD
000004ac: SWAP2
000004ad: SWAP1
000004ae: DIV
000004af: SWAP2
000004b0: POP
000004b1: PUSH1 0x01
000004b3: PUSH1 0xa0
000004b5: PUSH1 0x02
000004b7: EXP
000004b8: SUB
000004b9: CALLER
000004ba: AND
000004bb: SWAP1
000004bc: DUP3
000004bd: ISZERO
000004be: PUSH2 0x08fc
000004c1: MUL
000004c2: SWAP1
000004c3: DUP4
000004c4: SWAP1
000004c5: PUSH1 0x00
000004c7: DUP2
000004c8: DUP2
000004c9: DUP2
000004ca: DUP6
000004cb: DUP9
000004cc: DUP9
000004cd: CALL
000004ce: SWAP4
000004cf: POP
000004d0: POP
000004d1: POP
000004d2: POP
000004d3: ISZERO
000004d4: ISZERO
000004d5: PUSH2 0x04dd
000004d8: JUMPI
000004d9: PUSH2 0x0000
000004dc: JUMP
000004dd: JUMPDEST
000004de: PUSH1 0x40
000004e0: DUP1
000004e1: MLOAD
000004e2: PUSH1 0x01
000004e4: PUSH1 0xa0
000004e6: PUSH1 0x02
000004e8: EXP
000004e9: SUB
000004ea: CALLER
000004eb: AND
000004ec: DUP2
000004ed: MSTORE
000004ee: PUSH1 0x20
000004f0: DUP2
000004f1: ADD
000004f2: DUP4
000004f3: SWAP1
000004f4: MSTORE
000004f5: DUP2
000004f6: MLOAD
000004f7: PUSH32 0x016e128b6bdadd9e9068abd0b18db2fc8b27ed3dbced50e4aa6cc0a6934251ab
00000518: SWAP3
00000519: SWAP2
0000051a: DUP2
0000051b: SWAP1
0000051c: SUB
0000051d: SWAP1
0000051e: SWAP2
0000051f: ADD
00000520: SWAP1
00000521: LOG1
00000522: JUMPDEST
00000523: JUMPDEST
00000524: JUMPDEST
00000525: JUMPDEST
00000526: POP
00000527: POP
00000528: POP
00000529: POP
0000052a: POP
0000052b: JUMP
0000052c: JUMPDEST
0000052d: PUSH1 0x00
0000052f: PUSH1 0x04
00000531: PUSH1 0x00
00000533: SWAP1
00000534: SLOAD
00000535: SWAP1
00000536: PUSH2 0x0100
00000539: EXP
0000053a: SWAP1
0000053b: DIV
0000053c: PUSH1 0x01
0000053e: PUSH1 0xa0
00000540: PUSH1 0x02
00000542: EXP
00000543: SUB
00000544: AND
00000545: PUSH1 0x01
00000547: PUSH1 0xa0
00000549: PUSH1 0x02
0000054b: EXP
0000054c: SUB
0000054d: AND
0000054e: PUSH4 0xf83d08ba
00000553: PUSH1 0x00
00000555: PUSH1 0x40
00000557: MLOAD
00000558: PUSH1 0x20
0000055a: ADD
0000055b: MSTORE
0000055c: PUSH1 0x40
0000055e: MLOAD
0000055f: DUP2
00000560: PUSH1 0xe0
00000562: PUSH1 0x02
00000564: EXP
00000565: MUL
00000566: DUP2
00000567: MSTORE
00000568: PUSH1 0x04
0000056a: ADD
0000056b: DUP1
0000056c: SWAP1
0000056d: POP
0000056e: PUSH1 0x20
00000570: PUSH1 0x40
00000572: MLOAD
00000573: DUP1
00000574: DUP4
00000575: SUB
00000576: DUP2
00000577: PUSH1 0x00
00000579: DUP8
0000057a: DUP1
0000057b: EXTCODESIZE
0000057c: ISZERO
0000057d: PUSH2 0x0000
00000580: JUMPI
00000581: PUSH1 0x32
00000583: GAS
00000584: SUB
00000585: CALL
00000586: ISZERO
00000587: PUSH2 0x0000
0000058a: JUMPI
0000058b: POP
0000058c: POP
0000058d: PUSH1 0x40
0000058f: MLOAD
00000590: MLOAD
00000591: ISZERO
00000592: ISZERO
00000593: SWAP1
00000594: POP
00000595: PUSH2 0x05a0
00000598: JUMPI
00000599: POP
0000059a: PUSH1 0x00
0000059c: PUSH2 0x068f
0000059f: JUMP
000005a0: JUMPDEST
000005a1: PUSH1 0x04
000005a3: PUSH1 0x00
000005a5: SWAP1
000005a6: SLOAD
000005a7: SWAP1
000005a8: PUSH2 0x0100
000005ab: EXP
000005ac: SWAP1
000005ad: DIV
000005ae: PUSH1 0x01
000005b0: PUSH1 0xa0
000005b2: PUSH1 0x02
000005b4: EXP
000005b5: SUB
000005b6: AND
000005b7: PUSH1 0x01
000005b9: PUSH1 0xa0
000005bb: PUSH1 0x02
000005bd: EXP
000005be: SUB
000005bf: AND
000005c0: PUSH4 0x18160ddd
000005c5: PUSH1 0x00
000005c7: PUSH1 0x40
000005c9: MLOAD
000005ca: PUSH1 0x20
000005cc: ADD
000005cd: MSTORE
000005ce: PUSH1 0x40
000005d0: MLOAD
000005d1: DUP2
000005d2: PUSH1 0xe0
000005d4: PUSH1 0x02
000005d6: EXP
000005d7: MUL
000005d8: DUP2
000005d9: MSTORE
000005da: PUSH1 0x04
000005dc: ADD
000005dd: DUP1
000005de: SWAP1
000005df: POP
000005e0: PUSH1 0x20
000005e2: PUSH1 0x40
000005e4: MLOAD
000005e5: DUP1
000005e6: DUP4
000005e7: SUB
000005e8: DUP2
000005e9: PUSH1 0x00
000005eb: DUP8
000005ec: DUP1
000005ed: EXTCODESIZE
000005ee: ISZERO
000005ef: PUSH2 0x0000
000005f2: JUMPI
000005f3: PUSH1 0x32
000005f5: GAS
000005f6: SUB
000005f7: CALL
000005f8: ISZERO
000005f9: PUSH2 0x0000
000005fc: JUMPI
000005fd: POP
000005fe: POP
000005ff: POP
00000600: PUSH1 0x40
00000602: MLOAD
00000603: DUP1
00000604: MLOAD
00000605: SWAP1
00000606: PUSH1 0x20
00000608: ADD
00000609: POP
0000060a: PUSH1 0x02
0000060c: SLOAD
0000060d: PUSH1 0x04
0000060f: PUSH1 0x00
00000611: SWAP1
00000612: SLOAD
00000613: SWAP1
00000614: PUSH2 0x0100
00000617: EXP
00000618: SWAP1
00000619: DIV
0000061a: PUSH1 0x01
0000061c: PUSH1 0xa0
0000061e: PUSH1 0x02
00000620: EXP
00000621: SUB
00000622: AND
00000623: PUSH1 0x01
00000625: PUSH1 0xa0
00000627: PUSH1 0x02
00000629: EXP
0000062a: SUB
0000062b: AND
0000062c: PUSH4 0x70a08231
00000631: DUP6
00000632: PUSH1 0x00
00000634: PUSH1 0x40
00000636: MLOAD
00000637: PUSH1 0x20
00000639: ADD
0000063a: MSTORE
0000063b: PUSH1 0x40
0000063d: MLOAD
0000063e: DUP3
0000063f: PUSH1 0xe0
00000641: PUSH1 0x02
00000643: EXP
00000644: MUL
00000645: DUP2
00000646: MSTORE
00000647: PUSH1 0x04
00000649: ADD
0000064a: DUP1
0000064b: DUP3
0000064c: PUSH1 0x01
0000064e: PUSH1 0xa0
00000650: PUSH1 0x02
00000652: EXP
00000653: SUB
00000654: AND
00000655: DUP2
00000656: MSTORE
00000657: PUSH1 0x20
00000659: ADD
0000065a: SWAP2
0000065b: POP
0000065c: POP
0000065d: PUSH1 0x20
0000065f: PUSH1 0x40
00000661: MLOAD
00000662: DUP1
00000663: DUP4
00000664: SUB
00000665: DUP2
00000666: PUSH1 0x00
00000668: DUP8
00000669: DUP1
0000066a: EXTCODESIZE
0000066b: ISZERO
0000066c: PUSH2 0x0000
0000066f: JUMPI
00000670: PUSH1 0x32
00000672: GAS
00000673: SUB
00000674: CALL
00000675: ISZERO
00000676: PUSH2 0x0000
00000679: JUMPI
0000067a: POP
0000067b: POP
0000067c: PUSH1 0x40
0000067e: MLOAD
0000067f: MLOAD
00000680: SWAP2
00000681: SWAP1
00000682: SWAP2
00000683: MUL
00000684: SWAP1
00000685: POP
00000686: DUP2
00000687: ISZERO
00000688: PUSH2 0x0000
0000068b: JUMPI
0000068c: DIV
0000068d: SWAP1
0000068e: POP
0000068f: JUMPDEST
00000690: SWAP2
00000691: SWAP1
00000692: POP
00000693: JUMP
00000694: JUMPDEST
00000695: PUSH1 0x02
00000697: SLOAD
00000698: DUP2
00000699: JUMP
0000069a: JUMPDEST
0000069b: PUSH1 0x00
0000069d: SLOAD
0000069e: CALLER
0000069f: PUSH1 0x01
000006a1: PUSH1 0xa0
000006a3: PUSH1 0x02
000006a5: EXP
000006a6: SUB
000006a7: SWAP1
000006a8: DUP2
000006a9: AND
000006aa: SWAP2
000006ab: AND
000006ac: EQ
000006ad: ISZERO
000006ae: PUSH2 0x0734
000006b1: JUMPI
000006b2: PUSH1 0x01
000006b4: PUSH1 0xa0
000006b6: PUSH1 0x02
000006b8: EXP
000006b9: SUB
000006ba: DUP2
000006bb: AND
000006bc: ISZERO
000006bd: ISZERO
000006be: PUSH2 0x06c6
000006c1: JUMPI
000006c2: PUSH2 0x0000
000006c5: JUMP
000006c6: JUMPDEST
000006c7: PUSH1 0x04
000006c9: DUP1
000006ca: SLOAD
000006cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006e0: NOT
000006e1: AND
000006e2: PUSH13 0x01000000000000000000000000
000006f0: DUP4
000006f1: DUP2
000006f2: MUL
000006f3: DIV
000006f4: OR
000006f5: SWAP1
000006f6: SSTORE
000006f7: PUSH1 0x40
000006f9: DUP1
000006fa: MLOAD
000006fb: PUSH1 0x01
000006fd: PUSH1 0xa0
000006ff: PUSH1 0x02
00000701: EXP
00000702: SUB
00000703: DUP4
00000704: AND
00000705: DUP2
00000706: MSTORE
00000707: SWAP1
00000708: MLOAD
00000709: PUSH32 0xe89f98a27789c8313baa22de83cdb921b7026d66af0ee02973c97d45f952b6be
0000072a: SWAP2
0000072b: PUSH1 0x20
0000072d: SWAP1
0000072e: DUP3
0000072f: SWAP1
00000730: SUB
00000731: ADD
00000732: SWAP1
00000733: LOG1
00000734: JUMPDEST
00000735: JUMPDEST
00000736: JUMPDEST
00000737: POP
00000738: JUMP
00000739: JUMPDEST
0000073a: PUSH1 0x01
0000073c: SLOAD
0000073d: DUP2
0000073e: JUMP
0000073f: JUMPDEST
00000740: PUSH1 0x00
00000742: SLOAD
00000743: PUSH1 0x01
00000745: PUSH1 0xa0
00000747: PUSH1 0x02
00000749: EXP
0000074a: SUB
0000074b: AND
0000074c: DUP2
0000074d: JUMP
0000074e: JUMPDEST
0000074f: PUSH1 0x04
00000751: SLOAD
00000752: PUSH1 0x01
00000754: PUSH1 0xa0
00000756: PUSH1 0x02
00000758: EXP
00000759: SUB
0000075a: AND
0000075b: DUP2
0000075c: JUMP
0000075d: JUMPDEST
0000075e: PUSH1 0x00
00000760: SLOAD
00000761: CALLER
00000762: PUSH1 0x01
00000764: PUSH1 0xa0
00000766: PUSH1 0x02
00000768: EXP
00000769: SUB
0000076a: SWAP1
0000076b: DUP2
0000076c: AND
0000076d: SWAP2
0000076e: AND
0000076f: EQ
00000770: ISZERO
00000771: PUSH2 0x0734
00000774: JUMPI
00000775: PUSH1 0x01
00000777: PUSH1 0xa0
00000779: PUSH1 0x02
0000077b: EXP
0000077c: SUB
0000077d: DUP2
0000077e: AND
0000077f: ISZERO
00000780: ISZERO
00000781: PUSH2 0x0789
00000784: JUMPI
00000785: PUSH2 0x0000
00000788: JUMP
00000789: JUMPDEST
0000078a: PUSH1 0x00
0000078c: DUP1
0000078d: SLOAD
0000078e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007a3: NOT
000007a4: AND
000007a5: PUSH13 0x01000000000000000000000000
000007b3: DUP4
000007b4: DUP2
000007b5: MUL
000007b6: DIV
000007b7: OR
000007b8: SWAP1
000007b9: SSTORE
000007ba: JUMPDEST
000007bb: JUMPDEST
000007bc: JUMPDEST
000007bd: POP
000007be: JUMP
000007bf: JUMPDEST
000007c0: PUSH1 0x00
000007c2: DUP2
000007c3: ISZERO
000007c4: DUP1
000007c5: PUSH2 0x07d7
000007c8: JUMPI
000007c9: POP
000007ca: DUP3
000007cb: DUP3
000007cc: DUP4
000007cd: DUP6
000007ce: MUL
000007cf: DUP2
000007d0: ISZERO
000007d1: PUSH2 0x0000
000007d4: JUMPI
000007d5: DIV
000007d6: EQ
000007d7: JUMPDEST
000007d8: SWAP1
000007d9: POP
000007da: JUMPDEST
000007db: SWAP3
000007dc: SWAP2
000007dd: POP
000007de: POP
000007df: JUMP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 yes yes
view
trace_id: 0x4d91133feea3d3705d75d64ac3e70f9ab15bb34c4ffa377543e7805d848fc4d3
call_targets: 0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5, 0x5c543e7ae0a1104f78406c340e9c64fd9fce5170
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x4d91133feea3d3705d75d64ac3e70f9ab15bb34c4ffa377543e7805d848fc4d3",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5",
        "0x5c543e7ae0a1104f78406c340e9c64fd9fce5170"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2ebec916",
            "selector": "0x2ebec916",
            "calldata_variants": [
                "0x2ebec916",
                "0x2ebec9160000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x36bc32a2",
            "selector": "0x36bc32a2",
            "calldata_variants": [
                "0x36bc32a2",
                "0x36bc32a20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x50148ed2",
            "selector": "0x50148ed2",
            "calldata_variants": [
                "0x50148ed2",
                "0x50148ed20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x523aee69",
            "selector": "0x523aee69",
            "calldata_variants": [
                "0x523aee69",
                "0x523aee690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x76671808",
            "selector": "0x76671808",
            "calldata_variants": [
                "0x76671808",
                "0x766718080000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xaef251a7",
            "selector": "0xaef251a7",
            "calldata_variants": [
                "0xaef251a7",
                "0xaef251a70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf2fde38b",
            "selector": "0xf2fde38b",
            "calldata_variants": [
                "0xf2fde38b",
                "0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 443,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 552,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 708,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 10,
    "guards_detected": [],
    "untrusted_call_count": 10
}
high other detector ETH value transfer possible 55 yes yes
view
trace_id: 0x4d91133feea3d3705d75d64ac3e70f9ab15bb34c4ffa377543e7805d848fc4d3
call_targets: 0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5, 0x5c543e7ae0a1104f78406c340e9c64fd9fce5170
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x4d91133feea3d3705d75d64ac3e70f9ab15bb34c4ffa377543e7805d848fc4d3",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5",
        "0x5c543e7ae0a1104f78406c340e9c64fd9fce5170"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2ebec916",
            "selector": "0x2ebec916",
            "calldata_variants": [
                "0x2ebec916",
                "0x2ebec9160000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x36bc32a2",
            "selector": "0x36bc32a2",
            "calldata_variants": [
                "0x36bc32a2",
                "0x36bc32a20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x50148ed2",
            "selector": "0x50148ed2",
            "calldata_variants": [
                "0x50148ed2",
                "0x50148ed20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x523aee69",
            "selector": "0x523aee69",
            "calldata_variants": [
                "0x523aee69",
                "0x523aee690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x76671808",
            "selector": "0x76671808",
            "calldata_variants": [
                "0x76671808",
                "0x766718080000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xaef251a7",
            "selector": "0xaef251a7",
            "calldata_variants": [
                "0xaef251a7",
                "0xaef251a70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf2fde38b",
            "selector": "0xf2fde38b",
            "calldata_variants": [
                "0xf2fde38b",
                "0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 443,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 552,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 708,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 10,
    "guards_detected": []
}