Analysis Run

019b477e-ad10-729c-b3d3-466f41f95101

complete

Chain ID

1

Address

0xb58f5f3adcbe928ea343c12d047656c59b3c1f2a

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

2

Validated

2

Source

Verified

Review Backing

Present

Best current signal

Untrusted CALL target/value reachable

crit 0 high 2 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
21349	artifact.fetch	complete	1 / 3	3 months ago
21350	tool.cast_disasm	complete	1 / 3	3 months ago
101355	analysis.bundle	complete	1 / 3	1 week ago
101356	capability.graph	complete	1 / 3	1 week ago
101357	detector.run	complete	1 / 3	1 week ago
101358	validation.fork	complete	1 / 3	1 week ago
113867	report.consolidate	complete	1 / 6	1 week ago
113868	tool.slither	complete	1 / 2	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

Status

complete

Attempts

1 / 2

Findings

2

Solc

0.4.18 (solc-select)

View stderr

'forge clean' running (wd: /tmp/slither-h2rdmwv6)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-h2rdmwv6)

DividendManager.payDividend() (contracts/Contract.sol#88-111) performs a multiplication on the result of a division:
	- paymentPerShare = retainedEarning.div(totalSupply) (contracts/Contract.sol#98-99)
	- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply

Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):
	External calls:
	- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)
	- i <= unicornDividendToken.getHoldersCount() (contracts/Contract.sol#102-103)
	- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
	- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
	State variables written after the call(s):
	- pendingWithdrawals[holder] = pendingWithdrawals[holder].add(withdrawal) (contracts/Contract.sol#106)
	DividendManager.pendingWithdrawals (contracts/Contract.sol#64-66) can be used in cross function reentrancies:
	- DividendManager.payDividend() (contracts/Contract.sol#88-111)
	- DividendManager.pendingWithdrawals (contracts/Contract.sol#64-66)
	- DividendManager.withdrawDividend() (contracts/Contract.sol#113-120)
Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):
	External calls:
	- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)
	- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
	- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
	State variables written after the call(s):
	- retainedEarning = retainedEarning.sub(totalPaidOut) (contracts/Contract.sol#108-109)
	DividendManager.retainedEarning (contracts/Contract.sol#81) can be used in cross function reentrancies:
	- DividendManager.payDividend() (contracts/Contract.sol#88-111)
	- DividendManager.retainedEarning (contracts/Contract.sol#81)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1

DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: i <= unicornDividendToken.getHoldersCount() (contracts/Contract.sol#102-103)
	Calls stack containing the loop:
		DividendManager.fallback()
DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
	Calls stack containing the loop:
		DividendManager.fallback()
DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
	Calls stack containing the loop:
		DividendManager.fallback()
DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: i <= unicornDividendToken.getHoldersCount() (contracts/Contract.sol#102-103)
DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
DividendManager.payDividend() (contracts/Contract.sol#88-111) has external calls inside a loop: withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop

Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):
	External calls:
	- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)
	- i <= unicornDividendToken.getHoldersCount() (contracts/Contract.sol#102-103)
	- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
	- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
	Event emitted after the call(s):
	- WithdrawalAvailable(holder,withdrawal) (contracts/Contract.sol#106-107)
Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):
	External calls:
	- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)
	- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)
	- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)
	Event emitted after the call(s):
	- DividendPayment(paymentPerShare) (contracts/Contract.sol#109-111)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3

Version constraint ^0.4.18 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
	- DirtyBytesArrayToStorage
	- ABIDecodeTwoDimensionalArrayMemory
	- KeccakCaching
	- EmptyByteArrayCopy
	- DynamicArrayCleanup
	- ImplicitConstructorCallvalueCheck
	- TupleAssignmentMultiStackSlotComponents
	- MemoryArrayCreationOverflow
	- privateCanBeOverridden
	- SignedArrayStorageCopy
	- ABIEncoderV2StorageArrayWithMultiSlotElement
	- DynamicConstructorArgumentsClippedABIV2
	- UninitializedFunctionPointerInConstructor_0.4.x
	- IncorrectEventSignatureInLibraries_0.4.x
	- ExpExponentCleanup
	- EventStructWrongData
	- NestedArrayFunctionCallDecoder.
It is used by:
	- ^0.4.18 (contracts/Contract.sol#1)
solc-0.4.18 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Reentrancy in DividendManager.withdrawDividend() (contracts/Contract.sol#113-120):
	External calls:
	- msg.sender.transfer(amount) (contracts/Contract.sol#118)
	Event emitted after the call(s):
	- WithdrawalPayed(msg.sender,amount) (contracts/Contract.sol#119-120)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4
. analyzed (3 contracts with 100 detectors), 14 result(s) found

Metadata

{
    "solc": {
        "status": "ok",
        "use_rc": 0,
        "version": "0.4.18",
        "strategy": "solc-select",
        "solc_path": "/var/www/tripwire/.venv/bin/solc",
        "install_rc": 0,
        "use_stderr": null,
        "use_stdout": "Switched global version to 0.4.18",
        "install_stderr": null,
        "install_stdout": "Version '0.4.18' is already installed, skipping..."
    },
    "solc_args": "--base-path /tmp/slither-h2rdmwv6 --allow-paths /tmp/slither-h2rdmwv6,/tmp/slither-h2rdmwv6/lib,/tmp/slither-h2rdmwv6/src",
    "remappings": [],
    "source_files": [
        "contracts/Contract.sol"
    ],
    "contract_count": 0,
    "contract_names": [],
    "detector_count": 14,
    "workspace_hash": "732c2509f53446842b5ea681d15a97362b75dcc1b2540028c05359783371773e",
    "duration_seconds": 0.4101753234863281,
    "solc_version_requested": "0.4.19"
}

Codex

report.consolidate

Job Status

complete

Attempts

1 / 6

Findings

0

No findings?

—

View stderr

OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-juu6sp09
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5ca1-4a08-7b61-a645-af0f88f76f6c
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.

Metadata

{
    "codex": {
        "ran_at": "2026-04-05T07:52:48.964929+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "source",
        "file_count": 1,
        "import_count": 0,
        "first_party_contracts_count": 1
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

5

EXT*/BALANCE

4

Total opcodes

890

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0062
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0x0b6826ca
0000003c: EQ
0000003d: PUSH2 0x006c
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0x6a474002
00000047: EQ
00000048: PUSH2 0x0076
0000004b: JUMPI
0000004c: DUP1
0000004d: PUSH4 0x752329ec
00000052: EQ
00000053: PUSH2 0x008b
00000056: JUMPI
00000057: DUP1
00000058: PUSH4 0xf3f43703
0000005d: EQ
0000005e: PUSH2 0x00b4
00000061: JUMPI
00000062: JUMPDEST
00000063: PUSH2 0x006a
00000066: PUSH2 0x0101
00000069: JUMP
0000006a: JUMPDEST
0000006b: STOP
0000006c: JUMPDEST
0000006d: PUSH2 0x0074
00000070: PUSH2 0x0101
00000073: JUMP
00000074: JUMPDEST
00000075: STOP
00000076: JUMPDEST
00000077: CALLVALUE
00000078: ISZERO
00000079: PUSH2 0x0081
0000007c: JUMPI
0000007d: PUSH1 0x00
0000007f: DUP1
00000080: REVERT
00000081: JUMPDEST
00000082: PUSH2 0x0089
00000085: PUSH2 0x05b1
00000088: JUMP
00000089: JUMPDEST
0000008a: STOP
0000008b: JUMPDEST
0000008c: CALLVALUE
0000008d: ISZERO
0000008e: PUSH2 0x0096
00000091: JUMPI
00000092: PUSH1 0x00
00000094: DUP1
00000095: REVERT
00000096: JUMPDEST
00000097: PUSH2 0x009e
0000009a: PUSH2 0x06da
0000009d: JUMP
0000009e: JUMPDEST
0000009f: PUSH1 0x40
000000a1: MLOAD
000000a2: DUP1
000000a3: DUP3
000000a4: DUP2
000000a5: MSTORE
000000a6: PUSH1 0x20
000000a8: ADD
000000a9: SWAP2
000000aa: POP
000000ab: POP
000000ac: PUSH1 0x40
000000ae: MLOAD
000000af: DUP1
000000b0: SWAP2
000000b1: SUB
000000b2: SWAP1
000000b3: RETURN
000000b4: JUMPDEST
000000b5: CALLVALUE
000000b6: ISZERO
000000b7: PUSH2 0x00bf
000000ba: JUMPI
000000bb: PUSH1 0x00
000000bd: DUP1
000000be: REVERT
000000bf: JUMPDEST
000000c0: PUSH2 0x00eb
000000c3: PUSH1 0x04
000000c5: DUP1
000000c6: DUP1
000000c7: CALLDATALOAD
000000c8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000dd: AND
000000de: SWAP1
000000df: PUSH1 0x20
000000e1: ADD
000000e2: SWAP1
000000e3: SWAP2
000000e4: SWAP1
000000e5: POP
000000e6: POP
000000e7: PUSH2 0x06e0
000000ea: JUMP
000000eb: JUMPDEST
000000ec: PUSH1 0x40
000000ee: MLOAD
000000ef: DUP1
000000f0: DUP3
000000f1: DUP2
000000f2: MSTORE
000000f3: PUSH1 0x20
000000f5: ADD
000000f6: SWAP2
000000f7: POP
000000f8: POP
000000f9: PUSH1 0x40
000000fb: MLOAD
000000fc: DUP1
000000fd: SWAP2
000000fe: SUB
000000ff: SWAP1
00000100: RETURN
00000101: JUMPDEST
00000102: PUSH1 0x00
00000104: DUP1
00000105: PUSH1 0x00
00000107: DUP1
00000108: PUSH1 0x00
0000010a: DUP1
0000010b: PUSH2 0x011f
0000010e: CALLVALUE
0000010f: PUSH1 0x02
00000111: SLOAD
00000112: PUSH2 0x06f8
00000115: SWAP1
00000116: SWAP2
00000117: SWAP1
00000118: PUSH4 0xffffffff
0000011d: AND
0000011e: JUMP
0000011f: JUMPDEST
00000120: PUSH1 0x02
00000122: DUP2
00000123: SWAP1
00000124: SSTORE
00000125: POP
00000126: PUSH1 0x00
00000128: PUSH1 0x02
0000012a: SLOAD
0000012b: GT
0000012c: ISZERO
0000012d: ISZERO
0000012e: PUSH2 0x0136
00000131: JUMPI
00000132: PUSH1 0x00
00000134: DUP1
00000135: REVERT
00000136: JUMPDEST
00000137: PUSH1 0x00
00000139: DUP1
0000013a: SWAP1
0000013b: SLOAD
0000013c: SWAP1
0000013d: PUSH2 0x0100
00000140: EXP
00000141: SWAP1
00000142: DIV
00000143: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000158: AND
00000159: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016e: AND
0000016f: PUSH4 0x18160ddd
00000174: PUSH1 0x00
00000176: PUSH1 0x40
00000178: MLOAD
00000179: PUSH1 0x20
0000017b: ADD
0000017c: MSTORE
0000017d: PUSH1 0x40
0000017f: MLOAD
00000180: DUP2
00000181: PUSH4 0xffffffff
00000186: AND
00000187: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
000001a5: MUL
000001a6: DUP2
000001a7: MSTORE
000001a8: PUSH1 0x04
000001aa: ADD
000001ab: PUSH1 0x20
000001ad: PUSH1 0x40
000001af: MLOAD
000001b0: DUP1
000001b1: DUP4
000001b2: SUB
000001b3: DUP2
000001b4: PUSH1 0x00
000001b6: DUP8
000001b7: DUP1
000001b8: EXTCODESIZE
000001b9: ISZERO
000001ba: ISZERO
000001bb: PUSH2 0x01c3
000001be: JUMPI
000001bf: PUSH1 0x00
000001c1: DUP1
000001c2: REVERT
000001c3: JUMPDEST
000001c4: PUSH2 0x02c6
000001c7: GAS
000001c8: SUB
000001c9: CALL
000001ca: ISZERO
000001cb: ISZERO
000001cc: PUSH2 0x01d4
000001cf: JUMPI
000001d0: PUSH1 0x00
000001d2: DUP1
000001d3: REVERT
000001d4: JUMPDEST
000001d5: POP
000001d6: POP
000001d7: POP
000001d8: PUSH1 0x40
000001da: MLOAD
000001db: DUP1
000001dc: MLOAD
000001dd: SWAP1
000001de: POP
000001df: SWAP6
000001e0: POP
000001e1: PUSH2 0x01f5
000001e4: DUP7
000001e5: PUSH1 0x02
000001e7: SLOAD
000001e8: PUSH2 0x0716
000001eb: SWAP1
000001ec: SWAP2
000001ed: SWAP1
000001ee: PUSH4 0xffffffff
000001f3: AND
000001f4: JUMP
000001f5: JUMPDEST
000001f6: SWAP5
000001f7: POP
000001f8: PUSH1 0x00
000001fa: DUP6
000001fb: GT
000001fc: ISZERO
000001fd: PUSH2 0x0572
00000200: JUMPI
00000201: PUSH1 0x00
00000203: SWAP4
00000204: POP
00000205: PUSH1 0x01
00000207: SWAP3
00000208: POP
00000209: JUMPDEST
0000020a: PUSH1 0x00
0000020c: DUP1
0000020d: SWAP1
0000020e: SLOAD
0000020f: SWAP1
00000210: PUSH2 0x0100
00000213: EXP
00000214: SWAP1
00000215: DIV
00000216: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000022b: AND
0000022c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000241: AND
00000242: PUSH4 0x73889f4a
00000247: PUSH1 0x00
00000249: PUSH1 0x40
0000024b: MLOAD
0000024c: PUSH1 0x20
0000024e: ADD
0000024f: MSTORE
00000250: PUSH1 0x40
00000252: MLOAD
00000253: DUP2
00000254: PUSH4 0xffffffff
00000259: AND
0000025a: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000278: MUL
00000279: DUP2
0000027a: MSTORE
0000027b: PUSH1 0x04
0000027d: ADD
0000027e: PUSH1 0x20
00000280: PUSH1 0x40
00000282: MLOAD
00000283: DUP1
00000284: DUP4
00000285: SUB
00000286: DUP2
00000287: PUSH1 0x00
00000289: DUP8
0000028a: DUP1
0000028b: EXTCODESIZE
0000028c: ISZERO
0000028d: ISZERO
0000028e: PUSH2 0x0296
00000291: JUMPI
00000292: PUSH1 0x00
00000294: DUP1
00000295: REVERT
00000296: JUMPDEST
00000297: PUSH2 0x02c6
0000029a: GAS
0000029b: SUB
0000029c: CALL
0000029d: ISZERO
0000029e: ISZERO
0000029f: PUSH2 0x02a7
000002a2: JUMPI
000002a3: PUSH1 0x00
000002a5: DUP1
000002a6: REVERT
000002a7: JUMPDEST
000002a8: POP
000002a9: POP
000002aa: POP
000002ab: PUSH1 0x40
000002ad: MLOAD
000002ae: DUP1
000002af: MLOAD
000002b0: SWAP1
000002b1: POP
000002b2: DUP4
000002b3: GT
000002b4: ISZERO
000002b5: ISZERO
000002b6: PUSH2 0x0556
000002b9: JUMPI
000002ba: PUSH1 0x00
000002bc: DUP1
000002bd: SWAP1
000002be: SLOAD
000002bf: SWAP1
000002c0: PUSH2 0x0100
000002c3: EXP
000002c4: SWAP1
000002c5: DIV
000002c6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002db: AND
000002dc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002f1: AND
000002f2: PUSH4 0xe8a96b46
000002f7: DUP5
000002f8: PUSH1 0x00
000002fa: PUSH1 0x40
000002fc: MLOAD
000002fd: PUSH1 0x20
000002ff: ADD
00000300: MSTORE
00000301: PUSH1 0x40
00000303: MLOAD
00000304: DUP3
00000305: PUSH4 0xffffffff
0000030a: AND
0000030b: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000329: MUL
0000032a: DUP2
0000032b: MSTORE
0000032c: PUSH1 0x04
0000032e: ADD
0000032f: DUP1
00000330: DUP3
00000331: DUP2
00000332: MSTORE
00000333: PUSH1 0x20
00000335: ADD
00000336: SWAP2
00000337: POP
00000338: POP
00000339: PUSH1 0x20
0000033b: PUSH1 0x40
0000033d: MLOAD
0000033e: DUP1
0000033f: DUP4
00000340: SUB
00000341: DUP2
00000342: PUSH1 0x00
00000344: DUP8
00000345: DUP1
00000346: EXTCODESIZE
00000347: ISZERO
00000348: ISZERO
00000349: PUSH2 0x0351
0000034c: JUMPI
0000034d: PUSH1 0x00
0000034f: DUP1
00000350: REVERT
00000351: JUMPDEST
00000352: PUSH2 0x02c6
00000355: GAS
00000356: SUB
00000357: CALL
00000358: ISZERO
00000359: ISZERO
0000035a: PUSH2 0x0362
0000035d: JUMPI
0000035e: PUSH1 0x00
00000360: DUP1
00000361: REVERT
00000362: JUMPDEST
00000363: POP
00000364: POP
00000365: POP
00000366: PUSH1 0x40
00000368: MLOAD
00000369: DUP1
0000036a: MLOAD
0000036b: SWAP1
0000036c: POP
0000036d: SWAP2
0000036e: POP
0000036f: PUSH1 0x00
00000371: DUP1
00000372: SWAP1
00000373: SLOAD
00000374: SWAP1
00000375: PUSH2 0x0100
00000378: EXP
00000379: SWAP1
0000037a: DIV
0000037b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000390: AND
00000391: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003a6: AND
000003a7: PUSH4 0x70a08231
000003ac: DUP4
000003ad: PUSH1 0x00
000003af: PUSH1 0x40
000003b1: MLOAD
000003b2: PUSH1 0x20
000003b4: ADD
000003b5: MSTORE
000003b6: PUSH1 0x40
000003b8: MLOAD
000003b9: DUP3
000003ba: PUSH4 0xffffffff
000003bf: AND
000003c0: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
000003de: MUL
000003df: DUP2
000003e0: MSTORE
000003e1: PUSH1 0x04
000003e3: ADD
000003e4: DUP1
000003e5: DUP3
000003e6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003fb: AND
000003fc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000411: AND
00000412: DUP2
00000413: MSTORE
00000414: PUSH1 0x20
00000416: ADD
00000417: SWAP2
00000418: POP
00000419: POP
0000041a: PUSH1 0x20
0000041c: PUSH1 0x40
0000041e: MLOAD
0000041f: DUP1
00000420: DUP4
00000421: SUB
00000422: DUP2
00000423: PUSH1 0x00
00000425: DUP8
00000426: DUP1
00000427: EXTCODESIZE
00000428: ISZERO
00000429: ISZERO
0000042a: PUSH2 0x0432
0000042d: JUMPI
0000042e: PUSH1 0x00
00000430: DUP1
00000431: REVERT
00000432: JUMPDEST
00000433: PUSH2 0x02c6
00000436: GAS
00000437: SUB
00000438: CALL
00000439: ISZERO
0000043a: ISZERO
0000043b: PUSH2 0x0443
0000043e: JUMPI
0000043f: PUSH1 0x00
00000441: DUP1
00000442: REVERT
00000443: JUMPDEST
00000444: POP
00000445: POP
00000446: POP
00000447: PUSH1 0x40
00000449: MLOAD
0000044a: DUP1
0000044b: MLOAD
0000044c: SWAP1
0000044d: POP
0000044e: DUP6
0000044f: MUL
00000450: SWAP1
00000451: POP
00000452: PUSH2 0x04a3
00000455: DUP2
00000456: PUSH1 0x01
00000458: PUSH1 0x00
0000045a: DUP6
0000045b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000470: AND
00000471: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000486: AND
00000487: DUP2
00000488: MSTORE
00000489: PUSH1 0x20
0000048b: ADD
0000048c: SWAP1
0000048d: DUP2
0000048e: MSTORE
0000048f: PUSH1 0x20
00000491: ADD
00000492: PUSH1 0x00
00000494: KECCAK256
00000495: SLOAD
00000496: PUSH2 0x06f8
00000499: SWAP1
0000049a: SWAP2
0000049b: SWAP1
0000049c: PUSH4 0xffffffff
000004a1: AND
000004a2: JUMP
000004a3: JUMPDEST
000004a4: PUSH1 0x01
000004a6: PUSH1 0x00
000004a8: DUP5
000004a9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004be: AND
000004bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004d4: AND
000004d5: DUP2
000004d6: MSTORE
000004d7: PUSH1 0x20
000004d9: ADD
000004da: SWAP1
000004db: DUP2
000004dc: MSTORE
000004dd: PUSH1 0x20
000004df: ADD
000004e0: PUSH1 0x00
000004e2: KECCAK256
000004e3: DUP2
000004e4: SWAP1
000004e5: SSTORE
000004e6: POP
000004e7: DUP2
000004e8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004fd: AND
000004fe: PUSH32 0xc01f5431b0115fdcf7e402c897faa3faad99d1a9f0c380e85cb52352c6b3881b
0000051f: DUP3
00000520: PUSH1 0x40
00000522: MLOAD
00000523: DUP1
00000524: DUP3
00000525: DUP2
00000526: MSTORE
00000527: PUSH1 0x20
00000529: ADD
0000052a: SWAP2
0000052b: POP
0000052c: POP
0000052d: PUSH1 0x40
0000052f: MLOAD
00000530: DUP1
00000531: SWAP2
00000532: SUB
00000533: SWAP1
00000534: LOG2
00000535: PUSH2 0x0547
00000538: DUP2
00000539: DUP6
0000053a: PUSH2 0x06f8
0000053d: SWAP1
0000053e: SWAP2
0000053f: SWAP1
00000540: PUSH4 0xffffffff
00000545: AND
00000546: JUMP
00000547: JUMPDEST
00000548: SWAP4
00000549: POP
0000054a: DUP3
0000054b: DUP1
0000054c: PUSH1 0x01
0000054e: ADD
0000054f: SWAP4
00000550: POP
00000551: POP
00000552: PUSH2 0x0209
00000555: JUMP
00000556: JUMPDEST
00000557: PUSH2 0x056b
0000055a: DUP5
0000055b: PUSH1 0x02
0000055d: SLOAD
0000055e: PUSH2 0x0731
00000561: SWAP1
00000562: SWAP2
00000563: SWAP1
00000564: PUSH4 0xffffffff
00000569: AND
0000056a: JUMP
0000056b: JUMPDEST
0000056c: PUSH1 0x02
0000056e: DUP2
0000056f: SWAP1
00000570: SSTORE
00000571: POP
00000572: JUMPDEST
00000573: PUSH32 0x23b3a9e74bec74a80a1b99fd645e2c39c1de9cbf9dd755dbb426f1449efeda91
00000594: DUP6
00000595: PUSH1 0x40
00000597: MLOAD
00000598: DUP1
00000599: DUP3
0000059a: DUP2
0000059b: MSTORE
0000059c: PUSH1 0x20
0000059e: ADD
0000059f: SWAP2
000005a0: POP
000005a1: POP
000005a2: PUSH1 0x40
000005a4: MLOAD
000005a5: DUP1
000005a6: SWAP2
000005a7: SUB
000005a8: SWAP1
000005a9: LOG1
000005aa: POP
000005ab: POP
000005ac: POP
000005ad: POP
000005ae: POP
000005af: POP
000005b0: JUMP
000005b1: JUMPDEST
000005b2: PUSH1 0x00
000005b4: PUSH1 0x01
000005b6: PUSH1 0x00
000005b8: CALLER
000005b9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005ce: AND
000005cf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005e4: AND
000005e5: DUP2
000005e6: MSTORE
000005e7: PUSH1 0x20
000005e9: ADD
000005ea: SWAP1
000005eb: DUP2
000005ec: MSTORE
000005ed: PUSH1 0x20
000005ef: ADD
000005f0: PUSH1 0x00
000005f2: KECCAK256
000005f3: SLOAD
000005f4: SWAP1
000005f5: POP
000005f6: PUSH1 0x00
000005f8: DUP2
000005f9: GT
000005fa: ISZERO
000005fb: ISZERO
000005fc: PUSH2 0x0604
000005ff: JUMPI
00000600: PUSH1 0x00
00000602: DUP1
00000603: REVERT
00000604: JUMPDEST
00000605: PUSH1 0x00
00000607: PUSH1 0x01
00000609: PUSH1 0x00
0000060b: CALLER
0000060c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000621: AND
00000622: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000637: AND
00000638: DUP2
00000639: MSTORE
0000063a: PUSH1 0x20
0000063c: ADD
0000063d: SWAP1
0000063e: DUP2
0000063f: MSTORE
00000640: PUSH1 0x20
00000642: ADD
00000643: PUSH1 0x00
00000645: KECCAK256
00000646: DUP2
00000647: SWAP1
00000648: SSTORE
00000649: POP
0000064a: CALLER
0000064b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000660: AND
00000661: PUSH2 0x08fc
00000664: DUP3
00000665: SWAP1
00000666: DUP2
00000667: ISZERO
00000668: MUL
00000669: SWAP1
0000066a: PUSH1 0x40
0000066c: MLOAD
0000066d: PUSH1 0x00
0000066f: PUSH1 0x40
00000671: MLOAD
00000672: DUP1
00000673: DUP4
00000674: SUB
00000675: DUP2
00000676: DUP6
00000677: DUP9
00000678: DUP9
00000679: CALL
0000067a: SWAP4
0000067b: POP
0000067c: POP
0000067d: POP
0000067e: POP
0000067f: ISZERO
00000680: ISZERO
00000681: PUSH2 0x0689
00000684: JUMPI
00000685: PUSH1 0x00
00000687: DUP1
00000688: REVERT
00000689: JUMPDEST
0000068a: CALLER
0000068b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006a0: AND
000006a1: PUSH32 0xc03f16347217ec95b1d2a942bd11bd3c6dde728406dd9b548cc22acc8e44d66d
000006c2: DUP3
000006c3: PUSH1 0x40
000006c5: MLOAD
000006c6: DUP1
000006c7: DUP3
000006c8: DUP2
000006c9: MSTORE
000006ca: PUSH1 0x20
000006cc: ADD
000006cd: SWAP2
000006ce: POP
000006cf: POP
000006d0: PUSH1 0x40
000006d2: MLOAD
000006d3: DUP1
000006d4: SWAP2
000006d5: SUB
000006d6: SWAP1
000006d7: LOG2
000006d8: POP
000006d9: JUMP
000006da: JUMPDEST
000006db: PUSH1 0x02
000006dd: SLOAD
000006de: DUP2
000006df: JUMP
000006e0: JUMPDEST
000006e1: PUSH1 0x01
000006e3: PUSH1 0x20
000006e5: MSTORE
000006e6: DUP1
000006e7: PUSH1 0x00
000006e9: MSTORE
000006ea: PUSH1 0x40
000006ec: PUSH1 0x00
000006ee: KECCAK256
000006ef: PUSH1 0x00
000006f1: SWAP2
000006f2: POP
000006f3: SWAP1
000006f4: POP
000006f5: SLOAD
000006f6: DUP2
000006f7: JUMP
000006f8: JUMPDEST
000006f9: PUSH1 0x00
000006fb: DUP1
000006fc: DUP3
000006fd: DUP5
000006fe: ADD
000006ff: SWAP1
00000700: POP
00000701: DUP4
00000702: DUP2
00000703: LT
00000704: ISZERO
00000705: ISZERO
00000706: ISZERO
00000707: PUSH2 0x070c
0000070a: JUMPI
0000070b: INVALID
0000070c: JUMPDEST
0000070d: DUP1
0000070e: SWAP2
0000070f: POP
00000710: POP
00000711: SWAP3
00000712: SWAP2
00000713: POP
00000714: POP
00000715: JUMP
00000716: JUMPDEST
00000717: PUSH1 0x00
00000719: DUP1
0000071a: DUP3
0000071b: DUP5
0000071c: DUP2
0000071d: ISZERO
0000071e: ISZERO
0000071f: PUSH2 0x0724
00000722: JUMPI
00000723: INVALID
00000724: JUMPDEST
00000725: DIV
00000726: SWAP1
00000727: POP
00000728: DUP1
00000729: SWAP2
0000072a: POP
0000072b: POP
0000072c: SWAP3
0000072d: SWAP2
0000072e: POP
0000072f: POP
00000730: JUMP
00000731: JUMPDEST
00000732: PUSH1 0x00
00000734: DUP3
00000735: DUP3
00000736: GT
00000737: ISZERO
00000738: ISZERO
00000739: ISZERO
0000073a: PUSH2 0x073f
0000073d: JUMPI
0000073e: INVALID
0000073f: JUMPDEST
00000740: DUP2
00000741: DUP4
00000742: SUB
00000743: SWAP1
00000744: POP
00000745: SWAP3
00000746: SWAP2
00000747: POP
00000748: POP
00000749: JUMP
0000074a: STOP
0000074b: LOG1
0000074c: PUSH6 0x627a7a723058
00000753: KECCAK256
00000754: CODECOPY
00000755: DUP10
00000756: BLOBBASEFEE
00000757: PUSH10 0x4450773307b508ccc9c5
00000762: UNKNOWN(0xBD)
00000763: KECCAK256
00000764: DUP12
00000765: PUSH17

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	other	detector	Untrusted CALL target/value reachable	60	yes	yes	view trace_id: 0x67620fb5225294a756c42f65d4a7421b04d75f81fb5a95f44428bda490eb9388 call_targets: 0xb58f5f3adcbe928ea343c12d047656c59b3c1f2a, 0xc6a5cc090b709ee71080effff3b0dddbd9d9d8e4 target_varies: yes classification: target_varies validation_json { "sink": "CALL", "errors": 0, "status": "confirmed", "attempts": 1, "trace_id": "0x67620fb5225294a756c42f65d4a7421b04d75f81fb5a95f44428bda490eb9388", "confirmed": true, "trace_mode": "callTracer", "call_targets": [ "0xb58f5f3adcbe928ea343c12d047656c59b3c1f2a", "0xc6a5cc090b709ee71080effff3b0dddbd9d9d8e4" ], "matched_probe": null, "target_varies": true, "classification": "target_varies" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x0b6826ca", "selector": "0x0b6826ca", "calldata_variants": [ "0x0b6826ca", "0x0b6826ca0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x6a474002", "selector": "0x6a474002", "calldata_variants": [ "0x6a474002", "0x6a4740020000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x752329ec", "selector": "0x752329ec", "calldata_variants": [ "0x752329ec", "0x752329ec0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf3f43703", "selector": "0xf3f43703", "calldata_variants": [ "0xf3f43703", "0xf3f437030000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 457, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 668, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 855, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 5, "guards_detected": [], "untrusted_call_count": 5 }
high	other	detector	ETH value transfer possible	55	yes	yes	view trace_id: 0x67620fb5225294a756c42f65d4a7421b04d75f81fb5a95f44428bda490eb9388 call_targets: 0xb58f5f3adcbe928ea343c12d047656c59b3c1f2a, 0xc6a5cc090b709ee71080effff3b0dddbd9d9d8e4 target_varies: yes classification: target_varies validation_json { "sink": "CALL", "errors": 0, "status": "confirmed", "attempts": 1, "trace_id": "0x67620fb5225294a756c42f65d4a7421b04d75f81fb5a95f44428bda490eb9388", "confirmed": true, "trace_mode": "callTracer", "call_targets": [ "0xb58f5f3adcbe928ea343c12d047656c59b3c1f2a", "0xc6a5cc090b709ee71080effff3b0dddbd9d9d8e4" ], "matched_probe": null, "target_varies": true, "classification": "target_varies" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x0b6826ca", "selector": "0x0b6826ca", "calldata_variants": [ "0x0b6826ca", "0x0b6826ca0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x6a474002", "selector": "0x6a474002", "calldata_variants": [ "0x6a474002", "0x6a4740020000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x752329ec", "selector": "0x752329ec", "calldata_variants": [ "0x752329ec", "0x752329ec0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf3f43703", "selector": "0xf3f43703", "calldata_variants": [ "0xf3f43703", "0xf3f437030000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 457, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 668, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 855, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 5, "guards_detected": [] }
medium	reentrancy	slither	Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):	75	no	—	view evidence_json { "impact": "Medium", "detector": "reentrancy-no-eth", "elements": [ { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } }, { "name": "totalSupply = unicornDividendToken.totalSupply()", "type": "node", "source_mapping": { "lines": [ 96, 97, 98 ], "start": 3581, "length": 56, "ending_column": 26, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 11, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "i <= unicornDividendToken.getHoldersCount()", "type": "node", "source_mapping": { "lines": [ 102, 103 ], "start": 3870, "length": 43, "ending_column": 32, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 28, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "holder = unicornDividendToken.getHolder(i)", "type": "node", "source_mapping": { "lines": [ 103, 104 ], "start": 3938, "length": 50, "ending_column": 48, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 57, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder)", "type": "node", "source_mapping": { "lines": [ 104, 105 ], "start": 4006, "length": 77, "ending_column": 58, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 66, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } } ], "locations": [ { "file": "contracts/Contract.sol", "name": "payDividend", "type": "function", "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ] }, { "file": "contracts/Contract.sol", "name": "totalSupply = unicornDividendToken.totalSupply()", "type": "node", "lines": [ 96, 97, 98 ] }, { "file": "contracts/Contract.sol", "name": "i <= unicornDividendToken.getHoldersCount()", "type": "node", "lines": [ 102, 103 ] }, { "file": "contracts/Contract.sol", "name": "holder = unicornDividendToken.getHolder(i)", "type": "node", "lines": [ 103, 104 ] }, { "file": "contracts/Contract.sol", "name": "withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder)", "type": "node", "lines": [ 104, 105 ] }, { "file": "contracts/Contract.sol", "name": "pendingWithdrawals[holder] = pendingWithdrawals[holder].add(withdrawal)", "type": "node", "lines": [ 106 ] } ], "description": "Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):\n\tExternal calls:\n\t- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)\n\t- i <= unicornDividendToken.getHoldersCount() (contracts/Contract.sol#102-103)\n\t- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)\n\t- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)\n\tState variables written after the call(s):\n\t- pendingWithdrawals[holder] = pendingWithdrawals[holder].add(withdrawal) (contracts/Contract.sol#106)\n\tDividendManager.pendingWithdrawals (contracts/Contract.sol#64-66) can be used in cross function reentrancies:\n\t- DividendManager.payDividend() (contracts/Contract.sol#88-111)\n\t- DividendManager.pendingWithdrawals (contracts/Contract.sol#64-66)\n\t- DividendManager.withdrawDividend() (contracts/Contract.sol#113-120)" }
medium	reentrancy	slither	Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):	75	no	—	view evidence_json { "impact": "Medium", "detector": "reentrancy-no-eth", "elements": [ { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } }, { "name": "totalSupply = unicornDividendToken.totalSupply()", "type": "node", "source_mapping": { "lines": [ 96, 97, 98 ], "start": 3581, "length": 56, "ending_column": 26, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 11, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "holder = unicornDividendToken.getHolder(i)", "type": "node", "source_mapping": { "lines": [ 103, 104 ], "start": 3938, "length": 50, "ending_column": 48, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 57, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder)", "type": "node", "source_mapping": { "lines": [ 104, 105 ], "start": 4006, "length": 77, "ending_column": 58, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 66, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "underlying_type": "external_calls" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } }, { "name": "retainedEarning = retainedEarning.sub(totalPaidOut)", "type": "node", "source_mapping": { "lines": [ 108, 109 ], "start": 4318, "length": 51, "ending_column": 31, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 38, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "additional_fields": { "variable_name": "retainedEarning", "underlying_type": "variables_written" }, "type_specific_fields": { "parent": { "name": "payDividend", "type": "function", "source_mapping": { "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ], "start": 3378, "length": 1050, "ending_column": 13, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 159, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "DividendManager", "type": "contract", "source_mapping": { "lines": [ 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120 ], "start": 1949, "length": 2814, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 12, "filename_absolute": "/tmp/slither-h2rdmwv6/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "payDividend()" } } } } ], "locations": [ { "file": "contracts/Contract.sol", "name": "payDividend", "type": "function", "lines": [ 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111 ] }, { "file": "contracts/Contract.sol", "name": "totalSupply = unicornDividendToken.totalSupply()", "type": "node", "lines": [ 96, 97, 98 ] }, { "file": "contracts/Contract.sol", "name": "holder = unicornDividendToken.getHolder(i)", "type": "node", "lines": [ 103, 104 ] }, { "file": "contracts/Contract.sol", "name": "withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder)", "type": "node", "lines": [ 104, 105 ] }, { "file": "contracts/Contract.sol", "name": "retainedEarning = retainedEarning.sub(totalPaidOut)", "type": "node", "lines": [ 108, 109 ] } ], "description": "Reentrancy in DividendManager.payDividend() (contracts/Contract.sol#88-111):\n\tExternal calls:\n\t- totalSupply = unicornDividendToken.totalSupply() (contracts/Contract.sol#96-98)\n\t- holder = unicornDividendToken.getHolder(i) (contracts/Contract.sol#103-104)\n\t- withdrawal = paymentPerShare * unicornDividendToken.balanceOf(holder) (contracts/Contract.sol#104-105)\n\tState variables written after the call(s):\n\t- retainedEarning = retainedEarning.sub(totalPaidOut) (contracts/Contract.sol#108-109)\n\tDividendManager.retainedEarning (contracts/Contract.sol#81) can be used in cross function reentrancies:\n\t- DividendManager.payDividend() (contracts/Contract.sol#88-111)\n\t- DividendManager.retainedEarning (contracts/Contract.sol#81)" }