TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-af20-72b9-8da0-baee72cf12f1

complete
Chain ID
1
Address
0xa07e23c6943c1402d9089ca4f22db1bd652bfd7b
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
2
Validated
2
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
21721 artifact.fetch complete 1 / 3 3 months ago
21722 tool.cast_disasm complete 1 / 3 3 months ago
64826 analysis.bundle complete 1 / 3 1 week ago
64827 capability.graph complete 1 / 3 1 week ago
64828 detector.run complete 1 / 3 1 week ago
64829 validation.fork complete 1 / 3 1 week ago
113482 report.consolidate complete 1 / 6 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
View stderr 
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-pabfxoq_
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c95-50cb-70d0-810b-4c2f61c50b8b
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
Metadata 
{
    "codex": {
        "ran_at": "2026-04-05T07:39:44.292840+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 3770,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
3
Total opcodes
851
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x008e
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0x2a31439e
0000003c: EQ
0000003d: PUSH2 0x025f
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0x38af3eed
00000047: EQ
00000048: PUSH2 0x02b6
0000004b: JUMPI
0000004c: DUP1
0000004d: PUSH4 0x6e66f6e9
00000052: EQ
00000053: PUSH2 0x030d
00000056: JUMPI
00000057: DUP1
00000058: PUSH4 0x70a08231
0000005d: EQ
0000005e: PUSH2 0x0364
00000061: JUMPI
00000062: DUP1
00000063: PUSH4 0x7b3e5e7b
00000068: EQ
00000069: PUSH2 0x03bb
0000006c: JUMPI
0000006d: DUP1
0000006e: PUSH4 0xa035b1fe
00000073: EQ
00000074: PUSH2 0x03e6
00000077: JUMPI
00000078: DUP1
00000079: PUSH4 0xa5cc2ed4
0000007e: EQ
0000007f: PUSH2 0x0411
00000082: JUMPI
00000083: DUP1
00000084: PUSH4 0xc58125bc
00000089: EQ
0000008a: PUSH2 0x043e
0000008d: JUMPI
0000008e: JUMPDEST
0000008f: PUSH1 0x00
00000091: CALLVALUE
00000092: SWAP1
00000093: POP
00000094: DUP1
00000095: PUSH1 0x05
00000097: PUSH1 0x00
00000099: CALLER
0000009a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000af: AND
000000b0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000c5: AND
000000c6: DUP2
000000c7: MSTORE
000000c8: PUSH1 0x20
000000ca: ADD
000000cb: SWAP1
000000cc: DUP2
000000cd: MSTORE
000000ce: PUSH1 0x20
000000d0: ADD
000000d1: PUSH1 0x00
000000d3: KECCAK256
000000d4: PUSH1 0x00
000000d6: DUP3
000000d7: DUP3
000000d8: SLOAD
000000d9: ADD
000000da: SWAP3
000000db: POP
000000dc: POP
000000dd: DUP2
000000de: SWAP1
000000df: SSTORE
000000e0: POP
000000e1: DUP1
000000e2: PUSH1 0x02
000000e4: PUSH1 0x00
000000e6: DUP3
000000e7: DUP3
000000e8: SLOAD
000000e9: ADD
000000ea: SWAP3
000000eb: POP
000000ec: POP
000000ed: DUP2
000000ee: SWAP1
000000ef: SSTORE
000000f0: POP
000000f1: PUSH1 0x04
000000f3: PUSH1 0x00
000000f5: SWAP1
000000f6: SLOAD
000000f7: SWAP1
000000f8: PUSH2 0x0100
000000fb: EXP
000000fc: SWAP1
000000fd: DIV
000000fe: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000113: AND
00000114: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000129: AND
0000012a: PUSH4 0xa9059cbb
0000012f: CALLER
00000130: PUSH1 0x03
00000132: SLOAD
00000133: PUSH8 0x0de0b6b3a7640000
0000013c: DUP6
0000013d: MUL
0000013e: DUP2
0000013f: ISZERO
00000140: ISZERO
00000141: PUSH2 0x0146
00000144: JUMPI
00000145: INVALID
00000146: JUMPDEST
00000147: DIV
00000148: PUSH1 0x40
0000014a: MLOAD
0000014b: DUP4
0000014c: PUSH4 0xffffffff
00000151: AND
00000152: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000170: MUL
00000171: DUP2
00000172: MSTORE
00000173: PUSH1 0x04
00000175: ADD
00000176: DUP1
00000177: DUP4
00000178: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018d: AND
0000018e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a3: AND
000001a4: DUP2
000001a5: MSTORE
000001a6: PUSH1 0x20
000001a8: ADD
000001a9: DUP3
000001aa: DUP2
000001ab: MSTORE
000001ac: PUSH1 0x20
000001ae: ADD
000001af: SWAP3
000001b0: POP
000001b1: POP
000001b2: POP
000001b3: PUSH1 0x00
000001b5: PUSH1 0x40
000001b7: MLOAD
000001b8: DUP1
000001b9: DUP4
000001ba: SUB
000001bb: DUP2
000001bc: PUSH1 0x00
000001be: DUP8
000001bf: DUP1
000001c0: EXTCODESIZE
000001c1: ISZERO
000001c2: DUP1
000001c3: ISZERO
000001c4: PUSH2 0x01cc
000001c7: JUMPI
000001c8: PUSH1 0x00
000001ca: DUP1
000001cb: REVERT
000001cc: JUMPDEST
000001cd: POP
000001ce: GAS
000001cf: CALL
000001d0: ISZERO
000001d1: DUP1
000001d2: ISZERO
000001d3: PUSH2 0x01e0
000001d6: JUMPI
000001d7: RETURNDATASIZE
000001d8: PUSH1 0x00
000001da: DUP1
000001db: RETURNDATACOPY
000001dc: RETURNDATASIZE
000001dd: PUSH1 0x00
000001df: REVERT
000001e0: JUMPDEST
000001e1: POP
000001e2: POP
000001e3: POP
000001e4: POP
000001e5: PUSH32 0xe842aea7a5f1b01049d752008c53c52890b1a6daf660cf39e8eec506112bbdf6
00000206: CALLER
00000207: DUP3
00000208: PUSH1 0x01
0000020a: PUSH1 0x40
0000020c: MLOAD
0000020d: DUP1
0000020e: DUP5
0000020f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000224: AND
00000225: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000023a: AND
0000023b: DUP2
0000023c: MSTORE
0000023d: PUSH1 0x20
0000023f: ADD
00000240: DUP4
00000241: DUP2
00000242: MSTORE
00000243: PUSH1 0x20
00000245: ADD
00000246: DUP3
00000247: ISZERO
00000248: ISZERO
00000249: ISZERO
0000024a: ISZERO
0000024b: DUP2
0000024c: MSTORE
0000024d: PUSH1 0x20
0000024f: ADD
00000250: SWAP4
00000251: POP
00000252: POP
00000253: POP
00000254: POP
00000255: PUSH1 0x40
00000257: MLOAD
00000258: DUP1
00000259: SWAP2
0000025a: SUB
0000025b: SWAP1
0000025c: LOG1
0000025d: POP
0000025e: STOP
0000025f: JUMPDEST
00000260: CALLVALUE
00000261: DUP1
00000262: ISZERO
00000263: PUSH2 0x026b
00000266: JUMPI
00000267: PUSH1 0x00
00000269: DUP1
0000026a: REVERT
0000026b: JUMPDEST
0000026c: POP
0000026d: PUSH2 0x0274
00000270: PUSH2 0x046b
00000273: JUMP
00000274: JUMPDEST
00000275: PUSH1 0x40
00000277: MLOAD
00000278: DUP1
00000279: DUP3
0000027a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000028f: AND
00000290: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002a5: AND
000002a6: DUP2
000002a7: MSTORE
000002a8: PUSH1 0x20
000002aa: ADD
000002ab: SWAP2
000002ac: POP
000002ad: POP
000002ae: PUSH1 0x40
000002b0: MLOAD
000002b1: DUP1
000002b2: SWAP2
000002b3: SUB
000002b4: SWAP1
000002b5: RETURN
000002b6: JUMPDEST
000002b7: CALLVALUE
000002b8: DUP1
000002b9: ISZERO
000002ba: PUSH2 0x02c2
000002bd: JUMPI
000002be: PUSH1 0x00
000002c0: DUP1
000002c1: REVERT
000002c2: JUMPDEST
000002c3: POP
000002c4: PUSH2 0x02cb
000002c7: PUSH2 0x0491
000002ca: JUMP
000002cb: JUMPDEST
000002cc: PUSH1 0x40
000002ce: MLOAD
000002cf: DUP1
000002d0: DUP3
000002d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002e6: AND
000002e7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002fc: AND
000002fd: DUP2
000002fe: MSTORE
000002ff: PUSH1 0x20
00000301: ADD
00000302: SWAP2
00000303: POP
00000304: POP
00000305: PUSH1 0x40
00000307: MLOAD
00000308: DUP1
00000309: SWAP2
0000030a: SUB
0000030b: SWAP1
0000030c: RETURN
0000030d: JUMPDEST
0000030e: CALLVALUE
0000030f: DUP1
00000310: ISZERO
00000311: PUSH2 0x0319
00000314: JUMPI
00000315: PUSH1 0x00
00000317: DUP1
00000318: REVERT
00000319: JUMPDEST
0000031a: POP
0000031b: PUSH2 0x0322
0000031e: PUSH2 0x04b6
00000321: JUMP
00000322: JUMPDEST
00000323: PUSH1 0x40
00000325: MLOAD
00000326: DUP1
00000327: DUP3
00000328: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000033d: AND
0000033e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000353: AND
00000354: DUP2
00000355: MSTORE
00000356: PUSH1 0x20
00000358: ADD
00000359: SWAP2
0000035a: POP
0000035b: POP
0000035c: PUSH1 0x40
0000035e: MLOAD
0000035f: DUP1
00000360: SWAP2
00000361: SUB
00000362: SWAP1
00000363: RETURN
00000364: JUMPDEST
00000365: CALLVALUE
00000366: DUP1
00000367: ISZERO
00000368: PUSH2 0x0370
0000036b: JUMPI
0000036c: PUSH1 0x00
0000036e: DUP1
0000036f: REVERT
00000370: JUMPDEST
00000371: POP
00000372: PUSH2 0x03a5
00000375: PUSH1 0x04
00000377: DUP1
00000378: CALLDATASIZE
00000379: SUB
0000037a: DUP2
0000037b: ADD
0000037c: SWAP1
0000037d: DUP1
0000037e: DUP1
0000037f: CALLDATALOAD
00000380: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000395: AND
00000396: SWAP1
00000397: PUSH1 0x20
00000399: ADD
0000039a: SWAP1
0000039b: SWAP3
0000039c: SWAP2
0000039d: SWAP1
0000039e: POP
0000039f: POP
000003a0: POP
000003a1: PUSH2 0x04dc
000003a4: JUMP
000003a5: JUMPDEST
000003a6: PUSH1 0x40
000003a8: MLOAD
000003a9: DUP1
000003aa: DUP3
000003ab: DUP2
000003ac: MSTORE
000003ad: PUSH1 0x20
000003af: ADD
000003b0: SWAP2
000003b1: POP
000003b2: POP
000003b3: PUSH1 0x40
000003b5: MLOAD
000003b6: DUP1
000003b7: SWAP2
000003b8: SUB
000003b9: SWAP1
000003ba: RETURN
000003bb: JUMPDEST
000003bc: CALLVALUE
000003bd: DUP1
000003be: ISZERO
000003bf: PUSH2 0x03c7
000003c2: JUMPI
000003c3: PUSH1 0x00
000003c5: DUP1
000003c6: REVERT
000003c7: JUMPDEST
000003c8: POP
000003c9: PUSH2 0x03d0
000003cc: PUSH2 0x04f4
000003cf: JUMP
000003d0: JUMPDEST
000003d1: PUSH1 0x40
000003d3: MLOAD
000003d4: DUP1
000003d5: DUP3
000003d6: DUP2
000003d7: MSTORE
000003d8: PUSH1 0x20
000003da: ADD
000003db: SWAP2
000003dc: POP
000003dd: POP
000003de: PUSH1 0x40
000003e0: MLOAD
000003e1: DUP1
000003e2: SWAP2
000003e3: SUB
000003e4: SWAP1
000003e5: RETURN
000003e6: JUMPDEST
000003e7: CALLVALUE
000003e8: DUP1
000003e9: ISZERO
000003ea: PUSH2 0x03f2
000003ed: JUMPI
000003ee: PUSH1 0x00
000003f0: DUP1
000003f1: REVERT
000003f2: JUMPDEST
000003f3: POP
000003f4: PUSH2 0x03fb
000003f7: PUSH2 0x04fa
000003fa: JUMP
000003fb: JUMPDEST
000003fc: PUSH1 0x40
000003fe: MLOAD
000003ff: DUP1
00000400: DUP3
00000401: DUP2
00000402: MSTORE
00000403: PUSH1 0x20
00000405: ADD
00000406: SWAP2
00000407: POP
00000408: POP
00000409: PUSH1 0x40
0000040b: MLOAD
0000040c: DUP1
0000040d: SWAP2
0000040e: SUB
0000040f: SWAP1
00000410: RETURN
00000411: JUMPDEST
00000412: CALLVALUE
00000413: DUP1
00000414: ISZERO
00000415: PUSH2 0x041d
00000418: JUMPI
00000419: PUSH1 0x00
0000041b: DUP1
0000041c: REVERT
0000041d: JUMPDEST
0000041e: POP
0000041f: PUSH2 0x043c
00000422: PUSH1 0x04
00000424: DUP1
00000425: CALLDATASIZE
00000426: SUB
00000427: DUP2
00000428: ADD
00000429: SWAP1
0000042a: DUP1
0000042b: DUP1
0000042c: CALLDATALOAD
0000042d: SWAP1
0000042e: PUSH1 0x20
00000430: ADD
00000431: SWAP1
00000432: SWAP3
00000433: SWAP2
00000434: SWAP1
00000435: POP
00000436: POP
00000437: POP
00000438: PUSH2 0x0500
0000043b: JUMP
0000043c: JUMPDEST
0000043d: STOP
0000043e: JUMPDEST
0000043f: CALLVALUE
00000440: DUP1
00000441: ISZERO
00000442: PUSH2 0x044a
00000445: JUMPI
00000446: PUSH1 0x00
00000448: DUP1
00000449: REVERT
0000044a: JUMPDEST
0000044b: POP
0000044c: PUSH2 0x0469
0000044f: PUSH1 0x04
00000451: DUP1
00000452: CALLDATASIZE
00000453: SUB
00000454: DUP2
00000455: ADD
00000456: SWAP1
00000457: DUP1
00000458: DUP1
00000459: CALLDATALOAD
0000045a: SWAP1
0000045b: PUSH1 0x20
0000045d: ADD
0000045e: SWAP1
0000045f: SWAP3
00000460: SWAP2
00000461: SWAP1
00000462: POP
00000463: POP
00000464: POP
00000465: PUSH2 0x0663
00000468: JUMP
00000469: JUMPDEST
0000046a: STOP
0000046b: JUMPDEST
0000046c: PUSH1 0x01
0000046e: PUSH1 0x00
00000470: SWAP1
00000471: SLOAD
00000472: SWAP1
00000473: PUSH2 0x0100
00000476: EXP
00000477: SWAP1
00000478: DIV
00000479: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000048e: AND
0000048f: DUP2
00000490: JUMP
00000491: JUMPDEST
00000492: PUSH1 0x00
00000494: DUP1
00000495: SWAP1
00000496: SLOAD
00000497: SWAP1
00000498: PUSH2 0x0100
0000049b: EXP
0000049c: SWAP1
0000049d: DIV
0000049e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004b3: AND
000004b4: DUP2
000004b5: JUMP
000004b6: JUMPDEST
000004b7: PUSH1 0x04
000004b9: PUSH1 0x00
000004bb: SWAP1
000004bc: SLOAD
000004bd: SWAP1
000004be: PUSH2 0x0100
000004c1: EXP
000004c2: SWAP1
000004c3: DIV
000004c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004d9: AND
000004da: DUP2
000004db: JUMP
000004dc: JUMPDEST
000004dd: PUSH1 0x05
000004df: PUSH1 0x20
000004e1: MSTORE
000004e2: DUP1
000004e3: PUSH1 0x00
000004e5: MSTORE
000004e6: PUSH1 0x40
000004e8: PUSH1 0x00
000004ea: KECCAK256
000004eb: PUSH1 0x00
000004ed: SWAP2
000004ee: POP
000004ef: SWAP1
000004f0: POP
000004f1: SLOAD
000004f2: DUP2
000004f3: JUMP
000004f4: JUMPDEST
000004f5: PUSH1 0x02
000004f7: SLOAD
000004f8: DUP2
000004f9: JUMP
000004fa: JUMPDEST
000004fb: PUSH1 0x03
000004fd: SLOAD
000004fe: DUP2
000004ff: JUMP
00000500: JUMPDEST
00000501: PUSH1 0x00
00000503: DUP2
00000504: SWAP1
00000505: POP
00000506: PUSH1 0x01
00000508: PUSH1 0x00
0000050a: SWAP1
0000050b: SLOAD
0000050c: SWAP1
0000050d: PUSH2 0x0100
00000510: EXP
00000511: SWAP1
00000512: DIV
00000513: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000528: AND
00000529: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000053e: AND
0000053f: CALLER
00000540: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000555: AND
00000556: EQ
00000557: ISZERO
00000558: ISZERO
00000559: PUSH2 0x0561
0000055c: JUMPI
0000055d: PUSH1 0x00
0000055f: DUP1
00000560: REVERT
00000561: JUMPDEST
00000562: PUSH1 0x04
00000564: PUSH1 0x00
00000566: SWAP1
00000567: SLOAD
00000568: SWAP1
00000569: PUSH2 0x0100
0000056c: EXP
0000056d: SWAP1
0000056e: DIV
0000056f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000584: AND
00000585: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000059a: AND
0000059b: PUSH4 0xa9059cbb
000005a0: PUSH1 0x00
000005a2: DUP1
000005a3: SWAP1
000005a4: SLOAD
000005a5: SWAP1
000005a6: PUSH2 0x0100
000005a9: EXP
000005aa: SWAP1
000005ab: DIV
000005ac: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005c1: AND
000005c2: DUP4
000005c3: PUSH1 0x40
000005c5: MLOAD
000005c6: DUP4
000005c7: PUSH4 0xffffffff
000005cc: AND
000005cd: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
000005eb: MUL
000005ec: DUP2
000005ed: MSTORE
000005ee: PUSH1 0x04
000005f0: ADD
000005f1: DUP1
000005f2: DUP4
000005f3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000608: AND
00000609: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000061e: AND
0000061f: DUP2
00000620: MSTORE
00000621: PUSH1 0x20
00000623: ADD
00000624: DUP3
00000625: DUP2
00000626: MSTORE
00000627: PUSH1 0x20
00000629: ADD
0000062a: SWAP3
0000062b: POP
0000062c: POP
0000062d: POP
0000062e: PUSH1 0x00
00000630: PUSH1 0x40
00000632: MLOAD
00000633: DUP1
00000634: DUP4
00000635: SUB
00000636: DUP2
00000637: PUSH1 0x00
00000639: DUP8
0000063a: DUP1
0000063b: EXTCODESIZE
0000063c: ISZERO
0000063d: DUP1
0000063e: ISZERO
0000063f: PUSH2 0x0647
00000642: JUMPI
00000643: PUSH1 0x00
00000645: DUP1
00000646: REVERT
00000647: JUMPDEST
00000648: POP
00000649: GAS
0000064a: CALL
0000064b: ISZERO
0000064c: DUP1
0000064d: ISZERO
0000064e: PUSH2 0x065b
00000651: JUMPI
00000652: RETURNDATASIZE
00000653: PUSH1 0x00
00000655: DUP1
00000656: RETURNDATACOPY
00000657: RETURNDATASIZE
00000658: PUSH1 0x00
0000065a: REVERT
0000065b: JUMPDEST
0000065c: POP
0000065d: POP
0000065e: POP
0000065f: POP
00000660: POP
00000661: POP
00000662: JUMP
00000663: JUMPDEST
00000664: PUSH1 0x00
00000666: DUP2
00000667: SWAP1
00000668: POP
00000669: PUSH1 0x01
0000066b: PUSH1 0x00
0000066d: SWAP1
0000066e: SLOAD
0000066f: SWAP1
00000670: PUSH2 0x0100
00000673: EXP
00000674: SWAP1
00000675: DIV
00000676: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000068b: AND
0000068c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006a1: AND
000006a2: CALLER
000006a3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006b8: AND
000006b9: EQ
000006ba: ISZERO
000006bb: ISZERO
000006bc: PUSH2 0x06c4
000006bf: JUMPI
000006c0: PUSH1 0x00
000006c2: DUP1
000006c3: REVERT
000006c4: JUMPDEST
000006c5: PUSH1 0x00
000006c7: DUP1
000006c8: SWAP1
000006c9: SLOAD
000006ca: SWAP1
000006cb: PUSH2 0x0100
000006ce: EXP
000006cf: SWAP1
000006d0: DIV
000006d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006e6: AND
000006e7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006fc: AND
000006fd: PUSH2 0x08fc
00000700: DUP3
00000701: SWAP1
00000702: DUP2
00000703: ISZERO
00000704: MUL
00000705: SWAP1
00000706: PUSH1 0x40
00000708: MLOAD
00000709: PUSH1 0x00
0000070b: PUSH1 0x40
0000070d: MLOAD
0000070e: DUP1
0000070f: DUP4
00000710: SUB
00000711: DUP2
00000712: DUP6
00000713: DUP9
00000714: DUP9
00000715: CALL
00000716: SWAP4
00000717: POP
00000718: POP
00000719: POP
0000071a: POP
0000071b: ISZERO
0000071c: DUP1
0000071d: ISZERO
0000071e: PUSH2 0x072b
00000721: JUMPI
00000722: RETURNDATASIZE
00000723: PUSH1 0x00
00000725: DUP1
00000726: RETURNDATACOPY
00000727: RETURNDATASIZE
00000728: PUSH1 0x00
0000072a: REVERT
0000072b: JUMPDEST
0000072c: POP
0000072d: POP
0000072e: POP
0000072f: JUMP
00000730: STOP
00000731: LOG1
00000732: PUSH6 0x627a7a723058
00000739: KECCAK256
0000073a: BALANCE
0000073b: UNKNOWN(0x0E)
0000073c: UNKNOWN(0xCB)
0000073d: UNKNOWN(0xAB)
0000073e: UNKNOWN(0xDE)
0000073f: UNKNOWN(0xCC)
00000740: UNKNOWN(0xF6)
00000741: JUMP
00000742: UNKNOWN(0xBA)
00000743: PUSH11 0x41871a74bcb6b9f2795e97
0000074f: TLOAD
00000750: PUSH31

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 yes yes
view
trace_id: 0xb3e8aee402c04bbc3f099fbbb055b51ec0f1da903d89d93770ea589498a21bc6
call_targets: 0x7050f87ca2691761f996c5060530c38c2a1288fa, 0xa07e23c6943c1402d9089ca4f22db1bd652bfd7b
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xb3e8aee402c04bbc3f099fbbb055b51ec0f1da903d89d93770ea589498a21bc6",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x7050f87ca2691761f996c5060530c38c2a1288fa",
        "0xa07e23c6943c1402d9089ca4f22db1bd652bfd7b"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2a31439e",
            "selector": "0x2a31439e",
            "calldata_variants": [
                "0x2a31439e",
                "0x2a31439e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x38af3eed",
            "selector": "0x38af3eed",
            "calldata_variants": [
                "0x38af3eed",
                "0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e66f6e9",
            "selector": "0x6e66f6e9",
            "calldata_variants": [
                "0x6e66f6e9",
                "0x6e66f6e90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7b3e5e7b",
            "selector": "0x7b3e5e7b",
            "calldata_variants": [
                "0x7b3e5e7b",
                "0x7b3e5e7b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa035b1fe",
            "selector": "0xa035b1fe",
            "calldata_variants": [
                "0xa035b1fe",
                "0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa5cc2ed4",
            "selector": "0xa5cc2ed4",
            "calldata_variants": [
                "0xa5cc2ed4",
                "0xa5cc2ed40000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 463,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1610,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1813,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [
        {
            "pc": 1343,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1698,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 3
}
medium other detector ETH value transfer possible 40 yes yes
view
trace_id: 0xb3e8aee402c04bbc3f099fbbb055b51ec0f1da903d89d93770ea589498a21bc6
call_targets: 0x7050f87ca2691761f996c5060530c38c2a1288fa, 0xa07e23c6943c1402d9089ca4f22db1bd652bfd7b
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0xb3e8aee402c04bbc3f099fbbb055b51ec0f1da903d89d93770ea589498a21bc6",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x7050f87ca2691761f996c5060530c38c2a1288fa",
        "0xa07e23c6943c1402d9089ca4f22db1bd652bfd7b"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2a31439e",
            "selector": "0x2a31439e",
            "calldata_variants": [
                "0x2a31439e",
                "0x2a31439e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x38af3eed",
            "selector": "0x38af3eed",
            "calldata_variants": [
                "0x38af3eed",
                "0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e66f6e9",
            "selector": "0x6e66f6e9",
            "calldata_variants": [
                "0x6e66f6e9",
                "0x6e66f6e90000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x70a08231",
            "selector": "0x70a08231",
            "calldata_variants": [
                "0x70a08231",
                "0x70a082310000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x7b3e5e7b",
            "selector": "0x7b3e5e7b",
            "calldata_variants": [
                "0x7b3e5e7b",
                "0x7b3e5e7b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa035b1fe",
            "selector": "0xa035b1fe",
            "calldata_variants": [
                "0xa035b1fe",
                "0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa5cc2ed4",
            "selector": "0xa5cc2ed4",
            "calldata_variants": [
                "0xa5cc2ed4",
                "0xa5cc2ed40000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 463,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1610,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1813,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": [
        {
            "pc": 1343,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1698,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}