019b477e-b2ac-71d1-ba35-605f875a5f88
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 22399 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 22400 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 65674 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 65675 | capability.graph | complete | 1 / 3 | 1 week ago |
| 65676 | detector.run | complete | 1 / 3 | 1 week ago |
| 65677 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113503 | report.consolidate | complete | 1 / 6 | 1 week ago |
| 113504 | tool.slither | complete | 1 / 2 | 1 week ago |
'forge clean' running (wd: /tmp/slither-xptf_2qj) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-xptf_2qj) FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user Dangerous calls: - msg.sender.transfer(actToWei(_value)) (contracts/Contract.sol#164-167) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations Version constraint 0.4.24 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ABIEncoderV2PackedStorage_0.4.x - ExpExponentCleanup - EventStructWrongData. It is used by: - 0.4.24 (contracts/Contract.sol#1) solc-0.4.24 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Parameter FeeManager.weiToAct(uint256)._wei (contracts/Contract.sol#126-127) is not in mixedCase Parameter FeeManager.actToWei(uint256)._act (contracts/Contract.sol#132) is not in mixedCase Parameter FeeManager.claimFee(uint256)._value (contracts/Contract.sol#154-155) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions FeeManager.actRate (contracts/Contract.sol#114-115) should be constant Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant . analyzed (4 contracts with 100 detectors), 7 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.4.24",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.4.24",
"install_stderr": null,
"install_stdout": "Version '0.4.24' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-xptf_2qj --allow-paths /tmp/slither-xptf_2qj,/tmp/slither-xptf_2qj/lib,/tmp/slither-xptf_2qj/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 7,
"workspace_hash": "ed7ded20d82123143ce79af19c5ee6c72087066bdc591dd49819a9b3e5539820",
"duration_seconds": 0.37478017807006836,
"solc_version_requested": "0.4.24"
}
OpenAI Codex v0.118.0 (research preview) -------- workdir: /tmp/codex-7b4295ue model: gpt-5.4 provider: openai approval: never sandbox: read-only reasoning effort: high reasoning summaries: none session id: 019d5c95-ea92-7a01-82d2-36c6022df9c3 -------- user You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities. Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation, accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall. Scope rules: - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace. - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code. - If there are only dependency files and no first-party sources, set no_findings=true and explain in summary. Output MUST be valid JSON matching the provided schema. - If you find nothing meaningful: set no_findings=true and findings=[]. - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible. Output constraints (IMPORTANT): - severity MUST be exactly one of: info, low, medium, high, critical (lowercase). - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other. Keep summary short and concrete. warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM. ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
{
"codex": {
"ran_at": "2026-04-05T07:40:23.636036+00:00",
"returncode": 1
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": null,
"no_findings": null,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x006c 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000030: PUSH1 0x00 00000032: CALLDATALOAD 00000033: DIV 00000034: AND 00000035: PUSH4 0x29610252 0000003a: DUP2 0000003b: EQ 0000003c: PUSH2 0x0071 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x008d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x7ad8fe58 00000051: EQ 00000052: PUSH2 0x00b8 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xae128e75 0000005c: EQ 0000005d: PUSH2 0x00e2 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xf667526a 00000067: EQ 00000068: PUSH2 0x00fa 0000006b: JUMPI 0000006c: JUMPDEST 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: PUSH2 0x0079 00000075: PUSH2 0x0112 00000078: JUMP 00000079: JUMPDEST 0000007a: PUSH1 0x40 0000007c: DUP1 0000007d: MLOAD 0000007e: SWAP2 0000007f: ISZERO 00000080: ISZERO 00000081: DUP3 00000082: MSTORE 00000083: MLOAD 00000084: SWAP1 00000085: DUP2 00000086: SWAP1 00000087: SUB 00000088: PUSH1 0x20 0000008a: ADD 0000008b: SWAP1 0000008c: RETURN 0000008d: JUMPDEST 0000008e: CALLVALUE 0000008f: DUP1 00000090: ISZERO 00000091: PUSH2 0x0099 00000094: JUMPI 00000095: PUSH1 0x00 00000097: DUP1 00000098: REVERT 00000099: JUMPDEST 0000009a: POP 0000009b: PUSH2 0x00a2 0000009e: PUSH2 0x0298 000000a1: JUMP 000000a2: JUMPDEST 000000a3: PUSH1 0x40 000000a5: DUP1 000000a6: MLOAD 000000a7: PUSH1 0xff 000000a9: SWAP1 000000aa: SWAP3 000000ab: AND 000000ac: DUP3 000000ad: MSTORE 000000ae: MLOAD 000000af: SWAP1 000000b0: DUP2 000000b1: SWAP1 000000b2: SUB 000000b3: PUSH1 0x20 000000b5: ADD 000000b6: SWAP1 000000b7: RETURN 000000b8: JUMPDEST 000000b9: CALLVALUE 000000ba: DUP1 000000bb: ISZERO 000000bc: PUSH2 0x00c4 000000bf: JUMPI 000000c0: PUSH1 0x00 000000c2: DUP1 000000c3: REVERT 000000c4: JUMPDEST 000000c5: POP 000000c6: PUSH2 0x00d0 000000c9: PUSH1 0x04 000000cb: CALLDATALOAD 000000cc: PUSH2 0x029d 000000cf: JUMP 000000d0: JUMPDEST 000000d1: PUSH1 0x40 000000d3: DUP1 000000d4: MLOAD 000000d5: SWAP2 000000d6: DUP3 000000d7: MSTORE 000000d8: MLOAD 000000d9: SWAP1 000000da: DUP2 000000db: SWAP1 000000dc: SUB 000000dd: PUSH1 0x20 000000df: ADD 000000e0: SWAP1 000000e1: RETURN 000000e2: JUMPDEST 000000e3: CALLVALUE 000000e4: DUP1 000000e5: ISZERO 000000e6: PUSH2 0x00ee 000000e9: JUMPI 000000ea: PUSH1 0x00 000000ec: DUP1 000000ed: REVERT 000000ee: JUMPDEST 000000ef: POP 000000f0: PUSH2 0x00d0 000000f3: PUSH1 0x04 000000f5: CALLDATALOAD 000000f6: PUSH2 0x02b8 000000f9: JUMP 000000fa: JUMPDEST 000000fb: CALLVALUE 000000fc: DUP1 000000fd: ISZERO 000000fe: PUSH2 0x0106 00000101: JUMPI 00000102: PUSH1 0x00 00000104: DUP1 00000105: REVERT 00000106: JUMPDEST 00000107: POP 00000108: PUSH2 0x0079 0000010b: PUSH1 0x04 0000010d: CALLDATALOAD 0000010e: PUSH2 0x02cd 00000111: JUMP 00000112: JUMPDEST 00000113: PUSH1 0x01 00000115: SLOAD 00000116: PUSH1 0x40 00000118: DUP1 00000119: MLOAD 0000011a: PUSH32 0x04433bbc00000000000000000000000000000000000000000000000000000000 0000013b: DUP2 0000013c: MSTORE 0000013d: PUSH1 0x20 0000013f: PUSH1 0x04 00000141: DUP3 00000142: ADD 00000143: DUP2 00000144: SWAP1 00000145: MSTORE 00000146: PUSH1 0x0b 00000148: PUSH1 0x24 0000014a: DUP4 0000014b: ADD 0000014c: MSTORE 0000014d: PUSH32 0x416363657373546f6b656e000000000000000000000000000000000000000000 0000016e: PUSH1 0x44 00000170: DUP4 00000171: ADD 00000172: MSTORE 00000173: SWAP2 00000174: MLOAD 00000175: PUSH1 0x00 00000177: SWAP4 00000178: DUP5 00000179: SWAP4 0000017a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000018f: SWAP1 00000190: SWAP2 00000191: AND 00000192: SWAP3 00000193: PUSH4 0x04433bbc 00000198: SWAP3 00000199: PUSH1 0x64 0000019b: DUP1 0000019c: DUP4 0000019d: ADD 0000019e: SWAP4 0000019f: SWAP3 000001a0: DUP3 000001a1: SWAP1 000001a2: SUB 000001a3: ADD 000001a4: DUP2 000001a5: DUP8 000001a6: DUP8 000001a7: DUP1 000001a8: EXTCODESIZE 000001a9: ISZERO 000001aa: DUP1 000001ab: ISZERO 000001ac: PUSH2 0x01b4 000001af: JUMPI 000001b0: PUSH1 0x00 000001b2: DUP1 000001b3: REVERT 000001b4: JUMPDEST 000001b5: POP 000001b6: GAS 000001b7: CALL 000001b8: ISZERO 000001b9: DUP1 000001ba: ISZERO 000001bb: PUSH2 0x01c8 000001be: JUMPI 000001bf: RETURNDATASIZE 000001c0: PUSH1 0x00 000001c2: DUP1 000001c3: RETURNDATACOPY 000001c4: RETURNDATASIZE 000001c5: PUSH1 0x00 000001c7: REVERT 000001c8: JUMPDEST 000001c9: POP 000001ca: POP 000001cb: POP 000001cc: POP 000001cd: PUSH1 0x40 000001cf: MLOAD 000001d0: RETURNDATASIZE 000001d1: PUSH1 0x20 000001d3: DUP2 000001d4: LT 000001d5: ISZERO 000001d6: PUSH2 0x01de 000001d9: JUMPI 000001da: PUSH1 0x00 000001dc: DUP1 000001dd: REVERT 000001de: JUMPDEST 000001df: POP 000001e0: MLOAD 000001e1: SWAP1 000001e2: POP 000001e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001f8: DUP2 000001f9: AND 000001fa: PUSH4 0x91c05b0b 000001ff: PUSH2 0x0207 00000202: CALLVALUE 00000203: PUSH2 0x02b8 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH1 0x40 0000020a: MLOAD 0000020b: DUP3 0000020c: PUSH4 0xffffffff 00000211: AND 00000212: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000230: MUL 00000231: DUP2 00000232: MSTORE 00000233: PUSH1 0x04 00000235: ADD 00000236: DUP1 00000237: DUP3 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP2 0000023e: POP 0000023f: POP 00000240: PUSH1 0x20 00000242: PUSH1 0x40 00000244: MLOAD 00000245: DUP1 00000246: DUP4 00000247: SUB 00000248: DUP2 00000249: PUSH1 0x00 0000024b: DUP8 0000024c: DUP1 0000024d: EXTCODESIZE 0000024e: ISZERO 0000024f: DUP1 00000250: ISZERO 00000251: PUSH2 0x0259 00000254: JUMPI 00000255: PUSH1 0x00 00000257: DUP1 00000258: REVERT 00000259: JUMPDEST 0000025a: POP 0000025b: GAS 0000025c: CALL 0000025d: ISZERO 0000025e: DUP1 0000025f: ISZERO 00000260: PUSH2 0x026d 00000263: JUMPI 00000264: RETURNDATASIZE 00000265: PUSH1 0x00 00000267: DUP1 00000268: RETURNDATACOPY 00000269: RETURNDATASIZE 0000026a: PUSH1 0x00 0000026c: REVERT 0000026d: JUMPDEST 0000026e: POP 0000026f: POP 00000270: POP 00000271: POP 00000272: PUSH1 0x40 00000274: MLOAD 00000275: RETURNDATASIZE 00000276: PUSH1 0x20 00000278: DUP2 00000279: LT 0000027a: ISZERO 0000027b: PUSH2 0x0283 0000027e: JUMPI 0000027f: PUSH1 0x00 00000281: DUP1 00000282: REVERT 00000283: JUMPDEST 00000284: POP 00000285: MLOAD 00000286: ISZERO 00000287: ISZERO 00000288: PUSH2 0x0290 0000028b: JUMPI 0000028c: PUSH1 0x00 0000028e: DUP1 0000028f: REVERT 00000290: JUMPDEST 00000291: PUSH1 0x01 00000293: SWAP2 00000294: POP 00000295: POP 00000296: SWAP1 00000297: JUMP 00000298: JUMPDEST 00000299: PUSH1 0x01 0000029b: DUP2 0000029c: JUMP 0000029d: JUMPDEST 0000029e: PUSH1 0x00 000002a0: DUP1 000002a1: SLOAD 000002a2: PUSH2 0x02b2 000002a5: SWAP1 000002a6: DUP4 000002a7: SWAP1 000002a8: PUSH4 0xffffffff 000002ad: PUSH2 0x048a 000002b0: AND 000002b1: JUMP 000002b2: JUMPDEST 000002b3: SWAP3 000002b4: SWAP2 000002b5: POP 000002b6: POP 000002b7: JUMP 000002b8: JUMPDEST 000002b9: PUSH1 0x00 000002bb: DUP1 000002bc: SLOAD 000002bd: PUSH2 0x02b2 000002c0: SWAP1 000002c1: DUP4 000002c2: SWAP1 000002c3: PUSH4 0xffffffff 000002c8: PUSH2 0x049f 000002cb: AND 000002cc: JUMP 000002cd: JUMPDEST 000002ce: PUSH1 0x01 000002d0: SLOAD 000002d1: PUSH1 0x40 000002d3: DUP1 000002d4: MLOAD 000002d5: PUSH32 0x04433bbc00000000000000000000000000000000000000000000000000000000 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: PUSH1 0x04 000002fc: DUP3 000002fd: ADD 000002fe: DUP2 000002ff: SWAP1 00000300: MSTORE 00000301: PUSH1 0x0b 00000303: PUSH1 0x24 00000305: DUP4 00000306: ADD 00000307: MSTORE 00000308: PUSH32 0x416363657373546f6b656e000000000000000000000000000000000000000000 00000329: PUSH1 0x44 0000032b: DUP4 0000032c: ADD 0000032d: MSTORE 0000032e: SWAP2 0000032f: MLOAD 00000330: PUSH1 0x00 00000332: SWAP4 00000333: DUP5 00000334: SWAP4 00000335: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000034a: SWAP1 0000034b: SWAP2 0000034c: AND 0000034d: SWAP3 0000034e: PUSH4 0x04433bbc 00000353: SWAP3 00000354: PUSH1 0x64 00000356: DUP1 00000357: DUP4 00000358: ADD 00000359: SWAP4 0000035a: SWAP3 0000035b: DUP3 0000035c: SWAP1 0000035d: SUB 0000035e: ADD 0000035f: DUP2 00000360: DUP8 00000361: DUP8 00000362: DUP1 00000363: EXTCODESIZE 00000364: ISZERO 00000365: DUP1 00000366: ISZERO 00000367: PUSH2 0x036f 0000036a: JUMPI 0000036b: PUSH1 0x00 0000036d: DUP1 0000036e: REVERT 0000036f: JUMPDEST 00000370: POP 00000371: GAS 00000372: CALL 00000373: ISZERO 00000374: DUP1 00000375: ISZERO 00000376: PUSH2 0x0383 00000379: JUMPI 0000037a: RETURNDATASIZE 0000037b: PUSH1 0x00 0000037d: DUP1 0000037e: RETURNDATACOPY 0000037f: RETURNDATASIZE 00000380: PUSH1 0x00 00000382: REVERT 00000383: JUMPDEST 00000384: POP 00000385: POP 00000386: POP 00000387: POP 00000388: PUSH1 0x40 0000038a: MLOAD 0000038b: RETURNDATASIZE 0000038c: PUSH1 0x20 0000038e: DUP2 0000038f: LT 00000390: ISZERO 00000391: PUSH2 0x0399 00000394: JUMPI 00000395: PUSH1 0x00 00000397: DUP1 00000398: REVERT 00000399: JUMPDEST 0000039a: POP 0000039b: MLOAD 0000039c: PUSH1 0x40 0000039e: DUP1 0000039f: MLOAD 000003a0: PUSH32 0x9dc29fac00000000000000000000000000000000000000000000000000000000 000003c1: DUP2 000003c2: MSTORE 000003c3: CALLER 000003c4: PUSH1 0x04 000003c6: DUP3 000003c7: ADD 000003c8: MSTORE 000003c9: PUSH1 0x24 000003cb: DUP2 000003cc: ADD 000003cd: DUP7 000003ce: SWAP1 000003cf: MSTORE 000003d0: SWAP1 000003d1: MLOAD 000003d2: SWAP2 000003d3: SWAP3 000003d4: POP 000003d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003ea: DUP4 000003eb: AND 000003ec: SWAP2 000003ed: PUSH4 0x9dc29fac 000003f2: SWAP2 000003f3: PUSH1 0x44 000003f5: DUP1 000003f6: DUP3 000003f7: ADD 000003f8: SWAP3 000003f9: PUSH1 0x20 000003fb: SWAP3 000003fc: SWAP1 000003fd: SWAP2 000003fe: SWAP1 000003ff: DUP3 00000400: SWAP1 00000401: SUB 00000402: ADD 00000403: DUP2 00000404: PUSH1 0x00 00000406: DUP8 00000407: DUP1 00000408: EXTCODESIZE 00000409: ISZERO 0000040a: DUP1 0000040b: ISZERO 0000040c: PUSH2 0x0414 0000040f: JUMPI 00000410: PUSH1 0x00 00000412: DUP1 00000413: REVERT 00000414: JUMPDEST 00000415: POP 00000416: GAS 00000417: CALL 00000418: ISZERO 00000419: DUP1 0000041a: ISZERO 0000041b: PUSH2 0x0428 0000041e: JUMPI 0000041f: RETURNDATASIZE 00000420: PUSH1 0x00 00000422: DUP1 00000423: RETURNDATACOPY 00000424: RETURNDATASIZE 00000425: PUSH1 0x00 00000427: REVERT 00000428: JUMPDEST 00000429: POP 0000042a: POP 0000042b: POP 0000042c: POP 0000042d: PUSH1 0x40 0000042f: MLOAD 00000430: RETURNDATASIZE 00000431: PUSH1 0x20 00000433: DUP2 00000434: LT 00000435: ISZERO 00000436: PUSH2 0x043e 00000439: JUMPI 0000043a: PUSH1 0x00 0000043c: DUP1 0000043d: REVERT 0000043e: JUMPDEST 0000043f: POP 00000440: MLOAD 00000441: ISZERO 00000442: ISZERO 00000443: PUSH2 0x044b 00000446: JUMPI 00000447: PUSH1 0x00 00000449: DUP1 0000044a: REVERT 0000044b: JUMPDEST 0000044c: CALLER 0000044d: PUSH2 0x08fc 00000450: PUSH2 0x0458 00000453: DUP6 00000454: PUSH2 0x029d 00000457: JUMP 00000458: JUMPDEST 00000459: PUSH1 0x40 0000045b: MLOAD 0000045c: DUP2 0000045d: ISZERO 0000045e: SWAP1 0000045f: SWAP3 00000460: MUL 00000461: SWAP2 00000462: PUSH1 0x00 00000464: DUP2 00000465: DUP2 00000466: DUP2 00000467: DUP6 00000468: DUP9 00000469: DUP9 0000046a: CALL 0000046b: SWAP4 0000046c: POP 0000046d: POP 0000046e: POP 0000046f: POP 00000470: ISZERO 00000471: DUP1 00000472: ISZERO 00000473: PUSH2 0x0480 00000476: JUMPI 00000477: RETURNDATASIZE 00000478: PUSH1 0x00 0000047a: DUP1 0000047b: RETURNDATACOPY 0000047c: RETURNDATASIZE 0000047d: PUSH1 0x00 0000047f: REVERT 00000480: JUMPDEST 00000481: POP 00000482: PUSH1 0x01 00000484: SWAP4 00000485: SWAP3 00000486: POP 00000487: POP 00000488: POP 00000489: JUMP 0000048a: JUMPDEST 0000048b: PUSH1 0x00 0000048d: DUP2 0000048e: DUP4 0000048f: DUP2 00000490: ISZERO 00000491: ISZERO 00000492: PUSH2 0x0497 00000495: JUMPI 00000496: INVALID 00000497: JUMPDEST 00000498: DIV 00000499: SWAP4 0000049a: SWAP3 0000049b: POP 0000049c: POP 0000049d: POP 0000049e: JUMP 0000049f: JUMPDEST 000004a0: PUSH1 0x00 000004a2: DUP3 000004a3: ISZERO 000004a4: ISZERO 000004a5: PUSH2 0x04b0 000004a8: JUMPI 000004a9: POP 000004aa: PUSH1 0x00 000004ac: PUSH2 0x02b2 000004af: JUMP 000004b0: JUMPDEST 000004b1: POP 000004b2: DUP2 000004b3: DUP2 000004b4: MUL 000004b5: DUP2 000004b6: DUP4 000004b7: DUP3 000004b8: DUP2 000004b9: ISZERO 000004ba: ISZERO 000004bb: PUSH2 0x04c0 000004be: JUMPI 000004bf: INVALID 000004c0: JUMPDEST 000004c1: DIV 000004c2: EQ 000004c3: PUSH2 0x02b2 000004c6: JUMPI 000004c7: INVALID 000004c8: STOP 000004c9: LOG1 000004ca: PUSH6 0x627a7a723058 000004d1: KECCAK256 000004d2: UNKNOWN(0xDE) 000004d3: CALLDATALOAD 000004d4: UNKNOWN(0xD0) 000004d5: EQ 000004d6: UNKNOWN(0xAB) 000004d7: CALLER 000004d8: UNKNOWN(0xDF) 000004d9: RETURNDATASIZE 000004da: UNKNOWN(0xC3) 000004db: REVERT 000004dc: DUP13 000004dd: UNKNOWN(0xC8) 000004de: UNKNOWN(0xEE) 000004df: TIMESTAMP 000004e0: SWAP15 000004e1: ADDRESS 000004e2: UNKNOWN(0xE8) 000004e3: PUSH0 000004e4: UNKNOWN(0xAA) 000004e5: SWAP7 000004e6: DUP9 000004e7: UNKNOWN(0x29) 000004e8: UNKNOWN(0xA6) 000004e9: UNKNOWN(0x2B) 000004ea: CLZ 000004eb: UNKNOWN(0xF6) 000004ec: GASLIMIT 000004ed: UNKNOWN(0xB3) 000004ee: UNKNOWN(0xA6) 000004ef: UNKNOWN(0xB6) 000004f0: UNKNOWN(0xBE) 000004f1: UNKNOWN(0x1F) 000004f2: STOP 000004f3: UNKNOWN(0x29)
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e
call_targets:
0x5973376b603268fe4251d13040226078257014f8, 0xe043dd0c6712b862d68be955f4a031940fbb5513, 0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x5973376b603268fe4251d13040226078257014f8",
"0xe043dd0c6712b862d68be955f4a031940fbb5513",
"0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29610252",
"selector": "0x29610252",
"calldata_variants": [
"0x29610252",
"0x296102520000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7ad8fe58",
"selector": "0x7ad8fe58",
"calldata_variants": [
"0x7ad8fe58",
"0x7ad8fe580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae128e75",
"selector": "0xae128e75",
"calldata_variants": [
"0xae128e75",
"0xae128e750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf667526a",
"selector": "0xf667526a",
"calldata_variants": [
"0xf667526a",
"0xf667526a0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 439,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 882,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 5,
"guards_detected": [],
"untrusted_call_count": 5
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e
call_targets:
0x5973376b603268fe4251d13040226078257014f8, 0xe043dd0c6712b862d68be955f4a031940fbb5513, 0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x5973376b603268fe4251d13040226078257014f8",
"0xe043dd0c6712b862d68be955f4a031940fbb5513",
"0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29610252",
"selector": "0x29610252",
"calldata_variants": [
"0x29610252",
"0x296102520000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7ad8fe58",
"selector": "0x7ad8fe58",
"calldata_variants": [
"0x7ad8fe58",
"0x7ad8fe580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae128e75",
"selector": "0xae128e75",
"calldata_variants": [
"0xae128e75",
"0xae128e750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf667526a",
"selector": "0xf667526a",
"calldata_variants": [
"0xf667526a",
"0xf667526a0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 439,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 882,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 5,
"guards_detected": []
}
|
| high | other | slither | FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user | 85 | no | — |
viewevidence_json{
"impact": "High",
"detector": "arbitrary-send-eth",
"elements": [
{
"name": "claimFee",
"type": "function",
"source_mapping": {
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 3080,
"length": 275,
"ending_column": 34,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 15,
"filename_absolute": "/tmp/slither-xptf_2qj/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "FeeManager",
"type": "contract",
"source_mapping": {
"lines": [
106,
107,
108,
109,
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128,
129,
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151,
152,
153,
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 2312,
"length": 1045,
"ending_column": 36,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 31,
"filename_absolute": "/tmp/slither-xptf_2qj/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "claimFee(uint256)"
}
},
{
"name": "msg.sender.transfer(actToWei(_value))",
"type": "node",
"source_mapping": {
"lines": [
164,
165,
166,
167
],
"start": 3296,
"length": 37,
"ending_column": 12,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 12,
"filename_absolute": "/tmp/slither-xptf_2qj/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "claimFee",
"type": "function",
"source_mapping": {
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 3080,
"length": 275,
"ending_column": 34,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 15,
"filename_absolute": "/tmp/slither-xptf_2qj/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "FeeManager",
"type": "contract",
"source_mapping": {
"lines": [
106,
107,
108,
109,
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128,
129,
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151,
152,
153,
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 2312,
"length": 1045,
"ending_column": 36,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 31,
"filename_absolute": "/tmp/slither-xptf_2qj/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "claimFee(uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "claimFee",
"type": "function",
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
]
},
{
"file": "contracts/Contract.sol",
"name": "msg.sender.transfer(actToWei(_value))",
"type": "node",
"lines": [
164,
165,
166,
167
]
}
],
"description": "FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.transfer(actToWei(_value)) (contracts/Contract.sol#164-167)"
}
|