019b477e-c43a-72b1-ae14-9cf8e66b6814
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 25369 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 25370 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 90745 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 90746 | capability.graph | complete | 1 / 3 | 1 week ago |
| 90747 | detector.run | complete | 1 / 3 | 1 week ago |
| 90748 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0029 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x2f50f1c9 00000019: EQ 0000001a: PUSH2 0x002b 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xf6d32d52 00000024: EQ 00000025: PUSH2 0x00b0 00000028: JUMPI 00000029: JUMPDEST 0000002a: STOP 0000002b: JUMPDEST 0000002c: PUSH2 0x0029 0000002f: PUSH1 0x04 00000031: DUP1 00000032: CALLDATASIZE 00000033: SUB 00000034: PUSH1 0x60 00000036: DUP2 00000037: LT 00000038: ISZERO 00000039: PUSH2 0x0041 0000003c: JUMPI 0000003d: PUSH1 0x00 0000003f: DUP1 00000040: REVERT 00000041: JUMPDEST 00000042: PUSH1 0x01 00000044: PUSH1 0x01 00000046: PUSH1 0xa0 00000048: SHL 00000049: SUB 0000004a: DUP3 0000004b: CALLDATALOAD 0000004c: AND 0000004d: SWAP2 0000004e: PUSH1 0x20 00000050: DUP2 00000051: ADD 00000052: CALLDATALOAD 00000053: SWAP2 00000054: DUP2 00000055: ADD 00000056: SWAP1 00000057: PUSH1 0x60 00000059: DUP2 0000005a: ADD 0000005b: PUSH1 0x40 0000005d: DUP3 0000005e: ADD 0000005f: CALLDATALOAD 00000060: PUSH5 0x0100000000 00000066: DUP2 00000067: GT 00000068: ISZERO 00000069: PUSH2 0x0071 0000006c: JUMPI 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: DUP3 00000073: ADD 00000074: DUP4 00000075: PUSH1 0x20 00000077: DUP3 00000078: ADD 00000079: GT 0000007a: ISZERO 0000007b: PUSH2 0x0083 0000007e: JUMPI 0000007f: PUSH1 0x00 00000081: DUP1 00000082: REVERT 00000083: JUMPDEST 00000084: DUP1 00000085: CALLDATALOAD 00000086: SWAP1 00000087: PUSH1 0x20 00000089: ADD 0000008a: SWAP2 0000008b: DUP5 0000008c: PUSH1 0x01 0000008e: DUP4 0000008f: MUL 00000090: DUP5 00000091: ADD 00000092: GT 00000093: PUSH5 0x0100000000 00000099: DUP4 0000009a: GT 0000009b: OR 0000009c: ISZERO 0000009d: PUSH2 0x00a5 000000a0: JUMPI 000000a1: PUSH1 0x00 000000a3: DUP1 000000a4: REVERT 000000a5: JUMPDEST 000000a6: POP 000000a7: SWAP1 000000a8: SWAP3 000000a9: POP 000000aa: SWAP1 000000ab: POP 000000ac: PUSH2 0x00df 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x0029 000000b4: PUSH1 0x04 000000b6: DUP1 000000b7: CALLDATASIZE 000000b8: SUB 000000b9: PUSH1 0x60 000000bb: DUP2 000000bc: LT 000000bd: ISZERO 000000be: PUSH2 0x00c6 000000c1: JUMPI 000000c2: PUSH1 0x00 000000c4: DUP1 000000c5: REVERT 000000c6: JUMPDEST 000000c7: POP 000000c8: DUP1 000000c9: CALLDATALOAD 000000ca: ISZERO 000000cb: ISZERO 000000cc: SWAP1 000000cd: PUSH1 0x20 000000cf: DUP2 000000d0: ADD 000000d1: CALLDATALOAD 000000d2: ISZERO 000000d3: ISZERO 000000d4: SWAP1 000000d5: PUSH1 0x40 000000d7: ADD 000000d8: CALLDATALOAD 000000d9: ISZERO 000000da: ISZERO 000000db: PUSH2 0x0162 000000de: JUMP 000000df: JUMPDEST 000000e0: PUSH1 0x00 000000e2: SLOAD 000000e3: PUSH1 0x01 000000e5: PUSH1 0x01 000000e7: PUSH1 0xa0 000000e9: SHL 000000ea: SUB 000000eb: AND 000000ec: CALLER 000000ed: EQ 000000ee: PUSH2 0x00f6 000000f1: JUMPI 000000f2: PUSH1 0x00 000000f4: DUP1 000000f5: REVERT 000000f6: JUMPDEST 000000f7: DUP4 000000f8: PUSH1 0x01 000000fa: PUSH1 0x01 000000fc: PUSH1 0xa0 000000fe: SHL 000000ff: SUB 00000100: AND 00000101: DUP4 00000102: DUP4 00000103: DUP4 00000104: PUSH1 0x40 00000106: MLOAD 00000107: DUP1 00000108: DUP4 00000109: DUP4 0000010a: DUP1 0000010b: DUP3 0000010c: DUP5 0000010d: CALLDATACOPY 0000010e: PUSH1 0x40 00000110: MLOAD 00000111: SWAP3 00000112: ADD 00000113: SWAP5 00000114: POP 00000115: PUSH1 0x00 00000117: SWAP4 00000118: POP 00000119: SWAP1 0000011a: SWAP2 0000011b: POP 0000011c: POP 0000011d: DUP1 0000011e: DUP4 0000011f: SUB 00000120: DUP2 00000121: DUP6 00000122: DUP8 00000123: GAS 00000124: CALL 00000125: SWAP3 00000126: POP 00000127: POP 00000128: POP 00000129: RETURNDATASIZE 0000012a: DUP1 0000012b: PUSH1 0x00 0000012d: DUP2 0000012e: EQ 0000012f: PUSH2 0x0154 00000132: JUMPI 00000133: PUSH1 0x40 00000135: MLOAD 00000136: SWAP2 00000137: POP 00000138: PUSH1 0x1f 0000013a: NOT 0000013b: PUSH1 0x3f 0000013d: RETURNDATASIZE 0000013e: ADD 0000013f: AND 00000140: DUP3 00000141: ADD 00000142: PUSH1 0x40 00000144: MSTORE 00000145: RETURNDATASIZE 00000146: DUP3 00000147: MSTORE 00000148: RETURNDATASIZE 00000149: PUSH1 0x00 0000014b: PUSH1 0x20 0000014d: DUP5 0000014e: ADD 0000014f: RETURNDATACOPY 00000150: PUSH2 0x0159 00000153: JUMP 00000154: JUMPDEST 00000155: PUSH1 0x60 00000157: SWAP2 00000158: POP 00000159: JUMPDEST 0000015a: POP 0000015b: POP 0000015c: POP 0000015d: POP 0000015e: POP 0000015f: POP 00000160: POP 00000161: JUMP 00000162: JUMPDEST 00000163: PUSH1 0x01 00000165: SLOAD 00000166: PUSH1 0x01 00000168: PUSH1 0x01 0000016a: PUSH1 0xa0 0000016c: SHL 0000016d: SUB 0000016e: AND 0000016f: ORIGIN 00000170: EQ 00000171: DUP1 00000172: PUSH2 0x0185 00000175: JUMPI 00000176: POP 00000177: PUSH1 0x00 00000179: SLOAD 0000017a: PUSH1 0x01 0000017c: PUSH1 0x01 0000017e: PUSH1 0xa0 00000180: SHL 00000181: SUB 00000182: AND 00000183: ORIGIN 00000184: EQ 00000185: JUMPDEST 00000186: PUSH2 0x018e 00000189: JUMPI 0000018a: PUSH1 0x00 0000018c: DUP1 0000018d: REVERT 0000018e: JUMPDEST 0000018f: PUSH1 0x00 00000191: PUSH1 0x01 00000193: DUP5 00000194: ISZERO 00000195: ISZERO 00000196: EQ 00000197: PUSH2 0x01ab 0000019a: JUMPI 0000019b: PUSH1 0x03 0000019d: SLOAD 0000019e: PUSH1 0x01 000001a0: PUSH1 0x01 000001a2: PUSH1 0xa0 000001a4: SHL 000001a5: SUB 000001a6: AND 000001a7: PUSH2 0x01b8 000001aa: JUMP 000001ab: JUMPDEST 000001ac: PUSH1 0x02 000001ae: SLOAD 000001af: PUSH1 0x01 000001b1: PUSH1 0x01 000001b3: PUSH1 0xa0 000001b5: SHL 000001b6: SUB 000001b7: AND 000001b8: JUMPDEST 000001b9: SWAP1 000001ba: POP 000001bb: PUSH1 0x01 000001bd: DUP3 000001be: ISZERO 000001bf: ISZERO 000001c0: EQ 000001c1: ISZERO 000001c2: PUSH2 0x01d3 000001c5: JUMPI 000001c6: POP 000001c7: PUSH1 0x04 000001c9: SLOAD 000001ca: PUSH1 0x01 000001cc: PUSH1 0x01 000001ce: PUSH1 0xa0 000001d0: SHL 000001d1: SUB 000001d2: AND 000001d3: JUMPDEST 000001d4: DUP3 000001d5: PUSH2 0x0241 000001d8: JUMPI 000001d9: PUSH1 0x01 000001db: PUSH1 0x01 000001dd: PUSH1 0xa0 000001df: SHL 000001e0: SUB 000001e1: DUP2 000001e2: AND 000001e3: BALANCE 000001e4: ISZERO 000001e5: PUSH2 0x023c 000001e8: JUMPI 000001e9: DUP1 000001ea: PUSH1 0x01 000001ec: PUSH1 0x01 000001ee: PUSH1 0xa0 000001f0: SHL 000001f1: SUB 000001f2: AND 000001f3: PUSH4 0x12210e8a 000001f8: PUSH1 0x40 000001fa: MLOAD 000001fb: DUP2 000001fc: PUSH4 0xffffffff 00000201: AND 00000202: PUSH1 0xe0 00000204: SHL 00000205: DUP2 00000206: MSTORE 00000207: PUSH1 0x04 00000209: ADD 0000020a: PUSH1 0x00 0000020c: PUSH1 0x40 0000020e: MLOAD 0000020f: DUP1 00000210: DUP4 00000211: SUB 00000212: DUP2 00000213: PUSH1 0x00 00000215: DUP8 00000216: DUP1 00000217: EXTCODESIZE 00000218: ISZERO 00000219: DUP1 0000021a: ISZERO 0000021b: PUSH2 0x0223 0000021e: JUMPI 0000021f: PUSH1 0x00 00000221: DUP1 00000222: REVERT 00000223: JUMPDEST 00000224: POP 00000225: GAS 00000226: CALL 00000227: ISZERO 00000228: DUP1 00000229: ISZERO 0000022a: PUSH2 0x0237 0000022d: JUMPI 0000022e: RETURNDATASIZE 0000022f: PUSH1 0x00 00000231: DUP1 00000232: RETURNDATACOPY 00000233: RETURNDATASIZE 00000234: PUSH1 0x00 00000236: REVERT 00000237: JUMPDEST 00000238: POP 00000239: POP 0000023a: POP 0000023b: POP 0000023c: JUMPDEST 0000023d: PUSH2 0x033d 00000240: JUMP 00000241: JUMPDEST 00000242: PUSH1 0x00 00000244: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000259: PUSH1 0x01 0000025b: PUSH1 0x01 0000025d: PUSH1 0xa0 0000025f: SHL 00000260: SUB 00000261: AND 00000262: PUSH4 0x70a08231 00000267: DUP4 00000268: PUSH1 0x40 0000026a: MLOAD 0000026b: DUP3 0000026c: PUSH4 0xffffffff 00000271: AND 00000272: PUSH1 0xe0 00000274: SHL 00000275: DUP2 00000276: MSTORE 00000277: PUSH1 0x04 00000279: ADD 0000027a: DUP1 0000027b: DUP3 0000027c: PUSH1 0x01 0000027e: PUSH1 0x01 00000280: PUSH1 0xa0 00000282: SHL 00000283: SUB 00000284: AND 00000285: DUP2 00000286: MSTORE 00000287: PUSH1 0x20 00000289: ADD 0000028a: SWAP2 0000028b: POP 0000028c: POP 0000028d: PUSH1 0x20 0000028f: PUSH1 0x40 00000291: MLOAD 00000292: DUP1 00000293: DUP4 00000294: SUB 00000295: DUP2 00000296: DUP7 00000297: DUP1 00000298: EXTCODESIZE 00000299: ISZERO 0000029a: DUP1 0000029b: ISZERO 0000029c: PUSH2 0x02a4 0000029f: JUMPI 000002a0: PUSH1 0x00 000002a2: DUP1 000002a3: REVERT 000002a4: JUMPDEST 000002a5: POP 000002a6: GAS 000002a7: STATICCALL 000002a8: ISZERO 000002a9: DUP1 000002aa: ISZERO 000002ab: PUSH2 0x02b8 000002ae: JUMPI 000002af: RETURNDATASIZE 000002b0: PUSH1 0x00 000002b2: DUP1 000002b3: RETURNDATACOPY 000002b4: RETURNDATASIZE 000002b5: PUSH1 0x00 000002b7: REVERT 000002b8: JUMPDEST 000002b9: POP 000002ba: POP 000002bb: POP 000002bc: POP 000002bd: PUSH1 0x40 000002bf: MLOAD 000002c0: RETURNDATASIZE 000002c1: PUSH1 0x20 000002c3: DUP2 000002c4: LT 000002c5: ISZERO 000002c6: PUSH2 0x02ce 000002c9: JUMPI 000002ca: PUSH1 0x00 000002cc: DUP1 000002cd: REVERT 000002ce: JUMPDEST 000002cf: POP 000002d0: MLOAD 000002d1: GT 000002d2: ISZERO 000002d3: PUSH2 0x033d 000002d6: JUMPI 000002d7: PUSH1 0x40 000002d9: DUP1 000002da: MLOAD 000002db: PUSH4 0x125012df 000002e0: PUSH1 0xe2 000002e2: SHL 000002e3: DUP2 000002e4: MSTORE 000002e5: PUSH1 0x01 000002e7: PUSH1 0x04 000002e9: DUP3 000002ea: ADD 000002eb: MSTORE 000002ec: ADDRESS 000002ed: PUSH1 0x24 000002ef: DUP3 000002f0: ADD 000002f1: MSTORE 000002f2: SWAP1 000002f3: MLOAD 000002f4: PUSH1 0x01 000002f6: PUSH1 0x01 000002f8: PUSH1 0xa0 000002fa: SHL 000002fb: SUB 000002fc: DUP4 000002fd: AND 000002fe: SWAP2 000002ff: PUSH4 0x49404b7c 00000304: SWAP2 00000305: PUSH1 0x44 00000307: DUP1 00000308: DUP4 00000309: ADD 0000030a: SWAP3 0000030b: PUSH1 0x00 0000030d: SWAP3 0000030e: SWAP2 0000030f: SWAP1 00000310: DUP3 00000311: SWAP1 00000312: SUB 00000313: ADD 00000314: DUP2 00000315: DUP4 00000316: DUP8 00000317: DUP1 00000318: EXTCODESIZE 00000319: ISZERO 0000031a: DUP1 0000031b: ISZERO 0000031c: PUSH2 0x0324 0000031f: JUMPI 00000320: PUSH1 0x00 00000322: DUP1 00000323: REVERT 00000324: JUMPDEST 00000325: POP 00000326: GAS 00000327: CALL 00000328: ISZERO 00000329: DUP1 0000032a: ISZERO 0000032b: PUSH2 0x0338 0000032e: JUMPI 0000032f: RETURNDATASIZE 00000330: PUSH1 0x00 00000332: DUP1 00000333: RETURNDATACOPY 00000334: RETURNDATASIZE 00000335: PUSH1 0x00 00000337: REVERT 00000338: JUMPDEST 00000339: POP 0000033a: POP 0000033b: POP 0000033c: POP 0000033d: JUMPDEST 0000033e: POP 0000033f: POP 00000340: POP 00000341: POP 00000342: JUMP 00000343: INVALID 00000344: LOG2 00000345: PUSH5 0x6970667358 0000034b: UNKNOWN(0x22) 0000034c: SLT 0000034d: KECCAK256 0000034e: UNKNOWN(0xB1) 0000034f: PUSH24 0x967a7870c675592769773b8bef9a26701c4e202f86b4613e 00000368: CHAINID 00000369: UNKNOWN(0xA7) 0000036a: SWAP16 0000036b: UNKNOWN(0xFC) 0000036c: UNKNOWN(0xF6) 0000036d: EXTCODECOPY 0000036e: PUSH5 0x736f6c6343 00000374: STOP 00000375: SMOD 00000376: ADD 00000377: STOP 00000378: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2f50f1c9",
"selector": "0x2f50f1c9",
"calldata_variants": [
"0x2f50f1c9",
"0x2f50f1c90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6d32d52",
"selector": "0xf6d32d52",
"calldata_variants": [
"0xf6d32d52",
"0xf6d32d520000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 368,
"type": "tx_origin_used"
},
{
"pc": 388,
"type": "tx_origin_used"
},
{
"pc": 367,
"type": "tx_origin_used"
},
{
"pc": 387,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0xd989159fa418f5fb342e2566ccac20fd9fd4c463522d61bc36a5f3a5b1dca992
call_targets:
0xaefeaa3bc459031a3494f6023683f7fd2426cd86
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xd989159fa418f5fb342e2566ccac20fd9fd4c463522d61bc36a5f3a5b1dca992",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xaefeaa3bc459031a3494f6023683f7fd2426cd86"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2f50f1c9",
"selector": "0x2f50f1c9",
"calldata_variants": [
"0x2f50f1c9",
"0x2f50f1c90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6d32d52",
"selector": "0xf6d32d52",
"calldata_variants": [
"0xf6d32d52",
"0xf6d32d520000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 292,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 550,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 807,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 368,
"type": "tx_origin_used"
},
{
"pc": 388,
"type": "tx_origin_used"
},
{
"pc": 367,
"type": "tx_origin_used"
},
{
"pc": 387,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0xd989159fa418f5fb342e2566ccac20fd9fd4c463522d61bc36a5f3a5b1dca992
call_targets:
0xaefeaa3bc459031a3494f6023683f7fd2426cd86
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xd989159fa418f5fb342e2566ccac20fd9fd4c463522d61bc36a5f3a5b1dca992",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xaefeaa3bc459031a3494f6023683f7fd2426cd86"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2f50f1c9",
"selector": "0x2f50f1c9",
"calldata_variants": [
"0x2f50f1c9",
"0x2f50f1c90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6d32d52",
"selector": "0xf6d32d52",
"calldata_variants": [
"0xf6d32d52",
"0xf6d32d520000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 292,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 550,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 807,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 368,
"type": "tx_origin_used"
},
{
"pc": 388,
"type": "tx_origin_used"
},
{
"pc": 367,
"type": "tx_origin_used"
},
{
"pc": 387,
"type": "tx_origin_used"
}
]
}
|