Analysis Run

019b477e-c9e8-701c-b67e-0d8c1ad4257e

complete

Chain ID

1

Address

0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

2

Validated

2

Source

Verified

Review Backing

Present

Best current signal

Untrusted CALL target/value reachable

crit 0 high 2 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
26405	artifact.fetch	complete	1 / 3	3 months ago
26406	tool.cast_disasm	complete	1 / 3	3 months ago
69566	analysis.bundle	complete	1 / 3	1 week ago
69567	capability.graph	complete	1 / 3	1 week ago
69568	detector.run	complete	1 / 3	1 week ago
69569	validation.fork	complete	1 / 3	1 week ago
113542	report.consolidate	complete	1 / 6	1 week ago
113543	tool.slither	complete	1 / 2	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

Status

complete

Attempts

1 / 2

Findings

2

Solc

0.8.0 (solc-select)

View stderr

'forge clean' running (wd: /tmp/slither-rzhddiwl)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-rzhddiwl)

royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet1,walletBalance) (contracts/Contract.sol#257-258)
royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet2,balance.sub(walletBalance)) (contracts/Contract.sol#259-260)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer

Version constraint ^0.8.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
	- FullInlinerNonExpressionSplitArgumentEvaluationOrder
	- MissingSideEffectsOnSelectorAccess
	- AbiReencodingHeadOverflowWithStaticArrayCleanup
	- DirtyBytesArrayToStorage
	- DataLocationChangeInInternalOverride
	- NestedCalldataArrayAbiReencodingSizeValidation
	- SignedImmutables
	- ABIDecodeTwoDimensionalArrayMemory
	- KeccakCaching.
It is used by:
	- ^0.8.0 (contracts/Contract.sol#1)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Contract royaltySplitter (contracts/Contract.sol#216-260) is not in CapWords
Parameter royaltySplitter.withdrawERC20(address)._token (contracts/Contract.sol#250) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

royaltySplitter.devFee (contracts/Contract.sol#226-227) should be constant 
royaltySplitter.wallet1 (contracts/Contract.sol#216-219) should be constant 
royaltySplitter.wallet2 (contracts/Contract.sol#224-226) should be constant 
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant
. analyzed (3 contracts with 100 detectors), 8 result(s) found

Metadata

{
    "solc": {
        "status": "ok",
        "use_rc": 0,
        "version": "0.8.0",
        "strategy": "solc-select",
        "solc_path": "/var/www/tripwire/.venv/bin/solc",
        "install_rc": 0,
        "use_stderr": null,
        "use_stdout": "Switched global version to 0.8.0",
        "install_stderr": null,
        "install_stdout": "Version '0.8.0' is already installed, skipping..."
    },
    "solc_args": "--base-path /tmp/slither-rzhddiwl --allow-paths /tmp/slither-rzhddiwl,/tmp/slither-rzhddiwl/lib,/tmp/slither-rzhddiwl/src",
    "remappings": [],
    "source_files": [
        "contracts/Contract.sol"
    ],
    "contract_count": 0,
    "contract_names": [],
    "detector_count": 8,
    "workspace_hash": "3560f7fa100a705c5cff3b43c62d51d3fea8c0e850ba21caf2d8e15d9c7b1e0a",
    "duration_seconds": 0.3640446662902832,
    "solc_version_requested": "0.8.6"
}

Codex

report.consolidate

Job Status

complete

Attempts

1 / 6

Findings

0

No findings?

—

View stderr

OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-0po4zm09
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5c97-1117-7e83-b9da-b3debd27a70f
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.
ERROR: You've hit your usage limit. Visit https://chatgpt.com/codex/settings/usage to purchase more credits or try again at Apr 8th, 2026 9:11 AM.

Metadata

{
    "codex": {
        "ran_at": "2026-04-05T07:41:39.063921+00:00",
        "returncode": 1
    },
    "project": {
        "mode": "source",
        "file_count": 1,
        "import_count": 0,
        "first_party_contracts_count": 1
    },
    "summary": null,
    "no_findings": null,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

6

EXT*/BALANCE

3

Total opcodes

890

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0029
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x3ccfd60b
00000019: EQ
0000001a: PUSH2 0x002b
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xf4f3b200
00000024: EQ
00000025: PUSH2 0x0040
00000028: JUMPI
00000029: JUMPDEST
0000002a: STOP
0000002b: JUMPDEST
0000002c: CALLVALUE
0000002d: DUP1
0000002e: ISZERO
0000002f: PUSH2 0x0037
00000032: JUMPI
00000033: PUSH1 0x00
00000035: DUP1
00000036: REVERT
00000037: JUMPDEST
00000038: POP
00000039: PUSH2 0x0029
0000003c: PUSH2 0x0060
0000003f: JUMP
00000040: JUMPDEST
00000041: CALLVALUE
00000042: DUP1
00000043: ISZERO
00000044: PUSH2 0x004c
00000047: JUMPI
00000048: PUSH1 0x00
0000004a: DUP1
0000004b: REVERT
0000004c: JUMPDEST
0000004d: POP
0000004e: PUSH2 0x0029
00000051: PUSH2 0x005b
00000054: CALLDATASIZE
00000055: PUSH1 0x04
00000057: PUSH2 0x046c
0000005a: JUMP
0000005b: JUMPDEST
0000005c: PUSH2 0x0109
0000005f: JUMP
00000060: JUMPDEST
00000061: PUSH1 0x00
00000063: SELFBALANCE
00000064: SWAP1
00000065: POP
00000066: PUSH1 0x00
00000068: PUSH2 0x0087
0000006b: PUSH1 0x64
0000006d: PUSH2 0x0081
00000070: PUSH1 0x02
00000072: SLOAD
00000073: DUP6
00000074: PUSH2 0x032d
00000077: SWAP1
00000078: SWAP2
00000079: SWAP1
0000007a: PUSH4 0xffffffff
0000007f: AND
00000080: JUMP
00000081: JUMPDEST
00000082: SWAP1
00000083: PUSH2 0x03b5
00000086: JUMP
00000087: JUMPDEST
00000088: PUSH1 0x00
0000008a: DUP1
0000008b: SLOAD
0000008c: PUSH1 0x40
0000008e: MLOAD
0000008f: SWAP3
00000090: SWAP4
00000091: POP
00000092: PUSH1 0x01
00000094: PUSH1 0x01
00000096: PUSH1 0xa0
00000098: SHL
00000099: SUB
0000009a: AND
0000009b: SWAP2
0000009c: DUP4
0000009d: ISZERO
0000009e: PUSH2 0x08fc
000000a1: MUL
000000a2: SWAP2
000000a3: DUP5
000000a4: SWAP2
000000a5: SWAP1
000000a6: DUP2
000000a7: DUP2
000000a8: DUP2
000000a9: DUP6
000000aa: DUP9
000000ab: DUP9
000000ac: CALL
000000ad: SWAP4
000000ae: POP
000000af: POP
000000b0: POP
000000b1: POP
000000b2: ISZERO
000000b3: DUP1
000000b4: ISZERO
000000b5: PUSH2 0x00c2
000000b8: JUMPI
000000b9: RETURNDATASIZE
000000ba: PUSH1 0x00
000000bc: DUP1
000000bd: RETURNDATACOPY
000000be: RETURNDATASIZE
000000bf: PUSH1 0x00
000000c1: REVERT
000000c2: JUMPDEST
000000c3: POP
000000c4: PUSH1 0x01
000000c6: SLOAD
000000c7: PUSH1 0x01
000000c9: PUSH1 0x01
000000cb: PUSH1 0xa0
000000cd: SHL
000000ce: SUB
000000cf: AND
000000d0: PUSH2 0x08fc
000000d3: PUSH2 0x00dc
000000d6: DUP5
000000d7: DUP5
000000d8: PUSH2 0x0410
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH1 0x40
000000df: MLOAD
000000e0: DUP2
000000e1: ISZERO
000000e2: SWAP1
000000e3: SWAP3
000000e4: MUL
000000e5: SWAP2
000000e6: PUSH1 0x00
000000e8: DUP2
000000e9: DUP2
000000ea: DUP2
000000eb: DUP6
000000ec: DUP9
000000ed: DUP9
000000ee: CALL
000000ef: SWAP4
000000f0: POP
000000f1: POP
000000f2: POP
000000f3: POP
000000f4: ISZERO
000000f5: DUP1
000000f6: ISZERO
000000f7: PUSH2 0x0104
000000fa: JUMPI
000000fb: RETURNDATASIZE
000000fc: PUSH1 0x00
000000fe: DUP1
000000ff: RETURNDATACOPY
00000100: RETURNDATASIZE
00000101: PUSH1 0x00
00000103: REVERT
00000104: JUMPDEST
00000105: POP
00000106: POP
00000107: POP
00000108: JUMP
00000109: JUMPDEST
0000010a: PUSH1 0x40
0000010c: MLOAD
0000010d: PUSH4 0x70a08231
00000112: PUSH1 0xe0
00000114: SHL
00000115: DUP2
00000116: MSTORE
00000117: ADDRESS
00000118: PUSH1 0x04
0000011a: DUP3
0000011b: ADD
0000011c: MSTORE
0000011d: DUP2
0000011e: SWAP1
0000011f: PUSH1 0x00
00000121: SWAP1
00000122: PUSH1 0x01
00000124: PUSH1 0x01
00000126: PUSH1 0xa0
00000128: SHL
00000129: SUB
0000012a: DUP4
0000012b: AND
0000012c: SWAP1
0000012d: PUSH4 0x70a08231
00000132: SWAP1
00000133: PUSH1 0x24
00000135: ADD
00000136: PUSH1 0x20
00000138: PUSH1 0x40
0000013a: MLOAD
0000013b: DUP1
0000013c: DUP4
0000013d: SUB
0000013e: DUP2
0000013f: DUP7
00000140: DUP1
00000141: EXTCODESIZE
00000142: ISZERO
00000143: DUP1
00000144: ISZERO
00000145: PUSH2 0x014d
00000148: JUMPI
00000149: PUSH1 0x00
0000014b: DUP1
0000014c: REVERT
0000014d: JUMPDEST
0000014e: POP
0000014f: GAS
00000150: STATICCALL
00000151: ISZERO
00000152: DUP1
00000153: ISZERO
00000154: PUSH2 0x0161
00000157: JUMPI
00000158: RETURNDATASIZE
00000159: PUSH1 0x00
0000015b: DUP1
0000015c: RETURNDATACOPY
0000015d: RETURNDATASIZE
0000015e: PUSH1 0x00
00000160: REVERT
00000161: JUMPDEST
00000162: POP
00000163: POP
00000164: POP
00000165: POP
00000166: PUSH1 0x40
00000168: MLOAD
00000169: RETURNDATASIZE
0000016a: PUSH1 0x1f
0000016c: NOT
0000016d: PUSH1 0x1f
0000016f: DUP3
00000170: ADD
00000171: AND
00000172: DUP3
00000173: ADD
00000174: DUP1
00000175: PUSH1 0x40
00000177: MSTORE
00000178: POP
00000179: DUP2
0000017a: ADD
0000017b: SWAP1
0000017c: PUSH2 0x0185
0000017f: SWAP2
00000180: SWAP1
00000181: PUSH2 0x04b7
00000184: JUMP
00000185: JUMPDEST
00000186: SWAP1
00000187: POP
00000188: PUSH1 0x00
0000018a: PUSH2 0x01a3
0000018d: PUSH1 0x64
0000018f: PUSH2 0x0081
00000192: PUSH1 0x02
00000194: SLOAD
00000195: DUP6
00000196: PUSH2 0x032d
00000199: SWAP1
0000019a: SWAP2
0000019b: SWAP1
0000019c: PUSH4 0xffffffff
000001a1: AND
000001a2: JUMP
000001a3: JUMPDEST
000001a4: SWAP1
000001a5: POP
000001a6: PUSH1 0x00
000001a8: DUP3
000001a9: GT
000001aa: PUSH2 0x01f0
000001ad: JUMPI
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: PUSH3 0x461bcd
000001b5: PUSH1 0xe5
000001b7: SHL
000001b8: DUP2
000001b9: MSTORE
000001ba: PUSH1 0x20
000001bc: PUSH1 0x04
000001be: DUP3
000001bf: ADD
000001c0: MSTORE
000001c1: PUSH1 0x13
000001c3: PUSH1 0x24
000001c5: DUP3
000001c6: ADD
000001c7: MSTORE
000001c8: PUSH19 0x4e6f7468696e6720746f207769746864726177
000001dc: PUSH1 0x68
000001de: SHL
000001df: PUSH1 0x44
000001e1: DUP3
000001e2: ADD
000001e3: MSTORE
000001e4: PUSH1 0x64
000001e6: ADD
000001e7: JUMPDEST
000001e8: PUSH1 0x40
000001ea: MLOAD
000001eb: DUP1
000001ec: SWAP2
000001ed: SUB
000001ee: SWAP1
000001ef: REVERT
000001f0: JUMPDEST
000001f1: PUSH1 0x00
000001f3: SLOAD
000001f4: PUSH1 0x40
000001f6: MLOAD
000001f7: PUSH4 0x23b872dd
000001fc: PUSH1 0xe0
000001fe: SHL
000001ff: DUP2
00000200: MSTORE
00000201: ADDRESS
00000202: PUSH1 0x04
00000204: DUP3
00000205: ADD
00000206: MSTORE
00000207: PUSH1 0x01
00000209: PUSH1 0x01
0000020b: PUSH1 0xa0
0000020d: SHL
0000020e: SUB
0000020f: SWAP2
00000210: DUP3
00000211: AND
00000212: PUSH1 0x24
00000214: DUP3
00000215: ADD
00000216: MSTORE
00000217: PUSH1 0x44
00000219: DUP2
0000021a: ADD
0000021b: DUP4
0000021c: SWAP1
0000021d: MSTORE
0000021e: SWAP1
0000021f: DUP5
00000220: AND
00000221: SWAP1
00000222: PUSH4 0x23b872dd
00000227: SWAP1
00000228: PUSH1 0x64
0000022a: ADD
0000022b: PUSH1 0x20
0000022d: PUSH1 0x40
0000022f: MLOAD
00000230: DUP1
00000231: DUP4
00000232: SUB
00000233: DUP2
00000234: PUSH1 0x00
00000236: DUP8
00000237: DUP1
00000238: EXTCODESIZE
00000239: ISZERO
0000023a: DUP1
0000023b: ISZERO
0000023c: PUSH2 0x0244
0000023f: JUMPI
00000240: PUSH1 0x00
00000242: DUP1
00000243: REVERT
00000244: JUMPDEST
00000245: POP
00000246: GAS
00000247: CALL
00000248: ISZERO
00000249: DUP1
0000024a: ISZERO
0000024b: PUSH2 0x0258
0000024e: JUMPI
0000024f: RETURNDATASIZE
00000250: PUSH1 0x00
00000252: DUP1
00000253: RETURNDATACOPY
00000254: RETURNDATASIZE
00000255: PUSH1 0x00
00000257: REVERT
00000258: JUMPDEST
00000259: POP
0000025a: POP
0000025b: POP
0000025c: POP
0000025d: PUSH1 0x40
0000025f: MLOAD
00000260: RETURNDATASIZE
00000261: PUSH1 0x1f
00000263: NOT
00000264: PUSH1 0x1f
00000266: DUP3
00000267: ADD
00000268: AND
00000269: DUP3
0000026a: ADD
0000026b: DUP1
0000026c: PUSH1 0x40
0000026e: MSTORE
0000026f: POP
00000270: DUP2
00000271: ADD
00000272: SWAP1
00000273: PUSH2 0x027c
00000276: SWAP2
00000277: SWAP1
00000278: PUSH2 0x0495
0000027b: JUMP
0000027c: JUMPDEST
0000027d: POP
0000027e: PUSH1 0x01
00000280: SLOAD
00000281: PUSH1 0x01
00000283: PUSH1 0x01
00000285: PUSH1 0xa0
00000287: SHL
00000288: SUB
00000289: DUP1
0000028a: DUP6
0000028b: AND
0000028c: SWAP2
0000028d: PUSH4 0x23b872dd
00000292: SWAP2
00000293: ADDRESS
00000294: SWAP2
00000295: AND
00000296: PUSH2 0x029f
00000299: DUP7
0000029a: DUP7
0000029b: PUSH2 0x0410
0000029e: JUMP
0000029f: JUMPDEST
000002a0: PUSH1 0x40
000002a2: MLOAD
000002a3: PUSH1 0x01
000002a5: PUSH1 0x01
000002a7: PUSH1 0xe0
000002a9: SHL
000002aa: SUB
000002ab: NOT
000002ac: PUSH1 0xe0
000002ae: DUP7
000002af: SWAP1
000002b0: SHL
000002b1: AND
000002b2: DUP2
000002b3: MSTORE
000002b4: PUSH1 0x01
000002b6: PUSH1 0x01
000002b8: PUSH1 0xa0
000002ba: SHL
000002bb: SUB
000002bc: SWAP4
000002bd: DUP5
000002be: AND
000002bf: PUSH1 0x04
000002c1: DUP3
000002c2: ADD
000002c3: MSTORE
000002c4: SWAP3
000002c5: SWAP1
000002c6: SWAP2
000002c7: AND
000002c8: PUSH1 0x24
000002ca: DUP4
000002cb: ADD
000002cc: MSTORE
000002cd: PUSH1 0x44
000002cf: DUP3
000002d0: ADD
000002d1: MSTORE
000002d2: PUSH1 0x64
000002d4: ADD
000002d5: PUSH1 0x20
000002d7: PUSH1 0x40
000002d9: MLOAD
000002da: DUP1
000002db: DUP4
000002dc: SUB
000002dd: DUP2
000002de: PUSH1 0x00
000002e0: DUP8
000002e1: DUP1
000002e2: EXTCODESIZE
000002e3: ISZERO
000002e4: DUP1
000002e5: ISZERO
000002e6: PUSH2 0x02ee
000002e9: JUMPI
000002ea: PUSH1 0x00
000002ec: DUP1
000002ed: REVERT
000002ee: JUMPDEST
000002ef: POP
000002f0: GAS
000002f1: CALL
000002f2: ISZERO
000002f3: DUP1
000002f4: ISZERO
000002f5: PUSH2 0x0302
000002f8: JUMPI
000002f9: RETURNDATASIZE
000002fa: PUSH1 0x00
000002fc: DUP1
000002fd: RETURNDATACOPY
000002fe: RETURNDATASIZE
000002ff: PUSH1 0x00
00000301: REVERT
00000302: JUMPDEST
00000303: POP
00000304: POP
00000305: POP
00000306: POP
00000307: PUSH1 0x40
00000309: MLOAD
0000030a: RETURNDATASIZE
0000030b: PUSH1 0x1f
0000030d: NOT
0000030e: PUSH1 0x1f
00000310: DUP3
00000311: ADD
00000312: AND
00000313: DUP3
00000314: ADD
00000315: DUP1
00000316: PUSH1 0x40
00000318: MSTORE
00000319: POP
0000031a: DUP2
0000031b: ADD
0000031c: SWAP1
0000031d: PUSH2 0x0326
00000320: SWAP2
00000321: SWAP1
00000322: PUSH2 0x0495
00000325: JUMP
00000326: JUMPDEST
00000327: POP
00000328: POP
00000329: POP
0000032a: POP
0000032b: POP
0000032c: JUMP
0000032d: JUMPDEST
0000032e: PUSH1 0x00
00000330: DUP3
00000331: PUSH2 0x033c
00000334: JUMPI
00000335: POP
00000336: PUSH1 0x00
00000338: PUSH2 0x03af
0000033b: JUMP
0000033c: JUMPDEST
0000033d: PUSH1 0x00
0000033f: PUSH2 0x0348
00000342: DUP4
00000343: DUP6
00000344: PUSH2 0x04f2
00000347: JUMP
00000348: JUMPDEST
00000349: SWAP1
0000034a: POP
0000034b: DUP3
0000034c: PUSH2 0x0355
0000034f: DUP6
00000350: DUP4
00000351: PUSH2 0x04d0
00000354: JUMP
00000355: JUMPDEST
00000356: EQ
00000357: PUSH2 0x03ac
0000035a: JUMPI
0000035b: PUSH1 0x40
0000035d: MLOAD
0000035e: PUSH3 0x461bcd
00000362: PUSH1 0xe5
00000364: SHL
00000365: DUP2
00000366: MSTORE
00000367: PUSH1 0x20
00000369: PUSH1 0x04
0000036b: DUP3
0000036c: ADD
0000036d: MSTORE
0000036e: PUSH1 0x21
00000370: PUSH1 0x24
00000372: DUP3
00000373: ADD
00000374: MSTORE
00000375: PUSH32 0x536166654d6174683a206d756c7469706c69636174696f6e206f766572666c6f
00000396: PUSH1 0x44
00000398: DUP3
00000399: ADD
0000039a: MSTORE
0000039b: PUSH1 0x77
0000039d: PUSH1 0xf8
0000039f: SHL
000003a0: PUSH1 0x64
000003a2: DUP3
000003a3: ADD
000003a4: MSTORE
000003a5: PUSH1 0x84
000003a7: ADD
000003a8: PUSH2 0x01e7
000003ab: JUMP
000003ac: JUMPDEST
000003ad: SWAP1
000003ae: POP
000003af: JUMPDEST
000003b0: SWAP3
000003b1: SWAP2
000003b2: POP
000003b3: POP
000003b4: JUMP
000003b5: JUMPDEST
000003b6: PUSH1 0x00
000003b8: DUP1
000003b9: DUP3
000003ba: GT
000003bb: PUSH2 0x0406
000003be: JUMPI
000003bf: PUSH1 0x40
000003c1: MLOAD
000003c2: PUSH3 0x461bcd
000003c6: PUSH1 0xe5
000003c8: SHL
000003c9: DUP2
000003ca: MSTORE
000003cb: PUSH1 0x20
000003cd: PUSH1 0x04
000003cf: DUP3
000003d0: ADD
000003d1: MSTORE
000003d2: PUSH1 0x1a
000003d4: PUSH1 0x24
000003d6: DUP3
000003d7: ADD
000003d8: MSTORE
000003d9: PUSH32 0x536166654d6174683a206469766973696f6e206279207a65726f000000000000
000003fa: PUSH1 0x44
000003fc: DUP3
000003fd: ADD
000003fe: MSTORE
000003ff: PUSH1 0x64
00000401: ADD
00000402: PUSH2 0x01e7
00000405: JUMP
00000406: JUMPDEST
00000407: PUSH2 0x03ac
0000040a: DUP3
0000040b: DUP5
0000040c: PUSH2 0x04d0
0000040f: JUMP
00000410: JUMPDEST
00000411: PUSH1 0x00
00000413: DUP3
00000414: DUP3
00000415: GT
00000416: ISZERO
00000417: PUSH2 0x0462
0000041a: JUMPI
0000041b: PUSH1 0x40
0000041d: MLOAD
0000041e: PUSH3 0x461bcd
00000422: PUSH1 0xe5
00000424: SHL
00000425: DUP2
00000426: MSTORE
00000427: PUSH1 0x20
00000429: PUSH1 0x04
0000042b: DUP3
0000042c: ADD
0000042d: MSTORE
0000042e: PUSH1 0x1e
00000430: PUSH1 0x24
00000432: DUP3
00000433: ADD
00000434: MSTORE
00000435: PUSH32 0x536166654d6174683a207375627472616374696f6e206f766572666c6f770000
00000456: PUSH1 0x44
00000458: DUP3
00000459: ADD
0000045a: MSTORE
0000045b: PUSH1 0x64
0000045d: ADD
0000045e: PUSH2 0x01e7
00000461: JUMP
00000462: JUMPDEST
00000463: PUSH2 0x03ac
00000466: DUP3
00000467: DUP5
00000468: PUSH2 0x0511
0000046b: JUMP
0000046c: JUMPDEST
0000046d: PUSH1 0x00
0000046f: PUSH1 0x20
00000471: DUP3
00000472: DUP5
00000473: SUB
00000474: SLT
00000475: ISZERO
00000476: PUSH2 0x047e
00000479: JUMPI
0000047a: PUSH1 0x00
0000047c: DUP1
0000047d: REVERT
0000047e: JUMPDEST
0000047f: DUP2
00000480: CALLDATALOAD
00000481: PUSH1 0x01
00000483: PUSH1 0x01
00000485: PUSH1 0xa0
00000487: SHL
00000488: SUB
00000489: DUP2
0000048a: AND
0000048b: DUP2
0000048c: EQ
0000048d: PUSH2 0x03ac
00000490: JUMPI
00000491: PUSH1 0x00
00000493: DUP1
00000494: REVERT
00000495: JUMPDEST
00000496: PUSH1 0x00
00000498: PUSH1 0x20
0000049a: DUP3
0000049b: DUP5
0000049c: SUB
0000049d: SLT
0000049e: ISZERO
0000049f: PUSH2 0x04a7
000004a2: JUMPI
000004a3: PUSH1 0x00
000004a5: DUP1
000004a6: REVERT
000004a7: JUMPDEST
000004a8: DUP2
000004a9: MLOAD
000004aa: DUP1
000004ab: ISZERO
000004ac: ISZERO
000004ad: DUP2
000004ae: EQ
000004af: PUSH2 0x03ac
000004b2: JUMPI
000004b3: PUSH1 0x00
000004b5: DUP1
000004b6: REVERT
000004b7: JUMPDEST
000004b8: PUSH1 0x00
000004ba: PUSH1 0x20
000004bc: DUP3
000004bd: DUP5
000004be: SUB
000004bf: SLT
000004c0: ISZERO
000004c1: PUSH2 0x04c9
000004c4: JUMPI
000004c5: PUSH1 0x00
000004c7: DUP1
000004c8: REVERT
000004c9: JUMPDEST
000004ca: POP
000004cb: MLOAD
000004cc: SWAP2
000004cd: SWAP1
000004ce: POP
000004cf: JUMP
000004d0: JUMPDEST
000004d1: PUSH1 0x00
000004d3: DUP3
000004d4: PUSH2 0x04ed
000004d7: JUMPI
000004d8: PUSH4 0x4e487b71
000004dd: PUSH1 0xe0
000004df: SHL
000004e0: PUSH1 0x00
000004e2: MSTORE
000004e3: PUSH1 0x12
000004e5: PUSH1 0x04
000004e7: MSTORE
000004e8: PUSH1 0x24
000004ea: PUSH1 0x00
000004ec: REVERT
000004ed: JUMPDEST
000004ee: POP
000004ef: DIV
000004f0: SWAP1
000004f1: JUMP
000004f2: JUMPDEST
000004f3: PUSH1 0x00
000004f5: DUP2
000004f6: PUSH1 0x00
000004f8: NOT
000004f9: DIV
000004fa: DUP4
000004fb: GT
000004fc: DUP3
000004fd: ISZERO
000004fe: ISZERO
000004ff: AND
00000500: ISZERO
00000501: PUSH2 0x050c
00000504: JUMPI
00000505: PUSH2 0x050c
00000508: PUSH2 0x0528
0000050b: JUMP
0000050c: JUMPDEST
0000050d: POP
0000050e: MUL
0000050f: SWAP1
00000510: JUMP
00000511: JUMPDEST
00000512: PUSH1 0x00
00000514: DUP3
00000515: DUP3
00000516: LT
00000517: ISZERO
00000518: PUSH2 0x0523
0000051b: JUMPI
0000051c: PUSH2 0x0523
0000051f: PUSH2 0x0528
00000522: JUMP
00000523: JUMPDEST
00000524: POP
00000525: SUB
00000526: SWAP1
00000527: JUMP
00000528: JUMPDEST
00000529: PUSH4 0x4e487b71
0000052e: PUSH1 0xe0
00000530: SHL
00000531: PUSH1 0x00
00000533: MSTORE
00000534: PUSH1 0x11
00000536: PUSH1 0x04
00000538: MSTORE
00000539: PUSH1 0x24
0000053b: PUSH1 0x00
0000053d: REVERT
0000053e: INVALID
0000053f: LOG2
00000540: PUSH5 0x6970667358
00000546: UNKNOWN(0x22)
00000547: SLT
00000548: KECCAK256
00000549: INVALID
0000054a: LOG0
0000054b: DUP5
0000054c: PUSH6 0x1e76a55f5fa2
00000553: UNKNOWN(0xB3)
00000554: UNKNOWN(0x0C)
00000555: SWAP2
00000556: DUP15
00000557: CALL
00000558: UNKNOWN(0xF8)
00000559: UNKNOWN(0xAA)
0000055a: PUSH16 0x2d24e215c7400bcdc0c18423c1926473
0000056b: PUSH16

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	other	detector	Untrusted CALL target/value reachable	60	yes	yes	view trace_id: 0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e call_targets: 0x010c1b559e332d8ac0796d9b49031044b3feadb0, 0x38201568a7fece8da2248461810a9d42faccf313, 0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa target_varies: yes classification: target_varies validation_json { "sink": "CALL", "errors": 0, "status": "confirmed", "attempts": 1, "trace_id": "0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e", "confirmed": true, "trace_mode": "callTracer", "call_targets": [ "0x010c1b559e332d8ac0796d9b49031044b3feadb0", "0x38201568a7fece8da2248461810a9d42faccf313", "0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa" ], "matched_probe": null, "target_varies": true, "classification": "target_varies" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x3ccfd60b", "selector": "0x3ccfd60b", "calldata_variants": [ "0x3ccfd60b", "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf4f3b200", "selector": "0xf4f3b200", "calldata_variants": [ "0xf4f3b200", "0xf4f3b2000000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 172, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 238, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 583, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 5, "guards_detected": [], "untrusted_call_count": 5 }
high	other	detector	ETH value transfer possible	55	yes	yes	view trace_id: 0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e call_targets: 0x010c1b559e332d8ac0796d9b49031044b3feadb0, 0x38201568a7fece8da2248461810a9d42faccf313, 0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa target_varies: yes classification: target_varies validation_json { "sink": "CALL", "errors": 0, "status": "confirmed", "attempts": 1, "trace_id": "0x5e2ed2c5325de9198762e390d30a7c8b8cbf6d617d281e58e4dc023c1824513e", "confirmed": true, "trace_mode": "callTracer", "call_targets": [ "0x010c1b559e332d8ac0796d9b49031044b3feadb0", "0x38201568a7fece8da2248461810a9d42faccf313", "0xdf9a7c4bad39cc914e204d1adab53da21e2fafaa" ], "matched_probe": null, "target_varies": true, "classification": "target_varies" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x3ccfd60b", "selector": "0x3ccfd60b", "calldata_variants": [ "0x3ccfd60b", "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf4f3b200", "selector": "0xf4f3b200", "calldata_variants": [ "0xf4f3b200", "0xf4f3b2000000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 172, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 238, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 583, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 5, "guards_detected": [] }
high	other	slither	royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet1,walletBalance) (contracts/Contract...	85	no	—	view evidence_json { "impact": "High", "detector": "unchecked-transfer", "elements": [ { "name": "withdrawERC20", "type": "function", "source_mapping": { "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 8580, "length": 439, "ending_column": 22, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 38, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "royaltySplitter", "type": "contract", "source_mapping": { "lines": [ 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 7609, "length": 1412, "ending_column": 24, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 31, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "withdrawERC20(address)" } }, { "name": "targetToken.transferFrom(address(this),wallet1,walletBalance)", "type": "node", "source_mapping": { "lines": [ 257, 258 ], "start": 8863, "length": 63, "ending_column": 40, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 32, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "withdrawERC20", "type": "function", "source_mapping": { "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 8580, "length": 439, "ending_column": 22, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 38, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "royaltySplitter", "type": "contract", "source_mapping": { "lines": [ 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 7609, "length": 1412, "ending_column": 24, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 31, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "withdrawERC20(address)" } } } } ], "locations": [ { "file": "contracts/Contract.sol", "name": "withdrawERC20", "type": "function", "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ] }, { "file": "contracts/Contract.sol", "name": "targetToken.transferFrom(address(this),wallet1,walletBalance)", "type": "node", "lines": [ 257, 258 ] } ], "description": "royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet1,walletBalance) (contracts/Contract.sol#257-258)" }
high	other	slither	royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet2,balance.sub(walletBalance)) (contr...	85	no	—	view evidence_json { "impact": "High", "detector": "unchecked-transfer", "elements": [ { "name": "withdrawERC20", "type": "function", "source_mapping": { "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 8580, "length": 439, "ending_column": 22, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 38, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "royaltySplitter", "type": "contract", "source_mapping": { "lines": [ 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 7609, "length": 1412, "ending_column": 24, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 31, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "withdrawERC20(address)" } }, { "name": "targetToken.transferFrom(address(this),wallet2,balance.sub(walletBalance))", "type": "node", "source_mapping": { "lines": [ 259, 260 ], "start": 8936, "length": 76, "ending_column": 15, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 4, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "withdrawERC20", "type": "function", "source_mapping": { "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 8580, "length": 439, "ending_column": 22, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 38, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" }, "type_specific_fields": { "parent": { "name": "royaltySplitter", "type": "contract", "source_mapping": { "lines": [ 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ], "start": 7609, "length": 1412, "ending_column": 24, "is_dependency": false, "filename_short": "contracts/Contract.sol", "starting_column": 31, "filename_absolute": "/tmp/slither-rzhddiwl/contracts/Contract.sol", "filename_relative": "contracts/Contract.sol" } }, "signature": "withdrawERC20(address)" } } } } ], "locations": [ { "file": "contracts/Contract.sol", "name": "withdrawERC20", "type": "function", "lines": [ 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260 ] }, { "file": "contracts/Contract.sol", "name": "targetToken.transferFrom(address(this),wallet2,balance.sub(walletBalance))", "type": "node", "lines": [ 259, 260 ] } ], "description": "royaltySplitter.withdrawERC20(address) (contracts/Contract.sol#249-260) ignores return value by targetToken.transferFrom(address(this),wallet2,balance.sub(walletBalance)) (contracts/Contract.sol#259-260)" }