019b477e-d727-71ad-b0a6-0541c9bcadb8
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 28833 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 28834 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 72076 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 72077 | capability.graph | complete | 1 / 3 | 1 week ago |
| 72078 | detector.run | complete | 1 / 3 | 1 week ago |
| 72079 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: ISZERO 0000000a: PUSH2 0x0018 0000000d: JUMPI 0000000e: JUMPDEST 0000000f: CALLDATASIZE 00000010: PUSH2 0x02a4 00000013: JUMPI 00000014: PUSH2 0x02a4 00000017: JUMP 00000018: JUMPDEST 00000019: PUSH1 0x00 0000001b: DUP1 0000001c: CALLDATALOAD 0000001d: PUSH1 0xe0 0000001f: SHR 00000020: SWAP1 00000021: DUP2 00000022: PUSH4 0x439fab91 00000027: EQ 00000028: PUSH2 0x006b 0000002b: JUMPI 0000002c: POP 0000002d: DUP1 0000002e: PUSH4 0x5a99719e 00000033: EQ 00000034: PUSH2 0x0066 00000037: JUMPI 00000038: DUP1 00000039: PUSH4 0x82e7a14c 0000003e: EQ 0000003f: PUSH2 0x0061 00000042: JUMPI 00000043: DUP1 00000044: PUSH4 0xc3f59687 00000049: EQ 0000004a: PUSH2 0x005c 0000004d: JUMPI 0000004e: PUSH4 0xf00e6a2a 00000053: SUB 00000054: PUSH2 0x000e 00000057: JUMPI 00000058: PUSH2 0x01fc 0000005b: JUMP 0000005c: JUMPDEST 0000005d: PUSH2 0x0188 00000060: JUMP 00000061: JUMPDEST 00000062: PUSH2 0x014d 00000065: JUMP 00000066: JUMPDEST 00000067: PUSH2 0x00de 0000006a: JUMP 0000006b: JUMPDEST 0000006c: CALLVALUE 0000006d: PUSH2 0x00d7 00000070: JUMPI 00000071: PUSH1 0x20 00000073: CALLDATASIZE 00000074: PUSH1 0x03 00000076: NOT 00000077: ADD 00000078: SLT 00000079: PUSH2 0x00d7 0000007c: JUMPI 0000007d: PUSH1 0x04 0000007f: CALLDATALOAD 00000080: PUSH8 0xffffffffffffffff 00000089: DUP1 0000008a: DUP3 0000008b: GT 0000008c: PUSH2 0x00da 0000008f: JUMPI 00000090: CALLDATASIZE 00000091: PUSH1 0x23 00000093: DUP4 00000094: ADD 00000095: SLT 00000096: ISZERO 00000097: PUSH2 0x00da 0000009a: JUMPI 0000009b: DUP2 0000009c: PUSH1 0x04 0000009e: ADD 0000009f: CALLDATALOAD 000000a0: SWAP1 000000a1: DUP2 000000a2: GT 000000a3: PUSH2 0x00da 000000a6: JUMPI 000000a7: CALLDATASIZE 000000a8: SWAP2 000000a9: ADD 000000aa: PUSH1 0x24 000000ac: ADD 000000ad: GT 000000ae: PUSH2 0x00d7 000000b1: JUMPI 000000b2: PUSH3 0x461bcd 000000b6: PUSH1 0xe5 000000b8: SHL 000000b9: PUSH1 0x80 000000bb: MSTORE 000000bc: PUSH1 0x20 000000be: PUSH1 0x84 000000c0: MSTORE 000000c1: PUSH1 0x05 000000c3: PUSH1 0xa4 000000c5: MSTORE 000000c6: PUSH5 0x696e693131 000000cc: PUSH1 0xd8 000000ce: SHL 000000cf: PUSH1 0xc4 000000d1: MSTORE 000000d2: PUSH1 0x64 000000d4: PUSH1 0x80 000000d6: REVERT 000000d7: JUMPDEST 000000d8: DUP1 000000d9: REVERT 000000da: JUMPDEST 000000db: DUP3 000000dc: DUP1 000000dd: REVERT 000000de: JUMPDEST 000000df: CALLVALUE 000000e0: PUSH2 0x0126 000000e3: JUMPI 000000e4: PUSH1 0x00 000000e6: CALLDATASIZE 000000e7: PUSH1 0x03 000000e9: NOT 000000ea: ADD 000000eb: SLT 000000ec: PUSH2 0x0126 000000ef: JUMPI 000000f0: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000111: SLOAD 00000112: PUSH1 0x40 00000114: MLOAD 00000115: PUSH1 0x01 00000117: PUSH1 0x01 00000119: PUSH1 0xa0 0000011b: SHL 0000011c: SUB 0000011d: SWAP1 0000011e: SWAP2 0000011f: AND 00000120: DUP2 00000121: MSTORE 00000122: PUSH1 0x20 00000124: SWAP1 00000125: RETURN 00000126: JUMPDEST 00000127: PUSH1 0x00 00000129: DUP1 0000012a: REVERT 0000012b: JUMPDEST 0000012c: PUSH1 0x20 0000012e: SWAP1 0000012f: PUSH1 0x03 00000131: NOT 00000132: ADD 00000133: SLT 00000134: PUSH2 0x0126 00000137: JUMPI 00000138: PUSH1 0x04 0000013a: CALLDATALOAD 0000013b: PUSH1 0x01 0000013d: PUSH1 0x01 0000013f: PUSH1 0xa0 00000141: SHL 00000142: SUB 00000143: DUP2 00000144: AND 00000145: DUP2 00000146: SUB 00000147: PUSH2 0x0126 0000014a: JUMPI 0000014b: SWAP1 0000014c: JUMP 0000014d: JUMPDEST 0000014e: CALLVALUE 0000014f: PUSH2 0x0126 00000152: JUMPI 00000153: PUSH2 0x015b 00000156: CALLDATASIZE 00000157: PUSH2 0x012b 0000015a: JUMP 0000015b: JUMPDEST 0000015c: PUSH2 0x0164 0000015f: CALLER 00000160: PUSH2 0x0244 00000163: JUMP 00000164: JUMPDEST 00000165: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 00000186: SSTORE 00000187: STOP 00000188: JUMPDEST 00000189: CALLVALUE 0000018a: PUSH2 0x0126 0000018d: JUMPI 0000018e: PUSH2 0x0196 00000191: CALLDATASIZE 00000192: PUSH2 0x012b 00000195: JUMP 00000196: JUMPDEST 00000197: PUSH2 0x019f 0000019a: CALLER 0000019b: PUSH2 0x0244 0000019e: JUMP 0000019f: JUMPDEST 000001a0: PUSH1 0x01 000001a2: PUSH1 0x01 000001a4: PUSH1 0xa0 000001a6: SHL 000001a7: SUB 000001a8: DUP2 000001a9: AND 000001aa: ISZERO 000001ab: PUSH2 0x01d2 000001ae: JUMPI 000001af: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000001d0: SSTORE 000001d1: STOP 000001d2: JUMPDEST 000001d3: PUSH1 0x40 000001d5: MLOAD 000001d6: PUSH3 0x461bcd 000001da: PUSH1 0xe5 000001dc: SHL 000001dd: DUP2 000001de: MSTORE 000001df: PUSH1 0x20 000001e1: PUSH1 0x04 000001e3: DUP3 000001e4: ADD 000001e5: MSTORE 000001e6: PUSH1 0x02 000001e8: PUSH1 0x24 000001ea: DUP3 000001eb: ADD 000001ec: MSTORE 000001ed: PUSH2 0x0c59 000001f0: PUSH1 0xf2 000001f2: SHL 000001f3: PUSH1 0x44 000001f5: DUP3 000001f6: ADD 000001f7: MSTORE 000001f8: PUSH1 0x64 000001fa: SWAP1 000001fb: REVERT 000001fc: JUMPDEST 000001fd: CALLVALUE 000001fe: PUSH2 0x0126 00000201: JUMPI 00000202: PUSH1 0x00 00000204: CALLDATASIZE 00000205: PUSH1 0x03 00000207: NOT 00000208: ADD 00000209: SLT 0000020a: PUSH2 0x0126 0000020d: JUMPI 0000020e: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 0000022f: SLOAD 00000230: PUSH1 0x40 00000232: MLOAD 00000233: PUSH1 0x01 00000235: PUSH1 0x01 00000237: PUSH1 0xa0 00000239: SHL 0000023a: SUB 0000023b: SWAP1 0000023c: SWAP2 0000023d: AND 0000023e: DUP2 0000023f: MSTORE 00000240: PUSH1 0x20 00000242: SWAP1 00000243: RETURN 00000244: JUMPDEST 00000245: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000266: SLOAD 00000267: PUSH1 0x01 00000269: PUSH1 0x01 0000026b: PUSH1 0xa0 0000026d: SHL 0000026e: SUB 0000026f: SWAP1 00000270: DUP2 00000271: AND 00000272: SWAP2 00000273: AND 00000274: SUB 00000275: PUSH2 0x027a 00000278: JUMPI 00000279: JUMP 0000027a: JUMPDEST 0000027b: PUSH1 0x40 0000027d: MLOAD 0000027e: PUSH3 0x461bcd 00000282: PUSH1 0xe5 00000284: SHL 00000285: DUP2 00000286: MSTORE 00000287: PUSH1 0x20 00000289: PUSH1 0x04 0000028b: DUP3 0000028c: ADD 0000028d: MSTORE 0000028e: PUSH1 0x02 00000290: PUSH1 0x24 00000292: DUP3 00000293: ADD 00000294: MSTORE 00000295: PUSH2 0x3163 00000298: PUSH1 0xf0 0000029a: SHL 0000029b: PUSH1 0x44 0000029d: DUP3 0000029e: ADD 0000029f: MSTORE 000002a0: PUSH1 0x64 000002a2: SWAP1 000002a3: REVERT 000002a4: JUMPDEST 000002a5: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000002c6: SLOAD 000002c7: PUSH1 0x00 000002c9: DUP1 000002ca: PUSH1 0x40 000002cc: MLOAD 000002cd: SWAP3 000002ce: CALLDATASIZE 000002cf: DUP3 000002d0: DUP6 000002d1: CALLDATACOPY 000002d2: DUP4 000002d3: CALLDATASIZE 000002d4: SWAP2 000002d5: GAS 000002d6: DELEGATECALL 000002d7: SWAP1 000002d8: RETURNDATASIZE 000002d9: SWAP2 000002da: DUP3 000002db: PUSH1 0x00 000002dd: DUP4 000002de: RETURNDATACOPY 000002df: ISZERO 000002e0: PUSH2 0x02e5 000002e3: JUMPI 000002e4: RETURN 000002e5: JUMPDEST 000002e6: REVERT 000002e7: INVALID 000002e8: LOG2 000002e9: PUSH5 0x6970667358 000002ef: UNKNOWN(0x22) 000002f0: SLT 000002f1: KECCAK256 000002f2: DUP12 000002f3: PUSH26 0x0aa68e3e9e957eef060249709f8a442c64e0d44f8699fe2c43d6 0000030e: UNKNOWN(0xEA) 0000030f: UNKNOWN(0xC7) 00000310: RETURNDATASIZE 00000311: EXTCODECOPY 00000312: PUSH5 0x736f6c6343 00000318: STOP 00000319: ADDMOD 0000031a: SLT 0000031b: STOP 0000031c: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0x9c4b4f63495957cfc6e5677d92336ab23a6a4b91128ba509ed158d57ce6eee8f
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "unknown",
"attempts": 48,
"trace_id": "0x9c4b4f63495957cfc6e5677d92336ab23a6a4b91128ba509ed158d57ce6eee8f",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x439fab91",
"selector": "0x439fab91",
"calldata_variants": [
"0x439fab91",
"0x439fab910000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a99719e",
"selector": "0x5a99719e",
"calldata_variants": [
"0x5a99719e",
"0x5a99719e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x82e7a14c",
"selector": "0x82e7a14c",
"calldata_variants": [
"0x82e7a14c",
"0x82e7a14c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc3f59687",
"selector": "0xc3f59687",
"calldata_variants": [
"0xc3f59687",
"0xc3f596870000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 726,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|