Analysis Run

{"no_findings":false,"summary":"One high-severity issue: the V2 reinitializer is callable by anyone, allowing a malicious liquidityBuffer to be set and funds to be redirected/DoSed.","findings":[{"severity":"high","category":"upgradeability","title":"Unprotected reinitializer lets anyone set liquidityBuffer","exploit_scenario":"If the proxy is upgraded to this implementation and initializeV2 is not called atomically by the admin, any external account can call initializeV2 and point liquidityBuffer to an attacker-controlled contract. Future allocateETH calls that include allocateToLiquidityBuffer will transfer ETH to the attacker. The attacker can also make getAvailableBalance/cumulativeDrawdown revert, causing stake/unstake exchange-rate queries to fail (DoS).","recommendation":"Restrict initializeV2 to a privileged role (e.g., DEFAULT_ADMIN_ROLE or STAKING_MANAGER_ROLE) and invoke it during the upgrade transaction; optionally require liquidityBuffer to be unset and add a two-step change process for safety.","evidence":"initializeV2 is public reinitializer(2) with no access control.","locations":["src/Staking.sol:310"]}]}

OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-6hdrslg6
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: xhigh
reasoning summaries: auto
session id: 019ba5ca-d923-77f2-a96d-3698e8159527
--------
user
Context: The user requested the proxy at 0xe3cbd06d7dadb3f4e6557bab7edd924cd1489e8f.
Audit the implementation at 0x01a360392c74b5b8bf4973f438ff3983507a06a2.
Findings should refer to the implementation unless explicitly about proxy mechanics.

You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers

thinking
**Reading AUDIT_BUNDLE.txt file**
exec
/bin/bash -lc ls in /tmp/codex-6hdrslg6 succeeded in 8ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
lib
src
exec
/bin/bash -lc 'rg --files' in /tmp/codex-6hdrslg6 succeeded in 20ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
src/Staking.sol
src/interfaces/IOracle.sol
src/interfaces/IPauser.sol
src/interfaces/IUnstakeRequestsManager.sol
src/interfaces/IMETH.sol
src/interfaces/IDepositContract.sol
src/interfaces/ProtocolEvents.sol
src/interfaces/IStaking.sol
src/liquidityBuffer/interfaces/ILiquidityBuffer.sol
lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol
lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol
lib/openzeppelin-contracts/contracts/utils/math/Math.sol
lib/openzeppelin-contracts-upgradeable/contracts/access/IAccessControlUpgradeable.sol
lib/openzeppelin-contracts-upgradeable/contracts/access/IAccessControlEnumerableUpgradeable.sol
lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlEnumerableUpgradeable.sol
lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol
lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/IERC20Upgradeable.sol
lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/extensions/IERC20MetadataUpgradeable.sol

thinking
**Reading AUDIT_BUNDLE.txt**
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-6hdrslg6 succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.


thinking
**Examining first-party contract sources despite empty bundle**
exec
/bin/bash -lc "sed -n '1,240p' src/Staking.sol" in /tmp/codex-6hdrslg6 succeeded in 6ms:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
    "openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {IERC20} from "openzeppelin/token/ERC20/IERC20.sol";
import {SafeERC20Upgradeable} from "openzeppelin-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";

import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {IDepositContract} from "./interfaces/IDepositContract.sol";
import {IMETH} from "./interfaces/IMETH.sol";
import {IOracleReadRecord, OracleRecord} from "./interfaces/IOracle.sol";
import {IPauserRead} from "./interfaces/IPauser.sol";
import {IStaking, IStakingReturnsWrite, IStakingInitiationRead} from "./interfaces/IStaking.sol";
import {UnstakeRequest, IUnstakeRequestsManager} from "./interfaces/IUnstakeRequestsManager.sol";

import {ILiquidityBuffer} from "./liquidityBuffer/interfaces/ILiquidityBuffer.sol";

exec
/bin/bash -lc "sed -n '240,480p' src/Staking.sol" in /tmp/codex-6hdrslg6 succeeded in 17ms:

    /// @inheritdoc IStakingInitiationRead
    /// @dev This will be used to give off-chain services a sensible point in time to start their analysis from.
    uint256 public initializationBlockNumber;

    /// @notice The maximum amount of mETH that can be minted during the staking process.
    /// @dev This is used as an additional safeguard to create a maximum stake amount in the protocol. As the protocol
    /// scales up this value will be increased to allow for more staking.
    uint256 public maximumMETHSupply;

    /// @notice The address for the liquidity buffer contract to push funds.
    /// @dev See also {receiveReturnsFromLiquidityBuffer}.
    ILiquidityBuffer public liquidityBuffer;

    /// @notice Configuration for contract initialization.
    struct Init {
        address admin;
        address manager;
        address allocatorService;
        address initiatorService;
exec
/bin/bash -lc "sed -n '480,960p' src/Staking.sol" in /tmp/codex-6hdrslg6 succeeded in 5ms:
        if (expectedDepositRoot != actualRoot) {
            revert InvalidDepositRoot(actualRoot);
        }

        // First loop is to check that all validators are valid according to our constraints and we record the
        // validators and how much we have deposited.
        uint256 amountDeposited = 0;
        for (uint256 i = 0; i < validators.length; ++i) {
            ValidatorParams calldata validator = validators[i];

            if (usedValidators[validator.pubkey]) {
                revert PreviouslyUsedValidator();
            }

            if (validator.depositAmount < minimumDepositAmount) {
                revert MinimumValidatorDepositNotSatisfied();
            }

            if (validator.depositAmount > maximumDepositAmount) {
                revert MaximumValidatorDepositExceeded();

thinking
**Analyzing staking contract security and upgradeability issues**

I'm examining potential reentrancy risks, access control gaps, and upgrade vulnerabilities in the Staking contract, especially focusing on external calls and the unprotected initializeV2 which allows unauthorized upgrades that could redirect funds. I'm exploring the interplay between state updates and external contract interactions to understand exploit possibilities.
exec
/bin/bash -lc "sed -n '1,240p' src/interfaces/IUnstakeRequestsManager.sol" in /tmp/codex-6hdrslg6 succeeded in 29ms:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {Staking} from "../Staking.sol";

/// @notice An unstake request is stored in the UnstakeRequestsManager and records the information required to
/// fulfill an unstake request claim.
/// @param id The unique ID of the unstake request.
/// @param requester The address of the user that requested the unstake.
/// @param mETHLocked The amount of mETH that was locked when the unstake request was created. The amount of mETH
/// will be burned once the request has been claimed.
/// @param ethRequested The amount of ETH that was requested when the unstake request was created.
/// @param cumulativeETHRequested The cumulative amount of ETH that had been requested in this request and all unstake
/// requests before this one.
/// @param blockNumber The block number at which the unstake request was created.
struct UnstakeRequest {
    uint64 blockNumber;
    address requester;
    uint128 id;
    uint128 mETHLocked;

thinking
**Identifying LiquidityBuffer interface**
exec
/bin/bash -lc "sed -n '1,200p' src/liquidityBuffer/interfaces/ILiquidityBuffer.sol" in /tmp/codex-6hdrslg6 succeeded in 5ms:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/**
 * @title ILiquidityBuffer
 * @notice Interface for LiquidityBuffer contract that manages liquidity allocation to position managers
 */
interface ILiquidityBuffer {
    struct PositionManagerConfig {
        address managerAddress;           // position manager contract address
        uint256 allocationCap;           // maximum allocation limit for this manager
        bool isActive;                   // whether the position manager is operational
    }

    struct PositionAccountant {
        uint256 allocatedBalance; // total allocated balance to this manager
        uint256 interestClaimedFromManager;  // total interest claimed from this manager
    }

    /// @notice Deposit funds from staking contract

thinking
**Analyzing staking contract initialization risks**
exec
/bin/bash -lc "nl -ba src/Staking.sol | sed -n '300,380p'" in /tmp/codex-6hdrslg6 succeeded in 7ms:
   300	        minimumDepositAmount = 32 ether;
   301	        maximumDepositAmount = 32 ether;
   302	        isStakingAllowlist = true;
   303	        initializationBlockNumber = block.number;
   304	
   305	        // Set the maximum mETH supply to some sensible amount which is expected to be changed as the
   306	        // protocol ramps up.
   307	        maximumMETHSupply = 1024 ether;
   308	    }
   309	        
   310	    function initializeV2(ILiquidityBuffer lb) public reinitializer(2) notZeroAddress(address(lb)) {
   311	        liquidityBuffer = lb;
   312	    }
   313	
   314	    /// @notice Interface for users to stake their ETH with the protocol. Note: when allowlist is enabled, only users
   315	    /// with the allowlist can stake.
   316	    /// @dev Mints the corresponding amount of mETH (relative to the stake's share in the total ETH controlled by the
   317	    /// protocol) to the user.
   318	    /// @param minMETHAmount The minimum amount of mETH that the user expects to receive in return.
   319	    function stake(uint256 minMETHAmount) external payable {

thinking
**Summarizing upgrade initialization vulnerability**

I’m highlighting a single high-severity issue: the public `initializeV2` reinitializer lacks access control, allowing anyone to set the `liquidityBuffer` address to a malicious contract. This can cause unauthorized fund redirection and denial-of-service via reverted calls in exchange-rate queries. I’m preparing detailed JSON showing the finding with references to source code around line 310.
codex
{"no_findings":false,"summary":"One high-severity issue: the V2 reinitializer is callable by anyone, allowing a malicious liquidityBuffer to be set and funds to be redirected/DoSed.","findings":[{"severity":"high","category":"upgradeability","title":"Unprotected reinitializer lets anyone set liquidityBuffer","exploit_scenario":"If the proxy is upgraded to this implementation and initializeV2 is not called atomically by the admin, any external account can call initializeV2 and point liquidityBuffer to an attacker-controlled contract. Future allocateETH calls that include allocateToLiquidityBuffer will transfer ETH to the attacker. The attacker can also make getAvailableBalance/cumulativeDrawdown revert, causing stake/unstake exchange-rate queries to fail (DoS).","recommendation":"Restrict initializeV2 to a privileged role (e.g., DEFAULT_ADMIN_ROLE or STAKING_MANAGER_ROLE) and invoke it during the upgrade transaction; optionally require liquidityBuffer to be unset and add a two-step change process for safety.","evidence":"initializeV2 is public reinitializer(2) with no access control.","locations":["src/Staking.sol:310"]}]}
tokens used
26,274

{
    "codex": {
        "ran_at": "2026-01-10T02:48:04.023033+00:00",
        "returncode": 0
    },
    "project": {
        "mode": "source",
        "file_count": 29,
        "import_count": 34,
        "first_party_contracts_count": 0
    },
    "summary": "One high-severity issue: the V2 reinitializer is callable by anyone, allowing a malicious liquidityBuffer to be set and funds to be redirected/DoSed.",
    "raw_final": {
        "summary": "One high-severity issue: the V2 reinitializer is callable by anyone, allowing a malicious liquidityBuffer to be set and funds to be redirected/DoSed.",
        "findings": [
            {
                "title": "Unprotected reinitializer lets anyone set liquidityBuffer",
                "category": "upgradeability",
                "evidence": "initializeV2 is public reinitializer(2) with no access control.",
                "severity": "high",
                "locations": [
                    "src/Staking.sol:310"
                ],
                "recommendation": "Restrict initializeV2 to a privileged role (e.g., DEFAULT_ADMIN_ROLE or STAKING_MANAGER_ROLE) and invoke it during the upgrade transaction; optionally require liquidityBuffer to be unset and add a two-step change process for safety.",
                "exploit_scenario": "If the proxy is upgraded to this implementation and initializeV2 is not called atomically by the admin, any external account can call initializeV2 and point liquidityBuffer to an attacker-controlled contract. Future allocateETH calls that include allocateToLiquidityBuffer will transfer ETH to the attacker. The attacker can also make getAvailableBalance/cumulativeDrawdown revert, causing stake/unstake exchange-rate queries to fail (DoS)."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "proxy_context": {
        "proxy_run_id": "019ba5ca-c41d-73c2-8d74-6b616da61ddb",
        "proxy_address": "0xe3cbd06d7dadb3f4e6557bab7edd924cd1489e8f",
        "implementation_run_id": "019ba5ca-c76c-70ca-84e9-fa93b92bff9d",
        "implementation_address": "0x01a360392c74b5b8bf4973f438ff3983507a06a2"
    },
    "schema_version": 1
}

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x001f
0000001b: PUSH2 0x02a1
0000001e: JUMP
0000001f: JUMPDEST
00000020: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000035: AND
00000036: CALLER
00000037: SUB
00000038: PUSH2 0x0297
0000003b: JUMPI
0000003c: PUSH1 0x60
0000003e: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
0000005f: PUSH1 0x00
00000061: CALLDATALOAD
00000062: AND
00000063: PUSH32 0xc9a6301a00000000000000000000000000000000000000000000000000000000
00000084: DUP2
00000085: ADD
00000086: PUSH2 0x0098
00000089: JUMPI
0000008a: PUSH2 0x0091
0000008d: PUSH2 0x02e1
00000090: JUMP
00000091: JUMPDEST
00000092: SWAP2
00000093: POP
00000094: PUSH2 0x028f
00000097: JUMP
00000098: JUMPDEST
00000099: PUSH32 0xb0e10d7a00000000000000000000000000000000000000000000000000000000
000000ba: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
000000db: DUP3
000000dc: AND
000000dd: ADD
000000de: PUSH2 0x00e9
000000e1: JUMPI
000000e2: PUSH2 0x0091
000000e5: PUSH2 0x0338
000000e8: JUMP
000000e9: JUMPDEST
000000ea: PUSH32 0x70d7c69000000000000000000000000000000000000000000000000000000000
0000010b: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
0000012c: DUP3
0000012d: AND
0000012e: ADD
0000012f: PUSH2 0x013a
00000132: JUMPI
00000133: PUSH2 0x0091
00000136: PUSH2 0x037e
00000139: JUMP
0000013a: JUMPDEST
0000013b: PUSH32 0x07ae5bc000000000000000000000000000000000000000000000000000000000
0000015c: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
0000017d: DUP3
0000017e: AND
0000017f: ADD
00000180: PUSH2 0x018b
00000183: JUMPI
00000184: PUSH2 0x0091
00000187: PUSH2 0x03af
0000018a: JUMP
0000018b: JUMPDEST
0000018c: PUSH32 0xa39f25e500000000000000000000000000000000000000000000000000000000
000001ad: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
000001ce: DUP3
000001cf: AND
000001d0: ADD
000001d1: PUSH2 0x01dc
000001d4: JUMPI
000001d5: PUSH2 0x0091
000001d8: PUSH2 0x03fc
000001db: JUMP
000001dc: JUMPDEST
000001dd: PUSH1 0x40
000001df: MLOAD
000001e0: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000201: DUP2
00000202: MSTORE
00000203: PUSH1 0x20
00000205: PUSH1 0x04
00000207: DUP3
00000208: ADD
00000209: MSTORE
0000020a: PUSH1 0x42
0000020c: PUSH1 0x24
0000020e: DUP3
0000020f: ADD
00000210: MSTORE
00000211: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a2061646d
00000232: PUSH1 0x44
00000234: DUP3
00000235: ADD
00000236: MSTORE
00000237: PUSH32 0x696e2063616e6e6f742066616c6c6261636b20746f2070726f78792074617267
00000258: PUSH1 0x64
0000025a: DUP3
0000025b: ADD
0000025c: MSTORE
0000025d: PUSH32 0x6574000000000000000000000000000000000000000000000000000000000000
0000027e: PUSH1 0x84
00000280: DUP3
00000281: ADD
00000282: MSTORE
00000283: PUSH1 0xa4
00000285: ADD
00000286: JUMPDEST
00000287: PUSH1 0x40
00000289: MLOAD
0000028a: DUP1
0000028b: SWAP2
0000028c: SUB
0000028d: SWAP1
0000028e: REVERT
0000028f: JUMPDEST
00000290: DUP2
00000291: MLOAD
00000292: PUSH1 0x20
00000294: DUP4
00000295: ADD
00000296: RETURN
00000297: JUMPDEST
00000298: PUSH2 0x029f
0000029b: PUSH2 0x0410
0000029e: JUMP
0000029f: JUMPDEST
000002a0: JUMP
000002a1: JUMPDEST
000002a2: PUSH1 0x00
000002a4: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000002c5: JUMPDEST
000002c6: SLOAD
000002c7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002dc: AND
000002dd: SWAP2
000002de: SWAP1
000002df: POP
000002e0: JUMP
000002e1: JUMPDEST
000002e2: PUSH1 0x60
000002e4: PUSH2 0x02eb
000002e7: PUSH2 0x0420
000002ea: JUMP
000002eb: JUMPDEST
000002ec: PUSH1 0x00
000002ee: PUSH2 0x02fa
000002f1: CALLDATASIZE
000002f2: PUSH1 0x04
000002f4: DUP2
000002f5: DUP5
000002f6: PUSH2 0x08d7
000002f9: JUMP
000002fa: JUMPDEST
000002fb: DUP2
000002fc: ADD
000002fd: SWAP1
000002fe: PUSH2 0x0307
00000301: SWAP2
00000302: SWAP1
00000303: PUSH2 0x092a
00000306: JUMP
00000307: JUMPDEST
00000308: SWAP1
00000309: POP
0000030a: PUSH2 0x0324
0000030d: DUP2
0000030e: PUSH1 0x40
00000310: MLOAD
00000311: DUP1
00000312: PUSH1 0x20
00000314: ADD
00000315: PUSH1 0x40
00000317: MSTORE
00000318: DUP1
00000319: PUSH1 0x00
0000031b: DUP2
0000031c: MSTORE
0000031d: POP
0000031e: PUSH1 0x00
00000320: PUSH2 0x042b
00000323: JUMP
00000324: JUMPDEST
00000325: POP
00000326: POP
00000327: PUSH1 0x40
00000329: DUP1
0000032a: MLOAD
0000032b: PUSH1 0x20
0000032d: DUP2
0000032e: ADD
0000032f: SWAP1
00000330: SWAP2
00000331: MSTORE
00000332: PUSH1 0x00
00000334: DUP2
00000335: MSTORE
00000336: SWAP1
00000337: JUMP
00000338: JUMPDEST
00000339: PUSH1 0x60
0000033b: PUSH1 0x00
0000033d: DUP1
0000033e: PUSH2 0x034a
00000341: CALLDATASIZE
00000342: PUSH1 0x04
00000344: DUP2
00000345: DUP5
00000346: PUSH2 0x08d7
00000349: JUMP
0000034a: JUMPDEST
0000034b: DUP2
0000034c: ADD
0000034d: SWAP1
0000034e: PUSH2 0x0357
00000351: SWAP2
00000352: SWAP1
00000353: PUSH2 0x0974
00000356: JUMP
00000357: JUMPDEST
00000358: SWAP2
00000359: POP
0000035a: SWAP2
0000035b: POP
0000035c: PUSH2 0x0367
0000035f: DUP3
00000360: DUP3
00000361: PUSH1 0x01
00000363: PUSH2 0x042b
00000366: JUMP
00000367: JUMPDEST
00000368: PUSH1 0x40
0000036a: MLOAD
0000036b: DUP1
0000036c: PUSH1 0x20
0000036e: ADD
0000036f: PUSH1 0x40
00000371: MSTORE
00000372: DUP1
00000373: PUSH1 0x00
00000375: DUP2
00000376: MSTORE
00000377: POP
00000378: SWAP3
00000379: POP
0000037a: POP
0000037b: POP
0000037c: SWAP1
0000037d: JUMP
0000037e: JUMPDEST
0000037f: PUSH1 0x60
00000381: PUSH2 0x0388
00000384: PUSH2 0x0420
00000387: JUMP
00000388: JUMPDEST
00000389: PUSH1 0x00
0000038b: PUSH2 0x0397
0000038e: CALLDATASIZE
0000038f: PUSH1 0x04
00000391: DUP2
00000392: DUP5
00000393: PUSH2 0x08d7
00000396: JUMP
00000397: JUMPDEST
00000398: DUP2
00000399: ADD
0000039a: SWAP1
0000039b: PUSH2 0x03a4
0000039e: SWAP2
0000039f: SWAP1
000003a0: PUSH2 0x092a
000003a3: JUMP
000003a4: JUMPDEST
000003a5: SWAP1
000003a6: POP
000003a7: PUSH2 0x0324
000003aa: DUP2
000003ab: PUSH2 0x0457
000003ae: JUMP
000003af: JUMPDEST
000003b0: PUSH1 0x60
000003b2: PUSH2 0x03b9
000003b5: PUSH2 0x0420
000003b8: JUMP
000003b9: JUMPDEST
000003ba: PUSH1 0x00
000003bc: PUSH2 0x03c3
000003bf: PUSH2 0x02a1
000003c2: JUMP
000003c3: JUMPDEST
000003c4: PUSH1 0x40
000003c6: DUP1
000003c7: MLOAD
000003c8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003dd: DUP4
000003de: AND
000003df: PUSH1 0x20
000003e1: DUP3
000003e2: ADD
000003e3: MSTORE
000003e4: SWAP2
000003e5: SWAP3
000003e6: POP
000003e7: ADD
000003e8: PUSH1 0x40
000003ea: MLOAD
000003eb: PUSH1 0x20
000003ed: DUP2
000003ee: DUP4
000003ef: SUB
000003f0: SUB
000003f1: DUP2
000003f2: MSTORE
000003f3: SWAP1
000003f4: PUSH1 0x40
000003f6: MSTORE
000003f7: SWAP2
000003f8: POP
000003f9: POP
000003fa: SWAP1
000003fb: JUMP
000003fc: JUMPDEST
000003fd: PUSH1 0x60
000003ff: PUSH2 0x0406
00000402: PUSH2 0x0420
00000405: JUMP
00000406: JUMPDEST
00000407: PUSH1 0x00
00000409: PUSH2 0x03c3
0000040c: PUSH2 0x04bb
0000040f: JUMP
00000410: JUMPDEST
00000411: PUSH2 0x029f
00000414: PUSH2 0x041b
00000417: PUSH2 0x04bb
0000041a: JUMP
0000041b: JUMPDEST
0000041c: PUSH2 0x04ca
0000041f: JUMP
00000420: JUMPDEST
00000421: CALLVALUE
00000422: ISZERO
00000423: PUSH2 0x029f
00000426: JUMPI
00000427: PUSH1 0x00
00000429: DUP1
0000042a: REVERT
0000042b: JUMPDEST
0000042c: PUSH2 0x0434
0000042f: DUP4
00000430: PUSH2 0x04ee
00000433: JUMP
00000434: JUMPDEST
00000435: PUSH1 0x00
00000437: DUP3
00000438: MLOAD
00000439: GT
0000043a: DUP1
0000043b: PUSH2 0x0441
0000043e: JUMPI
0000043f: POP
00000440: DUP1
00000441: JUMPDEST
00000442: ISZERO
00000443: PUSH2 0x0452
00000446: JUMPI
00000447: PUSH2 0x0450
0000044a: DUP4
0000044b: DUP4
0000044c: PUSH2 0x053b
0000044f: JUMP
00000450: JUMPDEST
00000451: POP
00000452: JUMPDEST
00000453: POP
00000454: POP
00000455: POP
00000456: JUMP
00000457: JUMPDEST
00000458: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f
00000479: PUSH2 0x0480
0000047c: PUSH2 0x02a1
0000047f: JUMP
00000480: JUMPDEST
00000481: PUSH1 0x40
00000483: DUP1
00000484: MLOAD
00000485: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000049a: SWAP3
0000049b: DUP4
0000049c: AND
0000049d: DUP2
0000049e: MSTORE
0000049f: SWAP2
000004a0: DUP5
000004a1: AND
000004a2: PUSH1 0x20
000004a4: DUP4
000004a5: ADD
000004a6: MSTORE
000004a7: ADD
000004a8: PUSH1 0x40
000004aa: MLOAD
000004ab: DUP1
000004ac: SWAP2
000004ad: SUB
000004ae: SWAP1
000004af: LOG1
000004b0: PUSH2 0x04b8
000004b3: DUP2
000004b4: PUSH2 0x0567
000004b7: JUMP
000004b8: JUMPDEST
000004b9: POP
000004ba: JUMP
000004bb: JUMPDEST
000004bc: PUSH1 0x00
000004be: PUSH2 0x04c5
000004c1: PUSH2 0x0673
000004c4: JUMP
000004c5: JUMPDEST
000004c6: SWAP1
000004c7: POP
000004c8: SWAP1
000004c9: JUMP
000004ca: JUMPDEST
000004cb: CALLDATASIZE
000004cc: PUSH1 0x00
000004ce: DUP1
000004cf: CALLDATACOPY
000004d0: PUSH1 0x00
000004d2: DUP1
000004d3: CALLDATASIZE
000004d4: PUSH1 0x00
000004d6: DUP5
000004d7: GAS
000004d8: DELEGATECALL
000004d9: RETURNDATASIZE
000004da: PUSH1 0x00
000004dc: DUP1
000004dd: RETURNDATACOPY
000004de: DUP1
000004df: DUP1
000004e0: ISZERO
000004e1: PUSH2 0x04e9
000004e4: JUMPI
000004e5: RETURNDATASIZE
000004e6: PUSH1 0x00
000004e8: RETURN
000004e9: JUMPDEST
000004ea: RETURNDATASIZE
000004eb: PUSH1 0x00
000004ed: REVERT
000004ee: JUMPDEST
000004ef: PUSH2 0x04f7
000004f2: DUP2
000004f3: PUSH2 0x069b
000004f6: JUMP
000004f7: JUMPDEST
000004f8: PUSH1 0x40
000004fa: MLOAD
000004fb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000510: DUP3
00000511: AND
00000512: SWAP1
00000513: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
00000534: SWAP1
00000535: PUSH1 0x00
00000537: SWAP1
00000538: LOG2
00000539: POP
0000053a: JUMP
0000053b: JUMPDEST
0000053c: PUSH1 0x60
0000053e: PUSH2 0x0560
00000541: DUP4
00000542: DUP4
00000543: PUSH1 0x40
00000545: MLOAD
00000546: DUP1
00000547: PUSH1 0x60
00000549: ADD
0000054a: PUSH1 0x40
0000054c: MSTORE
0000054d: DUP1
0000054e: PUSH1 0x27
00000550: DUP2
00000551: MSTORE
00000552: PUSH1 0x20
00000554: ADD
00000555: PUSH2 0x0ae6
00000558: PUSH1 0x27
0000055a: SWAP2
0000055b: CODECOPY
0000055c: PUSH2 0x0766
0000055f: JUMP
00000560: JUMPDEST
00000561: SWAP4
00000562: SWAP3
00000563: POP
00000564: POP
00000565: POP
00000566: JUMP
00000567: JUMPDEST
00000568: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000057d: DUP2
0000057e: AND
0000057f: PUSH2 0x060a
00000582: JUMPI
00000583: PUSH1 0x40
00000585: MLOAD
00000586: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000005a7: DUP2
000005a8: MSTORE
000005a9: PUSH1 0x20
000005ab: PUSH1 0x04
000005ad: DUP3
000005ae: ADD
000005af: MSTORE
000005b0: PUSH1 0x26
000005b2: PUSH1 0x24
000005b4: DUP3
000005b5: ADD
000005b6: MSTORE
000005b7: PUSH32 0x455243313936373a206e65772061646d696e20697320746865207a65726f2061
000005d8: PUSH1 0x44
000005da: DUP3
000005db: ADD
000005dc: MSTORE
000005dd: PUSH32 0x6464726573730000000000000000000000000000000000000000000000000000
000005fe: PUSH1 0x64
00000600: DUP3
00000601: ADD
00000602: MSTORE
00000603: PUSH1 0x84
00000605: ADD
00000606: PUSH2 0x0286
00000609: JUMP
0000060a: JUMPDEST
0000060b: DUP1
0000060c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000062d: JUMPDEST
0000062e: DUP1
0000062f: SLOAD
00000630: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000
00000651: AND
00000652: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000667: SWAP3
00000668: SWAP1
00000669: SWAP3
0000066a: AND
0000066b: SWAP2
0000066c: SWAP1
0000066d: SWAP2
0000066e: OR
0000066f: SWAP1
00000670: SSTORE
00000671: POP
00000672: JUMP
00000673: JUMPDEST
00000674: PUSH1 0x00
00000676: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000697: PUSH2 0x02c5
0000069a: JUMP
0000069b: JUMPDEST
0000069c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006b1: DUP2
000006b2: AND
000006b3: EXTCODESIZE
000006b4: PUSH2 0x073f
000006b7: JUMPI
000006b8: PUSH1 0x40
000006ba: MLOAD
000006bb: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000006dc: DUP2
000006dd: MSTORE
000006de: PUSH1 0x20
000006e0: PUSH1 0x04
000006e2: DUP3
000006e3: ADD
000006e4: MSTORE
000006e5: PUSH1 0x2d
000006e7: PUSH1 0x24
000006e9: DUP3
000006ea: ADD
000006eb: MSTORE
000006ec: PUSH32 0x455243313936373a206e657720696d706c656d656e746174696f6e206973206e
0000070d: PUSH1 0x44
0000070f: DUP3
00000710: ADD
00000711: MSTORE
00000712: PUSH32 0x6f74206120636f6e747261637400000000000000000000000000000000000000
00000733: PUSH1 0x64
00000735: DUP3
00000736: ADD
00000737: MSTORE
00000738: PUSH1 0x84
0000073a: ADD
0000073b: PUSH2 0x0286
0000073e: JUMP
0000073f: JUMPDEST
00000740: DUP1
00000741: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000762: PUSH2 0x062d
00000765: JUMP
00000766: JUMPDEST
00000767: PUSH1 0x60
00000769: PUSH1 0x00
0000076b: DUP1
0000076c: DUP6
0000076d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000782: AND
00000783: DUP6
00000784: PUSH1 0x40
00000786: MLOAD
00000787: PUSH2 0x0790
0000078a: SWAP2
0000078b: SWAP1
0000078c: PUSH2 0x0a78
0000078f: JUMP
00000790: JUMPDEST
00000791: PUSH1 0x00
00000793: PUSH1 0x40
00000795: MLOAD
00000796: DUP1
00000797: DUP4
00000798: SUB
00000799: DUP2
0000079a: DUP6
0000079b: GAS
0000079c: DELEGATECALL
0000079d: SWAP2
0000079e: POP
0000079f: POP
000007a0: RETURNDATASIZE
000007a1: DUP1
000007a2: PUSH1 0x00
000007a4: DUP2
000007a5: EQ
000007a6: PUSH2 0x07cb
000007a9: JUMPI
000007aa: PUSH1 0x40
000007ac: MLOAD
000007ad: SWAP2
000007ae: POP
000007af: PUSH1 0x1f
000007b1: NOT
000007b2: PUSH1 0x3f
000007b4: RETURNDATASIZE
000007b5: ADD
000007b6: AND
000007b7: DUP3
000007b8: ADD
000007b9: PUSH1 0x40
000007bb: MSTORE
000007bc: RETURNDATASIZE
000007bd: DUP3
000007be: MSTORE
000007bf: RETURNDATASIZE
000007c0: PUSH1 0x00
000007c2: PUSH1 0x20
000007c4: DUP5
000007c5: ADD
000007c6: RETURNDATACOPY
000007c7: PUSH2 0x07d0
000007ca: JUMP
000007cb: JUMPDEST
000007cc: PUSH1 0x60
000007ce: SWAP2
000007cf: POP
000007d0: JUMPDEST
000007d1: POP
000007d2: SWAP2
000007d3: POP
000007d4: SWAP2
000007d5: POP
000007d6: PUSH2 0x07e1
000007d9: DUP7
000007da: DUP4
000007db: DUP4
000007dc: DUP8
000007dd: PUSH2 0x07eb
000007e0: JUMP
000007e1: JUMPDEST
000007e2: SWAP7
000007e3: SWAP6
000007e4: POP
000007e5: POP
000007e6: POP
000007e7: POP
000007e8: POP
000007e9: POP
000007ea: JUMP
000007eb: JUMPDEST
000007ec: PUSH1 0x60
000007ee: DUP4
000007ef: ISZERO
000007f0: PUSH2 0x0881
000007f3: JUMPI
000007f4: DUP3
000007f5: MLOAD
000007f6: PUSH1 0x00
000007f8: SUB
000007f9: PUSH2 0x087a
000007fc: JUMPI
000007fd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000812: DUP6
00000813: AND
00000814: EXTCODESIZE
00000815: PUSH2 0x087a
00000818: JUMPI
00000819: PUSH1 0x40
0000081b: MLOAD
0000081c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000083d: DUP2
0000083e: MSTORE
0000083f: PUSH1 0x20
00000841: PUSH1 0x04
00000843: DUP3
00000844: ADD
00000845: MSTORE
00000846: PUSH1 0x1d
00000848: PUSH1 0x24
0000084a: DUP3
0000084b: ADD
0000084c: MSTORE
0000084d: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
0000086e: PUSH1 0x44
00000870: DUP3
00000871: ADD
00000872: MSTORE
00000873: PUSH1 0x64
00000875: ADD
00000876: PUSH2 0x0286
00000879: JUMP
0000087a: JUMPDEST
0000087b: POP
0000087c: DUP2
0000087d: PUSH2 0x088b
00000880: JUMP
00000881: JUMPDEST
00000882: PUSH2 0x088b
00000885: DUP4
00000886: DUP4
00000887: PUSH2 0x0893
0000088a: JUMP
0000088b: JUMPDEST
0000088c: SWAP5
0000088d: SWAP4
0000088e: POP
0000088f: POP
00000890: POP
00000891: POP
00000892: JUMP
00000893: JUMPDEST
00000894: DUP2
00000895: MLOAD
00000896: ISZERO
00000897: PUSH2 0x08a3
0000089a: JUMPI
0000089b: DUP2
0000089c: MLOAD
0000089d: DUP1
0000089e: DUP4
0000089f: PUSH1 0x20
000008a1: ADD
000008a2: REVERT
000008a3: JUMPDEST
000008a4: DUP1
000008a5: PUSH1 0x40
000008a7: MLOAD
000008a8: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000008c9: DUP2
000008ca: MSTORE
000008cb: PUSH1 0x04
000008cd: ADD
000008ce: PUSH2 0x0286
000008d1: SWAP2
000008d2: SWAP1
000008d3: PUSH2 0x0a94
000008d6: JUMP
000008d7: JUMPDEST
000008d8: PUSH1 0x00
000008da: DUP1
000008db: DUP6
000008dc: DUP6
000008dd: GT
000008de: ISZERO
000008df: PUSH2 0x08e7
000008e2: JUMPI
000008e3: PUSH1 0x00
000008e5: DUP1
000008e6: REVERT
000008e7: JUMPDEST
000008e8: DUP4
000008e9: DUP7
000008ea: GT
000008eb: ISZERO
000008ec: PUSH2 0x08f4
000008ef: JUMPI
000008f0: PUSH1 0x00
000008f2: DUP1
000008f3: REVERT
000008f4: JUMPDEST
000008f5: POP
000008f6: POP
000008f7: DUP3
000008f8: ADD
000008f9: SWAP4
000008fa: SWAP2
000008fb: SWAP1
000008fc: SWAP3
000008fd: SUB
000008fe: SWAP2
000008ff: POP
00000900: JUMP
00000901: JUMPDEST
00000902: DUP1
00000903: CALLDATALOAD
00000904: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000919: DUP2
0000091a: AND
0000091b: DUP2
0000091c: EQ
0000091d: PUSH2 0x0925
00000920: JUMPI
00000921: PUSH1 0x00
00000923: DUP1
00000924: REVERT
00000925: JUMPDEST
00000926: SWAP2
00000927: SWAP1
00000928: POP
00000929: JUMP
0000092a: JUMPDEST
0000092b: PUSH1 0x00
0000092d: PUSH1 0x20
0000092f: DUP3
00000930: DUP5
00000931: SUB
00000932: SLT
00000933: ISZERO
00000934: PUSH2 0x093c
00000937: JUMPI
00000938: PUSH1 0x00
0000093a: DUP1
0000093b: REVERT
0000093c: JUMPDEST
0000093d: PUSH2 0x0560
00000940: DUP3
00000941: PUSH2 0x0901
00000944: JUMP
00000945: JUMPDEST
00000946: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
00000967: PUSH1 0x00
00000969: MSTORE
0000096a: PUSH1 0x41
0000096c: PUSH1 0x04
0000096e: MSTORE
0000096f: PUSH1 0x24
00000971: PUSH1 0x00
00000973: REVERT
00000974: JUMPDEST
00000975: PUSH1 0x00
00000977: DUP1
00000978: PUSH1 0x40
0000097a: DUP4
0000097b: DUP6
0000097c: SUB
0000097d: SLT
0000097e: ISZERO
0000097f: PUSH2 0x0987
00000982: JUMPI
00000983: PUSH1 0x00
00000985: DUP1
00000986: REVERT
00000987: JUMPDEST
00000988: PUSH2 0x0990
0000098b: DUP4
0000098c: PUSH2 0x0901
0000098f: JUMP
00000990: JUMPDEST
00000991: SWAP2
00000992: POP
00000993: PUSH1 0x20
00000995: DUP4
00000996: ADD
00000997: CALLDATALOAD
00000998: PUSH8 0xffffffffffffffff
000009a1: DUP1
000009a2: DUP3
000009a3: GT
000009a4: ISZERO
000009a5: PUSH2 0x09ad
000009a8: JUMPI
000009a9: PUSH1 0x00
000009ab: DUP1
000009ac: REVERT
000009ad: JUMPDEST
000009ae: DUP2
000009af: DUP6
000009b0: ADD
000009b1: SWAP2
000009b2: POP
000009b3: DUP6
000009b4: PUSH1 0x1f
000009b6: DUP4
000009b7: ADD
000009b8: SLT
000009b9: PUSH2 0x09c1
000009bc: JUMPI
000009bd: PUSH1 0x00
000009bf: DUP1
000009c0: REVERT
000009c1: JUMPDEST
000009c2: DUP2
000009c3: CALLDATALOAD
000009c4: DUP2
000009c5: DUP2
000009c6: GT
000009c7: ISZERO
000009c8: PUSH2 0x09d3
000009cb: JUMPI
000009cc: PUSH2 0x09d3
000009cf: PUSH2 0x0945
000009d2: JUMP
000009d3: JUMPDEST
000009d4: PUSH1 0x40
000009d6: MLOAD
000009d7: PUSH1 0x1f
000009d9: DUP3
000009da: ADD
000009db: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000009fc: SWAP1
000009fd: DUP2
000009fe: AND
000009ff: PUSH1 0x3f
00000a01: ADD
00000a02: AND
00000a03: DUP2
00000a04: ADD
00000a05: SWAP1
00000a06: DUP4
00000a07: DUP3
00000a08: GT
00000a09: DUP2
00000a0a: DUP4
00000a0b: LT
00000a0c: OR
00000a0d: ISZERO
00000a0e: PUSH2 0x0a19
00000a11: JUMPI
00000a12: PUSH2 0x0a19
00000a15: PUSH2 0x0945
00000a18: JUMP
00000a19: JUMPDEST
00000a1a: DUP2
00000a1b: PUSH1 0x40
00000a1d: MSTORE
00000a1e: DUP3
00000a1f: DUP2
00000a20: MSTORE
00000a21: DUP9
00000a22: PUSH1 0x20
00000a24: DUP5
00000a25: DUP8
00000a26: ADD
00000a27: ADD
00000a28: GT
00000a29: ISZERO
00000a2a: PUSH2 0x0a32
00000a2d: JUMPI
00000a2e: PUSH1 0x00
00000a30: DUP1
00000a31: REVERT
00000a32: JUMPDEST
00000a33: DUP3
00000a34: PUSH1 0x20
00000a36: DUP7
00000a37: ADD
00000a38: PUSH1 0x20
00000a3a: DUP4
00000a3b: ADD
00000a3c: CALLDATACOPY
00000a3d: PUSH1 0x00
00000a3f: PUSH1 0x20
00000a41: DUP5
00000a42: DUP4
00000a43: ADD
00000a44: ADD
00000a45: MSTORE
00000a46: DUP1
00000a47: SWAP6
00000a48: POP
00000a49: POP
00000a4a: POP
00000a4b: POP
00000a4c: POP
00000a4d: POP
00000a4e: SWAP3
00000a4f: POP
00000a50: SWAP3
00000a51: SWAP1
00000a52: POP
00000a53: JUMP
00000a54: JUMPDEST
00000a55: PUSH1 0x00
00000a57: JUMPDEST
00000a58: DUP4
00000a59: DUP2
00000a5a: LT
00000a5b: ISZERO
00000a5c: PUSH2 0x0a6f
00000a5f: JUMPI
00000a60: DUP2
00000a61: DUP2
00000a62: ADD
00000a63: MLOAD
00000a64: DUP4
00000a65: DUP3
00000a66: ADD
00000a67: MSTORE
00000a68: PUSH1 0x20
00000a6a: ADD
00000a6b: PUSH2 0x0a57
00000a6e: JUMP
00000a6f: JUMPDEST
00000a70: POP
00000a71: POP
00000a72: PUSH1 0x00
00000a74: SWAP2
00000a75: ADD
00000a76: MSTORE
00000a77: JUMP
00000a78: JUMPDEST
00000a79: PUSH1 0x00
00000a7b: DUP3
00000a7c: MLOAD
00000a7d: PUSH2 0x0a8a
00000a80: DUP2
00000a81: DUP5
00000a82: PUSH1 0x20
00000a84: DUP8
00000a85: ADD
00000a86: PUSH2 0x0a54
00000a89: JUMP
00000a8a: JUMPDEST
00000a8b: SWAP2
00000a8c: SWAP1
00000a8d: SWAP2
00000a8e: ADD
00000a8f: SWAP3
00000a90: SWAP2
00000a91: POP
00000a92: POP
00000a93: JUMP
00000a94: JUMPDEST
00000a95: PUSH1 0x20
00000a97: DUP2
00000a98: MSTORE
00000a99: PUSH1 0x00
00000a9b: DUP3
00000a9c: MLOAD
00000a9d: DUP1
00000a9e: PUSH1 0x20
00000aa0: DUP5
00000aa1: ADD
00000aa2: MSTORE
00000aa3: PUSH2 0x0ab3
00000aa6: DUP2
00000aa7: PUSH1 0x40
00000aa9: DUP6
00000aaa: ADD
00000aab: PUSH1 0x20
00000aad: DUP8
00000aae: ADD
00000aaf: PUSH2 0x0a54
00000ab2: JUMP
00000ab3: JUMPDEST
00000ab4: PUSH1 0x1f
00000ab6: ADD
00000ab7: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
00000ad8: AND
00000ad9: SWAP2
00000ada: SWAP1
00000adb: SWAP2
00000adc: ADD
00000add: PUSH1 0x40
00000adf: ADD
00000ae0: SWAP3
00000ae1: SWAP2
00000ae2: POP
00000ae3: POP
00000ae4: JUMP
00000ae5: INVALID
00000ae6: COINBASE
00000ae7: PUSH5 0x6472657373
00000aed: GASPRICE
00000aee: KECCAK256
00000aef: PUSH13 0x6f772d6c6576656c2064656c65
00000afd: PUSH8 0x6174652063616c6c
00000b06: KECCAK256
00000b07: PUSH7 0x61696c6564a264
00000b0f: PUSH10 0x706673582212200b5100
00000b1a: UNKNOWN(0xB6)
00000b1b: SDIV
00000b1c: PUSH15 0x5ffc17e66039dcd723596f9fe3a993
00000b2c: PC
00000b2d: DUP4
00000b2e: UNKNOWN(0x0E)
00000b2f: SWAP6
00000b30: PUSH25