019ba8e4-06a8-73d5-a788-2dfde07f8fd0
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 33233 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 33234 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 33235 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 33236 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 33237 | capability.graph | complete | 1 / 3 | 3 months ago |
| 33238 | detector.run | complete | 1 / 3 | 3 months ago |
| 33239 | validation.fork | complete | 1 / 3 | 3 months ago |
| 33401 | report.consolidate | complete | 1 / 6 | 3 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode analysis shows two low-level CALL sites with computed target/value; one ignores the call result. Control over the call target/value is unclear from bytecode-only evidence, so risk severity is conservative.","findings":[{"severity":"medium","category":"other","title":"Dynamic low-level CALL with potential ETH transfer to untrusted target","exploit_scenario":"If an external caller can influence the call target or value, they could trigger arbitrary external calls (including reentrant execution) or force ETH transfers to attacker-chosen addresses. Validation observed target variability (0x0000000000000000000000000000000000000004 and the contract itself), and no guards were detected in the callsite evidence, but bytecode-only analysis cannot confirm whether these targets are user-controlled.","recommendation":"Constrain call targets/values to trusted addresses (hardcode or allowlist), enforce access control on any function that reaches the call, and consider reentrancy protection if state-changing logic is involved. Use STATICCALL for read-only precompile usage and ensure value is zero when calling precompiles.","evidence":"Detector findings show CALL at pc 1002 and 1715 with computed target/value, guards_detected=[], returndata_checked=null; validation confirmed target varies and ETH value transfer is possible (BYTECODE_BUNDLE detector_findings).","locations":["pc:0x3ea","pc:0x6b3"]},{"severity":"low","category":"other","title":"Unchecked return value from low-level CALL","exploit_scenario":"If the CALL at pc 0x3ea fails (revert/out-of-gas), execution appears to continue without handling the failure, which can silently skip intended effects or leave downstream logic assuming success.","recommendation":"Check the CALL success flag and revert or handle failure explicitly. If this call is only for a precompile/memory-copy pattern, enforce value=0 and still validate success to avoid silent failures.","evidence":"At pc 1002 the CALL success flag is immediately POPed; returndata_checked is null in the callsite evidence (BYTECODE_BUNDLE callsites).","locations":["pc:0x3ea"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-k6bqby1o
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: xhigh
reasoning summaries: auto
session id: 019ba8e4-be13-7052-8f09-8463b632caf0
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
thinking
**Reading BYTECODE_BUNDLE.json file**
exec
/bin/bash -lc ls in /tmp/codex-k6bqby1o succeeded in 6ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-k6bqby1o succeeded in 19ms:
{
"analysis_artifact": {
"address": "0x37a9679c41e99db270bda88de8ff50c0cd23f326",
"artifact_hash": "0xcb111a9c9e94aa11fc57cdee9a5f9e155214b483c10a92bc64096a099402d45e",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 10,
"hash": "0x7b6ce063085d86d7a28c3db9177c7c3cbfb2c605a3b218fd361c15920a201f75",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLDATASIZE",
"ISZERO",
"PUSH2",
"JUMPI"
thinking
**Analyzing bytecode callsites and selectors**
exec
/bin/bash -lc 'rg -n "pc": 1002 -C 3 BYTECODE_BUNDLE.json' in /tmp/codex-k6bqby1o exited 2 in 11ms:
rg: 1002: No such file or directory (os error 2)
thinking
**Correcting ripgrep syntax**
exec
/bin/bash -lc "rg -n '\"pc\": 1002' -C 3 BYTECODE_BUNDLE.json" in /tmp/codex-k6bqby1o succeeded in 6ms:
1852- "callsites": [
1853- {
1854- "opcode": "CALL",
1855: "pc": 1002,
1856- "returndata_checked": null,
1857- "target_expression_category": "computed",
1858- "value_expression_category": "computed"
--
6968- {
6969- "id": "call:1002",
6970- "opcode": "CALL",
6971: "pc": 1002,
6972- "type": "callsite"
6973- },
6974- {
--
7110- "examples": [
7111- {
7112- "opcode": "CALL",
7113: "pc": 1002,
thinking
**Locating basic block by PC**
exec
/bin/bash -lc "python3 - <<'PY'
import json
import pathlib
p=pathlib.Path('BYTECODE_BUNDLE.json')
obj=json.loads(p.read_text())
blocks=obj['analysis_artifact']['artifact_json']['basic_blocks']
# find block covering pc 1002 and 1715
for target in (1002,1715):
for b in blocks:
if b['start_pc']<=target<=b['end_pc']:
print('target',target,'block',b['start_pc'],b['end_pc'],b['hash'])
print('opcodes',b['opcodes'])
break
PY" in /tmp/codex-k6bqby1o succeeded in 31ms:
target 1002 block 948 1018 0x7a24ad84321184c8fff350b6f00b0b7acc31b76e6172b3fa490a0f03109079e6
opcodes ['JUMPDEST', 'PUSH1', 'MLOAD', 'OP_80', 'OP_80', 'PUSH1', 'ADD', 'OP_82', 'OP_81', 'SUB', 'OP_82', 'MSTORE', 'OP_83', 'OP_81', 'OP_81', 'MLOAD', 'OP_81', 'MSTORE', 'PUSH1', 'ADD', 'OP_91', 'POP', 'OP_80', 'MLOAD', 'OP_90', 'PUSH1', 'ADD', 'OP_90', 'OP_80', 'OP_83', 'OP_83', 'OP_82', 'OP_90', 'PUSH1', 'PUSH1', 'PUSH1', 'OP_84', 'PUSH1', 'ADD', 'DIV', 'PUSH1', 'MUL', 'PUSH1', 'ADD', 'CALL', 'POP', 'OP_90', 'POP', 'OP_90', 'OP_81', 'ADD', 'OP_90', 'PUSH1', 'AND', 'OP_80', 'ISZERO', 'PUSH2', 'JUMPI']
target 1715 block 1692 1721 0xe969550137e50dded8854e9cc4423da2f9d6aadd5641f8a5ce60d42665fec18a
opcodes ['POP', 'CALLER', 'PUSH1', 'PUSH1', 'PUSH1', 'EXP', 'SUB', 'AND', 'PUSH1', 'OP_3A', 'PUSH1', 'OP_82', 'OP_81', 'OP_81', 'OP_81', 'OP_85', 'OP_88', 'OP_83', 'CALL', 'OP_93', 'POP', 'POP', 'POP', 'POP', 'ISZERO']
thinking
**Analyzing low-level calls and callsites**
I’m focusing on decoding unknown opcodes related to CALL operations and examining callsites in the artifact JSON to understand external calls, potential reentrancy risks, and how calls connect to functions via the capability graph. I want to parse the JSON for callsites and functions to map those references better.
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
obj=json.load(open('BYTECODE_BUNDLE.json'))
art=obj['analysis_artifact']['artifact_json']
print(art.keys())
PY" in /tmp/codex-k6bqby1o succeeded in 41ms:
dict_keys(['auth', 'basic_blocks', 'callsites', 'cfg_edges', 'cfg_hash', 'dispatcher_type', 'function_entries', 'functions', 'selectors', 'sinks', 'storage', 'version'])
thinking
**Exploring function definitions and callsites**
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
obj=json.load(open('BYTECODE_BUNDLE.json'))
art=obj['analysis_artifact']['artifact_json']
print('dispatcher', art.get('dispatcher_type'))
print('function_entries', list(art['function_entries'])[:5])
print('selectors', art['selectors'][:10])
print('functions keys', list(art['functions'].keys())[:5])
PY" in /tmp/codex-k6bqby1o exited 1 in 40ms:
dispatcher selector_jump_table
function_entries [{'entry_pc': None, 'selector': '0x06fdde03'}, {'entry_pc': 826074471, 'selector': '0x18160ddd'}, {'entry_pc': 1173393728, 'selector': '0x313ce567'}, {'entry_pc': 1227821743, 'selector': '0x45f09140'}, {'entry_pc': 1230547895, 'selector': '0x492f12af'}]
selectors ['0x06fdde03', '0x18160ddd', '0x313ce567', '0x45f09140', '0x492f12af', '0x4958abb7', '0x5a3b7e42', '0x70a08231', '0x8da5cb5b', '0x95d89b41']
Traceback (most recent call last):
File "<stdin>", line 7, in <module>
AttributeError: 'list' object has no attribute 'keys'
thinking
**Checking functions data structure**
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
print(type(art['functions']))
print('len', len(art['functions']))
print(art['functions'][:3])
PY" in /tmp/codex-k6bqby1o succeeded in 53ms:
<class 'list'>
len 19
[{'auth': {'guards': []}, 'entry_pc': None, 'selector': '0x06fdde03', 'sinks': {'call': 2, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 0}, 'storage': {'reads': 43, 'slots': [{'op': 'SLOAD', 'pc': 238, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000005'}, {'op': 'SLOAD', 'pc': 310, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 330, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 339, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 357, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 387, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 409, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 440, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000004'}, {'op': 'SLOAD', 'pc': 512, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 556, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 575, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000006'}, {'op': 'SLOAD', 'pc': 646, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 696, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 784, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 804, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 834, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 855, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 888, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 924, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1149, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1266, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1321, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1378, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1470, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'}, {'op': 'SLOAD', 'pc': 1677, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1736, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1770, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1794, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}], 'writes': 11}}, {'auth': {'guards': []}, 'entry_pc': 826074471, 'selector': '0x18160ddd', 'sinks': {'call': 2, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 0}, 'storage': {'reads': 43, 'slots': [{'op': 'SLOAD', 'pc': 238, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000005'}, {'op': 'SLOAD', 'pc': 310, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 330, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 339, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 357, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 387, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 409, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 440, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000004'}, {'op': 'SLOAD', 'pc': 512, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 556, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 575, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000006'}, {'op': 'SLOAD', 'pc': 646, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 696, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 784, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 804, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 834, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 855, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 888, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 924, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1149, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1266, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1321, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1378, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1470, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'}, {'op': 'SLOAD', 'pc': 1677, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1736, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1770, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1794, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}], 'writes': 11}}, {'auth': {'guards': []}, 'entry_pc': 1173393728, 'selector': '0x313ce567', 'sinks': {'call': 2, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 0}, 'storage': {'reads': 43, 'slots': [{'op': 'SLOAD', 'pc': 238, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000005'}, {'op': 'SLOAD', 'pc': 310, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 330, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 339, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 357, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 387, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 409, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 440, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000004'}, {'op': 'SLOAD', 'pc': 512, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 556, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 575, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000006'}, {'op': 'SLOAD', 'pc': 646, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 696, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 784, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 804, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 834, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 855, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 888, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 924, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1149, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1266, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1321, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1378, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1470, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'}, {'op': 'SLOAD', 'pc': 1677, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1736, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1770, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1794, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}], 'writes': 11}}]
thinking
**Examining function call counts and storage usage**
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
print('storage slots count', len(art['storage'].get('slots',[])))
print('storage raw', art['storage'])
PY" in /tmp/codex-k6bqby1o succeeded in 43ms:
storage slots count 28
storage raw {'keccak_count': 14, 'reads': 43, 'slots': [{'op': 'SLOAD', 'pc': 238, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000005'}, {'op': 'SLOAD', 'pc': 310, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 330, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 339, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 357, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 387, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 409, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 440, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000004'}, {'op': 'SLOAD', 'pc': 512, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 556, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 575, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000006'}, {'op': 'SLOAD', 'pc': 646, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000100'}, {'op': 'SLOAD', 'pc': 696, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 784, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 804, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 834, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 855, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 888, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 924, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1149, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1266, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1321, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'}, {'op': 'SLOAD', 'pc': 1378, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1470, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'}, {'op': 'SLOAD', 'pc': 1677, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1736, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'}, {'op': 'SLOAD', 'pc': 1770, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}, {'op': 'SLOAD', 'pc': 1794, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000007'}], 'writes': 11}
thinking
**Investigating storage writes and callsites**
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
pp=pprint.PrettyPrinter(width=120)
pp.pprint(art['callsites'])
PY" in /tmp/codex-k6bqby1o succeeded in 36ms:
[{'opcode': 'CALL',
'pc': 1002,
'returndata_checked': None,
'target_expression_category': 'computed',
'value_expression_category': 'computed'},
{'opcode': 'CALL',
'pc': 1715,
'returndata_checked': None,
'target_expression_category': 'computed',
'value_expression_category': 'computed'}]
thinking
**Inspecting sinks list**
exec
/bin/bash -lc "python3 - <<'PY'
import json, pprint
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
print(art['sinks'])
PY" in /tmp/codex-k6bqby1o succeeded in 75ms:
{'call': 2, 'create': 0, 'create2': 0, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 0, 'upgrade_slot_write_suspected': False}
thinking
**Analyzing contract call types**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
print(art['selectors'])
PY" in /tmp/codex-k6bqby1o succeeded in 27ms:
['0x06fdde03', '0x18160ddd', '0x313ce567', '0x45f09140', '0x492f12af', '0x4958abb7', '0x5a3b7e42', '0x70a08231', '0x8da5cb5b', '0x95d89b41', '0x97a5d5b5', '0x9d7e2730', '0xa9059cbb', '0xe343fea6', '0xf2fde38b', '0xfa6f1c7d', '0xfde9ffd7', '0xff2ea505', '0xffa3e903']
thinking
**Analyzing contract function selectors and callsite risks**
I'm piecing together function selectors to identify standard and custom contract methods, noting this isn't a typical ERC20 due to missing allowance functions. I'm also investigating access control via owner checks and spotting potential reentrancy risks around external calls without clear state updates after, so I'll parse basic blocks and control-flow edges to better understand SSTORE operations near call sites and judge vulnerability severity.
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
# Map block id -> block
blocks=art['basic_blocks']
block_by_id={f\"bb:{b['start_pc']}\":b for b in blocks}
# But in cfg_edges there are edges with 'from' and 'to'? Let's inspect first few
print(art['cfg_edges'][:5])
PY" in /tmp/codex-k6bqby1o succeeded in 52ms:
[{'from': 'bb:0', 'to': 'bb:229', 'type': 'control_flow'}, {'from': 'bb:0', 'to': 'bb:11', 'type': 'control_flow_fallthrough'}, {'from': 'bb:11', 'to': 'bb:231', 'type': 'control_flow'}, {'from': 'bb:11', 'to': 'bb:31', 'type': 'control_flow_fallthrough'}, {'from': 'bb:31', 'to': 'bb:324', 'type': 'control_flow'}]
thinking
**Analyzing edge IDs**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
# find block containing call at 1002
call_pc=1002
blocks=art['basic_blocks']
call_block=None
for b in blocks:
if b['start_pc']<=call_pc<=b['end_pc']:
call_block=b
break
print('call_block',call_block['start_pc'],call_block['end_pc'])
call_block_id=f\"bb:{call_block['start_pc']}\"
# list outgoing edges
outs=[e for e in art['cfg_edges'] if e['from']==call_block_id]
print('outs',outs)
# show target blocks opcodes and if contain SSTORE or CALL
block_by_id={f\"bb:{b['start_pc']}\":b for b in blocks}
for e in outs:
b=block_by_id[e['to']]
print('to',e['to'],b['start_pc'],b['end_pc'], 'has SSTORE', any(op=='SSTORE' for op in b['opcodes']))
# show opcodes trimmed
print(b['opcodes'])
PY" in /tmp/codex-k6bqby1o succeeded in 81ms:
call_block 948 1018
outs [{'from': 'bb:948', 'to': 'bb:1044', 'type': 'control_flow'}, {'from': 'bb:948', 'to': 'bb:1019', 'type': 'control_flow_fallthrough'}]
to bb:1044 1044 1057 has SSTORE False
['JUMPDEST', 'POP', 'OP_92', 'POP', 'POP', 'POP', 'PUSH1', 'MLOAD', 'OP_80', 'OP_91', 'SUB', 'OP_90', 'RETURN']
to bb:1019 1019 1043 has SSTORE False
['OP_80', 'OP_82', 'SUB', 'OP_80', 'MLOAD', 'PUSH1', 'OP_83', 'PUSH1', 'SUB', 'PUSH2', 'EXP', 'SUB', 'NOT', 'AND', 'OP_81', 'MSTORE', 'PUSH1', 'ADD', 'OP_91', 'POP']
thinking
**Analyzing call block reachability for storage writes**
I'm planning to run a breadth-first search from the call block to check if any SSTORE operations occur in reachable blocks before the function returns or stops, to understand if the external call might allow reentrancy by updating state afterward. I want to see whether state changes happen only before the call or also afterward, since that affects reentrancy risk, and also classify this as an untrusted external call issue if applicable.
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
blocks=art['basic_blocks']
print('SSTORE blocks:')
for b in blocks:
if 'SSTORE' in b['opcodes']:
print(b['start_pc'], b['end_pc'], b['opcodes'])
PY" in /tmp/codex-k6bqby1o succeeded in 34ms:
SSTORE blocks:
1131 1218 ['JUMPDEST', 'PUSH1', 'PUSH1', 'OP_90', 'OP_81', 'SHA3', 'OP_80', 'SLOAD', 'OP_84', 'OP_90', 'SUB', 'OP_90', 'SSTORE', 'PUSH1', 'OP_80', 'SLOAD', 'OP_84', 'OP_90', 'SUB', 'OP_90', 'SSTORE', 'OP_80', 'SLOAD', 'PUSH1', 'NOT', 'OP_84', 'MUL', 'PUSH1', 'OP_90', 'OP_81', 'MSTORE', 'PUSH1', 'PUSH1', 'PUSH1', 'EXP', 'SUB', 'OP_91', 'OP_90', 'OP_91', 'AND', 'OP_91', 'OP_90', 'PUSH32', 'OP_90', 'PUSH1', 'OP_90', 'OP_A3']
1262 1283 ['JUMPDEST', 'PUSH1', 'OP_80', 'SLOAD', 'PUSH2', 'OP_83', 'MUL', 'PUSH2', 'NOT', 'OP_90', 'OP_91', 'AND', 'OR', 'OP_90', 'SSTORE', 'POP', 'JUMP']
1284 1374 ['JUMPDEST', 'PUSH1', 'PUSH1', 'PUSH1', 'EXP', 'SUB', 'OP_80', 'OP_82', 'AND', 'PUSH1', 'OP_90', 'OP_81', 'MSTORE', 'PUSH1', 'PUSH1', 'OP_90', 'OP_81', 'MSTORE', 'PUSH1', 'OP_82', 'SHA3', 'OP_80', 'SLOAD', 'OP_86', 'ADD', 'OP_90', 'SSTORE', 'PUSH1', 'OP_80', 'SLOAD', 'OP_86', 'ADD', 'OP_90', 'SSTORE', 'OP_81', 'SLOAD', 'PUSH1', 'OP_86', 'OP_81', 'MSTORE', 'OP_93', 'AND', 'OP_92', 'PUSH32', 'OP_91', 'OP_90', 'OP_A3', 'POP', 'POP', 'JUMP']
1582 1691 ['JUMPDEST', 'PUSH1', 'PUSH1', 'PUSH1', 'EXP', 'SUB', 'CALLER', 'OP_81', 'AND', 'PUSH1', 'OP_81', 'OP_81', 'MSTORE', 'PUSH1', 'PUSH1', 'OP_90', 'OP_81', 'MSTORE', 'PUSH1', 'OP_80', 'OP_83', 'SHA3', 'OP_80', 'SLOAD', 'OP_87', 'OP_90', 'SUB', 'OP_90', 'SSTORE', 'OP_93', 'OP_86', 'AND', 'OP_80', 'OP_83', 'MSTORE', 'OP_93', 'OP_90', 'OP_91', 'SHA3', 'OP_80', 'SLOAD', 'OP_85', 'ADD', 'OP_90', 'SSTORE', 'PUSH1', 'OP_84', 'OP_81', 'MSTORE', 'PUSH32', 'OP_91', 'OP_90', 'OP_A3', 'PUSH1', 'SLOAD', 'PUSH2', 'OP_90', 'DIV', 'PUSH1', 'AND', 'OP_80', 'ISZERO', 'PUSH2', 'JUMPI']
1732 1765 ['JUMPDEST', 'PUSH1', 'OP_80', 'SLOAD', 'PUSH20', 'NOT', 'AND', 'OP_82', 'OR', 'OP_90', 'SSTORE', 'POP', 'JUMP']
1766 1789 ['JUMPDEST', 'PUSH1', 'OP_80', 'SLOAD', 'PUSH3', 'OP_83', 'MUL', 'PUSH3', 'NOT', 'OP_90', 'OP_91', 'AND', 'OR', 'OP_90', 'SSTORE', 'POP', 'JUMP']
1790 1815 ['JUMPDEST', 'PUSH1', 'OP_80', 'SLOAD', 'PUSH4', 'OP_83', 'MUL', 'PUSH4', 'NOT', 'OP_90', 'OP_91', 'AND', 'OR', 'OP_90', 'SSTORE', 'POP', 'JUMP']
1816 1843 ['JUMPDEST', 'PUSH1', 'PUSH1', 'PUSH1', 'EXP', 'SUB', 'OP_90', 'OP_91', 'AND', 'PUSH1', 'OP_90', 'OP_81', 'MSTORE', 'PUSH1', 'PUSH1', 'MSTORE', 'PUSH1', 'OP_90', 'SHA3', 'SSTORE', 'JUMP']
thinking
**Analyzing CALL and SSTORE relations in code blocks**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
blocks=art['basic_blocks']
block_by_id={f\"bb:{b['start_pc']}\":b for b in blocks}
# call block for pc 1715
call_pc=1715
call_block=None
for b in blocks:
if b['start_pc']<=call_pc<=b['end_pc']:
call_block=b
break
print('call block',call_block['start_pc'],call_block['end_pc'])
cbid=f\"bb:{call_block['start_pc']}\"
outs=[e for e in art['cfg_edges'] if e['from']==cbid]
print('outs',outs)
for e in outs:
b=block_by_id[e['to']]
print('to',e['to'],b['start_pc'],b['end_pc'],'has SSTORE', 'SSTORE' in b['opcodes'])
print(b['opcodes'])
PY" in /tmp/codex-k6bqby1o succeeded in 29ms:
call block 1692 1721
outs [{'from': 'bb:1692', 'to': 'bb:1722', 'type': 'control_flow_fallthrough'}]
to bb:1722 1722 1727 has SSTORE False
['JUMPDEST', 'ISZERO', 'PUSH2', 'JUMPI']
thinking
**Inspecting control flow from bb:1722**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
blocks=art['basic_blocks']
block_by_id={f\"bb:{b['start_pc']}\":b for b in blocks}
# edges from bb:1722
outs=[e for e in art['cfg_edges'] if e['from']=='bb:1722']
print(outs)
for e in outs:
b=block_by_id[e['to']]
print('to',e['to'],b['start_pc'],b['end_pc'],'has SSTORE', 'SSTORE' in b['opcodes'])
print(b['opcodes'])
PY" in /tmp/codex-k6bqby1o succeeded in 43ms:
[{'from': 'bb:1722', 'to': 'bb:1219', 'type': 'control_flow'}, {'from': 'bb:1722', 'to': 'bb:1728', 'type': 'control_flow_fallthrough'}]
to bb:1219 1219 1222 has SSTORE False
['JUMPDEST', 'POP', 'POP', 'JUMP']
to bb:1728 1728 1731 has SSTORE False
['PUSH2', 'JUMP']
thinking
**Analyzing jump and call blocks**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
outs=[e for e in art['cfg_edges'] if e['from']=='bb:1728']
print(outs)
PY" in /tmp/codex-k6bqby1o succeeded in 27ms:
[]
thinking
**Analyzing dynamic call risks and access controls**
thinking
**Investigating access control preceding risky call**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
pre=[e for e in art['cfg_edges'] if e['to']=='bb:948']
print('predecessors',pre[:10])
print('count',len(pre))
PY" in /tmp/codex-k6bqby1o succeeded in 80ms:
predecessors []
count 0
thinking
**Analyzing missing CFG predecessors**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
pre=[e for e in art['cfg_edges'] if e['to']=='bb:1692']
print('count',len(pre))
print(pre[:10])
PY" in /tmp/codex-k6bqby1o succeeded in 25ms:
count 1
[{'from': 'bb:1582', 'to': 'bb:1692', 'type': 'control_flow_fallthrough'}]
thinking
**Analyzing call placement after state update**
exec
/bin/bash -lc "python3 - <<'PY'
import json
art=json.load(open('BYTECODE_BUNDLE.json'))['analysis_artifact']['artifact_json']
outs=[e for e in art['cfg_edges'] if e['from']=='bb:1582']
print(outs)
PY" in /tmp/codex-k6bqby1o succeeded in 27ms:
[{'from': 'bb:1582', 'to': 'bb:1722', 'type': 'control_flow'}, {'from': 'bb:1582', 'to': 'bb:1692', 'type': 'control_flow_fallthrough'}]
thinking
**Analyzing external call risks**
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-k6bqby1o succeeded in 5ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
thinking
**Preparing detailed JSON analysis summary**
I’m putting together a precise JSON response that matches the user's requirements exactly—no extra properties, clear summary emphasizing bytecode-only analysis and its uncertainties, and two findings with carefully chosen severities and thorough explanations including evidence and locations in hex.
codex
{"no_findings":false,"summary":"Bytecode analysis shows two low-level CALL sites with computed target/value; one ignores the call result. Control over the call target/value is unclear from bytecode-only evidence, so risk severity is conservative.","findings":[{"severity":"medium","category":"other","title":"Dynamic low-level CALL with potential ETH transfer to untrusted target","exploit_scenario":"If an external caller can influence the call target or value, they could trigger arbitrary external calls (including reentrant execution) or force ETH transfers to attacker-chosen addresses. Validation observed target variability (0x0000000000000000000000000000000000000004 and the contract itself), and no guards were detected in the callsite evidence, but bytecode-only analysis cannot confirm whether these targets are user-controlled.","recommendation":"Constrain call targets/values to trusted addresses (hardcode or allowlist), enforce access control on any function that reaches the call, and consider reentrancy protection if state-changing logic is involved. Use STATICCALL for read-only precompile usage and ensure value is zero when calling precompiles.","evidence":"Detector findings show CALL at pc 1002 and 1715 with computed target/value, guards_detected=[], returndata_checked=null; validation confirmed target varies and ETH value transfer is possible (BYTECODE_BUNDLE detector_findings).","locations":["pc:0x3ea","pc:0x6b3"]},{"severity":"low","category":"other","title":"Unchecked return value from low-level CALL","exploit_scenario":"If the CALL at pc 0x3ea fails (revert/out-of-gas), execution appears to continue without handling the failure, which can silently skip intended effects or leave downstream logic assuming success.","recommendation":"Check the CALL success flag and revert or handle failure explicitly. If this call is only for a precompile/memory-copy pattern, enforce value=0 and still validate success to avoid silent failures.","evidence":"At pc 1002 the CALL success flag is immediately POPed; returndata_checked is null in the callsite evidence (BYTECODE_BUNDLE callsites).","locations":["pc:0x3ea"]}]}
tokens used
56,335
{
"codex": {
"ran_at": "2026-01-10T17:16:59.425122+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 3690,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode analysis shows two low-level CALL sites with computed target/value; one ignores the call result. Control over the call target/value is unclear from bytecode-only evidence, so risk severity is conservative.",
"raw_final": {
"summary": "Bytecode analysis shows two low-level CALL sites with computed target/value; one ignores the call result. Control over the call target/value is unclear from bytecode-only evidence, so risk severity is conservative.",
"findings": [
{
"title": "Dynamic low-level CALL with potential ETH transfer to untrusted target",
"category": "other",
"evidence": "Detector findings show CALL at pc 1002 and 1715 with computed target/value, guards_detected=[], returndata_checked=null; validation confirmed target varies and ETH value transfer is possible (BYTECODE_BUNDLE detector_findings).",
"severity": "medium",
"locations": [
"pc:0x3ea",
"pc:0x6b3"
],
"recommendation": "Constrain call targets/values to trusted addresses (hardcode or allowlist), enforce access control on any function that reaches the call, and consider reentrancy protection if state-changing logic is involved. Use STATICCALL for read-only precompile usage and ensure value is zero when calling precompiles.",
"exploit_scenario": "If an external caller can influence the call target or value, they could trigger arbitrary external calls (including reentrant execution) or force ETH transfers to attacker-chosen addresses. Validation observed target variability (0x0000000000000000000000000000000000000004 and the contract itself), and no guards were detected in the callsite evidence, but bytecode-only analysis cannot confirm whether these targets are user-controlled."
},
{
"title": "Unchecked return value from low-level CALL",
"category": "other",
"evidence": "At pc 1002 the CALL success flag is immediately POPed; returndata_checked is null in the callsite evidence (BYTECODE_BUNDLE callsites).",
"severity": "low",
"locations": [
"pc:0x3ea"
],
"recommendation": "Check the CALL success flag and revert or handle failure explicitly. If this call is only for a precompile/memory-copy pattern, enforce value=0 and still validate success to avoid silent failures.",
"exploit_scenario": "If the CALL at pc 0x3ea fails (revert/out-of-gas), execution appears to continue without handling the failure, which can silently skip intended effects or leave downstream logic assuming success."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00e5 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x06fdde03 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x00e7 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x18160ddd 00000025: EQ 00000026: PUSH2 0x0144 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x313ce567 00000030: EQ 00000031: PUSH2 0x014d 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x45f09140 0000003b: EQ 0000003c: PUSH2 0x0159 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x492f12af 00000046: EQ 00000047: PUSH2 0x017d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x4958abb7 00000051: EQ 00000052: PUSH2 0x0190 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x5a3b7e42 0000005c: EQ 0000005d: PUSH2 0x01b1 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0x70a08231 00000067: EQ 00000068: PUSH2 0x020e 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0x8da5cb5b 00000072: EQ 00000073: PUSH2 0x0226 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0x95d89b41 0000007d: EQ 0000007e: PUSH2 0x0238 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0x97a5d5b5 00000088: EQ 00000089: PUSH2 0x0294 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0x9d7e2730 00000093: EQ 00000094: PUSH2 0x02ac 00000097: JUMPI 00000098: DUP1 00000099: PUSH4 0xa9059cbb 0000009e: EQ 0000009f: PUSH2 0x02d0 000000a2: JUMPI 000000a3: DUP1 000000a4: PUSH4 0xe343fea6 000000a9: EQ 000000aa: PUSH2 0x030a 000000ad: JUMPI 000000ae: DUP1 000000af: PUSH4 0xf2fde38b 000000b4: EQ 000000b5: PUSH2 0x031b 000000b8: JUMPI 000000b9: DUP1 000000ba: PUSH4 0xfa6f1c7d 000000bf: EQ 000000c0: PUSH2 0x033c 000000c3: JUMPI 000000c4: DUP1 000000c5: PUSH4 0xfde9ffd7 000000ca: EQ 000000cb: PUSH2 0x034e 000000ce: JUMPI 000000cf: DUP1 000000d0: PUSH4 0xff2ea505 000000d5: EQ 000000d6: PUSH2 0x036f 000000d9: JUMPI 000000da: DUP1 000000db: PUSH4 0xffa3e903 000000e0: EQ 000000e1: PUSH2 0x0390 000000e4: JUMPI 000000e5: JUMPDEST 000000e6: STOP 000000e7: JUMPDEST 000000e8: PUSH2 0x03b4 000000eb: PUSH1 0x05 000000ed: DUP1 000000ee: SLOAD 000000ef: PUSH1 0x20 000000f1: PUSH1 0x02 000000f3: PUSH1 0x01 000000f5: DUP4 000000f6: AND 000000f7: ISZERO 000000f8: PUSH2 0x0100 000000fb: MUL 000000fc: PUSH1 0x00 000000fe: NOT 000000ff: ADD 00000100: SWAP1 00000101: SWAP3 00000102: AND 00000103: SWAP2 00000104: SWAP1 00000105: SWAP2 00000106: DIV 00000107: PUSH1 0x1f 00000109: DUP2 0000010a: ADD 0000010b: DUP3 0000010c: SWAP1 0000010d: DIV 0000010e: SWAP1 0000010f: SWAP2 00000110: MUL 00000111: PUSH1 0x80 00000113: SWAP1 00000114: DUP2 00000115: ADD 00000116: PUSH1 0x40 00000118: MSTORE 00000119: PUSH1 0x60 0000011b: DUP3 0000011c: DUP2 0000011d: MSTORE 0000011e: SWAP3 0000011f: SWAP2 00000120: SWAP1 00000121: DUP3 00000122: DUP3 00000123: DUP1 00000124: ISZERO 00000125: PUSH2 0x0463 00000128: JUMPI 00000129: DUP1 0000012a: PUSH1 0x1f 0000012c: LT 0000012d: PUSH2 0x0438 00000130: JUMPI 00000131: PUSH2 0x0100 00000134: DUP1 00000135: DUP4 00000136: SLOAD 00000137: DIV 00000138: MUL 00000139: DUP4 0000013a: MSTORE 0000013b: SWAP2 0000013c: PUSH1 0x20 0000013e: ADD 0000013f: SWAP2 00000140: PUSH2 0x0463 00000143: JUMP 00000144: JUMPDEST 00000145: PUSH2 0x0422 00000148: PUSH1 0x03 0000014a: SLOAD 0000014b: DUP2 0000014c: JUMP 0000014d: JUMPDEST 0000014e: PUSH2 0x0422 00000151: PUSH1 0x07 00000153: SLOAD 00000154: PUSH1 0xff 00000156: AND 00000157: DUP2 00000158: JUMP 00000159: JUMPDEST 0000015a: PUSH2 0x00e5 0000015d: PUSH1 0x04 0000015f: CALLDATALOAD 00000160: PUSH1 0x24 00000162: CALLDATALOAD 00000163: PUSH1 0x00 00000165: SLOAD 00000166: CALLER 00000167: PUSH1 0x01 00000169: PUSH1 0xa0 0000016b: PUSH1 0x02 0000016d: EXP 0000016e: SUB 0000016f: SWAP1 00000170: DUP2 00000171: AND 00000172: SWAP2 00000173: AND 00000174: EQ 00000175: PUSH2 0x04c7 00000178: JUMPI 00000179: PUSH2 0x0002 0000017c: JUMP 0000017d: JUMPDEST 0000017e: PUSH2 0x042c 00000181: PUSH1 0x07 00000183: SLOAD 00000184: PUSH4 0x01000000 00000189: SWAP1 0000018a: DIV 0000018b: PUSH1 0xff 0000018d: AND 0000018e: DUP2 0000018f: JUMP 00000190: JUMPDEST 00000191: PUSH2 0x00e5 00000194: PUSH1 0x04 00000196: CALLDATALOAD 00000197: PUSH1 0x00 00000199: SLOAD 0000019a: CALLER 0000019b: PUSH1 0x01 0000019d: PUSH1 0xa0 0000019f: PUSH1 0x02 000001a1: EXP 000001a2: SUB 000001a3: SWAP1 000001a4: DUP2 000001a5: AND 000001a6: SWAP2 000001a7: AND 000001a8: EQ 000001a9: PUSH2 0x04ee 000001ac: JUMPI 000001ad: PUSH2 0x0002 000001b0: JUMP 000001b1: JUMPDEST 000001b2: PUSH2 0x03b4 000001b5: PUSH1 0x04 000001b7: DUP1 000001b8: SLOAD 000001b9: PUSH1 0x20 000001bb: PUSH1 0x02 000001bd: PUSH1 0x01 000001bf: DUP4 000001c0: AND 000001c1: ISZERO 000001c2: PUSH2 0x0100 000001c5: MUL 000001c6: PUSH1 0x00 000001c8: NOT 000001c9: ADD 000001ca: SWAP1 000001cb: SWAP3 000001cc: AND 000001cd: SWAP2 000001ce: SWAP1 000001cf: SWAP2 000001d0: DIV 000001d1: PUSH1 0x1f 000001d3: DUP2 000001d4: ADD 000001d5: DUP3 000001d6: SWAP1 000001d7: DIV 000001d8: SWAP1 000001d9: SWAP2 000001da: MUL 000001db: PUSH1 0x80 000001dd: SWAP1 000001de: DUP2 000001df: ADD 000001e0: PUSH1 0x40 000001e2: MSTORE 000001e3: PUSH1 0x60 000001e5: DUP3 000001e6: DUP2 000001e7: MSTORE 000001e8: SWAP3 000001e9: SWAP2 000001ea: SWAP1 000001eb: DUP3 000001ec: DUP3 000001ed: DUP1 000001ee: ISZERO 000001ef: PUSH2 0x0463 000001f2: JUMPI 000001f3: DUP1 000001f4: PUSH1 0x1f 000001f6: LT 000001f7: PUSH2 0x0438 000001fa: JUMPI 000001fb: PUSH2 0x0100 000001fe: DUP1 000001ff: DUP4 00000200: SLOAD 00000201: DIV 00000202: MUL 00000203: DUP4 00000204: MSTORE 00000205: SWAP2 00000206: PUSH1 0x20 00000208: ADD 00000209: SWAP2 0000020a: PUSH2 0x0463 0000020d: JUMP 0000020e: JUMPDEST 0000020f: PUSH2 0x0422 00000212: PUSH1 0x04 00000214: CALLDATALOAD 00000215: PUSH1 0x01 00000217: PUSH1 0x20 00000219: MSTORE 0000021a: PUSH1 0x00 0000021c: SWAP1 0000021d: DUP2 0000021e: MSTORE 0000021f: PUSH1 0x40 00000221: SWAP1 00000222: KECCAK256 00000223: SLOAD 00000224: DUP2 00000225: JUMP 00000226: JUMPDEST 00000227: PUSH2 0x0422 0000022a: PUSH1 0x00 0000022c: SLOAD 0000022d: PUSH1 0x01 0000022f: PUSH1 0xa0 00000231: PUSH1 0x02 00000233: EXP 00000234: SUB 00000235: AND 00000236: DUP2 00000237: JUMP 00000238: JUMPDEST 00000239: PUSH2 0x03b4 0000023c: PUSH1 0x06 0000023e: DUP1 0000023f: SLOAD 00000240: PUSH1 0x20 00000242: PUSH1 0x1f 00000244: PUSH1 0x02 00000246: PUSH1 0x00 00000248: NOT 00000249: PUSH1 0x01 0000024b: DUP6 0000024c: AND 0000024d: ISZERO 0000024e: PUSH2 0x0100 00000251: MUL 00000252: ADD 00000253: SWAP1 00000254: SWAP4 00000255: AND 00000256: SWAP3 00000257: SWAP1 00000258: SWAP3 00000259: DIV 0000025a: SWAP2 0000025b: DUP3 0000025c: ADD 0000025d: DUP2 0000025e: SWAP1 0000025f: DIV 00000260: MUL 00000261: PUSH1 0x80 00000263: SWAP1 00000264: DUP2 00000265: ADD 00000266: PUSH1 0x40 00000268: MSTORE 00000269: PUSH1 0x60 0000026b: DUP3 0000026c: DUP2 0000026d: MSTORE 0000026e: SWAP3 0000026f: SWAP2 00000270: SWAP1 00000271: DUP3 00000272: DUP3 00000273: DUP1 00000274: ISZERO 00000275: PUSH2 0x0463 00000278: JUMPI 00000279: DUP1 0000027a: PUSH1 0x1f 0000027c: LT 0000027d: PUSH2 0x0438 00000280: JUMPI 00000281: PUSH2 0x0100 00000284: DUP1 00000285: DUP4 00000286: SLOAD 00000287: DIV 00000288: MUL 00000289: DUP4 0000028a: MSTORE 0000028b: SWAP2 0000028c: PUSH1 0x20 0000028e: ADD 0000028f: SWAP2 00000290: PUSH2 0x0463 00000293: JUMP 00000294: JUMPDEST 00000295: PUSH2 0x0422 00000298: PUSH1 0x04 0000029a: CALLDATALOAD 0000029b: PUSH1 0x02 0000029d: PUSH1 0x20 0000029f: MSTORE 000002a0: PUSH1 0x00 000002a2: SWAP1 000002a3: DUP2 000002a4: MSTORE 000002a5: PUSH1 0x40 000002a7: SWAP1 000002a8: KECCAK256 000002a9: SLOAD 000002aa: DUP2 000002ab: JUMP 000002ac: JUMPDEST 000002ad: PUSH2 0x00e5 000002b0: PUSH1 0x04 000002b2: CALLDATALOAD 000002b3: PUSH1 0x24 000002b5: CALLDATALOAD 000002b6: PUSH1 0x00 000002b8: SLOAD 000002b9: CALLER 000002ba: PUSH1 0x01 000002bc: PUSH1 0xa0 000002be: PUSH1 0x02 000002c0: EXP 000002c1: SUB 000002c2: SWAP1 000002c3: DUP2 000002c4: AND 000002c5: SWAP2 000002c6: AND 000002c7: EQ 000002c8: PUSH2 0x0504 000002cb: JUMPI 000002cc: PUSH2 0x0002 000002cf: JUMP 000002d0: JUMPDEST 000002d1: PUSH2 0x00e5 000002d4: PUSH1 0x04 000002d6: CALLDATALOAD 000002d7: PUSH1 0x24 000002d9: CALLDATALOAD 000002da: PUSH1 0x00 000002dc: DUP2 000002dd: LT 000002de: DUP1 000002df: PUSH2 0x0300 000002e2: JUMPI 000002e3: POP 000002e4: CALLER 000002e5: PUSH1 0x01 000002e7: PUSH1 0xa0 000002e9: PUSH1 0x02 000002eb: EXP 000002ec: SUB 000002ed: AND 000002ee: PUSH1 0x00 000002f0: SWAP1 000002f1: DUP2 000002f2: MSTORE 000002f3: PUSH1 0x01 000002f5: PUSH1 0x20 000002f7: MSTORE 000002f8: PUSH1 0x40 000002fa: SWAP1 000002fb: KECCAK256 000002fc: SLOAD 000002fd: DUP2 000002fe: SWAP1 000002ff: LT 00000300: JUMPDEST 00000301: ISZERO 00000302: PUSH2 0x055f 00000305: JUMPI 00000306: PUSH2 0x0002 00000309: JUMP 0000030a: JUMPDEST 0000030b: PUSH2 0x042c 0000030e: PUSH1 0x07 00000310: SLOAD 00000311: PUSH2 0x0100 00000314: SWAP1 00000315: DIV 00000316: PUSH1 0xff 00000318: AND 00000319: DUP2 0000031a: JUMP 0000031b: JUMPDEST 0000031c: PUSH2 0x00e5 0000031f: PUSH1 0x04 00000321: CALLDATALOAD 00000322: PUSH1 0x00 00000324: SLOAD 00000325: CALLER 00000326: PUSH1 0x01 00000328: PUSH1 0xa0 0000032a: PUSH1 0x02 0000032c: EXP 0000032d: SUB 0000032e: SWAP1 0000032f: DUP2 00000330: AND 00000331: SWAP2 00000332: AND 00000333: EQ 00000334: PUSH2 0x06c4 00000337: JUMPI 00000338: PUSH2 0x0002 0000033b: JUMP 0000033c: JUMPDEST 0000033d: PUSH2 0x042c 00000340: PUSH1 0x07 00000342: SLOAD 00000343: PUSH3 0x010000 00000347: SWAP1 00000348: DIV 00000349: PUSH1 0xff 0000034b: AND 0000034c: DUP2 0000034d: JUMP 0000034e: JUMPDEST 0000034f: PUSH2 0x00e5 00000352: PUSH1 0x04 00000354: CALLDATALOAD 00000355: PUSH1 0x00 00000357: SLOAD 00000358: CALLER 00000359: PUSH1 0x01 0000035b: PUSH1 0xa0 0000035d: PUSH1 0x02 0000035f: EXP 00000360: SUB 00000361: SWAP1 00000362: DUP2 00000363: AND 00000364: SWAP2 00000365: AND 00000366: EQ 00000367: PUSH2 0x06e6 0000036a: JUMPI 0000036b: PUSH2 0x0002 0000036e: JUMP 0000036f: JUMPDEST 00000370: PUSH2 0x00e5 00000373: PUSH1 0x04 00000375: CALLDATALOAD 00000376: PUSH1 0x00 00000378: SLOAD 00000379: CALLER 0000037a: PUSH1 0x01 0000037c: PUSH1 0xa0 0000037e: PUSH1 0x02 00000380: EXP 00000381: SUB 00000382: SWAP1 00000383: DUP2 00000384: AND 00000385: SWAP2 00000386: AND 00000387: EQ 00000388: PUSH2 0x06fe 0000038b: JUMPI 0000038c: PUSH2 0x0002 0000038f: JUMP 00000390: JUMPDEST 00000391: PUSH2 0x00e5 00000394: PUSH1 0x04 00000396: CALLDATALOAD 00000397: PUSH1 0x24 00000399: CALLDATALOAD 0000039a: PUSH1 0x00 0000039c: SLOAD 0000039d: CALLER 0000039e: PUSH1 0x01 000003a0: PUSH1 0xa0 000003a2: PUSH1 0x02 000003a4: EXP 000003a5: SUB 000003a6: SWAP1 000003a7: DUP2 000003a8: AND 000003a9: SWAP2 000003aa: AND 000003ab: EQ 000003ac: PUSH2 0x0718 000003af: JUMPI 000003b0: PUSH2 0x0002 000003b3: JUMP 000003b4: JUMPDEST 000003b5: PUSH1 0x40 000003b7: MLOAD 000003b8: DUP1 000003b9: DUP1 000003ba: PUSH1 0x20 000003bc: ADD 000003bd: DUP3 000003be: DUP2 000003bf: SUB 000003c0: DUP3 000003c1: MSTORE 000003c2: DUP4 000003c3: DUP2 000003c4: DUP2 000003c5: MLOAD 000003c6: DUP2 000003c7: MSTORE 000003c8: PUSH1 0x20 000003ca: ADD 000003cb: SWAP2 000003cc: POP 000003cd: DUP1 000003ce: MLOAD 000003cf: SWAP1 000003d0: PUSH1 0x20 000003d2: ADD 000003d3: SWAP1 000003d4: DUP1 000003d5: DUP4 000003d6: DUP4 000003d7: DUP3 000003d8: SWAP1 000003d9: PUSH1 0x00 000003db: PUSH1 0x04 000003dd: PUSH1 0x20 000003df: DUP5 000003e0: PUSH1 0x1f 000003e2: ADD 000003e3: DIV 000003e4: PUSH1 0x0f 000003e6: MUL 000003e7: PUSH1 0x03 000003e9: ADD 000003ea: CALL 000003eb: POP 000003ec: SWAP1 000003ed: POP 000003ee: SWAP1 000003ef: DUP2 000003f0: ADD 000003f1: SWAP1 000003f2: PUSH1 0x1f 000003f4: AND 000003f5: DUP1 000003f6: ISZERO 000003f7: PUSH2 0x0414 000003fa: JUMPI 000003fb: DUP1 000003fc: DUP3 000003fd: SUB 000003fe: DUP1 000003ff: MLOAD 00000400: PUSH1 0x01 00000402: DUP4 00000403: PUSH1 0x20 00000405: SUB 00000406: PUSH2 0x0100 00000409: EXP 0000040a: SUB 0000040b: NOT 0000040c: AND 0000040d: DUP2 0000040e: MSTORE 0000040f: PUSH1 0x20 00000411: ADD 00000412: SWAP2 00000413: POP 00000414: JUMPDEST 00000415: POP 00000416: SWAP3 00000417: POP 00000418: POP 00000419: POP 0000041a: PUSH1 0x40 0000041c: MLOAD 0000041d: DUP1 0000041e: SWAP2 0000041f: SUB 00000420: SWAP1 00000421: RETURN 00000422: JUMPDEST 00000423: PUSH1 0x60 00000425: SWAP1 00000426: DUP2 00000427: MSTORE 00000428: PUSH1 0x20 0000042a: SWAP1 0000042b: RETURN 0000042c: JUMPDEST 0000042d: ISZERO 0000042e: ISZERO 0000042f: PUSH1 0x60 00000431: SWAP1 00000432: DUP2 00000433: MSTORE 00000434: PUSH1 0x20 00000436: SWAP1 00000437: RETURN 00000438: JUMPDEST 00000439: DUP3 0000043a: ADD 0000043b: SWAP2 0000043c: SWAP1 0000043d: PUSH1 0x00 0000043f: MSTORE 00000440: PUSH1 0x20 00000442: PUSH1 0x00 00000444: KECCAK256 00000445: SWAP1 00000446: JUMPDEST 00000447: DUP2 00000448: SLOAD 00000449: DUP2 0000044a: MSTORE 0000044b: SWAP1 0000044c: PUSH1 0x01 0000044e: ADD 0000044f: SWAP1 00000450: PUSH1 0x20 00000452: ADD 00000453: DUP1 00000454: DUP4 00000455: GT 00000456: PUSH2 0x0446 00000459: JUMPI 0000045a: DUP3 0000045b: SWAP1 0000045c: SUB 0000045d: PUSH1 0x1f 0000045f: AND 00000460: DUP3 00000461: ADD 00000462: SWAP2 00000463: JUMPDEST 00000464: POP 00000465: POP 00000466: POP 00000467: POP 00000468: POP 00000469: DUP2 0000046a: JUMP 0000046b: JUMPDEST 0000046c: PUSH1 0x40 0000046e: PUSH1 0x00 00000470: SWAP1 00000471: DUP2 00000472: KECCAK256 00000473: DUP1 00000474: SLOAD 00000475: DUP5 00000476: SWAP1 00000477: SUB 00000478: SWAP1 00000479: SSTORE 0000047a: PUSH1 0x03 0000047c: DUP1 0000047d: SLOAD 0000047e: DUP5 0000047f: SWAP1 00000480: SUB 00000481: SWAP1 00000482: SSTORE 00000483: DUP1 00000484: SLOAD 00000485: PUSH1 0x00 00000487: NOT 00000488: DUP5 00000489: MUL 0000048a: PUSH1 0x60 0000048c: SWAP1 0000048d: DUP2 0000048e: MSTORE 0000048f: PUSH1 0x01 00000491: PUSH1 0xa0 00000493: PUSH1 0x02 00000495: EXP 00000496: SUB 00000497: SWAP2 00000498: SWAP1 00000499: SWAP2 0000049a: AND 0000049b: SWAP2 0000049c: SWAP1 0000049d: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 000004be: SWAP1 000004bf: PUSH1 0x20 000004c1: SWAP1 000004c2: LOG3 000004c3: JUMPDEST 000004c4: POP 000004c5: POP 000004c6: JUMP 000004c7: JUMPDEST 000004c8: PUSH1 0x01 000004ca: PUSH1 0xa0 000004cc: PUSH1 0x02 000004ce: EXP 000004cf: SUB 000004d0: DUP2 000004d1: AND 000004d2: PUSH1 0x00 000004d4: SWAP1 000004d5: DUP2 000004d6: MSTORE 000004d7: PUSH1 0x01 000004d9: PUSH1 0x20 000004db: MSTORE 000004dc: PUSH1 0x40 000004de: DUP2 000004df: KECCAK256 000004e0: SLOAD 000004e1: DUP4 000004e2: SWAP1 000004e3: SUB 000004e4: LT 000004e5: ISZERO 000004e6: PUSH2 0x046b 000004e9: JUMPI 000004ea: PUSH2 0x0002 000004ed: JUMP 000004ee: JUMPDEST 000004ef: PUSH1 0x07 000004f1: DUP1 000004f2: SLOAD 000004f3: PUSH2 0x0100 000004f6: DUP4 000004f7: MUL 000004f8: PUSH2 0xff00 000004fb: NOT 000004fc: SWAP1 000004fd: SWAP2 000004fe: AND 000004ff: OR 00000500: SWAP1 00000501: SSTORE 00000502: POP 00000503: JUMP 00000504: JUMPDEST 00000505: PUSH1 0x01 00000507: PUSH1 0xa0 00000509: PUSH1 0x02 0000050b: EXP 0000050c: SUB 0000050d: DUP1 0000050e: DUP3 0000050f: AND 00000510: PUSH1 0x00 00000512: SWAP1 00000513: DUP2 00000514: MSTORE 00000515: PUSH1 0x01 00000517: PUSH1 0x20 00000519: SWAP1 0000051a: DUP2 0000051b: MSTORE 0000051c: PUSH1 0x40 0000051e: DUP3 0000051f: KECCAK256 00000520: DUP1 00000521: SLOAD 00000522: DUP7 00000523: ADD 00000524: SWAP1 00000525: SSTORE 00000526: PUSH1 0x03 00000528: DUP1 00000529: SLOAD 0000052a: DUP7 0000052b: ADD 0000052c: SWAP1 0000052d: SSTORE 0000052e: DUP2 0000052f: SLOAD 00000530: PUSH1 0x60 00000532: DUP7 00000533: DUP2 00000534: MSTORE 00000535: SWAP4 00000536: AND 00000537: SWAP3 00000538: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 00000559: SWAP2 0000055a: SWAP1 0000055b: LOG3 0000055c: POP 0000055d: POP 0000055e: JUMP 0000055f: JUMPDEST 00000560: PUSH1 0x07 00000562: SLOAD 00000563: PUSH4 0x01000000 00000568: SWAP1 00000569: DIV 0000056a: PUSH1 0xff 0000056c: AND 0000056d: DUP1 0000056e: ISZERO 0000056f: PUSH2 0x05ae 00000572: JUMPI 00000573: POP 00000574: CALLER 00000575: PUSH1 0x01 00000577: PUSH1 0xa0 00000579: PUSH1 0x02 0000057b: EXP 0000057c: SUB 0000057d: AND 0000057e: PUSH1 0x00 00000580: SWAP1 00000581: DUP2 00000582: MSTORE 00000583: PUSH1 0x02 00000585: PUSH1 0x20 00000587: DUP2 00000588: SWAP1 00000589: MSTORE 0000058a: PUSH1 0x40 0000058c: SWAP1 0000058d: SWAP2 0000058e: KECCAK256 0000058f: SLOAD 00000590: EQ 00000591: DUP1 00000592: PUSH2 0x05ae 00000595: JUMPI 00000596: POP 00000597: PUSH1 0x01 00000599: PUSH1 0xa0 0000059b: PUSH1 0x02 0000059d: EXP 0000059e: SUB 0000059f: DUP3 000005a0: AND 000005a1: PUSH1 0x00 000005a3: SWAP1 000005a4: DUP2 000005a5: MSTORE 000005a6: PUSH1 0x40 000005a8: SWAP1 000005a9: KECCAK256 000005aa: SLOAD 000005ab: PUSH1 0x02 000005ad: EQ 000005ae: JUMPDEST 000005af: ISZERO 000005b0: PUSH2 0x05b8 000005b3: JUMPI 000005b4: PUSH2 0x0002 000005b7: JUMP 000005b8: JUMPDEST 000005b9: PUSH1 0x07 000005bb: PUSH1 0x02 000005bd: SWAP1 000005be: SLOAD 000005bf: SWAP1 000005c0: PUSH2 0x0100 000005c3: EXP 000005c4: SWAP1 000005c5: DIV 000005c6: PUSH1 0xff 000005c8: AND 000005c9: DUP1 000005ca: ISZERO 000005cb: PUSH2 0x0624 000005ce: JUMPI 000005cf: POP 000005d0: PUSH1 0x01 000005d2: PUSH1 0x02 000005d4: PUSH1 0x00 000005d6: POP 000005d7: PUSH1 0x00 000005d9: CALLER 000005da: PUSH1 0x01 000005dc: PUSH1 0xa0 000005de: PUSH1 0x02 000005e0: EXP 000005e1: SUB 000005e2: AND 000005e3: DUP2 000005e4: MSTORE 000005e5: PUSH1 0x20 000005e7: ADD 000005e8: SWAP1 000005e9: DUP2 000005ea: MSTORE 000005eb: PUSH1 0x20 000005ed: ADD 000005ee: PUSH1 0x00 000005f0: KECCAK256 000005f1: PUSH1 0x00 000005f3: POP 000005f4: SLOAD 000005f5: EQ 000005f6: ISZERO 000005f7: DUP1 000005f8: PUSH2 0x0624 000005fb: JUMPI 000005fc: POP 000005fd: PUSH1 0x01 000005ff: PUSH1 0x02 00000601: PUSH1 0x00 00000603: POP 00000604: PUSH1 0x00 00000606: DUP5 00000607: PUSH1 0x01 00000609: PUSH1 0xa0 0000060b: PUSH1 0x02 0000060d: EXP 0000060e: SUB 0000060f: AND 00000610: DUP2 00000611: MSTORE 00000612: PUSH1 0x20 00000614: ADD 00000615: SWAP1 00000616: DUP2 00000617: MSTORE 00000618: PUSH1 0x20 0000061a: ADD 0000061b: PUSH1 0x00 0000061d: KECCAK256 0000061e: PUSH1 0x00 00000620: POP 00000621: SLOAD 00000622: EQ 00000623: ISZERO 00000624: JUMPDEST 00000625: ISZERO 00000626: PUSH2 0x062e 00000629: JUMPI 0000062a: PUSH2 0x0002 0000062d: JUMP 0000062e: JUMPDEST 0000062f: PUSH1 0x01 00000631: PUSH1 0xa0 00000633: PUSH1 0x02 00000635: EXP 00000636: SUB 00000637: CALLER 00000638: DUP2 00000639: AND 0000063a: PUSH1 0x00 0000063c: DUP2 0000063d: DUP2 0000063e: MSTORE 0000063f: PUSH1 0x01 00000641: PUSH1 0x20 00000643: SWAP1 00000644: DUP2 00000645: MSTORE 00000646: PUSH1 0x40 00000648: DUP1 00000649: DUP4 0000064a: KECCAK256 0000064b: DUP1 0000064c: SLOAD 0000064d: DUP8 0000064e: SWAP1 0000064f: SUB 00000650: SWAP1 00000651: SSTORE 00000652: SWAP4 00000653: DUP7 00000654: AND 00000655: DUP1 00000656: DUP4 00000657: MSTORE 00000658: SWAP4 00000659: SWAP1 0000065a: SWAP2 0000065b: KECCAK256 0000065c: DUP1 0000065d: SLOAD 0000065e: DUP6 0000065f: ADD 00000660: SWAP1 00000661: SSTORE 00000662: PUSH1 0x60 00000664: DUP5 00000665: DUP2 00000666: MSTORE 00000667: PUSH32 0x8b0c34a52f9e28d78caaa7066cd047b398dae74941a208b77777420f492bd7e1 00000688: SWAP2 00000689: SWAP1 0000068a: LOG3 0000068b: PUSH1 0x07 0000068d: SLOAD 0000068e: PUSH2 0x0100 00000691: SWAP1 00000692: DIV 00000693: PUSH1 0xff 00000695: AND 00000696: DUP1 00000697: ISZERO 00000698: PUSH2 0x06ba 0000069b: JUMPI 0000069c: POP 0000069d: CALLER 0000069e: PUSH1 0x01 000006a0: PUSH1 0xa0 000006a2: PUSH1 0x02 000006a4: EXP 000006a5: SUB 000006a6: AND 000006a7: PUSH1 0x00 000006a9: GASPRICE 000006aa: PUSH1 0x60 000006ac: DUP3 000006ad: DUP2 000006ae: DUP2 000006af: DUP2 000006b0: DUP6 000006b1: DUP9 000006b2: DUP4 000006b3: CALL 000006b4: SWAP4 000006b5: POP 000006b6: POP 000006b7: POP 000006b8: POP 000006b9: ISZERO 000006ba: JUMPDEST 000006bb: ISZERO 000006bc: PUSH2 0x04c3 000006bf: JUMPI 000006c0: PUSH2 0x0002 000006c3: JUMP 000006c4: JUMPDEST 000006c5: PUSH1 0x00 000006c7: DUP1 000006c8: SLOAD 000006c9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006de: NOT 000006df: AND 000006e0: DUP3 000006e1: OR 000006e2: SWAP1 000006e3: SSTORE 000006e4: POP 000006e5: JUMP 000006e6: JUMPDEST 000006e7: PUSH1 0x07 000006e9: DUP1 000006ea: SLOAD 000006eb: PUSH3 0x010000 000006ef: DUP4 000006f0: MUL 000006f1: PUSH3 0xff0000 000006f5: NOT 000006f6: SWAP1 000006f7: SWAP2 000006f8: AND 000006f9: OR 000006fa: SWAP1 000006fb: SSTORE 000006fc: POP 000006fd: JUMP 000006fe: JUMPDEST 000006ff: PUSH1 0x07 00000701: DUP1 00000702: SLOAD 00000703: PUSH4 0x01000000 00000708: DUP4 00000709: MUL 0000070a: PUSH4 0xff000000 0000070f: NOT 00000710: SWAP1 00000711: SWAP2 00000712: AND 00000713: OR 00000714: SWAP1 00000715: SSTORE 00000716: POP 00000717: JUMP 00000718: JUMPDEST 00000719: PUSH1 0x01 0000071b: PUSH1 0xa0 0000071d: PUSH1 0x02 0000071f: EXP 00000720: SUB 00000721: SWAP1 00000722: SWAP2 00000723: AND 00000724: PUSH1 0x00 00000726: SWAP1 00000727: DUP2 00000728: MSTORE 00000729: PUSH1 0x02 0000072b: PUSH1 0x20 0000072d: MSTORE 0000072e: PUSH1 0x40 00000730: SWAP1 00000731: KECCAK256 00000732: SSTORE 00000733: JUMP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a
call_targets:
0x0000000000000000000000000000000000000004, 0x37a9679c41e99db270bda88de8ff50c0cd23f326
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x37a9679c41e99db270bda88de8ff50c0cd23f326"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x45f09140",
"selector": "0x45f09140",
"calldata_variants": [
"0x45f09140",
"0x45f091400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492f12af",
"selector": "0x492f12af",
"calldata_variants": [
"0x492f12af",
"0x492f12af0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4958abb7",
"selector": "0x4958abb7",
"calldata_variants": [
"0x4958abb7",
"0x4958abb70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1715,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 2
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a
call_targets:
0x0000000000000000000000000000000000000004, 0x37a9679c41e99db270bda88de8ff50c0cd23f326
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xd1e4a9ef6bd3b73280d4080c6a4f50e78a5a53e09e954921b75ca1667c14045a",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0x37a9679c41e99db270bda88de8ff50c0cd23f326"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x45f09140",
"selector": "0x45f09140",
"calldata_variants": [
"0x45f09140",
"0x45f091400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492f12af",
"selector": "0x492f12af",
"calldata_variants": [
"0x492f12af",
"0x492f12af0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4958abb7",
"selector": "0x4958abb7",
"calldata_variants": [
"0x4958abb7",
"0x4958abb70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a3b7e42",
"selector": "0x5a3b7e42",
"calldata_variants": [
"0x5a3b7e42",
"0x5a3b7e420000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1002,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1715,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|
| medium | other | codex | Dynamic low-level CALL with potential ETH transfer to untrusted target | 75 | no | — |
viewevidence_json{
"evidence": "Detector findings show CALL at pc 1002 and 1715 with computed target/value, guards_detected=[], returndata_checked=null; validation confirmed target varies and ETH value transfer is possible (BYTECODE_BUNDLE detector_findings).",
"locations": [
"pc:0x3ea",
"pc:0x6b3"
],
"recommendation": "Constrain call targets/values to trusted addresses (hardcode or allowlist), enforce access control on any function that reaches the call, and consider reentrancy protection if state-changing logic is involved. Use STATICCALL for read-only precompile usage and ensure value is zero when calling precompiles.",
"exploit_scenario": "If an external caller can influence the call target or value, they could trigger arbitrary external calls (including reentrant execution) or force ETH transfers to attacker-chosen addresses. Validation observed target variability (0x0000000000000000000000000000000000000004 and the contract itself), and no guards were detected in the callsite evidence, but bytecode-only analysis cannot confirm whether these targets are user-controlled."
}
|
| low | other | codex | Unchecked return value from low-level CALL | 65 | no | — |
viewevidence_json{
"evidence": "At pc 1002 the CALL success flag is immediately POPed; returndata_checked is null in the callsite evidence (BYTECODE_BUNDLE callsites).",
"locations": [
"pc:0x3ea"
],
"recommendation": "Check the CALL success flag and revert or handle failure explicitly. If this call is only for a precompile/memory-copy pattern, enforce value=0 and still validate success to avoid silent failures.",
"exploit_scenario": "If the CALL at pc 0x3ea fails (revert/out-of-gas), execution appears to continue without handling the failure, which can silently skip intended effects or leave downstream logic assuming success."
}
|