019ba9bc-ec55-7374-891e-f740530ead19
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 37755 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 37756 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 37757 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 37758 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 37759 | capability.graph | complete | 1 / 3 | 3 months ago |
| 37760 | detector.run | complete | 1 / 3 | 3 months ago |
| 37761 | validation.fork | complete | 1 / 3 | 3 months ago |
| 37907 | report.consolidate | complete | 1 / 6 | 3 months ago |
{
"method": "eip1967",
"status": "onchain_only",
"implementation": "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998",
"onchain_method": "eip1967"
}
No slither job recorded yet.
{"no_findings":true,"summary":"No exploitable vulnerabilities identified in the provided DelayedWETH implementation and supporting first-party code.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-xi4p7p7o
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: xhigh
reasoning summaries: auto
session id: 019ba9d7-e338-7243-a1c1-e51e7a64c03c
--------
user
Context: The user requested the proxy at 0xd061ab95069987868768818cc1248705351e2d0e.
Audit the implementation at 0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading audit bundle file**
exec
/bin/bash -lc ls in /tmp/codex-xi4p7p7o succeeded in 6ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
interfaces
@openzeppelin
src
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-xi4p7p7o succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: interfaces/L1/IProxyAdminOwnedBase.sol
================================================================================
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import { IProxyAdmin } from "interfaces/universal/IProxyAdmin.sol";
interface IProxyAdminOwnedBase {
error ProxyAdminOwnedBase_NotSharedProxyAdminOwner();
error ProxyAdminOwnedBase_NotProxyAdminOwner();
error ProxyAdminOwnedBase_NotProxyAdmin();
error ProxyAdminOwnedBase_NotProxyAdminOrProxyAdminOwner();
error ProxyAdminOwnedBase_ProxyAdminNotFound();
error ProxyAdminOwnedBase_NotResolvedDelegateProxy();
function proxyAdmin() external view returns (IProxyAdmin);
thinking
**Analyzing DelayedWETH contract for security risks**
I’m digging into DelayedWETH’s design—its withdrawal delays, access controls, upgrade patterns, and external calls—to identify any potential vulnerabilities like reentrancy or misaccounting. I’m especially curious about how its sub-account system interacts with balances and unlock mappings, and whether that could lead to misuse or unexpected fund access in shared-pool scenarios.
thinking
**Examining external calls and upgrade safety**
I’m reviewing how external calls like systemConfig.paused() and proxyAdminOwner() interact with state changes and potential reentrancy risks, plus how initialization and storage layout impact upgrade safety. I’m also thinking about pause handling, privileged functions, and transfer gas limits to spot any subtleties that could affect contract behavior or fund access.
thinking
**Evaluating initialization and access patterns**
I'm analyzing how initialization might fail if proxy assumptions break and checking for subtle issues in unlock, withdraw, hold, and recover functions—especially around access control, potential reentrancy, and admin privileges that could affect fund control or upgrade safety.
thinking
**Summarizing administrative and pause-related checks**
I'm carefully reviewing the privileges of ProxyAdmin owners, reentrancy concerns around external paused checks, and subtle effects of pause not restricting unlocking. I confirm no exploitable vulnerabilities but note some low-severity design points around admin authority and pause behavior.
codex
{"no_findings":true,"summary":"No exploitable vulnerabilities identified in the provided DelayedWETH implementation and supporting first-party code.","findings":[]}
tokens used
27,230
{
"codex": {
"ran_at": "2026-01-10T21:41:35.033864+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 16,
"import_count": 15,
"first_party_contracts_count": 14
},
"summary": "No exploitable vulnerabilities identified in the provided DelayedWETH implementation and supporting first-party code.",
"raw_final": {
"summary": "No exploitable vulnerabilities identified in the provided DelayedWETH implementation and supporting first-party code.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"proxy_context": {
"proxy_run_id": "019ba9bc-ec55-7374-891e-f740530ead19",
"proxy_address": "0xd061ab95069987868768818cc1248705351e2d0e",
"implementation_run_id": "019ba9bd-153c-73c3-907a-8dcf22fedf2b",
"implementation_address": "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x005e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x5c60da1b 00000019: GT 0000001a: PUSH2 0x0043 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x5c60da1b 00000024: EQ 00000025: PUSH2 0x00be 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x8f283970 0000002f: EQ 00000030: PUSH2 0x00f8 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xf851a440 0000003a: EQ 0000003b: PUSH2 0x0118 0000003e: JUMPI 0000003f: PUSH2 0x006d 00000042: JUMP 00000043: JUMPDEST 00000044: DUP1 00000045: PUSH4 0x3659cfe6 0000004a: EQ 0000004b: PUSH2 0x0075 0000004e: JUMPI 0000004f: DUP1 00000050: PUSH4 0x4f1ef286 00000055: EQ 00000056: PUSH2 0x0095 00000059: JUMPI 0000005a: PUSH2 0x006d 0000005d: JUMP 0000005e: JUMPDEST 0000005f: CALLDATASIZE 00000060: PUSH2 0x006d 00000063: JUMPI 00000064: PUSH2 0x006b 00000067: PUSH2 0x012d 0000006a: JUMP 0000006b: JUMPDEST 0000006c: STOP 0000006d: JUMPDEST 0000006e: PUSH2 0x006b 00000071: PUSH2 0x012d 00000074: JUMP 00000075: JUMPDEST 00000076: CALLVALUE 00000077: DUP1 00000078: ISZERO 00000079: PUSH2 0x0081 0000007c: JUMPI 0000007d: PUSH1 0x00 0000007f: DUP1 00000080: REVERT 00000081: JUMPDEST 00000082: POP 00000083: PUSH2 0x006b 00000086: PUSH2 0x0090 00000089: CALLDATASIZE 0000008a: PUSH1 0x04 0000008c: PUSH2 0x06dd 0000008f: JUMP 00000090: JUMPDEST 00000091: PUSH2 0x0224 00000094: JUMP 00000095: JUMPDEST 00000096: PUSH2 0x00a8 00000099: PUSH2 0x00a3 0000009c: CALLDATASIZE 0000009d: PUSH1 0x04 0000009f: PUSH2 0x06f8 000000a2: JUMP 000000a3: JUMPDEST 000000a4: PUSH2 0x0296 000000a7: JUMP 000000a8: JUMPDEST 000000a9: PUSH1 0x40 000000ab: MLOAD 000000ac: PUSH2 0x00b5 000000af: SWAP2 000000b0: SWAP1 000000b1: PUSH2 0x077b 000000b4: JUMP 000000b5: JUMPDEST 000000b6: PUSH1 0x40 000000b8: MLOAD 000000b9: DUP1 000000ba: SWAP2 000000bb: SUB 000000bc: SWAP1 000000bd: RETURN 000000be: JUMPDEST 000000bf: CALLVALUE 000000c0: DUP1 000000c1: ISZERO 000000c2: PUSH2 0x00ca 000000c5: JUMPI 000000c6: PUSH1 0x00 000000c8: DUP1 000000c9: REVERT 000000ca: JUMPDEST 000000cb: POP 000000cc: PUSH2 0x00d3 000000cf: PUSH2 0x0419 000000d2: JUMP 000000d3: JUMPDEST 000000d4: PUSH1 0x40 000000d6: MLOAD 000000d7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000ec: SWAP1 000000ed: SWAP2 000000ee: AND 000000ef: DUP2 000000f0: MSTORE 000000f1: PUSH1 0x20 000000f3: ADD 000000f4: PUSH2 0x00b5 000000f7: JUMP 000000f8: JUMPDEST 000000f9: CALLVALUE 000000fa: DUP1 000000fb: ISZERO 000000fc: PUSH2 0x0104 000000ff: JUMPI 00000100: PUSH1 0x00 00000102: DUP1 00000103: REVERT 00000104: JUMPDEST 00000105: POP 00000106: PUSH2 0x006b 00000109: PUSH2 0x0113 0000010c: CALLDATASIZE 0000010d: PUSH1 0x04 0000010f: PUSH2 0x06dd 00000112: JUMP 00000113: JUMPDEST 00000114: PUSH2 0x04b0 00000117: JUMP 00000118: JUMPDEST 00000119: CALLVALUE 0000011a: DUP1 0000011b: ISZERO 0000011c: PUSH2 0x0124 0000011f: JUMPI 00000120: PUSH1 0x00 00000122: DUP1 00000123: REVERT 00000124: JUMPDEST 00000125: POP 00000126: PUSH2 0x00d3 00000129: PUSH2 0x0517 0000012c: JUMP 0000012d: JUMPDEST 0000012e: PUSH1 0x00 00000130: PUSH2 0x0157 00000133: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 00000154: SLOAD 00000155: SWAP1 00000156: JUMP 00000157: JUMPDEST 00000158: SWAP1 00000159: POP 0000015a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000016f: DUP2 00000170: AND 00000171: PUSH2 0x0201 00000174: JUMPI 00000175: PUSH1 0x40 00000177: MLOAD 00000178: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000199: DUP2 0000019a: MSTORE 0000019b: PUSH1 0x20 0000019d: PUSH1 0x04 0000019f: DUP3 000001a0: ADD 000001a1: MSTORE 000001a2: PUSH1 0x25 000001a4: PUSH1 0x24 000001a6: DUP3 000001a7: ADD 000001a8: MSTORE 000001a9: PUSH32 0x50726f78793a20696d706c656d656e746174696f6e206e6f7420696e69746961 000001ca: PUSH1 0x44 000001cc: DUP3 000001cd: ADD 000001ce: MSTORE 000001cf: PUSH32 0x6c697a6564000000000000000000000000000000000000000000000000000000 000001f0: PUSH1 0x64 000001f2: DUP3 000001f3: ADD 000001f4: MSTORE 000001f5: PUSH1 0x84 000001f7: ADD 000001f8: JUMPDEST 000001f9: PUSH1 0x40 000001fb: MLOAD 000001fc: DUP1 000001fd: SWAP2 000001fe: SUB 000001ff: SWAP1 00000200: REVERT 00000201: JUMPDEST 00000202: CALLDATASIZE 00000203: PUSH1 0x00 00000205: DUP1 00000206: CALLDATACOPY 00000207: PUSH1 0x00 00000209: DUP1 0000020a: CALLDATASIZE 0000020b: PUSH1 0x00 0000020d: DUP5 0000020e: GAS 0000020f: DELEGATECALL 00000210: RETURNDATASIZE 00000211: PUSH1 0x00 00000213: DUP1 00000214: RETURNDATACOPY 00000215: DUP1 00000216: PUSH2 0x021e 00000219: JUMPI 0000021a: RETURNDATASIZE 0000021b: PUSH1 0x00 0000021d: REVERT 0000021e: JUMPDEST 0000021f: POP 00000220: RETURNDATASIZE 00000221: PUSH1 0x00 00000223: RETURN 00000224: JUMPDEST 00000225: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000246: SLOAD 00000247: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000025c: AND 0000025d: CALLER 0000025e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000273: AND 00000274: EQ 00000275: DUP1 00000276: PUSH2 0x027d 00000279: JUMPI 0000027a: POP 0000027b: CALLER 0000027c: ISZERO 0000027d: JUMPDEST 0000027e: ISZERO 0000027f: PUSH2 0x028e 00000282: JUMPI 00000283: PUSH2 0x028b 00000286: DUP2 00000287: PUSH2 0x05a3 0000028a: JUMP 0000028b: JUMPDEST 0000028c: POP 0000028d: JUMP 0000028e: JUMPDEST 0000028f: PUSH2 0x028b 00000292: PUSH2 0x012d 00000295: JUMP 00000296: JUMPDEST 00000297: PUSH1 0x60 00000299: PUSH2 0x02c0 0000029c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000002bd: SLOAD 000002be: SWAP1 000002bf: JUMP 000002c0: JUMPDEST 000002c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002d6: AND 000002d7: CALLER 000002d8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002ed: AND 000002ee: EQ 000002ef: DUP1 000002f0: PUSH2 0x02f7 000002f3: JUMPI 000002f4: POP 000002f5: CALLER 000002f6: ISZERO 000002f7: JUMPDEST 000002f8: ISZERO 000002f9: PUSH2 0x040a 000002fc: JUMPI 000002fd: PUSH2 0x0305 00000300: DUP5 00000301: PUSH2 0x05a3 00000304: JUMP 00000305: JUMPDEST 00000306: PUSH1 0x00 00000308: DUP1 00000309: DUP6 0000030a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000031f: AND 00000320: DUP6 00000321: DUP6 00000322: PUSH1 0x40 00000324: MLOAD 00000325: PUSH2 0x032f 00000328: SWAP3 00000329: SWAP2 0000032a: SWAP1 0000032b: PUSH2 0x07ee 0000032e: JUMP 0000032f: JUMPDEST 00000330: PUSH1 0x00 00000332: PUSH1 0x40 00000334: MLOAD 00000335: DUP1 00000336: DUP4 00000337: SUB 00000338: DUP2 00000339: DUP6 0000033a: GAS 0000033b: DELEGATECALL 0000033c: SWAP2 0000033d: POP 0000033e: POP 0000033f: RETURNDATASIZE 00000340: DUP1 00000341: PUSH1 0x00 00000343: DUP2 00000344: EQ 00000345: PUSH2 0x036a 00000348: JUMPI 00000349: PUSH1 0x40 0000034b: MLOAD 0000034c: SWAP2 0000034d: POP 0000034e: PUSH1 0x1f 00000350: NOT 00000351: PUSH1 0x3f 00000353: RETURNDATASIZE 00000354: ADD 00000355: AND 00000356: DUP3 00000357: ADD 00000358: PUSH1 0x40 0000035a: MSTORE 0000035b: RETURNDATASIZE 0000035c: DUP3 0000035d: MSTORE 0000035e: RETURNDATASIZE 0000035f: PUSH1 0x00 00000361: PUSH1 0x20 00000363: DUP5 00000364: ADD 00000365: RETURNDATACOPY 00000366: PUSH2 0x036f 00000369: JUMP 0000036a: JUMPDEST 0000036b: PUSH1 0x60 0000036d: SWAP2 0000036e: POP 0000036f: JUMPDEST 00000370: POP 00000371: SWAP2 00000372: POP 00000373: SWAP2 00000374: POP 00000375: DUP2 00000376: PUSH2 0x0401 00000379: JUMPI 0000037a: PUSH1 0x40 0000037c: MLOAD 0000037d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000039e: DUP2 0000039f: MSTORE 000003a0: PUSH1 0x20 000003a2: PUSH1 0x04 000003a4: DUP3 000003a5: ADD 000003a6: MSTORE 000003a7: PUSH1 0x39 000003a9: PUSH1 0x24 000003ab: DUP3 000003ac: ADD 000003ad: MSTORE 000003ae: PUSH32 0x50726f78793a2064656c656761746563616c6c20746f206e657720696d706c65 000003cf: PUSH1 0x44 000003d1: DUP3 000003d2: ADD 000003d3: MSTORE 000003d4: PUSH32 0x6d656e746174696f6e20636f6e7472616374206661696c656400000000000000 000003f5: PUSH1 0x64 000003f7: DUP3 000003f8: ADD 000003f9: MSTORE 000003fa: PUSH1 0x84 000003fc: ADD 000003fd: PUSH2 0x01f8 00000400: JUMP 00000401: JUMPDEST 00000402: SWAP2 00000403: POP 00000404: PUSH2 0x0412 00000407: SWAP1 00000408: POP 00000409: JUMP 0000040a: JUMPDEST 0000040b: PUSH2 0x0412 0000040e: PUSH2 0x012d 00000411: JUMP 00000412: JUMPDEST 00000413: SWAP4 00000414: SWAP3 00000415: POP 00000416: POP 00000417: POP 00000418: JUMP 00000419: JUMPDEST 0000041a: PUSH1 0x00 0000041c: PUSH2 0x0443 0000041f: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000440: SLOAD 00000441: SWAP1 00000442: JUMP 00000443: JUMPDEST 00000444: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000459: AND 0000045a: CALLER 0000045b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000470: AND 00000471: EQ 00000472: DUP1 00000473: PUSH2 0x047a 00000476: JUMPI 00000477: POP 00000478: CALLER 00000479: ISZERO 0000047a: JUMPDEST 0000047b: ISZERO 0000047c: PUSH2 0x04a5 0000047f: JUMPI 00000480: POP 00000481: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000004a2: SLOAD 000004a3: SWAP1 000004a4: JUMP 000004a5: JUMPDEST 000004a6: PUSH2 0x04ad 000004a9: PUSH2 0x012d 000004ac: JUMP 000004ad: JUMPDEST 000004ae: SWAP1 000004af: JUMP 000004b0: JUMPDEST 000004b1: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000004d2: SLOAD 000004d3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004e8: AND 000004e9: CALLER 000004ea: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004ff: AND 00000500: EQ 00000501: DUP1 00000502: PUSH2 0x0509 00000505: JUMPI 00000506: POP 00000507: CALLER 00000508: ISZERO 00000509: JUMPDEST 0000050a: ISZERO 0000050b: PUSH2 0x028e 0000050e: JUMPI 0000050f: PUSH2 0x028b 00000512: DUP2 00000513: PUSH2 0x060c 00000516: JUMP 00000517: JUMPDEST 00000518: PUSH1 0x00 0000051a: PUSH2 0x0541 0000051d: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 0000053e: SLOAD 0000053f: SWAP1 00000540: JUMP 00000541: JUMPDEST 00000542: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000557: AND 00000558: CALLER 00000559: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000056e: AND 0000056f: EQ 00000570: DUP1 00000571: PUSH2 0x0578 00000574: JUMPI 00000575: POP 00000576: CALLER 00000577: ISZERO 00000578: JUMPDEST 00000579: ISZERO 0000057a: PUSH2 0x04a5 0000057d: JUMPI 0000057e: POP 0000057f: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000005a0: SLOAD 000005a1: SWAP1 000005a2: JUMP 000005a3: JUMPDEST 000005a4: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000005c5: DUP2 000005c6: DUP2 000005c7: SSTORE 000005c8: PUSH1 0x40 000005ca: MLOAD 000005cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005e0: DUP4 000005e1: AND 000005e2: SWAP1 000005e3: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 00000604: SWAP1 00000605: PUSH1 0x00 00000607: SWAP1 00000608: LOG2 00000609: POP 0000060a: POP 0000060b: JUMP 0000060c: JUMPDEST 0000060d: PUSH1 0x00 0000060f: PUSH2 0x0636 00000612: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000633: SLOAD 00000634: SWAP1 00000635: JUMP 00000636: JUMPDEST 00000637: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000658: DUP4 00000659: DUP2 0000065a: SSTORE 0000065b: PUSH1 0x40 0000065d: DUP1 0000065e: MLOAD 0000065f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000674: DUP1 00000675: DUP6 00000676: AND 00000677: DUP3 00000678: MSTORE 00000679: DUP7 0000067a: AND 0000067b: PUSH1 0x20 0000067d: DUP3 0000067e: ADD 0000067f: MSTORE 00000680: SWAP3 00000681: SWAP4 00000682: POP 00000683: SWAP1 00000684: SWAP2 00000685: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 000006a6: SWAP2 000006a7: ADD 000006a8: PUSH1 0x40 000006aa: MLOAD 000006ab: DUP1 000006ac: SWAP2 000006ad: SUB 000006ae: SWAP1 000006af: LOG1 000006b0: POP 000006b1: POP 000006b2: POP 000006b3: JUMP 000006b4: JUMPDEST 000006b5: DUP1 000006b6: CALLDATALOAD 000006b7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006cc: DUP2 000006cd: AND 000006ce: DUP2 000006cf: EQ 000006d0: PUSH2 0x06d8 000006d3: JUMPI 000006d4: PUSH1 0x00 000006d6: DUP1 000006d7: REVERT 000006d8: JUMPDEST 000006d9: SWAP2 000006da: SWAP1 000006db: POP 000006dc: JUMP 000006dd: JUMPDEST 000006de: PUSH1 0x00 000006e0: PUSH1 0x20 000006e2: DUP3 000006e3: DUP5 000006e4: SUB 000006e5: SLT 000006e6: ISZERO 000006e7: PUSH2 0x06ef 000006ea: JUMPI 000006eb: PUSH1 0x00 000006ed: DUP1 000006ee: REVERT 000006ef: JUMPDEST 000006f0: PUSH2 0x0412 000006f3: DUP3 000006f4: PUSH2 0x06b4 000006f7: JUMP 000006f8: JUMPDEST 000006f9: PUSH1 0x00 000006fb: DUP1 000006fc: PUSH1 0x00 000006fe: PUSH1 0x40 00000700: DUP5 00000701: DUP7 00000702: SUB 00000703: SLT 00000704: ISZERO 00000705: PUSH2 0x070d 00000708: JUMPI 00000709: PUSH1 0x00 0000070b: DUP1 0000070c: REVERT 0000070d: JUMPDEST 0000070e: PUSH2 0x0716 00000711: DUP5 00000712: PUSH2 0x06b4 00000715: JUMP 00000716: JUMPDEST 00000717: SWAP3 00000718: POP 00000719: PUSH1 0x20 0000071b: DUP5 0000071c: ADD 0000071d: CALLDATALOAD 0000071e: PUSH8 0xffffffffffffffff 00000727: DUP1 00000728: DUP3 00000729: GT 0000072a: ISZERO 0000072b: PUSH2 0x0733 0000072e: JUMPI 0000072f: PUSH1 0x00 00000731: DUP1 00000732: REVERT 00000733: JUMPDEST 00000734: DUP2 00000735: DUP7 00000736: ADD 00000737: SWAP2 00000738: POP 00000739: DUP7 0000073a: PUSH1 0x1f 0000073c: DUP4 0000073d: ADD 0000073e: SLT 0000073f: PUSH2 0x0747 00000742: JUMPI 00000743: PUSH1 0x00 00000745: DUP1 00000746: REVERT 00000747: JUMPDEST 00000748: DUP2 00000749: CALLDATALOAD 0000074a: DUP2 0000074b: DUP2 0000074c: GT 0000074d: ISZERO 0000074e: PUSH2 0x0756 00000751: JUMPI 00000752: PUSH1 0x00 00000754: DUP1 00000755: REVERT 00000756: JUMPDEST 00000757: DUP8 00000758: PUSH1 0x20 0000075a: DUP3 0000075b: DUP6 0000075c: ADD 0000075d: ADD 0000075e: GT 0000075f: ISZERO 00000760: PUSH2 0x0768 00000763: JUMPI 00000764: PUSH1 0x00 00000766: DUP1 00000767: REVERT 00000768: JUMPDEST 00000769: PUSH1 0x20 0000076b: DUP4 0000076c: ADD 0000076d: SWAP5 0000076e: POP 0000076f: DUP1 00000770: SWAP4 00000771: POP 00000772: POP 00000773: POP 00000774: POP 00000775: SWAP3 00000776: POP 00000777: SWAP3 00000778: POP 00000779: SWAP3 0000077a: JUMP 0000077b: JUMPDEST 0000077c: PUSH1 0x00 0000077e: PUSH1 0x20 00000780: DUP1 00000781: DUP4 00000782: MSTORE 00000783: DUP4 00000784: MLOAD 00000785: DUP1 00000786: DUP3 00000787: DUP6 00000788: ADD 00000789: MSTORE 0000078a: PUSH1 0x00 0000078c: JUMPDEST 0000078d: DUP2 0000078e: DUP2 0000078f: LT 00000790: ISZERO 00000791: PUSH2 0x07a8 00000794: JUMPI 00000795: DUP6 00000796: DUP2 00000797: ADD 00000798: DUP4 00000799: ADD 0000079a: MLOAD 0000079b: DUP6 0000079c: DUP3 0000079d: ADD 0000079e: PUSH1 0x40 000007a0: ADD 000007a1: MSTORE 000007a2: DUP3 000007a3: ADD 000007a4: PUSH2 0x078c 000007a7: JUMP 000007a8: JUMPDEST 000007a9: DUP2 000007aa: DUP2 000007ab: GT 000007ac: ISZERO 000007ad: PUSH2 0x07ba 000007b0: JUMPI 000007b1: PUSH1 0x00 000007b3: PUSH1 0x40 000007b5: DUP4 000007b6: DUP8 000007b7: ADD 000007b8: ADD 000007b9: MSTORE 000007ba: JUMPDEST 000007bb: POP 000007bc: PUSH1 0x1f 000007be: ADD 000007bf: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 000007e0: AND 000007e1: SWAP3 000007e2: SWAP1 000007e3: SWAP3 000007e4: ADD 000007e5: PUSH1 0x40 000007e7: ADD 000007e8: SWAP4 000007e9: SWAP3 000007ea: POP 000007eb: POP 000007ec: POP 000007ed: JUMP 000007ee: JUMPDEST 000007ef: DUP2 000007f0: DUP4 000007f1: DUP3 000007f2: CALLDATACOPY 000007f3: PUSH1 0x00 000007f5: SWAP2 000007f6: ADD 000007f7: SWAP1 000007f8: DUP2 000007f9: MSTORE 000007fa: SWAP2 000007fb: SWAP1 000007fc: POP 000007fd: JUMP 000007fe: INVALID 000007ff: LOG1 00000800: PUSH5 0x736f6c6343 00000806: STOP 00000807: ADDMOD 00000808: UNKNOWN(0x0F) 00000809: STOP 0000080a: EXP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | upgradeability | detector | Untrusted DELEGATECALL target reachable | 55 | no | no |
viewtrace_id: 0x314efa1ab8eafcc9b30c3e960a5293974da1513da343a19527d7bf4f484b186e
call_targets:
0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x314efa1ab8eafcc9b30c3e960a5293974da1513da343a19527d7bf4f484b186e",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 527,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 827,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 605,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 727,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1114,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1257,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1368,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|