019ba9e0-be02-717a-8473-2e66da369b7b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38033 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38034 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38035 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38036 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38037 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38038 | detector.run | complete | 1 / 3 | 3 months ago |
| 38039 | validation.fork | complete | 1 / 3 | 3 months ago |
| 38171 | report.consolidate | complete | 1 / 6 | 3 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Found two low-severity issues around external call handling: unchecked ERC20 transfer return and use of `transfer` for Ether withdrawals that can lock funds for contract owners.","findings":[{"severity":"low","category":"other","title":"ERC20 transfer return value is unchecked in withdrawTokens","exploit_scenario":"If the token is non-compliant or malicious and returns `false` without reverting, `withdrawTokens` will emit a `TokensWithdrawn` event even though no tokens were transferred. This can mislead monitoring/accounting and leave funds stuck in the wallet until a compliant transfer is used.","recommendation":"Check the boolean return from `token.transfer` and revert on failure (or use a safe ERC20 wrapper that handles non-standard tokens).","evidence":"`token.transfer(owner, tokenBalance);` is called without checking the return value.","locations":["contracts/Contract.sol:55"]},{"severity":"low","category":"other","title":"Using `transfer` for Ether withdrawal can lock funds for contract owners","exploit_scenario":"If the owner is a smart contract whose fallback/receive needs more than 2300 gas (or reverts), `withdrawEther` will always revert, permanently locking Ether in the wallet.","recommendation":"Use `call{value: balance}()` and handle the boolean return value; consider emitting a failure event or reverting on failure.","evidence":"`payable(owner).transfer(balance);` relies on 2300 gas stipend.","locations":["contracts/Contract.sol:46"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-8v_d6nsc
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019baa64-5961-7a61-b9b8-d94d4e8be886
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading AUDIT_BUNDLE file**
exec
/bin/bash -lc ls in /tmp/codex-8v_d6nsc succeeded in 11ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-8v_d6nsc succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IERC20 {
function transfer(address recipient, uint256 amount) external returns (bool);
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
function balanceOf(address account) external view returns (uint256);
}
contract TimeLockedWallet {
address public owner;
uint256 public unlockTime;
// Events for logging deposits and withdrawals
thinking
**Reviewing contract withdrawal and token handling risks**
I'm auditing a contract focusing on withdrawal functions, particularly withdrawTokens calling token.transfer without checking its return, which could silently fail, and withdrawEther using transfer that may cause fund locks if the owner is a contract requiring more gas. I’m considering reentrancy risks linked to token.transfer calls, though no state changes occur after transfer. I also note depositTokens is owner-restricted, depositEther is open, and unlockTime has no validation but that's acceptable. I plan to confirm line numbers for referencing the source.
exec
/bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-8v_d6nsc succeeded in 8ms:
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.0;
3
4 interface IERC20 {
5 function transfer(address recipient, uint256 amount) external returns (bool);
6 function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
7 function balanceOf(address account) external view returns (uint256);
8 }
9
10 contract TimeLockedWallet {
11 address public owner;
12 uint256 public unlockTime;
13
14 // Events for logging deposits and withdrawals
15 event EtherDeposited(address indexed sender, uint256 amount);
16 event TokensDeposited(address indexed sender, address token, uint256 amount);
17 event EtherWithdrawn(address indexed to, uint256 amount);
18 event TokensWithdrawn(address indexed to, address token, uint256 amount);
19
20 constructor(uint256 _unlockTime) payable {
thinking
**Composing detailed JSON report**
I'm putting together a JSON summary with findings about low-severity issues: one for unchecked ERC20 transfers that might cause lost funds without revert, and another about using `transfer` for Ether withdrawals that risks reversion due to gas limits. I'll include categories, severity, exploit scenarios, and file locations, making sure the JSON is valid and clear with supporting code snippets.
codex
{"no_findings":false,"summary":"Found two low-severity issues around external call handling: unchecked ERC20 transfer return and use of `transfer` for Ether withdrawals that can lock funds for contract owners.","findings":[{"severity":"low","category":"other","title":"ERC20 transfer return value is unchecked in withdrawTokens","exploit_scenario":"If the token is non-compliant or malicious and returns `false` without reverting, `withdrawTokens` will emit a `TokensWithdrawn` event even though no tokens were transferred. This can mislead monitoring/accounting and leave funds stuck in the wallet until a compliant transfer is used.","recommendation":"Check the boolean return from `token.transfer` and revert on failure (or use a safe ERC20 wrapper that handles non-standard tokens).","evidence":"`token.transfer(owner, tokenBalance);` is called without checking the return value.","locations":["contracts/Contract.sol:55"]},{"severity":"low","category":"other","title":"Using `transfer` for Ether withdrawal can lock funds for contract owners","exploit_scenario":"If the owner is a smart contract whose fallback/receive needs more than 2300 gas (or reverts), `withdrawEther` will always revert, permanently locking Ether in the wallet.","recommendation":"Use `call{value: balance}()` and handle the boolean return value; consider emitting a failure event or reverting on failure.","evidence":"`payable(owner).transfer(balance);` relies on 2300 gas stipend.","locations":["contracts/Contract.sol:46"]}]}
tokens used
13,323
{
"codex": {
"ran_at": "2026-01-11T00:11:32.464427+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": "Found two low-severity issues around external call handling: unchecked ERC20 transfer return and use of `transfer` for Ether withdrawals that can lock funds for contract owners.",
"raw_final": {
"summary": "Found two low-severity issues around external call handling: unchecked ERC20 transfer return and use of `transfer` for Ether withdrawals that can lock funds for contract owners.",
"findings": [
{
"title": "ERC20 transfer return value is unchecked in withdrawTokens",
"category": "other",
"evidence": "`token.transfer(owner, tokenBalance);` is called without checking the return value.",
"severity": "low",
"locations": [
"contracts/Contract.sol:55"
],
"recommendation": "Check the boolean return from `token.transfer` and revert on failure (or use a safe ERC20 wrapper that handles non-standard tokens).",
"exploit_scenario": "If the token is non-compliant or malicious and returns `false` without reverting, `withdrawTokens` will emit a `TokensWithdrawn` event even though no tokens were transferred. This can mislead monitoring/accounting and leave funds stuck in the wallet until a compliant transfer is used."
},
{
"title": "Using `transfer` for Ether withdrawal can lock funds for contract owners",
"category": "other",
"evidence": "`payable(owner).transfer(balance);` relies on 2300 gas stipend.",
"severity": "low",
"locations": [
"contracts/Contract.sol:46"
],
"recommendation": "Use `call{value: balance}()` and handle the boolean return value; consider emitting a failure event or reverting on failure.",
"exploit_scenario": "If the owner is a smart contract whose fallback/receive needs more than 2300 gas (or reverts), `withdrawEther` will always revert, permanently locking Ether in the wallet."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0073 0000000c: JUMPI 0000000d: PUSH0 0000000e: CALLDATALOAD 0000000f: PUSH1 0xe0 00000011: SHR 00000012: DUP1 00000013: PUSH4 0x7362377b 00000018: GT 00000019: PUSH2 0x004d 0000001c: JUMPI 0000001d: DUP1 0000001e: PUSH4 0x7362377b 00000023: EQ 00000024: PUSH2 0x0146 00000027: JUMPI 00000028: DUP1 00000029: PUSH4 0x8da5cb5b 0000002e: EQ 0000002f: PUSH2 0x015c 00000032: JUMPI 00000033: DUP1 00000034: PUSH4 0x98ea5fca 00000039: EQ 0000003a: PUSH2 0x0186 0000003d: JUMPI 0000003e: DUP1 0000003f: PUSH4 0xc71daccb 00000044: EQ 00000045: PUSH2 0x0190 00000048: JUMPI 00000049: PUSH2 0x00c8 0000004c: JUMP 0000004d: JUMPDEST 0000004e: DUP1 0000004f: PUSH4 0x251c1aa3 00000054: EQ 00000055: PUSH2 0x00cc 00000058: JUMPI 00000059: DUP1 0000005a: PUSH4 0x49df728c 0000005f: EQ 00000060: PUSH2 0x00f6 00000063: JUMPI 00000064: DUP1 00000065: PUSH4 0x66168bd7 0000006a: EQ 0000006b: PUSH2 0x011e 0000006e: JUMPI 0000006f: PUSH2 0x00c8 00000072: JUMP 00000073: JUMPDEST 00000074: CALLDATASIZE 00000075: PUSH2 0x00c8 00000078: JUMPI 00000079: CALLER 0000007a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000008f: AND 00000090: PUSH32 0x939e51ac2fd009b158d6344f7e68a83d8d18d9b0cc88cf514aac6aaa9cad2a18 000000b1: CALLVALUE 000000b2: PUSH1 0x40 000000b4: MLOAD 000000b5: PUSH2 0x00be 000000b8: SWAP2 000000b9: SWAP1 000000ba: PUSH2 0x0844 000000bd: JUMP 000000be: JUMPDEST 000000bf: PUSH1 0x40 000000c1: MLOAD 000000c2: DUP1 000000c3: SWAP2 000000c4: SUB 000000c5: SWAP1 000000c6: LOG2 000000c7: STOP 000000c8: JUMPDEST 000000c9: PUSH0 000000ca: DUP1 000000cb: REVERT 000000cc: JUMPDEST 000000cd: CALLVALUE 000000ce: DUP1 000000cf: ISZERO 000000d0: PUSH2 0x00d7 000000d3: JUMPI 000000d4: PUSH0 000000d5: DUP1 000000d6: REVERT 000000d7: JUMPDEST 000000d8: POP 000000d9: PUSH2 0x00e0 000000dc: PUSH2 0x01ba 000000df: JUMP 000000e0: JUMPDEST 000000e1: PUSH1 0x40 000000e3: MLOAD 000000e4: PUSH2 0x00ed 000000e7: SWAP2 000000e8: SWAP1 000000e9: PUSH2 0x0844 000000ec: JUMP 000000ed: JUMPDEST 000000ee: PUSH1 0x40 000000f0: MLOAD 000000f1: DUP1 000000f2: SWAP2 000000f3: SUB 000000f4: SWAP1 000000f5: RETURN 000000f6: JUMPDEST 000000f7: CALLVALUE 000000f8: DUP1 000000f9: ISZERO 000000fa: PUSH2 0x0101 000000fd: JUMPI 000000fe: PUSH0 000000ff: DUP1 00000100: REVERT 00000101: JUMPDEST 00000102: POP 00000103: PUSH2 0x011c 00000106: PUSH1 0x04 00000108: DUP1 00000109: CALLDATASIZE 0000010a: SUB 0000010b: DUP2 0000010c: ADD 0000010d: SWAP1 0000010e: PUSH2 0x0117 00000111: SWAP2 00000112: SWAP1 00000113: PUSH2 0x08bb 00000116: JUMP 00000117: JUMPDEST 00000118: PUSH2 0x01c0 0000011b: JUMP 0000011c: JUMPDEST 0000011d: STOP 0000011e: JUMPDEST 0000011f: CALLVALUE 00000120: DUP1 00000121: ISZERO 00000122: PUSH2 0x0129 00000125: JUMPI 00000126: PUSH0 00000127: DUP1 00000128: REVERT 00000129: JUMPDEST 0000012a: POP 0000012b: PUSH2 0x0144 0000012e: PUSH1 0x04 00000130: DUP1 00000131: CALLDATASIZE 00000132: SUB 00000133: DUP2 00000134: ADD 00000135: SWAP1 00000136: PUSH2 0x013f 00000139: SWAP2 0000013a: SWAP1 0000013b: PUSH2 0x0910 0000013e: JUMP 0000013f: JUMPDEST 00000140: PUSH2 0x0420 00000143: JUMP 00000144: JUMPDEST 00000145: STOP 00000146: JUMPDEST 00000147: CALLVALUE 00000148: DUP1 00000149: ISZERO 0000014a: PUSH2 0x0151 0000014d: JUMPI 0000014e: PUSH0 0000014f: DUP1 00000150: REVERT 00000151: JUMPDEST 00000152: POP 00000153: PUSH2 0x015a 00000156: PUSH2 0x05c7 00000159: JUMP 0000015a: JUMPDEST 0000015b: STOP 0000015c: JUMPDEST 0000015d: CALLVALUE 0000015e: DUP1 0000015f: ISZERO 00000160: PUSH2 0x0167 00000163: JUMPI 00000164: PUSH0 00000165: DUP1 00000166: REVERT 00000167: JUMPDEST 00000168: POP 00000169: PUSH2 0x0170 0000016c: PUSH2 0x0770 0000016f: JUMP 00000170: JUMPDEST 00000171: PUSH1 0x40 00000173: MLOAD 00000174: PUSH2 0x017d 00000177: SWAP2 00000178: SWAP1 00000179: PUSH2 0x095d 0000017c: JUMP 0000017d: JUMPDEST 0000017e: PUSH1 0x40 00000180: MLOAD 00000181: DUP1 00000182: SWAP2 00000183: SUB 00000184: SWAP1 00000185: RETURN 00000186: JUMPDEST 00000187: PUSH2 0x018e 0000018a: PUSH2 0x0793 0000018d: JUMP 0000018e: JUMPDEST 0000018f: STOP 00000190: JUMPDEST 00000191: CALLVALUE 00000192: DUP1 00000193: ISZERO 00000194: PUSH2 0x019b 00000197: JUMPI 00000198: PUSH0 00000199: DUP1 0000019a: REVERT 0000019b: JUMPDEST 0000019c: POP 0000019d: PUSH2 0x01a4 000001a0: PUSH2 0x0825 000001a3: JUMP 000001a4: JUMPDEST 000001a5: PUSH1 0x40 000001a7: MLOAD 000001a8: PUSH2 0x01b1 000001ab: SWAP2 000001ac: SWAP1 000001ad: PUSH2 0x0844 000001b0: JUMP 000001b1: JUMPDEST 000001b2: PUSH1 0x40 000001b4: MLOAD 000001b5: DUP1 000001b6: SWAP2 000001b7: SUB 000001b8: SWAP1 000001b9: RETURN 000001ba: JUMPDEST 000001bb: PUSH1 0x01 000001bd: SLOAD 000001be: DUP2 000001bf: JUMP 000001c0: JUMPDEST 000001c1: PUSH0 000001c2: DUP1 000001c3: SLOAD 000001c4: SWAP1 000001c5: PUSH2 0x0100 000001c8: EXP 000001c9: SWAP1 000001ca: DIV 000001cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001e0: AND 000001e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001f6: AND 000001f7: CALLER 000001f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000020d: AND 0000020e: EQ 0000020f: PUSH2 0x024d 00000212: JUMPI 00000213: PUSH1 0x40 00000215: MLOAD 00000216: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000237: DUP2 00000238: MSTORE 00000239: PUSH1 0x04 0000023b: ADD 0000023c: PUSH2 0x0244 0000023f: SWAP1 00000240: PUSH2 0x09d0 00000243: JUMP 00000244: JUMPDEST 00000245: PUSH1 0x40 00000247: MLOAD 00000248: DUP1 00000249: SWAP2 0000024a: SUB 0000024b: SWAP1 0000024c: REVERT 0000024d: JUMPDEST 0000024e: PUSH1 0x01 00000250: SLOAD 00000251: TIMESTAMP 00000252: LT 00000253: ISZERO 00000254: PUSH2 0x0292 00000257: JUMPI 00000258: PUSH1 0x40 0000025a: MLOAD 0000025b: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000027c: DUP2 0000027d: MSTORE 0000027e: PUSH1 0x04 00000280: ADD 00000281: PUSH2 0x0289 00000284: SWAP1 00000285: PUSH2 0x0a38 00000288: JUMP 00000289: JUMPDEST 0000028a: PUSH1 0x40 0000028c: MLOAD 0000028d: DUP1 0000028e: SWAP2 0000028f: SUB 00000290: SWAP1 00000291: REVERT 00000292: JUMPDEST 00000293: PUSH0 00000294: DUP2 00000295: SWAP1 00000296: POP 00000297: PUSH0 00000298: DUP2 00000299: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002ae: AND 000002af: PUSH4 0x70a08231 000002b4: ADDRESS 000002b5: PUSH1 0x40 000002b7: MLOAD 000002b8: DUP3 000002b9: PUSH4 0xffffffff 000002be: AND 000002bf: PUSH1 0xe0 000002c1: SHL 000002c2: DUP2 000002c3: MSTORE 000002c4: PUSH1 0x04 000002c6: ADD 000002c7: PUSH2 0x02d0 000002ca: SWAP2 000002cb: SWAP1 000002cc: PUSH2 0x095d 000002cf: JUMP 000002d0: JUMPDEST 000002d1: PUSH1 0x20 000002d3: PUSH1 0x40 000002d5: MLOAD 000002d6: DUP1 000002d7: DUP4 000002d8: SUB 000002d9: DUP2 000002da: DUP7 000002db: GAS 000002dc: STATICCALL 000002dd: ISZERO 000002de: DUP1 000002df: ISZERO 000002e0: PUSH2 0x02eb 000002e3: JUMPI 000002e4: RETURNDATASIZE 000002e5: PUSH0 000002e6: DUP1 000002e7: RETURNDATACOPY 000002e8: RETURNDATASIZE 000002e9: PUSH0 000002ea: REVERT 000002eb: JUMPDEST 000002ec: POP 000002ed: POP 000002ee: POP 000002ef: POP 000002f0: PUSH1 0x40 000002f2: MLOAD 000002f3: RETURNDATASIZE 000002f4: PUSH1 0x1f 000002f6: NOT 000002f7: PUSH1 0x1f 000002f9: DUP3 000002fa: ADD 000002fb: AND 000002fc: DUP3 000002fd: ADD 000002fe: DUP1 000002ff: PUSH1 0x40 00000301: MSTORE 00000302: POP 00000303: DUP2 00000304: ADD 00000305: SWAP1 00000306: PUSH2 0x030f 00000309: SWAP2 0000030a: SWAP1 0000030b: PUSH2 0x0a6a 0000030e: JUMP 0000030f: JUMPDEST 00000310: SWAP1 00000311: POP 00000312: DUP2 00000313: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000328: AND 00000329: PUSH4 0xa9059cbb 0000032e: PUSH0 0000032f: DUP1 00000330: SLOAD 00000331: SWAP1 00000332: PUSH2 0x0100 00000335: EXP 00000336: SWAP1 00000337: DIV 00000338: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000034d: AND 0000034e: DUP4 0000034f: PUSH1 0x40 00000351: MLOAD 00000352: DUP4 00000353: PUSH4 0xffffffff 00000358: AND 00000359: PUSH1 0xe0 0000035b: SHL 0000035c: DUP2 0000035d: MSTORE 0000035e: PUSH1 0x04 00000360: ADD 00000361: PUSH2 0x036b 00000364: SWAP3 00000365: SWAP2 00000366: SWAP1 00000367: PUSH2 0x0a95 0000036a: JUMP 0000036b: JUMPDEST 0000036c: PUSH1 0x20 0000036e: PUSH1 0x40 00000370: MLOAD 00000371: DUP1 00000372: DUP4 00000373: SUB 00000374: DUP2 00000375: PUSH0 00000376: DUP8 00000377: GAS 00000378: CALL 00000379: ISZERO 0000037a: DUP1 0000037b: ISZERO 0000037c: PUSH2 0x0387 0000037f: JUMPI 00000380: RETURNDATASIZE 00000381: PUSH0 00000382: DUP1 00000383: RETURNDATACOPY 00000384: RETURNDATASIZE 00000385: PUSH0 00000386: REVERT 00000387: JUMPDEST 00000388: POP 00000389: POP 0000038a: POP 0000038b: POP 0000038c: PUSH1 0x40 0000038e: MLOAD 0000038f: RETURNDATASIZE 00000390: PUSH1 0x1f 00000392: NOT 00000393: PUSH1 0x1f 00000395: DUP3 00000396: ADD 00000397: AND 00000398: DUP3 00000399: ADD 0000039a: DUP1 0000039b: PUSH1 0x40 0000039d: MSTORE 0000039e: POP 0000039f: DUP2 000003a0: ADD 000003a1: SWAP1 000003a2: PUSH2 0x03ab 000003a5: SWAP2 000003a6: SWAP1 000003a7: PUSH2 0x0af1 000003aa: JUMP 000003ab: JUMPDEST 000003ac: POP 000003ad: PUSH0 000003ae: DUP1 000003af: SLOAD 000003b0: SWAP1 000003b1: PUSH2 0x0100 000003b4: EXP 000003b5: SWAP1 000003b6: DIV 000003b7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003cc: AND 000003cd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003e2: AND 000003e3: PUSH32 0x6337ed398c0e8467698c581374fdce4db14922df487b5a39483079f5f59b60a4 00000404: DUP5 00000405: DUP4 00000406: PUSH1 0x40 00000408: MLOAD 00000409: PUSH2 0x0413 0000040c: SWAP3 0000040d: SWAP2 0000040e: SWAP1 0000040f: PUSH2 0x0a95 00000412: JUMP 00000413: JUMPDEST 00000414: PUSH1 0x40 00000416: MLOAD 00000417: DUP1 00000418: SWAP2 00000419: SUB 0000041a: SWAP1 0000041b: LOG2 0000041c: POP 0000041d: POP 0000041e: POP 0000041f: JUMP 00000420: JUMPDEST 00000421: PUSH0 00000422: DUP1 00000423: SLOAD 00000424: SWAP1 00000425: PUSH2 0x0100 00000428: EXP 00000429: SWAP1 0000042a: DIV 0000042b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000440: AND 00000441: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000456: AND 00000457: CALLER 00000458: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000046d: AND 0000046e: EQ 0000046f: PUSH2 0x04ad 00000472: JUMPI 00000473: PUSH1 0x40 00000475: MLOAD 00000476: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000497: DUP2 00000498: MSTORE 00000499: PUSH1 0x04 0000049b: ADD 0000049c: PUSH2 0x04a4 0000049f: SWAP1 000004a0: PUSH2 0x0b66 000004a3: JUMP 000004a4: JUMPDEST 000004a5: PUSH1 0x40 000004a7: MLOAD 000004a8: DUP1 000004a9: SWAP2 000004aa: SUB 000004ab: SWAP1 000004ac: REVERT 000004ad: JUMPDEST 000004ae: PUSH0 000004af: DUP3 000004b0: SWAP1 000004b1: POP 000004b2: PUSH0 000004b3: DUP2 000004b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004c9: AND 000004ca: PUSH4 0x23b872dd 000004cf: CALLER 000004d0: ADDRESS 000004d1: DUP7 000004d2: PUSH1 0x40 000004d4: MLOAD 000004d5: DUP5 000004d6: PUSH4 0xffffffff 000004db: AND 000004dc: PUSH1 0xe0 000004de: SHL 000004df: DUP2 000004e0: MSTORE 000004e1: PUSH1 0x04 000004e3: ADD 000004e4: PUSH2 0x04ef 000004e7: SWAP4 000004e8: SWAP3 000004e9: SWAP2 000004ea: SWAP1 000004eb: PUSH2 0x0b84 000004ee: JUMP 000004ef: JUMPDEST 000004f0: PUSH1 0x20 000004f2: PUSH1 0x40 000004f4: MLOAD 000004f5: DUP1 000004f6: DUP4 000004f7: SUB 000004f8: DUP2 000004f9: PUSH0 000004fa: DUP8 000004fb: GAS 000004fc: CALL 000004fd: ISZERO 000004fe: DUP1 000004ff: ISZERO 00000500: PUSH2 0x050b 00000503: JUMPI 00000504: RETURNDATASIZE 00000505: PUSH0 00000506: DUP1 00000507: RETURNDATACOPY 00000508: RETURNDATASIZE 00000509: PUSH0 0000050a: REVERT 0000050b: JUMPDEST 0000050c: POP 0000050d: POP 0000050e: POP 0000050f: POP 00000510: PUSH1 0x40 00000512: MLOAD 00000513: RETURNDATASIZE 00000514: PUSH1 0x1f 00000516: NOT 00000517: PUSH1 0x1f 00000519: DUP3 0000051a: ADD 0000051b: AND 0000051c: DUP3 0000051d: ADD 0000051e: DUP1 0000051f: PUSH1 0x40 00000521: MSTORE 00000522: POP 00000523: DUP2 00000524: ADD 00000525: SWAP1 00000526: PUSH2 0x052f 00000529: SWAP2 0000052a: SWAP1 0000052b: PUSH2 0x0af1 0000052e: JUMP 0000052f: JUMPDEST 00000530: SWAP1 00000531: POP 00000532: DUP1 00000533: PUSH2 0x0571 00000536: JUMPI 00000537: PUSH1 0x40 00000539: MLOAD 0000053a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000055b: DUP2 0000055c: MSTORE 0000055d: PUSH1 0x04 0000055f: ADD 00000560: PUSH2 0x0568 00000563: SWAP1 00000564: PUSH2 0x0c03 00000567: JUMP 00000568: JUMPDEST 00000569: PUSH1 0x40 0000056b: MLOAD 0000056c: DUP1 0000056d: SWAP2 0000056e: SUB 0000056f: SWAP1 00000570: REVERT 00000571: JUMPDEST 00000572: CALLER 00000573: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000588: AND 00000589: PUSH32 0xcbc4a4091b012bb1329c38bbbb15455f5cac5aa3673da0a7f38cd61a4f495517 000005aa: DUP6 000005ab: DUP6 000005ac: PUSH1 0x40 000005ae: MLOAD 000005af: PUSH2 0x05b9 000005b2: SWAP3 000005b3: SWAP2 000005b4: SWAP1 000005b5: PUSH2 0x0a95 000005b8: JUMP 000005b9: JUMPDEST 000005ba: PUSH1 0x40 000005bc: MLOAD 000005bd: DUP1 000005be: SWAP2 000005bf: SUB 000005c0: SWAP1 000005c1: LOG2 000005c2: POP 000005c3: POP 000005c4: POP 000005c5: POP 000005c6: JUMP 000005c7: JUMPDEST 000005c8: PUSH0 000005c9: DUP1 000005ca: SLOAD 000005cb: SWAP1 000005cc: PUSH2 0x0100 000005cf: EXP 000005d0: SWAP1 000005d1: DIV 000005d2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005e7: AND 000005e8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005fd: AND 000005fe: CALLER 000005ff: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000614: AND 00000615: EQ 00000616: PUSH2 0x0654 00000619: JUMPI 0000061a: PUSH1 0x40 0000061c: MLOAD 0000061d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000063e: DUP2 0000063f: MSTORE 00000640: PUSH1 0x04 00000642: ADD 00000643: PUSH2 0x064b 00000646: SWAP1 00000647: PUSH2 0x09d0 0000064a: JUMP 0000064b: JUMPDEST 0000064c: PUSH1 0x40 0000064e: MLOAD 0000064f: DUP1 00000650: SWAP2 00000651: SUB 00000652: SWAP1 00000653: REVERT 00000654: JUMPDEST 00000655: PUSH1 0x01 00000657: SLOAD 00000658: TIMESTAMP 00000659: LT 0000065a: ISZERO 0000065b: PUSH2 0x0699 0000065e: JUMPI 0000065f: PUSH1 0x40 00000661: MLOAD 00000662: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000683: DUP2 00000684: MSTORE 00000685: PUSH1 0x04 00000687: ADD 00000688: PUSH2 0x0690 0000068b: SWAP1 0000068c: PUSH2 0x0a38 0000068f: JUMP 00000690: JUMPDEST 00000691: PUSH1 0x40 00000693: MLOAD 00000694: DUP1 00000695: SWAP2 00000696: SUB 00000697: SWAP1 00000698: REVERT 00000699: JUMPDEST 0000069a: PUSH0 0000069b: SELFBALANCE 0000069c: SWAP1 0000069d: POP 0000069e: PUSH0 0000069f: DUP1 000006a0: SLOAD 000006a1: SWAP1 000006a2: PUSH2 0x0100 000006a5: EXP 000006a6: SWAP1 000006a7: DIV 000006a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006bd: AND 000006be: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006d3: AND 000006d4: PUSH2 0x08fc 000006d7: DUP3 000006d8: SWAP1 000006d9: DUP2 000006da: ISZERO 000006db: MUL 000006dc: SWAP1 000006dd: PUSH1 0x40 000006df: MLOAD 000006e0: PUSH0 000006e1: PUSH1 0x40 000006e3: MLOAD 000006e4: DUP1 000006e5: DUP4 000006e6: SUB 000006e7: DUP2 000006e8: DUP6 000006e9: DUP9 000006ea: DUP9 000006eb: CALL 000006ec: SWAP4 000006ed: POP 000006ee: POP 000006ef: POP 000006f0: POP 000006f1: ISZERO 000006f2: DUP1 000006f3: ISZERO 000006f4: PUSH2 0x06ff 000006f7: JUMPI 000006f8: RETURNDATASIZE 000006f9: PUSH0 000006fa: DUP1 000006fb: RETURNDATACOPY 000006fc: RETURNDATASIZE 000006fd: PUSH0 000006fe: REVERT 000006ff: JUMPDEST 00000700: POP 00000701: PUSH0 00000702: DUP1 00000703: SLOAD 00000704: SWAP1 00000705: PUSH2 0x0100 00000708: EXP 00000709: SWAP1 0000070a: DIV 0000070b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000720: AND 00000721: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000736: AND 00000737: PUSH32 0x06097061aeda806b5e9cb4133d9899f332ff0913956567fc0f7ea15e3d19947c 00000758: DUP3 00000759: PUSH1 0x40 0000075b: MLOAD 0000075c: PUSH2 0x0765 0000075f: SWAP2 00000760: SWAP1 00000761: PUSH2 0x0844 00000764: JUMP 00000765: JUMPDEST 00000766: PUSH1 0x40 00000768: MLOAD 00000769: DUP1 0000076a: SWAP2 0000076b: SUB 0000076c: SWAP1 0000076d: LOG2 0000076e: POP 0000076f: JUMP 00000770: JUMPDEST 00000771: PUSH0 00000772: DUP1 00000773: SLOAD 00000774: SWAP1 00000775: PUSH2 0x0100 00000778: EXP 00000779: SWAP1 0000077a: DIV 0000077b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000790: AND 00000791: DUP2 00000792: JUMP 00000793: JUMPDEST 00000794: PUSH0 00000795: CALLVALUE 00000796: GT 00000797: PUSH2 0x07d5 0000079a: JUMPI 0000079b: PUSH1 0x40 0000079d: MLOAD 0000079e: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000007bf: DUP2 000007c0: MSTORE 000007c1: PUSH1 0x04 000007c3: ADD 000007c4: PUSH2 0x07cc 000007c7: SWAP1 000007c8: PUSH2 0x0c91 000007cb: JUMP 000007cc: JUMPDEST 000007cd: PUSH1 0x40 000007cf: MLOAD 000007d0: DUP1 000007d1: SWAP2 000007d2: SUB 000007d3: SWAP1 000007d4: REVERT 000007d5: JUMPDEST 000007d6: CALLER 000007d7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007ec: AND 000007ed: PUSH32 0x939e51ac2fd009b158d6344f7e68a83d8d18d9b0cc88cf514aac6aaa9cad2a18 0000080e: CALLVALUE 0000080f: PUSH1 0x40 00000811: MLOAD 00000812: PUSH2 0x081b 00000815: SWAP2 00000816: SWAP1 00000817: PUSH2 0x0844 0000081a: JUMP 0000081b: JUMPDEST 0000081c: PUSH1 0x40 0000081e: MLOAD 0000081f: DUP1 00000820: SWAP2 00000821: SUB 00000822: SWAP1 00000823: LOG2 00000824: JUMP 00000825: JUMPDEST 00000826: PUSH0 00000827: SELFBALANCE 00000828: SWAP1 00000829: POP 0000082a: SWAP1 0000082b: JUMP 0000082c: JUMPDEST 0000082d: PUSH0 0000082e: DUP2 0000082f: SWAP1 00000830: POP 00000831: SWAP2 00000832: SWAP1 00000833: POP 00000834: JUMP 00000835: JUMPDEST 00000836: PUSH2 0x083e 00000839: DUP2 0000083a: PUSH2 0x082c 0000083d: JUMP 0000083e: JUMPDEST 0000083f: DUP3 00000840: MSTORE 00000841: POP 00000842: POP 00000843: JUMP 00000844: JUMPDEST 00000845: PUSH0 00000846: PUSH1 0x20 00000848: DUP3 00000849: ADD 0000084a: SWAP1 0000084b: POP 0000084c: PUSH2 0x0857 0000084f: PUSH0 00000850: DUP4 00000851: ADD 00000852: DUP5 00000853: PUSH2 0x0835 00000856: JUMP 00000857: JUMPDEST 00000858: SWAP3 00000859: SWAP2 0000085a: POP 0000085b: POP 0000085c: JUMP 0000085d: JUMPDEST 0000085e: PUSH0 0000085f: DUP1 00000860: REVERT 00000861: JUMPDEST 00000862: PUSH0 00000863: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000878: DUP3 00000879: AND 0000087a: SWAP1 0000087b: POP 0000087c: SWAP2 0000087d: SWAP1 0000087e: POP 0000087f: JUMP 00000880: JUMPDEST 00000881: PUSH0 00000882: PUSH2 0x088a 00000885: DUP3 00000886: PUSH2 0x0861 00000889: JUMP 0000088a: JUMPDEST 0000088b: SWAP1 0000088c: POP 0000088d: SWAP2 0000088e: SWAP1 0000088f: POP 00000890: JUMP 00000891: JUMPDEST 00000892: PUSH2 0x089a 00000895: DUP2 00000896: PUSH2 0x0880 00000899: JUMP 0000089a: JUMPDEST 0000089b: DUP2 0000089c: EQ 0000089d: PUSH2 0x08a4 000008a0: JUMPI 000008a1: PUSH0 000008a2: DUP1 000008a3: REVERT 000008a4: JUMPDEST 000008a5: POP 000008a6: JUMP 000008a7: JUMPDEST 000008a8: PUSH0 000008a9: DUP2 000008aa: CALLDATALOAD 000008ab: SWAP1 000008ac: POP 000008ad: PUSH2 0x08b5 000008b0: DUP2 000008b1: PUSH2 0x0891 000008b4: JUMP 000008b5: JUMPDEST 000008b6: SWAP3 000008b7: SWAP2 000008b8: POP 000008b9: POP 000008ba: JUMP 000008bb: JUMPDEST 000008bc: PUSH0 000008bd: PUSH1 0x20 000008bf: DUP3 000008c0: DUP5 000008c1: SUB 000008c2: SLT 000008c3: ISZERO 000008c4: PUSH2 0x08d0 000008c7: JUMPI 000008c8: PUSH2 0x08cf 000008cb: PUSH2 0x085d 000008ce: JUMP 000008cf: JUMPDEST 000008d0: JUMPDEST 000008d1: PUSH0 000008d2: PUSH2 0x08dd 000008d5: DUP5 000008d6: DUP3 000008d7: DUP6 000008d8: ADD 000008d9: PUSH2 0x08a7 000008dc: JUMP 000008dd: JUMPDEST 000008de: SWAP2 000008df: POP 000008e0: POP 000008e1: SWAP3 000008e2: SWAP2 000008e3: POP 000008e4: POP 000008e5: JUMP 000008e6: JUMPDEST 000008e7: PUSH2 0x08ef 000008ea: DUP2 000008eb: PUSH2 0x082c 000008ee: JUMP 000008ef: JUMPDEST 000008f0: DUP2 000008f1: EQ 000008f2: PUSH2 0x08f9 000008f5: JUMPI 000008f6: PUSH0 000008f7: DUP1 000008f8: REVERT 000008f9: JUMPDEST 000008fa: POP 000008fb: JUMP 000008fc: JUMPDEST 000008fd: PUSH0 000008fe: DUP2 000008ff: CALLDATALOAD 00000900: SWAP1 00000901: POP 00000902: PUSH2 0x090a 00000905: DUP2 00000906: PUSH2 0x08e6 00000909: JUMP 0000090a: JUMPDEST 0000090b: SWAP3 0000090c: SWAP2 0000090d: POP 0000090e: POP 0000090f: JUMP 00000910: JUMPDEST 00000911: PUSH0 00000912: DUP1 00000913: PUSH1 0x40 00000915: DUP4 00000916: DUP6 00000917: SUB 00000918: SLT 00000919: ISZERO 0000091a: PUSH2 0x0926 0000091d: JUMPI 0000091e: PUSH2 0x0925 00000921: PUSH2 0x085d 00000924: JUMP 00000925: JUMPDEST 00000926: JUMPDEST 00000927: PUSH0 00000928: PUSH2 0x0933 0000092b: DUP6 0000092c: DUP3 0000092d: DUP7 0000092e: ADD 0000092f: PUSH2 0x08a7 00000932: JUMP 00000933: JUMPDEST 00000934: SWAP3 00000935: POP 00000936: POP 00000937: PUSH1 0x20 00000939: PUSH2 0x0944 0000093c: DUP6 0000093d: DUP3 0000093e: DUP7 0000093f: ADD 00000940: PUSH2 0x08fc 00000943: JUMP 00000944: JUMPDEST 00000945: SWAP2 00000946: POP 00000947: POP 00000948: SWAP3 00000949: POP 0000094a: SWAP3 0000094b: SWAP1 0000094c: POP 0000094d: JUMP 0000094e: JUMPDEST 0000094f: PUSH2 0x0957 00000952: DUP2 00000953: PUSH2 0x0880 00000956: JUMP 00000957: JUMPDEST 00000958: DUP3 00000959: MSTORE 0000095a: POP 0000095b: POP 0000095c: JUMP 0000095d: JUMPDEST 0000095e: PUSH0 0000095f: PUSH1 0x20 00000961: DUP3 00000962: ADD 00000963: SWAP1 00000964: POP 00000965: PUSH2 0x0970 00000968: PUSH0 00000969: DUP4 0000096a: ADD 0000096b: DUP5 0000096c: PUSH2 0x094e 0000096f: JUMP 00000970: JUMPDEST 00000971: SWAP3 00000972: SWAP2 00000973: POP 00000974: POP 00000975: JUMP 00000976: JUMPDEST 00000977: PUSH0 00000978: DUP3 00000979: DUP3 0000097a: MSTORE 0000097b: PUSH1 0x20 0000097d: DUP3 0000097e: ADD 0000097f: SWAP1 00000980: POP 00000981: SWAP3 00000982: SWAP2 00000983: POP 00000984: POP 00000985: JUMP 00000986: JUMPDEST 00000987: PUSH32 0x596f7520617265206e6f7420746865206f776e65720000000000000000000000 000009a8: PUSH0 000009a9: DUP3 000009aa: ADD 000009ab: MSTORE 000009ac: POP 000009ad: JUMP 000009ae: JUMPDEST 000009af: PUSH0 000009b0: PUSH2 0x09ba 000009b3: PUSH1 0x15 000009b5: DUP4 000009b6: PUSH2 0x0976 000009b9: JUMP 000009ba: JUMPDEST 000009bb: SWAP2 000009bc: POP 000009bd: PUSH2 0x09c5 000009c0: DUP3 000009c1: PUSH2 0x0986 000009c4: JUMP 000009c5: JUMPDEST 000009c6: PUSH1 0x20 000009c8: DUP3 000009c9: ADD 000009ca: SWAP1 000009cb: POP 000009cc: SWAP2 000009cd: SWAP1 000009ce: POP 000009cf: JUMP 000009d0: JUMPDEST 000009d1: PUSH0 000009d2: PUSH1 0x20 000009d4: DUP3 000009d5: ADD 000009d6: SWAP1 000009d7: POP 000009d8: DUP2 000009d9: DUP2 000009da: SUB 000009db: PUSH0 000009dc: DUP4 000009dd: ADD 000009de: MSTORE 000009df: PUSH2 0x09e7 000009e2: DUP2 000009e3: PUSH2 0x09ae 000009e6: JUMP 000009e7: JUMPDEST 000009e8: SWAP1 000009e9: POP 000009ea: SWAP2 000009eb: SWAP1 000009ec: POP 000009ed: JUMP 000009ee: JUMPDEST 000009ef: PUSH32 0x46756e647320617265207374696c6c206c6f636b656400000000000000000000 00000a10: PUSH0 00000a11: DUP3 00000a12: ADD 00000a13: MSTORE 00000a14: POP 00000a15: JUMP 00000a16: JUMPDEST 00000a17: PUSH0 00000a18: PUSH2 0x0a22 00000a1b: PUSH1 0x16 00000a1d: DUP4 00000a1e: PUSH2 0x0976 00000a21: JUMP 00000a22: JUMPDEST 00000a23: SWAP2 00000a24: POP 00000a25: PUSH2 0x0a2d 00000a28: DUP3 00000a29: PUSH2 0x09ee 00000a2c: JUMP 00000a2d: JUMPDEST 00000a2e: PUSH1 0x20 00000a30: DUP3 00000a31: ADD 00000a32: SWAP1 00000a33: POP 00000a34: SWAP2 00000a35: SWAP1 00000a36: POP 00000a37: JUMP 00000a38: JUMPDEST 00000a39: PUSH0 00000a3a: PUSH1 0x20 00000a3c: DUP3 00000a3d: ADD 00000a3e: SWAP1 00000a3f: POP 00000a40: DUP2 00000a41: DUP2 00000a42: SUB 00000a43: PUSH0 00000a44: DUP4 00000a45: ADD 00000a46: MSTORE 00000a47: PUSH2 0x0a4f 00000a4a: DUP2 00000a4b: PUSH2 0x0a16 00000a4e: JUMP 00000a4f: JUMPDEST 00000a50: SWAP1 00000a51: POP 00000a52: SWAP2 00000a53: SWAP1 00000a54: POP 00000a55: JUMP 00000a56: JUMPDEST 00000a57: PUSH0 00000a58: DUP2 00000a59: MLOAD 00000a5a: SWAP1 00000a5b: POP 00000a5c: PUSH2 0x0a64 00000a5f: DUP2 00000a60: PUSH2 0x08e6 00000a63: JUMP 00000a64: JUMPDEST 00000a65: SWAP3 00000a66: SWAP2 00000a67: POP 00000a68: POP 00000a69: JUMP 00000a6a: JUMPDEST 00000a6b: PUSH0 00000a6c: PUSH1 0x20 00000a6e: DUP3 00000a6f: DUP5 00000a70: SUB 00000a71: SLT 00000a72: ISZERO 00000a73: PUSH2 0x0a7f 00000a76: JUMPI 00000a77: PUSH2 0x0a7e 00000a7a: PUSH2 0x085d 00000a7d: JUMP 00000a7e: JUMPDEST 00000a7f: JUMPDEST 00000a80: PUSH0 00000a81: PUSH2 0x0a8c 00000a84: DUP5 00000a85: DUP3 00000a86: DUP6 00000a87: ADD 00000a88: PUSH2 0x0a56 00000a8b: JUMP 00000a8c: JUMPDEST 00000a8d: SWAP2 00000a8e: POP 00000a8f: POP 00000a90: SWAP3 00000a91: SWAP2 00000a92: POP 00000a93: POP 00000a94: JUMP 00000a95: JUMPDEST 00000a96: PUSH0 00000a97: PUSH1 0x40 00000a99: DUP3 00000a9a: ADD 00000a9b: SWAP1 00000a9c: POP 00000a9d: PUSH2 0x0aa8 00000aa0: PUSH0 00000aa1: DUP4 00000aa2: ADD 00000aa3: DUP6 00000aa4: PUSH2 0x094e 00000aa7: JUMP 00000aa8: JUMPDEST 00000aa9: PUSH2 0x0ab5 00000aac: PUSH1 0x20 00000aae: DUP4 00000aaf: ADD 00000ab0: DUP5 00000ab1: PUSH2 0x0835 00000ab4: JUMP 00000ab5: JUMPDEST 00000ab6: SWAP4 00000ab7: SWAP3 00000ab8: POP 00000ab9: POP 00000aba: POP 00000abb: JUMP 00000abc: JUMPDEST 00000abd: PUSH0 00000abe: DUP2 00000abf: ISZERO 00000ac0: ISZERO 00000ac1: SWAP1 00000ac2: POP 00000ac3: SWAP2 00000ac4: SWAP1 00000ac5: POP 00000ac6: JUMP 00000ac7: JUMPDEST 00000ac8: PUSH2 0x0ad0 00000acb: DUP2 00000acc: PUSH2 0x0abc 00000acf: JUMP 00000ad0: JUMPDEST 00000ad1: DUP2 00000ad2: EQ 00000ad3: PUSH2 0x0ada 00000ad6: JUMPI 00000ad7: PUSH0 00000ad8: DUP1 00000ad9: REVERT 00000ada: JUMPDEST 00000adb: POP 00000adc: JUMP 00000add: JUMPDEST 00000ade: PUSH0 00000adf: DUP2 00000ae0: MLOAD 00000ae1: SWAP1 00000ae2: POP 00000ae3: PUSH2 0x0aeb 00000ae6: DUP2 00000ae7: PUSH2 0x0ac7 00000aea: JUMP 00000aeb: JUMPDEST 00000aec: SWAP3 00000aed: SWAP2 00000aee: POP 00000aef: POP 00000af0: JUMP 00000af1: JUMPDEST 00000af2: PUSH0 00000af3: PUSH1 0x20 00000af5: DUP3 00000af6: DUP5 00000af7: SUB 00000af8: SLT 00000af9: ISZERO 00000afa: PUSH2 0x0b06 00000afd: JUMPI 00000afe: PUSH2 0x0b05 00000b01: PUSH2 0x085d 00000b04: JUMP 00000b05: JUMPDEST 00000b06: JUMPDEST 00000b07: PUSH0 00000b08: PUSH2 0x0b13 00000b0b: DUP5 00000b0c: DUP3 00000b0d: DUP6 00000b0e: ADD 00000b0f: PUSH2 0x0add 00000b12: JUMP 00000b13: JUMPDEST 00000b14: SWAP2 00000b15: POP 00000b16: POP 00000b17: SWAP3 00000b18: SWAP2 00000b19: POP 00000b1a: POP 00000b1b: JUMP 00000b1c: JUMPDEST 00000b1d: PUSH32 0x4f6e6c79206f776e65722063616e206465706f73697420746f6b656e73000000 00000b3e: PUSH0 00000b3f: DUP3 00000b40: ADD 00000b41: MSTORE 00000b42: POP 00000b43: JUMP 00000b44: JUMPDEST 00000b45: PUSH0 00000b46: PUSH2 0x0b50 00000b49: PUSH1 0x1d 00000b4b: DUP4 00000b4c: PUSH2 0x0976 00000b4f: JUMP 00000b50: JUMPDEST 00000b51: SWAP2 00000b52: POP 00000b53: PUSH2 0x0b5b 00000b56: DUP3 00000b57: PUSH2 0x0b1c 00000b5a: JUMP 00000b5b: JUMPDEST 00000b5c: PUSH1 0x20 00000b5e: DUP3 00000b5f: ADD 00000b60: SWAP1 00000b61: POP 00000b62: SWAP2 00000b63: SWAP1 00000b64: POP 00000b65: JUMP 00000b66: JUMPDEST 00000b67: PUSH0 00000b68: PUSH1 0x20 00000b6a: DUP3 00000b6b: ADD 00000b6c: SWAP1 00000b6d: POP 00000b6e: DUP2 00000b6f: DUP2 00000b70: SUB 00000b71: PUSH0 00000b72: DUP4 00000b73: ADD 00000b74: MSTORE 00000b75: PUSH2 0x0b7d 00000b78: DUP2 00000b79: PUSH2 0x0b44 00000b7c: JUMP 00000b7d: JUMPDEST 00000b7e: SWAP1 00000b7f: POP 00000b80: SWAP2 00000b81: SWAP1 00000b82: POP 00000b83: JUMP 00000b84: JUMPDEST 00000b85: PUSH0 00000b86: PUSH1 0x60 00000b88: DUP3 00000b89: ADD 00000b8a: SWAP1 00000b8b: POP 00000b8c: PUSH2 0x0b97 00000b8f: PUSH0 00000b90: DUP4 00000b91: ADD 00000b92: DUP7 00000b93: PUSH2 0x094e 00000b96: JUMP 00000b97: JUMPDEST 00000b98: PUSH2 0x0ba4 00000b9b: PUSH1 0x20 00000b9d: DUP4 00000b9e: ADD 00000b9f: DUP6 00000ba0: PUSH2 0x094e 00000ba3: JUMP 00000ba4: JUMPDEST 00000ba5: PUSH2 0x0bb1 00000ba8: PUSH1 0x40 00000baa: DUP4 00000bab: ADD 00000bac: DUP5 00000bad: PUSH2 0x0835 00000bb0: JUMP 00000bb1: JUMPDEST 00000bb2: SWAP5 00000bb3: SWAP4 00000bb4: POP 00000bb5: POP 00000bb6: POP 00000bb7: POP 00000bb8: JUMP 00000bb9: JUMPDEST 00000bba: PUSH32 0x546f6b656e207472616e73666572206661696c65640000000000000000000000 00000bdb: PUSH0 00000bdc: DUP3 00000bdd: ADD 00000bde: MSTORE 00000bdf: POP 00000be0: JUMP 00000be1: JUMPDEST 00000be2: PUSH0 00000be3: PUSH2 0x0bed 00000be6: PUSH1 0x15 00000be8: DUP4 00000be9: PUSH2 0x0976 00000bec: JUMP 00000bed: JUMPDEST 00000bee: SWAP2 00000bef: POP 00000bf0: PUSH2 0x0bf8 00000bf3: DUP3 00000bf4: PUSH2 0x0bb9 00000bf7: JUMP 00000bf8: JUMPDEST 00000bf9: PUSH1 0x20 00000bfb: DUP3 00000bfc: ADD 00000bfd: SWAP1 00000bfe: POP 00000bff: SWAP2 00000c00: SWAP1 00000c01: POP 00000c02: JUMP 00000c03: JUMPDEST 00000c04: PUSH0 00000c05: PUSH1 0x20 00000c07: DUP3 00000c08: ADD 00000c09: SWAP1 00000c0a: POP 00000c0b: DUP2 00000c0c: DUP2 00000c0d: SUB 00000c0e: PUSH0 00000c0f: DUP4 00000c10: ADD 00000c11: MSTORE 00000c12: PUSH2 0x0c1a 00000c15: DUP2 00000c16: PUSH2 0x0be1 00000c19: JUMP 00000c1a: JUMPDEST 00000c1b: SWAP1 00000c1c: POP 00000c1d: SWAP2 00000c1e: SWAP1 00000c1f: POP 00000c20: JUMP 00000c21: JUMPDEST 00000c22: PUSH32 0x4465706f73697420616d6f756e74206d75737420626520677265617465722074 00000c43: PUSH0 00000c44: DUP3 00000c45: ADD 00000c46: MSTORE 00000c47: PUSH32 0x68616e2030000000000000000000000000000000000000000000000000000000 00000c68: PUSH1 0x20 00000c6a: DUP3 00000c6b: ADD 00000c6c: MSTORE 00000c6d: POP 00000c6e: JUMP 00000c6f: JUMPDEST 00000c70: PUSH0 00000c71: PUSH2 0x0c7b 00000c74: PUSH1 0x25 00000c76: DUP4 00000c77: PUSH2 0x0976 00000c7a: JUMP 00000c7b: JUMPDEST 00000c7c: SWAP2 00000c7d: POP 00000c7e: PUSH2 0x0c86 00000c81: DUP3 00000c82: PUSH2 0x0c21 00000c85: JUMP 00000c86: JUMPDEST 00000c87: PUSH1 0x40 00000c89: DUP3 00000c8a: ADD 00000c8b: SWAP1 00000c8c: POP 00000c8d: SWAP2 00000c8e: SWAP1 00000c8f: POP 00000c90: JUMP 00000c91: JUMPDEST 00000c92: PUSH0 00000c93: PUSH1 0x20 00000c95: DUP3 00000c96: ADD 00000c97: SWAP1 00000c98: POP 00000c99: DUP2 00000c9a: DUP2 00000c9b: SUB 00000c9c: PUSH0 00000c9d: DUP4 00000c9e: ADD 00000c9f: MSTORE 00000ca0: PUSH2 0x0ca8 00000ca3: DUP2 00000ca4: PUSH2 0x0c6f 00000ca7: JUMP 00000ca8: JUMPDEST 00000ca9: SWAP1 00000caa: POP 00000cab: SWAP2 00000cac: SWAP1 00000cad: POP 00000cae: JUMP 00000caf: INVALID 00000cb0: LOG2 00000cb1: PUSH5 0x6970667358 00000cb7: UNKNOWN(0x22) 00000cb8: SLT 00000cb9: KECCAK256 00000cba: UNKNOWN(0xE5) 00000cbb: UNKNOWN(0xF8) 00000cbc: UNKNOWN(0xA5) 00000cbd: DUP12 00000cbe: STOP 00000cbf: UNKNOWN(0xC2) 00000cc0: SWAP4 00000cc1: UNKNOWN(0xD1) 00000cc2: SDIV 00000cc3: JUMPDEST 00000cc4: LT 00000cc5: PUSH9 0xb84bbb64592701b090 00000ccf: PUSH14 0xfe34a6e5179a9000634564736f6c 00000cde: PUSH4 0x4300081a 00000ce3: STOP 00000ce4: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0xf5fbfa4d295941a5c1ab1c731027447284b41fa6961691338bb18b548ea3b25c
call_targets:
0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xf5fbfa4d295941a5c1ab1c731027447284b41fa6961691338bb18b548ea3b25c",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x7362377b",
"selector": "0x7362377b",
"calldata_variants": [
"0x7362377b",
"0x7362377b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x98ea5fca",
"selector": "0x98ea5fca",
"calldata_variants": [
"0x98ea5fca",
"0x98ea5fca0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc71daccb",
"selector": "0xc71daccb",
"calldata_variants": [
"0xc71daccb",
"0xc71daccb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x251c1aa3",
"selector": "0x251c1aa3",
"calldata_variants": [
"0x251c1aa3",
"0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x49df728c",
"selector": "0x49df728c",
"calldata_variants": [
"0x49df728c",
"0x49df728c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x66168bd7",
"selector": "0x66168bd7",
"calldata_variants": [
"0x66168bd7",
"0x66168bd70000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 888,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1276,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1771,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 503,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1111,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1534,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0xf5fbfa4d295941a5c1ab1c731027447284b41fa6961691338bb18b548ea3b25c
call_targets:
0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xf5fbfa4d295941a5c1ab1c731027447284b41fa6961691338bb18b548ea3b25c",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x7362377b",
"selector": "0x7362377b",
"calldata_variants": [
"0x7362377b",
"0x7362377b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x98ea5fca",
"selector": "0x98ea5fca",
"calldata_variants": [
"0x98ea5fca",
"0x98ea5fca0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc71daccb",
"selector": "0xc71daccb",
"calldata_variants": [
"0xc71daccb",
"0xc71daccb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x251c1aa3",
"selector": "0x251c1aa3",
"calldata_variants": [
"0x251c1aa3",
"0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x49df728c",
"selector": "0x49df728c",
"calldata_variants": [
"0x49df728c",
"0x49df728c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x66168bd7",
"selector": "0x66168bd7",
"calldata_variants": [
"0x66168bd7",
"0x66168bd70000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 888,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1276,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1771,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 503,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1111,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1534,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|
| low | other | codex | ERC20 transfer return value is unchecked in withdrawTokens | 65 | no | — |
viewevidence_json{
"evidence": "`token.transfer(owner, tokenBalance);` is called without checking the return value.",
"locations": [
"contracts/Contract.sol:55"
],
"recommendation": "Check the boolean return from `token.transfer` and revert on failure (or use a safe ERC20 wrapper that handles non-standard tokens).",
"exploit_scenario": "If the token is non-compliant or malicious and returns `false` without reverting, `withdrawTokens` will emit a `TokensWithdrawn` event even though no tokens were transferred. This can mislead monitoring/accounting and leave funds stuck in the wallet until a compliant transfer is used."
}
|
| low | other | codex | Using `transfer` for Ether withdrawal can lock funds for contract owners | 65 | no | — |
viewevidence_json{
"evidence": "`payable(owner).transfer(balance);` relies on 2300 gas stipend.",
"locations": [
"contracts/Contract.sol:46"
],
"recommendation": "Use `call{value: balance}()` and handle the boolean return value; consider emitting a failure event or reverting on failure.",
"exploit_scenario": "If the owner is a smart contract whose fallback/receive needs more than 2300 gas (or reverts), `withdrawEther` will always revert, permanently locking Ether in the wallet."
}
|