019bab3b-aa19-71a6-879c-a96e48ff592a
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38247 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38248 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38249 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38250 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38251 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38252 | detector.run | complete | 1 / 3 | 3 months ago |
| 38253 | validation.fork | complete | 1 / 3 | 3 months ago |
| 38917 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 38918 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-gv6ckq6o)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-gv6ckq6o)
StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613) performs a multiplication on the result of a division:
- accBsdPerShare = accBsdPerShare.add(_generatedReward.div(poolLength).mul(1e18).div(lpSupply)) (contracts/Contract.sol#609-612)
StablesPool.updatePool(uint256) (contracts/Contract.sol#614-625) performs a multiplication on the result of a division:
- pool.accBsdPerShare = pool.accBsdPerShare.add(_generatedReward.div(poolLength).mul(1e18).div(lpSupply)) (contracts/Contract.sol#620-623)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
StablesPool.updatePool(uint256) (contracts/Contract.sol#614-625) uses a dangerous strict equality:
- lpSupply == 0 (contracts/Contract.sol#619)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#636)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
- pool.lpToken.safeTransferFrom(_sender,address(this),_amount) (contracts/Contract.sol#638-641)
State variables written after the call(s):
- user.amount = user.amount.add(_amount) (contracts/Contract.sol#641-642)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
- user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18) (contracts/Contract.sol#642-644)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
Reentrancy in StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674):
External calls:
- pool.lpToken.safeTransfer(address(msg.sender),user.amount) (contracts/Contract.sol#669-671)
State variables written after the call(s):
- user.amount = 0 (contracts/Contract.sol#672)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
- user.rewardDebt = 0 (contracts/Contract.sol#673-674)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
State variables written after the call(s):
- user.amount = user.amount.sub(_amount) (contracts/Contract.sol#658-659)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
- pool.lpToken.safeTransfer(_sender,_amount) (contracts/Contract.sol#659-662)
State variables written after the call(s):
- user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18) (contracts/Contract.sol#663-664)
StablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:
- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)
- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)
- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)
- StablesPool.userInfo (contracts/Contract.sol#520-524)
- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
Reentrancy in StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#636)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
Event emitted after the call(s):
- RewardPaid(_sender,_pending) (contracts/Contract.sol#637)
Reentrancy in StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#636)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
- pool.lpToken.safeTransferFrom(_sender,address(this),_amount) (contracts/Contract.sol#638-641)
Event emitted after the call(s):
- Deposit(_sender,_pid,_amount) (contracts/Contract.sol#644-645)
Reentrancy in StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674):
External calls:
- pool.lpToken.safeTransfer(address(msg.sender),user.amount) (contracts/Contract.sol#669-671)
Event emitted after the call(s):
- EmergencyWithdraw(msg.sender,_pid,user.amount) (contracts/Contract.sol#671-672)
Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
Event emitted after the call(s):
- RewardPaid(_sender,_pending) (contracts/Contract.sol#656-658)
Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):
External calls:
- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)
- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)
- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)
- pool.lpToken.safeTransfer(_sender,_amount) (contracts/Contract.sol#659-662)
Event emitted after the call(s):
- Withdraw(_sender,_pid,_amount) (contracts/Contract.sol#664-665)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/Contract.sol#263-274) uses assembly
- INLINE ASM (contracts/Contract.sol#273)
Address._functionCallWithValue(address,bytes,uint256,string) (contracts/Contract.sol#369-395) uses assembly
- INLINE ASM (contracts/Contract.sol#389-393)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Version constraint 0.6.12 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching
- EmptyByteArrayCopy
- DynamicArrayCleanup.
It is used by:
- 0.6.12 (contracts/Contract.sol#2-3)
solc-0.6.12 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
Low level call in Address.sendValue(address,uint256) (contracts/Contract.sol#296-302):
- (success,None) = recipient.call{value: amount}() (contracts/Contract.sol#299-300)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (contracts/Contract.sol#369-395):
- (success,returndata) = target.call{value: weiValue}(data) (contracts/Contract.sol#377-380)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter StablesPool.getGeneratedReward(uint256,uint256)._from (contracts/Contract.sol#582) is not in mixedCase
Parameter StablesPool.getGeneratedReward(uint256,uint256)._to (contracts/Contract.sol#582) is not in mixedCase
Parameter StablesPool.pendingBasisDollar(uint256,address)._pid (contracts/Contract.sol#602-603) is not in mixedCase
Parameter StablesPool.pendingBasisDollar(uint256,address)._user (contracts/Contract.sol#603) is not in mixedCase
Parameter StablesPool.updatePool(uint256)._pid (contracts/Contract.sol#615) is not in mixedCase
Parameter StablesPool.deposit(uint256,uint256)._pid (contracts/Contract.sol#626) is not in mixedCase
Parameter StablesPool.deposit(uint256,uint256)._amount (contracts/Contract.sol#626-627) is not in mixedCase
Parameter StablesPool.withdraw(uint256,uint256)._pid (contracts/Contract.sol#646) is not in mixedCase
Parameter StablesPool.withdraw(uint256,uint256)._amount (contracts/Contract.sol#647) is not in mixedCase
Parameter StablesPool.emergencyWithdraw(uint256)._pid (contracts/Contract.sol#667) is not in mixedCase
Parameter StablesPool.safeBsdTransfer(address,uint256)._to (contracts/Contract.sol#678) is not in mixedCase
Parameter StablesPool.safeBsdTransfer(address,uint256)._amount (contracts/Contract.sol#678) is not in mixedCase
Parameter StablesPool.setGovernance(address)._governance (contracts/Contract.sol#685) is not in mixedCase
Parameter StablesPool.governanceRecoverUnsupported(IERC20,uint256,address)._token (contracts/Contract.sol#692) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
StablesPool.slitherConstructorVariables() (contracts/Contract.sol#488-706) uses literals with too many digits:
- epochTotalRewards = (200000000000000000000000,150000000000000000000000,100000000000000000000000,50000000000000000000000) (contracts/Contract.sol#527-528)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits
StablesPool.poolLength (contracts/Contract.sol#525) should be constant
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant
StablesPool.bsd (contracts/Contract.sol#517-519) should be immutable
StablesPool.startBlock (contracts/Contract.sol#524-525) should be immutable
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable
. analyzed (5 contracts with 100 detectors), 38 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.6.12",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.6.12",
"install_stderr": null,
"install_stdout": "Version '0.6.12' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-gv6ckq6o --allow-paths /tmp/slither-gv6ckq6o,/tmp/slither-gv6ckq6o/lib,/tmp/slither-gv6ckq6o/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 38,
"workspace_hash": "c0755fb386c109e9d1f5a07555b21fcdff703d18aadda5c0c83ae93792aaa9ea",
"duration_seconds": 0.904477596282959,
"solc_version_requested": "0.6.12"
}
{"no_findings":false,"summary":"Found reentrancy surfaces around reward payouts and emergency withdrawals, plus unchecked reward token transfers that can desync accounting.","findings":[{"severity":"medium","category":"reentrancy","title":"Reward payout before state update enables reentrancy double-claims","exploit_scenario":"If the reward token is malicious or ERC777-like, its transfer hook can reenter `deposit`/`withdraw` before `user.rewardDebt` is updated, repeatedly claiming the same pending rewards in a single transaction.","recommendation":"Apply checks-effects-interactions: update `user.rewardDebt` (and `user.amount` where relevant) before any external transfer, or add `nonReentrant` and use a pull-based reward claim.","evidence":"`deposit`/`withdraw` call `safeBsdTransfer` (external call) before updating `user.rewardDebt`.","locations":["contracts/Contract.sol:641","contracts/Contract.sol:662","contracts/Contract.sol:693"]},{"severity":"medium","category":"reentrancy","title":"Emergency withdrawal transfers before zeroing balances","exploit_scenario":"A malicious LP token can reenter `emergencyWithdraw` during `safeTransfer`, allowing the same `user.amount` to be withdrawn multiple times before it is reset to zero.","recommendation":"Zero `user.amount` and `user.rewardDebt` before transferring LP tokens and/or guard with `nonReentrant`.","evidence":"`emergencyWithdraw` performs `pool.lpToken.safeTransfer` before setting `user.amount = 0`.","locations":["contracts/Contract.sol:683"]},{"severity":"low","category":"other","title":"Unchecked ERC20 return values on reward transfers","exploit_scenario":"If `bsd.transfer` returns false (or a non-standard token), the function does not revert and still updates `rewardDebt`, permanently forfeiting user rewards.","recommendation":"Use `SafeERC20.safeTransfer` for `bsd` transfers or explicitly require the return value to be true.","evidence":"`safeBsdTransfer` calls `bsd.transfer` without checking the return value.","locations":["contracts/Contract.sol:693"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-_a8vw5ne
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bab4e-9328-7410-a77a-66ef73f0a51b
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Preparing to audit AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-_a8vw5ne succeeded in 8ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-_a8vw5ne succeeded in 27ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
// SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
thinking
**Analyzing governance and reentrancy risks**
exec
/bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-_a8vw5ne succeeded in 10ms:
1 // SPDX-License-Identifier: MIT
2
3 pragma solidity 0.6.12;
4
5 /**
6 * @dev Interface of the ERC20 standard as defined in the EIP.
7 */
8 interface IERC20 {
9 /**
10 * @dev Returns the amount of tokens in existence.
11 */
12 function totalSupply() external view returns (uint256);
13
14 /**
15 * @dev Returns the amount of tokens owned by `account`.
16 */
17 function balanceOf(address account) external view returns (uint256);
18
19 /**
20 * @dev Moves `amount` tokens from the caller's account to `recipient`.
thinking
**Summarizing reentrancy and transfer risks**
I'm compiling findings about reentrancy issues in reward payouts and emergency withdrawals, plus the risk from unchecked token transfer return values. I’m considering severity, exploit scenarios, evidence with specific code lines, and clear recommendations like using nonReentrant or SafeERC20 patterns. Then, I'll format all that neatly into JSON per the schema.
codex
{"no_findings":false,"summary":"Found reentrancy surfaces around reward payouts and emergency withdrawals, plus unchecked reward token transfers that can desync accounting.","findings":[{"severity":"medium","category":"reentrancy","title":"Reward payout before state update enables reentrancy double-claims","exploit_scenario":"If the reward token is malicious or ERC777-like, its transfer hook can reenter `deposit`/`withdraw` before `user.rewardDebt` is updated, repeatedly claiming the same pending rewards in a single transaction.","recommendation":"Apply checks-effects-interactions: update `user.rewardDebt` (and `user.amount` where relevant) before any external transfer, or add `nonReentrant` and use a pull-based reward claim.","evidence":"`deposit`/`withdraw` call `safeBsdTransfer` (external call) before updating `user.rewardDebt`.","locations":["contracts/Contract.sol:641","contracts/Contract.sol:662","contracts/Contract.sol:693"]},{"severity":"medium","category":"reentrancy","title":"Emergency withdrawal transfers before zeroing balances","exploit_scenario":"A malicious LP token can reenter `emergencyWithdraw` during `safeTransfer`, allowing the same `user.amount` to be withdrawn multiple times before it is reset to zero.","recommendation":"Zero `user.amount` and `user.rewardDebt` before transferring LP tokens and/or guard with `nonReentrant`.","evidence":"`emergencyWithdraw` performs `pool.lpToken.safeTransfer` before setting `user.amount = 0`.","locations":["contracts/Contract.sol:683"]},{"severity":"low","category":"other","title":"Unchecked ERC20 return values on reward transfers","exploit_scenario":"If `bsd.transfer` returns false (or a non-standard token), the function does not revert and still updates `rewardDebt`, permanently forfeiting user rewards.","recommendation":"Use `SafeERC20.safeTransfer` for `bsd` transfers or explicitly require the return value to be true.","evidence":"`safeBsdTransfer` calls `bsd.transfer` without checking the return value.","locations":["contracts/Contract.sol:693"]}]}
tokens used
23,281
{
"codex": {
"ran_at": "2026-01-11T04:27:50.644625+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": "Found reentrancy surfaces around reward payouts and emergency withdrawals, plus unchecked reward token transfers that can desync accounting.",
"raw_final": {
"summary": "Found reentrancy surfaces around reward payouts and emergency withdrawals, plus unchecked reward token transfers that can desync accounting.",
"findings": [
{
"title": "Reward payout before state update enables reentrancy double-claims",
"category": "reentrancy",
"evidence": "`deposit`/`withdraw` call `safeBsdTransfer` (external call) before updating `user.rewardDebt`.",
"severity": "medium",
"locations": [
"contracts/Contract.sol:641",
"contracts/Contract.sol:662",
"contracts/Contract.sol:693"
],
"recommendation": "Apply checks-effects-interactions: update `user.rewardDebt` (and `user.amount` where relevant) before any external transfer, or add `nonReentrant` and use a pull-based reward claim.",
"exploit_scenario": "If the reward token is malicious or ERC777-like, its transfer hook can reenter `deposit`/`withdraw` before `user.rewardDebt` is updated, repeatedly claiming the same pending rewards in a single transaction."
},
{
"title": "Emergency withdrawal transfers before zeroing balances",
"category": "reentrancy",
"evidence": "`emergencyWithdraw` performs `pool.lpToken.safeTransfer` before setting `user.amount = 0`.",
"severity": "medium",
"locations": [
"contracts/Contract.sol:683"
],
"recommendation": "Zero `user.amount` and `user.rewardDebt` before transferring LP tokens and/or guard with `nonReentrant`.",
"exploit_scenario": "A malicious LP token can reenter `emergencyWithdraw` during `safeTransfer`, allowing the same `user.amount` to be withdrawn multiple times before it is reset to zero."
},
{
"title": "Unchecked ERC20 return values on reward transfers",
"category": "other",
"evidence": "`safeBsdTransfer` calls `bsd.transfer` without checking the return value.",
"severity": "low",
"locations": [
"contracts/Contract.sol:693"
],
"recommendation": "Use `SafeERC20.safeTransfer` for `bsd` transfers or explicitly require the return value to be true.",
"exploit_scenario": "If `bsd.transfer` returns false (or a non-standard token), the function does not revert and still updates `rewardDebt`, permanently forfeiting user rewards."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLVALUE 00000006: DUP1 00000007: ISZERO 00000008: PUSH2 0x0010 0000000b: JUMPI 0000000c: PUSH1 0x00 0000000e: DUP1 0000000f: REVERT 00000010: JUMPDEST 00000011: POP 00000012: PUSH1 0x04 00000014: CALLDATASIZE 00000015: LT 00000016: PUSH2 0x0136 00000019: JUMPI 0000001a: PUSH1 0x00 0000001c: CALLDATALOAD 0000001d: PUSH1 0xe0 0000001f: SHR 00000020: DUP1 00000021: PUSH4 0x5aa6e675 00000026: GT 00000027: PUSH2 0x00b2 0000002a: JUMPI 0000002b: DUP1 0000002c: PUSH4 0xab033ea9 00000031: GT 00000032: PUSH2 0x0081 00000035: JUMPI 00000036: DUP1 00000037: PUSH4 0xe2a29690 0000003c: GT 0000003d: PUSH2 0x0066 00000040: JUMPI 00000041: DUP1 00000042: PUSH4 0xe2a29690 00000047: EQ 00000048: PUSH2 0x03aa 0000004b: JUMPI 0000004c: DUP1 0000004d: PUSH4 0xe2bbb158 00000052: EQ 00000053: PUSH2 0x03c7 00000056: JUMPI 00000057: DUP1 00000058: PUSH4 0xfc47e209 0000005d: EQ 0000005e: PUSH2 0x03ea 00000061: JUMPI 00000062: PUSH2 0x0136 00000065: JUMP 00000066: JUMPDEST 00000067: DUP1 00000068: PUSH4 0xab033ea9 0000006d: EQ 0000006e: PUSH2 0x036f 00000071: JUMPI 00000072: DUP1 00000073: PUSH4 0xd56c2ec2 00000078: EQ 00000079: PUSH2 0x03a2 0000007c: JUMPI 0000007d: PUSH2 0x0136 00000080: JUMP 00000081: JUMPDEST 00000082: DUP1 00000083: PUSH4 0x5aa6e675 00000088: EQ 00000089: PUSH2 0x0291 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0x93f1a40b 00000093: EQ 00000094: PUSH2 0x02c2 00000097: JUMPI 00000098: DUP1 00000099: PUSH4 0x9a25cefc 0000009e: EQ 0000009f: PUSH2 0x0319 000000a2: JUMPI 000000a3: DUP1 000000a4: PUSH4 0x9dbd7045 000000a9: EQ 000000aa: PUSH2 0x0336 000000ad: JUMPI 000000ae: PUSH2 0x0136 000000b1: JUMP 000000b2: JUMPDEST 000000b3: DUP1 000000b4: PUSH4 0x441a3e70 000000b9: GT 000000ba: PUSH2 0x0109 000000bd: JUMPI 000000be: DUP1 000000bf: PUSH4 0x51eb05a6 000000c4: GT 000000c5: PUSH2 0x00ee 000000c8: JUMPI 000000c9: DUP1 000000ca: PUSH4 0x51eb05a6 000000cf: EQ 000000d0: PUSH2 0x0214 000000d3: JUMPI 000000d4: DUP1 000000d5: PUSH4 0x5312ea8e 000000da: EQ 000000db: PUSH2 0x0231 000000de: JUMPI 000000df: DUP1 000000e0: PUSH4 0x54575af4 000000e5: EQ 000000e6: PUSH2 0x024e 000000e9: JUMPI 000000ea: PUSH2 0x0136 000000ed: JUMP 000000ee: JUMPDEST 000000ef: DUP1 000000f0: PUSH4 0x441a3e70 000000f5: EQ 000000f6: PUSH2 0x01e7 000000f9: JUMPI 000000fa: DUP1 000000fb: PUSH4 0x48cd4cb1 00000100: EQ 00000101: PUSH2 0x020c 00000104: JUMPI 00000105: PUSH2 0x0136 00000108: JUMP 00000109: JUMPDEST 0000010a: DUP1 0000010b: PUSH4 0x081e3eda 00000110: EQ 00000111: PUSH2 0x013b 00000114: JUMPI 00000115: DUP1 00000116: PUSH4 0x1526fe27 0000011b: EQ 0000011c: PUSH2 0x0155 0000011f: JUMPI 00000120: DUP1 00000121: PUSH4 0x231f0c6a 00000126: EQ 00000127: PUSH2 0x01a7 0000012a: JUMPI 0000012b: DUP1 0000012c: PUSH4 0x3fd50001 00000131: EQ 00000132: PUSH2 0x01ca 00000135: JUMPI 00000136: JUMPDEST 00000137: PUSH1 0x00 00000139: DUP1 0000013a: REVERT 0000013b: JUMPDEST 0000013c: PUSH2 0x0143 0000013f: PUSH2 0x03f2 00000142: JUMP 00000143: JUMPDEST 00000144: PUSH1 0x40 00000146: DUP1 00000147: MLOAD 00000148: SWAP2 00000149: DUP3 0000014a: MSTORE 0000014b: MLOAD 0000014c: SWAP1 0000014d: DUP2 0000014e: SWAP1 0000014f: SUB 00000150: PUSH1 0x20 00000152: ADD 00000153: SWAP1 00000154: RETURN 00000155: JUMPDEST 00000156: PUSH2 0x0172 00000159: PUSH1 0x04 0000015b: DUP1 0000015c: CALLDATASIZE 0000015d: SUB 0000015e: PUSH1 0x20 00000160: DUP2 00000161: LT 00000162: ISZERO 00000163: PUSH2 0x016b 00000166: JUMPI 00000167: PUSH1 0x00 00000169: DUP1 0000016a: REVERT 0000016b: JUMPDEST 0000016c: POP 0000016d: CALLDATALOAD 0000016e: PUSH2 0x03f8 00000171: JUMP 00000172: JUMPDEST 00000173: PUSH1 0x40 00000175: DUP1 00000176: MLOAD 00000177: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000018c: SWAP1 0000018d: SWAP5 0000018e: AND 0000018f: DUP5 00000190: MSTORE 00000191: PUSH1 0x20 00000193: DUP5 00000194: ADD 00000195: SWAP3 00000196: SWAP1 00000197: SWAP3 00000198: MSTORE 00000199: DUP3 0000019a: DUP3 0000019b: ADD 0000019c: MSTORE 0000019d: MLOAD 0000019e: SWAP1 0000019f: DUP2 000001a0: SWAP1 000001a1: SUB 000001a2: PUSH1 0x60 000001a4: ADD 000001a5: SWAP1 000001a6: RETURN 000001a7: JUMPDEST 000001a8: PUSH2 0x0143 000001ab: PUSH1 0x04 000001ad: DUP1 000001ae: CALLDATASIZE 000001af: SUB 000001b0: PUSH1 0x40 000001b2: DUP2 000001b3: LT 000001b4: ISZERO 000001b5: PUSH2 0x01bd 000001b8: JUMPI 000001b9: PUSH1 0x00 000001bb: DUP1 000001bc: REVERT 000001bd: JUMPDEST 000001be: POP 000001bf: DUP1 000001c0: CALLDATALOAD 000001c1: SWAP1 000001c2: PUSH1 0x20 000001c4: ADD 000001c5: CALLDATALOAD 000001c6: PUSH2 0x043f 000001c9: JUMP 000001ca: JUMPDEST 000001cb: PUSH2 0x0143 000001ce: PUSH1 0x04 000001d0: DUP1 000001d1: CALLDATASIZE 000001d2: SUB 000001d3: PUSH1 0x20 000001d5: DUP2 000001d6: LT 000001d7: ISZERO 000001d8: PUSH2 0x01e0 000001db: JUMPI 000001dc: PUSH1 0x00 000001de: DUP1 000001df: REVERT 000001e0: JUMPDEST 000001e1: POP 000001e2: CALLDATALOAD 000001e3: PUSH2 0x063a 000001e6: JUMP 000001e7: JUMPDEST 000001e8: PUSH2 0x020a 000001eb: PUSH1 0x04 000001ed: DUP1 000001ee: CALLDATASIZE 000001ef: SUB 000001f0: PUSH1 0x40 000001f2: DUP2 000001f3: LT 000001f4: ISZERO 000001f5: PUSH2 0x01fd 000001f8: JUMPI 000001f9: PUSH1 0x00 000001fb: DUP1 000001fc: REVERT 000001fd: JUMPDEST 000001fe: POP 000001ff: DUP1 00000200: CALLDATALOAD 00000201: SWAP1 00000202: PUSH1 0x20 00000204: ADD 00000205: CALLDATALOAD 00000206: PUSH2 0x064e 00000209: JUMP 0000020a: JUMPDEST 0000020b: STOP 0000020c: JUMPDEST 0000020d: PUSH2 0x0143 00000210: PUSH2 0x0866 00000213: JUMP 00000214: JUMPDEST 00000215: PUSH2 0x020a 00000218: PUSH1 0x04 0000021a: DUP1 0000021b: CALLDATASIZE 0000021c: SUB 0000021d: PUSH1 0x20 0000021f: DUP2 00000220: LT 00000221: ISZERO 00000222: PUSH2 0x022a 00000225: JUMPI 00000226: PUSH1 0x00 00000228: DUP1 00000229: REVERT 0000022a: JUMPDEST 0000022b: POP 0000022c: CALLDATALOAD 0000022d: PUSH2 0x086c 00000230: JUMP 00000231: JUMPDEST 00000232: PUSH2 0x020a 00000235: PUSH1 0x04 00000237: DUP1 00000238: CALLDATASIZE 00000239: SUB 0000023a: PUSH1 0x20 0000023c: DUP2 0000023d: LT 0000023e: ISZERO 0000023f: PUSH2 0x0247 00000242: JUMPI 00000243: PUSH1 0x00 00000245: DUP1 00000246: REVERT 00000247: JUMPDEST 00000248: POP 00000249: CALLDATALOAD 0000024a: PUSH2 0x09a3 0000024d: JUMP 0000024e: JUMPDEST 0000024f: PUSH2 0x020a 00000252: PUSH1 0x04 00000254: DUP1 00000255: CALLDATASIZE 00000256: SUB 00000257: PUSH1 0x60 00000259: DUP2 0000025a: LT 0000025b: ISZERO 0000025c: PUSH2 0x0264 0000025f: JUMPI 00000260: PUSH1 0x00 00000262: DUP1 00000263: REVERT 00000264: JUMPDEST 00000265: POP 00000266: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000027b: DUP2 0000027c: CALLDATALOAD 0000027d: DUP2 0000027e: AND 0000027f: SWAP2 00000280: PUSH1 0x20 00000282: DUP2 00000283: ADD 00000284: CALLDATALOAD 00000285: SWAP2 00000286: PUSH1 0x40 00000288: SWAP1 00000289: SWAP2 0000028a: ADD 0000028b: CALLDATALOAD 0000028c: AND 0000028d: PUSH2 0x0a48 00000290: JUMP 00000291: JUMPDEST 00000292: PUSH2 0x0299 00000295: PUSH2 0x0c52 00000298: JUMP 00000299: JUMPDEST 0000029a: PUSH1 0x40 0000029c: DUP1 0000029d: MLOAD 0000029e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002b3: SWAP1 000002b4: SWAP3 000002b5: AND 000002b6: DUP3 000002b7: MSTORE 000002b8: MLOAD 000002b9: SWAP1 000002ba: DUP2 000002bb: SWAP1 000002bc: SUB 000002bd: PUSH1 0x20 000002bf: ADD 000002c0: SWAP1 000002c1: RETURN 000002c2: JUMPDEST 000002c3: PUSH2 0x02fb 000002c6: PUSH1 0x04 000002c8: DUP1 000002c9: CALLDATASIZE 000002ca: SUB 000002cb: PUSH1 0x40 000002cd: DUP2 000002ce: LT 000002cf: ISZERO 000002d0: PUSH2 0x02d8 000002d3: JUMPI 000002d4: PUSH1 0x00 000002d6: DUP1 000002d7: REVERT 000002d8: JUMPDEST 000002d9: POP 000002da: DUP1 000002db: CALLDATALOAD 000002dc: SWAP1 000002dd: PUSH1 0x20 000002df: ADD 000002e0: CALLDATALOAD 000002e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002f6: AND 000002f7: PUSH2 0x0c6e 000002fa: JUMP 000002fb: JUMPDEST 000002fc: PUSH1 0x40 000002fe: DUP1 000002ff: MLOAD 00000300: SWAP4 00000301: DUP5 00000302: MSTORE 00000303: PUSH1 0x20 00000305: DUP5 00000306: ADD 00000307: SWAP3 00000308: SWAP1 00000309: SWAP3 0000030a: MSTORE 0000030b: DUP3 0000030c: DUP3 0000030d: ADD 0000030e: MSTORE 0000030f: MLOAD 00000310: SWAP1 00000311: DUP2 00000312: SWAP1 00000313: SUB 00000314: PUSH1 0x60 00000316: ADD 00000317: SWAP1 00000318: RETURN 00000319: JUMPDEST 0000031a: PUSH2 0x0143 0000031d: PUSH1 0x04 0000031f: DUP1 00000320: CALLDATASIZE 00000321: SUB 00000322: PUSH1 0x20 00000324: DUP2 00000325: LT 00000326: ISZERO 00000327: PUSH2 0x032f 0000032a: JUMPI 0000032b: PUSH1 0x00 0000032d: DUP1 0000032e: REVERT 0000032f: JUMPDEST 00000330: POP 00000331: CALLDATALOAD 00000332: PUSH2 0x0c9a 00000335: JUMP 00000336: JUMPDEST 00000337: PUSH2 0x0143 0000033a: PUSH1 0x04 0000033c: DUP1 0000033d: CALLDATASIZE 0000033e: SUB 0000033f: PUSH1 0x40 00000341: DUP2 00000342: LT 00000343: ISZERO 00000344: PUSH2 0x034c 00000347: JUMPI 00000348: PUSH1 0x00 0000034a: DUP1 0000034b: REVERT 0000034c: JUMPDEST 0000034d: POP 0000034e: DUP1 0000034f: CALLDATALOAD 00000350: SWAP1 00000351: PUSH1 0x20 00000353: ADD 00000354: CALLDATALOAD 00000355: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000036a: AND 0000036b: PUSH2 0x0cb8 0000036e: JUMP 0000036f: JUMPDEST 00000370: PUSH2 0x020a 00000373: PUSH1 0x04 00000375: DUP1 00000376: CALLDATASIZE 00000377: SUB 00000378: PUSH1 0x20 0000037a: DUP2 0000037b: LT 0000037c: ISZERO 0000037d: PUSH2 0x0385 00000380: JUMPI 00000381: PUSH1 0x00 00000383: DUP1 00000384: REVERT 00000385: JUMPDEST 00000386: POP 00000387: CALLDATALOAD 00000388: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000039d: AND 0000039e: PUSH2 0x0e28 000003a1: JUMP 000003a2: JUMPDEST 000003a3: PUSH2 0x0299 000003a6: PUSH2 0x0f79 000003a9: JUMP 000003aa: JUMPDEST 000003ab: PUSH2 0x0143 000003ae: PUSH1 0x04 000003b0: DUP1 000003b1: CALLDATASIZE 000003b2: SUB 000003b3: PUSH1 0x20 000003b5: DUP2 000003b6: LT 000003b7: ISZERO 000003b8: PUSH2 0x03c0 000003bb: JUMPI 000003bc: PUSH1 0x00 000003be: DUP1 000003bf: REVERT 000003c0: JUMPDEST 000003c1: POP 000003c2: CALLDATALOAD 000003c3: PUSH2 0x0f95 000003c6: JUMP 000003c7: JUMPDEST 000003c8: PUSH2 0x020a 000003cb: PUSH1 0x04 000003cd: DUP1 000003ce: CALLDATASIZE 000003cf: SUB 000003d0: PUSH1 0x40 000003d2: DUP2 000003d3: LT 000003d4: ISZERO 000003d5: PUSH2 0x03dd 000003d8: JUMPI 000003d9: PUSH1 0x00 000003db: DUP1 000003dc: REVERT 000003dd: JUMPDEST 000003de: POP 000003df: DUP1 000003e0: CALLDATALOAD 000003e1: SWAP1 000003e2: PUSH1 0x20 000003e4: ADD 000003e5: CALLDATALOAD 000003e6: PUSH2 0x0fa2 000003e9: JUMP 000003ea: JUMPDEST 000003eb: PUSH2 0x0143 000003ee: PUSH2 0x1146 000003f1: JUMP 000003f2: JUMPDEST 000003f3: PUSH1 0x05 000003f5: SLOAD 000003f6: DUP2 000003f7: JUMP 000003f8: JUMPDEST 000003f9: PUSH1 0x02 000003fb: DUP2 000003fc: DUP2 000003fd: SLOAD 000003fe: DUP2 000003ff: LT 00000400: PUSH2 0x0405 00000403: JUMPI 00000404: INVALID 00000405: JUMPDEST 00000406: PUSH1 0x00 00000408: SWAP2 00000409: DUP3 0000040a: MSTORE 0000040b: PUSH1 0x20 0000040d: SWAP1 0000040e: SWAP2 0000040f: KECCAK256 00000410: PUSH1 0x03 00000412: SWAP1 00000413: SWAP2 00000414: MUL 00000415: ADD 00000416: DUP1 00000417: SLOAD 00000418: PUSH1 0x01 0000041a: DUP3 0000041b: ADD 0000041c: SLOAD 0000041d: PUSH1 0x02 0000041f: SWAP1 00000420: SWAP3 00000421: ADD 00000422: SLOAD 00000423: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000438: SWAP1 00000439: SWAP2 0000043a: AND 0000043b: SWAP3 0000043c: POP 0000043d: DUP4 0000043e: JUMP 0000043f: JUMPDEST 00000440: PUSH1 0x00 00000442: PUSH1 0x04 00000444: JUMPDEST 00000445: PUSH1 0x01 00000447: DUP2 00000448: PUSH1 0xff 0000044a: AND 0000044b: LT 0000044c: PUSH2 0x061f 0000044f: JUMPI 00000450: PUSH1 0x07 00000452: PUSH1 0x01 00000454: DUP3 00000455: SUB 00000456: PUSH1 0xff 00000458: AND 00000459: PUSH1 0x04 0000045b: DUP2 0000045c: LT 0000045d: PUSH2 0x0462 00000460: JUMPI 00000461: INVALID 00000462: JUMPDEST 00000463: ADD 00000464: SLOAD 00000465: DUP4 00000466: LT 00000467: PUSH2 0x05f8 0000046a: JUMPI 0000046b: PUSH1 0x07 0000046d: PUSH1 0x01 0000046f: DUP3 00000470: SUB 00000471: PUSH1 0xff 00000473: AND 00000474: PUSH1 0x04 00000476: DUP2 00000477: LT 00000478: PUSH2 0x047d 0000047b: JUMPI 0000047c: INVALID 0000047d: JUMPDEST 0000047e: ADD 0000047f: SLOAD 00000480: DUP5 00000481: LT 00000482: PUSH2 0x04b2 00000485: JUMPI 00000486: PUSH2 0x04aa 00000489: PUSH1 0x0b 0000048b: DUP3 0000048c: PUSH1 0xff 0000048e: AND 0000048f: PUSH1 0x05 00000491: DUP2 00000492: LT 00000493: PUSH2 0x0498 00000496: JUMPI 00000497: INVALID 00000498: JUMPDEST 00000499: ADD 0000049a: SLOAD 0000049b: PUSH2 0x04a4 0000049e: DUP6 0000049f: DUP8 000004a0: PUSH2 0x118e 000004a3: JUMP 000004a4: JUMPDEST 000004a5: SWAP1 000004a6: PUSH2 0x11d0 000004a9: JUMP 000004aa: JUMPDEST 000004ab: SWAP2 000004ac: POP 000004ad: POP 000004ae: PUSH2 0x0634 000004b1: JUMP 000004b2: JUMPDEST 000004b3: PUSH1 0x00 000004b5: PUSH2 0x04e8 000004b8: PUSH1 0x0b 000004ba: DUP4 000004bb: PUSH1 0xff 000004bd: AND 000004be: PUSH1 0x05 000004c0: DUP2 000004c1: LT 000004c2: PUSH2 0x04c7 000004c5: JUMPI 000004c6: INVALID 000004c7: JUMPDEST 000004c8: ADD 000004c9: SLOAD 000004ca: PUSH2 0x04a4 000004cd: PUSH1 0x07 000004cf: PUSH1 0x01 000004d1: DUP7 000004d2: SUB 000004d3: PUSH1 0xff 000004d5: AND 000004d6: PUSH1 0x04 000004d8: DUP2 000004d9: LT 000004da: PUSH2 0x04df 000004dd: JUMPI 000004de: INVALID 000004df: JUMPDEST 000004e0: ADD 000004e1: SLOAD 000004e2: DUP8 000004e3: SWAP1 000004e4: PUSH2 0x118e 000004e7: JUMP 000004e8: JUMPDEST 000004e9: SWAP1 000004ea: POP 000004eb: DUP2 000004ec: PUSH1 0xff 000004ee: AND 000004ef: PUSH1 0x01 000004f1: EQ 000004f2: ISZERO 000004f3: PUSH2 0x0524 000004f6: JUMPI 000004f7: PUSH2 0x051b 000004fa: PUSH2 0x0514 000004fd: PUSH1 0x0b 000004ff: PUSH1 0x00 00000501: JUMPDEST 00000502: ADD 00000503: SLOAD 00000504: PUSH2 0x04a4 00000507: DUP9 00000508: PUSH1 0x07 0000050a: PUSH1 0x00 0000050c: JUMPDEST 0000050d: ADD 0000050e: SLOAD 0000050f: SWAP1 00000510: PUSH2 0x118e 00000513: JUMP 00000514: JUMPDEST 00000515: DUP3 00000516: SWAP1 00000517: PUSH2 0x1243 0000051a: JUMP 0000051b: JUMPDEST 0000051c: SWAP3 0000051d: POP 0000051e: POP 0000051f: POP 00000520: PUSH2 0x0634 00000523: JUMP 00000524: JUMPDEST 00000525: PUSH1 0x01 00000527: DUP3 00000528: SUB 00000529: SWAP2 0000052a: POP 0000052b: JUMPDEST 0000052c: PUSH1 0x01 0000052e: DUP3 0000052f: PUSH1 0xff 00000531: AND 00000532: LT 00000533: PUSH2 0x05e9 00000536: JUMPI 00000537: PUSH1 0x07 00000539: PUSH1 0x01 0000053b: DUP4 0000053c: SUB 0000053d: PUSH1 0xff 0000053f: AND 00000540: PUSH1 0x04 00000542: DUP2 00000543: LT 00000544: PUSH2 0x0549 00000547: JUMPI 00000548: INVALID 00000549: JUMPDEST 0000054a: ADD 0000054b: SLOAD 0000054c: DUP6 0000054d: LT 0000054e: PUSH2 0x057d 00000551: JUMPI 00000552: PUSH2 0x051b 00000555: PUSH2 0x0514 00000558: PUSH1 0x0b 0000055a: DUP5 0000055b: PUSH1 0xff 0000055d: AND 0000055e: PUSH1 0x05 00000560: DUP2 00000561: LT 00000562: PUSH2 0x0567 00000565: JUMPI 00000566: INVALID 00000567: JUMPDEST 00000568: ADD 00000569: SLOAD 0000056a: PUSH2 0x04a4 0000056d: DUP9 0000056e: PUSH1 0x07 00000570: DUP8 00000571: PUSH1 0xff 00000573: AND 00000574: PUSH1 0x04 00000576: DUP2 00000577: LT 00000578: PUSH2 0x050c 0000057b: JUMPI 0000057c: INVALID 0000057d: JUMPDEST 0000057e: PUSH2 0x05bd 00000581: PUSH2 0x0514 00000584: PUSH1 0x0b 00000586: DUP5 00000587: PUSH1 0xff 00000589: AND 0000058a: PUSH1 0x05 0000058c: DUP2 0000058d: LT 0000058e: PUSH2 0x0593 00000591: JUMPI 00000592: INVALID 00000593: JUMPDEST 00000594: ADD 00000595: SLOAD 00000596: PUSH2 0x04a4 00000599: PUSH1 0x07 0000059b: PUSH1 0x01 0000059d: DUP8 0000059e: SUB 0000059f: PUSH1 0xff 000005a1: AND 000005a2: PUSH1 0x04 000005a4: DUP2 000005a5: LT 000005a6: PUSH2 0x05ab 000005a9: JUMPI 000005aa: INVALID 000005ab: JUMPDEST 000005ac: ADD 000005ad: SLOAD 000005ae: PUSH1 0x07 000005b0: DUP8 000005b1: PUSH1 0xff 000005b3: AND 000005b4: PUSH1 0x04 000005b6: DUP2 000005b7: LT 000005b8: PUSH2 0x050c 000005bb: JUMPI 000005bc: INVALID 000005bd: JUMPDEST 000005be: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 000005df: SWAP1 000005e0: SWAP3 000005e1: ADD 000005e2: SWAP2 000005e3: SWAP1 000005e4: POP 000005e5: PUSH2 0x052b 000005e8: JUMP 000005e9: JUMPDEST 000005ea: PUSH2 0x051b 000005ed: PUSH2 0x0514 000005f0: PUSH1 0x0b 000005f2: PUSH1 0x00 000005f4: PUSH2 0x0501 000005f7: JUMP 000005f8: JUMPDEST 000005f9: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000061a: ADD 0000061b: PUSH2 0x0444 0000061e: JUMP 0000061f: JUMPDEST 00000620: POP 00000621: PUSH1 0x0b 00000623: SLOAD 00000624: PUSH2 0x0631 00000627: SWAP1 00000628: PUSH2 0x04a4 0000062b: DUP5 0000062c: DUP7 0000062d: PUSH2 0x118e 00000630: JUMP 00000631: JUMPDEST 00000632: SWAP1 00000633: POP 00000634: JUMPDEST 00000635: SWAP3 00000636: SWAP2 00000637: POP 00000638: POP 00000639: JUMP 0000063a: JUMPDEST 0000063b: PUSH1 0x07 0000063d: DUP2 0000063e: PUSH1 0x04 00000640: DUP2 00000641: LT 00000642: PUSH2 0x0647 00000645: JUMPI 00000646: INVALID 00000647: JUMPDEST 00000648: ADD 00000649: SLOAD 0000064a: SWAP1 0000064b: POP 0000064c: DUP2 0000064d: JUMP 0000064e: JUMPDEST 0000064f: PUSH1 0x00 00000651: CALLER 00000652: SWAP1 00000653: POP 00000654: PUSH1 0x00 00000656: PUSH1 0x02 00000658: DUP5 00000659: DUP2 0000065a: SLOAD 0000065b: DUP2 0000065c: LT 0000065d: PUSH2 0x0662 00000660: JUMPI 00000661: INVALID 00000662: JUMPDEST 00000663: PUSH1 0x00 00000665: SWAP2 00000666: DUP3 00000667: MSTORE 00000668: PUSH1 0x20 0000066a: DUP1 0000066b: DUP4 0000066c: KECCAK256 0000066d: DUP8 0000066e: DUP5 0000066f: MSTORE 00000670: PUSH1 0x03 00000672: DUP1 00000673: DUP4 00000674: MSTORE 00000675: PUSH1 0x40 00000677: DUP1 00000678: DUP7 00000679: KECCAK256 0000067a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000068f: DUP10 00000690: AND 00000691: DUP8 00000692: MSTORE 00000693: SWAP1 00000694: SWAP4 00000695: MSTORE 00000696: SWAP2 00000697: SWAP1 00000698: SWAP4 00000699: KECCAK256 0000069a: DUP1 0000069b: SLOAD 0000069c: SWAP3 0000069d: SWAP1 0000069e: SWAP2 0000069f: MUL 000006a0: SWAP1 000006a1: SWAP3 000006a2: ADD 000006a3: SWAP3 000006a4: POP 000006a5: DUP5 000006a6: GT 000006a7: ISZERO 000006a8: PUSH2 0x0712 000006ab: JUMPI 000006ac: PUSH1 0x40 000006ae: DUP1 000006af: MLOAD 000006b0: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000006d1: DUP2 000006d2: MSTORE 000006d3: PUSH1 0x20 000006d5: PUSH1 0x04 000006d7: DUP3 000006d8: ADD 000006d9: MSTORE 000006da: PUSH1 0x12 000006dc: PUSH1 0x24 000006de: DUP3 000006df: ADD 000006e0: MSTORE 000006e1: PUSH32 0x77697468647261773a206e6f7420676f6f640000000000000000000000000000 00000702: PUSH1 0x44 00000704: DUP3 00000705: ADD 00000706: MSTORE 00000707: SWAP1 00000708: MLOAD 00000709: SWAP1 0000070a: DUP2 0000070b: SWAP1 0000070c: SUB 0000070d: PUSH1 0x64 0000070f: ADD 00000710: SWAP1 00000711: REVERT 00000712: JUMPDEST 00000713: PUSH2 0x071b 00000716: DUP6 00000717: PUSH2 0x086c 0000071a: JUMP 0000071b: JUMPDEST 0000071c: PUSH1 0x00 0000071e: PUSH2 0x0758 00000721: DUP3 00000722: PUSH1 0x01 00000724: ADD 00000725: SLOAD 00000726: PUSH2 0x0752 00000729: PUSH8 0x0de0b6b3a7640000 00000732: PUSH2 0x074c 00000735: DUP8 00000736: PUSH1 0x02 00000738: ADD 00000739: SLOAD 0000073a: DUP8 0000073b: PUSH1 0x00 0000073d: ADD 0000073e: SLOAD 0000073f: PUSH2 0x11d0 00000742: SWAP1 00000743: SWAP2 00000744: SWAP1 00000745: PUSH4 0xffffffff 0000074a: AND 0000074b: JUMP 0000074c: JUMPDEST 0000074d: SWAP1 0000074e: PUSH2 0x114c 00000751: JUMP 00000752: JUMPDEST 00000753: SWAP1 00000754: PUSH2 0x118e 00000757: JUMP 00000758: JUMPDEST 00000759: SWAP1 0000075a: POP 0000075b: DUP1 0000075c: ISZERO 0000075d: PUSH2 0x07b7 00000760: JUMPI 00000761: PUSH2 0x076a 00000764: DUP5 00000765: DUP3 00000766: PUSH2 0x12b7 00000769: JUMP 0000076a: JUMPDEST 0000076b: PUSH1 0x40 0000076d: DUP1 0000076e: MLOAD 0000076f: DUP3 00000770: DUP2 00000771: MSTORE 00000772: SWAP1 00000773: MLOAD 00000774: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000789: DUP7 0000078a: AND 0000078b: SWAP2 0000078c: PUSH32 0xe2403640ba68fed3a2f88b7557551d1993f84b99bb10ff833f0cf8db0c5e0486 000007ad: SWAP2 000007ae: SWAP1 000007af: DUP2 000007b0: SWAP1 000007b1: SUB 000007b2: PUSH1 0x20 000007b4: ADD 000007b5: SWAP1 000007b6: LOG2 000007b7: JUMPDEST 000007b8: DUP5 000007b9: ISZERO 000007ba: PUSH2 0x07ee 000007bd: JUMPI 000007be: DUP2 000007bf: SLOAD 000007c0: PUSH2 0x07c9 000007c3: SWAP1 000007c4: DUP7 000007c5: PUSH2 0x118e 000007c8: JUMP 000007c9: JUMPDEST 000007ca: DUP3 000007cb: SSTORE 000007cc: DUP3 000007cd: SLOAD 000007ce: PUSH2 0x07ee 000007d1: SWAP1 000007d2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007e7: AND 000007e8: DUP6 000007e9: DUP8 000007ea: PUSH2 0x14bf 000007ed: JUMP 000007ee: JUMPDEST 000007ef: PUSH1 0x02 000007f1: DUP4 000007f2: ADD 000007f3: SLOAD 000007f4: DUP3 000007f5: SLOAD 000007f6: PUSH2 0x080c 000007f9: SWAP2 000007fa: PUSH8 0x0de0b6b3a7640000 00000803: SWAP2 00000804: PUSH2 0x074c 00000807: SWAP2 00000808: PUSH2 0x11d0 0000080b: JUMP 0000080c: JUMPDEST 0000080d: PUSH1 0x01 0000080f: DUP4 00000810: ADD 00000811: SSTORE 00000812: PUSH1 0x40 00000814: DUP1 00000815: MLOAD 00000816: DUP7 00000817: DUP2 00000818: MSTORE 00000819: SWAP1 0000081a: MLOAD 0000081b: DUP8 0000081c: SWAP2 0000081d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000832: DUP8 00000833: AND 00000834: SWAP2 00000835: PUSH32 0xf279e6a1f5e320cca91135676d9cb6e44ca8a08c0b88342bcdb1144f6511b568 00000856: SWAP2 00000857: DUP2 00000858: SWAP1 00000859: SUB 0000085a: PUSH1 0x20 0000085c: ADD 0000085d: SWAP1 0000085e: LOG3 0000085f: POP 00000860: POP 00000861: POP 00000862: POP 00000863: POP 00000864: POP 00000865: JUMP 00000866: JUMPDEST 00000867: PUSH1 0x04 00000869: SLOAD 0000086a: DUP2 0000086b: JUMP 0000086c: JUMPDEST 0000086d: PUSH1 0x00 0000086f: PUSH1 0x02 00000871: DUP3 00000872: DUP2 00000873: SLOAD 00000874: DUP2 00000875: LT 00000876: PUSH2 0x087b 00000879: JUMPI 0000087a: INVALID 0000087b: JUMPDEST 0000087c: SWAP1 0000087d: PUSH1 0x00 0000087f: MSTORE 00000880: PUSH1 0x20 00000882: PUSH1 0x00 00000884: KECCAK256 00000885: SWAP1 00000886: PUSH1 0x03 00000888: MUL 00000889: ADD 0000088a: SWAP1 0000088b: POP 0000088c: DUP1 0000088d: PUSH1 0x01 0000088f: ADD 00000890: SLOAD 00000891: NUMBER 00000892: GT 00000893: PUSH2 0x089c 00000896: JUMPI 00000897: POP 00000898: PUSH2 0x09a0 0000089b: JUMP 0000089c: JUMPDEST 0000089d: DUP1 0000089e: SLOAD 0000089f: PUSH1 0x40 000008a1: DUP1 000008a2: MLOAD 000008a3: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000 000008c4: DUP2 000008c5: MSTORE 000008c6: ADDRESS 000008c7: PUSH1 0x04 000008c9: DUP3 000008ca: ADD 000008cb: MSTORE 000008cc: SWAP1 000008cd: MLOAD 000008ce: PUSH1 0x00 000008d0: SWAP3 000008d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008e6: AND 000008e7: SWAP2 000008e8: PUSH4 0x70a08231 000008ed: SWAP2 000008ee: PUSH1 0x24 000008f0: DUP1 000008f1: DUP4 000008f2: ADD 000008f3: SWAP3 000008f4: PUSH1 0x20 000008f6: SWAP3 000008f7: SWAP2 000008f8: SWAP1 000008f9: DUP3 000008fa: SWAP1 000008fb: SUB 000008fc: ADD 000008fd: DUP2 000008fe: DUP7 000008ff: DUP1 00000900: EXTCODESIZE 00000901: ISZERO 00000902: DUP1 00000903: ISZERO 00000904: PUSH2 0x090c 00000907: JUMPI 00000908: PUSH1 0x00 0000090a: DUP1 0000090b: REVERT 0000090c: JUMPDEST 0000090d: POP 0000090e: GAS 0000090f: STATICCALL 00000910: ISZERO 00000911: DUP1 00000912: ISZERO 00000913: PUSH2 0x0920 00000916: JUMPI 00000917: RETURNDATASIZE 00000918: PUSH1 0x00 0000091a: DUP1 0000091b: RETURNDATACOPY 0000091c: RETURNDATASIZE 0000091d: PUSH1 0x00 0000091f: REVERT 00000920: JUMPDEST 00000921: POP 00000922: POP 00000923: POP 00000924: POP 00000925: PUSH1 0x40 00000927: MLOAD 00000928: RETURNDATASIZE 00000929: PUSH1 0x20 0000092b: DUP2 0000092c: LT 0000092d: ISZERO 0000092e: PUSH2 0x0936 00000931: JUMPI 00000932: PUSH1 0x00 00000934: DUP1 00000935: REVERT 00000936: JUMPDEST 00000937: POP 00000938: MLOAD 00000939: SWAP1 0000093a: POP 0000093b: DUP1 0000093c: PUSH2 0x094c 0000093f: JUMPI 00000940: POP 00000941: NUMBER 00000942: PUSH1 0x01 00000944: SWAP1 00000945: SWAP2 00000946: ADD 00000947: SSTORE 00000948: PUSH2 0x09a0 0000094b: JUMP 0000094c: JUMPDEST 0000094d: PUSH1 0x00 0000094f: PUSH2 0x095c 00000952: DUP4 00000953: PUSH1 0x01 00000955: ADD 00000956: SLOAD 00000957: NUMBER 00000958: PUSH2 0x043f 0000095b: JUMP 0000095c: JUMPDEST 0000095d: SWAP1 0000095e: POP 0000095f: PUSH2 0x0991 00000962: PUSH2 0x0986 00000965: DUP4 00000966: PUSH2 0x074c 00000969: PUSH8 0x0de0b6b3a7640000 00000972: PUSH2 0x04a4 00000975: PUSH1 0x05 00000977: SLOAD 00000978: DUP8 00000979: PUSH2 0x114c 0000097c: SWAP1 0000097d: SWAP2 0000097e: SWAP1 0000097f: PUSH4 0xffffffff 00000984: AND 00000985: JUMP 00000986: JUMPDEST 00000987: PUSH1 0x02 00000989: DUP6 0000098a: ADD 0000098b: SLOAD 0000098c: SWAP1 0000098d: PUSH2 0x1243 00000990: JUMP 00000991: JUMPDEST 00000992: PUSH1 0x02 00000994: DUP5 00000995: ADD 00000996: SSTORE 00000997: POP 00000998: POP 00000999: NUMBER 0000099a: PUSH1 0x01 0000099c: SWAP1 0000099d: SWAP2 0000099e: ADD 0000099f: SSTORE 000009a0: JUMPDEST 000009a1: POP 000009a2: JUMP 000009a3: JUMPDEST 000009a4: PUSH1 0x00 000009a6: PUSH1 0x02 000009a8: DUP3 000009a9: DUP2 000009aa: SLOAD 000009ab: DUP2 000009ac: LT 000009ad: PUSH2 0x09b2 000009b0: JUMPI 000009b1: INVALID 000009b2: JUMPDEST 000009b3: PUSH1 0x00 000009b5: SWAP2 000009b6: DUP3 000009b7: MSTORE 000009b8: PUSH1 0x20 000009ba: DUP1 000009bb: DUP4 000009bc: KECCAK256 000009bd: DUP6 000009be: DUP5 000009bf: MSTORE 000009c0: PUSH1 0x03 000009c2: DUP1 000009c3: DUP4 000009c4: MSTORE 000009c5: PUSH1 0x40 000009c7: DUP1 000009c8: DUP7 000009c9: KECCAK256 000009ca: CALLER 000009cb: DUP1 000009cc: DUP9 000009cd: MSTORE 000009ce: SWAP5 000009cf: MSTORE 000009d0: SWAP1 000009d1: SWAP5 000009d2: KECCAK256 000009d3: DUP1 000009d4: SLOAD 000009d5: SWAP5 000009d6: SWAP1 000009d7: SWAP4 000009d8: MUL 000009d9: ADD 000009da: DUP1 000009db: SLOAD 000009dc: SWAP1 000009dd: SWAP5 000009de: POP 000009df: SWAP2 000009e0: SWAP3 000009e1: PUSH2 0x0a01 000009e4: SWAP3 000009e5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009fa: AND 000009fb: SWAP2 000009fc: SWAP1 000009fd: PUSH2 0x14bf 00000a00: JUMP 00000a01: JUMPDEST 00000a02: DUP1 00000a03: SLOAD 00000a04: PUSH1 0x40 00000a06: DUP1 00000a07: MLOAD 00000a08: SWAP2 00000a09: DUP3 00000a0a: MSTORE 00000a0b: MLOAD 00000a0c: DUP5 00000a0d: SWAP2 00000a0e: CALLER 00000a0f: SWAP2 00000a10: PUSH32 0xbb757047c2b5f3974fe26b7c10f732e7bce710b0952a71082702781e62ae0595 00000a31: SWAP2 00000a32: DUP2 00000a33: SWAP1 00000a34: SUB 00000a35: PUSH1 0x20 00000a37: ADD 00000a38: SWAP1 00000a39: LOG3 00000a3a: PUSH1 0x00 00000a3c: DUP1 00000a3d: DUP3 00000a3e: SSTORE 00000a3f: PUSH1 0x01 00000a41: SWAP1 00000a42: SWAP2 00000a43: ADD 00000a44: SSTORE 00000a45: POP 00000a46: POP 00000a47: JUMP 00000a48: JUMPDEST 00000a49: PUSH1 0x00 00000a4b: SLOAD 00000a4c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a61: AND 00000a62: CALLER 00000a63: EQ 00000a64: PUSH2 0x0ace 00000a67: JUMPI 00000a68: PUSH1 0x40 00000a6a: DUP1 00000a6b: MLOAD 00000a6c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000a8d: DUP2 00000a8e: MSTORE 00000a8f: PUSH1 0x20 00000a91: PUSH1 0x04 00000a93: DUP3 00000a94: ADD 00000a95: MSTORE 00000a96: PUSH1 0x0b 00000a98: PUSH1 0x24 00000a9a: DUP3 00000a9b: ADD 00000a9c: MSTORE 00000a9d: PUSH32 0x21676f7665726e616e6365000000000000000000000000000000000000000000 00000abe: PUSH1 0x44 00000ac0: DUP3 00000ac1: ADD 00000ac2: MSTORE 00000ac3: SWAP1 00000ac4: MLOAD 00000ac5: SWAP1 00000ac6: DUP2 00000ac7: SWAP1 00000ac8: SUB 00000ac9: PUSH1 0x64 00000acb: ADD 00000acc: SWAP1 00000acd: REVERT 00000ace: JUMPDEST 00000acf: PUSH1 0x0a 00000ad1: SLOAD 00000ad2: PUSH3 0x0883b0 00000ad6: ADD 00000ad7: NUMBER 00000ad8: LT 00000ad9: ISZERO 00000ada: PUSH2 0x0c2c 00000add: JUMPI 00000ade: PUSH1 0x01 00000ae0: SLOAD 00000ae1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000af6: DUP5 00000af7: DUP2 00000af8: AND 00000af9: SWAP2 00000afa: AND 00000afb: EQ 00000afc: ISZERO 00000afd: PUSH2 0x0b69 00000b00: JUMPI 00000b01: PUSH1 0x40 00000b03: DUP1 00000b04: MLOAD 00000b05: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000b26: DUP2 00000b27: MSTORE 00000b28: PUSH1 0x20 00000b2a: PUSH1 0x04 00000b2c: DUP1 00000b2d: DUP4 00000b2e: ADD 00000b2f: SWAP2 00000b30: SWAP1 00000b31: SWAP2 00000b32: MSTORE 00000b33: PUSH1 0x24 00000b35: DUP3 00000b36: ADD 00000b37: MSTORE 00000b38: PUSH32 0x2162736400000000000000000000000000000000000000000000000000000000 00000b59: PUSH1 0x44 00000b5b: DUP3 00000b5c: ADD 00000b5d: MSTORE 00000b5e: SWAP1 00000b5f: MLOAD 00000b60: SWAP1 00000b61: DUP2 00000b62: SWAP1 00000b63: SUB 00000b64: PUSH1 0x64 00000b66: ADD 00000b67: SWAP1 00000b68: REVERT 00000b69: JUMPDEST 00000b6a: PUSH1 0x00 00000b6c: JUMPDEST 00000b6d: PUSH1 0x05 00000b6f: SLOAD 00000b70: DUP2 00000b71: LT 00000b72: ISZERO 00000b73: PUSH2 0x0c2a 00000b76: JUMPI 00000b77: PUSH1 0x00 00000b79: PUSH1 0x02 00000b7b: DUP3 00000b7c: DUP2 00000b7d: SLOAD 00000b7e: DUP2 00000b7f: LT 00000b80: PUSH2 0x0b85 00000b83: JUMPI 00000b84: INVALID 00000b85: JUMPDEST 00000b86: PUSH1 0x00 00000b88: SWAP2 00000b89: DUP3 00000b8a: MSTORE 00000b8b: PUSH1 0x20 00000b8d: SWAP1 00000b8e: SWAP2 00000b8f: KECCAK256 00000b90: PUSH1 0x03 00000b92: SWAP1 00000b93: SWAP2 00000b94: MUL 00000b95: ADD 00000b96: DUP1 00000b97: SLOAD 00000b98: SWAP1 00000b99: SWAP2 00000b9a: POP 00000b9b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bb0: DUP7 00000bb1: DUP2 00000bb2: AND 00000bb3: SWAP2 00000bb4: AND 00000bb5: EQ 00000bb6: ISZERO 00000bb7: PUSH2 0x0c21 00000bba: JUMPI 00000bbb: PUSH1 0x40 00000bbd: DUP1 00000bbe: MLOAD 00000bbf: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000be0: DUP2 00000be1: MSTORE 00000be2: PUSH1 0x20 00000be4: PUSH1 0x04 00000be6: DUP3 00000be7: ADD 00000be8: MSTORE 00000be9: PUSH1 0x0d 00000beb: PUSH1 0x24 00000bed: DUP3 00000bee: ADD 00000bef: MSTORE 00000bf0: PUSH32 0x21706f6f6c2e6c70546f6b656e00000000000000000000000000000000000000 00000c11: PUSH1 0x44 00000c13: DUP3 00000c14: ADD 00000c15: MSTORE 00000c16: SWAP1 00000c17: MLOAD 00000c18: SWAP1 00000c19: DUP2 00000c1a: SWAP1 00000c1b: SUB 00000c1c: PUSH1 0x64 00000c1e: ADD 00000c1f: SWAP1 00000c20: REVERT 00000c21: JUMPDEST 00000c22: POP 00000c23: PUSH1 0x01 00000c25: ADD 00000c26: PUSH2 0x0b6c 00000c29: JUMP 00000c2a: JUMPDEST 00000c2b: POP 00000c2c: JUMPDEST 00000c2d: PUSH2 0x0c4d 00000c30: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c45: DUP5 00000c46: AND 00000c47: DUP3 00000c48: DUP5 00000c49: PUSH2 0x14bf 00000c4c: JUMP 00000c4d: JUMPDEST 00000c4e: POP 00000c4f: POP 00000c50: POP 00000c51: JUMP 00000c52: JUMPDEST 00000c53: PUSH1 0x00 00000c55: SLOAD 00000c56: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c6b: AND 00000c6c: DUP2 00000c6d: JUMP 00000c6e: JUMPDEST 00000c6f: PUSH1 0x03 00000c71: PUSH1 0x20 00000c73: SWAP1 00000c74: DUP2 00000c75: MSTORE 00000c76: PUSH1 0x00 00000c78: SWAP3 00000c79: DUP4 00000c7a: MSTORE 00000c7b: PUSH1 0x40 00000c7d: DUP1 00000c7e: DUP5 00000c7f: KECCAK256 00000c80: SWAP1 00000c81: SWAP2 00000c82: MSTORE 00000c83: SWAP1 00000c84: DUP3 00000c85: MSTORE 00000c86: SWAP1 00000c87: KECCAK256 00000c88: DUP1 00000c89: SLOAD 00000c8a: PUSH1 0x01 00000c8c: DUP3 00000c8d: ADD 00000c8e: SLOAD 00000c8f: PUSH1 0x02 00000c91: SWAP1 00000c92: SWAP3 00000c93: ADD 00000c94: SLOAD 00000c95: SWAP1 00000c96: SWAP2 00000c97: SWAP1 00000c98: DUP4 00000c99: JUMP 00000c9a: JUMPDEST 00000c9b: PUSH1 0x06 00000c9d: DUP2 00000c9e: DUP2 00000c9f: SLOAD 00000ca0: DUP2 00000ca1: LT 00000ca2: PUSH2 0x0ca7 00000ca5: JUMPI 00000ca6: INVALID 00000ca7: JUMPDEST 00000ca8: PUSH1 0x00 00000caa: SWAP2 00000cab: DUP3 00000cac: MSTORE 00000cad: PUSH1 0x20 00000caf: SWAP1 00000cb0: SWAP2 00000cb1: KECCAK256 00000cb2: ADD 00000cb3: SLOAD 00000cb4: SWAP1 00000cb5: POP 00000cb6: DUP2 00000cb7: JUMP 00000cb8: JUMPDEST 00000cb9: PUSH1 0x00 00000cbb: DUP1 00000cbc: PUSH1 0x02 00000cbe: DUP5 00000cbf: DUP2 00000cc0: SLOAD 00000cc1: DUP2 00000cc2: LT 00000cc3: PUSH2 0x0cc8 00000cc6: JUMPI 00000cc7: INVALID 00000cc8: JUMPDEST 00000cc9: PUSH1 0x00 00000ccb: SWAP2 00000ccc: DUP3 00000ccd: MSTORE 00000cce: PUSH1 0x20 00000cd0: DUP1 00000cd1: DUP4 00000cd2: KECCAK256 00000cd3: DUP8 00000cd4: DUP5 00000cd5: MSTORE 00000cd6: PUSH1 0x03 00000cd8: DUP1 00000cd9: DUP4 00000cda: MSTORE 00000cdb: PUSH1 0x40 00000cdd: DUP1 00000cde: DUP7 00000cdf: KECCAK256 00000ce0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000cf5: DUP1 00000cf6: DUP12 00000cf7: AND 00000cf8: DUP9 00000cf9: MSTORE 00000cfa: SWAP1 00000cfb: DUP6 00000cfc: MSTORE 00000cfd: DUP2 00000cfe: DUP8 00000cff: KECCAK256 00000d00: PUSH1 0x02 00000d02: SWAP4 00000d03: SWAP1 00000d04: SWAP7 00000d05: MUL 00000d06: SWAP1 00000d07: SWAP4 00000d08: ADD 00000d09: SWAP2 00000d0a: DUP3 00000d0b: ADD 00000d0c: SLOAD 00000d0d: DUP3 00000d0e: SLOAD 00000d0f: DUP3 00000d10: MLOAD 00000d11: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000 00000d32: DUP2 00000d33: MSTORE 00000d34: ADDRESS 00000d35: PUSH1 0x04 00000d37: DUP3 00000d38: ADD 00000d39: MSTORE 00000d3a: SWAP3 00000d3b: MLOAD 00000d3c: SWAP4 00000d3d: SWAP9 00000d3e: POP 00000d3f: SWAP6 00000d40: SWAP7 00000d41: SWAP1 00000d42: SWAP6 00000d43: SWAP1 00000d44: SWAP5 00000d45: SWAP4 00000d46: AND 00000d47: SWAP3 00000d48: PUSH4 0x70a08231 00000d4d: SWAP3 00000d4e: PUSH1 0x24 00000d50: DUP1 00000d51: DUP5 00000d52: ADD 00000d53: SWAP4 00000d54: DUP3 00000d55: SWAP1 00000d56: SUB 00000d57: ADD 00000d58: DUP2 00000d59: DUP7 00000d5a: DUP1 00000d5b: EXTCODESIZE 00000d5c: ISZERO 00000d5d: DUP1 00000d5e: ISZERO 00000d5f: PUSH2 0x0d67 00000d62: JUMPI 00000d63: PUSH1 0x00 00000d65: DUP1 00000d66: REVERT 00000d67: JUMPDEST 00000d68: POP 00000d69: GAS 00000d6a: STATICCALL 00000d6b: ISZERO 00000d6c: DUP1 00000d6d: ISZERO 00000d6e: PUSH2 0x0d7b 00000d71: JUMPI 00000d72: RETURNDATASIZE 00000d73: PUSH1 0x00 00000d75: DUP1 00000d76: RETURNDATACOPY 00000d77: RETURNDATASIZE 00000d78: PUSH1 0x00 00000d7a: REVERT 00000d7b: JUMPDEST 00000d7c: POP 00000d7d: POP 00000d7e: POP 00000d7f: POP 00000d80: PUSH1 0x40 00000d82: MLOAD 00000d83: RETURNDATASIZE 00000d84: PUSH1 0x20 00000d86: DUP2 00000d87: LT 00000d88: ISZERO 00000d89: PUSH2 0x0d91 00000d8c: JUMPI 00000d8d: PUSH1 0x00 00000d8f: DUP1 00000d90: REVERT 00000d91: JUMPDEST 00000d92: POP 00000d93: MLOAD 00000d94: PUSH1 0x01 00000d96: DUP6 00000d97: ADD 00000d98: SLOAD 00000d99: SWAP1 00000d9a: SWAP2 00000d9b: POP 00000d9c: NUMBER 00000d9d: GT 00000d9e: DUP1 00000d9f: ISZERO 00000da0: PUSH2 0x0da8 00000da3: JUMPI 00000da4: POP 00000da5: DUP1 00000da6: ISZERO 00000da7: ISZERO 00000da8: JUMPDEST 00000da9: ISZERO 00000daa: PUSH2 0x0df2 00000dad: JUMPI 00000dae: PUSH1 0x00 00000db0: PUSH2 0x0dbd 00000db3: DUP6 00000db4: PUSH1 0x01 00000db6: ADD 00000db7: SLOAD 00000db8: NUMBER 00000db9: PUSH2 0x043f 00000dbc: JUMP 00000dbd: JUMPDEST 00000dbe: SWAP1 00000dbf: POP 00000dc0: PUSH2 0x0dee 00000dc3: PUSH2 0x0de7 00000dc6: DUP4 00000dc7: PUSH2 0x074c 00000dca: PUSH8 0x0de0b6b3a7640000 00000dd3: PUSH2 0x04a4 00000dd6: PUSH1 0x05 00000dd8: SLOAD 00000dd9: DUP8 00000dda: PUSH2 0x114c 00000ddd: SWAP1 00000dde: SWAP2 00000ddf: SWAP1 00000de0: PUSH4 0xffffffff 00000de5: AND 00000de6: JUMP 00000de7: JUMPDEST 00000de8: DUP5 00000de9: SWAP1 00000dea: PUSH2 0x1243 00000ded: JUMP 00000dee: JUMPDEST 00000def: SWAP3 00000df0: POP 00000df1: POP 00000df2: JUMPDEST 00000df3: PUSH2 0x0e1d 00000df6: DUP4 00000df7: PUSH1 0x01 00000df9: ADD 00000dfa: SLOAD 00000dfb: PUSH2 0x0752 00000dfe: PUSH8 0x0de0b6b3a7640000 00000e07: PUSH2 0x074c 00000e0a: DUP7 00000e0b: DUP9 00000e0c: PUSH1 0x00 00000e0e: ADD 00000e0f: SLOAD 00000e10: PUSH2 0x11d0 00000e13: SWAP1 00000e14: SWAP2 00000e15: SWAP1 00000e16: PUSH4 0xffffffff 00000e1b: AND 00000e1c: JUMP 00000e1d: JUMPDEST 00000e1e: SWAP8 00000e1f: SWAP7 00000e20: POP 00000e21: POP 00000e22: POP 00000e23: POP 00000e24: POP 00000e25: POP 00000e26: POP 00000e27: JUMP 00000e28: JUMPDEST 00000e29: PUSH1 0x00 00000e2b: SLOAD 00000e2c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000e41: AND 00000e42: CALLER 00000e43: EQ 00000e44: PUSH2 0x0eae 00000e47: JUMPI 00000e48: PUSH1 0x40 00000e4a: DUP1 00000e4b: MLOAD 00000e4c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000e6d: DUP2 00000e6e: MSTORE 00000e6f: PUSH1 0x20 00000e71: PUSH1 0x04 00000e73: DUP3 00000e74: ADD 00000e75: MSTORE 00000e76: PUSH1 0x0b 00000e78: PUSH1 0x24 00000e7a: DUP3 00000e7b: ADD 00000e7c: MSTORE 00000e7d: PUSH32 0x21676f7665726e616e6365000000000000000000000000000000000000000000 00000e9e: PUSH1 0x44 00000ea0: DUP3 00000ea1: ADD 00000ea2: MSTORE 00000ea3: SWAP1 00000ea4: MLOAD 00000ea5: SWAP1 00000ea6: DUP2 00000ea7: SWAP1 00000ea8: SUB 00000ea9: PUSH1 0x64 00000eab: ADD 00000eac: SWAP1 00000ead: REVERT 00000eae: JUMPDEST 00000eaf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000ec4: DUP2 00000ec5: AND 00000ec6: PUSH2 0x0f32 00000ec9: JUMPI 00000eca: PUSH1 0x40 00000ecc: DUP1 00000ecd: MLOAD 00000ece: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000eef: DUP2 00000ef0: MSTORE 00000ef1: PUSH1 0x20 00000ef3: PUSH1 0x04 00000ef5: DUP1 00000ef6: DUP4 00000ef7: ADD 00000ef8: SWAP2 00000ef9: SWAP1 00000efa: SWAP2 00000efb: MSTORE 00000efc: PUSH1 0x24 00000efe: DUP3 00000eff: ADD 00000f00: MSTORE 00000f01: PUSH32 0x7a65726f00000000000000000000000000000000000000000000000000000000 00000f22: PUSH1 0x44 00000f24: DUP3 00000f25: ADD 00000f26: MSTORE 00000f27: SWAP1 00000f28: MLOAD 00000f29: SWAP1 00000f2a: DUP2 00000f2b: SWAP1 00000f2c: SUB 00000f2d: PUSH1 0x64 00000f2f: ADD 00000f30: SWAP1 00000f31: REVERT 00000f32: JUMPDEST 00000f33: PUSH1 0x00 00000f35: DUP1 00000f36: SLOAD 00000f37: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 00000f58: AND 00000f59: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000f6e: SWAP3 00000f6f: SWAP1 00000f70: SWAP3 00000f71: AND 00000f72: SWAP2 00000f73: SWAP1 00000f74: SWAP2 00000f75: OR 00000f76: SWAP1 00000f77: SSTORE 00000f78: JUMP 00000f79: JUMPDEST 00000f7a: PUSH1 0x01 00000f7c: SLOAD 00000f7d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000f92: AND 00000f93: DUP2 00000f94: JUMP 00000f95: JUMPDEST 00000f96: PUSH1 0x0b 00000f98: DUP2 00000f99: PUSH1 0x05 00000f9b: DUP2 00000f9c: LT 00000f9d: PUSH2 0x0647 00000fa0: JUMPI 00000fa1: INVALID 00000fa2: JUMPDEST 00000fa3: PUSH1 0x00 00000fa5: CALLER 00000fa6: SWAP1 00000fa7: POP 00000fa8: PUSH1 0x00 00000faa: PUSH1 0x02 00000fac: DUP5 00000fad: DUP2 00000fae: SLOAD 00000faf: DUP2 00000fb0: LT 00000fb1: PUSH2 0x0fb6 00000fb4: JUMPI 00000fb5: INVALID 00000fb6: JUMPDEST 00000fb7: PUSH1 0x00 00000fb9: SWAP2 00000fba: DUP3 00000fbb: MSTORE 00000fbc: PUSH1 0x20 00000fbe: DUP1 00000fbf: DUP4 00000fc0: KECCAK256 00000fc1: DUP8 00000fc2: DUP5 00000fc3: MSTORE 00000fc4: PUSH1 0x03 00000fc6: DUP1 00000fc7: DUP4 00000fc8: MSTORE 00000fc9: PUSH1 0x40 00000fcb: DUP1 00000fcc: DUP7 00000fcd: KECCAK256 00000fce: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000fe3: DUP10 00000fe4: AND 00000fe5: DUP8 00000fe6: MSTORE 00000fe7: SWAP1 00000fe8: SWAP4 00000fe9: MSTORE 00000fea: SWAP2 00000feb: SWAP1 00000fec: SWAP4 00000fed: KECCAK256 00000fee: SWAP2 00000fef: MUL 00000ff0: SWAP1 00000ff1: SWAP2 00000ff2: ADD 00000ff3: SWAP2 00000ff4: POP 00000ff5: PUSH2 0x0ffd 00000ff8: DUP6 00000ff9: PUSH2 0x086c 00000ffc: JUMP 00000ffd: JUMPDEST 00000ffe: DUP1 00000fff: SLOAD 00001000: ISZERO 00001001: PUSH2 0x1096 00001004: JUMPI 00001005: PUSH1 0x00 00001007: PUSH2 0x1035 0000100a: DUP3 0000100b: PUSH1 0x01 0000100d: ADD 0000100e: SLOAD 0000100f: PUSH2 0x0752 00001012: PUSH8 0x0de0b6b3a7640000 0000101b: PUSH2 0x074c 0000101e: DUP8 0000101f: PUSH1 0x02 00001021: ADD 00001022: SLOAD 00001023: DUP8 00001024: PUSH1 0x00 00001026: ADD 00001027: SLOAD 00001028: PUSH2 0x11d0 0000102b: SWAP1 0000102c: SWAP2 0000102d: SWAP1 0000102e: PUSH4 0xffffffff 00001033: AND 00001034: JUMP 00001035: JUMPDEST 00001036: SWAP1 00001037: POP 00001038: DUP1 00001039: ISZERO 0000103a: PUSH2 0x1094 0000103d: JUMPI 0000103e: PUSH2 0x1047 00001041: DUP5 00001042: DUP3 00001043: PUSH2 0x12b7 00001046: JUMP 00001047: JUMPDEST 00001048: PUSH1 0x40 0000104a: DUP1 0000104b: MLOAD 0000104c: DUP3 0000104d: DUP2 0000104e: MSTORE 0000104f: SWAP1 00001050: MLOAD 00001051: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001066: DUP7 00001067: AND 00001068: SWAP2 00001069: PUSH32 0xe2403640ba68fed3a2f88b7557551d1993f84b99bb10ff833f0cf8db0c5e0486 0000108a: SWAP2 0000108b: SWAP1 0000108c: DUP2 0000108d: SWAP1 0000108e: SUB 0000108f: PUSH1 0x20 00001091: ADD 00001092: SWAP1 00001093: LOG2 00001094: JUMPDEST 00001095: POP 00001096: JUMPDEST 00001097: DUP4 00001098: ISZERO 00001099: PUSH2 0x10cf 0000109c: JUMPI 0000109d: DUP2 0000109e: SLOAD 0000109f: PUSH2 0x10c0 000010a2: SWAP1 000010a3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000010b8: AND 000010b9: DUP5 000010ba: ADDRESS 000010bb: DUP8 000010bc: PUSH2 0x154c 000010bf: JUMP 000010c0: JUMPDEST 000010c1: DUP1 000010c2: SLOAD 000010c3: PUSH2 0x10cc 000010c6: SWAP1 000010c7: DUP6 000010c8: PUSH2 0x1243 000010cb: JUMP 000010cc: JUMPDEST 000010cd: DUP2 000010ce: SSTORE 000010cf: JUMPDEST 000010d0: PUSH1 0x02 000010d2: DUP3 000010d3: ADD 000010d4: SLOAD 000010d5: DUP2 000010d6: SLOAD 000010d7: PUSH2 0x10ed 000010da: SWAP2 000010db: PUSH8 0x0de0b6b3a7640000 000010e4: SWAP2 000010e5: PUSH2 0x074c 000010e8: SWAP2 000010e9: PUSH2 0x11d0 000010ec: JUMP 000010ed: JUMPDEST 000010ee: PUSH1 0x01 000010f0: DUP3 000010f1: ADD 000010f2: SSTORE 000010f3: PUSH1 0x40 000010f5: DUP1 000010f6: MLOAD 000010f7: DUP6 000010f8: DUP2 000010f9: MSTORE 000010fa: SWAP1 000010fb: MLOAD 000010fc: DUP7 000010fd: SWAP2 000010fe: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001113: DUP7 00001114: AND 00001115: SWAP2 00001116: PUSH32 0x90890809c654f11d6e72a28fa60149770a0d11ec6c92319d6ceb2bb0a4ea1a15 00001137: SWAP2 00001138: DUP2 00001139: SWAP1 0000113a: SUB 0000113b: PUSH1 0x20 0000113d: ADD 0000113e: SWAP1 0000113f: LOG3 00001140: POP 00001141: POP 00001142: POP 00001143: POP 00001144: POP 00001145: JUMP 00001146: JUMPDEST 00001147: PUSH2 0xb5a4 0000114a: DUP2 0000114b: JUMP 0000114c: JUMPDEST 0000114d: PUSH1 0x00 0000114f: PUSH2 0x0631 00001152: DUP4 00001153: DUP4 00001154: PUSH1 0x40 00001156: MLOAD 00001157: DUP1 00001158: PUSH1 0x40 0000115a: ADD 0000115b: PUSH1 0x40 0000115d: MSTORE 0000115e: DUP1 0000115f: PUSH1 0x1a 00001161: DUP2 00001162: MSTORE 00001163: PUSH1 0x20 00001165: ADD 00001166: PUSH32 0x536166654d6174683a206469766973696f6e206279207a65726f000000000000 00001187: DUP2 00001188: MSTORE 00001189: POP 0000118a: PUSH2 0x15e7 0000118d: JUMP 0000118e: JUMPDEST 0000118f: PUSH1 0x00 00001191: PUSH2 0x0631 00001194: DUP4 00001195: DUP4 00001196: PUSH1 0x40 00001198: MLOAD 00001199: DUP1 0000119a: PUSH1 0x40 0000119c: ADD 0000119d: PUSH1 0x40 0000119f: MSTORE 000011a0: DUP1 000011a1: PUSH1 0x1e 000011a3: DUP2 000011a4: MSTORE 000011a5: PUSH1 0x20 000011a7: ADD 000011a8: PUSH32 0x536166654d6174683a207375627472616374696f6e206f766572666c6f770000 000011c9: DUP2 000011ca: MSTORE 000011cb: POP 000011cc: PUSH2 0x16a3 000011cf: JUMP 000011d0: JUMPDEST 000011d1: PUSH1 0x00 000011d3: DUP3 000011d4: PUSH2 0x11df 000011d7: JUMPI 000011d8: POP 000011d9: PUSH1 0x00 000011db: PUSH2 0x0634 000011de: JUMP 000011df: JUMPDEST 000011e0: DUP3 000011e1: DUP3 000011e2: MUL 000011e3: DUP3 000011e4: DUP5 000011e5: DUP3 000011e6: DUP2 000011e7: PUSH2 0x11ec 000011ea: JUMPI 000011eb: INVALID 000011ec: JUMPDEST 000011ed: DIV 000011ee: EQ 000011ef: PUSH2 0x0631 000011f2: JUMPI 000011f3: PUSH1 0x40 000011f5: MLOAD 000011f6: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001217: DUP2 00001218: MSTORE 00001219: PUSH1 0x04 0000121b: ADD 0000121c: DUP1 0000121d: DUP1 0000121e: PUSH1 0x20 00001220: ADD 00001221: DUP3 00001222: DUP2 00001223: SUB 00001224: DUP3 00001225: MSTORE 00001226: PUSH1 0x21 00001228: DUP2 00001229: MSTORE 0000122a: PUSH1 0x20 0000122c: ADD 0000122d: DUP1 0000122e: PUSH2 0x19d9 00001231: PUSH1 0x21 00001233: SWAP2 00001234: CODECOPY 00001235: PUSH1 0x40 00001237: ADD 00001238: SWAP2 00001239: POP 0000123a: POP 0000123b: PUSH1 0x40 0000123d: MLOAD 0000123e: DUP1 0000123f: SWAP2 00001240: SUB 00001241: SWAP1 00001242: REVERT 00001243: JUMPDEST 00001244: PUSH1 0x00 00001246: DUP3 00001247: DUP3 00001248: ADD 00001249: DUP4 0000124a: DUP2 0000124b: LT 0000124c: ISZERO 0000124d: PUSH2 0x0631 00001250: JUMPI 00001251: PUSH1 0x40 00001253: DUP1 00001254: MLOAD 00001255: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001276: DUP2 00001277: MSTORE 00001278: PUSH1 0x20 0000127a: PUSH1 0x04 0000127c: DUP3 0000127d: ADD 0000127e: MSTORE 0000127f: PUSH1 0x1b 00001281: PUSH1 0x24 00001283: DUP3 00001284: ADD 00001285: MSTORE 00001286: PUSH32 0x536166654d6174683a206164646974696f6e206f766572666c6f770000000000 000012a7: PUSH1 0x44 000012a9: DUP3 000012aa: ADD 000012ab: MSTORE 000012ac: SWAP1 000012ad: MLOAD 000012ae: SWAP1 000012af: DUP2 000012b0: SWAP1 000012b1: SUB 000012b2: PUSH1 0x64 000012b4: ADD 000012b5: SWAP1 000012b6: REVERT 000012b7: JUMPDEST 000012b8: PUSH1 0x01 000012ba: SLOAD 000012bb: PUSH1 0x40 000012bd: DUP1 000012be: MLOAD 000012bf: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000 000012e0: DUP2 000012e1: MSTORE 000012e2: ADDRESS 000012e3: PUSH1 0x04 000012e5: DUP3 000012e6: ADD 000012e7: MSTORE 000012e8: SWAP1 000012e9: MLOAD 000012ea: PUSH1 0x00 000012ec: SWAP3 000012ed: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001302: AND 00001303: SWAP2 00001304: PUSH4 0x70a08231 00001309: SWAP2 0000130a: PUSH1 0x24 0000130c: DUP1 0000130d: DUP4 0000130e: ADD 0000130f: SWAP3 00001310: PUSH1 0x20 00001312: SWAP3 00001313: SWAP2 00001314: SWAP1 00001315: DUP3 00001316: SWAP1 00001317: SUB 00001318: ADD 00001319: DUP2 0000131a: DUP7 0000131b: DUP1 0000131c: EXTCODESIZE 0000131d: ISZERO 0000131e: DUP1 0000131f: ISZERO 00001320: PUSH2 0x1328 00001323: JUMPI 00001324: PUSH1 0x00 00001326: DUP1 00001327: REVERT 00001328: JUMPDEST 00001329: POP 0000132a: GAS 0000132b: STATICCALL 0000132c: ISZERO 0000132d: DUP1 0000132e: ISZERO 0000132f: PUSH2 0x133c 00001332: JUMPI 00001333: RETURNDATASIZE 00001334: PUSH1 0x00 00001336: DUP1 00001337: RETURNDATACOPY 00001338: RETURNDATASIZE 00001339: PUSH1 0x00 0000133b: REVERT 0000133c: JUMPDEST 0000133d: POP 0000133e: POP 0000133f: POP 00001340: POP 00001341: PUSH1 0x40 00001343: MLOAD 00001344: RETURNDATASIZE 00001345: PUSH1 0x20 00001347: DUP2 00001348: LT 00001349: ISZERO 0000134a: PUSH2 0x1352 0000134d: JUMPI 0000134e: PUSH1 0x00 00001350: DUP1 00001351: REVERT 00001352: JUMPDEST 00001353: POP 00001354: MLOAD 00001355: SWAP1 00001356: POP 00001357: DUP1 00001358: ISZERO 00001359: PUSH2 0x0c4d 0000135c: JUMPI 0000135d: DUP1 0000135e: DUP3 0000135f: GT 00001360: ISZERO 00001361: PUSH2 0x1412 00001364: JUMPI 00001365: PUSH1 0x01 00001367: SLOAD 00001368: PUSH1 0x40 0000136a: DUP1 0000136b: MLOAD 0000136c: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 0000138d: DUP2 0000138e: MSTORE 0000138f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000013a4: DUP7 000013a5: DUP2 000013a6: AND 000013a7: PUSH1 0x04 000013a9: DUP4 000013aa: ADD 000013ab: MSTORE 000013ac: PUSH1 0x24 000013ae: DUP3 000013af: ADD 000013b0: DUP6 000013b1: SWAP1 000013b2: MSTORE 000013b3: SWAP2 000013b4: MLOAD 000013b5: SWAP2 000013b6: SWAP1 000013b7: SWAP3 000013b8: AND 000013b9: SWAP2 000013ba: PUSH4 0xa9059cbb 000013bf: SWAP2 000013c0: PUSH1 0x44 000013c2: DUP1 000013c3: DUP4 000013c4: ADD 000013c5: SWAP3 000013c6: PUSH1 0x20 000013c8: SWAP3 000013c9: SWAP2 000013ca: SWAP1 000013cb: DUP3 000013cc: SWAP1 000013cd: SUB 000013ce: ADD 000013cf: DUP2 000013d0: PUSH1 0x00 000013d2: DUP8 000013d3: DUP1 000013d4: EXTCODESIZE 000013d5: ISZERO 000013d6: DUP1 000013d7: ISZERO 000013d8: PUSH2 0x13e0 000013db: JUMPI 000013dc: PUSH1 0x00 000013de: DUP1 000013df: REVERT 000013e0: JUMPDEST 000013e1: POP 000013e2: GAS 000013e3: CALL 000013e4: ISZERO 000013e5: DUP1 000013e6: ISZERO 000013e7: PUSH2 0x13f4 000013ea: JUMPI 000013eb: RETURNDATASIZE 000013ec: PUSH1 0x00 000013ee: DUP1 000013ef: RETURNDATACOPY 000013f0: RETURNDATASIZE 000013f1: PUSH1 0x00 000013f3: REVERT 000013f4: JUMPDEST 000013f5: POP 000013f6: POP 000013f7: POP 000013f8: POP 000013f9: PUSH1 0x40 000013fb: MLOAD 000013fc: RETURNDATASIZE 000013fd: PUSH1 0x20 000013ff: DUP2 00001400: LT 00001401: ISZERO 00001402: PUSH2 0x140a 00001405: JUMPI 00001406: PUSH1 0x00 00001408: DUP1 00001409: REVERT 0000140a: JUMPDEST 0000140b: POP 0000140c: PUSH2 0x0c4d 0000140f: SWAP1 00001410: POP 00001411: JUMP 00001412: JUMPDEST 00001413: PUSH1 0x01 00001415: SLOAD 00001416: PUSH1 0x40 00001418: DUP1 00001419: MLOAD 0000141a: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 0000143b: DUP2 0000143c: MSTORE 0000143d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001452: DUP7 00001453: DUP2 00001454: AND 00001455: PUSH1 0x04 00001457: DUP4 00001458: ADD 00001459: MSTORE 0000145a: PUSH1 0x24 0000145c: DUP3 0000145d: ADD 0000145e: DUP7 0000145f: SWAP1 00001460: MSTORE 00001461: SWAP2 00001462: MLOAD 00001463: SWAP2 00001464: SWAP1 00001465: SWAP3 00001466: AND 00001467: SWAP2 00001468: PUSH4 0xa9059cbb 0000146d: SWAP2 0000146e: PUSH1 0x44 00001470: DUP1 00001471: DUP4 00001472: ADD 00001473: SWAP3 00001474: PUSH1 0x20 00001476: SWAP3 00001477: SWAP2 00001478: SWAP1 00001479: DUP3 0000147a: SWAP1 0000147b: SUB 0000147c: ADD 0000147d: DUP2 0000147e: PUSH1 0x00 00001480: DUP8 00001481: DUP1 00001482: EXTCODESIZE 00001483: ISZERO 00001484: DUP1 00001485: ISZERO 00001486: PUSH2 0x148e 00001489: JUMPI 0000148a: PUSH1 0x00 0000148c: DUP1 0000148d: REVERT 0000148e: JUMPDEST 0000148f: POP 00001490: GAS 00001491: CALL 00001492: ISZERO 00001493: DUP1 00001494: ISZERO 00001495: PUSH2 0x14a2 00001498: JUMPI 00001499: RETURNDATASIZE 0000149a: PUSH1 0x00 0000149c: DUP1 0000149d: RETURNDATACOPY 0000149e: RETURNDATASIZE 0000149f: PUSH1 0x00 000014a1: REVERT 000014a2: JUMPDEST 000014a3: POP 000014a4: POP 000014a5: POP 000014a6: POP 000014a7: PUSH1 0x40 000014a9: MLOAD 000014aa: RETURNDATASIZE 000014ab: PUSH1 0x20 000014ad: DUP2 000014ae: LT 000014af: ISZERO 000014b0: PUSH2 0x14b8 000014b3: JUMPI 000014b4: PUSH1 0x00 000014b6: DUP1 000014b7: REVERT 000014b8: JUMPDEST 000014b9: POP 000014ba: POP 000014bb: POP 000014bc: POP 000014bd: POP 000014be: JUMP 000014bf: JUMPDEST 000014c0: PUSH1 0x40 000014c2: DUP1 000014c3: MLOAD 000014c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000014d9: DUP5 000014da: AND 000014db: PUSH1 0x24 000014dd: DUP3 000014de: ADD 000014df: MSTORE 000014e0: PUSH1 0x44 000014e2: DUP1 000014e3: DUP3 000014e4: ADD 000014e5: DUP5 000014e6: SWAP1 000014e7: MSTORE 000014e8: DUP3 000014e9: MLOAD 000014ea: DUP1 000014eb: DUP4 000014ec: SUB 000014ed: SWAP1 000014ee: SWAP2 000014ef: ADD 000014f0: DUP2 000014f1: MSTORE 000014f2: PUSH1 0x64 000014f4: SWAP1 000014f5: SWAP2 000014f6: ADD 000014f7: SWAP1 000014f8: SWAP2 000014f9: MSTORE 000014fa: PUSH1 0x20 000014fc: DUP2 000014fd: ADD 000014fe: DUP1 000014ff: MLOAD 00001500: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000151d: AND 0000151e: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 0000153f: OR 00001540: SWAP1 00001541: MSTORE 00001542: PUSH2 0x0c4d 00001545: SWAP1 00001546: DUP5 00001547: SWAP1 00001548: PUSH2 0x1717 0000154b: JUMP 0000154c: JUMPDEST 0000154d: PUSH1 0x40 0000154f: DUP1 00001550: MLOAD 00001551: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001566: DUP1 00001567: DUP7 00001568: AND 00001569: PUSH1 0x24 0000156b: DUP4 0000156c: ADD 0000156d: MSTORE 0000156e: DUP5 0000156f: AND 00001570: PUSH1 0x44 00001572: DUP3 00001573: ADD 00001574: MSTORE 00001575: PUSH1 0x64 00001577: DUP1 00001578: DUP3 00001579: ADD 0000157a: DUP5 0000157b: SWAP1 0000157c: MSTORE 0000157d: DUP3 0000157e: MLOAD 0000157f: DUP1 00001580: DUP4 00001581: SUB 00001582: SWAP1 00001583: SWAP2 00001584: ADD 00001585: DUP2 00001586: MSTORE 00001587: PUSH1 0x84 00001589: SWAP1 0000158a: SWAP2 0000158b: ADD 0000158c: SWAP1 0000158d: SWAP2 0000158e: MSTORE 0000158f: PUSH1 0x20 00001591: DUP2 00001592: ADD 00001593: DUP1 00001594: MLOAD 00001595: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 000015b2: AND 000015b3: PUSH32 0x23b872dd00000000000000000000000000000000000000000000000000000000 000015d4: OR 000015d5: SWAP1 000015d6: MSTORE 000015d7: PUSH2 0x15e1 000015da: SWAP1 000015db: DUP6 000015dc: SWAP1 000015dd: PUSH2 0x1717 000015e0: JUMP 000015e1: JUMPDEST 000015e2: POP 000015e3: POP 000015e4: POP 000015e5: POP 000015e6: JUMP 000015e7: JUMPDEST 000015e8: PUSH1 0x00 000015ea: DUP2 000015eb: DUP4 000015ec: PUSH2 0x168d 000015ef: JUMPI 000015f0: PUSH1 0x40 000015f2: MLOAD 000015f3: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001614: DUP2 00001615: MSTORE 00001616: PUSH1 0x04 00001618: ADD 00001619: DUP1 0000161a: DUP1 0000161b: PUSH1 0x20 0000161d: ADD 0000161e: DUP3 0000161f: DUP2 00001620: SUB 00001621: DUP3 00001622: MSTORE 00001623: DUP4 00001624: DUP2 00001625: DUP2 00001626: MLOAD 00001627: DUP2 00001628: MSTORE 00001629: PUSH1 0x20 0000162b: ADD 0000162c: SWAP2 0000162d: POP 0000162e: DUP1 0000162f: MLOAD 00001630: SWAP1 00001631: PUSH1 0x20 00001633: ADD 00001634: SWAP1 00001635: DUP1 00001636: DUP4 00001637: DUP4 00001638: PUSH1 0x00 0000163a: JUMPDEST 0000163b: DUP4 0000163c: DUP2 0000163d: LT 0000163e: ISZERO 0000163f: PUSH2 0x1652 00001642: JUMPI 00001643: DUP2 00001644: DUP2 00001645: ADD 00001646: MLOAD 00001647: DUP4 00001648: DUP3 00001649: ADD 0000164a: MSTORE 0000164b: PUSH1 0x20 0000164d: ADD 0000164e: PUSH2 0x163a 00001651: JUMP 00001652: JUMPDEST 00001653: POP 00001654: POP 00001655: POP 00001656: POP 00001657: SWAP1 00001658: POP 00001659: SWAP1 0000165a: DUP2 0000165b: ADD 0000165c: SWAP1 0000165d: PUSH1 0x1f 0000165f: AND 00001660: DUP1 00001661: ISZERO 00001662: PUSH2 0x167f 00001665: JUMPI 00001666: DUP1 00001667: DUP3 00001668: SUB 00001669: DUP1 0000166a: MLOAD 0000166b: PUSH1 0x01 0000166d: DUP4 0000166e: PUSH1 0x20 00001670: SUB 00001671: PUSH2 0x0100 00001674: EXP 00001675: SUB 00001676: NOT 00001677: AND 00001678: DUP2 00001679: MSTORE 0000167a: PUSH1 0x20 0000167c: ADD 0000167d: SWAP2 0000167e: POP 0000167f: JUMPDEST 00001680: POP 00001681: SWAP3 00001682: POP 00001683: POP 00001684: POP 00001685: PUSH1 0x40 00001687: MLOAD 00001688: DUP1 00001689: SWAP2 0000168a: SUB 0000168b: SWAP1 0000168c: REVERT 0000168d: JUMPDEST 0000168e: POP 0000168f: PUSH1 0x00 00001691: DUP4 00001692: DUP6 00001693: DUP2 00001694: PUSH2 0x1699 00001697: JUMPI 00001698: INVALID 00001699: JUMPDEST 0000169a: DIV 0000169b: SWAP6 0000169c: SWAP5 0000169d: POP 0000169e: POP 0000169f: POP 000016a0: POP 000016a1: POP 000016a2: JUMP 000016a3: JUMPDEST 000016a4: PUSH1 0x00 000016a6: DUP2 000016a7: DUP5 000016a8: DUP5 000016a9: GT 000016aa: ISZERO 000016ab: PUSH2 0x170f 000016ae: JUMPI 000016af: PUSH1 0x40 000016b1: MLOAD 000016b2: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000016d3: DUP2 000016d4: MSTORE 000016d5: PUSH1 0x20 000016d7: PUSH1 0x04 000016d9: DUP3 000016da: ADD 000016db: DUP2 000016dc: DUP2 000016dd: MSTORE 000016de: DUP4 000016df: MLOAD 000016e0: PUSH1 0x24 000016e2: DUP5 000016e3: ADD 000016e4: MSTORE 000016e5: DUP4 000016e6: MLOAD 000016e7: SWAP1 000016e8: SWAP3 000016e9: DUP4 000016ea: SWAP3 000016eb: PUSH1 0x44 000016ed: SWAP1 000016ee: SWAP2 000016ef: ADD 000016f0: SWAP2 000016f1: SWAP1 000016f2: DUP6 000016f3: ADD 000016f4: SWAP1 000016f5: DUP1 000016f6: DUP4 000016f7: DUP4 000016f8: PUSH1 0x00 000016fa: DUP4 000016fb: ISZERO 000016fc: PUSH2 0x1652 000016ff: JUMPI 00001700: DUP2 00001701: DUP2 00001702: ADD 00001703: MLOAD 00001704: DUP4 00001705: DUP3 00001706: ADD 00001707: MSTORE 00001708: PUSH1 0x20 0000170a: ADD 0000170b: PUSH2 0x163a 0000170e: JUMP 0000170f: JUMPDEST 00001710: POP 00001711: POP 00001712: POP 00001713: SWAP1 00001714: SUB 00001715: SWAP1 00001716: JUMP 00001717: JUMPDEST 00001718: PUSH1 0x60 0000171a: PUSH2 0x1779 0000171d: DUP3 0000171e: PUSH1 0x40 00001720: MLOAD 00001721: DUP1 00001722: PUSH1 0x40 00001724: ADD 00001725: PUSH1 0x40 00001727: MSTORE 00001728: DUP1 00001729: PUSH1 0x20 0000172b: DUP2 0000172c: MSTORE 0000172d: PUSH1 0x20 0000172f: ADD 00001730: PUSH32 0x5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564 00001751: DUP2 00001752: MSTORE 00001753: POP 00001754: DUP6 00001755: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000176a: AND 0000176b: PUSH2 0x17ef 0000176e: SWAP1 0000176f: SWAP3 00001770: SWAP2 00001771: SWAP1 00001772: PUSH4 0xffffffff 00001777: AND 00001778: JUMP 00001779: JUMPDEST 0000177a: DUP1 0000177b: MLOAD 0000177c: SWAP1 0000177d: SWAP2 0000177e: POP 0000177f: ISZERO 00001780: PUSH2 0x0c4d 00001783: JUMPI 00001784: DUP1 00001785: DUP1 00001786: PUSH1 0x20 00001788: ADD 00001789: SWAP1 0000178a: MLOAD 0000178b: PUSH1 0x20 0000178d: DUP2 0000178e: LT 0000178f: ISZERO 00001790: PUSH2 0x1798 00001793: JUMPI 00001794: PUSH1 0x00 00001796: DUP1 00001797: REVERT 00001798: JUMPDEST 00001799: POP 0000179a: MLOAD 0000179b: PUSH2 0x0c4d 0000179e: JUMPI 0000179f: PUSH1 0x40 000017a1: MLOAD 000017a2: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000017c3: DUP2 000017c4: MSTORE 000017c5: PUSH1 0x04 000017c7: ADD 000017c8: DUP1 000017c9: DUP1 000017ca: PUSH1 0x20 000017cc: ADD 000017cd: DUP3 000017ce: DUP2 000017cf: SUB 000017d0: DUP3 000017d1: MSTORE 000017d2: PUSH1 0x2a 000017d4: DUP2 000017d5: MSTORE 000017d6: PUSH1 0x20 000017d8: ADD 000017d9: DUP1 000017da: PUSH2 0x19fa 000017dd: PUSH1 0x2a 000017df: SWAP2 000017e0: CODECOPY 000017e1: PUSH1 0x40 000017e3: ADD 000017e4: SWAP2 000017e5: POP 000017e6: POP 000017e7: PUSH1 0x40 000017e9: MLOAD 000017ea: DUP1 000017eb: SWAP2 000017ec: SUB 000017ed: SWAP1 000017ee: REVERT 000017ef: JUMPDEST 000017f0: PUSH1 0x60 000017f2: PUSH2 0x17fe 000017f5: DUP5 000017f6: DUP5 000017f7: PUSH1 0x00 000017f9: DUP6 000017fa: PUSH2 0x1806 000017fd: JUMP 000017fe: JUMPDEST 000017ff: SWAP5 00001800: SWAP4 00001801: POP 00001802: POP 00001803: POP 00001804: POP 00001805: JUMP 00001806: JUMPDEST 00001807: PUSH1 0x60 00001809: PUSH2 0x1811 0000180c: DUP6 0000180d: PUSH2 0x19d2 00001810: JUMP 00001811: JUMPDEST 00001812: PUSH2 0x187c 00001815: JUMPI 00001816: PUSH1 0x40 00001818: DUP1 00001819: MLOAD 0000181a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000183b: DUP2 0000183c: MSTORE 0000183d: PUSH1 0x20 0000183f: PUSH1 0x04 00001841: DUP3 00001842: ADD 00001843: MSTORE 00001844: PUSH1 0x1d 00001846: PUSH1 0x24 00001848: DUP3 00001849: ADD 0000184a: MSTORE 0000184b: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000 0000186c: PUSH1 0x44 0000186e: DUP3 0000186f: ADD 00001870: MSTORE 00001871: SWAP1 00001872: MLOAD 00001873: SWAP1 00001874: DUP2 00001875: SWAP1 00001876: SUB 00001877: PUSH1 0x64 00001879: ADD 0000187a: SWAP1 0000187b: REVERT 0000187c: JUMPDEST 0000187d: PUSH1 0x00 0000187f: PUSH1 0x60 00001881: DUP7 00001882: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001897: AND 00001898: DUP6 00001899: DUP8 0000189a: PUSH1 0x40 0000189c: MLOAD 0000189d: DUP1 0000189e: DUP3 0000189f: DUP1 000018a0: MLOAD 000018a1: SWAP1 000018a2: PUSH1 0x20 000018a4: ADD 000018a5: SWAP1 000018a6: DUP1 000018a7: DUP4 000018a8: DUP4 000018a9: JUMPDEST 000018aa: PUSH1 0x20 000018ac: DUP4 000018ad: LT 000018ae: PUSH2 0x18e6 000018b1: JUMPI 000018b2: DUP1 000018b3: MLOAD 000018b4: DUP3 000018b5: MSTORE 000018b6: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 000018d7: SWAP1 000018d8: SWAP3 000018d9: ADD 000018da: SWAP2 000018db: PUSH1 0x20 000018dd: SWAP2 000018de: DUP3 000018df: ADD 000018e0: SWAP2 000018e1: ADD 000018e2: PUSH2 0x18a9 000018e5: JUMP 000018e6: JUMPDEST 000018e7: PUSH1 0x01 000018e9: DUP4 000018ea: PUSH1 0x20 000018ec: SUB 000018ed: PUSH2 0x0100 000018f0: EXP 000018f1: SUB 000018f2: DUP1 000018f3: NOT 000018f4: DUP3 000018f5: MLOAD 000018f6: AND 000018f7: DUP2 000018f8: DUP5 000018f9: MLOAD 000018fa: AND 000018fb: DUP1 000018fc: DUP3 000018fd: OR 000018fe: DUP6 000018ff: MSTORE 00001900: POP 00001901: POP 00001902: POP 00001903: POP 00001904: POP 00001905: POP 00001906: SWAP1 00001907: POP 00001908: ADD 00001909: SWAP2 0000190a: POP 0000190b: POP 0000190c: PUSH1 0x00 0000190e: PUSH1 0x40 00001910: MLOAD 00001911: DUP1 00001912: DUP4 00001913: SUB 00001914: DUP2 00001915: DUP6 00001916: DUP8 00001917: GAS 00001918: CALL 00001919: SWAP3 0000191a: POP 0000191b: POP 0000191c: POP 0000191d: RETURNDATASIZE 0000191e: DUP1 0000191f: PUSH1 0x00 00001921: DUP2 00001922: EQ 00001923: PUSH2 0x1948 00001926: JUMPI 00001927: PUSH1 0x40 00001929: MLOAD 0000192a: SWAP2 0000192b: POP 0000192c: PUSH1 0x1f 0000192e: NOT 0000192f: PUSH1 0x3f 00001931: RETURNDATASIZE 00001932: ADD 00001933: AND 00001934: DUP3 00001935: ADD 00001936: PUSH1 0x40 00001938: MSTORE 00001939: RETURNDATASIZE 0000193a: DUP3 0000193b: MSTORE 0000193c: RETURNDATASIZE 0000193d: PUSH1 0x00 0000193f: PUSH1 0x20 00001941: DUP5 00001942: ADD 00001943: RETURNDATACOPY 00001944: PUSH2 0x194d 00001947: JUMP 00001948: JUMPDEST 00001949: PUSH1 0x60 0000194b: SWAP2 0000194c: POP 0000194d: JUMPDEST 0000194e: POP 0000194f: SWAP2 00001950: POP 00001951: SWAP2 00001952: POP 00001953: DUP2 00001954: ISZERO 00001955: PUSH2 0x1961 00001958: JUMPI 00001959: SWAP2 0000195a: POP 0000195b: PUSH2 0x17fe 0000195e: SWAP1 0000195f: POP 00001960: JUMP 00001961: JUMPDEST 00001962: DUP1 00001963: MLOAD 00001964: ISZERO 00001965: PUSH2 0x1971 00001968: JUMPI 00001969: DUP1 0000196a: MLOAD 0000196b: DUP1 0000196c: DUP3 0000196d: PUSH1 0x20 0000196f: ADD 00001970: REVERT 00001971: JUMPDEST 00001972: PUSH1 0x40 00001974: MLOAD 00001975: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001996: DUP2 00001997: MSTORE 00001998: PUSH1 0x20 0000199a: PUSH1 0x04 0000199c: DUP3 0000199d: ADD 0000199e: DUP2 0000199f: DUP2 000019a0: MSTORE 000019a1: DUP7 000019a2: MLOAD 000019a3: PUSH1 0x24 000019a5: DUP5 000019a6: ADD 000019a7: MSTORE 000019a8: DUP7 000019a9: MLOAD 000019aa: DUP8 000019ab: SWAP4 000019ac: SWAP2 000019ad: SWAP3 000019ae: DUP4 000019af: SWAP3 000019b0: PUSH1 0x44 000019b2: ADD 000019b3: SWAP2 000019b4: SWAP1 000019b5: DUP6 000019b6: ADD 000019b7: SWAP1 000019b8: DUP1 000019b9: DUP4 000019ba: DUP4 000019bb: PUSH1 0x00 000019bd: DUP4 000019be: ISZERO 000019bf: PUSH2 0x1652 000019c2: JUMPI 000019c3: DUP2 000019c4: DUP2 000019c5: ADD 000019c6: MLOAD 000019c7: DUP4 000019c8: DUP3 000019c9: ADD 000019ca: MSTORE 000019cb: PUSH1 0x20 000019cd: ADD 000019ce: PUSH2 0x163a 000019d1: JUMP 000019d2: JUMPDEST 000019d3: EXTCODESIZE 000019d4: ISZERO 000019d5: ISZERO 000019d6: SWAP1 000019d7: JUMP 000019d8: INVALID 000019d9: MSTORE8 000019da: PUSH2 0x6665 000019dd: UNKNOWN(0x4D) 000019de: PUSH2 0x7468 000019e1: GASPRICE 000019e2: KECCAK256 000019e3: PUSH14 0x756c7469706c69636174696f6e20 000019f2: PUSH16 0x766572666c6f77536166654552433230 00001a03: GASPRICE 00001a04: KECCAK256 00001a05: GASLIMIT 00001a06: MSTORE 00001a07: NUMBER 00001a08: ORIGIN 00001a09: ADDRESS 00001a0a: KECCAK256 00001a0b: PUSH16 0x7065726174696f6e20646964206e6f74 00001a1c: KECCAK256 00001a1d: PUSH20 0x756363656564a26469706673582212208b196828 00001a32: UNKNOWN(0xE6) 00001a33: TLOAD 00001a34: SAR 00001a35: PUSH15 0xa76812c88b34e326c4437e592aa9cf 00001a45: PUSH21
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xe2a29690",
"selector": "0xe2a29690",
"calldata_variants": [
"0xe2a29690",
"0xe2a296900000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe2bbb158",
"selector": "0xe2bbb158",
"calldata_variants": [
"0xe2bbb158",
"0xe2bbb1580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xfc47e209",
"selector": "0xfc47e209",
"calldata_variants": [
"0xfc47e209",
"0xfc47e2090000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xab033ea9",
"selector": "0xab033ea9",
"calldata_variants": [
"0xab033ea9",
"0xab033ea90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd56c2ec2",
"selector": "0xd56c2ec2",
"calldata_variants": [
"0xd56c2ec2",
"0xd56c2ec20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5aa6e675",
"selector": "0x5aa6e675",
"calldata_variants": [
"0x5aa6e675",
"0x5aa6e6750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x93f1a40b",
"selector": "0x93f1a40b",
"calldata_variants": [
"0x93f1a40b",
"0x93f1a40b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a25cefc",
"selector": "0x9a25cefc",
"calldata_variants": [
"0x9a25cefc",
"0x9a25cefc0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 6664,
"type": "tx_origin_used"
}
]
}
|
| high | other | slither | StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683) | 85 | no | — |
viewevidence_json{
"impact": "High",
"detector": "unchecked-transfer",
"elements": [
{
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
},
{
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"source_mapping": {
"lines": [
682,
683
],
"start": 26776,
"length": 26,
"ending_column": 9,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 46,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "safeBsdTransfer",
"type": "function",
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"lines": [
682,
683
]
}
],
"description": "StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)"
}
|
| high | other | slither | StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684) | 85 | no | — |
viewevidence_json{
"impact": "High",
"detector": "unchecked-transfer",
"elements": [
{
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
},
{
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"source_mapping": {
"lines": [
683,
684
],
"start": 26841,
"length": 26,
"ending_column": 19,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 48,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "safeBsdTransfer",
"type": "function",
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"lines": [
683,
684
]
}
],
"description": "StablesPool.safeBsdTransfer(address,uint256) (contracts/Contract.sol#676-685) ignores return value by bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)"
}
|
| medium | reentrancy | slither | Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665): | 75 | no | — |
viewevidence_json{
"impact": "Medium",
"detector": "reentrancy-no-eth",
"elements": [
{
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
},
{
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"source_mapping": {
"lines": [
655,
656
],
"start": 25682,
"length": 34,
"ending_column": 26,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 69,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"source_mapping": {
"lines": [
682,
683
],
"start": 26776,
"length": 26,
"ending_column": 9,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 46,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"source_mapping": {
"lines": [
683,
684
],
"start": 26841,
"length": 26,
"ending_column": 19,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 48,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "user.amount = user.amount.sub(_amount)",
"type": "node",
"source_mapping": {
"lines": [
658,
659
],
"start": 25815,
"length": 38,
"ending_column": 24,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 61,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"variable_name": "userInfo",
"underlying_type": "variables_written"
},
"type_specific_fields": {
"parent": {
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "withdraw",
"type": "function",
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
]
},
{
"file": "contracts/Contract.sol",
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"lines": [
655,
656
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"lines": [
682,
683
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"lines": [
683,
684
]
},
{
"file": "contracts/Contract.sol",
"name": "user.amount = user.amount.sub(_amount)",
"type": "node",
"lines": [
658,
659
]
}
],
"description": "Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):\n\tExternal calls:\n\t- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)\n\t\t- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)\n\t\t- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)\n\tState variables written after the call(s):\n\t- user.amount = user.amount.sub(_amount) (contracts/Contract.sol#658-659)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)"
}
|
| medium | reentrancy | codex | Emergency withdrawal transfers before zeroing balances | 75 | no | — |
viewevidence_json{
"evidence": "`emergencyWithdraw` performs `pool.lpToken.safeTransfer` before setting `user.amount = 0`.",
"locations": [
"contracts/Contract.sol:683"
],
"recommendation": "Zero `user.amount` and `user.rewardDebt` before transferring LP tokens and/or guard with `nonReentrant`.",
"exploit_scenario": "A malicious LP token can reenter `emergencyWithdraw` during `safeTransfer`, allowing the same `user.amount` to be withdrawn multiple times before it is reset to zero."
}
|
| medium | reentrancy | slither | Reentrancy in StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645): | 75 | no | — |
viewevidence_json{
"impact": "Medium",
"detector": "reentrancy-no-eth",
"elements": [
{
"name": "deposit",
"type": "function",
"source_mapping": {
"lines": [
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645
],
"start": 24416,
"length": 807,
"ending_column": 21,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 13,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "deposit(uint256,uint256)"
}
},
{
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"source_mapping": {
"lines": [
636
],
"start": 24821,
"length": 34,
"ending_column": 91,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 57,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "deposit",
"type": "function",
"source_mapping": {
"lines": [
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645
],
"start": 24416,
"length": 807,
"ending_column": 21,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 13,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "deposit(uint256,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"source_mapping": {
"lines": [
682,
683
],
"start": 26776,
"length": 26,
"ending_column": 9,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 46,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"source_mapping": {
"lines": [
683,
684
],
"start": 26841,
"length": 26,
"ending_column": 19,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 48,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "pool.lpToken.safeTransferFrom(_sender,address(this),_amount)",
"type": "node",
"source_mapping": {
"lines": [
638,
639,
640,
641
],
"start": 24972,
"length": 62,
"ending_column": 9,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 2,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "deposit",
"type": "function",
"source_mapping": {
"lines": [
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645
],
"start": 24416,
"length": 807,
"ending_column": 21,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 13,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "deposit(uint256,uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "deposit",
"type": "function",
"lines": [
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645
]
},
{
"file": "contracts/Contract.sol",
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"lines": [
636
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"lines": [
682,
683
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"lines": [
683,
684
]
},
{
"file": "contracts/Contract.sol",
"name": "pool.lpToken.safeTransferFrom(_sender,address(this),_amount)",
"type": "node",
"lines": [
638,
639,
640,
641
]
},
{
"file": "contracts/Contract.sol",
"name": "user.amount = user.amount.add(_amount)",
"type": "node",
"lines": [
641,
642
]
},
{
"file": "contracts/Contract.sol",
"name": "user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18)",
"type": "node",
"lines": [
642,
643,
644
]
}
],
"description": "Reentrancy in StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645):\n\tExternal calls:\n\t- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#636)\n\t\t- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)\n\t\t- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)\n\t- pool.lpToken.safeTransferFrom(_sender,address(this),_amount) (contracts/Contract.sol#638-641)\n\tState variables written after the call(s):\n\t- user.amount = user.amount.add(_amount) (contracts/Contract.sol#641-642)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)\n\t- user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18) (contracts/Contract.sol#642-644)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)"
}
|
| medium | reentrancy | slither | Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665): | 75 | no | — |
viewevidence_json{
"impact": "Medium",
"detector": "reentrancy-no-eth",
"elements": [
{
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
},
{
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"source_mapping": {
"lines": [
655,
656
],
"start": 25682,
"length": 34,
"ending_column": 26,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 69,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"source_mapping": {
"lines": [
682,
683
],
"start": 26776,
"length": 26,
"ending_column": 9,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 46,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"source_mapping": {
"lines": [
683,
684
],
"start": 26841,
"length": 26,
"ending_column": 19,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 48,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls_sending_eth"
},
"type_specific_fields": {
"parent": {
"name": "safeBsdTransfer",
"type": "function",
"source_mapping": {
"lines": [
676,
677,
678,
679,
680,
681,
682,
683,
684,
685
],
"start": 26574,
"length": 324,
"ending_column": 1,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 45,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "safeBsdTransfer(address,uint256)"
}
}
}
},
{
"name": "pool.lpToken.safeTransfer(_sender,_amount)",
"type": "node",
"source_mapping": {
"lines": [
659,
660,
661,
662
],
"start": 25867,
"length": 43,
"ending_column": 25,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 38,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "withdraw",
"type": "function",
"source_mapping": {
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
],
"start": 25256,
"length": 792,
"ending_column": 33,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 54,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "withdraw(uint256,uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "withdraw",
"type": "function",
"lines": [
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665
]
},
{
"file": "contracts/Contract.sol",
"name": "safeBsdTransfer(_sender,_pending)",
"type": "node",
"lines": [
655,
656
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_bsdBal)",
"type": "node",
"lines": [
682,
683
]
},
{
"file": "contracts/Contract.sol",
"name": "bsd.transfer(_to,_amount)",
"type": "node",
"lines": [
683,
684
]
},
{
"file": "contracts/Contract.sol",
"name": "pool.lpToken.safeTransfer(_sender,_amount)",
"type": "node",
"lines": [
659,
660,
661,
662
]
},
{
"file": "contracts/Contract.sol",
"name": "user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18)",
"type": "node",
"lines": [
663,
664
]
}
],
"description": "Reentrancy in StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665):\n\tExternal calls:\n\t- safeBsdTransfer(_sender,_pending) (contracts/Contract.sol#655-656)\n\t\t- bsd.transfer(_to,_bsdBal) (contracts/Contract.sol#682-683)\n\t\t- bsd.transfer(_to,_amount) (contracts/Contract.sol#683-684)\n\t- pool.lpToken.safeTransfer(_sender,_amount) (contracts/Contract.sol#659-662)\n\tState variables written after the call(s):\n\t- user.rewardDebt = user.amount.mul(pool.accBsdPerShare).div(1e18) (contracts/Contract.sol#663-664)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)"
}
|
| medium | reentrancy | slither | Reentrancy in StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674): | 75 | no | — |
viewevidence_json{
"impact": "Medium",
"detector": "reentrancy-no-eth",
"elements": [
{
"name": "emergencyWithdraw",
"type": "function",
"source_mapping": {
"lines": [
666,
667,
668,
669,
670,
671,
672,
673,
674
],
"start": 26116,
"length": 349,
"ending_column": 17,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 52,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "emergencyWithdraw(uint256)"
}
},
{
"name": "pool.lpToken.safeTransfer(address(msg.sender),user.amount)",
"type": "node",
"source_mapping": {
"lines": [
669,
670,
671
],
"start": 26282,
"length": 59,
"ending_column": 2,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 69,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"underlying_type": "external_calls"
},
"type_specific_fields": {
"parent": {
"name": "emergencyWithdraw",
"type": "function",
"source_mapping": {
"lines": [
666,
667,
668,
669,
670,
671,
672,
673,
674
],
"start": 26116,
"length": 349,
"ending_column": 17,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 52,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "emergencyWithdraw(uint256)"
}
}
}
},
{
"name": "user.amount = 0",
"type": "node",
"source_mapping": {
"lines": [
672
],
"start": 26414,
"length": 15,
"ending_column": 41,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 26,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"variable_name": "userInfo",
"underlying_type": "variables_written"
},
"type_specific_fields": {
"parent": {
"name": "emergencyWithdraw",
"type": "function",
"source_mapping": {
"lines": [
666,
667,
668,
669,
670,
671,
672,
673,
674
],
"start": 26116,
"length": 349,
"ending_column": 17,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 52,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "emergencyWithdraw(uint256)"
}
}
}
},
{
"name": "user.rewardDebt = 0",
"type": "node",
"source_mapping": {
"lines": [
673,
674
],
"start": 26439,
"length": 19,
"ending_column": 10,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 2,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"additional_fields": {
"variable_name": "userInfo",
"underlying_type": "variables_written"
},
"type_specific_fields": {
"parent": {
"name": "emergencyWithdraw",
"type": "function",
"source_mapping": {
"lines": [
666,
667,
668,
669,
670,
671,
672,
673,
674
],
"start": 26116,
"length": 349,
"ending_column": 17,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 52,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "StablesPool",
"type": "contract",
"source_mapping": {
"lines": [
488,
489,
490,
491,
492,
493,
494,
495,
496,
497,
498,
499,
500,
501,
502,
503,
504,
505,
506,
507,
508,
509,
510,
511,
512,
513,
514,
515,
516,
517,
518,
519,
520,
521,
522,
523,
524,
525,
526,
527,
528,
529,
530,
531,
532,
533,
534,
535,
536,
537,
538,
539,
540,
541,
542,
543,
544,
545,
546,
547,
548,
549,
550,
551,
552,
553,
554,
555,
556,
557,
558,
559,
560,
561,
562,
563,
564,
565,
566,
567,
568,
569,
570,
571,
572,
573,
574,
575,
576,
577,
578,
579,
580,
581,
582,
583,
584,
585,
586,
587,
588,
589,
590,
591,
592,
593,
594,
595,
596,
597,
598,
599,
600,
601,
602,
603,
604,
605,
606,
607,
608,
609,
610,
611,
612,
613,
614,
615,
616,
617,
618,
619,
620,
621,
622,
623,
624,
625,
626,
627,
628,
629,
630,
631,
632,
633,
634,
635,
636,
637,
638,
639,
640,
641,
642,
643,
644,
645,
646,
647,
648,
649,
650,
651,
652,
653,
654,
655,
656,
657,
658,
659,
660,
661,
662,
663,
664,
665,
666,
667,
668,
669,
670,
671,
672,
673,
674,
675,
676,
677,
678,
679,
680,
681,
682,
683,
684,
685,
686,
687,
688,
689,
690,
691,
692,
693,
694,
695,
696,
697,
698,
699,
700,
701,
702,
703,
704,
705,
706
],
"start": 17816,
"length": 9928,
"ending_column": 23,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 34,
"filename_absolute": "/tmp/slither-gv6ckq6o/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "emergencyWithdraw(uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "emergencyWithdraw",
"type": "function",
"lines": [
666,
667,
668,
669,
670,
671,
672,
673,
674
]
},
{
"file": "contracts/Contract.sol",
"name": "pool.lpToken.safeTransfer(address(msg.sender),user.amount)",
"type": "node",
"lines": [
669,
670,
671
]
},
{
"file": "contracts/Contract.sol",
"name": "user.amount = 0",
"type": "node",
"lines": [
672
]
},
{
"file": "contracts/Contract.sol",
"name": "user.rewardDebt = 0",
"type": "node",
"lines": [
673,
674
]
}
],
"description": "Reentrancy in StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674):\n\tExternal calls:\n\t- pool.lpToken.safeTransfer(address(msg.sender),user.amount) (contracts/Contract.sol#669-671)\n\tState variables written after the call(s):\n\t- user.amount = 0 (contracts/Contract.sol#672)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)\n\t- user.rewardDebt = 0 (contracts/Contract.sol#673-674)\n\tStablesPool.userInfo (contracts/Contract.sol#520-524) can be used in cross function reentrancies:\n\t- StablesPool.deposit(uint256,uint256) (contracts/Contract.sol#626-645)\n\t- StablesPool.emergencyWithdraw(uint256) (contracts/Contract.sol#666-674)\n\t- StablesPool.pendingBasisDollar(uint256,address) (contracts/Contract.sol#602-613)\n\t- StablesPool.userInfo (contracts/Contract.sol#520-524)\n\t- StablesPool.withdraw(uint256,uint256) (contracts/Contract.sol#645-665)"
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x7aafd92e318663f2f244e9affab26868ed82e5d7330a4ef7956175699a1f13a2
call_targets:
0xa249ee8255df0aa00a15262b16bca3efd66c3e4c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x7aafd92e318663f2f244e9affab26868ed82e5d7330a4ef7956175699a1f13a2",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa249ee8255df0aa00a15262b16bca3efd66c3e4c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xe2a29690",
"selector": "0xe2a29690",
"calldata_variants": [
"0xe2a29690",
"0xe2a296900000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe2bbb158",
"selector": "0xe2bbb158",
"calldata_variants": [
"0xe2bbb158",
"0xe2bbb1580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xfc47e209",
"selector": "0xfc47e209",
"calldata_variants": [
"0xfc47e209",
"0xfc47e2090000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xab033ea9",
"selector": "0xab033ea9",
"calldata_variants": [
"0xab033ea9",
"0xab033ea90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd56c2ec2",
"selector": "0xd56c2ec2",
"calldata_variants": [
"0xd56c2ec2",
"0xd56c2ec20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5aa6e675",
"selector": "0x5aa6e675",
"calldata_variants": [
"0x5aa6e675",
"0x5aa6e6750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x93f1a40b",
"selector": "0x93f1a40b",
"calldata_variants": [
"0x93f1a40b",
"0x93f1a40b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a25cefc",
"selector": "0x9a25cefc",
"calldata_variants": [
"0x9a25cefc",
"0x9a25cefc0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 5091,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 5265,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 6424,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 6664,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x7aafd92e318663f2f244e9affab26868ed82e5d7330a4ef7956175699a1f13a2
call_targets:
0xa249ee8255df0aa00a15262b16bca3efd66c3e4c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x7aafd92e318663f2f244e9affab26868ed82e5d7330a4ef7956175699a1f13a2",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa249ee8255df0aa00a15262b16bca3efd66c3e4c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xe2a29690",
"selector": "0xe2a29690",
"calldata_variants": [
"0xe2a29690",
"0xe2a296900000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe2bbb158",
"selector": "0xe2bbb158",
"calldata_variants": [
"0xe2bbb158",
"0xe2bbb1580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xfc47e209",
"selector": "0xfc47e209",
"calldata_variants": [
"0xfc47e209",
"0xfc47e2090000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xab033ea9",
"selector": "0xab033ea9",
"calldata_variants": [
"0xab033ea9",
"0xab033ea90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd56c2ec2",
"selector": "0xd56c2ec2",
"calldata_variants": [
"0xd56c2ec2",
"0xd56c2ec20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5aa6e675",
"selector": "0x5aa6e675",
"calldata_variants": [
"0x5aa6e675",
"0x5aa6e6750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x93f1a40b",
"selector": "0x93f1a40b",
"calldata_variants": [
"0x93f1a40b",
"0x93f1a40b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a25cefc",
"selector": "0x9a25cefc",
"calldata_variants": [
"0x9a25cefc",
"0x9a25cefc0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 5091,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 5265,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 6424,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 6664,
"type": "tx_origin_used"
}
]
}
|
| medium | reentrancy | codex | Reward payout before state update enables reentrancy double-claims | 75 | no | — |
viewevidence_json{
"evidence": "`deposit`/`withdraw` call `safeBsdTransfer` (external call) before updating `user.rewardDebt`.",
"locations": [
"contracts/Contract.sol:641",
"contracts/Contract.sol:662",
"contracts/Contract.sol:693"
],
"recommendation": "Apply checks-effects-interactions: update `user.rewardDebt` (and `user.amount` where relevant) before any external transfer, or add `nonReentrant` and use a pull-based reward claim.",
"exploit_scenario": "If the reward token is malicious or ERC777-like, its transfer hook can reenter `deposit`/`withdraw` before `user.rewardDebt` is updated, repeatedly claiming the same pending rewards in a single transaction."
}
|
| low | other | codex | Unchecked ERC20 return values on reward transfers | 65 | no | — |
viewevidence_json{
"evidence": "`safeBsdTransfer` calls `bsd.transfer` without checking the return value.",
"locations": [
"contracts/Contract.sol:693"
],
"recommendation": "Use `SafeERC20.safeTransfer` for `bsd` transfers or explicitly require the return value to be true.",
"exploit_scenario": "If `bsd.transfer` returns false (or a non-standard token), the function does not revert and still updates `rewardDebt`, permanently forfeiting user rewards."
}
|
| info | other | cast | Heavy EXTCODE*/BALANCE usage | 55 | no | — |
viewevidence_json{
"notes": "frequent external code or balance checks; may indicate introspection or validation logic",
"ext_balance_count": 6
}
|