019bab3b-aa70-7067-80e5-886b31472ece
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38317 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38318 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38319 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38320 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38321 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38322 | detector.run | complete | 1 / 3 | 3 months ago |
| 38323 | validation.fork | complete | 1 / 3 | 3 months ago |
| 38949 | report.consolidate | complete | 1 / 6 | 3 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode shows multiple low-level CALLs with computed targets/value and no explicit return-data validation; access control around these calls is not fully resolvable from artifacts, so potential abuse risk remains.","findings":[{"severity":"medium","category":"access_control","title":"Computed low-level CALLs may be reachable by untrusted callers","exploit_scenario":"If any externally callable entrypoint allows user-controlled target/value/data to reach the CALLs at pc 0x419/0x714/0x821/0x9ef without strict authorization, an attacker can make arbitrary calls with the contract’s ETH balance (or perform reentrant external interactions), potentially draining funds or executing unintended actions. Access control detection in the artifact is heuristic and lists only a msg.sender==0xffff… guard, which is not sufficient to prove protection.","recommendation":"Ensure all functions that can reach these CALLs enforce strong authorization (e.g., owner/role checks) and, if appropriate, allowlist targets or restrict value. Consider adding a reentrancy guard if any state updates precede these calls.","evidence":"Detector finding: \"Untrusted CALL target/value reachable\" with 4 CALLs; callsites show target/value computed and no validated guard. CALL sites: pc 1049, 1812, 2081, 2543.","locations":["pc:1049","pc:1812","pc:2081","pc:2543"]},{"severity":"low","category":"other","title":"Low-level CALLs do not validate return data","exploit_scenario":"If these CALLs are used for ERC20 transfers or other functions that return a boolean success flag, a token that returns false (without reverting) would be treated as a successful call. This can cause silent failures and accounting mismatches or unintended state progression.","recommendation":"When calling token-like contracts, explicitly check return data (e.g., require return == true or accept empty return for non-standard tokens) or use a safe transfer wrapper.","evidence":"Calls in the bundle have returndata_checked = null, and the opcode sequences show only CALL + success-flag checks without return-data validation.","locations":["pc:1049","pc:1812","pc:2081","pc:2543"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-idr4z6lr
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bab59-dc3e-71f0-b0fa-c057eef232e6
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
thinking
**Reading BYTECODE_BUNDLE.json**
exec
/bin/bash -lc ls in /tmp/codex-idr4z6lr succeeded in 6ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-idr4z6lr succeeded in 7ms:
{
"analysis_artifact": {
"address": "0xf652d990e50af27d8d423ac80631b4f5ef6d4113",
"artifact_hash": "0x690ae73f4c405cb39500080162286dbcd7aa72fdf04dfbf2cd0c9e02d01c7b02",
"artifact_json": {
"auth": {
"guards": [
{
"pc": 892,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1202,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"basic_blocks": [
thinking
**Investigating bytecode and selectors**
exec
/bin/bash -lc 'rg -n "storage|slot|proxy|delegate|implementation|admin|beacon|eip-1967" BYTECODE_BUNDLE.json' in /tmp/codex-idr4z6lr succeeded in 7ms:
2470: "delegatecall": 0,
2474: "storage": {
2476: "slots": [
2480: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2485: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2490: "slot": "0x0000000000000000000000000000000000000000000000000000000000000003"
2495: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2500: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2505: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2510: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2515: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2520: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2525: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2530: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2535: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2540: "slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
2545: "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
2570: "delegatecall": 0,
2574: "storage": {
2576: "slots": [
thinking
**Examining storage section for slot interactions**
exec
/bin/bash -lc "sed -n '2400,2525p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 6ms:
"from": "bb:2537",
"to": "bb:2554",
"type": "control_flow"
},
{
"from": "bb:2537",
"to": "bb:2550",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x553e29a3cf6f41d5ad35cf2871ba81b41b1c063b29dcbcc659f48974c44caa10",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": 153,
"selector": "0xffffffff"
},
{
"entry_pc": 1078113903,
"selector": "0x2c4e722e"
thinking
**Continuing to review storage writes**
exec
/bin/bash -lc "sed -n '2525,2665p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 27ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1615,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1884,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 2157,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 2338,
thinking
**Analyzing function selectors and callsites**
exec
/bin/bash -lc 'rg -n "pc": 1049 -n BYTECODE_BUNDLE.json' in /tmp/codex-idr4z6lr exited 2 in 9ms:
rg: 1049: No such file or directory (os error 2)
thinking
**Fixing regex escaping**
exec
/bin/bash -lc "rg -n \"\\\"pc\\\": 1049\" BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 10ms:
1931: "pc": 1049,
4831: "pc": 1049,
4925: "pc": 1049,
4988: "pc": 1049,
thinking
**Considering contextual callsite analysis**
exec
/bin/bash -lc "sed -n '1860,1985p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 5ms:
"hash": "0x18969710289b72adcb354113e8a96819a0801b78c8f695ad998b4864d87c0ebf",
"opcodes": [
"JUMPDEST",
"PUSH2",
"GAS",
"SUB",
"CALL",
"ISZERO",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 2537
},
{
"end_pc": 2553,
"hash": "0xf39b13e42f183f99517b1014df529d5b79b3b5f871ac2f6ca1ae817955c0b783",
"opcodes": [
"PUSH1",
"OP_80",
thinking
**Searching for basic block by start_pc**
exec
/bin/bash -lc "rg -n \"start_pc\\\": 9\" BYTECODE_BUNDLE.json | head" in /tmp/codex-idr4z6lr succeeded in 12ms:
101: "start_pc": 98
812: "start_pc": 922
833: "start_pc": 926
843: "start_pc": 963
893: "start_pc": 967
4083: "start_pc": 98,
4412: "start_pc": 922,
4419: "start_pc": 926,
4426: "start_pc": 963,
4433: "start_pc": 967,
thinking
**Scrolling to line 840**
exec
/bin/bash -lc "sed -n '820,910p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 27ms:
"PUSH20",
"AND",
"BALANCE",
"OP_90",
"POP",
"PUSH1",
"OP_81",
"GT",
"ISZERO",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 926
},
{
"end_pc": 966,
"hash": "0xa2cc75c55e3a21ef861ec8f968d155ec1e82206fb3808e63750f826297b6eb05",
"opcodes": [
"PUSH1",
thinking
**Analyzing CALL opcode context**
exec
/bin/bash -lc "sed -n '1760,1865p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 7ms:
"end_pc": 2332,
"hash": "0x9905809aa9ffa28e5479acac44725c7c6767f81c88159316cc7305e89dc53ace",
"opcodes": [
"JUMPDEST",
"POP",
"OP_92",
"OP_91",
"POP",
"POP",
"JUMP"
],
"start_pc": 2326
},
{
"end_pc": 2532,
"hash": "0x3259dacfb139b7c89166212809bb79b7bbe0f3037aabcaaf53319aab378b947d",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
thinking
**Searching for start_pc near 1806**
exec
/bin/bash -lc "rg -n \"start_pc\\\": 1806\" BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 6ms:
1264: "start_pc": 1806
4559: "start_pc": 1806,
exec
/bin/bash -lc "sed -n '1220,1305p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 27ms:
"POP",
"POP",
"PUSH1",
"PUSH1",
"MLOAD",
"OP_80",
"OP_83",
"SUB",
"OP_81",
"PUSH1",
"OP_87",
"OP_80",
"EXTCODESIZE",
"ISZERO",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1610
},
thinking
**Examining CALL instructions around 2075**
exec
/bin/bash -lc "rg -n \"start_pc\\\": 2075\" BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 7ms:
1402: "start_pc": 2075
4601: "start_pc": 2075,
exec
/bin/bash -lc "sed -n '1360,1445p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 14ms:
"PUSH1",
"PUSH1",
"MLOAD",
"OP_80",
"OP_83",
"SUB",
"OP_81",
"PUSH1",
"OP_87",
"OP_80",
"EXTCODESIZE",
"ISZERO",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 1846
},
{
"end_pc": 2074,
thinking
**Analyzing external call patterns and state changes**
exec
/bin/bash -lc 'rg -n "SSTORE" BYTECODE_BUNDLE.json' in /tmp/codex-idr4z6lr succeeded in 7ms:
658: "SSTORE",
1076: "SSTORE",
thinking
**Examining SSTORE opcode usage**
exec
/bin/bash -lc "sed -n '620,700p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 29ms:
"opcodes": [
"JUMPDEST",
"PUSH2",
"OP_82",
"PUSH2",
"JUMP"
],
"start_pc": 630
},
{
"end_pc": 661,
"hash": "0xda69f5f49dd5aa8bc1cc19ff94596383ea94fdb954a2419b9b74210c5cd63c10",
"opcodes": [
"JUMPDEST",
"OP_90",
"POP",
"PUSH2",
"OP_82",
"PUSH1",
"SLOAD",
thinking
**Checking for SSTORE instructions**
exec
/bin/bash -lc "sed -n '1040,1105p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 6ms:
"EXP",
"OP_90",
"DIV",
"PUSH20",
"AND",
"PUSH20",
"AND",
"PUSH32",
"PUSH1",
"MLOAD",
"PUSH1",
"MLOAD",
"OP_80",
"OP_91",
"SUB",
"OP_90",
"OP_A3",
"OP_80",
"PUSH1",
"PUSH1",
thinking
**Analyzing storage writes and function selectors**
exec
/bin/bash -lc "sed -n '800,860p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 6ms:
"JUMPI"
],
"start_pc": 832
},
{
"end_pc": 925,
"hash": "0xe53f6c5e0ed24eb655258647583f1c4adf36bb991656bc7d47de91c4d0d893af",
"opcodes": [
"PUSH1",
"OP_80",
"REVERT"
],
"start_pc": 922
},
{
"end_pc": 962,
"hash": "0xeb9e2cabbb509451d94fbe045f1e8bb04f6d02f5c9a416209b499b52ad8c1d61",
"opcodes": [
"JUMPDEST",
"ADDRESS",
thinking
**Examining opcode block around pc 832**
exec
/bin/bash -lc "sed -n '760,835p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 6ms:
"start_pc": 820
},
{
"end_pc": 831,
"hash": "0xd36f2c917de20fc490245cc83af5f7d9306ee7fc7e652fc6cf402f9ade96ecd3",
"opcodes": [
"JUMPDEST",
"PUSH1",
"SLOAD",
"OP_81",
"JUMP"
],
"start_pc": 826
},
{
"end_pc": 921,
"hash": "0x79b719179e4594828ee7e69760efe30db07921b4d5ca770b12b6595c46109fab",
"opcodes": [
"JUMPDEST",
"PUSH1",
thinking
**Analyzing access control and external calls**
I'm examining how the contract enforces ownership with storage slot checks and onlyOwner guards, and investigating if external calls are properly restricted. There are multiple call functions that check the contract balance and owner status before executing, which likely reduces risk but I need to confirm if any callables lack access control to spot potential vulnerabilities like reentrancy or unauthorized access.
exec
/bin/bash -lc "rg -n \"selector\\\": \\\"0x8da5cb5b\\\"\" BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 16ms:
2435: "selector": "0x8da5cb5b"
2967: "selector": "0x8da5cb5b",
4889: "selector": "0x8da5cb5b",
thinking
**Reviewing functions near line 2967**
exec
/bin/bash -lc "sed -n '2925,2985p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 14ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1615,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1884,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 2157,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 2338,
thinking
**Analyzing function boundaries and reentrancy risks**
thinking
**Inspecting opcodes around key storage writes**
exec
/bin/bash -lc "sed -n '600,670p' BYTECODE_BUNDLE.json" in /tmp/codex-idr4z6lr succeeded in 14ms:
"end_pc": 629,
"hash": "0x9eb99f7d8b85ba427c1554a440f116b3c74b3ccd3f87a8742bbf1ad3ab0514dd",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"CALLVALUE",
"OP_91",
"POP",
"PUSH2",
"OP_83",
"OP_83",
"PUSH2",
"JUMP"
],
"start_pc": 614
},
{
"end_pc": 638,
"hash": "0xdd746e6d0bf91a4a38f24933852286ce4f1e5b7b5155a3d711edd16c5298970e",
thinking
**Analyzing potential access control and call risks**
codex
{"no_findings":false,"summary":"Bytecode shows multiple low-level CALLs with computed targets/value and no explicit return-data validation; access control around these calls is not fully resolvable from artifacts, so potential abuse risk remains.","findings":[{"severity":"medium","category":"access_control","title":"Computed low-level CALLs may be reachable by untrusted callers","exploit_scenario":"If any externally callable entrypoint allows user-controlled target/value/data to reach the CALLs at pc 0x419/0x714/0x821/0x9ef without strict authorization, an attacker can make arbitrary calls with the contract’s ETH balance (or perform reentrant external interactions), potentially draining funds or executing unintended actions. Access control detection in the artifact is heuristic and lists only a msg.sender==0xffff… guard, which is not sufficient to prove protection.","recommendation":"Ensure all functions that can reach these CALLs enforce strong authorization (e.g., owner/role checks) and, if appropriate, allowlist targets or restrict value. Consider adding a reentrancy guard if any state updates precede these calls.","evidence":"Detector finding: \"Untrusted CALL target/value reachable\" with 4 CALLs; callsites show target/value computed and no validated guard. CALL sites: pc 1049, 1812, 2081, 2543.","locations":["pc:1049","pc:1812","pc:2081","pc:2543"]},{"severity":"low","category":"other","title":"Low-level CALLs do not validate return data","exploit_scenario":"If these CALLs are used for ERC20 transfers or other functions that return a boolean success flag, a token that returns false (without reverting) would be treated as a successful call. This can cause silent failures and accounting mismatches or unintended state progression.","recommendation":"When calling token-like contracts, explicitly check return data (e.g., require return == true or accept empty return for non-standard tokens) or use a safe transfer wrapper.","evidence":"Calls in the bundle have returndata_checked = null, and the opcode sequences show only CALL + success-flag checks without return-data validation.","locations":["pc:1049","pc:1812","pc:2081","pc:2543"]}]}
tokens used
79,529
{
"codex": {
"ran_at": "2026-01-11T04:42:54.687333+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 5228,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode shows multiple low-level CALLs with computed targets/value and no explicit return-data validation; access control around these calls is not fully resolvable from artifacts, so potential abuse risk remains.",
"raw_final": {
"summary": "Bytecode shows multiple low-level CALLs with computed targets/value and no explicit return-data validation; access control around these calls is not fully resolvable from artifacts, so potential abuse risk remains.",
"findings": [
{
"title": "Computed low-level CALLs may be reachable by untrusted callers",
"category": "access_control",
"evidence": "Detector finding: \"Untrusted CALL target/value reachable\" with 4 CALLs; callsites show target/value computed and no validated guard. CALL sites: pc 1049, 1812, 2081, 2543.",
"severity": "medium",
"locations": [
"pc:1049",
"pc:1812",
"pc:2081",
"pc:2543"
],
"recommendation": "Ensure all functions that can reach these CALLs enforce strong authorization (e.g., owner/role checks) and, if appropriate, allowlist targets or restrict value. Consider adding a reentrancy guard if any state updates precede these calls.",
"exploit_scenario": "If any externally callable entrypoint allows user-controlled target/value/data to reach the CALLs at pc 0x419/0x714/0x821/0x9ef without strict authorization, an attacker can make arbitrary calls with the contract\u2019s ETH balance (or perform reentrant external interactions), potentially draining funds or executing unintended actions. Access control detection in the artifact is heuristic and lists only a msg.sender==0xffff\u2026 guard, which is not sufficient to prove protection."
},
{
"title": "Low-level CALLs do not validate return data",
"category": "other",
"evidence": "Calls in the bundle have returndata_checked = null, and the opcode sequences show only CALL + success-flag checks without return-data validation.",
"severity": "low",
"locations": [
"pc:1049",
"pc:1812",
"pc:2081",
"pc:2543"
],
"recommendation": "When calling token-like contracts, explicitly check return data (e.g., require return == true or accept empty return for non-standard tokens) or use a safe transfer wrapper.",
"exploit_scenario": "If these CALLs are used for ERC20 transfers or other functions that return a boolean success flag, a token that returns false (without reverting) would be treated as a successful call. This can cause silent failures and accounting mismatches or unintended state progression."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x008e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002e: SWAP1 0000002f: DIV 00000030: PUSH4 0xffffffff 00000035: AND 00000036: DUP1 00000037: PUSH4 0x2c4e722e 0000003c: EQ 0000003d: PUSH2 0x0099 00000040: JUMPI 00000041: DUP1 00000042: PUSH4 0x4042b66f 00000047: EQ 00000048: PUSH2 0x00c2 0000004b: JUMPI 0000004c: DUP1 0000004d: PUSH4 0x4311de8f 00000052: EQ 00000053: PUSH2 0x00eb 00000056: JUMPI 00000057: DUP1 00000058: PUSH4 0x521eb273 0000005d: EQ 0000005e: PUSH2 0x0100 00000061: JUMPI 00000062: DUP1 00000063: PUSH4 0x8da5cb5b 00000068: EQ 00000069: PUSH2 0x0155 0000006c: JUMPI 0000006d: DUP1 0000006e: PUSH4 0xec8ac4d8 00000073: EQ 00000074: PUSH2 0x01aa 00000077: JUMPI 00000078: DUP1 00000079: PUSH4 0xf2fde38b 0000007e: EQ 0000007f: PUSH2 0x01d8 00000082: JUMPI 00000083: DUP1 00000084: PUSH4 0xfc0c546a 00000089: EQ 0000008a: PUSH2 0x0211 0000008d: JUMPI 0000008e: JUMPDEST 0000008f: PUSH2 0x0097 00000092: CALLER 00000093: PUSH2 0x0266 00000096: JUMP 00000097: JUMPDEST 00000098: STOP 00000099: JUMPDEST 0000009a: CALLVALUE 0000009b: ISZERO 0000009c: PUSH2 0x00a4 0000009f: JUMPI 000000a0: PUSH1 0x00 000000a2: DUP1 000000a3: REVERT 000000a4: JUMPDEST 000000a5: PUSH2 0x00ac 000000a8: PUSH2 0x0334 000000ab: JUMP 000000ac: JUMPDEST 000000ad: PUSH1 0x40 000000af: MLOAD 000000b0: DUP1 000000b1: DUP3 000000b2: DUP2 000000b3: MSTORE 000000b4: PUSH1 0x20 000000b6: ADD 000000b7: SWAP2 000000b8: POP 000000b9: POP 000000ba: PUSH1 0x40 000000bc: MLOAD 000000bd: DUP1 000000be: SWAP2 000000bf: SUB 000000c0: SWAP1 000000c1: RETURN 000000c2: JUMPDEST 000000c3: CALLVALUE 000000c4: ISZERO 000000c5: PUSH2 0x00cd 000000c8: JUMPI 000000c9: PUSH1 0x00 000000cb: DUP1 000000cc: REVERT 000000cd: JUMPDEST 000000ce: PUSH2 0x00d5 000000d1: PUSH2 0x033a 000000d4: JUMP 000000d5: JUMPDEST 000000d6: PUSH1 0x40 000000d8: MLOAD 000000d9: DUP1 000000da: DUP3 000000db: DUP2 000000dc: MSTORE 000000dd: PUSH1 0x20 000000df: ADD 000000e0: SWAP2 000000e1: POP 000000e2: POP 000000e3: PUSH1 0x40 000000e5: MLOAD 000000e6: DUP1 000000e7: SWAP2 000000e8: SUB 000000e9: SWAP1 000000ea: RETURN 000000eb: JUMPDEST 000000ec: CALLVALUE 000000ed: ISZERO 000000ee: PUSH2 0x00f6 000000f1: JUMPI 000000f2: PUSH1 0x00 000000f4: DUP1 000000f5: REVERT 000000f6: JUMPDEST 000000f7: PUSH2 0x00fe 000000fa: PUSH2 0x0340 000000fd: JUMP 000000fe: JUMPDEST 000000ff: STOP 00000100: JUMPDEST 00000101: CALLVALUE 00000102: ISZERO 00000103: PUSH2 0x010b 00000106: JUMPI 00000107: PUSH1 0x00 00000109: DUP1 0000010a: REVERT 0000010b: JUMPDEST 0000010c: PUSH2 0x0113 0000010f: PUSH2 0x042c 00000112: JUMP 00000113: JUMPDEST 00000114: PUSH1 0x40 00000116: MLOAD 00000117: DUP1 00000118: DUP3 00000119: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000012e: AND 0000012f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000144: AND 00000145: DUP2 00000146: MSTORE 00000147: PUSH1 0x20 00000149: ADD 0000014a: SWAP2 0000014b: POP 0000014c: POP 0000014d: PUSH1 0x40 0000014f: MLOAD 00000150: DUP1 00000151: SWAP2 00000152: SUB 00000153: SWAP1 00000154: RETURN 00000155: JUMPDEST 00000156: CALLVALUE 00000157: ISZERO 00000158: PUSH2 0x0160 0000015b: JUMPI 0000015c: PUSH1 0x00 0000015e: DUP1 0000015f: REVERT 00000160: JUMPDEST 00000161: PUSH2 0x0168 00000164: PUSH2 0x0452 00000167: JUMP 00000168: JUMPDEST 00000169: PUSH1 0x40 0000016b: MLOAD 0000016c: DUP1 0000016d: DUP3 0000016e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000183: AND 00000184: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000199: AND 0000019a: DUP2 0000019b: MSTORE 0000019c: PUSH1 0x20 0000019e: ADD 0000019f: SWAP2 000001a0: POP 000001a1: POP 000001a2: PUSH1 0x40 000001a4: MLOAD 000001a5: DUP1 000001a6: SWAP2 000001a7: SUB 000001a8: SWAP1 000001a9: RETURN 000001aa: JUMPDEST 000001ab: PUSH2 0x01d6 000001ae: PUSH1 0x04 000001b0: DUP1 000001b1: DUP1 000001b2: CALLDATALOAD 000001b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001c8: AND 000001c9: SWAP1 000001ca: PUSH1 0x20 000001cc: ADD 000001cd: SWAP1 000001ce: SWAP2 000001cf: SWAP1 000001d0: POP 000001d1: POP 000001d2: PUSH2 0x0266 000001d5: JUMP 000001d6: JUMPDEST 000001d7: STOP 000001d8: JUMPDEST 000001d9: CALLVALUE 000001da: ISZERO 000001db: PUSH2 0x01e3 000001de: JUMPI 000001df: PUSH1 0x00 000001e1: DUP1 000001e2: REVERT 000001e3: JUMPDEST 000001e4: PUSH2 0x020f 000001e7: PUSH1 0x04 000001e9: DUP1 000001ea: DUP1 000001eb: CALLDATALOAD 000001ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000201: AND 00000202: SWAP1 00000203: PUSH1 0x20 00000205: ADD 00000206: SWAP1 00000207: SWAP2 00000208: SWAP1 00000209: POP 0000020a: POP 0000020b: PUSH2 0x0478 0000020e: JUMP 0000020f: JUMPDEST 00000210: STOP 00000211: JUMPDEST 00000212: CALLVALUE 00000213: ISZERO 00000214: PUSH2 0x021c 00000217: JUMPI 00000218: PUSH1 0x00 0000021a: DUP1 0000021b: REVERT 0000021c: JUMPDEST 0000021d: PUSH2 0x0224 00000220: PUSH2 0x05d0 00000223: JUMP 00000224: JUMPDEST 00000225: PUSH1 0x40 00000227: MLOAD 00000228: DUP1 00000229: DUP3 0000022a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000023f: AND 00000240: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000255: AND 00000256: DUP2 00000257: MSTORE 00000258: PUSH1 0x20 0000025a: ADD 0000025b: SWAP2 0000025c: POP 0000025d: POP 0000025e: PUSH1 0x40 00000260: MLOAD 00000261: DUP1 00000262: SWAP2 00000263: SUB 00000264: SWAP1 00000265: RETURN 00000266: JUMPDEST 00000267: PUSH1 0x00 00000269: DUP1 0000026a: CALLVALUE 0000026b: SWAP2 0000026c: POP 0000026d: PUSH2 0x0276 00000270: DUP4 00000271: DUP4 00000272: PUSH2 0x05f5 00000275: JUMP 00000276: JUMPDEST 00000277: PUSH2 0x027f 0000027a: DUP3 0000027b: PUSH2 0x085f 0000027e: JUMP 0000027f: JUMPDEST 00000280: SWAP1 00000281: POP 00000282: PUSH2 0x0296 00000285: DUP3 00000286: PUSH1 0x03 00000288: SLOAD 00000289: PUSH2 0x0891 0000028c: SWAP1 0000028d: SWAP2 0000028e: SWAP1 0000028f: PUSH4 0xffffffff 00000294: AND 00000295: JUMP 00000296: JUMPDEST 00000297: PUSH1 0x03 00000299: DUP2 0000029a: SWAP1 0000029b: SSTORE 0000029c: POP 0000029d: PUSH2 0x02a6 000002a0: DUP4 000002a1: DUP3 000002a2: PUSH2 0x08af 000002a5: JUMP 000002a6: JUMPDEST 000002a7: DUP3 000002a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002bd: AND 000002be: CALLER 000002bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002d4: AND 000002d5: PUSH32 0x623b3804fa71d67900d064613da8f94b9617215ee90799290593e1745087ad18 000002f6: DUP5 000002f7: DUP5 000002f8: PUSH1 0x40 000002fa: MLOAD 000002fb: DUP1 000002fc: DUP4 000002fd: DUP2 000002fe: MSTORE 000002ff: PUSH1 0x20 00000301: ADD 00000302: DUP3 00000303: DUP2 00000304: MSTORE 00000305: PUSH1 0x20 00000307: ADD 00000308: SWAP3 00000309: POP 0000030a: POP 0000030b: POP 0000030c: PUSH1 0x40 0000030e: MLOAD 0000030f: DUP1 00000310: SWAP2 00000311: SUB 00000312: SWAP1 00000313: LOG3 00000314: PUSH2 0x031d 00000317: DUP4 00000318: DUP4 00000319: PUSH2 0x08bd 0000031c: JUMP 0000031d: JUMPDEST 0000031e: PUSH2 0x0325 00000321: PUSH2 0x08c1 00000324: JUMP 00000325: JUMPDEST 00000326: PUSH2 0x032f 00000329: DUP4 0000032a: DUP4 0000032b: PUSH2 0x08c3 0000032e: JUMP 0000032f: JUMPDEST 00000330: POP 00000331: POP 00000332: POP 00000333: JUMP 00000334: JUMPDEST 00000335: PUSH1 0x02 00000337: SLOAD 00000338: DUP2 00000339: JUMP 0000033a: JUMPDEST 0000033b: PUSH1 0x03 0000033d: SLOAD 0000033e: DUP2 0000033f: JUMP 00000340: JUMPDEST 00000341: PUSH1 0x00 00000343: PUSH1 0x04 00000345: PUSH1 0x00 00000347: SWAP1 00000348: SLOAD 00000349: SWAP1 0000034a: PUSH2 0x0100 0000034d: EXP 0000034e: SWAP1 0000034f: DIV 00000350: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000365: AND 00000366: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000037b: AND 0000037c: CALLER 0000037d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000392: AND 00000393: EQ 00000394: ISZERO 00000395: ISZERO 00000396: PUSH2 0x039e 00000399: JUMPI 0000039a: PUSH1 0x00 0000039c: DUP1 0000039d: REVERT 0000039e: JUMPDEST 0000039f: ADDRESS 000003a0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003b5: AND 000003b6: BALANCE 000003b7: SWAP1 000003b8: POP 000003b9: PUSH1 0x00 000003bb: DUP2 000003bc: GT 000003bd: ISZERO 000003be: ISZERO 000003bf: PUSH2 0x03c7 000003c2: JUMPI 000003c3: PUSH1 0x00 000003c5: DUP1 000003c6: REVERT 000003c7: JUMPDEST 000003c8: PUSH1 0x01 000003ca: PUSH1 0x00 000003cc: SWAP1 000003cd: SLOAD 000003ce: SWAP1 000003cf: PUSH2 0x0100 000003d2: EXP 000003d3: SWAP1 000003d4: DIV 000003d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003ea: AND 000003eb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000400: AND 00000401: PUSH2 0x08fc 00000404: DUP3 00000405: SWAP1 00000406: DUP2 00000407: ISZERO 00000408: MUL 00000409: SWAP1 0000040a: PUSH1 0x40 0000040c: MLOAD 0000040d: PUSH1 0x00 0000040f: PUSH1 0x40 00000411: MLOAD 00000412: DUP1 00000413: DUP4 00000414: SUB 00000415: DUP2 00000416: DUP6 00000417: DUP9 00000418: DUP9 00000419: CALL 0000041a: SWAP4 0000041b: POP 0000041c: POP 0000041d: POP 0000041e: POP 0000041f: ISZERO 00000420: ISZERO 00000421: PUSH2 0x0429 00000424: JUMPI 00000425: PUSH1 0x00 00000427: DUP1 00000428: REVERT 00000429: JUMPDEST 0000042a: POP 0000042b: JUMP 0000042c: JUMPDEST 0000042d: PUSH1 0x01 0000042f: PUSH1 0x00 00000431: SWAP1 00000432: SLOAD 00000433: SWAP1 00000434: PUSH2 0x0100 00000437: EXP 00000438: SWAP1 00000439: DIV 0000043a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000044f: AND 00000450: DUP2 00000451: JUMP 00000452: JUMPDEST 00000453: PUSH1 0x04 00000455: PUSH1 0x00 00000457: SWAP1 00000458: SLOAD 00000459: SWAP1 0000045a: PUSH2 0x0100 0000045d: EXP 0000045e: SWAP1 0000045f: DIV 00000460: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000475: AND 00000476: DUP2 00000477: JUMP 00000478: JUMPDEST 00000479: PUSH1 0x04 0000047b: PUSH1 0x00 0000047d: SWAP1 0000047e: SLOAD 0000047f: SWAP1 00000480: PUSH2 0x0100 00000483: EXP 00000484: SWAP1 00000485: DIV 00000486: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000049b: AND 0000049c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004b1: AND 000004b2: CALLER 000004b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004c8: AND 000004c9: EQ 000004ca: ISZERO 000004cb: ISZERO 000004cc: PUSH2 0x04d4 000004cf: JUMPI 000004d0: PUSH1 0x00 000004d2: DUP1 000004d3: REVERT 000004d4: JUMPDEST 000004d5: PUSH1 0x00 000004d7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004ec: AND 000004ed: DUP2 000004ee: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000503: AND 00000504: EQ 00000505: ISZERO 00000506: ISZERO 00000507: ISZERO 00000508: PUSH2 0x0510 0000050b: JUMPI 0000050c: PUSH1 0x00 0000050e: DUP1 0000050f: REVERT 00000510: JUMPDEST 00000511: DUP1 00000512: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000527: AND 00000528: PUSH1 0x04 0000052a: PUSH1 0x00 0000052c: SWAP1 0000052d: SLOAD 0000052e: SWAP1 0000052f: PUSH2 0x0100 00000532: EXP 00000533: SWAP1 00000534: DIV 00000535: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000054a: AND 0000054b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000560: AND 00000561: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 00000582: PUSH1 0x40 00000584: MLOAD 00000585: PUSH1 0x40 00000587: MLOAD 00000588: DUP1 00000589: SWAP2 0000058a: SUB 0000058b: SWAP1 0000058c: LOG3 0000058d: DUP1 0000058e: PUSH1 0x04 00000590: PUSH1 0x00 00000592: PUSH2 0x0100 00000595: EXP 00000596: DUP2 00000597: SLOAD 00000598: DUP2 00000599: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005ae: MUL 000005af: NOT 000005b0: AND 000005b1: SWAP1 000005b2: DUP4 000005b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005c8: AND 000005c9: MUL 000005ca: OR 000005cb: SWAP1 000005cc: SSTORE 000005cd: POP 000005ce: POP 000005cf: JUMP 000005d0: JUMPDEST 000005d1: PUSH1 0x00 000005d3: DUP1 000005d4: SWAP1 000005d5: SLOAD 000005d6: SWAP1 000005d7: PUSH2 0x0100 000005da: EXP 000005db: SWAP1 000005dc: DIV 000005dd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005f2: AND 000005f3: DUP2 000005f4: JUMP 000005f5: JUMPDEST 000005f6: PUSH1 0x00 000005f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000060d: AND 0000060e: DUP3 0000060f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000624: AND 00000625: EQ 00000626: ISZERO 00000627: ISZERO 00000628: ISZERO 00000629: PUSH2 0x0631 0000062c: JUMPI 0000062d: PUSH1 0x00 0000062f: DUP1 00000630: REVERT 00000631: JUMPDEST 00000632: PUSH1 0x00 00000634: DUP2 00000635: EQ 00000636: ISZERO 00000637: ISZERO 00000638: ISZERO 00000639: PUSH2 0x0641 0000063c: JUMPI 0000063d: PUSH1 0x00 0000063f: DUP1 00000640: REVERT 00000641: JUMPDEST 00000642: PUSH2 0x064a 00000645: DUP2 00000646: PUSH2 0x085f 00000649: JUMP 0000064a: JUMPDEST 0000064b: PUSH1 0x00 0000064d: DUP1 0000064e: SWAP1 0000064f: SLOAD 00000650: SWAP1 00000651: PUSH2 0x0100 00000654: EXP 00000655: SWAP1 00000656: DIV 00000657: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000066c: AND 0000066d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000682: AND 00000683: PUSH4 0x70a08231 00000688: ADDRESS 00000689: PUSH1 0x00 0000068b: PUSH1 0x40 0000068d: MLOAD 0000068e: PUSH1 0x20 00000690: ADD 00000691: MSTORE 00000692: PUSH1 0x40 00000694: MLOAD 00000695: DUP3 00000696: PUSH4 0xffffffff 0000069b: AND 0000069c: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000006ba: MUL 000006bb: DUP2 000006bc: MSTORE 000006bd: PUSH1 0x04 000006bf: ADD 000006c0: DUP1 000006c1: DUP3 000006c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006d7: AND 000006d8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006ed: AND 000006ee: DUP2 000006ef: MSTORE 000006f0: PUSH1 0x20 000006f2: ADD 000006f3: SWAP2 000006f4: POP 000006f5: POP 000006f6: PUSH1 0x20 000006f8: PUSH1 0x40 000006fa: MLOAD 000006fb: DUP1 000006fc: DUP4 000006fd: SUB 000006fe: DUP2 000006ff: PUSH1 0x00 00000701: DUP8 00000702: DUP1 00000703: EXTCODESIZE 00000704: ISZERO 00000705: ISZERO 00000706: PUSH2 0x070e 00000709: JUMPI 0000070a: PUSH1 0x00 0000070c: DUP1 0000070d: REVERT 0000070e: JUMPDEST 0000070f: PUSH2 0x02c6 00000712: GAS 00000713: SUB 00000714: CALL 00000715: ISZERO 00000716: ISZERO 00000717: PUSH2 0x071f 0000071a: JUMPI 0000071b: PUSH1 0x00 0000071d: DUP1 0000071e: REVERT 0000071f: JUMPDEST 00000720: POP 00000721: POP 00000722: POP 00000723: PUSH1 0x40 00000725: MLOAD 00000726: DUP1 00000727: MLOAD 00000728: SWAP1 00000729: POP 0000072a: LT 0000072b: ISZERO 0000072c: ISZERO 0000072d: ISZERO 0000072e: PUSH2 0x0736 00000731: JUMPI 00000732: PUSH1 0x00 00000734: DUP1 00000735: REVERT 00000736: JUMPDEST 00000737: PUSH32 0xf8308dffbe6f3cb698577984bced5fde1d994a686e2c6e783814a0aeb30c9f8f 00000758: PUSH1 0x00 0000075a: DUP1 0000075b: SWAP1 0000075c: SLOAD 0000075d: SWAP1 0000075e: PUSH2 0x0100 00000761: EXP 00000762: SWAP1 00000763: DIV 00000764: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000779: AND 0000077a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000078f: AND 00000790: PUSH4 0x70a08231 00000795: ADDRESS 00000796: PUSH1 0x00 00000798: PUSH1 0x40 0000079a: MLOAD 0000079b: PUSH1 0x20 0000079d: ADD 0000079e: MSTORE 0000079f: PUSH1 0x40 000007a1: MLOAD 000007a2: DUP3 000007a3: PUSH4 0xffffffff 000007a8: AND 000007a9: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000007c7: MUL 000007c8: DUP2 000007c9: MSTORE 000007ca: PUSH1 0x04 000007cc: ADD 000007cd: DUP1 000007ce: DUP3 000007cf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007e4: AND 000007e5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007fa: AND 000007fb: DUP2 000007fc: MSTORE 000007fd: PUSH1 0x20 000007ff: ADD 00000800: SWAP2 00000801: POP 00000802: POP 00000803: PUSH1 0x20 00000805: PUSH1 0x40 00000807: MLOAD 00000808: DUP1 00000809: DUP4 0000080a: SUB 0000080b: DUP2 0000080c: PUSH1 0x00 0000080e: DUP8 0000080f: DUP1 00000810: EXTCODESIZE 00000811: ISZERO 00000812: ISZERO 00000813: PUSH2 0x081b 00000816: JUMPI 00000817: PUSH1 0x00 00000819: DUP1 0000081a: REVERT 0000081b: JUMPDEST 0000081c: PUSH2 0x02c6 0000081f: GAS 00000820: SUB 00000821: CALL 00000822: ISZERO 00000823: ISZERO 00000824: PUSH2 0x082c 00000827: JUMPI 00000828: PUSH1 0x00 0000082a: DUP1 0000082b: REVERT 0000082c: JUMPDEST 0000082d: POP 0000082e: POP 0000082f: POP 00000830: PUSH1 0x40 00000832: MLOAD 00000833: DUP1 00000834: MLOAD 00000835: SWAP1 00000836: POP 00000837: PUSH2 0x083f 0000083a: DUP4 0000083b: PUSH2 0x085f 0000083e: JUMP 0000083f: JUMPDEST 00000840: PUSH1 0x40 00000842: MLOAD 00000843: DUP1 00000844: DUP4 00000845: DUP2 00000846: MSTORE 00000847: PUSH1 0x20 00000849: ADD 0000084a: DUP3 0000084b: DUP2 0000084c: MSTORE 0000084d: PUSH1 0x20 0000084f: ADD 00000850: SWAP3 00000851: POP 00000852: POP 00000853: POP 00000854: PUSH1 0x40 00000856: MLOAD 00000857: DUP1 00000858: SWAP2 00000859: SUB 0000085a: SWAP1 0000085b: LOG1 0000085c: POP 0000085d: POP 0000085e: JUMP 0000085f: JUMPDEST 00000860: PUSH1 0x00 00000862: PUSH2 0x088a 00000865: PUSH2 0x03e8 00000868: PUSH2 0x087c 0000086b: PUSH1 0x02 0000086d: SLOAD 0000086e: DUP6 0000086f: PUSH2 0x08c7 00000872: SWAP1 00000873: SWAP2 00000874: SWAP1 00000875: PUSH4 0xffffffff 0000087a: AND 0000087b: JUMP 0000087c: JUMPDEST 0000087d: PUSH2 0x08e2 00000880: SWAP1 00000881: SWAP2 00000882: SWAP1 00000883: PUSH4 0xffffffff 00000888: AND 00000889: JUMP 0000088a: JUMPDEST 0000088b: SWAP1 0000088c: POP 0000088d: SWAP2 0000088e: SWAP1 0000088f: POP 00000890: JUMP 00000891: JUMPDEST 00000892: PUSH1 0x00 00000894: DUP1 00000895: DUP3 00000896: DUP5 00000897: ADD 00000898: SWAP1 00000899: POP 0000089a: DUP4 0000089b: DUP2 0000089c: LT 0000089d: ISZERO 0000089e: ISZERO 0000089f: ISZERO 000008a0: PUSH2 0x08a5 000008a3: JUMPI 000008a4: INVALID 000008a5: JUMPDEST 000008a6: DUP1 000008a7: SWAP2 000008a8: POP 000008a9: POP 000008aa: SWAP3 000008ab: SWAP2 000008ac: POP 000008ad: POP 000008ae: JUMP 000008af: JUMPDEST 000008b0: PUSH2 0x08b9 000008b3: DUP3 000008b4: DUP3 000008b5: PUSH2 0x091d 000008b8: JUMP 000008b9: JUMPDEST 000008ba: POP 000008bb: POP 000008bc: JUMP 000008bd: JUMPDEST 000008be: POP 000008bf: POP 000008c0: JUMP 000008c1: JUMPDEST 000008c2: JUMP 000008c3: JUMPDEST 000008c4: POP 000008c5: POP 000008c6: JUMP 000008c7: JUMPDEST 000008c8: PUSH1 0x00 000008ca: DUP1 000008cb: DUP3 000008cc: DUP5 000008cd: DUP2 000008ce: ISZERO 000008cf: ISZERO 000008d0: PUSH2 0x08d5 000008d3: JUMPI 000008d4: INVALID 000008d5: JUMPDEST 000008d6: DIV 000008d7: SWAP1 000008d8: POP 000008d9: DUP1 000008da: SWAP2 000008db: POP 000008dc: POP 000008dd: SWAP3 000008de: SWAP2 000008df: POP 000008e0: POP 000008e1: JUMP 000008e2: JUMPDEST 000008e3: PUSH1 0x00 000008e5: DUP1 000008e6: PUSH1 0x00 000008e8: DUP5 000008e9: EQ 000008ea: ISZERO 000008eb: PUSH2 0x08f7 000008ee: JUMPI 000008ef: PUSH1 0x00 000008f1: SWAP2 000008f2: POP 000008f3: PUSH2 0x0916 000008f6: JUMP 000008f7: JUMPDEST 000008f8: DUP3 000008f9: DUP5 000008fa: MUL 000008fb: SWAP1 000008fc: POP 000008fd: DUP3 000008fe: DUP5 000008ff: DUP3 00000900: DUP2 00000901: ISZERO 00000902: ISZERO 00000903: PUSH2 0x0908 00000906: JUMPI 00000907: INVALID 00000908: JUMPDEST 00000909: DIV 0000090a: EQ 0000090b: ISZERO 0000090c: ISZERO 0000090d: PUSH2 0x0912 00000910: JUMPI 00000911: INVALID 00000912: JUMPDEST 00000913: DUP1 00000914: SWAP2 00000915: POP 00000916: JUMPDEST 00000917: POP 00000918: SWAP3 00000919: SWAP2 0000091a: POP 0000091b: POP 0000091c: JUMP 0000091d: JUMPDEST 0000091e: PUSH1 0x00 00000920: DUP1 00000921: SWAP1 00000922: SLOAD 00000923: SWAP1 00000924: PUSH2 0x0100 00000927: EXP 00000928: SWAP1 00000929: DIV 0000092a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000093f: AND 00000940: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000955: AND 00000956: PUSH4 0xa9059cbb 0000095b: DUP4 0000095c: DUP4 0000095d: PUSH1 0x00 0000095f: PUSH1 0x40 00000961: MLOAD 00000962: PUSH1 0x20 00000964: ADD 00000965: MSTORE 00000966: PUSH1 0x40 00000968: MLOAD 00000969: DUP4 0000096a: PUSH4 0xffffffff 0000096f: AND 00000970: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000098e: MUL 0000098f: DUP2 00000990: MSTORE 00000991: PUSH1 0x04 00000993: ADD 00000994: DUP1 00000995: DUP4 00000996: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009ab: AND 000009ac: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009c1: AND 000009c2: DUP2 000009c3: MSTORE 000009c4: PUSH1 0x20 000009c6: ADD 000009c7: DUP3 000009c8: DUP2 000009c9: MSTORE 000009ca: PUSH1 0x20 000009cc: ADD 000009cd: SWAP3 000009ce: POP 000009cf: POP 000009d0: POP 000009d1: PUSH1 0x20 000009d3: PUSH1 0x40 000009d5: MLOAD 000009d6: DUP1 000009d7: DUP4 000009d8: SUB 000009d9: DUP2 000009da: PUSH1 0x00 000009dc: DUP8 000009dd: DUP1 000009de: EXTCODESIZE 000009df: ISZERO 000009e0: ISZERO 000009e1: PUSH2 0x09e9 000009e4: JUMPI 000009e5: PUSH1 0x00 000009e7: DUP1 000009e8: REVERT 000009e9: JUMPDEST 000009ea: PUSH2 0x02c6 000009ed: GAS 000009ee: SUB 000009ef: CALL 000009f0: ISZERO 000009f1: ISZERO 000009f2: PUSH2 0x09fa 000009f5: JUMPI 000009f6: PUSH1 0x00 000009f8: DUP1 000009f9: REVERT 000009fa: JUMPDEST 000009fb: POP 000009fc: POP 000009fd: POP 000009fe: PUSH1 0x40 00000a00: MLOAD 00000a01: DUP1 00000a02: MLOAD 00000a03: SWAP1 00000a04: POP 00000a05: POP 00000a06: POP 00000a07: POP 00000a08: JUMP 00000a09: STOP 00000a0a: LOG1 00000a0b: PUSH6 0x627a7a723058 00000a12: KECCAK256 00000a13: UNKNOWN(0xAD) 00000a14: DUP8 00000a15: PUSH22 0x0c6dad6cfefc7f1c8c0169b724ec49cdeeab442cb675 00000a2c: PUSH14
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | access_control | codex | Computed low-level CALLs may be reachable by untrusted callers | 75 | no | — |
viewevidence_json{
"evidence": "Detector finding: \"Untrusted CALL target/value reachable\" with 4 CALLs; callsites show target/value computed and no validated guard. CALL sites: pc 1049, 1812, 2081, 2543.",
"locations": [
"pc:1049",
"pc:1812",
"pc:2081",
"pc:2543"
],
"recommendation": "Ensure all functions that can reach these CALLs enforce strong authorization (e.g., owner/role checks) and, if appropriate, allowlist targets or restrict value. Consider adding a reentrancy guard if any state updates precede these calls.",
"exploit_scenario": "If any externally callable entrypoint allows user-controlled target/value/data to reach the CALLs at pc 0x419/0x714/0x821/0x9ef without strict authorization, an attacker can make arbitrary calls with the contract\u2019s ETH balance (or perform reentrant external interactions), potentially draining funds or executing unintended actions. Access control detection in the artifact is heuristic and lists only a msg.sender==0xffff\u2026 guard, which is not sufficient to prove protection."
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0xdf199fa0de7253408d0f3ec456efb2d96ae41f5fbb0c8032df0eae804db90c9f
call_targets:
0xf652d990e50af27d8d423ac80631b4f5ef6d4113
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xdf199fa0de7253408d0f3ec456efb2d96ae41f5fbb0c8032df0eae804db90c9f",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xf652d990e50af27d8d423ac80631b4f5ef6d4113"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2c4e722e",
"selector": "0x2c4e722e",
"calldata_variants": [
"0x2c4e722e",
"0x2c4e722e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4042b66f",
"selector": "0x4042b66f",
"calldata_variants": [
"0x4042b66f",
"0x4042b66f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4311de8f",
"selector": "0x4311de8f",
"calldata_variants": [
"0x4311de8f",
"0x4311de8f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xec8ac4d8",
"selector": "0xec8ac4d8",
"calldata_variants": [
"0xec8ac4d8",
"0xec8ac4d80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1049,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1812,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2081,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 4,
"guards_detected": [
{
"pc": 892,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1202,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 4
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0xdf199fa0de7253408d0f3ec456efb2d96ae41f5fbb0c8032df0eae804db90c9f
call_targets:
0xf652d990e50af27d8d423ac80631b4f5ef6d4113
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xdf199fa0de7253408d0f3ec456efb2d96ae41f5fbb0c8032df0eae804db90c9f",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xf652d990e50af27d8d423ac80631b4f5ef6d4113"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2c4e722e",
"selector": "0x2c4e722e",
"calldata_variants": [
"0x2c4e722e",
"0x2c4e722e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4042b66f",
"selector": "0x4042b66f",
"calldata_variants": [
"0x4042b66f",
"0x4042b66f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4311de8f",
"selector": "0x4311de8f",
"calldata_variants": [
"0x4311de8f",
"0x4311de8f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xec8ac4d8",
"selector": "0xec8ac4d8",
"calldata_variants": [
"0xec8ac4d8",
"0xec8ac4d80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1049,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1812,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2081,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 4,
"guards_detected": [
{
"pc": 892,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1202,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|
| low | other | codex | Low-level CALLs do not validate return data | 65 | no | — |
viewevidence_json{
"evidence": "Calls in the bundle have returndata_checked = null, and the opcode sequences show only CALL + success-flag checks without return-data validation.",
"locations": [
"pc:1049",
"pc:1812",
"pc:2081",
"pc:2543"
],
"recommendation": "When calling token-like contracts, explicitly check return data (e.g., require return == true or accept empty return for non-standard tokens) or use a safe transfer wrapper.",
"exploit_scenario": "If these CALLs are used for ERC20 transfers or other functions that return a boolean success flag, a token that returns false (without reverting) would be treated as a successful call. This can cause silent failures and accounting mismatches or unintended state progression."
}
|