019bab3b-ab99-71b5-b7c5-de651f85934f
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38590 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38591 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38592 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38593 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38594 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38595 | detector.run | complete | 1 / 3 | 3 months ago |
| 38596 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39083 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39084 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-a476gr1p) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-a476gr1p) FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user Dangerous calls: - msg.sender.transfer(actToWei(_value)) (contracts/Contract.sol#164-167) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations Version constraint 0.4.24 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ABIEncoderV2PackedStorage_0.4.x - ExpExponentCleanup - EventStructWrongData. It is used by: - 0.4.24 (contracts/Contract.sol#1) solc-0.4.24 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Parameter FeeManager.weiToAct(uint256)._wei (contracts/Contract.sol#126-127) is not in mixedCase Parameter FeeManager.actToWei(uint256)._act (contracts/Contract.sol#132) is not in mixedCase Parameter FeeManager.claimFee(uint256)._value (contracts/Contract.sol#154-155) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions FeeManager.actRate (contracts/Contract.sol#114-115) should be constant Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant . analyzed (4 contracts with 100 detectors), 7 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.4.24",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.4.24",
"install_stderr": null,
"install_stdout": "Version '0.4.24' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-a476gr1p --allow-paths /tmp/slither-a476gr1p,/tmp/slither-a476gr1p/lib,/tmp/slither-a476gr1p/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 7,
"workspace_hash": "ed7ded20d82123143ce79af19c5ee6c72087066bdc591dd49819a9b3e5539820",
"duration_seconds": 0.3443281650543213,
"solc_version_requested": "0.4.24"
}
{"no_findings":true,"summary":"Reviewed first-party Solidity in `contracts/Contract.sol` (FeeManager + interfaces); no meaningful exploitable issues found under the requested categories given the trust assumptions around the registry/token.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-z_jh5dnh
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019babb7-c4af-7b02-bd57-55b656fa76a1
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-z_jh5dnh succeeded in 8ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-z_jh5dnh succeeded in 12ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
pragma solidity 0.4.24;
// File: openzeppelin-solidity/contracts/math/SafeMath.sol
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
/**
* @dev Multiplies two numbers, throws on overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
thinking
**Reviewing FeeManager contract vulnerabilities**
I'm auditing FeeManager.sol focusing on potential reentrancy and trust issues around its external calls to AccessToken methods like burn and distribute. I find no exploitable vulnerabilities here given the lack of internal state changes during reentrant calls and that some risks rely on trust in the registry owner to control the token address. I’ll prepare a JSON report marking no findings but summarizing these considerations clearly.
codex
{"no_findings":true,"summary":"Reviewed first-party Solidity in `contracts/Contract.sol` (FeeManager + interfaces); no meaningful exploitable issues found under the requested categories given the trust assumptions around the registry/token.","findings":[]}
tokens used
7,005
{
"codex": {
"ran_at": "2026-01-11T06:22:17.396989+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": "Reviewed first-party Solidity in `contracts/Contract.sol` (FeeManager + interfaces); no meaningful exploitable issues found under the requested categories given the trust assumptions around the registry/token.",
"raw_final": {
"summary": "Reviewed first-party Solidity in `contracts/Contract.sol` (FeeManager + interfaces); no meaningful exploitable issues found under the requested categories given the trust assumptions around the registry/token.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x006c 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000030: PUSH1 0x00 00000032: CALLDATALOAD 00000033: DIV 00000034: AND 00000035: PUSH4 0x29610252 0000003a: DUP2 0000003b: EQ 0000003c: PUSH2 0x0071 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x54fd4d50 00000046: EQ 00000047: PUSH2 0x008d 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x7ad8fe58 00000051: EQ 00000052: PUSH2 0x00b8 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0xae128e75 0000005c: EQ 0000005d: PUSH2 0x00e2 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xf667526a 00000067: EQ 00000068: PUSH2 0x00fa 0000006b: JUMPI 0000006c: JUMPDEST 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: PUSH2 0x0079 00000075: PUSH2 0x0112 00000078: JUMP 00000079: JUMPDEST 0000007a: PUSH1 0x40 0000007c: DUP1 0000007d: MLOAD 0000007e: SWAP2 0000007f: ISZERO 00000080: ISZERO 00000081: DUP3 00000082: MSTORE 00000083: MLOAD 00000084: SWAP1 00000085: DUP2 00000086: SWAP1 00000087: SUB 00000088: PUSH1 0x20 0000008a: ADD 0000008b: SWAP1 0000008c: RETURN 0000008d: JUMPDEST 0000008e: CALLVALUE 0000008f: DUP1 00000090: ISZERO 00000091: PUSH2 0x0099 00000094: JUMPI 00000095: PUSH1 0x00 00000097: DUP1 00000098: REVERT 00000099: JUMPDEST 0000009a: POP 0000009b: PUSH2 0x00a2 0000009e: PUSH2 0x0298 000000a1: JUMP 000000a2: JUMPDEST 000000a3: PUSH1 0x40 000000a5: DUP1 000000a6: MLOAD 000000a7: PUSH1 0xff 000000a9: SWAP1 000000aa: SWAP3 000000ab: AND 000000ac: DUP3 000000ad: MSTORE 000000ae: MLOAD 000000af: SWAP1 000000b0: DUP2 000000b1: SWAP1 000000b2: SUB 000000b3: PUSH1 0x20 000000b5: ADD 000000b6: SWAP1 000000b7: RETURN 000000b8: JUMPDEST 000000b9: CALLVALUE 000000ba: DUP1 000000bb: ISZERO 000000bc: PUSH2 0x00c4 000000bf: JUMPI 000000c0: PUSH1 0x00 000000c2: DUP1 000000c3: REVERT 000000c4: JUMPDEST 000000c5: POP 000000c6: PUSH2 0x00d0 000000c9: PUSH1 0x04 000000cb: CALLDATALOAD 000000cc: PUSH2 0x029d 000000cf: JUMP 000000d0: JUMPDEST 000000d1: PUSH1 0x40 000000d3: DUP1 000000d4: MLOAD 000000d5: SWAP2 000000d6: DUP3 000000d7: MSTORE 000000d8: MLOAD 000000d9: SWAP1 000000da: DUP2 000000db: SWAP1 000000dc: SUB 000000dd: PUSH1 0x20 000000df: ADD 000000e0: SWAP1 000000e1: RETURN 000000e2: JUMPDEST 000000e3: CALLVALUE 000000e4: DUP1 000000e5: ISZERO 000000e6: PUSH2 0x00ee 000000e9: JUMPI 000000ea: PUSH1 0x00 000000ec: DUP1 000000ed: REVERT 000000ee: JUMPDEST 000000ef: POP 000000f0: PUSH2 0x00d0 000000f3: PUSH1 0x04 000000f5: CALLDATALOAD 000000f6: PUSH2 0x02b8 000000f9: JUMP 000000fa: JUMPDEST 000000fb: CALLVALUE 000000fc: DUP1 000000fd: ISZERO 000000fe: PUSH2 0x0106 00000101: JUMPI 00000102: PUSH1 0x00 00000104: DUP1 00000105: REVERT 00000106: JUMPDEST 00000107: POP 00000108: PUSH2 0x0079 0000010b: PUSH1 0x04 0000010d: CALLDATALOAD 0000010e: PUSH2 0x02cd 00000111: JUMP 00000112: JUMPDEST 00000113: PUSH1 0x01 00000115: SLOAD 00000116: PUSH1 0x40 00000118: DUP1 00000119: MLOAD 0000011a: PUSH32 0x04433bbc00000000000000000000000000000000000000000000000000000000 0000013b: DUP2 0000013c: MSTORE 0000013d: PUSH1 0x20 0000013f: PUSH1 0x04 00000141: DUP3 00000142: ADD 00000143: DUP2 00000144: SWAP1 00000145: MSTORE 00000146: PUSH1 0x0b 00000148: PUSH1 0x24 0000014a: DUP4 0000014b: ADD 0000014c: MSTORE 0000014d: PUSH32 0x416363657373546f6b656e000000000000000000000000000000000000000000 0000016e: PUSH1 0x44 00000170: DUP4 00000171: ADD 00000172: MSTORE 00000173: SWAP2 00000174: MLOAD 00000175: PUSH1 0x00 00000177: SWAP4 00000178: DUP5 00000179: SWAP4 0000017a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000018f: SWAP1 00000190: SWAP2 00000191: AND 00000192: SWAP3 00000193: PUSH4 0x04433bbc 00000198: SWAP3 00000199: PUSH1 0x64 0000019b: DUP1 0000019c: DUP4 0000019d: ADD 0000019e: SWAP4 0000019f: SWAP3 000001a0: DUP3 000001a1: SWAP1 000001a2: SUB 000001a3: ADD 000001a4: DUP2 000001a5: DUP8 000001a6: DUP8 000001a7: DUP1 000001a8: EXTCODESIZE 000001a9: ISZERO 000001aa: DUP1 000001ab: ISZERO 000001ac: PUSH2 0x01b4 000001af: JUMPI 000001b0: PUSH1 0x00 000001b2: DUP1 000001b3: REVERT 000001b4: JUMPDEST 000001b5: POP 000001b6: GAS 000001b7: CALL 000001b8: ISZERO 000001b9: DUP1 000001ba: ISZERO 000001bb: PUSH2 0x01c8 000001be: JUMPI 000001bf: RETURNDATASIZE 000001c0: PUSH1 0x00 000001c2: DUP1 000001c3: RETURNDATACOPY 000001c4: RETURNDATASIZE 000001c5: PUSH1 0x00 000001c7: REVERT 000001c8: JUMPDEST 000001c9: POP 000001ca: POP 000001cb: POP 000001cc: POP 000001cd: PUSH1 0x40 000001cf: MLOAD 000001d0: RETURNDATASIZE 000001d1: PUSH1 0x20 000001d3: DUP2 000001d4: LT 000001d5: ISZERO 000001d6: PUSH2 0x01de 000001d9: JUMPI 000001da: PUSH1 0x00 000001dc: DUP1 000001dd: REVERT 000001de: JUMPDEST 000001df: POP 000001e0: MLOAD 000001e1: SWAP1 000001e2: POP 000001e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001f8: DUP2 000001f9: AND 000001fa: PUSH4 0x91c05b0b 000001ff: PUSH2 0x0207 00000202: CALLVALUE 00000203: PUSH2 0x02b8 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH1 0x40 0000020a: MLOAD 0000020b: DUP3 0000020c: PUSH4 0xffffffff 00000211: AND 00000212: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000230: MUL 00000231: DUP2 00000232: MSTORE 00000233: PUSH1 0x04 00000235: ADD 00000236: DUP1 00000237: DUP3 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: SWAP2 0000023e: POP 0000023f: POP 00000240: PUSH1 0x20 00000242: PUSH1 0x40 00000244: MLOAD 00000245: DUP1 00000246: DUP4 00000247: SUB 00000248: DUP2 00000249: PUSH1 0x00 0000024b: DUP8 0000024c: DUP1 0000024d: EXTCODESIZE 0000024e: ISZERO 0000024f: DUP1 00000250: ISZERO 00000251: PUSH2 0x0259 00000254: JUMPI 00000255: PUSH1 0x00 00000257: DUP1 00000258: REVERT 00000259: JUMPDEST 0000025a: POP 0000025b: GAS 0000025c: CALL 0000025d: ISZERO 0000025e: DUP1 0000025f: ISZERO 00000260: PUSH2 0x026d 00000263: JUMPI 00000264: RETURNDATASIZE 00000265: PUSH1 0x00 00000267: DUP1 00000268: RETURNDATACOPY 00000269: RETURNDATASIZE 0000026a: PUSH1 0x00 0000026c: REVERT 0000026d: JUMPDEST 0000026e: POP 0000026f: POP 00000270: POP 00000271: POP 00000272: PUSH1 0x40 00000274: MLOAD 00000275: RETURNDATASIZE 00000276: PUSH1 0x20 00000278: DUP2 00000279: LT 0000027a: ISZERO 0000027b: PUSH2 0x0283 0000027e: JUMPI 0000027f: PUSH1 0x00 00000281: DUP1 00000282: REVERT 00000283: JUMPDEST 00000284: POP 00000285: MLOAD 00000286: ISZERO 00000287: ISZERO 00000288: PUSH2 0x0290 0000028b: JUMPI 0000028c: PUSH1 0x00 0000028e: DUP1 0000028f: REVERT 00000290: JUMPDEST 00000291: PUSH1 0x01 00000293: SWAP2 00000294: POP 00000295: POP 00000296: SWAP1 00000297: JUMP 00000298: JUMPDEST 00000299: PUSH1 0x01 0000029b: DUP2 0000029c: JUMP 0000029d: JUMPDEST 0000029e: PUSH1 0x00 000002a0: DUP1 000002a1: SLOAD 000002a2: PUSH2 0x02b2 000002a5: SWAP1 000002a6: DUP4 000002a7: SWAP1 000002a8: PUSH4 0xffffffff 000002ad: PUSH2 0x048a 000002b0: AND 000002b1: JUMP 000002b2: JUMPDEST 000002b3: SWAP3 000002b4: SWAP2 000002b5: POP 000002b6: POP 000002b7: JUMP 000002b8: JUMPDEST 000002b9: PUSH1 0x00 000002bb: DUP1 000002bc: SLOAD 000002bd: PUSH2 0x02b2 000002c0: SWAP1 000002c1: DUP4 000002c2: SWAP1 000002c3: PUSH4 0xffffffff 000002c8: PUSH2 0x049f 000002cb: AND 000002cc: JUMP 000002cd: JUMPDEST 000002ce: PUSH1 0x01 000002d0: SLOAD 000002d1: PUSH1 0x40 000002d3: DUP1 000002d4: MLOAD 000002d5: PUSH32 0x04433bbc00000000000000000000000000000000000000000000000000000000 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x20 000002fa: PUSH1 0x04 000002fc: DUP3 000002fd: ADD 000002fe: DUP2 000002ff: SWAP1 00000300: MSTORE 00000301: PUSH1 0x0b 00000303: PUSH1 0x24 00000305: DUP4 00000306: ADD 00000307: MSTORE 00000308: PUSH32 0x416363657373546f6b656e000000000000000000000000000000000000000000 00000329: PUSH1 0x44 0000032b: DUP4 0000032c: ADD 0000032d: MSTORE 0000032e: SWAP2 0000032f: MLOAD 00000330: PUSH1 0x00 00000332: SWAP4 00000333: DUP5 00000334: SWAP4 00000335: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000034a: SWAP1 0000034b: SWAP2 0000034c: AND 0000034d: SWAP3 0000034e: PUSH4 0x04433bbc 00000353: SWAP3 00000354: PUSH1 0x64 00000356: DUP1 00000357: DUP4 00000358: ADD 00000359: SWAP4 0000035a: SWAP3 0000035b: DUP3 0000035c: SWAP1 0000035d: SUB 0000035e: ADD 0000035f: DUP2 00000360: DUP8 00000361: DUP8 00000362: DUP1 00000363: EXTCODESIZE 00000364: ISZERO 00000365: DUP1 00000366: ISZERO 00000367: PUSH2 0x036f 0000036a: JUMPI 0000036b: PUSH1 0x00 0000036d: DUP1 0000036e: REVERT 0000036f: JUMPDEST 00000370: POP 00000371: GAS 00000372: CALL 00000373: ISZERO 00000374: DUP1 00000375: ISZERO 00000376: PUSH2 0x0383 00000379: JUMPI 0000037a: RETURNDATASIZE 0000037b: PUSH1 0x00 0000037d: DUP1 0000037e: RETURNDATACOPY 0000037f: RETURNDATASIZE 00000380: PUSH1 0x00 00000382: REVERT 00000383: JUMPDEST 00000384: POP 00000385: POP 00000386: POP 00000387: POP 00000388: PUSH1 0x40 0000038a: MLOAD 0000038b: RETURNDATASIZE 0000038c: PUSH1 0x20 0000038e: DUP2 0000038f: LT 00000390: ISZERO 00000391: PUSH2 0x0399 00000394: JUMPI 00000395: PUSH1 0x00 00000397: DUP1 00000398: REVERT 00000399: JUMPDEST 0000039a: POP 0000039b: MLOAD 0000039c: PUSH1 0x40 0000039e: DUP1 0000039f: MLOAD 000003a0: PUSH32 0x9dc29fac00000000000000000000000000000000000000000000000000000000 000003c1: DUP2 000003c2: MSTORE 000003c3: CALLER 000003c4: PUSH1 0x04 000003c6: DUP3 000003c7: ADD 000003c8: MSTORE 000003c9: PUSH1 0x24 000003cb: DUP2 000003cc: ADD 000003cd: DUP7 000003ce: SWAP1 000003cf: MSTORE 000003d0: SWAP1 000003d1: MLOAD 000003d2: SWAP2 000003d3: SWAP3 000003d4: POP 000003d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003ea: DUP4 000003eb: AND 000003ec: SWAP2 000003ed: PUSH4 0x9dc29fac 000003f2: SWAP2 000003f3: PUSH1 0x44 000003f5: DUP1 000003f6: DUP3 000003f7: ADD 000003f8: SWAP3 000003f9: PUSH1 0x20 000003fb: SWAP3 000003fc: SWAP1 000003fd: SWAP2 000003fe: SWAP1 000003ff: DUP3 00000400: SWAP1 00000401: SUB 00000402: ADD 00000403: DUP2 00000404: PUSH1 0x00 00000406: DUP8 00000407: DUP1 00000408: EXTCODESIZE 00000409: ISZERO 0000040a: DUP1 0000040b: ISZERO 0000040c: PUSH2 0x0414 0000040f: JUMPI 00000410: PUSH1 0x00 00000412: DUP1 00000413: REVERT 00000414: JUMPDEST 00000415: POP 00000416: GAS 00000417: CALL 00000418: ISZERO 00000419: DUP1 0000041a: ISZERO 0000041b: PUSH2 0x0428 0000041e: JUMPI 0000041f: RETURNDATASIZE 00000420: PUSH1 0x00 00000422: DUP1 00000423: RETURNDATACOPY 00000424: RETURNDATASIZE 00000425: PUSH1 0x00 00000427: REVERT 00000428: JUMPDEST 00000429: POP 0000042a: POP 0000042b: POP 0000042c: POP 0000042d: PUSH1 0x40 0000042f: MLOAD 00000430: RETURNDATASIZE 00000431: PUSH1 0x20 00000433: DUP2 00000434: LT 00000435: ISZERO 00000436: PUSH2 0x043e 00000439: JUMPI 0000043a: PUSH1 0x00 0000043c: DUP1 0000043d: REVERT 0000043e: JUMPDEST 0000043f: POP 00000440: MLOAD 00000441: ISZERO 00000442: ISZERO 00000443: PUSH2 0x044b 00000446: JUMPI 00000447: PUSH1 0x00 00000449: DUP1 0000044a: REVERT 0000044b: JUMPDEST 0000044c: CALLER 0000044d: PUSH2 0x08fc 00000450: PUSH2 0x0458 00000453: DUP6 00000454: PUSH2 0x029d 00000457: JUMP 00000458: JUMPDEST 00000459: PUSH1 0x40 0000045b: MLOAD 0000045c: DUP2 0000045d: ISZERO 0000045e: SWAP1 0000045f: SWAP3 00000460: MUL 00000461: SWAP2 00000462: PUSH1 0x00 00000464: DUP2 00000465: DUP2 00000466: DUP2 00000467: DUP6 00000468: DUP9 00000469: DUP9 0000046a: CALL 0000046b: SWAP4 0000046c: POP 0000046d: POP 0000046e: POP 0000046f: POP 00000470: ISZERO 00000471: DUP1 00000472: ISZERO 00000473: PUSH2 0x0480 00000476: JUMPI 00000477: RETURNDATASIZE 00000478: PUSH1 0x00 0000047a: DUP1 0000047b: RETURNDATACOPY 0000047c: RETURNDATASIZE 0000047d: PUSH1 0x00 0000047f: REVERT 00000480: JUMPDEST 00000481: POP 00000482: PUSH1 0x01 00000484: SWAP4 00000485: SWAP3 00000486: POP 00000487: POP 00000488: POP 00000489: JUMP 0000048a: JUMPDEST 0000048b: PUSH1 0x00 0000048d: DUP2 0000048e: DUP4 0000048f: DUP2 00000490: ISZERO 00000491: ISZERO 00000492: PUSH2 0x0497 00000495: JUMPI 00000496: INVALID 00000497: JUMPDEST 00000498: DIV 00000499: SWAP4 0000049a: SWAP3 0000049b: POP 0000049c: POP 0000049d: POP 0000049e: JUMP 0000049f: JUMPDEST 000004a0: PUSH1 0x00 000004a2: DUP3 000004a3: ISZERO 000004a4: ISZERO 000004a5: PUSH2 0x04b0 000004a8: JUMPI 000004a9: POP 000004aa: PUSH1 0x00 000004ac: PUSH2 0x02b2 000004af: JUMP 000004b0: JUMPDEST 000004b1: POP 000004b2: DUP2 000004b3: DUP2 000004b4: MUL 000004b5: DUP2 000004b6: DUP4 000004b7: DUP3 000004b8: DUP2 000004b9: ISZERO 000004ba: ISZERO 000004bb: PUSH2 0x04c0 000004be: JUMPI 000004bf: INVALID 000004c0: JUMPDEST 000004c1: DIV 000004c2: EQ 000004c3: PUSH2 0x02b2 000004c6: JUMPI 000004c7: INVALID 000004c8: STOP 000004c9: LOG1 000004ca: PUSH6 0x627a7a723058 000004d1: KECCAK256 000004d2: UNKNOWN(0xDE) 000004d3: CALLDATALOAD 000004d4: UNKNOWN(0xD0) 000004d5: EQ 000004d6: UNKNOWN(0xAB) 000004d7: CALLER 000004d8: UNKNOWN(0xDF) 000004d9: RETURNDATASIZE 000004da: UNKNOWN(0xC3) 000004db: REVERT 000004dc: DUP13 000004dd: UNKNOWN(0xC8) 000004de: UNKNOWN(0xEE) 000004df: TIMESTAMP 000004e0: SWAP15 000004e1: ADDRESS 000004e2: UNKNOWN(0xE8) 000004e3: PUSH0 000004e4: UNKNOWN(0xAA) 000004e5: SWAP7 000004e6: DUP9 000004e7: UNKNOWN(0x29) 000004e8: UNKNOWN(0xA6) 000004e9: UNKNOWN(0x2B) 000004ea: CLZ 000004eb: UNKNOWN(0xF6) 000004ec: GASLIMIT 000004ed: UNKNOWN(0xB3) 000004ee: UNKNOWN(0xA6) 000004ef: UNKNOWN(0xB6) 000004f0: UNKNOWN(0xBE) 000004f1: UNKNOWN(0x1F) 000004f2: STOP 000004f3: UNKNOWN(0x29)
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | slither | FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user | 85 | no | — |
viewevidence_json{
"impact": "High",
"detector": "arbitrary-send-eth",
"elements": [
{
"name": "claimFee",
"type": "function",
"source_mapping": {
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 3080,
"length": 275,
"ending_column": 34,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 15,
"filename_absolute": "/tmp/slither-a476gr1p/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "FeeManager",
"type": "contract",
"source_mapping": {
"lines": [
106,
107,
108,
109,
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128,
129,
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151,
152,
153,
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 2312,
"length": 1045,
"ending_column": 36,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 31,
"filename_absolute": "/tmp/slither-a476gr1p/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "claimFee(uint256)"
}
},
{
"name": "msg.sender.transfer(actToWei(_value))",
"type": "node",
"source_mapping": {
"lines": [
164,
165,
166,
167
],
"start": 3296,
"length": 37,
"ending_column": 12,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 12,
"filename_absolute": "/tmp/slither-a476gr1p/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "claimFee",
"type": "function",
"source_mapping": {
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 3080,
"length": 275,
"ending_column": 34,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 15,
"filename_absolute": "/tmp/slither-a476gr1p/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
},
"type_specific_fields": {
"parent": {
"name": "FeeManager",
"type": "contract",
"source_mapping": {
"lines": [
106,
107,
108,
109,
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128,
129,
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151,
152,
153,
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
],
"start": 2312,
"length": 1045,
"ending_column": 36,
"is_dependency": false,
"filename_short": "contracts/Contract.sol",
"starting_column": 31,
"filename_absolute": "/tmp/slither-a476gr1p/contracts/Contract.sol",
"filename_relative": "contracts/Contract.sol"
}
},
"signature": "claimFee(uint256)"
}
}
}
}
],
"locations": [
{
"file": "contracts/Contract.sol",
"name": "claimFee",
"type": "function",
"lines": [
154,
155,
156,
157,
158,
159,
160,
161,
162,
163,
164,
165,
166,
167
]
},
{
"file": "contracts/Contract.sol",
"name": "msg.sender.transfer(actToWei(_value))",
"type": "node",
"lines": [
164,
165,
166,
167
]
}
],
"description": "FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.transfer(actToWei(_value)) (contracts/Contract.sol#164-167)"
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e
call_targets:
0x5973376b603268fe4251d13040226078257014f8, 0xe043dd0c6712b862d68be955f4a031940fbb5513, 0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x5973376b603268fe4251d13040226078257014f8",
"0xe043dd0c6712b862d68be955f4a031940fbb5513",
"0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29610252",
"selector": "0x29610252",
"calldata_variants": [
"0x29610252",
"0x296102520000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7ad8fe58",
"selector": "0x7ad8fe58",
"calldata_variants": [
"0x7ad8fe58",
"0x7ad8fe580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae128e75",
"selector": "0xae128e75",
"calldata_variants": [
"0xae128e75",
"0xae128e750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf667526a",
"selector": "0xf667526a",
"calldata_variants": [
"0xf667526a",
"0xf667526a0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 439,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 882,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 5,
"guards_detected": [],
"untrusted_call_count": 5
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e
call_targets:
0x5973376b603268fe4251d13040226078257014f8, 0xe043dd0c6712b862d68be955f4a031940fbb5513, 0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0xe42fd1d5f96567fa7520c0a7428f1d54c683752d04231a0153b9dc181eafa34e",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x5973376b603268fe4251d13040226078257014f8",
"0xe043dd0c6712b862d68be955f4a031940fbb5513",
"0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x29610252",
"selector": "0x29610252",
"calldata_variants": [
"0x29610252",
"0x296102520000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54fd4d50",
"selector": "0x54fd4d50",
"calldata_variants": [
"0x54fd4d50",
"0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7ad8fe58",
"selector": "0x7ad8fe58",
"calldata_variants": [
"0x7ad8fe58",
"0x7ad8fe580000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae128e75",
"selector": "0xae128e75",
"calldata_variants": [
"0xae128e75",
"0xae128e750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf667526a",
"selector": "0xf667526a",
"calldata_variants": [
"0xf667526a",
"0xf667526a0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 439,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 882,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 5,
"guards_detected": []
}
|