019bab3b-abe1-70b6-972b-bf017fd7e0ea
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38660 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38661 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38662 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38663 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38664 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38665 | detector.run | complete | 1 / 3 | 3 months ago |
| 38666 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39115 | report.consolidate | failed | 6 / 6 | 3 months ago |
| 39116 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "etherscan_only",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0xddf23427abe061cd10408661bd3a7d051efe7fed"
}
},
"implementation": "0xddf23427abe061cd10408661bd3a7d051efe7fed"
}
'forge clean' running (wd: /tmp/slither-vbqbr00g) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-vbqbr00g) AdminUpgradeabilityProxy.constructor(address,address,bytes)._admin (contracts/Contract.sol#305) shadows: - BaseAdminUpgradeabilityProxy._admin() (contracts/Contract.sol#257-259) (function) POWTokenProxy.constructor(address,address)._implementation (contracts/Contract.sol#307-309) shadows: - BaseUpgradeabilityProxy._implementation() (contracts/Contract.sol#119-123) (function) - Proxy._implementation() (contracts/Contract.sol#50-52) (function) POWTokenProxy.constructor(address,address)._admin (contracts/Contract.sol#309) shadows: - BaseAdminUpgradeabilityProxy._admin() (contracts/Contract.sol#257-259) (function) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/Contract.sol#165) lacks a zero-check on : - (success,None) = _logic.delegatecall(_data) (contracts/Contract.sol#169) BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/Contract.sol#253-254) lacks a zero-check on : - (success,None) = newImplementation.delegatecall(data) (contracts/Contract.sol#255) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/Contract.sol#200-203) does not always execute _; or revert Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier ZOSLibAddress.isContract(address) (contracts/Contract.sol#17-29) uses assembly - INLINE ASM (contracts/Contract.sol#27-28) Proxy._delegate(address) (contracts/Contract.sol#58-76) uses assembly - INLINE ASM (contracts/Contract.sol#60-76) BaseUpgradeabilityProxy._implementation() (contracts/Contract.sol#119-123) uses assembly - INLINE ASM (contracts/Contract.sol#123) BaseUpgradeabilityProxy._setImplementation(address) (contracts/Contract.sol#139-144) uses assembly - INLINE ASM (contracts/Contract.sol#144) BaseAdminUpgradeabilityProxy._admin() (contracts/Contract.sol#257-259) uses assembly - INLINE ASM (contracts/Contract.sol#258-259) BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/Contract.sol#266-273) uses assembly - INLINE ASM (contracts/Contract.sol#268-273) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage Version constraint ^0.5.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor - IncorrectEventSignatureInLibraries - ABIEncoderV2PackedStorage. It is used by: - ^0.5.0 (contracts/Contract.sol#1) solc-0.5.0 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/Contract.sol#165-170): - (success,None) = _logic.delegatecall(_data) (contracts/Contract.sol#169) Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/Contract.sol#253-255): - (success,None) = newImplementation.delegatecall(data) (contracts/Contract.sol#255) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls . analyzed (7 contracts with 100 detectors), 16 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.5.0",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.5.0",
"install_stderr": null,
"install_stdout": "Version '0.5.0' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-vbqbr00g --allow-paths /tmp/slither-vbqbr00g,/tmp/slither-vbqbr00g/lib,/tmp/slither-vbqbr00g/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 16,
"workspace_hash": "adca706ab3d0103e476fbf7e44d08f6c6118e71ecbddd62e8c83ab72a666bd09",
"duration_seconds": 0.3959493637084961,
"solc_version_requested": "0.5.17"
}
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 121, in dispatch_job
return report_consolidate.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/report_consolidate.py", line 605, in run
raise RuntimeError("implementation_not_ready")
RuntimeError: implementation_not_ready
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004a 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x3659cfe6 00000019: EQ 0000001a: PUSH2 0x0054 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x4f1ef286 00000024: EQ 00000025: PUSH2 0x00a5 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x5c60da1b 0000002f: EQ 00000030: PUSH2 0x013e 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8f283970 0000003a: EQ 0000003b: PUSH2 0x0195 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf851a440 00000045: EQ 00000046: PUSH2 0x01e6 00000049: JUMPI 0000004a: JUMPDEST 0000004b: PUSH2 0x0052 0000004e: PUSH2 0x023d 00000051: JUMP 00000052: JUMPDEST 00000053: STOP 00000054: JUMPDEST 00000055: CALLVALUE 00000056: DUP1 00000057: ISZERO 00000058: PUSH2 0x0060 0000005b: JUMPI 0000005c: PUSH1 0x00 0000005e: DUP1 0000005f: REVERT 00000060: JUMPDEST 00000061: POP 00000062: PUSH2 0x00a3 00000065: PUSH1 0x04 00000067: DUP1 00000068: CALLDATASIZE 00000069: SUB 0000006a: PUSH1 0x20 0000006c: DUP2 0000006d: LT 0000006e: ISZERO 0000006f: PUSH2 0x0077 00000072: JUMPI 00000073: PUSH1 0x00 00000075: DUP1 00000076: REVERT 00000077: JUMPDEST 00000078: DUP2 00000079: ADD 0000007a: SWAP1 0000007b: DUP1 0000007c: DUP1 0000007d: CALLDATALOAD 0000007e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000093: AND 00000094: SWAP1 00000095: PUSH1 0x20 00000097: ADD 00000098: SWAP1 00000099: SWAP3 0000009a: SWAP2 0000009b: SWAP1 0000009c: POP 0000009d: POP 0000009e: POP 0000009f: PUSH2 0x0257 000000a2: JUMP 000000a3: JUMPDEST 000000a4: STOP 000000a5: JUMPDEST 000000a6: PUSH2 0x013c 000000a9: PUSH1 0x04 000000ab: DUP1 000000ac: CALLDATASIZE 000000ad: SUB 000000ae: PUSH1 0x40 000000b0: DUP2 000000b1: LT 000000b2: ISZERO 000000b3: PUSH2 0x00bb 000000b6: JUMPI 000000b7: PUSH1 0x00 000000b9: DUP1 000000ba: REVERT 000000bb: JUMPDEST 000000bc: DUP2 000000bd: ADD 000000be: SWAP1 000000bf: DUP1 000000c0: DUP1 000000c1: CALLDATALOAD 000000c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000d7: AND 000000d8: SWAP1 000000d9: PUSH1 0x20 000000db: ADD 000000dc: SWAP1 000000dd: SWAP3 000000de: SWAP2 000000df: SWAP1 000000e0: DUP1 000000e1: CALLDATALOAD 000000e2: SWAP1 000000e3: PUSH1 0x20 000000e5: ADD 000000e6: SWAP1 000000e7: PUSH5 0x0100000000 000000ed: DUP2 000000ee: GT 000000ef: ISZERO 000000f0: PUSH2 0x00f8 000000f3: JUMPI 000000f4: PUSH1 0x00 000000f6: DUP1 000000f7: REVERT 000000f8: JUMPDEST 000000f9: DUP3 000000fa: ADD 000000fb: DUP4 000000fc: PUSH1 0x20 000000fe: DUP3 000000ff: ADD 00000100: GT 00000101: ISZERO 00000102: PUSH2 0x010a 00000105: JUMPI 00000106: PUSH1 0x00 00000108: DUP1 00000109: REVERT 0000010a: JUMPDEST 0000010b: DUP1 0000010c: CALLDATALOAD 0000010d: SWAP1 0000010e: PUSH1 0x20 00000110: ADD 00000111: SWAP2 00000112: DUP5 00000113: PUSH1 0x01 00000115: DUP4 00000116: MUL 00000117: DUP5 00000118: ADD 00000119: GT 0000011a: PUSH5 0x0100000000 00000120: DUP4 00000121: GT 00000122: OR 00000123: ISZERO 00000124: PUSH2 0x012c 00000127: JUMPI 00000128: PUSH1 0x00 0000012a: DUP1 0000012b: REVERT 0000012c: JUMPDEST 0000012d: SWAP1 0000012e: SWAP2 0000012f: SWAP3 00000130: SWAP4 00000131: SWAP2 00000132: SWAP3 00000133: SWAP4 00000134: SWAP1 00000135: POP 00000136: POP 00000137: POP 00000138: PUSH2 0x02ac 0000013b: JUMP 0000013c: JUMPDEST 0000013d: STOP 0000013e: JUMPDEST 0000013f: CALLVALUE 00000140: DUP1 00000141: ISZERO 00000142: PUSH2 0x014a 00000145: JUMPI 00000146: PUSH1 0x00 00000148: DUP1 00000149: REVERT 0000014a: JUMPDEST 0000014b: POP 0000014c: PUSH2 0x0153 0000014f: PUSH2 0x0382 00000152: JUMP 00000153: JUMPDEST 00000154: PUSH1 0x40 00000156: MLOAD 00000157: DUP1 00000158: DUP3 00000159: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000016e: AND 0000016f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000184: AND 00000185: DUP2 00000186: MSTORE 00000187: PUSH1 0x20 00000189: ADD 0000018a: SWAP2 0000018b: POP 0000018c: POP 0000018d: PUSH1 0x40 0000018f: MLOAD 00000190: DUP1 00000191: SWAP2 00000192: SUB 00000193: SWAP1 00000194: RETURN 00000195: JUMPDEST 00000196: CALLVALUE 00000197: DUP1 00000198: ISZERO 00000199: PUSH2 0x01a1 0000019c: JUMPI 0000019d: PUSH1 0x00 0000019f: DUP1 000001a0: REVERT 000001a1: JUMPDEST 000001a2: POP 000001a3: PUSH2 0x01e4 000001a6: PUSH1 0x04 000001a8: DUP1 000001a9: CALLDATASIZE 000001aa: SUB 000001ab: PUSH1 0x20 000001ad: DUP2 000001ae: LT 000001af: ISZERO 000001b0: PUSH2 0x01b8 000001b3: JUMPI 000001b4: PUSH1 0x00 000001b6: DUP1 000001b7: REVERT 000001b8: JUMPDEST 000001b9: DUP2 000001ba: ADD 000001bb: SWAP1 000001bc: DUP1 000001bd: DUP1 000001be: CALLDATALOAD 000001bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001d4: AND 000001d5: SWAP1 000001d6: PUSH1 0x20 000001d8: ADD 000001d9: SWAP1 000001da: SWAP3 000001db: SWAP2 000001dc: SWAP1 000001dd: POP 000001de: POP 000001df: POP 000001e0: PUSH2 0x03da 000001e3: JUMP 000001e4: JUMPDEST 000001e5: STOP 000001e6: JUMPDEST 000001e7: CALLVALUE 000001e8: DUP1 000001e9: ISZERO 000001ea: PUSH2 0x01f2 000001ed: JUMPI 000001ee: PUSH1 0x00 000001f0: DUP1 000001f1: REVERT 000001f2: JUMPDEST 000001f3: POP 000001f4: PUSH2 0x01fb 000001f7: PUSH2 0x0553 000001fa: JUMP 000001fb: JUMPDEST 000001fc: PUSH1 0x40 000001fe: MLOAD 000001ff: DUP1 00000200: DUP3 00000201: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000216: AND 00000217: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000022c: AND 0000022d: DUP2 0000022e: MSTORE 0000022f: PUSH1 0x20 00000231: ADD 00000232: SWAP2 00000233: POP 00000234: POP 00000235: PUSH1 0x40 00000237: MLOAD 00000238: DUP1 00000239: SWAP2 0000023a: SUB 0000023b: SWAP1 0000023c: RETURN 0000023d: JUMPDEST 0000023e: PUSH2 0x0245 00000241: PUSH2 0x05ab 00000244: JUMP 00000245: JUMPDEST 00000246: PUSH2 0x0255 00000249: PUSH2 0x0250 0000024c: PUSH2 0x0641 0000024f: JUMP 00000250: JUMPDEST 00000251: PUSH2 0x0672 00000254: JUMP 00000255: JUMPDEST 00000256: JUMP 00000257: JUMPDEST 00000258: PUSH2 0x025f 0000025b: PUSH2 0x0698 0000025e: JUMP 0000025f: JUMPDEST 00000260: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000275: AND 00000276: CALLER 00000277: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000028c: AND 0000028d: EQ 0000028e: ISZERO 0000028f: PUSH2 0x02a0 00000292: JUMPI 00000293: PUSH2 0x029b 00000296: DUP2 00000297: PUSH2 0x06c9 0000029a: JUMP 0000029b: JUMPDEST 0000029c: PUSH2 0x02a9 0000029f: JUMP 000002a0: JUMPDEST 000002a1: PUSH2 0x02a8 000002a4: PUSH2 0x023d 000002a7: JUMP 000002a8: JUMPDEST 000002a9: JUMPDEST 000002aa: POP 000002ab: JUMP 000002ac: JUMPDEST 000002ad: PUSH2 0x02b4 000002b0: PUSH2 0x0698 000002b3: JUMP 000002b4: JUMPDEST 000002b5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002ca: AND 000002cb: CALLER 000002cc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002e1: AND 000002e2: EQ 000002e3: ISZERO 000002e4: PUSH2 0x0374 000002e7: JUMPI 000002e8: PUSH2 0x02f0 000002eb: DUP4 000002ec: PUSH2 0x06c9 000002ef: JUMP 000002f0: JUMPDEST 000002f1: PUSH1 0x00 000002f3: DUP4 000002f4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000309: AND 0000030a: DUP4 0000030b: DUP4 0000030c: PUSH1 0x40 0000030e: MLOAD 0000030f: DUP1 00000310: DUP4 00000311: DUP4 00000312: DUP1 00000313: DUP3 00000314: DUP5 00000315: CALLDATACOPY 00000316: DUP1 00000317: DUP4 00000318: ADD 00000319: SWAP3 0000031a: POP 0000031b: POP 0000031c: POP 0000031d: SWAP3 0000031e: POP 0000031f: POP 00000320: POP 00000321: PUSH1 0x00 00000323: PUSH1 0x40 00000325: MLOAD 00000326: DUP1 00000327: DUP4 00000328: SUB 00000329: DUP2 0000032a: DUP6 0000032b: GAS 0000032c: DELEGATECALL 0000032d: SWAP2 0000032e: POP 0000032f: POP 00000330: RETURNDATASIZE 00000331: DUP1 00000332: PUSH1 0x00 00000334: DUP2 00000335: EQ 00000336: PUSH2 0x035b 00000339: JUMPI 0000033a: PUSH1 0x40 0000033c: MLOAD 0000033d: SWAP2 0000033e: POP 0000033f: PUSH1 0x1f 00000341: NOT 00000342: PUSH1 0x3f 00000344: RETURNDATASIZE 00000345: ADD 00000346: AND 00000347: DUP3 00000348: ADD 00000349: PUSH1 0x40 0000034b: MSTORE 0000034c: RETURNDATASIZE 0000034d: DUP3 0000034e: MSTORE 0000034f: RETURNDATASIZE 00000350: PUSH1 0x00 00000352: PUSH1 0x20 00000354: DUP5 00000355: ADD 00000356: RETURNDATACOPY 00000357: PUSH2 0x0360 0000035a: JUMP 0000035b: JUMPDEST 0000035c: PUSH1 0x60 0000035e: SWAP2 0000035f: POP 00000360: JUMPDEST 00000361: POP 00000362: POP 00000363: SWAP1 00000364: POP 00000365: DUP1 00000366: PUSH2 0x036e 00000369: JUMPI 0000036a: PUSH1 0x00 0000036c: DUP1 0000036d: REVERT 0000036e: JUMPDEST 0000036f: POP 00000370: PUSH2 0x037d 00000373: JUMP 00000374: JUMPDEST 00000375: PUSH2 0x037c 00000378: PUSH2 0x023d 0000037b: JUMP 0000037c: JUMPDEST 0000037d: JUMPDEST 0000037e: POP 0000037f: POP 00000380: POP 00000381: JUMP 00000382: JUMPDEST 00000383: PUSH1 0x00 00000385: PUSH2 0x038c 00000388: PUSH2 0x0698 0000038b: JUMP 0000038c: JUMPDEST 0000038d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003a2: AND 000003a3: CALLER 000003a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003b9: AND 000003ba: EQ 000003bb: ISZERO 000003bc: PUSH2 0x03ce 000003bf: JUMPI 000003c0: PUSH2 0x03c7 000003c3: PUSH2 0x0641 000003c6: JUMP 000003c7: JUMPDEST 000003c8: SWAP1 000003c9: POP 000003ca: PUSH2 0x03d7 000003cd: JUMP 000003ce: JUMPDEST 000003cf: PUSH2 0x03d6 000003d2: PUSH2 0x023d 000003d5: JUMP 000003d6: JUMPDEST 000003d7: JUMPDEST 000003d8: SWAP1 000003d9: JUMP 000003da: JUMPDEST 000003db: PUSH2 0x03e2 000003de: PUSH2 0x0698 000003e1: JUMP 000003e2: JUMPDEST 000003e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003f8: AND 000003f9: CALLER 000003fa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000040f: AND 00000410: EQ 00000411: ISZERO 00000412: PUSH2 0x0547 00000415: JUMPI 00000416: PUSH1 0x00 00000418: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000042d: AND 0000042e: DUP2 0000042f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000444: AND 00000445: EQ 00000446: ISZERO 00000447: PUSH2 0x049b 0000044a: JUMPI 0000044b: PUSH1 0x40 0000044d: MLOAD 0000044e: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000046f: DUP2 00000470: MSTORE 00000471: PUSH1 0x04 00000473: ADD 00000474: DUP1 00000475: DUP1 00000476: PUSH1 0x20 00000478: ADD 00000479: DUP3 0000047a: DUP2 0000047b: SUB 0000047c: DUP3 0000047d: MSTORE 0000047e: PUSH1 0x36 00000480: DUP2 00000481: MSTORE 00000482: PUSH1 0x20 00000484: ADD 00000485: DUP1 00000486: PUSH2 0x081c 00000489: PUSH1 0x36 0000048b: SWAP2 0000048c: CODECOPY 0000048d: PUSH1 0x40 0000048f: ADD 00000490: SWAP2 00000491: POP 00000492: POP 00000493: PUSH1 0x40 00000495: MLOAD 00000496: DUP1 00000497: SWAP2 00000498: SUB 00000499: SWAP1 0000049a: REVERT 0000049b: JUMPDEST 0000049c: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 000004bd: PUSH2 0x04c4 000004c0: PUSH2 0x0698 000004c3: JUMP 000004c4: JUMPDEST 000004c5: DUP3 000004c6: PUSH1 0x40 000004c8: MLOAD 000004c9: DUP1 000004ca: DUP4 000004cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004e0: AND 000004e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004f6: AND 000004f7: DUP2 000004f8: MSTORE 000004f9: PUSH1 0x20 000004fb: ADD 000004fc: DUP3 000004fd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000512: AND 00000513: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000528: AND 00000529: DUP2 0000052a: MSTORE 0000052b: PUSH1 0x20 0000052d: ADD 0000052e: SWAP3 0000052f: POP 00000530: POP 00000531: POP 00000532: PUSH1 0x40 00000534: MLOAD 00000535: DUP1 00000536: SWAP2 00000537: SUB 00000538: SWAP1 00000539: LOG1 0000053a: PUSH2 0x0542 0000053d: DUP2 0000053e: PUSH2 0x0718 00000541: JUMP 00000542: JUMPDEST 00000543: PUSH2 0x0550 00000546: JUMP 00000547: JUMPDEST 00000548: PUSH2 0x054f 0000054b: PUSH2 0x023d 0000054e: JUMP 0000054f: JUMPDEST 00000550: JUMPDEST 00000551: POP 00000552: JUMP 00000553: JUMPDEST 00000554: PUSH1 0x00 00000556: PUSH2 0x055d 00000559: PUSH2 0x0698 0000055c: JUMP 0000055d: JUMPDEST 0000055e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000573: AND 00000574: CALLER 00000575: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000058a: AND 0000058b: EQ 0000058c: ISZERO 0000058d: PUSH2 0x059f 00000590: JUMPI 00000591: PUSH2 0x0598 00000594: PUSH2 0x0698 00000597: JUMP 00000598: JUMPDEST 00000599: SWAP1 0000059a: POP 0000059b: PUSH2 0x05a8 0000059e: JUMP 0000059f: JUMPDEST 000005a0: PUSH2 0x05a7 000005a3: PUSH2 0x023d 000005a6: JUMP 000005a7: JUMPDEST 000005a8: JUMPDEST 000005a9: SWAP1 000005aa: JUMP 000005ab: JUMPDEST 000005ac: PUSH2 0x05b3 000005af: PUSH2 0x0698 000005b2: JUMP 000005b3: JUMPDEST 000005b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005c9: AND 000005ca: CALLER 000005cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005e0: AND 000005e1: EQ 000005e2: ISZERO 000005e3: PUSH2 0x0637 000005e6: JUMPI 000005e7: PUSH1 0x40 000005e9: MLOAD 000005ea: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000060b: DUP2 0000060c: MSTORE 0000060d: PUSH1 0x04 0000060f: ADD 00000610: DUP1 00000611: DUP1 00000612: PUSH1 0x20 00000614: ADD 00000615: DUP3 00000616: DUP2 00000617: SUB 00000618: DUP3 00000619: MSTORE 0000061a: PUSH1 0x32 0000061c: DUP2 0000061d: MSTORE 0000061e: PUSH1 0x20 00000620: ADD 00000621: DUP1 00000622: PUSH2 0x07ea 00000625: PUSH1 0x32 00000627: SWAP2 00000628: CODECOPY 00000629: PUSH1 0x40 0000062b: ADD 0000062c: SWAP2 0000062d: POP 0000062e: POP 0000062f: PUSH1 0x40 00000631: MLOAD 00000632: DUP1 00000633: SWAP2 00000634: SUB 00000635: SWAP1 00000636: REVERT 00000637: JUMPDEST 00000638: PUSH2 0x063f 0000063b: PUSH2 0x0747 0000063e: JUMP 0000063f: JUMPDEST 00000640: JUMP 00000641: JUMPDEST 00000642: PUSH1 0x00 00000644: DUP1 00000645: PUSH32 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3 00000666: PUSH1 0x00 00000668: SHL 00000669: SWAP1 0000066a: POP 0000066b: DUP1 0000066c: SLOAD 0000066d: SWAP2 0000066e: POP 0000066f: POP 00000670: SWAP1 00000671: JUMP 00000672: JUMPDEST 00000673: CALLDATASIZE 00000674: PUSH1 0x00 00000676: DUP1 00000677: CALLDATACOPY 00000678: PUSH1 0x00 0000067a: DUP1 0000067b: CALLDATASIZE 0000067c: PUSH1 0x00 0000067e: DUP5 0000067f: GAS 00000680: DELEGATECALL 00000681: RETURNDATASIZE 00000682: PUSH1 0x00 00000684: DUP1 00000685: RETURNDATACOPY 00000686: DUP1 00000687: PUSH1 0x00 00000689: DUP2 0000068a: EQ 0000068b: PUSH2 0x0693 0000068e: JUMPI 0000068f: RETURNDATASIZE 00000690: PUSH1 0x00 00000692: RETURN 00000693: JUMPDEST 00000694: RETURNDATASIZE 00000695: PUSH1 0x00 00000697: REVERT 00000698: JUMPDEST 00000699: PUSH1 0x00 0000069b: DUP1 0000069c: PUSH32 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b 000006bd: PUSH1 0x00 000006bf: SHL 000006c0: SWAP1 000006c1: POP 000006c2: DUP1 000006c3: SLOAD 000006c4: SWAP2 000006c5: POP 000006c6: POP 000006c7: SWAP1 000006c8: JUMP 000006c9: JUMPDEST 000006ca: PUSH2 0x06d2 000006cd: DUP2 000006ce: PUSH2 0x0749 000006d1: JUMP 000006d2: JUMPDEST 000006d3: DUP1 000006d4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006e9: AND 000006ea: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 0000070b: PUSH1 0x40 0000070d: MLOAD 0000070e: PUSH1 0x40 00000710: MLOAD 00000711: DUP1 00000712: SWAP2 00000713: SUB 00000714: SWAP1 00000715: LOG2 00000716: POP 00000717: JUMP 00000718: JUMPDEST 00000719: PUSH1 0x00 0000071b: PUSH32 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b 0000073c: PUSH1 0x00 0000073e: SHL 0000073f: SWAP1 00000740: POP 00000741: DUP2 00000742: DUP2 00000743: SSTORE 00000744: POP 00000745: POP 00000746: JUMP 00000747: JUMPDEST 00000748: JUMP 00000749: JUMPDEST 0000074a: PUSH2 0x0752 0000074d: DUP2 0000074e: PUSH2 0x07d6 00000751: JUMP 00000752: JUMPDEST 00000753: PUSH2 0x07a7 00000756: JUMPI 00000757: PUSH1 0x40 00000759: MLOAD 0000075a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000077b: DUP2 0000077c: MSTORE 0000077d: PUSH1 0x04 0000077f: ADD 00000780: DUP1 00000781: DUP1 00000782: PUSH1 0x20 00000784: ADD 00000785: DUP3 00000786: DUP2 00000787: SUB 00000788: DUP3 00000789: MSTORE 0000078a: PUSH1 0x3b 0000078c: DUP2 0000078d: MSTORE 0000078e: PUSH1 0x20 00000790: ADD 00000791: DUP1 00000792: PUSH2 0x0852 00000795: PUSH1 0x3b 00000797: SWAP2 00000798: CODECOPY 00000799: PUSH1 0x40 0000079b: ADD 0000079c: SWAP2 0000079d: POP 0000079e: POP 0000079f: PUSH1 0x40 000007a1: MLOAD 000007a2: DUP1 000007a3: SWAP2 000007a4: SUB 000007a5: SWAP1 000007a6: REVERT 000007a7: JUMPDEST 000007a8: PUSH1 0x00 000007aa: PUSH32 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3 000007cb: PUSH1 0x00 000007cd: SHL 000007ce: SWAP1 000007cf: POP 000007d0: DUP2 000007d1: DUP2 000007d2: SSTORE 000007d3: POP 000007d4: POP 000007d5: JUMP 000007d6: JUMPDEST 000007d7: PUSH1 0x00 000007d9: DUP1 000007da: DUP3 000007db: EXTCODESIZE 000007dc: SWAP1 000007dd: POP 000007de: PUSH1 0x00 000007e0: DUP2 000007e1: GT 000007e2: SWAP2 000007e3: POP 000007e4: POP 000007e5: SWAP2 000007e6: SWAP1 000007e7: POP 000007e8: JUMP 000007e9: INVALID 000007ea: NUMBER 000007eb: PUSH2 0x6e6e 000007ee: PUSH16 0x742063616c6c2066616c6c6261636b20 000007ff: PUSH7 0x756e6374696f6e 00000807: KECCAK256 00000808: PUSH7 0x726f6d20746865 00000810: KECCAK256 00000811: PUSH17 0x726f78792061646d696e43616e6e6f7420 00000823: PUSH4 0x68616e67 00000828: PUSH6 0x207468652061 0000082f: PUSH5 0x6d696e206f 00000835: PUSH7 0x20612070726f78 0000083d: PUSH26 0x20746f20746865207a65726f206164647265737343616e6e6f74 00000858: KECCAK256 00000859: PUSH20 0x657420612070726f787920696d706c656d656e74 0000086e: PUSH2 0x7469 00000871: PUSH16 0x6e20746f2061206e6f6e2d636f6e7472 00000882: PUSH2 0x6374 00000885: KECCAK256 00000886: PUSH2 0x6464 00000889: PUSH19 0x657373a265627a7a723158202cfb6ccf48c99c 0000089d: UNKNOWN(0xA9) 0000089e: CALLVALUE 0000089f: SWAP16 000008a0: SWAP7 000008a1: DUP10 000008a2: MCOPY 000008a3: UNKNOWN(0xB0) 000008a4: CODECOPY 000008a5: UNKNOWN(0x4E) 000008a6: CREATE2 000008a7: BLOBHASH 000008a8: UNKNOWN(0xCB) 000008a9: JUMPDEST 000008aa: TSTORE 000008ab: PUSH22
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | upgradeability | detector | Untrusted DELEGATECALL target reachable | 55 | no | no |
viewtrace_id: 0x90b75a9db8d92fb1efe7a5ec1e9134560d8e13ff84b2e5a8a802f15f91207b04
call_targets:
0xddf23427abe061cd10408661bd3a7d051efe7fed
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 2,
"trace_id": "0x90b75a9db8d92fb1efe7a5ec1e9134560d8e13ff84b2e5a8a802f15f91207b04",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xddf23427abe061cd10408661bd3a7d051efe7fed"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 812,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1664,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 630,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 715,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 931,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1017,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1396,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1482,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|
| medium | other | detector | CREATE/CREATE2 reachable | 45 | no | no |
viewtrace_id: 0x16e9729f412387f6b9f94032e4caa636c9660d64d089c51e2efb985b46123449
validation_json{
"sink": "CREATE",
"errors": 0,
"status": "unknown",
"attempts": 10,
"trace_id": "0x16e9729f412387f6b9f94032e4caa636c9660d64d089c51e2efb985b46123449",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"create_count": 0,
"create2_count": 1
}
|
| low | other | cast | Contract creation opcode present | 60 | no | — |
viewevidence_json{
"notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
"create_count": 0,
"create2_count": 1
}
|