019bab3b-abf1-7097-9d2d-1e8607143abe
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38674 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38675 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38676 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38677 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38678 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38679 | detector.run | complete | 1 / 3 | 3 months ago |
| 38680 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39126 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39127 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"method": "etherscan+onchain",
"status": "confirmed",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0x6faee7aac498326660ac2b7207b9f67666073111"
}
},
"implementation": "0x6faee7aac498326660ac2b7207b9f67666073111",
"onchain_method": "eip1967"
}
'forge clean' running (wd: /tmp/slither-ib6zmm8a)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-ib6zmm8a)
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success,None) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) calls BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#52)
BaseImmutableAdminUpgradeabilityProxy.implementation() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#41-43) calls BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#52)
BaseImmutableAdminUpgradeabilityProxy.upgradeTo(address) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#50-52) calls BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#52)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71) calls BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#52)
BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) calls Proxy._fallback() (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#68-71) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#52)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-return-in-assembly
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success,None) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success,None) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revert
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
2 different versions of Solidity are used:
- Version constraint 0.6.12 is used by:
-0.6.12 (contracts/dependencies/openzeppelin/contracts/Address.sol#2)
-0.6.12 (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#2)
-0.6.12 (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#2)
-0.6.12 (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#2)
-0.6.12 (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#2)
- Version constraint ^0.6.0 is used by:
-^0.6.0 (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
Version constraint 0.6.12 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching
- EmptyByteArrayCopy
- DynamicArrayCleanup.
It is used by:
- 0.6.12 (contracts/dependencies/openzeppelin/contracts/Address.sol#2)
- 0.6.12 (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#2)
- 0.6.12 (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#2)
- 0.6.12 (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#2)
- 0.6.12 (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#2)
Version constraint ^0.6.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- NestedCalldataArrayAbiReencodingSizeValidation
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching
- EmptyByteArrayCopy
- DynamicArrayCleanup
- MissingEscapingInFormatting
- ArraySliceDynamicallyEncodedBaseType
- ImplicitConstructorCallvalueCheck
- TupleAssignmentMultiStackSlotComponents
- MemoryArrayCreationOverflow
- YulOptimizerRedundantAssignmentBreakContinue.
It is used by:
- ^0.6.0 (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#2)
solc-0.6.12 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success,None) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success,None) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success,None) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
. analyzed (6 contracts with 100 detectors), 25 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.6.12",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.6.12",
"install_stderr": null,
"install_stdout": "Version '0.6.12' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-ib6zmm8a --allow-paths /tmp/slither-ib6zmm8a,/tmp/slither-ib6zmm8a/lib,/tmp/slither-ib6zmm8a/src",
"remappings": [],
"source_files": [
"contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol",
"contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol",
"contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol",
"contracts/dependencies/openzeppelin/upgradeability/Proxy.sol",
"contracts/dependencies/openzeppelin/contracts/Address.sol",
"contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 25,
"workspace_hash": "d9c94d91718d44c5ee17eb03fa24478fccf867fb14dbce70f3535b5c3c961b79",
"duration_seconds": 0.4984734058380127,
"solc_version_requested": "0.6.12"
}
{"no_findings":true,"summary":"Reviewed AToken implementation and supporting libraries in AUDIT_BUNDLE; no exploitable vulnerabilities found in scope. Assumes proxy was initialized with trusted LendingPool and incentives controller addresses.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-3oxp3nl4
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019babc6-cd42-7c31-b4b4-29e3e3140c75
--------
user
Context: The user requested the proxy at 0xd35f648c3c7f17cd1ba92e5eac991e3efcd4566d.
Audit the implementation at 0x6faee7aac498326660ac2b7207b9f67666073111.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-3oxp3nl4 succeeded in 7ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-3oxp3nl4 succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/dependencies/openzeppelin/contracts/Address.sol
================================================================================
// SPDX-License-Identifier: agpl-3.0
pragma solidity 0.6.12;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
thinking
**Searching for contract implementations**
exec
/bin/bash -lc 'rg "contract" -n AUDIT_BUNDLE.txt' in /tmp/codex-3oxp3nl4 succeeded in 7ms:
5:FILE: contracts/dependencies/openzeppelin/contracts/Address.sol
15: * @dev Returns true if `account` is a contract.
20: * false is an externally-owned account (EOA) and not a contract.
26: * - a contract in construction
27: * - an address where a contract will be created
28: * - an address where a contract lived, but was destroyed
49: * of certain opcodes, possibly making contracts go over the 2300 gas limit
70:FILE: contracts/dependencies/openzeppelin/contracts/Context.sol
83: * This contract is only required for intermediate, library-like contracts.
85:abstract contract Context {
97:FILE: contracts/dependencies/openzeppelin/contracts/IERC20.sol
181:FILE: contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol
197:FILE: contracts/dependencies/openzeppelin/contracts/SafeERC20.sol
210: * contract returns false). Tokens that return no value (and instead revert or
213: * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
250: require(address(token).isContract(), 'SafeERC20: call to non-contract');
265:FILE: contracts/dependencies/openzeppelin/contracts/SafeMath.sol
345: // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
432:FILE: contracts/interfaces/IAToken.sol
437:import {IERC20} from '../dependencies/openzeppelin/contracts/IERC20.sol';
thinking
**Extracting AToken implementation section**
exec
/bin/bash -lc "sed -n '1680,2096p' AUDIT_BUNDLE.txt" in /tmp/codex-3oxp3nl4 succeeded in 7ms:
enum InterestRateMode {NONE, STABLE, VARIABLE}
enum Roles {DEPOSITOR, BORROWER, LIQUIDATOR, STABLE_RATE_MANAGER}
}
================================================================================
FILE: contracts/protocol/tokenization/AToken.sol
================================================================================
// SPDX-License-Identifier: agpl-3.0
pragma solidity 0.6.12;
import {IERC20} from '../../dependencies/openzeppelin/contracts/IERC20.sol';
import {SafeERC20} from '../../dependencies/openzeppelin/contracts/SafeERC20.sol';
import {ILendingPool} from '../../interfaces/ILendingPool.sol';
import {IAToken} from '../../interfaces/IAToken.sol';
import {WadRayMath} from '../libraries/math/WadRayMath.sol';
import {Errors} from '../libraries/helpers/Errors.sol';
import {VersionedInitializable} from '../libraries/aave-upgradeability/VersionedInitializable.sol';
import {IncentivizedERC20} from './IncentivizedERC20.sol';
thinking
**Reviewing VersionedInitializable contract**
exec
/bin/bash -lc "sed -n '1280,1680p' AUDIT_BUNDLE.txt" in /tmp/codex-3oxp3nl4 succeeded in 5ms:
}
================================================================================
FILE: contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol
================================================================================
// SPDX-License-Identifier: agpl-3.0
pragma solidity 0.6.12;
/**
* @title VersionedInitializable
*
* @dev Helper contract to implement initializer functions. To use it, replace
* the constructor with a function that has the `initializer` modifier.
* WARNING: Unlike constructors, initializer functions must be manually
* invoked. This applies both to deploying an Initializable contract, as well
* as extending an Initializable contract via inheritance.
* WARNING: When used with inheritance, manual care must be taken to not invoke
* a parent initializer twice, or ensure that all initializers are idempotent,
* because this is not dealt with automatically as with constructors.
*
thinking
**Analyzing potential vulnerabilities in AToken and IncentivizedERC20**
I’m carefully auditing the AToken and IncentivizedERC20 contracts for reentrancy, signature validation, and upgradeability issues. There’s a subtle reentrancy risk where the incentives controller’s external calls within transfers could allow a malicious controller (if granted allowance) to exploit transferFrom before allowances update. Signature validation and initialization lack some typical checks but appear standard for this codebase. Overall, many risks hinge on trusted external contracts and deployment configurations.
thinking
**Confirming no critical vulnerabilities found**
I’m wrapping up the audit by verifying that the potential reentrancy and signature issues do not constitute exploitable vulnerabilities given the trust assumptions about external contracts. The initializer and upgradeability patterns seem standard without obvious flaws. Overall, I’ll report no findings but note reliance on trusted external components and proper proxy initialization.
codex
{"no_findings":true,"summary":"Reviewed AToken implementation and supporting libraries in AUDIT_BUNDLE; no exploitable vulnerabilities found in scope. Assumes proxy was initialized with trusted LendingPool and incentives controller addresses.","findings":[]}
tokens used
33,560
{
"codex": {
"ran_at": "2026-01-11T06:39:54.218988+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 18,
"import_count": 23,
"first_party_contracts_count": 18
},
"summary": "Reviewed AToken implementation and supporting libraries in AUDIT_BUNDLE; no exploitable vulnerabilities found in scope. Assumes proxy was initialized with trusted LendingPool and incentives controller addresses.",
"raw_final": {
"summary": "Reviewed AToken implementation and supporting libraries in AUDIT_BUNDLE; no exploitable vulnerabilities found in scope. Assumes proxy was initialized with trusted LendingPool and incentives controller addresses.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"proxy_context": {
"proxy_run_id": "019bab3b-abf1-7097-9d2d-1e8607143abe",
"proxy_address": "0xd35f648c3c7f17cd1ba92e5eac991e3efcd4566d",
"implementation_run_id": "019bab3d-a126-71a9-ba02-d6d1d782d905",
"implementation_address": "0x6faee7aac498326660ac2b7207b9f67666073111"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004a 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x3659cfe6 00000019: EQ 0000001a: PUSH2 0x0054 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x4f1ef286 00000024: EQ 00000025: PUSH2 0x0087 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x5c60da1b 0000002f: EQ 00000030: PUSH2 0x0105 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xd1f57894 0000003a: EQ 0000003b: PUSH2 0x0136 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf851a440 00000045: EQ 00000046: PUSH2 0x01ea 00000049: JUMPI 0000004a: JUMPDEST 0000004b: PUSH2 0x0052 0000004e: PUSH2 0x01ff 00000051: JUMP 00000052: JUMPDEST 00000053: STOP 00000054: JUMPDEST 00000055: CALLVALUE 00000056: DUP1 00000057: ISZERO 00000058: PUSH2 0x0060 0000005b: JUMPI 0000005c: PUSH1 0x00 0000005e: DUP1 0000005f: REVERT 00000060: JUMPDEST 00000061: POP 00000062: PUSH2 0x0052 00000065: PUSH1 0x04 00000067: DUP1 00000068: CALLDATASIZE 00000069: SUB 0000006a: PUSH1 0x20 0000006c: DUP2 0000006d: LT 0000006e: ISZERO 0000006f: PUSH2 0x0077 00000072: JUMPI 00000073: PUSH1 0x00 00000075: DUP1 00000076: REVERT 00000077: JUMPDEST 00000078: POP 00000079: CALLDATALOAD 0000007a: PUSH1 0x01 0000007c: PUSH1 0x01 0000007e: PUSH1 0xa0 00000080: SHL 00000081: SUB 00000082: AND 00000083: PUSH2 0x0219 00000086: JUMP 00000087: JUMPDEST 00000088: PUSH2 0x0052 0000008b: PUSH1 0x04 0000008d: DUP1 0000008e: CALLDATASIZE 0000008f: SUB 00000090: PUSH1 0x40 00000092: DUP2 00000093: LT 00000094: ISZERO 00000095: PUSH2 0x009d 00000098: JUMPI 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: REVERT 0000009d: JUMPDEST 0000009e: PUSH1 0x01 000000a0: PUSH1 0x01 000000a2: PUSH1 0xa0 000000a4: SHL 000000a5: SUB 000000a6: DUP3 000000a7: CALLDATALOAD 000000a8: AND 000000a9: SWAP2 000000aa: SWAP1 000000ab: DUP2 000000ac: ADD 000000ad: SWAP1 000000ae: PUSH1 0x40 000000b0: DUP2 000000b1: ADD 000000b2: PUSH1 0x20 000000b4: DUP3 000000b5: ADD 000000b6: CALLDATALOAD 000000b7: PUSH1 0x01 000000b9: PUSH1 0x20 000000bb: SHL 000000bc: DUP2 000000bd: GT 000000be: ISZERO 000000bf: PUSH2 0x00c7 000000c2: JUMPI 000000c3: PUSH1 0x00 000000c5: DUP1 000000c6: REVERT 000000c7: JUMPDEST 000000c8: DUP3 000000c9: ADD 000000ca: DUP4 000000cb: PUSH1 0x20 000000cd: DUP3 000000ce: ADD 000000cf: GT 000000d0: ISZERO 000000d1: PUSH2 0x00d9 000000d4: JUMPI 000000d5: PUSH1 0x00 000000d7: DUP1 000000d8: REVERT 000000d9: JUMPDEST 000000da: DUP1 000000db: CALLDATALOAD 000000dc: SWAP1 000000dd: PUSH1 0x20 000000df: ADD 000000e0: SWAP2 000000e1: DUP5 000000e2: PUSH1 0x01 000000e4: DUP4 000000e5: MUL 000000e6: DUP5 000000e7: ADD 000000e8: GT 000000e9: PUSH1 0x01 000000eb: PUSH1 0x20 000000ed: SHL 000000ee: DUP4 000000ef: GT 000000f0: OR 000000f1: ISZERO 000000f2: PUSH2 0x00fa 000000f5: JUMPI 000000f6: PUSH1 0x00 000000f8: DUP1 000000f9: REVERT 000000fa: JUMPDEST 000000fb: POP 000000fc: SWAP1 000000fd: SWAP3 000000fe: POP 000000ff: SWAP1 00000100: POP 00000101: PUSH2 0x0263 00000104: JUMP 00000105: JUMPDEST 00000106: CALLVALUE 00000107: DUP1 00000108: ISZERO 00000109: PUSH2 0x0111 0000010c: JUMPI 0000010d: PUSH1 0x00 0000010f: DUP1 00000110: REVERT 00000111: JUMPDEST 00000112: POP 00000113: PUSH2 0x011a 00000116: PUSH2 0x0320 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH1 0x40 0000011d: DUP1 0000011e: MLOAD 0000011f: PUSH1 0x01 00000121: PUSH1 0x01 00000123: PUSH1 0xa0 00000125: SHL 00000126: SUB 00000127: SWAP1 00000128: SWAP3 00000129: AND 0000012a: DUP3 0000012b: MSTORE 0000012c: MLOAD 0000012d: SWAP1 0000012e: DUP2 0000012f: SWAP1 00000130: SUB 00000131: PUSH1 0x20 00000133: ADD 00000134: SWAP1 00000135: RETURN 00000136: JUMPDEST 00000137: PUSH2 0x0052 0000013a: PUSH1 0x04 0000013c: DUP1 0000013d: CALLDATASIZE 0000013e: SUB 0000013f: PUSH1 0x40 00000141: DUP2 00000142: LT 00000143: ISZERO 00000144: PUSH2 0x014c 00000147: JUMPI 00000148: PUSH1 0x00 0000014a: DUP1 0000014b: REVERT 0000014c: JUMPDEST 0000014d: PUSH1 0x01 0000014f: PUSH1 0x01 00000151: PUSH1 0xa0 00000153: SHL 00000154: SUB 00000155: DUP3 00000156: CALLDATALOAD 00000157: AND 00000158: SWAP2 00000159: SWAP1 0000015a: DUP2 0000015b: ADD 0000015c: SWAP1 0000015d: PUSH1 0x40 0000015f: DUP2 00000160: ADD 00000161: PUSH1 0x20 00000163: DUP3 00000164: ADD 00000165: CALLDATALOAD 00000166: PUSH1 0x01 00000168: PUSH1 0x20 0000016a: SHL 0000016b: DUP2 0000016c: GT 0000016d: ISZERO 0000016e: PUSH2 0x0176 00000171: JUMPI 00000172: PUSH1 0x00 00000174: DUP1 00000175: REVERT 00000176: JUMPDEST 00000177: DUP3 00000178: ADD 00000179: DUP4 0000017a: PUSH1 0x20 0000017c: DUP3 0000017d: ADD 0000017e: GT 0000017f: ISZERO 00000180: PUSH2 0x0188 00000183: JUMPI 00000184: PUSH1 0x00 00000186: DUP1 00000187: REVERT 00000188: JUMPDEST 00000189: DUP1 0000018a: CALLDATALOAD 0000018b: SWAP1 0000018c: PUSH1 0x20 0000018e: ADD 0000018f: SWAP2 00000190: DUP5 00000191: PUSH1 0x01 00000193: DUP4 00000194: MUL 00000195: DUP5 00000196: ADD 00000197: GT 00000198: PUSH1 0x01 0000019a: PUSH1 0x20 0000019c: SHL 0000019d: DUP4 0000019e: GT 0000019f: OR 000001a0: ISZERO 000001a1: PUSH2 0x01a9 000001a4: JUMPI 000001a5: PUSH1 0x00 000001a7: DUP1 000001a8: REVERT 000001a9: JUMPDEST 000001aa: SWAP2 000001ab: SWAP1 000001ac: DUP1 000001ad: DUP1 000001ae: PUSH1 0x1f 000001b0: ADD 000001b1: PUSH1 0x20 000001b3: DUP1 000001b4: SWAP2 000001b5: DIV 000001b6: MUL 000001b7: PUSH1 0x20 000001b9: ADD 000001ba: PUSH1 0x40 000001bc: MLOAD 000001bd: SWAP1 000001be: DUP2 000001bf: ADD 000001c0: PUSH1 0x40 000001c2: MSTORE 000001c3: DUP1 000001c4: SWAP4 000001c5: SWAP3 000001c6: SWAP2 000001c7: SWAP1 000001c8: DUP2 000001c9: DUP2 000001ca: MSTORE 000001cb: PUSH1 0x20 000001cd: ADD 000001ce: DUP4 000001cf: DUP4 000001d0: DUP1 000001d1: DUP3 000001d2: DUP5 000001d3: CALLDATACOPY 000001d4: PUSH1 0x00 000001d6: SWAP3 000001d7: ADD 000001d8: SWAP2 000001d9: SWAP1 000001da: SWAP2 000001db: MSTORE 000001dc: POP 000001dd: SWAP3 000001de: SWAP6 000001df: POP 000001e0: PUSH2 0x036d 000001e3: SWAP5 000001e4: POP 000001e5: POP 000001e6: POP 000001e7: POP 000001e8: POP 000001e9: JUMP 000001ea: JUMPDEST 000001eb: CALLVALUE 000001ec: DUP1 000001ed: ISZERO 000001ee: PUSH2 0x01f6 000001f1: JUMPI 000001f2: PUSH1 0x00 000001f4: DUP1 000001f5: REVERT 000001f6: JUMPDEST 000001f7: POP 000001f8: PUSH2 0x011a 000001fb: PUSH2 0x044d 000001fe: JUMP 000001ff: JUMPDEST 00000200: PUSH2 0x0207 00000203: PUSH2 0x04a7 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH2 0x0217 0000020b: PUSH2 0x0212 0000020e: PUSH2 0x04af 00000211: JUMP 00000212: JUMPDEST 00000213: PUSH2 0x04d4 00000216: JUMP 00000217: JUMPDEST 00000218: JUMP 00000219: JUMPDEST 0000021a: CALLER 0000021b: PUSH1 0x01 0000021d: PUSH1 0x01 0000021f: PUSH1 0xa0 00000221: SHL 00000222: SUB 00000223: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 00000244: AND 00000245: EQ 00000246: ISZERO 00000247: PUSH2 0x0258 0000024a: JUMPI 0000024b: PUSH2 0x0253 0000024e: DUP2 0000024f: PUSH2 0x04f8 00000252: JUMP 00000253: JUMPDEST 00000254: PUSH2 0x0260 00000257: JUMP 00000258: JUMPDEST 00000259: PUSH2 0x0260 0000025c: PUSH2 0x01ff 0000025f: JUMP 00000260: JUMPDEST 00000261: POP 00000262: JUMP 00000263: JUMPDEST 00000264: CALLER 00000265: PUSH1 0x01 00000267: PUSH1 0x01 00000269: PUSH1 0xa0 0000026b: SHL 0000026c: SUB 0000026d: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 0000028e: AND 0000028f: EQ 00000290: ISZERO 00000291: PUSH2 0x0313 00000294: JUMPI 00000295: PUSH2 0x029d 00000298: DUP4 00000299: PUSH2 0x04f8 0000029c: JUMP 0000029d: JUMPDEST 0000029e: PUSH1 0x00 000002a0: DUP4 000002a1: PUSH1 0x01 000002a3: PUSH1 0x01 000002a5: PUSH1 0xa0 000002a7: SHL 000002a8: SUB 000002a9: AND 000002aa: DUP4 000002ab: DUP4 000002ac: PUSH1 0x40 000002ae: MLOAD 000002af: DUP1 000002b0: DUP4 000002b1: DUP4 000002b2: DUP1 000002b3: DUP3 000002b4: DUP5 000002b5: CALLDATACOPY 000002b6: PUSH1 0x40 000002b8: MLOAD 000002b9: SWAP3 000002ba: ADD 000002bb: SWAP5 000002bc: POP 000002bd: PUSH1 0x00 000002bf: SWAP4 000002c0: POP 000002c1: SWAP1 000002c2: SWAP2 000002c3: POP 000002c4: POP 000002c5: DUP1 000002c6: DUP4 000002c7: SUB 000002c8: DUP2 000002c9: DUP6 000002ca: GAS 000002cb: DELEGATECALL 000002cc: SWAP2 000002cd: POP 000002ce: POP 000002cf: RETURNDATASIZE 000002d0: DUP1 000002d1: PUSH1 0x00 000002d3: DUP2 000002d4: EQ 000002d5: PUSH2 0x02fa 000002d8: JUMPI 000002d9: PUSH1 0x40 000002db: MLOAD 000002dc: SWAP2 000002dd: POP 000002de: PUSH1 0x1f 000002e0: NOT 000002e1: PUSH1 0x3f 000002e3: RETURNDATASIZE 000002e4: ADD 000002e5: AND 000002e6: DUP3 000002e7: ADD 000002e8: PUSH1 0x40 000002ea: MSTORE 000002eb: RETURNDATASIZE 000002ec: DUP3 000002ed: MSTORE 000002ee: RETURNDATASIZE 000002ef: PUSH1 0x00 000002f1: PUSH1 0x20 000002f3: DUP5 000002f4: ADD 000002f5: RETURNDATACOPY 000002f6: PUSH2 0x02ff 000002f9: JUMP 000002fa: JUMPDEST 000002fb: PUSH1 0x60 000002fd: SWAP2 000002fe: POP 000002ff: JUMPDEST 00000300: POP 00000301: POP 00000302: SWAP1 00000303: POP 00000304: DUP1 00000305: PUSH2 0x030d 00000308: JUMPI 00000309: PUSH1 0x00 0000030b: DUP1 0000030c: REVERT 0000030d: JUMPDEST 0000030e: POP 0000030f: PUSH2 0x031b 00000312: JUMP 00000313: JUMPDEST 00000314: PUSH2 0x031b 00000317: PUSH2 0x01ff 0000031a: JUMP 0000031b: JUMPDEST 0000031c: POP 0000031d: POP 0000031e: POP 0000031f: JUMP 00000320: JUMPDEST 00000321: PUSH1 0x00 00000323: CALLER 00000324: PUSH1 0x01 00000326: PUSH1 0x01 00000328: PUSH1 0xa0 0000032a: SHL 0000032b: SUB 0000032c: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 0000034d: AND 0000034e: EQ 0000034f: ISZERO 00000350: PUSH2 0x0362 00000353: JUMPI 00000354: PUSH2 0x035b 00000357: PUSH2 0x04af 0000035a: JUMP 0000035b: JUMPDEST 0000035c: SWAP1 0000035d: POP 0000035e: PUSH2 0x036a 00000361: JUMP 00000362: JUMPDEST 00000363: PUSH2 0x036a 00000366: PUSH2 0x01ff 00000369: JUMP 0000036a: JUMPDEST 0000036b: SWAP1 0000036c: JUMP 0000036d: JUMPDEST 0000036e: PUSH1 0x00 00000370: PUSH2 0x0377 00000373: PUSH2 0x04af 00000376: JUMP 00000377: JUMPDEST 00000378: PUSH1 0x01 0000037a: PUSH1 0x01 0000037c: PUSH1 0xa0 0000037e: SHL 0000037f: SUB 00000380: AND 00000381: EQ 00000382: PUSH2 0x038a 00000385: JUMPI 00000386: PUSH1 0x00 00000388: DUP1 00000389: REVERT 0000038a: JUMPDEST 0000038b: PUSH2 0x0393 0000038e: DUP3 0000038f: PUSH2 0x0538 00000392: JUMP 00000393: JUMPDEST 00000394: DUP1 00000395: MLOAD 00000396: ISZERO 00000397: PUSH2 0x0449 0000039a: JUMPI 0000039b: PUSH1 0x00 0000039d: DUP3 0000039e: PUSH1 0x01 000003a0: PUSH1 0x01 000003a2: PUSH1 0xa0 000003a4: SHL 000003a5: SUB 000003a6: AND 000003a7: DUP3 000003a8: PUSH1 0x40 000003aa: MLOAD 000003ab: DUP1 000003ac: DUP3 000003ad: DUP1 000003ae: MLOAD 000003af: SWAP1 000003b0: PUSH1 0x20 000003b2: ADD 000003b3: SWAP1 000003b4: DUP1 000003b5: DUP4 000003b6: DUP4 000003b7: JUMPDEST 000003b8: PUSH1 0x20 000003ba: DUP4 000003bb: LT 000003bc: PUSH2 0x03d6 000003bf: JUMPI 000003c0: DUP1 000003c1: MLOAD 000003c2: DUP3 000003c3: MSTORE 000003c4: PUSH1 0x1f 000003c6: NOT 000003c7: SWAP1 000003c8: SWAP3 000003c9: ADD 000003ca: SWAP2 000003cb: PUSH1 0x20 000003cd: SWAP2 000003ce: DUP3 000003cf: ADD 000003d0: SWAP2 000003d1: ADD 000003d2: PUSH2 0x03b7 000003d5: JUMP 000003d6: JUMPDEST 000003d7: PUSH1 0x01 000003d9: DUP4 000003da: PUSH1 0x20 000003dc: SUB 000003dd: PUSH2 0x0100 000003e0: EXP 000003e1: SUB 000003e2: DUP1 000003e3: NOT 000003e4: DUP3 000003e5: MLOAD 000003e6: AND 000003e7: DUP2 000003e8: DUP5 000003e9: MLOAD 000003ea: AND 000003eb: DUP1 000003ec: DUP3 000003ed: OR 000003ee: DUP6 000003ef: MSTORE 000003f0: POP 000003f1: POP 000003f2: POP 000003f3: POP 000003f4: POP 000003f5: POP 000003f6: SWAP1 000003f7: POP 000003f8: ADD 000003f9: SWAP2 000003fa: POP 000003fb: POP 000003fc: PUSH1 0x00 000003fe: PUSH1 0x40 00000400: MLOAD 00000401: DUP1 00000402: DUP4 00000403: SUB 00000404: DUP2 00000405: DUP6 00000406: GAS 00000407: DELEGATECALL 00000408: SWAP2 00000409: POP 0000040a: POP 0000040b: RETURNDATASIZE 0000040c: DUP1 0000040d: PUSH1 0x00 0000040f: DUP2 00000410: EQ 00000411: PUSH2 0x0436 00000414: JUMPI 00000415: PUSH1 0x40 00000417: MLOAD 00000418: SWAP2 00000419: POP 0000041a: PUSH1 0x1f 0000041c: NOT 0000041d: PUSH1 0x3f 0000041f: RETURNDATASIZE 00000420: ADD 00000421: AND 00000422: DUP3 00000423: ADD 00000424: PUSH1 0x40 00000426: MSTORE 00000427: RETURNDATASIZE 00000428: DUP3 00000429: MSTORE 0000042a: RETURNDATASIZE 0000042b: PUSH1 0x00 0000042d: PUSH1 0x20 0000042f: DUP5 00000430: ADD 00000431: RETURNDATACOPY 00000432: PUSH2 0x043b 00000435: JUMP 00000436: JUMPDEST 00000437: PUSH1 0x60 00000439: SWAP2 0000043a: POP 0000043b: JUMPDEST 0000043c: POP 0000043d: POP 0000043e: SWAP1 0000043f: POP 00000440: DUP1 00000441: PUSH2 0x031b 00000444: JUMPI 00000445: PUSH1 0x00 00000447: DUP1 00000448: REVERT 00000449: JUMPDEST 0000044a: POP 0000044b: POP 0000044c: JUMP 0000044d: JUMPDEST 0000044e: PUSH1 0x00 00000450: CALLER 00000451: PUSH1 0x01 00000453: PUSH1 0x01 00000455: PUSH1 0xa0 00000457: SHL 00000458: SUB 00000459: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 0000047a: AND 0000047b: EQ 0000047c: ISZERO 0000047d: PUSH2 0x0362 00000480: JUMPI 00000481: POP 00000482: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 000004a3: PUSH2 0x036a 000004a6: JUMP 000004a7: JUMPDEST 000004a8: PUSH2 0x0217 000004ab: PUSH2 0x05a0 000004ae: JUMP 000004af: JUMPDEST 000004b0: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000004d1: SLOAD 000004d2: SWAP1 000004d3: JUMP 000004d4: JUMPDEST 000004d5: CALLDATASIZE 000004d6: PUSH1 0x00 000004d8: DUP1 000004d9: CALLDATACOPY 000004da: PUSH1 0x00 000004dc: DUP1 000004dd: CALLDATASIZE 000004de: PUSH1 0x00 000004e0: DUP5 000004e1: GAS 000004e2: DELEGATECALL 000004e3: RETURNDATASIZE 000004e4: PUSH1 0x00 000004e6: DUP1 000004e7: RETURNDATACOPY 000004e8: DUP1 000004e9: DUP1 000004ea: ISZERO 000004eb: PUSH2 0x04f3 000004ee: JUMPI 000004ef: RETURNDATASIZE 000004f0: PUSH1 0x00 000004f2: RETURN 000004f3: JUMPDEST 000004f4: RETURNDATASIZE 000004f5: PUSH1 0x00 000004f7: REVERT 000004f8: JUMPDEST 000004f9: PUSH2 0x0501 000004fc: DUP2 000004fd: PUSH2 0x0538 00000500: JUMP 00000501: JUMPDEST 00000502: PUSH1 0x40 00000504: MLOAD 00000505: PUSH1 0x01 00000507: PUSH1 0x01 00000509: PUSH1 0xa0 0000050b: SHL 0000050c: SUB 0000050d: DUP3 0000050e: AND 0000050f: SWAP1 00000510: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 00000531: SWAP1 00000532: PUSH1 0x00 00000534: SWAP1 00000535: LOG2 00000536: POP 00000537: JUMP 00000538: JUMPDEST 00000539: PUSH2 0x0541 0000053c: DUP2 0000053d: PUSH2 0x0610 00000540: JUMP 00000541: JUMPDEST 00000542: PUSH2 0x057c 00000545: JUMPI 00000546: PUSH1 0x40 00000548: MLOAD 00000549: PUSH3 0x461bcd 0000054d: PUSH1 0xe5 0000054f: SHL 00000550: DUP2 00000551: MSTORE 00000552: PUSH1 0x04 00000554: ADD 00000555: DUP1 00000556: DUP1 00000557: PUSH1 0x20 00000559: ADD 0000055a: DUP3 0000055b: DUP2 0000055c: SUB 0000055d: DUP3 0000055e: MSTORE 0000055f: PUSH1 0x3b 00000561: DUP2 00000562: MSTORE 00000563: PUSH1 0x20 00000565: ADD 00000566: DUP1 00000567: PUSH2 0x067f 0000056a: PUSH1 0x3b 0000056c: SWAP2 0000056d: CODECOPY 0000056e: PUSH1 0x40 00000570: ADD 00000571: SWAP2 00000572: POP 00000573: POP 00000574: PUSH1 0x40 00000576: MLOAD 00000577: DUP1 00000578: SWAP2 00000579: SUB 0000057a: SWAP1 0000057b: REVERT 0000057c: JUMPDEST 0000057d: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 0000059e: SSTORE 0000059f: JUMP 000005a0: JUMPDEST 000005a1: CALLER 000005a2: PUSH1 0x01 000005a4: PUSH1 0x01 000005a6: PUSH1 0xa0 000005a8: SHL 000005a9: SUB 000005aa: PUSH32 0x0000000000000000000000004e1c7865e7be78a7748724fa0409e88dc14e67aa 000005cb: AND 000005cc: EQ 000005cd: ISZERO 000005ce: PUSH2 0x0608 000005d1: JUMPI 000005d2: PUSH1 0x40 000005d4: MLOAD 000005d5: PUSH3 0x461bcd 000005d9: PUSH1 0xe5 000005db: SHL 000005dc: DUP2 000005dd: MSTORE 000005de: PUSH1 0x04 000005e0: ADD 000005e1: DUP1 000005e2: DUP1 000005e3: PUSH1 0x20 000005e5: ADD 000005e6: DUP3 000005e7: DUP2 000005e8: SUB 000005e9: DUP3 000005ea: MSTORE 000005eb: PUSH1 0x32 000005ed: DUP2 000005ee: MSTORE 000005ef: PUSH1 0x20 000005f1: ADD 000005f2: DUP1 000005f3: PUSH2 0x064d 000005f6: PUSH1 0x32 000005f8: SWAP2 000005f9: CODECOPY 000005fa: PUSH1 0x40 000005fc: ADD 000005fd: SWAP2 000005fe: POP 000005ff: POP 00000600: PUSH1 0x40 00000602: MLOAD 00000603: DUP1 00000604: SWAP2 00000605: SUB 00000606: SWAP1 00000607: REVERT 00000608: JUMPDEST 00000609: PUSH2 0x0217 0000060c: PUSH2 0x0217 0000060f: JUMP 00000610: JUMPDEST 00000611: PUSH1 0x00 00000613: DUP2 00000614: EXTCODEHASH 00000615: PUSH32 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 00000636: DUP2 00000637: DUP2 00000638: EQ 00000639: DUP1 0000063a: ISZERO 0000063b: SWAP1 0000063c: PUSH2 0x0644 0000063f: JUMPI 00000640: POP 00000641: DUP2 00000642: ISZERO 00000643: ISZERO 00000644: JUMPDEST 00000645: SWAP5 00000646: SWAP4 00000647: POP 00000648: POP 00000649: POP 0000064a: POP 0000064b: JUMP 0000064c: INVALID 0000064d: NUMBER 0000064e: PUSH2 0x6e6e 00000651: PUSH16 0x742063616c6c2066616c6c6261636b20 00000662: PUSH7 0x756e6374696f6e 0000066a: KECCAK256 0000066b: PUSH7 0x726f6d20746865 00000673: KECCAK256 00000674: PUSH17 0x726f78792061646d696e43616e6e6f7420 00000686: PUSH20 0x657420612070726f787920696d706c656d656e74 0000069b: PUSH2 0x7469 0000069e: PUSH16 0x6e20746f2061206e6f6e2d636f6e7472 000006af: PUSH2 0x6374 000006b2: KECCAK256 000006b3: PUSH2 0x6464 000006b6: PUSH19 0x657373a264697066735822122052dc9144f733 000006ca: UNKNOWN(0xB7) 000006cb: LOG2 000006cc: ADD 000006cd: UNKNOWN(0xB4) 000006ce: SWAP10 000006cf: UNKNOWN(0x4C) 000006d0: UNKNOWN(0xB5) 000006d1: GASLIMIT 000006d2: AND 000006d3: PUSH22 0xcd7e0004dfbb59a84317cdd43bfe153364736f6c6343 000006ea: STOP 000006eb: MOD 000006ec: UNKNOWN(0x0C) 000006ed: STOP 000006ee: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0xada4ea4b079cd6fa4da3989193c79659bdcf3d1623ab0f25de9db04d1cd321e7
call_targets:
0x6faee7aac498326660ac2b7207b9f67666073111
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 2,
"trace_id": "0xada4ea4b079cd6fa4da3989193c79659bdcf3d1623ab0f25de9db04d1cd321e7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x6faee7aac498326660ac2b7207b9f67666073111"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd1f57894",
"selector": "0xd1f57894",
"calldata_variants": [
"0xd1f57894",
"0xd1f578940000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 715,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1031,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1250,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 3,
"untrusted_delegatecall_count": 3
}
|
| high | upgradeability | slither | InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a... | 85 | no | — |
viewevidence_json{
"impact": "High",
"detector": "controlled-delegatecall",
"elements": [
{
"name": "initialize",
"type": "function",
"source_mapping": {
"lines": [
20,
21,
22,
23,
24,
25,
26,
27,
28
],
"start": 859,
"length": 365,
"ending_column": 4,
"is_dependency": false,
"filename_short": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"starting_column": 3,
"filename_absolute": "/tmp/slither-ib6zmm8a/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"filename_relative": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
},
"type_specific_fields": {
"parent": {
"name": "InitializableUpgradeabilityProxy",
"type": "contract",
"source_mapping": {
"lines": [
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29
],
"start": 264,
"length": 962,
"ending_column": 2,
"is_dependency": false,
"filename_short": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"starting_column": 1,
"filename_absolute": "/tmp/slither-ib6zmm8a/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"filename_relative": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
}
},
"signature": "initialize(address,bytes)"
}
},
{
"name": "(success,None) = _logic.delegatecall(_data)",
"type": "node",
"source_mapping": {
"lines": [
25
],
"start": 1144,
"length": 45,
"ending_column": 52,
"is_dependency": false,
"filename_short": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"starting_column": 7,
"filename_absolute": "/tmp/slither-ib6zmm8a/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"filename_relative": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
},
"type_specific_fields": {
"parent": {
"name": "initialize",
"type": "function",
"source_mapping": {
"lines": [
20,
21,
22,
23,
24,
25,
26,
27,
28
],
"start": 859,
"length": 365,
"ending_column": 4,
"is_dependency": false,
"filename_short": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"starting_column": 3,
"filename_absolute": "/tmp/slither-ib6zmm8a/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"filename_relative": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
},
"type_specific_fields": {
"parent": {
"name": "InitializableUpgradeabilityProxy",
"type": "contract",
"source_mapping": {
"lines": [
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29
],
"start": 264,
"length": 962,
"ending_column": 2,
"is_dependency": false,
"filename_short": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"starting_column": 1,
"filename_absolute": "/tmp/slither-ib6zmm8a/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"filename_relative": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol"
}
},
"signature": "initialize(address,bytes)"
}
}
}
}
],
"locations": [
{
"file": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"name": "initialize",
"type": "function",
"lines": [
20,
21,
22,
23,
24,
25,
26,
27,
28
]
},
{
"file": "contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol",
"name": "(success,None) = _logic.delegatecall(_data)",
"type": "node",
"lines": [
25
]
}
],
"description": "InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id\n\t- (success,None) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)"
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 3
}
|