019bb2d5-fd8c-7200-a181-98b9f722917b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 39636 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 39637 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 39638 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 39639 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 39640 | capability.graph | complete | 1 / 3 | 3 months ago |
| 39641 | detector.run | complete | 1 / 3 | 3 months ago |
| 39642 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39743 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39744 | tool.slither | failed | 2 / 2 | 3 months ago |
{
"status": "not_proxy"
}
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 1084, in run
stdout_text, stderr_text, result_json = _run_slither(
~~~~~~~~~~~~^
workspace,
^^^^^^^^^^
...<4 lines>...
target_path=target_path,
^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 958, in _run_slither
raise RuntimeError(f"slither failed (exit {result.returncode}): {stderr_text or stdout_text}")
RuntimeError: slither failed (exit 1): 'forge clean' running (wd: /tmp/slither-8eddx6cc)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-8eddx6cc)
Traceback (most recent call last):
File "/var/www/tripwire/.venv/bin/slither", line 10, in <module>
sys.exit(main())
~~~~^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 776, in main
main_impl(all_detector_classes=detectors, all_printer_classes=printers)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 882, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 96, in process_all
compilations = compile_all(target, **vars(args))
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all
compilations.append(CryticCompile(target, **kwargs))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__
self._compile(**kwargs)
~~~~~~~~~~~~~^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile
self._platform.compile(self, **kwargs)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/foundry.py", line 102, in compile
hardhat_like_parsing(
~~~~~~~~~~~~~~~~~~~~^
crytic_compile, str(self._target), build_directory, str(self._project_root)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/hardhat.py", line 52, in hardhat_like_parsing
raise InvalidCompilation(txt)
crytic_compile.platform.exceptions.InvalidCompilation: Compilation failed. Can you run build command?
/tmp/slither-8eddx6cc/out/build-info is not a directory.
{"no_findings":false,"summary":"Found a system-wide exit processing DoS vector via the externally controllable mutex in ExitGameController.","findings":[{"severity":"medium","category":"access_control","title":"Registered exit game can permanently lock exit processing via global mutex","exploit_scenario":"A malicious or compromised non-quarantined exit game calls activateNonReentrant() once and never calls deactivateNonReentrant(). This leaves mutex=true, causing processExits() (guarded by nonReentrant) to revert for all tokens/vaults, halting exit processing and trapping funds in the framework until the attacker unlocks.","recommendation":"Restrict or redesign the external mutex controls: remove activate/deactivate, make them internal to the framework, or add a maintainer/emergency unlock. If the external lock is required, add a time‑limited lock or an auto‑unlock mechanism so a single exit game cannot block all exit processing indefinitely.","evidence":"activateNonReentrant/deactivateNonReentrant are externally callable by any non‑quarantined exit game and directly set the global mutex used by nonReentrant.","locations":["Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:50","Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:63","Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:72"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-rfy3c6pb
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bb302-8f06-7b22-8a80-d78356885019
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading bundle contents**
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-rfy3c6pb succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/BlockController.sol
================================================================================
pragma solidity 0.5.11;
import "./models/BlockModel.sol";
import "./registries/VaultRegistry.sol";
import "../utils/OnlyFromAddress.sol";
/**
* @notice Controls the logic and functions for block submissions in PlasmaFramework
* @dev There are two types of blocks: child block and deposit block
* Each child block has an interval of 'childBlockInterval'
* The interval is preserved for deposits. Each deposit results in one deposit block.
* For instance, a child block would be in block 1000 and the next deposit would result in block 1001.
*
* Only the authority address can perform a block submission.
thinking
**Planning complete bundle reading**
I need to read the entire AUDIT_BUNDLE file since the previous output was truncated, likely by the tool rather than the file itself. To do this reliably, I'll split the file reading into smaller chunks using sed to ensure I capture every line and don't miss any important code for the vulnerability review.
exec
/bin/bash -lc 'wc -l AUDIT_BUNDLE.txt' in /tmp/codex-rfy3c6pb succeeded in 6ms:
1380 AUDIT_BUNDLE.txt
thinking
**Planning segmented file reading**
exec
/bin/bash -lc "sed -n '1,200p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 8ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/BlockController.sol
================================================================================
pragma solidity 0.5.11;
import "./models/BlockModel.sol";
import "./registries/VaultRegistry.sol";
import "../utils/OnlyFromAddress.sol";
/**
* @notice Controls the logic and functions for block submissions in PlasmaFramework
* @dev There are two types of blocks: child block and deposit block
* Each child block has an interval of 'childBlockInterval'
* The interval is preserved for deposits. Each deposit results in one deposit block.
* For instance, a child block would be in block 1000 and the next deposit would result in block 1001.
*
* Only the authority address can perform a block submission.
thinking
**Waiting for more information**
exec
/bin/bash -lc "sed -n '200,400p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 6ms:
/**
* @notice Checks if the queue for a specified token was created
* @param vaultId ID of the vault that handles the token
* @param token Address of the token
* @return bool Defines whether the queue for a token was created
*/
function hasExitQueue(uint256 vaultId, address token) public view returns (bool) {
bytes32 key = exitQueueKey(vaultId, token);
return hasExitQueue(key);
}
/**
* @notice Adds queue to the Plasma framework
* @dev The queue is created as a new contract instance
* @param vaultId ID of the vault
* @param token Address of the token
*/
function addExitQueue(uint256 vaultId, address token) external {
require(vaultId != 0, "Vault ID must not be 0");
thinking
**Continuing exploration**
exec
/bin/bash -lc "sed -n '400,600p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 5ms:
* MoreVP: https://github.com/omisego/elixir-omg/blob/master/docs/morevp.md#timeline
* Special period for deposit: https://git.io/JecCV
*/
uint256 public minExitPeriod;
address private maintainer;
string public version;
constructor(
uint256 _minExitPeriod,
uint256 _initialImmuneVaults,
uint256 _initialImmuneExitGames,
address _authority,
address _maintainer
)
public
BlockController(CHILD_BLOCK_INTERVAL, _minExitPeriod, _initialImmuneVaults, _authority)
ExitGameController(_minExitPeriod, _initialImmuneExitGames)
{
minExitPeriod = _minExitPeriod;
maintainer = _maintainer;
thinking
**Continuing exploration**
exec
/bin/bash -lc "sed -n '600,800p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 6ms:
return _exitGames[_txType];
}
/**
* @notice Public getter for retrieving tx type with exit game address
*/
function exitGameToTxType(address _exitGame) public view returns (uint256) {
return _exitGameToTxType[_exitGame];
}
}
================================================================================
FILE: Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/registries/VaultRegistry.sol
================================================================================
pragma solidity 0.5.11;
import "openzeppelin-solidity/contracts/utils/Address.sol";
import "../utils/Quarantine.sol";
import "../../utils/OnlyFromAddress.sol";
thinking
**Continuing the process**
exec
/bin/bash -lc "sed -n '800,1000p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 8ms:
require(queue.currentSize > 0, "Queue is empty");
uint256 retVal = queue.heapList[1];
queue.heapList[1] = queue.heapList[queue.currentSize];
delete queue.heapList[queue.currentSize];
queue.currentSize = queue.currentSize.sub(1);
percDown(queue, 1);
queue.heapList.length = queue.heapList.length.sub(1);
return retVal;
}
/**
* @notice Returns the smallest element from the queue
* @dev Fails when queue is empty
* @return The smallest element in the priority queue
*/
function getMin() external view returns (uint256) {
require(queue.currentSize > 0, "Queue is empty");
return queue.heapList[1];
}
thinking
**Continuing task**
exec
/bin/bash -lc "sed -n '1000,1200p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 7ms:
/**
* @notice Utility library to safely transfer ETH
* @dev transfer is no longer the recommended way to do ETH transfer.
* see issue: https://github.com/omisego/plasma-contracts/issues/312
*
* This library limits the amount of gas used for external calls with value to protect against potential DOS/griefing attacks that try to use up all the gas.
* see issue: https://github.com/omisego/plasma-contracts/issues/385
*/
library SafeEthTransfer {
/**
* @notice Try to transfer eth without using more gas than `gasStipend`.
* Reverts if it fails to transfer the ETH.
* @param receiver the address to receive ETH
* @param amount the amount of ETH (in wei) to transfer
* @param gasStipend the maximum amount of gas to be used for the call
*/
function transferRevertOnError(address payable receiver, uint256 amount, uint256 gasStipend)
internal
{
bool success = transferReturnResult(receiver, amount, gasStipend);
thinking
**Proceeding with next steps**
exec
/bin/bash -lc "sed -n '1200,1380p' AUDIT_BUNDLE.txt" in /tmp/codex-rfy3c6pb succeeded in 16ms:
return depositVerifiers[1];
}
}
/**
* @notice Generate and submit a deposit block root to the PlasmaFramework
* @dev Designed to be called by the contract that inherits Vault
*/
function submitDepositBlock(bytes memory depositTx) internal returns (uint256) {
bytes32 root = getDepositBlockRoot(depositTx);
uint256 depositBlkNum = framework.submitDepositBlock(root);
return depositBlkNum;
}
function getDepositBlockRoot(bytes memory depositTx) private view returns (bytes32) {
bytes32 root = keccak256(abi.encodePacked(LEAF_SALT, depositTx));
for (uint i = 0; i < 16; i++) {
root = keccak256(abi.encodePacked(NODE_SALT, root, zeroHashes[i]));
}
thinking
**Analyzing first-party contracts for vulnerabilities**
thinking
**Examining queue processor and reentrancy risks**
I'm noticing that the processor address called during processExits can be arbitrarily set by registered exit games, allowing external calls with the framework’s gas. This design trusts exit games heavily, but it also means a compromised exit game could cause denial-of-service or unintended calls. Also, the global mutex controlled by exit games via activateNonReentrant can be locked permanently, halting all processExits calls—a significant access control risk worth highlighting. I'll keep track of these issues and consider how they relate to trust assumptions in this system.
exec
/bin/bash -lc "nl -ba Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol | sed -n '30,120p'" in /tmp/codex-rfy3c6pb succeeded in 34ms:
30 event ProcessedExitsNum(
31 uint256 processedNum,
32 uint256 vaultId,
33 address token
34 );
35
36 event ExitQueued(
37 uint160 indexed exitId,
38 uint256 priority
39 );
40
41 constructor(uint256 _minExitPeriod, uint256 _initialImmuneExitGames)
42 public
43 ExitGameRegistry(_minExitPeriod, _initialImmuneExitGames)
44 {
45 }
46
47 /**
48 * @dev Prevents reentrant calls by using a mutex.
49 */
thinking
**Summarizing DoS vulnerability in ExitGameController**
I'm identifying a significant denial-of-service risk where any registered exit game can lock the global exit processing by activating a non-reentrant mutex and never releasing it. This causes processExits to always revert, freezing funds. I'm gathering evidence from specific source lines and proposing recommendations like restricting external control or adding timed/unlock mechanisms to mitigate this risk. I'll format the findings in JSON as requested.
codex
{"no_findings":false,"summary":"Found a system-wide exit processing DoS vector via the externally controllable mutex in ExitGameController.","findings":[{"severity":"medium","category":"access_control","title":"Registered exit game can permanently lock exit processing via global mutex","exploit_scenario":"A malicious or compromised non-quarantined exit game calls activateNonReentrant() once and never calls deactivateNonReentrant(). This leaves mutex=true, causing processExits() (guarded by nonReentrant) to revert for all tokens/vaults, halting exit processing and trapping funds in the framework until the attacker unlocks.","recommendation":"Restrict or redesign the external mutex controls: remove activate/deactivate, make them internal to the framework, or add a maintainer/emergency unlock. If the external lock is required, add a time‑limited lock or an auto‑unlock mechanism so a single exit game cannot block all exit processing indefinitely.","evidence":"activateNonReentrant/deactivateNonReentrant are externally callable by any non‑quarantined exit game and directly set the global mutex used by nonReentrant.","locations":["Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:50","Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:63","Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:72"]}]}
tokens used
60,834
{
"codex": {
"ran_at": "2026-01-12T16:24:34.721155+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 19,
"import_count": 20,
"first_party_contracts_count": 19
},
"summary": "Found a system-wide exit processing DoS vector via the externally controllable mutex in ExitGameController.",
"raw_final": {
"summary": "Found a system-wide exit processing DoS vector via the externally controllable mutex in ExitGameController.",
"findings": [
{
"title": "Registered exit game can permanently lock exit processing via global mutex",
"category": "access_control",
"evidence": "activateNonReentrant/deactivateNonReentrant are externally callable by any non\u2011quarantined exit game and directly set the global mutex used by nonReentrant.",
"severity": "medium",
"locations": [
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:50",
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:63",
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:72"
],
"recommendation": "Restrict or redesign the external mutex controls: remove activate/deactivate, make them internal to the framework, or add a maintainer/emergency unlock. If the external lock is required, add a time\u2011limited lock or an auto\u2011unlock mechanism so a single exit game cannot block all exit processing indefinitely.",
"exploit_scenario": "A malicious or compromised non-quarantined exit game calls activateNonReentrant() once and never calls deactivateNonReentrant(). This leaves mutex=true, causing processExits() (guarded by nonReentrant) to revert for all tokens/vaults, halting exit processing and trapping funds in the framework until the attacker unlocks."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0070 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x98b1e06a 00000019: GT 0000001a: PUSH2 0x004e 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x98b1e06a 00000024: EQ 00000025: PUSH2 0x0105 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xa7e5994f 0000002f: EQ 00000030: PUSH2 0x0175 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xccbd2176 0000003a: EQ 0000003b: PUSH2 0x019c 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf3fef3a3 00000045: EQ 00000046: PUSH2 0x01b1 00000049: JUMPI 0000004a: PUSH2 0x0070 0000004d: JUMP 0000004e: JUMPDEST 0000004f: DUP1 00000050: PUSH4 0x02e9b07b 00000055: EQ 00000056: PUSH2 0x0075 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x2c6ce78b 00000060: EQ 00000061: PUSH2 0x00bb 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0x52518b7f 0000006b: EQ 0000006c: PUSH2 0x00f0 0000006f: JUMPI 00000070: JUMPDEST 00000071: PUSH1 0x00 00000073: DUP1 00000074: REVERT 00000075: JUMPDEST 00000076: CALLVALUE 00000077: DUP1 00000078: ISZERO 00000079: PUSH2 0x0081 0000007c: JUMPI 0000007d: PUSH1 0x00 0000007f: DUP1 00000080: REVERT 00000081: JUMPDEST 00000082: POP 00000083: PUSH2 0x009f 00000086: PUSH1 0x04 00000088: DUP1 00000089: CALLDATASIZE 0000008a: SUB 0000008b: PUSH1 0x20 0000008d: DUP2 0000008e: LT 0000008f: ISZERO 00000090: PUSH2 0x0098 00000093: JUMPI 00000094: PUSH1 0x00 00000096: DUP1 00000097: REVERT 00000098: JUMPDEST 00000099: POP 0000009a: CALLDATALOAD 0000009b: PUSH2 0x01ea 0000009e: JUMP 0000009f: JUMPDEST 000000a0: PUSH1 0x40 000000a2: DUP1 000000a3: MLOAD 000000a4: PUSH1 0x01 000000a6: PUSH1 0x01 000000a8: PUSH1 0xa0 000000aa: SHL 000000ab: SUB 000000ac: SWAP1 000000ad: SWAP3 000000ae: AND 000000af: DUP3 000000b0: MSTORE 000000b1: MLOAD 000000b2: SWAP1 000000b3: DUP2 000000b4: SWAP1 000000b5: SUB 000000b6: PUSH1 0x20 000000b8: ADD 000000b9: SWAP1 000000ba: RETURN 000000bb: JUMPDEST 000000bc: CALLVALUE 000000bd: DUP1 000000be: ISZERO 000000bf: PUSH2 0x00c7 000000c2: JUMPI 000000c3: PUSH1 0x00 000000c5: DUP1 000000c6: REVERT 000000c7: JUMPDEST 000000c8: POP 000000c9: PUSH2 0x00ee 000000cc: PUSH1 0x04 000000ce: DUP1 000000cf: CALLDATASIZE 000000d0: SUB 000000d1: PUSH1 0x20 000000d3: DUP2 000000d4: LT 000000d5: ISZERO 000000d6: PUSH2 0x00de 000000d9: JUMPI 000000da: PUSH1 0x00 000000dc: DUP1 000000dd: REVERT 000000de: JUMPDEST 000000df: POP 000000e0: CALLDATALOAD 000000e1: PUSH1 0x01 000000e3: PUSH1 0x01 000000e5: PUSH1 0xa0 000000e7: SHL 000000e8: SUB 000000e9: AND 000000ea: PUSH2 0x0207 000000ed: JUMP 000000ee: JUMPDEST 000000ef: STOP 000000f0: JUMPDEST 000000f1: CALLVALUE 000000f2: DUP1 000000f3: ISZERO 000000f4: PUSH2 0x00fc 000000f7: JUMPI 000000f8: PUSH1 0x00 000000fa: DUP1 000000fb: REVERT 000000fc: JUMPDEST 000000fd: POP 000000fe: PUSH2 0x009f 00000101: PUSH2 0x0439 00000104: JUMP 00000105: JUMPDEST 00000106: PUSH2 0x00ee 00000109: PUSH1 0x04 0000010b: DUP1 0000010c: CALLDATASIZE 0000010d: SUB 0000010e: PUSH1 0x20 00000110: DUP2 00000111: LT 00000112: ISZERO 00000113: PUSH2 0x011b 00000116: JUMPI 00000117: PUSH1 0x00 00000119: DUP1 0000011a: REVERT 0000011b: JUMPDEST 0000011c: DUP2 0000011d: ADD 0000011e: SWAP1 0000011f: PUSH1 0x20 00000121: DUP2 00000122: ADD 00000123: DUP2 00000124: CALLDATALOAD 00000125: PUSH5 0x0100000000 0000012b: DUP2 0000012c: GT 0000012d: ISZERO 0000012e: PUSH2 0x0136 00000131: JUMPI 00000132: PUSH1 0x00 00000134: DUP1 00000135: REVERT 00000136: JUMPDEST 00000137: DUP3 00000138: ADD 00000139: DUP4 0000013a: PUSH1 0x20 0000013c: DUP3 0000013d: ADD 0000013e: GT 0000013f: ISZERO 00000140: PUSH2 0x0148 00000143: JUMPI 00000144: PUSH1 0x00 00000146: DUP1 00000147: REVERT 00000148: JUMPDEST 00000149: DUP1 0000014a: CALLDATALOAD 0000014b: SWAP1 0000014c: PUSH1 0x20 0000014e: ADD 0000014f: SWAP2 00000150: DUP5 00000151: PUSH1 0x01 00000153: DUP4 00000154: MUL 00000155: DUP5 00000156: ADD 00000157: GT 00000158: PUSH5 0x0100000000 0000015e: DUP4 0000015f: GT 00000160: OR 00000161: ISZERO 00000162: PUSH2 0x016a 00000165: JUMPI 00000166: PUSH1 0x00 00000168: DUP1 00000169: REVERT 0000016a: JUMPDEST 0000016b: POP 0000016c: SWAP1 0000016d: SWAP3 0000016e: POP 0000016f: SWAP1 00000170: POP 00000171: PUSH2 0x0468 00000174: JUMP 00000175: JUMPDEST 00000176: CALLVALUE 00000177: DUP1 00000178: ISZERO 00000179: PUSH2 0x0181 0000017c: JUMPI 0000017d: PUSH1 0x00 0000017f: DUP1 00000180: REVERT 00000181: JUMPDEST 00000182: POP 00000183: PUSH2 0x018a 00000186: PUSH2 0x05e7 00000189: JUMP 0000018a: JUMPDEST 0000018b: PUSH1 0x40 0000018d: DUP1 0000018e: MLOAD 0000018f: SWAP2 00000190: DUP3 00000191: MSTORE 00000192: MLOAD 00000193: SWAP1 00000194: DUP2 00000195: SWAP1 00000196: SUB 00000197: PUSH1 0x20 00000199: ADD 0000019a: SWAP1 0000019b: RETURN 0000019c: JUMPDEST 0000019d: CALLVALUE 0000019e: DUP1 0000019f: ISZERO 000001a0: PUSH2 0x01a8 000001a3: JUMPI 000001a4: PUSH1 0x00 000001a6: DUP1 000001a7: REVERT 000001a8: JUMPDEST 000001a9: POP 000001aa: PUSH2 0x018a 000001ad: PUSH2 0x05ed 000001b0: JUMP 000001b1: JUMPDEST 000001b2: CALLVALUE 000001b3: DUP1 000001b4: ISZERO 000001b5: PUSH2 0x01bd 000001b8: JUMPI 000001b9: PUSH1 0x00 000001bb: DUP1 000001bc: REVERT 000001bd: JUMPDEST 000001be: POP 000001bf: PUSH2 0x00ee 000001c2: PUSH1 0x04 000001c4: DUP1 000001c5: CALLDATASIZE 000001c6: SUB 000001c7: PUSH1 0x40 000001c9: DUP2 000001ca: LT 000001cb: ISZERO 000001cc: PUSH2 0x01d4 000001cf: JUMPI 000001d0: PUSH1 0x00 000001d2: DUP1 000001d3: REVERT 000001d4: JUMPDEST 000001d5: POP 000001d6: PUSH1 0x01 000001d8: PUSH1 0x01 000001da: PUSH1 0xa0 000001dc: SHL 000001dd: SUB 000001de: DUP2 000001df: CALLDATALOAD 000001e0: AND 000001e1: SWAP1 000001e2: PUSH1 0x20 000001e4: ADD 000001e5: CALLDATALOAD 000001e6: PUSH2 0x05f3 000001e9: JUMP 000001ea: JUMPDEST 000001eb: PUSH1 0x11 000001ed: DUP2 000001ee: PUSH1 0x02 000001f0: DUP2 000001f1: LT 000001f2: PUSH2 0x01f7 000001f5: JUMPI 000001f6: INVALID 000001f7: JUMPDEST 000001f8: ADD 000001f9: SLOAD 000001fa: PUSH1 0x01 000001fc: PUSH1 0x01 000001fe: PUSH1 0xa0 00000200: SHL 00000201: SUB 00000202: AND 00000203: SWAP1 00000204: POP 00000205: DUP2 00000206: JUMP 00000207: JUMPDEST 00000208: PUSH1 0x00 0000020a: DUP1 0000020b: SWAP1 0000020c: SLOAD 0000020d: SWAP1 0000020e: PUSH2 0x0100 00000211: EXP 00000212: SWAP1 00000213: DIV 00000214: PUSH1 0x01 00000216: PUSH1 0x01 00000218: PUSH1 0xa0 0000021a: SHL 0000021b: SUB 0000021c: AND 0000021d: PUSH1 0x01 0000021f: PUSH1 0x01 00000221: PUSH1 0xa0 00000223: SHL 00000224: SUB 00000225: AND 00000226: PUSH4 0x4b0a72bc 0000022b: PUSH1 0x40 0000022d: MLOAD 0000022e: DUP2 0000022f: PUSH4 0xffffffff 00000234: AND 00000235: PUSH1 0xe0 00000237: SHL 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x04 0000023c: ADD 0000023d: PUSH1 0x20 0000023f: PUSH1 0x40 00000241: MLOAD 00000242: DUP1 00000243: DUP4 00000244: SUB 00000245: DUP2 00000246: DUP7 00000247: DUP1 00000248: EXTCODESIZE 00000249: ISZERO 0000024a: DUP1 0000024b: ISZERO 0000024c: PUSH2 0x0254 0000024f: JUMPI 00000250: PUSH1 0x00 00000252: DUP1 00000253: REVERT 00000254: JUMPDEST 00000255: POP 00000256: GAS 00000257: STATICCALL 00000258: ISZERO 00000259: DUP1 0000025a: ISZERO 0000025b: PUSH2 0x0268 0000025e: JUMPI 0000025f: RETURNDATASIZE 00000260: PUSH1 0x00 00000262: DUP1 00000263: RETURNDATACOPY 00000264: RETURNDATASIZE 00000265: PUSH1 0x00 00000267: REVERT 00000268: JUMPDEST 00000269: POP 0000026a: POP 0000026b: POP 0000026c: POP 0000026d: PUSH1 0x40 0000026f: MLOAD 00000270: RETURNDATASIZE 00000271: PUSH1 0x20 00000273: DUP2 00000274: LT 00000275: ISZERO 00000276: PUSH2 0x027e 00000279: JUMPI 0000027a: PUSH1 0x00 0000027c: DUP1 0000027d: REVERT 0000027e: JUMPDEST 0000027f: POP 00000280: MLOAD 00000281: CALLER 00000282: PUSH1 0x01 00000284: PUSH1 0x01 00000286: PUSH1 0xa0 00000288: SHL 00000289: SUB 0000028a: DUP3 0000028b: AND 0000028c: EQ 0000028d: PUSH2 0x02dd 00000290: JUMPI 00000291: PUSH1 0x40 00000293: DUP1 00000294: MLOAD 00000295: PUSH3 0x461bcd 00000299: PUSH1 0xe5 0000029b: SHL 0000029c: DUP2 0000029d: MSTORE 0000029e: PUSH1 0x20 000002a0: PUSH1 0x04 000002a2: DUP3 000002a3: ADD 000002a4: MSTORE 000002a5: PUSH1 0x1e 000002a7: PUSH1 0x24 000002a9: DUP3 000002aa: ADD 000002ab: MSTORE 000002ac: PUSH32 0x43616c6c6572206164647265737320697320756e617574686f72697a65640000 000002cd: PUSH1 0x44 000002cf: DUP3 000002d0: ADD 000002d1: MSTORE 000002d2: SWAP1 000002d3: MLOAD 000002d4: SWAP1 000002d5: DUP2 000002d6: SWAP1 000002d7: SUB 000002d8: PUSH1 0x64 000002da: ADD 000002db: SWAP1 000002dc: REVERT 000002dd: JUMPDEST 000002de: PUSH1 0x01 000002e0: PUSH1 0x01 000002e2: PUSH1 0xa0 000002e4: SHL 000002e5: SUB 000002e6: DUP3 000002e7: AND 000002e8: PUSH2 0x0322 000002eb: JUMPI 000002ec: PUSH1 0x40 000002ee: MLOAD 000002ef: PUSH3 0x461bcd 000002f3: PUSH1 0xe5 000002f5: SHL 000002f6: DUP2 000002f7: MSTORE 000002f8: PUSH1 0x04 000002fa: ADD 000002fb: DUP1 000002fc: DUP1 000002fd: PUSH1 0x20 000002ff: ADD 00000300: DUP3 00000301: DUP2 00000302: SUB 00000303: DUP3 00000304: MSTORE 00000305: PUSH1 0x2f 00000307: DUP2 00000308: MSTORE 00000309: PUSH1 0x20 0000030b: ADD 0000030c: DUP1 0000030d: PUSH2 0x0930 00000310: PUSH1 0x2f 00000312: SWAP2 00000313: CODECOPY 00000314: PUSH1 0x40 00000316: ADD 00000317: SWAP2 00000318: POP 00000319: POP 0000031a: PUSH1 0x40 0000031c: MLOAD 0000031d: DUP1 0000031e: SWAP2 0000031f: SUB 00000320: SWAP1 00000321: REVERT 00000322: JUMPDEST 00000323: PUSH1 0x11 00000325: SLOAD 00000326: PUSH1 0x01 00000328: PUSH1 0x01 0000032a: PUSH1 0xa0 0000032c: SHL 0000032d: SUB 0000032e: AND 0000032f: ISZERO 00000330: PUSH2 0x03dd 00000333: JUMPI 00000334: PUSH2 0x033b 00000337: PUSH2 0x0439 0000033a: JUMP 0000033b: JUMPDEST 0000033c: PUSH1 0x11 0000033e: DUP1 0000033f: SLOAD 00000340: PUSH1 0x01 00000342: PUSH1 0x01 00000344: PUSH1 0xa0 00000346: SHL 00000347: SUB 00000348: NOT 00000349: SWAP1 0000034a: DUP2 0000034b: AND 0000034c: PUSH1 0x01 0000034e: PUSH1 0x01 00000350: PUSH1 0xa0 00000352: SHL 00000353: SUB 00000354: SWAP4 00000355: DUP5 00000356: AND 00000357: OR 00000358: SWAP1 00000359: SWAP2 0000035a: SSTORE 0000035b: PUSH1 0x12 0000035d: DUP1 0000035e: SLOAD 0000035f: SWAP1 00000360: SWAP2 00000361: AND 00000362: DUP5 00000363: DUP4 00000364: AND 00000365: OR 00000366: SWAP1 00000367: SSTORE 00000368: PUSH1 0x00 0000036a: SLOAD 0000036b: PUSH1 0x40 0000036d: DUP1 0000036e: MLOAD 0000036f: PUSH4 0xd4a2b4ef 00000374: PUSH1 0xe0 00000376: SHL 00000377: DUP2 00000378: MSTORE 00000379: SWAP1 0000037a: MLOAD 0000037b: SWAP2 0000037c: SWAP1 0000037d: SWAP3 0000037e: AND 0000037f: SWAP2 00000380: PUSH4 0xd4a2b4ef 00000385: SWAP2 00000386: PUSH1 0x04 00000388: DUP1 00000389: DUP4 0000038a: ADD 0000038b: SWAP3 0000038c: PUSH1 0x20 0000038e: SWAP3 0000038f: SWAP2 00000390: SWAP1 00000391: DUP3 00000392: SWAP1 00000393: SUB 00000394: ADD 00000395: DUP2 00000396: DUP7 00000397: DUP1 00000398: EXTCODESIZE 00000399: ISZERO 0000039a: DUP1 0000039b: ISZERO 0000039c: PUSH2 0x03a4 0000039f: JUMPI 000003a0: PUSH1 0x00 000003a2: DUP1 000003a3: REVERT 000003a4: JUMPDEST 000003a5: POP 000003a6: GAS 000003a7: STATICCALL 000003a8: ISZERO 000003a9: DUP1 000003aa: ISZERO 000003ab: PUSH2 0x03b8 000003ae: JUMPI 000003af: RETURNDATASIZE 000003b0: PUSH1 0x00 000003b2: DUP1 000003b3: RETURNDATACOPY 000003b4: RETURNDATASIZE 000003b5: PUSH1 0x00 000003b7: REVERT 000003b8: JUMPDEST 000003b9: POP 000003ba: POP 000003bb: POP 000003bc: POP 000003bd: PUSH1 0x40 000003bf: MLOAD 000003c0: RETURNDATASIZE 000003c1: PUSH1 0x20 000003c3: DUP2 000003c4: LT 000003c5: ISZERO 000003c6: PUSH2 0x03ce 000003c9: JUMPI 000003ca: PUSH1 0x00 000003cc: DUP1 000003cd: REVERT 000003ce: JUMPDEST 000003cf: POP 000003d0: MLOAD 000003d1: PUSH1 0x02 000003d3: MUL 000003d4: TIMESTAMP 000003d5: ADD 000003d6: PUSH1 0x13 000003d8: SSTORE 000003d9: PUSH2 0x03f9 000003dc: JUMP 000003dd: JUMPDEST 000003de: PUSH1 0x11 000003e0: DUP1 000003e1: SLOAD 000003e2: PUSH1 0x01 000003e4: PUSH1 0x01 000003e6: PUSH1 0xa0 000003e8: SHL 000003e9: SUB 000003ea: NOT 000003eb: AND 000003ec: PUSH1 0x01 000003ee: PUSH1 0x01 000003f0: PUSH1 0xa0 000003f2: SHL 000003f3: SUB 000003f4: DUP5 000003f5: AND 000003f6: OR 000003f7: SWAP1 000003f8: SSTORE 000003f9: JUMPDEST 000003fa: PUSH1 0x40 000003fc: DUP1 000003fd: MLOAD 000003fe: PUSH1 0x01 00000400: PUSH1 0x01 00000402: PUSH1 0xa0 00000404: SHL 00000405: SUB 00000406: DUP5 00000407: AND 00000408: DUP2 00000409: MSTORE 0000040a: SWAP1 0000040b: MLOAD 0000040c: PUSH32 0x11e5a7570e0de4b31179f8c9cf5e8a1e6cfd23731ec7a5a06e3006d71dd321fd 0000042d: SWAP2 0000042e: DUP2 0000042f: SWAP1 00000430: SUB 00000431: PUSH1 0x20 00000433: ADD 00000434: SWAP1 00000435: LOG1 00000436: POP 00000437: POP 00000438: JUMP 00000439: JUMPDEST 0000043a: PUSH1 0x00 0000043c: PUSH1 0x13 0000043e: SLOAD 0000043f: TIMESTAMP 00000440: LT 00000441: ISZERO 00000442: PUSH2 0x045c 00000445: JUMPI 00000446: PUSH1 0x11 00000448: PUSH1 0x00 0000044a: JUMPDEST 0000044b: ADD 0000044c: SLOAD 0000044d: PUSH1 0x01 0000044f: PUSH1 0x01 00000451: PUSH1 0xa0 00000453: SHL 00000454: SUB 00000455: AND 00000456: SWAP1 00000457: POP 00000458: PUSH2 0x0465 0000045b: JUMP 0000045c: JUMPDEST 0000045d: PUSH1 0x11 0000045f: PUSH1 0x01 00000461: PUSH2 0x044a 00000464: JUMP 00000465: JUMPDEST 00000466: SWAP1 00000467: JUMP 00000468: JUMPDEST 00000469: PUSH1 0x00 0000046b: PUSH2 0x0472 0000046e: PUSH2 0x0439 00000471: JUMP 00000472: JUMPDEST 00000473: SWAP1 00000474: POP 00000475: PUSH1 0x01 00000477: PUSH1 0x01 00000479: PUSH1 0xa0 0000047b: SHL 0000047c: SUB 0000047d: DUP2 0000047e: AND 0000047f: PUSH2 0x04b9 00000482: JUMPI 00000483: PUSH1 0x40 00000485: MLOAD 00000486: PUSH3 0x461bcd 0000048a: PUSH1 0xe5 0000048c: SHL 0000048d: DUP2 0000048e: MSTORE 0000048f: PUSH1 0x04 00000491: ADD 00000492: DUP1 00000493: DUP1 00000494: PUSH1 0x20 00000496: ADD 00000497: DUP3 00000498: DUP2 00000499: SUB 0000049a: DUP3 0000049b: MSTORE 0000049c: PUSH1 0x21 0000049e: DUP2 0000049f: MSTORE 000004a0: PUSH1 0x20 000004a2: ADD 000004a3: DUP1 000004a4: PUSH2 0x095f 000004a7: PUSH1 0x21 000004a9: SWAP2 000004aa: CODECOPY 000004ab: PUSH1 0x40 000004ad: ADD 000004ae: SWAP2 000004af: POP 000004b0: POP 000004b1: PUSH1 0x40 000004b3: MLOAD 000004b4: DUP1 000004b5: SWAP2 000004b6: SUB 000004b7: SWAP1 000004b8: REVERT 000004b9: JUMPDEST 000004ba: DUP1 000004bb: PUSH1 0x01 000004bd: PUSH1 0x01 000004bf: PUSH1 0xa0 000004c1: SHL 000004c2: SUB 000004c3: AND 000004c4: PUSH4 0xaee150c7 000004c9: DUP5 000004ca: DUP5 000004cb: CALLVALUE 000004cc: CALLER 000004cd: PUSH1 0x40 000004cf: MLOAD 000004d0: DUP6 000004d1: PUSH4 0xffffffff 000004d6: AND 000004d7: PUSH1 0xe0 000004d9: SHL 000004da: DUP2 000004db: MSTORE 000004dc: PUSH1 0x04 000004de: ADD 000004df: DUP1 000004e0: DUP1 000004e1: PUSH1 0x20 000004e3: ADD 000004e4: DUP5 000004e5: DUP2 000004e6: MSTORE 000004e7: PUSH1 0x20 000004e9: ADD 000004ea: DUP4 000004eb: PUSH1 0x01 000004ed: PUSH1 0x01 000004ef: PUSH1 0xa0 000004f1: SHL 000004f2: SUB 000004f3: AND 000004f4: PUSH1 0x01 000004f6: PUSH1 0x01 000004f8: PUSH1 0xa0 000004fa: SHL 000004fb: SUB 000004fc: AND 000004fd: DUP2 000004fe: MSTORE 000004ff: PUSH1 0x20 00000501: ADD 00000502: DUP3 00000503: DUP2 00000504: SUB 00000505: DUP3 00000506: MSTORE 00000507: DUP7 00000508: DUP7 00000509: DUP3 0000050a: DUP2 0000050b: DUP2 0000050c: MSTORE 0000050d: PUSH1 0x20 0000050f: ADD 00000510: SWAP3 00000511: POP 00000512: DUP1 00000513: DUP3 00000514: DUP5 00000515: CALLDATACOPY 00000516: PUSH1 0x00 00000518: DUP2 00000519: DUP5 0000051a: ADD 0000051b: MSTORE 0000051c: PUSH1 0x1f 0000051e: NOT 0000051f: PUSH1 0x1f 00000521: DUP3 00000522: ADD 00000523: AND 00000524: SWAP1 00000525: POP 00000526: DUP1 00000527: DUP4 00000528: ADD 00000529: SWAP3 0000052a: POP 0000052b: POP 0000052c: POP 0000052d: SWAP6 0000052e: POP 0000052f: POP 00000530: POP 00000531: POP 00000532: POP 00000533: POP 00000534: PUSH1 0x00 00000536: PUSH1 0x40 00000538: MLOAD 00000539: DUP1 0000053a: DUP4 0000053b: SUB 0000053c: DUP2 0000053d: DUP7 0000053e: DUP1 0000053f: EXTCODESIZE 00000540: ISZERO 00000541: DUP1 00000542: ISZERO 00000543: PUSH2 0x054b 00000546: JUMPI 00000547: PUSH1 0x00 00000549: DUP1 0000054a: REVERT 0000054b: JUMPDEST 0000054c: POP 0000054d: GAS 0000054e: STATICCALL 0000054f: ISZERO 00000550: DUP1 00000551: ISZERO 00000552: PUSH2 0x055f 00000555: JUMPI 00000556: RETURNDATASIZE 00000557: PUSH1 0x00 00000559: DUP1 0000055a: RETURNDATACOPY 0000055b: RETURNDATASIZE 0000055c: PUSH1 0x00 0000055e: REVERT 0000055f: JUMPDEST 00000560: POP 00000561: POP 00000562: POP 00000563: POP 00000564: PUSH1 0x00 00000566: PUSH2 0x05a4 00000569: DUP5 0000056a: DUP5 0000056b: DUP1 0000056c: DUP1 0000056d: PUSH1 0x1f 0000056f: ADD 00000570: PUSH1 0x20 00000572: DUP1 00000573: SWAP2 00000574: DIV 00000575: MUL 00000576: PUSH1 0x20 00000578: ADD 00000579: PUSH1 0x40 0000057b: MLOAD 0000057c: SWAP1 0000057d: DUP2 0000057e: ADD 0000057f: PUSH1 0x40 00000581: MSTORE 00000582: DUP1 00000583: SWAP4 00000584: SWAP3 00000585: SWAP2 00000586: SWAP1 00000587: DUP2 00000588: DUP2 00000589: MSTORE 0000058a: PUSH1 0x20 0000058c: ADD 0000058d: DUP4 0000058e: DUP4 0000058f: DUP1 00000590: DUP3 00000591: DUP5 00000592: CALLDATACOPY 00000593: PUSH1 0x00 00000595: SWAP3 00000596: ADD 00000597: SWAP2 00000598: SWAP1 00000599: SWAP2 0000059a: MSTORE 0000059b: POP 0000059c: PUSH2 0x0745 0000059f: SWAP3 000005a0: POP 000005a1: POP 000005a2: POP 000005a3: JUMP 000005a4: JUMPDEST 000005a5: PUSH1 0x40 000005a7: DUP1 000005a8: MLOAD 000005a9: CALLVALUE 000005aa: DUP2 000005ab: MSTORE 000005ac: SWAP1 000005ad: MLOAD 000005ae: SWAP2 000005af: SWAP3 000005b0: POP 000005b1: PUSH1 0x00 000005b3: SWAP2 000005b4: DUP4 000005b5: SWAP2 000005b6: CALLER 000005b7: SWAP2 000005b8: PUSH32 0x18569122d84f30025bb8dffb33563f1bdbfb9637f21552b11b8305686e9cb307 000005d9: SWAP2 000005da: DUP2 000005db: SWAP1 000005dc: SUB 000005dd: PUSH1 0x20 000005df: ADD 000005e0: SWAP1 000005e1: LOG4 000005e2: POP 000005e3: POP 000005e4: POP 000005e5: POP 000005e6: JUMP 000005e7: JUMPDEST 000005e8: PUSH1 0x13 000005ea: SLOAD 000005eb: DUP2 000005ec: JUMP 000005ed: JUMPDEST 000005ee: PUSH1 0x14 000005f0: SLOAD 000005f1: DUP2 000005f2: JUMP 000005f3: JUMPDEST 000005f4: PUSH1 0x00 000005f6: SLOAD 000005f7: PUSH1 0x40 000005f9: DUP1 000005fa: MLOAD 000005fb: PUSH4 0x2d0816d7 00000600: PUSH1 0xe1 00000602: SHL 00000603: DUP2 00000604: MSTORE 00000605: CALLER 00000606: PUSH1 0x04 00000608: DUP3 00000609: ADD 0000060a: MSTORE 0000060b: SWAP1 0000060c: MLOAD 0000060d: PUSH1 0x01 0000060f: PUSH1 0x01 00000611: PUSH1 0xa0 00000613: SHL 00000614: SUB 00000615: SWAP1 00000616: SWAP3 00000617: AND 00000618: SWAP2 00000619: PUSH4 0x5a102dae 0000061e: SWAP2 0000061f: PUSH1 0x24 00000621: DUP1 00000622: DUP3 00000623: ADD 00000624: SWAP3 00000625: PUSH1 0x20 00000627: SWAP3 00000628: SWAP1 00000629: SWAP2 0000062a: SWAP1 0000062b: DUP3 0000062c: SWAP1 0000062d: SUB 0000062e: ADD 0000062f: DUP2 00000630: DUP7 00000631: DUP1 00000632: EXTCODESIZE 00000633: ISZERO 00000634: DUP1 00000635: ISZERO 00000636: PUSH2 0x063e 00000639: JUMPI 0000063a: PUSH1 0x00 0000063c: DUP1 0000063d: REVERT 0000063e: JUMPDEST 0000063f: POP 00000640: GAS 00000641: STATICCALL 00000642: ISZERO 00000643: DUP1 00000644: ISZERO 00000645: PUSH2 0x0652 00000648: JUMPI 00000649: RETURNDATASIZE 0000064a: PUSH1 0x00 0000064c: DUP1 0000064d: RETURNDATACOPY 0000064e: RETURNDATASIZE 0000064f: PUSH1 0x00 00000651: REVERT 00000652: JUMPDEST 00000653: POP 00000654: POP 00000655: POP 00000656: POP 00000657: PUSH1 0x40 00000659: MLOAD 0000065a: RETURNDATASIZE 0000065b: PUSH1 0x20 0000065d: DUP2 0000065e: LT 0000065f: ISZERO 00000660: PUSH2 0x0668 00000663: JUMPI 00000664: PUSH1 0x00 00000666: DUP1 00000667: REVERT 00000668: JUMPDEST 00000669: POP 0000066a: MLOAD 0000066b: PUSH2 0x06a5 0000066e: JUMPI 0000066f: PUSH1 0x40 00000671: MLOAD 00000672: PUSH3 0x461bcd 00000676: PUSH1 0xe5 00000678: SHL 00000679: DUP2 0000067a: MSTORE 0000067b: PUSH1 0x04 0000067d: ADD 0000067e: DUP1 0000067f: DUP1 00000680: PUSH1 0x20 00000682: ADD 00000683: DUP3 00000684: DUP2 00000685: SUB 00000686: DUP3 00000687: MSTORE 00000688: PUSH1 0x3e 0000068a: DUP2 0000068b: MSTORE 0000068c: PUSH1 0x20 0000068e: ADD 0000068f: DUP1 00000690: PUSH2 0x0980 00000693: PUSH1 0x3e 00000695: SWAP2 00000696: CODECOPY 00000697: PUSH1 0x40 00000699: ADD 0000069a: SWAP2 0000069b: POP 0000069c: POP 0000069d: PUSH1 0x40 0000069f: MLOAD 000006a0: DUP1 000006a1: SWAP2 000006a2: SUB 000006a3: SWAP1 000006a4: REVERT 000006a5: JUMPDEST 000006a6: PUSH1 0x00 000006a8: PUSH2 0x06b4 000006ab: DUP4 000006ac: DUP4 000006ad: PUSH1 0x14 000006af: SLOAD 000006b0: PUSH2 0x07d7 000006b3: JUMP 000006b4: JUMPDEST 000006b5: SWAP1 000006b6: POP 000006b7: DUP1 000006b8: ISZERO 000006b9: PUSH2 0x0700 000006bc: JUMPI 000006bd: PUSH1 0x40 000006bf: DUP1 000006c0: MLOAD 000006c1: DUP4 000006c2: DUP2 000006c3: MSTORE 000006c4: SWAP1 000006c5: MLOAD 000006c6: PUSH1 0x01 000006c8: PUSH1 0x01 000006ca: PUSH1 0xa0 000006cc: SHL 000006cd: SUB 000006ce: DUP6 000006cf: AND 000006d0: SWAP2 000006d1: PUSH32 0x8455ae6be5d92f1df1c3c1484388e247a36c7e60d72055ae216dbc258f257d4b 000006f2: SWAP2 000006f3: SWAP1 000006f4: DUP2 000006f5: SWAP1 000006f6: SUB 000006f7: PUSH1 0x20 000006f9: ADD 000006fa: SWAP1 000006fb: LOG2 000006fc: PUSH2 0x0740 000006ff: JUMP 00000700: JUMPDEST 00000701: PUSH1 0x40 00000703: DUP1 00000704: MLOAD 00000705: DUP4 00000706: DUP2 00000707: MSTORE 00000708: SWAP1 00000709: MLOAD 0000070a: PUSH1 0x01 0000070c: PUSH1 0x01 0000070e: PUSH1 0xa0 00000710: SHL 00000711: SUB 00000712: DUP6 00000713: AND 00000714: SWAP2 00000715: PUSH32 0xa2269912b47133fae1d7f448c9284ea248951ac29b8c7c41d301f8721a38d10d 00000736: SWAP2 00000737: SWAP1 00000738: DUP2 00000739: SWAP1 0000073a: SUB 0000073b: PUSH1 0x20 0000073d: ADD 0000073e: SWAP1 0000073f: LOG2 00000740: JUMPDEST 00000741: POP 00000742: POP 00000743: POP 00000744: JUMP 00000745: JUMPDEST 00000746: PUSH1 0x00 00000748: DUP1 00000749: PUSH2 0x0751 0000074c: DUP4 0000074d: PUSH2 0x0838 00000750: JUMP 00000751: JUMPDEST 00000752: PUSH1 0x00 00000754: DUP1 00000755: SLOAD 00000756: PUSH1 0x40 00000758: DUP1 00000759: MLOAD 0000075a: PUSH4 0x17cb58d3 0000075f: PUSH1 0xe3 00000761: SHL 00000762: DUP2 00000763: MSTORE 00000764: PUSH1 0x04 00000766: DUP2 00000767: ADD 00000768: DUP6 00000769: SWAP1 0000076a: MSTORE 0000076b: SWAP1 0000076c: MLOAD 0000076d: SWAP4 0000076e: SWAP5 0000076f: POP 00000770: SWAP2 00000771: SWAP3 00000772: PUSH1 0x01 00000774: PUSH1 0x01 00000776: PUSH1 0xa0 00000778: SHL 00000779: SUB 0000077a: SWAP1 0000077b: SWAP2 0000077c: AND 0000077d: SWAP2 0000077e: PUSH4 0xbe5ac698 00000783: SWAP2 00000784: PUSH1 0x24 00000786: DUP1 00000787: DUP4 00000788: ADD 00000789: SWAP3 0000078a: PUSH1 0x20 0000078c: SWAP3 0000078d: SWAP2 0000078e: SWAP1 0000078f: DUP3 00000790: SWAP1 00000791: SUB 00000792: ADD 00000793: DUP2 00000794: DUP8 00000795: DUP8 00000796: DUP1 00000797: EXTCODESIZE 00000798: ISZERO 00000799: DUP1 0000079a: ISZERO 0000079b: PUSH2 0x07a3 0000079e: JUMPI 0000079f: PUSH1 0x00 000007a1: DUP1 000007a2: REVERT 000007a3: JUMPDEST 000007a4: POP 000007a5: GAS 000007a6: CALL 000007a7: ISZERO 000007a8: DUP1 000007a9: ISZERO 000007aa: PUSH2 0x07b7 000007ad: JUMPI 000007ae: RETURNDATASIZE 000007af: PUSH1 0x00 000007b1: DUP1 000007b2: RETURNDATACOPY 000007b3: RETURNDATASIZE 000007b4: PUSH1 0x00 000007b6: REVERT 000007b7: JUMPDEST 000007b8: POP 000007b9: POP 000007ba: POP 000007bb: POP 000007bc: PUSH1 0x40 000007be: MLOAD 000007bf: RETURNDATASIZE 000007c0: PUSH1 0x20 000007c2: DUP2 000007c3: LT 000007c4: ISZERO 000007c5: PUSH2 0x07cd 000007c8: JUMPI 000007c9: PUSH1 0x00 000007cb: DUP1 000007cc: REVERT 000007cd: JUMPDEST 000007ce: POP 000007cf: MLOAD 000007d0: SWAP5 000007d1: SWAP4 000007d2: POP 000007d3: POP 000007d4: POP 000007d5: POP 000007d6: JUMP 000007d7: JUMPDEST 000007d8: PUSH1 0x40 000007da: MLOAD 000007db: PUSH1 0x00 000007dd: SWAP1 000007de: DUP2 000007df: SWAP1 000007e0: PUSH1 0x01 000007e2: PUSH1 0x01 000007e4: PUSH1 0xa0 000007e6: SHL 000007e7: SUB 000007e8: DUP7 000007e9: AND 000007ea: SWAP1 000007eb: DUP5 000007ec: SWAP1 000007ed: DUP7 000007ee: SWAP1 000007ef: DUP5 000007f0: DUP2 000007f1: DUP2 000007f2: DUP2 000007f3: DUP6 000007f4: DUP9 000007f5: DUP9 000007f6: CALL 000007f7: SWAP4 000007f8: POP 000007f9: POP 000007fa: POP 000007fb: POP 000007fc: RETURNDATASIZE 000007fd: DUP1 000007fe: PUSH1 0x00 00000800: DUP2 00000801: EQ 00000802: PUSH2 0x0827 00000805: JUMPI 00000806: PUSH1 0x40 00000808: MLOAD 00000809: SWAP2 0000080a: POP 0000080b: PUSH1 0x1f 0000080d: NOT 0000080e: PUSH1 0x3f 00000810: RETURNDATASIZE 00000811: ADD 00000812: AND 00000813: DUP3 00000814: ADD 00000815: PUSH1 0x40 00000817: MSTORE 00000818: RETURNDATASIZE 00000819: DUP3 0000081a: MSTORE 0000081b: RETURNDATASIZE 0000081c: PUSH1 0x00 0000081e: PUSH1 0x20 00000820: DUP5 00000821: ADD 00000822: RETURNDATACOPY 00000823: PUSH2 0x082c 00000826: JUMP 00000827: JUMPDEST 00000828: PUSH1 0x60 0000082a: SWAP2 0000082b: POP 0000082c: JUMPDEST 0000082d: POP 0000082e: SWAP1 0000082f: SWAP7 00000830: SWAP6 00000831: POP 00000832: POP 00000833: POP 00000834: POP 00000835: POP 00000836: POP 00000837: JUMP 00000838: JUMPDEST 00000839: PUSH1 0x40 0000083b: MLOAD 0000083c: PUSH1 0x00 0000083e: PUSH1 0x20 00000840: DUP1 00000841: DUP4 00000842: ADD 00000843: DUP3 00000844: DUP2 00000845: MSTORE 00000846: DUP5 00000847: MLOAD 00000848: SWAP3 00000849: SWAP4 0000084a: DUP5 0000084b: SWAP4 0000084c: DUP5 0000084d: SWAP4 0000084e: DUP8 0000084f: SWAP4 00000850: SWAP3 00000851: PUSH1 0x21 00000853: ADD 00000854: SWAP2 00000855: SWAP1 00000856: DUP5 00000857: ADD 00000858: SWAP1 00000859: DUP1 0000085a: DUP4 0000085b: DUP4 0000085c: JUMPDEST 0000085d: PUSH1 0x20 0000085f: DUP4 00000860: LT 00000861: PUSH2 0x087b 00000864: JUMPI 00000865: DUP1 00000866: MLOAD 00000867: DUP3 00000868: MSTORE 00000869: PUSH1 0x1f 0000086b: NOT 0000086c: SWAP1 0000086d: SWAP3 0000086e: ADD 0000086f: SWAP2 00000870: PUSH1 0x20 00000872: SWAP2 00000873: DUP3 00000874: ADD 00000875: SWAP2 00000876: ADD 00000877: PUSH2 0x085c 0000087a: JUMP 0000087b: JUMPDEST 0000087c: PUSH1 0x01 0000087e: DUP4 0000087f: PUSH1 0x20 00000881: SUB 00000882: PUSH2 0x0100 00000885: EXP 00000886: SUB 00000887: DUP1 00000888: NOT 00000889: DUP3 0000088a: MLOAD 0000088b: AND 0000088c: DUP2 0000088d: DUP5 0000088e: MLOAD 0000088f: AND 00000890: DUP1 00000891: DUP3 00000892: OR 00000893: DUP6 00000894: MSTORE 00000895: POP 00000896: POP 00000897: POP 00000898: POP 00000899: POP 0000089a: POP 0000089b: SWAP1 0000089c: POP 0000089d: ADD 0000089e: SWAP3 0000089f: POP 000008a0: POP 000008a1: POP 000008a2: PUSH1 0x40 000008a4: MLOAD 000008a5: PUSH1 0x20 000008a7: DUP2 000008a8: DUP4 000008a9: SUB 000008aa: SUB 000008ab: DUP2 000008ac: MSTORE 000008ad: SWAP1 000008ae: PUSH1 0x40 000008b0: MSTORE 000008b1: DUP1 000008b2: MLOAD 000008b3: SWAP1 000008b4: PUSH1 0x20 000008b6: ADD 000008b7: KECCAK256 000008b8: SWAP1 000008b9: POP 000008ba: PUSH1 0x00 000008bc: DUP1 000008bd: SWAP1 000008be: POP 000008bf: JUMPDEST 000008c0: PUSH1 0x10 000008c2: DUP2 000008c3: LT 000008c4: ISZERO 000008c5: PUSH2 0x0928 000008c8: JUMPI 000008c9: PUSH1 0x01 000008cb: PUSH1 0xf8 000008cd: SHL 000008ce: DUP3 000008cf: PUSH1 0x01 000008d1: DUP4 000008d2: PUSH1 0x10 000008d4: DUP2 000008d5: LT 000008d6: PUSH2 0x08db 000008d9: JUMPI 000008da: INVALID 000008db: JUMPDEST 000008dc: ADD 000008dd: SLOAD 000008de: PUSH1 0x40 000008e0: DUP1 000008e1: MLOAD 000008e2: PUSH1 0x01 000008e4: PUSH1 0x01 000008e6: PUSH1 0xf8 000008e8: SHL 000008e9: SUB 000008ea: NOT 000008eb: SWAP1 000008ec: SWAP5 000008ed: AND 000008ee: PUSH1 0x20 000008f0: DUP1 000008f1: DUP7 000008f2: ADD 000008f3: SWAP2 000008f4: SWAP1 000008f5: SWAP2 000008f6: MSTORE 000008f7: PUSH1 0x21 000008f9: DUP6 000008fa: ADD 000008fb: SWAP4 000008fc: SWAP1 000008fd: SWAP4 000008fe: MSTORE 000008ff: PUSH1 0x41 00000901: DUP1 00000902: DUP6 00000903: ADD 00000904: SWAP3 00000905: SWAP1 00000906: SWAP3 00000907: MSTORE 00000908: DUP1 00000909: MLOAD 0000090a: DUP1 0000090b: DUP6 0000090c: SUB 0000090d: SWAP1 0000090e: SWAP3 0000090f: ADD 00000910: DUP3 00000911: MSTORE 00000912: PUSH1 0x61 00000914: SWAP1 00000915: SWAP4 00000916: ADD 00000917: SWAP1 00000918: SWAP3 00000919: MSTORE 0000091a: DUP2 0000091b: MLOAD 0000091c: SWAP2 0000091d: ADD 0000091e: KECCAK256 0000091f: SWAP2 00000920: POP 00000921: PUSH1 0x01 00000923: ADD 00000924: PUSH2 0x08bf 00000927: JUMP 00000928: JUMPDEST 00000929: POP 0000092a: SWAP3 0000092b: SWAP2 0000092c: POP 0000092d: POP 0000092e: JUMP 0000092f: INVALID 00000930: NUMBER 00000931: PUSH2 0x6e6e 00000934: PUSH16 0x742073657420616e20656d7074792061 00000945: PUSH5 0x6472657373 0000094b: KECCAK256 0000094c: PUSH2 0x7320 0000094f: PUSH5 0x65706f7369 00000955: PUSH21 0x2076657269666965724465706f7369742076657269 0000096b: PUSH7 0x69657220686173 00000973: KECCAK256 00000974: PUSH15 0x6f74206265656e2073657443616c6c 00000984: PUSH6 0x642066726f6d 0000098b: KECCAK256 0000098c: PUSH2 0x206e 0000098f: PUSH16 0x6e2d72656769737465726564206f7220 000009a0: PUSH18 0x756172616e74696e65642065786974206761 000009b3: PUSH14 0x6520636f6e7472616374a265627a 000009c2: PUSH27 0x7231582035a6c44197ff0576fb294d61c40895b639055846da429c 000009de: UNKNOWN(0xD4) 000009df: UNKNOWN(0xBF) 000009e0: PUSH23
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xa626a25fcfd459ce38a44fd171813bc030df014f80cfa353d7c9d9d0bd1b0b14
call_targets:
0x3eed23ea148d356a72ca695dbce2fceb40a32ce0
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xa626a25fcfd459ce38a44fd171813bc030df014f80cfa353d7c9d9d0bd1b0b14",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x3eed23ea148d356a72ca695dbce2fceb40a32ce0"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x98b1e06a",
"selector": "0x98b1e06a",
"calldata_variants": [
"0x98b1e06a",
"0x98b1e06a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa7e5994f",
"selector": "0xa7e5994f",
"calldata_variants": [
"0xa7e5994f",
"0xa7e5994f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xccbd2176",
"selector": "0xccbd2176",
"calldata_variants": [
"0xccbd2176",
"0xccbd21760000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf3fef3a3",
"selector": "0xf3fef3a3",
"calldata_variants": [
"0xf3fef3a3",
"0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x02e9b07b",
"selector": "0x02e9b07b",
"calldata_variants": [
"0x02e9b07b",
"0x02e9b07b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2c6ce78b",
"selector": "0x2c6ce78b",
"calldata_variants": [
"0x2c6ce78b",
"0x2c6ce78b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x52518b7f",
"selector": "0x52518b7f",
"calldata_variants": [
"0x52518b7f",
"0x52518b7f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1958,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2038,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 2
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xa626a25fcfd459ce38a44fd171813bc030df014f80cfa353d7c9d9d0bd1b0b14
call_targets:
0x3eed23ea148d356a72ca695dbce2fceb40a32ce0
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xa626a25fcfd459ce38a44fd171813bc030df014f80cfa353d7c9d9d0bd1b0b14",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x3eed23ea148d356a72ca695dbce2fceb40a32ce0"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x98b1e06a",
"selector": "0x98b1e06a",
"calldata_variants": [
"0x98b1e06a",
"0x98b1e06a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa7e5994f",
"selector": "0xa7e5994f",
"calldata_variants": [
"0xa7e5994f",
"0xa7e5994f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xccbd2176",
"selector": "0xccbd2176",
"calldata_variants": [
"0xccbd2176",
"0xccbd21760000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf3fef3a3",
"selector": "0xf3fef3a3",
"calldata_variants": [
"0xf3fef3a3",
"0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x02e9b07b",
"selector": "0x02e9b07b",
"calldata_variants": [
"0x02e9b07b",
"0x02e9b07b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2c6ce78b",
"selector": "0x2c6ce78b",
"calldata_variants": [
"0x2c6ce78b",
"0x2c6ce78b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x52518b7f",
"selector": "0x52518b7f",
"calldata_variants": [
"0x52518b7f",
"0x52518b7f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1958,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2038,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|
| medium | access_control | codex | Registered exit game can permanently lock exit processing via global mutex | 75 | no | — |
viewevidence_json{
"evidence": "activateNonReentrant/deactivateNonReentrant are externally callable by any non\u2011quarantined exit game and directly set the global mutex used by nonReentrant.",
"locations": [
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:50",
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:63",
"Users/jake/plasma-contracts/plasma_framework/contracts/src/framework/ExitGameController.sol:72"
],
"recommendation": "Restrict or redesign the external mutex controls: remove activate/deactivate, make them internal to the framework, or add a maintainer/emergency unlock. If the external lock is required, add a time\u2011limited lock or an auto\u2011unlock mechanism so a single exit game cannot block all exit processing indefinitely.",
"exploit_scenario": "A malicious or compromised non-quarantined exit game calls activateNonReentrant() once and never calls deactivateNonReentrant(). This leaves mutex=true, causing processExits() (guarded by nonReentrant) to revert for all tokens/vaults, halting exit processing and trapping funds in the framework until the attacker unlocks."
}
|
| info | other | cast | Heavy EXTCODE*/BALANCE usage | 55 | no | — |
viewevidence_json{
"notes": "frequent external code or balance checks; may indicate introspection or validation logic",
"ext_balance_count": 5
}
|