019bb2d5-fdb2-71db-950c-db096697d792
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 39671 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 39672 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 39673 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 39674 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 39675 | capability.graph | complete | 1 / 3 | 3 months ago |
| 39676 | detector.run | complete | 1 / 3 | 3 months ago |
| 39677 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39750 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39751 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-xz6sl9nu) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-xz6sl9nu) VLBRefundVault.refund(address).investor (contracts/Contract.sol#105) lacks a zero-check on : - investor.transfer(depositedValue) (contracts/Contract.sol#111-112) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation Version constraint ^0.4.15 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ExpExponentCleanup - NestedArrayFunctionCallDecoder - ZeroFunctionSelector. It is used by: - ^0.4.15 (contracts/Contract.sol#1) solc-0.4.15 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Reentrancy in VLBRefundVault.refund(address) (contracts/Contract.sol#105-113): External calls: - investor.transfer(depositedValue) (contracts/Contract.sol#111-112) Event emitted after the call(s): - Refunded(investor,depositedValue) (contracts/Contract.sol#112-113) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4 . analyzed (3 contracts with 100 detectors), 4 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.4.15",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.4.15",
"install_stderr": null,
"install_stdout": "Version '0.4.15' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-xz6sl9nu --allow-paths /tmp/slither-xz6sl9nu,/tmp/slither-xz6sl9nu/lib,/tmp/slither-xz6sl9nu/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 4,
"workspace_hash": "a574a099e474127696d44b1c72f5fc8e8b7f72689291abb25f9f44c9176152a6",
"duration_seconds": 0.4795057773590088,
"solc_version_requested": "0.4.18"
}
{"no_findings":true,"summary":"Reviewed `contracts/Contract.sol` and found no exploitable vulnerabilities for unprivileged attackers; vault behavior relies on the trusted owner model typical for refund vaults.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-36dd2nbv
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bb30b-ef27-7f30-bd67-bde57aecc649
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Reading AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-36dd2nbv succeeded in 6ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-36dd2nbv succeeded in 26ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
pragma solidity ^0.4.15;
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
function mul(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a * b;
if (a != 0 && c / a != b) revert();
return c;
}
thinking
**Summarizing Solidity audit results**
I've carefully analyzed the VLBRefundVault contract and other related code, focusing on exploitable vulnerabilities by unprivileged actors. While I found some design choices highlighting centralization risks—like the owner’s ability to drain funds without closing and potential refund blocking due to gas limits—none qualify as direct exploits from outside attackers. I'll produce a JSON report stating no exploitable issues were found, noting the contract assumes a trusted owner managing the vault.
codex
{"no_findings":true,"summary":"Reviewed `contracts/Contract.sol` and found no exploitable vulnerabilities for unprivileged attackers; vault behavior relies on the trusted owner model typical for refund vaults.","findings":[]}
tokens used
7,869
{
"codex": {
"ran_at": "2026-01-12T16:31:54.776859+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": "Reviewed `contracts/Contract.sol` and found no exploitable vulnerabilities for unprivileged attackers; vault behavior relies on the trusted owner model typical for refund vaults.",
"raw_final": {
"summary": "Reviewed `contracts/Contract.sol` and found no exploitable vulnerabilities for unprivileged attackers; vault behavior relies on the trusted owner model typical for refund vaults.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x00a4 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002e: SWAP1 0000002f: DIV 00000030: PUSH4 0xffffffff 00000035: AND 00000036: DUP1 00000037: PUSH4 0x43d726d6 0000003c: EQ 0000003d: PUSH2 0x00a9 00000040: JUMPI 00000041: DUP1 00000042: PUSH4 0x521eb273 00000047: EQ 00000048: PUSH2 0x00be 0000004b: JUMPI 0000004c: DUP1 0000004d: PUSH4 0x8c52dc41 00000052: EQ 00000053: PUSH2 0x0113 00000056: JUMPI 00000057: DUP1 00000058: PUSH4 0x8da5cb5b 0000005d: EQ 0000005e: PUSH2 0x0128 00000061: JUMPI 00000062: DUP1 00000063: PUSH4 0xc19d93fb 00000068: EQ 00000069: PUSH2 0x017d 0000006c: JUMPI 0000006d: DUP1 0000006e: PUSH4 0xcb13cddb 00000073: EQ 00000074: PUSH2 0x01b4 00000077: JUMPI 00000078: DUP1 00000079: PUSH4 0xd13209f9 0000007e: EQ 0000007f: PUSH2 0x0201 00000082: JUMPI 00000083: DUP1 00000084: PUSH4 0xf2fde38b 00000089: EQ 0000008a: PUSH2 0x0216 0000008d: JUMPI 0000008e: DUP1 0000008f: PUSH4 0xf340fa01 00000094: EQ 00000095: PUSH2 0x024f 00000098: JUMPI 00000099: DUP1 0000009a: PUSH4 0xfa89401a 0000009f: EQ 000000a0: PUSH2 0x027d 000000a3: JUMPI 000000a4: JUMPDEST 000000a5: PUSH1 0x00 000000a7: DUP1 000000a8: REVERT 000000a9: JUMPDEST 000000aa: CALLVALUE 000000ab: ISZERO 000000ac: PUSH2 0x00b4 000000af: JUMPI 000000b0: PUSH1 0x00 000000b2: DUP1 000000b3: REVERT 000000b4: JUMPDEST 000000b5: PUSH2 0x00bc 000000b8: PUSH2 0x02b6 000000bb: JUMP 000000bc: JUMPDEST 000000bd: STOP 000000be: JUMPDEST 000000bf: CALLVALUE 000000c0: ISZERO 000000c1: PUSH2 0x00c9 000000c4: JUMPI 000000c5: PUSH1 0x00 000000c7: DUP1 000000c8: REVERT 000000c9: JUMPDEST 000000ca: PUSH2 0x00d1 000000cd: PUSH2 0x045e 000000d0: JUMP 000000d1: JUMPDEST 000000d2: PUSH1 0x40 000000d4: MLOAD 000000d5: DUP1 000000d6: DUP3 000000d7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000ec: AND 000000ed: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000102: AND 00000103: DUP2 00000104: MSTORE 00000105: PUSH1 0x20 00000107: ADD 00000108: SWAP2 00000109: POP 0000010a: POP 0000010b: PUSH1 0x40 0000010d: MLOAD 0000010e: DUP1 0000010f: SWAP2 00000110: SUB 00000111: SWAP1 00000112: RETURN 00000113: JUMPDEST 00000114: CALLVALUE 00000115: ISZERO 00000116: PUSH2 0x011e 00000119: JUMPI 0000011a: PUSH1 0x00 0000011c: DUP1 0000011d: REVERT 0000011e: JUMPDEST 0000011f: PUSH2 0x0126 00000122: PUSH2 0x0484 00000125: JUMP 00000126: JUMPDEST 00000127: STOP 00000128: JUMPDEST 00000129: CALLVALUE 0000012a: ISZERO 0000012b: PUSH2 0x0133 0000012e: JUMPI 0000012f: PUSH1 0x00 00000131: DUP1 00000132: REVERT 00000133: JUMPDEST 00000134: PUSH2 0x013b 00000137: PUSH2 0x0565 0000013a: JUMP 0000013b: JUMPDEST 0000013c: PUSH1 0x40 0000013e: MLOAD 0000013f: DUP1 00000140: DUP3 00000141: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000156: AND 00000157: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000016c: AND 0000016d: DUP2 0000016e: MSTORE 0000016f: PUSH1 0x20 00000171: ADD 00000172: SWAP2 00000173: POP 00000174: POP 00000175: PUSH1 0x40 00000177: MLOAD 00000178: DUP1 00000179: SWAP2 0000017a: SUB 0000017b: SWAP1 0000017c: RETURN 0000017d: JUMPDEST 0000017e: CALLVALUE 0000017f: ISZERO 00000180: PUSH2 0x0188 00000183: JUMPI 00000184: PUSH1 0x00 00000186: DUP1 00000187: REVERT 00000188: JUMPDEST 00000189: PUSH2 0x0190 0000018c: PUSH2 0x058a 0000018f: JUMP 00000190: JUMPDEST 00000191: PUSH1 0x40 00000193: MLOAD 00000194: DUP1 00000195: DUP3 00000196: PUSH1 0x02 00000198: DUP2 00000199: GT 0000019a: ISZERO 0000019b: PUSH2 0x01a0 0000019e: JUMPI 0000019f: INVALID 000001a0: JUMPDEST 000001a1: PUSH1 0xff 000001a3: AND 000001a4: DUP2 000001a5: MSTORE 000001a6: PUSH1 0x20 000001a8: ADD 000001a9: SWAP2 000001aa: POP 000001ab: POP 000001ac: PUSH1 0x40 000001ae: MLOAD 000001af: DUP1 000001b0: SWAP2 000001b1: SUB 000001b2: SWAP1 000001b3: RETURN 000001b4: JUMPDEST 000001b5: CALLVALUE 000001b6: ISZERO 000001b7: PUSH2 0x01bf 000001ba: JUMPI 000001bb: PUSH1 0x00 000001bd: DUP1 000001be: REVERT 000001bf: JUMPDEST 000001c0: PUSH2 0x01eb 000001c3: PUSH1 0x04 000001c5: DUP1 000001c6: DUP1 000001c7: CALLDATALOAD 000001c8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001dd: AND 000001de: SWAP1 000001df: PUSH1 0x20 000001e1: ADD 000001e2: SWAP1 000001e3: SWAP2 000001e4: SWAP1 000001e5: POP 000001e6: POP 000001e7: PUSH2 0x059d 000001ea: JUMP 000001eb: JUMPDEST 000001ec: PUSH1 0x40 000001ee: MLOAD 000001ef: DUP1 000001f0: DUP3 000001f1: DUP2 000001f2: MSTORE 000001f3: PUSH1 0x20 000001f5: ADD 000001f6: SWAP2 000001f7: POP 000001f8: POP 000001f9: PUSH1 0x40 000001fb: MLOAD 000001fc: DUP1 000001fd: SWAP2 000001fe: SUB 000001ff: SWAP1 00000200: RETURN 00000201: JUMPDEST 00000202: CALLVALUE 00000203: ISZERO 00000204: PUSH2 0x020c 00000207: JUMPI 00000208: PUSH1 0x00 0000020a: DUP1 0000020b: REVERT 0000020c: JUMPDEST 0000020d: PUSH2 0x0214 00000210: PUSH2 0x05b5 00000213: JUMP 00000214: JUMPDEST 00000215: STOP 00000216: JUMPDEST 00000217: CALLVALUE 00000218: ISZERO 00000219: PUSH2 0x0221 0000021c: JUMPI 0000021d: PUSH1 0x00 0000021f: DUP1 00000220: REVERT 00000221: JUMPDEST 00000222: PUSH2 0x024d 00000225: PUSH1 0x04 00000227: DUP1 00000228: DUP1 00000229: CALLDATALOAD 0000022a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000023f: AND 00000240: SWAP1 00000241: PUSH1 0x20 00000243: ADD 00000244: SWAP1 00000245: SWAP2 00000246: SWAP1 00000247: POP 00000248: POP 00000249: PUSH2 0x070d 0000024c: JUMP 0000024d: JUMPDEST 0000024e: STOP 0000024f: JUMPDEST 00000250: PUSH2 0x027b 00000253: PUSH1 0x04 00000255: DUP1 00000256: DUP1 00000257: CALLDATALOAD 00000258: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000026d: AND 0000026e: SWAP1 0000026f: PUSH1 0x20 00000271: ADD 00000272: SWAP1 00000273: SWAP2 00000274: SWAP1 00000275: POP 00000276: POP 00000277: PUSH2 0x0862 0000027a: JUMP 0000027b: JUMPDEST 0000027c: STOP 0000027d: JUMPDEST 0000027e: CALLVALUE 0000027f: ISZERO 00000280: PUSH2 0x0288 00000283: JUMPI 00000284: PUSH1 0x00 00000286: DUP1 00000287: REVERT 00000288: JUMPDEST 00000289: PUSH2 0x02b4 0000028c: PUSH1 0x04 0000028e: DUP1 0000028f: DUP1 00000290: CALLDATALOAD 00000291: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002a6: AND 000002a7: SWAP1 000002a8: PUSH1 0x20 000002aa: ADD 000002ab: SWAP1 000002ac: SWAP2 000002ad: SWAP1 000002ae: POP 000002af: POP 000002b0: PUSH2 0x0989 000002b3: JUMP 000002b4: JUMPDEST 000002b5: STOP 000002b6: JUMPDEST 000002b7: PUSH1 0x00 000002b9: DUP1 000002ba: SWAP1 000002bb: SLOAD 000002bc: SWAP1 000002bd: PUSH2 0x0100 000002c0: EXP 000002c1: SWAP1 000002c2: DIV 000002c3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002d8: AND 000002d9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002ee: AND 000002ef: CALLER 000002f0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000305: AND 00000306: EQ 00000307: ISZERO 00000308: ISZERO 00000309: PUSH2 0x0311 0000030c: JUMPI 0000030d: PUSH1 0x00 0000030f: DUP1 00000310: REVERT 00000311: JUMPDEST 00000312: PUSH1 0x00 00000314: PUSH1 0x02 00000316: DUP2 00000317: GT 00000318: ISZERO 00000319: PUSH2 0x031e 0000031c: JUMPI 0000031d: INVALID 0000031e: JUMPDEST 0000031f: PUSH1 0x00 00000321: PUSH1 0x14 00000323: SWAP1 00000324: SLOAD 00000325: SWAP1 00000326: PUSH2 0x0100 00000329: EXP 0000032a: SWAP1 0000032b: DIV 0000032c: PUSH1 0xff 0000032e: AND 0000032f: PUSH1 0x02 00000331: DUP2 00000332: GT 00000333: ISZERO 00000334: PUSH2 0x0339 00000337: JUMPI 00000338: INVALID 00000339: JUMPDEST 0000033a: EQ 0000033b: ISZERO 0000033c: ISZERO 0000033d: PUSH2 0x0345 00000340: JUMPI 00000341: PUSH1 0x00 00000343: DUP1 00000344: REVERT 00000345: JUMPDEST 00000346: PUSH1 0x02 00000348: PUSH1 0x00 0000034a: PUSH1 0x14 0000034c: PUSH2 0x0100 0000034f: EXP 00000350: DUP2 00000351: SLOAD 00000352: DUP2 00000353: PUSH1 0xff 00000355: MUL 00000356: NOT 00000357: AND 00000358: SWAP1 00000359: DUP4 0000035a: PUSH1 0x02 0000035c: DUP2 0000035d: GT 0000035e: ISZERO 0000035f: PUSH2 0x0364 00000362: JUMPI 00000363: INVALID 00000364: JUMPDEST 00000365: MUL 00000366: OR 00000367: SWAP1 00000368: SSTORE 00000369: POP 0000036a: PUSH32 0x1cdde67b72a90f19919ac732a437ac2f7a10fc128d28c2a6e525d89ce5cd9d3a 0000038b: PUSH1 0x40 0000038d: MLOAD 0000038e: PUSH1 0x40 00000390: MLOAD 00000391: DUP1 00000392: SWAP2 00000393: SUB 00000394: SWAP1 00000395: LOG1 00000396: PUSH32 0xb71503fc488e5e21cf011cfe957816bd59637b7740d015c19152ada520bb9933 000003b7: ADDRESS 000003b8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003cd: AND 000003ce: BALANCE 000003cf: PUSH1 0x40 000003d1: MLOAD 000003d2: DUP1 000003d3: DUP3 000003d4: DUP2 000003d5: MSTORE 000003d6: PUSH1 0x20 000003d8: ADD 000003d9: SWAP2 000003da: POP 000003db: POP 000003dc: PUSH1 0x40 000003de: MLOAD 000003df: DUP1 000003e0: SWAP2 000003e1: SUB 000003e2: SWAP1 000003e3: LOG1 000003e4: PUSH1 0x02 000003e6: PUSH1 0x00 000003e8: SWAP1 000003e9: SLOAD 000003ea: SWAP1 000003eb: PUSH2 0x0100 000003ee: EXP 000003ef: SWAP1 000003f0: DIV 000003f1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000406: AND 00000407: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000041c: AND 0000041d: PUSH2 0x08fc 00000420: ADDRESS 00000421: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000436: AND 00000437: BALANCE 00000438: SWAP1 00000439: DUP2 0000043a: ISZERO 0000043b: MUL 0000043c: SWAP1 0000043d: PUSH1 0x40 0000043f: MLOAD 00000440: PUSH1 0x00 00000442: PUSH1 0x40 00000444: MLOAD 00000445: DUP1 00000446: DUP4 00000447: SUB 00000448: DUP2 00000449: DUP6 0000044a: DUP9 0000044b: DUP9 0000044c: CALL 0000044d: SWAP4 0000044e: POP 0000044f: POP 00000450: POP 00000451: POP 00000452: ISZERO 00000453: ISZERO 00000454: PUSH2 0x045c 00000457: JUMPI 00000458: PUSH1 0x00 0000045a: DUP1 0000045b: REVERT 0000045c: JUMPDEST 0000045d: JUMP 0000045e: JUMPDEST 0000045f: PUSH1 0x02 00000461: PUSH1 0x00 00000463: SWAP1 00000464: SLOAD 00000465: SWAP1 00000466: PUSH2 0x0100 00000469: EXP 0000046a: SWAP1 0000046b: DIV 0000046c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000481: AND 00000482: DUP2 00000483: JUMP 00000484: JUMPDEST 00000485: PUSH1 0x00 00000487: DUP1 00000488: SWAP1 00000489: SLOAD 0000048a: SWAP1 0000048b: PUSH2 0x0100 0000048e: EXP 0000048f: SWAP1 00000490: DIV 00000491: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004a6: AND 000004a7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004bc: AND 000004bd: CALLER 000004be: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004d3: AND 000004d4: EQ 000004d5: ISZERO 000004d6: ISZERO 000004d7: PUSH2 0x04df 000004da: JUMPI 000004db: PUSH1 0x00 000004dd: DUP1 000004de: REVERT 000004df: JUMPDEST 000004e0: PUSH1 0x00 000004e2: PUSH1 0x02 000004e4: DUP2 000004e5: GT 000004e6: ISZERO 000004e7: PUSH2 0x04ec 000004ea: JUMPI 000004eb: INVALID 000004ec: JUMPDEST 000004ed: PUSH1 0x00 000004ef: PUSH1 0x14 000004f1: SWAP1 000004f2: SLOAD 000004f3: SWAP1 000004f4: PUSH2 0x0100 000004f7: EXP 000004f8: SWAP1 000004f9: DIV 000004fa: PUSH1 0xff 000004fc: AND 000004fd: PUSH1 0x02 000004ff: DUP2 00000500: GT 00000501: ISZERO 00000502: PUSH2 0x0507 00000505: JUMPI 00000506: INVALID 00000507: JUMPDEST 00000508: EQ 00000509: ISZERO 0000050a: ISZERO 0000050b: PUSH2 0x0513 0000050e: JUMPI 0000050f: PUSH1 0x00 00000511: DUP1 00000512: REVERT 00000513: JUMPDEST 00000514: PUSH1 0x01 00000516: PUSH1 0x00 00000518: PUSH1 0x14 0000051a: PUSH2 0x0100 0000051d: EXP 0000051e: DUP2 0000051f: SLOAD 00000520: DUP2 00000521: PUSH1 0xff 00000523: MUL 00000524: NOT 00000525: AND 00000526: SWAP1 00000527: DUP4 00000528: PUSH1 0x02 0000052a: DUP2 0000052b: GT 0000052c: ISZERO 0000052d: PUSH2 0x0532 00000530: JUMPI 00000531: INVALID 00000532: JUMPDEST 00000533: MUL 00000534: OR 00000535: SWAP1 00000536: SSTORE 00000537: POP 00000538: PUSH32 0x599d8e5a83cffb867d051598c4d70e805d59802d8081c1c7d6dffc5b6aca2b89 00000559: PUSH1 0x40 0000055b: MLOAD 0000055c: PUSH1 0x40 0000055e: MLOAD 0000055f: DUP1 00000560: SWAP2 00000561: SUB 00000562: SWAP1 00000563: LOG1 00000564: JUMP 00000565: JUMPDEST 00000566: PUSH1 0x00 00000568: DUP1 00000569: SWAP1 0000056a: SLOAD 0000056b: SWAP1 0000056c: PUSH2 0x0100 0000056f: EXP 00000570: SWAP1 00000571: DIV 00000572: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000587: AND 00000588: DUP2 00000589: JUMP 0000058a: JUMPDEST 0000058b: PUSH1 0x00 0000058d: PUSH1 0x14 0000058f: SWAP1 00000590: SLOAD 00000591: SWAP1 00000592: PUSH2 0x0100 00000595: EXP 00000596: SWAP1 00000597: DIV 00000598: PUSH1 0xff 0000059a: AND 0000059b: DUP2 0000059c: JUMP 0000059d: JUMPDEST 0000059e: PUSH1 0x01 000005a0: PUSH1 0x20 000005a2: MSTORE 000005a3: DUP1 000005a4: PUSH1 0x00 000005a6: MSTORE 000005a7: PUSH1 0x40 000005a9: PUSH1 0x00 000005ab: KECCAK256 000005ac: PUSH1 0x00 000005ae: SWAP2 000005af: POP 000005b0: SWAP1 000005b1: POP 000005b2: SLOAD 000005b3: DUP2 000005b4: JUMP 000005b5: JUMPDEST 000005b6: PUSH1 0x00 000005b8: DUP1 000005b9: SWAP1 000005ba: SLOAD 000005bb: SWAP1 000005bc: PUSH2 0x0100 000005bf: EXP 000005c0: SWAP1 000005c1: DIV 000005c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005d7: AND 000005d8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005ed: AND 000005ee: CALLER 000005ef: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000604: AND 00000605: EQ 00000606: ISZERO 00000607: ISZERO 00000608: PUSH2 0x0610 0000060b: JUMPI 0000060c: PUSH1 0x00 0000060e: DUP1 0000060f: REVERT 00000610: JUMPDEST 00000611: PUSH1 0x00 00000613: PUSH1 0x02 00000615: DUP2 00000616: GT 00000617: ISZERO 00000618: PUSH2 0x061d 0000061b: JUMPI 0000061c: INVALID 0000061d: JUMPDEST 0000061e: PUSH1 0x00 00000620: PUSH1 0x14 00000622: SWAP1 00000623: SLOAD 00000624: SWAP1 00000625: PUSH2 0x0100 00000628: EXP 00000629: SWAP1 0000062a: DIV 0000062b: PUSH1 0xff 0000062d: AND 0000062e: PUSH1 0x02 00000630: DUP2 00000631: GT 00000632: ISZERO 00000633: PUSH2 0x0638 00000636: JUMPI 00000637: INVALID 00000638: JUMPDEST 00000639: EQ 0000063a: ISZERO 0000063b: ISZERO 0000063c: PUSH2 0x0644 0000063f: JUMPI 00000640: PUSH1 0x00 00000642: DUP1 00000643: REVERT 00000644: JUMPDEST 00000645: PUSH32 0xb71503fc488e5e21cf011cfe957816bd59637b7740d015c19152ada520bb9933 00000666: ADDRESS 00000667: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000067c: AND 0000067d: BALANCE 0000067e: PUSH1 0x40 00000680: MLOAD 00000681: DUP1 00000682: DUP3 00000683: DUP2 00000684: MSTORE 00000685: PUSH1 0x20 00000687: ADD 00000688: SWAP2 00000689: POP 0000068a: POP 0000068b: PUSH1 0x40 0000068d: MLOAD 0000068e: DUP1 0000068f: SWAP2 00000690: SUB 00000691: SWAP1 00000692: LOG1 00000693: PUSH1 0x02 00000695: PUSH1 0x00 00000697: SWAP1 00000698: SLOAD 00000699: SWAP1 0000069a: PUSH2 0x0100 0000069d: EXP 0000069e: SWAP1 0000069f: DIV 000006a0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006b5: AND 000006b6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006cb: AND 000006cc: PUSH2 0x08fc 000006cf: ADDRESS 000006d0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006e5: AND 000006e6: BALANCE 000006e7: SWAP1 000006e8: DUP2 000006e9: ISZERO 000006ea: MUL 000006eb: SWAP1 000006ec: PUSH1 0x40 000006ee: MLOAD 000006ef: PUSH1 0x00 000006f1: PUSH1 0x40 000006f3: MLOAD 000006f4: DUP1 000006f5: DUP4 000006f6: SUB 000006f7: DUP2 000006f8: DUP6 000006f9: DUP9 000006fa: DUP9 000006fb: CALL 000006fc: SWAP4 000006fd: POP 000006fe: POP 000006ff: POP 00000700: POP 00000701: ISZERO 00000702: ISZERO 00000703: PUSH2 0x070b 00000706: JUMPI 00000707: PUSH1 0x00 00000709: DUP1 0000070a: REVERT 0000070b: JUMPDEST 0000070c: JUMP 0000070d: JUMPDEST 0000070e: PUSH1 0x00 00000710: DUP1 00000711: SWAP1 00000712: SLOAD 00000713: SWAP1 00000714: PUSH2 0x0100 00000717: EXP 00000718: SWAP1 00000719: DIV 0000071a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000072f: AND 00000730: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000745: AND 00000746: CALLER 00000747: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000075c: AND 0000075d: EQ 0000075e: ISZERO 0000075f: ISZERO 00000760: PUSH2 0x0768 00000763: JUMPI 00000764: PUSH1 0x00 00000766: DUP1 00000767: REVERT 00000768: JUMPDEST 00000769: PUSH1 0x00 0000076b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000780: AND 00000781: DUP2 00000782: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000797: AND 00000798: EQ 00000799: ISZERO 0000079a: ISZERO 0000079b: ISZERO 0000079c: PUSH2 0x07a4 0000079f: JUMPI 000007a0: PUSH1 0x00 000007a2: DUP1 000007a3: REVERT 000007a4: JUMPDEST 000007a5: DUP1 000007a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007bb: AND 000007bc: PUSH1 0x00 000007be: DUP1 000007bf: SWAP1 000007c0: SLOAD 000007c1: SWAP1 000007c2: PUSH2 0x0100 000007c5: EXP 000007c6: SWAP1 000007c7: DIV 000007c8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007dd: AND 000007de: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007f3: AND 000007f4: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 00000815: PUSH1 0x40 00000817: MLOAD 00000818: PUSH1 0x40 0000081a: MLOAD 0000081b: DUP1 0000081c: SWAP2 0000081d: SUB 0000081e: SWAP1 0000081f: LOG3 00000820: DUP1 00000821: PUSH1 0x00 00000823: DUP1 00000824: PUSH2 0x0100 00000827: EXP 00000828: DUP2 00000829: SLOAD 0000082a: DUP2 0000082b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000840: MUL 00000841: NOT 00000842: AND 00000843: SWAP1 00000844: DUP4 00000845: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000085a: AND 0000085b: MUL 0000085c: OR 0000085d: SWAP1 0000085e: SSTORE 0000085f: POP 00000860: POP 00000861: JUMP 00000862: JUMPDEST 00000863: PUSH1 0x00 00000865: DUP1 00000866: SWAP1 00000867: SLOAD 00000868: SWAP1 00000869: PUSH2 0x0100 0000086c: EXP 0000086d: SWAP1 0000086e: DIV 0000086f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000884: AND 00000885: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000089a: AND 0000089b: CALLER 0000089c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008b1: AND 000008b2: EQ 000008b3: ISZERO 000008b4: ISZERO 000008b5: PUSH2 0x08bd 000008b8: JUMPI 000008b9: PUSH1 0x00 000008bb: DUP1 000008bc: REVERT 000008bd: JUMPDEST 000008be: PUSH1 0x00 000008c0: PUSH1 0x02 000008c2: DUP2 000008c3: GT 000008c4: ISZERO 000008c5: PUSH2 0x08ca 000008c8: JUMPI 000008c9: INVALID 000008ca: JUMPDEST 000008cb: PUSH1 0x00 000008cd: PUSH1 0x14 000008cf: SWAP1 000008d0: SLOAD 000008d1: SWAP1 000008d2: PUSH2 0x0100 000008d5: EXP 000008d6: SWAP1 000008d7: DIV 000008d8: PUSH1 0xff 000008da: AND 000008db: PUSH1 0x02 000008dd: DUP2 000008de: GT 000008df: ISZERO 000008e0: PUSH2 0x08e5 000008e3: JUMPI 000008e4: INVALID 000008e5: JUMPDEST 000008e6: EQ 000008e7: ISZERO 000008e8: ISZERO 000008e9: PUSH2 0x08f1 000008ec: JUMPI 000008ed: PUSH1 0x00 000008ef: DUP1 000008f0: REVERT 000008f1: JUMPDEST 000008f2: PUSH2 0x0943 000008f5: CALLVALUE 000008f6: PUSH1 0x01 000008f8: PUSH1 0x00 000008fa: DUP5 000008fb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000910: AND 00000911: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000926: AND 00000927: DUP2 00000928: MSTORE 00000929: PUSH1 0x20 0000092b: ADD 0000092c: SWAP1 0000092d: DUP2 0000092e: MSTORE 0000092f: PUSH1 0x20 00000931: ADD 00000932: PUSH1 0x00 00000934: KECCAK256 00000935: SLOAD 00000936: PUSH2 0x0ad8 00000939: SWAP1 0000093a: SWAP2 0000093b: SWAP1 0000093c: PUSH4 0xffffffff 00000941: AND 00000942: JUMP 00000943: JUMPDEST 00000944: PUSH1 0x01 00000946: PUSH1 0x00 00000948: DUP4 00000949: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000095e: AND 0000095f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000974: AND 00000975: DUP2 00000976: MSTORE 00000977: PUSH1 0x20 00000979: ADD 0000097a: SWAP1 0000097b: DUP2 0000097c: MSTORE 0000097d: PUSH1 0x20 0000097f: ADD 00000980: PUSH1 0x00 00000982: KECCAK256 00000983: DUP2 00000984: SWAP1 00000985: SSTORE 00000986: POP 00000987: POP 00000988: JUMP 00000989: JUMPDEST 0000098a: PUSH1 0x00 0000098c: PUSH1 0x01 0000098e: PUSH1 0x02 00000990: DUP2 00000991: GT 00000992: ISZERO 00000993: PUSH2 0x0998 00000996: JUMPI 00000997: INVALID 00000998: JUMPDEST 00000999: PUSH1 0x00 0000099b: PUSH1 0x14 0000099d: SWAP1 0000099e: SLOAD 0000099f: SWAP1 000009a0: PUSH2 0x0100 000009a3: EXP 000009a4: SWAP1 000009a5: DIV 000009a6: PUSH1 0xff 000009a8: AND 000009a9: PUSH1 0x02 000009ab: DUP2 000009ac: GT 000009ad: ISZERO 000009ae: PUSH2 0x09b3 000009b1: JUMPI 000009b2: INVALID 000009b3: JUMPDEST 000009b4: EQ 000009b5: ISZERO 000009b6: ISZERO 000009b7: PUSH2 0x09bf 000009ba: JUMPI 000009bb: PUSH1 0x00 000009bd: DUP1 000009be: REVERT 000009bf: JUMPDEST 000009c0: PUSH1 0x01 000009c2: PUSH1 0x00 000009c4: DUP4 000009c5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009da: AND 000009db: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009f0: AND 000009f1: DUP2 000009f2: MSTORE 000009f3: PUSH1 0x20 000009f5: ADD 000009f6: SWAP1 000009f7: DUP2 000009f8: MSTORE 000009f9: PUSH1 0x20 000009fb: ADD 000009fc: PUSH1 0x00 000009fe: KECCAK256 000009ff: SLOAD 00000a00: SWAP1 00000a01: POP 00000a02: PUSH1 0x00 00000a04: PUSH1 0x01 00000a06: PUSH1 0x00 00000a08: DUP5 00000a09: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a1e: AND 00000a1f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a34: AND 00000a35: DUP2 00000a36: MSTORE 00000a37: PUSH1 0x20 00000a39: ADD 00000a3a: SWAP1 00000a3b: DUP2 00000a3c: MSTORE 00000a3d: PUSH1 0x20 00000a3f: ADD 00000a40: PUSH1 0x00 00000a42: KECCAK256 00000a43: DUP2 00000a44: SWAP1 00000a45: SSTORE 00000a46: POP 00000a47: DUP2 00000a48: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a5d: AND 00000a5e: PUSH2 0x08fc 00000a61: DUP3 00000a62: SWAP1 00000a63: DUP2 00000a64: ISZERO 00000a65: MUL 00000a66: SWAP1 00000a67: PUSH1 0x40 00000a69: MLOAD 00000a6a: PUSH1 0x00 00000a6c: PUSH1 0x40 00000a6e: MLOAD 00000a6f: DUP1 00000a70: DUP4 00000a71: SUB 00000a72: DUP2 00000a73: DUP6 00000a74: DUP9 00000a75: DUP9 00000a76: CALL 00000a77: SWAP4 00000a78: POP 00000a79: POP 00000a7a: POP 00000a7b: POP 00000a7c: ISZERO 00000a7d: ISZERO 00000a7e: PUSH2 0x0a86 00000a81: JUMPI 00000a82: PUSH1 0x00 00000a84: DUP1 00000a85: REVERT 00000a86: JUMPDEST 00000a87: DUP2 00000a88: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a9d: AND 00000a9e: PUSH32 0xd7dee2702d63ad89917b6a4da9981c90c4d24f8c2bdfd64c604ecae57d8d0651 00000abf: DUP3 00000ac0: PUSH1 0x40 00000ac2: MLOAD 00000ac3: DUP1 00000ac4: DUP3 00000ac5: DUP2 00000ac6: MSTORE 00000ac7: PUSH1 0x20 00000ac9: ADD 00000aca: SWAP2 00000acb: POP 00000acc: POP 00000acd: PUSH1 0x40 00000acf: MLOAD 00000ad0: DUP1 00000ad1: SWAP2 00000ad2: SUB 00000ad3: SWAP1 00000ad4: LOG2 00000ad5: POP 00000ad6: POP 00000ad7: JUMP 00000ad8: JUMPDEST 00000ad9: PUSH1 0x00 00000adb: DUP1 00000adc: DUP3 00000add: DUP5 00000ade: ADD 00000adf: SWAP1 00000ae0: POP 00000ae1: DUP4 00000ae2: DUP2 00000ae3: LT 00000ae4: ISZERO 00000ae5: PUSH2 0x0aed 00000ae8: JUMPI 00000ae9: PUSH1 0x00 00000aeb: DUP1 00000aec: REVERT 00000aed: JUMPDEST 00000aee: DUP1 00000aef: SWAP2 00000af0: POP 00000af1: POP 00000af2: SWAP3 00000af3: SWAP2 00000af4: POP 00000af5: POP 00000af6: JUMP 00000af7: STOP 00000af8: LOG1 00000af9: PUSH6 0x627a7a723058 00000b00: KECCAK256 00000b01: UNKNOWN(0xED) 00000b02: UNKNOWN(0xAE) 00000b03: UNKNOWN(0xB1) 00000b04: CALLER 00000b05: LOG4 00000b06: DUP13 00000b07: UNKNOWN(0xDB) 00000b08: UNKNOWN(0x25) 00000b09: UNKNOWN(0xC3) 00000b0a: UNKNOWN(0xB6) 00000b0b: UNKNOWN(0xC3) 00000b0c: UNKNOWN(0xA8) 00000b0d: LOG4 00000b0e: UNKNOWN(0x4B) 00000b0f: EXTCODEHASH 00000b10: EQ 00000b11: ORIGIN 00000b12: DUP1 00000b13: UNKNOWN(0xD5) 00000b14: PUSH25
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x43d726d6",
"selector": "0x43d726d6",
"calldata_variants": [
"0x43d726d6",
"0x43d726d60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8c52dc41",
"selector": "0x8c52dc41",
"calldata_variants": [
"0x8c52dc41",
"0x8c52dc410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc19d93fb",
"selector": "0xc19d93fb",
"calldata_variants": [
"0xc19d93fb",
"0xc19d93fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcb13cddb",
"selector": "0xcb13cddb",
"calldata_variants": [
"0xcb13cddb",
"0xcb13cddb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd13209f9",
"selector": "0xd13209f9",
"calldata_variants": [
"0xd13209f9",
"0xd13209f90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 751,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1213,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1518,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1862,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2203,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2833,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x7e4407104608864628355cec2a632bc4f55d10e14cfdb26eda552c52b8935615
call_targets:
0x2cbc6812cff0b1113bf2808ffce6d83b97afd345
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x7e4407104608864628355cec2a632bc4f55d10e14cfdb26eda552c52b8935615",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x2cbc6812cff0b1113bf2808ffce6d83b97afd345"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x43d726d6",
"selector": "0x43d726d6",
"calldata_variants": [
"0x43d726d6",
"0x43d726d60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8c52dc41",
"selector": "0x8c52dc41",
"calldata_variants": [
"0x8c52dc41",
"0x8c52dc410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc19d93fb",
"selector": "0xc19d93fb",
"calldata_variants": [
"0xc19d93fb",
"0xc19d93fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcb13cddb",
"selector": "0xcb13cddb",
"calldata_variants": [
"0xcb13cddb",
"0xcb13cddb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd13209f9",
"selector": "0xd13209f9",
"calldata_variants": [
"0xd13209f9",
"0xd13209f90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1100,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1787,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2678,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 751,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1213,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1518,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1862,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2203,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2833,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x7e4407104608864628355cec2a632bc4f55d10e14cfdb26eda552c52b8935615
call_targets:
0x2cbc6812cff0b1113bf2808ffce6d83b97afd345
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x7e4407104608864628355cec2a632bc4f55d10e14cfdb26eda552c52b8935615",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x2cbc6812cff0b1113bf2808ffce6d83b97afd345"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x43d726d6",
"selector": "0x43d726d6",
"calldata_variants": [
"0x43d726d6",
"0x43d726d60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8c52dc41",
"selector": "0x8c52dc41",
"calldata_variants": [
"0x8c52dc41",
"0x8c52dc410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc19d93fb",
"selector": "0xc19d93fb",
"calldata_variants": [
"0xc19d93fb",
"0xc19d93fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcb13cddb",
"selector": "0xcb13cddb",
"calldata_variants": [
"0xcb13cddb",
"0xcb13cddb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd13209f9",
"selector": "0xd13209f9",
"calldata_variants": [
"0xd13209f9",
"0xd13209f90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1100,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1787,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2678,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 751,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1213,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1518,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1862,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2203,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2833,
"type": "tx_origin_used"
}
]
}
|
| info | other | cast | Heavy EXTCODE*/BALANCE usage | 55 | no | — |
viewevidence_json{
"notes": "frequent external code or balance checks; may indicate introspection or validation logic",
"ext_balance_count": 5
}
|