019bb377-69f2-73db-bc6d-fbc28aba7c7b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 39895 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 39896 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 39897 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 39898 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 39899 | capability.graph | complete | 1 / 3 | 3 months ago |
| 39900 | detector.run | complete | 1 / 3 | 3 months ago |
| 39901 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39982 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39983 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-jsbkpg03) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-jsbkpg03) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) has bitwise-xor operator ^ instead of the exponentiation operator **: - inverse = (3 * denominator) ^ 2 (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#259) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-exponentiation Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse = (3 * denominator) ^ 2 (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#259) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#263) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#264) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#265) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#266) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#267) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#244) - inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#268) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) performs a multiplication on the result of a division: - low = low / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#247) - result = low * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#274) Math.invMod(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#317-363) performs a multiplication on the result of a division: - quotient = gcd / remainder (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#339) - (gcd,remainder) = (remainder,gcd - remainder * quotient) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#341-348) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply DeusdMerkleDistributor.constructor(bytes32,address,address,address)._owner (src/DeusdMerkleDistributor.sol#75) shadows: - Ownable._owner (lib/openzeppelin-contracts/contracts/access/Ownable.sol#21) (state variable) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing Ownable2Step.transferOwnership(address).newOwner (lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol#43) lacks a zero-check on : - _pendingOwner = newOwner (lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol#44) DeusdMerkleDistributor.constructor(bytes32,address,address,address)._signer (src/DeusdMerkleDistributor.sol#75) lacks a zero-check on : - signer = _signer (src/DeusdMerkleDistributor.sol#79) DeusdMerkleDistributor.setSigner(address)._signer (src/DeusdMerkleDistributor.sol#120) lacks a zero-check on : - signer = _signer (src/DeusdMerkleDistributor.sol#121) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation SafeERC20._safeTransfer(IERC20,address,uint256,bool) (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#176-200) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#179-199) SafeERC20._safeTransferFrom(IERC20,address,address,uint256,bool) (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#212-244) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#221-243) SafeERC20._safeApprove(IERC20,address,uint256,bool) (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#255-279) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#258-278) Bytes.slice(bytes,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#86-98) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#93-95) Bytes.splice(bytes,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#117-129) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#123-126) Bytes.replace(bytes,uint256,bytes,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#154-172) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#167-169) Bytes.concat(bytes[]) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#183-203) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#194-196) Bytes.toNibbles(bytes) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#210-245) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#211-244) Bytes._unsafeReadBytesOffset(bytes,uint256) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#326-331) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#328-330) Panic.panic(uint256) (lib/openzeppelin-contracts/contracts/utils/Panic.sol#50-56) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Panic.sol#51-55) Strings.toString(uint256) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#46-64) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#51-53) - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#56-58) Strings.toChecksumHexString(address) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#112-130) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#117-119) Strings.escapeJSON(string) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#464-494) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#488-491) Strings._unsafeReadBytesOffset(bytes,uint256) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#502-507) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#504-506) ECDSA.tryRecover(bytes32,bytes) (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#61-80) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#71-75) ECDSA.tryRecoverCalldata(bytes32,bytes) (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#85-104) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#95-99) ECDSA.parse(bytes) (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#217-240) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#218-239) ECDSA.parseCalldata(bytes) (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#245-268) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#246-267) Hashes.efficientKeccak256(bytes32,bytes32) (lib/openzeppelin-contracts/contracts/utils/cryptography/Hashes.sol#24-30) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/Hashes.sol#25-29) MessageHashUtils.toEthSignedMessageHash(bytes32) (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#32-38) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#33-37) MessageHashUtils.toDataWithIntendedValidatorHash(address,bytes32) (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#71-81) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#75-80) MessageHashUtils.toTypedDataHash(bytes32,bytes32) (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#92-100) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#93-99) MessageHashUtils.toDomainSeparator(bytes1,bytes32,bytes32,uint256,address,bytes32) (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#137-179) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#147-178) MessageHashUtils.toDomainTypeHash(bytes1) (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#182-227) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#185-226) Math.add512(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#25-30) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#26-29) Math.mul512(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#37-46) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#41-45) Math.tryMul(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#73-84) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#76-80) Math.tryDiv(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#89-97) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#92-95) Math.tryMod(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102-110) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#105-108) Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#206-277) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#229-236) - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#242-251) Math.tryModExp(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#411-435) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#413-434) Math.tryModExp(bytes,bytes,bytes) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#451-473) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#463-472) Math._zeroBytes(bytes) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#478-490) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#482-484) Math.log2(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#619-658) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#655-657) SafeCast.toUint(bool) (lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol#1157-1161) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol#1158-1160) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage 4 different versions of Solidity are used: - Version constraint ^0.8.20 is used by: -^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Context.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Panic.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/Hashes.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol#5) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol#5) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol#4) -^0.8.20 (src/DeusdMerkleDistributor.sol#2) - Version constraint >=0.6.2 is used by: ->=0.6.2 (lib/openzeppelin-contracts/contracts/interfaces/IERC1363.sol#4) - Version constraint >=0.4.16 is used by: ->=0.4.16 (lib/openzeppelin-contracts/contracts/interfaces/IERC165.sol#4) ->=0.4.16 (lib/openzeppelin-contracts/contracts/interfaces/IERC20.sol#4) ->=0.4.16 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4) ->=0.4.16 (lib/openzeppelin-contracts/contracts/utils/introspection/IERC165.sol#4) - Version constraint ^0.8.24 is used by: -^0.8.24 (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#4) -^0.8.24 (lib/openzeppelin-contracts/contracts/utils/Strings.sol#4) -^0.8.24 (lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#4) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used Version constraint ^0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - VerbatimInvalidDeduplication - FullInlinerNonExpressionSplitArgumentEvaluationOrder - MissingSideEffectsOnSelectorAccess. It is used by: - ^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Context.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Panic.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/Hashes.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol#5) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol#5) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol#4) - ^0.8.20 (src/DeusdMerkleDistributor.sol#2) Version constraint >=0.6.2 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - MissingSideEffectsOnSelectorAccess - AbiReencodingHeadOverflowWithStaticArrayCleanup - DirtyBytesArrayToStorage - NestedCalldataArrayAbiReencodingSizeValidation - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - MissingEscapingInFormatting - ArraySliceDynamicallyEncodedBaseType - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow. It is used by: - >=0.6.2 (lib/openzeppelin-contracts/contracts/interfaces/IERC1363.sol#4) Version constraint >=0.4.16 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ExpExponentCleanup - NestedArrayFunctionCallDecoder - ZeroFunctionSelector. It is used by: - >=0.4.16 (lib/openzeppelin-contracts/contracts/interfaces/IERC165.sol#4) - >=0.4.16 (lib/openzeppelin-contracts/contracts/interfaces/IERC20.sol#4) - >=0.4.16 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4) - >=0.4.16 (lib/openzeppelin-contracts/contracts/utils/introspection/IERC165.sol#4) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Parameter DeusdMerkleDistributor.claim(uint256,bytes32[],bytes)._amount (src/DeusdMerkleDistributor.sol#100) is not in mixedCase Parameter DeusdMerkleDistributor.claim(uint256,bytes32[],bytes)._merkleProof (src/DeusdMerkleDistributor.sol#100) is not in mixedCase Parameter DeusdMerkleDistributor.claim(uint256,bytes32[],bytes)._signature (src/DeusdMerkleDistributor.sol#100) is not in mixedCase Parameter DeusdMerkleDistributor.setSigner(address)._signer (src/DeusdMerkleDistributor.sol#120) is not in mixedCase Variable DeusdMerkleDistributor.MERKLE_ROOT (src/DeusdMerkleDistributor.sol#51) is not in mixedCase Variable DeusdMerkleDistributor.TOKEN (src/DeusdMerkleDistributor.sol#54) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions Bytes.toNibbles(bytes) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#210-245) uses literals with too many digits: - chunk_toNibbles_asm_0 = 0x0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff & chunk_toNibbles_asm_0 << 64 | chunk_toNibbles_asm_0 (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#222-225) Bytes.toNibbles(bytes) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#210-245) uses literals with too many digits: - chunk_toNibbles_asm_0 = 0x00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff & chunk_toNibbles_asm_0 << 32 | chunk_toNibbles_asm_0 (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#226-229) Bytes.reverseBytes32(bytes32) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#258-272) uses literals with too many digits: - value = ((value >> 32) & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) | ((value & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#265-267) Bytes.reverseBytes32(bytes32) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#258-272) uses literals with too many digits: - value = ((value >> 64) & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) | ((value & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#268-270) Bytes.reverseBytes16(bytes16) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#275-286) uses literals with too many digits: - value = ((value & 0xFFFFFFFF00000000FFFFFFFF00000000) >> 32) | ((value & 0x00000000FFFFFFFF00000000FFFFFFFF) << 32) (lib/openzeppelin-contracts/contracts/utils/Bytes.sol#282-284) Math.log2(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#619-658) uses literals with too many digits: - r = r | byte(uint256,uint256)(x >> r,0x0000010102020202030303030303030300000000000000000000000000000000) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#656) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits . analyzed (18 contracts with 100 detectors), 65 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.24",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.24",
"install_stderr": null,
"install_stdout": "Version '0.8.24' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-jsbkpg03 --include-path /tmp/slither-jsbkpg03/lib --include-path /tmp/slither-jsbkpg03/lib/openzeppelin-contracts --allow-paths /tmp/slither-jsbkpg03,/tmp/slither-jsbkpg03/lib,/tmp/slither-jsbkpg03/lib/openzeppelin-contracts,/tmp/slither-jsbkpg03/src",
"remappings": [
"@openzeppelin/=lib/openzeppelin-contracts/",
"forge-std/=lib/forge-std/src/",
"erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/",
"halmos-cheatcodes/=lib/openzeppelin-contracts/lib/halmos-cheatcodes/src/",
"openzeppelin-contracts/=lib/openzeppelin-contracts/",
"src/=src/",
"@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/"
],
"source_files": [
"src/DeusdMerkleDistributor.sol",
"lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol",
"lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol",
"lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol",
"lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol",
"lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol",
"lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol",
"lib/openzeppelin-contracts/contracts/access/Ownable.sol",
"lib/openzeppelin-contracts/contracts/utils/cryptography/Hashes.sol",
"lib/openzeppelin-contracts/contracts/interfaces/IERC1363.sol",
"lib/openzeppelin-contracts/contracts/utils/Strings.sol",
"lib/openzeppelin-contracts/contracts/utils/Context.sol",
"lib/openzeppelin-contracts/contracts/interfaces/IERC20.sol",
"lib/openzeppelin-contracts/contracts/interfaces/IERC165.sol",
"lib/openzeppelin-contracts/contracts/utils/math/Math.sol",
"lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol",
"lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol",
"lib/openzeppelin-contracts/contracts/utils/introspection/IERC165.sol",
"lib/openzeppelin-contracts/contracts/utils/Panic.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 65,
"workspace_hash": "c3490f22afa6bdf187aec1ea3ff194e2a5cae435c07055619ed8e94299fdcc58",
"duration_seconds": 2.748948097229004,
"solc_version_requested": "0.8.20"
}
{"no_findings":true,"summary":"No exploitable vulnerabilities found in the first‑party contract; core claim logic, signature binding, and state updates are sound.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-jq4i_zno
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bb3a2-9fb8-7810-921a-ef114c892534
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Viewing AUDIT_BUNDLE contents**
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-jq4i_zno succeeded in 6ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: src/DeusdMerkleDistributor.sol
================================================================================
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Ownable, Ownable2Step} from "@openzeppelin/contracts/access/Ownable2Step.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {MerkleProof} from "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
/// @title DeusdMerkleDistributor
/// @notice Merkle-based claim contract for an existing ERC20 (DEUSD). Uses signatures and a 1-year claim window.
contract DeusdMerkleDistributor is Ownable2Step {
using SafeERC20 for IERC20;
thinking
**Reviewing potential vulnerabilities and security risks**
I'm examining the claim function, signature validation, and merkle proof checks for vulnerabilities like reentrancy, signature misuse, and access control. I find no critical security issues but notice some design risks like absent claim window enforcement and owner withdrawal rights that could affect claim validity, which I'll report as low-severity considerations.
codex
{"no_findings":true,"summary":"No exploitable vulnerabilities found in the first‑party contract; core claim logic, signature binding, and state updates are sound.","findings":[]}
tokens used
4,132
{
"codex": {
"ran_at": "2026-01-12T19:16:11.822776+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 19,
"import_count": 21,
"first_party_contracts_count": 1
},
"summary": "No exploitable vulnerabilities found in the first\u2011party contract; core claim logic, signature binding, and state updates are sound.",
"raw_final": {
"summary": "No exploitable vulnerabilities found in the first\u2011party contract; core claim logic, signature binding, and state updates are sound.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLVALUE 00000006: DUP1 00000007: ISZERO 00000008: PUSH2 0x000f 0000000b: JUMPI 0000000c: PUSH0 0000000d: DUP1 0000000e: REVERT 0000000f: JUMPDEST 00000010: POP 00000011: PUSH1 0x04 00000013: CALLDATASIZE 00000014: LT 00000015: PUSH2 0x00cb 00000018: JUMPI 00000019: PUSH0 0000001a: CALLDATALOAD 0000001b: PUSH1 0xe0 0000001d: SHR 0000001e: DUP1 0000001f: PUSH4 0x73b2e80e 00000024: GT 00000025: PUSH2 0x0088 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x8da5cb5b 0000002f: GT 00000030: PUSH2 0x0063 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8da5cb5b 0000003a: EQ 0000003b: PUSH2 0x01d8 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0x9a15bf92 00000045: EQ 00000046: PUSH2 0x01e8 00000049: JUMPI 0000004a: DUP1 0000004b: PUSH4 0xe30c3978 00000050: EQ 00000051: PUSH2 0x01fb 00000054: JUMPI 00000055: DUP1 00000056: PUSH4 0xf2fde38b 0000005b: EQ 0000005c: PUSH2 0x020c 0000005f: JUMPI 00000060: PUSH0 00000061: DUP1 00000062: REVERT 00000063: JUMPDEST 00000064: DUP1 00000065: PUSH4 0x73b2e80e 0000006a: EQ 0000006b: PUSH2 0x0187 0000006e: JUMPI 0000006f: DUP1 00000070: PUSH4 0x79ba5097 00000075: EQ 00000076: PUSH2 0x01a9 00000079: JUMPI 0000007a: DUP1 0000007b: PUSH4 0x82bfefc8 00000080: EQ 00000081: PUSH2 0x01b1 00000084: JUMPI 00000085: PUSH0 00000086: DUP1 00000087: REVERT 00000088: JUMPDEST 00000089: DUP1 0000008a: PUSH4 0x04b38ce0 0000008f: EQ 00000090: PUSH2 0x00cf 00000093: JUMPI 00000094: DUP1 00000095: PUSH4 0x238ac933 0000009a: EQ 0000009b: PUSH2 0x00f7 0000009e: JUMPI 0000009f: DUP1 000000a0: PUSH4 0x2e1a7d4d 000000a5: EQ 000000a6: PUSH2 0x0122 000000a9: JUMPI 000000aa: DUP1 000000ab: PUSH4 0x51e75e8b 000000b0: EQ 000000b1: PUSH2 0x0137 000000b4: JUMPI 000000b5: DUP1 000000b6: PUSH4 0x6c19e783 000000bb: EQ 000000bc: PUSH2 0x016c 000000bf: JUMPI 000000c0: DUP1 000000c1: PUSH4 0x715018a6 000000c6: EQ 000000c7: PUSH2 0x017f 000000ca: JUMPI 000000cb: JUMPDEST 000000cc: PUSH0 000000cd: DUP1 000000ce: REVERT 000000cf: JUMPDEST 000000d0: PUSH2 0x00e2 000000d3: PUSH2 0x00dd 000000d6: CALLDATASIZE 000000d7: PUSH1 0x04 000000d9: PUSH2 0x0ba5 000000dc: JUMP 000000dd: JUMPDEST 000000de: PUSH2 0x021f 000000e1: JUMP 000000e2: JUMPDEST 000000e3: PUSH1 0x40 000000e5: MLOAD 000000e6: SWAP1 000000e7: ISZERO 000000e8: ISZERO 000000e9: DUP2 000000ea: MSTORE 000000eb: PUSH1 0x20 000000ed: ADD 000000ee: JUMPDEST 000000ef: PUSH1 0x40 000000f1: MLOAD 000000f2: DUP1 000000f3: SWAP2 000000f4: SUB 000000f5: SWAP1 000000f6: RETURN 000000f7: JUMPDEST 000000f8: PUSH1 0x02 000000fa: SLOAD 000000fb: PUSH2 0x010a 000000fe: SWAP1 000000ff: PUSH1 0x01 00000101: PUSH1 0x01 00000103: PUSH1 0xa0 00000105: SHL 00000106: SUB 00000107: AND 00000108: DUP2 00000109: JUMP 0000010a: JUMPDEST 0000010b: PUSH1 0x40 0000010d: MLOAD 0000010e: PUSH1 0x01 00000110: PUSH1 0x01 00000112: PUSH1 0xa0 00000114: SHL 00000115: SUB 00000116: SWAP1 00000117: SWAP2 00000118: AND 00000119: DUP2 0000011a: MSTORE 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: PUSH2 0x00ee 00000121: JUMP 00000122: JUMPDEST 00000123: PUSH2 0x0135 00000126: PUSH2 0x0130 00000129: CALLDATASIZE 0000012a: PUSH1 0x04 0000012c: PUSH2 0x0bfd 0000012f: JUMP 00000130: JUMPDEST 00000131: PUSH2 0x02dd 00000134: JUMP 00000135: JUMPDEST 00000136: STOP 00000137: JUMPDEST 00000138: PUSH2 0x015e 0000013b: PUSH32 0xb4129760565216cc5c445318e1f8992b5a9069c6caf5e84d6281f2de1a3ec60a 0000015c: DUP2 0000015d: JUMP 0000015e: JUMPDEST 0000015f: PUSH1 0x40 00000161: MLOAD 00000162: SWAP1 00000163: DUP2 00000164: MSTORE 00000165: PUSH1 0x20 00000167: ADD 00000168: PUSH2 0x00ee 0000016b: JUMP 0000016c: JUMPDEST 0000016d: PUSH2 0x0135 00000170: PUSH2 0x017a 00000173: CALLDATASIZE 00000174: PUSH1 0x04 00000176: PUSH2 0x0c14 00000179: JUMP 0000017a: JUMPDEST 0000017b: PUSH2 0x0351 0000017e: JUMP 0000017f: JUMPDEST 00000180: PUSH2 0x0135 00000183: PUSH2 0x03a2 00000186: JUMP 00000187: JUMPDEST 00000188: PUSH2 0x00e2 0000018b: PUSH2 0x0195 0000018e: CALLDATASIZE 0000018f: PUSH1 0x04 00000191: PUSH2 0x0c14 00000194: JUMP 00000195: JUMPDEST 00000196: PUSH1 0x03 00000198: PUSH1 0x20 0000019a: MSTORE 0000019b: PUSH0 0000019c: SWAP1 0000019d: DUP2 0000019e: MSTORE 0000019f: PUSH1 0x40 000001a1: SWAP1 000001a2: KECCAK256 000001a3: SLOAD 000001a4: PUSH1 0xff 000001a6: AND 000001a7: DUP2 000001a8: JUMP 000001a9: JUMPDEST 000001aa: PUSH2 0x0135 000001ad: PUSH2 0x03b5 000001b0: JUMP 000001b1: JUMPDEST 000001b2: PUSH2 0x010a 000001b5: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 000001d6: DUP2 000001d7: JUMP 000001d8: JUMPDEST 000001d9: PUSH0 000001da: SLOAD 000001db: PUSH1 0x01 000001dd: PUSH1 0x01 000001df: PUSH1 0xa0 000001e1: SHL 000001e2: SUB 000001e3: AND 000001e4: PUSH2 0x010a 000001e7: JUMP 000001e8: JUMPDEST 000001e9: PUSH2 0x0135 000001ec: PUSH2 0x01f6 000001ef: CALLDATASIZE 000001f0: PUSH1 0x04 000001f2: PUSH2 0x0c2d 000001f5: JUMP 000001f6: JUMPDEST 000001f7: PUSH2 0x03fe 000001fa: JUMP 000001fb: JUMPDEST 000001fc: PUSH1 0x01 000001fe: SLOAD 000001ff: PUSH1 0x01 00000201: PUSH1 0x01 00000203: PUSH1 0xa0 00000205: SHL 00000206: SUB 00000207: AND 00000208: PUSH2 0x010a 0000020b: JUMP 0000020c: JUMPDEST 0000020d: PUSH2 0x0135 00000210: PUSH2 0x021a 00000213: CALLDATASIZE 00000214: PUSH1 0x04 00000216: PUSH2 0x0c14 00000219: JUMP 0000021a: JUMPDEST 0000021b: PUSH2 0x05cc 0000021e: JUMP 0000021f: JUMPDEST 00000220: PUSH1 0x40 00000222: DUP1 00000223: MLOAD 00000224: PUSH1 0x01 00000226: PUSH1 0x01 00000228: PUSH1 0xa0 0000022a: SHL 0000022b: SUB 0000022c: DUP5 0000022d: AND 0000022e: PUSH1 0x20 00000230: DUP3 00000231: ADD 00000232: MSTORE 00000233: SWAP1 00000234: DUP2 00000235: ADD 00000236: DUP3 00000237: SWAP1 00000238: MSTORE 00000239: PUSH0 0000023a: SWAP1 0000023b: DUP2 0000023c: SWAP1 0000023d: PUSH1 0x60 0000023f: ADD 00000240: PUSH1 0x40 00000242: DUP1 00000243: MLOAD 00000244: PUSH1 0x1f 00000246: NOT 00000247: DUP2 00000248: DUP5 00000249: SUB 0000024a: ADD 0000024b: DUP2 0000024c: MSTORE 0000024d: DUP3 0000024e: DUP3 0000024f: MSTORE 00000250: DUP1 00000251: MLOAD 00000252: PUSH1 0x20 00000254: SWAP2 00000255: DUP3 00000256: ADD 00000257: KECCAK256 00000258: SWAP1 00000259: DUP4 0000025a: ADD 0000025b: MSTORE 0000025c: ADD 0000025d: PUSH1 0x40 0000025f: MLOAD 00000260: PUSH1 0x20 00000262: DUP2 00000263: DUP4 00000264: SUB 00000265: SUB 00000266: DUP2 00000267: MSTORE 00000268: SWAP1 00000269: PUSH1 0x40 0000026b: MSTORE 0000026c: DUP1 0000026d: MLOAD 0000026e: SWAP1 0000026f: PUSH1 0x20 00000271: ADD 00000272: KECCAK256 00000273: SWAP1 00000274: POP 00000275: PUSH2 0x02d3 00000278: DUP7 00000279: DUP7 0000027a: DUP1 0000027b: DUP1 0000027c: PUSH1 0x20 0000027e: MUL 0000027f: PUSH1 0x20 00000281: ADD 00000282: PUSH1 0x40 00000284: MLOAD 00000285: SWAP1 00000286: DUP2 00000287: ADD 00000288: PUSH1 0x40 0000028a: MSTORE 0000028b: DUP1 0000028c: SWAP4 0000028d: SWAP3 0000028e: SWAP2 0000028f: SWAP1 00000290: DUP2 00000291: DUP2 00000292: MSTORE 00000293: PUSH1 0x20 00000295: ADD 00000296: DUP4 00000297: DUP4 00000298: PUSH1 0x20 0000029a: MUL 0000029b: DUP1 0000029c: DUP3 0000029d: DUP5 0000029e: CALLDATACOPY 0000029f: PUSH0 000002a0: SWAP3 000002a1: ADD 000002a2: SWAP2 000002a3: SWAP1 000002a4: SWAP2 000002a5: MSTORE 000002a6: POP 000002a7: PUSH32 0xb4129760565216cc5c445318e1f8992b5a9069c6caf5e84d6281f2de1a3ec60a 000002c8: SWAP3 000002c9: POP 000002ca: DUP6 000002cb: SWAP2 000002cc: POP 000002cd: PUSH2 0x063c 000002d0: SWAP1 000002d1: POP 000002d2: JUMP 000002d3: JUMPDEST 000002d4: SWAP7 000002d5: SWAP6 000002d6: POP 000002d7: POP 000002d8: POP 000002d9: POP 000002da: POP 000002db: POP 000002dc: JUMP 000002dd: JUMPDEST 000002de: PUSH2 0x02e5 000002e1: PUSH2 0x0651 000002e4: JUMP 000002e5: JUMPDEST 000002e6: PUSH2 0x0319 000002e9: PUSH1 0x01 000002eb: PUSH1 0x01 000002ed: PUSH1 0xa0 000002ef: SHL 000002f0: SUB 000002f1: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 00000312: AND 00000313: CALLER 00000314: DUP4 00000315: PUSH2 0x067d 00000318: JUMP 00000319: JUMPDEST 0000031a: PUSH1 0x40 0000031c: MLOAD 0000031d: DUP2 0000031e: DUP2 0000031f: MSTORE 00000320: CALLER 00000321: SWAP1 00000322: PUSH32 0x7084f5476618d8e60b11ef0d7d3f06914655adb8793e28ff7f018d4c76d505d5 00000343: SWAP1 00000344: PUSH1 0x20 00000346: ADD 00000347: PUSH1 0x40 00000349: MLOAD 0000034a: DUP1 0000034b: SWAP2 0000034c: SUB 0000034d: SWAP1 0000034e: LOG2 0000034f: POP 00000350: JUMP 00000351: JUMPDEST 00000352: PUSH2 0x0359 00000355: PUSH2 0x0651 00000358: JUMP 00000359: JUMPDEST 0000035a: PUSH1 0x02 0000035c: DUP1 0000035d: SLOAD 0000035e: PUSH1 0x01 00000360: PUSH1 0x01 00000362: PUSH1 0xa0 00000364: SHL 00000365: SUB 00000366: NOT 00000367: AND 00000368: PUSH1 0x01 0000036a: PUSH1 0x01 0000036c: PUSH1 0xa0 0000036e: SHL 0000036f: SUB 00000370: DUP4 00000371: AND 00000372: SWAP1 00000373: DUP2 00000374: OR 00000375: SWAP1 00000376: SWAP2 00000377: SSTORE 00000378: PUSH1 0x40 0000037a: MLOAD 0000037b: PUSH32 0x5553331329228fbd4123164423717a4a7539f6dfa1c3279a923b98fd681a6c73 0000039c: SWAP1 0000039d: PUSH0 0000039e: SWAP1 0000039f: LOG2 000003a0: POP 000003a1: JUMP 000003a2: JUMPDEST 000003a3: PUSH2 0x03aa 000003a6: PUSH2 0x0651 000003a9: JUMP 000003aa: JUMPDEST 000003ab: PUSH2 0x03b3 000003ae: PUSH0 000003af: PUSH2 0x06d4 000003b2: JUMP 000003b3: JUMPDEST 000003b4: JUMP 000003b5: JUMPDEST 000003b6: PUSH1 0x01 000003b8: SLOAD 000003b9: CALLER 000003ba: SWAP1 000003bb: PUSH1 0x01 000003bd: PUSH1 0x01 000003bf: PUSH1 0xa0 000003c1: SHL 000003c2: SUB 000003c3: AND 000003c4: DUP2 000003c5: EQ 000003c6: PUSH2 0x03f2 000003c9: JUMPI 000003ca: PUSH1 0x40 000003cc: MLOAD 000003cd: PUSH4 0x118cdaa7 000003d2: PUSH1 0xe0 000003d4: SHL 000003d5: DUP2 000003d6: MSTORE 000003d7: PUSH1 0x01 000003d9: PUSH1 0x01 000003db: PUSH1 0xa0 000003dd: SHL 000003de: SUB 000003df: DUP3 000003e0: AND 000003e1: PUSH1 0x04 000003e3: DUP3 000003e4: ADD 000003e5: MSTORE 000003e6: PUSH1 0x24 000003e8: ADD 000003e9: JUMPDEST 000003ea: PUSH1 0x40 000003ec: MLOAD 000003ed: DUP1 000003ee: SWAP2 000003ef: SUB 000003f0: SWAP1 000003f1: REVERT 000003f2: JUMPDEST 000003f3: PUSH2 0x03fb 000003f6: DUP2 000003f7: PUSH2 0x06d4 000003fa: JUMP 000003fb: JUMPDEST 000003fc: POP 000003fd: JUMP 000003fe: JUMPDEST 000003ff: DUP5 00000400: PUSH0 00000401: SUB 00000402: PUSH2 0x041e 00000405: JUMPI 00000406: PUSH1 0x40 00000408: MLOAD 00000409: PUSH4 0x162908e3 0000040e: PUSH1 0xe1 00000410: SHL 00000411: DUP2 00000412: MSTORE 00000413: PUSH1 0x04 00000415: ADD 00000416: PUSH1 0x40 00000418: MLOAD 00000419: DUP1 0000041a: SWAP2 0000041b: SUB 0000041c: SWAP1 0000041d: REVERT 0000041e: JUMPDEST 0000041f: CALLER 00000420: PUSH0 00000421: SWAP1 00000422: DUP2 00000423: MSTORE 00000424: PUSH1 0x03 00000426: PUSH1 0x20 00000428: MSTORE 00000429: PUSH1 0x40 0000042b: SWAP1 0000042c: KECCAK256 0000042d: SLOAD 0000042e: PUSH1 0xff 00000430: AND 00000431: ISZERO 00000432: PUSH2 0x044e 00000435: JUMPI 00000436: PUSH1 0x40 00000438: MLOAD 00000439: PUSH4 0x0c8d9eab 0000043e: PUSH1 0xe3 00000440: SHL 00000441: DUP2 00000442: MSTORE 00000443: PUSH1 0x04 00000445: ADD 00000446: PUSH1 0x40 00000448: MLOAD 00000449: DUP1 0000044a: SWAP2 0000044b: SUB 0000044c: SWAP1 0000044d: REVERT 0000044e: JUMPDEST 0000044f: PUSH0 00000450: DUP4 00000451: SWAP1 00000452: SUB 00000453: PUSH2 0x046f 00000456: JUMPI 00000457: PUSH1 0x40 00000459: MLOAD 0000045a: PUSH4 0x668fd6f3 0000045f: PUSH1 0xe0 00000461: SHL 00000462: DUP2 00000463: MSTORE 00000464: PUSH1 0x04 00000466: ADD 00000467: PUSH1 0x40 00000469: MLOAD 0000046a: DUP1 0000046b: SWAP2 0000046c: SUB 0000046d: SWAP1 0000046e: REVERT 0000046f: JUMPDEST 00000470: PUSH2 0x047b 00000473: DUP6 00000474: DUP4 00000475: DUP4 00000476: CALLER 00000477: PUSH2 0x06ed 0000047a: JUMP 0000047b: JUMPDEST 0000047c: PUSH1 0x40 0000047e: DUP1 0000047f: MLOAD 00000480: CALLER 00000481: PUSH1 0x20 00000483: DUP3 00000484: ADD 00000485: MSTORE 00000486: SWAP1 00000487: DUP2 00000488: ADD 00000489: DUP7 0000048a: SWAP1 0000048b: MSTORE 0000048c: PUSH0 0000048d: SWAP1 0000048e: PUSH1 0x60 00000490: ADD 00000491: PUSH1 0x40 00000493: DUP1 00000494: MLOAD 00000495: PUSH1 0x1f 00000497: NOT 00000498: DUP2 00000499: DUP5 0000049a: SUB 0000049b: ADD 0000049c: DUP2 0000049d: MSTORE 0000049e: DUP3 0000049f: DUP3 000004a0: MSTORE 000004a1: DUP1 000004a2: MLOAD 000004a3: PUSH1 0x20 000004a5: SWAP2 000004a6: DUP3 000004a7: ADD 000004a8: KECCAK256 000004a9: SWAP1 000004aa: DUP4 000004ab: ADD 000004ac: MSTORE 000004ad: ADD 000004ae: PUSH1 0x40 000004b0: MLOAD 000004b1: PUSH1 0x20 000004b3: DUP2 000004b4: DUP4 000004b5: SUB 000004b6: SUB 000004b7: DUP2 000004b8: MSTORE 000004b9: SWAP1 000004ba: PUSH1 0x40 000004bc: MSTORE 000004bd: DUP1 000004be: MLOAD 000004bf: SWAP1 000004c0: PUSH1 0x20 000004c2: ADD 000004c3: KECCAK256 000004c4: SWAP1 000004c5: POP 000004c6: PUSH2 0x0524 000004c9: DUP6 000004ca: DUP6 000004cb: DUP1 000004cc: DUP1 000004cd: PUSH1 0x20 000004cf: MUL 000004d0: PUSH1 0x20 000004d2: ADD 000004d3: PUSH1 0x40 000004d5: MLOAD 000004d6: SWAP1 000004d7: DUP2 000004d8: ADD 000004d9: PUSH1 0x40 000004db: MSTORE 000004dc: DUP1 000004dd: SWAP4 000004de: SWAP3 000004df: SWAP2 000004e0: SWAP1 000004e1: DUP2 000004e2: DUP2 000004e3: MSTORE 000004e4: PUSH1 0x20 000004e6: ADD 000004e7: DUP4 000004e8: DUP4 000004e9: PUSH1 0x20 000004eb: MUL 000004ec: DUP1 000004ed: DUP3 000004ee: DUP5 000004ef: CALLDATACOPY 000004f0: PUSH0 000004f1: SWAP3 000004f2: ADD 000004f3: SWAP2 000004f4: SWAP1 000004f5: SWAP2 000004f6: MSTORE 000004f7: POP 000004f8: PUSH32 0xb4129760565216cc5c445318e1f8992b5a9069c6caf5e84d6281f2de1a3ec60a 00000519: SWAP3 0000051a: POP 0000051b: DUP6 0000051c: SWAP2 0000051d: POP 0000051e: PUSH2 0x063c 00000521: SWAP1 00000522: POP 00000523: JUMP 00000524: JUMPDEST 00000525: PUSH2 0x0541 00000528: JUMPI 00000529: PUSH1 0x40 0000052b: MLOAD 0000052c: PUSH4 0x09bde339 00000531: PUSH1 0xe0 00000533: SHL 00000534: DUP2 00000535: MSTORE 00000536: PUSH1 0x04 00000538: ADD 00000539: PUSH1 0x40 0000053b: MLOAD 0000053c: DUP1 0000053d: SWAP2 0000053e: SUB 0000053f: SWAP1 00000540: REVERT 00000541: JUMPDEST 00000542: CALLER 00000543: PUSH0 00000544: DUP2 00000545: DUP2 00000546: MSTORE 00000547: PUSH1 0x03 00000549: PUSH1 0x20 0000054b: MSTORE 0000054c: PUSH1 0x40 0000054e: SWAP1 0000054f: KECCAK256 00000550: DUP1 00000551: SLOAD 00000552: PUSH1 0xff 00000554: NOT 00000555: AND 00000556: PUSH1 0x01 00000558: OR 00000559: SWAP1 0000055a: SSTORE 0000055b: PUSH2 0x058f 0000055e: SWAP1 0000055f: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 00000580: PUSH1 0x01 00000582: PUSH1 0x01 00000584: PUSH1 0xa0 00000586: SHL 00000587: SUB 00000588: AND 00000589: SWAP1 0000058a: DUP9 0000058b: PUSH2 0x067d 0000058e: JUMP 0000058f: JUMPDEST 00000590: PUSH1 0x40 00000592: MLOAD 00000593: DUP7 00000594: DUP2 00000595: MSTORE 00000596: CALLER 00000597: SWAP1 00000598: PUSH32 0xd8138f8a3f377c5259ca548e70e4c2de94f129f5a11036a15b69513cba2b426a 000005b9: SWAP1 000005ba: PUSH1 0x20 000005bc: ADD 000005bd: PUSH1 0x40 000005bf: MLOAD 000005c0: DUP1 000005c1: SWAP2 000005c2: SUB 000005c3: SWAP1 000005c4: LOG2 000005c5: POP 000005c6: POP 000005c7: POP 000005c8: POP 000005c9: POP 000005ca: POP 000005cb: JUMP 000005cc: JUMPDEST 000005cd: PUSH2 0x05d4 000005d0: PUSH2 0x0651 000005d3: JUMP 000005d4: JUMPDEST 000005d5: PUSH1 0x01 000005d7: DUP1 000005d8: SLOAD 000005d9: PUSH1 0x01 000005db: PUSH1 0x01 000005dd: PUSH1 0xa0 000005df: SHL 000005e0: SUB 000005e1: DUP4 000005e2: AND 000005e3: PUSH1 0x01 000005e5: PUSH1 0x01 000005e7: PUSH1 0xa0 000005e9: SHL 000005ea: SUB 000005eb: NOT 000005ec: SWAP1 000005ed: SWAP2 000005ee: AND 000005ef: DUP2 000005f0: OR 000005f1: SWAP1 000005f2: SWAP2 000005f3: SSTORE 000005f4: PUSH2 0x0604 000005f7: PUSH0 000005f8: SLOAD 000005f9: PUSH1 0x01 000005fb: PUSH1 0x01 000005fd: PUSH1 0xa0 000005ff: SHL 00000600: SUB 00000601: AND 00000602: SWAP1 00000603: JUMP 00000604: JUMPDEST 00000605: PUSH1 0x01 00000607: PUSH1 0x01 00000609: PUSH1 0xa0 0000060b: SHL 0000060c: SUB 0000060d: AND 0000060e: PUSH32 0x38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e22700 0000062f: PUSH1 0x40 00000631: MLOAD 00000632: PUSH1 0x40 00000634: MLOAD 00000635: DUP1 00000636: SWAP2 00000637: SUB 00000638: SWAP1 00000639: LOG3 0000063a: POP 0000063b: JUMP 0000063c: JUMPDEST 0000063d: PUSH0 0000063e: DUP3 0000063f: PUSH2 0x0648 00000642: DUP6 00000643: DUP5 00000644: PUSH2 0x0811 00000647: JUMP 00000648: JUMPDEST 00000649: EQ 0000064a: SWAP5 0000064b: SWAP4 0000064c: POP 0000064d: POP 0000064e: POP 0000064f: POP 00000650: JUMP 00000651: JUMPDEST 00000652: PUSH0 00000653: SLOAD 00000654: PUSH1 0x01 00000656: PUSH1 0x01 00000658: PUSH1 0xa0 0000065a: SHL 0000065b: SUB 0000065c: AND 0000065d: CALLER 0000065e: EQ 0000065f: PUSH2 0x03b3 00000662: JUMPI 00000663: PUSH1 0x40 00000665: MLOAD 00000666: PUSH4 0x118cdaa7 0000066b: PUSH1 0xe0 0000066d: SHL 0000066e: DUP2 0000066f: MSTORE 00000670: CALLER 00000671: PUSH1 0x04 00000673: DUP3 00000674: ADD 00000675: MSTORE 00000676: PUSH1 0x24 00000678: ADD 00000679: PUSH2 0x03e9 0000067c: JUMP 0000067d: JUMPDEST 0000067e: PUSH1 0x40 00000680: DUP1 00000681: MLOAD 00000682: PUSH1 0x01 00000684: PUSH1 0x01 00000686: PUSH1 0xa0 00000688: SHL 00000689: SUB 0000068a: DUP5 0000068b: AND 0000068c: PUSH1 0x24 0000068e: DUP3 0000068f: ADD 00000690: MSTORE 00000691: PUSH1 0x44 00000693: DUP1 00000694: DUP3 00000695: ADD 00000696: DUP5 00000697: SWAP1 00000698: MSTORE 00000699: DUP3 0000069a: MLOAD 0000069b: DUP1 0000069c: DUP4 0000069d: SUB 0000069e: SWAP1 0000069f: SWAP2 000006a0: ADD 000006a1: DUP2 000006a2: MSTORE 000006a3: PUSH1 0x64 000006a5: SWAP1 000006a6: SWAP2 000006a7: ADD 000006a8: SWAP1 000006a9: SWAP2 000006aa: MSTORE 000006ab: PUSH1 0x20 000006ad: DUP2 000006ae: ADD 000006af: DUP1 000006b0: MLOAD 000006b1: PUSH1 0x01 000006b3: PUSH1 0x01 000006b5: PUSH1 0xe0 000006b7: SHL 000006b8: SUB 000006b9: AND 000006ba: PUSH4 0xa9059cbb 000006bf: PUSH1 0xe0 000006c1: SHL 000006c2: OR 000006c3: SWAP1 000006c4: MSTORE 000006c5: PUSH2 0x06cf 000006c8: SWAP1 000006c9: DUP5 000006ca: SWAP1 000006cb: PUSH2 0x085d 000006ce: JUMP 000006cf: JUMPDEST 000006d0: POP 000006d1: POP 000006d2: POP 000006d3: JUMP 000006d4: JUMPDEST 000006d5: PUSH1 0x01 000006d7: DUP1 000006d8: SLOAD 000006d9: PUSH1 0x01 000006db: PUSH1 0x01 000006dd: PUSH1 0xa0 000006df: SHL 000006e0: SUB 000006e1: NOT 000006e2: AND 000006e3: SWAP1 000006e4: SSTORE 000006e5: PUSH2 0x03fb 000006e8: DUP2 000006e9: PUSH2 0x08cf 000006ec: JUMP 000006ed: JUMPDEST 000006ee: PUSH0 000006ef: DUP3 000006f0: SWAP1 000006f1: SUB 000006f2: PUSH2 0x070e 000006f5: JUMPI 000006f6: PUSH1 0x40 000006f8: MLOAD 000006f9: PUSH4 0x8baa579f 000006fe: PUSH1 0xe0 00000700: SHL 00000701: DUP2 00000702: MSTORE 00000703: PUSH1 0x04 00000705: ADD 00000706: PUSH1 0x40 00000708: MLOAD 00000709: DUP1 0000070a: SWAP2 0000070b: SUB 0000070c: SWAP1 0000070d: REVERT 0000070e: JUMPDEST 0000070f: PUSH1 0x40 00000711: MLOAD 00000712: PUSH12 0xffffffffffffffffffffffff 0000071f: NOT 00000720: PUSH1 0x60 00000722: DUP4 00000723: DUP2 00000724: SHL 00000725: DUP3 00000726: AND 00000727: PUSH1 0x20 00000729: DUP5 0000072a: ADD 0000072b: MSTORE 0000072c: PUSH1 0x34 0000072e: DUP4 0000072f: ADD 00000730: DUP8 00000731: SWAP1 00000732: MSTORE 00000733: ADDRESS 00000734: SWAP1 00000735: SHL 00000736: AND 00000737: PUSH1 0x54 00000739: DUP3 0000073a: ADD 0000073b: MSTORE 0000073c: CHAINID 0000073d: PUSH1 0x68 0000073f: DUP3 00000740: ADD 00000741: MSTORE 00000742: PUSH0 00000743: SWAP1 00000744: PUSH1 0x88 00000746: ADD 00000747: PUSH1 0x40 00000749: MLOAD 0000074a: PUSH1 0x20 0000074c: DUP2 0000074d: DUP4 0000074e: SUB 0000074f: SUB 00000750: DUP2 00000751: MSTORE 00000752: SWAP1 00000753: PUSH1 0x40 00000755: MSTORE 00000756: DUP1 00000757: MLOAD 00000758: SWAP1 00000759: PUSH1 0x20 0000075b: ADD 0000075c: KECCAK256 0000075d: SWAP1 0000075e: POP 0000075f: PUSH0 00000760: PUSH2 0x0795 00000763: DUP3 00000764: PUSH32 0x19457468657265756d205369676e6564204d6573736167653a0a333200000000 00000785: PUSH0 00000786: SWAP1 00000787: DUP2 00000788: MSTORE 00000789: PUSH1 0x1c 0000078b: SWAP2 0000078c: SWAP1 0000078d: SWAP2 0000078e: MSTORE 0000078f: PUSH1 0x3c 00000791: SWAP1 00000792: KECCAK256 00000793: SWAP1 00000794: JUMP 00000795: JUMPDEST 00000796: SWAP1 00000797: POP 00000798: PUSH0 00000799: PUSH2 0x07d7 0000079c: DUP3 0000079d: DUP8 0000079e: DUP8 0000079f: DUP1 000007a0: DUP1 000007a1: PUSH1 0x1f 000007a3: ADD 000007a4: PUSH1 0x20 000007a6: DUP1 000007a7: SWAP2 000007a8: DIV 000007a9: MUL 000007aa: PUSH1 0x20 000007ac: ADD 000007ad: PUSH1 0x40 000007af: MLOAD 000007b0: SWAP1 000007b1: DUP2 000007b2: ADD 000007b3: PUSH1 0x40 000007b5: MSTORE 000007b6: DUP1 000007b7: SWAP4 000007b8: SWAP3 000007b9: SWAP2 000007ba: SWAP1 000007bb: DUP2 000007bc: DUP2 000007bd: MSTORE 000007be: PUSH1 0x20 000007c0: ADD 000007c1: DUP4 000007c2: DUP4 000007c3: DUP1 000007c4: DUP3 000007c5: DUP5 000007c6: CALLDATACOPY 000007c7: PUSH0 000007c8: SWAP3 000007c9: ADD 000007ca: SWAP2 000007cb: SWAP1 000007cc: SWAP2 000007cd: MSTORE 000007ce: POP 000007cf: PUSH2 0x091e 000007d2: SWAP3 000007d3: POP 000007d4: POP 000007d5: POP 000007d6: JUMP 000007d7: JUMPDEST 000007d8: PUSH1 0x02 000007da: SLOAD 000007db: SWAP1 000007dc: SWAP2 000007dd: POP 000007de: PUSH1 0x01 000007e0: PUSH1 0x01 000007e2: PUSH1 0xa0 000007e4: SHL 000007e5: SUB 000007e6: DUP1 000007e7: DUP4 000007e8: AND 000007e9: SWAP2 000007ea: AND 000007eb: EQ 000007ec: PUSH2 0x0808 000007ef: JUMPI 000007f0: PUSH1 0x40 000007f2: MLOAD 000007f3: PUSH4 0x8baa579f 000007f8: PUSH1 0xe0 000007fa: SHL 000007fb: DUP2 000007fc: MSTORE 000007fd: PUSH1 0x04 000007ff: ADD 00000800: PUSH1 0x40 00000802: MLOAD 00000803: DUP1 00000804: SWAP2 00000805: SUB 00000806: SWAP1 00000807: REVERT 00000808: JUMPDEST 00000809: POP 0000080a: POP 0000080b: POP 0000080c: POP 0000080d: POP 0000080e: POP 0000080f: POP 00000810: JUMP 00000811: JUMPDEST 00000812: PUSH0 00000813: DUP2 00000814: DUP2 00000815: JUMPDEST 00000816: DUP5 00000817: MLOAD 00000818: DUP2 00000819: LT 0000081a: ISZERO 0000081b: PUSH2 0x0855 0000081e: JUMPI 0000081f: PUSH2 0x0841 00000822: DUP3 00000823: DUP7 00000824: DUP4 00000825: DUP2 00000826: MLOAD 00000827: DUP2 00000828: LT 00000829: PUSH2 0x0834 0000082c: JUMPI 0000082d: PUSH2 0x0834 00000830: PUSH2 0x0cc8 00000833: JUMP 00000834: JUMPDEST 00000835: PUSH1 0x20 00000837: MUL 00000838: PUSH1 0x20 0000083a: ADD 0000083b: ADD 0000083c: MLOAD 0000083d: PUSH2 0x0946 00000840: JUMP 00000841: JUMPDEST 00000842: SWAP2 00000843: POP 00000844: DUP1 00000845: PUSH2 0x084d 00000848: DUP2 00000849: PUSH2 0x0cdc 0000084c: JUMP 0000084d: JUMPDEST 0000084e: SWAP2 0000084f: POP 00000850: POP 00000851: PUSH2 0x0815 00000854: JUMP 00000855: JUMPDEST 00000856: POP 00000857: SWAP4 00000858: SWAP3 00000859: POP 0000085a: POP 0000085b: POP 0000085c: JUMP 0000085d: JUMPDEST 0000085e: PUSH0 0000085f: DUP1 00000860: PUSH1 0x20 00000862: PUSH0 00000863: DUP5 00000864: MLOAD 00000865: PUSH1 0x20 00000867: DUP7 00000868: ADD 00000869: PUSH0 0000086a: DUP9 0000086b: GAS 0000086c: CALL 0000086d: DUP1 0000086e: PUSH2 0x087c 00000871: JUMPI 00000872: PUSH1 0x40 00000874: MLOAD 00000875: RETURNDATASIZE 00000876: PUSH0 00000877: DUP3 00000878: RETURNDATACOPY 00000879: RETURNDATASIZE 0000087a: DUP2 0000087b: REVERT 0000087c: JUMPDEST 0000087d: POP 0000087e: POP 0000087f: PUSH0 00000880: MLOAD 00000881: RETURNDATASIZE 00000882: SWAP2 00000883: POP 00000884: DUP2 00000885: ISZERO 00000886: PUSH2 0x0893 00000889: JUMPI 0000088a: DUP1 0000088b: PUSH1 0x01 0000088d: EQ 0000088e: ISZERO 0000088f: PUSH2 0x08a0 00000892: JUMP 00000893: JUMPDEST 00000894: PUSH1 0x01 00000896: PUSH1 0x01 00000898: PUSH1 0xa0 0000089a: SHL 0000089b: SUB 0000089c: DUP5 0000089d: AND 0000089e: EXTCODESIZE 0000089f: ISZERO 000008a0: JUMPDEST 000008a1: ISZERO 000008a2: PUSH2 0x08c9 000008a5: JUMPI 000008a6: PUSH1 0x40 000008a8: MLOAD 000008a9: PUSH4 0x5274afe7 000008ae: PUSH1 0xe0 000008b0: SHL 000008b1: DUP2 000008b2: MSTORE 000008b3: PUSH1 0x01 000008b5: PUSH1 0x01 000008b7: PUSH1 0xa0 000008b9: SHL 000008ba: SUB 000008bb: DUP6 000008bc: AND 000008bd: PUSH1 0x04 000008bf: DUP3 000008c0: ADD 000008c1: MSTORE 000008c2: PUSH1 0x24 000008c4: ADD 000008c5: PUSH2 0x03e9 000008c8: JUMP 000008c9: JUMPDEST 000008ca: POP 000008cb: POP 000008cc: POP 000008cd: POP 000008ce: JUMP 000008cf: JUMPDEST 000008d0: PUSH0 000008d1: DUP1 000008d2: SLOAD 000008d3: PUSH1 0x01 000008d5: PUSH1 0x01 000008d7: PUSH1 0xa0 000008d9: SHL 000008da: SUB 000008db: DUP4 000008dc: DUP2 000008dd: AND 000008de: PUSH1 0x01 000008e0: PUSH1 0x01 000008e2: PUSH1 0xa0 000008e4: SHL 000008e5: SUB 000008e6: NOT 000008e7: DUP4 000008e8: AND 000008e9: DUP2 000008ea: OR 000008eb: DUP5 000008ec: SSTORE 000008ed: PUSH1 0x40 000008ef: MLOAD 000008f0: SWAP2 000008f1: SWAP1 000008f2: SWAP3 000008f3: AND 000008f4: SWAP3 000008f5: DUP4 000008f6: SWAP2 000008f7: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 00000918: SWAP2 00000919: SWAP1 0000091a: LOG3 0000091b: POP 0000091c: POP 0000091d: JUMP 0000091e: JUMPDEST 0000091f: PUSH0 00000920: DUP1 00000921: PUSH0 00000922: DUP1 00000923: PUSH2 0x092c 00000926: DUP7 00000927: DUP7 00000928: PUSH2 0x0975 0000092b: JUMP 0000092c: JUMPDEST 0000092d: SWAP3 0000092e: POP 0000092f: SWAP3 00000930: POP 00000931: SWAP3 00000932: POP 00000933: PUSH2 0x093c 00000936: DUP3 00000937: DUP3 00000938: PUSH2 0x09be 0000093b: JUMP 0000093c: JUMPDEST 0000093d: POP 0000093e: SWAP1 0000093f: SWAP5 00000940: SWAP4 00000941: POP 00000942: POP 00000943: POP 00000944: POP 00000945: JUMP 00000946: JUMPDEST 00000947: PUSH0 00000948: DUP2 00000949: DUP4 0000094a: LT 0000094b: PUSH2 0x0960 0000094e: JUMPI 0000094f: PUSH0 00000950: DUP3 00000951: DUP2 00000952: MSTORE 00000953: PUSH1 0x20 00000955: DUP5 00000956: SWAP1 00000957: MSTORE 00000958: PUSH1 0x40 0000095a: SWAP1 0000095b: KECCAK256 0000095c: PUSH2 0x096e 0000095f: JUMP 00000960: JUMPDEST 00000961: PUSH0 00000962: DUP4 00000963: DUP2 00000964: MSTORE 00000965: PUSH1 0x20 00000967: DUP4 00000968: SWAP1 00000969: MSTORE 0000096a: PUSH1 0x40 0000096c: SWAP1 0000096d: KECCAK256 0000096e: JUMPDEST 0000096f: SWAP4 00000970: SWAP3 00000971: POP 00000972: POP 00000973: POP 00000974: JUMP 00000975: JUMPDEST 00000976: PUSH0 00000977: DUP1 00000978: PUSH0 00000979: DUP4 0000097a: MLOAD 0000097b: PUSH1 0x41 0000097d: SUB 0000097e: PUSH2 0x09ac 00000981: JUMPI 00000982: PUSH1 0x20 00000984: DUP5 00000985: ADD 00000986: MLOAD 00000987: PUSH1 0x40 00000989: DUP6 0000098a: ADD 0000098b: MLOAD 0000098c: PUSH1 0x60 0000098e: DUP7 0000098f: ADD 00000990: MLOAD 00000991: PUSH0 00000992: BYTE 00000993: PUSH2 0x099e 00000996: DUP9 00000997: DUP3 00000998: DUP6 00000999: DUP6 0000099a: PUSH2 0x0a7a 0000099d: JUMP 0000099e: JUMPDEST 0000099f: SWAP6 000009a0: POP 000009a1: SWAP6 000009a2: POP 000009a3: SWAP6 000009a4: POP 000009a5: POP 000009a6: POP 000009a7: POP 000009a8: PUSH2 0x09b7 000009ab: JUMP 000009ac: JUMPDEST 000009ad: POP 000009ae: POP 000009af: DUP2 000009b0: MLOAD 000009b1: PUSH0 000009b2: SWAP2 000009b3: POP 000009b4: PUSH1 0x02 000009b6: SWAP1 000009b7: JUMPDEST 000009b8: SWAP3 000009b9: POP 000009ba: SWAP3 000009bb: POP 000009bc: SWAP3 000009bd: JUMP 000009be: JUMPDEST 000009bf: PUSH0 000009c0: DUP3 000009c1: PUSH1 0x03 000009c3: DUP2 000009c4: GT 000009c5: ISZERO 000009c6: PUSH2 0x09d1 000009c9: JUMPI 000009ca: PUSH2 0x09d1 000009cd: PUSH2 0x0d00 000009d0: JUMP 000009d1: JUMPDEST 000009d2: SUB 000009d3: PUSH2 0x09da 000009d6: JUMPI 000009d7: POP 000009d8: POP 000009d9: JUMP 000009da: JUMPDEST 000009db: PUSH1 0x01 000009dd: DUP3 000009de: PUSH1 0x03 000009e0: DUP2 000009e1: GT 000009e2: ISZERO 000009e3: PUSH2 0x09ee 000009e6: JUMPI 000009e7: PUSH2 0x09ee 000009ea: PUSH2 0x0d00 000009ed: JUMP 000009ee: JUMPDEST 000009ef: SUB 000009f0: PUSH2 0x0a0c 000009f3: JUMPI 000009f4: PUSH1 0x40 000009f6: MLOAD 000009f7: PUSH4 0xf645eedf 000009fc: PUSH1 0xe0 000009fe: SHL 000009ff: DUP2 00000a00: MSTORE 00000a01: PUSH1 0x04 00000a03: ADD 00000a04: PUSH1 0x40 00000a06: MLOAD 00000a07: DUP1 00000a08: SWAP2 00000a09: SUB 00000a0a: SWAP1 00000a0b: REVERT 00000a0c: JUMPDEST 00000a0d: PUSH1 0x02 00000a0f: DUP3 00000a10: PUSH1 0x03 00000a12: DUP2 00000a13: GT 00000a14: ISZERO 00000a15: PUSH2 0x0a20 00000a18: JUMPI 00000a19: PUSH2 0x0a20 00000a1c: PUSH2 0x0d00 00000a1f: JUMP 00000a20: JUMPDEST 00000a21: SUB 00000a22: PUSH2 0x0a41 00000a25: JUMPI 00000a26: PUSH1 0x40 00000a28: MLOAD 00000a29: PUSH4 0xfce698f7 00000a2e: PUSH1 0xe0 00000a30: SHL 00000a31: DUP2 00000a32: MSTORE 00000a33: PUSH1 0x04 00000a35: DUP2 00000a36: ADD 00000a37: DUP3 00000a38: SWAP1 00000a39: MSTORE 00000a3a: PUSH1 0x24 00000a3c: ADD 00000a3d: PUSH2 0x03e9 00000a40: JUMP 00000a41: JUMPDEST 00000a42: PUSH1 0x03 00000a44: DUP3 00000a45: PUSH1 0x03 00000a47: DUP2 00000a48: GT 00000a49: ISZERO 00000a4a: PUSH2 0x0a55 00000a4d: JUMPI 00000a4e: PUSH2 0x0a55 00000a51: PUSH2 0x0d00 00000a54: JUMP 00000a55: JUMPDEST 00000a56: SUB 00000a57: PUSH2 0x0a76 00000a5a: JUMPI 00000a5b: PUSH1 0x40 00000a5d: MLOAD 00000a5e: PUSH4 0x35e2f383 00000a63: PUSH1 0xe2 00000a65: SHL 00000a66: DUP2 00000a67: MSTORE 00000a68: PUSH1 0x04 00000a6a: DUP2 00000a6b: ADD 00000a6c: DUP3 00000a6d: SWAP1 00000a6e: MSTORE 00000a6f: PUSH1 0x24 00000a71: ADD 00000a72: PUSH2 0x03e9 00000a75: JUMP 00000a76: JUMPDEST 00000a77: POP 00000a78: POP 00000a79: JUMP 00000a7a: JUMPDEST 00000a7b: PUSH0 00000a7c: DUP1 00000a7d: DUP1 00000a7e: PUSH32 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0 00000a9f: DUP5 00000aa0: GT 00000aa1: ISZERO 00000aa2: PUSH2 0x0ab3 00000aa5: JUMPI 00000aa6: POP 00000aa7: PUSH0 00000aa8: SWAP2 00000aa9: POP 00000aaa: PUSH1 0x03 00000aac: SWAP1 00000aad: POP 00000aae: DUP3 00000aaf: PUSH2 0x0b38 00000ab2: JUMP 00000ab3: JUMPDEST 00000ab4: PUSH1 0x40 00000ab6: DUP1 00000ab7: MLOAD 00000ab8: PUSH0 00000ab9: DUP1 00000aba: DUP3 00000abb: MSTORE 00000abc: PUSH1 0x20 00000abe: DUP3 00000abf: ADD 00000ac0: DUP1 00000ac1: DUP5 00000ac2: MSTORE 00000ac3: DUP11 00000ac4: SWAP1 00000ac5: MSTORE 00000ac6: PUSH1 0xff 00000ac8: DUP10 00000ac9: AND 00000aca: SWAP3 00000acb: DUP3 00000acc: ADD 00000acd: SWAP3 00000ace: SWAP1 00000acf: SWAP3 00000ad0: MSTORE 00000ad1: PUSH1 0x60 00000ad3: DUP2 00000ad4: ADD 00000ad5: DUP8 00000ad6: SWAP1 00000ad7: MSTORE 00000ad8: PUSH1 0x80 00000ada: DUP2 00000adb: ADD 00000adc: DUP7 00000add: SWAP1 00000ade: MSTORE 00000adf: PUSH1 0x01 00000ae1: SWAP1 00000ae2: PUSH1 0xa0 00000ae4: ADD 00000ae5: PUSH1 0x20 00000ae7: PUSH1 0x40 00000ae9: MLOAD 00000aea: PUSH1 0x20 00000aec: DUP2 00000aed: SUB 00000aee: SWAP1 00000aef: DUP1 00000af0: DUP5 00000af1: SUB 00000af2: SWAP1 00000af3: DUP6 00000af4: GAS 00000af5: STATICCALL 00000af6: ISZERO 00000af7: DUP1 00000af8: ISZERO 00000af9: PUSH2 0x0b04 00000afc: JUMPI 00000afd: RETURNDATASIZE 00000afe: PUSH0 00000aff: DUP1 00000b00: RETURNDATACOPY 00000b01: RETURNDATASIZE 00000b02: PUSH0 00000b03: REVERT 00000b04: JUMPDEST 00000b05: POP 00000b06: POP 00000b07: PUSH1 0x40 00000b09: MLOAD 00000b0a: PUSH1 0x1f 00000b0c: NOT 00000b0d: ADD 00000b0e: MLOAD 00000b0f: SWAP2 00000b10: POP 00000b11: POP 00000b12: PUSH1 0x01 00000b14: PUSH1 0x01 00000b16: PUSH1 0xa0 00000b18: SHL 00000b19: SUB 00000b1a: DUP2 00000b1b: AND 00000b1c: PUSH2 0x0b2f 00000b1f: JUMPI 00000b20: POP 00000b21: PUSH0 00000b22: SWAP3 00000b23: POP 00000b24: PUSH1 0x01 00000b26: SWAP2 00000b27: POP 00000b28: DUP3 00000b29: SWAP1 00000b2a: POP 00000b2b: PUSH2 0x0b38 00000b2e: JUMP 00000b2f: JUMPDEST 00000b30: SWAP3 00000b31: POP 00000b32: PUSH0 00000b33: SWAP2 00000b34: POP 00000b35: DUP2 00000b36: SWAP1 00000b37: POP 00000b38: JUMPDEST 00000b39: SWAP5 00000b3a: POP 00000b3b: SWAP5 00000b3c: POP 00000b3d: SWAP5 00000b3e: SWAP2 00000b3f: POP 00000b40: POP 00000b41: JUMP 00000b42: JUMPDEST 00000b43: PUSH0 00000b44: DUP1 00000b45: DUP4 00000b46: PUSH1 0x1f 00000b48: DUP5 00000b49: ADD 00000b4a: SLT 00000b4b: PUSH2 0x0b52 00000b4e: JUMPI 00000b4f: PUSH0 00000b50: DUP1 00000b51: REVERT 00000b52: JUMPDEST 00000b53: POP 00000b54: DUP2 00000b55: CALLDATALOAD 00000b56: PUSH8 0xffffffffffffffff 00000b5f: DUP2 00000b60: GT 00000b61: ISZERO 00000b62: PUSH2 0x0b69 00000b65: JUMPI 00000b66: PUSH0 00000b67: DUP1 00000b68: REVERT 00000b69: JUMPDEST 00000b6a: PUSH1 0x20 00000b6c: DUP4 00000b6d: ADD 00000b6e: SWAP2 00000b6f: POP 00000b70: DUP4 00000b71: PUSH1 0x20 00000b73: DUP3 00000b74: PUSH1 0x05 00000b76: SHL 00000b77: DUP6 00000b78: ADD 00000b79: ADD 00000b7a: GT 00000b7b: ISZERO 00000b7c: PUSH2 0x0b83 00000b7f: JUMPI 00000b80: PUSH0 00000b81: DUP1 00000b82: REVERT 00000b83: JUMPDEST 00000b84: SWAP3 00000b85: POP 00000b86: SWAP3 00000b87: SWAP1 00000b88: POP 00000b89: JUMP 00000b8a: JUMPDEST 00000b8b: DUP1 00000b8c: CALLDATALOAD 00000b8d: PUSH1 0x01 00000b8f: PUSH1 0x01 00000b91: PUSH1 0xa0 00000b93: SHL 00000b94: SUB 00000b95: DUP2 00000b96: AND 00000b97: DUP2 00000b98: EQ 00000b99: PUSH2 0x0ba0 00000b9c: JUMPI 00000b9d: PUSH0 00000b9e: DUP1 00000b9f: REVERT 00000ba0: JUMPDEST 00000ba1: SWAP2 00000ba2: SWAP1 00000ba3: POP 00000ba4: JUMP 00000ba5: JUMPDEST 00000ba6: PUSH0 00000ba7: DUP1 00000ba8: PUSH0 00000ba9: DUP1 00000baa: PUSH1 0x60 00000bac: DUP6 00000bad: DUP8 00000bae: SUB 00000baf: SLT 00000bb0: ISZERO 00000bb1: PUSH2 0x0bb8 00000bb4: JUMPI 00000bb5: PUSH0 00000bb6: DUP1 00000bb7: REVERT 00000bb8: JUMPDEST 00000bb9: DUP5 00000bba: CALLDATALOAD 00000bbb: PUSH8 0xffffffffffffffff 00000bc4: DUP2 00000bc5: GT 00000bc6: ISZERO 00000bc7: PUSH2 0x0bce 00000bca: JUMPI 00000bcb: PUSH0 00000bcc: DUP1 00000bcd: REVERT 00000bce: JUMPDEST 00000bcf: PUSH2 0x0bda 00000bd2: DUP8 00000bd3: DUP3 00000bd4: DUP9 00000bd5: ADD 00000bd6: PUSH2 0x0b42 00000bd9: JUMP 00000bda: JUMPDEST 00000bdb: SWAP1 00000bdc: SWAP6 00000bdd: POP 00000bde: SWAP4 00000bdf: POP 00000be0: PUSH2 0x0bed 00000be3: SWAP1 00000be4: POP 00000be5: PUSH1 0x20 00000be7: DUP7 00000be8: ADD 00000be9: PUSH2 0x0b8a 00000bec: JUMP 00000bed: JUMPDEST 00000bee: SWAP4 00000bef: SWAP7 00000bf0: SWAP3 00000bf1: SWAP6 00000bf2: POP 00000bf3: SWAP3 00000bf4: SWAP4 00000bf5: PUSH1 0x40 00000bf7: ADD 00000bf8: CALLDATALOAD 00000bf9: SWAP3 00000bfa: POP 00000bfb: POP 00000bfc: JUMP 00000bfd: JUMPDEST 00000bfe: PUSH0 00000bff: PUSH1 0x20 00000c01: DUP3 00000c02: DUP5 00000c03: SUB 00000c04: SLT 00000c05: ISZERO 00000c06: PUSH2 0x0c0d 00000c09: JUMPI 00000c0a: PUSH0 00000c0b: DUP1 00000c0c: REVERT 00000c0d: JUMPDEST 00000c0e: POP 00000c0f: CALLDATALOAD 00000c10: SWAP2 00000c11: SWAP1 00000c12: POP 00000c13: JUMP 00000c14: JUMPDEST 00000c15: PUSH0 00000c16: PUSH1 0x20 00000c18: DUP3 00000c19: DUP5 00000c1a: SUB 00000c1b: SLT 00000c1c: ISZERO 00000c1d: PUSH2 0x0c24 00000c20: JUMPI 00000c21: PUSH0 00000c22: DUP1 00000c23: REVERT 00000c24: JUMPDEST 00000c25: PUSH2 0x096e 00000c28: DUP3 00000c29: PUSH2 0x0b8a 00000c2c: JUMP 00000c2d: JUMPDEST 00000c2e: PUSH0 00000c2f: DUP1 00000c30: PUSH0 00000c31: DUP1 00000c32: PUSH0 00000c33: PUSH1 0x60 00000c35: DUP7 00000c36: DUP9 00000c37: SUB 00000c38: SLT 00000c39: ISZERO 00000c3a: PUSH2 0x0c41 00000c3d: JUMPI 00000c3e: PUSH0 00000c3f: DUP1 00000c40: REVERT 00000c41: JUMPDEST 00000c42: DUP6 00000c43: CALLDATALOAD 00000c44: SWAP5 00000c45: POP 00000c46: PUSH1 0x20 00000c48: DUP7 00000c49: ADD 00000c4a: CALLDATALOAD 00000c4b: PUSH8 0xffffffffffffffff 00000c54: DUP1 00000c55: DUP3 00000c56: GT 00000c57: ISZERO 00000c58: PUSH2 0x0c5f 00000c5b: JUMPI 00000c5c: PUSH0 00000c5d: DUP1 00000c5e: REVERT 00000c5f: JUMPDEST 00000c60: PUSH2 0x0c6b 00000c63: DUP10 00000c64: DUP4 00000c65: DUP11 00000c66: ADD 00000c67: PUSH2 0x0b42 00000c6a: JUMP 00000c6b: JUMPDEST 00000c6c: SWAP1 00000c6d: SWAP7 00000c6e: POP 00000c6f: SWAP5 00000c70: POP 00000c71: PUSH1 0x40 00000c73: DUP9 00000c74: ADD 00000c75: CALLDATALOAD 00000c76: SWAP2 00000c77: POP 00000c78: DUP1 00000c79: DUP3 00000c7a: GT 00000c7b: ISZERO 00000c7c: PUSH2 0x0c83 00000c7f: JUMPI 00000c80: PUSH0 00000c81: DUP1 00000c82: REVERT 00000c83: JUMPDEST 00000c84: DUP2 00000c85: DUP9 00000c86: ADD 00000c87: SWAP2 00000c88: POP 00000c89: DUP9 00000c8a: PUSH1 0x1f 00000c8c: DUP4 00000c8d: ADD 00000c8e: SLT 00000c8f: PUSH2 0x0c96 00000c92: JUMPI 00000c93: PUSH0 00000c94: DUP1 00000c95: REVERT 00000c96: JUMPDEST 00000c97: DUP2 00000c98: CALLDATALOAD 00000c99: DUP2 00000c9a: DUP2 00000c9b: GT 00000c9c: ISZERO 00000c9d: PUSH2 0x0ca4 00000ca0: JUMPI 00000ca1: PUSH0 00000ca2: DUP1 00000ca3: REVERT 00000ca4: JUMPDEST 00000ca5: DUP10 00000ca6: PUSH1 0x20 00000ca8: DUP3 00000ca9: DUP6 00000caa: ADD 00000cab: ADD 00000cac: GT 00000cad: ISZERO 00000cae: PUSH2 0x0cb5 00000cb1: JUMPI 00000cb2: PUSH0 00000cb3: DUP1 00000cb4: REVERT 00000cb5: JUMPDEST 00000cb6: SWAP7 00000cb7: SWAP10 00000cb8: SWAP6 00000cb9: SWAP9 00000cba: POP 00000cbb: SWAP4 00000cbc: SWAP7 00000cbd: POP 00000cbe: PUSH1 0x20 00000cc0: ADD 00000cc1: SWAP5 00000cc2: SWAP4 00000cc3: SWAP3 00000cc4: POP 00000cc5: POP 00000cc6: POP 00000cc7: JUMP 00000cc8: JUMPDEST 00000cc9: PUSH4 0x4e487b71 00000cce: PUSH1 0xe0 00000cd0: SHL 00000cd1: PUSH0 00000cd2: MSTORE 00000cd3: PUSH1 0x32 00000cd5: PUSH1 0x04 00000cd7: MSTORE 00000cd8: PUSH1 0x24 00000cda: PUSH0 00000cdb: REVERT 00000cdc: JUMPDEST 00000cdd: PUSH0 00000cde: PUSH1 0x01 00000ce0: DUP3 00000ce1: ADD 00000ce2: PUSH2 0x0cf9 00000ce5: JUMPI 00000ce6: PUSH4 0x4e487b71 00000ceb: PUSH1 0xe0 00000ced: SHL 00000cee: PUSH0 00000cef: MSTORE 00000cf0: PUSH1 0x11 00000cf2: PUSH1 0x04 00000cf4: MSTORE 00000cf5: PUSH1 0x24 00000cf7: PUSH0 00000cf8: REVERT 00000cf9: JUMPDEST 00000cfa: POP 00000cfb: PUSH1 0x01 00000cfd: ADD 00000cfe: SWAP1 00000cff: JUMP 00000d00: JUMPDEST 00000d01: PUSH4 0x4e487b71 00000d06: PUSH1 0xe0 00000d08: SHL 00000d09: PUSH0 00000d0a: MSTORE 00000d0b: PUSH1 0x21 00000d0d: PUSH1 0x04 00000d0f: MSTORE 00000d10: PUSH1 0x24 00000d12: PUSH0 00000d13: REVERT 00000d14: INVALID 00000d15: LOG2 00000d16: PUSH5 0x6970667358 00000d1c: UNKNOWN(0x22) 00000d1d: SLT 00000d1e: KECCAK256 00000d1f: UNKNOWN(0x0E) 00000d20: UNKNOWN(0x2B) 00000d21: DUP15 00000d22: MLOAD 00000d23: UNKNOWN(0xA7) 00000d24: SWAP10 00000d25: PUSH0 00000d26: SLOAD 00000d27: UNKNOWN(0x29) 00000d28: EXTCODESIZE 00000d29: PUSH6 0x8203100eecd4 00000d30: UNKNOWN(0xEA) 00000d31: GT 00000d32: SHR 00000d33: UNKNOWN(0x4C) 00000d34: MULMOD 00000d35: CREATE2 00000d36: SWAP15 00000d37: UNKNOWN(0x2F) 00000d38: UNKNOWN(0xAF) 00000d39: UNKNOWN(0xF8) 00000d3a: UNKNOWN(0xA5) 00000d3b: PUSH19
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x326c6fc8c7535ef0b4ce8ece909cbd2b590ea70cac7b54bae8bff9a04f6236c7
call_targets:
0x597ed1f21cb079c4839ca7abbe7ce52b293b18a4
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x326c6fc8c7535ef0b4ce8ece909cbd2b590ea70cac7b54bae8bff9a04f6236c7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x597ed1f21cb079c4839ca7abbe7ce52b293b18a4"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a15bf92",
"selector": "0x9a15bf92",
"calldata_variants": [
"0x9a15bf92",
"0x9a15bf920000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe30c3978",
"selector": "0xe30c3978",
"calldata_variants": [
"0xe30c3978",
"0xe30c39780000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x73b2e80e",
"selector": "0x73b2e80e",
"calldata_variants": [
"0x73b2e80e",
"0x73b2e80e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x79ba5097",
"selector": "0x79ba5097",
"calldata_variants": [
"0x79ba5097",
"0x79ba50970000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x82bfefc8",
"selector": "0x82bfefc8",
"calldata_variants": [
"0x82bfefc8",
"0x82bfefc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x04b38ce0",
"selector": "0x04b38ce0",
"calldata_variants": [
"0x04b38ce0",
"0x04b38ce00000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2156,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x326c6fc8c7535ef0b4ce8ece909cbd2b590ea70cac7b54bae8bff9a04f6236c7
call_targets:
0x597ed1f21cb079c4839ca7abbe7ce52b293b18a4
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x326c6fc8c7535ef0b4ce8ece909cbd2b590ea70cac7b54bae8bff9a04f6236c7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x597ed1f21cb079c4839ca7abbe7ce52b293b18a4"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a15bf92",
"selector": "0x9a15bf92",
"calldata_variants": [
"0x9a15bf92",
"0x9a15bf920000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe30c3978",
"selector": "0xe30c3978",
"calldata_variants": [
"0xe30c3978",
"0xe30c39780000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x73b2e80e",
"selector": "0x73b2e80e",
"calldata_variants": [
"0x73b2e80e",
"0x73b2e80e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x79ba5097",
"selector": "0x79ba5097",
"calldata_variants": [
"0x79ba5097",
"0x79ba50970000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x82bfefc8",
"selector": "0x82bfefc8",
"calldata_variants": [
"0x82bfefc8",
"0x82bfefc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x04b38ce0",
"selector": "0x04b38ce0",
"calldata_variants": [
"0x04b38ce0",
"0x04b38ce00000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2156,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| medium | other | detector | CREATE/CREATE2 reachable | 45 | no | no |
viewtrace_id: 0x81124f65e04518dabb85bcff5f5a586ea95c0cb2cb68037cb93b52d5def16399
validation_json{
"sink": "CREATE",
"errors": 0,
"status": "unknown",
"attempts": 26,
"trace_id": "0x81124f65e04518dabb85bcff5f5a586ea95c0cb2cb68037cb93b52d5def16399",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9a15bf92",
"selector": "0x9a15bf92",
"calldata_variants": [
"0x9a15bf92",
"0x9a15bf920000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe30c3978",
"selector": "0xe30c3978",
"calldata_variants": [
"0xe30c3978",
"0xe30c39780000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x73b2e80e",
"selector": "0x73b2e80e",
"calldata_variants": [
"0x73b2e80e",
"0x73b2e80e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x79ba5097",
"selector": "0x79ba5097",
"calldata_variants": [
"0x79ba5097",
"0x79ba50970000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x82bfefc8",
"selector": "0x82bfefc8",
"calldata_variants": [
"0x82bfefc8",
"0x82bfefc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x04b38ce0",
"selector": "0x04b38ce0",
"calldata_variants": [
"0x04b38ce0",
"0x04b38ce00000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"create_count": 0,
"create2_count": 1
}
|
| low | other | cast | Contract creation opcode present | 60 | no | — |
viewevidence_json{
"notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
"create_count": 0,
"create2_count": 1
}
|