019bb490-f39e-727c-a0bb-e736699acd16
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 40130 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 40131 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 40132 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 40133 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 40134 | capability.graph | complete | 1 / 3 | 3 months ago |
| 40135 | detector.run | complete | 1 / 3 | 3 months ago |
| 40136 | validation.fork | complete | 1 / 3 | 3 months ago |
| 40246 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 40247 | tool.slither | complete | 1 / 2 | 3 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-jj6vx85s) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-jj6vx85s) RefundVault.refund(address).investor (contracts/Contract.sol#135) lacks a zero-check on : - investor.transfer(depositedValue) (contracts/Contract.sol#141-142) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation Version constraint ^0.4.18 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ExpExponentCleanup - EventStructWrongData - NestedArrayFunctionCallDecoder. It is used by: - ^0.4.18 (contracts/Contract.sol#4-6) solc-0.4.18 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Reentrancy in RefundVault.refund(address) (contracts/Contract.sol#135-143): External calls: - investor.transfer(depositedValue) (contracts/Contract.sol#141-142) Event emitted after the call(s): - Refunded(investor,depositedValue) (contracts/Contract.sol#142-143) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4 . analyzed (3 contracts with 100 detectors), 4 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.4.18",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.4.18",
"install_stderr": null,
"install_stdout": "Installing solc '0.4.18'...\nVersion '0.4.18' installed."
},
"solc_args": "--base-path /tmp/slither-jj6vx85s --allow-paths /tmp/slither-jj6vx85s,/tmp/slither-jj6vx85s/lib,/tmp/slither-jj6vx85s/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 4,
"workspace_hash": "86402f424d399ea21b64de15cf63b63caa1b575cb658b17245f5d463ae0a2358",
"duration_seconds": 0.6948072910308838,
"solc_version_requested": "0.4.24"
}
{"no_findings":true,"summary":"Reviewed AUDIT_BUNDLE.txt (RefundVault/Ownable/SafeMath). No exploitable issues found in the first‑party code within the requested focus areas.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-9unldfs2
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019bb4bf-ac34-7992-84d2-e9d4f4531d2d
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Preparing to read AUDIT_BUNDLE**
exec
/bin/bash -lc ls in /tmp/codex-9unldfs2 succeeded in 6ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc "sed -n '1,200p' AUDIT_BUNDLE.txt" in /tmp/codex-9unldfs2 succeeded in 9ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
/*************************************************************************
* This contract has been merged with solidify
* https://github.com/tiesnetwork/solidify
*************************************************************************/
pragma solidity ^0.4.18;
/*************************************************************************
* import "../math/SafeMath.sol" : start
*************************************************************************/
/**
* @title SafeMath
exec
/bin/bash -lc "sed -n '200,400p' AUDIT_BUNDLE.txt" in /tmp/codex-9unldfs2 succeeded in 6ms:
thinking
**Reviewing RefundVault security**
I’m auditing RefundVault for reentrancy, access control, and transfer risks. The refund function is public but designed safely with transfer’s 2300 gas stipend blocking reentrancy, though there’s a theoretical denial-of-service if an investor’s fallback reverts. The close function could fail if the wallet is a reverting contract, but wallet is immutable. Using transfer may risk stuck funds with current gas cost changes, but that’s low risk here. No delegatecall misuse or ownership issues found. Overall, no significant vulnerabilities detected. I’ll produce a JSON summary marking no findings and keeping details minimal.
codex
{"no_findings":true,"summary":"Reviewed AUDIT_BUNDLE.txt (RefundVault/Ownable/SafeMath). No exploitable issues found in the first‑party code within the requested focus areas.","findings":[]}
tokens used
7,188
{
"codex": {
"ran_at": "2026-01-13T00:27:17.908893+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 2,
"first_party_contracts_count": 1
},
"summary": "Reviewed AUDIT_BUNDLE.txt (RefundVault/Ownable/SafeMath). No exploitable issues found in the first\u2011party code within the requested focus areas.",
"raw_final": {
"summary": "Reviewed AUDIT_BUNDLE.txt (RefundVault/Ownable/SafeMath). No exploitable issues found in the first\u2011party code within the requested focus areas.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0098 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000030: PUSH1 0x00 00000032: CALLDATALOAD 00000033: DIV 00000034: AND 00000035: PUSH4 0x43d726d6 0000003a: DUP2 0000003b: EQ 0000003c: PUSH2 0x009d 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x521eb273 00000046: EQ 00000047: PUSH2 0x00b4 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x8c52dc41 00000051: EQ 00000052: PUSH2 0x00e5 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x8da5cb5b 0000005c: EQ 0000005d: PUSH2 0x00fa 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xc19d93fb 00000067: EQ 00000068: PUSH2 0x010f 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xcb13cddb 00000072: EQ 00000073: PUSH2 0x0148 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xf2fde38b 0000007d: EQ 0000007e: PUSH2 0x017b 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xf340fa01 00000088: EQ 00000089: PUSH2 0x019c 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0xfa89401a 00000093: EQ 00000094: PUSH2 0x01b0 00000097: JUMPI 00000098: JUMPDEST 00000099: PUSH1 0x00 0000009b: DUP1 0000009c: REVERT 0000009d: JUMPDEST 0000009e: CALLVALUE 0000009f: DUP1 000000a0: ISZERO 000000a1: PUSH2 0x00a9 000000a4: JUMPI 000000a5: PUSH1 0x00 000000a7: DUP1 000000a8: REVERT 000000a9: JUMPDEST 000000aa: POP 000000ab: PUSH2 0x00b2 000000ae: PUSH2 0x01d1 000000b1: JUMP 000000b2: JUMPDEST 000000b3: STOP 000000b4: JUMPDEST 000000b5: CALLVALUE 000000b6: DUP1 000000b7: ISZERO 000000b8: PUSH2 0x00c0 000000bb: JUMPI 000000bc: PUSH1 0x00 000000be: DUP1 000000bf: REVERT 000000c0: JUMPDEST 000000c1: POP 000000c2: PUSH2 0x00c9 000000c5: PUSH2 0x02a7 000000c8: JUMP 000000c9: JUMPDEST 000000ca: PUSH1 0x40 000000cc: DUP1 000000cd: MLOAD 000000ce: PUSH1 0x01 000000d0: PUSH1 0xa0 000000d2: PUSH1 0x02 000000d4: EXP 000000d5: SUB 000000d6: SWAP1 000000d7: SWAP3 000000d8: AND 000000d9: DUP3 000000da: MSTORE 000000db: MLOAD 000000dc: SWAP1 000000dd: DUP2 000000de: SWAP1 000000df: SUB 000000e0: PUSH1 0x20 000000e2: ADD 000000e3: SWAP1 000000e4: RETURN 000000e5: JUMPDEST 000000e6: CALLVALUE 000000e7: DUP1 000000e8: ISZERO 000000e9: PUSH2 0x00f1 000000ec: JUMPI 000000ed: PUSH1 0x00 000000ef: DUP1 000000f0: REVERT 000000f1: JUMPDEST 000000f2: POP 000000f3: PUSH2 0x00b2 000000f6: PUSH2 0x02b6 000000f9: JUMP 000000fa: JUMPDEST 000000fb: CALLVALUE 000000fc: DUP1 000000fd: ISZERO 000000fe: PUSH2 0x0106 00000101: JUMPI 00000102: PUSH1 0x00 00000104: DUP1 00000105: REVERT 00000106: JUMPDEST 00000107: POP 00000108: PUSH2 0x00c9 0000010b: PUSH2 0x0340 0000010e: JUMP 0000010f: JUMPDEST 00000110: CALLVALUE 00000111: DUP1 00000112: ISZERO 00000113: PUSH2 0x011b 00000116: JUMPI 00000117: PUSH1 0x00 00000119: DUP1 0000011a: REVERT 0000011b: JUMPDEST 0000011c: POP 0000011d: PUSH2 0x0124 00000120: PUSH2 0x034f 00000123: JUMP 00000124: JUMPDEST 00000125: PUSH1 0x40 00000127: MLOAD 00000128: DUP1 00000129: DUP3 0000012a: PUSH1 0x02 0000012c: DUP2 0000012d: GT 0000012e: ISZERO 0000012f: PUSH2 0x0134 00000132: JUMPI 00000133: INVALID 00000134: JUMPDEST 00000135: PUSH1 0xff 00000137: AND 00000138: DUP2 00000139: MSTORE 0000013a: PUSH1 0x20 0000013c: ADD 0000013d: SWAP2 0000013e: POP 0000013f: POP 00000140: PUSH1 0x40 00000142: MLOAD 00000143: DUP1 00000144: SWAP2 00000145: SUB 00000146: SWAP1 00000147: RETURN 00000148: JUMPDEST 00000149: CALLVALUE 0000014a: DUP1 0000014b: ISZERO 0000014c: PUSH2 0x0154 0000014f: JUMPI 00000150: PUSH1 0x00 00000152: DUP1 00000153: REVERT 00000154: JUMPDEST 00000155: POP 00000156: PUSH2 0x0169 00000159: PUSH1 0x01 0000015b: PUSH1 0xa0 0000015d: PUSH1 0x02 0000015f: EXP 00000160: SUB 00000161: PUSH1 0x04 00000163: CALLDATALOAD 00000164: AND 00000165: PUSH2 0x035f 00000168: JUMP 00000169: JUMPDEST 0000016a: PUSH1 0x40 0000016c: DUP1 0000016d: MLOAD 0000016e: SWAP2 0000016f: DUP3 00000170: MSTORE 00000171: MLOAD 00000172: SWAP1 00000173: DUP2 00000174: SWAP1 00000175: SUB 00000176: PUSH1 0x20 00000178: ADD 00000179: SWAP1 0000017a: RETURN 0000017b: JUMPDEST 0000017c: CALLVALUE 0000017d: DUP1 0000017e: ISZERO 0000017f: PUSH2 0x0187 00000182: JUMPI 00000183: PUSH1 0x00 00000185: DUP1 00000186: REVERT 00000187: JUMPDEST 00000188: POP 00000189: PUSH2 0x00b2 0000018c: PUSH1 0x01 0000018e: PUSH1 0xa0 00000190: PUSH1 0x02 00000192: EXP 00000193: SUB 00000194: PUSH1 0x04 00000196: CALLDATALOAD 00000197: AND 00000198: PUSH2 0x0371 0000019b: JUMP 0000019c: JUMPDEST 0000019d: PUSH2 0x00b2 000001a0: PUSH1 0x01 000001a2: PUSH1 0xa0 000001a4: PUSH1 0x02 000001a6: EXP 000001a7: SUB 000001a8: PUSH1 0x04 000001aa: CALLDATALOAD 000001ab: AND 000001ac: PUSH2 0x0405 000001af: JUMP 000001b0: JUMPDEST 000001b1: CALLVALUE 000001b2: DUP1 000001b3: ISZERO 000001b4: PUSH2 0x01bc 000001b7: JUMPI 000001b8: PUSH1 0x00 000001ba: DUP1 000001bb: REVERT 000001bc: JUMPDEST 000001bd: POP 000001be: PUSH2 0x00b2 000001c1: PUSH1 0x01 000001c3: PUSH1 0xa0 000001c5: PUSH1 0x02 000001c7: EXP 000001c8: SUB 000001c9: PUSH1 0x04 000001cb: CALLDATALOAD 000001cc: AND 000001cd: PUSH2 0x0485 000001d0: JUMP 000001d1: JUMPDEST 000001d2: PUSH1 0x00 000001d4: SLOAD 000001d5: PUSH1 0x01 000001d7: PUSH1 0xa0 000001d9: PUSH1 0x02 000001db: EXP 000001dc: SUB 000001dd: AND 000001de: CALLER 000001df: EQ 000001e0: PUSH2 0x01e8 000001e3: JUMPI 000001e4: PUSH1 0x00 000001e6: DUP1 000001e7: REVERT 000001e8: JUMPDEST 000001e9: PUSH1 0x00 000001eb: PUSH1 0x02 000001ed: DUP1 000001ee: SLOAD 000001ef: PUSH1 0xa0 000001f1: PUSH1 0x02 000001f3: EXP 000001f4: SWAP1 000001f5: DIV 000001f6: PUSH1 0xff 000001f8: AND 000001f9: SWAP1 000001fa: DUP2 000001fb: GT 000001fc: ISZERO 000001fd: PUSH2 0x0202 00000200: JUMPI 00000201: INVALID 00000202: JUMPDEST 00000203: EQ 00000204: PUSH2 0x020c 00000207: JUMPI 00000208: PUSH1 0x00 0000020a: DUP1 0000020b: REVERT 0000020c: JUMPDEST 0000020d: PUSH1 0x02 0000020f: DUP1 00000210: SLOAD 00000211: PUSH21 0xff0000000000000000000000000000000000000000 00000227: NOT 00000228: AND 00000229: PUSH21 0x020000000000000000000000000000000000000000 0000023f: OR 00000240: SWAP1 00000241: SSTORE 00000242: PUSH1 0x40 00000244: MLOAD 00000245: PUSH32 0x1cdde67b72a90f19919ac732a437ac2f7a10fc128d28c2a6e525d89ce5cd9d3a 00000266: SWAP1 00000267: PUSH1 0x00 00000269: SWAP1 0000026a: LOG1 0000026b: PUSH1 0x02 0000026d: SLOAD 0000026e: PUSH1 0x40 00000270: MLOAD 00000271: PUSH1 0x01 00000273: PUSH1 0xa0 00000275: PUSH1 0x02 00000277: EXP 00000278: SUB 00000279: SWAP1 0000027a: SWAP2 0000027b: AND 0000027c: SWAP1 0000027d: ADDRESS 0000027e: BALANCE 0000027f: DUP1 00000280: ISZERO 00000281: PUSH2 0x08fc 00000284: MUL 00000285: SWAP2 00000286: PUSH1 0x00 00000288: DUP2 00000289: DUP2 0000028a: DUP2 0000028b: DUP6 0000028c: DUP9 0000028d: DUP9 0000028e: CALL 0000028f: SWAP4 00000290: POP 00000291: POP 00000292: POP 00000293: POP 00000294: ISZERO 00000295: DUP1 00000296: ISZERO 00000297: PUSH2 0x02a4 0000029a: JUMPI 0000029b: RETURNDATASIZE 0000029c: PUSH1 0x00 0000029e: DUP1 0000029f: RETURNDATACOPY 000002a0: RETURNDATASIZE 000002a1: PUSH1 0x00 000002a3: REVERT 000002a4: JUMPDEST 000002a5: POP 000002a6: JUMP 000002a7: JUMPDEST 000002a8: PUSH1 0x02 000002aa: SLOAD 000002ab: PUSH1 0x01 000002ad: PUSH1 0xa0 000002af: PUSH1 0x02 000002b1: EXP 000002b2: SUB 000002b3: AND 000002b4: DUP2 000002b5: JUMP 000002b6: JUMPDEST 000002b7: PUSH1 0x00 000002b9: SLOAD 000002ba: PUSH1 0x01 000002bc: PUSH1 0xa0 000002be: PUSH1 0x02 000002c0: EXP 000002c1: SUB 000002c2: AND 000002c3: CALLER 000002c4: EQ 000002c5: PUSH2 0x02cd 000002c8: JUMPI 000002c9: PUSH1 0x00 000002cb: DUP1 000002cc: REVERT 000002cd: JUMPDEST 000002ce: PUSH1 0x00 000002d0: PUSH1 0x02 000002d2: DUP1 000002d3: SLOAD 000002d4: PUSH1 0xa0 000002d6: PUSH1 0x02 000002d8: EXP 000002d9: SWAP1 000002da: DIV 000002db: PUSH1 0xff 000002dd: AND 000002de: SWAP1 000002df: DUP2 000002e0: GT 000002e1: ISZERO 000002e2: PUSH2 0x02e7 000002e5: JUMPI 000002e6: INVALID 000002e7: JUMPDEST 000002e8: EQ 000002e9: PUSH2 0x02f1 000002ec: JUMPI 000002ed: PUSH1 0x00 000002ef: DUP1 000002f0: REVERT 000002f1: JUMPDEST 000002f2: PUSH1 0x02 000002f4: DUP1 000002f5: SLOAD 000002f6: PUSH21 0xff0000000000000000000000000000000000000000 0000030c: NOT 0000030d: AND 0000030e: PUSH1 0xa0 00000310: PUSH1 0x02 00000312: EXP 00000313: OR 00000314: SWAP1 00000315: SSTORE 00000316: PUSH1 0x40 00000318: MLOAD 00000319: PUSH32 0x599d8e5a83cffb867d051598c4d70e805d59802d8081c1c7d6dffc5b6aca2b89 0000033a: SWAP1 0000033b: PUSH1 0x00 0000033d: SWAP1 0000033e: LOG1 0000033f: JUMP 00000340: JUMPDEST 00000341: PUSH1 0x00 00000343: SLOAD 00000344: PUSH1 0x01 00000346: PUSH1 0xa0 00000348: PUSH1 0x02 0000034a: EXP 0000034b: SUB 0000034c: AND 0000034d: DUP2 0000034e: JUMP 0000034f: JUMPDEST 00000350: PUSH1 0x02 00000352: SLOAD 00000353: PUSH1 0xa0 00000355: PUSH1 0x02 00000357: EXP 00000358: SWAP1 00000359: DIV 0000035a: PUSH1 0xff 0000035c: AND 0000035d: DUP2 0000035e: JUMP 0000035f: JUMPDEST 00000360: PUSH1 0x01 00000362: PUSH1 0x20 00000364: MSTORE 00000365: PUSH1 0x00 00000367: SWAP1 00000368: DUP2 00000369: MSTORE 0000036a: PUSH1 0x40 0000036c: SWAP1 0000036d: KECCAK256 0000036e: SLOAD 0000036f: DUP2 00000370: JUMP 00000371: JUMPDEST 00000372: PUSH1 0x00 00000374: SLOAD 00000375: PUSH1 0x01 00000377: PUSH1 0xa0 00000379: PUSH1 0x02 0000037b: EXP 0000037c: SUB 0000037d: AND 0000037e: CALLER 0000037f: EQ 00000380: PUSH2 0x0388 00000383: JUMPI 00000384: PUSH1 0x00 00000386: DUP1 00000387: REVERT 00000388: JUMPDEST 00000389: PUSH1 0x01 0000038b: PUSH1 0xa0 0000038d: PUSH1 0x02 0000038f: EXP 00000390: SUB 00000391: DUP2 00000392: AND 00000393: ISZERO 00000394: ISZERO 00000395: PUSH2 0x039d 00000398: JUMPI 00000399: PUSH1 0x00 0000039b: DUP1 0000039c: REVERT 0000039d: JUMPDEST 0000039e: PUSH1 0x00 000003a0: DUP1 000003a1: SLOAD 000003a2: PUSH1 0x40 000003a4: MLOAD 000003a5: PUSH1 0x01 000003a7: PUSH1 0xa0 000003a9: PUSH1 0x02 000003ab: EXP 000003ac: SUB 000003ad: DUP1 000003ae: DUP6 000003af: AND 000003b0: SWAP4 000003b1: SWAP3 000003b2: AND 000003b3: SWAP2 000003b4: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 000003d5: SWAP2 000003d6: LOG3 000003d7: PUSH1 0x00 000003d9: DUP1 000003da: SLOAD 000003db: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003f0: NOT 000003f1: AND 000003f2: PUSH1 0x01 000003f4: PUSH1 0xa0 000003f6: PUSH1 0x02 000003f8: EXP 000003f9: SUB 000003fa: SWAP3 000003fb: SWAP1 000003fc: SWAP3 000003fd: AND 000003fe: SWAP2 000003ff: SWAP1 00000400: SWAP2 00000401: OR 00000402: SWAP1 00000403: SSTORE 00000404: JUMP 00000405: JUMPDEST 00000406: PUSH1 0x00 00000408: SLOAD 00000409: PUSH1 0x01 0000040b: PUSH1 0xa0 0000040d: PUSH1 0x02 0000040f: EXP 00000410: SUB 00000411: AND 00000412: CALLER 00000413: EQ 00000414: PUSH2 0x041c 00000417: JUMPI 00000418: PUSH1 0x00 0000041a: DUP1 0000041b: REVERT 0000041c: JUMPDEST 0000041d: PUSH1 0x00 0000041f: PUSH1 0x02 00000421: DUP1 00000422: SLOAD 00000423: PUSH1 0xa0 00000425: PUSH1 0x02 00000427: EXP 00000428: SWAP1 00000429: DIV 0000042a: PUSH1 0xff 0000042c: AND 0000042d: SWAP1 0000042e: DUP2 0000042f: GT 00000430: ISZERO 00000431: PUSH2 0x0436 00000434: JUMPI 00000435: INVALID 00000436: JUMPDEST 00000437: EQ 00000438: PUSH2 0x0440 0000043b: JUMPI 0000043c: PUSH1 0x00 0000043e: DUP1 0000043f: REVERT 00000440: JUMPDEST 00000441: PUSH1 0x01 00000443: PUSH1 0xa0 00000445: PUSH1 0x02 00000447: EXP 00000448: SUB 00000449: DUP2 0000044a: AND 0000044b: PUSH1 0x00 0000044d: SWAP1 0000044e: DUP2 0000044f: MSTORE 00000450: PUSH1 0x01 00000452: PUSH1 0x20 00000454: MSTORE 00000455: PUSH1 0x40 00000457: SWAP1 00000458: KECCAK256 00000459: SLOAD 0000045a: PUSH2 0x0469 0000045d: SWAP1 0000045e: CALLVALUE 0000045f: PUSH4 0xffffffff 00000464: PUSH2 0x053a 00000467: AND 00000468: JUMP 00000469: JUMPDEST 0000046a: PUSH1 0x01 0000046c: PUSH1 0xa0 0000046e: PUSH1 0x02 00000470: EXP 00000471: SUB 00000472: SWAP1 00000473: SWAP2 00000474: AND 00000475: PUSH1 0x00 00000477: SWAP1 00000478: DUP2 00000479: MSTORE 0000047a: PUSH1 0x01 0000047c: PUSH1 0x20 0000047e: MSTORE 0000047f: PUSH1 0x40 00000481: SWAP1 00000482: KECCAK256 00000483: SSTORE 00000484: JUMP 00000485: JUMPDEST 00000486: PUSH1 0x00 00000488: PUSH1 0x01 0000048a: PUSH1 0x02 0000048c: DUP1 0000048d: SLOAD 0000048e: PUSH1 0xa0 00000490: PUSH1 0x02 00000492: EXP 00000493: SWAP1 00000494: DIV 00000495: PUSH1 0xff 00000497: AND 00000498: SWAP1 00000499: DUP2 0000049a: GT 0000049b: ISZERO 0000049c: PUSH2 0x04a1 0000049f: JUMPI 000004a0: INVALID 000004a1: JUMPDEST 000004a2: EQ 000004a3: PUSH2 0x04ab 000004a6: JUMPI 000004a7: PUSH1 0x00 000004a9: DUP1 000004aa: REVERT 000004ab: JUMPDEST 000004ac: POP 000004ad: PUSH1 0x01 000004af: PUSH1 0xa0 000004b1: PUSH1 0x02 000004b3: EXP 000004b4: SUB 000004b5: DUP2 000004b6: AND 000004b7: PUSH1 0x00 000004b9: DUP2 000004ba: DUP2 000004bb: MSTORE 000004bc: PUSH1 0x01 000004be: PUSH1 0x20 000004c0: MSTORE 000004c1: PUSH1 0x40 000004c3: DUP1 000004c4: DUP3 000004c5: KECCAK256 000004c6: DUP1 000004c7: SLOAD 000004c8: SWAP1 000004c9: DUP4 000004ca: SWAP1 000004cb: SSTORE 000004cc: SWAP1 000004cd: MLOAD 000004ce: SWAP1 000004cf: SWAP3 000004d0: SWAP2 000004d1: DUP4 000004d2: ISZERO 000004d3: PUSH2 0x08fc 000004d6: MUL 000004d7: SWAP2 000004d8: DUP5 000004d9: SWAP2 000004da: DUP2 000004db: DUP2 000004dc: DUP2 000004dd: DUP6 000004de: DUP9 000004df: DUP9 000004e0: CALL 000004e1: SWAP4 000004e2: POP 000004e3: POP 000004e4: POP 000004e5: POP 000004e6: ISZERO 000004e7: DUP1 000004e8: ISZERO 000004e9: PUSH2 0x04f6 000004ec: JUMPI 000004ed: RETURNDATASIZE 000004ee: PUSH1 0x00 000004f0: DUP1 000004f1: RETURNDATACOPY 000004f2: RETURNDATASIZE 000004f3: PUSH1 0x00 000004f5: REVERT 000004f6: JUMPDEST 000004f7: POP 000004f8: PUSH1 0x40 000004fa: DUP1 000004fb: MLOAD 000004fc: DUP3 000004fd: DUP2 000004fe: MSTORE 000004ff: SWAP1 00000500: MLOAD 00000501: PUSH1 0x01 00000503: PUSH1 0xa0 00000505: PUSH1 0x02 00000507: EXP 00000508: SUB 00000509: DUP5 0000050a: AND 0000050b: SWAP2 0000050c: PUSH32 0xd7dee2702d63ad89917b6a4da9981c90c4d24f8c2bdfd64c604ecae57d8d0651 0000052d: SWAP2 0000052e: SWAP1 0000052f: DUP2 00000530: SWAP1 00000531: SUB 00000532: PUSH1 0x20 00000534: ADD 00000535: SWAP1 00000536: LOG2 00000537: POP 00000538: POP 00000539: JUMP 0000053a: JUMPDEST 0000053b: PUSH1 0x00 0000053d: DUP3 0000053e: DUP3 0000053f: ADD 00000540: DUP4 00000541: DUP2 00000542: LT 00000543: ISZERO 00000544: PUSH2 0x0549 00000547: JUMPI 00000548: INVALID 00000549: JUMPDEST 0000054a: SWAP4 0000054b: SWAP3 0000054c: POP 0000054d: POP 0000054e: POP 0000054f: JUMP 00000550: STOP 00000551: LOG1 00000552: PUSH6 0x627a7a723058 00000559: KECCAK256 0000055a: DUP1 0000055b: UNKNOWN(0xD3) 0000055c: UNKNOWN(0xAA) 0000055d: UNKNOWN(0xD8) 0000055e: DIV 0000055f: UNKNOWN(0xE4) 00000560: TIMESTAMP 00000561: PUSH18 0xb0c44cc5dd96cc0e4e0ad588ff58b4e156f0 00000574: PUSH15
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xae7824d1ac3a30faea75564fb83e128f1d3989b8e14602a8b10a590d4d287ddf
call_targets:
0x62bbb9fffd33d70a39fed4e7874163e8b97ea41b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xae7824d1ac3a30faea75564fb83e128f1d3989b8e14602a8b10a590d4d287ddf",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x62bbb9fffd33d70a39fed4e7874163e8b97ea41b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x43d726d6",
"selector": "0x43d726d6",
"calldata_variants": [
"0x43d726d6",
"0x43d726d60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8c52dc41",
"selector": "0x8c52dc41",
"calldata_variants": [
"0x8c52dc41",
"0x8c52dc410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc19d93fb",
"selector": "0xc19d93fb",
"calldata_variants": [
"0xc19d93fb",
"0xc19d93fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcb13cddb",
"selector": "0xcb13cddb",
"calldata_variants": [
"0xcb13cddb",
"0xcb13cddb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf340fa01",
"selector": "0xf340fa01",
"calldata_variants": [
"0xf340fa01",
"0xf340fa010000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1248,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xae7824d1ac3a30faea75564fb83e128f1d3989b8e14602a8b10a590d4d287ddf
call_targets:
0x62bbb9fffd33d70a39fed4e7874163e8b97ea41b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xae7824d1ac3a30faea75564fb83e128f1d3989b8e14602a8b10a590d4d287ddf",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x62bbb9fffd33d70a39fed4e7874163e8b97ea41b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x43d726d6",
"selector": "0x43d726d6",
"calldata_variants": [
"0x43d726d6",
"0x43d726d60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x521eb273",
"selector": "0x521eb273",
"calldata_variants": [
"0x521eb273",
"0x521eb2730000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8c52dc41",
"selector": "0x8c52dc41",
"calldata_variants": [
"0x8c52dc41",
"0x8c52dc410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc19d93fb",
"selector": "0xc19d93fb",
"calldata_variants": [
"0xc19d93fb",
"0xc19d93fb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcb13cddb",
"selector": "0xcb13cddb",
"calldata_variants": [
"0xcb13cddb",
"0xcb13cddb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf340fa01",
"selector": "0xf340fa01",
"calldata_variants": [
"0xf340fa01",
"0xf340fa010000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 654,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "constant",
"target_expression_category": "constant"
},
{
"pc": 1248,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|