019be3d6-820a-733c-b1d0-1bc4856cd0cf
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 40575 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 40576 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 40577 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 40578 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 40579 | capability.graph | complete | 1 / 3 | 2 months ago |
| 40580 | detector.run | complete | 1 / 3 | 2 months ago |
| 40581 | validation.fork | complete | 1 / 3 | 2 months ago |
| 41243 | report.consolidate | complete | 1 / 6 | 2 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode indicates five callable selectors, no proxy/delegatecall usage, and multiple external CALLs (some with ETH value) to targets derived from storage or hard-coded addresses. Access control appears to rely on hard-coded addresses and a mapping check, but storage mutability and token behavior are unclear from runtime bytecode alone.","findings":[{"severity":"low","category":"other","title":"External CALL target/value derived from storage (potential arbitrary call/ETH transfer if mutable)","exploit_scenario":"Several functions build CALL targets from storage (slot 0/1) and then perform low-level CALLs. If those slots can be modified (e.g., via constructor parameters, a hidden setter, or compromised privileged role), a malicious target could be set to receive arbitrary calls and ETH value, enabling fund diversion or reentrant control flow. Runtime bytecode shows no obvious setter, so the risk depends on deploy-time configuration or unseen state mutation paths.","recommendation":"Treat storage slot addresses as immutable or strictly governed; add explicit access control and events for any setters; consider hard-coding or allowlisting external targets to prevent arbitrary call redirection.","evidence":"Detector flags untrusted CALL target/value reachable with computed target/value; callsites at pc 645/838/1100/1558/2051/2605/2710. Storage reads from slot 0 are used in call construction (e.g., SLOAD pc 326/525/718/997/1191/1459/1684/1952).","locations":["pc:645","pc:838","pc:1100","pc:1558","pc:2051","pc:2605","pc:2710","pc:326"]},{"severity":"low","category":"other","title":"ERC20 operations via low-level CALL without return-data validation","exploit_scenario":"The contract uses low-level CALLs for ERC20 `approve`/`transfer` without checking return data (only call success). Tokens that return `false` instead of reverting could cause the contract to assume success and proceed, leading to unexpected behavior or stuck funds. Known tokens like WETH are compliant, so impact depends on the token at runtime (e.g., storage-configured addresses).","recommendation":"After CALL, if returndata length > 0, require it to decode to `true`; or use a safe ERC20 wrapper pattern. Limit token interactions to known-good implementations.","evidence":"Detector examples show `returndata_checked: null` for CALL sites (pc 645/838/1100). Bytecode uses CALL + revert-on-failure but no explicit return-value decode.","locations":["pc:645","pc:838","pc:1100"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-8eq5ps0q
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019be3e9-de06-7fb1-bece-14972abb41b3
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
thinking
**Reading BYTECODE_BUNDLE.json**
exec
/bin/bash -lc ls in /tmp/codex-8eq5ps0q succeeded in 7ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-8eq5ps0q succeeded in 12ms:
{
"analysis_artifact": {
"address": "0xfffe68c44264aa02020e30298f58f0004afc1527",
"artifact_hash": "0xe437b37e970f3dba570e7903ce06ef070e92ee8b5de77154fd33633d1fd6f569",
"artifact_json": {
"auth": {
"guards": [
{
"pc": 386,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 905,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2153,
"type": "msg_sender_eq_const",
thinking
**Planning targeted searches**
I'm planning to use ripgrep to search for terms like "proxy" and "eip1967" to find relevant storage slot handling in the bytecode or JSON, aiming to identify proxy patterns without modifying code.
exec
/bin/bash -lc 'rg -n "proxy|eip1967|beacon|impl|implementation|delegatecall" BYTECODE_BUNDLE.json' in /tmp/codex-8eq5ps0q succeeded in 43ms:
3773: "delegatecall": 0,
3853: "delegatecall": 0,
3933: "delegatecall": 0,
4013: "delegatecall": 0,
4093: "delegatecall": 0,
4156: "delegatecall": 0,
4235: "implementation": null,
4237: "proxy": "0",
4242: "proxy_evidence": {
4243: "status": "not_proxy"
4246: "implementation_address": null,
4247: "is_proxy": false,
6542: "delegatecall_count": 0,
thinking
**Investigating reentrancy indicators**
I'm analyzing call sites and state updates for evidence of reentrancy, noting peculiar constant comparisons that might serve as unreachable access guards or anti-tamper measures; next, I'll focus on external calls with ETH transfers and check for state changes after calls to assess reentrancy risks.
thinking
**Identifying external call wrappers**
I found EXTCODESIZE checks preceding dynamic calls, suggesting external call wrappers with failure handling, but no clear reentrancy guards; next, I’ll search storage info in artifacts to assess potential state updates after calls.
exec
/bin/bash -lc 'rg -n "storage" BYTECODE_BUNDLE.json | head -n 50' in /tmp/codex-8eq5ps0q succeeded in 8ms:
3777: "storage": {
3857: "storage": {
3937: "storage": {
4017: "storage": {
4097: "storage": {
4161: "storage": {
thinking
**Planning storage view creation**
exec
/bin/bash -lc "sed -n '3720,3810p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 6ms:
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": 2445008071,
"selector": "0x12424e3f"
},
{
"entry_pc": 3607018984,
"selector": "0x91bbdcc7"
},
{
"entry_pc": 3617093099,
"selector": "0xd6febde8"
},
{
"entry_pc": 4093572003,
"selector": "0xd79875eb"
},
{
"entry_pc": null,
exec
/bin/bash -lc "sed -n '3810,3895p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 5ms:
{
"op": "SLOAD",
"pc": 1684,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1952,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 1
}
},
{
"auth": {
"guards": [
{
"pc": 386,
"type": "msg_sender_eq_const",
exec
/bin/bash -lc "sed -n '3895,3985p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 7ms:
{
"op": "SLOAD",
"pc": 1952,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
],
"writes": 1
}
},
{
"auth": {
"guards": [
{
"pc": 386,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 905,
"type": "msg_sender_eq_const",
exec
/bin/bash -lc "sed -n '3985,4075p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 6ms:
"auth": {
"guards": [
{
"pc": 386,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 905,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2153,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2226,
"type": "msg_sender_eq_const",
exec
/bin/bash -lc "sed -n '4075,4170p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 14ms:
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2153,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2226,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
},
"entry_pc": null,
"selector": "0xf3fef3a3",
"sinks": {
"call": 7,
"delegatecall": 0,
"selfdestruct": 0,
exec
/bin/bash -lc "sed -n '4170,4265p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 6ms:
{
"op": "SLOAD",
"pc": 525,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 718,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 997,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 1191,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
thinking
**Analyzing runtime bytecode for permission checks**
The bytecode shows function selectors and a dispatcher, revealing permission logic that checks a mapping for msg.sender or compares msg.sender to a specific hardcoded admin address, indicating owner-or-whitelisted access control.
thinking
**Confirming access control and storage writes**
The contract uses owner or mapping-based access control for key functions like approving tokens, depositing WETH, swapping, and transferring tokens or ETH; it stores external addresses in storage slots 0 and 1, likely modifiable by the owner via limited SSTORE operations.
exec
/bin/bash -lc 'rg -n "SSTORE" BYTECODE_BUNDLE.json' in /tmp/codex-8eq5ps0q succeeded in 17ms:
2904: "SSTORE",
exec
/bin/bash -lc "sed -n '2860,2925p' BYTECODE_BUNDLE.json" in /tmp/codex-8eq5ps0q succeeded in 5ms:
"PUSH1",
"OP_83",
"ADD",
"OP_84",
"PUSH2",
"JUMP"
],
"start_pc": 3525
},
{
"end_pc": 3551,
"hash": "0x82889013bdb1130a31b5d97098adbb081c2eb0a027f5e96fe8f6cd7d7e235c82",
"opcodes": [
"JUMPDEST",
"OP_92",
"OP_91",
"POP",
"POP",
"JUMP"
],
thinking
**Identifying false-positive storage writes from metadata**
SSTORE instructions appear only within the metadata section, not in executable runtime code, suggesting that reported storage writes may be false positives from metadata disassembly rather than actual executed storage modifications.
thinking
**Interpreting access control and external call safety from bytecode**
The contract enforces access control via immutable mappings and fixed owners without runtime storage writes, limiting untrusted user actions. External calls to known tokens and routers use low-level calls with proper revert-on-failure checks but do not validate ERC20 return data, posing a minor risk with nonstandard tokens; call targets are fixed by constructor and likely immutable, reducing untrusted call risks. Potential reentrancy exists due to ETH/token transfers without state updates or guards, but its impact appears limited given the contract’s design.
thinking
```json
{
"no_findings": false,
"summary": "Bytecode shows five selectors, no delegatecall or proxy patterns; external low-level CALLs use addresses from storage slots with ETH value transfers controlled by privileged callers. Access control relies on hard-coded addresses and an immutable permission mapping set in constructor. Potential risks include untrusted external calls with dynamic targets, and ERC20 operations via low-level CALL without verifying return data.",
"findings": [
{
"severity": "low",
"category": "other",
"title": "External CALL target/value derived from storage (potential arbitrary call/ETH transfer)",
"exploit_scenario": "If storage slots 0 or 1 can be modified by a privileged or compromised actor (e.g., during deployment or via hidden setters), the contract may call arbitrary external contracts with arbitrary calldata and value, potentially resulting in fund loss or reentrancy effects. No setter for these slots is evident in runtime, so risk depends on deploy-time configuration and trust assumptions.",
"recommendation": "Ensure addresses stored in slot0 and slot1 are immutable or only modifiable by trusted governance. Add explicit access control for any setters and consider restricting call targets to a known allowlist. Emit events on updates to aid auditing.",
"evidence": "CALL instructions at pcs 645, 838, 1100, 1558, 2051, 2605, 2710 use addresses loaded from storage slot0 or slot1 (e.g., SLOAD at pc 326, 525). Detector flags indicate dynamic call targets and ETH value transfers.",
"locations": ["pc:326", "pc:645", "pc:838"]
},
{
"severity": "low",
"category": "other",
"title": "ERC20 operations via low-level CALL without return data validation",
"exploit_scenario": "If an ERC20 token returns false on calls like transfer or approve instead of reverting, the contract may misinterpret these as successful calls, leading to incorrect state assumptions or unauthorized token movements. The contract handles low-level CALL success but does not decode or verify returned data, risking silent failures with non-standard tokens.",
"recommendation": "Use safe ERC20 wrappers that decode return data and require true responses. Restrict interactions to well-known tokens where possible.",
"evidence": "Detector outputs show 'returndata_checked: null' for CALLs at pcs 645, 838, and 1100. Bytecode uses low-level CALL with revert only on call failure, without validating ERC20 return data.",
"locations": ["pc:645", "pc:838", "pc:1100"]
}
]
}
```
codex
{"no_findings":false,"summary":"Bytecode indicates five callable selectors, no proxy/delegatecall usage, and multiple external CALLs (some with ETH value) to targets derived from storage or hard-coded addresses. Access control appears to rely on hard-coded addresses and a mapping check, but storage mutability and token behavior are unclear from runtime bytecode alone.","findings":[{"severity":"low","category":"other","title":"External CALL target/value derived from storage (potential arbitrary call/ETH transfer if mutable)","exploit_scenario":"Several functions build CALL targets from storage (slot 0/1) and then perform low-level CALLs. If those slots can be modified (e.g., via constructor parameters, a hidden setter, or compromised privileged role), a malicious target could be set to receive arbitrary calls and ETH value, enabling fund diversion or reentrant control flow. Runtime bytecode shows no obvious setter, so the risk depends on deploy-time configuration or unseen state mutation paths.","recommendation":"Treat storage slot addresses as immutable or strictly governed; add explicit access control and events for any setters; consider hard-coding or allowlisting external targets to prevent arbitrary call redirection.","evidence":"Detector flags untrusted CALL target/value reachable with computed target/value; callsites at pc 645/838/1100/1558/2051/2605/2710. Storage reads from slot 0 are used in call construction (e.g., SLOAD pc 326/525/718/997/1191/1459/1684/1952).","locations":["pc:645","pc:838","pc:1100","pc:1558","pc:2051","pc:2605","pc:2710","pc:326"]},{"severity":"low","category":"other","title":"ERC20 operations via low-level CALL without return-data validation","exploit_scenario":"The contract uses low-level CALLs for ERC20 `approve`/`transfer` without checking return data (only call success). Tokens that return `false` instead of reverting could cause the contract to assume success and proceed, leading to unexpected behavior or stuck funds. Known tokens like WETH are compliant, so impact depends on the token at runtime (e.g., storage-configured addresses).","recommendation":"After CALL, if returndata length > 0, require it to decode to `true`; or use a safe ERC20 wrapper pattern. Limit token interactions to known-good implementations.","evidence":"Detector examples show `returndata_checked: null` for CALL sites (pc 645/838/1100). Bytecode uses CALL + revert-on-failure but no explicit return-value decode.","locations":["pc:645","pc:838","pc:1100"]}]}
tokens used
40,525
{
"codex": {
"ran_at": "2026-01-22T04:18:55.102204+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 7214,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode indicates five callable selectors, no proxy/delegatecall usage, and multiple external CALLs (some with ETH value) to targets derived from storage or hard-coded addresses. Access control appears to rely on hard-coded addresses and a mapping check, but storage mutability and token behavior are unclear from runtime bytecode alone.",
"raw_final": {
"summary": "Bytecode indicates five callable selectors, no proxy/delegatecall usage, and multiple external CALLs (some with ETH value) to targets derived from storage or hard-coded addresses. Access control appears to rely on hard-coded addresses and a mapping check, but storage mutability and token behavior are unclear from runtime bytecode alone.",
"findings": [
{
"title": "External CALL target/value derived from storage (potential arbitrary call/ETH transfer if mutable)",
"category": "other",
"evidence": "Detector flags untrusted CALL target/value reachable with computed target/value; callsites at pc 645/838/1100/1558/2051/2605/2710. Storage reads from slot 0 are used in call construction (e.g., SLOAD pc 326/525/718/997/1191/1459/1684/1952).",
"severity": "low",
"locations": [
"pc:645",
"pc:838",
"pc:1100",
"pc:1558",
"pc:2051",
"pc:2605",
"pc:2710",
"pc:326"
],
"recommendation": "Treat storage slot addresses as immutable or strictly governed; add explicit access control and events for any setters; consider hard-coding or allowlisting external targets to prevent arbitrary call redirection.",
"exploit_scenario": "Several functions build CALL targets from storage (slot 0/1) and then perform low-level CALLs. If those slots can be modified (e.g., via constructor parameters, a hidden setter, or compromised privileged role), a malicious target could be set to receive arbitrary calls and ETH value, enabling fund diversion or reentrant control flow. Runtime bytecode shows no obvious setter, so the risk depends on deploy-time configuration or unseen state mutation paths."
},
{
"title": "ERC20 operations via low-level CALL without return-data validation",
"category": "other",
"evidence": "Detector examples show `returndata_checked: null` for CALL sites (pc 645/838/1100). Bytecode uses CALL + revert-on-failure but no explicit return-value decode.",
"severity": "low",
"locations": [
"pc:645",
"pc:838",
"pc:1100"
],
"recommendation": "After CALL, if returndata length > 0, require it to decode to `true`; or use a safe ERC20 wrapper pattern. Limit token interactions to known-good implementations.",
"exploit_scenario": "The contract uses low-level CALLs for ERC20 `approve`/`transfer` without checking return data (only call success). Tokens that return `false` instead of reverting could cause the contract to assume success and proceed, leading to unexpected behavior or stuck funds. Known tokens like WETH are compliant, so impact depends on the token at runtime (e.g., storage-configured addresses)."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x12424e3f 00000019: EQ 0000001a: PUSH2 0x005a 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x91bbdcc7 00000024: EQ 00000025: PUSH2 0x0071 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xd6febde8 0000002f: EQ 00000030: PUSH2 0x0088 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xd79875eb 0000003a: EQ 0000003b: PUSH2 0x00b1 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf3fef3a3 00000045: EQ 00000046: PUSH2 0x00da 00000049: JUMPI 0000004a: PUSH2 0x0055 0000004d: JUMP 0000004e: JUMPDEST 0000004f: CALLDATASIZE 00000050: PUSH2 0x0055 00000053: JUMPI 00000054: STOP 00000055: JUMPDEST 00000056: PUSH1 0x00 00000058: DUP1 00000059: REVERT 0000005a: JUMPDEST 0000005b: CALLVALUE 0000005c: DUP1 0000005d: ISZERO 0000005e: PUSH2 0x0066 00000061: JUMPI 00000062: PUSH1 0x00 00000064: DUP1 00000065: REVERT 00000066: JUMPDEST 00000067: POP 00000068: PUSH2 0x006f 0000006b: PUSH2 0x0103 0000006e: JUMP 0000006f: JUMPDEST 00000070: STOP 00000071: JUMPDEST 00000072: CALLVALUE 00000073: DUP1 00000074: ISZERO 00000075: PUSH2 0x007d 00000078: JUMPI 00000079: PUSH1 0x00 0000007b: DUP1 0000007c: REVERT 0000007d: JUMPDEST 0000007e: POP 0000007f: PUSH2 0x0086 00000082: PUSH2 0x035d 00000085: JUMP 00000086: JUMPDEST 00000087: STOP 00000088: JUMPDEST 00000089: CALLVALUE 0000008a: DUP1 0000008b: ISZERO 0000008c: PUSH2 0x0094 0000008f: JUMPI 00000090: PUSH1 0x00 00000092: DUP1 00000093: REVERT 00000094: JUMPDEST 00000095: POP 00000096: PUSH2 0x00af 00000099: PUSH1 0x04 0000009b: DUP1 0000009c: CALLDATASIZE 0000009d: SUB 0000009e: DUP2 0000009f: ADD 000000a0: SWAP1 000000a1: PUSH2 0x00aa 000000a4: SWAP2 000000a5: SWAP1 000000a6: PUSH2 0x0aed 000000a9: JUMP 000000aa: JUMPDEST 000000ab: PUSH2 0x0464 000000ae: JUMP 000000af: JUMPDEST 000000b0: STOP 000000b1: JUMPDEST 000000b2: CALLVALUE 000000b3: DUP1 000000b4: ISZERO 000000b5: PUSH2 0x00bd 000000b8: JUMPI 000000b9: PUSH1 0x00 000000bb: DUP1 000000bc: REVERT 000000bd: JUMPDEST 000000be: POP 000000bf: PUSH2 0x00d8 000000c2: PUSH1 0x04 000000c4: DUP1 000000c5: CALLDATASIZE 000000c6: SUB 000000c7: DUP2 000000c8: ADD 000000c9: SWAP1 000000ca: PUSH2 0x00d3 000000cd: SWAP2 000000ce: SWAP1 000000cf: PUSH2 0x0aed 000000d2: JUMP 000000d3: JUMPDEST 000000d4: PUSH2 0x0651 000000d7: JUMP 000000d8: JUMPDEST 000000d9: STOP 000000da: JUMPDEST 000000db: CALLVALUE 000000dc: DUP1 000000dd: ISZERO 000000de: PUSH2 0x00e6 000000e1: JUMPI 000000e2: PUSH1 0x00 000000e4: DUP1 000000e5: REVERT 000000e6: JUMPDEST 000000e7: POP 000000e8: PUSH2 0x0101 000000eb: PUSH1 0x04 000000ed: DUP1 000000ee: CALLDATASIZE 000000ef: SUB 000000f0: DUP2 000000f1: ADD 000000f2: SWAP1 000000f3: PUSH2 0x00fc 000000f6: SWAP2 000000f7: SWAP1 000000f8: PUSH2 0x0b8b 000000fb: JUMP 000000fc: JUMPDEST 000000fd: PUSH2 0x083e 00000100: JUMP 00000101: JUMPDEST 00000102: STOP 00000103: JUMPDEST 00000104: PUSH1 0x02 00000106: PUSH1 0x00 00000108: CALLER 00000109: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000011e: AND 0000011f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000134: AND 00000135: DUP2 00000136: MSTORE 00000137: PUSH1 0x20 00000139: ADD 0000013a: SWAP1 0000013b: DUP2 0000013c: MSTORE 0000013d: PUSH1 0x20 0000013f: ADD 00000140: PUSH1 0x00 00000142: KECCAK256 00000143: PUSH1 0x00 00000145: SWAP1 00000146: SLOAD 00000147: SWAP1 00000148: PUSH2 0x0100 0000014b: EXP 0000014c: SWAP1 0000014d: DIV 0000014e: PUSH1 0xff 00000150: AND 00000151: DUP1 00000152: PUSH2 0x019a 00000155: JUMPI 00000156: POP 00000157: PUSH20 0x42a0937ab5b1ee79a8fbc7a5c2bfeb31a1dc38cd 0000016c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000181: AND 00000182: CALLER 00000183: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000198: AND 00000199: EQ 0000019a: JUMPDEST 0000019b: PUSH2 0x01d9 0000019e: JUMPI 0000019f: PUSH1 0x40 000001a1: MLOAD 000001a2: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000001c3: DUP2 000001c4: MSTORE 000001c5: PUSH1 0x04 000001c7: ADD 000001c8: PUSH2 0x01d0 000001cb: SWAP1 000001cc: PUSH2 0x0c28 000001cf: JUMP 000001d0: JUMPDEST 000001d1: PUSH1 0x40 000001d3: MLOAD 000001d4: DUP1 000001d5: SWAP2 000001d6: SUB 000001d7: SWAP1 000001d8: REVERT 000001d9: JUMPDEST 000001da: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 000001ef: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000204: AND 00000205: PUSH4 0x095ea7b3 0000020a: PUSH1 0x00 0000020c: DUP1 0000020d: SLOAD 0000020e: SWAP1 0000020f: PUSH2 0x0100 00000212: EXP 00000213: SWAP1 00000214: DIV 00000215: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000022a: AND 0000022b: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000024c: PUSH1 0x40 0000024e: MLOAD 0000024f: DUP4 00000250: PUSH4 0xffffffff 00000255: AND 00000256: PUSH1 0xe0 00000258: SHL 00000259: DUP2 0000025a: MSTORE 0000025b: PUSH1 0x04 0000025d: ADD 0000025e: PUSH2 0x0268 00000261: SWAP3 00000262: SWAP2 00000263: SWAP1 00000264: PUSH2 0x0c66 00000267: JUMP 00000268: JUMPDEST 00000269: PUSH1 0x00 0000026b: PUSH1 0x40 0000026d: MLOAD 0000026e: DUP1 0000026f: DUP4 00000270: SUB 00000271: DUP2 00000272: PUSH1 0x00 00000274: DUP8 00000275: DUP1 00000276: EXTCODESIZE 00000277: ISZERO 00000278: DUP1 00000279: ISZERO 0000027a: PUSH2 0x0282 0000027d: JUMPI 0000027e: PUSH1 0x00 00000280: DUP1 00000281: REVERT 00000282: JUMPDEST 00000283: POP 00000284: GAS 00000285: CALL 00000286: ISZERO 00000287: DUP1 00000288: ISZERO 00000289: PUSH2 0x0296 0000028c: JUMPI 0000028d: RETURNDATASIZE 0000028e: PUSH1 0x00 00000290: DUP1 00000291: RETURNDATACOPY 00000292: RETURNDATASIZE 00000293: PUSH1 0x00 00000295: REVERT 00000296: JUMPDEST 00000297: POP 00000298: POP 00000299: POP 0000029a: POP 0000029b: PUSH20 0x21bfbda47a0b4b5b1248c767ee49f7caa9b23697 000002b0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002c5: AND 000002c6: PUSH4 0x095ea7b3 000002cb: PUSH1 0x00 000002cd: DUP1 000002ce: SLOAD 000002cf: SWAP1 000002d0: PUSH2 0x0100 000002d3: EXP 000002d4: SWAP1 000002d5: DIV 000002d6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002eb: AND 000002ec: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000030d: PUSH1 0x40 0000030f: MLOAD 00000310: DUP4 00000311: PUSH4 0xffffffff 00000316: AND 00000317: PUSH1 0xe0 00000319: SHL 0000031a: DUP2 0000031b: MSTORE 0000031c: PUSH1 0x04 0000031e: ADD 0000031f: PUSH2 0x0329 00000322: SWAP3 00000323: SWAP2 00000324: SWAP1 00000325: PUSH2 0x0c66 00000328: JUMP 00000329: JUMPDEST 0000032a: PUSH1 0x00 0000032c: PUSH1 0x40 0000032e: MLOAD 0000032f: DUP1 00000330: DUP4 00000331: SUB 00000332: DUP2 00000333: PUSH1 0x00 00000335: DUP8 00000336: DUP1 00000337: EXTCODESIZE 00000338: ISZERO 00000339: DUP1 0000033a: ISZERO 0000033b: PUSH2 0x0343 0000033e: JUMPI 0000033f: PUSH1 0x00 00000341: DUP1 00000342: REVERT 00000343: JUMPDEST 00000344: POP 00000345: GAS 00000346: CALL 00000347: ISZERO 00000348: DUP1 00000349: ISZERO 0000034a: PUSH2 0x0357 0000034d: JUMPI 0000034e: RETURNDATASIZE 0000034f: PUSH1 0x00 00000351: DUP1 00000352: RETURNDATACOPY 00000353: RETURNDATASIZE 00000354: PUSH1 0x00 00000356: REVERT 00000357: JUMPDEST 00000358: POP 00000359: POP 0000035a: POP 0000035b: POP 0000035c: JUMP 0000035d: JUMPDEST 0000035e: PUSH20 0x42a0937ab5b1ee79a8fbc7a5c2bfeb31a1dc38cd 00000373: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000388: AND 00000389: CALLER 0000038a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000039f: AND 000003a0: EQ 000003a1: PUSH2 0x03df 000003a4: JUMPI 000003a5: PUSH1 0x40 000003a7: MLOAD 000003a8: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000003c9: DUP2 000003ca: MSTORE 000003cb: PUSH1 0x04 000003cd: ADD 000003ce: PUSH2 0x03d6 000003d1: SWAP1 000003d2: PUSH2 0x0c28 000003d5: JUMP 000003d6: JUMPDEST 000003d7: PUSH1 0x40 000003d9: MLOAD 000003da: DUP1 000003db: SWAP2 000003dc: SUB 000003dd: SWAP1 000003de: REVERT 000003df: JUMPDEST 000003e0: PUSH1 0x01 000003e2: PUSH1 0x00 000003e4: SWAP1 000003e5: SLOAD 000003e6: SWAP1 000003e7: PUSH2 0x0100 000003ea: EXP 000003eb: SWAP1 000003ec: DIV 000003ed: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000402: AND 00000403: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000418: AND 00000419: PUSH4 0xd0e30db0 0000041e: SELFBALANCE 0000041f: PUSH1 0x40 00000421: MLOAD 00000422: DUP3 00000423: PUSH4 0xffffffff 00000428: AND 00000429: PUSH1 0xe0 0000042b: SHL 0000042c: DUP2 0000042d: MSTORE 0000042e: PUSH1 0x04 00000430: ADD 00000431: PUSH1 0x00 00000433: PUSH1 0x40 00000435: MLOAD 00000436: DUP1 00000437: DUP4 00000438: SUB 00000439: DUP2 0000043a: DUP6 0000043b: DUP9 0000043c: DUP1 0000043d: EXTCODESIZE 0000043e: ISZERO 0000043f: DUP1 00000440: ISZERO 00000441: PUSH2 0x0449 00000444: JUMPI 00000445: PUSH1 0x00 00000447: DUP1 00000448: REVERT 00000449: JUMPDEST 0000044a: POP 0000044b: GAS 0000044c: CALL 0000044d: ISZERO 0000044e: DUP1 0000044f: ISZERO 00000450: PUSH2 0x045d 00000453: JUMPI 00000454: RETURNDATASIZE 00000455: PUSH1 0x00 00000457: DUP1 00000458: RETURNDATACOPY 00000459: RETURNDATASIZE 0000045a: PUSH1 0x00 0000045c: REVERT 0000045d: JUMPDEST 0000045e: POP 0000045f: POP 00000460: POP 00000461: POP 00000462: POP 00000463: JUMP 00000464: JUMPDEST 00000465: PUSH1 0x02 00000467: PUSH1 0x00 00000469: CALLER 0000046a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000047f: AND 00000480: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000495: AND 00000496: DUP2 00000497: MSTORE 00000498: PUSH1 0x20 0000049a: ADD 0000049b: SWAP1 0000049c: DUP2 0000049d: MSTORE 0000049e: PUSH1 0x20 000004a0: ADD 000004a1: PUSH1 0x00 000004a3: KECCAK256 000004a4: PUSH1 0x00 000004a6: SWAP1 000004a7: SLOAD 000004a8: SWAP1 000004a9: PUSH2 0x0100 000004ac: EXP 000004ad: SWAP1 000004ae: DIV 000004af: PUSH1 0xff 000004b1: AND 000004b2: PUSH2 0x04f0 000004b5: JUMPI 000004b6: PUSH1 0x40 000004b8: MLOAD 000004b9: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000004da: DUP2 000004db: MSTORE 000004dc: PUSH1 0x04 000004de: ADD 000004df: PUSH2 0x04e7 000004e2: SWAP1 000004e3: PUSH2 0x0c28 000004e6: JUMP 000004e7: JUMPDEST 000004e8: PUSH1 0x40 000004ea: MLOAD 000004eb: DUP1 000004ec: SWAP2 000004ed: SUB 000004ee: SWAP1 000004ef: REVERT 000004f0: JUMPDEST 000004f1: PUSH1 0x00 000004f3: PUSH1 0x40 000004f5: MLOAD 000004f6: DUP1 000004f7: PUSH1 0xe0 000004f9: ADD 000004fa: PUSH1 0x40 000004fc: MSTORE 000004fd: DUP1 000004fe: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000513: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000528: AND 00000529: DUP2 0000052a: MSTORE 0000052b: PUSH1 0x20 0000052d: ADD 0000052e: PUSH20 0x21bfbda47a0b4b5b1248c767ee49f7caa9b23697 00000543: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000558: AND 00000559: DUP2 0000055a: MSTORE 0000055b: PUSH1 0x20 0000055d: ADD 0000055e: PUSH2 0x2710 00000561: PUSH3 0xffffff 00000565: AND 00000566: DUP2 00000567: MSTORE 00000568: PUSH1 0x20 0000056a: ADD 0000056b: ADDRESS 0000056c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000581: AND 00000582: DUP2 00000583: MSTORE 00000584: PUSH1 0x20 00000586: ADD 00000587: DUP5 00000588: DUP2 00000589: MSTORE 0000058a: PUSH1 0x20 0000058c: ADD 0000058d: DUP4 0000058e: DUP2 0000058f: MSTORE 00000590: PUSH1 0x20 00000592: ADD 00000593: PUSH1 0x00 00000595: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005aa: AND 000005ab: DUP2 000005ac: MSTORE 000005ad: POP 000005ae: SWAP1 000005af: POP 000005b0: PUSH1 0x00 000005b2: DUP1 000005b3: SLOAD 000005b4: SWAP1 000005b5: PUSH2 0x0100 000005b8: EXP 000005b9: SWAP1 000005ba: DIV 000005bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005d0: AND 000005d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005e6: AND 000005e7: PUSH4 0x04e45aaf 000005ec: DUP3 000005ed: PUSH1 0x40 000005ef: MLOAD 000005f0: DUP3 000005f1: PUSH4 0xffffffff 000005f6: AND 000005f7: PUSH1 0xe0 000005f9: SHL 000005fa: DUP2 000005fb: MSTORE 000005fc: PUSH1 0x04 000005fe: ADD 000005ff: PUSH2 0x0608 00000602: SWAP2 00000603: SWAP1 00000604: PUSH2 0x0d68 00000607: JUMP 00000608: JUMPDEST 00000609: PUSH1 0x20 0000060b: PUSH1 0x40 0000060d: MLOAD 0000060e: DUP1 0000060f: DUP4 00000610: SUB 00000611: DUP2 00000612: PUSH1 0x00 00000614: DUP8 00000615: GAS 00000616: CALL 00000617: ISZERO 00000618: DUP1 00000619: ISZERO 0000061a: PUSH2 0x0627 0000061d: JUMPI 0000061e: RETURNDATASIZE 0000061f: PUSH1 0x00 00000621: DUP1 00000622: RETURNDATACOPY 00000623: RETURNDATASIZE 00000624: PUSH1 0x00 00000626: REVERT 00000627: JUMPDEST 00000628: POP 00000629: POP 0000062a: POP 0000062b: POP 0000062c: PUSH1 0x40 0000062e: MLOAD 0000062f: RETURNDATASIZE 00000630: PUSH1 0x1f 00000632: NOT 00000633: PUSH1 0x1f 00000635: DUP3 00000636: ADD 00000637: AND 00000638: DUP3 00000639: ADD 0000063a: DUP1 0000063b: PUSH1 0x40 0000063d: MSTORE 0000063e: POP 0000063f: DUP2 00000640: ADD 00000641: SWAP1 00000642: PUSH2 0x064b 00000645: SWAP2 00000646: SWAP1 00000647: PUSH2 0x0d98 0000064a: JUMP 0000064b: JUMPDEST 0000064c: POP 0000064d: POP 0000064e: POP 0000064f: POP 00000650: JUMP 00000651: JUMPDEST 00000652: PUSH1 0x02 00000654: PUSH1 0x00 00000656: CALLER 00000657: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000066c: AND 0000066d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000682: AND 00000683: DUP2 00000684: MSTORE 00000685: PUSH1 0x20 00000687: ADD 00000688: SWAP1 00000689: DUP2 0000068a: MSTORE 0000068b: PUSH1 0x20 0000068d: ADD 0000068e: PUSH1 0x00 00000690: KECCAK256 00000691: PUSH1 0x00 00000693: SWAP1 00000694: SLOAD 00000695: SWAP1 00000696: PUSH2 0x0100 00000699: EXP 0000069a: SWAP1 0000069b: DIV 0000069c: PUSH1 0xff 0000069e: AND 0000069f: PUSH2 0x06dd 000006a2: JUMPI 000006a3: PUSH1 0x40 000006a5: MLOAD 000006a6: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000006c7: DUP2 000006c8: MSTORE 000006c9: PUSH1 0x04 000006cb: ADD 000006cc: PUSH2 0x06d4 000006cf: SWAP1 000006d0: PUSH2 0x0c28 000006d3: JUMP 000006d4: JUMPDEST 000006d5: PUSH1 0x40 000006d7: MLOAD 000006d8: DUP1 000006d9: SWAP2 000006da: SUB 000006db: SWAP1 000006dc: REVERT 000006dd: JUMPDEST 000006de: PUSH1 0x00 000006e0: PUSH1 0x40 000006e2: MLOAD 000006e3: DUP1 000006e4: PUSH1 0xe0 000006e6: ADD 000006e7: PUSH1 0x40 000006e9: MSTORE 000006ea: DUP1 000006eb: PUSH20 0x21bfbda47a0b4b5b1248c767ee49f7caa9b23697 00000700: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000715: AND 00000716: DUP2 00000717: MSTORE 00000718: PUSH1 0x20 0000071a: ADD 0000071b: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000730: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000745: AND 00000746: DUP2 00000747: MSTORE 00000748: PUSH1 0x20 0000074a: ADD 0000074b: PUSH2 0x2710 0000074e: PUSH3 0xffffff 00000752: AND 00000753: DUP2 00000754: MSTORE 00000755: PUSH1 0x20 00000757: ADD 00000758: ADDRESS 00000759: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000076e: AND 0000076f: DUP2 00000770: MSTORE 00000771: PUSH1 0x20 00000773: ADD 00000774: DUP5 00000775: DUP2 00000776: MSTORE 00000777: PUSH1 0x20 00000779: ADD 0000077a: DUP4 0000077b: DUP2 0000077c: MSTORE 0000077d: PUSH1 0x20 0000077f: ADD 00000780: PUSH1 0x00 00000782: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000797: AND 00000798: DUP2 00000799: MSTORE 0000079a: POP 0000079b: SWAP1 0000079c: POP 0000079d: PUSH1 0x00 0000079f: DUP1 000007a0: SLOAD 000007a1: SWAP1 000007a2: PUSH2 0x0100 000007a5: EXP 000007a6: SWAP1 000007a7: DIV 000007a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007bd: AND 000007be: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007d3: AND 000007d4: PUSH4 0x04e45aaf 000007d9: DUP3 000007da: PUSH1 0x40 000007dc: MLOAD 000007dd: DUP3 000007de: PUSH4 0xffffffff 000007e3: AND 000007e4: PUSH1 0xe0 000007e6: SHL 000007e7: DUP2 000007e8: MSTORE 000007e9: PUSH1 0x04 000007eb: ADD 000007ec: PUSH2 0x07f5 000007ef: SWAP2 000007f0: SWAP1 000007f1: PUSH2 0x0d68 000007f4: JUMP 000007f5: JUMPDEST 000007f6: PUSH1 0x20 000007f8: PUSH1 0x40 000007fa: MLOAD 000007fb: DUP1 000007fc: DUP4 000007fd: SUB 000007fe: DUP2 000007ff: PUSH1 0x00 00000801: DUP8 00000802: GAS 00000803: CALL 00000804: ISZERO 00000805: DUP1 00000806: ISZERO 00000807: PUSH2 0x0814 0000080a: JUMPI 0000080b: RETURNDATASIZE 0000080c: PUSH1 0x00 0000080e: DUP1 0000080f: RETURNDATACOPY 00000810: RETURNDATASIZE 00000811: PUSH1 0x00 00000813: REVERT 00000814: JUMPDEST 00000815: POP 00000816: POP 00000817: POP 00000818: POP 00000819: PUSH1 0x40 0000081b: MLOAD 0000081c: RETURNDATASIZE 0000081d: PUSH1 0x1f 0000081f: NOT 00000820: PUSH1 0x1f 00000822: DUP3 00000823: ADD 00000824: AND 00000825: DUP3 00000826: ADD 00000827: DUP1 00000828: PUSH1 0x40 0000082a: MSTORE 0000082b: POP 0000082c: DUP2 0000082d: ADD 0000082e: SWAP1 0000082f: PUSH2 0x0838 00000832: SWAP2 00000833: SWAP1 00000834: PUSH2 0x0d98 00000837: JUMP 00000838: JUMPDEST 00000839: POP 0000083a: POP 0000083b: POP 0000083c: POP 0000083d: JUMP 0000083e: JUMPDEST 0000083f: PUSH19 0xa300e5dee37d8d87e98e5c179eb7f7992f1000 00000853: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000868: AND 00000869: CALLER 0000086a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000087f: AND 00000880: EQ 00000881: DUP1 00000882: PUSH2 0x08ca 00000885: JUMPI 00000886: POP 00000887: PUSH20 0x42a0937ab5b1ee79a8fbc7a5c2bfeb31a1dc38cd 0000089c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008b1: AND 000008b2: CALLER 000008b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008c8: AND 000008c9: EQ 000008ca: JUMPDEST 000008cb: PUSH2 0x0909 000008ce: JUMPI 000008cf: PUSH1 0x40 000008d1: MLOAD 000008d2: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000008f3: DUP2 000008f4: MSTORE 000008f5: PUSH1 0x04 000008f7: ADD 000008f8: PUSH2 0x0900 000008fb: SWAP1 000008fc: PUSH2 0x0c28 000008ff: JUMP 00000900: JUMPDEST 00000901: PUSH1 0x40 00000903: MLOAD 00000904: DUP1 00000905: SWAP2 00000906: SUB 00000907: SWAP1 00000908: REVERT 00000909: JUMPDEST 0000090a: PUSH1 0x00 0000090c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000921: AND 00000922: DUP3 00000923: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000938: AND 00000939: EQ 0000093a: PUSH2 0x0a47 0000093d: JUMPI 0000093e: PUSH1 0x00 00000940: DUP2 00000941: SUB 00000942: PUSH2 0x09c2 00000945: JUMPI 00000946: DUP2 00000947: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000095c: AND 0000095d: PUSH4 0x70a08231 00000962: ADDRESS 00000963: PUSH1 0x40 00000965: MLOAD 00000966: DUP3 00000967: PUSH4 0xffffffff 0000096c: AND 0000096d: PUSH1 0xe0 0000096f: SHL 00000970: DUP2 00000971: MSTORE 00000972: PUSH1 0x04 00000974: ADD 00000975: PUSH2 0x097e 00000978: SWAP2 00000979: SWAP1 0000097a: PUSH2 0x0dc5 0000097d: JUMP 0000097e: JUMPDEST 0000097f: PUSH1 0x20 00000981: PUSH1 0x40 00000983: MLOAD 00000984: DUP1 00000985: DUP4 00000986: SUB 00000987: DUP2 00000988: DUP7 00000989: GAS 0000098a: STATICCALL 0000098b: ISZERO 0000098c: DUP1 0000098d: ISZERO 0000098e: PUSH2 0x099b 00000991: JUMPI 00000992: RETURNDATASIZE 00000993: PUSH1 0x00 00000995: DUP1 00000996: RETURNDATACOPY 00000997: RETURNDATASIZE 00000998: PUSH1 0x00 0000099a: REVERT 0000099b: JUMPDEST 0000099c: POP 0000099d: POP 0000099e: POP 0000099f: POP 000009a0: PUSH1 0x40 000009a2: MLOAD 000009a3: RETURNDATASIZE 000009a4: PUSH1 0x1f 000009a6: NOT 000009a7: PUSH1 0x1f 000009a9: DUP3 000009aa: ADD 000009ab: AND 000009ac: DUP3 000009ad: ADD 000009ae: DUP1 000009af: PUSH1 0x40 000009b1: MSTORE 000009b2: POP 000009b3: DUP2 000009b4: ADD 000009b5: SWAP1 000009b6: PUSH2 0x09bf 000009b9: SWAP2 000009ba: SWAP1 000009bb: PUSH2 0x0d98 000009be: JUMP 000009bf: JUMPDEST 000009c0: SWAP1 000009c1: POP 000009c2: JUMPDEST 000009c3: DUP2 000009c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009d9: AND 000009da: PUSH4 0xa9059cbb 000009df: PUSH19 0xa300e5dee37d8d87e98e5c179eb7f7992f1000 000009f3: DUP4 000009f4: PUSH1 0x40 000009f6: MLOAD 000009f7: DUP4 000009f8: PUSH4 0xffffffff 000009fd: AND 000009fe: PUSH1 0xe0 00000a00: SHL 00000a01: DUP2 00000a02: MSTORE 00000a03: PUSH1 0x04 00000a05: ADD 00000a06: PUSH2 0x0a10 00000a09: SWAP3 00000a0a: SWAP2 00000a0b: SWAP1 00000a0c: PUSH2 0x0c66 00000a0f: JUMP 00000a10: JUMPDEST 00000a11: PUSH1 0x00 00000a13: PUSH1 0x40 00000a15: MLOAD 00000a16: DUP1 00000a17: DUP4 00000a18: SUB 00000a19: DUP2 00000a1a: PUSH1 0x00 00000a1c: DUP8 00000a1d: DUP1 00000a1e: EXTCODESIZE 00000a1f: ISZERO 00000a20: DUP1 00000a21: ISZERO 00000a22: PUSH2 0x0a2a 00000a25: JUMPI 00000a26: PUSH1 0x00 00000a28: DUP1 00000a29: REVERT 00000a2a: JUMPDEST 00000a2b: POP 00000a2c: GAS 00000a2d: CALL 00000a2e: ISZERO 00000a2f: DUP1 00000a30: ISZERO 00000a31: PUSH2 0x0a3e 00000a34: JUMPI 00000a35: RETURNDATASIZE 00000a36: PUSH1 0x00 00000a38: DUP1 00000a39: RETURNDATACOPY 00000a3a: RETURNDATASIZE 00000a3b: PUSH1 0x00 00000a3d: REVERT 00000a3e: JUMPDEST 00000a3f: POP 00000a40: POP 00000a41: POP 00000a42: POP 00000a43: PUSH2 0x0aae 00000a46: JUMP 00000a47: JUMPDEST 00000a48: PUSH1 0x00 00000a4a: DUP2 00000a4b: SUB 00000a4c: PUSH2 0x0a53 00000a4f: JUMPI 00000a50: SELFBALANCE 00000a51: SWAP1 00000a52: POP 00000a53: JUMPDEST 00000a54: PUSH19 0xa300e5dee37d8d87e98e5c179eb7f7992f1000 00000a68: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a7d: AND 00000a7e: PUSH2 0x08fc 00000a81: DUP3 00000a82: SWAP1 00000a83: DUP2 00000a84: ISZERO 00000a85: MUL 00000a86: SWAP1 00000a87: PUSH1 0x40 00000a89: MLOAD 00000a8a: PUSH1 0x00 00000a8c: PUSH1 0x40 00000a8e: MLOAD 00000a8f: DUP1 00000a90: DUP4 00000a91: SUB 00000a92: DUP2 00000a93: DUP6 00000a94: DUP9 00000a95: DUP9 00000a96: CALL 00000a97: SWAP4 00000a98: POP 00000a99: POP 00000a9a: POP 00000a9b: POP 00000a9c: ISZERO 00000a9d: DUP1 00000a9e: ISZERO 00000a9f: PUSH2 0x0aac 00000aa2: JUMPI 00000aa3: RETURNDATASIZE 00000aa4: PUSH1 0x00 00000aa6: DUP1 00000aa7: RETURNDATACOPY 00000aa8: RETURNDATASIZE 00000aa9: PUSH1 0x00 00000aab: REVERT 00000aac: JUMPDEST 00000aad: POP 00000aae: JUMPDEST 00000aaf: POP 00000ab0: POP 00000ab1: JUMP 00000ab2: JUMPDEST 00000ab3: PUSH1 0x00 00000ab5: DUP1 00000ab6: REVERT 00000ab7: JUMPDEST 00000ab8: PUSH1 0x00 00000aba: DUP2 00000abb: SWAP1 00000abc: POP 00000abd: SWAP2 00000abe: SWAP1 00000abf: POP 00000ac0: JUMP 00000ac1: JUMPDEST 00000ac2: PUSH2 0x0aca 00000ac5: DUP2 00000ac6: PUSH2 0x0ab7 00000ac9: JUMP 00000aca: JUMPDEST 00000acb: DUP2 00000acc: EQ 00000acd: PUSH2 0x0ad5 00000ad0: JUMPI 00000ad1: PUSH1 0x00 00000ad3: DUP1 00000ad4: REVERT 00000ad5: JUMPDEST 00000ad6: POP 00000ad7: JUMP 00000ad8: JUMPDEST 00000ad9: PUSH1 0x00 00000adb: DUP2 00000adc: CALLDATALOAD 00000add: SWAP1 00000ade: POP 00000adf: PUSH2 0x0ae7 00000ae2: DUP2 00000ae3: PUSH2 0x0ac1 00000ae6: JUMP 00000ae7: JUMPDEST 00000ae8: SWAP3 00000ae9: SWAP2 00000aea: POP 00000aeb: POP 00000aec: JUMP 00000aed: JUMPDEST 00000aee: PUSH1 0x00 00000af0: DUP1 00000af1: PUSH1 0x40 00000af3: DUP4 00000af4: DUP6 00000af5: SUB 00000af6: SLT 00000af7: ISZERO 00000af8: PUSH2 0x0b04 00000afb: JUMPI 00000afc: PUSH2 0x0b03 00000aff: PUSH2 0x0ab2 00000b02: JUMP 00000b03: JUMPDEST 00000b04: JUMPDEST 00000b05: PUSH1 0x00 00000b07: PUSH2 0x0b12 00000b0a: DUP6 00000b0b: DUP3 00000b0c: DUP7 00000b0d: ADD 00000b0e: PUSH2 0x0ad8 00000b11: JUMP 00000b12: JUMPDEST 00000b13: SWAP3 00000b14: POP 00000b15: POP 00000b16: PUSH1 0x20 00000b18: PUSH2 0x0b23 00000b1b: DUP6 00000b1c: DUP3 00000b1d: DUP7 00000b1e: ADD 00000b1f: PUSH2 0x0ad8 00000b22: JUMP 00000b23: JUMPDEST 00000b24: SWAP2 00000b25: POP 00000b26: POP 00000b27: SWAP3 00000b28: POP 00000b29: SWAP3 00000b2a: SWAP1 00000b2b: POP 00000b2c: JUMP 00000b2d: JUMPDEST 00000b2e: PUSH1 0x00 00000b30: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b45: DUP3 00000b46: AND 00000b47: SWAP1 00000b48: POP 00000b49: SWAP2 00000b4a: SWAP1 00000b4b: POP 00000b4c: JUMP 00000b4d: JUMPDEST 00000b4e: PUSH1 0x00 00000b50: PUSH2 0x0b58 00000b53: DUP3 00000b54: PUSH2 0x0b2d 00000b57: JUMP 00000b58: JUMPDEST 00000b59: SWAP1 00000b5a: POP 00000b5b: SWAP2 00000b5c: SWAP1 00000b5d: POP 00000b5e: JUMP 00000b5f: JUMPDEST 00000b60: PUSH2 0x0b68 00000b63: DUP2 00000b64: PUSH2 0x0b4d 00000b67: JUMP 00000b68: JUMPDEST 00000b69: DUP2 00000b6a: EQ 00000b6b: PUSH2 0x0b73 00000b6e: JUMPI 00000b6f: PUSH1 0x00 00000b71: DUP1 00000b72: REVERT 00000b73: JUMPDEST 00000b74: POP 00000b75: JUMP 00000b76: JUMPDEST 00000b77: PUSH1 0x00 00000b79: DUP2 00000b7a: CALLDATALOAD 00000b7b: SWAP1 00000b7c: POP 00000b7d: PUSH2 0x0b85 00000b80: DUP2 00000b81: PUSH2 0x0b5f 00000b84: JUMP 00000b85: JUMPDEST 00000b86: SWAP3 00000b87: SWAP2 00000b88: POP 00000b89: POP 00000b8a: JUMP 00000b8b: JUMPDEST 00000b8c: PUSH1 0x00 00000b8e: DUP1 00000b8f: PUSH1 0x40 00000b91: DUP4 00000b92: DUP6 00000b93: SUB 00000b94: SLT 00000b95: ISZERO 00000b96: PUSH2 0x0ba2 00000b99: JUMPI 00000b9a: PUSH2 0x0ba1 00000b9d: PUSH2 0x0ab2 00000ba0: JUMP 00000ba1: JUMPDEST 00000ba2: JUMPDEST 00000ba3: PUSH1 0x00 00000ba5: PUSH2 0x0bb0 00000ba8: DUP6 00000ba9: DUP3 00000baa: DUP7 00000bab: ADD 00000bac: PUSH2 0x0b76 00000baf: JUMP 00000bb0: JUMPDEST 00000bb1: SWAP3 00000bb2: POP 00000bb3: POP 00000bb4: PUSH1 0x20 00000bb6: PUSH2 0x0bc1 00000bb9: DUP6 00000bba: DUP3 00000bbb: DUP7 00000bbc: ADD 00000bbd: PUSH2 0x0ad8 00000bc0: JUMP 00000bc1: JUMPDEST 00000bc2: SWAP2 00000bc3: POP 00000bc4: POP 00000bc5: SWAP3 00000bc6: POP 00000bc7: SWAP3 00000bc8: SWAP1 00000bc9: POP 00000bca: JUMP 00000bcb: JUMPDEST 00000bcc: PUSH1 0x00 00000bce: DUP3 00000bcf: DUP3 00000bd0: MSTORE 00000bd1: PUSH1 0x20 00000bd3: DUP3 00000bd4: ADD 00000bd5: SWAP1 00000bd6: POP 00000bd7: SWAP3 00000bd8: SWAP2 00000bd9: POP 00000bda: POP 00000bdb: JUMP 00000bdc: JUMPDEST 00000bdd: PUSH32 0x4e6f207065726d697373696f6e73000000000000000000000000000000000000 00000bfe: PUSH1 0x00 00000c00: DUP3 00000c01: ADD 00000c02: MSTORE 00000c03: POP 00000c04: JUMP 00000c05: JUMPDEST 00000c06: PUSH1 0x00 00000c08: PUSH2 0x0c12 00000c0b: PUSH1 0x0e 00000c0d: DUP4 00000c0e: PUSH2 0x0bcb 00000c11: JUMP 00000c12: JUMPDEST 00000c13: SWAP2 00000c14: POP 00000c15: PUSH2 0x0c1d 00000c18: DUP3 00000c19: PUSH2 0x0bdc 00000c1c: JUMP 00000c1d: JUMPDEST 00000c1e: PUSH1 0x20 00000c20: DUP3 00000c21: ADD 00000c22: SWAP1 00000c23: POP 00000c24: SWAP2 00000c25: SWAP1 00000c26: POP 00000c27: JUMP 00000c28: JUMPDEST 00000c29: PUSH1 0x00 00000c2b: PUSH1 0x20 00000c2d: DUP3 00000c2e: ADD 00000c2f: SWAP1 00000c30: POP 00000c31: DUP2 00000c32: DUP2 00000c33: SUB 00000c34: PUSH1 0x00 00000c36: DUP4 00000c37: ADD 00000c38: MSTORE 00000c39: PUSH2 0x0c41 00000c3c: DUP2 00000c3d: PUSH2 0x0c05 00000c40: JUMP 00000c41: JUMPDEST 00000c42: SWAP1 00000c43: POP 00000c44: SWAP2 00000c45: SWAP1 00000c46: POP 00000c47: JUMP 00000c48: JUMPDEST 00000c49: PUSH2 0x0c51 00000c4c: DUP2 00000c4d: PUSH2 0x0b4d 00000c50: JUMP 00000c51: JUMPDEST 00000c52: DUP3 00000c53: MSTORE 00000c54: POP 00000c55: POP 00000c56: JUMP 00000c57: JUMPDEST 00000c58: PUSH2 0x0c60 00000c5b: DUP2 00000c5c: PUSH2 0x0ab7 00000c5f: JUMP 00000c60: JUMPDEST 00000c61: DUP3 00000c62: MSTORE 00000c63: POP 00000c64: POP 00000c65: JUMP 00000c66: JUMPDEST 00000c67: PUSH1 0x00 00000c69: PUSH1 0x40 00000c6b: DUP3 00000c6c: ADD 00000c6d: SWAP1 00000c6e: POP 00000c6f: PUSH2 0x0c7b 00000c72: PUSH1 0x00 00000c74: DUP4 00000c75: ADD 00000c76: DUP6 00000c77: PUSH2 0x0c48 00000c7a: JUMP 00000c7b: JUMPDEST 00000c7c: PUSH2 0x0c88 00000c7f: PUSH1 0x20 00000c81: DUP4 00000c82: ADD 00000c83: DUP5 00000c84: PUSH2 0x0c57 00000c87: JUMP 00000c88: JUMPDEST 00000c89: SWAP4 00000c8a: SWAP3 00000c8b: POP 00000c8c: POP 00000c8d: POP 00000c8e: JUMP 00000c8f: JUMPDEST 00000c90: PUSH2 0x0c98 00000c93: DUP2 00000c94: PUSH2 0x0b4d 00000c97: JUMP 00000c98: JUMPDEST 00000c99: DUP3 00000c9a: MSTORE 00000c9b: POP 00000c9c: POP 00000c9d: JUMP 00000c9e: JUMPDEST 00000c9f: PUSH1 0x00 00000ca1: PUSH3 0xffffff 00000ca5: DUP3 00000ca6: AND 00000ca7: SWAP1 00000ca8: POP 00000ca9: SWAP2 00000caa: SWAP1 00000cab: POP 00000cac: JUMP 00000cad: JUMPDEST 00000cae: PUSH2 0x0cb6 00000cb1: DUP2 00000cb2: PUSH2 0x0c9e 00000cb5: JUMP 00000cb6: JUMPDEST 00000cb7: DUP3 00000cb8: MSTORE 00000cb9: POP 00000cba: POP 00000cbb: JUMP 00000cbc: JUMPDEST 00000cbd: PUSH2 0x0cc5 00000cc0: DUP2 00000cc1: PUSH2 0x0ab7 00000cc4: JUMP 00000cc5: JUMPDEST 00000cc6: DUP3 00000cc7: MSTORE 00000cc8: POP 00000cc9: POP 00000cca: JUMP 00000ccb: JUMPDEST 00000ccc: PUSH2 0x0cd4 00000ccf: DUP2 00000cd0: PUSH2 0x0b2d 00000cd3: JUMP 00000cd4: JUMPDEST 00000cd5: DUP3 00000cd6: MSTORE 00000cd7: POP 00000cd8: POP 00000cd9: JUMP 00000cda: JUMPDEST 00000cdb: PUSH1 0xe0 00000cdd: DUP3 00000cde: ADD 00000cdf: PUSH1 0x00 00000ce1: DUP3 00000ce2: ADD 00000ce3: MLOAD 00000ce4: PUSH2 0x0cf0 00000ce7: PUSH1 0x00 00000ce9: DUP6 00000cea: ADD 00000ceb: DUP3 00000cec: PUSH2 0x0c8f 00000cef: JUMP 00000cf0: JUMPDEST 00000cf1: POP 00000cf2: PUSH1 0x20 00000cf4: DUP3 00000cf5: ADD 00000cf6: MLOAD 00000cf7: PUSH2 0x0d03 00000cfa: PUSH1 0x20 00000cfc: DUP6 00000cfd: ADD 00000cfe: DUP3 00000cff: PUSH2 0x0c8f 00000d02: JUMP 00000d03: JUMPDEST 00000d04: POP 00000d05: PUSH1 0x40 00000d07: DUP3 00000d08: ADD 00000d09: MLOAD 00000d0a: PUSH2 0x0d16 00000d0d: PUSH1 0x40 00000d0f: DUP6 00000d10: ADD 00000d11: DUP3 00000d12: PUSH2 0x0cad 00000d15: JUMP 00000d16: JUMPDEST 00000d17: POP 00000d18: PUSH1 0x60 00000d1a: DUP3 00000d1b: ADD 00000d1c: MLOAD 00000d1d: PUSH2 0x0d29 00000d20: PUSH1 0x60 00000d22: DUP6 00000d23: ADD 00000d24: DUP3 00000d25: PUSH2 0x0c8f 00000d28: JUMP 00000d29: JUMPDEST 00000d2a: POP 00000d2b: PUSH1 0x80 00000d2d: DUP3 00000d2e: ADD 00000d2f: MLOAD 00000d30: PUSH2 0x0d3c 00000d33: PUSH1 0x80 00000d35: DUP6 00000d36: ADD 00000d37: DUP3 00000d38: PUSH2 0x0cbc 00000d3b: JUMP 00000d3c: JUMPDEST 00000d3d: POP 00000d3e: PUSH1 0xa0 00000d40: DUP3 00000d41: ADD 00000d42: MLOAD 00000d43: PUSH2 0x0d4f 00000d46: PUSH1 0xa0 00000d48: DUP6 00000d49: ADD 00000d4a: DUP3 00000d4b: PUSH2 0x0cbc 00000d4e: JUMP 00000d4f: JUMPDEST 00000d50: POP 00000d51: PUSH1 0xc0 00000d53: DUP3 00000d54: ADD 00000d55: MLOAD 00000d56: PUSH2 0x0d62 00000d59: PUSH1 0xc0 00000d5b: DUP6 00000d5c: ADD 00000d5d: DUP3 00000d5e: PUSH2 0x0ccb 00000d61: JUMP 00000d62: JUMPDEST 00000d63: POP 00000d64: POP 00000d65: POP 00000d66: POP 00000d67: JUMP 00000d68: JUMPDEST 00000d69: PUSH1 0x00 00000d6b: PUSH1 0xe0 00000d6d: DUP3 00000d6e: ADD 00000d6f: SWAP1 00000d70: POP 00000d71: PUSH2 0x0d7d 00000d74: PUSH1 0x00 00000d76: DUP4 00000d77: ADD 00000d78: DUP5 00000d79: PUSH2 0x0cda 00000d7c: JUMP 00000d7d: JUMPDEST 00000d7e: SWAP3 00000d7f: SWAP2 00000d80: POP 00000d81: POP 00000d82: JUMP 00000d83: JUMPDEST 00000d84: PUSH1 0x00 00000d86: DUP2 00000d87: MLOAD 00000d88: SWAP1 00000d89: POP 00000d8a: PUSH2 0x0d92 00000d8d: DUP2 00000d8e: PUSH2 0x0ac1 00000d91: JUMP 00000d92: JUMPDEST 00000d93: SWAP3 00000d94: SWAP2 00000d95: POP 00000d96: POP 00000d97: JUMP 00000d98: JUMPDEST 00000d99: PUSH1 0x00 00000d9b: PUSH1 0x20 00000d9d: DUP3 00000d9e: DUP5 00000d9f: SUB 00000da0: SLT 00000da1: ISZERO 00000da2: PUSH2 0x0dae 00000da5: JUMPI 00000da6: PUSH2 0x0dad 00000da9: PUSH2 0x0ab2 00000dac: JUMP 00000dad: JUMPDEST 00000dae: JUMPDEST 00000daf: PUSH1 0x00 00000db1: PUSH2 0x0dbc 00000db4: DUP5 00000db5: DUP3 00000db6: DUP6 00000db7: ADD 00000db8: PUSH2 0x0d83 00000dbb: JUMP 00000dbc: JUMPDEST 00000dbd: SWAP2 00000dbe: POP 00000dbf: POP 00000dc0: SWAP3 00000dc1: SWAP2 00000dc2: POP 00000dc3: POP 00000dc4: JUMP 00000dc5: JUMPDEST 00000dc6: PUSH1 0x00 00000dc8: PUSH1 0x20 00000dca: DUP3 00000dcb: ADD 00000dcc: SWAP1 00000dcd: POP 00000dce: PUSH2 0x0dda 00000dd1: PUSH1 0x00 00000dd3: DUP4 00000dd4: ADD 00000dd5: DUP5 00000dd6: PUSH2 0x0c48 00000dd9: JUMP 00000dda: JUMPDEST 00000ddb: SWAP3 00000ddc: SWAP2 00000ddd: POP 00000dde: POP 00000ddf: JUMP 00000de0: INVALID 00000de1: LOG2 00000de2: PUSH5 0x6970667358 00000de8: UNKNOWN(0x22) 00000de9: SLT 00000dea: KECCAK256 00000deb: PUSH11 0x6085cb79f9095103660f2b 00000df7: UNKNOWN(0xFC) 00000df8: UNKNOWN(0xBC) 00000df9: UNKNOWN(0xC1) 00000dfa: UNKNOWN(0xC7) 00000dfb: SSTORE 00000dfc: STOP 00000dfd: PUSH12 0xec5766766f1dad48468369dc 00000e0a: BYTE 00000e0b: PUSH5 0x736f6c6343 00000e11: STOP 00000e12: ADDMOD 00000e13: GT 00000e14: STOP 00000e15: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x1374a19c63f033f027d752410cef1d06571c3224d8d93c386a02efe2bd431445
call_targets:
0xfffe68c44264aa02020e30298f58f0004afc1527
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1374a19c63f033f027d752410cef1d06571c3224d8d93c386a02efe2bd431445",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xfffe68c44264aa02020e30298f58f0004afc1527"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x12424e3f",
"selector": "0x12424e3f",
"calldata_variants": [
"0x12424e3f",
"0x12424e3f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x91bbdcc7",
"selector": "0x91bbdcc7",
"calldata_variants": [
"0x91bbdcc7",
"0x91bbdcc70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd6febde8",
"selector": "0xd6febde8",
"calldata_variants": [
"0xd6febde8",
"0xd6febde80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd79875eb",
"selector": "0xd79875eb",
"calldata_variants": [
"0xd79875eb",
"0xd79875eb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf3fef3a3",
"selector": "0xf3fef3a3",
"calldata_variants": [
"0xf3fef3a3",
"0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 645,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 838,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1100,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 7,
"guards_detected": [
{
"pc": 386,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 905,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2153,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2226,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 7
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x1374a19c63f033f027d752410cef1d06571c3224d8d93c386a02efe2bd431445
call_targets:
0xfffe68c44264aa02020e30298f58f0004afc1527
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1374a19c63f033f027d752410cef1d06571c3224d8d93c386a02efe2bd431445",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xfffe68c44264aa02020e30298f58f0004afc1527"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x12424e3f",
"selector": "0x12424e3f",
"calldata_variants": [
"0x12424e3f",
"0x12424e3f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x91bbdcc7",
"selector": "0x91bbdcc7",
"calldata_variants": [
"0x91bbdcc7",
"0x91bbdcc70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd6febde8",
"selector": "0xd6febde8",
"calldata_variants": [
"0xd6febde8",
"0xd6febde80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd79875eb",
"selector": "0xd79875eb",
"calldata_variants": [
"0xd79875eb",
"0xd79875eb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf3fef3a3",
"selector": "0xf3fef3a3",
"calldata_variants": [
"0xf3fef3a3",
"0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 645,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 838,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1100,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 7,
"guards_detected": [
{
"pc": 386,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 905,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2153,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2226,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|
| low | other | codex | External CALL target/value derived from storage (potential arbitrary call/ETH transfer if mutable) | 65 | no | — |
viewevidence_json{
"evidence": "Detector flags untrusted CALL target/value reachable with computed target/value; callsites at pc 645/838/1100/1558/2051/2605/2710. Storage reads from slot 0 are used in call construction (e.g., SLOAD pc 326/525/718/997/1191/1459/1684/1952).",
"locations": [
"pc:645",
"pc:838",
"pc:1100",
"pc:1558",
"pc:2051",
"pc:2605",
"pc:2710",
"pc:326"
],
"recommendation": "Treat storage slot addresses as immutable or strictly governed; add explicit access control and events for any setters; consider hard-coding or allowlisting external targets to prevent arbitrary call redirection.",
"exploit_scenario": "Several functions build CALL targets from storage (slot 0/1) and then perform low-level CALLs. If those slots can be modified (e.g., via constructor parameters, a hidden setter, or compromised privileged role), a malicious target could be set to receive arbitrary calls and ETH value, enabling fund diversion or reentrant control flow. Runtime bytecode shows no obvious setter, so the risk depends on deploy-time configuration or unseen state mutation paths."
}
|
| low | other | codex | ERC20 operations via low-level CALL without return-data validation | 65 | no | — |
viewevidence_json{
"evidence": "Detector examples show `returndata_checked: null` for CALL sites (pc 645/838/1100). Bytecode uses CALL + revert-on-failure but no explicit return-value decode.",
"locations": [
"pc:645",
"pc:838",
"pc:1100"
],
"recommendation": "After CALL, if returndata length > 0, require it to decode to `true`; or use a safe ERC20 wrapper pattern. Limit token interactions to known-good implementations.",
"exploit_scenario": "The contract uses low-level CALLs for ERC20 `approve`/`transfer` without checking return data (only call success). Tokens that return `false` instead of reverting could cause the contract to assume success and proceed, leading to unexpected behavior or stuck funds. Known tokens like WETH are compliant, so impact depends on the token at runtime (e.g., storage-configured addresses)."
}
|