019be3d6-8398-7100-b97f-ba6bae47c55f
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 40890 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 40891 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 40892 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 40893 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 40894 | capability.graph | complete | 1 / 3 | 2 months ago |
| 40895 | detector.run | complete | 1 / 3 | 2 months ago |
| 40896 | validation.fork | complete | 1 / 3 | 2 months ago |
| 41358 | report.consolidate | complete | 1 / 6 | 2 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode exposes multiple low-level external calls (some with value) and state updates after those calls; access control around configuration/address setters is unclear and may be weak.","findings":[{"severity":"medium","category":"other","title":"Multiple low-level CALLs to computed targets with possible ETH transfer","exploit_scenario":"If an attacker can influence the CALL target or value (e.g., via a writable storage slot or user-controlled parameters), they could force arbitrary external calls that transfer ETH, leading to fund loss or malicious side effects. Even if targets are intended to be trusted, any misconfiguration of the stored address would route value to an attacker-controlled contract.","recommendation":"Restrict call targets to immutable or tightly controlled addresses, validate any setters that influence them, and consider higher-level interfaces over raw CALL. If ETH transfer is required, cap value and validate recipients.","evidence":"detector_findings report 11 CALL sites with computed target/value and no guards (untrusted_call_count=11, eth_value_calls=11); returndata checking is not confirmed. Calls observed at pcs 0x686, 0x890, 0x909, 0x999, 0xA51, 0xACA, 0xB7B, 0xC19, 0xC92, 0xD8F, 0xEF2.","locations":["pc:0x686","pc:0x890","pc:0x909","pc:0x999","pc:0xA51","pc:0xACA","pc:0xB7B","pc:0xC19","pc:0xC92","pc:0xD8F","pc:0xEF2"]},{"severity":"medium","category":"reentrancy","title":"State updates occur after external CALLs without a detected reentrancy guard","exploit_scenario":"An external call (e.g., to an oracle or other contract) happens before a storage write. If the callee can reenter (directly or indirectly), it may exploit intermediate state to trigger logic multiple times or corrupt accounting. This is especially relevant if the call target or value is attacker-influenced.","recommendation":"Update critical state before external calls (checks-effects-interactions) and/or add a reentrancy guard around external-call paths.","evidence":"CALL at pc:0x686 is followed by SSTORE at pc:0x69E; no reentrancy guard is detected in the artifact (guards list empty).","locations":["pc:0x686","pc:0x69E"]},{"severity":"low","category":"access_control","title":"Configuration/address setters appear without clear access control (oracle trust boundary risk)","exploit_scenario":"The bytecode contains multiple SSTOREs that update masked address slots with hard-coded addresses. If these paths are publicly callable, a user could alter the contract’s trusted oracle/resolver address, then call privileged callback paths to spoof data.","recommendation":"Ensure any setter that updates oracle/resolver addresses is restricted (e.g., owner-only) or hard-code/immutably set addresses at deployment. Consider emitting events and validating expected address values.","evidence":"Only one CALLER check found at pc:0x348; several SSTOREs that write masked address values occur at pcs 0xF6F, 0x100B, 0x109F, 0x1133, 0x11C8, 0x1228, 0x1288 with no obvious caller check in those blocks. This makes access control uncertain.","locations":["pc:0x348","pc:0xF6F","pc:0x100B","pc:0x109F","pc:0x1133","pc:0x11C8","pc:0x1228","pc:0x1288"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-bf9r73pb
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019be456-5dc7-7821-89a1-59c7e96efbaa
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
thinking
**Checking project files**
Running directory listing to locate BYTECODE_BUNDLE.json or confirm its presence for reading next.
exec
/bin/bash -lc ls in /tmp/codex-bf9r73pb succeeded in 5ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
thinking
**Noting JSON reading step**
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-bf9r73pb succeeded in 7ms:
{
"analysis_artifact": {
"address": "0x667100c5ceeb56ac8fb33695c4d91a802fca749b",
"artifact_hash": "0x4217a53a7b7431d96818bda2af24b44ab161461c7b588839ab739ae01557eed3",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 12,
"hash": "0x6f431b7705cf48bf8e069f99fc657b998f9773d3d93cbdf6e66be2dc5c89c968",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"CALLDATASIZE",
"LT",
"PUSH2",
thinking
**Planning callsite extraction**
I'm focusing on extracting callsites from the large JSON by searching for call identifiers like "call:1670" to gather evidence of untrusted calls for deeper inspection.
exec
/bin/bash -lc 'rg -n "call:1670|call:2192|call:2313|call:2457|call:2641|call:2762|call:2939|call:3097|call:3218|call:3471|call:3826|CALL" BYTECODE_BUNDLE.json' in /tmp/codex-bf9r73pb succeeded in 26ms:
18: "CALLDATASIZE",
34: "CALLDATALOAD",
169: "CALLVALUE",
227: "CALLVALUE",
252: "CALLDATALOAD",
257: "CALLDATALOAD",
264: "CALLDATALOAD",
297: "CALLDATACOPY",
328: "CALLVALUE",
385: "CALLVALUE",
410: "CALLDATALOAD",
415: "CALLDATALOAD",
422: "CALLDATALOAD",
455: "CALLDATACOPY",
468: "CALLDATALOAD",
476: "CALLDATALOAD",
513: "CALLDATACOPY",
535: "CALLVALUE",
590: "CALLVALUE",
765: "CALLVALUE",
thinking
**Planning investigation of evidence_bundle**
I'm searching the codebase to locate and inspect the "evidence_bundle" to understand its relation to callsite entries in the bytecode.
exec
/bin/bash -lc 'rg -n "evidence|callgraph|storage|selectors|proxy|delegatecall|eip-1967|beacon" BYTECODE_BUNDLE.json' in /tmp/codex-bf9r73pb succeeded in 7ms:
6451: "delegatecall": 0,
6455: "storage": {
6695: "delegatecall": 0,
6699: "storage": {
6939: "delegatecall": 0,
6943: "storage": {
7183: "delegatecall": 0,
7187: "storage": {
7427: "delegatecall": 0,
7431: "storage": {
7671: "delegatecall": 0,
7675: "storage": {
7915: "delegatecall": 0,
7919: "storage": {
8159: "delegatecall": 0,
8163: "storage": {
8403: "delegatecall": 0,
8407: "storage": {
8647: "delegatecall": 0,
8651: "storage": {
thinking
**Exploring storage and selectors context**
I'm planning to read more surrounding lines related to storage, selectors, and proxy evidence to better understand their interactions and usage.
exec
/bin/bash -lc "sed -n '8800,9205p' BYTECODE_BUNDLE.json" in /tmp/codex-bf9r73pb succeeded in 21ms:
"op": "SLOAD",
"pc": 2831,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000001"
},
{
"op": "SLOAD",
"pc": 2960,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 2981,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
"op": "SLOAD",
"pc": 3022,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
},
{
thinking
**Analyzing bytecode external calls**
The bytecode shows multiple CALL instructions to addresses derived from storage and constants, likely involving an oracle like Oraclize. Notably, all CALL targets appear constant and self-referential, indicating no untrusted external calls, but requires close inspection of internal logic around these calls.
thinking
**Planning bytecode disassembly around CALLs**
I'm preparing to disassemble the runtime bytecode near each CALL instruction to analyze their context, focusing on potential reentrancy and external call risks without guards. Next, I'll implement a minimal EVM opcode parser in Python to decode instructions around those PCs and better interpret the call sites.
exec
/bin/bash -lc "python - <<'PY'
import json, binascii
from collections import OrderedDict
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
# EVM opcode table with immediate lengths
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
# disassemble to map pc->(op, imm)
pcs = {}
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
pc += 1 + imm_len
calls=[1670,2192,2313,2457,2641,2762,2939,3097,3218,3471,3826]
for c in calls:
# print window around c
print('--- around pc', c, '---')
# find previous 8 instructions by pc order
# create list of pcs sorted
spcs=sorted(pcs.keys())
idx=spcs.index(c)
for p in spcs[idx-8:idx+3]:
name, imm=pcs[p]
if imm:
imm_hex='0x'+imm.hex()
print(f'{p:04d}: {name} {imm_hex}')
else:
print(f'{p:04d}: {name}')
print()
PY" in /tmp/codex-bf9r73pb succeeded in 38ms:
--- around pc 1670 ---
1659: JUMPI
1660: PUSH1 0x00
1662: OP_80
1663: REVERT
1664: JUMPDEST
1665: PUSH2 0x02c6
1668: GAS
1669: SUB
1670: CALL
1671: ISZERO
1672: ISZERO
--- around pc 2192 ---
2181: JUMPI
2182: PUSH1 0x00
2184: OP_80
2185: REVERT
2186: JUMPDEST
2187: PUSH2 0x02c6
thinking
**Investigating call target and arguments**
I'm examining instructions preceding the CALL to identify the target address and value passed, aiming to understand the call's context and confirm success checking despite null returndata indication. Next, I'll expand the instruction window to analyze the CALL arguments setup.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
def dump_window(center, before=30, after=5):
idx=order.index(center)
for p in order[max(0, idx-before): idx+after+1]:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
print()
for c in [1670,2192,2313,2457,2641,2762,2939,3097,3218,3471,3826]:
print('=== window around', c, '===')
dump_window(c, before=25, after=8)
PY" in /tmp/codex-bf9r73pb succeeded in 46ms:
=== window around 1670 ===
1638: OP_90
1639: OP_91
1640: ADD
1641: OP_90
1642: PUSH1 0x40
1644: MLOAD
1645: OP_80
1646: OP_83
1647: SUB
1648: OP_81
1649: PUSH1 0x00
1651: OP_87
1652: OP_80
1653: EXTCODESIZE
1654: ISZERO
1655: ISZERO
1656: PUSH2 0x0680
1659: JUMPI
1660: PUSH1 0x00
thinking
**Analyzing call target checks and access control**
Noticing many calls preceded by EXTCODESIZE checks that revert if zero, suggesting runtime target validation but no upgradeability or delegatecall usage. Planning to inspect bytecode near pc 1017 for caller-based access control to detect owner or auth restrictions.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
# find around pc 1017 (CALLER)
center=1017
if center in pcs:
idx=order.index(center)
for p in order[max(0, idx-25): idx+25]:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
else:
# find nearest pc
nearest=max([p for p in order if p<=center])
print('nearest',nearest)
PY" in /tmp/codex-bf9r73pb succeeded in 39ms:
0985: ADD
0986: OP_91
0987: PUSH2 0x040a
0990: JUMP
0991: JUMPDEST
0992: OP_82
0993: ADD
0994: OP_91
0995: OP_90
0996: PUSH1 0x00
0998: MSTORE
0999: PUSH1 0x20
1001: PUSH1 0x00
1003: SHA3
1004: OP_90
1005: JUMPDEST
1006: OP_81
1007: SLOAD
1008: OP_81
1009: MSTORE
thinking
**Highlighting untrusted call targets**
The analysis shows many low-level calls with computed targets and values lacking guards, flagged as potential reentrancy or fund-drain risks if attackers influence them. However, call target validations mostly see constants tied to contract or known addresses, suggesting some level of trust or internal calls despite ambiguous ownership or whitelist status.
thinking
**Identifying storage writes for oracle config**
The code sets network-specific oracle addresses at runtime, storing them (likely at slot 0), but it's unclear if access control restricts who can update these. Next, I'll list all storage write instructions to check if caller verification or restrictions exist around those writes.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
sstore_pcs=[p for p,(name,imm) in pcs.items() if name=='SSTORE']
print('SSTORE pcs', sstore_pcs)
for sp in sstore_pcs:
idx=order.index(sp)
print('--- around SSTORE pc', sp, '---')
for p in order[max(0, idx-15): idx+10]:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
print()
PY" in /tmp/codex-bf9r73pb succeeded in 35ms:
SSTORE pcs [1047, 1253, 1536, 1694, 2377, 2826, 3282, 3951, 4107, 4255, 4403, 4552, 4648, 4744, 5272, 5285, 5307, 5370]
--- around SSTORE pc 1047 ---
1028: PUSH1 0x1f
1030: AND
1031: OP_82
1032: ADD
1033: OP_91
1034: JUMPDEST
1035: POP
1036: POP
1037: POP
1038: POP
1039: POP
1040: PUSH2 0x09b2
1043: JUMP
1044: JUMPDEST
1045: PUSH1 0x07
1047: SSTORE
1048: PUSH32 0x85eba154432d1f1569d9a2b6e9bf0c876968ca67614ce5f88dd0ad8ed2096143
1081: PUSH1 0x06
thinking
**Analyzing SSTORE patterns**
Identified multiple SSTORE occurrences likely setting critical contract state like flags, timestamps, or mappings in specific storage slots; next step is to link these writes to their functions and assess access controls.
thinking
**Noticing address storage with bitmasking**
Observed storage writes masking addresses into slot0 or slot1, likely for oracle addresses tied to chain IDs; next, I'll verify if these admin-style updates have caller-based access control by searching for CALLER checks.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
caller_pcs=[p for p,(name,imm) in pcs.items() if name=='CALLER']
print('CALLER pcs', caller_pcs)
for cp in caller_pcs:
idx=order.index(cp)
print('--- around CALLER pc', cp, '---')
for p in order[max(0, idx-20): idx+20]:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
print()
PY" in /tmp/codex-bf9r73pb succeeded in 54ms:
CALLER pcs [840]
--- around CALLER pc 840 ---
0813: OP_91
0814: OP_90
0815: OP_91
0816: GT
0817: OP_90
0818: JUMPDEST
0819: POP
0820: OP_90
0821: JUMP
0822: JUMPDEST
0823: PUSH2 0x033e
0826: PUSH2 0x0805
0829: JUMP
0830: JUMPDEST
0831: PUSH1 0x01
0833: PUSH1 0xa0
0835: PUSH1 0x02
0837: EXP
thinking
**Analyzing caller-based access control**
I found one function guarded by a CALLER check, likely limiting access to owner or authorized accounts, but it's unclear if others are protected. Next, I'll map known function selectors to their entry points to identify which functions have access controls or modify storage.
thinking
**Mapping selectors to function entries**
Function selectors correspond to specific entry points in bytecode starting at fixed offsets like 0x008f and 0x00bf. Each entry includes a CALLVALUE check to enforce msg.value=0 except for some functions; next, I'll disassemble these areas to determine which functions are payable and further characterize their behavior.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
# dump first 200 instructions
count=0
for p in order:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
count+=1
if count>200:
break
PY" in /tmp/codex-bf9r73pb succeeded in 75ms:
0000: PUSH1 0x60
0002: PUSH1 0x40
0004: MSTORE
0005: PUSH1 0x04
0007: CALLDATASIZE
0008: LT
0009: PUSH2 0x008a
0012: JUMPI
0013: PUSH4 0xffffffff
0018: PUSH1 0xe0
0020: PUSH1 0x02
0022: EXP
0023: PUSH1 0x00
0025: CALLDATALOAD
0026: DIV
0027: AND
0028: PUSH4 0x258dcbb2
0033: OP_81
0034: EQ
0035: PUSH2 0x008f
thinking
**Assessing reentrancy risk around external calls**
The external call is followed by a state update, which can indicate reentrancy risk, but since the call is likely to Oraclize's trusted contract, the actual risk is low despite no guard; the callback pattern aligns with Oraclize's design rather than untrusted reentry.
thinking
**Identifying potential reentrancy via payable external call**
The external call likely transfers ETH with computed nonzero value followed by state update and no reentrancy guard, raising moderate reentrancy risk especially if the called address can be changed; access control exists on some functions, but key oracle-address setters or callbacks’ protections remain uncertain and need closer inspection.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
center=840
idx=order.index(center)
for p in order[max(0, idx-50): idx+30]:
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
PY" in /tmp/codex-bf9r73pb succeeded in 37ms:
0767: ADD
0768: PUSH1 0x40
0770: MSTORE
0771: OP_90
0772: POP
0773: PUSH2 0x0336
0776: JUMP
0777: JUMPDEST
0778: POP
0779: POP
0780: JUMP
0781: JUMPDEST
0782: PUSH1 0x05
0784: SLOAD
0785: PUSH2 0x0e10
0788: PUSH8 0xffffffffffffffff
0797: PUSH2 0x0100
0800: OP_90
0801: OP_92
0802: DIV
thinking
**Identifying potential access control weakness**
The call authorization relies on a masked value previously loaded from storage, suggesting partial access control for one function but possibly not others. Call targets are computed and only checked for extcodesize, which risks arbitrary external calls if those addresses are controllable.
thinking
**Flagging medium-risk reentrancy and access control ambiguities**
Multiple external calls transfer ETH without reentrancy guards, with state updates following calls, indicating possible reentrancy risks. Access control checks appear limited—some storage-setting functions may lack caller verification, raising concerns about privileged actions exposure.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
start=1580
end=1710
for p in order:
if p < start: continue
if p > end: break
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
PY" in /tmp/codex-bf9r73pb succeeded in 65ms:
1580: OP_81
1581: MSTORE
1582: PUSH1 0x20
1584: PUSH1 0x04
1586: OP_82
1587: ADD
1588: OP_81
1589: OP_90
1590: MSTORE
1591: PUSH1 0x03
1593: PUSH1 0x24
1595: OP_83
1596: ADD
1597: MSTORE
1598: PUSH32 0x55524c0000000000000000000000000000000000000000000000000000000000
1631: PUSH1 0x44
1633: OP_83
1634: ADD
1635: MSTORE
1636: PUSH1 0x64
thinking
**Identifying reentrancy risks with external calls**
The contract updates state after calling external contracts that may be untrusted, posing potential reentrancy risks, especially since the called addresses aren’t strictly whitelisted. The use of user-controlled inputs in calls could cause gas or revert issues but not direct security breaches.
thinking
**Highlighting unchecked return data and access control gaps**
Low-level external calls check only success flags, ignoring return data, which risks unnoticed failures. Also, only one caller check protects oracle callbacks, while functions that set oracle addresses appear public, potentially allowing unauthorized oracle address changes and spoofed callbacks.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
hexcode=data['artifact']['runtime_bytecode']['full']
if hexcode.startswith('0x'): hexcode=hexcode[2:]
code=bytes.fromhex(hexcode)
opcodes = {i: ('PUSH'+str(i-0x5f), i-0x5f) for i in range(0x60, 0x80)}
opcodes.update({
0x00: ('STOP',0),0x01:('ADD',0),0x02:('MUL',0),0x03:('SUB',0),0x04:('DIV',0),0x05:('SDIV',0),0x06:('MOD',0),0x07:('SMOD',0),
0x08:('ADDMOD',0),0x09:('MULMOD',0),0x0a:('EXP',0),0x0b:('SIGNEXTEND',0),
0x10:('LT',0),0x11:('GT',0),0x12:('SLT',0),0x13:('SGT',0),0x14:('EQ',0),0x15:('ISZERO',0),0x16:('AND',0),0x17:('OR',0),0x18:('XOR',0),0x19:('NOT',0),0x1a:('BYTE',0),0x1b:('SHL',0),0x1c:('SHR',0),0x1d:('SAR',0),
0x20:('SHA3',0),
0x30:('ADDRESS',0),0x31:('BALANCE',0),0x32:('ORIGIN',0),0x33:('CALLER',0),0x34:('CALLVALUE',0),0x35:('CALLDATALOAD',0),0x36:('CALLDATASIZE',0),0x37:('CALLDATACOPY',0),0x38:('CODESIZE',0),0x39:('CODECOPY',0),0x3a:('GASPRICE',0),0x3b:('EXTCODESIZE',0),0x3c:('EXTCODECOPY',0),0x3d:('RETURNDATASIZE',0),0x3e:('RETURNDATACOPY',0),0x3f:('EXTCODEHASH',0),
0x40:('BLOCKHASH',0),0x41:('COINBASE',0),0x42:('TIMESTAMP',0),0x43:('NUMBER',0),0x44:('DIFFICULTY',0),0x45:('GASLIMIT',0),0x46:('CHAINID',0),0x47:('SELFBALANCE',0),0x48:('BASEFEE',0),
0x50:('POP',0),0x51:('MLOAD',0),0x52:('MSTORE',0),0x53:('MSTORE8',0),0x54:('SLOAD',0),0x55:('SSTORE',0),0x56:('JUMP',0),0x57:('JUMPI',0),0x58:('PC',0),0x59:('MSIZE',0),0x5a:('GAS',0),0x5b:('JUMPDEST',0),
0xf0:('CREATE',0),0xf1:('CALL',0),0xf2:('CALLCODE',0),0xf3:('RETURN',0),0xf4:('DELEGATECALL',0),0xf5:('CREATE2',0),0xfa:('STATICCALL',0),0xfd:('REVERT',0),0xfe:('INVALID',0),0xff:('SELFDESTRUCT',0)
})
pcs = {}
order=[]
pc=0
while pc < len(code):
op=code[pc]
name, imm_len = opcodes.get(op, (f'OP_{op:02x}',0))
imm = code[pc+1:pc+1+imm_len]
pcs[pc]=(name, imm)
order.append(pc)
pc += 1 + imm_len
start=3880
end=4125
for p in order:
if p < start: continue
if p > end: break
name, imm=pcs[p]
if imm:
print(f'{p:04d}: {name} 0x{imm.hex()}')
else:
print(f'{p:04d}: {name}')
PY" in /tmp/codex-bf9r73pb succeeded in 33ms:
3890: PUSH2 0x0f12
3893: JUMP
3894: JUMPDEST
3895: GT
3896: ISZERO
3897: PUSH2 0x0fb3
3900: JUMPI
3901: PUSH1 0x00
3903: OP_80
3904: SLOAD
3905: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
3926: NOT
3927: AND
3928: PUSH20 0x1d3b2638a7cc9f2cb3d298a3da7a90b67e5506ed
3949: OR
3950: OP_90
3951: SSTORE
3952: PUSH2 0x0fab
3955: PUSH1 0x40
3957: OP_80
thinking
**Identifying possible public oracle address setter**
The function updates a critical oracle address based on chain id comparisons but lacks clear access control checks nearby, posing a low-severity risk that unauthorized callers might alter the oracle address, which could affect callback authentication.
thinking
**Summarizing oracle and call-related risks in JSON**
I'm preparing a detailed JSON output with three findings: untrusted low-level calls with computed targets (medium severity, other category), potential reentrancy risk from external call before state update (medium severity, reentrancy category), and possible missing access control on oracle address setters (low severity, access_control category), each backed by evidence of CALL or SSTORE bytecode locations and noting uncertainty where relevant.
codex
{"no_findings":false,"summary":"Bytecode exposes multiple low-level external calls (some with value) and state updates after those calls; access control around configuration/address setters is unclear and may be weak.","findings":[{"severity":"medium","category":"other","title":"Multiple low-level CALLs to computed targets with possible ETH transfer","exploit_scenario":"If an attacker can influence the CALL target or value (e.g., via a writable storage slot or user-controlled parameters), they could force arbitrary external calls that transfer ETH, leading to fund loss or malicious side effects. Even if targets are intended to be trusted, any misconfiguration of the stored address would route value to an attacker-controlled contract.","recommendation":"Restrict call targets to immutable or tightly controlled addresses, validate any setters that influence them, and consider higher-level interfaces over raw CALL. If ETH transfer is required, cap value and validate recipients.","evidence":"detector_findings report 11 CALL sites with computed target/value and no guards (untrusted_call_count=11, eth_value_calls=11); returndata checking is not confirmed. Calls observed at pcs 0x686, 0x890, 0x909, 0x999, 0xA51, 0xACA, 0xB7B, 0xC19, 0xC92, 0xD8F, 0xEF2.","locations":["pc:0x686","pc:0x890","pc:0x909","pc:0x999","pc:0xA51","pc:0xACA","pc:0xB7B","pc:0xC19","pc:0xC92","pc:0xD8F","pc:0xEF2"]},{"severity":"medium","category":"reentrancy","title":"State updates occur after external CALLs without a detected reentrancy guard","exploit_scenario":"An external call (e.g., to an oracle or other contract) happens before a storage write. If the callee can reenter (directly or indirectly), it may exploit intermediate state to trigger logic multiple times or corrupt accounting. This is especially relevant if the call target or value is attacker-influenced.","recommendation":"Update critical state before external calls (checks-effects-interactions) and/or add a reentrancy guard around external-call paths.","evidence":"CALL at pc:0x686 is followed by SSTORE at pc:0x69E; no reentrancy guard is detected in the artifact (guards list empty).","locations":["pc:0x686","pc:0x69E"]},{"severity":"low","category":"access_control","title":"Configuration/address setters appear without clear access control (oracle trust boundary risk)","exploit_scenario":"The bytecode contains multiple SSTOREs that update masked address slots with hard-coded addresses. If these paths are publicly callable, a user could alter the contract’s trusted oracle/resolver address, then call privileged callback paths to spoof data.","recommendation":"Ensure any setter that updates oracle/resolver addresses is restricted (e.g., owner-only) or hard-code/immutably set addresses at deployment. Consider emitting events and validating expected address values.","evidence":"Only one CALLER check found at pc:0x348; several SSTOREs that write masked address values occur at pcs 0xF6F, 0x100B, 0x109F, 0x1133, 0x11C8, 0x1228, 0x1288 with no obvious caller check in those blocks. This makes access control uncertain.","locations":["pc:0x348","pc:0xF6F","pc:0x100B","pc:0x109F","pc:0x1133","pc:0x11C8","pc:0x1228","pc:0x1288"]}]}
tokens used
83,774
{
"codex": {
"ran_at": "2026-01-22T06:19:42.180402+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 10846,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode exposes multiple low-level external calls (some with value) and state updates after those calls; access control around configuration/address setters is unclear and may be weak.",
"raw_final": {
"summary": "Bytecode exposes multiple low-level external calls (some with value) and state updates after those calls; access control around configuration/address setters is unclear and may be weak.",
"findings": [
{
"title": "Multiple low-level CALLs to computed targets with possible ETH transfer",
"category": "other",
"evidence": "detector_findings report 11 CALL sites with computed target/value and no guards (untrusted_call_count=11, eth_value_calls=11); returndata checking is not confirmed. Calls observed at pcs 0x686, 0x890, 0x909, 0x999, 0xA51, 0xACA, 0xB7B, 0xC19, 0xC92, 0xD8F, 0xEF2.",
"severity": "medium",
"locations": [
"pc:0x686",
"pc:0x890",
"pc:0x909",
"pc:0x999",
"pc:0xA51",
"pc:0xACA",
"pc:0xB7B",
"pc:0xC19",
"pc:0xC92",
"pc:0xD8F",
"pc:0xEF2"
],
"recommendation": "Restrict call targets to immutable or tightly controlled addresses, validate any setters that influence them, and consider higher-level interfaces over raw CALL. If ETH transfer is required, cap value and validate recipients.",
"exploit_scenario": "If an attacker can influence the CALL target or value (e.g., via a writable storage slot or user-controlled parameters), they could force arbitrary external calls that transfer ETH, leading to fund loss or malicious side effects. Even if targets are intended to be trusted, any misconfiguration of the stored address would route value to an attacker-controlled contract."
},
{
"title": "State updates occur after external CALLs without a detected reentrancy guard",
"category": "reentrancy",
"evidence": "CALL at pc:0x686 is followed by SSTORE at pc:0x69E; no reentrancy guard is detected in the artifact (guards list empty).",
"severity": "medium",
"locations": [
"pc:0x686",
"pc:0x69E"
],
"recommendation": "Update critical state before external calls (checks-effects-interactions) and/or add a reentrancy guard around external-call paths.",
"exploit_scenario": "An external call (e.g., to an oracle or other contract) happens before a storage write. If the callee can reenter (directly or indirectly), it may exploit intermediate state to trigger logic multiple times or corrupt accounting. This is especially relevant if the call target or value is attacker-influenced."
},
{
"title": "Configuration/address setters appear without clear access control (oracle trust boundary risk)",
"category": "access_control",
"evidence": "Only one CALLER check found at pc:0x348; several SSTOREs that write masked address values occur at pcs 0xF6F, 0x100B, 0x109F, 0x1133, 0x11C8, 0x1228, 0x1288 with no obvious caller check in those blocks. This makes access control uncertain.",
"severity": "low",
"locations": [
"pc:0x348",
"pc:0xF6F",
"pc:0x100B",
"pc:0x109F",
"pc:0x1133",
"pc:0x11C8",
"pc:0x1228",
"pc:0x1288"
],
"recommendation": "Ensure any setter that updates oracle/resolver addresses is restricted (e.g., owner-only) or hard-code/immutably set addresses at deployment. Consider emitting events and validating expected address values.",
"exploit_scenario": "The bytecode contains multiple SSTOREs that update masked address slots with hard-coded addresses. If these paths are publicly callable, a user could alter the contract\u2019s trusted oracle/resolver address, then call privileged callback paths to spoof data."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x008a 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH1 0xe0 00000014: PUSH1 0x02 00000016: EXP 00000017: PUSH1 0x00 00000019: CALLDATALOAD 0000001a: DIV 0000001b: AND 0000001c: PUSH4 0x258dcbb2 00000021: DUP2 00000022: EQ 00000023: PUSH2 0x008f 00000026: JUMPI 00000027: DUP1 00000028: PUSH4 0x27dc297e 0000002d: EQ 0000002e: PUSH2 0x00bf 00000031: JUMPI 00000032: DUP1 00000033: PUSH4 0x2d4a64f2 00000038: EQ 00000039: PUSH2 0x0117 0000003c: JUMPI 0000003d: DUP1 0000003e: PUSH4 0x38bbfa50 00000043: EQ 00000044: PUSH2 0x013e 00000047: JUMPI 00000048: DUP1 00000049: PUSH4 0x4c6226fc 0000004e: EQ 0000004f: PUSH2 0x01d6 00000052: JUMPI 00000053: DUP1 00000054: PUSH4 0x683e0bcd 00000059: EQ 0000005a: PUSH2 0x01fb 0000005d: JUMPI 0000005e: DUP1 0000005f: PUSH4 0xbbe4fd50 00000064: EQ 00000065: PUSH2 0x0285 00000068: JUMPI 00000069: DUP1 0000006a: PUSH4 0xc0c0b252 0000006f: EQ 00000070: PUSH2 0x0298 00000073: JUMPI 00000074: DUP1 00000075: PUSH4 0xd31696fb 0000007a: EQ 0000007b: PUSH2 0x02ab 0000007e: JUMPI 0000007f: DUP1 00000080: PUSH4 0xfd1f8238 00000085: EQ 00000086: PUSH2 0x02b3 00000089: JUMPI 0000008a: JUMPDEST 0000008b: PUSH1 0x00 0000008d: DUP1 0000008e: REVERT 0000008f: JUMPDEST 00000090: CALLVALUE 00000091: ISZERO 00000092: PUSH2 0x009a 00000095: JUMPI 00000096: PUSH1 0x00 00000098: DUP1 00000099: REVERT 0000009a: JUMPDEST 0000009b: PUSH2 0x00a2 0000009e: PUSH2 0x02c6 000000a1: JUMP 000000a2: JUMPDEST 000000a3: PUSH1 0x40 000000a5: MLOAD 000000a6: PUSH8 0xffffffffffffffff 000000af: SWAP1 000000b0: SWAP2 000000b1: AND 000000b2: DUP2 000000b3: MSTORE 000000b4: PUSH1 0x20 000000b6: ADD 000000b7: PUSH1 0x40 000000b9: MLOAD 000000ba: DUP1 000000bb: SWAP2 000000bc: SUB 000000bd: SWAP1 000000be: RETURN 000000bf: JUMPDEST 000000c0: CALLVALUE 000000c1: ISZERO 000000c2: PUSH2 0x00ca 000000c5: JUMPI 000000c6: PUSH1 0x00 000000c8: DUP1 000000c9: REVERT 000000ca: JUMPDEST 000000cb: PUSH2 0x0115 000000ce: PUSH1 0x04 000000d0: DUP1 000000d1: CALLDATALOAD 000000d2: SWAP1 000000d3: PUSH1 0x44 000000d5: PUSH1 0x24 000000d7: DUP1 000000d8: CALLDATALOAD 000000d9: SWAP1 000000da: DUP2 000000db: ADD 000000dc: SWAP1 000000dd: DUP4 000000de: ADD 000000df: CALLDATALOAD 000000e0: DUP1 000000e1: PUSH1 0x20 000000e3: PUSH1 0x1f 000000e5: DUP3 000000e6: ADD 000000e7: DUP2 000000e8: SWAP1 000000e9: DIV 000000ea: DUP2 000000eb: MUL 000000ec: ADD 000000ed: PUSH1 0x40 000000ef: MLOAD 000000f0: SWAP1 000000f1: DUP2 000000f2: ADD 000000f3: PUSH1 0x40 000000f5: MSTORE 000000f6: DUP2 000000f7: DUP2 000000f8: MSTORE 000000f9: SWAP3 000000fa: SWAP2 000000fb: SWAP1 000000fc: PUSH1 0x20 000000fe: DUP5 000000ff: ADD 00000100: DUP4 00000101: DUP4 00000102: DUP1 00000103: DUP3 00000104: DUP5 00000105: CALLDATACOPY 00000106: POP 00000107: SWAP5 00000108: SWAP7 00000109: POP 0000010a: PUSH2 0x02db 0000010d: SWAP6 0000010e: POP 0000010f: POP 00000110: POP 00000111: POP 00000112: POP 00000113: POP 00000114: JUMP 00000115: JUMPDEST 00000116: STOP 00000117: JUMPDEST 00000118: CALLVALUE 00000119: ISZERO 0000011a: PUSH2 0x0122 0000011d: JUMPI 0000011e: PUSH1 0x00 00000120: DUP1 00000121: REVERT 00000122: JUMPDEST 00000123: PUSH2 0x012a 00000126: PUSH2 0x030d 00000129: JUMP 0000012a: JUMPDEST 0000012b: PUSH1 0x40 0000012d: MLOAD 0000012e: SWAP1 0000012f: ISZERO 00000130: ISZERO 00000131: DUP2 00000132: MSTORE 00000133: PUSH1 0x20 00000135: ADD 00000136: PUSH1 0x40 00000138: MLOAD 00000139: DUP1 0000013a: SWAP2 0000013b: SUB 0000013c: SWAP1 0000013d: RETURN 0000013e: JUMPDEST 0000013f: CALLVALUE 00000140: ISZERO 00000141: PUSH2 0x0149 00000144: JUMPI 00000145: PUSH1 0x00 00000147: DUP1 00000148: REVERT 00000149: JUMPDEST 0000014a: PUSH2 0x0115 0000014d: PUSH1 0x04 0000014f: DUP1 00000150: CALLDATALOAD 00000151: SWAP1 00000152: PUSH1 0x44 00000154: PUSH1 0x24 00000156: DUP1 00000157: CALLDATALOAD 00000158: SWAP1 00000159: DUP2 0000015a: ADD 0000015b: SWAP1 0000015c: DUP4 0000015d: ADD 0000015e: CALLDATALOAD 0000015f: DUP1 00000160: PUSH1 0x20 00000162: PUSH1 0x1f 00000164: DUP3 00000165: ADD 00000166: DUP2 00000167: SWAP1 00000168: DIV 00000169: DUP2 0000016a: MUL 0000016b: ADD 0000016c: PUSH1 0x40 0000016e: MLOAD 0000016f: SWAP1 00000170: DUP2 00000171: ADD 00000172: PUSH1 0x40 00000174: MSTORE 00000175: DUP2 00000176: DUP2 00000177: MSTORE 00000178: SWAP3 00000179: SWAP2 0000017a: SWAP1 0000017b: PUSH1 0x20 0000017d: DUP5 0000017e: ADD 0000017f: DUP4 00000180: DUP4 00000181: DUP1 00000182: DUP3 00000183: DUP5 00000184: CALLDATACOPY 00000185: DUP3 00000186: ADD 00000187: SWAP2 00000188: POP 00000189: POP 0000018a: POP 0000018b: POP 0000018c: POP 0000018d: POP 0000018e: SWAP2 0000018f: SWAP1 00000190: DUP1 00000191: CALLDATALOAD 00000192: SWAP1 00000193: PUSH1 0x20 00000195: ADD 00000196: SWAP1 00000197: DUP3 00000198: ADD 00000199: DUP1 0000019a: CALLDATALOAD 0000019b: SWAP1 0000019c: PUSH1 0x20 0000019e: ADD 0000019f: SWAP1 000001a0: DUP1 000001a1: DUP1 000001a2: PUSH1 0x1f 000001a4: ADD 000001a5: PUSH1 0x20 000001a7: DUP1 000001a8: SWAP2 000001a9: DIV 000001aa: MUL 000001ab: PUSH1 0x20 000001ad: ADD 000001ae: PUSH1 0x40 000001b0: MLOAD 000001b1: SWAP1 000001b2: DUP2 000001b3: ADD 000001b4: PUSH1 0x40 000001b6: MSTORE 000001b7: DUP2 000001b8: DUP2 000001b9: MSTORE 000001ba: SWAP3 000001bb: SWAP2 000001bc: SWAP1 000001bd: PUSH1 0x20 000001bf: DUP5 000001c0: ADD 000001c1: DUP4 000001c2: DUP4 000001c3: DUP1 000001c4: DUP3 000001c5: DUP5 000001c6: CALLDATACOPY 000001c7: POP 000001c8: SWAP5 000001c9: SWAP7 000001ca: POP 000001cb: PUSH2 0x0336 000001ce: SWAP6 000001cf: POP 000001d0: POP 000001d1: POP 000001d2: POP 000001d3: POP 000001d4: POP 000001d5: JUMP 000001d6: JUMPDEST 000001d7: CALLVALUE 000001d8: ISZERO 000001d9: PUSH2 0x01e1 000001dc: JUMPI 000001dd: PUSH1 0x00 000001df: DUP1 000001e0: REVERT 000001e1: JUMPDEST 000001e2: PUSH2 0x01e9 000001e5: PUSH2 0x04e8 000001e8: JUMP 000001e9: JUMPDEST 000001ea: PUSH1 0x40 000001ec: MLOAD 000001ed: SWAP1 000001ee: DUP2 000001ef: MSTORE 000001f0: PUSH1 0x20 000001f2: ADD 000001f3: PUSH1 0x40 000001f5: MLOAD 000001f6: DUP1 000001f7: SWAP2 000001f8: SUB 000001f9: SWAP1 000001fa: RETURN 000001fb: JUMPDEST 000001fc: CALLVALUE 000001fd: ISZERO 000001fe: PUSH2 0x0206 00000201: JUMPI 00000202: PUSH1 0x00 00000204: DUP1 00000205: REVERT 00000206: JUMPDEST 00000207: PUSH2 0x020e 0000020a: PUSH2 0x04ee 0000020d: JUMP 0000020e: JUMPDEST 0000020f: PUSH1 0x40 00000211: MLOAD 00000212: PUSH1 0x20 00000214: DUP1 00000215: DUP3 00000216: MSTORE 00000217: DUP2 00000218: SWAP1 00000219: DUP2 0000021a: ADD 0000021b: DUP4 0000021c: DUP2 0000021d: DUP2 0000021e: MLOAD 0000021f: DUP2 00000220: MSTORE 00000221: PUSH1 0x20 00000223: ADD 00000224: SWAP2 00000225: POP 00000226: DUP1 00000227: MLOAD 00000228: SWAP1 00000229: PUSH1 0x20 0000022b: ADD 0000022c: SWAP1 0000022d: DUP1 0000022e: DUP4 0000022f: DUP4 00000230: PUSH1 0x00 00000232: JUMPDEST 00000233: DUP4 00000234: DUP2 00000235: LT 00000236: ISZERO 00000237: PUSH2 0x024a 0000023a: JUMPI 0000023b: DUP1 0000023c: DUP3 0000023d: ADD 0000023e: MLOAD 0000023f: DUP4 00000240: DUP3 00000241: ADD 00000242: MSTORE 00000243: PUSH1 0x20 00000245: ADD 00000246: PUSH2 0x0232 00000249: JUMP 0000024a: JUMPDEST 0000024b: POP 0000024c: POP 0000024d: POP 0000024e: POP 0000024f: SWAP1 00000250: POP 00000251: SWAP1 00000252: DUP2 00000253: ADD 00000254: SWAP1 00000255: PUSH1 0x1f 00000257: AND 00000258: DUP1 00000259: ISZERO 0000025a: PUSH2 0x0277 0000025d: JUMPI 0000025e: DUP1 0000025f: DUP3 00000260: SUB 00000261: DUP1 00000262: MLOAD 00000263: PUSH1 0x01 00000265: DUP4 00000266: PUSH1 0x20 00000268: SUB 00000269: PUSH2 0x0100 0000026c: EXP 0000026d: SUB 0000026e: NOT 0000026f: AND 00000270: DUP2 00000271: MSTORE 00000272: PUSH1 0x20 00000274: ADD 00000275: SWAP2 00000276: POP 00000277: JUMPDEST 00000278: POP 00000279: SWAP3 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: PUSH1 0x40 0000027f: MLOAD 00000280: DUP1 00000281: SWAP2 00000282: SUB 00000283: SWAP1 00000284: RETURN 00000285: JUMPDEST 00000286: CALLVALUE 00000287: ISZERO 00000288: PUSH2 0x0290 0000028b: JUMPI 0000028c: PUSH1 0x00 0000028e: DUP1 0000028f: REVERT 00000290: JUMPDEST 00000291: PUSH2 0x01e9 00000294: PUSH2 0x058c 00000297: JUMP 00000298: JUMPDEST 00000299: CALLVALUE 0000029a: ISZERO 0000029b: PUSH2 0x02a3 0000029e: JUMPI 0000029f: PUSH1 0x00 000002a1: DUP1 000002a2: REVERT 000002a3: JUMPDEST 000002a4: PUSH2 0x01e9 000002a7: PUSH2 0x059b 000002aa: JUMP 000002ab: JUMPDEST 000002ac: PUSH2 0x0115 000002af: PUSH2 0x05b6 000002b2: JUMP 000002b3: JUMPDEST 000002b4: CALLVALUE 000002b5: ISZERO 000002b6: PUSH2 0x02be 000002b9: JUMPI 000002ba: PUSH1 0x00 000002bc: DUP1 000002bd: REVERT 000002be: JUMPDEST 000002bf: PUSH2 0x01e9 000002c2: PUSH2 0x07ff 000002c5: JUMP 000002c6: JUMPDEST 000002c7: PUSH1 0x05 000002c9: SLOAD 000002ca: PUSH2 0x0100 000002cd: SWAP1 000002ce: DIV 000002cf: PUSH8 0xffffffffffffffff 000002d8: AND 000002d9: DUP2 000002da: JUMP 000002db: JUMPDEST 000002dc: PUSH2 0x0309 000002df: DUP3 000002e0: DUP3 000002e1: PUSH1 0x00 000002e3: PUSH1 0x40 000002e5: MLOAD 000002e6: DUP1 000002e7: MSIZE 000002e8: LT 000002e9: PUSH2 0x02ef 000002ec: JUMPI 000002ed: POP 000002ee: MSIZE 000002ef: JUMPDEST 000002f0: DUP2 000002f1: DUP2 000002f2: MSTORE 000002f3: PUSH1 0x1f 000002f5: NOT 000002f6: PUSH1 0x1f 000002f8: DUP4 000002f9: ADD 000002fa: AND 000002fb: DUP2 000002fc: ADD 000002fd: PUSH1 0x20 000002ff: ADD 00000300: PUSH1 0x40 00000302: MSTORE 00000303: SWAP1 00000304: POP 00000305: PUSH2 0x0336 00000308: JUMP 00000309: JUMPDEST 0000030a: POP 0000030b: POP 0000030c: JUMP 0000030d: JUMPDEST 0000030e: PUSH1 0x05 00000310: SLOAD 00000311: PUSH2 0x0e10 00000314: PUSH8 0xffffffffffffffff 0000031d: PUSH2 0x0100 00000320: SWAP1 00000321: SWAP3 00000322: DIV 00000323: DUP3 00000324: AND 00000325: ADD 00000326: DUP1 00000327: DUP3 00000328: AND 00000329: TIMESTAMP 0000032a: SWAP1 0000032b: SWAP3 0000032c: AND 0000032d: SWAP2 0000032e: SWAP1 0000032f: SWAP2 00000330: GT 00000331: SWAP1 00000332: JUMPDEST 00000333: POP 00000334: SWAP1 00000335: JUMP 00000336: JUMPDEST 00000337: PUSH2 0x033e 0000033a: PUSH2 0x0805 0000033d: JUMP 0000033e: JUMPDEST 0000033f: PUSH1 0x01 00000341: PUSH1 0xa0 00000343: PUSH1 0x02 00000345: EXP 00000346: SUB 00000347: AND 00000348: CALLER 00000349: PUSH1 0x01 0000034b: PUSH1 0xa0 0000034d: PUSH1 0x02 0000034f: EXP 00000350: SUB 00000351: AND 00000352: EQ 00000353: ISZERO 00000354: ISZERO 00000355: PUSH2 0x035d 00000358: JUMPI 00000359: PUSH1 0x00 0000035b: DUP1 0000035c: REVERT 0000035d: JUMPDEST 0000035e: PUSH1 0x06 00000360: DUP3 00000361: DUP1 00000362: MLOAD 00000363: PUSH2 0x0370 00000366: SWAP3 00000367: SWAP2 00000368: PUSH1 0x20 0000036a: ADD 0000036b: SWAP1 0000036c: PUSH2 0x145c 0000036f: JUMP 00000370: JUMPDEST 00000371: POP 00000372: PUSH2 0x0414 00000375: PUSH1 0x06 00000377: DUP1 00000378: SLOAD 00000379: PUSH1 0x01 0000037b: DUP2 0000037c: PUSH1 0x01 0000037e: AND 0000037f: ISZERO 00000380: PUSH2 0x0100 00000383: MUL 00000384: SUB 00000385: AND 00000386: PUSH1 0x02 00000388: SWAP1 00000389: DIV 0000038a: DUP1 0000038b: PUSH1 0x1f 0000038d: ADD 0000038e: PUSH1 0x20 00000390: DUP1 00000391: SWAP2 00000392: DIV 00000393: MUL 00000394: PUSH1 0x20 00000396: ADD 00000397: PUSH1 0x40 00000399: MLOAD 0000039a: SWAP1 0000039b: DUP2 0000039c: ADD 0000039d: PUSH1 0x40 0000039f: MSTORE 000003a0: DUP1 000003a1: SWAP3 000003a2: SWAP2 000003a3: SWAP1 000003a4: DUP2 000003a5: DUP2 000003a6: MSTORE 000003a7: PUSH1 0x20 000003a9: ADD 000003aa: DUP3 000003ab: DUP1 000003ac: SLOAD 000003ad: PUSH1 0x01 000003af: DUP2 000003b0: PUSH1 0x01 000003b2: AND 000003b3: ISZERO 000003b4: PUSH2 0x0100 000003b7: MUL 000003b8: SUB 000003b9: AND 000003ba: PUSH1 0x02 000003bc: SWAP1 000003bd: DIV 000003be: DUP1 000003bf: ISZERO 000003c0: PUSH2 0x040a 000003c3: JUMPI 000003c4: DUP1 000003c5: PUSH1 0x1f 000003c7: LT 000003c8: PUSH2 0x03df 000003cb: JUMPI 000003cc: PUSH2 0x0100 000003cf: DUP1 000003d0: DUP4 000003d1: SLOAD 000003d2: DIV 000003d3: MUL 000003d4: DUP4 000003d5: MSTORE 000003d6: SWAP2 000003d7: PUSH1 0x20 000003d9: ADD 000003da: SWAP2 000003db: PUSH2 0x040a 000003de: JUMP 000003df: JUMPDEST 000003e0: DUP3 000003e1: ADD 000003e2: SWAP2 000003e3: SWAP1 000003e4: PUSH1 0x00 000003e6: MSTORE 000003e7: PUSH1 0x20 000003e9: PUSH1 0x00 000003eb: KECCAK256 000003ec: SWAP1 000003ed: JUMPDEST 000003ee: DUP2 000003ef: SLOAD 000003f0: DUP2 000003f1: MSTORE 000003f2: SWAP1 000003f3: PUSH1 0x01 000003f5: ADD 000003f6: SWAP1 000003f7: PUSH1 0x20 000003f9: ADD 000003fa: DUP1 000003fb: DUP4 000003fc: GT 000003fd: PUSH2 0x03ed 00000400: JUMPI 00000401: DUP3 00000402: SWAP1 00000403: SUB 00000404: PUSH1 0x1f 00000406: AND 00000407: DUP3 00000408: ADD 00000409: SWAP2 0000040a: JUMPDEST 0000040b: POP 0000040c: POP 0000040d: POP 0000040e: POP 0000040f: POP 00000410: PUSH2 0x09b2 00000413: JUMP 00000414: JUMPDEST 00000415: PUSH1 0x07 00000417: SSTORE 00000418: PUSH32 0x85eba154432d1f1569d9a2b6e9bf0c876968ca67614ce5f88dd0ad8ed2096143 00000439: PUSH1 0x06 0000043b: PUSH1 0x40 0000043d: MLOAD 0000043e: PUSH1 0x20 00000440: DUP1 00000441: DUP3 00000442: MSTORE 00000443: DUP3 00000444: SLOAD 00000445: PUSH1 0x02 00000447: PUSH1 0x00 00000449: NOT 0000044a: PUSH2 0x0100 0000044d: PUSH1 0x01 0000044f: DUP5 00000450: AND 00000451: ISZERO 00000452: MUL 00000453: ADD 00000454: SWAP1 00000455: SWAP2 00000456: AND 00000457: DIV 00000458: SWAP1 00000459: DUP3 0000045a: ADD 0000045b: DUP2 0000045c: SWAP1 0000045d: MSTORE 0000045e: DUP2 0000045f: SWAP1 00000460: PUSH1 0x40 00000462: DUP3 00000463: ADD 00000464: SWAP1 00000465: DUP5 00000466: SWAP1 00000467: DUP1 00000468: ISZERO 00000469: PUSH2 0x04b3 0000046c: JUMPI 0000046d: DUP1 0000046e: PUSH1 0x1f 00000470: LT 00000471: PUSH2 0x0488 00000474: JUMPI 00000475: PUSH2 0x0100 00000478: DUP1 00000479: DUP4 0000047a: SLOAD 0000047b: DIV 0000047c: MUL 0000047d: DUP4 0000047e: MSTORE 0000047f: SWAP2 00000480: PUSH1 0x20 00000482: ADD 00000483: SWAP2 00000484: PUSH2 0x04b3 00000487: JUMP 00000488: JUMPDEST 00000489: DUP3 0000048a: ADD 0000048b: SWAP2 0000048c: SWAP1 0000048d: PUSH1 0x00 0000048f: MSTORE 00000490: PUSH1 0x20 00000492: PUSH1 0x00 00000494: KECCAK256 00000495: SWAP1 00000496: JUMPDEST 00000497: DUP2 00000498: SLOAD 00000499: DUP2 0000049a: MSTORE 0000049b: SWAP1 0000049c: PUSH1 0x01 0000049e: ADD 0000049f: SWAP1 000004a0: PUSH1 0x20 000004a2: ADD 000004a3: DUP1 000004a4: DUP4 000004a5: GT 000004a6: PUSH2 0x0496 000004a9: JUMPI 000004aa: DUP3 000004ab: SWAP1 000004ac: SUB 000004ad: PUSH1 0x1f 000004af: AND 000004b0: DUP3 000004b1: ADD 000004b2: SWAP2 000004b3: JUMPDEST 000004b4: POP 000004b5: POP 000004b6: SWAP3 000004b7: POP 000004b8: POP 000004b9: POP 000004ba: PUSH1 0x40 000004bc: MLOAD 000004bd: DUP1 000004be: SWAP2 000004bf: SUB 000004c0: SWAP1 000004c1: LOG1 000004c2: POP 000004c3: POP 000004c4: PUSH1 0x05 000004c6: DUP1 000004c7: SLOAD 000004c8: PUSH9 0xffffffffffffffff00 000004d2: NOT 000004d3: AND 000004d4: PUSH2 0x0100 000004d7: TIMESTAMP 000004d8: PUSH8 0xffffffffffffffff 000004e1: AND 000004e2: MUL 000004e3: OR 000004e4: SWAP1 000004e5: SSTORE 000004e6: POP 000004e7: JUMP 000004e8: JUMPDEST 000004e9: PUSH1 0x08 000004eb: SLOAD 000004ec: DUP2 000004ed: JUMP 000004ee: JUMPDEST 000004ef: PUSH1 0x06 000004f1: DUP1 000004f2: SLOAD 000004f3: PUSH1 0x01 000004f5: DUP2 000004f6: PUSH1 0x01 000004f8: AND 000004f9: ISZERO 000004fa: PUSH2 0x0100 000004fd: MUL 000004fe: SUB 000004ff: AND 00000500: PUSH1 0x02 00000502: SWAP1 00000503: DIV 00000504: DUP1 00000505: PUSH1 0x1f 00000507: ADD 00000508: PUSH1 0x20 0000050a: DUP1 0000050b: SWAP2 0000050c: DIV 0000050d: MUL 0000050e: PUSH1 0x20 00000510: ADD 00000511: PUSH1 0x40 00000513: MLOAD 00000514: SWAP1 00000515: DUP2 00000516: ADD 00000517: PUSH1 0x40 00000519: MSTORE 0000051a: DUP1 0000051b: SWAP3 0000051c: SWAP2 0000051d: SWAP1 0000051e: DUP2 0000051f: DUP2 00000520: MSTORE 00000521: PUSH1 0x20 00000523: ADD 00000524: DUP3 00000525: DUP1 00000526: SLOAD 00000527: PUSH1 0x01 00000529: DUP2 0000052a: PUSH1 0x01 0000052c: AND 0000052d: ISZERO 0000052e: PUSH2 0x0100 00000531: MUL 00000532: SUB 00000533: AND 00000534: PUSH1 0x02 00000536: SWAP1 00000537: DIV 00000538: DUP1 00000539: ISZERO 0000053a: PUSH2 0x0584 0000053d: JUMPI 0000053e: DUP1 0000053f: PUSH1 0x1f 00000541: LT 00000542: PUSH2 0x0559 00000545: JUMPI 00000546: PUSH2 0x0100 00000549: DUP1 0000054a: DUP4 0000054b: SLOAD 0000054c: DIV 0000054d: MUL 0000054e: DUP4 0000054f: MSTORE 00000550: SWAP2 00000551: PUSH1 0x20 00000553: ADD 00000554: SWAP2 00000555: PUSH2 0x0584 00000558: JUMP 00000559: JUMPDEST 0000055a: DUP3 0000055b: ADD 0000055c: SWAP2 0000055d: SWAP1 0000055e: PUSH1 0x00 00000560: MSTORE 00000561: PUSH1 0x20 00000563: PUSH1 0x00 00000565: KECCAK256 00000566: SWAP1 00000567: JUMPDEST 00000568: DUP2 00000569: SLOAD 0000056a: DUP2 0000056b: MSTORE 0000056c: SWAP1 0000056d: PUSH1 0x01 0000056f: ADD 00000570: SWAP1 00000571: PUSH1 0x20 00000573: ADD 00000574: DUP1 00000575: DUP4 00000576: GT 00000577: PUSH2 0x0567 0000057a: JUMPI 0000057b: DUP3 0000057c: SWAP1 0000057d: SUB 0000057e: PUSH1 0x1f 00000580: AND 00000581: DUP3 00000582: ADD 00000583: SWAP2 00000584: JUMPDEST 00000585: POP 00000586: POP 00000587: POP 00000588: POP 00000589: POP 0000058a: DUP2 0000058b: JUMP 0000058c: JUMPDEST 0000058d: PUSH8 0xffffffffffffffff 00000596: TIMESTAMP 00000597: AND 00000598: JUMPDEST 00000599: SWAP1 0000059a: JUMP 0000059b: JUMPDEST 0000059c: PUSH1 0x00 0000059e: PUSH2 0x05a5 000005a1: PUSH2 0x030d 000005a4: JUMP 000005a5: JUMPDEST 000005a6: ISZERO 000005a7: PUSH2 0x05af 000005aa: JUMPI 000005ab: PUSH1 0x00 000005ad: DUP1 000005ae: REVERT 000005af: JUMPDEST 000005b0: POP 000005b1: PUSH1 0x07 000005b3: SLOAD 000005b4: SWAP1 000005b5: JUMP 000005b6: JUMPDEST 000005b7: PUSH2 0x05be 000005ba: PUSH2 0x14d6 000005bd: JUMP 000005be: JUMPDEST 000005bf: PUSH1 0x05 000005c1: SLOAD 000005c2: PUSH1 0xff 000005c4: AND 000005c5: ISZERO 000005c6: ISZERO 000005c7: PUSH2 0x0601 000005ca: JUMPI 000005cb: PUSH2 0x05f3 000005ce: PUSH32 0x1100000000000000000000000000000000000000000000000000000000000000 000005ef: PUSH2 0x09c7 000005f2: JUMP 000005f3: JUMPDEST 000005f4: PUSH1 0x05 000005f6: DUP1 000005f7: SLOAD 000005f8: PUSH1 0xff 000005fa: NOT 000005fb: AND 000005fc: PUSH1 0x01 000005fe: OR 000005ff: SWAP1 00000600: SSTORE 00000601: JUMPDEST 00000602: PUSH1 0x01 00000604: SLOAD 00000605: PUSH1 0x01 00000607: PUSH1 0xa0 00000609: PUSH1 0x02 0000060b: EXP 0000060c: SUB 0000060d: AND 0000060e: PUSH4 0x524f3889 00000613: PUSH1 0x00 00000615: PUSH1 0x40 00000617: MLOAD 00000618: PUSH1 0x20 0000061a: ADD 0000061b: MSTORE 0000061c: PUSH1 0x40 0000061e: MLOAD 0000061f: PUSH1 0xe0 00000621: PUSH1 0x02 00000623: EXP 00000624: PUSH4 0xffffffff 00000629: DUP4 0000062a: AND 0000062b: MUL 0000062c: DUP2 0000062d: MSTORE 0000062e: PUSH1 0x20 00000630: PUSH1 0x04 00000632: DUP3 00000633: ADD 00000634: DUP2 00000635: SWAP1 00000636: MSTORE 00000637: PUSH1 0x03 00000639: PUSH1 0x24 0000063b: DUP4 0000063c: ADD 0000063d: MSTORE 0000063e: PUSH32 0x55524c0000000000000000000000000000000000000000000000000000000000 0000065f: PUSH1 0x44 00000661: DUP4 00000662: ADD 00000663: MSTORE 00000664: PUSH1 0x64 00000666: SWAP1 00000667: SWAP2 00000668: ADD 00000669: SWAP1 0000066a: PUSH1 0x40 0000066c: MLOAD 0000066d: DUP1 0000066e: DUP4 0000066f: SUB 00000670: DUP2 00000671: PUSH1 0x00 00000673: DUP8 00000674: DUP1 00000675: EXTCODESIZE 00000676: ISZERO 00000677: ISZERO 00000678: PUSH2 0x0680 0000067b: JUMPI 0000067c: PUSH1 0x00 0000067e: DUP1 0000067f: REVERT 00000680: JUMPDEST 00000681: PUSH2 0x02c6 00000684: GAS 00000685: SUB 00000686: CALL 00000687: ISZERO 00000688: ISZERO 00000689: PUSH2 0x0691 0000068c: JUMPI 0000068d: PUSH1 0x00 0000068f: DUP1 00000690: REVERT 00000691: JUMPDEST 00000692: POP 00000693: POP 00000694: POP 00000695: PUSH1 0x40 00000697: MLOAD 00000698: DUP1 00000699: MLOAD 0000069a: PUSH1 0x08 0000069c: DUP2 0000069d: SWAP1 0000069e: SSTORE 0000069f: CALLVALUE 000006a0: LT 000006a1: ISZERO 000006a2: SWAP1 000006a3: POP 000006a4: PUSH2 0x06ac 000006a7: JUMPI 000006a8: PUSH1 0x00 000006aa: DUP1 000006ab: REVERT 000006ac: JUMPDEST 000006ad: PUSH1 0x80 000006af: PUSH1 0x40 000006b1: MLOAD 000006b2: SWAP1 000006b3: DUP2 000006b4: ADD 000006b5: PUSH1 0x40 000006b7: MSTORE 000006b8: DUP1 000006b9: PUSH1 0x4c 000006bb: DUP2 000006bc: MSTORE 000006bd: PUSH1 0x20 000006bf: ADD 000006c0: PUSH32 0x6a736f6e2868747470733a2f2f6170692e6b72616b656e2e636f6d2f302f7075 000006e1: DUP2 000006e2: MSTORE 000006e3: PUSH1 0x20 000006e5: ADD 000006e6: PUSH32 0x626c69632f5469636b65723f706169723d455448555344292e726573756c742e 00000707: DUP2 00000708: MSTORE 00000709: PUSH1 0x20 0000070b: ADD 0000070c: PUSH32 0x584554485a5553442e632e300000000000000000000000000000000000000000 0000072d: DUP2 0000072e: MSTORE 0000072f: POP 00000730: SWAP1 00000731: POP 00000732: PUSH2 0x0770 00000735: PUSH1 0x3c 00000737: PUSH1 0x40 00000739: DUP1 0000073a: MLOAD 0000073b: SWAP1 0000073c: DUP2 0000073d: ADD 0000073e: PUSH1 0x40 00000740: MSTORE 00000741: PUSH1 0x03 00000743: DUP2 00000744: MSTORE 00000745: PUSH32 0x55524c0000000000000000000000000000000000000000000000000000000000 00000766: PUSH1 0x20 00000768: DUP3 00000769: ADD 0000076a: MSTORE 0000076b: DUP4 0000076c: PUSH2 0x0b8c 0000076f: JUMP 00000770: JUMPDEST 00000771: POP 00000772: PUSH32 0x46cb989ef9cef13e930e3b7f286225a086e716a90d63e0b7da85d310a9db0c9a 00000793: PUSH1 0x40 00000795: MLOAD 00000796: PUSH1 0x20 00000798: DUP1 00000799: DUP3 0000079a: MSTORE 0000079b: PUSH1 0x35 0000079d: SWAP1 0000079e: DUP3 0000079f: ADD 000007a0: MSTORE 000007a1: PUSH32 0x4f7261636c697a65207175657279207761732073656e742c207374616e64696e 000007c2: PUSH1 0x40 000007c4: DUP1 000007c5: DUP4 000007c6: ADD 000007c7: SWAP2 000007c8: SWAP1 000007c9: SWAP2 000007ca: MSTORE 000007cb: PUSH32 0x6720627920666f722074686520616e737765722e2e0000000000000000000000 000007ec: PUSH1 0x60 000007ee: DUP4 000007ef: ADD 000007f0: MSTORE 000007f1: PUSH1 0x80 000007f3: SWAP1 000007f4: SWAP2 000007f5: ADD 000007f6: SWAP1 000007f7: MLOAD 000007f8: DUP1 000007f9: SWAP2 000007fa: SUB 000007fb: SWAP1 000007fc: LOG1 000007fd: POP 000007fe: JUMP 000007ff: JUMPDEST 00000800: PUSH1 0x07 00000802: SLOAD 00000803: DUP2 00000804: JUMP 00000805: JUMPDEST 00000806: PUSH1 0x00 00000808: DUP1 00000809: SLOAD 0000080a: PUSH1 0x01 0000080c: PUSH1 0xa0 0000080e: PUSH1 0x02 00000810: EXP 00000811: SUB 00000812: AND 00000813: ISZERO 00000814: DUP1 00000815: PUSH2 0x0830 00000818: JUMPI 00000819: POP 0000081a: PUSH1 0x00 0000081c: SLOAD 0000081d: PUSH2 0x082e 00000820: SWAP1 00000821: PUSH1 0x01 00000823: PUSH1 0xa0 00000825: PUSH1 0x02 00000827: EXP 00000828: SUB 00000829: AND 0000082a: PUSH2 0x0f12 0000082d: JUMP 0000082e: JUMPDEST 0000082f: ISZERO 00000830: JUMPDEST 00000831: ISZERO 00000832: PUSH2 0x0841 00000835: JUMPI 00000836: PUSH2 0x083f 00000839: PUSH1 0x00 0000083b: PUSH2 0x0f16 0000083e: JUMP 0000083f: JUMPDEST 00000840: POP 00000841: JUMPDEST 00000842: PUSH1 0x00 00000844: DUP1 00000845: SLOAD 00000846: PUSH1 0x01 00000848: PUSH1 0xa0 0000084a: PUSH1 0x02 0000084c: EXP 0000084d: SUB 0000084e: AND 0000084f: SWAP1 00000850: PUSH4 0x38cc4831 00000855: SWAP1 00000856: PUSH1 0x40 00000858: MLOAD 00000859: PUSH1 0x20 0000085b: ADD 0000085c: MSTORE 0000085d: PUSH1 0x40 0000085f: MLOAD 00000860: DUP2 00000861: PUSH4 0xffffffff 00000866: AND 00000867: PUSH1 0xe0 00000869: PUSH1 0x02 0000086b: EXP 0000086c: MUL 0000086d: DUP2 0000086e: MSTORE 0000086f: PUSH1 0x04 00000871: ADD 00000872: PUSH1 0x20 00000874: PUSH1 0x40 00000876: MLOAD 00000877: DUP1 00000878: DUP4 00000879: SUB 0000087a: DUP2 0000087b: PUSH1 0x00 0000087d: DUP8 0000087e: DUP1 0000087f: EXTCODESIZE 00000880: ISZERO 00000881: ISZERO 00000882: PUSH2 0x088a 00000885: JUMPI 00000886: PUSH1 0x00 00000888: DUP1 00000889: REVERT 0000088a: JUMPDEST 0000088b: PUSH2 0x02c6 0000088e: GAS 0000088f: SUB 00000890: CALL 00000891: ISZERO 00000892: ISZERO 00000893: PUSH2 0x089b 00000896: JUMPI 00000897: PUSH1 0x00 00000899: DUP1 0000089a: REVERT 0000089b: JUMPDEST 0000089c: POP 0000089d: POP 0000089e: POP 0000089f: PUSH1 0x40 000008a1: MLOAD 000008a2: DUP1 000008a3: MLOAD 000008a4: PUSH1 0x01 000008a6: SLOAD 000008a7: PUSH1 0x01 000008a9: PUSH1 0xa0 000008ab: PUSH1 0x02 000008ad: EXP 000008ae: SUB 000008af: SWAP1 000008b0: DUP2 000008b1: AND 000008b2: SWAP2 000008b3: AND 000008b4: EQ 000008b5: SWAP1 000008b6: POP 000008b7: PUSH2 0x094b 000008ba: JUMPI 000008bb: PUSH1 0x00 000008bd: DUP1 000008be: SLOAD 000008bf: PUSH1 0x01 000008c1: PUSH1 0xa0 000008c3: PUSH1 0x02 000008c5: EXP 000008c6: SUB 000008c7: AND 000008c8: SWAP1 000008c9: PUSH4 0x38cc4831 000008ce: SWAP1 000008cf: PUSH1 0x40 000008d1: MLOAD 000008d2: PUSH1 0x20 000008d4: ADD 000008d5: MSTORE 000008d6: PUSH1 0x40 000008d8: MLOAD 000008d9: DUP2 000008da: PUSH4 0xffffffff 000008df: AND 000008e0: PUSH1 0xe0 000008e2: PUSH1 0x02 000008e4: EXP 000008e5: MUL 000008e6: DUP2 000008e7: MSTORE 000008e8: PUSH1 0x04 000008ea: ADD 000008eb: PUSH1 0x20 000008ed: PUSH1 0x40 000008ef: MLOAD 000008f0: DUP1 000008f1: DUP4 000008f2: SUB 000008f3: DUP2 000008f4: PUSH1 0x00 000008f6: DUP8 000008f7: DUP1 000008f8: EXTCODESIZE 000008f9: ISZERO 000008fa: ISZERO 000008fb: PUSH2 0x0903 000008fe: JUMPI 000008ff: PUSH1 0x00 00000901: DUP1 00000902: REVERT 00000903: JUMPDEST 00000904: PUSH2 0x02c6 00000907: GAS 00000908: SUB 00000909: CALL 0000090a: ISZERO 0000090b: ISZERO 0000090c: PUSH2 0x0914 0000090f: JUMPI 00000910: PUSH1 0x00 00000912: DUP1 00000913: REVERT 00000914: JUMPDEST 00000915: POP 00000916: POP 00000917: POP 00000918: PUSH1 0x40 0000091a: MLOAD 0000091b: DUP1 0000091c: MLOAD 0000091d: PUSH1 0x01 0000091f: DUP1 00000920: SLOAD 00000921: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000936: NOT 00000937: AND 00000938: PUSH1 0x01 0000093a: PUSH1 0xa0 0000093c: PUSH1 0x02 0000093e: EXP 0000093f: SUB 00000940: SWAP3 00000941: SWAP1 00000942: SWAP3 00000943: AND 00000944: SWAP2 00000945: SWAP1 00000946: SWAP2 00000947: OR 00000948: SWAP1 00000949: SSTORE 0000094a: POP 0000094b: JUMPDEST 0000094c: PUSH1 0x01 0000094e: SLOAD 0000094f: PUSH1 0x01 00000951: PUSH1 0xa0 00000953: PUSH1 0x02 00000955: EXP 00000956: SUB 00000957: AND 00000958: PUSH4 0xc281d19e 0000095d: PUSH1 0x00 0000095f: PUSH1 0x40 00000961: MLOAD 00000962: PUSH1 0x20 00000964: ADD 00000965: MSTORE 00000966: PUSH1 0x40 00000968: MLOAD 00000969: DUP2 0000096a: PUSH4 0xffffffff 0000096f: AND 00000970: PUSH1 0xe0 00000972: PUSH1 0x02 00000974: EXP 00000975: MUL 00000976: DUP2 00000977: MSTORE 00000978: PUSH1 0x04 0000097a: ADD 0000097b: PUSH1 0x20 0000097d: PUSH1 0x40 0000097f: MLOAD 00000980: DUP1 00000981: DUP4 00000982: SUB 00000983: DUP2 00000984: PUSH1 0x00 00000986: DUP8 00000987: DUP1 00000988: EXTCODESIZE 00000989: ISZERO 0000098a: ISZERO 0000098b: PUSH2 0x0993 0000098e: JUMPI 0000098f: PUSH1 0x00 00000991: DUP1 00000992: REVERT 00000993: JUMPDEST 00000994: PUSH2 0x02c6 00000997: GAS 00000998: SUB 00000999: CALL 0000099a: ISZERO 0000099b: ISZERO 0000099c: PUSH2 0x09a4 0000099f: JUMPI 000009a0: PUSH1 0x00 000009a2: DUP1 000009a3: REVERT 000009a4: JUMPDEST 000009a5: POP 000009a6: POP 000009a7: POP 000009a8: PUSH1 0x40 000009aa: MLOAD 000009ab: DUP1 000009ac: MLOAD 000009ad: SWAP2 000009ae: POP 000009af: POP 000009b0: SWAP1 000009b1: JUMP 000009b2: JUMPDEST 000009b3: PUSH1 0x00 000009b5: PUSH2 0x09bf 000009b8: DUP3 000009b9: PUSH1 0x00 000009bb: PUSH2 0x1297 000009be: JUMP 000009bf: JUMPDEST 000009c0: SWAP1 000009c1: POP 000009c2: JUMPDEST 000009c3: SWAP2 000009c4: SWAP1 000009c5: POP 000009c6: JUMP 000009c7: JUMPDEST 000009c8: PUSH1 0x00 000009ca: SLOAD 000009cb: PUSH1 0x01 000009cd: PUSH1 0xa0 000009cf: PUSH1 0x02 000009d1: EXP 000009d2: SUB 000009d3: AND 000009d4: ISZERO 000009d5: DUP1 000009d6: PUSH2 0x09f1 000009d9: JUMPI 000009da: POP 000009db: PUSH1 0x00 000009dd: SLOAD 000009de: PUSH2 0x09ef 000009e1: SWAP1 000009e2: PUSH1 0x01 000009e4: PUSH1 0xa0 000009e6: PUSH1 0x02 000009e8: EXP 000009e9: SUB 000009ea: AND 000009eb: PUSH2 0x0f12 000009ee: JUMP 000009ef: JUMPDEST 000009f0: ISZERO 000009f1: JUMPDEST 000009f2: ISZERO 000009f3: PUSH2 0x0a02 000009f6: JUMPI 000009f7: PUSH2 0x0a00 000009fa: PUSH1 0x00 000009fc: PUSH2 0x0f16 000009ff: JUMP 00000a00: JUMPDEST 00000a01: POP 00000a02: JUMPDEST 00000a03: PUSH1 0x00 00000a05: DUP1 00000a06: SLOAD 00000a07: PUSH1 0x01 00000a09: PUSH1 0xa0 00000a0b: PUSH1 0x02 00000a0d: EXP 00000a0e: SUB 00000a0f: AND 00000a10: SWAP1 00000a11: PUSH4 0x38cc4831 00000a16: SWAP1 00000a17: PUSH1 0x40 00000a19: MLOAD 00000a1a: PUSH1 0x20 00000a1c: ADD 00000a1d: MSTORE 00000a1e: PUSH1 0x40 00000a20: MLOAD 00000a21: DUP2 00000a22: PUSH4 0xffffffff 00000a27: AND 00000a28: PUSH1 0xe0 00000a2a: PUSH1 0x02 00000a2c: EXP 00000a2d: MUL 00000a2e: DUP2 00000a2f: MSTORE 00000a30: PUSH1 0x04 00000a32: ADD 00000a33: PUSH1 0x20 00000a35: PUSH1 0x40 00000a37: MLOAD 00000a38: DUP1 00000a39: DUP4 00000a3a: SUB 00000a3b: DUP2 00000a3c: PUSH1 0x00 00000a3e: DUP8 00000a3f: DUP1 00000a40: EXTCODESIZE 00000a41: ISZERO 00000a42: ISZERO 00000a43: PUSH2 0x0a4b 00000a46: JUMPI 00000a47: PUSH1 0x00 00000a49: DUP1 00000a4a: REVERT 00000a4b: JUMPDEST 00000a4c: PUSH2 0x02c6 00000a4f: GAS 00000a50: SUB 00000a51: CALL 00000a52: ISZERO 00000a53: ISZERO 00000a54: PUSH2 0x0a5c 00000a57: JUMPI 00000a58: PUSH1 0x00 00000a5a: DUP1 00000a5b: REVERT 00000a5c: JUMPDEST 00000a5d: POP 00000a5e: POP 00000a5f: POP 00000a60: PUSH1 0x40 00000a62: MLOAD 00000a63: DUP1 00000a64: MLOAD 00000a65: PUSH1 0x01 00000a67: SLOAD 00000a68: PUSH1 0x01 00000a6a: PUSH1 0xa0 00000a6c: PUSH1 0x02 00000a6e: EXP 00000a6f: SUB 00000a70: SWAP1 00000a71: DUP2 00000a72: AND 00000a73: SWAP2 00000a74: AND 00000a75: EQ 00000a76: SWAP1 00000a77: POP 00000a78: PUSH2 0x0b0c 00000a7b: JUMPI 00000a7c: PUSH1 0x00 00000a7e: DUP1 00000a7f: SLOAD 00000a80: PUSH1 0x01 00000a82: PUSH1 0xa0 00000a84: PUSH1 0x02 00000a86: EXP 00000a87: SUB 00000a88: AND 00000a89: SWAP1 00000a8a: PUSH4 0x38cc4831 00000a8f: SWAP1 00000a90: PUSH1 0x40 00000a92: MLOAD 00000a93: PUSH1 0x20 00000a95: ADD 00000a96: MSTORE 00000a97: PUSH1 0x40 00000a99: MLOAD 00000a9a: DUP2 00000a9b: PUSH4 0xffffffff 00000aa0: AND 00000aa1: PUSH1 0xe0 00000aa3: PUSH1 0x02 00000aa5: EXP 00000aa6: MUL 00000aa7: DUP2 00000aa8: MSTORE 00000aa9: PUSH1 0x04 00000aab: ADD 00000aac: PUSH1 0x20 00000aae: PUSH1 0x40 00000ab0: MLOAD 00000ab1: DUP1 00000ab2: DUP4 00000ab3: SUB 00000ab4: DUP2 00000ab5: PUSH1 0x00 00000ab7: DUP8 00000ab8: DUP1 00000ab9: EXTCODESIZE 00000aba: ISZERO 00000abb: ISZERO 00000abc: PUSH2 0x0ac4 00000abf: JUMPI 00000ac0: PUSH1 0x00 00000ac2: DUP1 00000ac3: REVERT 00000ac4: JUMPDEST 00000ac5: PUSH2 0x02c6 00000ac8: GAS 00000ac9: SUB 00000aca: CALL 00000acb: ISZERO 00000acc: ISZERO 00000acd: PUSH2 0x0ad5 00000ad0: JUMPI 00000ad1: PUSH1 0x00 00000ad3: DUP1 00000ad4: REVERT 00000ad5: JUMPDEST 00000ad6: POP 00000ad7: POP 00000ad8: POP 00000ad9: PUSH1 0x40 00000adb: MLOAD 00000adc: DUP1 00000add: MLOAD 00000ade: PUSH1 0x01 00000ae0: DUP1 00000ae1: SLOAD 00000ae2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000af7: NOT 00000af8: AND 00000af9: PUSH1 0x01 00000afb: PUSH1 0xa0 00000afd: PUSH1 0x02 00000aff: EXP 00000b00: SUB 00000b01: SWAP3 00000b02: SWAP1 00000b03: SWAP3 00000b04: AND 00000b05: SWAP2 00000b06: SWAP1 00000b07: SWAP2 00000b08: OR 00000b09: SWAP1 00000b0a: SSTORE 00000b0b: POP 00000b0c: JUMPDEST 00000b0d: PUSH1 0x01 00000b0f: SLOAD 00000b10: PUSH1 0x01 00000b12: PUSH1 0xa0 00000b14: PUSH1 0x02 00000b16: EXP 00000b17: SUB 00000b18: AND 00000b19: PUSH4 0x688dcfd7 00000b1e: DUP3 00000b1f: PUSH1 0x40 00000b21: MLOAD 00000b22: PUSH1 0xe0 00000b24: PUSH1 0x02 00000b26: EXP 00000b27: PUSH4 0xffffffff 00000b2c: DUP5 00000b2d: AND 00000b2e: MUL 00000b2f: DUP2 00000b30: MSTORE 00000b31: PUSH32 0xff00000000000000000000000000000000000000000000000000000000000000 00000b52: SWAP1 00000b53: SWAP2 00000b54: AND 00000b55: PUSH1 0x04 00000b57: DUP3 00000b58: ADD 00000b59: MSTORE 00000b5a: PUSH1 0x24 00000b5c: ADD 00000b5d: PUSH1 0x00 00000b5f: PUSH1 0x40 00000b61: MLOAD 00000b62: DUP1 00000b63: DUP4 00000b64: SUB 00000b65: DUP2 00000b66: PUSH1 0x00 00000b68: DUP8 00000b69: DUP1 00000b6a: EXTCODESIZE 00000b6b: ISZERO 00000b6c: ISZERO 00000b6d: PUSH2 0x0b75 00000b70: JUMPI 00000b71: PUSH1 0x00 00000b73: DUP1 00000b74: REVERT 00000b75: JUMPDEST 00000b76: PUSH2 0x02c6 00000b79: GAS 00000b7a: SUB 00000b7b: CALL 00000b7c: ISZERO 00000b7d: ISZERO 00000b7e: PUSH2 0x0b86 00000b81: JUMPI 00000b82: PUSH1 0x00 00000b84: DUP1 00000b85: REVERT 00000b86: JUMPDEST 00000b87: POP 00000b88: POP 00000b89: POP 00000b8a: POP 00000b8b: JUMP 00000b8c: JUMPDEST 00000b8d: PUSH1 0x00 00000b8f: DUP1 00000b90: SLOAD 00000b91: DUP2 00000b92: SWAP1 00000b93: PUSH1 0x01 00000b95: PUSH1 0xa0 00000b97: PUSH1 0x02 00000b99: EXP 00000b9a: SUB 00000b9b: AND 00000b9c: ISZERO 00000b9d: DUP1 00000b9e: PUSH2 0x0bb9 00000ba1: JUMPI 00000ba2: POP 00000ba3: PUSH1 0x00 00000ba5: SLOAD 00000ba6: PUSH2 0x0bb7 00000ba9: SWAP1 00000baa: PUSH1 0x01 00000bac: PUSH1 0xa0 00000bae: PUSH1 0x02 00000bb0: EXP 00000bb1: SUB 00000bb2: AND 00000bb3: PUSH2 0x0f12 00000bb6: JUMP 00000bb7: JUMPDEST 00000bb8: ISZERO 00000bb9: JUMPDEST 00000bba: ISZERO 00000bbb: PUSH2 0x0bca 00000bbe: JUMPI 00000bbf: PUSH2 0x0bc8 00000bc2: PUSH1 0x00 00000bc4: PUSH2 0x0f16 00000bc7: JUMP 00000bc8: JUMPDEST 00000bc9: POP 00000bca: JUMPDEST 00000bcb: PUSH1 0x00 00000bcd: DUP1 00000bce: SLOAD 00000bcf: PUSH1 0x01 00000bd1: PUSH1 0xa0 00000bd3: PUSH1 0x02 00000bd5: EXP 00000bd6: SUB 00000bd7: AND 00000bd8: SWAP1 00000bd9: PUSH4 0x38cc4831 00000bde: SWAP1 00000bdf: PUSH1 0x40 00000be1: MLOAD 00000be2: PUSH1 0x20 00000be4: ADD 00000be5: MSTORE 00000be6: PUSH1 0x40 00000be8: MLOAD 00000be9: DUP2 00000bea: PUSH4 0xffffffff 00000bef: AND 00000bf0: PUSH1 0xe0 00000bf2: PUSH1 0x02 00000bf4: EXP 00000bf5: MUL 00000bf6: DUP2 00000bf7: MSTORE 00000bf8: PUSH1 0x04 00000bfa: ADD 00000bfb: PUSH1 0x20 00000bfd: PUSH1 0x40 00000bff: MLOAD 00000c00: DUP1 00000c01: DUP4 00000c02: SUB 00000c03: DUP2 00000c04: PUSH1 0x00 00000c06: DUP8 00000c07: DUP1 00000c08: EXTCODESIZE 00000c09: ISZERO 00000c0a: ISZERO 00000c0b: PUSH2 0x0c13 00000c0e: JUMPI 00000c0f: PUSH1 0x00 00000c11: DUP1 00000c12: REVERT 00000c13: JUMPDEST 00000c14: PUSH2 0x02c6 00000c17: GAS 00000c18: SUB 00000c19: CALL 00000c1a: ISZERO 00000c1b: ISZERO 00000c1c: PUSH2 0x0c24 00000c1f: JUMPI 00000c20: PUSH1 0x00 00000c22: DUP1 00000c23: REVERT 00000c24: JUMPDEST 00000c25: POP 00000c26: POP 00000c27: POP 00000c28: PUSH1 0x40 00000c2a: MLOAD 00000c2b: DUP1 00000c2c: MLOAD 00000c2d: PUSH1 0x01 00000c2f: SLOAD 00000c30: PUSH1 0x01 00000c32: PUSH1 0xa0 00000c34: PUSH1 0x02 00000c36: EXP 00000c37: SUB 00000c38: SWAP1 00000c39: DUP2 00000c3a: AND 00000c3b: SWAP2 00000c3c: AND 00000c3d: EQ 00000c3e: SWAP1 00000c3f: POP 00000c40: PUSH2 0x0cd4 00000c43: JUMPI 00000c44: PUSH1 0x00 00000c46: DUP1 00000c47: SLOAD 00000c48: PUSH1 0x01 00000c4a: PUSH1 0xa0 00000c4c: PUSH1 0x02 00000c4e: EXP 00000c4f: SUB 00000c50: AND 00000c51: SWAP1 00000c52: PUSH4 0x38cc4831 00000c57: SWAP1 00000c58: PUSH1 0x40 00000c5a: MLOAD 00000c5b: PUSH1 0x20 00000c5d: ADD 00000c5e: MSTORE 00000c5f: PUSH1 0x40 00000c61: MLOAD 00000c62: DUP2 00000c63: PUSH4 0xffffffff 00000c68: AND 00000c69: PUSH1 0xe0 00000c6b: PUSH1 0x02 00000c6d: EXP 00000c6e: MUL 00000c6f: DUP2 00000c70: MSTORE 00000c71: PUSH1 0x04 00000c73: ADD 00000c74: PUSH1 0x20 00000c76: PUSH1 0x40 00000c78: MLOAD 00000c79: DUP1 00000c7a: DUP4 00000c7b: SUB 00000c7c: DUP2 00000c7d: PUSH1 0x00 00000c7f: DUP8 00000c80: DUP1 00000c81: EXTCODESIZE 00000c82: ISZERO 00000c83: ISZERO 00000c84: PUSH2 0x0c8c 00000c87: JUMPI 00000c88: PUSH1 0x00 00000c8a: DUP1 00000c8b: REVERT 00000c8c: JUMPDEST 00000c8d: PUSH2 0x02c6 00000c90: GAS 00000c91: SUB 00000c92: CALL 00000c93: ISZERO 00000c94: ISZERO 00000c95: PUSH2 0x0c9d 00000c98: JUMPI 00000c99: PUSH1 0x00 00000c9b: DUP1 00000c9c: REVERT 00000c9d: JUMPDEST 00000c9e: POP 00000c9f: POP 00000ca0: POP 00000ca1: PUSH1 0x40 00000ca3: MLOAD 00000ca4: DUP1 00000ca5: MLOAD 00000ca6: PUSH1 0x01 00000ca8: DUP1 00000ca9: SLOAD 00000caa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000cbf: NOT 00000cc0: AND 00000cc1: PUSH1 0x01 00000cc3: PUSH1 0xa0 00000cc5: PUSH1 0x02 00000cc7: EXP 00000cc8: SUB 00000cc9: SWAP3 00000cca: SWAP1 00000ccb: SWAP3 00000ccc: AND 00000ccd: SWAP2 00000cce: SWAP1 00000ccf: SWAP2 00000cd0: OR 00000cd1: SWAP1 00000cd2: SSTORE 00000cd3: POP 00000cd4: JUMPDEST 00000cd5: PUSH1 0x01 00000cd7: SLOAD 00000cd8: PUSH1 0x01 00000cda: PUSH1 0xa0 00000cdc: PUSH1 0x02 00000cde: EXP 00000cdf: SUB 00000ce0: AND 00000ce1: PUSH4 0x524f3889 00000ce6: DUP6 00000ce7: PUSH1 0x00 00000ce9: PUSH1 0x40 00000ceb: MLOAD 00000cec: PUSH1 0x20 00000cee: ADD 00000cef: MSTORE 00000cf0: PUSH1 0x40 00000cf2: MLOAD 00000cf3: DUP3 00000cf4: PUSH4 0xffffffff 00000cf9: AND 00000cfa: PUSH1 0xe0 00000cfc: PUSH1 0x02 00000cfe: EXP 00000cff: MUL 00000d00: DUP2 00000d01: MSTORE 00000d02: PUSH1 0x04 00000d04: ADD 00000d05: DUP1 00000d06: DUP1 00000d07: PUSH1 0x20 00000d09: ADD 00000d0a: DUP3 00000d0b: DUP2 00000d0c: SUB 00000d0d: DUP3 00000d0e: MSTORE 00000d0f: DUP4 00000d10: DUP2 00000d11: DUP2 00000d12: MLOAD 00000d13: DUP2 00000d14: MSTORE 00000d15: PUSH1 0x20 00000d17: ADD 00000d18: SWAP2 00000d19: POP 00000d1a: DUP1 00000d1b: MLOAD 00000d1c: SWAP1 00000d1d: PUSH1 0x20 00000d1f: ADD 00000d20: SWAP1 00000d21: DUP1 00000d22: DUP4 00000d23: DUP4 00000d24: PUSH1 0x00 00000d26: JUMPDEST 00000d27: DUP4 00000d28: DUP2 00000d29: LT 00000d2a: ISZERO 00000d2b: PUSH2 0x0d3e 00000d2e: JUMPI 00000d2f: DUP1 00000d30: DUP3 00000d31: ADD 00000d32: MLOAD 00000d33: DUP4 00000d34: DUP3 00000d35: ADD 00000d36: MSTORE 00000d37: PUSH1 0x20 00000d39: ADD 00000d3a: PUSH2 0x0d26 00000d3d: JUMP 00000d3e: JUMPDEST 00000d3f: POP 00000d40: POP 00000d41: POP 00000d42: POP 00000d43: SWAP1 00000d44: POP 00000d45: SWAP1 00000d46: DUP2 00000d47: ADD 00000d48: SWAP1 00000d49: PUSH1 0x1f 00000d4b: AND 00000d4c: DUP1 00000d4d: ISZERO 00000d4e: PUSH2 0x0d6b 00000d51: JUMPI 00000d52: DUP1 00000d53: DUP3 00000d54: SUB 00000d55: DUP1 00000d56: MLOAD 00000d57: PUSH1 0x01 00000d59: DUP4 00000d5a: PUSH1 0x20 00000d5c: SUB 00000d5d: PUSH2 0x0100 00000d60: EXP 00000d61: SUB 00000d62: NOT 00000d63: AND 00000d64: DUP2 00000d65: MSTORE 00000d66: PUSH1 0x20 00000d68: ADD 00000d69: SWAP2 00000d6a: POP 00000d6b: JUMPDEST 00000d6c: POP 00000d6d: SWAP3 00000d6e: POP 00000d6f: POP 00000d70: POP 00000d71: PUSH1 0x20 00000d73: PUSH1 0x40 00000d75: MLOAD 00000d76: DUP1 00000d77: DUP4 00000d78: SUB 00000d79: DUP2 00000d7a: PUSH1 0x00 00000d7c: DUP8 00000d7d: DUP1 00000d7e: EXTCODESIZE 00000d7f: ISZERO 00000d80: ISZERO 00000d81: PUSH2 0x0d89 00000d84: JUMPI 00000d85: PUSH1 0x00 00000d87: DUP1 00000d88: REVERT 00000d89: JUMPDEST 00000d8a: PUSH2 0x02c6 00000d8d: GAS 00000d8e: SUB 00000d8f: CALL 00000d90: ISZERO 00000d91: ISZERO 00000d92: PUSH2 0x0d9a 00000d95: JUMPI 00000d96: PUSH1 0x00 00000d98: DUP1 00000d99: REVERT 00000d9a: JUMPDEST 00000d9b: POP 00000d9c: POP 00000d9d: POP 00000d9e: PUSH1 0x40 00000da0: MLOAD 00000da1: DUP1 00000da2: MLOAD 00000da3: SWAP2 00000da4: POP 00000da5: POP 00000da6: PUSH8 0x0de0b6b3a7640000 00000daf: PUSH3 0x030d40 00000db3: GASPRICE 00000db4: MUL 00000db5: ADD 00000db6: DUP2 00000db7: GT 00000db8: ISZERO 00000db9: PUSH2 0x0dc5 00000dbc: JUMPI 00000dbd: PUSH1 0x00 00000dbf: SWAP2 00000dc0: POP 00000dc1: PUSH2 0x0f0a 00000dc4: JUMP 00000dc5: JUMPDEST 00000dc6: PUSH1 0x01 00000dc8: SLOAD 00000dc9: PUSH1 0x01 00000dcb: PUSH1 0xa0 00000dcd: PUSH1 0x02 00000dcf: EXP 00000dd0: SUB 00000dd1: AND 00000dd2: PUSH4 0xadf59f99 00000dd7: DUP3 00000dd8: DUP8 00000dd9: DUP8 00000dda: DUP8 00000ddb: PUSH1 0x00 00000ddd: PUSH1 0x40 00000ddf: MLOAD 00000de0: PUSH1 0x20 00000de2: ADD 00000de3: MSTORE 00000de4: PUSH1 0x40 00000de6: MLOAD 00000de7: DUP6 00000de8: PUSH4 0xffffffff 00000ded: AND 00000dee: PUSH1 0xe0 00000df0: PUSH1 0x02 00000df2: EXP 00000df3: MUL 00000df4: DUP2 00000df5: MSTORE 00000df6: PUSH1 0x04 00000df8: ADD 00000df9: DUP1 00000dfa: DUP5 00000dfb: DUP2 00000dfc: MSTORE 00000dfd: PUSH1 0x20 00000dff: ADD 00000e00: DUP1 00000e01: PUSH1 0x20 00000e03: ADD 00000e04: DUP1 00000e05: PUSH1 0x20 00000e07: ADD 00000e08: DUP4 00000e09: DUP2 00000e0a: SUB 00000e0b: DUP4 00000e0c: MSTORE 00000e0d: DUP6 00000e0e: DUP2 00000e0f: DUP2 00000e10: MLOAD 00000e11: DUP2 00000e12: MSTORE 00000e13: PUSH1 0x20 00000e15: ADD 00000e16: SWAP2 00000e17: POP 00000e18: DUP1 00000e19: MLOAD 00000e1a: SWAP1 00000e1b: PUSH1 0x20 00000e1d: ADD 00000e1e: SWAP1 00000e1f: DUP1 00000e20: DUP4 00000e21: DUP4 00000e22: PUSH1 0x00 00000e24: JUMPDEST 00000e25: DUP4 00000e26: DUP2 00000e27: LT 00000e28: ISZERO 00000e29: PUSH2 0x0e3c 00000e2c: JUMPI 00000e2d: DUP1 00000e2e: DUP3 00000e2f: ADD 00000e30: MLOAD 00000e31: DUP4 00000e32: DUP3 00000e33: ADD 00000e34: MSTORE 00000e35: PUSH1 0x20 00000e37: ADD 00000e38: PUSH2 0x0e24 00000e3b: JUMP 00000e3c: JUMPDEST 00000e3d: POP 00000e3e: POP 00000e3f: POP 00000e40: POP 00000e41: SWAP1 00000e42: POP 00000e43: SWAP1 00000e44: DUP2 00000e45: ADD 00000e46: SWAP1 00000e47: PUSH1 0x1f 00000e49: AND 00000e4a: DUP1 00000e4b: ISZERO 00000e4c: PUSH2 0x0e69 00000e4f: JUMPI 00000e50: DUP1 00000e51: DUP3 00000e52: SUB 00000e53: DUP1 00000e54: MLOAD 00000e55: PUSH1 0x01 00000e57: DUP4 00000e58: PUSH1 0x20 00000e5a: SUB 00000e5b: PUSH2 0x0100 00000e5e: EXP 00000e5f: SUB 00000e60: NOT 00000e61: AND 00000e62: DUP2 00000e63: MSTORE 00000e64: PUSH1 0x20 00000e66: ADD 00000e67: SWAP2 00000e68: POP 00000e69: JUMPDEST 00000e6a: POP 00000e6b: DUP4 00000e6c: DUP2 00000e6d: SUB 00000e6e: DUP3 00000e6f: MSTORE 00000e70: DUP5 00000e71: DUP2 00000e72: DUP2 00000e73: MLOAD 00000e74: DUP2 00000e75: MSTORE 00000e76: PUSH1 0x20 00000e78: ADD 00000e79: SWAP2 00000e7a: POP 00000e7b: DUP1 00000e7c: MLOAD 00000e7d: SWAP1 00000e7e: PUSH1 0x20 00000e80: ADD 00000e81: SWAP1 00000e82: DUP1 00000e83: DUP4 00000e84: DUP4 00000e85: PUSH1 0x00 00000e87: JUMPDEST 00000e88: DUP4 00000e89: DUP2 00000e8a: LT 00000e8b: ISZERO 00000e8c: PUSH2 0x0e9f 00000e8f: JUMPI 00000e90: DUP1 00000e91: DUP3 00000e92: ADD 00000e93: MLOAD 00000e94: DUP4 00000e95: DUP3 00000e96: ADD 00000e97: MSTORE 00000e98: PUSH1 0x20 00000e9a: ADD 00000e9b: PUSH2 0x0e87 00000e9e: JUMP 00000e9f: JUMPDEST 00000ea0: POP 00000ea1: POP 00000ea2: POP 00000ea3: POP 00000ea4: SWAP1 00000ea5: POP 00000ea6: SWAP1 00000ea7: DUP2 00000ea8: ADD 00000ea9: SWAP1 00000eaa: PUSH1 0x1f 00000eac: AND 00000ead: DUP1 00000eae: ISZERO 00000eaf: PUSH2 0x0ecc 00000eb2: JUMPI 00000eb3: DUP1 00000eb4: DUP3 00000eb5: SUB 00000eb6: DUP1 00000eb7: MLOAD 00000eb8: PUSH1 0x01 00000eba: DUP4 00000ebb: PUSH1 0x20 00000ebd: SUB 00000ebe: PUSH2 0x0100 00000ec1: EXP 00000ec2: SUB 00000ec3: NOT 00000ec4: AND 00000ec5: DUP2 00000ec6: MSTORE 00000ec7: PUSH1 0x20 00000ec9: ADD 00000eca: SWAP2 00000ecb: POP 00000ecc: JUMPDEST 00000ecd: POP 00000ece: SWAP6 00000ecf: POP 00000ed0: POP 00000ed1: POP 00000ed2: POP 00000ed3: POP 00000ed4: POP 00000ed5: PUSH1 0x20 00000ed7: PUSH1 0x40 00000ed9: MLOAD 00000eda: DUP1 00000edb: DUP4 00000edc: SUB 00000edd: DUP2 00000ede: DUP6 00000edf: DUP9 00000ee0: DUP1 00000ee1: EXTCODESIZE 00000ee2: ISZERO 00000ee3: ISZERO 00000ee4: PUSH2 0x0eec 00000ee7: JUMPI 00000ee8: PUSH1 0x00 00000eea: DUP1 00000eeb: REVERT 00000eec: JUMPDEST 00000eed: PUSH2 0x25ee 00000ef0: GAS 00000ef1: SUB 00000ef2: CALL 00000ef3: ISZERO 00000ef4: ISZERO 00000ef5: PUSH2 0x0efd 00000ef8: JUMPI 00000ef9: PUSH1 0x00 00000efb: DUP1 00000efc: REVERT 00000efd: JUMPDEST 00000efe: POP 00000eff: POP 00000f00: POP 00000f01: POP 00000f02: PUSH1 0x40 00000f04: MLOAD 00000f05: DUP1 00000f06: MLOAD 00000f07: SWAP3 00000f08: POP 00000f09: POP 00000f0a: JUMPDEST 00000f0b: POP 00000f0c: SWAP4 00000f0d: SWAP3 00000f0e: POP 00000f0f: POP 00000f10: POP 00000f11: JUMP 00000f12: JUMPDEST 00000f13: EXTCODESIZE 00000f14: SWAP1 00000f15: JUMP 00000f16: JUMPDEST 00000f17: PUSH1 0x00 00000f19: DUP1 00000f1a: PUSH2 0x0f36 00000f1d: PUSH20 0x1d3b2638a7cc9f2cb3d298a3da7a90b67e5506ed 00000f32: PUSH2 0x0f12 00000f35: JUMP 00000f36: JUMPDEST 00000f37: GT 00000f38: ISZERO 00000f39: PUSH2 0x0fb3 00000f3c: JUMPI 00000f3d: PUSH1 0x00 00000f3f: DUP1 00000f40: SLOAD 00000f41: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000f56: NOT 00000f57: AND 00000f58: PUSH20 0x1d3b2638a7cc9f2cb3d298a3da7a90b67e5506ed 00000f6d: OR 00000f6e: SWAP1 00000f6f: SSTORE 00000f70: PUSH2 0x0fab 00000f73: PUSH1 0x40 00000f75: DUP1 00000f76: MLOAD 00000f77: SWAP1 00000f78: DUP2 00000f79: ADD 00000f7a: PUSH1 0x40 00000f7c: MSTORE 00000f7d: PUSH1 0x0b 00000f7f: DUP2 00000f80: MSTORE 00000f81: PUSH32 0x6574685f6d61696e6e6574000000000000000000000000000000000000000000 00000fa2: PUSH1 0x20 00000fa4: DUP3 00000fa5: ADD 00000fa6: MSTORE 00000fa7: PUSH2 0x144d 00000faa: JUMP 00000fab: JUMPDEST 00000fac: POP 00000fad: PUSH1 0x01 00000faf: PUSH2 0x09c2 00000fb2: JUMP 00000fb3: JUMPDEST 00000fb4: PUSH1 0x00 00000fb6: PUSH2 0x0fd2 00000fb9: PUSH20 0xc03a2615d5efaf5f49f60b7bb6583eaec212fdf1 00000fce: PUSH2 0x0f12 00000fd1: JUMP 00000fd2: JUMPDEST 00000fd3: GT 00000fd4: ISZERO 00000fd5: PUSH2 0x1047 00000fd8: JUMPI 00000fd9: PUSH1 0x00 00000fdb: DUP1 00000fdc: SLOAD 00000fdd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000ff2: NOT 00000ff3: AND 00000ff4: PUSH20 0xc03a2615d5efaf5f49f60b7bb6583eaec212fdf1 00001009: OR 0000100a: SWAP1 0000100b: SSTORE 0000100c: PUSH2 0x0fab 0000100f: PUSH1 0x40 00001011: DUP1 00001012: MLOAD 00001013: SWAP1 00001014: DUP2 00001015: ADD 00001016: PUSH1 0x40 00001018: MSTORE 00001019: PUSH1 0x0c 0000101b: DUP2 0000101c: MSTORE 0000101d: PUSH32 0x6574685f726f707374656e330000000000000000000000000000000000000000 0000103e: PUSH1 0x20 00001040: DUP3 00001041: ADD 00001042: MSTORE 00001043: PUSH2 0x144d 00001046: JUMP 00001047: JUMPDEST 00001048: PUSH1 0x00 0000104a: PUSH2 0x1066 0000104d: PUSH20 0xb7a07bcf2ba2f2703b24c0691b5278999c59ac7e 00001062: PUSH2 0x0f12 00001065: JUMP 00001066: JUMPDEST 00001067: GT 00001068: ISZERO 00001069: PUSH2 0x10db 0000106c: JUMPI 0000106d: PUSH1 0x00 0000106f: DUP1 00001070: SLOAD 00001071: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001086: NOT 00001087: AND 00001088: PUSH20 0xb7a07bcf2ba2f2703b24c0691b5278999c59ac7e 0000109d: OR 0000109e: SWAP1 0000109f: SSTORE 000010a0: PUSH2 0x0fab 000010a3: PUSH1 0x40 000010a5: DUP1 000010a6: MLOAD 000010a7: SWAP1 000010a8: DUP2 000010a9: ADD 000010aa: PUSH1 0x40 000010ac: MSTORE 000010ad: PUSH1 0x09 000010af: DUP2 000010b0: MSTORE 000010b1: PUSH32 0x6574685f6b6f76616e0000000000000000000000000000000000000000000000 000010d2: PUSH1 0x20 000010d4: DUP3 000010d5: ADD 000010d6: MSTORE 000010d7: PUSH2 0x144d 000010da: JUMP 000010db: JUMPDEST 000010dc: PUSH1 0x00 000010de: PUSH2 0x10fa 000010e1: PUSH20 0x146500cfd35b22e4a392fe0adc06de1a1368ed48 000010f6: PUSH2 0x0f12 000010f9: JUMP 000010fa: JUMPDEST 000010fb: GT 000010fc: ISZERO 000010fd: PUSH2 0x116f 00001100: JUMPI 00001101: PUSH1 0x00 00001103: DUP1 00001104: SLOAD 00001105: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000111a: NOT 0000111b: AND 0000111c: PUSH20 0x146500cfd35b22e4a392fe0adc06de1a1368ed48 00001131: OR 00001132: SWAP1 00001133: SSTORE 00001134: PUSH2 0x0fab 00001137: PUSH1 0x40 00001139: DUP1 0000113a: MLOAD 0000113b: SWAP1 0000113c: DUP2 0000113d: ADD 0000113e: PUSH1 0x40 00001140: MSTORE 00001141: PUSH1 0x0b 00001143: DUP2 00001144: MSTORE 00001145: PUSH32 0x6574685f72696e6b656279000000000000000000000000000000000000000000 00001166: PUSH1 0x20 00001168: DUP3 00001169: ADD 0000116a: MSTORE 0000116b: PUSH2 0x144d 0000116e: JUMP 0000116f: JUMPDEST 00001170: PUSH1 0x00 00001172: PUSH2 0x118e 00001175: PUSH20 0x6f485c8bf6fc43ea212e93bbf8ce046c7f1cb475 0000118a: PUSH2 0x0f12 0000118d: JUMP 0000118e: JUMPDEST 0000118f: GT 00001190: ISZERO 00001191: PUSH2 0x11cf 00001194: JUMPI 00001195: POP 00001196: PUSH1 0x00 00001198: DUP1 00001199: SLOAD 0000119a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000011af: NOT 000011b0: AND 000011b1: PUSH20 0x6f485c8bf6fc43ea212e93bbf8ce046c7f1cb475 000011c6: OR 000011c7: SWAP1 000011c8: SSTORE 000011c9: PUSH1 0x01 000011cb: PUSH2 0x09c2 000011ce: JUMP 000011cf: JUMPDEST 000011d0: PUSH1 0x00 000011d2: PUSH2 0x11ee 000011d5: PUSH20 0x20e12a1f859b3feae5fb2a0a32c18f5a65555bbf 000011ea: PUSH2 0x0f12 000011ed: JUMP 000011ee: JUMPDEST 000011ef: GT 000011f0: ISZERO 000011f1: PUSH2 0x122f 000011f4: JUMPI 000011f5: POP 000011f6: PUSH1 0x00 000011f8: DUP1 000011f9: SLOAD 000011fa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000120f: NOT 00001210: AND 00001211: PUSH20 0x20e12a1f859b3feae5fb2a0a32c18f5a65555bbf 00001226: OR 00001227: SWAP1 00001228: SSTORE 00001229: PUSH1 0x01 0000122b: PUSH2 0x09c2 0000122e: JUMP 0000122f: JUMPDEST 00001230: PUSH1 0x00 00001232: PUSH2 0x124e 00001235: PUSH20 0x51efaf4c8b3c9afbd5ab9f4bbc82784ab6ef8faa 0000124a: PUSH2 0x0f12 0000124d: JUMP 0000124e: JUMPDEST 0000124f: GT 00001250: ISZERO 00001251: PUSH2 0x128f 00001254: JUMPI 00001255: POP 00001256: PUSH1 0x00 00001258: DUP1 00001259: SLOAD 0000125a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000126f: NOT 00001270: AND 00001271: PUSH20 0x51efaf4c8b3c9afbd5ab9f4bbc82784ab6ef8faa 00001286: OR 00001287: SWAP1 00001288: SSTORE 00001289: PUSH1 0x01 0000128b: PUSH2 0x09c2 0000128e: JUMP 0000128f: JUMPDEST 00001290: POP 00001291: PUSH1 0x00 00001293: SWAP2 00001294: SWAP1 00001295: POP 00001296: JUMP 00001297: JUMPDEST 00001298: PUSH1 0x00 0000129a: PUSH2 0x12a1 0000129d: PUSH2 0x14d6 000012a0: JUMP 000012a1: JUMPDEST 000012a2: POP 000012a3: DUP3 000012a4: PUSH1 0x00 000012a6: DUP1 000012a7: DUP1 000012a8: JUMPDEST 000012a9: DUP4 000012aa: MLOAD 000012ab: DUP2 000012ac: LT 000012ad: ISZERO 000012ae: PUSH2 0x1430 000012b1: JUMPI 000012b2: PUSH32 0x3000000000000000000000000000000000000000000000000000000000000000 000012d3: DUP5 000012d4: DUP3 000012d5: DUP2 000012d6: MLOAD 000012d7: DUP2 000012d8: LT 000012d9: PUSH2 0x12de 000012dc: JUMPI 000012dd: INVALID 000012de: JUMPDEST 000012df: ADD 000012e0: PUSH1 0x20 000012e2: ADD 000012e3: MLOAD 000012e4: PUSH1 0xf8 000012e6: PUSH1 0x02 000012e8: EXP 000012e9: SWAP1 000012ea: DIV 000012eb: PUSH1 0xf8 000012ed: PUSH1 0x02 000012ef: EXP 000012f0: MUL 000012f1: PUSH31 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00001311: NOT 00001312: AND 00001313: LT 00001314: ISZERO 00001315: DUP1 00001316: ISZERO 00001317: PUSH2 0x137f 0000131a: JUMPI 0000131b: POP 0000131c: PUSH32 0x3900000000000000000000000000000000000000000000000000000000000000 0000133d: DUP5 0000133e: DUP3 0000133f: DUP2 00001340: MLOAD 00001341: DUP2 00001342: LT 00001343: PUSH2 0x1348 00001346: JUMPI 00001347: INVALID 00001348: JUMPDEST 00001349: ADD 0000134a: PUSH1 0x20 0000134c: ADD 0000134d: MLOAD 0000134e: PUSH1 0xf8 00001350: PUSH1 0x02 00001352: EXP 00001353: SWAP1 00001354: DIV 00001355: PUSH1 0xf8 00001357: PUSH1 0x02 00001359: EXP 0000135a: MUL 0000135b: PUSH31 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000137b: NOT 0000137c: AND 0000137d: GT 0000137e: ISZERO 0000137f: JUMPDEST 00001380: ISZERO 00001381: PUSH2 0x13d5 00001384: JUMPI 00001385: DUP2 00001386: ISZERO 00001387: PUSH2 0x139e 0000138a: JUMPI 0000138b: DUP6 0000138c: ISZERO 0000138d: ISZERO 0000138e: PUSH2 0x1396 00001391: JUMPI 00001392: PUSH2 0x1430 00001395: JUMP 00001396: JUMPDEST 00001397: PUSH1 0x00 00001399: NOT 0000139a: SWAP1 0000139b: SWAP6 0000139c: ADD 0000139d: SWAP5 0000139e: JUMPDEST 0000139f: PUSH1 0x0a 000013a1: DUP4 000013a2: MUL 000013a3: SWAP3 000013a4: POP 000013a5: PUSH1 0x30 000013a7: DUP5 000013a8: DUP3 000013a9: DUP2 000013aa: MLOAD 000013ab: DUP2 000013ac: LT 000013ad: PUSH2 0x13b2 000013b0: JUMPI 000013b1: INVALID 000013b2: JUMPDEST 000013b3: ADD 000013b4: PUSH1 0x20 000013b6: ADD 000013b7: MLOAD 000013b8: PUSH1 0xf8 000013ba: PUSH1 0x02 000013bc: EXP 000013bd: SWAP1 000013be: DIV 000013bf: PUSH1 0xf8 000013c1: PUSH1 0x02 000013c3: EXP 000013c4: MUL 000013c5: PUSH1 0xf8 000013c7: PUSH1 0x02 000013c9: EXP 000013ca: SWAP1 000013cb: DIV 000013cc: SUB 000013cd: DUP4 000013ce: ADD 000013cf: SWAP3 000013d0: POP 000013d1: PUSH2 0x1428 000013d4: JUMP 000013d5: JUMPDEST 000013d6: DUP4 000013d7: DUP2 000013d8: DUP2 000013d9: MLOAD 000013da: DUP2 000013db: LT 000013dc: PUSH2 0x13e1 000013df: JUMPI 000013e0: INVALID 000013e1: JUMPDEST 000013e2: ADD 000013e3: PUSH1 0x20 000013e5: ADD 000013e6: MLOAD 000013e7: PUSH1 0xf8 000013e9: PUSH1 0x02 000013eb: EXP 000013ec: SWAP1 000013ed: DIV 000013ee: PUSH1 0xf8 000013f0: PUSH1 0x02 000013f2: EXP 000013f3: MUL 000013f4: PUSH31 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00001414: NOT 00001415: AND 00001416: PUSH1 0x2e 00001418: PUSH1 0xf8 0000141a: PUSH1 0x02 0000141c: EXP 0000141d: MUL 0000141e: EQ 0000141f: ISZERO 00001420: PUSH2 0x1428 00001423: JUMPI 00001424: PUSH1 0x01 00001426: SWAP2 00001427: POP 00001428: JUMPDEST 00001429: PUSH1 0x01 0000142b: ADD 0000142c: PUSH2 0x12a8 0000142f: JUMP 00001430: JUMPDEST 00001431: PUSH1 0x00 00001433: DUP7 00001434: GT 00001435: ISZERO 00001436: PUSH2 0x1442 00001439: JUMPI 0000143a: DUP6 0000143b: PUSH1 0x0a 0000143d: EXP 0000143e: DUP4 0000143f: MUL 00001440: SWAP3 00001441: POP 00001442: JUMPDEST 00001443: POP 00001444: SWAP1 00001445: SWAP6 00001446: SWAP5 00001447: POP 00001448: POP 00001449: POP 0000144a: POP 0000144b: POP 0000144c: JUMP 0000144d: JUMPDEST 0000144e: PUSH1 0x02 00001450: DUP2 00001451: DUP1 00001452: MLOAD 00001453: PUSH2 0x0309 00001456: SWAP3 00001457: SWAP2 00001458: PUSH1 0x20 0000145a: ADD 0000145b: SWAP1 0000145c: JUMPDEST 0000145d: DUP3 0000145e: DUP1 0000145f: SLOAD 00001460: PUSH1 0x01 00001462: DUP2 00001463: PUSH1 0x01 00001465: AND 00001466: ISZERO 00001467: PUSH2 0x0100 0000146a: MUL 0000146b: SUB 0000146c: AND 0000146d: PUSH1 0x02 0000146f: SWAP1 00001470: DIV 00001471: SWAP1 00001472: PUSH1 0x00 00001474: MSTORE 00001475: PUSH1 0x20 00001477: PUSH1 0x00 00001479: KECCAK256 0000147a: SWAP1 0000147b: PUSH1 0x1f 0000147d: ADD 0000147e: PUSH1 0x20 00001480: SWAP1 00001481: DIV 00001482: DUP2 00001483: ADD 00001484: SWAP3 00001485: DUP3 00001486: PUSH1 0x1f 00001488: LT 00001489: PUSH2 0x149d 0000148c: JUMPI 0000148d: DUP1 0000148e: MLOAD 0000148f: PUSH1 0xff 00001491: NOT 00001492: AND 00001493: DUP4 00001494: DUP1 00001495: ADD 00001496: OR 00001497: DUP6 00001498: SSTORE 00001499: PUSH2 0x14ca 0000149c: JUMP 0000149d: JUMPDEST 0000149e: DUP3 0000149f: DUP1 000014a0: ADD 000014a1: PUSH1 0x01 000014a3: ADD 000014a4: DUP6 000014a5: SSTORE 000014a6: DUP3 000014a7: ISZERO 000014a8: PUSH2 0x14ca 000014ab: JUMPI 000014ac: SWAP2 000014ad: DUP3 000014ae: ADD 000014af: JUMPDEST 000014b0: DUP3 000014b1: DUP2 000014b2: GT 000014b3: ISZERO 000014b4: PUSH2 0x14ca 000014b7: JUMPI 000014b8: DUP3 000014b9: MLOAD 000014ba: DUP3 000014bb: SSTORE 000014bc: SWAP2 000014bd: PUSH1 0x20 000014bf: ADD 000014c0: SWAP2 000014c1: SWAP1 000014c2: PUSH1 0x01 000014c4: ADD 000014c5: SWAP1 000014c6: PUSH2 0x14af 000014c9: JUMP 000014ca: JUMPDEST 000014cb: POP 000014cc: PUSH2 0x0332 000014cf: SWAP3 000014d0: SWAP2 000014d1: POP 000014d2: PUSH2 0x14e8 000014d5: JUMP 000014d6: JUMPDEST 000014d7: PUSH1 0x20 000014d9: PUSH1 0x40 000014db: MLOAD 000014dc: SWAP1 000014dd: DUP2 000014de: ADD 000014df: PUSH1 0x40 000014e1: MSTORE 000014e2: PUSH1 0x00 000014e4: DUP2 000014e5: MSTORE 000014e6: SWAP1 000014e7: JUMP 000014e8: JUMPDEST 000014e9: PUSH2 0x0598 000014ec: SWAP2 000014ed: SWAP1 000014ee: JUMPDEST 000014ef: DUP1 000014f0: DUP3 000014f1: GT 000014f2: ISZERO 000014f3: PUSH2 0x0332 000014f6: JUMPI 000014f7: PUSH1 0x00 000014f9: DUP2 000014fa: SSTORE 000014fb: PUSH1 0x01 000014fd: ADD 000014fe: PUSH2 0x14ee 00001501: JUMP 00001502: STOP 00001503: LOG1 00001504: PUSH6 0x627a7a723058 0000150b: KECCAK256 0000150c: UNKNOWN(0xBB) 0000150d: CLZ 0000150e: XOR 0000150f: PUSH3 0x5c2110 00001513: UNKNOWN(0x22) 00001514: UNKNOWN(0xA9) 00001515: PUSH25
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xf80f4cbeb289a26173745af545ad82124b74d95e0e8a88f1ca7f197bf342c0e7
call_targets:
0x667100c5ceeb56ac8fb33695c4d91a802fca749b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xf80f4cbeb289a26173745af545ad82124b74d95e0e8a88f1ca7f197bf342c0e7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x667100c5ceeb56ac8fb33695c4d91a802fca749b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x258dcbb2",
"selector": "0x258dcbb2",
"calldata_variants": [
"0x258dcbb2",
"0x258dcbb20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2d4a64f2",
"selector": "0x2d4a64f2",
"calldata_variants": [
"0x2d4a64f2",
"0x2d4a64f20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38bbfa50",
"selector": "0x38bbfa50",
"calldata_variants": [
"0x38bbfa50",
"0x38bbfa500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4c6226fc",
"selector": "0x4c6226fc",
"calldata_variants": [
"0x4c6226fc",
"0x4c6226fc0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x683e0bcd",
"selector": "0x683e0bcd",
"calldata_variants": [
"0x683e0bcd",
"0x683e0bcd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xbbe4fd50",
"selector": "0xbbe4fd50",
"calldata_variants": [
"0xbbe4fd50",
"0xbbe4fd500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc0c0b252",
"selector": "0xc0c0b252",
"calldata_variants": [
"0xc0c0b252",
"0xc0c0b2520000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1670,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2192,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2313,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 11,
"guards_detected": [],
"untrusted_call_count": 11
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xf80f4cbeb289a26173745af545ad82124b74d95e0e8a88f1ca7f197bf342c0e7
call_targets:
0x667100c5ceeb56ac8fb33695c4d91a802fca749b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xf80f4cbeb289a26173745af545ad82124b74d95e0e8a88f1ca7f197bf342c0e7",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x667100c5ceeb56ac8fb33695c4d91a802fca749b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x258dcbb2",
"selector": "0x258dcbb2",
"calldata_variants": [
"0x258dcbb2",
"0x258dcbb20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27dc297e",
"selector": "0x27dc297e",
"calldata_variants": [
"0x27dc297e",
"0x27dc297e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2d4a64f2",
"selector": "0x2d4a64f2",
"calldata_variants": [
"0x2d4a64f2",
"0x2d4a64f20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38bbfa50",
"selector": "0x38bbfa50",
"calldata_variants": [
"0x38bbfa50",
"0x38bbfa500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4c6226fc",
"selector": "0x4c6226fc",
"calldata_variants": [
"0x4c6226fc",
"0x4c6226fc0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x683e0bcd",
"selector": "0x683e0bcd",
"calldata_variants": [
"0x683e0bcd",
"0x683e0bcd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xbbe4fd50",
"selector": "0xbbe4fd50",
"calldata_variants": [
"0xbbe4fd50",
"0xbbe4fd500000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc0c0b252",
"selector": "0xc0c0b252",
"calldata_variants": [
"0xc0c0b252",
"0xc0c0b2520000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1670,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2192,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2313,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 11,
"guards_detected": []
}
|
| medium | other | codex | Multiple low-level CALLs to computed targets with possible ETH transfer | 75 | no | — |
viewevidence_json{
"evidence": "detector_findings report 11 CALL sites with computed target/value and no guards (untrusted_call_count=11, eth_value_calls=11); returndata checking is not confirmed. Calls observed at pcs 0x686, 0x890, 0x909, 0x999, 0xA51, 0xACA, 0xB7B, 0xC19, 0xC92, 0xD8F, 0xEF2.",
"locations": [
"pc:0x686",
"pc:0x890",
"pc:0x909",
"pc:0x999",
"pc:0xA51",
"pc:0xACA",
"pc:0xB7B",
"pc:0xC19",
"pc:0xC92",
"pc:0xD8F",
"pc:0xEF2"
],
"recommendation": "Restrict call targets to immutable or tightly controlled addresses, validate any setters that influence them, and consider higher-level interfaces over raw CALL. If ETH transfer is required, cap value and validate recipients.",
"exploit_scenario": "If an attacker can influence the CALL target or value (e.g., via a writable storage slot or user-controlled parameters), they could force arbitrary external calls that transfer ETH, leading to fund loss or malicious side effects. Even if targets are intended to be trusted, any misconfiguration of the stored address would route value to an attacker-controlled contract."
}
|
| medium | reentrancy | codex | State updates occur after external CALLs without a detected reentrancy guard | 75 | no | — |
viewevidence_json{
"evidence": "CALL at pc:0x686 is followed by SSTORE at pc:0x69E; no reentrancy guard is detected in the artifact (guards list empty).",
"locations": [
"pc:0x686",
"pc:0x69E"
],
"recommendation": "Update critical state before external calls (checks-effects-interactions) and/or add a reentrancy guard around external-call paths.",
"exploit_scenario": "An external call (e.g., to an oracle or other contract) happens before a storage write. If the callee can reenter (directly or indirectly), it may exploit intermediate state to trigger logic multiple times or corrupt accounting. This is especially relevant if the call target or value is attacker-influenced."
}
|
| low | access_control | codex | Configuration/address setters appear without clear access control (oracle trust boundary risk) | 65 | no | — |
viewevidence_json{
"evidence": "Only one CALLER check found at pc:0x348; several SSTOREs that write masked address values occur at pcs 0xF6F, 0x100B, 0x109F, 0x1133, 0x11C8, 0x1228, 0x1288 with no obvious caller check in those blocks. This makes access control uncertain.",
"locations": [
"pc:0x348",
"pc:0xF6F",
"pc:0x100B",
"pc:0x109F",
"pc:0x1133",
"pc:0x11C8",
"pc:0x1228",
"pc:0x1288"
],
"recommendation": "Ensure any setter that updates oracle/resolver addresses is restricted (e.g., owner-only) or hard-code/immutably set addresses at deployment. Consider emitting events and validating expected address values.",
"exploit_scenario": "The bytecode contains multiple SSTOREs that update masked address slots with hard-coded addresses. If these paths are publicly callable, a user could alter the contract\u2019s trusted oracle/resolver address, then call privileged callback paths to spoof data."
}
|
| info | other | cast | Heavy EXTCODE*/BALANCE usage | 55 | no | — |
viewevidence_json{
"notes": "frequent external code or balance checks; may indicate introspection or validation logic",
"ext_balance_count": 12
}
|