019be3d6-849a-70ac-aa79-3872e5f41725
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41086 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41087 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41088 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41089 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41090 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41091 | detector.run | complete | 1 / 3 | 2 months ago |
| 41092 | validation.fork | complete | 1 / 3 | 2 months ago |
| 41422 | report.consolidate | complete | 1 / 6 | 2 months ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":false,"summary":"Bytecode shows no proxy/delegatecall usage and hardcoded external calls to WETH/Uniswap/token addresses. One low-severity issue remains around unchecked ERC20 return data on external CALLs.","findings":[{"severity":"low","category":"other","title":"External ERC20 calls do not validate return values","exploit_scenario":"The contract performs multiple ERC20 CALLs (mint/burn/transfer/approve) where success is only determined by the CALL opcode status, not by checking the returned boolean. If any target token (notably the hardcoded 0xfe0f9f49… token) returns false without reverting, the contract will continue execution as if the operation succeeded, which can lead to incorrect accounting (e.g., a burn failing but a redemption transfer still occurring). This is a risk if any of the external token contracts are non‑standard or upgradeable.","recommendation":"Use SafeERC20-style return data checks (require success && (returndata.length==0 || abi.decode(returndata,bool))) for ERC20 interactions, or explicitly assert the external token contracts conform to the standard and are immutable.","evidence":"analysis_artifact.artifact_json.callsites show CALLs with returndata_checked=null; disassembly shows CALL to 0xfe0f9f49… with selector 0x40c10f19 at pc 0x06db, CALL to 0xfe0f9f49… with selector 0x79cc6790 at pc 0x0dbc, and CALL to WETH transfer at pc 0x0e70.","locations":["pc:0x06db","pc:0x0dbc","pc:0x0e70"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-f7mpabr5
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019be483-13e6-72d1-8d25-04392ba01f34
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
thinking
**Reading bundle metadata**
exec
/bin/bash -lc ls in /tmp/codex-f7mpabr5 succeeded in 5ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-f7mpabr5 succeeded in 8ms:
{
"analysis_artifact": {
"address": "0xa6f38924b30d10a4cad7601cc13820cb53efc4f9",
"artifact_hash": "0xde3ef4449f42641ddcb6312b98684758dd79ffb059ceb855d5e2dbf72d1e3411",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 12,
"hash": "0xb069716998e5391719014cb8a297128fff08d4f8592e721a23844fb7b9cee120",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"CALLDATASIZE",
"LT",
"PUSH2",
thinking
**Planning targeted JSON inspection**
I'm focusing on parsing key sections like evidence bundle, callsites, storage slots, and proxy from the large JSON by searching for relevant keys with ripgrep to efficiently extract needed data.
exec
/bin/bash -lc 'rg -n "evidence|storage|proxy|delegatecall|EIP" BYTECODE_BUNDLE.json' in /tmp/codex-f7mpabr5 succeeded in 7ms:
5435: "delegatecall": 0,
5439: "storage": {
5519: "delegatecall": 0,
5523: "storage": {
5603: "delegatecall": 0,
5607: "storage": {
5687: "delegatecall": 0,
5691: "storage": {
5771: "delegatecall": 0,
5775: "storage": {
5855: "delegatecall": 0,
5859: "storage": {
5939: "delegatecall": 0,
5943: "storage": {
6023: "delegatecall": 0,
6027: "storage": {
6107: "delegatecall": 0,
6111: "storage": {
6191: "delegatecall": 0,
6195: "storage": {
thinking
**Inspecting contract callsites and storage**
Planning to analyze contract callsite details and storage mappings, focusing on known selectors tied to ownership and token operations to identify untrusted external calls or delegatecalls for token transfers. I’ll parse the JSON evidence with Python for targeted extraction.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
print('keys', data.keys())
print('is_proxy', data.get('proxy_summary',{}).get('is_proxy'))
PY" in /tmp/codex-f7mpabr5 succeeded in 52ms:
keys dict_keys(['analysis_artifact', 'analysis_run', 'artifact', 'capability_graph', 'detector_findings', 'heuristics_summary'])
is_proxy None
thinking
**Exploring top-level keys**
I'm inspecting the "artifact" section next to see if it contains functions, storage, or detectors by listing its keys in Python.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
for k in data:
print(k)
PY" in /tmp/codex-f7mpabr5 succeeded in 29ms:
analysis_artifact
analysis_run
artifact
capability_graph
detector_findings
heuristics_summary
thinking
**Inspecting analysis run data**
I'm preparing to print a summary of the analysis run and related information to understand its structure and contents.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
print('analysis_run keys', data['analysis_run'].keys())
print('artifact keys', data['artifact'].keys())
print('capability_graph keys', data['capability_graph'].keys())
PY" in /tmp/codex-f7mpabr5 succeeded in 39ms:
analysis_run keys dict_keys(['address', 'block_number', 'chain_id', 'child_links', 'created_at', 'id', 'parent_links', 'status', 'updated_at'])
artifact keys dict_keys(['codehash', 'compiler_json', 'implementation_address', 'is_proxy', 'runtime_bytecode', 'verified_source'])
capability_graph keys dict_keys(['address', 'block_number', 'chain_id', 'codehash', 'created_at', 'graph_hash', 'graph_json', 'id', 'updated_at', 'version'])
thinking
**Inspecting artifact structure**
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
pprint.pp(data['artifact'])
PY" in /tmp/codex-f7mpabr5 succeeded in 43ms:
{'codehash': '0x5150ca938ef690480bf67a08558072b32242619632f552a1fe7cbc329052d953',
'compiler_json': {'compiler_version': None,
'etherscan': {'contract_name': None,
'implementation': None,
'license': 'Unknown',
'proxy': '0',
'swarm_source': None},
'optimizer_enabled': False,
'optimizer_runs': 0,
'proxy_evidence': {'status': 'not_proxy'}},
'implementation_address': None,
'is_proxy': False,
'runtime_bytecode': {'full': '0x6080604052600436106101635760003560e01c80638da5cb5b116100c0578063d7ab2dda11610074578063ddbed26f11610059578063ddbed26f146103d5578063e19b4a17146103ea578063f2fde38b1461040157600080fd5b8063d7ab2dda14610381578063db006a75146103b557600080fd5b8063a85ef678116100a5578063a85ef67814610318578063ad5c46481461032d578063bfe109281461036157600080fd5b80638da5cb5b146102da5780639c8f9f23146102f857600080fd5b806359f3051811610117578063686d675a116100fc578063686d675a14610285578063715018a6146102a557806375619ab5146102ba57600080fd5b806359f305181461024f5780636312d0e71461026f57600080fd5b806329a9736a1161014857806329a9736a146101e357806340c10f19146101f957806349bd5a5e1461021b57600080fd5b80630c3513a81461016f5780631694505e1461019757600080fd5b3661016a57005b600080fd5b34801561017b57600080fd5b50610184610421565b6040519081526020015b60405180910390f35b3480156101a357600080fd5b506101cb7f0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d81565b6040516001600160a01b03909116815260200161018e565b3480156101ef57600080fd5b5061018460025481565b34801561020557600080fd5b50610219610214366004611129565b6105f6565b005b34801561022757600080fd5b506101cb7f0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f681565b34801561025b57600080fd5b5061021961026a366004611153565b6106f4565b34801561027b57600080fd5b5061018460035481565b34801561029157600080fd5b506102196102a036600461116c565b610752565b3480156102b157600080fd5b506102196108eb565b3480156102c657600080fd5b506102196102d5366004611198565b6108ff565b3480156102e657600080fd5b506000546001600160a01b03166101cb565b34801561030457600080fd5b50610219610313366004611153565b61098f565b34801561032457600080fd5b50610219610cd3565b34801561033957600080fd5b506101cb7f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc281565b34801561036d57600080fd5b506001546101cb906001600160a01b031681565b34801561038d57600080fd5b506101cb7f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f181565b3480156103c157600080fd5b506102196103d0366004611153565b610d38565b3480156103e157600080fd5b50610184600a81565b3480156103f657600080fd5b506101846201518081565b34801561040d57600080fd5b5061021961041c366004611198565b610ea5565b6040516370a0823160e01b815230600482015260009081906001600160a01b037f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc216906370a0823190602401602060405180830381865afa15801561048a573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906104ae91906111ba565b9050600060025482633b9aca006104c591906111e9565b6104cf9190611206565b9050807f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f16001600160a01b03166318160ddd6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610530573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061055491906111ba565b11156105635760009250505090565b7f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f16001600160a01b03166318160ddd6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156105c1573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906105e591906111ba565b6105ef9082611228565b9250505090565b6001546001600160a01b031633146106555760405162461bcd60e51b815260206004820152601d60248201527f6d73672e73656e646572206973206e6f74206469737472696275746f7200000060448201526064015b60405180910390fd5b6040517f40c10f190000000000000000000000000000000000000000000000000000000081526001600160a01b038381166004830152602482018390527f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f116906340c10f1990604401600060405180830381600087803b1580156106d857600080fd5b505af11580156106ec573d6000803e3d6000fd5b505050505050565b6106fc610f32565b600254810361074d5760405162461bcd60e51b815260206004820152601d60248201527f4e6577206261636b696e67206d75737420626520646966666572656e74000000604482015260640161064c565b600255565b61075a610f32565b7f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc26001600160a01b0316816001600160a01b0316036107db5760405162461bcd60e51b815260206004820152601560248201527f43616e206e6f7420776974686472617720574554480000000000000000000000604482015260640161064c565b7f0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f66001600160a01b0316816001600160a01b03160361085c5760405162461bcd60e51b815260206004820152601360248201527f43616e206e6f74207769746864726177204c5000000000000000000000000000604482015260640161064c565b6040517fa9059cbb000000000000000000000000000000000000000000000000000000008152336004820152602481018390526001600160a01b0382169063a9059cbb906044016020604051808303816000875af11580156108c2573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108e6919061123b565b505050565b6108f3610f32565b6108fd6000610f8c565b565b610907610f32565b6001546001600160a01b0316156109605760405162461bcd60e51b815260206004820152601760248201527f6469737472696275746f7220616c726561647920736574000000000000000000604482015260640161064c565b6001805473ffffffffffffffffffffffffffffffffffffffff19166001600160a01b0392909216919091179055565b610997610f32565b6040516370a0823160e01b81523060048201526000907f0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f66001600160a01b0316906370a0823190602401602060405180830381865afa1580156109fe573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a2291906111ba565b90506064610a31600a836111e9565b610a3b9190611206565b821115610ab05760405162461bcd60e51b815260206004820152602360248201527f52656d6f76696e67206d6f7265207468616e20313025206f66206c697175696460448201527f6974790000000000000000000000000000000000000000000000000000000000606482015260840161064c565b62015180600354610ac1919061125d565b4211610b0f5760405162461bcd60e51b815260206004820152601960248201527f52656d6f766564206265666f7265203120646179206c6f636b00000000000000604482015260640161064c565b426003556040517f095ea7b30000000000000000000000000000000000000000000000000000000081526001600160a01b037f0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d81166004830152602482018490527f0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f6169063095ea7b3906044016020604051808303816000875af1158015610bbb573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610bdf919061123b565b506040517faf2979eb0000000000000000000000000000000000000000000000000000000081526001600160a01b037f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1811660048301526024820184905260006044830181905260648301523060848301524260a48301527f0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d169063af2979eb9060c4016020604051808303816000875af1158015610ca2573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610cc691906111ba565b50610ccf610fe9565b5050565b478015610d35577f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc26001600160a01b031663d0e30db0826040518263ffffffff1660e01b81526004016000604051808303818588803b1580156106d857600080fd5b50565b6040517f79cc6790000000000000000000000000000000000000000000000000000000008152336004820152602481018290527f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f16001600160a01b0316906379cc679090604401600060405180830381600087803b158015610db957600080fd5b505af1158015610dcd573d6000803e3d6000fd5b505050507f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc26001600160a01b031663a9059cbb33633b9aca0060025485610e1491906111e9565b610e1e9190611206565b6040517fffffffff0000000000000000000000000000000000000000000000000000000060e085901b1681526001600160a01b03909216600483015260248201526044016020604051808303816000875af1158015610e81573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610ccf919061123b565b610ead610f32565b6001600160a01b038116610f295760405162461bcd60e51b815260206004820152602660248201527f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160448201527f6464726573730000000000000000000000000000000000000000000000000000606482015260840161064c565b610d3581610f8c565b6000546001600160a01b031633146108fd5760405162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015260640161064c565b600080546001600160a01b0383811673ffffffffffffffffffffffffffffffffffffffff19831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6040516370a0823160e01b81523060048201526000907f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f16001600160a01b0316906370a0823190602401602060405180830381865afa158015611050573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061107491906111ba565b6040517f42966c68000000000000000000000000000000000000000000000000000000008152600481018290529091507f000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f16001600160a01b0316906342966c6890602401600060405180830381600087803b1580156110f257600080fd5b505af1158015611106573d6000803e3d6000fd5b5050505050565b80356001600160a01b038116811461112457600080fd5b919050565b6000806040838503121561113c57600080fd5b6111458361110d565b946020939093013593505050565b60006020828403121561116557600080fd5b5035919050565b6000806040838503121561117f57600080fd5b8235915061118f6020840161110d565b90509250929050565b6000602082840312156111aa57600080fd5b6111b38261110d565b9392505050565b6000602082840312156111cc57600080fd5b5051919050565b634e487b7160e01b600052601160045260246000fd5b8082028115828204841417611200576112006111d3565b92915050565b60008261122357634e487b7160e01b600052601260045260246000fd5b500490565b81810381811115611200576112006111d3565b60006020828403121561124d57600080fd5b815180151581146111b357600080fd5b80820180821115611200576112006111d356fea26469706673582212205cce0e6e44723d3b5f82e4df154bd06bad7afbe01da3abdd99c6798743865f4864736f6c63430008130033',
'head': None,
'length': 9550,
'tail': None,
'truncated': False},
'verified_source': False}
thinking
**Inspecting capability graph for function insights**
I'm checking the capability graph JSON for detailed info on functions, storage, and callsites to aid interpreting the runtime bytecode and clarify the contract's behavior.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
graph = data['capability_graph']['graph_json']
print('graph keys', graph.keys())
print('functions', len(graph.get('functions',[])))
print('callsites', len(graph.get('callsites',[])))
print('storage', len(graph.get('storage',[])))
print('proxy_summary', graph.get('proxy_summary'))
PY" in /tmp/codex-f7mpabr5 succeeded in 48ms:
graph keys dict_keys(['edges', 'nodes', 'version'])
functions 0
callsites 0
storage 0
proxy_summary None
thinking
**Inspecting analysis artifact structure**
I'm preparing to list keys inside the analysis_artifact's artifact_json to clarify whether nodes and edges appear there or in a separate capability_graph object. This will help decide where to parse graph details like nodes and edges.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
artifact_json = data['analysis_artifact']['artifact_json']
print(artifact_json.keys())
PY" in /tmp/codex-f7mpabr5 succeeded in 28ms:
dict_keys(['auth', 'basic_blocks', 'callsites', 'cfg_edges', 'cfg_hash', 'dispatcher_type', 'function_entries', 'functions', 'selectors', 'sinks', 'storage', 'version'])
thinking
**Parsing core functions and callsites**
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
artifact_json = data['analysis_artifact']['artifact_json']
print('functions', len(artifact_json['functions']))
print('function_entries', len(artifact_json['function_entries']))
print('selectors', len(artifact_json['selectors']))
print('callsites', len(artifact_json['callsites']))
print('storage', len(artifact_json['storage']))
print('dispatcher_type', artifact_json.get('dispatcher_type'))
PY" in /tmp/codex-f7mpabr5 succeeded in 41ms:
functions 20
function_entries 20
selectors 20
callsites 12
storage 4
dispatcher_type selector_jump_table
thinking
**Inspecting function details for access analysis**
I'm extracting function properties like selectors, entry points, and storage interactions from the artifact JSON to identify access control-related behavior. Next, I'll inspect the structure of a single function to confirm available data.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
functions = data['analysis_artifact']['artifact_json']['functions']
print(functions[0].keys())
pprint.pp(functions[0])
PY" in /tmp/codex-f7mpabr5 succeeded in 44ms:
dict_keys(['auth', 'entry_pc', 'selector', 'sinks', 'storage'])
{'auth': {'guards': []},
'entry_pc': 3720270447,
'selector': '0xddbed26f',
'sinks': {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5},
'storage': {'reads': 13,
'slots': [{'op': 'SLOAD',
'pc': 502,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'},
{'op': 'SLOAD',
'pc': 642,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'},
{'op': 'SLOAD',
'pc': 746,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'},
{'op': 'SLOAD',
'pc': 881,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000001'},
{'op': 'SLOAD',
'pc': 1205,
thinking
**Checking function guards**
I'm investigating whether functions with guards like auth.guards are properly identified and need detailed info on their storage and offsets. Next, I'll list functions that include guards.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
functions = data['analysis_artifact']['artifact_json']['functions']
for fn in functions:
if fn.get('auth',{}).get('guards'):
print(fn['selector'], fn['auth'])
PY" in /tmp/codex-f7mpabr5 succeeded in 32ms:
thinking
**Analyzing access controls and external calls**
Access control checks reference owner and distributor roles via revert strings, suggesting storage slots 0 and 1 might hold these addresses. Multiple external calls to known protocols raise reentrancy concerns; next focus is disassembling bytecode to map functions, verify owner-only guards, and check state changes post-calls.
thinking
**Clarifying external call targets**
Calls flagged as to untrusted targets are often to the contract itself, confirmed by call target analysis showing constant addresses matching the contract. Some calls are to other fixed addresses, so I'll inspect the full callsites list to distinguish internal versus external calls precisely.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
callsites = data['analysis_artifact']['artifact_json']['callsites']
print('callsites', len(callsites))
for c in callsites:
print(c)
PY" in /tmp/codex-f7mpabr5 succeeded in 40ms:
callsites 12
{'opcode': 'STATICCALL', 'pc': 1145, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}
{'opcode': 'STATICCALL', 'pc': 1311, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}
{'opcode': 'STATICCALL', 'pc': 1456, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}
{'opcode': 'CALL', 'pc': 1755, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'CALL', 'pc': 2225, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'STATICCALL', 'pc': 2541, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}
{'opcode': 'CALL', 'pc': 2986, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'CALL', 'pc': 3217, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'CALL', 'pc': 3516, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'CALL', 'pc': 3696, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
{'opcode': 'STATICCALL', 'pc': 4159, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}
{'opcode': 'CALL', 'pc': 4341, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}
thinking
**Analyzing external call addresses**
I'm mapping callsites to functions by parsing runtime bytecode for constant addresses, focusing on known tokens and routers like WETH and Uniswap router to identify untrusted external calls and related functions.
thinking
**Mapping functions to selectors and behaviors**
I identified functions by selectors, mapped some to known returns and roles like owner, mint, router, and backing, and uncovered that the contract acts as a distributor calling mint on another token contract. Next, I'll correlate external calls and storage writes per function to assess reentrancy and access control risks.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
functions = data['analysis_artifact']['artifact_json']['functions']
for fn in functions:
sinks=fn.get('sinks',{})
if sinks.get('call',0) or sinks.get('delegatecall',0) or sinks.get('staticcall',0):
print(fn['selector'], 'entry', fn['entry_pc'], 'sinks', sinks, 'writes', fn.get('storage',{}).get('writes',0))
PY" in /tmp/codex-f7mpabr5 succeeded in 33ms:
0xddbed26f entry 3720270447 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xe19b4a17 entry 4076725131 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xf2fde38b entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xd7ab2dda entry 3674237557 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xdb006a75 entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xa85ef678 entry 2824795768 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xad5c4648 entry 3219196200 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0xbfe10928 entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x8da5cb5b entry 2626658083 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x9c8f9f23 entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x686d675a entry 1752000346 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x715018a6 entry 1969330869 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x75619ab5 entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x59f30518 entry 1662177511 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x6312d0e7 entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x29a9736a entry 698970986 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x40c10f19 entry 1237146206 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x49bd5a5e entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x0c3513a8 entry 378818654 sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
0x1694505e entry None sinks {'call': 7, 'delegatecall': 0, 'selfdestruct': 0, 'staticcall': 5} writes 4
thinking
**Noticing identical function data**
All functions show the same sinks and writes, indicating a possible bug or artifact that aggregates data across the whole contract rather than per function. Next, I'll inspect the storage structure in the artifact JSON to verify if there’s a mapping or more detailed per-function info.
exec
/bin/bash -lc "python - <<'PY'
import json, pprint
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
storage = data['analysis_artifact']['artifact_json']['storage']
pprint.pp(storage)
PY" in /tmp/codex-f7mpabr5 succeeded in 44ms:
{'keccak_count': 1,
'reads': 13,
'slots': [{'op': 'SLOAD',
'pc': 502,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'},
{'op': 'SLOAD',
'pc': 642,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000003'},
{'op': 'SLOAD',
'pc': 746,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000000'},
{'op': 'SLOAD',
'pc': 881,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000001'},
{'op': 'SLOAD',
'pc': 1205,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000002'},
{'op': 'SLOAD',
'pc': 1529,
'slot': '0x0000000000000000000000000000000000000000000000000000000000000001'},
thinking
**Identifying security audit focus**
Storage is small and simple, so the plan is to parse contract functions by selector from runtime code to spot missing access controls, unchecked external calls, and time-based locks. Entry points seem misaligned due to large PC values, requiring a refined disassembly approach for accurate function mapping.
thinking
**Mapping function entries to analyze calls**
Function entry offsets from the dispatcher match jump destinations in runtime code, enabling targeted disassembly to inspect external calls, access controls, and state updates. Identified call targets are mostly constants (router, WETH, token), limiting untrusted call risk, though silent failures on token transfers remain possible due to unchecked return data. Owner checks appear present on sensitive setters, and state updates mostly precede external calls, reducing reentrancy risks, but disassembly around CALL opcodes will clarify these patterns.
exec
/bin/bash -lc "python - <<'PY'
import json
from collections import OrderedDict
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex = data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex = bytecode_hex[2:]
code_bytes = bytes.fromhex(bytecode_hex)
# opcode map
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
# populate known opcodes
names = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
}
for k,v in names.items():
opcodes[k]=v
# disassemble into list of (pc, opcode, imm)
ops=[]
pc=0
while pc < len(code_bytes):
op=code_bytes[pc]
name=opcodes[op]
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code_bytes[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
# build index from pc to idx
idx_by_pc={pc:i for i,(pc,_,_) in enumerate(ops)}
call_pcs=[1755,2225,2986,3217,3516,3696,4341,1145,1311,1456,2541,4159]
for cpc in call_pcs:
if cpc not in idx_by_pc:
print('call pc', cpc, 'not found')
continue
i=idx_by_pc[cpc]
start=max(0,i-10)
end=min(len(ops), i+5)
print('\\n-- context around pc', cpc, '--')
for pc,name,imm in ops[start:end]:
if imm is not None:
imm_hex='0x'+imm.hex()
print(f'{pc:04x}: {name} {imm_hex}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 38ms:
-- context around pc 1755 --
06ce: DUP1
06cf: ISZERO
06d0: PUSH2 0x06d8
06d3: JUMPI
06d4: PUSH1 0x00
06d6: DUP1
06d7: REVERT
06d8: JUMPDEST
06d9: POP
06da: GAS
06db: CALL
06dc: ISZERO
06dd: DUP1
06de: ISZERO
06df: PUSH2 0x06ec
-- context around pc 2225 --
08a4: PUSH1 0x20
thinking
**Extending disassembly context**
I'm increasing the instruction window around each call to include about 30 lines before it, aiming to capture preceding push instructions that may reveal the call target address.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex = data['artifact']['runtime_bytecode']['full'][2:]
code_bytes = bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
# same map as before
names = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
}
for k,v in names.items():
opcodes[k]=v
ops=[]
pc=0
while pc < len(code_bytes):
op=code_bytes[pc]
name=opcodes[op]
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code_bytes[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
idx_by_pc={pc:i for i,(pc,_,_) in enumerate(ops)}
call_pcs=[1755,2225,2986,3217,3516,3696,4341]
for cpc in call_pcs:
if cpc not in idx_by_pc:
print('call pc', cpc, 'not found')
continue
i=idx_by_pc[cpc]
start=max(0,i-25)
end=min(len(ops), i+5)
print('\\n-- context around pc', cpc, '--')
for pc,name,imm in ops[start:end]:
mark = '>>' if pc==cpc else ' '
if imm is not None:
imm_hex='0x'+imm.hex()
print(f'{mark}{pc:04x}: {name} {imm_hex}')
else:
print(f'{mark}{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 36ms:
-- context around pc 1755 --
06bb: SWAP1
06bc: PUSH1 0x44
06be: ADD
06bf: PUSH1 0x00
06c1: PUSH1 0x40
06c3: MLOAD
06c4: DUP1
06c5: DUP4
06c6: SUB
06c7: DUP2
06c8: PUSH1 0x00
06ca: DUP8
06cb: DUP1
06cc: EXTCODESIZE
06cd: ISZERO
06ce: DUP1
06cf: ISZERO
06d0: PUSH2 0x06d8
thinking
**Analyzing call targets**
I'm examining instructions before call at 1755 to identify the call target address, expanding disassembly view to include about 40 prior instructions for context.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full'][2:]
code_bytes=bytes.fromhex(bytecode_hex)
# disassemble function
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
}
ops=[]
pc=0
while pc < len(code_bytes):
op=code_bytes[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code_bytes[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
idx_by_pc={pc:i for i,(pc,_,_) in enumerate(ops)}
cpc=1755
if cpc in idx_by_pc:
i=idx_by_pc[cpc]
start=max(0,i-60)
end=min(len(ops), i+5)
for pc,name,imm in ops[start:end]:
mark='>>' if pc==cpc else ' '
if imm is not None:
print(f'{mark}{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{mark}{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 35ms:
064d: PUSH1 0x40
064f: MLOAD
0650: DUP1
0651: SWAP2
0652: SUB
0653: SWAP1
0654: REVERT
0655: JUMPDEST
0656: PUSH1 0x40
0658: MLOAD
0659: PUSH32 0x40c10f1900000000000000000000000000000000000000000000000000000000
067a: DUP2
067b: MSTORE
067c: PUSH1 0x01
067e: PUSH1 0x01
0680: PUSH1 0xa0
0682: SHL
0683: SUB
0684: DUP4
0685: DUP2
thinking
**Noticing target address constant in call**
The call to mint uses a fixed target address 0xfe0f9f49..., possibly related to WETH withdraw; I'll examine preceding context to confirm.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
idx_by_pc={pc:i for i,(pc,_,_) in enumerate(ops)}
cpc=3516
start=max(0, idx_by_pc[cpc]-80)
end=min(len(ops), idx_by_pc[cpc]+5)
for pc,name,imm in ops[start:end]:
mark='>>' if pc==cpc else ' '
if imm is not None:
print(f'{mark}{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{mark}{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 40ms:
0d14: AND
0d15: PUSH1 0xe0
0d17: SHL
0d18: DUP2
0d19: MSTORE
0d1a: PUSH1 0x04
0d1c: ADD
0d1d: PUSH1 0x00
0d1f: PUSH1 0x40
0d21: MLOAD
0d22: DUP1
0d23: DUP4
0d24: SUB
0d25: DUP2
0d26: DUP6
0d27: DUP9
0d28: DUP1
0d29: EXTCODESIZE
0d2a: ISZERO
0d2b: DUP1
thinking
**Identifying unknown call selector**
I'm investigating a call with an unknown selector at a specific address, suspecting it might relate to a WETH transfer based on its context. Next, I'll inspect preceding code for more clues.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
idx_by_pc={pc:i for i,(pc,_,_) in enumerate(ops)}
cpc=3696
start=max(0, idx_by_pc[cpc]-80)
end=min(len(ops), idx_by_pc[cpc]+5)
for pc,name,imm in ops[start:end]:
mark='>>' if pc==cpc else ' '
if imm is not None:
print(f'{mark}{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{mark}{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 32ms:
0dbd: ISZERO
0dbe: DUP1
0dbf: ISZERO
0dc0: PUSH2 0x0dcd
0dc3: JUMPI
0dc4: RETURNDATASIZE
0dc5: PUSH1 0x00
0dc7: DUP1
0dc8: RETURNDATACOPY
0dc9: RETURNDATASIZE
0dca: PUSH1 0x00
0dcc: REVERT
0dcd: JUMPDEST
0dce: POP
0dcf: POP
0dd0: POP
0dd1: POP
0dd2: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
0df3: PUSH1 0x01
0df5: PUSH1 0x01
thinking
**Assessing WETH transfer and access control**
The code calls WETH.transfer to msg.sender with an amount computed from storage, raising a potential vulnerability if unrestricted. The next step is to verify if access control (like onlyOwner) exists before this call to confirm if arbitrary users can drain WETH or if it's safely restricted.
thinking
**Mapping function boundaries via dispatcher**
I'm planning to identify function boundaries by parsing JUMPDESTs at dispatcher entry points, then disassembling code from selectors like 0x03ea to locate the call to 0x79cc. This helps confirm which function includes the WETH transfer call.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
# show context around entry 0x03ea
entry=0x03ea
for pc,name,imm in ops:
if pc >= entry and pc < entry+80:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 40ms:
03ea: JUMPDEST
03eb: CALLVALUE
03ec: DUP1
03ed: ISZERO
03ee: PUSH2 0x03f6
03f1: JUMPI
03f2: PUSH1 0x00
03f4: DUP1
03f5: REVERT
03f6: JUMPDEST
03f7: POP
03f8: PUSH2 0x0184
03fb: PUSH3 0x015180
03ff: DUP2
0400: JUMP
0401: JUMPDEST
0402: CALLVALUE
0403: DUP1
0404: ISZERO
0405: PUSH2 0x040d
thinking
**Identifying constant return and unsafe external calls**
A function returns a constant 86400 (likely a lock duration), and several external `CALL`s to tokens and routers occur without checking ERC20 return data, risking silent failures with non-standard tokens, including one unknown token address.
thinking
**Assessing reentrancy risk and token call checks**
No explicit reentrancy guard is detected despite external calls with possible state updates afterward, leaving reentrancy risk uncertain; non-standard ERC20 tokens are called without checking return values, risking silent failures.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
entry=0x02ba
for pc,name,imm in ops:
if pc>=entry and pc < entry+120:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 36ms:
02ba: JUMPDEST
02bb: CALLVALUE
02bc: DUP1
02bd: ISZERO
02be: PUSH2 0x02c6
02c1: JUMPI
02c2: PUSH1 0x00
02c4: DUP1
02c5: REVERT
02c6: JUMPDEST
02c7: POP
02c8: PUSH2 0x0219
02cb: PUSH2 0x02d5
02ce: CALLDATASIZE
02cf: PUSH1 0x04
02d1: PUSH2 0x1198
02d4: JUMP
02d5: JUMPDEST
02d6: PUSH2 0x08ff
02d9: JUMP
thinking
**Analyzing access control in dispatch target**
The function entry at 0x02ba decodes one argument and jumps to 0x08ff, so I'll inspect the subroutine at 0x08ff next to determine if it enforces owner or access checks there.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
entry=0x08ff
for pc,name,imm in ops:
if pc>=entry and pc < entry+80:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 30ms:
08ff: JUMPDEST
0900: PUSH2 0x0907
0903: PUSH2 0x0f32
0906: JUMP
0907: JUMPDEST
0908: PUSH1 0x01
090a: SLOAD
090b: PUSH1 0x01
090d: PUSH1 0x01
090f: PUSH1 0xa0
0911: SHL
0912: SUB
0913: AND
0914: ISZERO
0915: PUSH2 0x0960
0918: JUMPI
0919: PUSH1 0x40
091b: MLOAD
091c: PUSH3 0x461bcd
0920: PUSH1 0xe5
thinking
**Tracing initialization flow**
The function first jumps to an ownership check, then confirms slot1 is unset before setting it, likely to the input or caller; next step is to examine further to confirm this assignment.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
entry=0x0930
for pc,name,imm in ops:
if pc>=entry and pc < entry+80:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 40ms:
0930: DUP3
0931: ADD
0932: MSTORE
0933: PUSH32 0x6469737472696275746f7220616c726561647920736574000000000000000000
0954: PUSH1 0x44
0956: DUP3
0957: ADD
0958: MSTORE
0959: PUSH1 0x64
095b: ADD
095c: PUSH2 0x064c
095f: JUMP
0960: JUMPDEST
0961: PUSH1 0x01
0963: DUP1
0964: SLOAD
0965: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
097a: NOT
097b: AND
097c: PUSH1 0x01
thinking
**Exploring slot1 assignment**
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
start=0x0960
for pc,name,imm in ops:
if pc>=start and pc < start+80:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 47ms:
0960: JUMPDEST
0961: PUSH1 0x01
0963: DUP1
0964: SLOAD
0965: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
097a: NOT
097b: AND
097c: PUSH1 0x01
097e: PUSH1 0x01
0980: PUSH1 0xa0
0982: SHL
0983: SUB
0984: SWAP3
0985: SWAP1
0986: SWAP3
0987: AND
0988: SWAP2
0989: SWAP1
098a: SWAP2
098b: OR
thinking
**Inspecting critical access control functions**
I'm disassembling the functions at 0x0f32 and 0x0f8c to verify how they enforce ownership checks and confirm they safeguard sensitive actions like liquidity removal.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
for entry in [0x0f32,0x0f8c]:
print('\\n-- entry', hex(entry))
for pc,name,imm in ops:
if pc>=entry and pc < entry+80:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 33ms:
-- entry 0xf32
0f32: JUMPDEST
0f33: PUSH1 0x00
0f35: SLOAD
0f36: PUSH1 0x01
0f38: PUSH1 0x01
0f3a: PUSH1 0xa0
0f3c: SHL
0f3d: SUB
0f3e: AND
0f3f: CALLER
0f40: EQ
0f41: PUSH2 0x08fd
0f44: JUMPI
0f45: PUSH1 0x40
0f47: MLOAD
0f48: PUSH3 0x461bcd
0f4c: PUSH1 0xe5
0f4e: SHL
thinking
**Confirming owner access control and investigating transfer functions**
Access control uses the onlyOwner check at 0xf32, securing owner-only functions like transferOwnership at 0xf8c. I'll now inspect functions around 0x0cd3, potentially withdraw-related, to verify if they also require owner validation or pose access risks.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
entry=0x0cd3
for pc,name,imm in ops:
if pc>=entry and pc < entry+120:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 32ms:
0cd3: JUMPDEST
0cd4: SELFBALANCE
0cd5: DUP1
0cd6: ISZERO
0cd7: PUSH2 0x0d35
0cda: JUMPI
0cdb: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
0cfc: PUSH1 0x01
0cfe: PUSH1 0x01
0d00: PUSH1 0xa0
0d02: SHL
0d03: SUB
0d04: AND
0d05: PUSH4 0xd0e30db0
0d0a: DUP3
0d0b: PUSH1 0x40
0d0d: MLOAD
0d0e: DUP3
0d0f: PUSH4 0xffffffff
0d14: AND
thinking
**Analyzing ETH wrapping function**
The function at selector 0xa85ef678 wraps the contract's entire ETH balance into WETH by calling WETH's deposit() with value equal to the selfbalance, without access control, so anyone can trigger it safely since it only converts ETH to WETH.
thinking
**Identifying risky unchecked token call**
The contract calls an external token's burn function without checking return data, risking silent failures that could allow claiming WETH without burning tokens if the token returns false instead of reverting.
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
code=bytes.fromhex(data['artifact']['runtime_bytecode']['full'][2:])
names={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops=[]
pc=0
while pc < len(code):
op=code[pc]
name=names.get(op, f'OP_{op:02x}')
pc0=pc
pc+=1
imm=None
if 0x60 <= op <= 0x7f:
n=op-0x5f
imm=code[pc:pc+n]
pc+=n
ops.append((pc0,name,imm))
start=0x0e70
for pc,name,imm in ops:
if pc>=start and pc < start+60:
if imm is not None:
print(f'{pc:04x}: {name} 0x{imm.hex()}')
else:
print(f'{pc:04x}: {name}')
PY" in /tmp/codex-f7mpabr5 succeeded in 45ms:
0e70: CALL
0e71: ISZERO
0e72: DUP1
0e73: ISZERO
0e74: PUSH2 0x0e81
0e77: JUMPI
0e78: RETURNDATASIZE
0e79: PUSH1 0x00
0e7b: DUP1
0e7c: RETURNDATACOPY
0e7d: RETURNDATASIZE
0e7e: PUSH1 0x00
0e80: REVERT
0e81: JUMPDEST
0e82: POP
0e83: POP
0e84: POP
0e85: POP
0e86: PUSH1 0x40
0e88: MLOAD
thinking
**Assessing security findings potential**
The contract shows low reentrancy risk and safe handling of ETH calls to known trusted contracts; given this and usage of standard tokens, no significant security issues emerge, so setting no_findings to true is appropriate.
thinking
**Identifying unchecked external token call risks**
External calls to a specific token and WETH do not validate returned success values, risking silent failures in token transfers or burns if the token deviates from standards; no reentrancy guards are detected around these calls, posing a low-severity risk if those tokens are malicious or upgradeable.
codex
{"no_findings":false,"summary":"Bytecode shows no proxy/delegatecall usage and hardcoded external calls to WETH/Uniswap/token addresses. One low-severity issue remains around unchecked ERC20 return data on external CALLs.","findings":[{"severity":"low","category":"other","title":"External ERC20 calls do not validate return values","exploit_scenario":"The contract performs multiple ERC20 CALLs (mint/burn/transfer/approve) where success is only determined by the CALL opcode status, not by checking the returned boolean. If any target token (notably the hardcoded 0xfe0f9f49… token) returns false without reverting, the contract will continue execution as if the operation succeeded, which can lead to incorrect accounting (e.g., a burn failing but a redemption transfer still occurring). This is a risk if any of the external token contracts are non‑standard or upgradeable.","recommendation":"Use SafeERC20-style return data checks (require success && (returndata.length==0 || abi.decode(returndata,bool))) for ERC20 interactions, or explicitly assert the external token contracts conform to the standard and are immutable.","evidence":"analysis_artifact.artifact_json.callsites show CALLs with returndata_checked=null; disassembly shows CALL to 0xfe0f9f49… with selector 0x40c10f19 at pc 0x06db, CALL to 0xfe0f9f49… with selector 0x79cc6790 at pc 0x0dbc, and CALL to WETH transfer at pc 0x0e70.","locations":["pc:0x06db","pc:0x0dbc","pc:0x0e70"]}]}
tokens used
162,073
{
"codex": {
"ran_at": "2026-01-22T07:12:42.381830+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 9550,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode shows no proxy/delegatecall usage and hardcoded external calls to WETH/Uniswap/token addresses. One low-severity issue remains around unchecked ERC20 return data on external CALLs.",
"raw_final": {
"summary": "Bytecode shows no proxy/delegatecall usage and hardcoded external calls to WETH/Uniswap/token addresses. One low-severity issue remains around unchecked ERC20 return data on external CALLs.",
"findings": [
{
"title": "External ERC20 calls do not validate return values",
"category": "other",
"evidence": "analysis_artifact.artifact_json.callsites show CALLs with returndata_checked=null; disassembly shows CALL to 0xfe0f9f49\u2026 with selector 0x40c10f19 at pc 0x06db, CALL to 0xfe0f9f49\u2026 with selector 0x79cc6790 at pc 0x0dbc, and CALL to WETH transfer at pc 0x0e70.",
"severity": "low",
"locations": [
"pc:0x06db",
"pc:0x0dbc",
"pc:0x0e70"
],
"recommendation": "Use SafeERC20-style return data checks (require success && (returndata.length==0 || abi.decode(returndata,bool))) for ERC20 interactions, or explicitly assert the external token contracts conform to the standard and are immutable.",
"exploit_scenario": "The contract performs multiple ERC20 CALLs (mint/burn/transfer/approve) where success is only determined by the CALL opcode status, not by checking the returned boolean. If any target token (notably the hardcoded 0xfe0f9f49\u2026 token) returns false without reverting, the contract will continue execution as if the operation succeeded, which can lead to incorrect accounting (e.g., a burn failing but a redemption transfer still occurring). This is a risk if any of the external token contracts are non\u2011standard or upgradeable."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0163 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x8da5cb5b 00000019: GT 0000001a: PUSH2 0x00c0 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xd7ab2dda 00000024: GT 00000025: PUSH2 0x0074 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xddbed26f 0000002f: GT 00000030: PUSH2 0x0059 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xddbed26f 0000003a: EQ 0000003b: PUSH2 0x03d5 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xe19b4a17 00000045: EQ 00000046: PUSH2 0x03ea 00000049: JUMPI 0000004a: DUP1 0000004b: PUSH4 0xf2fde38b 00000050: EQ 00000051: PUSH2 0x0401 00000054: JUMPI 00000055: PUSH1 0x00 00000057: DUP1 00000058: REVERT 00000059: JUMPDEST 0000005a: DUP1 0000005b: PUSH4 0xd7ab2dda 00000060: EQ 00000061: PUSH2 0x0381 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0xdb006a75 0000006b: EQ 0000006c: PUSH2 0x03b5 0000006f: JUMPI 00000070: PUSH1 0x00 00000072: DUP1 00000073: REVERT 00000074: JUMPDEST 00000075: DUP1 00000076: PUSH4 0xa85ef678 0000007b: GT 0000007c: PUSH2 0x00a5 0000007f: JUMPI 00000080: DUP1 00000081: PUSH4 0xa85ef678 00000086: EQ 00000087: PUSH2 0x0318 0000008a: JUMPI 0000008b: DUP1 0000008c: PUSH4 0xad5c4648 00000091: EQ 00000092: PUSH2 0x032d 00000095: JUMPI 00000096: DUP1 00000097: PUSH4 0xbfe10928 0000009c: EQ 0000009d: PUSH2 0x0361 000000a0: JUMPI 000000a1: PUSH1 0x00 000000a3: DUP1 000000a4: REVERT 000000a5: JUMPDEST 000000a6: DUP1 000000a7: PUSH4 0x8da5cb5b 000000ac: EQ 000000ad: PUSH2 0x02da 000000b0: JUMPI 000000b1: DUP1 000000b2: PUSH4 0x9c8f9f23 000000b7: EQ 000000b8: PUSH2 0x02f8 000000bb: JUMPI 000000bc: PUSH1 0x00 000000be: DUP1 000000bf: REVERT 000000c0: JUMPDEST 000000c1: DUP1 000000c2: PUSH4 0x59f30518 000000c7: GT 000000c8: PUSH2 0x0117 000000cb: JUMPI 000000cc: DUP1 000000cd: PUSH4 0x686d675a 000000d2: GT 000000d3: PUSH2 0x00fc 000000d6: JUMPI 000000d7: DUP1 000000d8: PUSH4 0x686d675a 000000dd: EQ 000000de: PUSH2 0x0285 000000e1: JUMPI 000000e2: DUP1 000000e3: PUSH4 0x715018a6 000000e8: EQ 000000e9: PUSH2 0x02a5 000000ec: JUMPI 000000ed: DUP1 000000ee: PUSH4 0x75619ab5 000000f3: EQ 000000f4: PUSH2 0x02ba 000000f7: JUMPI 000000f8: PUSH1 0x00 000000fa: DUP1 000000fb: REVERT 000000fc: JUMPDEST 000000fd: DUP1 000000fe: PUSH4 0x59f30518 00000103: EQ 00000104: PUSH2 0x024f 00000107: JUMPI 00000108: DUP1 00000109: PUSH4 0x6312d0e7 0000010e: EQ 0000010f: PUSH2 0x026f 00000112: JUMPI 00000113: PUSH1 0x00 00000115: DUP1 00000116: REVERT 00000117: JUMPDEST 00000118: DUP1 00000119: PUSH4 0x29a9736a 0000011e: GT 0000011f: PUSH2 0x0148 00000122: JUMPI 00000123: DUP1 00000124: PUSH4 0x29a9736a 00000129: EQ 0000012a: PUSH2 0x01e3 0000012d: JUMPI 0000012e: DUP1 0000012f: PUSH4 0x40c10f19 00000134: EQ 00000135: PUSH2 0x01f9 00000138: JUMPI 00000139: DUP1 0000013a: PUSH4 0x49bd5a5e 0000013f: EQ 00000140: PUSH2 0x021b 00000143: JUMPI 00000144: PUSH1 0x00 00000146: DUP1 00000147: REVERT 00000148: JUMPDEST 00000149: DUP1 0000014a: PUSH4 0x0c3513a8 0000014f: EQ 00000150: PUSH2 0x016f 00000153: JUMPI 00000154: DUP1 00000155: PUSH4 0x1694505e 0000015a: EQ 0000015b: PUSH2 0x0197 0000015e: JUMPI 0000015f: PUSH1 0x00 00000161: DUP1 00000162: REVERT 00000163: JUMPDEST 00000164: CALLDATASIZE 00000165: PUSH2 0x016a 00000168: JUMPI 00000169: STOP 0000016a: JUMPDEST 0000016b: PUSH1 0x00 0000016d: DUP1 0000016e: REVERT 0000016f: JUMPDEST 00000170: CALLVALUE 00000171: DUP1 00000172: ISZERO 00000173: PUSH2 0x017b 00000176: JUMPI 00000177: PUSH1 0x00 00000179: DUP1 0000017a: REVERT 0000017b: JUMPDEST 0000017c: POP 0000017d: PUSH2 0x0184 00000180: PUSH2 0x0421 00000183: JUMP 00000184: JUMPDEST 00000185: PUSH1 0x40 00000187: MLOAD 00000188: SWAP1 00000189: DUP2 0000018a: MSTORE 0000018b: PUSH1 0x20 0000018d: ADD 0000018e: JUMPDEST 0000018f: PUSH1 0x40 00000191: MLOAD 00000192: DUP1 00000193: SWAP2 00000194: SUB 00000195: SWAP1 00000196: RETURN 00000197: JUMPDEST 00000198: CALLVALUE 00000199: DUP1 0000019a: ISZERO 0000019b: PUSH2 0x01a3 0000019e: JUMPI 0000019f: PUSH1 0x00 000001a1: DUP1 000001a2: REVERT 000001a3: JUMPDEST 000001a4: POP 000001a5: PUSH2 0x01cb 000001a8: PUSH32 0x0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d 000001c9: DUP2 000001ca: JUMP 000001cb: JUMPDEST 000001cc: PUSH1 0x40 000001ce: MLOAD 000001cf: PUSH1 0x01 000001d1: PUSH1 0x01 000001d3: PUSH1 0xa0 000001d5: SHL 000001d6: SUB 000001d7: SWAP1 000001d8: SWAP2 000001d9: AND 000001da: DUP2 000001db: MSTORE 000001dc: PUSH1 0x20 000001de: ADD 000001df: PUSH2 0x018e 000001e2: JUMP 000001e3: JUMPDEST 000001e4: CALLVALUE 000001e5: DUP1 000001e6: ISZERO 000001e7: PUSH2 0x01ef 000001ea: JUMPI 000001eb: PUSH1 0x00 000001ed: DUP1 000001ee: REVERT 000001ef: JUMPDEST 000001f0: POP 000001f1: PUSH2 0x0184 000001f4: PUSH1 0x02 000001f6: SLOAD 000001f7: DUP2 000001f8: JUMP 000001f9: JUMPDEST 000001fa: CALLVALUE 000001fb: DUP1 000001fc: ISZERO 000001fd: PUSH2 0x0205 00000200: JUMPI 00000201: PUSH1 0x00 00000203: DUP1 00000204: REVERT 00000205: JUMPDEST 00000206: POP 00000207: PUSH2 0x0219 0000020a: PUSH2 0x0214 0000020d: CALLDATASIZE 0000020e: PUSH1 0x04 00000210: PUSH2 0x1129 00000213: JUMP 00000214: JUMPDEST 00000215: PUSH2 0x05f6 00000218: JUMP 00000219: JUMPDEST 0000021a: STOP 0000021b: JUMPDEST 0000021c: CALLVALUE 0000021d: DUP1 0000021e: ISZERO 0000021f: PUSH2 0x0227 00000222: JUMPI 00000223: PUSH1 0x00 00000225: DUP1 00000226: REVERT 00000227: JUMPDEST 00000228: POP 00000229: PUSH2 0x01cb 0000022c: PUSH32 0x0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f6 0000024d: DUP2 0000024e: JUMP 0000024f: JUMPDEST 00000250: CALLVALUE 00000251: DUP1 00000252: ISZERO 00000253: PUSH2 0x025b 00000256: JUMPI 00000257: PUSH1 0x00 00000259: DUP1 0000025a: REVERT 0000025b: JUMPDEST 0000025c: POP 0000025d: PUSH2 0x0219 00000260: PUSH2 0x026a 00000263: CALLDATASIZE 00000264: PUSH1 0x04 00000266: PUSH2 0x1153 00000269: JUMP 0000026a: JUMPDEST 0000026b: PUSH2 0x06f4 0000026e: JUMP 0000026f: JUMPDEST 00000270: CALLVALUE 00000271: DUP1 00000272: ISZERO 00000273: PUSH2 0x027b 00000276: JUMPI 00000277: PUSH1 0x00 00000279: DUP1 0000027a: REVERT 0000027b: JUMPDEST 0000027c: POP 0000027d: PUSH2 0x0184 00000280: PUSH1 0x03 00000282: SLOAD 00000283: DUP2 00000284: JUMP 00000285: JUMPDEST 00000286: CALLVALUE 00000287: DUP1 00000288: ISZERO 00000289: PUSH2 0x0291 0000028c: JUMPI 0000028d: PUSH1 0x00 0000028f: DUP1 00000290: REVERT 00000291: JUMPDEST 00000292: POP 00000293: PUSH2 0x0219 00000296: PUSH2 0x02a0 00000299: CALLDATASIZE 0000029a: PUSH1 0x04 0000029c: PUSH2 0x116c 0000029f: JUMP 000002a0: JUMPDEST 000002a1: PUSH2 0x0752 000002a4: JUMP 000002a5: JUMPDEST 000002a6: CALLVALUE 000002a7: DUP1 000002a8: ISZERO 000002a9: PUSH2 0x02b1 000002ac: JUMPI 000002ad: PUSH1 0x00 000002af: DUP1 000002b0: REVERT 000002b1: JUMPDEST 000002b2: POP 000002b3: PUSH2 0x0219 000002b6: PUSH2 0x08eb 000002b9: JUMP 000002ba: JUMPDEST 000002bb: CALLVALUE 000002bc: DUP1 000002bd: ISZERO 000002be: PUSH2 0x02c6 000002c1: JUMPI 000002c2: PUSH1 0x00 000002c4: DUP1 000002c5: REVERT 000002c6: JUMPDEST 000002c7: POP 000002c8: PUSH2 0x0219 000002cb: PUSH2 0x02d5 000002ce: CALLDATASIZE 000002cf: PUSH1 0x04 000002d1: PUSH2 0x1198 000002d4: JUMP 000002d5: JUMPDEST 000002d6: PUSH2 0x08ff 000002d9: JUMP 000002da: JUMPDEST 000002db: CALLVALUE 000002dc: DUP1 000002dd: ISZERO 000002de: PUSH2 0x02e6 000002e1: JUMPI 000002e2: PUSH1 0x00 000002e4: DUP1 000002e5: REVERT 000002e6: JUMPDEST 000002e7: POP 000002e8: PUSH1 0x00 000002ea: SLOAD 000002eb: PUSH1 0x01 000002ed: PUSH1 0x01 000002ef: PUSH1 0xa0 000002f1: SHL 000002f2: SUB 000002f3: AND 000002f4: PUSH2 0x01cb 000002f7: JUMP 000002f8: JUMPDEST 000002f9: CALLVALUE 000002fa: DUP1 000002fb: ISZERO 000002fc: PUSH2 0x0304 000002ff: JUMPI 00000300: PUSH1 0x00 00000302: DUP1 00000303: REVERT 00000304: JUMPDEST 00000305: POP 00000306: PUSH2 0x0219 00000309: PUSH2 0x0313 0000030c: CALLDATASIZE 0000030d: PUSH1 0x04 0000030f: PUSH2 0x1153 00000312: JUMP 00000313: JUMPDEST 00000314: PUSH2 0x098f 00000317: JUMP 00000318: JUMPDEST 00000319: CALLVALUE 0000031a: DUP1 0000031b: ISZERO 0000031c: PUSH2 0x0324 0000031f: JUMPI 00000320: PUSH1 0x00 00000322: DUP1 00000323: REVERT 00000324: JUMPDEST 00000325: POP 00000326: PUSH2 0x0219 00000329: PUSH2 0x0cd3 0000032c: JUMP 0000032d: JUMPDEST 0000032e: CALLVALUE 0000032f: DUP1 00000330: ISZERO 00000331: PUSH2 0x0339 00000334: JUMPI 00000335: PUSH1 0x00 00000337: DUP1 00000338: REVERT 00000339: JUMPDEST 0000033a: POP 0000033b: PUSH2 0x01cb 0000033e: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 0000035f: DUP2 00000360: JUMP 00000361: JUMPDEST 00000362: CALLVALUE 00000363: DUP1 00000364: ISZERO 00000365: PUSH2 0x036d 00000368: JUMPI 00000369: PUSH1 0x00 0000036b: DUP1 0000036c: REVERT 0000036d: JUMPDEST 0000036e: POP 0000036f: PUSH1 0x01 00000371: SLOAD 00000372: PUSH2 0x01cb 00000375: SWAP1 00000376: PUSH1 0x01 00000378: PUSH1 0x01 0000037a: PUSH1 0xa0 0000037c: SHL 0000037d: SUB 0000037e: AND 0000037f: DUP2 00000380: JUMP 00000381: JUMPDEST 00000382: CALLVALUE 00000383: DUP1 00000384: ISZERO 00000385: PUSH2 0x038d 00000388: JUMPI 00000389: PUSH1 0x00 0000038b: DUP1 0000038c: REVERT 0000038d: JUMPDEST 0000038e: POP 0000038f: PUSH2 0x01cb 00000392: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 000003b3: DUP2 000003b4: JUMP 000003b5: JUMPDEST 000003b6: CALLVALUE 000003b7: DUP1 000003b8: ISZERO 000003b9: PUSH2 0x03c1 000003bc: JUMPI 000003bd: PUSH1 0x00 000003bf: DUP1 000003c0: REVERT 000003c1: JUMPDEST 000003c2: POP 000003c3: PUSH2 0x0219 000003c6: PUSH2 0x03d0 000003c9: CALLDATASIZE 000003ca: PUSH1 0x04 000003cc: PUSH2 0x1153 000003cf: JUMP 000003d0: JUMPDEST 000003d1: PUSH2 0x0d38 000003d4: JUMP 000003d5: JUMPDEST 000003d6: CALLVALUE 000003d7: DUP1 000003d8: ISZERO 000003d9: PUSH2 0x03e1 000003dc: JUMPI 000003dd: PUSH1 0x00 000003df: DUP1 000003e0: REVERT 000003e1: JUMPDEST 000003e2: POP 000003e3: PUSH2 0x0184 000003e6: PUSH1 0x0a 000003e8: DUP2 000003e9: JUMP 000003ea: JUMPDEST 000003eb: CALLVALUE 000003ec: DUP1 000003ed: ISZERO 000003ee: PUSH2 0x03f6 000003f1: JUMPI 000003f2: PUSH1 0x00 000003f4: DUP1 000003f5: REVERT 000003f6: JUMPDEST 000003f7: POP 000003f8: PUSH2 0x0184 000003fb: PUSH3 0x015180 000003ff: DUP2 00000400: JUMP 00000401: JUMPDEST 00000402: CALLVALUE 00000403: DUP1 00000404: ISZERO 00000405: PUSH2 0x040d 00000408: JUMPI 00000409: PUSH1 0x00 0000040b: DUP1 0000040c: REVERT 0000040d: JUMPDEST 0000040e: POP 0000040f: PUSH2 0x0219 00000412: PUSH2 0x041c 00000415: CALLDATASIZE 00000416: PUSH1 0x04 00000418: PUSH2 0x1198 0000041b: JUMP 0000041c: JUMPDEST 0000041d: PUSH2 0x0ea5 00000420: JUMP 00000421: JUMPDEST 00000422: PUSH1 0x40 00000424: MLOAD 00000425: PUSH4 0x70a08231 0000042a: PUSH1 0xe0 0000042c: SHL 0000042d: DUP2 0000042e: MSTORE 0000042f: ADDRESS 00000430: PUSH1 0x04 00000432: DUP3 00000433: ADD 00000434: MSTORE 00000435: PUSH1 0x00 00000437: SWAP1 00000438: DUP2 00000439: SWAP1 0000043a: PUSH1 0x01 0000043c: PUSH1 0x01 0000043e: PUSH1 0xa0 00000440: SHL 00000441: SUB 00000442: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000463: AND 00000464: SWAP1 00000465: PUSH4 0x70a08231 0000046a: SWAP1 0000046b: PUSH1 0x24 0000046d: ADD 0000046e: PUSH1 0x20 00000470: PUSH1 0x40 00000472: MLOAD 00000473: DUP1 00000474: DUP4 00000475: SUB 00000476: DUP2 00000477: DUP7 00000478: GAS 00000479: STATICCALL 0000047a: ISZERO 0000047b: DUP1 0000047c: ISZERO 0000047d: PUSH2 0x048a 00000480: JUMPI 00000481: RETURNDATASIZE 00000482: PUSH1 0x00 00000484: DUP1 00000485: RETURNDATACOPY 00000486: RETURNDATASIZE 00000487: PUSH1 0x00 00000489: REVERT 0000048a: JUMPDEST 0000048b: POP 0000048c: POP 0000048d: POP 0000048e: POP 0000048f: PUSH1 0x40 00000491: MLOAD 00000492: RETURNDATASIZE 00000493: PUSH1 0x1f 00000495: NOT 00000496: PUSH1 0x1f 00000498: DUP3 00000499: ADD 0000049a: AND 0000049b: DUP3 0000049c: ADD 0000049d: DUP1 0000049e: PUSH1 0x40 000004a0: MSTORE 000004a1: POP 000004a2: DUP2 000004a3: ADD 000004a4: SWAP1 000004a5: PUSH2 0x04ae 000004a8: SWAP2 000004a9: SWAP1 000004aa: PUSH2 0x11ba 000004ad: JUMP 000004ae: JUMPDEST 000004af: SWAP1 000004b0: POP 000004b1: PUSH1 0x00 000004b3: PUSH1 0x02 000004b5: SLOAD 000004b6: DUP3 000004b7: PUSH4 0x3b9aca00 000004bc: PUSH2 0x04c5 000004bf: SWAP2 000004c0: SWAP1 000004c1: PUSH2 0x11e9 000004c4: JUMP 000004c5: JUMPDEST 000004c6: PUSH2 0x04cf 000004c9: SWAP2 000004ca: SWAP1 000004cb: PUSH2 0x1206 000004ce: JUMP 000004cf: JUMPDEST 000004d0: SWAP1 000004d1: POP 000004d2: DUP1 000004d3: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 000004f4: PUSH1 0x01 000004f6: PUSH1 0x01 000004f8: PUSH1 0xa0 000004fa: SHL 000004fb: SUB 000004fc: AND 000004fd: PUSH4 0x18160ddd 00000502: PUSH1 0x40 00000504: MLOAD 00000505: DUP2 00000506: PUSH4 0xffffffff 0000050b: AND 0000050c: PUSH1 0xe0 0000050e: SHL 0000050f: DUP2 00000510: MSTORE 00000511: PUSH1 0x04 00000513: ADD 00000514: PUSH1 0x20 00000516: PUSH1 0x40 00000518: MLOAD 00000519: DUP1 0000051a: DUP4 0000051b: SUB 0000051c: DUP2 0000051d: DUP7 0000051e: GAS 0000051f: STATICCALL 00000520: ISZERO 00000521: DUP1 00000522: ISZERO 00000523: PUSH2 0x0530 00000526: JUMPI 00000527: RETURNDATASIZE 00000528: PUSH1 0x00 0000052a: DUP1 0000052b: RETURNDATACOPY 0000052c: RETURNDATASIZE 0000052d: PUSH1 0x00 0000052f: REVERT 00000530: JUMPDEST 00000531: POP 00000532: POP 00000533: POP 00000534: POP 00000535: PUSH1 0x40 00000537: MLOAD 00000538: RETURNDATASIZE 00000539: PUSH1 0x1f 0000053b: NOT 0000053c: PUSH1 0x1f 0000053e: DUP3 0000053f: ADD 00000540: AND 00000541: DUP3 00000542: ADD 00000543: DUP1 00000544: PUSH1 0x40 00000546: MSTORE 00000547: POP 00000548: DUP2 00000549: ADD 0000054a: SWAP1 0000054b: PUSH2 0x0554 0000054e: SWAP2 0000054f: SWAP1 00000550: PUSH2 0x11ba 00000553: JUMP 00000554: JUMPDEST 00000555: GT 00000556: ISZERO 00000557: PUSH2 0x0563 0000055a: JUMPI 0000055b: PUSH1 0x00 0000055d: SWAP3 0000055e: POP 0000055f: POP 00000560: POP 00000561: SWAP1 00000562: JUMP 00000563: JUMPDEST 00000564: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 00000585: PUSH1 0x01 00000587: PUSH1 0x01 00000589: PUSH1 0xa0 0000058b: SHL 0000058c: SUB 0000058d: AND 0000058e: PUSH4 0x18160ddd 00000593: PUSH1 0x40 00000595: MLOAD 00000596: DUP2 00000597: PUSH4 0xffffffff 0000059c: AND 0000059d: PUSH1 0xe0 0000059f: SHL 000005a0: DUP2 000005a1: MSTORE 000005a2: PUSH1 0x04 000005a4: ADD 000005a5: PUSH1 0x20 000005a7: PUSH1 0x40 000005a9: MLOAD 000005aa: DUP1 000005ab: DUP4 000005ac: SUB 000005ad: DUP2 000005ae: DUP7 000005af: GAS 000005b0: STATICCALL 000005b1: ISZERO 000005b2: DUP1 000005b3: ISZERO 000005b4: PUSH2 0x05c1 000005b7: JUMPI 000005b8: RETURNDATASIZE 000005b9: PUSH1 0x00 000005bb: DUP1 000005bc: RETURNDATACOPY 000005bd: RETURNDATASIZE 000005be: PUSH1 0x00 000005c0: REVERT 000005c1: JUMPDEST 000005c2: POP 000005c3: POP 000005c4: POP 000005c5: POP 000005c6: PUSH1 0x40 000005c8: MLOAD 000005c9: RETURNDATASIZE 000005ca: PUSH1 0x1f 000005cc: NOT 000005cd: PUSH1 0x1f 000005cf: DUP3 000005d0: ADD 000005d1: AND 000005d2: DUP3 000005d3: ADD 000005d4: DUP1 000005d5: PUSH1 0x40 000005d7: MSTORE 000005d8: POP 000005d9: DUP2 000005da: ADD 000005db: SWAP1 000005dc: PUSH2 0x05e5 000005df: SWAP2 000005e0: SWAP1 000005e1: PUSH2 0x11ba 000005e4: JUMP 000005e5: JUMPDEST 000005e6: PUSH2 0x05ef 000005e9: SWAP1 000005ea: DUP3 000005eb: PUSH2 0x1228 000005ee: JUMP 000005ef: JUMPDEST 000005f0: SWAP3 000005f1: POP 000005f2: POP 000005f3: POP 000005f4: SWAP1 000005f5: JUMP 000005f6: JUMPDEST 000005f7: PUSH1 0x01 000005f9: SLOAD 000005fa: PUSH1 0x01 000005fc: PUSH1 0x01 000005fe: PUSH1 0xa0 00000600: SHL 00000601: SUB 00000602: AND 00000603: CALLER 00000604: EQ 00000605: PUSH2 0x0655 00000608: JUMPI 00000609: PUSH1 0x40 0000060b: MLOAD 0000060c: PUSH3 0x461bcd 00000610: PUSH1 0xe5 00000612: SHL 00000613: DUP2 00000614: MSTORE 00000615: PUSH1 0x20 00000617: PUSH1 0x04 00000619: DUP3 0000061a: ADD 0000061b: MSTORE 0000061c: PUSH1 0x1d 0000061e: PUSH1 0x24 00000620: DUP3 00000621: ADD 00000622: MSTORE 00000623: PUSH32 0x6d73672e73656e646572206973206e6f74206469737472696275746f72000000 00000644: PUSH1 0x44 00000646: DUP3 00000647: ADD 00000648: MSTORE 00000649: PUSH1 0x64 0000064b: ADD 0000064c: JUMPDEST 0000064d: PUSH1 0x40 0000064f: MLOAD 00000650: DUP1 00000651: SWAP2 00000652: SUB 00000653: SWAP1 00000654: REVERT 00000655: JUMPDEST 00000656: PUSH1 0x40 00000658: MLOAD 00000659: PUSH32 0x40c10f1900000000000000000000000000000000000000000000000000000000 0000067a: DUP2 0000067b: MSTORE 0000067c: PUSH1 0x01 0000067e: PUSH1 0x01 00000680: PUSH1 0xa0 00000682: SHL 00000683: SUB 00000684: DUP4 00000685: DUP2 00000686: AND 00000687: PUSH1 0x04 00000689: DUP4 0000068a: ADD 0000068b: MSTORE 0000068c: PUSH1 0x24 0000068e: DUP3 0000068f: ADD 00000690: DUP4 00000691: SWAP1 00000692: MSTORE 00000693: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 000006b4: AND 000006b5: SWAP1 000006b6: PUSH4 0x40c10f19 000006bb: SWAP1 000006bc: PUSH1 0x44 000006be: ADD 000006bf: PUSH1 0x00 000006c1: PUSH1 0x40 000006c3: MLOAD 000006c4: DUP1 000006c5: DUP4 000006c6: SUB 000006c7: DUP2 000006c8: PUSH1 0x00 000006ca: DUP8 000006cb: DUP1 000006cc: EXTCODESIZE 000006cd: ISZERO 000006ce: DUP1 000006cf: ISZERO 000006d0: PUSH2 0x06d8 000006d3: JUMPI 000006d4: PUSH1 0x00 000006d6: DUP1 000006d7: REVERT 000006d8: JUMPDEST 000006d9: POP 000006da: GAS 000006db: CALL 000006dc: ISZERO 000006dd: DUP1 000006de: ISZERO 000006df: PUSH2 0x06ec 000006e2: JUMPI 000006e3: RETURNDATASIZE 000006e4: PUSH1 0x00 000006e6: DUP1 000006e7: RETURNDATACOPY 000006e8: RETURNDATASIZE 000006e9: PUSH1 0x00 000006eb: REVERT 000006ec: JUMPDEST 000006ed: POP 000006ee: POP 000006ef: POP 000006f0: POP 000006f1: POP 000006f2: POP 000006f3: JUMP 000006f4: JUMPDEST 000006f5: PUSH2 0x06fc 000006f8: PUSH2 0x0f32 000006fb: JUMP 000006fc: JUMPDEST 000006fd: PUSH1 0x02 000006ff: SLOAD 00000700: DUP2 00000701: SUB 00000702: PUSH2 0x074d 00000705: JUMPI 00000706: PUSH1 0x40 00000708: MLOAD 00000709: PUSH3 0x461bcd 0000070d: PUSH1 0xe5 0000070f: SHL 00000710: DUP2 00000711: MSTORE 00000712: PUSH1 0x20 00000714: PUSH1 0x04 00000716: DUP3 00000717: ADD 00000718: MSTORE 00000719: PUSH1 0x1d 0000071b: PUSH1 0x24 0000071d: DUP3 0000071e: ADD 0000071f: MSTORE 00000720: PUSH32 0x4e6577206261636b696e67206d75737420626520646966666572656e74000000 00000741: PUSH1 0x44 00000743: DUP3 00000744: ADD 00000745: MSTORE 00000746: PUSH1 0x64 00000748: ADD 00000749: PUSH2 0x064c 0000074c: JUMP 0000074d: JUMPDEST 0000074e: PUSH1 0x02 00000750: SSTORE 00000751: JUMP 00000752: JUMPDEST 00000753: PUSH2 0x075a 00000756: PUSH2 0x0f32 00000759: JUMP 0000075a: JUMPDEST 0000075b: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 0000077c: PUSH1 0x01 0000077e: PUSH1 0x01 00000780: PUSH1 0xa0 00000782: SHL 00000783: SUB 00000784: AND 00000785: DUP2 00000786: PUSH1 0x01 00000788: PUSH1 0x01 0000078a: PUSH1 0xa0 0000078c: SHL 0000078d: SUB 0000078e: AND 0000078f: SUB 00000790: PUSH2 0x07db 00000793: JUMPI 00000794: PUSH1 0x40 00000796: MLOAD 00000797: PUSH3 0x461bcd 0000079b: PUSH1 0xe5 0000079d: SHL 0000079e: DUP2 0000079f: MSTORE 000007a0: PUSH1 0x20 000007a2: PUSH1 0x04 000007a4: DUP3 000007a5: ADD 000007a6: MSTORE 000007a7: PUSH1 0x15 000007a9: PUSH1 0x24 000007ab: DUP3 000007ac: ADD 000007ad: MSTORE 000007ae: PUSH32 0x43616e206e6f7420776974686472617720574554480000000000000000000000 000007cf: PUSH1 0x44 000007d1: DUP3 000007d2: ADD 000007d3: MSTORE 000007d4: PUSH1 0x64 000007d6: ADD 000007d7: PUSH2 0x064c 000007da: JUMP 000007db: JUMPDEST 000007dc: PUSH32 0x0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f6 000007fd: PUSH1 0x01 000007ff: PUSH1 0x01 00000801: PUSH1 0xa0 00000803: SHL 00000804: SUB 00000805: AND 00000806: DUP2 00000807: PUSH1 0x01 00000809: PUSH1 0x01 0000080b: PUSH1 0xa0 0000080d: SHL 0000080e: SUB 0000080f: AND 00000810: SUB 00000811: PUSH2 0x085c 00000814: JUMPI 00000815: PUSH1 0x40 00000817: MLOAD 00000818: PUSH3 0x461bcd 0000081c: PUSH1 0xe5 0000081e: SHL 0000081f: DUP2 00000820: MSTORE 00000821: PUSH1 0x20 00000823: PUSH1 0x04 00000825: DUP3 00000826: ADD 00000827: MSTORE 00000828: PUSH1 0x13 0000082a: PUSH1 0x24 0000082c: DUP3 0000082d: ADD 0000082e: MSTORE 0000082f: PUSH32 0x43616e206e6f74207769746864726177204c5000000000000000000000000000 00000850: PUSH1 0x44 00000852: DUP3 00000853: ADD 00000854: MSTORE 00000855: PUSH1 0x64 00000857: ADD 00000858: PUSH2 0x064c 0000085b: JUMP 0000085c: JUMPDEST 0000085d: PUSH1 0x40 0000085f: MLOAD 00000860: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 00000881: DUP2 00000882: MSTORE 00000883: CALLER 00000884: PUSH1 0x04 00000886: DUP3 00000887: ADD 00000888: MSTORE 00000889: PUSH1 0x24 0000088b: DUP2 0000088c: ADD 0000088d: DUP4 0000088e: SWAP1 0000088f: MSTORE 00000890: PUSH1 0x01 00000892: PUSH1 0x01 00000894: PUSH1 0xa0 00000896: SHL 00000897: SUB 00000898: DUP3 00000899: AND 0000089a: SWAP1 0000089b: PUSH4 0xa9059cbb 000008a0: SWAP1 000008a1: PUSH1 0x44 000008a3: ADD 000008a4: PUSH1 0x20 000008a6: PUSH1 0x40 000008a8: MLOAD 000008a9: DUP1 000008aa: DUP4 000008ab: SUB 000008ac: DUP2 000008ad: PUSH1 0x00 000008af: DUP8 000008b0: GAS 000008b1: CALL 000008b2: ISZERO 000008b3: DUP1 000008b4: ISZERO 000008b5: PUSH2 0x08c2 000008b8: JUMPI 000008b9: RETURNDATASIZE 000008ba: PUSH1 0x00 000008bc: DUP1 000008bd: RETURNDATACOPY 000008be: RETURNDATASIZE 000008bf: PUSH1 0x00 000008c1: REVERT 000008c2: JUMPDEST 000008c3: POP 000008c4: POP 000008c5: POP 000008c6: POP 000008c7: PUSH1 0x40 000008c9: MLOAD 000008ca: RETURNDATASIZE 000008cb: PUSH1 0x1f 000008cd: NOT 000008ce: PUSH1 0x1f 000008d0: DUP3 000008d1: ADD 000008d2: AND 000008d3: DUP3 000008d4: ADD 000008d5: DUP1 000008d6: PUSH1 0x40 000008d8: MSTORE 000008d9: POP 000008da: DUP2 000008db: ADD 000008dc: SWAP1 000008dd: PUSH2 0x08e6 000008e0: SWAP2 000008e1: SWAP1 000008e2: PUSH2 0x123b 000008e5: JUMP 000008e6: JUMPDEST 000008e7: POP 000008e8: POP 000008e9: POP 000008ea: JUMP 000008eb: JUMPDEST 000008ec: PUSH2 0x08f3 000008ef: PUSH2 0x0f32 000008f2: JUMP 000008f3: JUMPDEST 000008f4: PUSH2 0x08fd 000008f7: PUSH1 0x00 000008f9: PUSH2 0x0f8c 000008fc: JUMP 000008fd: JUMPDEST 000008fe: JUMP 000008ff: JUMPDEST 00000900: PUSH2 0x0907 00000903: PUSH2 0x0f32 00000906: JUMP 00000907: JUMPDEST 00000908: PUSH1 0x01 0000090a: SLOAD 0000090b: PUSH1 0x01 0000090d: PUSH1 0x01 0000090f: PUSH1 0xa0 00000911: SHL 00000912: SUB 00000913: AND 00000914: ISZERO 00000915: PUSH2 0x0960 00000918: JUMPI 00000919: PUSH1 0x40 0000091b: MLOAD 0000091c: PUSH3 0x461bcd 00000920: PUSH1 0xe5 00000922: SHL 00000923: DUP2 00000924: MSTORE 00000925: PUSH1 0x20 00000927: PUSH1 0x04 00000929: DUP3 0000092a: ADD 0000092b: MSTORE 0000092c: PUSH1 0x17 0000092e: PUSH1 0x24 00000930: DUP3 00000931: ADD 00000932: MSTORE 00000933: PUSH32 0x6469737472696275746f7220616c726561647920736574000000000000000000 00000954: PUSH1 0x44 00000956: DUP3 00000957: ADD 00000958: MSTORE 00000959: PUSH1 0x64 0000095b: ADD 0000095c: PUSH2 0x064c 0000095f: JUMP 00000960: JUMPDEST 00000961: PUSH1 0x01 00000963: DUP1 00000964: SLOAD 00000965: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000097a: NOT 0000097b: AND 0000097c: PUSH1 0x01 0000097e: PUSH1 0x01 00000980: PUSH1 0xa0 00000982: SHL 00000983: SUB 00000984: SWAP3 00000985: SWAP1 00000986: SWAP3 00000987: AND 00000988: SWAP2 00000989: SWAP1 0000098a: SWAP2 0000098b: OR 0000098c: SWAP1 0000098d: SSTORE 0000098e: JUMP 0000098f: JUMPDEST 00000990: PUSH2 0x0997 00000993: PUSH2 0x0f32 00000996: JUMP 00000997: JUMPDEST 00000998: PUSH1 0x40 0000099a: MLOAD 0000099b: PUSH4 0x70a08231 000009a0: PUSH1 0xe0 000009a2: SHL 000009a3: DUP2 000009a4: MSTORE 000009a5: ADDRESS 000009a6: PUSH1 0x04 000009a8: DUP3 000009a9: ADD 000009aa: MSTORE 000009ab: PUSH1 0x00 000009ad: SWAP1 000009ae: PUSH32 0x0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f6 000009cf: PUSH1 0x01 000009d1: PUSH1 0x01 000009d3: PUSH1 0xa0 000009d5: SHL 000009d6: SUB 000009d7: AND 000009d8: SWAP1 000009d9: PUSH4 0x70a08231 000009de: SWAP1 000009df: PUSH1 0x24 000009e1: ADD 000009e2: PUSH1 0x20 000009e4: PUSH1 0x40 000009e6: MLOAD 000009e7: DUP1 000009e8: DUP4 000009e9: SUB 000009ea: DUP2 000009eb: DUP7 000009ec: GAS 000009ed: STATICCALL 000009ee: ISZERO 000009ef: DUP1 000009f0: ISZERO 000009f1: PUSH2 0x09fe 000009f4: JUMPI 000009f5: RETURNDATASIZE 000009f6: PUSH1 0x00 000009f8: DUP1 000009f9: RETURNDATACOPY 000009fa: RETURNDATASIZE 000009fb: PUSH1 0x00 000009fd: REVERT 000009fe: JUMPDEST 000009ff: POP 00000a00: POP 00000a01: POP 00000a02: POP 00000a03: PUSH1 0x40 00000a05: MLOAD 00000a06: RETURNDATASIZE 00000a07: PUSH1 0x1f 00000a09: NOT 00000a0a: PUSH1 0x1f 00000a0c: DUP3 00000a0d: ADD 00000a0e: AND 00000a0f: DUP3 00000a10: ADD 00000a11: DUP1 00000a12: PUSH1 0x40 00000a14: MSTORE 00000a15: POP 00000a16: DUP2 00000a17: ADD 00000a18: SWAP1 00000a19: PUSH2 0x0a22 00000a1c: SWAP2 00000a1d: SWAP1 00000a1e: PUSH2 0x11ba 00000a21: JUMP 00000a22: JUMPDEST 00000a23: SWAP1 00000a24: POP 00000a25: PUSH1 0x64 00000a27: PUSH2 0x0a31 00000a2a: PUSH1 0x0a 00000a2c: DUP4 00000a2d: PUSH2 0x11e9 00000a30: JUMP 00000a31: JUMPDEST 00000a32: PUSH2 0x0a3b 00000a35: SWAP2 00000a36: SWAP1 00000a37: PUSH2 0x1206 00000a3a: JUMP 00000a3b: JUMPDEST 00000a3c: DUP3 00000a3d: GT 00000a3e: ISZERO 00000a3f: PUSH2 0x0ab0 00000a42: JUMPI 00000a43: PUSH1 0x40 00000a45: MLOAD 00000a46: PUSH3 0x461bcd 00000a4a: PUSH1 0xe5 00000a4c: SHL 00000a4d: DUP2 00000a4e: MSTORE 00000a4f: PUSH1 0x20 00000a51: PUSH1 0x04 00000a53: DUP3 00000a54: ADD 00000a55: MSTORE 00000a56: PUSH1 0x23 00000a58: PUSH1 0x24 00000a5a: DUP3 00000a5b: ADD 00000a5c: MSTORE 00000a5d: PUSH32 0x52656d6f76696e67206d6f7265207468616e20313025206f66206c6971756964 00000a7e: PUSH1 0x44 00000a80: DUP3 00000a81: ADD 00000a82: MSTORE 00000a83: PUSH32 0x6974790000000000000000000000000000000000000000000000000000000000 00000aa4: PUSH1 0x64 00000aa6: DUP3 00000aa7: ADD 00000aa8: MSTORE 00000aa9: PUSH1 0x84 00000aab: ADD 00000aac: PUSH2 0x064c 00000aaf: JUMP 00000ab0: JUMPDEST 00000ab1: PUSH3 0x015180 00000ab5: PUSH1 0x03 00000ab7: SLOAD 00000ab8: PUSH2 0x0ac1 00000abb: SWAP2 00000abc: SWAP1 00000abd: PUSH2 0x125d 00000ac0: JUMP 00000ac1: JUMPDEST 00000ac2: TIMESTAMP 00000ac3: GT 00000ac4: PUSH2 0x0b0f 00000ac7: JUMPI 00000ac8: PUSH1 0x40 00000aca: MLOAD 00000acb: PUSH3 0x461bcd 00000acf: PUSH1 0xe5 00000ad1: SHL 00000ad2: DUP2 00000ad3: MSTORE 00000ad4: PUSH1 0x20 00000ad6: PUSH1 0x04 00000ad8: DUP3 00000ad9: ADD 00000ada: MSTORE 00000adb: PUSH1 0x19 00000add: PUSH1 0x24 00000adf: DUP3 00000ae0: ADD 00000ae1: MSTORE 00000ae2: PUSH32 0x52656d6f766564206265666f7265203120646179206c6f636b00000000000000 00000b03: PUSH1 0x44 00000b05: DUP3 00000b06: ADD 00000b07: MSTORE 00000b08: PUSH1 0x64 00000b0a: ADD 00000b0b: PUSH2 0x064c 00000b0e: JUMP 00000b0f: JUMPDEST 00000b10: TIMESTAMP 00000b11: PUSH1 0x03 00000b13: SSTORE 00000b14: PUSH1 0x40 00000b16: MLOAD 00000b17: PUSH32 0x095ea7b300000000000000000000000000000000000000000000000000000000 00000b38: DUP2 00000b39: MSTORE 00000b3a: PUSH1 0x01 00000b3c: PUSH1 0x01 00000b3e: PUSH1 0xa0 00000b40: SHL 00000b41: SUB 00000b42: PUSH32 0x0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d 00000b63: DUP2 00000b64: AND 00000b65: PUSH1 0x04 00000b67: DUP4 00000b68: ADD 00000b69: MSTORE 00000b6a: PUSH1 0x24 00000b6c: DUP3 00000b6d: ADD 00000b6e: DUP5 00000b6f: SWAP1 00000b70: MSTORE 00000b71: PUSH32 0x0000000000000000000000008a67f8b1c013c78ddc2cbf7365a38a3cf0bd71f6 00000b92: AND 00000b93: SWAP1 00000b94: PUSH4 0x095ea7b3 00000b99: SWAP1 00000b9a: PUSH1 0x44 00000b9c: ADD 00000b9d: PUSH1 0x20 00000b9f: PUSH1 0x40 00000ba1: MLOAD 00000ba2: DUP1 00000ba3: DUP4 00000ba4: SUB 00000ba5: DUP2 00000ba6: PUSH1 0x00 00000ba8: DUP8 00000ba9: GAS 00000baa: CALL 00000bab: ISZERO 00000bac: DUP1 00000bad: ISZERO 00000bae: PUSH2 0x0bbb 00000bb1: JUMPI 00000bb2: RETURNDATASIZE 00000bb3: PUSH1 0x00 00000bb5: DUP1 00000bb6: RETURNDATACOPY 00000bb7: RETURNDATASIZE 00000bb8: PUSH1 0x00 00000bba: REVERT 00000bbb: JUMPDEST 00000bbc: POP 00000bbd: POP 00000bbe: POP 00000bbf: POP 00000bc0: PUSH1 0x40 00000bc2: MLOAD 00000bc3: RETURNDATASIZE 00000bc4: PUSH1 0x1f 00000bc6: NOT 00000bc7: PUSH1 0x1f 00000bc9: DUP3 00000bca: ADD 00000bcb: AND 00000bcc: DUP3 00000bcd: ADD 00000bce: DUP1 00000bcf: PUSH1 0x40 00000bd1: MSTORE 00000bd2: POP 00000bd3: DUP2 00000bd4: ADD 00000bd5: SWAP1 00000bd6: PUSH2 0x0bdf 00000bd9: SWAP2 00000bda: SWAP1 00000bdb: PUSH2 0x123b 00000bde: JUMP 00000bdf: JUMPDEST 00000be0: POP 00000be1: PUSH1 0x40 00000be3: MLOAD 00000be4: PUSH32 0xaf2979eb00000000000000000000000000000000000000000000000000000000 00000c05: DUP2 00000c06: MSTORE 00000c07: PUSH1 0x01 00000c09: PUSH1 0x01 00000c0b: PUSH1 0xa0 00000c0d: SHL 00000c0e: SUB 00000c0f: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 00000c30: DUP2 00000c31: AND 00000c32: PUSH1 0x04 00000c34: DUP4 00000c35: ADD 00000c36: MSTORE 00000c37: PUSH1 0x24 00000c39: DUP3 00000c3a: ADD 00000c3b: DUP5 00000c3c: SWAP1 00000c3d: MSTORE 00000c3e: PUSH1 0x00 00000c40: PUSH1 0x44 00000c42: DUP4 00000c43: ADD 00000c44: DUP2 00000c45: SWAP1 00000c46: MSTORE 00000c47: PUSH1 0x64 00000c49: DUP4 00000c4a: ADD 00000c4b: MSTORE 00000c4c: ADDRESS 00000c4d: PUSH1 0x84 00000c4f: DUP4 00000c50: ADD 00000c51: MSTORE 00000c52: TIMESTAMP 00000c53: PUSH1 0xa4 00000c55: DUP4 00000c56: ADD 00000c57: MSTORE 00000c58: PUSH32 0x0000000000000000000000007a250d5630b4cf539739df2c5dacb4c659f2488d 00000c79: AND 00000c7a: SWAP1 00000c7b: PUSH4 0xaf2979eb 00000c80: SWAP1 00000c81: PUSH1 0xc4 00000c83: ADD 00000c84: PUSH1 0x20 00000c86: PUSH1 0x40 00000c88: MLOAD 00000c89: DUP1 00000c8a: DUP4 00000c8b: SUB 00000c8c: DUP2 00000c8d: PUSH1 0x00 00000c8f: DUP8 00000c90: GAS 00000c91: CALL 00000c92: ISZERO 00000c93: DUP1 00000c94: ISZERO 00000c95: PUSH2 0x0ca2 00000c98: JUMPI 00000c99: RETURNDATASIZE 00000c9a: PUSH1 0x00 00000c9c: DUP1 00000c9d: RETURNDATACOPY 00000c9e: RETURNDATASIZE 00000c9f: PUSH1 0x00 00000ca1: REVERT 00000ca2: JUMPDEST 00000ca3: POP 00000ca4: POP 00000ca5: POP 00000ca6: POP 00000ca7: PUSH1 0x40 00000ca9: MLOAD 00000caa: RETURNDATASIZE 00000cab: PUSH1 0x1f 00000cad: NOT 00000cae: PUSH1 0x1f 00000cb0: DUP3 00000cb1: ADD 00000cb2: AND 00000cb3: DUP3 00000cb4: ADD 00000cb5: DUP1 00000cb6: PUSH1 0x40 00000cb8: MSTORE 00000cb9: POP 00000cba: DUP2 00000cbb: ADD 00000cbc: SWAP1 00000cbd: PUSH2 0x0cc6 00000cc0: SWAP2 00000cc1: SWAP1 00000cc2: PUSH2 0x11ba 00000cc5: JUMP 00000cc6: JUMPDEST 00000cc7: POP 00000cc8: PUSH2 0x0ccf 00000ccb: PUSH2 0x0fe9 00000cce: JUMP 00000ccf: JUMPDEST 00000cd0: POP 00000cd1: POP 00000cd2: JUMP 00000cd3: JUMPDEST 00000cd4: SELFBALANCE 00000cd5: DUP1 00000cd6: ISZERO 00000cd7: PUSH2 0x0d35 00000cda: JUMPI 00000cdb: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000cfc: PUSH1 0x01 00000cfe: PUSH1 0x01 00000d00: PUSH1 0xa0 00000d02: SHL 00000d03: SUB 00000d04: AND 00000d05: PUSH4 0xd0e30db0 00000d0a: DUP3 00000d0b: PUSH1 0x40 00000d0d: MLOAD 00000d0e: DUP3 00000d0f: PUSH4 0xffffffff 00000d14: AND 00000d15: PUSH1 0xe0 00000d17: SHL 00000d18: DUP2 00000d19: MSTORE 00000d1a: PUSH1 0x04 00000d1c: ADD 00000d1d: PUSH1 0x00 00000d1f: PUSH1 0x40 00000d21: MLOAD 00000d22: DUP1 00000d23: DUP4 00000d24: SUB 00000d25: DUP2 00000d26: DUP6 00000d27: DUP9 00000d28: DUP1 00000d29: EXTCODESIZE 00000d2a: ISZERO 00000d2b: DUP1 00000d2c: ISZERO 00000d2d: PUSH2 0x06d8 00000d30: JUMPI 00000d31: PUSH1 0x00 00000d33: DUP1 00000d34: REVERT 00000d35: JUMPDEST 00000d36: POP 00000d37: JUMP 00000d38: JUMPDEST 00000d39: PUSH1 0x40 00000d3b: MLOAD 00000d3c: PUSH32 0x79cc679000000000000000000000000000000000000000000000000000000000 00000d5d: DUP2 00000d5e: MSTORE 00000d5f: CALLER 00000d60: PUSH1 0x04 00000d62: DUP3 00000d63: ADD 00000d64: MSTORE 00000d65: PUSH1 0x24 00000d67: DUP2 00000d68: ADD 00000d69: DUP3 00000d6a: SWAP1 00000d6b: MSTORE 00000d6c: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 00000d8d: PUSH1 0x01 00000d8f: PUSH1 0x01 00000d91: PUSH1 0xa0 00000d93: SHL 00000d94: SUB 00000d95: AND 00000d96: SWAP1 00000d97: PUSH4 0x79cc6790 00000d9c: SWAP1 00000d9d: PUSH1 0x44 00000d9f: ADD 00000da0: PUSH1 0x00 00000da2: PUSH1 0x40 00000da4: MLOAD 00000da5: DUP1 00000da6: DUP4 00000da7: SUB 00000da8: DUP2 00000da9: PUSH1 0x00 00000dab: DUP8 00000dac: DUP1 00000dad: EXTCODESIZE 00000dae: ISZERO 00000daf: DUP1 00000db0: ISZERO 00000db1: PUSH2 0x0db9 00000db4: JUMPI 00000db5: PUSH1 0x00 00000db7: DUP1 00000db8: REVERT 00000db9: JUMPDEST 00000dba: POP 00000dbb: GAS 00000dbc: CALL 00000dbd: ISZERO 00000dbe: DUP1 00000dbf: ISZERO 00000dc0: PUSH2 0x0dcd 00000dc3: JUMPI 00000dc4: RETURNDATASIZE 00000dc5: PUSH1 0x00 00000dc7: DUP1 00000dc8: RETURNDATACOPY 00000dc9: RETURNDATASIZE 00000dca: PUSH1 0x00 00000dcc: REVERT 00000dcd: JUMPDEST 00000dce: POP 00000dcf: POP 00000dd0: POP 00000dd1: POP 00000dd2: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000df3: PUSH1 0x01 00000df5: PUSH1 0x01 00000df7: PUSH1 0xa0 00000df9: SHL 00000dfa: SUB 00000dfb: AND 00000dfc: PUSH4 0xa9059cbb 00000e01: CALLER 00000e02: PUSH4 0x3b9aca00 00000e07: PUSH1 0x02 00000e09: SLOAD 00000e0a: DUP6 00000e0b: PUSH2 0x0e14 00000e0e: SWAP2 00000e0f: SWAP1 00000e10: PUSH2 0x11e9 00000e13: JUMP 00000e14: JUMPDEST 00000e15: PUSH2 0x0e1e 00000e18: SWAP2 00000e19: SWAP1 00000e1a: PUSH2 0x1206 00000e1d: JUMP 00000e1e: JUMPDEST 00000e1f: PUSH1 0x40 00000e21: MLOAD 00000e22: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000e43: PUSH1 0xe0 00000e45: DUP6 00000e46: SWAP1 00000e47: SHL 00000e48: AND 00000e49: DUP2 00000e4a: MSTORE 00000e4b: PUSH1 0x01 00000e4d: PUSH1 0x01 00000e4f: PUSH1 0xa0 00000e51: SHL 00000e52: SUB 00000e53: SWAP1 00000e54: SWAP3 00000e55: AND 00000e56: PUSH1 0x04 00000e58: DUP4 00000e59: ADD 00000e5a: MSTORE 00000e5b: PUSH1 0x24 00000e5d: DUP3 00000e5e: ADD 00000e5f: MSTORE 00000e60: PUSH1 0x44 00000e62: ADD 00000e63: PUSH1 0x20 00000e65: PUSH1 0x40 00000e67: MLOAD 00000e68: DUP1 00000e69: DUP4 00000e6a: SUB 00000e6b: DUP2 00000e6c: PUSH1 0x00 00000e6e: DUP8 00000e6f: GAS 00000e70: CALL 00000e71: ISZERO 00000e72: DUP1 00000e73: ISZERO 00000e74: PUSH2 0x0e81 00000e77: JUMPI 00000e78: RETURNDATASIZE 00000e79: PUSH1 0x00 00000e7b: DUP1 00000e7c: RETURNDATACOPY 00000e7d: RETURNDATASIZE 00000e7e: PUSH1 0x00 00000e80: REVERT 00000e81: JUMPDEST 00000e82: POP 00000e83: POP 00000e84: POP 00000e85: POP 00000e86: PUSH1 0x40 00000e88: MLOAD 00000e89: RETURNDATASIZE 00000e8a: PUSH1 0x1f 00000e8c: NOT 00000e8d: PUSH1 0x1f 00000e8f: DUP3 00000e90: ADD 00000e91: AND 00000e92: DUP3 00000e93: ADD 00000e94: DUP1 00000e95: PUSH1 0x40 00000e97: MSTORE 00000e98: POP 00000e99: DUP2 00000e9a: ADD 00000e9b: SWAP1 00000e9c: PUSH2 0x0ccf 00000e9f: SWAP2 00000ea0: SWAP1 00000ea1: PUSH2 0x123b 00000ea4: JUMP 00000ea5: JUMPDEST 00000ea6: PUSH2 0x0ead 00000ea9: PUSH2 0x0f32 00000eac: JUMP 00000ead: JUMPDEST 00000eae: PUSH1 0x01 00000eb0: PUSH1 0x01 00000eb2: PUSH1 0xa0 00000eb4: SHL 00000eb5: SUB 00000eb6: DUP2 00000eb7: AND 00000eb8: PUSH2 0x0f29 00000ebb: JUMPI 00000ebc: PUSH1 0x40 00000ebe: MLOAD 00000ebf: PUSH3 0x461bcd 00000ec3: PUSH1 0xe5 00000ec5: SHL 00000ec6: DUP2 00000ec7: MSTORE 00000ec8: PUSH1 0x20 00000eca: PUSH1 0x04 00000ecc: DUP3 00000ecd: ADD 00000ece: MSTORE 00000ecf: PUSH1 0x26 00000ed1: PUSH1 0x24 00000ed3: DUP3 00000ed4: ADD 00000ed5: MSTORE 00000ed6: PUSH32 0x4f776e61626c653a206e6577206f776e657220697320746865207a65726f2061 00000ef7: PUSH1 0x44 00000ef9: DUP3 00000efa: ADD 00000efb: MSTORE 00000efc: PUSH32 0x6464726573730000000000000000000000000000000000000000000000000000 00000f1d: PUSH1 0x64 00000f1f: DUP3 00000f20: ADD 00000f21: MSTORE 00000f22: PUSH1 0x84 00000f24: ADD 00000f25: PUSH2 0x064c 00000f28: JUMP 00000f29: JUMPDEST 00000f2a: PUSH2 0x0d35 00000f2d: DUP2 00000f2e: PUSH2 0x0f8c 00000f31: JUMP 00000f32: JUMPDEST 00000f33: PUSH1 0x00 00000f35: SLOAD 00000f36: PUSH1 0x01 00000f38: PUSH1 0x01 00000f3a: PUSH1 0xa0 00000f3c: SHL 00000f3d: SUB 00000f3e: AND 00000f3f: CALLER 00000f40: EQ 00000f41: PUSH2 0x08fd 00000f44: JUMPI 00000f45: PUSH1 0x40 00000f47: MLOAD 00000f48: PUSH3 0x461bcd 00000f4c: PUSH1 0xe5 00000f4e: SHL 00000f4f: DUP2 00000f50: MSTORE 00000f51: PUSH1 0x20 00000f53: PUSH1 0x04 00000f55: DUP3 00000f56: ADD 00000f57: DUP2 00000f58: SWAP1 00000f59: MSTORE 00000f5a: PUSH1 0x24 00000f5c: DUP3 00000f5d: ADD 00000f5e: MSTORE 00000f5f: PUSH32 0x4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572 00000f80: PUSH1 0x44 00000f82: DUP3 00000f83: ADD 00000f84: MSTORE 00000f85: PUSH1 0x64 00000f87: ADD 00000f88: PUSH2 0x064c 00000f8b: JUMP 00000f8c: JUMPDEST 00000f8d: PUSH1 0x00 00000f8f: DUP1 00000f90: SLOAD 00000f91: PUSH1 0x01 00000f93: PUSH1 0x01 00000f95: PUSH1 0xa0 00000f97: SHL 00000f98: SUB 00000f99: DUP4 00000f9a: DUP2 00000f9b: AND 00000f9c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000fb1: NOT 00000fb2: DUP4 00000fb3: AND 00000fb4: DUP2 00000fb5: OR 00000fb6: DUP5 00000fb7: SSTORE 00000fb8: PUSH1 0x40 00000fba: MLOAD 00000fbb: SWAP2 00000fbc: SWAP1 00000fbd: SWAP3 00000fbe: AND 00000fbf: SWAP3 00000fc0: DUP4 00000fc1: SWAP2 00000fc2: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 00000fe3: SWAP2 00000fe4: SWAP1 00000fe5: LOG3 00000fe6: POP 00000fe7: POP 00000fe8: JUMP 00000fe9: JUMPDEST 00000fea: PUSH1 0x40 00000fec: MLOAD 00000fed: PUSH4 0x70a08231 00000ff2: PUSH1 0xe0 00000ff4: SHL 00000ff5: DUP2 00000ff6: MSTORE 00000ff7: ADDRESS 00000ff8: PUSH1 0x04 00000ffa: DUP3 00000ffb: ADD 00000ffc: MSTORE 00000ffd: PUSH1 0x00 00000fff: SWAP1 00001000: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 00001021: PUSH1 0x01 00001023: PUSH1 0x01 00001025: PUSH1 0xa0 00001027: SHL 00001028: SUB 00001029: AND 0000102a: SWAP1 0000102b: PUSH4 0x70a08231 00001030: SWAP1 00001031: PUSH1 0x24 00001033: ADD 00001034: PUSH1 0x20 00001036: PUSH1 0x40 00001038: MLOAD 00001039: DUP1 0000103a: DUP4 0000103b: SUB 0000103c: DUP2 0000103d: DUP7 0000103e: GAS 0000103f: STATICCALL 00001040: ISZERO 00001041: DUP1 00001042: ISZERO 00001043: PUSH2 0x1050 00001046: JUMPI 00001047: RETURNDATASIZE 00001048: PUSH1 0x00 0000104a: DUP1 0000104b: RETURNDATACOPY 0000104c: RETURNDATASIZE 0000104d: PUSH1 0x00 0000104f: REVERT 00001050: JUMPDEST 00001051: POP 00001052: POP 00001053: POP 00001054: POP 00001055: PUSH1 0x40 00001057: MLOAD 00001058: RETURNDATASIZE 00001059: PUSH1 0x1f 0000105b: NOT 0000105c: PUSH1 0x1f 0000105e: DUP3 0000105f: ADD 00001060: AND 00001061: DUP3 00001062: ADD 00001063: DUP1 00001064: PUSH1 0x40 00001066: MSTORE 00001067: POP 00001068: DUP2 00001069: ADD 0000106a: SWAP1 0000106b: PUSH2 0x1074 0000106e: SWAP2 0000106f: SWAP1 00001070: PUSH2 0x11ba 00001073: JUMP 00001074: JUMPDEST 00001075: PUSH1 0x40 00001077: MLOAD 00001078: PUSH32 0x42966c6800000000000000000000000000000000000000000000000000000000 00001099: DUP2 0000109a: MSTORE 0000109b: PUSH1 0x04 0000109d: DUP2 0000109e: ADD 0000109f: DUP3 000010a0: SWAP1 000010a1: MSTORE 000010a2: SWAP1 000010a3: SWAP2 000010a4: POP 000010a5: PUSH32 0x000000000000000000000000fe0f9f49b3c8cf1ed30bedd4da665ca56c8947f1 000010c6: PUSH1 0x01 000010c8: PUSH1 0x01 000010ca: PUSH1 0xa0 000010cc: SHL 000010cd: SUB 000010ce: AND 000010cf: SWAP1 000010d0: PUSH4 0x42966c68 000010d5: SWAP1 000010d6: PUSH1 0x24 000010d8: ADD 000010d9: PUSH1 0x00 000010db: PUSH1 0x40 000010dd: MLOAD 000010de: DUP1 000010df: DUP4 000010e0: SUB 000010e1: DUP2 000010e2: PUSH1 0x00 000010e4: DUP8 000010e5: DUP1 000010e6: EXTCODESIZE 000010e7: ISZERO 000010e8: DUP1 000010e9: ISZERO 000010ea: PUSH2 0x10f2 000010ed: JUMPI 000010ee: PUSH1 0x00 000010f0: DUP1 000010f1: REVERT 000010f2: JUMPDEST 000010f3: POP 000010f4: GAS 000010f5: CALL 000010f6: ISZERO 000010f7: DUP1 000010f8: ISZERO 000010f9: PUSH2 0x1106 000010fc: JUMPI 000010fd: RETURNDATASIZE 000010fe: PUSH1 0x00 00001100: DUP1 00001101: RETURNDATACOPY 00001102: RETURNDATASIZE 00001103: PUSH1 0x00 00001105: REVERT 00001106: JUMPDEST 00001107: POP 00001108: POP 00001109: POP 0000110a: POP 0000110b: POP 0000110c: JUMP 0000110d: JUMPDEST 0000110e: DUP1 0000110f: CALLDATALOAD 00001110: PUSH1 0x01 00001112: PUSH1 0x01 00001114: PUSH1 0xa0 00001116: SHL 00001117: SUB 00001118: DUP2 00001119: AND 0000111a: DUP2 0000111b: EQ 0000111c: PUSH2 0x1124 0000111f: JUMPI 00001120: PUSH1 0x00 00001122: DUP1 00001123: REVERT 00001124: JUMPDEST 00001125: SWAP2 00001126: SWAP1 00001127: POP 00001128: JUMP 00001129: JUMPDEST 0000112a: PUSH1 0x00 0000112c: DUP1 0000112d: PUSH1 0x40 0000112f: DUP4 00001130: DUP6 00001131: SUB 00001132: SLT 00001133: ISZERO 00001134: PUSH2 0x113c 00001137: JUMPI 00001138: PUSH1 0x00 0000113a: DUP1 0000113b: REVERT 0000113c: JUMPDEST 0000113d: PUSH2 0x1145 00001140: DUP4 00001141: PUSH2 0x110d 00001144: JUMP 00001145: JUMPDEST 00001146: SWAP5 00001147: PUSH1 0x20 00001149: SWAP4 0000114a: SWAP1 0000114b: SWAP4 0000114c: ADD 0000114d: CALLDATALOAD 0000114e: SWAP4 0000114f: POP 00001150: POP 00001151: POP 00001152: JUMP 00001153: JUMPDEST 00001154: PUSH1 0x00 00001156: PUSH1 0x20 00001158: DUP3 00001159: DUP5 0000115a: SUB 0000115b: SLT 0000115c: ISZERO 0000115d: PUSH2 0x1165 00001160: JUMPI 00001161: PUSH1 0x00 00001163: DUP1 00001164: REVERT 00001165: JUMPDEST 00001166: POP 00001167: CALLDATALOAD 00001168: SWAP2 00001169: SWAP1 0000116a: POP 0000116b: JUMP 0000116c: JUMPDEST 0000116d: PUSH1 0x00 0000116f: DUP1 00001170: PUSH1 0x40 00001172: DUP4 00001173: DUP6 00001174: SUB 00001175: SLT 00001176: ISZERO 00001177: PUSH2 0x117f 0000117a: JUMPI 0000117b: PUSH1 0x00 0000117d: DUP1 0000117e: REVERT 0000117f: JUMPDEST 00001180: DUP3 00001181: CALLDATALOAD 00001182: SWAP2 00001183: POP 00001184: PUSH2 0x118f 00001187: PUSH1 0x20 00001189: DUP5 0000118a: ADD 0000118b: PUSH2 0x110d 0000118e: JUMP 0000118f: JUMPDEST 00001190: SWAP1 00001191: POP 00001192: SWAP3 00001193: POP 00001194: SWAP3 00001195: SWAP1 00001196: POP 00001197: JUMP 00001198: JUMPDEST 00001199: PUSH1 0x00 0000119b: PUSH1 0x20 0000119d: DUP3 0000119e: DUP5 0000119f: SUB 000011a0: SLT 000011a1: ISZERO 000011a2: PUSH2 0x11aa 000011a5: JUMPI 000011a6: PUSH1 0x00 000011a8: DUP1 000011a9: REVERT 000011aa: JUMPDEST 000011ab: PUSH2 0x11b3 000011ae: DUP3 000011af: PUSH2 0x110d 000011b2: JUMP 000011b3: JUMPDEST 000011b4: SWAP4 000011b5: SWAP3 000011b6: POP 000011b7: POP 000011b8: POP 000011b9: JUMP 000011ba: JUMPDEST 000011bb: PUSH1 0x00 000011bd: PUSH1 0x20 000011bf: DUP3 000011c0: DUP5 000011c1: SUB 000011c2: SLT 000011c3: ISZERO 000011c4: PUSH2 0x11cc 000011c7: JUMPI 000011c8: PUSH1 0x00 000011ca: DUP1 000011cb: REVERT 000011cc: JUMPDEST 000011cd: POP 000011ce: MLOAD 000011cf: SWAP2 000011d0: SWAP1 000011d1: POP 000011d2: JUMP 000011d3: JUMPDEST 000011d4: PUSH4 0x4e487b71 000011d9: PUSH1 0xe0 000011db: SHL 000011dc: PUSH1 0x00 000011de: MSTORE 000011df: PUSH1 0x11 000011e1: PUSH1 0x04 000011e3: MSTORE 000011e4: PUSH1 0x24 000011e6: PUSH1 0x00 000011e8: REVERT 000011e9: JUMPDEST 000011ea: DUP1 000011eb: DUP3 000011ec: MUL 000011ed: DUP2 000011ee: ISZERO 000011ef: DUP3 000011f0: DUP3 000011f1: DIV 000011f2: DUP5 000011f3: EQ 000011f4: OR 000011f5: PUSH2 0x1200 000011f8: JUMPI 000011f9: PUSH2 0x1200 000011fc: PUSH2 0x11d3 000011ff: JUMP 00001200: JUMPDEST 00001201: SWAP3 00001202: SWAP2 00001203: POP 00001204: POP 00001205: JUMP 00001206: JUMPDEST 00001207: PUSH1 0x00 00001209: DUP3 0000120a: PUSH2 0x1223 0000120d: JUMPI 0000120e: PUSH4 0x4e487b71 00001213: PUSH1 0xe0 00001215: SHL 00001216: PUSH1 0x00 00001218: MSTORE 00001219: PUSH1 0x12 0000121b: PUSH1 0x04 0000121d: MSTORE 0000121e: PUSH1 0x24 00001220: PUSH1 0x00 00001222: REVERT 00001223: JUMPDEST 00001224: POP 00001225: DIV 00001226: SWAP1 00001227: JUMP 00001228: JUMPDEST 00001229: DUP2 0000122a: DUP2 0000122b: SUB 0000122c: DUP2 0000122d: DUP2 0000122e: GT 0000122f: ISZERO 00001230: PUSH2 0x1200 00001233: JUMPI 00001234: PUSH2 0x1200 00001237: PUSH2 0x11d3 0000123a: JUMP 0000123b: JUMPDEST 0000123c: PUSH1 0x00 0000123e: PUSH1 0x20 00001240: DUP3 00001241: DUP5 00001242: SUB 00001243: SLT 00001244: ISZERO 00001245: PUSH2 0x124d 00001248: JUMPI 00001249: PUSH1 0x00 0000124b: DUP1 0000124c: REVERT 0000124d: JUMPDEST 0000124e: DUP2 0000124f: MLOAD 00001250: DUP1 00001251: ISZERO 00001252: ISZERO 00001253: DUP2 00001254: EQ 00001255: PUSH2 0x11b3 00001258: JUMPI 00001259: PUSH1 0x00 0000125b: DUP1 0000125c: REVERT 0000125d: JUMPDEST 0000125e: DUP1 0000125f: DUP3 00001260: ADD 00001261: DUP1 00001262: DUP3 00001263: GT 00001264: ISZERO 00001265: PUSH2 0x1200 00001268: JUMPI 00001269: PUSH2 0x1200 0000126c: PUSH2 0x11d3 0000126f: JUMP 00001270: INVALID 00001271: LOG2 00001272: PUSH5 0x6970667358 00001278: UNKNOWN(0x22) 00001279: SLT 0000127a: KECCAK256 0000127b: TLOAD 0000127c: UNKNOWN(0xCE) 0000127d: UNKNOWN(0x0E) 0000127e: PUSH15 0x44723d3b5f82e4df154bd06bad7afb 0000128e: UNKNOWN(0xE0) 0000128f: SAR 00001290: LOG3 00001291: UNKNOWN(0xAB) 00001292: UNKNOWN(0xDD) 00001293: SWAP10 00001294: UNKNOWN(0xC6) 00001295: PUSH26
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0xa4a1d997d5137336e36fcb02cfb45bd8a9f55d3362cfd2563bba0cbf9448ec5c
call_targets:
0xa6f38924b30d10a4cad7601cc13820cb53efc4f9
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xa4a1d997d5137336e36fcb02cfb45bd8a9f55d3362cfd2563bba0cbf9448ec5c",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa6f38924b30d10a4cad7601cc13820cb53efc4f9"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xddbed26f",
"selector": "0xddbed26f",
"calldata_variants": [
"0xddbed26f",
"0xddbed26f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe19b4a17",
"selector": "0xe19b4a17",
"calldata_variants": [
"0xe19b4a17",
"0xe19b4a170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd7ab2dda",
"selector": "0xd7ab2dda",
"calldata_variants": [
"0xd7ab2dda",
"0xd7ab2dda0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdb006a75",
"selector": "0xdb006a75",
"calldata_variants": [
"0xdb006a75",
"0xdb006a750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa85ef678",
"selector": "0xa85ef678",
"calldata_variants": [
"0xa85ef678",
"0xa85ef6780000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xad5c4648",
"selector": "0xad5c4648",
"calldata_variants": [
"0xad5c4648",
"0xad5c46480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xbfe10928",
"selector": "0xbfe10928",
"calldata_variants": [
"0xbfe10928",
"0xbfe109280000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1755,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2225,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2986,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 7,
"guards_detected": [],
"untrusted_call_count": 7
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0xa4a1d997d5137336e36fcb02cfb45bd8a9f55d3362cfd2563bba0cbf9448ec5c
call_targets:
0xa6f38924b30d10a4cad7601cc13820cb53efc4f9
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xa4a1d997d5137336e36fcb02cfb45bd8a9f55d3362cfd2563bba0cbf9448ec5c",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa6f38924b30d10a4cad7601cc13820cb53efc4f9"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xddbed26f",
"selector": "0xddbed26f",
"calldata_variants": [
"0xddbed26f",
"0xddbed26f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe19b4a17",
"selector": "0xe19b4a17",
"calldata_variants": [
"0xe19b4a17",
"0xe19b4a170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd7ab2dda",
"selector": "0xd7ab2dda",
"calldata_variants": [
"0xd7ab2dda",
"0xd7ab2dda0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xdb006a75",
"selector": "0xdb006a75",
"calldata_variants": [
"0xdb006a75",
"0xdb006a750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa85ef678",
"selector": "0xa85ef678",
"calldata_variants": [
"0xa85ef678",
"0xa85ef6780000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xad5c4648",
"selector": "0xad5c4648",
"calldata_variants": [
"0xad5c4648",
"0xad5c46480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xbfe10928",
"selector": "0xbfe10928",
"calldata_variants": [
"0xbfe10928",
"0xbfe109280000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1755,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2225,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2986,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 7,
"guards_detected": []
}
|
| low | other | codex | External ERC20 calls do not validate return values | 65 | no | — |
viewevidence_json{
"evidence": "analysis_artifact.artifact_json.callsites show CALLs with returndata_checked=null; disassembly shows CALL to 0xfe0f9f49\u2026 with selector 0x40c10f19 at pc 0x06db, CALL to 0xfe0f9f49\u2026 with selector 0x79cc6790 at pc 0x0dbc, and CALL to WETH transfer at pc 0x0e70.",
"locations": [
"pc:0x06db",
"pc:0x0dbc",
"pc:0x0e70"
],
"recommendation": "Use SafeERC20-style return data checks (require success && (returndata.length==0 || abi.decode(returndata,bool))) for ERC20 interactions, or explicitly assert the external token contracts conform to the standard and are immutable.",
"exploit_scenario": "The contract performs multiple ERC20 CALLs (mint/burn/transfer/approve) where success is only determined by the CALL opcode status, not by checking the returned boolean. If any target token (notably the hardcoded 0xfe0f9f49\u2026 token) returns false without reverting, the contract will continue execution as if the operation succeeded, which can lead to incorrect accounting (e.g., a burn failing but a redemption transfer still occurring). This is a risk if any of the external token contracts are non\u2011standard or upgradeable."
}
|
| info | other | cast | Heavy CALL-family usage | 55 | no | — |
viewevidence_json{
"notes": "large number of CALL/CALLCODE/STATICCALL opcodes; review external call patterns",
"call_family_count": 12
}
|