Analysis Run

{"no_findings":false,"summary":"Bytecode-only review of implementation 0x62c9e5e52351e02635f48072fa20c03bb650f787 shows a reachable DELEGATECALL with a computed target and multiple low‑level CALLs that can transfer ETH to computed targets; guard/access-control inference is uncertain from artifacts.","findings":[{"severity":"medium","category":"other","title":"Computed DELEGATECALL target reachable (storage corruption risk if not strictly bounded)","exploit_scenario":"If the DELEGATECALL target is derived from calldata or mutable storage rather than fixed to `address(this)` or a trusted module list, an attacker could supply a malicious target that executes in this contract’s storage context, enabling arbitrary state writes (e.g., ownership takeover or balance manipulation). The bytecode shows an `ADDRESS` comparison nearby, but it is unclear whether this fully constrains the target.","recommendation":"Ensure the delegatecall target is strictly constrained (e.g., `address(this)` only, or a vetted allowlist) and reject any untrusted targets. If the intent is multicall-on-self, enforce `target == address(this)` before delegatecall and avoid forwarding arbitrary targets.","evidence":"DELEGATECALL at pc 3653 (0x0e45); detector flagged an untrusted delegatecall with no guards detected. Target is stack-computed (uses DUP6 before DELEGATECALL), and only a nearby `ADDRESS` check is visible but its enforcement is unclear from bytecode.","locations":["pc:0x0e45"]},{"severity":"low","category":"reentrancy","title":"Low-level CALLs with computed target/value (possible reentrancy or fund diversion)","exploit_scenario":"Several CALL sites pass computed targets and values (potentially nonzero ETH). If any of these code paths are externally reachable without strong access control or without state changes being finalized beforehand, a malicious callee could reenter and exploit intermediate state, or the caller could direct ETH out of the contract. This is especially relevant if the contract holds ETH/tokens between operations.","recommendation":"For any externally reachable flow that uses these CALLs, apply checks-effects-interactions and/or a reentrancy guard, and constrain call targets/values (e.g., whitelist or require caller-provided targets to be validated).","evidence":"CALL opcodes with computed target/value at pc 2149, 5006, 10448, 11101, 11590, 12363; detector also flagged ETH value transfer possible. Guard detection is heuristic and did not show explicit protections in artifacts.","locations":["pc:0x0865","pc:0x138e","pc:0x28d0","pc:0x2b5d","pc:0x2d46","pc:0x304b"]}]}

OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-mepdsknf
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019be494-c3e6-7070-b51e-830468cd10fe
--------
user
Context: The user requested the proxy at 0x0cd5349e1909599f4445149a264699958a4fc962.
Audit the implementation at 0x62c9e5e52351e02635f48072fa20c03bb650f787.
Findings should refer to the implementation unless explicitly about proxy mechanics.

You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers

thinking
**Reading bytecode bundle file**
exec
/bin/bash -lc ls in /tmp/codex-mepdsknf succeeded in 8ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-mepdsknf succeeded in 16ms:
{
  "analysis_artifact": {
    "address": "0x62c9e5e52351e02635f48072fa20c03bb650f787",
    "artifact_hash": "0x77b379e7186a6b5eb9963cb81f2925a57aa78bdb84bded332186f09e1a5c6ab0",
    "artifact_json": {
      "auth": {
        "guards": []
      },
      "basic_blocks": [
        {
          "end_pc": 12,
          "hash": "0xc5a3c3aa00eba015ed0720784b5e3e794ef56cfc83f359a7d27a5ecb05fc4ca7",
          "opcodes": [
            "PUSH1",
            "PUSH1",
            "MSTORE",
            "PUSH1",
            "CALLDATASIZE",
            "LT",
            "PUSH2",

thinking
**Planning targeted searches**

I'll focus on relevant delegatecall, callcode, and related sections by using targeted ripgrep searches for terms like "evidence_bundle," "selectors," and "storage" to narrow down the large file.
exec
/bin/bash -lc 'rg -n "evidence|storage|selector|function|delegatecall|callcode" BYTECODE_BUNDLE.json | head -n 200' in /tmp/codex-mepdsknf succeeded in 12ms:
25318:      "dispatcher_type": "selector_jump_table",
25319:      "function_entries": [
25322:          "selector": "0xcb1eec6d"
25326:          "selector": "0xdb6b5246"
25330:          "selector": "0xed24911d"
25334:          "selector": "0xf2fde38b"
25338:          "selector": "0xf62d1888"
25342:          "selector": "0x8c42f5aa"
25346:          "selector": "0x8da5cb5b"
25350:          "selector": "0xac9650d8"
25354:          "selector": "0xb52c14f4"
25358:          "selector": "0xc8b2feb2"
25362:          "selector": "0x58b8dc6c"
25366:          "selector": "0x69328dec"
25370:          "selector": "0x71061398"
25374:          "selector": "0x72403331"
25378:          "selector": "0x84b0196e"
25382:          "selector": "0x150b7a02"
25386:          "selector": "0x1626ba7e"
25390:          "selector": "0x39f02d6d"

thinking
**Preparing to inspect function details**
exec
/bin/bash -lc "sed -n '25290,25680p' BYTECODE_BUNDLE.json" in /tmp/codex-mepdsknf succeeded in 10ms:
        },
        {
          "from": "bb:17236",
          "to": "bb:17247",
          "type": "control_flow_fallthrough"
        },
        {
          "from": "bb:17250",
          "to": "bb:17262",
          "type": "control_flow"
        },
        {
          "from": "bb:17250",
          "to": "bb:17259",
          "type": "control_flow_fallthrough"
        },
        {
          "from": "bb:17275",
          "to": "bb:17291",
          "type": "control_flow"

thinking
**Focusing on proxy evidence inspection**

I'm shifting to analyze the proxy evidence area since it may be easier to audit than the large main code. I'll explore files and data related to proxy evidence next.
exec
/bin/bash -lc "sed -n '31740,31980p' BYTECODE_BUNDLE.json" in /tmp/codex-mepdsknf succeeded in 11ms:
        "updated_at": "2026-01-22T03:57:09.000000Z"
      }
    ],
    "status": "running",
    "updated_at": "2026-01-22T07:21:50.000000Z"
  },
  "artifact": {
    "codehash": "0xec56e17840a106b4a71481cfad58bf613cdbd1debfe47a3874a2b8c7f08dcae6",
    "compiler_json": {
      "compiler_version": null,
      "etherscan": {
        "contract_name": null,
        "implementation": null,
        "license": "Unknown",
        "proxy": "0",
        "swarm_source": null
      },
      "optimizer_enabled": false,
      "optimizer_runs": 0,
      "proxy_evidence": {

thinking
**Investigating delegatecall and callcode sinks**

I'm identifying suspicious delegatecall and callcode usages by examining bytecode around key offsets and analyzing callgraph edges to find untrusted sinks and understand their context.
exec
/bin/bash -lc "sed -n '37680,38060p' BYTECODE_BUNDLE.json" in /tmp/codex-mepdsknf succeeded in 9ms:
          "to": "sink:staticcall",
          "type": "capability"
        },
        {
          "from": "bb:1931",
          "to": "call:1986",
          "type": "contains"
        },
        {
          "from": "call:1986",
          "to": "sink:staticcall",
          "type": "capability"
        },
        {
          "from": "bb:2123",
          "to": "call:2149",
          "type": "contains"
        },
        {
          "from": "call:2149",


thinking
**Analyzing delegatecall and callcode usage**

The contract implementation contains delegatecall and callcode opcodes, which can introduce risks especially if used with untrusted targets or missing access checks. Some selectors correspond to known functions like owner(), transferOwnership(), onERC721Received(), and multicall, indicating complex, modular functionality possibly including NFT receipt and multicall features. The presence of various unknown selectors and frequent external calls means thorough bytecode analysis is needed to identify any unsafe delegatecall or callcode usage and external calls with value or missing guards.
thinking
**Preparing to decode bytecode around key PCs**

I'm planning a Python script to parse the runtime bytecode into opcodes with program counters, focusing on positions near the delegatecall at PC 3653, callcode at PC 17315, and other call sites to check for preceding validation or safeguards. This will help understand the context and safety of those calls using only the runtime bytecode data.
exec
/bin/bash -lc "python - <<'PY'
import json
import sys

with open('BYTECODE_BUNDLE.json','r') as f:
    data=json.load(f)
bytecode=data['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
# map opcodes
opcodes = {i:op for i,op in enumerate([
    'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
    'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
    'SHA3'
])}
# extend for 0x30-0x4f
ops = {
    0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',
    0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',
    0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',
    0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',
    0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x49:'BLOBHASH',0x4a:'BLOBBASEFEE',
    0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',
    0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
    0x5f:'PUSH0',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
    0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
    0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
    0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
    0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',
    0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
opcodes.update(ops)

# disassemble
code=bytes.fromhex(bytecode)

def disasm(start, end):
    pc=0
    out=[]
    while pc < len(code):
        op=code[pc]
        name=opcodes.get(op, f'OP_{op:02x}')
        if start <= pc <= end:
            if name.startswith('PUSH') and name[4:].isdigit():
                n=int(name[4:])
                data=code[pc+1:pc+1+n]
                out.append((pc, name, data.hex()))
                pc += 1+n
                continue
            out.append((pc, name, None))
        # advance
        if name.startswith('PUSH') and name[4:].isdigit():
            n=int(name[4:])
            pc += 1+n
        else:
            pc += 1
    return out

# target PCs
for target in [2149,3653,5006,10448,11101,11590,12363,17315]:
    start=target-20
    end=target+20
    print('--- pc',target,'---')
    for pc,name,data in disasm(start,end):
        if start <= pc <= end:
            if data is None:
                print(f'{pc:05d}: {name}')
            else:
                print(f'{pc:05d}: {name} 0x{data}')
PY" in /tmp/codex-mepdsknf succeeded in 133ms:
--- pc 2149 ---
02129: PUSH1 0xa0
02131: OP_1b
02132: SUB
02133: BYTE
02134: DUP4
02135: PUSH1 0x40
02137: MLOAD
02138: PUSH0 0x
02139: PUSH1 0x40
02141: MLOAD
02142: DUP1
02143: DUP4
02144: SUB
02145: DUP2
02146: DUP6
02147: DUP8
02148: GAS
02149: CALL
02150: SWAP3


thinking
**Confirming callcode is in metadata, not runtime**

Callcode opcode at position 17315 resides within metadata after an invalid instruction, so it’s not actually executed; this means it shouldn’t be flagged as a reachable callcode issue. Next, I’ll check if there’s any untrusted delegatecall in the real runtime code.
thinking
**Disassembling around runtime address 3620–3670**

Planning to extend disassembly near pc 3620 to 3670 to understand how the target for the call at pc 3653 is loaded.
exec
/bin/bash -lc "python - <<'PY'
import json

data=json.load(open('BYTECODE_BUNDLE.json'))
bytecode=data['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
code=bytes.fromhex(bytecode)

opnames = {}
# map opcodes
base=[
    'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
    'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
    'SHA3'
]
for i,name in enumerate(base):
    opnames[i]=name
ops={
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x49:'BLOBHASH',0x4a:'BLOBBASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0',
}
for i in range(1,33):
    opnames[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
# correct pushes
for i in range(1,33):
    opnames[0x5f+i]=f'PUSH{i}'
# dup
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'
# better: set pushes 0x60-0x7f
for i in range(1,33):
    opnames[0x5f+i]=f'PUSH{i}'
# dup 0x80-0x8f
for i in range(1,17):
    opnames[0x7f+i]=f'PUSH{16+i}'

for i in range(1,17):
    opnames[0x80-1+i]=f'DUP{i}'
for i in range(1,17):
    opnames[0x90-1+i]=f'SWAP{i}'
ops.update({0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
opnames.update(ops)

def disasm(start,end):
    pc=0
    res=[]
    while pc < len(code):
        op=code[pc]
        name=opnames.get(op,f'OP_{op:02x}')
        if start<=pc<=end:
            if name.startswith('PUSH') and name[4:].isdigit():
                n=int(name[4:])
                data=code[pc+1:pc+1+n]
                res.append((pc,name,data.hex()))
                pc+=1+n
                continue
            res.append((pc,name,None))
        if name.startswith('PUSH') and name[4:].isdigit():
            pc+=1+int(name[4:])
        else:
            pc+=1
    return res

for pc,name,data in disasm(3600,3695):
    if data is None:
        print(f'{pc:05d}: {name}')
    else:
        print(f'{pc:05d}: {name} 0x{data}')
PY" in /tmp/codex-mepdsknf succeeded in 89ms:
03602: JUMPI
03603: PUSH2 0x0e1a
03606: PUSH2 0x37ee
03609: JUMP
03610: JUMPDEST
03611: SWAP1
03612: POP
03613: PUSH1 0x20
03615: MUL
03616: DUP2
03617: ADD
03618: SWAP1
03619: PUSH2 0x0e2c
03622: SWAP2
03623: SWAP1
03624: PUSH2 0x383a
03627: JUMP
03628: JUMPDEST
03629: PUSH1 0x40
03631: MLOAD


thinking
**Analyzing delegatecall usage**

Delegatecall target is hard to trace as it may come from storage or calldata; delegatecall appears reachable from all functions, likely via a shared internal helper rather than direct calls.
thinking
**Identifying delegatecall target as self-address**

Delegatecall is likely used in a multicall pattern that delegatecalls to the contract’s own address, enabling batched calls via delegatecall(address(this)), though the target is marked computed since it’s loaded from memory or stack rather than a fixed constant opcode argument.
exec
/bin/bash -lc "python - <<'PY'
import json

data=json.load(open('BYTECODE_BUNDLE.json'))
bytecode=data['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
code=bytes.fromhex(bytecode)

opnames={}
base=[
    'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
    'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
    'SHA3'
]
for i,name in enumerate(base): opnames[i]=name
ops={
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x49:'BLOBHASH',0x4a:'BLOBBASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5f:'PUSH0'
}
for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
for i in range(1,17): opnames[0x80-1+i]=f'DUP{i}'
for i in range(1,17): opnames[0x90-1+i]=f'SWAP{i}'
ops.update({0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
opnames.update(ops)

def disasm(start,end):
    pc=0
    res=[]
    while pc < len(code):
        op=code[pc]
        name=opnames.get(op,f'OP_{op:02x}')
        if start<=pc<=end:
            if name.startswith('PUSH') and name[4:].isdigit():
                n=int(name[4:])
                data=code[pc+1:pc+1+n]
                res.append((pc,name,data.hex()))
                pc+=1+n
                continue
            res.append((pc,name,None))
        if name.startswith('PUSH') and name[4:].isdigit():
            pc+=1+int(name[4:])
        else:
            pc+=1
    return res

for pc,name,data in disasm(3520,3625):
    if data is None:
        print(f'{pc:05d}: {name}')
    else:
        print(f'{pc:05d}: {name} 0x{data}')
PY" in /tmp/codex-mepdsknf succeeded in 46ms:
03521: PUSH2 0x31e5
03524: JUMP
03525: JUMPDEST
03526: PUSH1 0x40
03528: MLOAD
03529: SWAP1
03530: DUP1
03531: DUP3
03532: MSTORE
03533: DUP1
03534: PUSH1 0x20
03536: MUL
03537: PUSH1 0x20
03539: ADD
03540: DUP3
03541: ADD
03542: PUSH1 0x40
03544: MSTORE
03545: DUP1
03546: NOT


thinking
**Analyzing delegatecall target detection**

The code likely iterates over a call array and compares each target to the contract's own address, using delegatecall for calls targeting address(this). This suggests a multicall pattern where calls to self execute via delegatecall to preserve context.
thinking
**Detecting owner-based access control around multicall delegatecall**

The multicall function likely uses delegatecall to address(this) for calls targeting the contract itself and call for others, with access control restricting multicall to the owner. The contract shows Ownable patterns and EIP-1271 support, indicating it's a smart wallet or router handling complex calls with some guarded functions but potential risks if any delegatecall or external call lacks proper restrictions.
exec
/bin/bash -lc "python - <<'PY'
import json

data=json.load(open('BYTECODE_BUNDLE.json'))
bytecode=data['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
code=bytes.fromhex(bytecode)

opnames={}
base=[
    'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
    'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
    'SHA3'
]
for i,name in enumerate(base): opnames[i]=name
ops={
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x49:'BLOBHASH',0x4a:'BLOBBASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5f:'PUSH0'
}
for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
for i in range(1,17): opnames[0x80-1+i]=f'DUP{i}'
for i in range(1,17): opnames[0x90-1+i]=f'SWAP{i}'
ops.update({0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
opnames.update(ops)

def disasm(start,end):
    pc=0
    res=[]
    while pc < len(code):
        op=code[pc]
        name=opnames.get(op,f'OP_{op:02x}')
        if start<=pc<=end:
            if name.startswith('PUSH') and name[4:].isdigit():
                n=int(name[4:])
                data=code[pc+1:pc+1+n]
                res.append((pc,name,data.hex()))
                pc+=1+n
                continue
            res.append((pc,name,None))
        if name.startswith('PUSH') and name[4:].isdigit():
            pc+=1+int(name[4:])
        else:
            pc+=1
    return res

for pc,name,data in disasm(3460,3720):
    if data is None:
        print(f'{pc:05d}: {name}')
    else:
        print(f'{pc:05d}: {name} 0x{data}')
PY" in /tmp/codex-mepdsknf succeeded in 62ms:
03462: JUMP
03463: JUMPDEST
03464: SWAP4
03465: POP
03466: PUSH2 0x0d94
03469: DUP3
03470: DUP3
03471: DUP6
03472: PUSH2 0x23aa
03475: JUMP
03476: JUMPDEST
03477: POP
03478: POP
03479: JUMPDEST
03480: POP
03481: PUSH2 0x0da1
03484: PUSH1 0x01
03486: DUP1
03487: SSTORE
03488: JUMP


thinking
**Analyzing delegatecall target selection**

The bytecode shows complex stack manipulation around an ADDRESS opcode, likely selecting a delegatecall target. A key sequence compares duplicated stack items before a conditional jump, hinting at logic validating or matching the target address during iteration over calldata or call elements. I'll need more context to fully decode the loop and control flow.
thinking
**Hypothesizing multicall with delegatecall to self**

The function likely implements a multicall pattern where each bytes array element is delegatecalled to address(this), explaining the ADDRESS opcode as a constant target. The code may handle both external calls and delegatecalls with potential owner access checks, though guard detection is inconclusive. Next, I plan to extract function selectors and their dispatch jump destinations from runtime bytecode to better map and analyze call targets and access controls.
exec
/bin/bash -lc "sed -n '31370,31640p' BYTECODE_BUNDLE.json" in /tmp/codex-mepdsknf succeeded in 9ms:
                "pc": 16449,
                "slot": "0x0000000000000000000000000000000000000000000000000000000000004046"
              },
              {
                "op": "SLOAD",
                "pc": 16605,
                "slot": "0x0000000000000000000000000000000000000000000000000000000000000000"
              }
            ],
            "writes": 22
          }
        }
      ],
      "selectors": [
        "0xcb1eec6d",
        "0xdb6b5246",
        "0xed24911d",
        "0xf2fde38b",
        "0xf62d1888",
        "0x8c42f5aa",


thinking
**Analyzing delegatecall target stack**

I'm examining the stack state before the delegatecall to verify if the target is definitely the contract itself or potentially user-controlled; the stack manipulation near the delegatecall is complex, needing deeper inspection to confirm the safety of this self-delegatecall pattern.
thinking
**Confirming delegatecall target logic and access control**

The delegatecall target is conditionally computed and likely restricted to self based on stack analysis and equality checks with the contract address, but enforcement isn't fully certain. I'm now inspecting CALL instructions earlier in the bytecode to verify if access control checks precede them, which would clarify if external calls with value are properly guarded.
exec
/bin/bash -lc "python - <<'PY'
import json

data=json.load(open('BYTECODE_BUNDLE.json'))
bytecode=data['artifact']['runtime_bytecode']['full']
if bytecode.startswith('0x'): bytecode=bytecode[2:]
code=bytes.fromhex(bytecode)

opnames={}
base=[
    'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
    'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
    'SHA3'
]
for i,name in enumerate(base): opnames[i]=name
ops={
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x49:'BLOBHASH',0x4a:'BLOBBASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5f:'PUSH0'
}
for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
for i in range(1,17): opnames[0x80-1+i]=f'DUP{i}'
for i in range(1,17): opnames[0x90-1+i]=f'SWAP{i}'
ops.update({0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
opnames.update(ops)

def disasm(start,end):
    pc=0
    res=[]
    while pc < len(code):
        op=code[pc]
        name=opnames.get(op,f'OP_{op:02x}')
        if start<=pc<=end:
            if name.startswith('PUSH') and name[4:].isdigit():
                n=int(name[4:])
                data=code[pc+1:pc+1+n]
                res.append((pc,name,data.hex()))
                pc+=1+n
                continue
            res.append((pc,name,None))
        if name.startswith('PUSH') and name[4:].isdigit():
            pc+=1+int(name[4:])
        else:
            pc+=1
    return res

for pc,name,data in disasm(2050,2200):
    if data is None:
        print(f'{pc:05d}: {name}')
    else:
        print(f'{pc:05d}: {name} 0x{data}')
PY" in /tmp/codex-mepdsknf succeeded in 47ms:
02051: PUSH1 0xe1
02053: OP_1b
02054: DUP2
02055: MSTORE
02056: PUSH1 0x04
02058: ADD
02059: PUSH1 0x40
02061: MLOAD
02062: DUP1
02063: SWAP2
02064: SUB
02065: SWAP1
02066: REVERT
02067: JUMPDEST
02068: PUSH1 0x01
02070: PUSH1 0x01
02072: PUSH1 0xa0
02074: OP_1b
02075: SUB
02076: DUP4


thinking
**Analyzing potential reentrancy and external calls**

The contract seems to act as a router or aggregator handling ETH and tokens, using a sentinel address for ETH differentiation. Key focus is on CALL instructions that send ETH or tokens, checking if state updates happen before calls to spot reentrancy risks or unchecked external calls that could allow draining funds. Untrusted delegatecalls (e.g., multicall) could be critical if targets are user-controlled.
thinking
**Detailing delegatecall and external call findings**

I've identified two main issues: a delegatecall to a computed target in a multicall-like context, posing medium risk due to possible arbitrary storage execution if gating is insufficient; and multiple low-level CALLs sending ETH to computed targets without detected reentrancy guards, posing a low-severity reentrancy or funds-drain risk if the contract holds ETH and lacks access control. I'll include related evidence locations and note bytecode-only analysis limitations.
codex
{"no_findings":false,"summary":"Bytecode-only review of implementation 0x62c9e5e52351e02635f48072fa20c03bb650f787 shows a reachable DELEGATECALL with a computed target and multiple low‑level CALLs that can transfer ETH to computed targets; guard/access-control inference is uncertain from artifacts.","findings":[{"severity":"medium","category":"other","title":"Computed DELEGATECALL target reachable (storage corruption risk if not strictly bounded)","exploit_scenario":"If the DELEGATECALL target is derived from calldata or mutable storage rather than fixed to `address(this)` or a trusted module list, an attacker could supply a malicious target that executes in this contract’s storage context, enabling arbitrary state writes (e.g., ownership takeover or balance manipulation). The bytecode shows an `ADDRESS` comparison nearby, but it is unclear whether this fully constrains the target.","recommendation":"Ensure the delegatecall target is strictly constrained (e.g., `address(this)` only, or a vetted allowlist) and reject any untrusted targets. If the intent is multicall-on-self, enforce `target == address(this)` before delegatecall and avoid forwarding arbitrary targets.","evidence":"DELEGATECALL at pc 3653 (0x0e45); detector flagged an untrusted delegatecall with no guards detected. Target is stack-computed (uses DUP6 before DELEGATECALL), and only a nearby `ADDRESS` check is visible but its enforcement is unclear from bytecode.","locations":["pc:0x0e45"]},{"severity":"low","category":"reentrancy","title":"Low-level CALLs with computed target/value (possible reentrancy or fund diversion)","exploit_scenario":"Several CALL sites pass computed targets and values (potentially nonzero ETH). If any of these code paths are externally reachable without strong access control or without state changes being finalized beforehand, a malicious callee could reenter and exploit intermediate state, or the caller could direct ETH out of the contract. This is especially relevant if the contract holds ETH/tokens between operations.","recommendation":"For any externally reachable flow that uses these CALLs, apply checks-effects-interactions and/or a reentrancy guard, and constrain call targets/values (e.g., whitelist or require caller-provided targets to be validated).","evidence":"CALL opcodes with computed target/value at pc 2149, 5006, 10448, 11101, 11590, 12363; detector also flagged ETH value transfer possible. Guard detection is heuristic and did not show explicit protections in artifacts.","locations":["pc:0x0865","pc:0x138e","pc:0x28d0","pc:0x2b5d","pc:0x2d46","pc:0x304b"]}]}
tokens used
71,395

{
    "codex": {
        "ran_at": "2026-01-22T07:27:07.617140+00:00",
        "returncode": 0
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 34706,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": "Bytecode-only review of implementation 0x62c9e5e52351e02635f48072fa20c03bb650f787 shows a reachable DELEGATECALL with a computed target and multiple low\u2011level CALLs that can transfer ETH to computed targets; guard/access-control inference is uncertain from artifacts.",
    "raw_final": {
        "summary": "Bytecode-only review of implementation 0x62c9e5e52351e02635f48072fa20c03bb650f787 shows a reachable DELEGATECALL with a computed target and multiple low\u2011level CALLs that can transfer ETH to computed targets; guard/access-control inference is uncertain from artifacts.",
        "findings": [
            {
                "title": "Computed DELEGATECALL target reachable (storage corruption risk if not strictly bounded)",
                "category": "other",
                "evidence": "DELEGATECALL at pc 3653 (0x0e45); detector flagged an untrusted delegatecall with no guards detected. Target is stack-computed (uses DUP6 before DELEGATECALL), and only a nearby `ADDRESS` check is visible but its enforcement is unclear from bytecode.",
                "severity": "medium",
                "locations": [
                    "pc:0x0e45"
                ],
                "recommendation": "Ensure the delegatecall target is strictly constrained (e.g., `address(this)` only, or a vetted allowlist) and reject any untrusted targets. If the intent is multicall-on-self, enforce `target == address(this)` before delegatecall and avoid forwarding arbitrary targets.",
                "exploit_scenario": "If the DELEGATECALL target is derived from calldata or mutable storage rather than fixed to `address(this)` or a trusted module list, an attacker could supply a malicious target that executes in this contract\u2019s storage context, enabling arbitrary state writes (e.g., ownership takeover or balance manipulation). The bytecode shows an `ADDRESS` comparison nearby, but it is unclear whether this fully constrains the target."
            },
            {
                "title": "Low-level CALLs with computed target/value (possible reentrancy or fund diversion)",
                "category": "reentrancy",
                "evidence": "CALL opcodes with computed target/value at pc 2149, 5006, 10448, 11101, 11590, 12363; detector also flagged ETH value transfer possible. Guard detection is heuristic and did not show explicit protections in artifacts.",
                "severity": "low",
                "locations": [
                    "pc:0x0865",
                    "pc:0x138e",
                    "pc:0x28d0",
                    "pc:0x2b5d",
                    "pc:0x2d46",
                    "pc:0x304b"
                ],
                "recommendation": "For any externally reachable flow that uses these CALLs, apply checks-effects-interactions and/or a reentrancy guard, and constrain call targets/values (e.g., whitelist or require caller-provided targets to be validated).",
                "exploit_scenario": "Several CALL sites pass computed targets and values (potentially nonzero ETH). If any of these code paths are externally reachable without strong access control or without state changes being finalized beforehand, a malicious callee could reenter and exploit intermediate state, or the caller could direct ETH out of the contract. This is especially relevant if the contract holds ETH/tokens between operations."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "proxy_context": {
        "proxy_run_id": "019be3d6-84d0-712a-a2d1-e4725f02a1d8",
        "proxy_address": "0x0cd5349e1909599f4445149a264699958a4fc962",
        "implementation_run_id": "019be3d9-53a8-71a4-b1a8-306d54433492",
        "implementation_address": "0x62c9e5e52351e02635f48072fa20c03bb650f787"
    },
    "schema_version": 1
}

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x004d
0000000c: JUMPI
0000000d: PUSH0
0000000e: CALLDATALOAD
0000000f: PUSH1 0xe0
00000011: SHR
00000012: DUP1
00000013: PUSH4 0x3659cfe6
00000018: EQ
00000019: PUSH2 0x0064
0000001c: JUMPI
0000001d: DUP1
0000001e: PUSH4 0x4f1ef286
00000023: EQ
00000024: PUSH2 0x0077
00000027: JUMPI
00000028: DUP1
00000029: PUSH4 0x5c60da1b
0000002e: EQ
0000002f: PUSH2 0x008a
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x8f283970
00000039: EQ
0000003a: PUSH2 0x00ae
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0xf851a440
00000044: EQ
00000045: PUSH2 0x00c1
00000048: JUMPI
00000049: PUSH2 0x005c
0000004c: JUMP
0000004d: JUMPDEST
0000004e: CALLDATASIZE
0000004f: PUSH2 0x005c
00000052: JUMPI
00000053: PUSH2 0x005a
00000056: PUSH2 0x00c9
00000059: JUMP
0000005a: JUMPDEST
0000005b: STOP
0000005c: JUMPDEST
0000005d: PUSH2 0x005a
00000060: PUSH2 0x00c9
00000063: JUMP
00000064: JUMPDEST
00000065: PUSH2 0x005a
00000068: PUSH2 0x0072
0000006b: CALLDATASIZE
0000006c: PUSH1 0x04
0000006e: PUSH2 0x0692
00000071: JUMP
00000072: JUMPDEST
00000073: PUSH2 0x00e3
00000076: JUMP
00000077: JUMPDEST
00000078: PUSH2 0x005a
0000007b: PUSH2 0x0085
0000007e: CALLDATASIZE
0000007f: PUSH1 0x04
00000081: PUSH2 0x06ab
00000084: JUMP
00000085: JUMPDEST
00000086: PUSH2 0x0126
00000089: JUMP
0000008a: JUMPDEST
0000008b: PUSH2 0x0092
0000008e: PUSH2 0x018c
00000091: JUMP
00000092: JUMPDEST
00000093: PUSH1 0x40
00000095: MLOAD
00000096: PUSH1 0x01
00000098: PUSH1 0x01
0000009a: PUSH1 0xa0
0000009c: SHL
0000009d: SUB
0000009e: SWAP1
0000009f: SWAP2
000000a0: AND
000000a1: DUP2
000000a2: MSTORE
000000a3: PUSH1 0x20
000000a5: ADD
000000a6: PUSH1 0x40
000000a8: MLOAD
000000a9: DUP1
000000aa: SWAP2
000000ab: SUB
000000ac: SWAP1
000000ad: RETURN
000000ae: JUMPDEST
000000af: PUSH2 0x005a
000000b2: PUSH2 0x00bc
000000b5: CALLDATASIZE
000000b6: PUSH1 0x04
000000b8: PUSH2 0x0692
000000bb: JUMP
000000bc: JUMPDEST
000000bd: PUSH2 0x01c4
000000c0: JUMP
000000c1: JUMPDEST
000000c2: PUSH2 0x0092
000000c5: PUSH2 0x01ec
000000c8: JUMP
000000c9: JUMPDEST
000000ca: PUSH2 0x00d1
000000cd: PUSH2 0x0214
000000d0: JUMP
000000d1: JUMPDEST
000000d2: PUSH2 0x00e1
000000d5: PUSH2 0x00dc
000000d8: PUSH2 0x02a9
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH2 0x02b2
000000e0: JUMP
000000e1: JUMPDEST
000000e2: JUMP
000000e3: JUMPDEST
000000e4: PUSH2 0x00eb
000000e7: PUSH2 0x02d0
000000ea: JUMP
000000eb: JUMPDEST
000000ec: PUSH1 0x01
000000ee: PUSH1 0x01
000000f0: PUSH1 0xa0
000000f2: SHL
000000f3: SUB
000000f4: AND
000000f5: CALLER
000000f6: SUB
000000f7: PUSH2 0x011e
000000fa: JUMPI
000000fb: PUSH2 0x0102
000000fe: PUSH2 0x0302
00000101: JUMP
00000102: JUMPDEST
00000103: PUSH2 0x011b
00000106: DUP2
00000107: PUSH1 0x40
00000109: MLOAD
0000010a: DUP1
0000010b: PUSH1 0x20
0000010d: ADD
0000010e: PUSH1 0x40
00000110: MSTORE
00000111: DUP1
00000112: PUSH0
00000113: DUP2
00000114: MSTORE
00000115: POP
00000116: PUSH0
00000117: PUSH2 0x030c
0000011a: JUMP
0000011b: JUMPDEST
0000011c: POP
0000011d: JUMP
0000011e: JUMPDEST
0000011f: PUSH2 0x011b
00000122: PUSH2 0x00c9
00000125: JUMP
00000126: JUMPDEST
00000127: PUSH2 0x012e
0000012a: PUSH2 0x02d0
0000012d: JUMP
0000012e: JUMPDEST
0000012f: PUSH1 0x01
00000131: PUSH1 0x01
00000133: PUSH1 0xa0
00000135: SHL
00000136: SUB
00000137: AND
00000138: CALLER
00000139: SUB
0000013a: PUSH2 0x0184
0000013d: JUMPI
0000013e: PUSH2 0x017f
00000141: DUP4
00000142: DUP4
00000143: DUP4
00000144: DUP1
00000145: DUP1
00000146: PUSH1 0x1f
00000148: ADD
00000149: PUSH1 0x20
0000014b: DUP1
0000014c: SWAP2
0000014d: DIV
0000014e: MUL
0000014f: PUSH1 0x20
00000151: ADD
00000152: PUSH1 0x40
00000154: MLOAD
00000155: SWAP1
00000156: DUP2
00000157: ADD
00000158: PUSH1 0x40
0000015a: MSTORE
0000015b: DUP1
0000015c: SWAP4
0000015d: SWAP3
0000015e: SWAP2
0000015f: SWAP1
00000160: DUP2
00000161: DUP2
00000162: MSTORE
00000163: PUSH1 0x20
00000165: ADD
00000166: DUP4
00000167: DUP4
00000168: DUP1
00000169: DUP3
0000016a: DUP5
0000016b: CALLDATACOPY
0000016c: PUSH0
0000016d: SWAP3
0000016e: ADD
0000016f: SWAP2
00000170: SWAP1
00000171: SWAP2
00000172: MSTORE
00000173: POP
00000174: PUSH1 0x01
00000176: SWAP3
00000177: POP
00000178: PUSH2 0x030c
0000017b: SWAP2
0000017c: POP
0000017d: POP
0000017e: JUMP
0000017f: JUMPDEST
00000180: POP
00000181: POP
00000182: POP
00000183: JUMP
00000184: JUMPDEST
00000185: PUSH2 0x017f
00000188: PUSH2 0x00c9
0000018b: JUMP
0000018c: JUMPDEST
0000018d: PUSH0
0000018e: PUSH2 0x0195
00000191: PUSH2 0x02d0
00000194: JUMP
00000195: JUMPDEST
00000196: PUSH1 0x01
00000198: PUSH1 0x01
0000019a: PUSH1 0xa0
0000019c: SHL
0000019d: SUB
0000019e: AND
0000019f: CALLER
000001a0: SUB
000001a1: PUSH2 0x01b9
000001a4: JUMPI
000001a5: PUSH2 0x01ac
000001a8: PUSH2 0x0302
000001ab: JUMP
000001ac: JUMPDEST
000001ad: PUSH2 0x01b4
000001b0: PUSH2 0x02a9
000001b3: JUMP
000001b4: JUMPDEST
000001b5: SWAP1
000001b6: POP
000001b7: SWAP1
000001b8: JUMP
000001b9: JUMPDEST
000001ba: PUSH2 0x01c1
000001bd: PUSH2 0x00c9
000001c0: JUMP
000001c1: JUMPDEST
000001c2: SWAP1
000001c3: JUMP
000001c4: JUMPDEST
000001c5: PUSH2 0x01cc
000001c8: PUSH2 0x02d0
000001cb: JUMP
000001cc: JUMPDEST
000001cd: PUSH1 0x01
000001cf: PUSH1 0x01
000001d1: PUSH1 0xa0
000001d3: SHL
000001d4: SUB
000001d5: AND
000001d6: CALLER
000001d7: SUB
000001d8: PUSH2 0x011e
000001db: JUMPI
000001dc: PUSH2 0x01e3
000001df: PUSH2 0x0302
000001e2: JUMP
000001e3: JUMPDEST
000001e4: PUSH2 0x011b
000001e7: DUP2
000001e8: PUSH2 0x0336
000001eb: JUMP
000001ec: JUMPDEST
000001ed: PUSH0
000001ee: PUSH2 0x01f5
000001f1: PUSH2 0x02d0
000001f4: JUMP
000001f5: JUMPDEST
000001f6: PUSH1 0x01
000001f8: PUSH1 0x01
000001fa: PUSH1 0xa0
000001fc: SHL
000001fd: SUB
000001fe: AND
000001ff: CALLER
00000200: SUB
00000201: PUSH2 0x01b9
00000204: JUMPI
00000205: PUSH2 0x020c
00000208: PUSH2 0x0302
0000020b: JUMP
0000020c: JUMPDEST
0000020d: PUSH2 0x01b4
00000210: PUSH2 0x02d0
00000213: JUMP
00000214: JUMPDEST
00000215: PUSH2 0x021c
00000218: PUSH2 0x02d0
0000021b: JUMP
0000021c: JUMPDEST
0000021d: PUSH1 0x01
0000021f: PUSH1 0x01
00000221: PUSH1 0xa0
00000223: SHL
00000224: SUB
00000225: AND
00000226: CALLER
00000227: SUB
00000228: PUSH2 0x00e1
0000022b: JUMPI
0000022c: PUSH1 0x40
0000022e: MLOAD
0000022f: PUSH3 0x461bcd
00000233: PUSH1 0xe5
00000235: SHL
00000236: DUP2
00000237: MSTORE
00000238: PUSH1 0x20
0000023a: PUSH1 0x04
0000023c: DUP3
0000023d: ADD
0000023e: MSTORE
0000023f: PUSH1 0x42
00000241: PUSH1 0x24
00000243: DUP3
00000244: ADD
00000245: MSTORE
00000246: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a2061646d
00000267: PUSH1 0x44
00000269: DUP3
0000026a: ADD
0000026b: MSTORE
0000026c: PUSH32 0x696e2063616e6e6f742066616c6c6261636b20746f2070726f78792074617267
0000028d: PUSH1 0x64
0000028f: DUP3
00000290: ADD
00000291: MSTORE
00000292: PUSH2 0x195d
00000295: PUSH1 0xf2
00000297: SHL
00000298: PUSH1 0x84
0000029a: DUP3
0000029b: ADD
0000029c: MSTORE
0000029d: PUSH1 0xa4
0000029f: ADD
000002a0: JUMPDEST
000002a1: PUSH1 0x40
000002a3: MLOAD
000002a4: DUP1
000002a5: SWAP2
000002a6: SUB
000002a7: SWAP1
000002a8: REVERT
000002a9: JUMPDEST
000002aa: PUSH0
000002ab: PUSH2 0x01b4
000002ae: PUSH2 0x038a
000002b1: JUMP
000002b2: JUMPDEST
000002b3: CALLDATASIZE
000002b4: PUSH0
000002b5: DUP1
000002b6: CALLDATACOPY
000002b7: PUSH0
000002b8: DUP1
000002b9: CALLDATASIZE
000002ba: PUSH0
000002bb: DUP5
000002bc: GAS
000002bd: DELEGATECALL
000002be: RETURNDATASIZE
000002bf: PUSH0
000002c0: DUP1
000002c1: RETURNDATACOPY
000002c2: DUP1
000002c3: DUP1
000002c4: ISZERO
000002c5: PUSH2 0x02cc
000002c8: JUMPI
000002c9: RETURNDATASIZE
000002ca: PUSH0
000002cb: RETURN
000002cc: JUMPDEST
000002cd: RETURNDATASIZE
000002ce: PUSH0
000002cf: REVERT
000002d0: JUMPDEST
000002d1: PUSH0
000002d2: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000002f3: JUMPDEST
000002f4: SLOAD
000002f5: PUSH1 0x01
000002f7: PUSH1 0x01
000002f9: PUSH1 0xa0
000002fb: SHL
000002fc: SUB
000002fd: AND
000002fe: SWAP2
000002ff: SWAP1
00000300: POP
00000301: JUMP
00000302: JUMPDEST
00000303: CALLVALUE
00000304: ISZERO
00000305: PUSH2 0x00e1
00000308: JUMPI
00000309: PUSH0
0000030a: DUP1
0000030b: REVERT
0000030c: JUMPDEST
0000030d: PUSH2 0x0315
00000310: DUP4
00000311: PUSH2 0x03b1
00000314: JUMP
00000315: JUMPDEST
00000316: PUSH0
00000317: DUP3
00000318: MLOAD
00000319: GT
0000031a: DUP1
0000031b: PUSH2 0x0321
0000031e: JUMPI
0000031f: POP
00000320: DUP1
00000321: JUMPDEST
00000322: ISZERO
00000323: PUSH2 0x017f
00000326: JUMPI
00000327: PUSH2 0x0330
0000032a: DUP4
0000032b: DUP4
0000032c: PUSH2 0x03f0
0000032f: JUMP
00000330: JUMPDEST
00000331: POP
00000332: POP
00000333: POP
00000334: POP
00000335: JUMP
00000336: JUMPDEST
00000337: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f
00000358: PUSH2 0x035f
0000035b: PUSH2 0x02d0
0000035e: JUMP
0000035f: JUMPDEST
00000360: PUSH1 0x40
00000362: DUP1
00000363: MLOAD
00000364: PUSH1 0x01
00000366: PUSH1 0x01
00000368: PUSH1 0xa0
0000036a: SHL
0000036b: SUB
0000036c: SWAP3
0000036d: DUP4
0000036e: AND
0000036f: DUP2
00000370: MSTORE
00000371: SWAP2
00000372: DUP5
00000373: AND
00000374: PUSH1 0x20
00000376: DUP4
00000377: ADD
00000378: MSTORE
00000379: ADD
0000037a: PUSH1 0x40
0000037c: MLOAD
0000037d: DUP1
0000037e: SWAP2
0000037f: SUB
00000380: SWAP1
00000381: LOG1
00000382: PUSH2 0x011b
00000385: DUP2
00000386: PUSH2 0x041c
00000389: JUMP
0000038a: JUMPDEST
0000038b: PUSH0
0000038c: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000003ad: PUSH2 0x02f3
000003b0: JUMP
000003b1: JUMPDEST
000003b2: PUSH2 0x03ba
000003b5: DUP2
000003b6: PUSH2 0x04c5
000003b9: JUMP
000003ba: JUMPDEST
000003bb: PUSH1 0x40
000003bd: MLOAD
000003be: PUSH1 0x01
000003c0: PUSH1 0x01
000003c2: PUSH1 0xa0
000003c4: SHL
000003c5: SUB
000003c6: DUP3
000003c7: AND
000003c8: SWAP1
000003c9: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
000003ea: SWAP1
000003eb: PUSH0
000003ec: SWAP1
000003ed: LOG2
000003ee: POP
000003ef: JUMP
000003f0: JUMPDEST
000003f1: PUSH1 0x60
000003f3: PUSH2 0x0415
000003f6: DUP4
000003f7: DUP4
000003f8: PUSH1 0x40
000003fa: MLOAD
000003fb: DUP1
000003fc: PUSH1 0x60
000003fe: ADD
000003ff: PUSH1 0x40
00000401: MSTORE
00000402: DUP1
00000403: PUSH1 0x27
00000405: DUP2
00000406: MSTORE
00000407: PUSH1 0x20
00000409: ADD
0000040a: PUSH2 0x0775
0000040d: PUSH1 0x27
0000040f: SWAP2
00000410: CODECOPY
00000411: PUSH2 0x0559
00000414: JUMP
00000415: JUMPDEST
00000416: SWAP4
00000417: SWAP3
00000418: POP
00000419: POP
0000041a: POP
0000041b: JUMP
0000041c: JUMPDEST
0000041d: PUSH1 0x01
0000041f: PUSH1 0x01
00000421: PUSH1 0xa0
00000423: SHL
00000424: SUB
00000425: DUP2
00000426: AND
00000427: PUSH2 0x0481
0000042a: JUMPI
0000042b: PUSH1 0x40
0000042d: MLOAD
0000042e: PUSH3 0x461bcd
00000432: PUSH1 0xe5
00000434: SHL
00000435: DUP2
00000436: MSTORE
00000437: PUSH1 0x20
00000439: PUSH1 0x04
0000043b: DUP3
0000043c: ADD
0000043d: MSTORE
0000043e: PUSH1 0x26
00000440: PUSH1 0x24
00000442: DUP3
00000443: ADD
00000444: MSTORE
00000445: PUSH32 0x455243313936373a206e65772061646d696e20697320746865207a65726f2061
00000466: PUSH1 0x44
00000468: DUP3
00000469: ADD
0000046a: MSTORE
0000046b: PUSH6 0x646472657373
00000472: PUSH1 0xd0
00000474: SHL
00000475: PUSH1 0x64
00000477: DUP3
00000478: ADD
00000479: MSTORE
0000047a: PUSH1 0x84
0000047c: ADD
0000047d: PUSH2 0x02a0
00000480: JUMP
00000481: JUMPDEST
00000482: DUP1
00000483: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000004a4: JUMPDEST
000004a5: DUP1
000004a6: SLOAD
000004a7: PUSH1 0x01
000004a9: PUSH1 0x01
000004ab: PUSH1 0xa0
000004ad: SHL
000004ae: SUB
000004af: NOT
000004b0: AND
000004b1: PUSH1 0x01
000004b3: PUSH1 0x01
000004b5: PUSH1 0xa0
000004b7: SHL
000004b8: SUB
000004b9: SWAP3
000004ba: SWAP1
000004bb: SWAP3
000004bc: AND
000004bd: SWAP2
000004be: SWAP1
000004bf: SWAP2
000004c0: OR
000004c1: SWAP1
000004c2: SSTORE
000004c3: POP
000004c4: JUMP
000004c5: JUMPDEST
000004c6: PUSH1 0x01
000004c8: PUSH1 0x01
000004ca: PUSH1 0xa0
000004cc: SHL
000004cd: SUB
000004ce: DUP2
000004cf: AND
000004d0: EXTCODESIZE
000004d1: PUSH2 0x0532
000004d4: JUMPI
000004d5: PUSH1 0x40
000004d7: MLOAD
000004d8: PUSH3 0x461bcd
000004dc: PUSH1 0xe5
000004de: SHL
000004df: DUP2
000004e0: MSTORE
000004e1: PUSH1 0x20
000004e3: PUSH1 0x04
000004e5: DUP3
000004e6: ADD
000004e7: MSTORE
000004e8: PUSH1 0x2d
000004ea: PUSH1 0x24
000004ec: DUP3
000004ed: ADD
000004ee: MSTORE
000004ef: PUSH32 0x455243313936373a206e657720696d706c656d656e746174696f6e206973206e
00000510: PUSH1 0x44
00000512: DUP3
00000513: ADD
00000514: MSTORE
00000515: PUSH13 0x1bdd08184818dbdb9d1c9858dd
00000523: PUSH1 0x9a
00000525: SHL
00000526: PUSH1 0x64
00000528: DUP3
00000529: ADD
0000052a: MSTORE
0000052b: PUSH1 0x84
0000052d: ADD
0000052e: PUSH2 0x02a0
00000531: JUMP
00000532: JUMPDEST
00000533: DUP1
00000534: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000555: PUSH2 0x04a4
00000558: JUMP
00000559: JUMPDEST
0000055a: PUSH1 0x60
0000055c: PUSH0
0000055d: DUP1
0000055e: DUP6
0000055f: PUSH1 0x01
00000561: PUSH1 0x01
00000563: PUSH1 0xa0
00000565: SHL
00000566: SUB
00000567: AND
00000568: DUP6
00000569: PUSH1 0x40
0000056b: MLOAD
0000056c: PUSH2 0x0575
0000056f: SWAP2
00000570: SWAP1
00000571: PUSH2 0x0729
00000574: JUMP
00000575: JUMPDEST
00000576: PUSH0
00000577: PUSH1 0x40
00000579: MLOAD
0000057a: DUP1
0000057b: DUP4
0000057c: SUB
0000057d: DUP2
0000057e: DUP6
0000057f: GAS
00000580: DELEGATECALL
00000581: SWAP2
00000582: POP
00000583: POP
00000584: RETURNDATASIZE
00000585: DUP1
00000586: PUSH0
00000587: DUP2
00000588: EQ
00000589: PUSH2 0x05ad
0000058c: JUMPI
0000058d: PUSH1 0x40
0000058f: MLOAD
00000590: SWAP2
00000591: POP
00000592: PUSH1 0x1f
00000594: NOT
00000595: PUSH1 0x3f
00000597: RETURNDATASIZE
00000598: ADD
00000599: AND
0000059a: DUP3
0000059b: ADD
0000059c: PUSH1 0x40
0000059e: MSTORE
0000059f: RETURNDATASIZE
000005a0: DUP3
000005a1: MSTORE
000005a2: RETURNDATASIZE
000005a3: PUSH0
000005a4: PUSH1 0x20
000005a6: DUP5
000005a7: ADD
000005a8: RETURNDATACOPY
000005a9: PUSH2 0x05b2
000005ac: JUMP
000005ad: JUMPDEST
000005ae: PUSH1 0x60
000005b0: SWAP2
000005b1: POP
000005b2: JUMPDEST
000005b3: POP
000005b4: SWAP2
000005b5: POP
000005b6: SWAP2
000005b7: POP
000005b8: PUSH2 0x05c3
000005bb: DUP7
000005bc: DUP4
000005bd: DUP4
000005be: DUP8
000005bf: PUSH2 0x05cd
000005c2: JUMP
000005c3: JUMPDEST
000005c4: SWAP7
000005c5: SWAP6
000005c6: POP
000005c7: POP
000005c8: POP
000005c9: POP
000005ca: POP
000005cb: POP
000005cc: JUMP
000005cd: JUMPDEST
000005ce: PUSH1 0x60
000005d0: DUP4
000005d1: ISZERO
000005d2: PUSH2 0x063b
000005d5: JUMPI
000005d6: DUP3
000005d7: MLOAD
000005d8: PUSH0
000005d9: SUB
000005da: PUSH2 0x0634
000005dd: JUMPI
000005de: PUSH1 0x01
000005e0: PUSH1 0x01
000005e2: PUSH1 0xa0
000005e4: SHL
000005e5: SUB
000005e6: DUP6
000005e7: AND
000005e8: EXTCODESIZE
000005e9: PUSH2 0x0634
000005ec: JUMPI
000005ed: PUSH1 0x40
000005ef: MLOAD
000005f0: PUSH3 0x461bcd
000005f4: PUSH1 0xe5
000005f6: SHL
000005f7: DUP2
000005f8: MSTORE
000005f9: PUSH1 0x20
000005fb: PUSH1 0x04
000005fd: DUP3
000005fe: ADD
000005ff: MSTORE
00000600: PUSH1 0x1d
00000602: PUSH1 0x24
00000604: DUP3
00000605: ADD
00000606: MSTORE
00000607: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
00000628: PUSH1 0x44
0000062a: DUP3
0000062b: ADD
0000062c: MSTORE
0000062d: PUSH1 0x64
0000062f: ADD
00000630: PUSH2 0x02a0
00000633: JUMP
00000634: JUMPDEST
00000635: POP
00000636: DUP2
00000637: PUSH2 0x0645
0000063a: JUMP
0000063b: JUMPDEST
0000063c: PUSH2 0x0645
0000063f: DUP4
00000640: DUP4
00000641: PUSH2 0x064d
00000644: JUMP
00000645: JUMPDEST
00000646: SWAP5
00000647: SWAP4
00000648: POP
00000649: POP
0000064a: POP
0000064b: POP
0000064c: JUMP
0000064d: JUMPDEST
0000064e: DUP2
0000064f: MLOAD
00000650: ISZERO
00000651: PUSH2 0x065d
00000654: JUMPI
00000655: DUP2
00000656: MLOAD
00000657: DUP1
00000658: DUP4
00000659: PUSH1 0x20
0000065b: ADD
0000065c: REVERT
0000065d: JUMPDEST
0000065e: DUP1
0000065f: PUSH1 0x40
00000661: MLOAD
00000662: PUSH3 0x461bcd
00000666: PUSH1 0xe5
00000668: SHL
00000669: DUP2
0000066a: MSTORE
0000066b: PUSH1 0x04
0000066d: ADD
0000066e: PUSH2 0x02a0
00000671: SWAP2
00000672: SWAP1
00000673: PUSH2 0x073f
00000676: JUMP
00000677: JUMPDEST
00000678: DUP1
00000679: CALLDATALOAD
0000067a: PUSH1 0x01
0000067c: PUSH1 0x01
0000067e: PUSH1 0xa0
00000680: SHL
00000681: SUB
00000682: DUP2
00000683: AND
00000684: DUP2
00000685: EQ
00000686: PUSH2 0x068d
00000689: JUMPI
0000068a: PUSH0
0000068b: DUP1
0000068c: REVERT
0000068d: JUMPDEST
0000068e: SWAP2
0000068f: SWAP1
00000690: POP
00000691: JUMP
00000692: JUMPDEST
00000693: PUSH0
00000694: PUSH1 0x20
00000696: DUP3
00000697: DUP5
00000698: SUB
00000699: SLT
0000069a: ISZERO
0000069b: PUSH2 0x06a2
0000069e: JUMPI
0000069f: PUSH0
000006a0: DUP1
000006a1: REVERT
000006a2: JUMPDEST
000006a3: PUSH2 0x0415
000006a6: DUP3
000006a7: PUSH2 0x0677
000006aa: JUMP
000006ab: JUMPDEST
000006ac: PUSH0
000006ad: DUP1
000006ae: PUSH0
000006af: PUSH1 0x40
000006b1: DUP5
000006b2: DUP7
000006b3: SUB
000006b4: SLT
000006b5: ISZERO
000006b6: PUSH2 0x06bd
000006b9: JUMPI
000006ba: PUSH0
000006bb: DUP1
000006bc: REVERT
000006bd: JUMPDEST
000006be: PUSH2 0x06c6
000006c1: DUP5
000006c2: PUSH2 0x0677
000006c5: JUMP
000006c6: JUMPDEST
000006c7: SWAP3
000006c8: POP
000006c9: PUSH1 0x20
000006cb: DUP5
000006cc: ADD
000006cd: CALLDATALOAD
000006ce: PUSH8 0xffffffffffffffff
000006d7: DUP2
000006d8: GT
000006d9: ISZERO
000006da: PUSH2 0x06e1
000006dd: JUMPI
000006de: PUSH0
000006df: DUP1
000006e0: REVERT
000006e1: JUMPDEST
000006e2: DUP5
000006e3: ADD
000006e4: PUSH1 0x1f
000006e6: DUP2
000006e7: ADD
000006e8: DUP7
000006e9: SGT
000006ea: PUSH2 0x06f1
000006ed: JUMPI
000006ee: PUSH0
000006ef: DUP1
000006f0: REVERT
000006f1: JUMPDEST
000006f2: DUP1
000006f3: CALLDATALOAD
000006f4: PUSH8 0xffffffffffffffff
000006fd: DUP2
000006fe: GT
000006ff: ISZERO
00000700: PUSH2 0x0707
00000703: JUMPI
00000704: PUSH0
00000705: DUP1
00000706: REVERT
00000707: JUMPDEST
00000708: DUP7
00000709: PUSH1 0x20
0000070b: DUP3
0000070c: DUP5
0000070d: ADD
0000070e: ADD
0000070f: GT
00000710: ISZERO
00000711: PUSH2 0x0718
00000714: JUMPI
00000715: PUSH0
00000716: DUP1
00000717: REVERT
00000718: JUMPDEST
00000719: SWAP4
0000071a: SWAP7
0000071b: PUSH1 0x20
0000071d: SWAP2
0000071e: SWAP1
0000071f: SWAP2
00000720: ADD
00000721: SWAP6
00000722: POP
00000723: SWAP3
00000724: SWAP4
00000725: POP
00000726: POP
00000727: POP
00000728: JUMP
00000729: JUMPDEST
0000072a: PUSH0
0000072b: DUP3
0000072c: MLOAD
0000072d: DUP1
0000072e: PUSH1 0x20
00000730: DUP6
00000731: ADD
00000732: DUP5
00000733: MCOPY
00000734: PUSH0
00000735: SWAP3
00000736: ADD
00000737: SWAP2
00000738: DUP3
00000739: MSTORE
0000073a: POP
0000073b: SWAP2
0000073c: SWAP1
0000073d: POP
0000073e: JUMP
0000073f: JUMPDEST
00000740: PUSH1 0x20
00000742: DUP2
00000743: MSTORE
00000744: PUSH0
00000745: DUP3
00000746: MLOAD
00000747: DUP1
00000748: PUSH1 0x20
0000074a: DUP5
0000074b: ADD
0000074c: MSTORE
0000074d: DUP1
0000074e: PUSH1 0x20
00000750: DUP6
00000751: ADD
00000752: PUSH1 0x40
00000754: DUP6
00000755: ADD
00000756: MCOPY
00000757: PUSH0
00000758: PUSH1 0x40
0000075a: DUP3
0000075b: DUP6
0000075c: ADD
0000075d: ADD
0000075e: MSTORE
0000075f: PUSH1 0x40
00000761: PUSH1 0x1f
00000763: NOT
00000764: PUSH1 0x1f
00000766: DUP4
00000767: ADD
00000768: AND
00000769: DUP5
0000076a: ADD
0000076b: ADD
0000076c: SWAP2
0000076d: POP
0000076e: POP
0000076f: SWAP3
00000770: SWAP2
00000771: POP
00000772: POP
00000773: JUMP
00000774: INVALID
00000775: COINBASE
00000776: PUSH5 0x6472657373
0000077c: GASPRICE
0000077d: KECCAK256
0000077e: PUSH13 0x6f772d6c6576656c2064656c65
0000078c: PUSH8 0x6174652063616c6c
00000795: KECCAK256
00000796: PUSH7 0x61696c6564a264
0000079e: PUSH10 0x70667358221220167f8f
000007a9: UNKNOWN(0xE2)
000007aa: UNKNOWN(0xC7)
000007ab: UNKNOWN(0x4C)
000007ac: UNKNOWN(0xE5)
000007ad: UNKNOWN(0xC4)
000007ae: PUSH17 0xafea48c32a8f34d02f0c8068376017b7fe
000007c0: PUSH5 0xb25cb66031
000007c6: PUSH5 0x736f6c6343
000007cc: STOP
000007cd: ADDMOD
000007ce: BYTE
000007cf: STOP
000007d0: CALLER