019c0ea9-0776-70b3-b6ab-65ca0e8031a8
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41599 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41600 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41601 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41602 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41603 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41604 | detector.run | complete | 1 / 3 | 2 months ago |
| 41605 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42225 | report.consolidate | complete | 1 / 6 | 2 months ago |
{
"method": "eip1967",
"status": "onchain_only",
"implementation": "0x97edcc0f6bb77191b4bf69a930e6d2383397433a",
"onchain_method": "eip1967"
}
No slither job recorded yet.
{"no_findings":true,"summary":"Bytecode-only review of implementation 0x97edcc0f6bb77191b4bf69a930e6d2383397433a did not surface clear, actionable vulnerabilities. The only DELEGATECALL opcodes appear in the metadata trailer (unreachable), and external calls appear to follow standard SafeERC20/ETH transfer patterns; however, control-flow and signature logic cannot be fully verified from bytecode alone.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-qk270789
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0ed7-7a47-7142-baf3-7a5dd917c964
--------
user
Context: The user requested the proxy at 0x35ac13efaab970f32269b61e4704f4377ce7a0ad.
Audit the implementation at 0x97edcc0f6bb77191b4bf69a930e6d2383397433a.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-qk270789 succeeded in 6ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-qk270789 succeeded in 12ms:
{
"analysis_artifact": {
"address": "0x97edcc0f6bb77191b4bf69a930e6d2383397433a",
"artifact_hash": "0x9963d941d1c4c9fe2b96a04ba377f726c4f324d079167b28a6b83f0c38a21758",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 12,
"hash": "0x5e3804975922c8facfaa6c03cbfdb77d643069f7a4fe125f5cbc6ffff95d9a23",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"CALLDATASIZE",
"LT",
"PUSH2",
exec
/bin/bash -lc 'rg -n "storage" BYTECODE_BUNDLE.json' in /tmp/codex-qk270789 succeeded in 8ms:
15769: "storage": {
16118: "storage": {
16467: "storage": {
16816: "storage": {
17165: "storage": {
17514: "storage": {
17863: "storage": {
18212: "storage": {
18561: "storage": {
18910: "storage": {
19259: "storage": {
19608: "storage": {
19957: "storage": {
20306: "storage": {
20655: "storage": {
21004: "storage": {
21353: "storage": {
21702: "storage": {
22051: "storage": {
22400: "storage": {
exec
/bin/bash -lc "sed -n '15740,15840p' BYTECODE_BUNDLE.json" in /tmp/codex-qk270789 succeeded in 7ms:
"entry_pc": 117300739,
"selector": "0x02befd24"
},
{
"entry_pc": 130066497,
"selector": "0x06fdde03"
},
{
"entry_pc": 220964240,
"selector": "0x07c0a841"
},
{
"entry_pc": 0,
"selector": "0x0d2ba590"
}
],
"functions": [
{
"auth": {
"guards": []
exec
/bin/bash -lc 'rg -n "callsite|call_sites|callsites|evidence" BYTECODE_BUNDLE.json' in /tmp/codex-qk270789 succeeded in 8ms:
11900: "callsites": [
29464: "proxy_evidence": {
37989: "type": "callsite"
37995: "type": "callsite"
38001: "type": "callsite"
38007: "type": "callsite"
38013: "type": "callsite"
38019: "type": "callsite"
38025: "type": "callsite"
38031: "type": "callsite"
38283: "evidence_json": {
38326: "evidence_json": {
38371: "evidence_json": {
exec
/bin/bash -lc "sed -n '11880,11980p' BYTECODE_BUNDLE.json" in /tmp/codex-qk270789 succeeded in 8ms:
"EQ",
"OP_B6",
"OP_B0",
"POP",
"OP_A4",
"OP_23",
"PUSH20",
"STOP"
],
"start_pc": 12150
},
{
"end_pc": 12202,
"hash": "0x45462b2b024ee2e6688e46a6521ea693f9498d8642f6a7bad0392f65498b0819",
"opcodes": [
"CALLER"
],
"start_pc": 12202
}
],
exec
/bin/bash -lc "sed -n '29440,29560p' BYTECODE_BUNDLE.json" in /tmp/codex-qk270789 succeeded in 9ms:
"id": "019c0ea9-0776-70b3-b6ab-65ca0e8031a8",
"status": "running",
"updated_at": "2026-01-30T11:28:41.000000Z"
},
"parent_run_id": "019c0ea9-0776-70b3-b6ab-65ca0e8031a8",
"updated_at": "2026-01-30T11:28:41.000000Z"
}
],
"status": "running",
"updated_at": "2026-01-30T12:18:46.000000Z"
},
"artifact": {
"codehash": "0xe44385fd5ad0b93a89f9b9080f10b5768edeebec7d10c1a40562d8ec2f1cf3f9",
"compiler_json": {
"compiler_version": null,
"etherscan": {
"contract_name": null,
"implementation": null,
"license": "Unknown",
"proxy": "0",
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
import sys
p=Path('BYTECODE_BUNDLE.json')
data=json.loads(p.read_text())
artifact=data['analysis_artifact']['artifact_json']
funcs=artifact.get('functions',[])
# list functions with call/delegatecall sinks
for f in funcs:
sinks=f.get('sinks',{})
if sinks.get('call',0) or sinks.get('delegatecall',0):
print(f\"selector {f.get('selector')} entry_pc {f.get('entry_pc')} sinks {sinks}\")
PY" in /tmp/codex-qk270789 succeeded in 42ms:
selector 0xda089e29 entry_pc 3657997865 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xe37532ac entry_pc 3843217963 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xe512da2b entry_pc 3943880222 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xeb12d61e entry_pc 4076725131 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xf2fde38b entry_pc None sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xafb4d2ee entry_pc 2952188315 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xaff6d19b entry_pc 3155524289 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xbc157ac1 entry_pc 3450554700 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xcdab494c entry_pc 3508336594 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xd11cf7d2 entry_pc None sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x8da5cb5b entry_pc 2376452955 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x8fd016e8 entry_pc 2657258390 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x9e628b96 entry_pc 2902317451 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xacfdd98b entry_pc 2913278572 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0xada51a6c entry_pc None sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x715018a6 entry_pc 2002396643 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x775a25e3 entry_pc 2019620016 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x7860f4b0 entry_pc 2113355303 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x7df73e27 entry_pc None sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
selector 0x54fd4d50 entry_pc 1425886544 sinks {'call': 2, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
selectors=[f['selector'] for f in json.loads(Path('BYTECODE_BUNDLE.json').read_text())['analysis_artifact']['artifact_json']['functions']]
print(len(selectors))
print(sorted(selectors)[:10])
print('3659cfe6' in [s[2:] for s in selectors if s])
PY" in /tmp/codex-qk270789 succeeded in 41ms:
38
['0x02befd24', '0x06fdde03', '0x07c0a841', '0x0d2ba590', '0x1cc4c1e3', '0x2f3ffb9f', '0x3313b98a', '0x35a776ca', '0x3644e515', '0x475ad2ea']
False
exec
/bin/bash -lc "python - <<'PY'
import json, re
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
# convert to bytes
b=bytes.fromhex(hexstr)
# find printable ascii strings length >=4
strings=[]
cur=b''
for byte in b:
if 32<=byte<=126:
cur+=bytes([byte])
else:
if len(cur)>=4:
strings.append(cur.decode('ascii'))
cur=b''
if len(cur)>=4:
strings.append(cur.decode('ascii'))
# filter unique with TASKONFUND or Ownable etc
uniq=[]
for s in strings:
if s not in uniq:
uniq.append(s)
# print interesting ones
for s in uniq:
if 'TASKONFUND' in s or 'Ownable' in s or 'Initializable' in s or 'SafeERC20' in s or 'Address' in s:
print(s)
# show all strings shorter? maybe show first 40
print('\\nAll unique strings (subset):')
for s in uniq:
if len(s)<=80:
print(s)
PY" in /tmp/codex-qk270789 succeeded in 49ms:
TASKONFUND: newM equal current M`D
TASKONFUND: M should large than `D
TASKONFUND: duplicate nonce
TASKONFUND: withdraw paused
TASKONFUND: checkpoint expired
TASKONFUND: withdraw expired
TASKONFUND: invalid sig
TASKONFUND: over withdraw freque`D
TASKONFUND: over withdraw amount`D
TASKONFUND: duplicate token
TASKONFUND: not checkpoint owner`D
TASKONFUND: signer has already d`D
TASKONFUND: number of signers ca`D
TASKONFUND: old address doesn't `D
TASKONFUND: new address has alre`D
TASKONFUND: deposit paused
TASKONFUND: token not enough
TASKONFUND: balAfter should be m`D
TASKONFUND: invalid parameter
Initializable: contract is alrea`D
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
bytestr=bytes.fromhex(hexstr)
needle=b\"Ethereum Signed Message\"
print(needle in bytestr)
print(b\"EIP712\" in bytestr)
PY" in /tmp/codex-qk270789 succeeded in 39ms:
False
False
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
# opcode mapping
ops = {i: f'OP_{i:02x}' for i in range(256)}
# populate
opnames = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
ops = opnames
# disassemble to list of tuples
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=ops.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
# function to show window around pc
pcs=[8943,10236,12162,12167,5654,5784,8460,9018]
for target in pcs:
# find index
idx=None
for i,(pc,name,data) in enumerate(instrs):
if pc==target:
idx=i
break
print('\\n== pc',target,'==', 'idx',idx)
if idx is None:
# find closest
for i,(pc,name,data) in enumerate(instrs):
if pc>target:
idx=i;break
print('closest pc', instrs[idx][0])
start=max(0,idx-15)
end=min(len(instrs), idx+15)
for pc,name,data in instrs[start:end]:
if data:
print(f'{pc:5d}: {name} 0x{data}')
else:
print(f'{pc:5d}: {name}')
PY" in /tmp/codex-qk270789 succeeded in 57ms:
== pc 8943 == idx 5108
8925: SWAP1
8926: DUP3
8927: ISZERO
8928: PUSH2 0x08fc
8931: MUL
8932: SWAP1
8933: DUP4
8934: SWAP1
8935: PUSH1 0x00
8937: DUP2
8938: DUP2
8939: DUP2
8940: DUP6
8941: DUP9
8942: DUP9
8943: CALL
8944: SWAP4
8945: POP
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
ops = {}
# same mapping as before
opnames = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=opnames.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
# helper to print window
def print_window(pc_target, window=40):
idx=None
for i,(pc,name,data) in enumerate(instrs):
if pc==pc_target:
idx=i;break
if idx is None:
print('pc not found')
return
start=max(0, idx-window)
end=min(len(instrs), idx+window)
for pc,name,data in instrs[start:end]:
line=f'{pc:5d}: {name}'
if data: line+=f' 0x{data}'
print(line)
print('--- window around CALL 8943 ---')
print_window(8943, window=50)
print('\\n--- window around CALL 10236 ---')
print_window(10236, window=50)
PY" in /tmp/codex-qk270789 succeeded in 62ms:
--- window around CALL 8943 ---
8842: MLOAD
8843: PUSH3 0x461bcd
8847: PUSH1 0xe5
8849: SHL
8850: DUP2
8851: MSTORE
8852: PUSH1 0x20
8854: PUSH1 0x04
8856: DUP3
8857: ADD
8858: MSTORE
8859: PUSH1 0x1e
8861: PUSH1 0x24
8863: DUP3
8864: ADD
8865: MSTORE
8866: PUSH32 0x5441534b4f4e46554e443a20746f6b656e20696e73756666696369656e740000
8899: PUSH1 0x44
8901: DUP3
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
opnames = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=opnames.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
# print window 8800-8980
for pc,name,data in instrs:
if 8800 <= pc <= 8980:
line=f'{pc:5d}: {name}'
if data:
line+=f' 0x{data}'
print(line)
PY" in /tmp/codex-qk270789 succeeded in 68ms:
8802: JUMP
8803: JUMPDEST
8804: POP
8805: PUSH1 0x01
8807: SWAP1
8808: POP
8809: JUMPDEST
8810: SWAP5
8811: SWAP4
8812: POP
8813: POP
8814: POP
8815: POP
8816: JUMP
8817: JUMPDEST
8818: PUSH1 0x01
8820: PUSH1 0x01
8822: PUSH1 0xa0
8824: SHL
8825: SUB
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
# disassemble
opnames = {**{i:f'OP_{i:02x}' for i in range(256)},
0x55:'SSTORE',0xf1:'CALL',0xfa:'STATICCALL',0xf4:'DELEGATECALL',0x52:'MSTORE',0x54:'SLOAD',0x56:'JUMP',0x57:'JUMPI',0x5b:'JUMPDEST',0x50:'POP',
0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32'
}
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=opnames.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
# filter for SSTORE around 8700-9200
for pc,name,data in instrs:
if 8700<=pc<=9200 and name=='SSTORE':
print('SSTORE at',pc)
PY" in /tmp/codex-qk270789 succeeded in 43ms:
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
# disassemble
opnames={i:f'OP_{i:02x}' for i in range(256)}
opnames.update({0x55:'SSTORE',0x54:'SLOAD',0xf1:'CALL',0xfa:'STATICCALL',0xfd:'REVERT',0x5b:'JUMPDEST',0x56:'JUMP',0x57:'JUMPI'})
# decode
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=opnames.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
# find first SSTORE after 8943 up to 9500
for pc,name,data in instrs:
if 8943 < pc < 9500 and name=='SSTORE':
print('SSTORE at',pc)
break
else:
print('No SSTORE between 8943 and 9500')
PY" in /tmp/codex-qk270789 succeeded in 52ms:
SSTORE at 9205
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
# disassemble
opnames = {i:f'OP_{i:02x}' for i in range(256)}
opnames.update({0x55:'SSTORE',0x54:'SLOAD',0xf1:'CALL',0xfa:'STATICCALL',0xfd:'REVERT',0x5b:'JUMPDEST',0x56:'JUMP',0x57:'JUMPI',0x50:'POP'})
# decode
instrs=[]
pc=0
while pc < len(code):
op=code[pc]
name=opnames.get(op, f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=code[pc+1:pc+1+n]
instrs.append((pc,name,data.hex()))
pc+=1+n
else:
instrs.append((pc,name,None))
pc+=1
for pc,name,data in instrs:
if 9160 <= pc <= 9225:
line=f'{pc:5d}: {name}'
if data:
line+=f' 0x{data}'
print(line)
PY" in /tmp/codex-qk270789 succeeded in 62ms:
9160: OP_03
9161: OP_84
9162: OP_16
9163: OP_83
9164: OP_83
9165: OP_61 0x263f
9168: JUMP
9169: JUMPDEST
9170: POP
9171: POP
9172: POP
9173: JUMP
9174: JUMPDEST
9175: OP_60 0x33
9177: OP_80
9178: SLOAD
9179: OP_60 0x01
9181: OP_60 0x01
9183: OP_60 0xa0
9185: OP_1b
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
print('ORIGIN opcode present?', 0x32 in code)
# find pcs of ORIGIN
pcs=[]
pc=0
while pc < len(code):
op=code[pc]
if op==0x32:
pcs.append(pc)
if 0x60<=op<=0x7f:
pc+=1+(op-0x5f)
else:
pc+=1
print('ORIGIN pcs', pcs[:10])
PY" in /tmp/codex-qk270789 succeeded in 67ms:
ORIGIN opcode present? True
ORIGIN pcs []
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
pcs=[]
pc=0
while pc < len(code):
op=code[pc]
if op==0xf4:
pcs.append(pc)
if 0x60<=op<=0x7f:
pc+=1+(op-0x5f)
else:
pc+=1
print('delegatecall pcs', pcs)
PY" in /tmp/codex-qk270789 succeeded in 40ms:
delegatecall pcs [12162, 12167]
exec
/bin/bash -lc "python - <<'PY'
import json
from pathlib import Path
hexstr=json.loads(Path('BYTECODE_BUNDLE.json').read_text())['artifact']['runtime_bytecode']['full'][2:]
code=bytes.fromhex(hexstr)
# check CHAINID opcode 0x46
pcs=[]
pc=0
while pc < len(code):
op=code[pc]
if op==0x46:
pcs.append(pc)
if 0x60<=op<=0x7f:
pc+=1+(op-0x5f)
else:
pc+=1
print('CHAINID pcs', pcs[:10])
PY" in /tmp/codex-qk270789 succeeded in 63ms:
CHAINID pcs [7085]
codex
{"no_findings":true,"summary":"Bytecode-only review of implementation 0x97edcc0f6bb77191b4bf69a930e6d2383397433a did not surface clear, actionable vulnerabilities. The only DELEGATECALL opcodes appear in the metadata trailer (unreachable), and external calls appear to follow standard SafeERC20/ETH transfer patterns; however, control-flow and signature logic cannot be fully verified from bytecode alone.","findings":[]}
tokens used
79,111
{
"codex": {
"ran_at": "2026-01-30T12:25:16.690126+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 24408,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode-only review of implementation 0x97edcc0f6bb77191b4bf69a930e6d2383397433a did not surface clear, actionable vulnerabilities. The only DELEGATECALL opcodes appear in the metadata trailer (unreachable), and external calls appear to follow standard SafeERC20/ETH transfer patterns; however, control-flow and signature logic cannot be fully verified from bytecode alone.",
"raw_final": {
"summary": "Bytecode-only review of implementation 0x97edcc0f6bb77191b4bf69a930e6d2383397433a did not surface clear, actionable vulnerabilities. The only DELEGATECALL opcodes appear in the metadata trailer (unreachable), and external calls appear to follow standard SafeERC20/ETH transfer patterns; however, control-flow and signature logic cannot be fully verified from bytecode alone.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"proxy_context": {
"proxy_run_id": "019c0ea9-0776-70b3-b6ab-65ca0e8031a8",
"proxy_address": "0x35ac13efaab970f32269b61e4704f4377ce7a0ad",
"implementation_run_id": "019c0ea9-9972-71e4-a291-55d964b938b2",
"implementation_address": "0x97edcc0f6bb77191b4bf69a930e6d2383397433a"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x3659cfe6 00000019: EQ 0000001a: PUSH2 0x0065 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x4f1ef286 00000024: EQ 00000025: PUSH2 0x0085 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x5c60da1b 0000002f: EQ 00000030: PUSH2 0x0098 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8f283970 0000003a: EQ 0000003b: PUSH2 0x00c9 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf851a440 00000045: EQ 00000046: PUSH2 0x00e9 00000049: JUMPI 0000004a: PUSH2 0x005d 0000004d: JUMP 0000004e: JUMPDEST 0000004f: CALLDATASIZE 00000050: PUSH2 0x005d 00000053: JUMPI 00000054: PUSH2 0x005b 00000057: PUSH2 0x00fe 0000005a: JUMP 0000005b: JUMPDEST 0000005c: STOP 0000005d: JUMPDEST 0000005e: PUSH2 0x005b 00000061: PUSH2 0x00fe 00000064: JUMP 00000065: JUMPDEST 00000066: CALLVALUE 00000067: DUP1 00000068: ISZERO 00000069: PUSH2 0x0071 0000006c: JUMPI 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: POP 00000073: PUSH2 0x005b 00000076: PUSH2 0x0080 00000079: CALLDATASIZE 0000007a: PUSH1 0x04 0000007c: PUSH2 0x06b5 0000007f: JUMP 00000080: JUMPDEST 00000081: PUSH2 0x0118 00000084: JUMP 00000085: JUMPDEST 00000086: PUSH2 0x005b 00000089: PUSH2 0x0093 0000008c: CALLDATASIZE 0000008d: PUSH1 0x04 0000008f: PUSH2 0x06d0 00000092: JUMP 00000093: JUMPDEST 00000094: PUSH2 0x0155 00000097: JUMP 00000098: JUMPDEST 00000099: CALLVALUE 0000009a: DUP1 0000009b: ISZERO 0000009c: PUSH2 0x00a4 0000009f: JUMPI 000000a0: PUSH1 0x00 000000a2: DUP1 000000a3: REVERT 000000a4: JUMPDEST 000000a5: POP 000000a6: PUSH2 0x00ad 000000a9: PUSH2 0x01bc 000000ac: JUMP 000000ad: JUMPDEST 000000ae: PUSH1 0x40 000000b0: MLOAD 000000b1: PUSH1 0x01 000000b3: PUSH1 0x01 000000b5: PUSH1 0xa0 000000b7: SHL 000000b8: SUB 000000b9: SWAP1 000000ba: SWAP2 000000bb: AND 000000bc: DUP2 000000bd: MSTORE 000000be: PUSH1 0x20 000000c0: ADD 000000c1: PUSH1 0x40 000000c3: MLOAD 000000c4: DUP1 000000c5: SWAP2 000000c6: SUB 000000c7: SWAP1 000000c8: RETURN 000000c9: JUMPDEST 000000ca: CALLVALUE 000000cb: DUP1 000000cc: ISZERO 000000cd: PUSH2 0x00d5 000000d0: JUMPI 000000d1: PUSH1 0x00 000000d3: DUP1 000000d4: REVERT 000000d5: JUMPDEST 000000d6: POP 000000d7: PUSH2 0x005b 000000da: PUSH2 0x00e4 000000dd: CALLDATASIZE 000000de: PUSH1 0x04 000000e0: PUSH2 0x06b5 000000e3: JUMP 000000e4: JUMPDEST 000000e5: PUSH2 0x01ed 000000e8: JUMP 000000e9: JUMPDEST 000000ea: CALLVALUE 000000eb: DUP1 000000ec: ISZERO 000000ed: PUSH2 0x00f5 000000f0: JUMPI 000000f1: PUSH1 0x00 000000f3: DUP1 000000f4: REVERT 000000f5: JUMPDEST 000000f6: POP 000000f7: PUSH2 0x00ad 000000fa: PUSH2 0x020d 000000fd: JUMP 000000fe: JUMPDEST 000000ff: PUSH2 0x0106 00000102: PUSH2 0x0269 00000105: JUMP 00000106: JUMPDEST 00000107: PUSH2 0x0116 0000010a: PUSH2 0x0111 0000010d: PUSH2 0x02fe 00000110: JUMP 00000111: JUMPDEST 00000112: PUSH2 0x0308 00000115: JUMP 00000116: JUMPDEST 00000117: JUMP 00000118: JUMPDEST 00000119: PUSH2 0x0120 0000011c: PUSH2 0x032c 0000011f: JUMP 00000120: JUMPDEST 00000121: PUSH1 0x01 00000123: PUSH1 0x01 00000125: PUSH1 0xa0 00000127: SHL 00000128: SUB 00000129: AND 0000012a: CALLER 0000012b: SUB 0000012c: PUSH2 0x014d 0000012f: JUMPI 00000130: PUSH2 0x014a 00000133: DUP2 00000134: PUSH1 0x40 00000136: MLOAD 00000137: DUP1 00000138: PUSH1 0x20 0000013a: ADD 0000013b: PUSH1 0x40 0000013d: MSTORE 0000013e: DUP1 0000013f: PUSH1 0x00 00000141: DUP2 00000142: MSTORE 00000143: POP 00000144: PUSH1 0x00 00000146: PUSH2 0x035f 00000149: JUMP 0000014a: JUMPDEST 0000014b: POP 0000014c: JUMP 0000014d: JUMPDEST 0000014e: PUSH2 0x014a 00000151: PUSH2 0x00fe 00000154: JUMP 00000155: JUMPDEST 00000156: PUSH2 0x015d 00000159: PUSH2 0x032c 0000015c: JUMP 0000015d: JUMPDEST 0000015e: PUSH1 0x01 00000160: PUSH1 0x01 00000162: PUSH1 0xa0 00000164: SHL 00000165: SUB 00000166: AND 00000167: CALLER 00000168: SUB 00000169: PUSH2 0x01b4 0000016c: JUMPI 0000016d: PUSH2 0x01af 00000170: DUP4 00000171: DUP4 00000172: DUP4 00000173: DUP1 00000174: DUP1 00000175: PUSH1 0x1f 00000177: ADD 00000178: PUSH1 0x20 0000017a: DUP1 0000017b: SWAP2 0000017c: DIV 0000017d: MUL 0000017e: PUSH1 0x20 00000180: ADD 00000181: PUSH1 0x40 00000183: MLOAD 00000184: SWAP1 00000185: DUP2 00000186: ADD 00000187: PUSH1 0x40 00000189: MSTORE 0000018a: DUP1 0000018b: SWAP4 0000018c: SWAP3 0000018d: SWAP2 0000018e: SWAP1 0000018f: DUP2 00000190: DUP2 00000191: MSTORE 00000192: PUSH1 0x20 00000194: ADD 00000195: DUP4 00000196: DUP4 00000197: DUP1 00000198: DUP3 00000199: DUP5 0000019a: CALLDATACOPY 0000019b: PUSH1 0x00 0000019d: SWAP3 0000019e: ADD 0000019f: SWAP2 000001a0: SWAP1 000001a1: SWAP2 000001a2: MSTORE 000001a3: POP 000001a4: PUSH1 0x01 000001a6: SWAP3 000001a7: POP 000001a8: PUSH2 0x035f 000001ab: SWAP2 000001ac: POP 000001ad: POP 000001ae: JUMP 000001af: JUMPDEST 000001b0: POP 000001b1: POP 000001b2: POP 000001b3: JUMP 000001b4: JUMPDEST 000001b5: PUSH2 0x01af 000001b8: PUSH2 0x00fe 000001bb: JUMP 000001bc: JUMPDEST 000001bd: PUSH1 0x00 000001bf: PUSH2 0x01c6 000001c2: PUSH2 0x032c 000001c5: JUMP 000001c6: JUMPDEST 000001c7: PUSH1 0x01 000001c9: PUSH1 0x01 000001cb: PUSH1 0xa0 000001cd: SHL 000001ce: SUB 000001cf: AND 000001d0: CALLER 000001d1: SUB 000001d2: PUSH2 0x01e2 000001d5: JUMPI 000001d6: PUSH2 0x01dd 000001d9: PUSH2 0x02fe 000001dc: JUMP 000001dd: JUMPDEST 000001de: SWAP1 000001df: POP 000001e0: SWAP1 000001e1: JUMP 000001e2: JUMPDEST 000001e3: PUSH2 0x01ea 000001e6: PUSH2 0x00fe 000001e9: JUMP 000001ea: JUMPDEST 000001eb: SWAP1 000001ec: JUMP 000001ed: JUMPDEST 000001ee: PUSH2 0x01f5 000001f1: PUSH2 0x032c 000001f4: JUMP 000001f5: JUMPDEST 000001f6: PUSH1 0x01 000001f8: PUSH1 0x01 000001fa: PUSH1 0xa0 000001fc: SHL 000001fd: SUB 000001fe: AND 000001ff: CALLER 00000200: SUB 00000201: PUSH2 0x014d 00000204: JUMPI 00000205: PUSH2 0x014a 00000208: DUP2 00000209: PUSH2 0x038a 0000020c: JUMP 0000020d: JUMPDEST 0000020e: PUSH1 0x00 00000210: PUSH2 0x0217 00000213: PUSH2 0x032c 00000216: JUMP 00000217: JUMPDEST 00000218: PUSH1 0x01 0000021a: PUSH1 0x01 0000021c: PUSH1 0xa0 0000021e: SHL 0000021f: SUB 00000220: AND 00000221: CALLER 00000222: SUB 00000223: PUSH2 0x01e2 00000226: JUMPI 00000227: PUSH2 0x01dd 0000022a: PUSH2 0x032c 0000022d: JUMP 0000022e: JUMPDEST 0000022f: PUSH1 0x60 00000231: PUSH2 0x0253 00000234: DUP4 00000235: DUP4 00000236: PUSH1 0x40 00000238: MLOAD 00000239: DUP1 0000023a: PUSH1 0x60 0000023c: ADD 0000023d: PUSH1 0x40 0000023f: MSTORE 00000240: DUP1 00000241: PUSH1 0x27 00000243: DUP2 00000244: MSTORE 00000245: PUSH1 0x20 00000247: ADD 00000248: PUSH2 0x07c7 0000024b: PUSH1 0x27 0000024d: SWAP2 0000024e: CODECOPY 0000024f: PUSH2 0x03de 00000252: JUMP 00000253: JUMPDEST 00000254: SWAP4 00000255: SWAP3 00000256: POP 00000257: POP 00000258: POP 00000259: JUMP 0000025a: JUMPDEST 0000025b: PUSH1 0x01 0000025d: PUSH1 0x01 0000025f: PUSH1 0xa0 00000261: SHL 00000262: SUB 00000263: AND 00000264: EXTCODESIZE 00000265: ISZERO 00000266: ISZERO 00000267: SWAP1 00000268: JUMP 00000269: JUMPDEST 0000026a: PUSH2 0x0271 0000026d: PUSH2 0x032c 00000270: JUMP 00000271: JUMPDEST 00000272: PUSH1 0x01 00000274: PUSH1 0x01 00000276: PUSH1 0xa0 00000278: SHL 00000279: SUB 0000027a: AND 0000027b: CALLER 0000027c: SUB 0000027d: PUSH2 0x0116 00000280: JUMPI 00000281: PUSH1 0x40 00000283: MLOAD 00000284: PUSH3 0x461bcd 00000288: PUSH1 0xe5 0000028a: SHL 0000028b: DUP2 0000028c: MSTORE 0000028d: PUSH1 0x20 0000028f: PUSH1 0x04 00000291: DUP3 00000292: ADD 00000293: MSTORE 00000294: PUSH1 0x42 00000296: PUSH1 0x24 00000298: DUP3 00000299: ADD 0000029a: MSTORE 0000029b: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a2061646d 000002bc: PUSH1 0x44 000002be: DUP3 000002bf: ADD 000002c0: MSTORE 000002c1: PUSH32 0x696e2063616e6e6f742066616c6c6261636b20746f2070726f78792074617267 000002e2: PUSH1 0x64 000002e4: DUP3 000002e5: ADD 000002e6: MSTORE 000002e7: PUSH2 0x195d 000002ea: PUSH1 0xf2 000002ec: SHL 000002ed: PUSH1 0x84 000002ef: DUP3 000002f0: ADD 000002f1: MSTORE 000002f2: PUSH1 0xa4 000002f4: ADD 000002f5: JUMPDEST 000002f6: PUSH1 0x40 000002f8: MLOAD 000002f9: DUP1 000002fa: SWAP2 000002fb: SUB 000002fc: SWAP1 000002fd: REVERT 000002fe: JUMPDEST 000002ff: PUSH1 0x00 00000301: PUSH2 0x01dd 00000304: PUSH2 0x04bb 00000307: JUMP 00000308: JUMPDEST 00000309: CALLDATASIZE 0000030a: PUSH1 0x00 0000030c: DUP1 0000030d: CALLDATACOPY 0000030e: PUSH1 0x00 00000310: DUP1 00000311: CALLDATASIZE 00000312: PUSH1 0x00 00000314: DUP5 00000315: GAS 00000316: DELEGATECALL 00000317: RETURNDATASIZE 00000318: PUSH1 0x00 0000031a: DUP1 0000031b: RETURNDATACOPY 0000031c: DUP1 0000031d: DUP1 0000031e: ISZERO 0000031f: PUSH2 0x0327 00000322: JUMPI 00000323: RETURNDATASIZE 00000324: PUSH1 0x00 00000326: RETURN 00000327: JUMPDEST 00000328: RETURNDATASIZE 00000329: PUSH1 0x00 0000032b: REVERT 0000032c: JUMPDEST 0000032d: PUSH1 0x00 0000032f: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000350: JUMPDEST 00000351: SLOAD 00000352: PUSH1 0x01 00000354: PUSH1 0x01 00000356: PUSH1 0xa0 00000358: SHL 00000359: SUB 0000035a: AND 0000035b: SWAP2 0000035c: SWAP1 0000035d: POP 0000035e: JUMP 0000035f: JUMPDEST 00000360: PUSH2 0x0368 00000363: DUP4 00000364: PUSH2 0x04e3 00000367: JUMP 00000368: JUMPDEST 00000369: PUSH1 0x00 0000036b: DUP3 0000036c: MLOAD 0000036d: GT 0000036e: DUP1 0000036f: PUSH2 0x0375 00000372: JUMPI 00000373: POP 00000374: DUP1 00000375: JUMPDEST 00000376: ISZERO 00000377: PUSH2 0x01af 0000037a: JUMPI 0000037b: PUSH2 0x0384 0000037e: DUP4 0000037f: DUP4 00000380: PUSH2 0x022e 00000383: JUMP 00000384: JUMPDEST 00000385: POP 00000386: POP 00000387: POP 00000388: POP 00000389: JUMP 0000038a: JUMPDEST 0000038b: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 000003ac: PUSH2 0x03b3 000003af: PUSH2 0x032c 000003b2: JUMP 000003b3: JUMPDEST 000003b4: PUSH1 0x40 000003b6: DUP1 000003b7: MLOAD 000003b8: PUSH1 0x01 000003ba: PUSH1 0x01 000003bc: PUSH1 0xa0 000003be: SHL 000003bf: SUB 000003c0: SWAP3 000003c1: DUP4 000003c2: AND 000003c3: DUP2 000003c4: MSTORE 000003c5: SWAP2 000003c6: DUP5 000003c7: AND 000003c8: PUSH1 0x20 000003ca: DUP4 000003cb: ADD 000003cc: MSTORE 000003cd: ADD 000003ce: PUSH1 0x40 000003d0: MLOAD 000003d1: DUP1 000003d2: SWAP2 000003d3: SUB 000003d4: SWAP1 000003d5: LOG1 000003d6: PUSH2 0x014a 000003d9: DUP2 000003da: PUSH2 0x0523 000003dd: JUMP 000003de: JUMPDEST 000003df: PUSH1 0x60 000003e1: PUSH1 0x01 000003e3: PUSH1 0x01 000003e5: PUSH1 0xa0 000003e7: SHL 000003e8: SUB 000003e9: DUP5 000003ea: AND 000003eb: EXTCODESIZE 000003ec: PUSH2 0x0446 000003ef: JUMPI 000003f0: PUSH1 0x40 000003f2: MLOAD 000003f3: PUSH3 0x461bcd 000003f7: PUSH1 0xe5 000003f9: SHL 000003fa: DUP2 000003fb: MSTORE 000003fc: PUSH1 0x20 000003fe: PUSH1 0x04 00000400: DUP3 00000401: ADD 00000402: MSTORE 00000403: PUSH1 0x26 00000405: PUSH1 0x24 00000407: DUP3 00000408: ADD 00000409: MSTORE 0000040a: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f 0000042b: PUSH1 0x44 0000042d: DUP3 0000042e: ADD 0000042f: MSTORE 00000430: PUSH6 0x1b9d1c9858dd 00000437: PUSH1 0xd2 00000439: SHL 0000043a: PUSH1 0x64 0000043c: DUP3 0000043d: ADD 0000043e: MSTORE 0000043f: PUSH1 0x84 00000441: ADD 00000442: PUSH2 0x02f5 00000445: JUMP 00000446: JUMPDEST 00000447: PUSH1 0x00 00000449: DUP1 0000044a: DUP6 0000044b: PUSH1 0x01 0000044d: PUSH1 0x01 0000044f: PUSH1 0xa0 00000451: SHL 00000452: SUB 00000453: AND 00000454: DUP6 00000455: PUSH1 0x40 00000457: MLOAD 00000458: PUSH2 0x0461 0000045b: SWAP2 0000045c: SWAP1 0000045d: PUSH2 0x0777 00000460: JUMP 00000461: JUMPDEST 00000462: PUSH1 0x00 00000464: PUSH1 0x40 00000466: MLOAD 00000467: DUP1 00000468: DUP4 00000469: SUB 0000046a: DUP2 0000046b: DUP6 0000046c: GAS 0000046d: DELEGATECALL 0000046e: SWAP2 0000046f: POP 00000470: POP 00000471: RETURNDATASIZE 00000472: DUP1 00000473: PUSH1 0x00 00000475: DUP2 00000476: EQ 00000477: PUSH2 0x049c 0000047a: JUMPI 0000047b: PUSH1 0x40 0000047d: MLOAD 0000047e: SWAP2 0000047f: POP 00000480: PUSH1 0x1f 00000482: NOT 00000483: PUSH1 0x3f 00000485: RETURNDATASIZE 00000486: ADD 00000487: AND 00000488: DUP3 00000489: ADD 0000048a: PUSH1 0x40 0000048c: MSTORE 0000048d: RETURNDATASIZE 0000048e: DUP3 0000048f: MSTORE 00000490: RETURNDATASIZE 00000491: PUSH1 0x00 00000493: PUSH1 0x20 00000495: DUP5 00000496: ADD 00000497: RETURNDATACOPY 00000498: PUSH2 0x04a1 0000049b: JUMP 0000049c: JUMPDEST 0000049d: PUSH1 0x60 0000049f: SWAP2 000004a0: POP 000004a1: JUMPDEST 000004a2: POP 000004a3: SWAP2 000004a4: POP 000004a5: SWAP2 000004a6: POP 000004a7: PUSH2 0x04b1 000004aa: DUP3 000004ab: DUP3 000004ac: DUP7 000004ad: PUSH2 0x05cc 000004b0: JUMP 000004b1: JUMPDEST 000004b2: SWAP7 000004b3: SWAP6 000004b4: POP 000004b5: POP 000004b6: POP 000004b7: POP 000004b8: POP 000004b9: POP 000004ba: JUMP 000004bb: JUMPDEST 000004bc: PUSH1 0x00 000004be: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000004df: PUSH2 0x0350 000004e2: JUMP 000004e3: JUMPDEST 000004e4: PUSH2 0x04ec 000004e7: DUP2 000004e8: PUSH2 0x0605 000004eb: JUMP 000004ec: JUMPDEST 000004ed: PUSH1 0x40 000004ef: MLOAD 000004f0: PUSH1 0x01 000004f2: PUSH1 0x01 000004f4: PUSH1 0xa0 000004f6: SHL 000004f7: SUB 000004f8: DUP3 000004f9: AND 000004fa: SWAP1 000004fb: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 0000051c: SWAP1 0000051d: PUSH1 0x00 0000051f: SWAP1 00000520: LOG2 00000521: POP 00000522: JUMP 00000523: JUMPDEST 00000524: PUSH1 0x01 00000526: PUSH1 0x01 00000528: PUSH1 0xa0 0000052a: SHL 0000052b: SUB 0000052c: DUP2 0000052d: AND 0000052e: PUSH2 0x0588 00000531: JUMPI 00000532: PUSH1 0x40 00000534: MLOAD 00000535: PUSH3 0x461bcd 00000539: PUSH1 0xe5 0000053b: SHL 0000053c: DUP2 0000053d: MSTORE 0000053e: PUSH1 0x20 00000540: PUSH1 0x04 00000542: DUP3 00000543: ADD 00000544: MSTORE 00000545: PUSH1 0x26 00000547: PUSH1 0x24 00000549: DUP3 0000054a: ADD 0000054b: MSTORE 0000054c: PUSH32 0x455243313936373a206e65772061646d696e20697320746865207a65726f2061 0000056d: PUSH1 0x44 0000056f: DUP3 00000570: ADD 00000571: MSTORE 00000572: PUSH6 0x646472657373 00000579: PUSH1 0xd0 0000057b: SHL 0000057c: PUSH1 0x64 0000057e: DUP3 0000057f: ADD 00000580: MSTORE 00000581: PUSH1 0x84 00000583: ADD 00000584: PUSH2 0x02f5 00000587: JUMP 00000588: JUMPDEST 00000589: DUP1 0000058a: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000005ab: JUMPDEST 000005ac: DUP1 000005ad: SLOAD 000005ae: PUSH1 0x01 000005b0: PUSH1 0x01 000005b2: PUSH1 0xa0 000005b4: SHL 000005b5: SUB 000005b6: NOT 000005b7: AND 000005b8: PUSH1 0x01 000005ba: PUSH1 0x01 000005bc: PUSH1 0xa0 000005be: SHL 000005bf: SUB 000005c0: SWAP3 000005c1: SWAP1 000005c2: SWAP3 000005c3: AND 000005c4: SWAP2 000005c5: SWAP1 000005c6: SWAP2 000005c7: OR 000005c8: SWAP1 000005c9: SSTORE 000005ca: POP 000005cb: JUMP 000005cc: JUMPDEST 000005cd: PUSH1 0x60 000005cf: DUP4 000005d0: ISZERO 000005d1: PUSH2 0x05db 000005d4: JUMPI 000005d5: POP 000005d6: DUP2 000005d7: PUSH2 0x0253 000005da: JUMP 000005db: JUMPDEST 000005dc: DUP3 000005dd: MLOAD 000005de: ISZERO 000005df: PUSH2 0x05eb 000005e2: JUMPI 000005e3: DUP3 000005e4: MLOAD 000005e5: DUP1 000005e6: DUP5 000005e7: PUSH1 0x20 000005e9: ADD 000005ea: REVERT 000005eb: JUMPDEST 000005ec: DUP2 000005ed: PUSH1 0x40 000005ef: MLOAD 000005f0: PUSH3 0x461bcd 000005f4: PUSH1 0xe5 000005f6: SHL 000005f7: DUP2 000005f8: MSTORE 000005f9: PUSH1 0x04 000005fb: ADD 000005fc: PUSH2 0x02f5 000005ff: SWAP2 00000600: SWAP1 00000601: PUSH2 0x0793 00000604: JUMP 00000605: JUMPDEST 00000606: PUSH1 0x01 00000608: PUSH1 0x01 0000060a: PUSH1 0xa0 0000060c: SHL 0000060d: SUB 0000060e: DUP2 0000060f: AND 00000610: EXTCODESIZE 00000611: PUSH2 0x0672 00000614: JUMPI 00000615: PUSH1 0x40 00000617: MLOAD 00000618: PUSH3 0x461bcd 0000061c: PUSH1 0xe5 0000061e: SHL 0000061f: DUP2 00000620: MSTORE 00000621: PUSH1 0x20 00000623: PUSH1 0x04 00000625: DUP3 00000626: ADD 00000627: MSTORE 00000628: PUSH1 0x2d 0000062a: PUSH1 0x24 0000062c: DUP3 0000062d: ADD 0000062e: MSTORE 0000062f: PUSH32 0x455243313936373a206e657720696d706c656d656e746174696f6e206973206e 00000650: PUSH1 0x44 00000652: DUP3 00000653: ADD 00000654: MSTORE 00000655: PUSH13 0x1bdd08184818dbdb9d1c9858dd 00000663: PUSH1 0x9a 00000665: SHL 00000666: PUSH1 0x64 00000668: DUP3 00000669: ADD 0000066a: MSTORE 0000066b: PUSH1 0x84 0000066d: ADD 0000066e: PUSH2 0x02f5 00000671: JUMP 00000672: JUMPDEST 00000673: DUP1 00000674: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 00000695: PUSH2 0x05ab 00000698: JUMP 00000699: JUMPDEST 0000069a: DUP1 0000069b: CALLDATALOAD 0000069c: PUSH1 0x01 0000069e: PUSH1 0x01 000006a0: PUSH1 0xa0 000006a2: SHL 000006a3: SUB 000006a4: DUP2 000006a5: AND 000006a6: DUP2 000006a7: EQ 000006a8: PUSH2 0x06b0 000006ab: JUMPI 000006ac: PUSH1 0x00 000006ae: DUP1 000006af: REVERT 000006b0: JUMPDEST 000006b1: SWAP2 000006b2: SWAP1 000006b3: POP 000006b4: JUMP 000006b5: JUMPDEST 000006b6: PUSH1 0x00 000006b8: PUSH1 0x20 000006ba: DUP3 000006bb: DUP5 000006bc: SUB 000006bd: SLT 000006be: ISZERO 000006bf: PUSH2 0x06c7 000006c2: JUMPI 000006c3: PUSH1 0x00 000006c5: DUP1 000006c6: REVERT 000006c7: JUMPDEST 000006c8: PUSH2 0x0253 000006cb: DUP3 000006cc: PUSH2 0x0699 000006cf: JUMP 000006d0: JUMPDEST 000006d1: PUSH1 0x00 000006d3: DUP1 000006d4: PUSH1 0x00 000006d6: PUSH1 0x40 000006d8: DUP5 000006d9: DUP7 000006da: SUB 000006db: SLT 000006dc: ISZERO 000006dd: PUSH2 0x06e5 000006e0: JUMPI 000006e1: PUSH1 0x00 000006e3: DUP1 000006e4: REVERT 000006e5: JUMPDEST 000006e6: PUSH2 0x06ee 000006e9: DUP5 000006ea: PUSH2 0x0699 000006ed: JUMP 000006ee: JUMPDEST 000006ef: SWAP3 000006f0: POP 000006f1: PUSH1 0x20 000006f3: DUP5 000006f4: ADD 000006f5: CALLDATALOAD 000006f6: PUSH8 0xffffffffffffffff 000006ff: DUP1 00000700: DUP3 00000701: GT 00000702: ISZERO 00000703: PUSH2 0x070b 00000706: JUMPI 00000707: PUSH1 0x00 00000709: DUP1 0000070a: REVERT 0000070b: JUMPDEST 0000070c: DUP2 0000070d: DUP7 0000070e: ADD 0000070f: SWAP2 00000710: POP 00000711: DUP7 00000712: PUSH1 0x1f 00000714: DUP4 00000715: ADD 00000716: SLT 00000717: PUSH2 0x071f 0000071a: JUMPI 0000071b: PUSH1 0x00 0000071d: DUP1 0000071e: REVERT 0000071f: JUMPDEST 00000720: DUP2 00000721: CALLDATALOAD 00000722: DUP2 00000723: DUP2 00000724: GT 00000725: ISZERO 00000726: PUSH2 0x072e 00000729: JUMPI 0000072a: PUSH1 0x00 0000072c: DUP1 0000072d: REVERT 0000072e: JUMPDEST 0000072f: DUP8 00000730: PUSH1 0x20 00000732: DUP3 00000733: DUP6 00000734: ADD 00000735: ADD 00000736: GT 00000737: ISZERO 00000738: PUSH2 0x0740 0000073b: JUMPI 0000073c: PUSH1 0x00 0000073e: DUP1 0000073f: REVERT 00000740: JUMPDEST 00000741: PUSH1 0x20 00000743: DUP4 00000744: ADD 00000745: SWAP5 00000746: POP 00000747: DUP1 00000748: SWAP4 00000749: POP 0000074a: POP 0000074b: POP 0000074c: POP 0000074d: SWAP3 0000074e: POP 0000074f: SWAP3 00000750: POP 00000751: SWAP3 00000752: JUMP 00000753: JUMPDEST 00000754: PUSH1 0x00 00000756: JUMPDEST 00000757: DUP4 00000758: DUP2 00000759: LT 0000075a: ISZERO 0000075b: PUSH2 0x076e 0000075e: JUMPI 0000075f: DUP2 00000760: DUP2 00000761: ADD 00000762: MLOAD 00000763: DUP4 00000764: DUP3 00000765: ADD 00000766: MSTORE 00000767: PUSH1 0x20 00000769: ADD 0000076a: PUSH2 0x0756 0000076d: JUMP 0000076e: JUMPDEST 0000076f: POP 00000770: POP 00000771: PUSH1 0x00 00000773: SWAP2 00000774: ADD 00000775: MSTORE 00000776: JUMP 00000777: JUMPDEST 00000778: PUSH1 0x00 0000077a: DUP3 0000077b: MLOAD 0000077c: PUSH2 0x0789 0000077f: DUP2 00000780: DUP5 00000781: PUSH1 0x20 00000783: DUP8 00000784: ADD 00000785: PUSH2 0x0753 00000788: JUMP 00000789: JUMPDEST 0000078a: SWAP2 0000078b: SWAP1 0000078c: SWAP2 0000078d: ADD 0000078e: SWAP3 0000078f: SWAP2 00000790: POP 00000791: POP 00000792: JUMP 00000793: JUMPDEST 00000794: PUSH1 0x20 00000796: DUP2 00000797: MSTORE 00000798: PUSH1 0x00 0000079a: DUP3 0000079b: MLOAD 0000079c: DUP1 0000079d: PUSH1 0x20 0000079f: DUP5 000007a0: ADD 000007a1: MSTORE 000007a2: PUSH2 0x07b2 000007a5: DUP2 000007a6: PUSH1 0x40 000007a8: DUP6 000007a9: ADD 000007aa: PUSH1 0x20 000007ac: DUP8 000007ad: ADD 000007ae: PUSH2 0x0753 000007b1: JUMP 000007b2: JUMPDEST 000007b3: PUSH1 0x1f 000007b5: ADD 000007b6: PUSH1 0x1f 000007b8: NOT 000007b9: AND 000007ba: SWAP2 000007bb: SWAP1 000007bc: SWAP2 000007bd: ADD 000007be: PUSH1 0x40 000007c0: ADD 000007c1: SWAP3 000007c2: SWAP2 000007c3: POP 000007c4: POP 000007c5: JUMP 000007c6: INVALID 000007c7: COINBASE 000007c8: PUSH5 0x6472657373 000007ce: GASPRICE 000007cf: KECCAK256 000007d0: PUSH13 0x6f772d6c6576656c2064656c65 000007de: PUSH8 0x6174652063616c6c 000007e7: KECCAK256 000007e8: PUSH7 0x61696c6564a264 000007f0: PUSH10 0x70667358221220fc093b 000007fb: UNKNOWN(0xD2) 000007fc: UNKNOWN(0xEB) 000007fd: UNKNOWN(0xC7) 000007fe: PUSH29 0x14bf728897eaa1042841f9a9ce2dae0fb01f6058866f515ecd64736f6c 0000081c: PUSH4 0x43000811 00000821: STOP 00000822: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0x2a6dc725952c59283bd6039a48c082ba24bbb8fd17e76fbab78c270b9ee077d0
call_targets:
0x97edcc0f6bb77191b4bf69a930e6d2383397433a
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 2,
"trace_id": "0x2a6dc725952c59283bd6039a48c082ba24bbb8fd17e76fbab78c270b9ee077d0",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x97edcc0f6bb77191b4bf69a930e6d2383397433a"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 790,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1133,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|