019c0ea9-077e-7179-97f5-935f860176b1
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41606 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41607 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41608 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41609 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41610 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41611 | detector.run | complete | 1 / 3 | 2 months ago |
| 41612 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42226 | report.consolidate | complete | 1 / 6 | 2 months ago |
| 42227 | tool.slither | complete | 1 / 2 | 2 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-dvagikmy)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-dvagikmy)
Address.isContract(address) (@openzeppelin/contracts-v4.4/utils/Address.sol#27-37) uses assembly
- INLINE ASM (@openzeppelin/contracts-v4.4/utils/Address.sol#33-35)
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts-v4.4/utils/Address.sol#196-216) uses assembly
- INLINE ASM (@openzeppelin/contracts-v4.4/utils/Address.sol#208-211)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
2 different versions of Solidity are used:
- Version constraint ^0.8.0 is used by:
-^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol#4)
-^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC20/utils/SafeERC20.sol#4)
-^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC721/IERC721.sol#4)
-^0.8.0 (@openzeppelin/contracts-v4.4/utils/Address.sol#4)
-^0.8.0 (@openzeppelin/contracts-v4.4/utils/introspection/IERC165.sol#4)
- Version constraint 0.8.9 is used by:
-0.8.9 (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#6)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
Version constraint ^0.8.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- ^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol#4)
- ^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC20/utils/SafeERC20.sol#4)
- ^0.8.0 (@openzeppelin/contracts-v4.4/token/ERC721/IERC721.sol#4)
- ^0.8.0 (@openzeppelin/contracts-v4.4/utils/Address.sol#4)
- ^0.8.0 (@openzeppelin/contracts-v4.4/utils/introspection/IERC165.sol#4)
Version constraint 0.8.9 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- VerbatimInvalidDeduplication
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation.
It is used by:
- 0.8.9 (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#6)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts-v4.4/utils/Address.sol#55-60):
- (success,None) = recipient.call{value: amount}() (@openzeppelin/contracts-v4.4/utils/Address.sol#58)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts-v4.4/utils/Address.sol#123-134):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts-v4.4/utils/Address.sol#132)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts-v4.4/utils/Address.sol#152-161):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts-v4.4/utils/Address.sol#159)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts-v4.4/utils/Address.sol#179-188):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts-v4.4/utils/Address.sol#186)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter LidoExecutionLayerRewardsVault.withdrawRewards(uint256)._maxAmount (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#86) is not in mixedCase
Parameter LidoExecutionLayerRewardsVault.recoverERC20(address,uint256)._token (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#104) is not in mixedCase
Parameter LidoExecutionLayerRewardsVault.recoverERC20(address,uint256)._amount (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#104) is not in mixedCase
Parameter LidoExecutionLayerRewardsVault.recoverERC721(address,uint256)._token (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#119) is not in mixedCase
Parameter LidoExecutionLayerRewardsVault.recoverERC721(address,uint256)._tokenId (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#119) is not in mixedCase
Variable LidoExecutionLayerRewardsVault.LIDO (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#28) is not in mixedCase
Variable LidoExecutionLayerRewardsVault.TREASURY (contracts/0.8.9/LidoExecutionLayerRewardsVault.sol#29) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
. analyzed (7 contracts with 100 detectors), 16 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.9",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.9",
"install_stderr": null,
"install_stdout": "Version '0.8.9' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-dvagikmy --include-path /tmp/slither-dvagikmy/lib --include-path /tmp/slither-dvagikmy/lib/openzeppelin-contracts --allow-paths /tmp/slither-dvagikmy,/tmp/slither-dvagikmy/lib,/tmp/slither-dvagikmy/lib/openzeppelin-contracts,/tmp/slither-dvagikmy/src",
"remappings": [
"openzeppelin-contracts/=lib/openzeppelin-contracts/"
],
"source_files": [
"contracts/0.8.9/LidoExecutionLayerRewardsVault.sol",
"@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol",
"@openzeppelin/contracts-v4.4/token/ERC721/IERC721.sol",
"@openzeppelin/contracts-v4.4/token/ERC20/utils/SafeERC20.sol",
"@openzeppelin/contracts-v4.4/utils/introspection/IERC165.sol",
"@openzeppelin/contracts-v4.4/utils/Address.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 16,
"workspace_hash": "39ea02a4c3ceca33aca38c51234cb5ef78670479e24f8e05820c516a924d2f20",
"duration_seconds": 0.5809261798858643,
"solc_version_requested": "0.8.9"
}
{"no_findings":true,"summary":"Reviewed first-party Solidity in AUDIT_BUNDLE.txt; no exploitable vulnerabilities found in the specified focus areas.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-m__furys
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0edd-67ca-78d2-af80-072b407c436c
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-m__furys succeeded in 6ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
@openzeppelin
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-m__furys succeeded in 11ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/0.8.9/LidoExecutionLayerRewardsVault.sol
================================================================================
// SPDX-FileCopyrightText: 2021 Lido <info@lido.fi>
// SPDX-License-Identifier: GPL-3.0
/* See contracts/COMPILERS.md */
pragma solidity 0.8.9;
import "@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts-v4.4/token/ERC721/IERC721.sol";
import "@openzeppelin/contracts-v4.4/token/ERC20/utils/SafeERC20.sol";
interface ILido {
/**
* @notice A payable function supposed to be called only by LidoExecLayerRewardsVault contract
codex
{"no_findings":true,"summary":"Reviewed first-party Solidity in AUDIT_BUNDLE.txt; no exploitable vulnerabilities found in the specified focus areas.","findings":[]}
tokens used
11,924
{
"codex": {
"ran_at": "2026-01-30T12:25:53.522285+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 6,
"import_count": 6,
"first_party_contracts_count": 1
},
"summary": "Reviewed first-party Solidity in AUDIT_BUNDLE.txt; no exploitable vulnerabilities found in the specified focus areas.",
"raw_final": {
"summary": "Reviewed first-party Solidity in AUDIT_BUNDLE.txt; no exploitable vulnerabilities found in the specified focus areas.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x2d2c5565 00000019: EQ 0000001a: PUSH2 0x008d 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x819d4cc6 00000024: EQ 00000025: PUSH2 0x00de 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x8980f11f 0000002f: EQ 00000030: PUSH2 0x0100 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8b21f170 0000003a: EQ 0000003b: PUSH2 0x0120 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0x9342c8f4 00000045: EQ 00000046: PUSH2 0x0154 00000049: JUMPI 0000004a: PUSH1 0x00 0000004c: DUP1 0000004d: REVERT 0000004e: JUMPDEST 0000004f: CALLDATASIZE 00000050: PUSH2 0x0088 00000053: JUMPI 00000054: PUSH1 0x40 00000056: MLOAD 00000057: CALLVALUE 00000058: DUP2 00000059: MSTORE 0000005a: PUSH32 0x27f12abfe35860a9a927b465bb3d4a9c23c8428174b83f278fe45ed7b4da2662 0000007b: SWAP1 0000007c: PUSH1 0x20 0000007e: ADD 0000007f: PUSH1 0x40 00000081: MLOAD 00000082: DUP1 00000083: SWAP2 00000084: SUB 00000085: SWAP1 00000086: LOG1 00000087: STOP 00000088: JUMPDEST 00000089: PUSH1 0x00 0000008b: DUP1 0000008c: REVERT 0000008d: JUMPDEST 0000008e: CALLVALUE 0000008f: DUP1 00000090: ISZERO 00000091: PUSH2 0x0099 00000094: JUMPI 00000095: PUSH1 0x00 00000097: DUP1 00000098: REVERT 00000099: JUMPDEST 0000009a: POP 0000009b: PUSH2 0x00c1 0000009e: PUSH32 0x0000000000000000000000003e40d73eb977dc6a537af587d48316fee66e9c8c 000000bf: DUP2 000000c0: JUMP 000000c1: JUMPDEST 000000c2: PUSH1 0x40 000000c4: MLOAD 000000c5: PUSH1 0x01 000000c7: PUSH1 0x01 000000c9: PUSH1 0xa0 000000cb: SHL 000000cc: SUB 000000cd: SWAP1 000000ce: SWAP2 000000cf: AND 000000d0: DUP2 000000d1: MSTORE 000000d2: PUSH1 0x20 000000d4: ADD 000000d5: JUMPDEST 000000d6: PUSH1 0x40 000000d8: MLOAD 000000d9: DUP1 000000da: SWAP2 000000db: SUB 000000dc: SWAP1 000000dd: RETURN 000000de: JUMPDEST 000000df: CALLVALUE 000000e0: DUP1 000000e1: ISZERO 000000e2: PUSH2 0x00ea 000000e5: JUMPI 000000e6: PUSH1 0x00 000000e8: DUP1 000000e9: REVERT 000000ea: JUMPDEST 000000eb: POP 000000ec: PUSH2 0x00fe 000000ef: PUSH2 0x00f9 000000f2: CALLDATASIZE 000000f3: PUSH1 0x04 000000f5: PUSH2 0x06bb 000000f8: JUMP 000000f9: JUMPDEST 000000fa: PUSH2 0x0182 000000fd: JUMP 000000fe: JUMPDEST 000000ff: STOP 00000100: JUMPDEST 00000101: CALLVALUE 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x010c 00000107: JUMPI 00000108: PUSH1 0x00 0000010a: DUP1 0000010b: REVERT 0000010c: JUMPDEST 0000010d: POP 0000010e: PUSH2 0x00fe 00000111: PUSH2 0x011b 00000114: CALLDATASIZE 00000115: PUSH1 0x04 00000117: PUSH2 0x06bb 0000011a: JUMP 0000011b: JUMPDEST 0000011c: PUSH2 0x024e 0000011f: JUMP 00000120: JUMPDEST 00000121: CALLVALUE 00000122: DUP1 00000123: ISZERO 00000124: PUSH2 0x012c 00000127: JUMPI 00000128: PUSH1 0x00 0000012a: DUP1 0000012b: REVERT 0000012c: JUMPDEST 0000012d: POP 0000012e: PUSH2 0x00c1 00000131: PUSH32 0x000000000000000000000000ae7ab96520de3a18e5e111b5eaab095312d7fe84 00000152: DUP2 00000153: JUMP 00000154: JUMPDEST 00000155: CALLVALUE 00000156: DUP1 00000157: ISZERO 00000158: PUSH2 0x0160 0000015b: JUMPI 0000015c: PUSH1 0x00 0000015e: DUP1 0000015f: REVERT 00000160: JUMPDEST 00000161: POP 00000162: PUSH2 0x0174 00000165: PUSH2 0x016f 00000168: CALLDATASIZE 00000169: PUSH1 0x04 0000016b: PUSH2 0x06f3 0000016e: JUMP 0000016f: JUMPDEST 00000170: PUSH2 0x0312 00000173: JUMP 00000174: JUMPDEST 00000175: PUSH1 0x40 00000177: MLOAD 00000178: SWAP1 00000179: DUP2 0000017a: MSTORE 0000017b: PUSH1 0x20 0000017d: ADD 0000017e: PUSH2 0x00d5 00000181: JUMP 00000182: JUMPDEST 00000183: PUSH1 0x40 00000185: MLOAD 00000186: DUP2 00000187: DUP2 00000188: MSTORE 00000189: PUSH1 0x01 0000018b: PUSH1 0x01 0000018d: PUSH1 0xa0 0000018f: SHL 00000190: SUB 00000191: DUP4 00000192: AND 00000193: SWAP1 00000194: CALLER 00000195: SWAP1 00000196: PUSH32 0x6a30e6784464f0d1f4158aa4cb65ae9239b0fa87c7f2c083ee6dde44ba97b5e6 000001b7: SWAP1 000001b8: PUSH1 0x20 000001ba: ADD 000001bb: PUSH1 0x40 000001bd: MLOAD 000001be: DUP1 000001bf: SWAP2 000001c0: SUB 000001c1: SWAP1 000001c2: LOG3 000001c3: PUSH1 0x40 000001c5: MLOAD 000001c6: PUSH4 0x23b872dd 000001cb: PUSH1 0xe0 000001cd: SHL 000001ce: DUP2 000001cf: MSTORE 000001d0: ADDRESS 000001d1: PUSH1 0x04 000001d3: DUP3 000001d4: ADD 000001d5: MSTORE 000001d6: PUSH1 0x01 000001d8: PUSH1 0x01 000001da: PUSH1 0xa0 000001dc: SHL 000001dd: SUB 000001de: PUSH32 0x0000000000000000000000003e40d73eb977dc6a537af587d48316fee66e9c8c 000001ff: DUP2 00000200: AND 00000201: PUSH1 0x24 00000203: DUP4 00000204: ADD 00000205: MSTORE 00000206: PUSH1 0x44 00000208: DUP3 00000209: ADD 0000020a: DUP4 0000020b: SWAP1 0000020c: MSTORE 0000020d: DUP4 0000020e: AND 0000020f: SWAP1 00000210: PUSH4 0x23b872dd 00000215: SWAP1 00000216: PUSH1 0x64 00000218: ADD 00000219: PUSH1 0x00 0000021b: PUSH1 0x40 0000021d: MLOAD 0000021e: DUP1 0000021f: DUP4 00000220: SUB 00000221: DUP2 00000222: PUSH1 0x00 00000224: DUP8 00000225: DUP1 00000226: EXTCODESIZE 00000227: ISZERO 00000228: DUP1 00000229: ISZERO 0000022a: PUSH2 0x0232 0000022d: JUMPI 0000022e: PUSH1 0x00 00000230: DUP1 00000231: REVERT 00000232: JUMPDEST 00000233: POP 00000234: GAS 00000235: CALL 00000236: ISZERO 00000237: DUP1 00000238: ISZERO 00000239: PUSH2 0x0246 0000023c: JUMPI 0000023d: RETURNDATASIZE 0000023e: PUSH1 0x00 00000240: DUP1 00000241: RETURNDATACOPY 00000242: RETURNDATASIZE 00000243: PUSH1 0x00 00000245: REVERT 00000246: JUMPDEST 00000247: POP 00000248: POP 00000249: POP 0000024a: POP 0000024b: POP 0000024c: POP 0000024d: JUMP 0000024e: JUMPDEST 0000024f: PUSH1 0x00 00000251: DUP2 00000252: GT 00000253: PUSH2 0x029a 00000256: JUMPI 00000257: PUSH1 0x40 00000259: MLOAD 0000025a: PUSH3 0x461bcd 0000025e: PUSH1 0xe5 00000260: SHL 00000261: DUP2 00000262: MSTORE 00000263: PUSH1 0x20 00000265: PUSH1 0x04 00000267: DUP3 00000268: ADD 00000269: MSTORE 0000026a: PUSH1 0x14 0000026c: PUSH1 0x24 0000026e: DUP3 0000026f: ADD 00000270: MSTORE 00000271: PUSH20 0x16915493d7d49150d3d591549657d05353d55395 00000286: PUSH1 0x62 00000288: SHL 00000289: PUSH1 0x44 0000028b: DUP3 0000028c: ADD 0000028d: MSTORE 0000028e: PUSH1 0x64 00000290: ADD 00000291: JUMPDEST 00000292: PUSH1 0x40 00000294: MLOAD 00000295: DUP1 00000296: SWAP2 00000297: SUB 00000298: SWAP1 00000299: REVERT 0000029a: JUMPDEST 0000029b: PUSH1 0x40 0000029d: MLOAD 0000029e: DUP2 0000029f: DUP2 000002a0: MSTORE 000002a1: PUSH1 0x01 000002a3: PUSH1 0x01 000002a5: PUSH1 0xa0 000002a7: SHL 000002a8: SUB 000002a9: DUP4 000002aa: AND 000002ab: SWAP1 000002ac: CALLER 000002ad: SWAP1 000002ae: PUSH32 0xaca8fb252cde442184e5f10e0f2e6e4029e8cd7717cae63559079610702436aa 000002cf: SWAP1 000002d0: PUSH1 0x20 000002d2: ADD 000002d3: PUSH1 0x40 000002d5: MLOAD 000002d6: DUP1 000002d7: SWAP2 000002d8: SUB 000002d9: SWAP1 000002da: LOG3 000002db: PUSH2 0x030e 000002de: PUSH1 0x01 000002e0: PUSH1 0x01 000002e2: PUSH1 0xa0 000002e4: SHL 000002e5: SUB 000002e6: DUP4 000002e7: AND 000002e8: PUSH32 0x0000000000000000000000003e40d73eb977dc6a537af587d48316fee66e9c8c 00000309: DUP4 0000030a: PUSH2 0x0418 0000030d: JUMP 0000030e: JUMPDEST 0000030f: POP 00000310: POP 00000311: JUMP 00000312: JUMPDEST 00000313: PUSH1 0x00 00000315: CALLER 00000316: PUSH1 0x01 00000318: PUSH1 0x01 0000031a: PUSH1 0xa0 0000031c: SHL 0000031d: SUB 0000031e: PUSH32 0x000000000000000000000000ae7ab96520de3a18e5e111b5eaab095312d7fe84 0000033f: AND 00000340: EQ 00000341: PUSH2 0x0385 00000344: JUMPI 00000345: PUSH1 0x40 00000347: MLOAD 00000348: PUSH3 0x461bcd 0000034c: PUSH1 0xe5 0000034e: SHL 0000034f: DUP2 00000350: MSTORE 00000351: PUSH1 0x20 00000353: PUSH1 0x04 00000355: DUP3 00000356: ADD 00000357: MSTORE 00000358: PUSH1 0x16 0000035a: PUSH1 0x24 0000035c: DUP3 0000035d: ADD 0000035e: MSTORE 0000035f: PUSH22 0x4f4e4c595f4c49444f5f43414e5f5749544844524157 00000376: PUSH1 0x50 00000378: SHL 00000379: PUSH1 0x44 0000037b: DUP3 0000037c: ADD 0000037d: MSTORE 0000037e: PUSH1 0x64 00000380: ADD 00000381: PUSH2 0x0291 00000384: JUMP 00000385: JUMPDEST 00000386: SELFBALANCE 00000387: DUP3 00000388: DUP2 00000389: GT 0000038a: PUSH2 0x0393 0000038d: JUMPI 0000038e: DUP1 0000038f: PUSH2 0x0395 00000392: JUMP 00000393: JUMPDEST 00000394: DUP3 00000395: JUMPDEST 00000396: SWAP2 00000397: POP 00000398: DUP2 00000399: ISZERO 0000039a: PUSH2 0x0412 0000039d: JUMPI 0000039e: PUSH32 0x000000000000000000000000ae7ab96520de3a18e5e111b5eaab095312d7fe84 000003bf: PUSH1 0x01 000003c1: PUSH1 0x01 000003c3: PUSH1 0xa0 000003c5: SHL 000003c6: SUB 000003c7: AND 000003c8: PUSH4 0x4ad509b2 000003cd: DUP4 000003ce: PUSH1 0x40 000003d0: MLOAD 000003d1: DUP3 000003d2: PUSH4 0xffffffff 000003d7: AND 000003d8: PUSH1 0xe0 000003da: SHL 000003db: DUP2 000003dc: MSTORE 000003dd: PUSH1 0x04 000003df: ADD 000003e0: PUSH1 0x00 000003e2: PUSH1 0x40 000003e4: MLOAD 000003e5: DUP1 000003e6: DUP4 000003e7: SUB 000003e8: DUP2 000003e9: DUP6 000003ea: DUP9 000003eb: DUP1 000003ec: EXTCODESIZE 000003ed: ISZERO 000003ee: DUP1 000003ef: ISZERO 000003f0: PUSH2 0x03f8 000003f3: JUMPI 000003f4: PUSH1 0x00 000003f6: DUP1 000003f7: REVERT 000003f8: JUMPDEST 000003f9: POP 000003fa: GAS 000003fb: CALL 000003fc: ISZERO 000003fd: DUP1 000003fe: ISZERO 000003ff: PUSH2 0x040c 00000402: JUMPI 00000403: RETURNDATASIZE 00000404: PUSH1 0x00 00000406: DUP1 00000407: RETURNDATACOPY 00000408: RETURNDATASIZE 00000409: PUSH1 0x00 0000040b: REVERT 0000040c: JUMPDEST 0000040d: POP 0000040e: POP 0000040f: POP 00000410: POP 00000411: POP 00000412: JUMPDEST 00000413: POP 00000414: SWAP2 00000415: SWAP1 00000416: POP 00000417: JUMP 00000418: JUMPDEST 00000419: PUSH1 0x40 0000041b: DUP1 0000041c: MLOAD 0000041d: PUSH1 0x01 0000041f: PUSH1 0x01 00000421: PUSH1 0xa0 00000423: SHL 00000424: SUB 00000425: DUP5 00000426: AND 00000427: PUSH1 0x24 00000429: DUP3 0000042a: ADD 0000042b: MSTORE 0000042c: PUSH1 0x44 0000042e: DUP1 0000042f: DUP3 00000430: ADD 00000431: DUP5 00000432: SWAP1 00000433: MSTORE 00000434: DUP3 00000435: MLOAD 00000436: DUP1 00000437: DUP4 00000438: SUB 00000439: SWAP1 0000043a: SWAP2 0000043b: ADD 0000043c: DUP2 0000043d: MSTORE 0000043e: PUSH1 0x64 00000440: SWAP1 00000441: SWAP2 00000442: ADD 00000443: SWAP1 00000444: SWAP2 00000445: MSTORE 00000446: PUSH1 0x20 00000448: DUP2 00000449: ADD 0000044a: DUP1 0000044b: MLOAD 0000044c: PUSH1 0x01 0000044e: PUSH1 0x01 00000450: PUSH1 0xe0 00000452: SHL 00000453: SUB 00000454: AND 00000455: PUSH4 0xa9059cbb 0000045a: PUSH1 0xe0 0000045c: SHL 0000045d: OR 0000045e: SWAP1 0000045f: MSTORE 00000460: PUSH2 0x046a 00000463: SWAP1 00000464: DUP5 00000465: SWAP1 00000466: PUSH2 0x046f 00000469: JUMP 0000046a: JUMPDEST 0000046b: POP 0000046c: POP 0000046d: POP 0000046e: JUMP 0000046f: JUMPDEST 00000470: PUSH1 0x00 00000472: PUSH2 0x04c4 00000475: DUP3 00000476: PUSH1 0x40 00000478: MLOAD 00000479: DUP1 0000047a: PUSH1 0x40 0000047c: ADD 0000047d: PUSH1 0x40 0000047f: MSTORE 00000480: DUP1 00000481: PUSH1 0x20 00000483: DUP2 00000484: MSTORE 00000485: PUSH1 0x20 00000487: ADD 00000488: PUSH32 0x5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564 000004a9: DUP2 000004aa: MSTORE 000004ab: POP 000004ac: DUP6 000004ad: PUSH1 0x01 000004af: PUSH1 0x01 000004b1: PUSH1 0xa0 000004b3: SHL 000004b4: SUB 000004b5: AND 000004b6: PUSH2 0x0541 000004b9: SWAP1 000004ba: SWAP3 000004bb: SWAP2 000004bc: SWAP1 000004bd: PUSH4 0xffffffff 000004c2: AND 000004c3: JUMP 000004c4: JUMPDEST 000004c5: DUP1 000004c6: MLOAD 000004c7: SWAP1 000004c8: SWAP2 000004c9: POP 000004ca: ISZERO 000004cb: PUSH2 0x046a 000004ce: JUMPI 000004cf: DUP1 000004d0: DUP1 000004d1: PUSH1 0x20 000004d3: ADD 000004d4: SWAP1 000004d5: MLOAD 000004d6: DUP2 000004d7: ADD 000004d8: SWAP1 000004d9: PUSH2 0x04e2 000004dc: SWAP2 000004dd: SWAP1 000004de: PUSH2 0x070c 000004e1: JUMP 000004e2: JUMPDEST 000004e3: PUSH2 0x046a 000004e6: JUMPI 000004e7: PUSH1 0x40 000004e9: MLOAD 000004ea: PUSH3 0x461bcd 000004ee: PUSH1 0xe5 000004f0: SHL 000004f1: DUP2 000004f2: MSTORE 000004f3: PUSH1 0x20 000004f5: PUSH1 0x04 000004f7: DUP3 000004f8: ADD 000004f9: MSTORE 000004fa: PUSH1 0x2a 000004fc: PUSH1 0x24 000004fe: DUP3 000004ff: ADD 00000500: MSTORE 00000501: PUSH32 0x5361666545524332303a204552433230206f7065726174696f6e20646964206e 00000522: PUSH1 0x44 00000524: DUP3 00000525: ADD 00000526: MSTORE 00000527: PUSH10 0x1bdd081cdd58d8d95959 00000532: PUSH1 0xb2 00000534: SHL 00000535: PUSH1 0x64 00000537: DUP3 00000538: ADD 00000539: MSTORE 0000053a: PUSH1 0x84 0000053c: ADD 0000053d: PUSH2 0x0291 00000540: JUMP 00000541: JUMPDEST 00000542: PUSH1 0x60 00000544: PUSH2 0x0550 00000547: DUP5 00000548: DUP5 00000549: PUSH1 0x00 0000054b: DUP6 0000054c: PUSH2 0x055a 0000054f: JUMP 00000550: JUMPDEST 00000551: SWAP1 00000552: POP 00000553: JUMPDEST 00000554: SWAP4 00000555: SWAP3 00000556: POP 00000557: POP 00000558: POP 00000559: JUMP 0000055a: JUMPDEST 0000055b: PUSH1 0x60 0000055d: DUP3 0000055e: SELFBALANCE 0000055f: LT 00000560: ISZERO 00000561: PUSH2 0x05bb 00000564: JUMPI 00000565: PUSH1 0x40 00000567: MLOAD 00000568: PUSH3 0x461bcd 0000056c: PUSH1 0xe5 0000056e: SHL 0000056f: DUP2 00000570: MSTORE 00000571: PUSH1 0x20 00000573: PUSH1 0x04 00000575: DUP3 00000576: ADD 00000577: MSTORE 00000578: PUSH1 0x26 0000057a: PUSH1 0x24 0000057c: DUP3 0000057d: ADD 0000057e: MSTORE 0000057f: PUSH32 0x416464726573733a20696e73756666696369656e742062616c616e636520666f 000005a0: PUSH1 0x44 000005a2: DUP3 000005a3: ADD 000005a4: MSTORE 000005a5: PUSH6 0x1c8818d85b1b 000005ac: PUSH1 0xd2 000005ae: SHL 000005af: PUSH1 0x64 000005b1: DUP3 000005b2: ADD 000005b3: MSTORE 000005b4: PUSH1 0x84 000005b6: ADD 000005b7: PUSH2 0x0291 000005ba: JUMP 000005bb: JUMPDEST 000005bc: DUP5 000005bd: EXTCODESIZE 000005be: PUSH2 0x0609 000005c1: JUMPI 000005c2: PUSH1 0x40 000005c4: MLOAD 000005c5: PUSH3 0x461bcd 000005c9: PUSH1 0xe5 000005cb: SHL 000005cc: DUP2 000005cd: MSTORE 000005ce: PUSH1 0x20 000005d0: PUSH1 0x04 000005d2: DUP3 000005d3: ADD 000005d4: MSTORE 000005d5: PUSH1 0x1d 000005d7: PUSH1 0x24 000005d9: DUP3 000005da: ADD 000005db: MSTORE 000005dc: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000 000005fd: PUSH1 0x44 000005ff: DUP3 00000600: ADD 00000601: MSTORE 00000602: PUSH1 0x64 00000604: ADD 00000605: PUSH2 0x0291 00000608: JUMP 00000609: JUMPDEST 0000060a: PUSH1 0x00 0000060c: DUP1 0000060d: DUP7 0000060e: PUSH1 0x01 00000610: PUSH1 0x01 00000612: PUSH1 0xa0 00000614: SHL 00000615: SUB 00000616: AND 00000617: DUP6 00000618: DUP8 00000619: PUSH1 0x40 0000061b: MLOAD 0000061c: PUSH2 0x0625 0000061f: SWAP2 00000620: SWAP1 00000621: PUSH2 0x075e 00000624: JUMP 00000625: JUMPDEST 00000626: PUSH1 0x00 00000628: PUSH1 0x40 0000062a: MLOAD 0000062b: DUP1 0000062c: DUP4 0000062d: SUB 0000062e: DUP2 0000062f: DUP6 00000630: DUP8 00000631: GAS 00000632: CALL 00000633: SWAP3 00000634: POP 00000635: POP 00000636: POP 00000637: RETURNDATASIZE 00000638: DUP1 00000639: PUSH1 0x00 0000063b: DUP2 0000063c: EQ 0000063d: PUSH2 0x0662 00000640: JUMPI 00000641: PUSH1 0x40 00000643: MLOAD 00000644: SWAP2 00000645: POP 00000646: PUSH1 0x1f 00000648: NOT 00000649: PUSH1 0x3f 0000064b: RETURNDATASIZE 0000064c: ADD 0000064d: AND 0000064e: DUP3 0000064f: ADD 00000650: PUSH1 0x40 00000652: MSTORE 00000653: RETURNDATASIZE 00000654: DUP3 00000655: MSTORE 00000656: RETURNDATASIZE 00000657: PUSH1 0x00 00000659: PUSH1 0x20 0000065b: DUP5 0000065c: ADD 0000065d: RETURNDATACOPY 0000065e: PUSH2 0x0667 00000661: JUMP 00000662: JUMPDEST 00000663: PUSH1 0x60 00000665: SWAP2 00000666: POP 00000667: JUMPDEST 00000668: POP 00000669: SWAP2 0000066a: POP 0000066b: SWAP2 0000066c: POP 0000066d: PUSH2 0x0677 00000670: DUP3 00000671: DUP3 00000672: DUP7 00000673: PUSH2 0x0682 00000676: JUMP 00000677: JUMPDEST 00000678: SWAP8 00000679: SWAP7 0000067a: POP 0000067b: POP 0000067c: POP 0000067d: POP 0000067e: POP 0000067f: POP 00000680: POP 00000681: JUMP 00000682: JUMPDEST 00000683: PUSH1 0x60 00000685: DUP4 00000686: ISZERO 00000687: PUSH2 0x0691 0000068a: JUMPI 0000068b: POP 0000068c: DUP2 0000068d: PUSH2 0x0553 00000690: JUMP 00000691: JUMPDEST 00000692: DUP3 00000693: MLOAD 00000694: ISZERO 00000695: PUSH2 0x06a1 00000698: JUMPI 00000699: DUP3 0000069a: MLOAD 0000069b: DUP1 0000069c: DUP5 0000069d: PUSH1 0x20 0000069f: ADD 000006a0: REVERT 000006a1: JUMPDEST 000006a2: DUP2 000006a3: PUSH1 0x40 000006a5: MLOAD 000006a6: PUSH3 0x461bcd 000006aa: PUSH1 0xe5 000006ac: SHL 000006ad: DUP2 000006ae: MSTORE 000006af: PUSH1 0x04 000006b1: ADD 000006b2: PUSH2 0x0291 000006b5: SWAP2 000006b6: SWAP1 000006b7: PUSH2 0x077a 000006ba: JUMP 000006bb: JUMPDEST 000006bc: PUSH1 0x00 000006be: DUP1 000006bf: PUSH1 0x40 000006c1: DUP4 000006c2: DUP6 000006c3: SUB 000006c4: SLT 000006c5: ISZERO 000006c6: PUSH2 0x06ce 000006c9: JUMPI 000006ca: PUSH1 0x00 000006cc: DUP1 000006cd: REVERT 000006ce: JUMPDEST 000006cf: DUP3 000006d0: CALLDATALOAD 000006d1: PUSH1 0x01 000006d3: PUSH1 0x01 000006d5: PUSH1 0xa0 000006d7: SHL 000006d8: SUB 000006d9: DUP2 000006da: AND 000006db: DUP2 000006dc: EQ 000006dd: PUSH2 0x06e5 000006e0: JUMPI 000006e1: PUSH1 0x00 000006e3: DUP1 000006e4: REVERT 000006e5: JUMPDEST 000006e6: SWAP5 000006e7: PUSH1 0x20 000006e9: SWAP4 000006ea: SWAP1 000006eb: SWAP4 000006ec: ADD 000006ed: CALLDATALOAD 000006ee: SWAP4 000006ef: POP 000006f0: POP 000006f1: POP 000006f2: JUMP 000006f3: JUMPDEST 000006f4: PUSH1 0x00 000006f6: PUSH1 0x20 000006f8: DUP3 000006f9: DUP5 000006fa: SUB 000006fb: SLT 000006fc: ISZERO 000006fd: PUSH2 0x0705 00000700: JUMPI 00000701: PUSH1 0x00 00000703: DUP1 00000704: REVERT 00000705: JUMPDEST 00000706: POP 00000707: CALLDATALOAD 00000708: SWAP2 00000709: SWAP1 0000070a: POP 0000070b: JUMP 0000070c: JUMPDEST 0000070d: PUSH1 0x00 0000070f: PUSH1 0x20 00000711: DUP3 00000712: DUP5 00000713: SUB 00000714: SLT 00000715: ISZERO 00000716: PUSH2 0x071e 00000719: JUMPI 0000071a: PUSH1 0x00 0000071c: DUP1 0000071d: REVERT 0000071e: JUMPDEST 0000071f: DUP2 00000720: MLOAD 00000721: DUP1 00000722: ISZERO 00000723: ISZERO 00000724: DUP2 00000725: EQ 00000726: PUSH2 0x0553 00000729: JUMPI 0000072a: PUSH1 0x00 0000072c: DUP1 0000072d: REVERT 0000072e: JUMPDEST 0000072f: PUSH1 0x00 00000731: JUMPDEST 00000732: DUP4 00000733: DUP2 00000734: LT 00000735: ISZERO 00000736: PUSH2 0x0749 00000739: JUMPI 0000073a: DUP2 0000073b: DUP2 0000073c: ADD 0000073d: MLOAD 0000073e: DUP4 0000073f: DUP3 00000740: ADD 00000741: MSTORE 00000742: PUSH1 0x20 00000744: ADD 00000745: PUSH2 0x0731 00000748: JUMP 00000749: JUMPDEST 0000074a: DUP4 0000074b: DUP2 0000074c: GT 0000074d: ISZERO 0000074e: PUSH2 0x0758 00000751: JUMPI 00000752: PUSH1 0x00 00000754: DUP5 00000755: DUP5 00000756: ADD 00000757: MSTORE 00000758: JUMPDEST 00000759: POP 0000075a: POP 0000075b: POP 0000075c: POP 0000075d: JUMP 0000075e: JUMPDEST 0000075f: PUSH1 0x00 00000761: DUP3 00000762: MLOAD 00000763: PUSH2 0x0770 00000766: DUP2 00000767: DUP5 00000768: PUSH1 0x20 0000076a: DUP8 0000076b: ADD 0000076c: PUSH2 0x072e 0000076f: JUMP 00000770: JUMPDEST 00000771: SWAP2 00000772: SWAP1 00000773: SWAP2 00000774: ADD 00000775: SWAP3 00000776: SWAP2 00000777: POP 00000778: POP 00000779: JUMP 0000077a: JUMPDEST 0000077b: PUSH1 0x20 0000077d: DUP2 0000077e: MSTORE 0000077f: PUSH1 0x00 00000781: DUP3 00000782: MLOAD 00000783: DUP1 00000784: PUSH1 0x20 00000786: DUP5 00000787: ADD 00000788: MSTORE 00000789: PUSH2 0x0799 0000078c: DUP2 0000078d: PUSH1 0x40 0000078f: DUP6 00000790: ADD 00000791: PUSH1 0x20 00000793: DUP8 00000794: ADD 00000795: PUSH2 0x072e 00000798: JUMP 00000799: JUMPDEST 0000079a: PUSH1 0x1f 0000079c: ADD 0000079d: PUSH1 0x1f 0000079f: NOT 000007a0: AND 000007a1: SWAP2 000007a2: SWAP1 000007a3: SWAP2 000007a4: ADD 000007a5: PUSH1 0x40 000007a7: ADD 000007a8: SWAP3 000007a9: SWAP2 000007aa: POP 000007ab: POP 000007ac: JUMP 000007ad: INVALID 000007ae: LOG2 000007af: PUSH5 0x6970667358 000007b5: UNKNOWN(0x22) 000007b6: SLT 000007b7: KECCAK256 000007b8: UNKNOWN(0xC0) 000007b9: CREATE 000007ba: BALANCE 000007bb: BLOBHASH 000007bc: UNKNOWN(0xDD) 000007bd: PC 000007be: STATICCALL 000007bf: UNKNOWN(0x21) 000007c0: UNKNOWN(0xE9) 000007c1: UNKNOWN(0xBF) 000007c2: UNKNOWN(0xB7) 000007c3: UNKNOWN(0x2A) 000007c4: ADD 000007c5: SIGNEXTEND 000007c6: PUSH21 0xb1e518d704a2d63d8cc44c0ad3a2f573da64736f6c 000007dc: PUSH4 0x43000809 000007e1: STOP 000007e2: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x69069547de9a721d7cc29cc5ed4dd6444e83908ceb2ea4b3452d2a517201c7e0
call_targets:
0x388c818ca8b9251b393131c08a736a67ccb19297
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x69069547de9a721d7cc29cc5ed4dd6444e83908ceb2ea4b3452d2a517201c7e0",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x388c818ca8b9251b393131c08a736a67ccb19297"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2d2c5565",
"selector": "0x2d2c5565",
"calldata_variants": [
"0x2d2c5565",
"0x2d2c55650000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x819d4cc6",
"selector": "0x819d4cc6",
"calldata_variants": [
"0x819d4cc6",
"0x819d4cc60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8980f11f",
"selector": "0x8980f11f",
"calldata_variants": [
"0x8980f11f",
"0x8980f11f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8b21f170",
"selector": "0x8b21f170",
"calldata_variants": [
"0x8b21f170",
"0x8b21f1700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9342c8f4",
"selector": "0x9342c8f4",
"calldata_variants": [
"0x9342c8f4",
"0x9342c8f40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 565,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1019,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1586,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [],
"untrusted_call_count": 3
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x69069547de9a721d7cc29cc5ed4dd6444e83908ceb2ea4b3452d2a517201c7e0
call_targets:
0x388c818ca8b9251b393131c08a736a67ccb19297
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x69069547de9a721d7cc29cc5ed4dd6444e83908ceb2ea4b3452d2a517201c7e0",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x388c818ca8b9251b393131c08a736a67ccb19297"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2d2c5565",
"selector": "0x2d2c5565",
"calldata_variants": [
"0x2d2c5565",
"0x2d2c55650000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x819d4cc6",
"selector": "0x819d4cc6",
"calldata_variants": [
"0x819d4cc6",
"0x819d4cc60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8980f11f",
"selector": "0x8980f11f",
"calldata_variants": [
"0x8980f11f",
"0x8980f11f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8b21f170",
"selector": "0x8b21f170",
"calldata_variants": [
"0x8b21f170",
"0x8b21f1700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9342c8f4",
"selector": "0x9342c8f4",
"calldata_variants": [
"0x9342c8f4",
"0x9342c8f40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 565,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1019,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1586,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": []
}
|
| medium | other | detector | CREATE/CREATE2 reachable | 45 | no | no |
viewtrace_id: 0xedade7e7d562a6eae5f9068bcc8126966970dcbed72aa1f1f0f2147f763de7e3
validation_json{
"sink": "CREATE",
"errors": 0,
"status": "unknown",
"attempts": 10,
"trace_id": "0xedade7e7d562a6eae5f9068bcc8126966970dcbed72aa1f1f0f2147f763de7e3",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2d2c5565",
"selector": "0x2d2c5565",
"calldata_variants": [
"0x2d2c5565",
"0x2d2c55650000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x819d4cc6",
"selector": "0x819d4cc6",
"calldata_variants": [
"0x819d4cc6",
"0x819d4cc60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8980f11f",
"selector": "0x8980f11f",
"calldata_variants": [
"0x8980f11f",
"0x8980f11f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8b21f170",
"selector": "0x8b21f170",
"calldata_variants": [
"0x8b21f170",
"0x8b21f1700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9342c8f4",
"selector": "0x9342c8f4",
"calldata_variants": [
"0x9342c8f4",
"0x9342c8f40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"create_count": 1,
"create2_count": 0
}
|
| low | other | cast | Contract creation opcode present | 60 | no | — |
viewevidence_json{
"notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
"create_count": 1,
"create2_count": 0
}
|