019c0ea9-07cf-7327-9b7e-02000e7fdf7e
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41683 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41684 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41685 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41686 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41687 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41688 | detector.run | complete | 1 / 3 | 2 months ago |
| 41689 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42282 | report.consolidate | complete | 1 / 6 | 2 months ago |
| 42283 | tool.slither | failed | 2 / 2 | 2 months ago |
{
"status": "conflict",
"onchain_impl": "0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0x23556f8fdc3a5967e6ee1ac98023ae0763247cab"
}
},
"etherscan_impl": "0x23556f8fdc3a5967e6ee1ac98023ae0763247cab",
"onchain_method": "eip1967"
}
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 1084, in run
stdout_text, stderr_text, result_json = _run_slither(
~~~~~~~~~~~~^
workspace,
^^^^^^^^^^
...<4 lines>...
target_path=target_path,
^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 958, in _run_slither
raise RuntimeError(f"slither failed (exit {result.returncode}): {stderr_text or stdout_text}")
RuntimeError: slither failed (exit 1): 'forge clean' running (wd: /tmp/slither-6ttzj5ub)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-6ttzj5ub)
'forge' returned non-zero exit code 1
Error: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol: No solc version exists that matches the version requirement: ^0.8.22
stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/proxy/utils/UUPSUpgradeable.sol: No solc version exists that matches the version requirement: ^0.8.22
Traceback (most recent call last):
File "/var/www/tripwire/.venv/bin/slither", line 10, in <module>
sys.exit(main())
~~~~^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 776, in main
main_impl(all_detector_classes=detectors, all_printer_classes=printers)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 882, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 96, in process_all
compilations = compile_all(target, **vars(args))
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all
compilations.append(CryticCompile(target, **kwargs))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__
self._compile(**kwargs)
~~~~~~~~~~~~~^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile
self._platform.compile(self, **kwargs)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/foundry.py", line 102, in compile
hardhat_like_parsing(
~~~~~~~~~~~~~~~~~~~~^
crytic_compile, str(self._target), build_directory, str(self._project_root)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/hardhat.py", line 52, in hardhat_like_parsing
raise InvalidCompilation(txt)
crytic_compile.platform.exceptions.InvalidCompilation: Compilation failed. Can you run build command?
/tmp/slither-6ttzj5ub/out/build-info is not a directory.
{"no_findings":false,"summary":"Bytecode indicates Ownable/Initializable/ReentrancyGuard/SafeERC20 patterns and a single low-level CALL path; no delegatecall/upgrade-slot writes observed. The only potentially risky behavior is the computed CALL target/value (pc:8052), which could be benign (SafeERC20) but is hard to prove from bytecode alone.","findings":[{"severity":"low","category":"reentrancy","title":"Computed low-level CALL target/value reachable (reentrancy/permission uncertainty)","exploit_scenario":"If any externally callable path lets an attacker influence the CALL target/value (or triggers it after state changes), a malicious target could reenter or receive ETH unexpectedly. Trace-based validation only observed a constant self-target in one run, so the true target may still vary depending on calldata/storage, and guards are not reliably detectable from bytecode.","recommendation":"Confirm which public/external functions reach the CALL at pc:8052 and ensure they enforce strict access control and checks-effects-interactions or a nonReentrant guard. If the call is intended only for ERC20 operations, restrict targets to known token addresses and keep `value` at zero.","evidence":"Low-level CALL in runtime bytecode at pc:8052 with computed target/value; Address.functionCallWithValue-style checks are present but do not prove access control or state-ordering.","locations":["pc:8052"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-jum_rxwr
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0ef0-06e3-7ad0-a78b-fb043f4d5eb2
--------
user
Context: The user requested the proxy at 0xd6a07b8065f9e8386a9a5bba6a754a10a9cd1074.
Audit the implementation at 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-jum_rxwr succeeded in 7ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-jum_rxwr succeeded in 8ms:
{
"analysis_artifact": {
"address": "0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b",
"artifact_hash": "0xf71148b90cb110c00c1ffd984a6d9b66bf92b68b4aa481a8be3bb96704ff591e",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 11,
"hash": "0x7ba4403ad8c2da27f36a99883d9bd6831f00a99722adb0e607c72478344873a4",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"CALLVALUE",
"OP_80",
"ISZERO",
"PUSH2",
exec
/bin/bash -lc 'rg -n "bytecode|summary|evidence|selectors|storage" BYTECODE_BUNDLE.json' in /tmp/codex-jum_rxwr succeeded in 16ms:
12590: "storage": {
12919: "storage": {
13248: "storage": {
13577: "storage": {
13906: "storage": {
14235: "storage": {
14564: "storage": {
14893: "storage": {
15222: "storage": {
15551: "storage": {
15880: "storage": {
16209: "storage": {
16538: "storage": {
16867: "storage": {
17196: "storage": {
17525: "storage": {
17854: "storage": {
18183: "storage": {
18512: "storage": {
18841: "storage": {
exec
/bin/bash -lc "sed -n '21380,21630p' BYTECODE_BUNDLE.json" in /tmp/codex-jum_rxwr succeeded in 7ms:
"slot": "0x0000000000000000000000000000000000000000000000000000000000000065"
},
{
"op": "SLOAD",
"pc": 6022,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000067"
},
{
"op": "SSTORE",
"pc": 6056,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000002"
},
{
"op": "SLOAD",
"pc": 6551,
"slot": "0x0000000000000000000000000000000000000000000000000000000000000068"
},
{
"op": "SLOAD",
"pc": 6554,
exec
/bin/bash -lc "sed -n '21860,21940p' BYTECODE_BUNDLE.json" in /tmp/codex-jum_rxwr succeeded in 8ms:
"updated_at": "2026-01-30T11:29:04.000000Z"
},
"parent_run_id": "019c0ea9-07cf-7327-9b7e-02000e7fdf7e",
"updated_at": "2026-01-30T11:29:05.000000Z"
}
],
"status": "running",
"updated_at": "2026-01-30T12:45:35.000000Z"
},
"artifact": {
"codehash": "0xe04b80a8394ead34cf4bfcdcfa74f7514520234902b3c6171ef9d7184f65223c",
"compiler_json": {
"compiler_version": null,
"etherscan": {
"contract_name": null,
"implementation": null,
"license": "Unknown",
"proxy": "0",
"swarm_source": null
},
exec
/bin/bash -lc 'rg -n "8052" BYTECODE_BUNDLE.json' in /tmp/codex-jum_rxwr succeeded in 11ms:
5880: "hash": "0x053f1a6ca0217cb4119a54ae6f54c4e8052460692d9f2cd97225bb9b93d9ac17",
9752: "pc": 8052,
24738: "to": "call:8052",
24742: "from": "call:8052",
26815: "hash": "0x053f1a6ca0217cb4119a54ae6f54c4e8052460692d9f2cd97225bb9b93d9ac17",
28219: "id": "call:8052",
28221: "pc": 8052,
28409: "pc": 8052,
28447: "pc": 8052,
exec
/bin/bash -lc "sed -n '5840,5920p' BYTECODE_BUNDLE.json" in /tmp/codex-jum_rxwr succeeded in 8ms:
"OP_90",
"OP_98",
"SHA3",
"SLOAD",
"OP_92",
"OP_98",
"POP",
"OP_95",
"OP_96",
"OP_90",
"OP_95",
"OP_94",
"OP_90",
"OP_93",
"OP_92",
"OP_90",
"OP_91",
"OP_81",
"OP_84",
"GT",
exec
/bin/bash -lc "rg -n \"start_pc\":\\s*80 BYTECODE_BUNDLE.json" in /tmp/codex-jum_rxwr exited 1 in 8ms:
exec
/bin/bash -lc "rg -n \"\\\"start_pc\\\": 805\" BYTECODE_BUNDLE.json" in /tmp/codex-jum_rxwr exited 1 in 7ms:
exec
/bin/bash -lc "python3 - <<'PY'
import json
import sys
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
# basic blocks from analysis_artifact.artifact_json.basic_blocks
bbs=data['analysis_artifact']['artifact_json']['basic_blocks']
# find blocks containing pc 8052
pc=8052
hits=[bb for bb in bbs if bb['start_pc']<=pc<=bb['end_pc']]
print('hits',len(hits))
for bb in hits:
print(bb['start_pc'],bb['end_pc'],bb.get('hash'))
print(bb.get('opcodes'))
PY" in /tmp/codex-jum_rxwr succeeded in 38ms:
hits 1
8039 8066 0x940328fdbc6aaa29926e869ed2c9ab59fccc710a87748356d138d1fc89d5e8ff
['JUMPDEST', 'PUSH1', 'PUSH1', 'MLOAD', 'OP_80', 'OP_83', 'SUB', 'OP_81', 'OP_85', 'OP_87', 'GAS', 'CALL', 'OP_92', 'POP', 'POP', 'POP', 'RETURNDATASIZE', 'OP_80', 'PUSH1', 'OP_81', 'EQ', 'PUSH2', 'JUMPI']
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
edges=data['capability_graph']['graph_json']['edges']
from_edges=[e for e in edges if e.get('from')=='call:8052']
to_edges=[e for e in edges if e.get('to')=='call:8052']
print('from',len(from_edges))
print(from_edges[:5])
print('to',len(to_edges))
print(to_edges[:5])
PY" in /tmp/codex-jum_rxwr succeeded in 43ms:
from 1
[{'from': 'call:8052', 'to': 'sink:call', 'type': 'capability'}]
to 1
[{'from': 'bb:8039', 'to': 'call:8052', 'type': 'contains'}]
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
# fill known opcodes
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
# PUSH1..PUSH32
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
# DUP1..DUP16
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
# SWAP1..SWAP16
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
# LOG0..LOG4
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
# system
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
# disassemble around pc 8052
start=8000
end=8100
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f: # PUSH1-32
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
# break after we pass end and have started
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 48ms:
8001: DUP3
8002: ADD
8003: MSTORE
8004: PUSH1 0x64
8006: ADD
8007: PUSH2 0x04b3
8010: JUMP
8011: JUMPDEST
8012: PUSH1 0x00
8014: DUP1
8015: DUP7
8016: PUSH1 0x01
8018: PUSH1 0x01
8020: PUSH1 0xa0
8022: SHL
8023: SUB
8024: AND
8025: DUP6
8026: DUP8
8027: PUSH1 0x40
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=9340
end=9410
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 40ms:
9340: JUMPDEST
9341: PUSH1 0x00
9343: JUMPDEST
9344: DUP4
9345: DUP2
9346: LT
9347: ISZERO
9348: PUSH2 0x2497
9351: JUMPI
9352: DUP2
9353: DUP2
9354: ADD
9355: MLOAD
9356: DUP4
9357: DUP3
9358: ADD
9359: MSTORE
9360: PUSH1 0x20
9362: ADD
9363: PUSH2 0x247f
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=7950
end=8035
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 40ms:
7950: DUP2
7951: MSTORE
7952: PUSH1 0x20
7954: PUSH1 0x04
7956: DUP3
7957: ADD
7958: MSTORE
7959: PUSH1 0x1d
7961: PUSH1 0x24
7963: DUP3
7964: ADD
7965: MSTORE
7966: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
7999: PUSH1 0x44
8001: DUP3
8002: ADD
8003: MSTORE
8004: PUSH1 0x64
8006: ADD
8007: PUSH2 0x04b3
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
needle=b\"SafeERC20: low-level call failed\"
idx=bytecode.find(needle)
print('found at',idx)
if idx"'!=-1:
print(bytecode[idx:idx+len(needle)])
needle2=b"SafeERC20: ERC20 operation did not succeed"
idx2=bytecode.find(needle2)
print('"'found2',idx2)
PY" in /tmp/codex-jum_rxwr succeeded in 47ms:
found at 7572
b'SafeERC20: low-level call failed'
found2 -1
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=7520
end=7600
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 42ms:
7521: SWAP1
7522: DUP6
7523: SWAP1
7524: PUSH4 0x23b872dd
7529: PUSH1 0xe0
7531: SHL
7532: SWAP1
7533: PUSH1 0x84
7535: ADD
7536: PUSH2 0x1bcb
7539: JUMP
7540: JUMPDEST
7541: POP
7542: POP
7543: POP
7544: POP
7545: JUMP
7546: JUMPDEST
7547: PUSH1 0x00
7549: PUSH2 0x1dcf
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
# same disasm
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=7568
end=7645
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 35ms:
7568: PUSH1 0x20
7570: ADD
7571: PUSH32 0x5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564
7604: DUP2
7605: MSTORE
7606: POP
7607: DUP6
7608: PUSH1 0x01
7610: PUSH1 0x01
7612: PUSH1 0xa0
7614: SHL
7615: SUB
7616: AND
7617: PUSH2 0x1e7c
7620: SWAP1
7621: SWAP3
7622: SWAP2
7623: SWAP1
7624: PUSH4 0xffffffff
7629: AND
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
# find push4 a9059cbb
pattern=bytes([0x63,0xa9,0x05,0x9c,0xbb])
idxs=[]
start=0
while True:
i=bytecode.find(pattern,start)
if i==-1:
break
idxs.append(i)
start=i+1
print('indices',idxs)
PY" in /tmp/codex-jum_rxwr succeeded in 37ms:
indices [7103]
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=7060
end=7145
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 47ms:
7061: JUMP
7062: JUMPDEST
7063: SWAP6
7064: SWAP5
7065: POP
7066: POP
7067: POP
7068: POP
7069: POP
7070: JUMP
7071: JUMPDEST
7072: PUSH1 0x40
7074: MLOAD
7075: PUSH1 0x01
7077: PUSH1 0x01
7079: PUSH1 0xa0
7081: SHL
7082: SUB
7083: DUP4
7084: AND
exec
/bin/bash -lc "python3 - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
data=json.load(f)
bytecode_hex=data['artifact']['runtime_bytecode']['full']
if bytecode_hex.startswith('0x'):
bytecode_hex=bytecode_hex[2:]
bytecode=bytes.fromhex(bytecode_hex)
# disasm
opcodes = {i: f'OP_{i:02x}' for i in range(256)}
name_map={
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',
0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
0x5f:'PUSH0'
}
for i in range(1,33):
name_map[0x5f+i]=f'PUSH{i}'
for i in range(1,17):
name_map[0x7f+i]=f'DUP{i}'
for i in range(1,17):
name_map[0x8f+i]=f'SWAP{i}'
for i in range(0,5):
name_map[0xa0+i]=f'LOG{i}'
for code,name in [(0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
name_map[code]=name
opcodes.update(name_map)
start=7140
end=7240
pc=0
out=[]
while pc < len(bytecode):
op=bytecode[pc]
name=opcodes.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bytecode[pc+1:pc+1+n]
if start <= pc <= end:
out.append((pc,name,data.hex()))
pc += 1+n
else:
if start <= pc <= end:
out.append((pc,name,''))
pc += 1
if pc> end and pc>start:
if pc> end+32:
break
for pc,name,data in out:
if data:
print(f\"{pc:5d}: {name} 0x{data}\")
else:
print(f\"{pc:5d}: {name}\")
PY" in /tmp/codex-jum_rxwr succeeded in 72ms:
7140: PUSH1 0x01
7142: PUSH1 0xe0
7144: SHL
7145: SUB
7146: AND
7147: PUSH1 0x01
7149: PUSH1 0x01
7151: PUSH1 0xe0
7153: SHL
7154: SUB
7155: NOT
7156: SWAP1
7157: SWAP4
7158: AND
7159: SWAP3
7160: SWAP1
7161: SWAP3
7162: OR
7163: SWAP1
7164: SWAP2
codex
{"no_findings":false,"summary":"Bytecode indicates Ownable/Initializable/ReentrancyGuard/SafeERC20 patterns and a single low-level CALL path; no delegatecall/upgrade-slot writes observed. The only potentially risky behavior is the computed CALL target/value (pc:8052), which could be benign (SafeERC20) but is hard to prove from bytecode alone.","findings":[{"severity":"low","category":"reentrancy","title":"Computed low-level CALL target/value reachable (reentrancy/permission uncertainty)","exploit_scenario":"If any externally callable path lets an attacker influence the CALL target/value (or triggers it after state changes), a malicious target could reenter or receive ETH unexpectedly. Trace-based validation only observed a constant self-target in one run, so the true target may still vary depending on calldata/storage, and guards are not reliably detectable from bytecode.","recommendation":"Confirm which public/external functions reach the CALL at pc:8052 and ensure they enforce strict access control and checks-effects-interactions or a nonReentrant guard. If the call is intended only for ERC20 operations, restrict targets to known token addresses and keep `value` at zero.","evidence":"Low-level CALL in runtime bytecode at pc:8052 with computed target/value; Address.functionCallWithValue-style checks are present but do not prove access control or state-ordering.","locations":["pc:8052"]}]}
tokens used
72,961
{
"codex": {
"ran_at": "2026-01-30T12:51:41.147656+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 19020,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Bytecode indicates Ownable/Initializable/ReentrancyGuard/SafeERC20 patterns and a single low-level CALL path; no delegatecall/upgrade-slot writes observed. The only potentially risky behavior is the computed CALL target/value (pc:8052), which could be benign (SafeERC20) but is hard to prove from bytecode alone.",
"raw_final": {
"summary": "Bytecode indicates Ownable/Initializable/ReentrancyGuard/SafeERC20 patterns and a single low-level CALL path; no delegatecall/upgrade-slot writes observed. The only potentially risky behavior is the computed CALL target/value (pc:8052), which could be benign (SafeERC20) but is hard to prove from bytecode alone.",
"findings": [
{
"title": "Computed low-level CALL target/value reachable (reentrancy/permission uncertainty)",
"category": "reentrancy",
"evidence": "Low-level CALL in runtime bytecode at pc:8052 with computed target/value; Address.functionCallWithValue-style checks are present but do not prove access control or state-ordering.",
"severity": "low",
"locations": [
"pc:8052"
],
"recommendation": "Confirm which public/external functions reach the CALL at pc:8052 and ensure they enforce strict access control and checks-effects-interactions or a nonReentrant guard. If the call is intended only for ERC20 operations, restrict targets to known token addresses and keep `value` at zero.",
"exploit_scenario": "If any externally callable path lets an attacker influence the CALL target/value (or triggers it after state changes), a malicious target could reenter or receive ETH unexpectedly. Trace-based validation only observed a constant self-target in one run, so the true target may still vary depending on calldata/storage, and guards are not reliably detectable from bytecode."
}
],
"no_findings": false
},
"no_findings": false,
"proxy_context": {
"proxy_run_id": "019c0ea9-07cf-7327-9b7e-02000e7fdf7e",
"proxy_address": "0xd6a07b8065f9e8386a9a5bba6a754a10a9cd1074",
"implementation_run_id": "019c0ea9-f67b-73b7-80e6-a5d6cba42ff4",
"implementation_address": "0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x3659cfe6 00000019: EQ 0000001a: PUSH2 0x0065 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x4f1ef286 00000024: EQ 00000025: PUSH2 0x0085 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x5c60da1b 0000002f: EQ 00000030: PUSH2 0x0098 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8f283970 0000003a: EQ 0000003b: PUSH2 0x00c9 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf851a440 00000045: EQ 00000046: PUSH2 0x00e9 00000049: JUMPI 0000004a: PUSH2 0x005d 0000004d: JUMP 0000004e: JUMPDEST 0000004f: CALLDATASIZE 00000050: PUSH2 0x005d 00000053: JUMPI 00000054: PUSH2 0x005b 00000057: PUSH2 0x00fe 0000005a: JUMP 0000005b: JUMPDEST 0000005c: STOP 0000005d: JUMPDEST 0000005e: PUSH2 0x005b 00000061: PUSH2 0x00fe 00000064: JUMP 00000065: JUMPDEST 00000066: CALLVALUE 00000067: DUP1 00000068: ISZERO 00000069: PUSH2 0x0071 0000006c: JUMPI 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: POP 00000073: PUSH2 0x005b 00000076: PUSH2 0x0080 00000079: CALLDATASIZE 0000007a: PUSH1 0x04 0000007c: PUSH2 0x06ed 0000007f: JUMP 00000080: JUMPDEST 00000081: PUSH2 0x0118 00000084: JUMP 00000085: JUMPDEST 00000086: PUSH2 0x005b 00000089: PUSH2 0x0093 0000008c: CALLDATASIZE 0000008d: PUSH1 0x04 0000008f: PUSH2 0x0707 00000092: JUMP 00000093: JUMPDEST 00000094: PUSH2 0x0164 00000097: JUMP 00000098: JUMPDEST 00000099: CALLVALUE 0000009a: DUP1 0000009b: ISZERO 0000009c: PUSH2 0x00a4 0000009f: JUMPI 000000a0: PUSH1 0x00 000000a2: DUP1 000000a3: REVERT 000000a4: JUMPDEST 000000a5: POP 000000a6: PUSH2 0x00ad 000000a9: PUSH2 0x01da 000000ac: JUMP 000000ad: JUMPDEST 000000ae: PUSH1 0x40 000000b0: MLOAD 000000b1: PUSH1 0x01 000000b3: PUSH1 0x01 000000b5: PUSH1 0xa0 000000b7: SHL 000000b8: SUB 000000b9: SWAP1 000000ba: SWAP2 000000bb: AND 000000bc: DUP2 000000bd: MSTORE 000000be: PUSH1 0x20 000000c0: ADD 000000c1: PUSH1 0x40 000000c3: MLOAD 000000c4: DUP1 000000c5: SWAP2 000000c6: SUB 000000c7: SWAP1 000000c8: RETURN 000000c9: JUMPDEST 000000ca: CALLVALUE 000000cb: DUP1 000000cc: ISZERO 000000cd: PUSH2 0x00d5 000000d0: JUMPI 000000d1: PUSH1 0x00 000000d3: DUP1 000000d4: REVERT 000000d5: JUMPDEST 000000d6: POP 000000d7: PUSH2 0x005b 000000da: PUSH2 0x00e4 000000dd: CALLDATASIZE 000000de: PUSH1 0x04 000000e0: PUSH2 0x06ed 000000e3: JUMP 000000e4: JUMPDEST 000000e5: PUSH2 0x0217 000000e8: JUMP 000000e9: JUMPDEST 000000ea: CALLVALUE 000000eb: DUP1 000000ec: ISZERO 000000ed: PUSH2 0x00f5 000000f0: JUMPI 000000f1: PUSH1 0x00 000000f3: DUP1 000000f4: REVERT 000000f5: JUMPDEST 000000f6: POP 000000f7: PUSH2 0x00ad 000000fa: PUSH2 0x0241 000000fd: JUMP 000000fe: JUMPDEST 000000ff: PUSH2 0x0106 00000102: PUSH2 0x02a2 00000105: JUMP 00000106: JUMPDEST 00000107: PUSH2 0x0116 0000010a: PUSH2 0x0111 0000010d: PUSH2 0x0346 00000110: JUMP 00000111: JUMPDEST 00000112: PUSH2 0x0355 00000115: JUMP 00000116: JUMPDEST 00000117: JUMP 00000118: JUMPDEST 00000119: PUSH2 0x0120 0000011c: PUSH2 0x0379 0000011f: JUMP 00000120: JUMPDEST 00000121: PUSH1 0x01 00000123: PUSH1 0x01 00000125: PUSH1 0xa0 00000127: SHL 00000128: SUB 00000129: AND 0000012a: CALLER 0000012b: PUSH1 0x01 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: SHL 00000132: SUB 00000133: AND 00000134: EQ 00000135: ISZERO 00000136: PUSH2 0x0159 00000139: JUMPI 0000013a: PUSH2 0x0154 0000013d: DUP2 0000013e: PUSH1 0x40 00000140: MLOAD 00000141: DUP1 00000142: PUSH1 0x20 00000144: ADD 00000145: PUSH1 0x40 00000147: MSTORE 00000148: DUP1 00000149: PUSH1 0x00 0000014b: DUP2 0000014c: MSTORE 0000014d: POP 0000014e: PUSH1 0x00 00000150: PUSH2 0x03ac 00000153: JUMP 00000154: JUMPDEST 00000155: PUSH2 0x0161 00000158: JUMP 00000159: JUMPDEST 0000015a: PUSH2 0x0161 0000015d: PUSH2 0x00fe 00000160: JUMP 00000161: JUMPDEST 00000162: POP 00000163: JUMP 00000164: JUMPDEST 00000165: PUSH2 0x016c 00000168: PUSH2 0x0379 0000016b: JUMP 0000016c: JUMPDEST 0000016d: PUSH1 0x01 0000016f: PUSH1 0x01 00000171: PUSH1 0xa0 00000173: SHL 00000174: SUB 00000175: AND 00000176: CALLER 00000177: PUSH1 0x01 00000179: PUSH1 0x01 0000017b: PUSH1 0xa0 0000017d: SHL 0000017e: SUB 0000017f: AND 00000180: EQ 00000181: ISZERO 00000182: PUSH2 0x01cd 00000185: JUMPI 00000186: PUSH2 0x01c8 00000189: DUP4 0000018a: DUP4 0000018b: DUP4 0000018c: DUP1 0000018d: DUP1 0000018e: PUSH1 0x1f 00000190: ADD 00000191: PUSH1 0x20 00000193: DUP1 00000194: SWAP2 00000195: DIV 00000196: MUL 00000197: PUSH1 0x20 00000199: ADD 0000019a: PUSH1 0x40 0000019c: MLOAD 0000019d: SWAP1 0000019e: DUP2 0000019f: ADD 000001a0: PUSH1 0x40 000001a2: MSTORE 000001a3: DUP1 000001a4: SWAP4 000001a5: SWAP3 000001a6: SWAP2 000001a7: SWAP1 000001a8: DUP2 000001a9: DUP2 000001aa: MSTORE 000001ab: PUSH1 0x20 000001ad: ADD 000001ae: DUP4 000001af: DUP4 000001b0: DUP1 000001b1: DUP3 000001b2: DUP5 000001b3: CALLDATACOPY 000001b4: PUSH1 0x00 000001b6: SWAP3 000001b7: ADD 000001b8: SWAP2 000001b9: SWAP1 000001ba: SWAP2 000001bb: MSTORE 000001bc: POP 000001bd: PUSH1 0x01 000001bf: SWAP3 000001c0: POP 000001c1: PUSH2 0x03ac 000001c4: SWAP2 000001c5: POP 000001c6: POP 000001c7: JUMP 000001c8: JUMPDEST 000001c9: PUSH2 0x01d5 000001cc: JUMP 000001cd: JUMPDEST 000001ce: PUSH2 0x01d5 000001d1: PUSH2 0x00fe 000001d4: JUMP 000001d5: JUMPDEST 000001d6: POP 000001d7: POP 000001d8: POP 000001d9: JUMP 000001da: JUMPDEST 000001db: PUSH1 0x00 000001dd: PUSH2 0x01e4 000001e0: PUSH2 0x0379 000001e3: JUMP 000001e4: JUMPDEST 000001e5: PUSH1 0x01 000001e7: PUSH1 0x01 000001e9: PUSH1 0xa0 000001eb: SHL 000001ec: SUB 000001ed: AND 000001ee: CALLER 000001ef: PUSH1 0x01 000001f1: PUSH1 0x01 000001f3: PUSH1 0xa0 000001f5: SHL 000001f6: SUB 000001f7: AND 000001f8: EQ 000001f9: ISZERO 000001fa: PUSH2 0x020c 000001fd: JUMPI 000001fe: PUSH2 0x0205 00000201: PUSH2 0x0346 00000204: JUMP 00000205: JUMPDEST 00000206: SWAP1 00000207: POP 00000208: PUSH2 0x0214 0000020b: JUMP 0000020c: JUMPDEST 0000020d: PUSH2 0x0214 00000210: PUSH2 0x00fe 00000213: JUMP 00000214: JUMPDEST 00000215: SWAP1 00000216: JUMP 00000217: JUMPDEST 00000218: PUSH2 0x021f 0000021b: PUSH2 0x0379 0000021e: JUMP 0000021f: JUMPDEST 00000220: PUSH1 0x01 00000222: PUSH1 0x01 00000224: PUSH1 0xa0 00000226: SHL 00000227: SUB 00000228: AND 00000229: CALLER 0000022a: PUSH1 0x01 0000022c: PUSH1 0x01 0000022e: PUSH1 0xa0 00000230: SHL 00000231: SUB 00000232: AND 00000233: EQ 00000234: ISZERO 00000235: PUSH2 0x0159 00000238: JUMPI 00000239: PUSH2 0x0154 0000023c: DUP2 0000023d: PUSH2 0x040b 00000240: JUMP 00000241: JUMPDEST 00000242: PUSH1 0x00 00000244: PUSH2 0x024b 00000247: PUSH2 0x0379 0000024a: JUMP 0000024b: JUMPDEST 0000024c: PUSH1 0x01 0000024e: PUSH1 0x01 00000250: PUSH1 0xa0 00000252: SHL 00000253: SUB 00000254: AND 00000255: CALLER 00000256: PUSH1 0x01 00000258: PUSH1 0x01 0000025a: PUSH1 0xa0 0000025c: SHL 0000025d: SUB 0000025e: AND 0000025f: EQ 00000260: ISZERO 00000261: PUSH2 0x020c 00000264: JUMPI 00000265: PUSH2 0x0205 00000268: PUSH2 0x0379 0000026b: JUMP 0000026c: JUMPDEST 0000026d: PUSH1 0x60 0000026f: PUSH2 0x0291 00000272: DUP4 00000273: DUP4 00000274: PUSH1 0x40 00000276: MLOAD 00000277: DUP1 00000278: PUSH1 0x60 0000027a: ADD 0000027b: PUSH1 0x40 0000027d: MSTORE 0000027e: DUP1 0000027f: PUSH1 0x27 00000281: DUP2 00000282: MSTORE 00000283: PUSH1 0x20 00000285: ADD 00000286: PUSH2 0x0801 00000289: PUSH1 0x27 0000028b: SWAP2 0000028c: CODECOPY 0000028d: PUSH2 0x045f 00000290: JUMP 00000291: JUMPDEST 00000292: SWAP4 00000293: SWAP3 00000294: POP 00000295: POP 00000296: POP 00000297: JUMP 00000298: JUMPDEST 00000299: DUP1 0000029a: EXTCODESIZE 0000029b: ISZERO 0000029c: ISZERO 0000029d: JUMPDEST 0000029e: SWAP2 0000029f: SWAP1 000002a0: POP 000002a1: JUMP 000002a2: JUMPDEST 000002a3: PUSH2 0x02aa 000002a6: PUSH2 0x0379 000002a9: JUMP 000002aa: JUMPDEST 000002ab: PUSH1 0x01 000002ad: PUSH1 0x01 000002af: PUSH1 0xa0 000002b1: SHL 000002b2: SUB 000002b3: AND 000002b4: CALLER 000002b5: PUSH1 0x01 000002b7: PUSH1 0x01 000002b9: PUSH1 0xa0 000002bb: SHL 000002bc: SUB 000002bd: AND 000002be: EQ 000002bf: ISZERO 000002c0: PUSH2 0x0341 000002c3: JUMPI 000002c4: PUSH1 0x40 000002c6: MLOAD 000002c7: PUSH3 0x461bcd 000002cb: PUSH1 0xe5 000002cd: SHL 000002ce: DUP2 000002cf: MSTORE 000002d0: PUSH1 0x20 000002d2: PUSH1 0x04 000002d4: DUP3 000002d5: ADD 000002d6: MSTORE 000002d7: PUSH1 0x42 000002d9: PUSH1 0x24 000002db: DUP3 000002dc: ADD 000002dd: MSTORE 000002de: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a2061646d 000002ff: PUSH1 0x44 00000301: DUP3 00000302: ADD 00000303: MSTORE 00000304: PUSH32 0x696e2063616e6e6f742066616c6c6261636b20746f2070726f78792074617267 00000325: PUSH1 0x64 00000327: DUP3 00000328: ADD 00000329: MSTORE 0000032a: PUSH2 0x195d 0000032d: PUSH1 0xf2 0000032f: SHL 00000330: PUSH1 0x84 00000332: DUP3 00000333: ADD 00000334: MSTORE 00000335: PUSH1 0xa4 00000337: ADD 00000338: JUMPDEST 00000339: PUSH1 0x40 0000033b: MLOAD 0000033c: DUP1 0000033d: SWAP2 0000033e: SUB 0000033f: SWAP1 00000340: REVERT 00000341: JUMPDEST 00000342: PUSH2 0x0116 00000345: JUMP 00000346: JUMPDEST 00000347: PUSH1 0x00 00000349: PUSH2 0x0350 0000034c: PUSH2 0x053a 0000034f: JUMP 00000350: JUMPDEST 00000351: SWAP1 00000352: POP 00000353: SWAP1 00000354: JUMP 00000355: JUMPDEST 00000356: CALLDATASIZE 00000357: PUSH1 0x00 00000359: DUP1 0000035a: CALLDATACOPY 0000035b: PUSH1 0x00 0000035d: DUP1 0000035e: CALLDATASIZE 0000035f: PUSH1 0x00 00000361: DUP5 00000362: GAS 00000363: DELEGATECALL 00000364: RETURNDATASIZE 00000365: PUSH1 0x00 00000367: DUP1 00000368: RETURNDATACOPY 00000369: DUP1 0000036a: DUP1 0000036b: ISZERO 0000036c: PUSH2 0x0374 0000036f: JUMPI 00000370: RETURNDATASIZE 00000371: PUSH1 0x00 00000373: RETURN 00000374: JUMPDEST 00000375: RETURNDATASIZE 00000376: PUSH1 0x00 00000378: REVERT 00000379: JUMPDEST 0000037a: PUSH1 0x00 0000037c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 0000039d: JUMPDEST 0000039e: SLOAD 0000039f: PUSH1 0x01 000003a1: PUSH1 0x01 000003a3: PUSH1 0xa0 000003a5: SHL 000003a6: SUB 000003a7: AND 000003a8: SWAP1 000003a9: POP 000003aa: SWAP1 000003ab: JUMP 000003ac: JUMPDEST 000003ad: PUSH2 0x03b5 000003b0: DUP4 000003b1: PUSH2 0x0562 000003b4: JUMP 000003b5: JUMPDEST 000003b6: PUSH1 0x40 000003b8: MLOAD 000003b9: PUSH1 0x01 000003bb: PUSH1 0x01 000003bd: PUSH1 0xa0 000003bf: SHL 000003c0: SUB 000003c1: DUP5 000003c2: AND 000003c3: SWAP1 000003c4: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 000003e5: SWAP1 000003e6: PUSH1 0x00 000003e8: SWAP1 000003e9: LOG2 000003ea: PUSH1 0x00 000003ec: DUP3 000003ed: MLOAD 000003ee: GT 000003ef: DUP1 000003f0: PUSH2 0x03f6 000003f3: JUMPI 000003f4: POP 000003f5: DUP1 000003f6: JUMPDEST 000003f7: ISZERO 000003f8: PUSH2 0x01d5 000003fb: JUMPI 000003fc: PUSH2 0x0405 000003ff: DUP4 00000400: DUP4 00000401: PUSH2 0x026c 00000404: JUMP 00000405: JUMPDEST 00000406: POP 00000407: POP 00000408: POP 00000409: POP 0000040a: JUMP 0000040b: JUMPDEST 0000040c: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 0000042d: PUSH2 0x0434 00000430: PUSH2 0x0379 00000433: JUMP 00000434: JUMPDEST 00000435: PUSH1 0x40 00000437: DUP1 00000438: MLOAD 00000439: PUSH1 0x01 0000043b: PUSH1 0x01 0000043d: PUSH1 0xa0 0000043f: SHL 00000440: SUB 00000441: SWAP3 00000442: DUP4 00000443: AND 00000444: DUP2 00000445: MSTORE 00000446: SWAP2 00000447: DUP5 00000448: AND 00000449: PUSH1 0x20 0000044b: DUP4 0000044c: ADD 0000044d: MSTORE 0000044e: ADD 0000044f: PUSH1 0x40 00000451: MLOAD 00000452: DUP1 00000453: SWAP2 00000454: SUB 00000455: SWAP1 00000456: LOG1 00000457: PUSH2 0x0161 0000045a: DUP2 0000045b: PUSH2 0x0611 0000045e: JUMP 0000045f: JUMPDEST 00000460: PUSH1 0x60 00000462: PUSH2 0x046a 00000465: DUP5 00000466: PUSH2 0x0298 00000469: JUMP 0000046a: JUMPDEST 0000046b: PUSH2 0x04c5 0000046e: JUMPI 0000046f: PUSH1 0x40 00000471: MLOAD 00000472: PUSH3 0x461bcd 00000476: PUSH1 0xe5 00000478: SHL 00000479: DUP2 0000047a: MSTORE 0000047b: PUSH1 0x20 0000047d: PUSH1 0x04 0000047f: DUP3 00000480: ADD 00000481: MSTORE 00000482: PUSH1 0x26 00000484: PUSH1 0x24 00000486: DUP3 00000487: ADD 00000488: MSTORE 00000489: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f 000004aa: PUSH1 0x44 000004ac: DUP3 000004ad: ADD 000004ae: MSTORE 000004af: PUSH6 0x1b9d1c9858dd 000004b6: PUSH1 0xd2 000004b8: SHL 000004b9: PUSH1 0x64 000004bb: DUP3 000004bc: ADD 000004bd: MSTORE 000004be: PUSH1 0x84 000004c0: ADD 000004c1: PUSH2 0x0338 000004c4: JUMP 000004c5: JUMPDEST 000004c6: PUSH1 0x00 000004c8: DUP1 000004c9: DUP6 000004ca: PUSH1 0x01 000004cc: PUSH1 0x01 000004ce: PUSH1 0xa0 000004d0: SHL 000004d1: SUB 000004d2: AND 000004d3: DUP6 000004d4: PUSH1 0x40 000004d6: MLOAD 000004d7: PUSH2 0x04e0 000004da: SWAP2 000004db: SWAP1 000004dc: PUSH2 0x0785 000004df: JUMP 000004e0: JUMPDEST 000004e1: PUSH1 0x00 000004e3: PUSH1 0x40 000004e5: MLOAD 000004e6: DUP1 000004e7: DUP4 000004e8: SUB 000004e9: DUP2 000004ea: DUP6 000004eb: GAS 000004ec: DELEGATECALL 000004ed: SWAP2 000004ee: POP 000004ef: POP 000004f0: RETURNDATASIZE 000004f1: DUP1 000004f2: PUSH1 0x00 000004f4: DUP2 000004f5: EQ 000004f6: PUSH2 0x051b 000004f9: JUMPI 000004fa: PUSH1 0x40 000004fc: MLOAD 000004fd: SWAP2 000004fe: POP 000004ff: PUSH1 0x1f 00000501: NOT 00000502: PUSH1 0x3f 00000504: RETURNDATASIZE 00000505: ADD 00000506: AND 00000507: DUP3 00000508: ADD 00000509: PUSH1 0x40 0000050b: MSTORE 0000050c: RETURNDATASIZE 0000050d: DUP3 0000050e: MSTORE 0000050f: RETURNDATASIZE 00000510: PUSH1 0x00 00000512: PUSH1 0x20 00000514: DUP5 00000515: ADD 00000516: RETURNDATACOPY 00000517: PUSH2 0x0520 0000051a: JUMP 0000051b: JUMPDEST 0000051c: PUSH1 0x60 0000051e: SWAP2 0000051f: POP 00000520: JUMPDEST 00000521: POP 00000522: SWAP2 00000523: POP 00000524: SWAP2 00000525: POP 00000526: PUSH2 0x0530 00000529: DUP3 0000052a: DUP3 0000052b: DUP7 0000052c: PUSH2 0x069d 0000052f: JUMP 00000530: JUMPDEST 00000531: SWAP7 00000532: SWAP6 00000533: POP 00000534: POP 00000535: POP 00000536: POP 00000537: POP 00000538: POP 00000539: JUMP 0000053a: JUMPDEST 0000053b: PUSH1 0x00 0000053d: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 0000055e: PUSH2 0x039d 00000561: JUMP 00000562: JUMPDEST 00000563: PUSH2 0x056b 00000566: DUP2 00000567: PUSH2 0x0298 0000056a: JUMP 0000056b: JUMPDEST 0000056c: PUSH2 0x05cd 0000056f: JUMPI 00000570: PUSH1 0x40 00000572: MLOAD 00000573: PUSH3 0x461bcd 00000577: PUSH1 0xe5 00000579: SHL 0000057a: DUP2 0000057b: MSTORE 0000057c: PUSH1 0x20 0000057e: PUSH1 0x04 00000580: DUP3 00000581: ADD 00000582: MSTORE 00000583: PUSH1 0x2d 00000585: PUSH1 0x24 00000587: DUP3 00000588: ADD 00000589: MSTORE 0000058a: PUSH32 0x455243313936373a206e657720696d706c656d656e746174696f6e206973206e 000005ab: PUSH1 0x44 000005ad: DUP3 000005ae: ADD 000005af: MSTORE 000005b0: PUSH13 0x1bdd08184818dbdb9d1c9858dd 000005be: PUSH1 0x9a 000005c0: SHL 000005c1: PUSH1 0x64 000005c3: DUP3 000005c4: ADD 000005c5: MSTORE 000005c6: PUSH1 0x84 000005c8: ADD 000005c9: PUSH2 0x0338 000005cc: JUMP 000005cd: JUMPDEST 000005ce: DUP1 000005cf: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000005f0: JUMPDEST 000005f1: DUP1 000005f2: SLOAD 000005f3: PUSH1 0x01 000005f5: PUSH1 0x01 000005f7: PUSH1 0xa0 000005f9: SHL 000005fa: SUB 000005fb: NOT 000005fc: AND 000005fd: PUSH1 0x01 000005ff: PUSH1 0x01 00000601: PUSH1 0xa0 00000603: SHL 00000604: SUB 00000605: SWAP3 00000606: SWAP1 00000607: SWAP3 00000608: AND 00000609: SWAP2 0000060a: SWAP1 0000060b: SWAP2 0000060c: OR 0000060d: SWAP1 0000060e: SSTORE 0000060f: POP 00000610: JUMP 00000611: JUMPDEST 00000612: PUSH1 0x01 00000614: PUSH1 0x01 00000616: PUSH1 0xa0 00000618: SHL 00000619: SUB 0000061a: DUP2 0000061b: AND 0000061c: PUSH2 0x0676 0000061f: JUMPI 00000620: PUSH1 0x40 00000622: MLOAD 00000623: PUSH3 0x461bcd 00000627: PUSH1 0xe5 00000629: SHL 0000062a: DUP2 0000062b: MSTORE 0000062c: PUSH1 0x20 0000062e: PUSH1 0x04 00000630: DUP3 00000631: ADD 00000632: MSTORE 00000633: PUSH1 0x26 00000635: PUSH1 0x24 00000637: DUP3 00000638: ADD 00000639: MSTORE 0000063a: PUSH32 0x455243313936373a206e65772061646d696e20697320746865207a65726f2061 0000065b: PUSH1 0x44 0000065d: DUP3 0000065e: ADD 0000065f: MSTORE 00000660: PUSH6 0x646472657373 00000667: PUSH1 0xd0 00000669: SHL 0000066a: PUSH1 0x64 0000066c: DUP3 0000066d: ADD 0000066e: MSTORE 0000066f: PUSH1 0x84 00000671: ADD 00000672: PUSH2 0x0338 00000675: JUMP 00000676: JUMPDEST 00000677: DUP1 00000678: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 00000699: PUSH2 0x05f0 0000069c: JUMP 0000069d: JUMPDEST 0000069e: PUSH1 0x60 000006a0: DUP4 000006a1: ISZERO 000006a2: PUSH2 0x06ac 000006a5: JUMPI 000006a6: POP 000006a7: DUP2 000006a8: PUSH2 0x0291 000006ab: JUMP 000006ac: JUMPDEST 000006ad: DUP3 000006ae: MLOAD 000006af: ISZERO 000006b0: PUSH2 0x06bc 000006b3: JUMPI 000006b4: DUP3 000006b5: MLOAD 000006b6: DUP1 000006b7: DUP5 000006b8: PUSH1 0x20 000006ba: ADD 000006bb: REVERT 000006bc: JUMPDEST 000006bd: DUP2 000006be: PUSH1 0x40 000006c0: MLOAD 000006c1: PUSH3 0x461bcd 000006c5: PUSH1 0xe5 000006c7: SHL 000006c8: DUP2 000006c9: MSTORE 000006ca: PUSH1 0x04 000006cc: ADD 000006cd: PUSH2 0x0338 000006d0: SWAP2 000006d1: SWAP1 000006d2: PUSH2 0x07a1 000006d5: JUMP 000006d6: JUMPDEST 000006d7: DUP1 000006d8: CALLDATALOAD 000006d9: PUSH1 0x01 000006db: PUSH1 0x01 000006dd: PUSH1 0xa0 000006df: SHL 000006e0: SUB 000006e1: DUP2 000006e2: AND 000006e3: DUP2 000006e4: EQ 000006e5: PUSH2 0x029d 000006e8: JUMPI 000006e9: PUSH1 0x00 000006eb: DUP1 000006ec: REVERT 000006ed: JUMPDEST 000006ee: PUSH1 0x00 000006f0: PUSH1 0x20 000006f2: DUP3 000006f3: DUP5 000006f4: SUB 000006f5: SLT 000006f6: ISZERO 000006f7: PUSH2 0x06fe 000006fa: JUMPI 000006fb: DUP1 000006fc: DUP2 000006fd: REVERT 000006fe: JUMPDEST 000006ff: PUSH2 0x0291 00000702: DUP3 00000703: PUSH2 0x06d6 00000706: JUMP 00000707: JUMPDEST 00000708: PUSH1 0x00 0000070a: DUP1 0000070b: PUSH1 0x00 0000070d: PUSH1 0x40 0000070f: DUP5 00000710: DUP7 00000711: SUB 00000712: SLT 00000713: ISZERO 00000714: PUSH2 0x071b 00000717: JUMPI 00000718: DUP2 00000719: DUP3 0000071a: REVERT 0000071b: JUMPDEST 0000071c: PUSH2 0x0724 0000071f: DUP5 00000720: PUSH2 0x06d6 00000723: JUMP 00000724: JUMPDEST 00000725: SWAP3 00000726: POP 00000727: PUSH1 0x20 00000729: DUP5 0000072a: ADD 0000072b: CALLDATALOAD 0000072c: PUSH8 0xffffffffffffffff 00000735: DUP1 00000736: DUP3 00000737: GT 00000738: ISZERO 00000739: PUSH2 0x0740 0000073c: JUMPI 0000073d: DUP4 0000073e: DUP5 0000073f: REVERT 00000740: JUMPDEST 00000741: DUP2 00000742: DUP7 00000743: ADD 00000744: SWAP2 00000745: POP 00000746: DUP7 00000747: PUSH1 0x1f 00000749: DUP4 0000074a: ADD 0000074b: SLT 0000074c: PUSH2 0x0753 0000074f: JUMPI 00000750: DUP4 00000751: DUP5 00000752: REVERT 00000753: JUMPDEST 00000754: DUP2 00000755: CALLDATALOAD 00000756: DUP2 00000757: DUP2 00000758: GT 00000759: ISZERO 0000075a: PUSH2 0x0761 0000075d: JUMPI 0000075e: DUP5 0000075f: DUP6 00000760: REVERT 00000761: JUMPDEST 00000762: DUP8 00000763: PUSH1 0x20 00000765: DUP3 00000766: DUP6 00000767: ADD 00000768: ADD 00000769: GT 0000076a: ISZERO 0000076b: PUSH2 0x0772 0000076e: JUMPI 0000076f: DUP5 00000770: DUP6 00000771: REVERT 00000772: JUMPDEST 00000773: PUSH1 0x20 00000775: DUP4 00000776: ADD 00000777: SWAP5 00000778: POP 00000779: DUP1 0000077a: SWAP4 0000077b: POP 0000077c: POP 0000077d: POP 0000077e: POP 0000077f: SWAP3 00000780: POP 00000781: SWAP3 00000782: POP 00000783: SWAP3 00000784: JUMP 00000785: JUMPDEST 00000786: PUSH1 0x00 00000788: DUP3 00000789: MLOAD 0000078a: PUSH2 0x0797 0000078d: DUP2 0000078e: DUP5 0000078f: PUSH1 0x20 00000791: DUP8 00000792: ADD 00000793: PUSH2 0x07d4 00000796: JUMP 00000797: JUMPDEST 00000798: SWAP2 00000799: SWAP1 0000079a: SWAP2 0000079b: ADD 0000079c: SWAP3 0000079d: SWAP2 0000079e: POP 0000079f: POP 000007a0: JUMP 000007a1: JUMPDEST 000007a2: PUSH1 0x00 000007a4: PUSH1 0x20 000007a6: DUP3 000007a7: MSTORE 000007a8: DUP3 000007a9: MLOAD 000007aa: DUP1 000007ab: PUSH1 0x20 000007ad: DUP5 000007ae: ADD 000007af: MSTORE 000007b0: PUSH2 0x07c0 000007b3: DUP2 000007b4: PUSH1 0x40 000007b6: DUP6 000007b7: ADD 000007b8: PUSH1 0x20 000007ba: DUP8 000007bb: ADD 000007bc: PUSH2 0x07d4 000007bf: JUMP 000007c0: JUMPDEST 000007c1: PUSH1 0x1f 000007c3: ADD 000007c4: PUSH1 0x1f 000007c6: NOT 000007c7: AND 000007c8: SWAP2 000007c9: SWAP1 000007ca: SWAP2 000007cb: ADD 000007cc: PUSH1 0x40 000007ce: ADD 000007cf: SWAP3 000007d0: SWAP2 000007d1: POP 000007d2: POP 000007d3: JUMP 000007d4: JUMPDEST 000007d5: PUSH1 0x00 000007d7: JUMPDEST 000007d8: DUP4 000007d9: DUP2 000007da: LT 000007db: ISZERO 000007dc: PUSH2 0x07ef 000007df: JUMPI 000007e0: DUP2 000007e1: DUP2 000007e2: ADD 000007e3: MLOAD 000007e4: DUP4 000007e5: DUP3 000007e6: ADD 000007e7: MSTORE 000007e8: PUSH1 0x20 000007ea: ADD 000007eb: PUSH2 0x07d7 000007ee: JUMP 000007ef: JUMPDEST 000007f0: DUP4 000007f1: DUP2 000007f2: GT 000007f3: ISZERO 000007f4: PUSH2 0x0405 000007f7: JUMPI 000007f8: POP 000007f9: POP 000007fa: PUSH1 0x00 000007fc: SWAP2 000007fd: ADD 000007fe: MSTORE 000007ff: JUMP 00000800: INVALID 00000801: COINBASE 00000802: PUSH5 0x6472657373 00000808: GASPRICE 00000809: KECCAK256 0000080a: PUSH13 0x6f772d6c6576656c2064656c65 00000818: PUSH8 0x6174652063616c6c 00000821: KECCAK256 00000822: PUSH7 0x61696c6564a264 0000082a: PUSH10 0x7066735822122093f028 00000835: UNKNOWN(0x25) 00000836: POP 00000837: CALLDATALOAD 00000838: UNKNOWN(0xB6) 00000839: SAR 0000083a: DELEGATECALL 0000083b: PUSH23 0xb13b9dba3c4f06f60e51b9b4caee31680b389aef327f64 00000853: PUSH20
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0x261cf4589de82a66f161dd9d2a179d112dc1ad59d151b22c052f74b84981195a
call_targets:
0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 2,
"trace_id": "0x261cf4589de82a66f161dd9d2a179d112dc1ad59d151b22c052f74b84981195a",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 867,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1260,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 2106,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 3,
"untrusted_delegatecall_count": 3
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 3
}
|
| low | reentrancy | codex | Computed low-level CALL target/value reachable (reentrancy/permission uncertainty) | 65 | no | — |
viewevidence_json{
"evidence": "Low-level CALL in runtime bytecode at pc:8052 with computed target/value; Address.functionCallWithValue-style checks are present but do not prove access control or state-ordering.",
"locations": [
"pc:8052"
],
"recommendation": "Confirm which public/external functions reach the CALL at pc:8052 and ensure they enforce strict access control and checks-effects-interactions or a nonReentrant guard. If the call is intended only for ERC20 operations, restrict targets to known token addresses and keep `value` at zero.",
"exploit_scenario": "If any externally callable path lets an attacker influence the CALL target/value (or triggers it after state changes), a malicious target could reenter or receive ETH unexpectedly. Trace-based validation only observed a constant self-target in one run, so the true target may still vary depending on calldata/storage, and guards are not reliably detectable from bytecode."
}
|