019c0ea9-0820-7077-8c15-dac863742bd6
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41753 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41754 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41755 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41756 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41757 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41758 | detector.run | complete | 1 / 3 | 2 months ago |
| 41759 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42320 | report.consolidate | complete | 2 / 6 | 2 months ago |
| 42321 | tool.slither | complete | 1 / 2 | 2 months ago |
{
"method": "etherscan+onchain",
"status": "confirmed",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0xeda4c4067bdd708bb75ac620e1e2215a747a1f39"
}
},
"implementation": "0xeda4c4067bdd708bb75ac620e1e2215a747a1f39",
"onchain_method": "eip1967"
}
'forge clean' running (wd: /tmp/slither-80j7c25b)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-80j7c25b)
TransparentUpgradeableProxy.admin() (contracts/Contract.sol#707) calls TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
TransparentUpgradeableProxy.implementation() (contracts/Contract.sol#723-724) calls TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
TransparentUpgradeableProxy.changeAdmin(address) (contracts/Contract.sol#732-734) calls TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
TransparentUpgradeableProxy.upgradeTo(address) (contracts/Contract.sol#736-738) calls TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
TransparentUpgradeableProxy.upgradeToAndCall(address,bytes) (contracts/Contract.sol#750-757) calls TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) calls Proxy._fallback() (contracts/Contract.sol#58-61) which halt the execution return(uint256,uint256)(0,returndatasize()()) (contracts/Contract.sol#42-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-return-in-assembly
ERC1967Upgrade._upgradeToAndCall(address,bytes,bool) (contracts/Contract.sol#489-499) ignores return value by Address.functionDelegateCall(newImplementation,data) (contracts/Contract.sol#498-499)
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (contracts/Contract.sol#603-612) ignores return value by Address.functionDelegateCall(IBeacon(newBeacon).implementation(),data) (contracts/Contract.sol#608-612)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
CCProxy.constructor(address,address,bytes)._admin (contracts/Contract.sol#951) shadows:
- TransparentUpgradeableProxy._admin() (contracts/Contract.sol#757-760) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
Modifier TransparentUpgradeableProxy.ifAdmin() (contracts/Contract.sol#690-694) does not always execute _; or revert
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Proxy._delegate(address) (contracts/Contract.sol#22-44) uses assembly
- INLINE ASM (contracts/Contract.sol#24-44)
Address.verifyCallResult(bool,bytes,string) (contracts/Contract.sol#324-344) uses assembly
- INLINE ASM (contracts/Contract.sol#337-342)
StorageSlot.getAddressSlot(bytes32) (contracts/Contract.sol#388-395) uses assembly
- INLINE ASM (contracts/Contract.sol#391-395)
StorageSlot.getBooleanSlot(bytes32) (contracts/Contract.sol#401-408) uses assembly
- INLINE ASM (contracts/Contract.sol#408)
StorageSlot.getBytes32Slot(bytes32) (contracts/Contract.sol#410-417) uses assembly
- INLINE ASM (contracts/Contract.sol#417)
StorageSlot.getUint256Slot(bytes32) (contracts/Contract.sol#419-426) uses assembly
- INLINE ASM (contracts/Contract.sol#426)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
4 different versions of Solidity are used:
- Version constraint ^0.8.0 is used by:
-^0.8.0 (contracts/Contract.sol#4-6)
-^0.8.0 (contracts/Contract.sol#90)
-^0.8.0 (contracts/Contract.sol#109)
-^0.8.0 (contracts/Contract.sol#347)
-^0.8.0 (contracts/Contract.sol#613)
-^0.8.0 (contracts/Contract.sol#649-651)
-^0.8.0 (contracts/Contract.sol#770)
-^0.8.0 (contracts/Contract.sol#798-799)
-^0.8.0 (contracts/Contract.sol#871-874)
- Version constraint ^0.8.1 is used by:
-^0.8.1 (contracts/Contract.sol#132)
- Version constraint ^0.8.2 is used by:
-^0.8.2 (contracts/Contract.sol#432-435)
- Version constraint =0.8.2 is used by:
-=0.8.2 (contracts/Contract.sol#945-946)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
Context._msgData() (contracts/Contract.sol#790-793) is never used and should be removed
ERC1967Upgrade._getBeacon() (contracts/Contract.sol#577-582) is never used and should be removed
ERC1967Upgrade._setBeacon(address) (contracts/Contract.sol#583-593) is never used and should be removed
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (contracts/Contract.sol#603-612) is never used and should be removed
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (contracts/Contract.sol#506-531) is never used and should be removed
TransparentUpgradeableProxy._admin() (contracts/Contract.sol#757-760) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Version constraint ^0.8.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- ^0.8.0 (contracts/Contract.sol#4-6)
- ^0.8.0 (contracts/Contract.sol#90)
- ^0.8.0 (contracts/Contract.sol#109)
- ^0.8.0 (contracts/Contract.sol#347)
- ^0.8.0 (contracts/Contract.sol#613)
- ^0.8.0 (contracts/Contract.sol#649-651)
- ^0.8.0 (contracts/Contract.sol#770)
- ^0.8.0 (contracts/Contract.sol#798-799)
- ^0.8.0 (contracts/Contract.sol#871-874)
Version constraint ^0.8.1 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- ^0.8.1 (contracts/Contract.sol#132)
Version constraint ^0.8.2 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- ^0.8.2 (contracts/Contract.sol#432-435)
Version constraint =0.8.2 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- =0.8.2 (contracts/Contract.sol#945-946)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
Low level call in Address.sendValue(address,uint256) (contracts/Contract.sol#190-194):
- (success,None) = recipient.call{value: amount}() (contracts/Contract.sol#191-193)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (contracts/Contract.sol#253-267):
- (success,returndata) = target.call{value: value}(data) (contracts/Contract.sol#264-266)
Low level call in Address.functionStaticCall(address,bytes,string) (contracts/Contract.sol#280-293):
- (success,returndata) = target.staticcall(data) (contracts/Contract.sol#288-290)
Low level call in Address.functionDelegateCall(address,bytes,string) (contracts/Contract.sol#307-319):
- (success,returndata) = target.delegatecall(data) (contracts/Contract.sol#313-317)
Low level call in ProxyAdmin.getProxyImplementation(TransparentUpgradeableProxy) (contracts/Contract.sol#884-897):
- (success,returndata) = address(proxy).staticcall(0x5c60da1b) (contracts/Contract.sol#892-894)
Low level call in ProxyAdmin.getProxyAdmin(TransparentUpgradeableProxy) (contracts/Contract.sol#904-914):
- (success,returndata) = address(proxy).staticcall(0xf851a440) (contracts/Contract.sol#912-914)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
. analyzed (13 contracts with 100 detectors), 33 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.2",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.2",
"install_stderr": null,
"install_stdout": "Version '0.8.2' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-80j7c25b --allow-paths /tmp/slither-80j7c25b,/tmp/slither-80j7c25b/lib,/tmp/slither-80j7c25b/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 33,
"workspace_hash": "fb8084ed8aa7527e57544e12abed44af0f4dcbf1698c589e1329e054f21ee1d7",
"duration_seconds": 1.2210156917572021,
"solc_version_requested": "0.8.2"
}
{"no_findings":false,"summary":"Potential reentrancy surface around low-level CALLs that can transfer ETH/value; guard detection is empty and call targets are computed, so external reentry is possible if state updates occur after these calls.","findings":[{"severity":"medium","category":"reentrancy","title":"External CALLs with value and computed targets lack an explicit reentrancy guard","exploit_scenario":"If a release/transfer path updates state after making the low-level CALL, a malicious recipient or token contract can reenter the contract during the external call and trigger the same release/transfer again, potentially draining funds or corrupting accounting. This is a risk even when calls are intended for ERC20s or recipients because the target is computed and can carry ETH.","recommendation":"Add a reentrancy guard around asset release/transfer flows or enforce checks-effects-interactions (write state before external calls). If possible, restrict targets to vetted token contracts and minimize value-bearing CALLs.","evidence":"Detector flags show CALL sinks with computed target/value and no guards detected; ETH value transfer is possible. Calls observed at pc 8783 and pc 10887 (CALL opcodes). Validation trace resolved the target to self for one path, so the risk depends on runtime target selection and state-update ordering.","locations":["pc:0x224f","pc:0x2a87"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-o8cuuraw
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0fbc-d8f6-7130-91bf-2f0b27fb2585
--------
user
Context: The user requested the proxy at 0xfdeaf7d9ab542c6ad617666015e512fa1633b8a0.
Audit the implementation at 0xeda4c4067bdd708bb75ac620e1e2215a747a1f39.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-o8cuuraw succeeded in 7ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-o8cuuraw succeeded in 15ms:
{
"analysis_artifact": {
"address": "0xeda4c4067bdd708bb75ac620e1e2215a747a1f39",
"artifact_hash": "0xf6fc7f51ac5129ce2076470e9d74849d82267c83265672c1d0b90e7c7b98b2bc",
"artifact_json": {
"auth": {
"guards": []
},
"basic_blocks": [
{
"end_pc": 12,
"hash": "0x0b6eca42904daa282c46755cddac3ceb4b5fb559336310fd0951cd9ddd07694a",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"CALLDATASIZE",
"LT",
"PUSH2",
exec
/bin/bash -lc 'rg -n "evidence|storage|slot|selector|function" BYTECODE_BUNDLE.json | head' in /tmp/codex-o8cuuraw succeeded in 24ms:
18223: "dispatcher_type": "selector_jump_table",
18224: "function_entries": [
18227: "selector": "0xf9c243df"
18231: "selector": "0xfa7643f4"
18235: "selector": "0xfeaec775"
18239: "selector": "0xffec41de"
18243: "selector": "0xf2fde38b"
18247: "selector": "0xf454fd9b"
18251: "selector": "0xf62d1888"
18255: "selector": "0xf851a440"
exec
/bin/bash -lc "sed -n '18180,18380p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
},
{
"from": "bb:13620",
"to": "bb:13640",
"type": "control_flow"
},
{
"from": "bb:13620",
"to": "bb:13633",
"type": "control_flow_fallthrough"
},
{
"from": "bb:13633",
"to": "bb:13647",
"type": "control_flow"
},
{
"from": "bb:13691",
"to": "bb:8298",
"type": "control_flow"
exec
/bin/bash -lc "rg -n \"\\\"pc\\\": 8783|\\\"pc\\\": 10887\" BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
13978: "pc": 8783,
13999: "pc": 10887,
40910: "pc": 8783,
40928: "pc": 10887,
41140: "pc": 8783,
41147: "pc": 10887,
41185: "pc": 8783,
41192: "pc": 10887,
exec
/bin/bash -lc "sed -n '40860,40960p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 11ms:
"start_pc": 13760,
"type": "basic_block"
},
{
"end_pc": 13772,
"hash": "0xd0ddb952a3db726e10b5dfeddc2e89e1aa1f13eac90c4066d1b54920d5bec8a6",
"id": "bb:13770",
"start_pc": 13770,
"type": "basic_block"
},
{
"end_pc": 13773,
"hash": "0xe328fed1bbac74aebfb7c49cbb4096dc104a0da63ded047038ae48484c4e6127",
"id": "bb:13773",
"start_pc": 13773,
"type": "basic_block"
},
{
"id": "call:2074",
"opcode": "STATICCALL",
exec
/bin/bash -lc 'rg -n "8783" BYTECODE_BUNDLE.json | head -n 20' in /tmp/codex-o8cuuraw succeeded in 8ms:
11322: "hash": "0x942547efb641b89d39099636dcd694c3d1b1f0176de79bafa7afa85b05a08783",
13978: "pc": 8783,
35461: "to": "call:8783",
35465: "from": "call:8783",
39724: "hash": "0x942547efb641b89d39099636dcd694c3d1b1f0176de79bafa7afa85b05a08783",
40908: "id": "call:8783",
40910: "pc": 8783,
41140: "pc": 8783,
41185: "pc": 8783,
exec
/bin/bash -lc "sed -n '39680,39760p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
{
"end_pc": 11653,
"hash": "0xb1bc32fd8e0c7e8e6fdbef104a042ed36c2bb6b2133e29352a45fa70dedf8049",
"id": "bb:11642",
"start_pc": 11642,
"type": "basic_block"
},
{
"end_pc": 11674,
"hash": "0xd155881560ba752e868275051911d9649a83f5ba17c3b9666b39403982618a8c",
"id": "bb:11654",
"start_pc": 11654,
"type": "basic_block"
},
{
"end_pc": 11677,
"hash": "0x9a7c8acc5a03268608f4bed6f19a9bc825b58648928c124c90c53346e6a7947c",
"id": "bb:11675",
"start_pc": 11675,
"type": "basic_block"
exec
/bin/bash -lc "sed -n '11280,11360p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 9ms:
"JUMPDEST",
"OP_98",
"OP_9B",
"OP_97",
"OP_9A",
"POP",
"OP_95",
"OP_98",
"POP",
"OP_93",
"OP_96",
"OP_92",
"OP_95",
"OP_92",
"OP_93",
"POP",
"POP",
"POP",
"JUMP"
],
exec
/bin/bash -lc 'rg -n "start_pc": 87" BYTECODE_BUNDLE.json | head' in /tmp/codex-o8cuuraw exited 2 in 5ms:
/bin/bash: -c: line 1: unexpected EOF while looking for matching `"'
/bin/bash: -c: line 2: syntax error: unexpected end of file
exec
/bin/bash -lc 'rg -n "start_pc": 87 BYTECODE_BUNDLE.json | head' in /tmp/codex-o8cuuraw succeeded in 27ms:
rg: 87: No such file or directory (os error 2)
exec
/bin/bash -lc "rg -n 'start_pc\": 87' BYTECODE_BUNDLE.json | head" in /tmp/codex-o8cuuraw succeeded in 8ms:
1055: "start_pc": 873
8431: "start_pc": 8751
8445: "start_pc": 8796
36065: "start_pc": 873,
38655: "start_pc": 8751,
38662: "start_pc": 8796,
exec
/bin/bash -lc "sed -n '8390,8465p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
{
"end_pc": 8795,
"hash": "0xfe142d05918cf0e8b962dcc1b4d523cf37726060778c33250f110c4b436318c6",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"PUSH1",
"PUSH1",
"PUSH1",
"SHL",
"SUB",
"OP_85",
"AND",
"OP_90",
"OP_82",
"ISZERO",
"PUSH2",
"MUL",
"OP_90",
exec
/bin/bash -lc "rg -n '\"call\": 2' BYTECODE_BUNDLE.json | head" in /tmp/codex-o8cuuraw succeeded in 8ms:
18358: "call": 2,
18752: "call": 2,
19146: "call": 2,
19540: "call": 2,
19934: "call": 2,
20328: "call": 2,
20722: "call": 2,
21116: "call": 2,
21510: "call": 2,
21904: "call": 2,
exec
/bin/bash -lc "sed -n '18340,18420p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 11ms:
},
{
"entry_pc": 300586198,
"selector": "0x041ae880"
},
{
"entry_pc": null,
"selector": "0x11ea94d6"
}
],
"functions": [
{
"auth": {
"guards": []
},
"entry_pc": 4190258143,
"selector": "0xf9c243df",
"sinks": {
"call": 2,
"delegatecall": 0,
exec
/bin/bash -lc "rg -n 'start_pc\": 108' BYTECODE_BUNDLE.json | head" in /tmp/codex-o8cuuraw succeeded in 8ms:
1360: "start_pc": 1085
10162: "start_pc": 10846
10192: "start_pc": 10874
36233: "start_pc": 1085,
39215: "start_pc": 10846,
39222: "start_pc": 10874,
exec
/bin/bash -lc "sed -n '10140,10220p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"hash": "0xd090b3020fd64e8b0406406451777efb2186d78069a2f86af93f1f1503e27b50",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"OP_86",
"PUSH1",
"PUSH1",
"PUSH1",
"SHL",
"SUB",
"AND",
"OP_85",
"OP_87",
"PUSH1",
"MLOAD",
"PUSH2",
"OP_91",
"OP_90",
"PUSH2",
exec
/bin/bash -lc "rg -n 'evidence_bundle|evidence_json|evidence' BYTECODE_BUNDLE.json | head -n 20" in /tmp/codex-o8cuuraw succeeded in 8ms:
31055: "proxy_evidence": {
41135: "evidence_json": {
41180: "evidence_json": {
exec
/bin/bash -lc "sed -n '31020,31120p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 9ms:
},
"implementation": "0xeda4c4067bdd708bb75ac620e1e2215a747a1f39",
"method": "etherscan+onchain",
"onchain_method": "eip1967",
"status": "confirmed"
},
"parent": {
"address": "0xfdeaf7d9ab542c6ad617666015e512fa1633b8a0",
"block_number": null,
"chain_id": 1,
"created_at": "2026-01-30T11:28:04.000000Z",
"id": "019c0ea9-0820-7077-8c15-dac863742bd6",
"status": "running",
"updated_at": "2026-01-30T11:29:25.000000Z"
},
"parent_run_id": "019c0ea9-0820-7077-8c15-dac863742bd6",
"updated_at": "2026-01-30T11:29:26.000000Z"
}
],
"status": "complete",
exec
/bin/bash -lc "python - <<'PY'
import json, binascii, re
with open('/tmp/codex-o8cuuraw/BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
rt=data['artifact']['runtime_bytecode']['full']
if rt.startswith('0x'): rt=rt[2:]
bs=binascii.unhexlify(rt)
# extract printable ASCII strings length>=4
strings=[]
cur=b''
for b in bs:
if 32 <= b < 127:
cur+=bytes([b])
else:
if len(cur)>=4:
strings.append(cur.decode())
cur=b''
if len(cur)>=4:
strings.append(cur.decode())
# filter interesting ones
interesting=[s for s in strings if '/' in s or 'Safe' in s or 'ERC20' in s or 'Ownable' in s]
for s in interesting:
print(s)
PY" in /tmp/codex-o8cuuraw succeeded in 44ms:
a/,V[a
MultiSignCore/null-address
MultiSignCore/address-0
MultiSignCore/witness-exists
MultiSignCore/null-address
MultiSignCore/witness-not-exists`D
regToken/native-symbol-reserved
regToken/invalid-address
regToken/invalid-decimals
regToken/invalid-symbol
regToken/token-registered
lockAsset/amount-is-zero
lockAsset/native-amount-invalid
lockAsset/symbol-invalid
lockAsset/no-need-msg-value
lockAsset/insufficient-balance
lockAsset/insufficient-allowance`D
releaseAsset/duplicated
releaseAsset/signature-error
MultiSignCore/invalid-signer
exec
/bin/bash -lc "sed -n '8340,8850p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 11ms:
"JUMPI"
],
"start_pc": 8666
},
{
"end_pc": 8679,
"hash": "0x193815f10b25ef487f0c99a57a646bed3a3ffda659b71ded1aae2b2a822b55b0",
"opcodes": [
"OP_80",
"SELFBALANCE",
"LT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 8672
},
{
"end_pc": 8750,
"hash": "0x028cbd838e067a86b8c2b4d08ba6d05241416d51541141a7aa3a45a438da8be5",
exec
/bin/bash -lc "rg -n 'CHAINID' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 7ms:
6223: "CHAINID",
exec
/bin/bash -lc "sed -n '6200,6240p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"end_pc": 6454,
"hash": "0xbf5e1b1c4def3b78b3f94e1cd5439ee24076e82fae77a97b6c5f91b48af9325e",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH1",
"OP_8C",
"ADD",
"OP_8C",
"PUSH2",
"JUMP"
],
"start_pc": 6442
},
{
"end_pc": 6482,
"hash": "0x1d8b6f407f761416ce60dbeb04c3798c26b8f2284f120d4e4ab1de4ecf6830c5",
"opcodes": [
"JUMPDEST",
"OP_8C",
exec
/bin/bash -lc "sed -n '35440,35490p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"from": "bb:5546",
"to": "call:5549",
"type": "contains"
},
{
"from": "call:5549",
"to": "sink:staticcall",
"type": "capability"
},
{
"from": "bb:5751",
"to": "call:5754",
"type": "contains"
},
{
"from": "call:5754",
"to": "sink:staticcall",
"type": "capability"
},
{
exec
/bin/bash -lc "sed -n '35490,35540p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"from": "bb:10874",
"to": "call:10887",
"type": "contains"
},
{
"from": "call:10887",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 12,
"hash": "0x0b6eca42904daa282c46755cddac3ceb4b5fb559336310fd0951cd9ddd07694a",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 29,
exec
/bin/bash -lc "rg -n 'fn:' BYTECODE_BUNDLE.json | head" in /tmp/codex-o8cuuraw succeeded in 8ms:
35295: "from": "fn:0xf9c243df",
35300: "from": "fn:0xfa7643f4",
35305: "from": "fn:0xfeaec775",
35310: "from": "fn:0xf2fde38b",
35315: "from": "fn:0xf454fd9b",
35320: "from": "fn:0xf62d1888",
35325: "from": "fn:0xcab28a78",
35330: "from": "fn:0xd3c47427",
35335: "from": "fn:0xdcebec5c",
35340: "from": "fn:0xa531494e",
exec
/bin/bash -lc "sed -n '35280,35320p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"from": "bb:13705",
"to": "bb:8298",
"type": "control_flow"
},
{
"from": "bb:13705",
"to": "bb:13716",
"type": "control_flow_fallthrough"
},
{
"from": "bb:13721",
"to": "bb:13760",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0xf9c243df",
"to": "bb:4190258143",
"type": "entry"
},
{
exec
/bin/bash -lc "python - <<'PY'
import json
with open('/tmp/codex-o8cuuraw/BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
blocks=data['analysis_artifact']['artifact_json']['basic_blocks']
# find blocks containing SSTORE and print start_pc in range around 8600-8900 or 10800-11000
for b in blocks:
if any(op=='SSTORE' for op in b['opcodes']):
if 8600 <= b['start_pc'] <= 8900 or 8600 <= b['end_pc'] <= 8900 or 10800 <= b['start_pc'] <= 11000 or 10800 <= b['end_pc'] <= 11000:
print(b['start_pc'], b['end_pc'], b['opcodes'])
PY" in /tmp/codex-o8cuuraw succeeded in 36ms:
exec
/bin/bash -lc "python - <<'PY'
import json, binascii
const=bytes.fromhex('7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0')
with open('/tmp/codex-o8cuuraw/BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
rt=data['artifact']['runtime_bytecode']['full']
bs=binascii.unhexlify(rt[2:])
print('const found', bs.find(const)"'!=-1)
PY' in /tmp/codex-o8cuuraw succeeded in 33ms:
const found False
exec
/bin/bash -lc "rg -n 'ORIGIN' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw exited 1 in 7ms:
exec
/bin/bash -lc "python - <<'PY'
import hashlib
sigs=['implementation()','admin()','changeAdmin(address)','upgradeTo(address)','upgradeToAndCall(address,bytes)','proxiableUUID()','getAdmin()','getImplementation()']
for s in sigs:
h=hashlib.sha3_256(s.encode()).hexdigest()[:8]
print(s, '0x'+h)
PY" in /tmp/codex-o8cuuraw succeeded in 20ms:
implementation() 0xf5d97006
admin() 0xeb8325fb
changeAdmin(address) 0x89a7fa41
upgradeTo(address) 0x6b59108d
upgradeToAndCall(address,bytes) 0xcf495528
proxiableUUID() 0x9b4a4562
getAdmin() 0x53fded68
getImplementation() 0xdd2bd2ee
exec
/bin/bash -lc "python - <<'PY'
try:
import sha3
except Exception as e:
print('no sha3', e)
raise
for s in ['implementation()','admin()','upgradeTo(address)','upgradeToAndCall(address,bytes)','changeAdmin(address)','getImplementation()','proxiableUUID()']:
k=sha3.keccak_256(s.encode()).hexdigest()[:8]
print(s, '0x'+k)
PY" in /tmp/codex-o8cuuraw exited 1 in 33ms:
no sha3 No module named 'sha3'
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
ModuleNotFoundError: No module named 'sha3'
exec
/bin/bash -lc "python - <<'PY'
try:
from Crypto.Hash import keccak
print('pycryptodome available')
def k256(s):
k=keccak.new(digest_bits=256)
k.update(s.encode())
return k.hexdigest()[:8]
for s in ['implementation()','admin()','upgradeTo(address)','upgradeToAndCall(address,bytes)','changeAdmin(address)','proxiableUUID()','getImplementation()','getAdmin()']:
print(s, '0x'+k256(s))
except Exception as e:
print('no Crypto', e)
PY" in /tmp/codex-o8cuuraw succeeded in 60ms:
pycryptodome available
implementation() 0x5c60da1b
admin() 0xf851a440
upgradeTo(address) 0x3659cfe6
upgradeToAndCall(address,bytes) 0x4f1ef286
changeAdmin(address) 0x8f283970
proxiableUUID() 0x52d1902d
getImplementation() 0xaaf10f42
getAdmin() 0x6e9960c3
exec
/bin/bash -lc "python - <<'PY'
import json
with open('/tmp/codex-o8cuuraw/BYTECODE_BUNDLE.json','r') as f:
data=json.load(f)
# find storage writes summary maybe in functions list
funcs=data['analysis_artifact']['artifact_json']['functions']
slots=set()
for fn in funcs:
for s in fn.get('storage',{}).get('slots',[]):
if s.get('op')=='SSTORE':
slots.add(s['slot'])
print('SSTORE slots', len(slots))
print(sorted(list(slots))[:20])
PY" in /tmp/codex-o8cuuraw succeeded in 35ms:
SSTORE slots 4
['0x0000000000000000000000000000000000000000000000000000000000000000', '0x0d33af2381f036762445cec5d4a21f68c50c4236845f915b6e15419695c64367', '0x332aea18fc605b6be38db00074cd3c21a757c11fee654fd98c382a2e49ea2297', '0xa57582a20eb2f0c4265459d1d9ef9990b45fa7a768b2a47481ff82b5e0864d78']
exec
/bin/bash -lc "sed -n '10220,10310p' BYTECODE_BUNDLE.json" in /tmp/codex-o8cuuraw succeeded in 8ms:
"RETURNDATACOPY",
"PUSH2",
"JUMP"
],
"start_pc": 10902
},
{
"end_pc": 10939,
"hash": "0x7b1e82bbea92643174344f6cbd8120814d244db1be24cc28eeabc7b094275138",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_91",
"POP"
],
"start_pc": 10935
},
{
"end_pc": 10959,
"hash": "0x0bf4a8ddc8005217f11aeb415e746a3e285fd22a790c802d9b9df1c37af64284",
codex
{"no_findings":false,"summary":"Potential reentrancy surface around low-level CALLs that can transfer ETH/value; guard detection is empty and call targets are computed, so external reentry is possible if state updates occur after these calls.","findings":[{"severity":"medium","category":"reentrancy","title":"External CALLs with value and computed targets lack an explicit reentrancy guard","exploit_scenario":"If a release/transfer path updates state after making the low-level CALL, a malicious recipient or token contract can reenter the contract during the external call and trigger the same release/transfer again, potentially draining funds or corrupting accounting. This is a risk even when calls are intended for ERC20s or recipients because the target is computed and can carry ETH.","recommendation":"Add a reentrancy guard around asset release/transfer flows or enforce checks-effects-interactions (write state before external calls). If possible, restrict targets to vetted token contracts and minimize value-bearing CALLs.","evidence":"Detector flags show CALL sinks with computed target/value and no guards detected; ETH value transfer is possible. Calls observed at pc 8783 and pc 10887 (CALL opcodes). Validation trace resolved the target to self for one path, so the risk depends on runtime target selection and state-update ordering.","locations":["pc:0x224f","pc:0x2a87"]}]}
tokens used
71,834
{
"codex": {
"ran_at": "2026-01-30T16:35:49.027140+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 27550,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Potential reentrancy surface around low-level CALLs that can transfer ETH/value; guard detection is empty and call targets are computed, so external reentry is possible if state updates occur after these calls.",
"raw_final": {
"summary": "Potential reentrancy surface around low-level CALLs that can transfer ETH/value; guard detection is empty and call targets are computed, so external reentry is possible if state updates occur after these calls.",
"findings": [
{
"title": "External CALLs with value and computed targets lack an explicit reentrancy guard",
"category": "reentrancy",
"evidence": "Detector flags show CALL sinks with computed target/value and no guards detected; ETH value transfer is possible. Calls observed at pc 8783 and pc 10887 (CALL opcodes). Validation trace resolved the target to self for one path, so the risk depends on runtime target selection and state-update ordering.",
"severity": "medium",
"locations": [
"pc:0x224f",
"pc:0x2a87"
],
"recommendation": "Add a reentrancy guard around asset release/transfer flows or enforce checks-effects-interactions (write state before external calls). If possible, restrict targets to vetted token contracts and minimize value-bearing CALLs.",
"exploit_scenario": "If a release/transfer path updates state after making the low-level CALL, a malicious recipient or token contract can reenter the contract during the external call and trigger the same release/transfer again, potentially draining funds or corrupting accounting. This is a risk even when calls are intended for ERC20s or recipients because the target is computed and can carry ETH."
}
],
"no_findings": false
},
"no_findings": false,
"proxy_context": {
"proxy_run_id": "019c0ea9-0820-7077-8c15-dac863742bd6",
"proxy_address": "0xfdeaf7d9ab542c6ad617666015e512fa1633b8a0",
"implementation_run_id": "019c0eaa-46e2-714b-a04f-a45cdb834d69",
"implementation_address": "0xeda4c4067bdd708bb75ac620e1e2215a747a1f39"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004e 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x3659cfe6 00000019: EQ 0000001a: PUSH2 0x0065 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x4f1ef286 00000024: EQ 00000025: PUSH2 0x0085 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x5c60da1b 0000002f: EQ 00000030: PUSH2 0x0098 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8f283970 0000003a: EQ 0000003b: PUSH2 0x00c9 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf851a440 00000045: EQ 00000046: PUSH2 0x00e9 00000049: JUMPI 0000004a: PUSH2 0x005d 0000004d: JUMP 0000004e: JUMPDEST 0000004f: CALLDATASIZE 00000050: PUSH2 0x005d 00000053: JUMPI 00000054: PUSH2 0x005b 00000057: PUSH2 0x00fe 0000005a: JUMP 0000005b: JUMPDEST 0000005c: STOP 0000005d: JUMPDEST 0000005e: PUSH2 0x005b 00000061: PUSH2 0x00fe 00000064: JUMP 00000065: JUMPDEST 00000066: CALLVALUE 00000067: DUP1 00000068: ISZERO 00000069: PUSH2 0x0071 0000006c: JUMPI 0000006d: PUSH1 0x00 0000006f: DUP1 00000070: REVERT 00000071: JUMPDEST 00000072: POP 00000073: PUSH2 0x005b 00000076: PUSH2 0x0080 00000079: CALLDATASIZE 0000007a: PUSH1 0x04 0000007c: PUSH2 0x0702 0000007f: JUMP 00000080: JUMPDEST 00000081: PUSH2 0x0118 00000084: JUMP 00000085: JUMPDEST 00000086: PUSH2 0x005b 00000089: PUSH2 0x0093 0000008c: CALLDATASIZE 0000008d: PUSH1 0x04 0000008f: PUSH2 0x071c 00000092: JUMP 00000093: JUMPDEST 00000094: PUSH2 0x0164 00000097: JUMP 00000098: JUMPDEST 00000099: CALLVALUE 0000009a: DUP1 0000009b: ISZERO 0000009c: PUSH2 0x00a4 0000009f: JUMPI 000000a0: PUSH1 0x00 000000a2: DUP1 000000a3: REVERT 000000a4: JUMPDEST 000000a5: POP 000000a6: PUSH2 0x00ad 000000a9: PUSH2 0x01da 000000ac: JUMP 000000ad: JUMPDEST 000000ae: PUSH1 0x40 000000b0: MLOAD 000000b1: PUSH1 0x01 000000b3: PUSH1 0x01 000000b5: PUSH1 0xa0 000000b7: SHL 000000b8: SUB 000000b9: SWAP1 000000ba: SWAP2 000000bb: AND 000000bc: DUP2 000000bd: MSTORE 000000be: PUSH1 0x20 000000c0: ADD 000000c1: PUSH1 0x40 000000c3: MLOAD 000000c4: DUP1 000000c5: SWAP2 000000c6: SUB 000000c7: SWAP1 000000c8: RETURN 000000c9: JUMPDEST 000000ca: CALLVALUE 000000cb: DUP1 000000cc: ISZERO 000000cd: PUSH2 0x00d5 000000d0: JUMPI 000000d1: PUSH1 0x00 000000d3: DUP1 000000d4: REVERT 000000d5: JUMPDEST 000000d6: POP 000000d7: PUSH2 0x005b 000000da: PUSH2 0x00e4 000000dd: CALLDATASIZE 000000de: PUSH1 0x04 000000e0: PUSH2 0x0702 000000e3: JUMP 000000e4: JUMPDEST 000000e5: PUSH2 0x0217 000000e8: JUMP 000000e9: JUMPDEST 000000ea: CALLVALUE 000000eb: DUP1 000000ec: ISZERO 000000ed: PUSH2 0x00f5 000000f0: JUMPI 000000f1: PUSH1 0x00 000000f3: DUP1 000000f4: REVERT 000000f5: JUMPDEST 000000f6: POP 000000f7: PUSH2 0x00ad 000000fa: PUSH2 0x0241 000000fd: JUMP 000000fe: JUMPDEST 000000ff: PUSH2 0x0106 00000102: PUSH2 0x02ab 00000105: JUMP 00000106: JUMPDEST 00000107: PUSH2 0x0116 0000010a: PUSH2 0x0111 0000010d: PUSH2 0x034f 00000110: JUMP 00000111: JUMPDEST 00000112: PUSH2 0x035e 00000115: JUMP 00000116: JUMPDEST 00000117: JUMP 00000118: JUMPDEST 00000119: PUSH2 0x0120 0000011c: PUSH2 0x0382 0000011f: JUMP 00000120: JUMPDEST 00000121: PUSH1 0x01 00000123: PUSH1 0x01 00000125: PUSH1 0xa0 00000127: SHL 00000128: SUB 00000129: AND 0000012a: CALLER 0000012b: PUSH1 0x01 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: SHL 00000132: SUB 00000133: AND 00000134: EQ 00000135: ISZERO 00000136: PUSH2 0x0159 00000139: JUMPI 0000013a: PUSH2 0x0154 0000013d: DUP2 0000013e: PUSH1 0x40 00000140: MLOAD 00000141: DUP1 00000142: PUSH1 0x20 00000144: ADD 00000145: PUSH1 0x40 00000147: MSTORE 00000148: DUP1 00000149: PUSH1 0x00 0000014b: DUP2 0000014c: MSTORE 0000014d: POP 0000014e: PUSH1 0x00 00000150: PUSH2 0x03b5 00000153: JUMP 00000154: JUMPDEST 00000155: PUSH2 0x0161 00000158: JUMP 00000159: JUMPDEST 0000015a: PUSH2 0x0161 0000015d: PUSH2 0x00fe 00000160: JUMP 00000161: JUMPDEST 00000162: POP 00000163: JUMP 00000164: JUMPDEST 00000165: PUSH2 0x016c 00000168: PUSH2 0x0382 0000016b: JUMP 0000016c: JUMPDEST 0000016d: PUSH1 0x01 0000016f: PUSH1 0x01 00000171: PUSH1 0xa0 00000173: SHL 00000174: SUB 00000175: AND 00000176: CALLER 00000177: PUSH1 0x01 00000179: PUSH1 0x01 0000017b: PUSH1 0xa0 0000017d: SHL 0000017e: SUB 0000017f: AND 00000180: EQ 00000181: ISZERO 00000182: PUSH2 0x01cd 00000185: JUMPI 00000186: PUSH2 0x01c8 00000189: DUP4 0000018a: DUP4 0000018b: DUP4 0000018c: DUP1 0000018d: DUP1 0000018e: PUSH1 0x1f 00000190: ADD 00000191: PUSH1 0x20 00000193: DUP1 00000194: SWAP2 00000195: DIV 00000196: MUL 00000197: PUSH1 0x20 00000199: ADD 0000019a: PUSH1 0x40 0000019c: MLOAD 0000019d: SWAP1 0000019e: DUP2 0000019f: ADD 000001a0: PUSH1 0x40 000001a2: MSTORE 000001a3: DUP1 000001a4: SWAP4 000001a5: SWAP3 000001a6: SWAP2 000001a7: SWAP1 000001a8: DUP2 000001a9: DUP2 000001aa: MSTORE 000001ab: PUSH1 0x20 000001ad: ADD 000001ae: DUP4 000001af: DUP4 000001b0: DUP1 000001b1: DUP3 000001b2: DUP5 000001b3: CALLDATACOPY 000001b4: PUSH1 0x00 000001b6: SWAP3 000001b7: ADD 000001b8: SWAP2 000001b9: SWAP1 000001ba: SWAP2 000001bb: MSTORE 000001bc: POP 000001bd: PUSH1 0x01 000001bf: SWAP3 000001c0: POP 000001c1: PUSH2 0x03b5 000001c4: SWAP2 000001c5: POP 000001c6: POP 000001c7: JUMP 000001c8: JUMPDEST 000001c9: PUSH2 0x01d5 000001cc: JUMP 000001cd: JUMPDEST 000001ce: PUSH2 0x01d5 000001d1: PUSH2 0x00fe 000001d4: JUMP 000001d5: JUMPDEST 000001d6: POP 000001d7: POP 000001d8: POP 000001d9: JUMP 000001da: JUMPDEST 000001db: PUSH1 0x00 000001dd: PUSH2 0x01e4 000001e0: PUSH2 0x0382 000001e3: JUMP 000001e4: JUMPDEST 000001e5: PUSH1 0x01 000001e7: PUSH1 0x01 000001e9: PUSH1 0xa0 000001eb: SHL 000001ec: SUB 000001ed: AND 000001ee: CALLER 000001ef: PUSH1 0x01 000001f1: PUSH1 0x01 000001f3: PUSH1 0xa0 000001f5: SHL 000001f6: SUB 000001f7: AND 000001f8: EQ 000001f9: ISZERO 000001fa: PUSH2 0x020c 000001fd: JUMPI 000001fe: PUSH2 0x0205 00000201: PUSH2 0x034f 00000204: JUMP 00000205: JUMPDEST 00000206: SWAP1 00000207: POP 00000208: PUSH2 0x0214 0000020b: JUMP 0000020c: JUMPDEST 0000020d: PUSH2 0x0214 00000210: PUSH2 0x00fe 00000213: JUMP 00000214: JUMPDEST 00000215: SWAP1 00000216: JUMP 00000217: JUMPDEST 00000218: PUSH2 0x021f 0000021b: PUSH2 0x0382 0000021e: JUMP 0000021f: JUMPDEST 00000220: PUSH1 0x01 00000222: PUSH1 0x01 00000224: PUSH1 0xa0 00000226: SHL 00000227: SUB 00000228: AND 00000229: CALLER 0000022a: PUSH1 0x01 0000022c: PUSH1 0x01 0000022e: PUSH1 0xa0 00000230: SHL 00000231: SUB 00000232: AND 00000233: EQ 00000234: ISZERO 00000235: PUSH2 0x0159 00000238: JUMPI 00000239: PUSH2 0x0154 0000023c: DUP2 0000023d: PUSH2 0x03e0 00000240: JUMP 00000241: JUMPDEST 00000242: PUSH1 0x00 00000244: PUSH2 0x024b 00000247: PUSH2 0x0382 0000024a: JUMP 0000024b: JUMPDEST 0000024c: PUSH1 0x01 0000024e: PUSH1 0x01 00000250: PUSH1 0xa0 00000252: SHL 00000253: SUB 00000254: AND 00000255: CALLER 00000256: PUSH1 0x01 00000258: PUSH1 0x01 0000025a: PUSH1 0xa0 0000025c: SHL 0000025d: SUB 0000025e: AND 0000025f: EQ 00000260: ISZERO 00000261: PUSH2 0x020c 00000264: JUMPI 00000265: PUSH2 0x0205 00000268: PUSH2 0x0382 0000026b: JUMP 0000026c: JUMPDEST 0000026d: PUSH1 0x60 0000026f: PUSH2 0x0291 00000272: DUP4 00000273: DUP4 00000274: PUSH1 0x40 00000276: MLOAD 00000277: DUP1 00000278: PUSH1 0x60 0000027a: ADD 0000027b: PUSH1 0x40 0000027d: MSTORE 0000027e: DUP1 0000027f: PUSH1 0x27 00000281: DUP2 00000282: MSTORE 00000283: PUSH1 0x20 00000285: ADD 00000286: PUSH2 0x0816 00000289: PUSH1 0x27 0000028b: SWAP2 0000028c: CODECOPY 0000028d: PUSH2 0x0434 00000290: JUMP 00000291: JUMPDEST 00000292: SWAP4 00000293: SWAP3 00000294: POP 00000295: POP 00000296: POP 00000297: JUMP 00000298: JUMPDEST 00000299: PUSH1 0x01 0000029b: PUSH1 0x01 0000029d: PUSH1 0xa0 0000029f: SHL 000002a0: SUB 000002a1: DUP2 000002a2: AND 000002a3: EXTCODESIZE 000002a4: ISZERO 000002a5: ISZERO 000002a6: JUMPDEST 000002a7: SWAP2 000002a8: SWAP1 000002a9: POP 000002aa: JUMP 000002ab: JUMPDEST 000002ac: PUSH2 0x02b3 000002af: PUSH2 0x0382 000002b2: JUMP 000002b3: JUMPDEST 000002b4: PUSH1 0x01 000002b6: PUSH1 0x01 000002b8: PUSH1 0xa0 000002ba: SHL 000002bb: SUB 000002bc: AND 000002bd: CALLER 000002be: PUSH1 0x01 000002c0: PUSH1 0x01 000002c2: PUSH1 0xa0 000002c4: SHL 000002c5: SUB 000002c6: AND 000002c7: EQ 000002c8: ISZERO 000002c9: PUSH2 0x034a 000002cc: JUMPI 000002cd: PUSH1 0x40 000002cf: MLOAD 000002d0: PUSH3 0x461bcd 000002d4: PUSH1 0xe5 000002d6: SHL 000002d7: DUP2 000002d8: MSTORE 000002d9: PUSH1 0x20 000002db: PUSH1 0x04 000002dd: DUP3 000002de: ADD 000002df: MSTORE 000002e0: PUSH1 0x42 000002e2: PUSH1 0x24 000002e4: DUP3 000002e5: ADD 000002e6: MSTORE 000002e7: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a2061646d 00000308: PUSH1 0x44 0000030a: DUP3 0000030b: ADD 0000030c: MSTORE 0000030d: PUSH32 0x696e2063616e6e6f742066616c6c6261636b20746f2070726f78792074617267 0000032e: PUSH1 0x64 00000330: DUP3 00000331: ADD 00000332: MSTORE 00000333: PUSH2 0x195d 00000336: PUSH1 0xf2 00000338: SHL 00000339: PUSH1 0x84 0000033b: DUP3 0000033c: ADD 0000033d: MSTORE 0000033e: PUSH1 0xa4 00000340: ADD 00000341: JUMPDEST 00000342: PUSH1 0x40 00000344: MLOAD 00000345: DUP1 00000346: SWAP2 00000347: SUB 00000348: SWAP1 00000349: REVERT 0000034a: JUMPDEST 0000034b: PUSH2 0x0116 0000034e: JUMP 0000034f: JUMPDEST 00000350: PUSH1 0x00 00000352: PUSH2 0x0359 00000355: PUSH2 0x050f 00000358: JUMP 00000359: JUMPDEST 0000035a: SWAP1 0000035b: POP 0000035c: SWAP1 0000035d: JUMP 0000035e: JUMPDEST 0000035f: CALLDATASIZE 00000360: PUSH1 0x00 00000362: DUP1 00000363: CALLDATACOPY 00000364: PUSH1 0x00 00000366: DUP1 00000367: CALLDATASIZE 00000368: PUSH1 0x00 0000036a: DUP5 0000036b: GAS 0000036c: DELEGATECALL 0000036d: RETURNDATASIZE 0000036e: PUSH1 0x00 00000370: DUP1 00000371: RETURNDATACOPY 00000372: DUP1 00000373: DUP1 00000374: ISZERO 00000375: PUSH2 0x037d 00000378: JUMPI 00000379: RETURNDATASIZE 0000037a: PUSH1 0x00 0000037c: RETURN 0000037d: JUMPDEST 0000037e: RETURNDATASIZE 0000037f: PUSH1 0x00 00000381: REVERT 00000382: JUMPDEST 00000383: PUSH1 0x00 00000385: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000003a6: JUMPDEST 000003a7: SLOAD 000003a8: PUSH1 0x01 000003aa: PUSH1 0x01 000003ac: PUSH1 0xa0 000003ae: SHL 000003af: SUB 000003b0: AND 000003b1: SWAP1 000003b2: POP 000003b3: SWAP1 000003b4: JUMP 000003b5: JUMPDEST 000003b6: PUSH2 0x03be 000003b9: DUP4 000003ba: PUSH2 0x0537 000003bd: JUMP 000003be: JUMPDEST 000003bf: PUSH1 0x00 000003c1: DUP3 000003c2: MLOAD 000003c3: GT 000003c4: DUP1 000003c5: PUSH2 0x03cb 000003c8: JUMPI 000003c9: POP 000003ca: DUP1 000003cb: JUMPDEST 000003cc: ISZERO 000003cd: PUSH2 0x01d5 000003d0: JUMPI 000003d1: PUSH2 0x03da 000003d4: DUP4 000003d5: DUP4 000003d6: PUSH2 0x026c 000003d9: JUMP 000003da: JUMPDEST 000003db: POP 000003dc: POP 000003dd: POP 000003de: POP 000003df: JUMP 000003e0: JUMPDEST 000003e1: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 00000402: PUSH2 0x0409 00000405: PUSH2 0x0382 00000408: JUMP 00000409: JUMPDEST 0000040a: PUSH1 0x40 0000040c: DUP1 0000040d: MLOAD 0000040e: PUSH1 0x01 00000410: PUSH1 0x01 00000412: PUSH1 0xa0 00000414: SHL 00000415: SUB 00000416: SWAP3 00000417: DUP4 00000418: AND 00000419: DUP2 0000041a: MSTORE 0000041b: SWAP2 0000041c: DUP5 0000041d: AND 0000041e: PUSH1 0x20 00000420: DUP4 00000421: ADD 00000422: MSTORE 00000423: ADD 00000424: PUSH1 0x40 00000426: MLOAD 00000427: DUP1 00000428: SWAP2 00000429: SUB 0000042a: SWAP1 0000042b: LOG1 0000042c: PUSH2 0x0161 0000042f: DUP2 00000430: PUSH2 0x0577 00000433: JUMP 00000434: JUMPDEST 00000435: PUSH1 0x60 00000437: PUSH2 0x043f 0000043a: DUP5 0000043b: PUSH2 0x0298 0000043e: JUMP 0000043f: JUMPDEST 00000440: PUSH2 0x049a 00000443: JUMPI 00000444: PUSH1 0x40 00000446: MLOAD 00000447: PUSH3 0x461bcd 0000044b: PUSH1 0xe5 0000044d: SHL 0000044e: DUP2 0000044f: MSTORE 00000450: PUSH1 0x20 00000452: PUSH1 0x04 00000454: DUP3 00000455: ADD 00000456: MSTORE 00000457: PUSH1 0x26 00000459: PUSH1 0x24 0000045b: DUP3 0000045c: ADD 0000045d: MSTORE 0000045e: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f 0000047f: PUSH1 0x44 00000481: DUP3 00000482: ADD 00000483: MSTORE 00000484: PUSH6 0x1b9d1c9858dd 0000048b: PUSH1 0xd2 0000048d: SHL 0000048e: PUSH1 0x64 00000490: DUP3 00000491: ADD 00000492: MSTORE 00000493: PUSH1 0x84 00000495: ADD 00000496: PUSH2 0x0341 00000499: JUMP 0000049a: JUMPDEST 0000049b: PUSH1 0x00 0000049d: DUP1 0000049e: DUP6 0000049f: PUSH1 0x01 000004a1: PUSH1 0x01 000004a3: PUSH1 0xa0 000004a5: SHL 000004a6: SUB 000004a7: AND 000004a8: DUP6 000004a9: PUSH1 0x40 000004ab: MLOAD 000004ac: PUSH2 0x04b5 000004af: SWAP2 000004b0: SWAP1 000004b1: PUSH2 0x079a 000004b4: JUMP 000004b5: JUMPDEST 000004b6: PUSH1 0x00 000004b8: PUSH1 0x40 000004ba: MLOAD 000004bb: DUP1 000004bc: DUP4 000004bd: SUB 000004be: DUP2 000004bf: DUP6 000004c0: GAS 000004c1: DELEGATECALL 000004c2: SWAP2 000004c3: POP 000004c4: POP 000004c5: RETURNDATASIZE 000004c6: DUP1 000004c7: PUSH1 0x00 000004c9: DUP2 000004ca: EQ 000004cb: PUSH2 0x04f0 000004ce: JUMPI 000004cf: PUSH1 0x40 000004d1: MLOAD 000004d2: SWAP2 000004d3: POP 000004d4: PUSH1 0x1f 000004d6: NOT 000004d7: PUSH1 0x3f 000004d9: RETURNDATASIZE 000004da: ADD 000004db: AND 000004dc: DUP3 000004dd: ADD 000004de: PUSH1 0x40 000004e0: MSTORE 000004e1: RETURNDATASIZE 000004e2: DUP3 000004e3: MSTORE 000004e4: RETURNDATASIZE 000004e5: PUSH1 0x00 000004e7: PUSH1 0x20 000004e9: DUP5 000004ea: ADD 000004eb: RETURNDATACOPY 000004ec: PUSH2 0x04f5 000004ef: JUMP 000004f0: JUMPDEST 000004f1: PUSH1 0x60 000004f3: SWAP2 000004f4: POP 000004f5: JUMPDEST 000004f6: POP 000004f7: SWAP2 000004f8: POP 000004f9: SWAP2 000004fa: POP 000004fb: PUSH2 0x0505 000004fe: DUP3 000004ff: DUP3 00000500: DUP7 00000501: PUSH2 0x0620 00000504: JUMP 00000505: JUMPDEST 00000506: SWAP7 00000507: SWAP6 00000508: POP 00000509: POP 0000050a: POP 0000050b: POP 0000050c: POP 0000050d: POP 0000050e: JUMP 0000050f: JUMPDEST 00000510: PUSH1 0x00 00000512: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 00000533: PUSH2 0x03a6 00000536: JUMP 00000537: JUMPDEST 00000538: PUSH2 0x0540 0000053b: DUP2 0000053c: PUSH2 0x0659 0000053f: JUMP 00000540: JUMPDEST 00000541: PUSH1 0x40 00000543: MLOAD 00000544: PUSH1 0x01 00000546: PUSH1 0x01 00000548: PUSH1 0xa0 0000054a: SHL 0000054b: SUB 0000054c: DUP3 0000054d: AND 0000054e: SWAP1 0000054f: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 00000570: SWAP1 00000571: PUSH1 0x00 00000573: SWAP1 00000574: LOG2 00000575: POP 00000576: JUMP 00000577: JUMPDEST 00000578: PUSH1 0x01 0000057a: PUSH1 0x01 0000057c: PUSH1 0xa0 0000057e: SHL 0000057f: SUB 00000580: DUP2 00000581: AND 00000582: PUSH2 0x05dc 00000585: JUMPI 00000586: PUSH1 0x40 00000588: MLOAD 00000589: PUSH3 0x461bcd 0000058d: PUSH1 0xe5 0000058f: SHL 00000590: DUP2 00000591: MSTORE 00000592: PUSH1 0x20 00000594: PUSH1 0x04 00000596: DUP3 00000597: ADD 00000598: MSTORE 00000599: PUSH1 0x26 0000059b: PUSH1 0x24 0000059d: DUP3 0000059e: ADD 0000059f: MSTORE 000005a0: PUSH32 0x455243313936373a206e65772061646d696e20697320746865207a65726f2061 000005c1: PUSH1 0x44 000005c3: DUP3 000005c4: ADD 000005c5: MSTORE 000005c6: PUSH6 0x646472657373 000005cd: PUSH1 0xd0 000005cf: SHL 000005d0: PUSH1 0x64 000005d2: DUP3 000005d3: ADD 000005d4: MSTORE 000005d5: PUSH1 0x84 000005d7: ADD 000005d8: PUSH2 0x0341 000005db: JUMP 000005dc: JUMPDEST 000005dd: DUP1 000005de: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103 000005ff: JUMPDEST 00000600: DUP1 00000601: SLOAD 00000602: PUSH1 0x01 00000604: PUSH1 0x01 00000606: PUSH1 0xa0 00000608: SHL 00000609: SUB 0000060a: NOT 0000060b: AND 0000060c: PUSH1 0x01 0000060e: PUSH1 0x01 00000610: PUSH1 0xa0 00000612: SHL 00000613: SUB 00000614: SWAP3 00000615: SWAP1 00000616: SWAP3 00000617: AND 00000618: SWAP2 00000619: SWAP1 0000061a: SWAP2 0000061b: OR 0000061c: SWAP1 0000061d: SSTORE 0000061e: POP 0000061f: JUMP 00000620: JUMPDEST 00000621: PUSH1 0x60 00000623: DUP4 00000624: ISZERO 00000625: PUSH2 0x062f 00000628: JUMPI 00000629: POP 0000062a: DUP2 0000062b: PUSH2 0x0291 0000062e: JUMP 0000062f: JUMPDEST 00000630: DUP3 00000631: MLOAD 00000632: ISZERO 00000633: PUSH2 0x063f 00000636: JUMPI 00000637: DUP3 00000638: MLOAD 00000639: DUP1 0000063a: DUP5 0000063b: PUSH1 0x20 0000063d: ADD 0000063e: REVERT 0000063f: JUMPDEST 00000640: DUP2 00000641: PUSH1 0x40 00000643: MLOAD 00000644: PUSH3 0x461bcd 00000648: PUSH1 0xe5 0000064a: SHL 0000064b: DUP2 0000064c: MSTORE 0000064d: PUSH1 0x04 0000064f: ADD 00000650: PUSH2 0x0341 00000653: SWAP2 00000654: SWAP1 00000655: PUSH2 0x07b6 00000658: JUMP 00000659: JUMPDEST 0000065a: PUSH2 0x0662 0000065d: DUP2 0000065e: PUSH2 0x0298 00000661: JUMP 00000662: JUMPDEST 00000663: PUSH2 0x06c4 00000666: JUMPI 00000667: PUSH1 0x40 00000669: MLOAD 0000066a: PUSH3 0x461bcd 0000066e: PUSH1 0xe5 00000670: SHL 00000671: DUP2 00000672: MSTORE 00000673: PUSH1 0x20 00000675: PUSH1 0x04 00000677: DUP3 00000678: ADD 00000679: MSTORE 0000067a: PUSH1 0x2d 0000067c: PUSH1 0x24 0000067e: DUP3 0000067f: ADD 00000680: MSTORE 00000681: PUSH32 0x455243313936373a206e657720696d706c656d656e746174696f6e206973206e 000006a2: PUSH1 0x44 000006a4: DUP3 000006a5: ADD 000006a6: MSTORE 000006a7: PUSH13 0x1bdd08184818dbdb9d1c9858dd 000006b5: PUSH1 0x9a 000006b7: SHL 000006b8: PUSH1 0x64 000006ba: DUP3 000006bb: ADD 000006bc: MSTORE 000006bd: PUSH1 0x84 000006bf: ADD 000006c0: PUSH2 0x0341 000006c3: JUMP 000006c4: JUMPDEST 000006c5: DUP1 000006c6: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 000006e7: PUSH2 0x05ff 000006ea: JUMP 000006eb: JUMPDEST 000006ec: DUP1 000006ed: CALLDATALOAD 000006ee: PUSH1 0x01 000006f0: PUSH1 0x01 000006f2: PUSH1 0xa0 000006f4: SHL 000006f5: SUB 000006f6: DUP2 000006f7: AND 000006f8: DUP2 000006f9: EQ 000006fa: PUSH2 0x02a6 000006fd: JUMPI 000006fe: PUSH1 0x00 00000700: DUP1 00000701: REVERT 00000702: JUMPDEST 00000703: PUSH1 0x00 00000705: PUSH1 0x20 00000707: DUP3 00000708: DUP5 00000709: SUB 0000070a: SLT 0000070b: ISZERO 0000070c: PUSH2 0x0713 0000070f: JUMPI 00000710: DUP1 00000711: DUP2 00000712: REVERT 00000713: JUMPDEST 00000714: PUSH2 0x0291 00000717: DUP3 00000718: PUSH2 0x06eb 0000071b: JUMP 0000071c: JUMPDEST 0000071d: PUSH1 0x00 0000071f: DUP1 00000720: PUSH1 0x00 00000722: PUSH1 0x40 00000724: DUP5 00000725: DUP7 00000726: SUB 00000727: SLT 00000728: ISZERO 00000729: PUSH2 0x0730 0000072c: JUMPI 0000072d: DUP2 0000072e: DUP3 0000072f: REVERT 00000730: JUMPDEST 00000731: PUSH2 0x0739 00000734: DUP5 00000735: PUSH2 0x06eb 00000738: JUMP 00000739: JUMPDEST 0000073a: SWAP3 0000073b: POP 0000073c: PUSH1 0x20 0000073e: DUP5 0000073f: ADD 00000740: CALLDATALOAD 00000741: PUSH8 0xffffffffffffffff 0000074a: DUP1 0000074b: DUP3 0000074c: GT 0000074d: ISZERO 0000074e: PUSH2 0x0755 00000751: JUMPI 00000752: DUP4 00000753: DUP5 00000754: REVERT 00000755: JUMPDEST 00000756: DUP2 00000757: DUP7 00000758: ADD 00000759: SWAP2 0000075a: POP 0000075b: DUP7 0000075c: PUSH1 0x1f 0000075e: DUP4 0000075f: ADD 00000760: SLT 00000761: PUSH2 0x0768 00000764: JUMPI 00000765: DUP4 00000766: DUP5 00000767: REVERT 00000768: JUMPDEST 00000769: DUP2 0000076a: CALLDATALOAD 0000076b: DUP2 0000076c: DUP2 0000076d: GT 0000076e: ISZERO 0000076f: PUSH2 0x0776 00000772: JUMPI 00000773: DUP5 00000774: DUP6 00000775: REVERT 00000776: JUMPDEST 00000777: DUP8 00000778: PUSH1 0x20 0000077a: DUP3 0000077b: DUP6 0000077c: ADD 0000077d: ADD 0000077e: GT 0000077f: ISZERO 00000780: PUSH2 0x0787 00000783: JUMPI 00000784: DUP5 00000785: DUP6 00000786: REVERT 00000787: JUMPDEST 00000788: PUSH1 0x20 0000078a: DUP4 0000078b: ADD 0000078c: SWAP5 0000078d: POP 0000078e: DUP1 0000078f: SWAP4 00000790: POP 00000791: POP 00000792: POP 00000793: POP 00000794: SWAP3 00000795: POP 00000796: SWAP3 00000797: POP 00000798: SWAP3 00000799: JUMP 0000079a: JUMPDEST 0000079b: PUSH1 0x00 0000079d: DUP3 0000079e: MLOAD 0000079f: PUSH2 0x07ac 000007a2: DUP2 000007a3: DUP5 000007a4: PUSH1 0x20 000007a6: DUP8 000007a7: ADD 000007a8: PUSH2 0x07e9 000007ab: JUMP 000007ac: JUMPDEST 000007ad: SWAP2 000007ae: SWAP1 000007af: SWAP2 000007b0: ADD 000007b1: SWAP3 000007b2: SWAP2 000007b3: POP 000007b4: POP 000007b5: JUMP 000007b6: JUMPDEST 000007b7: PUSH1 0x00 000007b9: PUSH1 0x20 000007bb: DUP3 000007bc: MSTORE 000007bd: DUP3 000007be: MLOAD 000007bf: DUP1 000007c0: PUSH1 0x20 000007c2: DUP5 000007c3: ADD 000007c4: MSTORE 000007c5: PUSH2 0x07d5 000007c8: DUP2 000007c9: PUSH1 0x40 000007cb: DUP6 000007cc: ADD 000007cd: PUSH1 0x20 000007cf: DUP8 000007d0: ADD 000007d1: PUSH2 0x07e9 000007d4: JUMP 000007d5: JUMPDEST 000007d6: PUSH1 0x1f 000007d8: ADD 000007d9: PUSH1 0x1f 000007db: NOT 000007dc: AND 000007dd: SWAP2 000007de: SWAP1 000007df: SWAP2 000007e0: ADD 000007e1: PUSH1 0x40 000007e3: ADD 000007e4: SWAP3 000007e5: SWAP2 000007e6: POP 000007e7: POP 000007e8: JUMP 000007e9: JUMPDEST 000007ea: PUSH1 0x00 000007ec: JUMPDEST 000007ed: DUP4 000007ee: DUP2 000007ef: LT 000007f0: ISZERO 000007f1: PUSH2 0x0804 000007f4: JUMPI 000007f5: DUP2 000007f6: DUP2 000007f7: ADD 000007f8: MLOAD 000007f9: DUP4 000007fa: DUP3 000007fb: ADD 000007fc: MSTORE 000007fd: PUSH1 0x20 000007ff: ADD 00000800: PUSH2 0x07ec 00000803: JUMP 00000804: JUMPDEST 00000805: DUP4 00000806: DUP2 00000807: GT 00000808: ISZERO 00000809: PUSH2 0x03da 0000080c: JUMPI 0000080d: POP 0000080e: POP 0000080f: PUSH1 0x00 00000811: SWAP2 00000812: ADD 00000813: MSTORE 00000814: JUMP 00000815: INVALID 00000816: COINBASE 00000817: PUSH5 0x6472657373 0000081d: GASPRICE 0000081e: KECCAK256 0000081f: PUSH13 0x6f772d6c6576656c2064656c65 0000082d: PUSH8 0x6174652063616c6c 00000836: KECCAK256 00000837: PUSH7 0x61696c6564a264 0000083f: PUSH10 0x70667358221220493bc0 0000084a: UNKNOWN(0x29) 0000084b: UNKNOWN(0x21) 0000084c: PUSH14 0x0578dae1d19c41b5885ecab8cdd4 0000085b: UNKNOWN(0xE7) 0000085c: UNKNOWN(0xE6) 0000085d: UNKNOWN(0xB6) 0000085e: UNKNOWN(0x4D) 0000085f: UNKNOWN(0xCF) 00000860: UNKNOWN(0xC2) 00000861: PUSH12 0x2f1045870364736f6c634300 0000086e: ADDMOD 0000086f: MUL 00000870: STOP 00000871: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0xf25fffe47935490a3d5609ac79af933e6e0768bde6d921d3b48412ca20229ebf
call_targets:
0xeda4c4067bdd708bb75ac620e1e2215a747a1f39
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 2,
"trace_id": "0xf25fffe47935490a3d5609ac79af933e6e0768bde6d921d3b48412ca20229ebf",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xeda4c4067bdd708bb75ac620e1e2215a747a1f39"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8f283970",
"selector": "0x8f283970",
"calldata_variants": [
"0x8f283970",
"0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 876,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1217,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|
| medium | reentrancy | codex | External CALLs with value and computed targets lack an explicit reentrancy guard | 75 | no | — |
viewevidence_json{
"evidence": "Detector flags show CALL sinks with computed target/value and no guards detected; ETH value transfer is possible. Calls observed at pc 8783 and pc 10887 (CALL opcodes). Validation trace resolved the target to self for one path, so the risk depends on runtime target selection and state-update ordering.",
"locations": [
"pc:0x224f",
"pc:0x2a87"
],
"recommendation": "Add a reentrancy guard around asset release/transfer flows or enforce checks-effects-interactions (write state before external calls). If possible, restrict targets to vetted token contracts and minimize value-bearing CALLs.",
"exploit_scenario": "If a release/transfer path updates state after making the low-level CALL, a malicious recipient or token contract can reenter the contract during the external call and trigger the same release/transfer again, potentially draining funds or corrupting accounting. This is a risk even when calls are intended for ERC20s or recipients because the target is computed and can carry ETH."
}
|