019c0ea9-0829-7078-a220-b87a44a91042
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 41760 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 41761 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 41762 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 41763 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 41764 | capability.graph | complete | 1 / 3 | 2 months ago |
| 41765 | detector.run | complete | 1 / 3 | 2 months ago |
| 41766 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42322 | report.consolidate | complete | 1 / 6 | 2 months ago |
| 42323 | tool.slither | complete | 1 / 2 | 2 months ago |
{
"status": "not_proxy"
}
'forge clean' running (wd: /tmp/slither-lxfv_xdy) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-lxfv_xdy) OneSingleCoin (contracts/Contract.sol#2-49) contract sets array length with a user-controlled value: - previousHodlers.push(currentHodler) (contracts/Contract.sol#38-39) OneSingleCoin (contracts/Contract.sol#2-49) contract sets array length with a user-controlled value: - messages.push(message) (contracts/Contract.sol#39) OneSingleCoin (contracts/Contract.sol#2-49) contract sets array length with a user-controlled value: - messages.push(One coin to rule them all) (contracts/Contract.sol#20-21) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#array-length-assignment OneSingleCoin.buy(string) (contracts/Contract.sol#23-44) performs a multiplication on the result of a division: - balance[previousHodlers[i]] += (price * 8 / 100) / previousHodlersCount (contracts/Contract.sol#33-34) - price = price * 120 / 100 (contracts/Contract.sol#36) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply Version constraint ^0.4.24 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ABIEncoderV2PackedStorage_0.4.x - ExpExponentCleanup - EventStructWrongData. It is used by: - ^0.4.24 (contracts/Contract.sol#1) solc-0.4.24 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity buy(string) should be declared external: - OneSingleCoin.buy(string) (contracts/Contract.sol#23-44) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external . analyzed (1 contracts with 100 detectors), 7 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.4.24",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.4.24",
"install_stderr": null,
"install_stdout": "Version '0.4.24' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-lxfv_xdy --allow-paths /tmp/slither-lxfv_xdy,/tmp/slither-lxfv_xdy/lib,/tmp/slither-lxfv_xdy/src",
"remappings": [],
"source_files": [
"contracts/Contract.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 7,
"workspace_hash": "0f340d75b884ea966f7efdd09924600201608ba99d371e1868e9e84508061778",
"duration_seconds": 0.5273349285125732,
"solc_version_requested": "0.4.24"
}
{"no_findings":false,"summary":"Found two issues: the buy loop can become non-executable as the holder list grows, and price multiplication can overflow and wrap, breaking pricing invariants.","findings":[{"severity":"medium","category":"other","title":"Unbounded loop in buy can permanently DoS purchases","exploit_scenario":"An attacker (or normal users over time) can grow previousHodlers by repeatedly calling buy. Eventually the for-loop over all previous holders exceeds the block gas limit, making buy revert and preventing any further purchases.","recommendation":"Replace the O(n) distribution loop with a pull-based scheme (e.g., track cumulative dividends per share) or cap the list length to keep gas bounded.","evidence":"buy iterates over previousHodlers on every purchase.","locations":["contracts/Contract.sol:33"]},{"severity":"low","category":"math","title":"Price growth can overflow and wrap, breaking pricing invariants","exploit_scenario":"After enough purchases, price = price * 120 / 100 overflows uint256 and wraps to a much smaller value. An attacker can then buy for a near-zero price, undermining the intended price escalation and payouts.","recommendation":"Use SafeMath for multiplication/division or upgrade to Solidity >=0.8 with checked arithmetic and add an explicit upper bound for price.","evidence":"price is updated with unchecked multiplication and division.","locations":["contracts/Contract.sol:38"]}]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-hx271_c2
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0f1e-904f-7a82-a8d5-40185f08dbd9
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-hx271_c2 succeeded in 9ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-hx271_c2 succeeded in 7ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/Contract.sol
================================================================================
pragma solidity ^0.4.24;
contract OneSingleCoin {
uint256 public currentHodlerId;
address public currentHodler;
address[] public previousHodlers;
string[] public messages;
uint256 public price;
event Purchased(
uint indexed _buyerId,
address _buyer
);
exec
/bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-hx271_c2 succeeded in 7ms:
1 pragma solidity ^0.4.24;
2
3 contract OneSingleCoin {
4 uint256 public currentHodlerId;
5 address public currentHodler;
6 address[] public previousHodlers;
7
8 string[] public messages;
9 uint256 public price;
10
11 event Purchased(
12 uint indexed _buyerId,
13 address _buyer
14 );
15
16 mapping (address => uint) public balance;
17
18 constructor() public {
19 currentHodler = msg.sender;
20 currentHodlerId = 0;
codex
{"no_findings":false,"summary":"Found two issues: the buy loop can become non-executable as the holder list grows, and price multiplication can overflow and wrap, breaking pricing invariants.","findings":[{"severity":"medium","category":"other","title":"Unbounded loop in buy can permanently DoS purchases","exploit_scenario":"An attacker (or normal users over time) can grow previousHodlers by repeatedly calling buy. Eventually the for-loop over all previous holders exceeds the block gas limit, making buy revert and preventing any further purchases.","recommendation":"Replace the O(n) distribution loop with a pull-based scheme (e.g., track cumulative dividends per share) or cap the list length to keep gas bounded.","evidence":"buy iterates over previousHodlers on every purchase.","locations":["contracts/Contract.sol:33"]},{"severity":"low","category":"math","title":"Price growth can overflow and wrap, breaking pricing invariants","exploit_scenario":"After enough purchases, price = price * 120 / 100 overflows uint256 and wraps to a much smaller value. An attacker can then buy for a near-zero price, undermining the intended price escalation and payouts.","recommendation":"Use SafeMath for multiplication/division or upgrade to Solidity >=0.8 with checked arithmetic and add an explicit upper bound for price.","evidence":"price is updated with unchecked multiplication and division.","locations":["contracts/Contract.sol:38"]}]}
tokens used
9,027
{
"codex": {
"ran_at": "2026-01-30T13:37:31.739644+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 1,
"import_count": 0,
"first_party_contracts_count": 1
},
"summary": "Found two issues: the buy loop can become non-executable as the holder list grows, and price multiplication can overflow and wrap, breaking pricing invariants.",
"raw_final": {
"summary": "Found two issues: the buy loop can become non-executable as the holder list grows, and price multiplication can overflow and wrap, breaking pricing invariants.",
"findings": [
{
"title": "Unbounded loop in buy can permanently DoS purchases",
"category": "other",
"evidence": "buy iterates over previousHodlers on every purchase.",
"severity": "medium",
"locations": [
"contracts/Contract.sol:33"
],
"recommendation": "Replace the O(n) distribution loop with a pull-based scheme (e.g., track cumulative dividends per share) or cap the list length to keep gas bounded.",
"exploit_scenario": "An attacker (or normal users over time) can grow previousHodlers by repeatedly calling buy. Eventually the for-loop over all previous holders exceeds the block gas limit, making buy revert and preventing any further purchases."
},
{
"title": "Price growth can overflow and wrap, breaking pricing invariants",
"category": "math",
"evidence": "price is updated with unchecked multiplication and division.",
"severity": "low",
"locations": [
"contracts/Contract.sol:38"
],
"recommendation": "Use SafeMath for multiplication/division or upgrade to Solidity >=0.8 with checked arithmetic and add an explicit upper bound for price.",
"exploit_scenario": "After enough purchases, price = price * 120 / 100 overflows uint256 and wraps to a much smaller value. An attacker can then buy for a near-zero price, undermining the intended price escalation and payouts."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x008d 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000030: PUSH1 0x00 00000032: CALLDATALOAD 00000033: DIV 00000034: AND 00000035: PUSH4 0x0d80fefd 0000003a: DUP2 0000003b: EQ 0000003c: PUSH2 0x0092 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x3ccfd60b 00000046: EQ 00000047: PUSH2 0x011f 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x492cc769 00000051: EQ 00000052: PUSH2 0x0136 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x55872813 0000005c: EQ 0000005d: PUSH2 0x0196 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0x5a75b8d5 00000067: EQ 00000068: PUSH2 0x01ca 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0x6776ddd0 00000072: EQ 00000073: PUSH2 0x01f1 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xa035b1fe 0000007d: EQ 0000007e: PUSH2 0x0206 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xe3d670d7 00000088: EQ 00000089: PUSH2 0x021b 0000008c: JUMPI 0000008d: JUMPDEST 0000008e: PUSH1 0x00 00000090: DUP1 00000091: REVERT 00000092: JUMPDEST 00000093: CALLVALUE 00000094: DUP1 00000095: ISZERO 00000096: PUSH2 0x009e 00000099: JUMPI 0000009a: PUSH1 0x00 0000009c: DUP1 0000009d: REVERT 0000009e: JUMPDEST 0000009f: POP 000000a0: PUSH2 0x00aa 000000a3: PUSH1 0x04 000000a5: CALLDATALOAD 000000a6: PUSH2 0x023c 000000a9: JUMP 000000aa: JUMPDEST 000000ab: PUSH1 0x40 000000ad: DUP1 000000ae: MLOAD 000000af: PUSH1 0x20 000000b1: DUP1 000000b2: DUP3 000000b3: MSTORE 000000b4: DUP4 000000b5: MLOAD 000000b6: DUP2 000000b7: DUP4 000000b8: ADD 000000b9: MSTORE 000000ba: DUP4 000000bb: MLOAD 000000bc: SWAP2 000000bd: SWAP3 000000be: DUP4 000000bf: SWAP3 000000c0: SWAP1 000000c1: DUP4 000000c2: ADD 000000c3: SWAP2 000000c4: DUP6 000000c5: ADD 000000c6: SWAP1 000000c7: DUP1 000000c8: DUP4 000000c9: DUP4 000000ca: PUSH1 0x00 000000cc: JUMPDEST 000000cd: DUP4 000000ce: DUP2 000000cf: LT 000000d0: ISZERO 000000d1: PUSH2 0x00e4 000000d4: JUMPI 000000d5: DUP2 000000d6: DUP2 000000d7: ADD 000000d8: MLOAD 000000d9: DUP4 000000da: DUP3 000000db: ADD 000000dc: MSTORE 000000dd: PUSH1 0x20 000000df: ADD 000000e0: PUSH2 0x00cc 000000e3: JUMP 000000e4: JUMPDEST 000000e5: POP 000000e6: POP 000000e7: POP 000000e8: POP 000000e9: SWAP1 000000ea: POP 000000eb: SWAP1 000000ec: DUP2 000000ed: ADD 000000ee: SWAP1 000000ef: PUSH1 0x1f 000000f1: AND 000000f2: DUP1 000000f3: ISZERO 000000f4: PUSH2 0x0111 000000f7: JUMPI 000000f8: DUP1 000000f9: DUP3 000000fa: SUB 000000fb: DUP1 000000fc: MLOAD 000000fd: PUSH1 0x01 000000ff: DUP4 00000100: PUSH1 0x20 00000102: SUB 00000103: PUSH2 0x0100 00000106: EXP 00000107: SUB 00000108: NOT 00000109: AND 0000010a: DUP2 0000010b: MSTORE 0000010c: PUSH1 0x20 0000010e: ADD 0000010f: SWAP2 00000110: POP 00000111: JUMPDEST 00000112: POP 00000113: SWAP3 00000114: POP 00000115: POP 00000116: POP 00000117: PUSH1 0x40 00000119: MLOAD 0000011a: DUP1 0000011b: SWAP2 0000011c: SUB 0000011d: SWAP1 0000011e: RETURN 0000011f: JUMPDEST 00000120: CALLVALUE 00000121: DUP1 00000122: ISZERO 00000123: PUSH2 0x012b 00000126: JUMPI 00000127: PUSH1 0x00 00000129: DUP1 0000012a: REVERT 0000012b: JUMPDEST 0000012c: POP 0000012d: PUSH2 0x0134 00000130: PUSH2 0x02e3 00000133: JUMP 00000134: JUMPDEST 00000135: STOP 00000136: JUMPDEST 00000137: PUSH1 0x40 00000139: DUP1 0000013a: MLOAD 0000013b: PUSH1 0x20 0000013d: PUSH1 0x04 0000013f: DUP1 00000140: CALLDATALOAD 00000141: DUP1 00000142: DUP3 00000143: ADD 00000144: CALLDATALOAD 00000145: PUSH1 0x1f 00000147: DUP2 00000148: ADD 00000149: DUP5 0000014a: SWAP1 0000014b: DIV 0000014c: DUP5 0000014d: MUL 0000014e: DUP6 0000014f: ADD 00000150: DUP5 00000151: ADD 00000152: SWAP1 00000153: SWAP6 00000154: MSTORE 00000155: DUP5 00000156: DUP5 00000157: MSTORE 00000158: PUSH2 0x0182 0000015b: SWAP5 0000015c: CALLDATASIZE 0000015d: SWAP5 0000015e: SWAP3 0000015f: SWAP4 00000160: PUSH1 0x24 00000162: SWAP4 00000163: SWAP3 00000164: DUP5 00000165: ADD 00000166: SWAP2 00000167: SWAP1 00000168: DUP2 00000169: SWAP1 0000016a: DUP5 0000016b: ADD 0000016c: DUP4 0000016d: DUP3 0000016e: DUP1 0000016f: DUP3 00000170: DUP5 00000171: CALLDATACOPY 00000172: POP 00000173: SWAP5 00000174: SWAP8 00000175: POP 00000176: PUSH2 0x0328 00000179: SWAP7 0000017a: POP 0000017b: POP 0000017c: POP 0000017d: POP 0000017e: POP 0000017f: POP 00000180: POP 00000181: JUMP 00000182: JUMPDEST 00000183: PUSH1 0x40 00000185: DUP1 00000186: MLOAD 00000187: SWAP2 00000188: ISZERO 00000189: ISZERO 0000018a: DUP3 0000018b: MSTORE 0000018c: MLOAD 0000018d: SWAP1 0000018e: DUP2 0000018f: SWAP1 00000190: SUB 00000191: PUSH1 0x20 00000193: ADD 00000194: SWAP1 00000195: RETURN 00000196: JUMPDEST 00000197: CALLVALUE 00000198: DUP1 00000199: ISZERO 0000019a: PUSH2 0x01a2 0000019d: JUMPI 0000019e: PUSH1 0x00 000001a0: DUP1 000001a1: REVERT 000001a2: JUMPDEST 000001a3: POP 000001a4: PUSH2 0x01ae 000001a7: PUSH1 0x04 000001a9: CALLDATALOAD 000001aa: PUSH2 0x050f 000001ad: JUMP 000001ae: JUMPDEST 000001af: PUSH1 0x40 000001b1: DUP1 000001b2: MLOAD 000001b3: PUSH1 0x01 000001b5: PUSH1 0xa0 000001b7: PUSH1 0x02 000001b9: EXP 000001ba: SUB 000001bb: SWAP1 000001bc: SWAP3 000001bd: AND 000001be: DUP3 000001bf: MSTORE 000001c0: MLOAD 000001c1: SWAP1 000001c2: DUP2 000001c3: SWAP1 000001c4: SUB 000001c5: PUSH1 0x20 000001c7: ADD 000001c8: SWAP1 000001c9: RETURN 000001ca: JUMPDEST 000001cb: CALLVALUE 000001cc: DUP1 000001cd: ISZERO 000001ce: PUSH2 0x01d6 000001d1: JUMPI 000001d2: PUSH1 0x00 000001d4: DUP1 000001d5: REVERT 000001d6: JUMPDEST 000001d7: POP 000001d8: PUSH2 0x01df 000001db: PUSH2 0x0537 000001de: JUMP 000001df: JUMPDEST 000001e0: PUSH1 0x40 000001e2: DUP1 000001e3: MLOAD 000001e4: SWAP2 000001e5: DUP3 000001e6: MSTORE 000001e7: MLOAD 000001e8: SWAP1 000001e9: DUP2 000001ea: SWAP1 000001eb: SUB 000001ec: PUSH1 0x20 000001ee: ADD 000001ef: SWAP1 000001f0: RETURN 000001f1: JUMPDEST 000001f2: CALLVALUE 000001f3: DUP1 000001f4: ISZERO 000001f5: PUSH2 0x01fd 000001f8: JUMPI 000001f9: PUSH1 0x00 000001fb: DUP1 000001fc: REVERT 000001fd: JUMPDEST 000001fe: POP 000001ff: PUSH2 0x01ae 00000202: PUSH2 0x053d 00000205: JUMP 00000206: JUMPDEST 00000207: CALLVALUE 00000208: DUP1 00000209: ISZERO 0000020a: PUSH2 0x0212 0000020d: JUMPI 0000020e: PUSH1 0x00 00000210: DUP1 00000211: REVERT 00000212: JUMPDEST 00000213: POP 00000214: PUSH2 0x01df 00000217: PUSH2 0x054c 0000021a: JUMP 0000021b: JUMPDEST 0000021c: CALLVALUE 0000021d: DUP1 0000021e: ISZERO 0000021f: PUSH2 0x0227 00000222: JUMPI 00000223: PUSH1 0x00 00000225: DUP1 00000226: REVERT 00000227: JUMPDEST 00000228: POP 00000229: PUSH2 0x01df 0000022c: PUSH1 0x01 0000022e: PUSH1 0xa0 00000230: PUSH1 0x02 00000232: EXP 00000233: SUB 00000234: PUSH1 0x04 00000236: CALLDATALOAD 00000237: AND 00000238: PUSH2 0x0552 0000023b: JUMP 0000023c: JUMPDEST 0000023d: PUSH1 0x03 0000023f: DUP1 00000240: SLOAD 00000241: DUP3 00000242: SWAP1 00000243: DUP2 00000244: LT 00000245: PUSH2 0x024a 00000248: JUMPI 00000249: INVALID 0000024a: JUMPDEST 0000024b: PUSH1 0x00 0000024d: SWAP2 0000024e: DUP3 0000024f: MSTORE 00000250: PUSH1 0x20 00000252: SWAP2 00000253: DUP3 00000254: SWAP1 00000255: KECCAK256 00000256: ADD 00000257: DUP1 00000258: SLOAD 00000259: PUSH1 0x40 0000025b: DUP1 0000025c: MLOAD 0000025d: PUSH1 0x1f 0000025f: PUSH1 0x02 00000261: PUSH1 0x00 00000263: NOT 00000264: PUSH2 0x0100 00000267: PUSH1 0x01 00000269: DUP8 0000026a: AND 0000026b: ISZERO 0000026c: MUL 0000026d: ADD 0000026e: SWAP1 0000026f: SWAP5 00000270: AND 00000271: SWAP4 00000272: SWAP1 00000273: SWAP4 00000274: DIV 00000275: SWAP3 00000276: DUP4 00000277: ADD 00000278: DUP6 00000279: SWAP1 0000027a: DIV 0000027b: DUP6 0000027c: MUL 0000027d: DUP2 0000027e: ADD 0000027f: DUP6 00000280: ADD 00000281: SWAP1 00000282: SWAP2 00000283: MSTORE 00000284: DUP2 00000285: DUP2 00000286: MSTORE 00000287: SWAP4 00000288: POP 00000289: SWAP1 0000028a: SWAP2 0000028b: DUP4 0000028c: ADD 0000028d: DUP3 0000028e: DUP3 0000028f: DUP1 00000290: ISZERO 00000291: PUSH2 0x02db 00000294: JUMPI 00000295: DUP1 00000296: PUSH1 0x1f 00000298: LT 00000299: PUSH2 0x02b0 0000029c: JUMPI 0000029d: PUSH2 0x0100 000002a0: DUP1 000002a1: DUP4 000002a2: SLOAD 000002a3: DIV 000002a4: MUL 000002a5: DUP4 000002a6: MSTORE 000002a7: SWAP2 000002a8: PUSH1 0x20 000002aa: ADD 000002ab: SWAP2 000002ac: PUSH2 0x02db 000002af: JUMP 000002b0: JUMPDEST 000002b1: DUP3 000002b2: ADD 000002b3: SWAP2 000002b4: SWAP1 000002b5: PUSH1 0x00 000002b7: MSTORE 000002b8: PUSH1 0x20 000002ba: PUSH1 0x00 000002bc: KECCAK256 000002bd: SWAP1 000002be: JUMPDEST 000002bf: DUP2 000002c0: SLOAD 000002c1: DUP2 000002c2: MSTORE 000002c3: SWAP1 000002c4: PUSH1 0x01 000002c6: ADD 000002c7: SWAP1 000002c8: PUSH1 0x20 000002ca: ADD 000002cb: DUP1 000002cc: DUP4 000002cd: GT 000002ce: PUSH2 0x02be 000002d1: JUMPI 000002d2: DUP3 000002d3: SWAP1 000002d4: SUB 000002d5: PUSH1 0x1f 000002d7: AND 000002d8: DUP3 000002d9: ADD 000002da: SWAP2 000002db: JUMPDEST 000002dc: POP 000002dd: POP 000002de: POP 000002df: POP 000002e0: POP 000002e1: DUP2 000002e2: JUMP 000002e3: JUMPDEST 000002e4: CALLER 000002e5: PUSH1 0x00 000002e7: DUP2 000002e8: DUP2 000002e9: MSTORE 000002ea: PUSH1 0x05 000002ec: PUSH1 0x20 000002ee: MSTORE 000002ef: PUSH1 0x40 000002f1: DUP1 000002f2: DUP3 000002f3: KECCAK256 000002f4: DUP1 000002f5: SLOAD 000002f6: SWAP1 000002f7: DUP4 000002f8: SWAP1 000002f9: SSTORE 000002fa: SWAP1 000002fb: MLOAD 000002fc: SWAP1 000002fd: SWAP3 000002fe: SWAP2 000002ff: DUP4 00000300: ISZERO 00000301: PUSH2 0x08fc 00000304: MUL 00000305: SWAP2 00000306: DUP5 00000307: SWAP2 00000308: DUP2 00000309: DUP2 0000030a: DUP2 0000030b: DUP6 0000030c: DUP9 0000030d: DUP9 0000030e: CALL 0000030f: SWAP4 00000310: POP 00000311: POP 00000312: POP 00000313: POP 00000314: ISZERO 00000315: DUP1 00000316: ISZERO 00000317: PUSH2 0x0324 0000031a: JUMPI 0000031b: RETURNDATASIZE 0000031c: PUSH1 0x00 0000031e: DUP1 0000031f: RETURNDATACOPY 00000320: RETURNDATASIZE 00000321: PUSH1 0x00 00000323: REVERT 00000324: JUMPDEST 00000325: POP 00000326: POP 00000327: JUMP 00000328: JUMPDEST 00000329: PUSH1 0x00 0000032b: DUP1 0000032c: PUSH1 0x00 0000032e: PUSH1 0x04 00000330: SLOAD 00000331: CALLVALUE 00000332: LT 00000333: ISZERO 00000334: ISZERO 00000335: ISZERO 00000336: PUSH2 0x033e 00000339: JUMPI 0000033a: PUSH1 0x00 0000033c: DUP1 0000033d: REVERT 0000033e: JUMPDEST 0000033f: PUSH1 0x04 00000341: SLOAD 00000342: CALLVALUE 00000343: GT 00000344: ISZERO 00000345: PUSH2 0x0367 00000348: JUMPI 00000349: PUSH1 0x04 0000034b: SLOAD 0000034c: CALLER 0000034d: PUSH1 0x00 0000034f: SWAP1 00000350: DUP2 00000351: MSTORE 00000352: PUSH1 0x05 00000354: PUSH1 0x20 00000356: MSTORE 00000357: PUSH1 0x40 00000359: SWAP1 0000035a: KECCAK256 0000035b: DUP1 0000035c: SLOAD 0000035d: CALLVALUE 0000035e: SWAP3 0000035f: SWAP1 00000360: SWAP3 00000361: SUB 00000362: SWAP1 00000363: SWAP2 00000364: ADD 00000365: SWAP1 00000366: SSTORE 00000367: JUMPDEST 00000368: POP 00000369: POP 0000036a: PUSH1 0x02 0000036c: SLOAD 0000036d: PUSH1 0x00 0000036f: JUMPDEST 00000370: DUP2 00000371: DUP2 00000372: LT 00000373: ISZERO 00000374: PUSH2 0x03d3 00000377: JUMPI 00000378: PUSH1 0x04 0000037a: SLOAD 0000037b: DUP3 0000037c: SWAP1 0000037d: PUSH1 0x64 0000037f: SWAP1 00000380: PUSH1 0x08 00000382: MUL 00000383: DIV 00000384: DUP2 00000385: ISZERO 00000386: ISZERO 00000387: PUSH2 0x038c 0000038a: JUMPI 0000038b: INVALID 0000038c: JUMPDEST 0000038d: DIV 0000038e: PUSH1 0x05 00000390: PUSH1 0x00 00000392: PUSH1 0x02 00000394: DUP5 00000395: DUP2 00000396: SLOAD 00000397: DUP2 00000398: LT 00000399: ISZERO 0000039a: ISZERO 0000039b: PUSH2 0x03a0 0000039e: JUMPI 0000039f: INVALID 000003a0: JUMPDEST 000003a1: PUSH1 0x00 000003a3: SWAP2 000003a4: DUP3 000003a5: MSTORE 000003a6: PUSH1 0x20 000003a8: DUP1 000003a9: DUP4 000003aa: KECCAK256 000003ab: SWAP1 000003ac: SWAP2 000003ad: ADD 000003ae: SLOAD 000003af: PUSH1 0x01 000003b1: PUSH1 0xa0 000003b3: PUSH1 0x02 000003b5: EXP 000003b6: SUB 000003b7: AND 000003b8: DUP4 000003b9: MSTORE 000003ba: DUP3 000003bb: ADD 000003bc: SWAP3 000003bd: SWAP1 000003be: SWAP3 000003bf: MSTORE 000003c0: PUSH1 0x40 000003c2: ADD 000003c3: SWAP1 000003c4: KECCAK256 000003c5: DUP1 000003c6: SLOAD 000003c7: SWAP1 000003c8: SWAP2 000003c9: ADD 000003ca: SWAP1 000003cb: SSTORE 000003cc: PUSH1 0x01 000003ce: ADD 000003cf: PUSH2 0x036f 000003d2: JUMP 000003d3: JUMPDEST 000003d4: PUSH1 0x04 000003d6: DUP1 000003d7: SLOAD 000003d8: PUSH1 0x01 000003da: DUP1 000003db: SLOAD 000003dc: PUSH1 0x01 000003de: PUSH1 0xa0 000003e0: PUSH1 0x02 000003e2: EXP 000003e3: SUB 000003e4: SWAP1 000003e5: DUP2 000003e6: AND 000003e7: PUSH1 0x00 000003e9: SWAP1 000003ea: DUP2 000003eb: MSTORE 000003ec: PUSH1 0x05 000003ee: PUSH1 0x20 000003f0: SWAP1 000003f1: DUP2 000003f2: MSTORE 000003f3: PUSH1 0x40 000003f5: DUP3 000003f6: KECCAK256 000003f7: DUP1 000003f8: SLOAD 000003f9: PUSH1 0x64 000003fb: PUSH1 0x5c 000003fd: SWAP1 000003fe: SWAP8 000003ff: MUL 00000400: DUP8 00000401: SWAP1 00000402: DIV 00000403: ADD 00000404: SWAP1 00000405: SSTORE 00000406: DUP6 00000407: SLOAD 00000408: PUSH1 0x78 0000040a: MUL 0000040b: SWAP5 0000040c: SWAP1 0000040d: SWAP5 0000040e: DIV 0000040f: SWAP1 00000410: SWAP5 00000411: SSTORE 00000412: DUP2 00000413: SLOAD 00000414: PUSH1 0x02 00000416: DUP1 00000417: SLOAD 00000418: DUP1 00000419: DUP6 0000041a: ADD 0000041b: SWAP1 0000041c: SWAP2 0000041d: SSTORE 0000041e: PUSH32 0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5ace 0000043f: ADD 00000440: DUP1 00000441: SLOAD 00000442: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000457: NOT 00000458: AND 00000459: SWAP2 0000045a: SWAP1 0000045b: SWAP3 0000045c: AND 0000045d: OR 0000045e: SWAP1 0000045f: SSTORE 00000460: PUSH1 0x03 00000462: DUP1 00000463: SLOAD 00000464: SWAP2 00000465: DUP3 00000466: ADD 00000467: DUP1 00000468: DUP3 00000469: SSTORE 0000046a: SWAP4 0000046b: MSTORE 0000046c: DUP7 0000046d: MLOAD 0000046e: PUSH2 0x049e 00000471: SWAP3 00000472: PUSH32 0xc2575a0e9e593c00f959f8c92f12db2869c3395a3b0502d05e2516446f71f85b 00000493: SWAP1 00000494: SWAP3 00000495: ADD 00000496: SWAP2 00000497: DUP9 00000498: ADD 00000499: SWAP1 0000049a: PUSH2 0x0564 0000049d: JUMP 0000049e: JUMPDEST 0000049f: POP 000004a0: POP 000004a1: PUSH1 0x01 000004a3: DUP1 000004a4: SLOAD 000004a5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004ba: NOT 000004bb: AND 000004bc: CALLER 000004bd: OR 000004be: DUP1 000004bf: DUP3 000004c0: SSTORE 000004c1: SWAP1 000004c2: DUP4 000004c3: ADD 000004c4: PUSH1 0x00 000004c6: DUP2 000004c7: SWAP1 000004c8: SSTORE 000004c9: PUSH1 0x40 000004cb: DUP1 000004cc: MLOAD 000004cd: PUSH1 0x01 000004cf: PUSH1 0xa0 000004d1: PUSH1 0x02 000004d3: EXP 000004d4: SUB 000004d5: SWAP4 000004d6: SWAP1 000004d7: SWAP4 000004d8: AND 000004d9: DUP4 000004da: MSTORE 000004db: MLOAD 000004dc: SWAP1 000004dd: SWAP2 000004de: PUSH32 0xb47c52a971a941c629c2f7690d2a3bd407390d3c8eabc35473c70883a3d5da16 000004ff: SWAP2 00000500: SWAP1 00000501: DUP2 00000502: SWAP1 00000503: SUB 00000504: PUSH1 0x20 00000506: ADD 00000507: SWAP1 00000508: LOG2 00000509: POP 0000050a: POP 0000050b: SWAP2 0000050c: SWAP1 0000050d: POP 0000050e: JUMP 0000050f: JUMPDEST 00000510: PUSH1 0x02 00000512: DUP1 00000513: SLOAD 00000514: DUP3 00000515: SWAP1 00000516: DUP2 00000517: LT 00000518: PUSH2 0x051d 0000051b: JUMPI 0000051c: INVALID 0000051d: JUMPDEST 0000051e: PUSH1 0x00 00000520: SWAP2 00000521: DUP3 00000522: MSTORE 00000523: PUSH1 0x20 00000525: SWAP1 00000526: SWAP2 00000527: KECCAK256 00000528: ADD 00000529: SLOAD 0000052a: PUSH1 0x01 0000052c: PUSH1 0xa0 0000052e: PUSH1 0x02 00000530: EXP 00000531: SUB 00000532: AND 00000533: SWAP1 00000534: POP 00000535: DUP2 00000536: JUMP 00000537: JUMPDEST 00000538: PUSH1 0x00 0000053a: SLOAD 0000053b: DUP2 0000053c: JUMP 0000053d: JUMPDEST 0000053e: PUSH1 0x01 00000540: SLOAD 00000541: PUSH1 0x01 00000543: PUSH1 0xa0 00000545: PUSH1 0x02 00000547: EXP 00000548: SUB 00000549: AND 0000054a: DUP2 0000054b: JUMP 0000054c: JUMPDEST 0000054d: PUSH1 0x04 0000054f: SLOAD 00000550: DUP2 00000551: JUMP 00000552: JUMPDEST 00000553: PUSH1 0x05 00000555: PUSH1 0x20 00000557: MSTORE 00000558: PUSH1 0x00 0000055a: SWAP1 0000055b: DUP2 0000055c: MSTORE 0000055d: PUSH1 0x40 0000055f: SWAP1 00000560: KECCAK256 00000561: SLOAD 00000562: DUP2 00000563: JUMP 00000564: JUMPDEST 00000565: DUP3 00000566: DUP1 00000567: SLOAD 00000568: PUSH1 0x01 0000056a: DUP2 0000056b: PUSH1 0x01 0000056d: AND 0000056e: ISZERO 0000056f: PUSH2 0x0100 00000572: MUL 00000573: SUB 00000574: AND 00000575: PUSH1 0x02 00000577: SWAP1 00000578: DIV 00000579: SWAP1 0000057a: PUSH1 0x00 0000057c: MSTORE 0000057d: PUSH1 0x20 0000057f: PUSH1 0x00 00000581: KECCAK256 00000582: SWAP1 00000583: PUSH1 0x1f 00000585: ADD 00000586: PUSH1 0x20 00000588: SWAP1 00000589: DIV 0000058a: DUP2 0000058b: ADD 0000058c: SWAP3 0000058d: DUP3 0000058e: PUSH1 0x1f 00000590: LT 00000591: PUSH2 0x05a5 00000594: JUMPI 00000595: DUP1 00000596: MLOAD 00000597: PUSH1 0xff 00000599: NOT 0000059a: AND 0000059b: DUP4 0000059c: DUP1 0000059d: ADD 0000059e: OR 0000059f: DUP6 000005a0: SSTORE 000005a1: PUSH2 0x05d2 000005a4: JUMP 000005a5: JUMPDEST 000005a6: DUP3 000005a7: DUP1 000005a8: ADD 000005a9: PUSH1 0x01 000005ab: ADD 000005ac: DUP6 000005ad: SSTORE 000005ae: DUP3 000005af: ISZERO 000005b0: PUSH2 0x05d2 000005b3: JUMPI 000005b4: SWAP2 000005b5: DUP3 000005b6: ADD 000005b7: JUMPDEST 000005b8: DUP3 000005b9: DUP2 000005ba: GT 000005bb: ISZERO 000005bc: PUSH2 0x05d2 000005bf: JUMPI 000005c0: DUP3 000005c1: MLOAD 000005c2: DUP3 000005c3: SSTORE 000005c4: SWAP2 000005c5: PUSH1 0x20 000005c7: ADD 000005c8: SWAP2 000005c9: SWAP1 000005ca: PUSH1 0x01 000005cc: ADD 000005cd: SWAP1 000005ce: PUSH2 0x05b7 000005d1: JUMP 000005d2: JUMPDEST 000005d3: POP 000005d4: PUSH2 0x05de 000005d7: SWAP3 000005d8: SWAP2 000005d9: POP 000005da: PUSH2 0x05e2 000005dd: JUMP 000005de: JUMPDEST 000005df: POP 000005e0: SWAP1 000005e1: JUMP 000005e2: JUMPDEST 000005e3: PUSH2 0x05fc 000005e6: SWAP2 000005e7: SWAP1 000005e8: JUMPDEST 000005e9: DUP1 000005ea: DUP3 000005eb: GT 000005ec: ISZERO 000005ed: PUSH2 0x05de 000005f0: JUMPI 000005f1: PUSH1 0x00 000005f3: DUP2 000005f4: SSTORE 000005f5: PUSH1 0x01 000005f7: ADD 000005f8: PUSH2 0x05e8 000005fb: JUMP 000005fc: JUMPDEST 000005fd: SWAP1 000005fe: JUMP 000005ff: STOP 00000600: LOG1 00000601: PUSH6 0x627a7a723058 00000608: KECCAK256 00000609: XOR 0000060a: UNKNOWN(0xB7) 0000060b: UNKNOWN(0xC8) 0000060c: PUSH31
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x9fc4a643f6e4ef140d5b4936e2c9d1c5b8e4167828a813506be66d3603c88037
call_targets:
0x6103281b7d1f7862d692fda42dc06ece61a40547
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x9fc4a643f6e4ef140d5b4936e2c9d1c5b8e4167828a813506be66d3603c88037",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x6103281b7d1f7862d692fda42dc06ece61a40547"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x0d80fefd",
"selector": "0x0d80fefd",
"calldata_variants": [
"0x0d80fefd",
"0x0d80fefd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ccfd60b",
"selector": "0x3ccfd60b",
"calldata_variants": [
"0x3ccfd60b",
"0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492cc769",
"selector": "0x492cc769",
"calldata_variants": [
"0x492cc769",
"0x492cc7690000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x55872813",
"selector": "0x55872813",
"calldata_variants": [
"0x55872813",
"0x558728130000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a75b8d5",
"selector": "0x5a75b8d5",
"calldata_variants": [
"0x5a75b8d5",
"0x5a75b8d50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6776ddd0",
"selector": "0x6776ddd0",
"calldata_variants": [
"0x6776ddd0",
"0x6776ddd00000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa035b1fe",
"selector": "0xa035b1fe",
"calldata_variants": [
"0xa035b1fe",
"0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe3d670d7",
"selector": "0xe3d670d7",
"calldata_variants": [
"0xe3d670d7",
"0xe3d670d70000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 782,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x9fc4a643f6e4ef140d5b4936e2c9d1c5b8e4167828a813506be66d3603c88037
call_targets:
0x6103281b7d1f7862d692fda42dc06ece61a40547
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x9fc4a643f6e4ef140d5b4936e2c9d1c5b8e4167828a813506be66d3603c88037",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x6103281b7d1f7862d692fda42dc06ece61a40547"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x0d80fefd",
"selector": "0x0d80fefd",
"calldata_variants": [
"0x0d80fefd",
"0x0d80fefd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ccfd60b",
"selector": "0x3ccfd60b",
"calldata_variants": [
"0x3ccfd60b",
"0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x492cc769",
"selector": "0x492cc769",
"calldata_variants": [
"0x492cc769",
"0x492cc7690000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x55872813",
"selector": "0x55872813",
"calldata_variants": [
"0x55872813",
"0x558728130000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5a75b8d5",
"selector": "0x5a75b8d5",
"calldata_variants": [
"0x5a75b8d5",
"0x5a75b8d50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x6776ddd0",
"selector": "0x6776ddd0",
"calldata_variants": [
"0x6776ddd0",
"0x6776ddd00000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa035b1fe",
"selector": "0xa035b1fe",
"calldata_variants": [
"0xa035b1fe",
"0xa035b1fe0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe3d670d7",
"selector": "0xe3d670d7",
"calldata_variants": [
"0xe3d670d7",
"0xe3d670d70000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 782,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|
| medium | other | codex | Unbounded loop in buy can permanently DoS purchases | 75 | no | — |
viewevidence_json{
"evidence": "buy iterates over previousHodlers on every purchase.",
"locations": [
"contracts/Contract.sol:33"
],
"recommendation": "Replace the O(n) distribution loop with a pull-based scheme (e.g., track cumulative dividends per share) or cap the list length to keep gas bounded.",
"exploit_scenario": "An attacker (or normal users over time) can grow previousHodlers by repeatedly calling buy. Eventually the for-loop over all previous holders exceeds the block gas limit, making buy revert and preventing any further purchases."
}
|
| low | math | codex | Price growth can overflow and wrap, breaking pricing invariants | 65 | no | — |
viewevidence_json{
"evidence": "price is updated with unchecked multiplication and division.",
"locations": [
"contracts/Contract.sol:38"
],
"recommendation": "Use SafeMath for multiplication/division or upgrade to Solidity >=0.8 with checked arithmetic and add an explicit upper bound for price.",
"exploit_scenario": "After enough purchases, price = price * 120 / 100 overflows uint256 and wraps to a much smaller value. An attacker can then buy for a near-zero price, undermining the intended price escalation and payouts."
}
|