TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019c0ea9-0900-7147-9322-e26ba5b89eeb

complete
Chain ID
1
Address
0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6
Block Number
Created
Fri, Jan 30, 2026 11:28 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Present
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
41963 artifact.fetch complete 1 / 3 2 months ago
41964 proxy.resolve complete 1 / 3 2 months ago
41965 tool.cast_disasm complete 1 / 3 2 months ago
41966 analysis.bundle complete 1 / 3 2 months ago
41967 capability.graph complete 1 / 3 2 months ago
41968 detector.run complete 1 / 3 2 months ago
41969 validation.fork complete 1 / 3 2 months ago
42377 report.consolidate complete 1 / 6 2 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes onchain_only
Implementation:
0xd3f582f6b4814e989ee8e96bc3175320b5a540ab target (child run)
Verified Source: no
Proxy evidence 
{
    "method": "eip1967",
    "status": "onchain_only",
    "implementation": "0xd3f582f6b4814e989ee8e96bc3175320b5a540ab",
    "onchain_method": "eip1967"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
2
No findings?
no
Summary
Bytecode-only review flagged computed DELEGATECALL targets and multiple external CALLs with value; guard presence is not detectable from the artifacts, so risks depend on who can reach these paths.
View stdout 
{"no_findings":false,"summary":"Bytecode-only review flagged computed DELEGATECALL targets and multiple external CALLs with value; guard presence is not detectable from the artifacts, so risks depend on who can reach these paths.","findings":[{"severity":"medium","category":"other","title":"Computed DELEGATECALL target may be attacker-controlled","exploit_scenario":"If a caller can influence the delegatecall target (e.g., via calldata or a writable storage slot), they can execute arbitrary code in the contract’s context, corrupt storage, or escalate privileges. Because DELEGATECALL runs in the caller’s storage, compromise here can be total.","recommendation":"Constrain delegatecall targets to a vetted/whitelisted set or immutable registry, and gate execution with strong authorization (owner/EntryPoint) and explicit target validation (e.g., codehash checks). If not required, remove delegatecall paths.","evidence":"Detector reports 2 DELEGATECALL sites with computed targets and no guards detected (untrusted_delegatecall_count=2). Callsites list DELEGATECALL at pc 0xe33 and 0x11b6.","locations":["pc:0xe33","pc:0x11b6"]},{"severity":"low","category":"access_control","title":"External CALLs with ETH to computed targets require strict authorization","exploit_scenario":"If any execute-style entrypoint is reachable without robust authorization, an attacker could trigger external CALLs with user-controlled targets and value to drain ETH or reenter via a malicious callee. This is especially risky if state updates occur around the call.","recommendation":"Ensure all CALL paths are gated by strong authorization (e.g., owner/EntryPoint checks) and consider reentrancy protections around state updates. Validate or constrain target/value inputs if possible.","evidence":"Detector shows 10 CALL sites with computed targets/values and possible ETH transfers (eth_value_calls=10) with no guards detected. Callsites include pc 0x5c0, 0xab8, 0xc29, 0x100b, 0x1292, 0x16bc, 0x16fd, 0x1771, 0x1b05, 0x1f62.","locations":["pc:0x5c0","pc:0xab8","pc:0xc29","pc:0x100b","pc:0x1292","pc:0x16bc","pc:0x16fd","pc:0x1771","pc:0x1b05","pc:0x1f62"]}]}
View stderr 
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-w46pt6xe
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0f4a-49dd-7e62-8ed6-8a19f19aac69
--------
user
Context: The user requested the proxy at 0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6.
Audit the implementation at 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab.
Findings should refer to the implementation unless explicitly about proxy mechanics.

You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.

Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".

Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-w46pt6xe succeeded in 6ms:
BYTECODE_BUNDLE.json
codex-output-schema.json
exec
/bin/bash -lc 'cat BYTECODE_BUNDLE.json' in /tmp/codex-w46pt6xe succeeded in 27ms:
{
  "analysis_artifact": {
    "address": "0xd3f582f6b4814e989ee8e96bc3175320b5a540ab",
    "artifact_hash": "0x2fc537903ee85eef90b252a0e8bbb2de2b6ea2ace2e8aa6da1527d0fa7d6cada",
    "artifact_json": {
      "auth": {
        "guards": []
      },
      "basic_blocks": [
        {
          "end_pc": 13,
          "hash": "0x86b9a73a5d5e82b1d142a0be840c25b0b3e2fa0accf8597e38e3ec8266e9e2e1",
          "opcodes": [
            "PUSH1",
            "PUSH1",
            "MSTORE",
            "PUSH1",
            "CALLDATASIZE",
            "LT",
            "ISZERO",
exec
/bin/bash -lc 'rg -n "storage|slot|eip" BYTECODE_BUNDLE.json' in /tmp/codex-w46pt6xe succeeded in 16ms:
12467:          "storage": {
12469:            "slots": [
12473:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12478:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12483:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12488:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12493:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12498:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12503:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12508:                "slot": "0x0000000000000000000000000000000000000000000000000000000000001e63"
12513:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12518:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12523:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12528:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12546:          "storage": {
12548:            "slots": [
12552:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12557:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12562:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
12567:                "slot": "0x0000000000000000000000000000000000000000000000000000000000000020"
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
print(data.keys())
print(data['analysis_artifact'].keys())
print(data['analysis_artifact']['artifact_json'].keys())
PY" in /tmp/codex-w46pt6xe succeeded in 36ms:
dict_keys(['analysis_artifact', 'analysis_run', 'artifact', 'capability_graph', 'detector_findings', 'heuristics_summary'])
dict_keys(['address', 'artifact_hash', 'artifact_json', 'block_number', 'chain_id', 'codehash', 'created_at', 'id', 'updated_at', 'version'])
dict_keys(['auth', 'basic_blocks', 'callsites', 'cfg_edges', 'cfg_hash', 'dispatcher_type', 'function_entries', 'functions', 'selectors', 'sinks', 'storage', 'version'])
exec
/bin/bash -lc "python - <<'PY'
import json, textwrap
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
art=data['analysis_artifact']['artifact_json']
print('dispatcher_type', art.get('dispatcher_type'))
print('selectors', art.get('selectors')[:10])
print('functions count', len(art.get('functions', [])))
print('function_entries count', len(art.get('function_entries', [])))
print('callsites count', len(art.get('callsites', [])))
print('storage keys', art.get('storage', {}).keys())
PY" in /tmp/codex-w46pt6xe succeeded in 34ms:
dispatcher_type selector_jump_table
selectors ['0x06fdde03', '0x0b3dc354', '0x150b7a02', '0x1626ba7e', '0x29f8b174', '0x333daf92', '0x34fcd5be', '0x3659cfe6', '0x3a871cdd', '0x3e1b0812']
functions count 23
function_entries count 23
callsites count 16
storage keys dict_keys(['keccak_count', 'reads', 'slots', 'writes'])
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
art=data['analysis_artifact']['artifact_json']
print('selectors:', art['selectors'])
PY" in /tmp/codex-w46pt6xe succeeded in 29ms:
selectors: ['0x06fdde03', '0x0b3dc354', '0x150b7a02', '0x1626ba7e', '0x29f8b174', '0x333daf92', '0x34fcd5be', '0x3659cfe6', '0x3a871cdd', '0x3e1b0812', '0x51166ba0', '0x51945447', '0x54fd4d50', '0x55b14f50', '0x57b75047', '0x84b0196e', '0x88e7fd06', '0xb0d691fe', '0xb68df16d', '0xbc197c81', '0xd087d288', '0xd1f57894', '0xd5416221']
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
print('analysis_run keys', data['analysis_run'].keys())
print('artifact keys', data['artifact'].keys())
print('capability_graph keys', data['capability_graph'].keys())
PY" in /tmp/codex-w46pt6xe succeeded in 36ms:
analysis_run keys dict_keys(['address', 'block_number', 'chain_id', 'child_links', 'created_at', 'id', 'parent_links', 'status', 'updated_at'])
artifact keys dict_keys(['codehash', 'compiler_json', 'implementation_address', 'is_proxy', 'runtime_bytecode', 'verified_source'])
capability_graph keys dict_keys(['address', 'block_number', 'chain_id', 'codehash', 'created_at', 'graph_hash', 'graph_json', 'id', 'updated_at', 'version'])
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
print(data['artifact'])
PY" in /tmp/codex-w46pt6xe succeeded in 29ms:
{'codehash': '0x450f6888483e50f3381b8d1d3d19b148c4f954277d1a2206981f160abb5c7469', 'compiler_json': {'compiler_version': None, 'etherscan': {'contract_name': None, 'implementation': None, 'license': 'Unknown', 'proxy': '0', 'swarm_source': None}, 'optimizer_enabled': False, 'optimizer_runs': 0, 'proxy_evidence': {'status': 'not_proxy'}}, 'implementation_address': None, 'is_proxy': False, 'runtime_bytecode': {'full': '0x6080604052600436101561001d575b366111595761001b612047565b005b60003560e01c806306fdde031461019d5780630b3dc35414610198578063150b7a02146101935780631626ba7e1461018e57806329f8b17414610189578063333daf921461018457806334fcd5be1461017f5780633659cfe61461017a5780633a871cdd146101755780633e1b08121461017057806351166ba01461016b578063519454471461016657806354fd4d501461016157806355b14f501461015c57806357b750471461015757806384b0196e1461015257806388e7fd061461014d578063b0d691fe14610148578063b68df16d14610143578063bc197c811461013e578063d087d28814610139578063d1f5789414610134578063d54162211461012f5763f23a6e610361000e576110c7565b611035565b610f99565b610f1a565b610e8b565b610dae565b610d69565b610d34565b610c8c565b610c55565b610b6f565b610b1b565b610a16565b61094d565b610889565b610847565b6107a1565b6106be565b610639565b610491565b61043e565b6103b1565b610332565b6102fe565b60009103126101ad57565b600080fd5b634e487b7160e01b600052604160045260246000fd5b6001600160401b0381116101db57604052565b6101b2565b606081019081106001600160401b038211176101db57604052565b608081019081106001600160401b038211176101db57604052565b604081019081106001600160401b038211176101db57604052565b60c081019081106001600160401b038211176101db57604052565b90601f801991011681019081106001600160401b038211176101db57604052565b6040519061027a826101fb565b565b6040519061016082018281106001600160401b038211176101db57604052565b604051906102a982610216565b600682526512d95c9b995b60d21b6020830152565b919082519283825260005b8481106102ea575050826000602080949584010152601f8019910116010190565b6020818301810151848301820152016102c9565b346101ad5760003660031901126101ad5761032e61031a61029c565b6040519182916020835260208301906102be565b0390f35b346101ad5760003660031901126101ad5760206000805160206121718339815191525460501c6040519060018060a01b03168152f35b6001600160a01b038116036101ad57565b359061027a82610368565b9181601f840112156101ad578235916001600160401b0383116101ad57602083818601950101116101ad57565b346101ad5760803660031901126101ad576103cd600435610368565b6103d8602435610368565b6064356001600160401b0381116101ad576103f7903690600401610384565b5050604051630a85bd0160e11b8152602090f35b9060406003198301126101ad5760043591602435906001600160401b0382116101ad5761043a91600401610384565b9091565b346101ad5760206104576104513661040b565b91611c33565b6040516001600160e01b03199091168152f35b600435906001600160e01b0319821682036101ad57565b65ffffffffffff8116036101ad57565b60c03660031901126101ad576104a561046a565b602435906104b282610368565b604435906104bf82610368565b6064356104cb81610481565b608435936104d885610481565b60a4356001600160401b0381116101ad576104f7903690600401610384565b9590946001600160a01b0393337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d2789861614158061062f575b61061d5784926105646105909261055561054761026d565b65ffffffffffff9094168452565b65ffffffffffff166020830152565b6001600160a01b03851660408201526001600160a01b038316606082015261058b87611121565b611803565b1693843b156101ad576040519063064acaab60e11b825281806105ba6000998a94600484016118b6565b038183895af18015610618576105ff575b5016906001600160e01b0319167fed03d2572564284398470d3f266a693e29ddfff3eba45fc06c5e91013d3213538480a480f35b8061060c610612926101c8565b806101a2565b386105cb565b61154d565b604051637046c88d60e01b8152600490fd5b503033141561052f565b346101ad57602061065261064c3661040b565b91611f8c565b604051908152f35b9291926001600160401b0382116101db5760405191610683601f8201601f19166020018461024c565b8294818452818301116101ad578281602093846000960137010152565b9080601f830112156101ad578160206106bb9335910161065a565b90565b6020806003193601126101ad576001600160401b036004358181116101ad57366023820112156101ad578060040135918083116101db578260051b9060409081519461070c8785018761024c565b85528585019160248094860101943686116101ad57848101935b8685106107365761001b8861121c565b84358481116101ad578201606060231982360301126101ad5783519161075b836101e0565b8782013561076881610368565b835260448201358b8401526064820135928684116101ad576107928c94938a8695369201016106a0565b86820152815201940193610726565b60203660031901126101ad576004356107b981610368565b6001600160a01b0390337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d2789831614158061083d575b61061d57807f360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc55167fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b600080a2005b50303314156107ee565b6003196060368201126101ad57600435906001600160401b0382116101ad576101609082360301126101ad576106526020916044359060243590600401611559565b346101ad5760203660031901126101ad576004356001600160c01b038116908190036101ad57604051631aab3f0d60e11b815230600482015260248101919091526020816044817f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03165afa80156106185761032e9160009161091f575b506040519081529081906020820190565b610940915060203d8111610946575b610938818361024c565b81019061146e565b3861090e565b503d61092e565b346101ad5760203660031901126101ad5761032e61099261096c61046a565b6000606060405161097c816101fb565b8281528260208201528260408201520152611121565b6040519061099f826101fb565b805465ffffffffffff80821684528160301c16602084015260601c60408301526001808060a01b03910154166060820152604051918291829190916060608082019365ffffffffffff80825116845260208201511660208401528160018060a01b0391826040820151166040860152015116910152565b60803660031901126101ad57600435610a2e81610368565b6044356001600160401b0381116101ad57610a4d9036906004016106a0565b9060643560028110156101ad57337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b0316141580610af0575b80610adb575b61061d57610aa0816111d2565b610ac9576000828193926020839451920190602435905af13d82803e15610ac5573d90f35b3d90fd5b6040516367ce775960e01b8152600490fd5b50610aeb610ae7611d8c565b1590565b610a93565b5030331415610a8d565b60405190610b0782610216565b6005825264302e322e3360d81b6020830152565b346101ad5760003660031901126101ad5761032e61031a610afa565b9060406003198301126101ad57600435610b5081610368565b91602435906001600160401b0382116101ad5761043a91600401610384565b610b7836610b37565b90916001600160a01b03337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27898216141580610c4b575b61061d57806000805160206121718339815191525460501c1691610bd181612078565b1692836040519360009586947fa35f5cdc5fbabb614b4cd5064ce5543f43dc8fab0e4da41255230eb8aba2531c8680a3813b15610c47578385610c25819593829463064acaab60e11b8452600484016118b6565b03925af1801561061857610c37575080f35b8061060c610c44926101c8565b80f35b8380fd5b5030331415610bae565b346101ad5760003660031901126101ad5760206000805160206121718339815191525460e01b6040519063ffffffff60e01b168152f35b346101ad5760003660031901126101ad57610ce2610ca861029c565b610cb0610afa565b90604051928392600f60f81b8452610cd460209360e08587015260e08601906102be565b9084820360408601526102be565b90466060840152306080840152600060a084015282820360c08401528060605192838152019160809160005b828110610d1d57505050500390f35b835185528695509381019392810192600101610d0e565b346101ad5760003660031901126101ad5760206000805160206121718339815191525465ffffffffffff60405191831c168152f35b346101ad5760003660031901126101ad576040517f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03168152602090f35b60403660031901126101ad57600435610dc681610368565b6024356001600160401b0381116101ad57610de59036906004016106a0565b90337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b0316141580610e51575b80610e40575b61061d5760008281939260208394519201905af43d82803e15610ac5573d90f35b50610e4c610ae7611d8c565b610e1f565b5030331415610e19565b9181601f840112156101ad578235916001600160401b0383116101ad576020808501948460051b0101116101ad57565b346101ad5760a03660031901126101ad57610ea7600435610368565b610eb2602435610368565b6001600160401b036044358181116101ad57610ed2903690600401610e5b565b50506064358181116101ad57610eec903690600401610e5b565b50506084359081116101ad57610f06903690600401610384565b505060405163bc197c8160e01b8152602090f35b346101ad5760003660031901126101ad57604051631aab3f0d60e11b8152306004820152600060248201526020816044817f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03165afa80156106185761032e9160009161091f57506040519081529081906020820190565b610fa236610b37565b60008051602061217183398151915254919290916001600160a01b03919060501c821661102457610fd281612078565b1691823b156101ad57611007926000928360405180968195829463064acaab60e11b8452602060048501526024840191611895565b03925af180156106185761101757005b8061060c61001b926101c8565b60405162dc149f60e41b8152600490fd5b60203660031901126101ad5761104961046a565b337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03161415806110bd575b61061d5760008051602061217183398151915290815469ffffffffffff000000004260201b169160e01c9069ffffffffffffffffffff191617179055600080f35b503033141561107c565b346101ad5760a03660031901126101ad576110e3600435610368565b6110ee602435610368565b6084356001600160401b0381116101ad5761110d903690600401610384565b505060405163f23a6e6160e01b8152602090f35b63ffffffff60e01b166000527f439ffe7df606b78489639bc0b827913bd09e1246fa6802968a5b3694c53e0dda602052604060002090565b600061116f81356001600160e01b031916611121565b5460601c337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03161415806111c3575b61061d57818091368280378136915af43d82803e15610ac5573d90f35b506111cc611d8c565b156111a6565b600211156111dc57565b634e487b7160e01b600052602160045260246000fd5b80518210156112065760209160051b010190565b634e487b7160e01b600052603260045260246000fd5b337f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d27896001600160a01b03161415806112a9575b61061d5780519060005b82811061126557505050565b60008061127283856111f2565b5180516001600160a01b03166020916040838201519101519283519301915af13d6000803e156112a457600101611259565b3d6000fd5b506112b5610ae7611d8c565b61124f565b906004116101ad5790600490565b90929192836004116101ad5783116101ad57600401916003190190565b906024116101ad5760100190601490565b906058116101ad5760380190602090565b906024116101ad5760040190602090565b906038116101ad5760240190601490565b90600a116101ad5760040190600690565b906010116101ad57600a0190600690565b909392938483116101ad5784116101ad578101920390565b6001600160e01b0319903581811693926004811061138057505050565b60040360031b82901b16169150565b9190610160838203126101ad576113a461027c565b926113ae81610379565b8452602081013560208501526040810135916001600160401b03928381116101ad57816113dc9184016106a0565b604086015260608201358381116101ad57816113f99184016106a0565b60608601526080820135608086015260a082013560a086015260c082013560c086015260e082013560e08601526101008083013590860152610120808301358481116101ad578261144b9185016106a0565b9086015261014092838301359081116101ad5761146892016106a0565b90830152565b908160209103126101ad575190565b606080825282516001600160a01b031690820152919392916040916115439060208101516080840152838101516114c2610160918260a08701526101c08601906102be565b906115306114e2606085015193605f1994858983030160c08a01526102be565b608085015160e088015260a085015192610100938489015260c08601519061012091828a015260e08701519461014095868b01528701519089015285015184888303016101808901526102be565b92015190848303016101a08501526102be565b9460208201520152565b6040513d6000823e3d90fd5b6001600160a01b039392917f0000000000000000000000005ff137d4b0fdcd49dca30c7cf57e578a026d278985163303611777576004948535928361014481013501918760248401930135946115b86115b287866112ba565b90611363565b926001600160e01b0319808516918215611754576115d790369061138f565b946115f16000805160206121718339815191525460e01b90565b1616156116095760405163fc2f51c560e01b81528a90fd5b97989697600160e01b8103611703575090602095966116936116616116486116436115b287606460009901350160248782013591016112ba565b611121565b6001810154909a9081906001600160a01b0316986112c8565b995460d081901b6001600160d01b03191660709190911b65ffffffffffff60a01b1617995b8b6116f5575b369161065a565b6101408501526116b7604051998a9788968794633a871cdd60e01b8652850161147d565b0393165af1908115610618576106bb926000926116d5575b506120ee565b6116ee91925060203d811161094657610938818361024c565b90386116cf565b348080808f335af15061168c565b9095939190600160e11b036117475761173d611693946000936117386115b28a606460209c01350160248d82013591016112ba565b6118c7565b9199929691611686565b5050505050505050600190565b9697505050505050506106bb9394508215611ec0573434343486335af150611ec0565b604051636b31ba1560e11b8152600490fd5b6bffffffffffffffffffffffff1990358181169392601481106117ab57505050565b60140360031b82901b16169150565b3590602081106117c8575090565b6000199060200360031b1b1690565b6001600160d01b031990358181169392600681106117f457505050565b60060360031b82901b16169150565b81516020830151604084015160309190911b6bffffffffffff0000000000001665ffffffffffff9290921691909117606091821b6bffffffffffffffffffffffff19161782559091015160019190910180546001600160a01b0319166001600160a01b0392909216919091179055565b90602091808252806000848401376000828201840152601f01601f1916010190565b908060209392818452848401376000828201840152601f01601f1916010190565b9160206106bb938181520191611895565b91906118d382826112e5565b6118dc91611789565b60601c936118ea83836112f6565b6118f3916117ba565b60588301607882019485836058019061190d91838861134b565b611916916117ba565b6119208287611307565b611929916117ba565b6119338388611318565b61193c91611789565b60601c61194a36878761065a565b8051602091820120604080517f3ce406685c1b3551d706d85a68afdaa49ac4e07b451ad9b8ff8b58c3ee9641769381019384526001600160e01b03198e169181019190915260608101949094526001600160a01b0392909216608084015260a080840192909252908252906119c060c08261024c565b5190206119cc90611b1f565b90840196607888016119df91848961134b565b906119e992611f8c565b6119f38287611307565b6001600160a01b031991611a0791906117ba565b16611a11916120ee565b966078868801019682036077190195611a2a8382611329565b611a33916117d7565b60d01c92611a41818361133a565b611a4a916117d7565b60d01c91611a588282611318565b611a6191611789565b60601c91611a6e916112e5565b611a7791611789565b60601c91611a8361026d565b65ffffffffffff909516855265ffffffffffff1660208501526001600160a01b031660408401526001600160a01b03166060830152611ac190611121565b90611acb91611803565b6001600160a01b03871691823b156101ad57611b01926000928360405180968195829463064acaab60e11b8452600484016118b6565b03925af1801561061857611b125750565b8061060c61027a926101c8565b7f470bb15be946f544f872ed597995173a7016edfe194aac72bd042df5455e97697f000000000000000000000000d3f582f6b4814e989ee8e96bc3175320b5a540ab30147f000000000000000000000000000000000000000000000000000000000000000146141615611bac575b671901000000000000600052601a52603a526042601820906000603a52565b5060a06040517f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f81527f32ba20807d2fff2dbb34e0bcfa82982565bef566d4c0c633dc57b700b81c342760208201527f3524473bf9d21abe45b7f656e2f1380e9335b9d346503f037e8275c56c697796604082015246606082015230608082015220611b8d565b91611cf291611cf793611cdc611cea611c4a61029c565b611c52610afa565b906020815191012090602081519101206040519060208201927f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f8452604083015260608201524660808201523060a082015260a08152611cb181610231565b51902092604051928391602083019586909160429261190160f01b8352600283015260228201520190565b03601f19810183528261024c565b519020611f8c565b6120c5565b9065ffffffffffff928342911611159283611d44575b505081611d32575b5015611d2657630b135d3f60e11b90565b6001600160e01b031990565b6001600160a01b031615905038611d15565b429116101591503880611d0d565b908160209103126101ad575180151581036101ad5790565b6001600160a01b0390911681526040602082018190526106bb92910190611873565b611d963633611ff4565b611ebb57611daf6000356001600160e01b031916611121565b6001810154611dce906001600160a01b03165b6001600160a01b031690565b906001600160a01b03821615908115611e7f575b8115611e54575b5015611df55750600090565b60206040518092639ea9bd5960e01b82528180611e16363360048401611d6a565b03915afa90811561061857600091611e2c575090565b6106bb915060203d8111611e4d575b611e45818361024c565b810190611d52565b503d611e3b565b54611e6e915065ffffffffffff165b65ffffffffffff1690565b65ffffffffffff4291161138611de9565b905065ffffffffffff611e9f611e63835465ffffffffffff9060301c1690565b168015159081611eb1575b5090611de2565b9050421138611eaa565b600190565b9091611ecc368361138f565b610140928381013590601e19813603018212156101ad5701938435946001600160401b0386116101ad576020019385360385136101ad57611f1661168c87611f5e986020986112c8565b908301526000611f40611dc26000805160206121718339815191525460501c60018060a01b031690565b9260405196879586948593633a871cdd60e01b85526004850161147d565b03925af190811561061857600091611f74575090565b6106bb915060203d811161094657610938818361024c565b600080516020612171833981519152546040805163199ed7c960e11b8152600481019390935260248301529092602092849260501c6001600160a01b03169183918291611fde91604484019190611895565b03915afa90811561061857600091611f74575090565b6000805160206121718339815191525460408051639ea9bd5960e01b81526001600160a01b039384166004820152602481019190915292602092849260501c169082908190611e16906044830190611873565b7f88a5966d370b9919b20f3e2c13ff65706f196a4e32cc2c12bf57088f8852587460408051338152346020820152a1565b60008051602061217183398151915280547fffff0000000000000000000000000000000000000000ffffffffffffffffffff1660509290921b600160501b600160f01b0316919091179055565b8065ffffffffffff91828160a01c169283156001146120e6575b5060d01c92565b9250386120df565b8082186001600160a01b031615600114612109575050600190565b65ffffffffffff60a01b8181169265ffffffffffff60a01b1992831692811691908415612167575b81168015612160575b848110908518028085189414612158575b5081811190821802181790565b92503861214b565b508061213a565b9350809361213156fe439ffe7df606b78489639bc0b827913bd09e1246fa6802968a5b3694c53e0dd9', 'head': None, 'length': 17188, 'tail': None, 'truncated': False}, 'verified_source': False}
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
graph=data['capability_graph']['graph_json']
print(graph.keys())
print('nodes', len(graph.get('nodes', [])))
print('edges', len(graph.get('edges', [])))
# show a sample of sinks or calls
# extract edges to sink
sink_edges=[e for e in graph.get('edges',[]) if 'sink' in e.get('to','')]
print('sink_edges', len(sink_edges))
print('first sink edges', sink_edges[:5])
PY" in /tmp/codex-w46pt6xe succeeded in 33ms:
dict_keys(['edges', 'nodes', 'version'])
nodes 577
edges 686
sink_edges 16
first sink edges [{'from': 'call:1472', 'to': 'sink:call', 'type': 'capability'}, {'from': 'call:2300', 'to': 'sink:staticcall', 'type': 'capability'}, {'from': 'call:2744', 'to': 'sink:call', 'type': 'capability'}, {'from': 'call:3113', 'to': 'sink:call', 'type': 'capability'}, {'from': 'call:3635', 'to': 'sink:delegatecall', 'type': 'capability'}]
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
art=data['analysis_artifact']['artifact_json']
# find callsite details
callsites={n['id']:n for n in art.get('callsites', [])}
for cid in ['call:3635','call:4534']:
    print(cid, callsites.get(cid))
PY" in /tmp/codex-w46pt6xe exited 1 in 55ms:
Traceback (most recent call last):
  File "<stdin>", line 6, in <module>
KeyError: 'id'
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
art=data['analysis_artifact']['artifact_json']
print(type(art['callsites']))
print(art['callsites'][:5])
PY" in /tmp/codex-w46pt6xe succeeded in 104ms:
<class 'list'>
[{'opcode': 'CALL', 'pc': 1472, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}, {'opcode': 'STATICCALL', 'pc': 2300, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}, {'opcode': 'CALL', 'pc': 2744, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}, {'opcode': 'CALL', 'pc': 3113, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'computed'}, {'opcode': 'DELEGATECALL', 'pc': 3635, 'returndata_checked': None, 'target_expression_category': 'computed', 'value_expression_category': 'n/a'}]
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
node_map={n['id']:n for n in data['capability_graph']['graph_json']['nodes'] if 'id' in n}
print(node_map.get('call:3635'))
print(node_map.get('call:4534'))
PY" in /tmp/codex-w46pt6xe succeeded in 29ms:
{'id': 'call:3635', 'opcode': 'DELEGATECALL', 'pc': 3635, 'type': 'callsite'}
{'id': 'call:4534', 'opcode': 'DELEGATECALL', 'pc': 4534, 'type': 'callsite'}
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
edges=data['capability_graph']['graph_json']['edges']
# find functions leading to delegatecall callsites
for cid in ['call:3635','call:4534']:
    from_nodes=[e['from'] for e in edges if e['to']==cid]
    print(cid, 'from', from_nodes[:10])
PY" in /tmp/codex-w46pt6xe succeeded in 41ms:
call:3635 from ['bb:3620']
call:4534 from ['bb:4523']
exec
/bin/bash -lc "python - <<'PY'
import json
from collections import defaultdict, deque
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
G=defaultdict(list)
for e in data['capability_graph']['graph_json']['edges']:
    G[e['from']].append(e['to'])
# Find which function entry can reach bb:3620 or bb:4523 using BFS from functions
functions=[n['id'] for n in data['capability_graph']['graph_json']['nodes'] if n.get('type')=='function']
# Build reverse graph for reachability to target
RG=defaultdict(list)
for e in data['capability_graph']['graph_json']['edges']:
    RG[e['to']].append(e['from'])

def find_sources(target):
    # BFS reverse to function nodes
    seen=set([target])
    q=deque([target])
    sources=set()
    while q:
        cur=q.popleft()
        for prev in RG.get(cur, []):
            if prev in seen: continue
            seen.add(prev)
            if prev.startswith('fn:'):
                sources.add(prev)
            else:
                q.append(prev)
    return sources

for target in ['bb:3620','bb:4523']:
    src=find_sources(target)
    print(target, src)
PY" in /tmp/codex-w46pt6xe succeeded in 54ms:
bb:3620 set()
bb:4523 set()
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
func_nodes=[n for n in data['capability_graph']['graph_json']['nodes'] if n.get('type')=='function']
print(func_nodes[:3])
PY" in /tmp/codex-w46pt6xe succeeded in 40ms:
[{'entry_pc': 188597076, 'id': 'fn:0x06fdde03', 'selector': '0x06fdde03', 'type': 'function'}, {'entry_pc': 353073666, 'id': 'fn:0x0b3dc354', 'selector': '0x0b3dc354', 'type': 'function'}, {'entry_pc': 371636862, 'id': 'fn:0x150b7a02', 'selector': '0x150b7a02', 'type': 'function'}]
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
edges=data['capability_graph']['graph_json']['edges']
# edges from function nodes
f_edges=[e for e in edges if e['from'].startswith('fn:')]
print('function edges', len(f_edges))
print(f_edges[:10])
PY" in /tmp/codex-w46pt6xe succeeded in 38ms:
function edges 22
[{'from': 'fn:0x06fdde03', 'to': 'bb:188597076', 'type': 'entry'}, {'from': 'fn:0x0b3dc354', 'to': 'bb:353073666', 'type': 'entry'}, {'from': 'fn:0x150b7a02', 'to': 'bb:371636862', 'type': 'entry'}, {'from': 'fn:0x1626ba7e', 'to': 'bb:704164212', 'type': 'entry'}, {'from': 'fn:0x29f8b174', 'to': 'bb:859680658', 'type': 'entry'}, {'from': 'fn:0x333daf92', 'to': 'bb:888985022', 'type': 'entry'}, {'from': 'fn:0x34fcd5be', 'to': 'bb:911855590', 'type': 'entry'}, {'from': 'fn:0x3659cfe6', 'to': 'bb:981933277', 'type': 'entry'}, {'from': 'fn:0x3a871cdd', 'to': 'bb:1041958930', 'type': 'entry'}, {'from': 'fn:0x3e1b0812', 'to': 'bb:1360423840', 'type': 'entry'}]
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
node_ids=set(n['id'] for n in data['capability_graph']['graph_json']['nodes'])
print('bb:188597076' in node_ids)
print('bb:3620' in node_ids)
# print node for bb:188597076
for n in data['capability_graph']['graph_json']['nodes']:
    if n['id']=='bb:188597076':
        print(n)
        break
PY" in /tmp/codex-w46pt6xe succeeded in 34ms:
False
True
exec
/bin/bash -lc "python - <<'PY'
import json
from pprint import pprint
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
storage=data['analysis_artifact']['artifact_json']['storage']
print('reads', len(storage.get('reads', [])))
print('writes', len(storage.get('writes', [])))
print('slots', len(storage.get('slots', [])))
print('keccak_count', storage.get('keccak_count'))
# print unique slots maybe
slots=set(s['slot'] for s in storage.get('slots', []))
print('unique slots', len(slots))
print('slots sample', list(slots)[:10])
PY" in /tmp/codex-w46pt6xe exited 1 in 61ms:
Traceback (most recent call last):
  File "<stdin>", line 6, in <module>
TypeError: object of type 'int' has no len()
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
storage=data['analysis_artifact']['artifact_json']['storage']
print(storage.keys())
print('reads type', type(storage.get('reads')))
print('writes type', type(storage.get('writes')))
print('slots type', type(storage.get('slots')))
print('keccak_count', storage.get('keccak_count'))
PY" in /tmp/codex-w46pt6xe succeeded in 65ms:
dict_keys(['keccak_count', 'reads', 'slots', 'writes'])
reads type <class 'int'>
writes type <class 'int'>
slots type <class 'list'>
keccak_count 9
exec
/bin/bash -lc "python - <<'PY'
import json
from itertools import islice
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
slots=data['analysis_artifact']['artifact_json']['storage']['slots']
print(slots[:5])
PY" in /tmp/codex-w46pt6xe succeeded in 40ms:
[{'op': 'SLOAD', 'pc': 853, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3011, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3192, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3415, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 4018, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}]
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
cs=data['analysis_artifact']['artifact_json']['callsites']
print('delegatecall pcs', [c['pc'] for c in cs if c['opcode']=='DELEGATECALL'])
print('call pcs', [c['pc'] for c in cs if c['opcode']=='CALL'])
print('staticcall pcs', [c['pc'] for c in cs if c['opcode']=='STATICCALL'])
PY" in /tmp/codex-w46pt6xe succeeded in 28ms:
delegatecall pcs [3635, 4534]
call pcs [1472, 2744, 3113, 4107, 4754, 5820, 5885, 6001, 6917, 8034]
staticcall pcs [2300, 3959, 7706, 8162]
exec
/bin/bash -lc "python - <<'PY'
import json
from collections import Counter
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
slots=[s['slot'] for s in data['analysis_artifact']['artifact_json']['storage']['slots']]
ctr=Counter(slots)
print('unique', len(ctr))
print(ctr.most_common(10))
PY" in /tmp/codex-w46pt6xe succeeded in 43ms:
unique 2
[('0x0000000000000000000000000000000000000000000000000000000000000020', 11), ('0x0000000000000000000000000000000000000000000000000000000000001e63', 1)]
exec
/bin/bash -lc "python - <<'PY'
import json
from pprint import pprint
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
funcs=data['analysis_artifact']['artifact_json']['functions']
print(funcs[:2])
PY" in /tmp/codex-w46pt6xe succeeded in 44ms:
[{'auth': {'guards': []}, 'entry_pc': 188597076, 'selector': '0x06fdde03', 'sinks': {'call': 10, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}, 'storage': {'reads': 20, 'slots': [{'op': 'SLOAD', 'pc': 853, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3011, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3192, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3415, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 4018, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 4242, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 5611, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 7824, 'slot': '0x0000000000000000000000000000000000000000000000000000000000001e63'}, {'op': 'SLOAD', 'pc': 7986, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8092, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8196, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8329, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}], 'writes': 5}}, {'auth': {'guards': []}, 'entry_pc': 353073666, 'selector': '0x0b3dc354', 'sinks': {'call': 10, 'delegatecall': 2, 'selfdestruct': 0, 'staticcall': 4}, 'storage': {'reads': 20, 'slots': [{'op': 'SLOAD', 'pc': 853, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3011, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3192, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 3415, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 4018, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 4242, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 5611, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 7824, 'slot': '0x0000000000000000000000000000000000000000000000000000000000001e63'}, {'op': 'SLOAD', 'pc': 7986, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8092, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8196, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}, {'op': 'SLOAD', 'pc': 8329, 'slot': '0x0000000000000000000000000000000000000000000000000000000000000020'}], 'writes': 5}}]
exec
/bin/bash -lc "python - <<'PY'
print(hex(3635), hex(4534), hex(1472), hex(2744), hex(3113), hex(4107), hex(4754), hex(5820), hex(5885), hex(6001), hex(6917), hex(8034))
PY" in /tmp/codex-w46pt6xe succeeded in 53ms:
0xe33 0x11b6 0x5c0 0xab8 0xc29 0x100b 0x1292 0x16bc 0x16fd 0x1771 0x1b05 0x1f62
exec
/bin/bash -lc "python - <<'PY'
import json
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
# search recursively for key
from collections import deque
found=[]
stack=deque([(data, '')])
while stack:
    obj, path=stack.pop()
    if isinstance(obj, dict):
        for k,v in obj.items():
            newpath=f\"{path}.{k}\" if path else k
            if k=='upgrade_slot_write_suspected':
                found.append((newpath, v))
            stack.append((v, newpath))
    elif isinstance(obj, list):
        for i,v in enumerate(obj):
            stack.append((v, f\"{path}[{i}]\") )
print(found[:5])
PY" in /tmp/codex-w46pt6xe succeeded in 48ms:
[('analysis_artifact.artifact_json.sinks.upgrade_slot_write_suspected', False)]
exec
/bin/bash -lc "python - <<'PY'
import json
from pprint import pprint
with open('BYTECODE_BUNDLE.json') as f:
    data=json.load(f)
pprint(data['analysis_artifact']['artifact_json']['sinks'])
PY" in /tmp/codex-w46pt6xe succeeded in 63ms:
{'call': 10,
 'create': 0,
 'create2': 0,
 'delegatecall': 2,
 'selfdestruct': 0,
 'staticcall': 4,
 'upgrade_slot_write_suspected': False}
codex
{"no_findings":false,"summary":"Bytecode-only review flagged computed DELEGATECALL targets and multiple external CALLs with value; guard presence is not detectable from the artifacts, so risks depend on who can reach these paths.","findings":[{"severity":"medium","category":"other","title":"Computed DELEGATECALL target may be attacker-controlled","exploit_scenario":"If a caller can influence the delegatecall target (e.g., via calldata or a writable storage slot), they can execute arbitrary code in the contract’s context, corrupt storage, or escalate privileges. Because DELEGATECALL runs in the caller’s storage, compromise here can be total.","recommendation":"Constrain delegatecall targets to a vetted/whitelisted set or immutable registry, and gate execution with strong authorization (owner/EntryPoint) and explicit target validation (e.g., codehash checks). If not required, remove delegatecall paths.","evidence":"Detector reports 2 DELEGATECALL sites with computed targets and no guards detected (untrusted_delegatecall_count=2). Callsites list DELEGATECALL at pc 0xe33 and 0x11b6.","locations":["pc:0xe33","pc:0x11b6"]},{"severity":"low","category":"access_control","title":"External CALLs with ETH to computed targets require strict authorization","exploit_scenario":"If any execute-style entrypoint is reachable without robust authorization, an attacker could trigger external CALLs with user-controlled targets and value to drain ETH or reenter via a malicious callee. This is especially risky if state updates occur around the call.","recommendation":"Ensure all CALL paths are gated by strong authorization (e.g., owner/EntryPoint checks) and consider reentrancy protections around state updates. Validate or constrain target/value inputs if possible.","evidence":"Detector shows 10 CALL sites with computed targets/values and possible ETH transfers (eth_value_calls=10) with no guards detected. Callsites include pc 0x5c0, 0xab8, 0xc29, 0x100b, 0x1292, 0x16bc, 0x16fd, 0x1771, 0x1b05, 0x1f62.","locations":["pc:0x5c0","pc:0xab8","pc:0xc29","pc:0x100b","pc:0x1292","pc:0x16bc","pc:0x16fd","pc:0x1771","pc:0x1b05","pc:0x1f62"]}]}
tokens used
57,744
Metadata 
{
    "codex": {
        "ran_at": "2026-01-30T14:28:30.684396+00:00",
        "returncode": 0
    },
    "project": {
        "mode": "bytecode",
        "bytecode_length": 17188,
        "bytecode_truncated": false,
        "capability_graph_present": true,
        "analysis_artifact_present": true
    },
    "summary": "Bytecode-only review flagged computed DELEGATECALL targets and multiple external CALLs with value; guard presence is not detectable from the artifacts, so risks depend on who can reach these paths.",
    "raw_final": {
        "summary": "Bytecode-only review flagged computed DELEGATECALL targets and multiple external CALLs with value; guard presence is not detectable from the artifacts, so risks depend on who can reach these paths.",
        "findings": [
            {
                "title": "Computed DELEGATECALL target may be attacker-controlled",
                "category": "other",
                "evidence": "Detector reports 2 DELEGATECALL sites with computed targets and no guards detected (untrusted_delegatecall_count=2). Callsites list DELEGATECALL at pc 0xe33 and 0x11b6.",
                "severity": "medium",
                "locations": [
                    "pc:0xe33",
                    "pc:0x11b6"
                ],
                "recommendation": "Constrain delegatecall targets to a vetted/whitelisted set or immutable registry, and gate execution with strong authorization (owner/EntryPoint) and explicit target validation (e.g., codehash checks). If not required, remove delegatecall paths.",
                "exploit_scenario": "If a caller can influence the delegatecall target (e.g., via calldata or a writable storage slot), they can execute arbitrary code in the contract\u2019s context, corrupt storage, or escalate privileges. Because DELEGATECALL runs in the caller\u2019s storage, compromise here can be total."
            },
            {
                "title": "External CALLs with ETH to computed targets require strict authorization",
                "category": "access_control",
                "evidence": "Detector shows 10 CALL sites with computed targets/values and possible ETH transfers (eth_value_calls=10) with no guards detected. Callsites include pc 0x5c0, 0xab8, 0xc29, 0x100b, 0x1292, 0x16bc, 0x16fd, 0x1771, 0x1b05, 0x1f62.",
                "severity": "low",
                "locations": [
                    "pc:0x5c0",
                    "pc:0xab8",
                    "pc:0xc29",
                    "pc:0x100b",
                    "pc:0x1292",
                    "pc:0x16bc",
                    "pc:0x16fd",
                    "pc:0x1771",
                    "pc:0x1b05",
                    "pc:0x1f62"
                ],
                "recommendation": "Ensure all CALL paths are gated by strong authorization (e.g., owner/EntryPoint checks) and consider reentrancy protections around state updates. Validate or constrain target/value inputs if possible.",
                "exploit_scenario": "If any execute-style entrypoint is reachable without robust authorization, an attacker could trigger external CALLs with user-controlled targets and value to drain ETH or reenter via a malicious callee. This is especially risky if state updates occur around the call."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "proxy_context": {
        "proxy_run_id": "019c0ea9-0900-7147-9322-e26ba5b89eeb",
        "proxy_address": "0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6",
        "implementation_run_id": "019c0eab-41f8-709b-a0d5-a4b9b6478fe1",
        "implementation_address": "0xd3f582f6b4814e989ee8e96bc3175320b5a540ab"
    },
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
63
Flags
delegatecall_present proxy_like_runtime
View cast disassembly output 
00000000: RETURNDATASIZE
00000001: RETURNDATASIZE
00000002: CALLER
00000003: PUSH20 0x5de4839a76cf55d0c90e2061ef4386d962e15ae3
00000018: EQ
00000019: PUSH1 0x57
0000001b: JUMPI
0000001c: CALLDATASIZE
0000001d: RETURNDATASIZE
0000001e: RETURNDATASIZE
0000001f: CALLDATACOPY
00000020: CALLDATASIZE
00000021: RETURNDATASIZE
00000022: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000043: SLOAD
00000044: GAS
00000045: DELEGATECALL
00000046: RETURNDATASIZE
00000047: PUSH1 0x00
00000049: DUP1
0000004a: RETURNDATACOPY
0000004b: PUSH1 0x52
0000004d: JUMPI
0000004e: RETURNDATASIZE
0000004f: PUSH1 0x00
00000051: REVERT
00000052: JUMPDEST
00000053: RETURNDATASIZE
00000054: PUSH1 0x00
00000056: RETURN
00000057: JUMPDEST
00000058: RETURNDATASIZE
00000059: CALLDATALOAD
0000005a: PUSH1 0x20
0000005c: CALLDATALOAD
0000005d: SSTORE
0000005e: PUSH1 0x40
00000060: DUP1
00000061: CALLDATASIZE
00000062: GT
00000063: ISZERO
00000064: PUSH1 0x52
00000066: JUMPI
00000067: CALLDATASIZE
00000068: SUB
00000069: DUP1
0000006a: PUSH1 0x40
0000006c: RETURNDATASIZE
0000006d: CALLDATACOPY
0000006e: RETURNDATASIZE
0000006f: RETURNDATASIZE
00000070: CALLDATALOAD
00000071: GAS
00000072: DELEGATECALL
00000073: RETURNDATASIZE
00000074: PUSH1 0x00
00000076: DUP1
00000077: RETURNDATACOPY
00000078: PUSH1 0x52
0000007a: JUMPI
0000007b: RETURNDATASIZE
0000007c: PUSH1 0x00
0000007e: REVERT

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x383e76aa9317478564549377a5acdfa7581f744ff35f14854047a3edc25af292
call_targets: 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x383e76aa9317478564549377a5acdfa7581f744ff35f14854047a3edc25af292",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xd3f582f6b4814e989ee8e96bc3175320b5a540ab"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 69,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 114,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 24,
            "type": "msg_sender_eq_const",
            "value": 5.36032175862749e+47
        },
        {
            "pc": 2,
            "type": "msg_sender_eq_const",
            "value": "0x5de4839a76cf55d0c90e2061ef4386d962e15ae3"
        }
    ],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
medium other codex Computed DELEGATECALL target may be attacker-controlled 75 no
view
evidence_json 
{
    "evidence": "Detector reports 2 DELEGATECALL sites with computed targets and no guards detected (untrusted_delegatecall_count=2). Callsites list DELEGATECALL at pc 0xe33 and 0x11b6.",
    "locations": [
        "pc:0xe33",
        "pc:0x11b6"
    ],
    "recommendation": "Constrain delegatecall targets to a vetted/whitelisted set or immutable registry, and gate execution with strong authorization (owner/EntryPoint) and explicit target validation (e.g., codehash checks). If not required, remove delegatecall paths.",
    "exploit_scenario": "If a caller can influence the delegatecall target (e.g., via calldata or a writable storage slot), they can execute arbitrary code in the contract\u2019s context, corrupt storage, or escalate privileges. Because DELEGATECALL runs in the caller\u2019s storage, compromise here can be total."
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 2
}
low access_control codex External CALLs with ETH to computed targets require strict authorization 65 no
view
evidence_json 
{
    "evidence": "Detector shows 10 CALL sites with computed targets/values and possible ETH transfers (eth_value_calls=10) with no guards detected. Callsites include pc 0x5c0, 0xab8, 0xc29, 0x100b, 0x1292, 0x16bc, 0x16fd, 0x1771, 0x1b05, 0x1f62.",
    "locations": [
        "pc:0x5c0",
        "pc:0xab8",
        "pc:0xc29",
        "pc:0x100b",
        "pc:0x1292",
        "pc:0x16bc",
        "pc:0x16fd",
        "pc:0x1771",
        "pc:0x1b05",
        "pc:0x1f62"
    ],
    "recommendation": "Ensure all CALL paths are gated by strong authorization (e.g., owner/EntryPoint checks) and consider reentrancy protections around state updates. Validate or constrain target/value inputs if possible.",
    "exploit_scenario": "If any execute-style entrypoint is reachable without robust authorization, an attacker could trigger external CALLs with user-controlled targets and value to drain ETH or reenter via a malicious callee. This is especially risky if state updates occur around the call."
}
info upgradeability cast Likely proxy-like runtime 60 no
view
evidence_json 
{
    "notes": "short runtime with SLOAD and DELEGATECALL resembles minimal proxy/upgradeable pattern",
    "sload_count": 1,
    "total_opcodes": 63,
    "delegatecall_count": 2
}