019c0ea9-093e-725d-917c-69f4fb80118e
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 42026 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 42027 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 42028 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 42029 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 42030 | capability.graph | complete | 1 / 3 | 2 months ago |
| 42031 | detector.run | complete | 1 / 3 | 2 months ago |
| 42032 | validation.fork | complete | 1 / 3 | 2 months ago |
| 42419 | report.consolidate | complete | 1 / 6 | 2 months ago |
| 42420 | tool.slither | complete | 1 / 2 | 2 months ago |
{
"method": "etherscan+onchain",
"status": "confirmed",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0x69b98667134eee3ebf75799dacbcd604e28709ab"
}
},
"implementation": "0x69b98667134eee3ebf75799dacbcd604e28709ab",
"onchain_method": "eip1967"
}
'forge clean' running (wd: /tmp/slither-0ibnas1p) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-0ibnas1p) Proxy.initialize(address,address,bytes)._logic (src/contracts/Proxy.sol#38) lacks a zero-check on : - (success,None) = _logic.delegatecall(_data) (src/contracts/Proxy.sol#43) Proxy.upgradeToAndCall(address,bytes).newImplementation (src/contracts/Proxy.sol#81) lacks a zero-check on : - (success,None) = newImplementation.delegatecall(data) (src/contracts/Proxy.sol#83) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation Reentrancy in Proxy.initialize(address,address,bytes) (src/contracts/Proxy.sol#38-47): External calls: - (success,None) = _logic.delegatecall(_data) (src/contracts/Proxy.sol#43) Event emitted after the call(s): - AdminChanged(_owner(),newOwner) (src/contracts/Ownable.sol#41) - _setOwner(_initOwner) (src/contracts/Proxy.sol#46) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3 Ownable._owner() (src/contracts/Ownable.sol#32-38) uses assembly - INLINE ASM (src/contracts/Ownable.sol#35-37) Ownable._setOwner(address) (src/contracts/Ownable.sol#40-47) uses assembly - INLINE ASM (src/contracts/Ownable.sol#44-46) Proxy._delegate(address) (src/contracts/Proxy.sol#101-121) uses assembly - INLINE ASM (src/contracts/Proxy.sol#103-120) Proxy._implementation() (src/contracts/Proxy.sol#127-133) uses assembly - INLINE ASM (src/contracts/Proxy.sol#130-132) Proxy._upgradeTo(address) (src/contracts/Proxy.sol#139-147) uses assembly - INLINE ASM (src/contracts/Proxy.sol#143-145) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage Low level call in Proxy.initialize(address,address,bytes) (src/contracts/Proxy.sol#38-47): - (success,None) = _logic.delegatecall(_data) (src/contracts/Proxy.sol#43) Low level call in Proxy.upgradeToAndCall(address,bytes) (src/contracts/Proxy.sol#81-85): - (success,None) = newImplementation.delegatecall(data) (src/contracts/Proxy.sol#83) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls Parameter Proxy.initialize(address,address,bytes)._logic (src/contracts/Proxy.sol#38) is not in mixedCase Parameter Proxy.initialize(address,address,bytes)._initOwner (src/contracts/Proxy.sol#38) is not in mixedCase Parameter Proxy.initialize(address,address,bytes)._data (src/contracts/Proxy.sol#38) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions . analyzed (2 contracts with 100 detectors), 13 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.23",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.23",
"install_stderr": null,
"install_stdout": "Version '0.8.23' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-0ibnas1p --allow-paths /tmp/slither-0ibnas1p,/tmp/slither-0ibnas1p/lib,/tmp/slither-0ibnas1p/src",
"remappings": [
"dependencies/@pendle-sy-1.0.0-1.0.0/:@openzeppelin/contracts/=dependencies/@openzeppelin-contracts-4.9.3-4.9.3/contracts/",
"contracts/=src/contracts/",
"script/=script/",
"test/=test/",
"utils/=src/contracts/utils/",
"@solmate/=dependencies/solmate-6.7.0/src/",
"forge-std/=dependencies/forge-std-1.9.7/src/",
"@pendle-sy/=dependencies/@pendle-sy-1.0.0-1.0.0/contracts/",
"@openzeppelin/contracts/=dependencies/@openzeppelin-contracts-5.0.2-5.0.2/contracts/",
"@openzeppelin/contracts-upgradeable/=dependencies/@openzeppelin-contracts-upgradeable-5.0.2-5.0.2/contracts/",
"src/=src/"
],
"source_files": [
"src/contracts/Proxy.sol",
"src/contracts/Ownable.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 13,
"workspace_hash": "e9e9fe35085792e519c300bf7b979765495e856de6aab32badce426c65fc699b",
"duration_seconds": 0.6422035694122314,
"solc_version_requested": "0.8.23"
}
{"no_findings":true,"summary":"No exploitable vulnerabilities found in the first‑party implementation (EtherFiARM/AbstractARM) under the assumptions of trusted owner/operator and standards‑compliant ERC20/ERC4626 integrations.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-cz35kfy6
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019c0f68-7e24-7581-833d-62ff07773760
--------
user
Context: The user requested the proxy at 0xfb0a3cf9b019bfd8827443d131b235b3e0fc58d2.
Audit the implementation at 0x69b98667134eee3ebf75799dacbcd604e28709ab.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
exec
/bin/bash -lc ls in /tmp/codex-cz35kfy6 succeeded in 5ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
dependencies
src
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-cz35kfy6 succeeded in 8ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: dependencies/@openzeppelin-contracts-5.0.2-5.0.2/contracts/interfaces/IERC4626.sol
================================================================================
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../token/ERC20/IERC20.sol";
import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";
/**
* @dev Interface of the ERC4626 "Tokenized Vault Standard", as defined in
* https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
*/
interface IERC4626 is IERC20, IERC20Metadata {
event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
exec
/bin/bash -lc 'rg --files src/contracts' in /tmp/codex-cz35kfy6 succeeded in 9ms:
src/contracts/OwnableOperable.sol
src/contracts/EtherFiARM.sol
src/contracts/Ownable.sol
src/contracts/AbstractARM.sol
src/contracts/Interfaces.sol
exec
/bin/bash -lc 'cat src/contracts/AbstractARM.sol' in /tmp/codex-cz35kfy6 succeeded in 6ms:
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.23;
import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import {OwnableOperable} from "./OwnableOperable.sol";
import {IERC20, ICapManager} from "./Interfaces.sol";
/**
* @title Generic Automated Redemption Manager (ARM)
* @author Origin Protocol Inc
*/
abstract contract AbstractARM is OwnableOperable, ERC20Upgradeable {
////////////////////////////////////////////////////
/// Constants
////////////////////////////////////////////////////
/// @notice Maximum amount the Owner can set the cross price below 1 scaled to 36 decimals.
exec
/bin/bash -lc 'rg -n "deposit|redeem|request" src/contracts/AbstractARM.sol' in /tmp/codex-cz35kfy6 succeeded in 10ms:
36: /// @notice The minimum amount of shares that can be redeemed from the active market.
41: /// @dev This prevents allocate flipping between depositing/withdrawing to/from the active market
57: /// @notice The delay before a withdrawal request can be claimed in seconds. eg 600 is 10 minutes.
87: /// @notice Cumulative total of all withdrawal requests including the ones that have already been claimed.
89: /// @notice Total of all the withdrawal requests that have been claimed.
91: /// @notice Index of the next withdrawal request starting at 0.
101: // Cumulative total of all withdrawal requests including this one when the redeem request was made.
105: /// @notice Mapping of withdrawal request indices to the user withdrawal request data.
106: mapping(uint256 requestId => WithdrawalRequest) public withdrawalRequests;
114: /// for liquidity assets (WETH) deposited and redeemed.
115: /// This can be negative if there were asset gains and then all the liquidity providers redeemed.
139: address indexed withdrawer, uint256 indexed requestId, uint256 assets, uint256 queued, uint256 claimTimestamp
141: event RedeemClaimed(address indexed withdrawer, uint256 indexed requestId, uint256 assets);
182: /// @param _operator The address of the account that can request and claim Lido withdrawals.
422: // +2 to cover stETH transfers being up to 2 wei short of the requested transfer amount
493: * `Owner` should construct a tx that calls `requestLidoWithdrawals` before `setCrossPrice` for the Lido ARM
525: /// @param assets The amount of liquidity assets to deposit
531: /// @notice deposit liquidity assets in exchange for liquidity provider (LP) shares.
533: /// @param assets The amount of liquidity assets to deposit
535: function deposit(uint256 assets) external returns (uint256 shares) {
exec
/bin/bash -lc "sed -n '460,720p' src/contracts/AbstractARM.sol" in /tmp/codex-cz35kfy6 succeeded in 6ms:
}
////////////////////////////////////////////////////
/// Swap Admin Functions
////////////////////////////////////////////////////
/**
* @notice Set exchange rates from an operator account from the ARM's perspective.
* If token 0 is WETH and token 1 is stETH, then both prices will be set using the stETH/WETH price.
* @param buyT1 The price the ARM buys Token 1 (stETH) from the Trader, denominated in Token 0 (WETH), scaled to 36 decimals.
* From the Trader's perspective, this is the sell price.
* @param sellT1 The price the ARM sells Token 1 (stETH) to the Trader, denominated in Token 0 (WETH), scaled to 36 decimals.
* From the Trader's perspective, this is the buy price.
*/
function setPrices(uint256 buyT1, uint256 sellT1) external onlyOperatorOrOwner {
// Ensure buy price is always below past sell prices
require(sellT1 >= crossPrice, "ARM: sell price too low");
require(buyT1 < crossPrice, "ARM: buy price too high");
traderate0 = PRICE_SCALE * PRICE_SCALE / sellT1; // quote (t0) -> base (t1); eg WETH -> stETH
exec
/bin/bash -lc 'cat src/contracts/EtherFiARM.sol' in /tmp/codex-cz35kfy6 succeeded in 6ms:
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.23;
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
import {AbstractARM} from "./AbstractARM.sol";
import {IERC20, IWETH, IEETHWithdrawal, IEETHWithdrawalNFT, IEETHRedemptionManager} from "./Interfaces.sol";
/**
* @title EtherFi (eETH) Automated Redemption Manager (ARM)
* @dev This implementation supports multiple Liquidity Providers (LPs) with single buy and sell prices.
* It also integrates to a CapManager contract that caps the amount of assets a liquidity provider
* can deposit and caps the ARM's total assets.
* A performance fee is also collected on increases in the ARM's total assets.
* @author Origin Protocol Inc
*/
contract EtherFiARM is Initializable, AbstractARM, IERC721Receiver {
/// @notice The address of the EtherFi eETH token
IERC20 public immutable eeth;
exec
/bin/bash -lc "sed -n '300,460p' src/contracts/AbstractARM.sol" in /tmp/codex-cz35kfy6 succeeded in 10ms:
* @param inToken Input token.
* @param outToken Output token.
* @param amountOut The amount of output tokens to receive.
* @param amountInMax The maximum amount of input tokens that can be required before the transaction reverts.
* @param to Recipient of the output tokens.
* @return amounts The input and output token amounts.
*/
function swapTokensForExactTokens(
IERC20 inToken,
IERC20 outToken,
uint256 amountOut,
uint256 amountInMax,
address to
) external virtual returns (uint256[] memory amounts) {
uint256 amountIn = _swapTokensForExactTokens(inToken, outToken, amountOut, to);
require(amountIn <= amountInMax, "ARM: Excess input amount");
amounts = new uint256[](2);
amounts[0] = amountIn;
codex
{"no_findings":true,"summary":"No exploitable vulnerabilities found in the first‑party implementation (EtherFiARM/AbstractARM) under the assumptions of trusted owner/operator and standards‑compliant ERC20/ERC4626 integrations.","findings":[]}
tokens used
46,452
{
"codex": {
"ran_at": "2026-01-30T15:02:01.731884+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 14,
"import_count": 18,
"first_party_contracts_count": 14
},
"summary": "No exploitable vulnerabilities found in the first\u2011party implementation (EtherFiARM/AbstractARM) under the assumptions of trusted owner/operator and standards\u2011compliant ERC20/ERC4626 integrations.",
"raw_final": {
"summary": "No exploitable vulnerabilities found in the first\u2011party implementation (EtherFiARM/AbstractARM) under the assumptions of trusted owner/operator and standards\u2011compliant ERC20/ERC4626 integrations.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"proxy_context": {
"proxy_run_id": "019c0ea9-093e-725d-917c-69f4fb80118e",
"proxy_address": "0xfb0a3cf9b019bfd8827443d131b235b3e0fc58d2",
"implementation_run_id": "019c0eab-8298-737d-bd4e-4f8fa55370b4",
"implementation_address": "0x69b98667134eee3ebf75799dacbcd604e28709ab"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x006f 0000000c: JUMPI 0000000d: PUSH0 0000000e: CALLDATALOAD 0000000f: PUSH1 0xe0 00000011: SHR 00000012: DUP1 00000013: PUSH4 0x5c60da1b 00000018: GT 00000019: PUSH2 0x004d 0000001c: JUMPI 0000001d: DUP1 0000001e: PUSH4 0x5c60da1b 00000023: EQ 00000024: PUSH2 0x00eb 00000027: JUMPI 00000028: DUP1 00000029: PUSH4 0x8da5cb5b 0000002e: EQ 0000002f: PUSH2 0x011b 00000032: JUMPI 00000033: DUP1 00000034: PUSH4 0xcf7a1d77 00000039: EQ 0000003a: PUSH2 0x012f 0000003d: JUMPI 0000003e: DUP1 0000003f: PUSH4 0xf851a440 00000044: EQ 00000045: PUSH2 0x011b 00000048: JUMPI 00000049: PUSH2 0x006f 0000004c: JUMP 0000004d: JUMPDEST 0000004e: DUP1 0000004f: PUSH4 0x13af4035 00000054: EQ 00000055: PUSH2 0x008e 00000058: JUMPI 00000059: DUP1 0000005a: PUSH4 0x3659cfe6 0000005f: EQ 00000060: PUSH2 0x00ad 00000063: JUMPI 00000064: DUP1 00000065: PUSH4 0x4f1ef286 0000006a: EQ 0000006b: PUSH2 0x00cc 0000006e: JUMPI 0000006f: JUMPDEST 00000070: PUSH2 0x008c 00000073: PUSH2 0x0087 00000076: PUSH0 00000077: DUP1 00000078: MLOAD 00000079: PUSH1 0x20 0000007b: PUSH2 0x067e 0000007e: DUP4 0000007f: CODECOPY 00000080: DUP2 00000081: MLOAD 00000082: SWAP2 00000083: MSTORE 00000084: SLOAD 00000085: SWAP1 00000086: JUMP 00000087: JUMPDEST 00000088: PUSH2 0x014e 0000008b: JUMP 0000008c: JUMPDEST 0000008d: STOP 0000008e: JUMPDEST 0000008f: CALLVALUE 00000090: DUP1 00000091: ISZERO 00000092: PUSH2 0x0099 00000095: JUMPI 00000096: PUSH0 00000097: DUP1 00000098: REVERT 00000099: JUMPDEST 0000009a: POP 0000009b: PUSH2 0x008c 0000009e: PUSH2 0x00a8 000000a1: CALLDATASIZE 000000a2: PUSH1 0x04 000000a4: PUSH2 0x0504 000000a7: JUMP 000000a8: JUMPDEST 000000a9: PUSH2 0x016c 000000ac: JUMP 000000ad: JUMPDEST 000000ae: CALLVALUE 000000af: DUP1 000000b0: ISZERO 000000b1: PUSH2 0x00b8 000000b4: JUMPI 000000b5: PUSH0 000000b6: DUP1 000000b7: REVERT 000000b8: JUMPDEST 000000b9: POP 000000ba: PUSH2 0x008c 000000bd: PUSH2 0x00c7 000000c0: CALLDATASIZE 000000c1: PUSH1 0x04 000000c3: PUSH2 0x0504 000000c6: JUMP 000000c7: JUMPDEST 000000c8: PUSH2 0x0180 000000cb: JUMP 000000cc: JUMPDEST 000000cd: CALLVALUE 000000ce: DUP1 000000cf: ISZERO 000000d0: PUSH2 0x00d7 000000d3: JUMPI 000000d4: PUSH0 000000d5: DUP1 000000d6: REVERT 000000d7: JUMPDEST 000000d8: POP 000000d9: PUSH2 0x008c 000000dc: PUSH2 0x00e6 000000df: CALLDATASIZE 000000e0: PUSH1 0x04 000000e2: PUSH2 0x0569 000000e5: JUMP 000000e6: JUMPDEST 000000e7: PUSH2 0x0191 000000ea: JUMP 000000eb: JUMPDEST 000000ec: CALLVALUE 000000ed: DUP1 000000ee: ISZERO 000000ef: PUSH2 0x00f6 000000f2: JUMPI 000000f3: PUSH0 000000f4: DUP1 000000f5: REVERT 000000f6: JUMPDEST 000000f7: POP 000000f8: PUSH2 0x00ff 000000fb: PUSH2 0x020d 000000fe: JUMP 000000ff: JUMPDEST 00000100: PUSH1 0x40 00000102: MLOAD 00000103: PUSH1 0x01 00000105: PUSH1 0x01 00000107: PUSH1 0xa0 00000109: SHL 0000010a: SUB 0000010b: SWAP1 0000010c: SWAP2 0000010d: AND 0000010e: DUP2 0000010f: MSTORE 00000110: PUSH1 0x20 00000112: ADD 00000113: PUSH1 0x40 00000115: MLOAD 00000116: DUP1 00000117: SWAP2 00000118: SUB 00000119: SWAP1 0000011a: RETURN 0000011b: JUMPDEST 0000011c: CALLVALUE 0000011d: DUP1 0000011e: ISZERO 0000011f: PUSH2 0x0126 00000122: JUMPI 00000123: PUSH0 00000124: DUP1 00000125: REVERT 00000126: JUMPDEST 00000127: POP 00000128: PUSH2 0x00ff 0000012b: PUSH2 0x0228 0000012e: JUMP 0000012f: JUMPDEST 00000130: CALLVALUE 00000131: DUP1 00000132: ISZERO 00000133: PUSH2 0x013a 00000136: JUMPI 00000137: PUSH0 00000138: DUP1 00000139: REVERT 0000013a: JUMPDEST 0000013b: POP 0000013c: PUSH2 0x008c 0000013f: PUSH2 0x0149 00000142: CALLDATASIZE 00000143: PUSH1 0x04 00000145: PUSH2 0x05b8 00000148: JUMP 00000149: JUMPDEST 0000014a: PUSH2 0x023e 0000014d: JUMP 0000014e: JUMPDEST 0000014f: CALLDATASIZE 00000150: PUSH0 00000151: DUP1 00000152: CALLDATACOPY 00000153: PUSH0 00000154: DUP1 00000155: CALLDATASIZE 00000156: PUSH0 00000157: DUP5 00000158: GAS 00000159: DELEGATECALL 0000015a: RETURNDATASIZE 0000015b: PUSH0 0000015c: DUP1 0000015d: RETURNDATACOPY 0000015e: DUP1 0000015f: DUP1 00000160: ISZERO 00000161: PUSH2 0x0168 00000164: JUMPI 00000165: RETURNDATASIZE 00000166: PUSH0 00000167: RETURN 00000168: JUMPDEST 00000169: RETURNDATASIZE 0000016a: PUSH0 0000016b: REVERT 0000016c: JUMPDEST 0000016d: PUSH2 0x0174 00000170: PUSH2 0x0333 00000173: JUMP 00000174: JUMPDEST 00000175: PUSH2 0x017d 00000178: DUP2 00000179: PUSH2 0x03b9 0000017c: JUMP 0000017d: JUMPDEST 0000017e: POP 0000017f: JUMP 00000180: JUMPDEST 00000181: PUSH2 0x0188 00000184: PUSH2 0x0333 00000187: JUMP 00000188: JUMPDEST 00000189: PUSH2 0x017d 0000018c: DUP2 0000018d: PUSH2 0x0422 00000190: JUMP 00000191: JUMPDEST 00000192: PUSH2 0x0199 00000195: PUSH2 0x0333 00000198: JUMP 00000199: JUMPDEST 0000019a: PUSH2 0x01a2 0000019d: DUP4 0000019e: PUSH2 0x0422 000001a1: JUMP 000001a2: JUMPDEST 000001a3: PUSH0 000001a4: DUP4 000001a5: PUSH1 0x01 000001a7: PUSH1 0x01 000001a9: PUSH1 0xa0 000001ab: SHL 000001ac: SUB 000001ad: AND 000001ae: DUP4 000001af: DUP4 000001b0: PUSH1 0x40 000001b2: MLOAD 000001b3: PUSH2 0x01bd 000001b6: SWAP3 000001b7: SWAP2 000001b8: SWAP1 000001b9: PUSH2 0x0615 000001bc: JUMP 000001bd: JUMPDEST 000001be: PUSH0 000001bf: PUSH1 0x40 000001c1: MLOAD 000001c2: DUP1 000001c3: DUP4 000001c4: SUB 000001c5: DUP2 000001c6: DUP6 000001c7: GAS 000001c8: DELEGATECALL 000001c9: SWAP2 000001ca: POP 000001cb: POP 000001cc: RETURNDATASIZE 000001cd: DUP1 000001ce: PUSH0 000001cf: DUP2 000001d0: EQ 000001d1: PUSH2 0x01f5 000001d4: JUMPI 000001d5: PUSH1 0x40 000001d7: MLOAD 000001d8: SWAP2 000001d9: POP 000001da: PUSH1 0x1f 000001dc: NOT 000001dd: PUSH1 0x3f 000001df: RETURNDATASIZE 000001e0: ADD 000001e1: AND 000001e2: DUP3 000001e3: ADD 000001e4: PUSH1 0x40 000001e6: MSTORE 000001e7: RETURNDATASIZE 000001e8: DUP3 000001e9: MSTORE 000001ea: RETURNDATASIZE 000001eb: PUSH0 000001ec: PUSH1 0x20 000001ee: DUP5 000001ef: ADD 000001f0: RETURNDATACOPY 000001f1: PUSH2 0x01fa 000001f4: JUMP 000001f5: JUMPDEST 000001f6: PUSH1 0x60 000001f8: SWAP2 000001f9: POP 000001fa: JUMPDEST 000001fb: POP 000001fc: POP 000001fd: SWAP1 000001fe: POP 000001ff: DUP1 00000200: PUSH2 0x0207 00000203: JUMPI 00000204: PUSH0 00000205: DUP1 00000206: REVERT 00000207: JUMPDEST 00000208: POP 00000209: POP 0000020a: POP 0000020b: POP 0000020c: JUMP 0000020d: JUMPDEST 0000020e: PUSH0 0000020f: PUSH2 0x0223 00000212: PUSH0 00000213: DUP1 00000214: MLOAD 00000215: PUSH1 0x20 00000217: PUSH2 0x067e 0000021a: DUP4 0000021b: CODECOPY 0000021c: DUP2 0000021d: MLOAD 0000021e: SWAP2 0000021f: MSTORE 00000220: SLOAD 00000221: SWAP1 00000222: JUMP 00000223: JUMPDEST 00000224: SWAP1 00000225: POP 00000226: SWAP1 00000227: JUMP 00000228: JUMPDEST 00000229: PUSH0 0000022a: PUSH2 0x0223 0000022d: PUSH0 0000022e: DUP1 0000022f: MLOAD 00000230: PUSH1 0x20 00000232: PUSH2 0x065e 00000235: DUP4 00000236: CODECOPY 00000237: DUP2 00000238: MLOAD 00000239: SWAP2 0000023a: MSTORE 0000023b: SLOAD 0000023c: SWAP1 0000023d: JUMP 0000023e: JUMPDEST 0000023f: PUSH2 0x0246 00000242: PUSH2 0x0333 00000245: JUMP 00000246: JUMPDEST 00000247: PUSH0 00000248: PUSH2 0x025c 0000024b: PUSH0 0000024c: DUP1 0000024d: MLOAD 0000024e: PUSH1 0x20 00000250: PUSH2 0x067e 00000253: DUP4 00000254: CODECOPY 00000255: DUP2 00000256: MLOAD 00000257: SWAP2 00000258: MSTORE 00000259: SLOAD 0000025a: SWAP1 0000025b: JUMP 0000025c: JUMPDEST 0000025d: PUSH1 0x01 0000025f: PUSH1 0x01 00000261: PUSH1 0xa0 00000263: SHL 00000264: SUB 00000265: AND 00000266: EQ 00000267: PUSH2 0x026e 0000026a: JUMPI 0000026b: PUSH0 0000026c: DUP1 0000026d: REVERT 0000026e: JUMPDEST 0000026f: PUSH2 0x0299 00000272: PUSH1 0x01 00000274: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbd 00000295: PUSH2 0x0624 00000298: JUMP 00000299: JUMPDEST 0000029a: PUSH0 0000029b: DUP1 0000029c: MLOAD 0000029d: PUSH1 0x20 0000029f: PUSH2 0x067e 000002a2: DUP4 000002a3: CODECOPY 000002a4: DUP2 000002a5: MLOAD 000002a6: SWAP2 000002a7: MSTORE 000002a8: EQ 000002a9: PUSH2 0x02b4 000002ac: JUMPI 000002ad: PUSH2 0x02b4 000002b0: PUSH2 0x0649 000002b3: JUMP 000002b4: JUMPDEST 000002b5: PUSH2 0x02bd 000002b8: DUP5 000002b9: PUSH2 0x0422 000002bc: JUMP 000002bd: JUMPDEST 000002be: DUP1 000002bf: ISZERO 000002c0: PUSH2 0x032a 000002c3: JUMPI 000002c4: PUSH0 000002c5: DUP5 000002c6: PUSH1 0x01 000002c8: PUSH1 0x01 000002ca: PUSH1 0xa0 000002cc: SHL 000002cd: SUB 000002ce: AND 000002cf: DUP4 000002d0: DUP4 000002d1: PUSH1 0x40 000002d3: MLOAD 000002d4: PUSH2 0x02de 000002d7: SWAP3 000002d8: SWAP2 000002d9: SWAP1 000002da: PUSH2 0x0615 000002dd: JUMP 000002de: JUMPDEST 000002df: PUSH0 000002e0: PUSH1 0x40 000002e2: MLOAD 000002e3: DUP1 000002e4: DUP4 000002e5: SUB 000002e6: DUP2 000002e7: DUP6 000002e8: GAS 000002e9: DELEGATECALL 000002ea: SWAP2 000002eb: POP 000002ec: POP 000002ed: RETURNDATASIZE 000002ee: DUP1 000002ef: PUSH0 000002f0: DUP2 000002f1: EQ 000002f2: PUSH2 0x0316 000002f5: JUMPI 000002f6: PUSH1 0x40 000002f8: MLOAD 000002f9: SWAP2 000002fa: POP 000002fb: PUSH1 0x1f 000002fd: NOT 000002fe: PUSH1 0x3f 00000300: RETURNDATASIZE 00000301: ADD 00000302: AND 00000303: DUP3 00000304: ADD 00000305: PUSH1 0x40 00000307: MSTORE 00000308: RETURNDATASIZE 00000309: DUP3 0000030a: MSTORE 0000030b: RETURNDATASIZE 0000030c: PUSH0 0000030d: PUSH1 0x20 0000030f: DUP5 00000310: ADD 00000311: RETURNDATACOPY 00000312: PUSH2 0x031b 00000315: JUMP 00000316: JUMPDEST 00000317: PUSH1 0x60 00000319: SWAP2 0000031a: POP 0000031b: JUMPDEST 0000031c: POP 0000031d: POP 0000031e: SWAP1 0000031f: POP 00000320: DUP1 00000321: PUSH2 0x0328 00000324: JUMPI 00000325: PUSH0 00000326: DUP1 00000327: REVERT 00000328: JUMPDEST 00000329: POP 0000032a: JUMPDEST 0000032b: PUSH2 0x0207 0000032e: DUP4 0000032f: PUSH2 0x03b9 00000332: JUMP 00000333: JUMPDEST 00000334: PUSH0 00000335: DUP1 00000336: MLOAD 00000337: PUSH1 0x20 00000339: PUSH2 0x065e 0000033c: DUP4 0000033d: CODECOPY 0000033e: DUP2 0000033f: MLOAD 00000340: SWAP2 00000341: MSTORE 00000342: SLOAD 00000343: PUSH1 0x01 00000345: PUSH1 0x01 00000347: PUSH1 0xa0 00000349: SHL 0000034a: SUB 0000034b: AND 0000034c: CALLER 0000034d: PUSH1 0x01 0000034f: PUSH1 0x01 00000351: PUSH1 0xa0 00000353: SHL 00000354: SUB 00000355: AND 00000356: EQ 00000357: PUSH2 0x03b7 0000035a: JUMPI 0000035b: PUSH1 0x40 0000035d: MLOAD 0000035e: PUSH3 0x461bcd 00000362: PUSH1 0xe5 00000364: SHL 00000365: DUP2 00000366: MSTORE 00000367: PUSH1 0x20 00000369: PUSH1 0x04 0000036b: DUP3 0000036c: ADD 0000036d: MSTORE 0000036e: PUSH1 0x27 00000370: PUSH1 0x24 00000372: DUP3 00000373: ADD 00000374: MSTORE 00000375: PUSH32 0x41524d3a204f6e6c79206f776e65722063616e2063616c6c2074686973206675 00000396: PUSH1 0x44 00000398: DUP3 00000399: ADD 0000039a: MSTORE 0000039b: PUSH7 0x3731ba34b7b717 000003a3: PUSH1 0xc9 000003a5: SHL 000003a6: PUSH1 0x64 000003a8: DUP3 000003a9: ADD 000003aa: MSTORE 000003ab: PUSH1 0x84 000003ad: ADD 000003ae: JUMPDEST 000003af: PUSH1 0x40 000003b1: MLOAD 000003b2: DUP1 000003b3: SWAP2 000003b4: SUB 000003b5: SWAP1 000003b6: REVERT 000003b7: JUMPDEST 000003b8: JUMP 000003b9: JUMPDEST 000003ba: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f 000003db: PUSH2 0x03ef 000003de: PUSH0 000003df: DUP1 000003e0: MLOAD 000003e1: PUSH1 0x20 000003e3: PUSH2 0x065e 000003e6: DUP4 000003e7: CODECOPY 000003e8: DUP2 000003e9: MLOAD 000003ea: SWAP2 000003eb: MSTORE 000003ec: SLOAD 000003ed: SWAP1 000003ee: JUMP 000003ef: JUMPDEST 000003f0: PUSH1 0x40 000003f2: DUP1 000003f3: MLOAD 000003f4: PUSH1 0x01 000003f6: PUSH1 0x01 000003f8: PUSH1 0xa0 000003fa: SHL 000003fb: SUB 000003fc: SWAP3 000003fd: DUP4 000003fe: AND 000003ff: DUP2 00000400: MSTORE 00000401: SWAP2 00000402: DUP5 00000403: AND 00000404: PUSH1 0x20 00000406: DUP4 00000407: ADD 00000408: MSTORE 00000409: ADD 0000040a: PUSH1 0x40 0000040c: MLOAD 0000040d: DUP1 0000040e: SWAP2 0000040f: SUB 00000410: SWAP1 00000411: LOG1 00000412: PUSH0 00000413: DUP1 00000414: MLOAD 00000415: PUSH1 0x20 00000417: PUSH2 0x065e 0000041a: DUP4 0000041b: CODECOPY 0000041c: DUP2 0000041d: MLOAD 0000041e: SWAP2 0000041f: MSTORE 00000420: SSTORE 00000421: JUMP 00000422: JUMPDEST 00000423: PUSH0 00000424: DUP2 00000425: PUSH1 0x01 00000427: PUSH1 0x01 00000429: PUSH1 0xa0 0000042b: SHL 0000042c: SUB 0000042d: AND 0000042e: EXTCODESIZE 0000042f: GT 00000430: PUSH2 0x04a1 00000433: JUMPI 00000434: PUSH1 0x40 00000436: MLOAD 00000437: PUSH3 0x461bcd 0000043b: PUSH1 0xe5 0000043d: SHL 0000043e: DUP2 0000043f: MSTORE 00000440: PUSH1 0x20 00000442: PUSH1 0x04 00000444: DUP3 00000445: ADD 00000446: MSTORE 00000447: PUSH1 0x3b 00000449: PUSH1 0x24 0000044b: DUP3 0000044c: ADD 0000044d: MSTORE 0000044e: PUSH32 0x43616e6e6f742073657420612070726f787920696d706c656d656e746174696f 0000046f: PUSH1 0x44 00000471: DUP3 00000472: ADD 00000473: MSTORE 00000474: PUSH32 0x6e20746f2061206e6f6e2d636f6e747261637420616464726573730000000000 00000495: PUSH1 0x64 00000497: DUP3 00000498: ADD 00000499: MSTORE 0000049a: PUSH1 0x84 0000049c: ADD 0000049d: PUSH2 0x03ae 000004a0: JUMP 000004a1: JUMPDEST 000004a2: PUSH0 000004a3: DUP1 000004a4: MLOAD 000004a5: PUSH1 0x20 000004a7: PUSH2 0x067e 000004aa: DUP4 000004ab: CODECOPY 000004ac: DUP2 000004ad: MLOAD 000004ae: SWAP2 000004af: MSTORE 000004b0: DUP2 000004b1: DUP2 000004b2: SSTORE 000004b3: PUSH1 0x40 000004b5: MLOAD 000004b6: PUSH1 0x01 000004b8: PUSH1 0x01 000004ba: PUSH1 0xa0 000004bc: SHL 000004bd: SUB 000004be: DUP4 000004bf: AND 000004c0: SWAP1 000004c1: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b 000004e2: SWAP1 000004e3: PUSH0 000004e4: SWAP1 000004e5: LOG2 000004e6: POP 000004e7: POP 000004e8: JUMP 000004e9: JUMPDEST 000004ea: DUP1 000004eb: CALLDATALOAD 000004ec: PUSH1 0x01 000004ee: PUSH1 0x01 000004f0: PUSH1 0xa0 000004f2: SHL 000004f3: SUB 000004f4: DUP2 000004f5: AND 000004f6: DUP2 000004f7: EQ 000004f8: PUSH2 0x04ff 000004fb: JUMPI 000004fc: PUSH0 000004fd: DUP1 000004fe: REVERT 000004ff: JUMPDEST 00000500: SWAP2 00000501: SWAP1 00000502: POP 00000503: JUMP 00000504: JUMPDEST 00000505: PUSH0 00000506: PUSH1 0x20 00000508: DUP3 00000509: DUP5 0000050a: SUB 0000050b: SLT 0000050c: ISZERO 0000050d: PUSH2 0x0514 00000510: JUMPI 00000511: PUSH0 00000512: DUP1 00000513: REVERT 00000514: JUMPDEST 00000515: PUSH2 0x051d 00000518: DUP3 00000519: PUSH2 0x04e9 0000051c: JUMP 0000051d: JUMPDEST 0000051e: SWAP4 0000051f: SWAP3 00000520: POP 00000521: POP 00000522: POP 00000523: JUMP 00000524: JUMPDEST 00000525: PUSH0 00000526: DUP1 00000527: DUP4 00000528: PUSH1 0x1f 0000052a: DUP5 0000052b: ADD 0000052c: SLT 0000052d: PUSH2 0x0534 00000530: JUMPI 00000531: PUSH0 00000532: DUP1 00000533: REVERT 00000534: JUMPDEST 00000535: POP 00000536: DUP2 00000537: CALLDATALOAD 00000538: PUSH8 0xffffffffffffffff 00000541: DUP2 00000542: GT 00000543: ISZERO 00000544: PUSH2 0x054b 00000547: JUMPI 00000548: PUSH0 00000549: DUP1 0000054a: REVERT 0000054b: JUMPDEST 0000054c: PUSH1 0x20 0000054e: DUP4 0000054f: ADD 00000550: SWAP2 00000551: POP 00000552: DUP4 00000553: PUSH1 0x20 00000555: DUP3 00000556: DUP6 00000557: ADD 00000558: ADD 00000559: GT 0000055a: ISZERO 0000055b: PUSH2 0x0562 0000055e: JUMPI 0000055f: PUSH0 00000560: DUP1 00000561: REVERT 00000562: JUMPDEST 00000563: SWAP3 00000564: POP 00000565: SWAP3 00000566: SWAP1 00000567: POP 00000568: JUMP 00000569: JUMPDEST 0000056a: PUSH0 0000056b: DUP1 0000056c: PUSH0 0000056d: PUSH1 0x40 0000056f: DUP5 00000570: DUP7 00000571: SUB 00000572: SLT 00000573: ISZERO 00000574: PUSH2 0x057b 00000577: JUMPI 00000578: PUSH0 00000579: DUP1 0000057a: REVERT 0000057b: JUMPDEST 0000057c: PUSH2 0x0584 0000057f: DUP5 00000580: PUSH2 0x04e9 00000583: JUMP 00000584: JUMPDEST 00000585: SWAP3 00000586: POP 00000587: PUSH1 0x20 00000589: DUP5 0000058a: ADD 0000058b: CALLDATALOAD 0000058c: PUSH8 0xffffffffffffffff 00000595: DUP2 00000596: GT 00000597: ISZERO 00000598: PUSH2 0x059f 0000059b: JUMPI 0000059c: PUSH0 0000059d: DUP1 0000059e: REVERT 0000059f: JUMPDEST 000005a0: PUSH2 0x05ab 000005a3: DUP7 000005a4: DUP3 000005a5: DUP8 000005a6: ADD 000005a7: PUSH2 0x0524 000005aa: JUMP 000005ab: JUMPDEST 000005ac: SWAP5 000005ad: SWAP8 000005ae: SWAP1 000005af: SWAP7 000005b0: POP 000005b1: SWAP4 000005b2: SWAP5 000005b3: POP 000005b4: POP 000005b5: POP 000005b6: POP 000005b7: JUMP 000005b8: JUMPDEST 000005b9: PUSH0 000005ba: DUP1 000005bb: PUSH0 000005bc: DUP1 000005bd: PUSH1 0x60 000005bf: DUP6 000005c0: DUP8 000005c1: SUB 000005c2: SLT 000005c3: ISZERO 000005c4: PUSH2 0x05cb 000005c7: JUMPI 000005c8: PUSH0 000005c9: DUP1 000005ca: REVERT 000005cb: JUMPDEST 000005cc: PUSH2 0x05d4 000005cf: DUP6 000005d0: PUSH2 0x04e9 000005d3: JUMP 000005d4: JUMPDEST 000005d5: SWAP4 000005d6: POP 000005d7: PUSH2 0x05e2 000005da: PUSH1 0x20 000005dc: DUP7 000005dd: ADD 000005de: PUSH2 0x04e9 000005e1: JUMP 000005e2: JUMPDEST 000005e3: SWAP3 000005e4: POP 000005e5: PUSH1 0x40 000005e7: DUP6 000005e8: ADD 000005e9: CALLDATALOAD 000005ea: PUSH8 0xffffffffffffffff 000005f3: DUP2 000005f4: GT 000005f5: ISZERO 000005f6: PUSH2 0x05fd 000005f9: JUMPI 000005fa: PUSH0 000005fb: DUP1 000005fc: REVERT 000005fd: JUMPDEST 000005fe: PUSH2 0x0609 00000601: DUP8 00000602: DUP3 00000603: DUP9 00000604: ADD 00000605: PUSH2 0x0524 00000608: JUMP 00000609: JUMPDEST 0000060a: SWAP6 0000060b: SWAP9 0000060c: SWAP5 0000060d: SWAP8 0000060e: POP 0000060f: SWAP6 00000610: POP 00000611: POP 00000612: POP 00000613: POP 00000614: JUMP 00000615: JUMPDEST 00000616: DUP2 00000617: DUP4 00000618: DUP3 00000619: CALLDATACOPY 0000061a: PUSH0 0000061b: SWAP2 0000061c: ADD 0000061d: SWAP1 0000061e: DUP2 0000061f: MSTORE 00000620: SWAP2 00000621: SWAP1 00000622: POP 00000623: JUMP 00000624: JUMPDEST 00000625: DUP2 00000626: DUP2 00000627: SUB 00000628: DUP2 00000629: DUP2 0000062a: GT 0000062b: ISZERO 0000062c: PUSH2 0x0643 0000062f: JUMPI 00000630: PUSH4 0x4e487b71 00000635: PUSH1 0xe0 00000637: SHL 00000638: PUSH0 00000639: MSTORE 0000063a: PUSH1 0x11 0000063c: PUSH1 0x04 0000063e: MSTORE 0000063f: PUSH1 0x24 00000641: PUSH0 00000642: REVERT 00000643: JUMPDEST 00000644: SWAP3 00000645: SWAP2 00000646: POP 00000647: POP 00000648: JUMP 00000649: JUMPDEST 0000064a: PUSH4 0x4e487b71 0000064f: PUSH1 0xe0 00000651: SHL 00000652: PUSH0 00000653: MSTORE 00000654: PUSH1 0x01 00000656: PUSH1 0x04 00000658: MSTORE 00000659: PUSH1 0x24 0000065b: PUSH0 0000065c: REVERT 0000065d: INVALID 0000065e: UNKNOWN(0xB5) 0000065f: BALANCE 00000660: UNKNOWN(0x27) 00000661: PUSH9 0x4a568b3173ae13b9f8 0000066b: UNKNOWN(0xA6) 0000066c: ADD 0000066d: PUSH15 0x243e63b6e8ee1178d6a717850b5d61 0000067d: SUB 0000067e: CALLDATASIZE 0000067f: ADDMOD 00000680: SWAP5 00000681: LOG1 00000682: EXTCODESIZE 00000683: LOG1 00000684: LOG3 00000685: UNKNOWN(0x21) 00000686: MOD 00000687: PUSH8 0xc828492db98dca3e 00000690: KECCAK256 00000691: PUSH23 0xcc3735a920a3ca505d382bbca2646970667358221220c3 000006a9: UNKNOWN(0xEA) 000006aa: SWAP1 000006ab: SLOAD 000006ac: PUSH5 0xf51baca913 000006b2: STOP 000006b3: SELFBALANCE 000006b4: SWAP10 000006b5: DUP4 000006b6: PUSH20 0x01c1c00a020aa01fc82d7ba7d227cee1f464736f 000006cb: PUSH13
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0x1461efd691e3b47727e997daaf7ba996a168703d23e95da87c0b62216ca2e1bc
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "unknown",
"attempts": 84,
"trace_id": "0x1461efd691e3b47727e997daaf7ba996a168703d23e95da87c0b62216ca2e1bc",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x5c60da1b",
"selector": "0x5c60da1b",
"calldata_variants": [
"0x5c60da1b",
"0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcf7a1d77",
"selector": "0xcf7a1d77",
"calldata_variants": [
"0xcf7a1d77",
"0xcf7a1d770000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf851a440",
"selector": "0xf851a440",
"calldata_variants": [
"0xf851a440",
"0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x13af4035",
"selector": "0x13af4035",
"calldata_variants": [
"0x13af4035",
"0x13af40350000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3659cfe6",
"selector": "0x3659cfe6",
"calldata_variants": [
"0x3659cfe6",
"0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4f1ef286",
"selector": "0x4f1ef286",
"calldata_variants": [
"0x4f1ef286",
"0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 345,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 456,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 745,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 3,
"untrusted_delegatecall_count": 3
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 3
}
|