019d5666-71bd-70d3-989c-b62ab0ff101e
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 42764 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 42765 | proxy.resolve | complete | 1 / 3 | 1 week ago |
| 42766 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 42767 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 42768 | capability.graph | complete | 1 / 3 | 1 week ago |
| 42769 | detector.run | complete | 1 / 3 | 1 week ago |
| 42770 | validation.fork | complete | 1 / 3 | 1 week ago |
| 42924 | report.consolidate | complete | 1 / 6 | 1 week ago |
{
"status": "not_proxy"
}
No slither job recorded yet.
{"no_findings":true,"summary":"Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. High-confidence behavior from bytecode: selector 0x2e1a7d4d is gated by a hardcoded manager check against 0xfc8ba415649691eb2f5c90eefede9f644455d888 and then performs a single ETH-transferring CALL back to msg.sender with fixed 2300-gas-style semantics; selector 0xd0e30db0 is payable and only returns whether msg.value > 0. I found no storage writes, no delegatecall, no proxy/upgrade slot evidence, and no stateful accounting that would make reentrancy or invariant-breaking exploits viable here. Residual uncertainty remains because selector inference from bytecode is best-effort, but I did not find a concrete exploitable issue beyond the apparent intended centralization in the hardcoded manager.","findings":[]}
OpenAI Codex v0.118.0 (research preview)
--------
workdir: /tmp/codex-d3dasct1
model: gpt-5.4
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: none
session id: 019d5674-24be-7361-836e-174c9d2f7ad5
--------
user
You are a security auditor. You ONLY have runtime bytecode + analysis artifacts.
You MUST read `BYTECODE_BUNDLE.json` before concluding; it contains the bytecode summary,
evidence bundle, callsites, storage slots, and detector findings.
Special cases when reasoning from bytecode (be explicit about uncertainty):
- Selector inference is best-effort; missing selectors are common.
- Fallback/receive paths may be the only entrypoints.
- CALL vs DELEGATECALL semantics differ; DELEGATECALL executes in caller storage.
- Proxy patterns (EIP-1967, minimal proxies, beacon) change which storage is authoritative.
- Storage slots are raw; mappings/arrays appear via keccak patterns, names are unknown.
- Guard detection is heuristic; absence of guards does NOT mean unguarded.
- Returndata checking is unknown unless explicitly shown in evidence.
- Precompiles (0x1..0x9) and common ERC20 transfer selectors may appear; do not over-claim.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title.
- Locations can be pc references like "pc:0x123" or selectors like "selector:0xa9059cbb".
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation,
accounting/invariant breaks, dangerous delegatecall, and untrusted external calls.
Be conservative: if evidence is weak, mark severity low/medium and explain why.
warning: Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime.
exec
/bin/bash -lc "pwd && ls -la && rg --files -g 'BYTECODE_BUNDLE.json' -g 'AGENTS.md'" in /tmp/codex-d3dasct1
succeeded in 0ms:
/tmp/codex-d3dasct1
total 64
drwx------ 2 noahkuhn noahkuhn 4096 Apr 4 03:05 .
drwxrwxrwt 250 nobody nogroup 24576 Apr 4 03:05 ..
-rw-rw-r-- 1 noahkuhn noahkuhn 25076 Apr 4 03:05 BYTECODE_BUNDLE.json
-rw-rw-r-- 1 noahkuhn noahkuhn 815 Apr 4 03:05 codex-output-schema.json
BYTECODE_BUNDLE.json
exec
/bin/bash -lc "sed -n '1,260p' BYTECODE_BUNDLE.json" in /tmp/codex-d3dasct1
succeeded in 0ms:
{
"analysis_artifact": {
"address": "0x5e96db84a4babf5958db3e1cf130d996947b1702",
"artifact_hash": "0x814b4e4b5e269534c1c2669f8919e4a54e75d65bdfd3a1b6ee87abeaca218e0a",
"artifact_json": {
"auth": {
"guards": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
]
},
"basic_blocks": [
{
"end_pc": 12,
"hash": "0xe715ee113c3f4eebd4c41dae35d5df6963039a1b305a66e084e006cd9bb9ae2d",
"opcodes": [
"PUSH1",
"PUSH1",
"MSTORE",
"PUSH1",
"CALLDATASIZE",
"LT",
"PUSH2",
"JUMPI"
],
"start_pc": 0
},
{
"end_pc": 63,
"hash": "0x5c48ad441e97990e0381b7b7bbbbfb3def7b4672d23be46f07a85a7412de616f",
"opcodes": [
"PUSH4",
"PUSH29",
"PUSH1",
"CALLDATALOAD",
"DIV",
"AND",
"PUSH4",
"OP_81",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 13
},
{
"end_pc": 74,
"hash": "0xc9f965cb61a5c7510acafccadb10ce51eee2c01868d270b82f0aa646c6120338",
"opcodes": [
"OP_80",
"PUSH4",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 64
},
{
"end_pc": 79,
"hash": "0x15eeb6aa9925285ce81006e84160dc1b6e77d54e6c7c1abfca254f6a21eb79d2",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"REVERT"
],
"start_pc": 75
},
{
"end_pc": 87,
"hash": "0xda128de1b8e9cef7156cb74110fea98d7baf40ad799f920eecbb245e9afa85e9",
"opcodes": [
"JUMPDEST",
"CALLVALUE",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 80
},
{
"end_pc": 91,
"hash": "0x6237fe3b6911d746730bf592600e76e2279a109f73736a4f28b896bbbc037def",
"opcodes": [
"PUSH1",
"OP_80",
"REVERT"
],
"start_pc": 88
},
{
"end_pc": 103,
"hash": "0x5507ec84e915312a4aa7caad65a75f3151ce47b114114153c80de0c130e2987e",
"opcodes": [
"JUMPDEST",
"POP",
"PUSH2",
"PUSH1",
"CALLDATALOAD",
"PUSH2",
"JUMP"
],
"start_pc": 92
},
{
"end_pc": 105,
"hash": "0x2acce5daec17b8fa8954dc242125162cceb5067154b25ef3484a491725bce282",
"opcodes": [
"JUMPDEST",
"STOP"
],
"start_pc": 104
},
{
"end_pc": 113,
"hash": "0xf0db682b898d6542cf78323101effb9f199a6ace1a9234ed4e8dc82f687cda19",
"opcodes": [
"JUMPDEST",
"PUSH2",
"PUSH2",
"JUMP"
],
"start_pc": 106
},
{
"end_pc": 133,
"hash": "0x386e09a7858e0ad00c3ecdf46483181c8082b94730735aed6a85ff3619471b26",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"MLOAD",
"OP_91",
"ISZERO",
"ISZERO",
"OP_82",
"MSTORE",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"RETURN"
],
"start_pc": 114
},
{
"end_pc": 161,
"hash": "0x045687683dd41d3b13413edf3e0d21b6422c71eb2b8a1070b761deb884ed063e",
"opcodes": [
"JUMPDEST",
"PUSH20",
"CALLER",
"EQ",
"PUSH2",
"JUMPI"
],
"start_pc": 134
},
{
"end_pc": 263,
"hash": "0xf92d7c41979929b92935a211c7ab467e7f4717e10346f47b651b0271e486025b",
"opcodes": [
"PUSH1",
"OP_80",
"MLOAD",
"PUSH32",
"OP_81",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_82",
"ADD",
"MSTORE",
"PUSH1",
"PUSH1",
"OP_82",
"ADD",
"MSTORE",
"PUSH32",
"PUSH1",
"OP_82",
"ADD",
"MSTORE",
"OP_90",
"MLOAD",
"OP_90",
"OP_81",
"OP_90",
"SUB",
"PUSH1",
"ADD",
"OP_90",
"REVERT"
],
"start_pc": 162
},
{
"end_pc": 299,
"hash": "0x5525f73c280ad3b13f992100449eaffcef818bbb3a0375dcdefa6f16cd4d38d3",
"opcodes": [
"JUMPDEST",
"PUSH1",
"MLOAD",
"CALLER",
"OP_90",
"OP_82",
"ISZERO",
"PUSH2",
"MUL",
"OP_90",
"OP_83",
"OP_90",
"PUSH1",
"OP_81",
"OP_81",
"OP_81",
"OP_85",
"OP_88",
"OP_88",
"CALL",
"OP_93",
"POP",
"POP",
"POP",
"POP",
"ISZERO",
"OP_80",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 264
},
{
"end_pc": 308,
"hash": "0xcd8607d8716b00f87af303637d055385ebe412df8e502d5b561cb55f678186bf",
"opcodes": [
"RETURNDATASIZE",
"PUSH1",
"OP_80",
"RETURNDATACOPY",
"RETURNDATASIZE",
"PUSH1",
"REVERT"
],
"start_pc": 300
},
{
"end_pc": 312,
"hash": "0x71c81d44861b3b9a90db73e25a95ad951354630c43fba690bca5ba0414ee3368",
"opcodes": [
"JUMPDEST",
exec
/bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-d3dasct1
succeeded in 0ms:
{"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
exec
/bin/bash -lc "sed -n '261,520p' BYTECODE_BUNDLE.json" in /tmp/codex-d3dasct1
succeeded in 0ms:
"POP",
"POP",
"JUMP"
],
"start_pc": 309
},
{
"end_pc": 323,
"hash": "0xe8cb228c67594835ce3c7e608f1232276d1a4c0e51339d23ac71ff421d77430e",
"opcodes": [
"JUMPDEST",
"PUSH1",
"OP_80",
"CALLVALUE",
"GT",
"ISZERO",
"PUSH2",
"JUMPI"
],
"start_pc": 313
},
{
"end_pc": 330,
"hash": "0x0e34fce4197471fa76ebfa397a7c2c7c1989796fc8e8beac00b1bf0de52f462e",
"opcodes": [
"POP",
"PUSH1",
"PUSH2",
"JUMP"
],
"start_pc": 324
},
{
"end_pc": 333,
"hash": "0x35b5fadc3409e63c74c29873dd11a1f101a426524fc9e91725ddd0fb193e8cc8",
"opcodes": [
"JUMPDEST",
"POP",
"PUSH1"
],
"start_pc": 331
},
{
"end_pc": 337,
"hash": "0x348a5162fde7ce7ea8d5afa4b2bbc0dc5427876006e53803825ef7fb94333c7b",
"opcodes": [
"JUMPDEST",
"OP_90",
"JUMP"
],
"start_pc": 335
},
{
"end_pc": 338,
"hash": "0xc4b75670a6b07763a1e732f56dcd63c02ca2612948aefde88c5e86ed2f036b18",
"opcodes": [
"STOP"
],
"start_pc": 338
},
{
"end_pc": 363,
"hash": "0xe0eccc742160172d68ec14d2f6ff742b035e23c56596c6216df76da572bdbd3d",
"opcodes": [
"OP_A1",
"PUSH6",
"SHA3",
"OP_22",
"PUSH12",
"OP_26",
"PUSH32"
],
"start_pc": 339
}
],
"callsites": [
{
"opcode": "CALL",
"pc": 287,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"cfg_edges": [
{
"from": "bb:0",
"to": "bb:75",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:13",
"type": "control_flow_fallthrough"
},
{
"from": "bb:13",
"to": "bb:80",
"type": "control_flow"
},
{
"from": "bb:13",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:106",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:80",
"to": "bb:92",
"type": "control_flow"
},
{
"from": "bb:80",
"to": "bb:88",
"type": "control_flow_fallthrough"
},
{
"from": "bb:92",
"to": "bb:134",
"type": "control_flow"
},
{
"from": "bb:106",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:134",
"to": "bb:264",
"type": "control_flow"
},
{
"from": "bb:134",
"to": "bb:162",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:309",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:300",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:331",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:324",
"type": "control_flow_fallthrough"
},
{
"from": "bb:324",
"to": "bb:335",
"type": "control_flow"
},
{
"from": "bb:331",
"to": "bb:335",
"type": "control_flow_fallthrough"
}
],
"cfg_hash": "0x066ca5088628cd8d3172233e1d963188f82cf912738166eebed10fff411181d6",
"dispatcher_type": "selector_jump_table",
"function_entries": [
{
"entry_pc": null,
"selector": "0x2e1a7d4d"
},
{
"entry_pc": 0,
"selector": "0xd0e30db0"
}
],
"functions": [
{
"auth": {
"guards": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
]
},
"entry_pc": null,
"selector": "0x2e1a7d4d",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 0,
"slots": [],
"writes": 0
}
},
{
"auth": {
"guards": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
]
},
"entry_pc": 0,
"selector": "0xd0e30db0",
"sinks": {
"call": 1,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0
},
"storage": {
"reads": 0,
"slots": [],
"writes": 0
}
}
],
"selectors": [
"0x2e1a7d4d",
"0xd0e30db0"
],
"sinks": {
"call": 1,
"create": 0,
"create2": 0,
"delegatecall": 0,
"selfdestruct": 0,
"staticcall": 0,
"upgrade_slot_write_suspected": false
},
"storage": {
"keccak_count": 1,
"reads": 0,
"slots": [],
"writes": 0
},
"version": "analysis_artifact_v1"
},
"block_number": null,
exec
/bin/bash -lc "sed -n '521,780p' BYTECODE_BUNDLE.json" in /tmp/codex-d3dasct1
succeeded in 0ms:
"chain_id": 1,
"codehash": "0x47bce049ef784beb907bfeed6d749d474143477589020886d2e49f3c125c3069",
"created_at": "2026-04-04T02:50:56.000000Z",
"id": 1387,
"updated_at": "2026-04-04T02:50:56.000000Z",
"version": "analysis_artifact_v1"
},
"analysis_run": {
"address": "0x5e96db84a4babf5958db3e1cf130d996947b1702",
"block_number": null,
"chain_id": 1,
"child_links": [],
"created_at": "2026-04-04T02:50:47.000000Z",
"id": "019d5666-71bd-70d3-989c-b62ab0ff101e",
"parent_links": [],
"status": "running",
"updated_at": "2026-04-04T02:50:55.000000Z"
},
"artifact": {
"codehash": "0x47bce049ef784beb907bfeed6d749d474143477589020886d2e49f3c125c3069",
"compiler_json": {
"compiler_version": null,
"etherscan": {
"contract_name": null,
"implementation": null,
"license": "Unknown",
"proxy": "0",
"swarm_source": null
},
"optimizer_enabled": false,
"optimizer_runs": 0,
"proxy_evidence": {
"status": "not_proxy"
}
},
"implementation_address": null,
"is_proxy": false,
"runtime_bytecode": {
"full": "0x60806040526004361061004b5763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416632e1a7d4d8114610050578063d0e30db01461006a575b600080fd5b34801561005c57600080fd5b50610068600435610086565b005b610072610139565b604080519115158252519081900360200190f35b73fc8ba415649691eb2f5c90eefede9f644455d888331461010857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601e60248201527f6f6e6c79206d616e61676572206a7573742063616e2061637469766174650000604482015290519081900360640190fd5b604051339082156108fc029083906000818181858888f19350505050158015610135573d6000803e3d6000fd5b5050565b60008034111561014b5750600161014f565b5060005b905600a165627a7a72305820226bc5f27b5c968603d4e7a69bdc267f8c1e05f76bf34e2453d337a79ee2614f0029",
"head": null,
"length": 766,
"tail": null,
"truncated": false
},
"verified_source": false
},
"capability_graph": {
"address": "0x5e96db84a4babf5958db3e1cf130d996947b1702",
"block_number": null,
"chain_id": 1,
"codehash": "0x47bce049ef784beb907bfeed6d749d474143477589020886d2e49f3c125c3069",
"created_at": "2026-04-04T02:50:56.000000Z",
"graph_hash": "0xcba0c31d59e6084054e86e7b6f347e5636b5d544ea053ce1643416e2a5996654",
"graph_json": {
"edges": [
{
"from": "bb:0",
"to": "bb:75",
"type": "control_flow"
},
{
"from": "bb:0",
"to": "bb:13",
"type": "control_flow_fallthrough"
},
{
"from": "bb:13",
"to": "bb:80",
"type": "control_flow"
},
{
"from": "bb:13",
"to": "bb:64",
"type": "control_flow_fallthrough"
},
{
"from": "bb:64",
"to": "bb:106",
"type": "control_flow"
},
{
"from": "bb:64",
"to": "bb:75",
"type": "control_flow_fallthrough"
},
{
"from": "bb:80",
"to": "bb:92",
"type": "control_flow"
},
{
"from": "bb:80",
"to": "bb:88",
"type": "control_flow_fallthrough"
},
{
"from": "bb:92",
"to": "bb:134",
"type": "control_flow"
},
{
"from": "bb:106",
"to": "bb:313",
"type": "control_flow"
},
{
"from": "bb:134",
"to": "bb:264",
"type": "control_flow"
},
{
"from": "bb:134",
"to": "bb:162",
"type": "control_flow_fallthrough"
},
{
"from": "bb:264",
"to": "bb:309",
"type": "control_flow"
},
{
"from": "bb:264",
"to": "bb:300",
"type": "control_flow_fallthrough"
},
{
"from": "bb:313",
"to": "bb:331",
"type": "control_flow"
},
{
"from": "bb:313",
"to": "bb:324",
"type": "control_flow_fallthrough"
},
{
"from": "bb:324",
"to": "bb:335",
"type": "control_flow"
},
{
"from": "bb:331",
"to": "bb:335",
"type": "control_flow_fallthrough"
},
{
"from": "fn:0xd0e30db0",
"to": "bb:0",
"type": "entry"
},
{
"from": "bb:264",
"to": "call:287",
"type": "contains"
},
{
"from": "call:287",
"to": "sink:call",
"type": "capability"
}
],
"nodes": [
{
"end_pc": 12,
"hash": "0xe715ee113c3f4eebd4c41dae35d5df6963039a1b305a66e084e006cd9bb9ae2d",
"id": "bb:0",
"start_pc": 0,
"type": "basic_block"
},
{
"end_pc": 63,
"hash": "0x5c48ad441e97990e0381b7b7bbbbfb3def7b4672d23be46f07a85a7412de616f",
"id": "bb:13",
"start_pc": 13,
"type": "basic_block"
},
{
"end_pc": 74,
"hash": "0xc9f965cb61a5c7510acafccadb10ce51eee2c01868d270b82f0aa646c6120338",
"id": "bb:64",
"start_pc": 64,
"type": "basic_block"
},
{
"end_pc": 79,
"hash": "0x15eeb6aa9925285ce81006e84160dc1b6e77d54e6c7c1abfca254f6a21eb79d2",
"id": "bb:75",
"start_pc": 75,
"type": "basic_block"
},
{
"end_pc": 87,
"hash": "0xda128de1b8e9cef7156cb74110fea98d7baf40ad799f920eecbb245e9afa85e9",
"id": "bb:80",
"start_pc": 80,
"type": "basic_block"
},
{
"end_pc": 91,
"hash": "0x6237fe3b6911d746730bf592600e76e2279a109f73736a4f28b896bbbc037def",
"id": "bb:88",
"start_pc": 88,
"type": "basic_block"
},
{
"end_pc": 103,
"hash": "0x5507ec84e915312a4aa7caad65a75f3151ce47b114114153c80de0c130e2987e",
"id": "bb:92",
"start_pc": 92,
"type": "basic_block"
},
{
"end_pc": 105,
"hash": "0x2acce5daec17b8fa8954dc242125162cceb5067154b25ef3484a491725bce282",
"id": "bb:104",
"start_pc": 104,
"type": "basic_block"
},
{
"end_pc": 113,
"hash": "0xf0db682b898d6542cf78323101effb9f199a6ace1a9234ed4e8dc82f687cda19",
"id": "bb:106",
"start_pc": 106,
"type": "basic_block"
},
{
"end_pc": 133,
"hash": "0x386e09a7858e0ad00c3ecdf46483181c8082b94730735aed6a85ff3619471b26",
"id": "bb:114",
"start_pc": 114,
"type": "basic_block"
},
{
"end_pc": 161,
"hash": "0x045687683dd41d3b13413edf3e0d21b6422c71eb2b8a1070b761deb884ed063e",
"id": "bb:134",
"start_pc": 134,
"type": "basic_block"
},
{
"end_pc": 263,
"hash": "0xf92d7c41979929b92935a211c7ab467e7f4717e10346f47b651b0271e486025b",
"id": "bb:162",
"start_pc": 162,
"type": "basic_block"
},
{
"end_pc": 299,
"hash": "0x5525f73c280ad3b13f992100449eaffcef818bbb3a0375dcdefa6f16cd4d38d3",
"id": "bb:264",
"start_pc": 264,
"type": "basic_block"
},
{
"end_pc": 308,
"hash": "0xcd8607d8716b00f87af303637d055385ebe412df8e502d5b561cb55f678186bf",
"id": "bb:300",
"start_pc": 300,
"type": "basic_block"
},
exec
/bin/bash -lc "sed -n '781,1040p' BYTECODE_BUNDLE.json" in /tmp/codex-d3dasct1
succeeded in 0ms:
{
"end_pc": 312,
"hash": "0x71c81d44861b3b9a90db73e25a95ad951354630c43fba690bca5ba0414ee3368",
"id": "bb:309",
"start_pc": 309,
"type": "basic_block"
},
{
"end_pc": 323,
"hash": "0xe8cb228c67594835ce3c7e608f1232276d1a4c0e51339d23ac71ff421d77430e",
"id": "bb:313",
"start_pc": 313,
"type": "basic_block"
},
{
"end_pc": 330,
"hash": "0x0e34fce4197471fa76ebfa397a7c2c7c1989796fc8e8beac00b1bf0de52f462e",
"id": "bb:324",
"start_pc": 324,
"type": "basic_block"
},
{
"end_pc": 333,
"hash": "0x35b5fadc3409e63c74c29873dd11a1f101a426524fc9e91725ddd0fb193e8cc8",
"id": "bb:331",
"start_pc": 331,
"type": "basic_block"
},
{
"end_pc": 337,
"hash": "0x348a5162fde7ce7ea8d5afa4b2bbc0dc5427876006e53803825ef7fb94333c7b",
"id": "bb:335",
"start_pc": 335,
"type": "basic_block"
},
{
"end_pc": 338,
"hash": "0xc4b75670a6b07763a1e732f56dcd63c02ca2612948aefde88c5e86ed2f036b18",
"id": "bb:338",
"start_pc": 338,
"type": "basic_block"
},
{
"end_pc": 363,
"hash": "0xe0eccc742160172d68ec14d2f6ff742b035e23c56596c6216df76da572bdbd3d",
"id": "bb:339",
"start_pc": 339,
"type": "basic_block"
},
{
"id": "call:287",
"opcode": "CALL",
"pc": 287,
"type": "callsite"
},
{
"id": "sink:call",
"type": "sink"
},
{
"entry_pc": null,
"id": "fn:0x2e1a7d4d",
"selector": "0x2e1a7d4d",
"type": "function"
},
{
"entry_pc": 0,
"id": "fn:0xd0e30db0",
"selector": "0xd0e30db0",
"type": "function"
}
],
"version": "capability_graph_v1"
},
"id": 1387,
"updated_at": "2026-04-04T02:50:56.000000Z",
"version": "capability_graph_v1"
},
"detector_findings": [
{
"confidence": 45,
"evidence_json": {
"call_count": 1,
"examples": [
{
"opcode": "CALL",
"pc": 287,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
],
"untrusted_call_count": 1
},
"normalized_json": {
"sink": "CALL"
},
"severity": "medium",
"title": "Untrusted CALL target/value reachable",
"validated": false,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x5e96db84a4babf5958db3e1cf130d996947b1702"
],
"classification": "constant_target",
"confirmed": false,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "sink_reached",
"target_varies": false,
"trace_id": "0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb",
"trace_mode": "callTracer"
}
},
{
"confidence": 40,
"evidence_json": {
"eth_value_calls": 1,
"examples": [
{
"opcode": "CALL",
"pc": 287,
"returndata_checked": null,
"target_expression_category": "computed",
"value_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
]
},
"normalized_json": {
"sink": "CALL",
"value": "nonzero"
},
"severity": "medium",
"title": "ETH value transfer possible",
"validated": false,
"validation_json": {
"attempts": 1,
"call_targets": [
"0x5e96db84a4babf5958db3e1cf130d996947b1702"
],
"classification": "constant_target",
"confirmed": false,
"errors": 0,
"matched_probe": null,
"sink": "CALL",
"status": "sink_reached",
"target_varies": false,
"trace_id": "0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb",
"trace_mode": "callTracer"
}
}
],
"heuristics_summary": {
"create2_count": 0,
"delegatecall_count": 0,
"flags": [],
"selfdestruct_count": 0
}
}
exec
/bin/bash -lc "python - <<'PY'
bytecode='60806040526004361061004b5763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416632e1a7d4d8114610050578063d0e30db01461006a575b600080fd5b34801561005c57600080fd5b50610068600435610086565b005b610072610139565b604080519115158252519081900360200190f35b73fc8ba415649691eb2f5c90eefede9f644455d888331461010857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601e60248201527f6f6e6c79206d616e61676572206a7573742063616e2061637469766174650000604482015290519081900360640190fd5b604051339082156108fc029083906000818181858888f19350505050158015610135573d6000803e3d6000fd5b5050565b60008034111561014b5750600161014f565b5060005b905600a165627a7a72305820226bc5f27b5c968603d4e7a69bdc267f8c1e05f76bf34e2453d337a79ee2614f0029'
ops = {
0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
}
for i in range(1,17): ops[0x5f+i]=f'PUSH{i}'
for i in range(1,17): ops[0x7f+i]=f'DUP{i}'
for i in range(1,17): ops[0x8f+i]=f'SWAP{i}'
for i in range(0,5): ops[0xa0+i]=f'LOG{i}'
bs=bytes.fromhex(bytecode)
pc=0
while pc < len(bs):
op=bs[pc]
name=ops.get(op,f'OP_{op:02x}')
if 0x60 <= op <= 0x7f:
n=op-0x5f
data=bs[pc+1:pc+1+n]
print(f'{pc:04x}: {name} 0x{data.hex()}')
pc+=1+n
else:
print(f'{pc:04x}: {name}')
pc+=1
PY" in /tmp/codex-d3dasct1
succeeded in 0ms:
0000: PUSH1 0x80
0002: PUSH1 0x40
0004: MSTORE
0005: PUSH1 0x04
0007: CALLDATASIZE
0008: LT
0009: PUSH2 0x004b
000c: JUMPI
000d: PUSH4 0xffffffff
0012: OP_7c 0x0100000000000000000000000000000000000000000000000000000000
0030: PUSH1 0x00
0032: CALLDATALOAD
0033: DIV
0034: AND
0035: PUSH4 0x2e1a7d4d
003a: DUP2
003b: EQ
003c: PUSH2 0x0050
003f: JUMPI
0040: DUP1
0041: PUSH4 0xd0e30db0
0046: EQ
0047: PUSH2 0x006a
004a: JUMPI
004b: JUMPDEST
004c: PUSH1 0x00
004e: DUP1
004f: REVERT
0050: JUMPDEST
0051: CALLVALUE
0052: DUP1
0053: ISZERO
0054: PUSH2 0x005c
0057: JUMPI
0058: PUSH1 0x00
005a: DUP1
005b: REVERT
005c: JUMPDEST
005d: POP
005e: PUSH2 0x0068
0061: PUSH1 0x04
0063: CALLDATALOAD
0064: PUSH2 0x0086
0067: JUMP
0068: JUMPDEST
0069: STOP
006a: JUMPDEST
006b: PUSH2 0x0072
006e: PUSH2 0x0139
0071: JUMP
0072: JUMPDEST
0073: PUSH1 0x40
0075: DUP1
0076: MLOAD
0077: SWAP2
0078: ISZERO
0079: ISZERO
007a: DUP3
007b: MSTORE
007c: MLOAD
007d: SWAP1
007e: DUP2
007f: SWAP1
0080: SUB
0081: PUSH1 0x20
0083: ADD
0084: SWAP1
0085: RETURN
0086: JUMPDEST
0087: OP_73 0xfc8ba415649691eb2f5c90eefede9f644455d888
009c: CALLER
009d: EQ
009e: PUSH2 0x0108
00a1: JUMPI
00a2: PUSH1 0x40
00a4: DUP1
00a5: MLOAD
00a6: OP_7f 0x08c379a000000000000000000000000000000000000000000000000000000000
00c7: DUP2
00c8: MSTORE
00c9: PUSH1 0x20
00cb: PUSH1 0x04
00cd: DUP3
00ce: ADD
00cf: MSTORE
00d0: PUSH1 0x1e
00d2: PUSH1 0x24
00d4: DUP3
00d5: ADD
00d6: MSTORE
00d7: OP_7f 0x6f6e6c79206d616e61676572206a7573742063616e2061637469766174650000
00f8: PUSH1 0x44
00fa: DUP3
00fb: ADD
00fc: MSTORE
00fd: SWAP1
00fe: MLOAD
00ff: SWAP1
0100: DUP2
0101: SWAP1
0102: SUB
0103: PUSH1 0x64
0105: ADD
0106: SWAP1
0107: REVERT
0108: JUMPDEST
0109: PUSH1 0x40
010b: MLOAD
010c: CALLER
010d: SWAP1
010e: DUP3
010f: ISZERO
0110: PUSH2 0x08fc
0113: MUL
0114: SWAP1
0115: DUP4
0116: SWAP1
0117: PUSH1 0x00
0119: DUP2
011a: DUP2
011b: DUP2
011c: DUP6
011d: DUP9
011e: DUP9
011f: CALL
0120: SWAP4
0121: POP
0122: POP
0123: POP
0124: POP
0125: ISZERO
0126: DUP1
0127: ISZERO
0128: PUSH2 0x0135
012b: JUMPI
012c: RETURNDATASIZE
012d: PUSH1 0x00
012f: DUP1
0130: RETURNDATACOPY
0131: RETURNDATASIZE
0132: PUSH1 0x00
0134: REVERT
0135: JUMPDEST
0136: POP
0137: POP
0138: JUMP
0139: JUMPDEST
013a: PUSH1 0x00
013c: DUP1
013d: CALLVALUE
013e: GT
013f: ISZERO
0140: PUSH2 0x014b
0143: JUMPI
0144: POP
0145: PUSH1 0x01
0147: PUSH2 0x014f
014a: JUMP
014b: JUMPDEST
014c: POP
014d: PUSH1 0x00
014f: JUMPDEST
0150: SWAP1
0151: JUMP
0152: STOP
0153: LOG1
0154: PUSH6 0x627a7a723058
015b: SHA3
015c: OP_22
015d: PUSH12 0xc5f27b5c968603d4e7a69bdc
016a: OP_26
016b: OP_7f 0x8c1e05f76bf34e2453d337a79ee2614f0029
codex
{"no_findings":true,"summary":"Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. High-confidence behavior from bytecode: selector 0x2e1a7d4d is gated by a hardcoded manager check against 0xfc8ba415649691eb2f5c90eefede9f644455d888 and then performs a single ETH-transferring CALL back to msg.sender with fixed 2300-gas-style semantics; selector 0xd0e30db0 is payable and only returns whether msg.value > 0. I found no storage writes, no delegatecall, no proxy/upgrade slot evidence, and no stateful accounting that would make reentrancy or invariant-breaking exploits viable here. Residual uncertainty remains because selector inference from bytecode is best-effort, but I did not find a concrete exploitable issue beyond the apparent intended centralization in the hardcoded manager.","findings":[]}
tokens used
40,828
{
"codex": {
"ran_at": "2026-04-04T03:08:13.247243+00:00",
"returncode": 0
},
"project": {
"mode": "bytecode",
"bytecode_length": 766,
"bytecode_truncated": false,
"capability_graph_present": true,
"analysis_artifact_present": true
},
"summary": "Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. High-confidence behavior from bytecode: selector 0x2e1a7d4d is gated by a hardcoded manager check against 0xfc8ba415649691eb2f5c90eefede9f644455d888 and then performs a single ETH-transferring CALL back to msg.sender with fixed 2300-gas-style semantics; selector 0xd0e30db0 is payable and only returns whether msg.value > 0. I found no storage writes, no delegatecall, no proxy/upgrade slot evidence, and no stateful accounting that would make reentrancy or invariant-breaking exploits viable here. Residual uncertainty remains because selector inference from bytecode is best-effort, but I did not find a concrete exploitable issue beyond the apparent intended centralization in the hardcoded manager.",
"raw_final": {
"summary": "Reviewed BYTECODE_BUNDLE.json and the runtime bytecode. High-confidence behavior from bytecode: selector 0x2e1a7d4d is gated by a hardcoded manager check against 0xfc8ba415649691eb2f5c90eefede9f644455d888 and then performs a single ETH-transferring CALL back to msg.sender with fixed 2300-gas-style semantics; selector 0xd0e30db0 is payable and only returns whether msg.value > 0. I found no storage writes, no delegatecall, no proxy/upgrade slot evidence, and no stateful accounting that would make reentrancy or invariant-breaking exploits viable here. Residual uncertainty remains because selector inference from bytecode is best-effort, but I did not find a concrete exploitable issue beyond the apparent intended centralization in the hardcoded manager.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x004b 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000030: PUSH1 0x00 00000032: CALLDATALOAD 00000033: DIV 00000034: AND 00000035: PUSH4 0x2e1a7d4d 0000003a: DUP2 0000003b: EQ 0000003c: PUSH2 0x0050 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0xd0e30db0 00000046: EQ 00000047: PUSH2 0x006a 0000004a: JUMPI 0000004b: JUMPDEST 0000004c: PUSH1 0x00 0000004e: DUP1 0000004f: REVERT 00000050: JUMPDEST 00000051: CALLVALUE 00000052: DUP1 00000053: ISZERO 00000054: PUSH2 0x005c 00000057: JUMPI 00000058: PUSH1 0x00 0000005a: DUP1 0000005b: REVERT 0000005c: JUMPDEST 0000005d: POP 0000005e: PUSH2 0x0068 00000061: PUSH1 0x04 00000063: CALLDATALOAD 00000064: PUSH2 0x0086 00000067: JUMP 00000068: JUMPDEST 00000069: STOP 0000006a: JUMPDEST 0000006b: PUSH2 0x0072 0000006e: PUSH2 0x0139 00000071: JUMP 00000072: JUMPDEST 00000073: PUSH1 0x40 00000075: DUP1 00000076: MLOAD 00000077: SWAP2 00000078: ISZERO 00000079: ISZERO 0000007a: DUP3 0000007b: MSTORE 0000007c: MLOAD 0000007d: SWAP1 0000007e: DUP2 0000007f: SWAP1 00000080: SUB 00000081: PUSH1 0x20 00000083: ADD 00000084: SWAP1 00000085: RETURN 00000086: JUMPDEST 00000087: PUSH20 0xfc8ba415649691eb2f5c90eefede9f644455d888 0000009c: CALLER 0000009d: EQ 0000009e: PUSH2 0x0108 000000a1: JUMPI 000000a2: PUSH1 0x40 000000a4: DUP1 000000a5: MLOAD 000000a6: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000000c7: DUP2 000000c8: MSTORE 000000c9: PUSH1 0x20 000000cb: PUSH1 0x04 000000cd: DUP3 000000ce: ADD 000000cf: MSTORE 000000d0: PUSH1 0x1e 000000d2: PUSH1 0x24 000000d4: DUP3 000000d5: ADD 000000d6: MSTORE 000000d7: PUSH32 0x6f6e6c79206d616e61676572206a7573742063616e2061637469766174650000 000000f8: PUSH1 0x44 000000fa: DUP3 000000fb: ADD 000000fc: MSTORE 000000fd: SWAP1 000000fe: MLOAD 000000ff: SWAP1 00000100: DUP2 00000101: SWAP1 00000102: SUB 00000103: PUSH1 0x64 00000105: ADD 00000106: SWAP1 00000107: REVERT 00000108: JUMPDEST 00000109: PUSH1 0x40 0000010b: MLOAD 0000010c: CALLER 0000010d: SWAP1 0000010e: DUP3 0000010f: ISZERO 00000110: PUSH2 0x08fc 00000113: MUL 00000114: SWAP1 00000115: DUP4 00000116: SWAP1 00000117: PUSH1 0x00 00000119: DUP2 0000011a: DUP2 0000011b: DUP2 0000011c: DUP6 0000011d: DUP9 0000011e: DUP9 0000011f: CALL 00000120: SWAP4 00000121: POP 00000122: POP 00000123: POP 00000124: POP 00000125: ISZERO 00000126: DUP1 00000127: ISZERO 00000128: PUSH2 0x0135 0000012b: JUMPI 0000012c: RETURNDATASIZE 0000012d: PUSH1 0x00 0000012f: DUP1 00000130: RETURNDATACOPY 00000131: RETURNDATASIZE 00000132: PUSH1 0x00 00000134: REVERT 00000135: JUMPDEST 00000136: POP 00000137: POP 00000138: JUMP 00000139: JUMPDEST 0000013a: PUSH1 0x00 0000013c: DUP1 0000013d: CALLVALUE 0000013e: GT 0000013f: ISZERO 00000140: PUSH2 0x014b 00000143: JUMPI 00000144: POP 00000145: PUSH1 0x01 00000147: PUSH2 0x014f 0000014a: JUMP 0000014b: JUMPDEST 0000014c: POP 0000014d: PUSH1 0x00 0000014f: JUMPDEST 00000150: SWAP1 00000151: JUMP 00000152: STOP 00000153: LOG1 00000154: PUSH6 0x627a7a723058 0000015b: KECCAK256 0000015c: UNKNOWN(0x22) 0000015d: PUSH12 0xc5f27b5c968603d4e7a69bdc 0000016a: UNKNOWN(0x26) 0000016b: PUSH32
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb
call_targets:
0x5e96db84a4babf5958db3e1cf130d996947b1702
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x5e96db84a4babf5958db3e1cf130d996947b1702"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2e1a7d4d",
"selector": "0x2e1a7d4d",
"calldata_variants": [
"0x2e1a7d4d",
"0x2e1a7d4d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd0e30db0",
"selector": "0xd0e30db0",
"calldata_variants": [
"0xd0e30db0",
"0xd0e30db00000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 287,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
],
"untrusted_call_count": 1
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb
call_targets:
0x5e96db84a4babf5958db3e1cf130d996947b1702
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xc86841616ad153f53e06361cf628914c19c7c5de399166b3ea71f4bcd64dd1eb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x5e96db84a4babf5958db3e1cf130d996947b1702"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2e1a7d4d",
"selector": "0x2e1a7d4d",
"calldata_variants": [
"0x2e1a7d4d",
"0x2e1a7d4d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd0e30db0",
"selector": "0xd0e30db0",
"calldata_variants": [
"0xd0e30db0",
"0xd0e30db00000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 287,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": [
{
"pc": 157,
"type": "msg_sender_eq_const",
"value": 1.4417797715247304e+48
}
]
}
|