059a9a9c-9fcf-4692-a95e-f1561de0531b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 30475 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 103709 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 103710 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 103711 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 103712 | capability.graph | complete | 1 / 3 | 1 week ago |
| 103713 | detector.run | complete | 1 / 3 | 1 week ago |
| 103714 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:514648] OpenAI Codex v0.77.0 (research preview)
[codex:514648] --------
[codex:514648] workdir: /tmp/codex-multi-elw9d4cd
[codex:514648] model: gpt-5.2-codex
[codex:514648] provider: openai
[codex:514648] approval: never
[codex:514648] sandbox: read-only
[codex:514648] reasoning effort: xhigh
[codex:514648] reasoning summaries: auto
[codex:514648] session id: 019b6939-59b1-7010-b8de-143d4dcf1df9
[codex:514648] --------
[codex:514648] user
[codex:514648] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:514648] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:514648] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:514648]
[codex:514648] Scope rules:
[codex:514648] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:514648] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:514648]
[codex:514648] Output MUST be valid JSON matching the provided schema.
[codex:514648] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:514648] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:514648]
[codex:514648] Output constraints (IMPORTANT):
[codex:514648] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:514648] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:514648] mcp startup: no servers
[codex:514648]
[codex:514648] thinking
[codex:514648] **Preparing to read AUDIT_BUNDLE.txt**
[codex:514648] exec
[codex:514648] /bin/bash -lc ls in /tmp/codex-multi-elw9d4cd succeeded in 5ms:
[codex:514648] AUDIT_BUNDLE.txt
[codex:514648] codex-output-schema.json
[codex:514648] contracts
[codex:514648] exec
[codex:514648] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:514648]
[codex:514648] ================================================================================
[codex:514648] FILE: contracts/contracts/DerivaDEX.sol
[codex:514648] ================================================================================
[codex:514648] // SPDX-License-Identifier: MIT
[codex:514648] pragma solidity 0.6.12;
[codex:514648] pragma experimental ABIEncoderV2;
[codex:514648]
[codex:514648] import { LibDiamondCut } from "./diamond/LibDiamondCut.sol";
[codex:514648] import { DiamondFacet } from "./diamond/DiamondFacet.sol";
[codex:514648] import { OwnershipFacet } from "./diamond/OwnershipFacet.sol";
[codex:514648] import { LibDiamondStorage } from "./diamond/LibDiamondStorage.sol";
[codex:514648] import { IDiamondCut } from "./diamond/IDiamondCut.sol";
[codex:514648] import { IDiamondLoupe } from "./diamond/IDiamondLoupe.sol";
[codex:514648] import { IERC165 } from "./diamond/IERC165.sol";
[codex:514648] import { LibDiamondStorageDerivaDEX } from "./storage/LibDiamondStorageDerivaDEX.sol";
[codex:514648] import { IDDX } from "./tokens/interfaces/IDDX.sol";
[codex:514648]
[codex:514648] /**
[codex:514648]
[codex:514648] thinking
[codex:514648] **Ensuring full reading of AUDIT_BUNDLE**
[codex:514648] exec
[codex:514648] /bin/bash -lc 'rg -n "''^FILE: contracts/contracts" AUDIT_BUNDLE.txt' in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] 4:FILE: contracts/contracts/DerivaDEX.sol
[codex:514648] 129:FILE: contracts/contracts/diamond/DiamondFacet.sol
[codex:514648] 235:FILE: contracts/contracts/diamond/IDiamondCut.sol
[codex:514648] 270:FILE: contracts/contracts/diamond/IDiamondLoupe.sol
[codex:514648] 314:FILE: contracts/contracts/diamond/IERC165.sol
[codex:514648] 331:FILE: contracts/contracts/diamond/LibDiamondCut.sol
[codex:514648] 493:FILE: contracts/contracts/diamond/LibDiamondStorage.sol
[codex:514648] 539:FILE: contracts/contracts/diamond/OwnershipFacet.sol
[codex:514648] 578:FILE: contracts/contracts/facets/governance/Governance.sol
[codex:514648] 1451:FILE: contracts/contracts/facets/insurance-fund/InsuranceFund.sol
[codex:514648] 2592:FILE: contracts/contracts/facets/interfaces/IAToken.sol
[codex:514648] 2606:FILE: contracts/contracts/facets/interfaces/ICToken.sol
[codex:514648] 2666:FILE: contracts/contracts/facets/interfaces/IComptroller.sol
[codex:514648] 2812:FILE: contracts/contracts/facets/interfaces/IInsuranceFund.sol
[codex:514648] 2822:FILE: contracts/contracts/facets/pause/Pause.sol
[codex:514648] 2892:FILE: contracts/contracts/facets/trader/LibTraderInternal.sol
[codex:514648] 2976:FILE: contracts/contracts/facets/trader/Trader.sol
[codex:514648] 3192:FILE: contracts/contracts/libs/LibBytes.sol
[codex:514648] 3642:FILE: contracts/contracts/libs/LibClone.sol
[codex:514648] 3698:FILE: contracts/contracts/libs/LibDelegation.sol
[codex:514648]
[codex:514648] thinking
[codex:514648] **Planning full file reading strategy**
[codex:514648] exec
[codex:514648] /bin/bash -lc 'wc -l AUDIT_BUNDLE.txt' in /tmp/codex-multi-elw9d4cd succeeded in 5ms:
[codex:514648] 7812 AUDIT_BUNDLE.txt
[codex:514648]
[codex:514648] thinking
[codex:514648] **Reading file in chunks**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '1,1000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:514648]
[codex:514648] ================================================================================
[codex:514648] FILE: contracts/contracts/DerivaDEX.sol
[codex:514648] ================================================================================
[codex:514648] // SPDX-License-Identifier: MIT
[codex:514648] pragma solidity 0.6.12;
[codex:514648] pragma experimental ABIEncoderV2;
[codex:514648]
[codex:514648] import { LibDiamondCut } from "./diamond/LibDiamondCut.sol";
[codex:514648] import { DiamondFacet } from "./diamond/DiamondFacet.sol";
[codex:514648] import { OwnershipFacet } from "./diamond/OwnershipFacet.sol";
[codex:514648] import { LibDiamondStorage } from "./diamond/LibDiamondStorage.sol";
[codex:514648] import { IDiamondCut } from "./diamond/IDiamondCut.sol";
[codex:514648] import { IDiamondLoupe } from "./diamond/IDiamondLoupe.sol";
[codex:514648] import { IERC165 } from "./diamond/IERC165.sol";
[codex:514648] import { LibDiamondStorageDerivaDEX } from "./storage/LibDiamondStorageDerivaDEX.sol";
[codex:514648] import { IDDX } from "./tokens/interfaces/IDDX.sol";
[codex:514648]
[codex:514648] /**
[codex:514648]
[codex:514648] thinking
[codex:514648] **Continuing to read further**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '1001,2000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] }
[codex:514648]
[codex:514648] emit ProposalCanceled(_proposalId);
[codex:514648] }
[codex:514648]
[codex:514648] /**
[codex:514648] * @notice This function allows participants to cast either in
[codex:514648] * favor or against a particular proposal.
[codex:514648] * @param _proposalId Proposal id.
[codex:514648] * @param _support In favor (true) or against (false).
[codex:514648] */
[codex:514648] function castVote(uint128 _proposalId, bool _support) external {
[codex:514648] return _castVote(msg.sender, _proposalId, _support);
[codex:514648] }
[codex:514648]
[codex:514648] /**
[codex:514648] * @notice This function allows participants to cast votes with
[codex:514648] * offline signatures in favor or against a particular
[codex:514648] * proposal.
[codex:514648] * @param _proposalId Proposal id.
[codex:514648]
[codex:514648] thinking
[codex:514648] **Continuing to read more lines**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '2001,3000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] external
[codex:514648] view
[codex:514648] returns (
[codex:514648] uint32,
[codex:514648] uint32,
[codex:514648] uint96,
[codex:514648] uint96,
[codex:514648] uint96,
[codex:514648] uint256,
[codex:514648] InsuranceFundDefs.DDXMarketState memory,
[codex:514648] bytes32[] memory
[codex:514648] )
[codex:514648] {
[codex:514648] LibDiamondStorageInsuranceFund.DiamondStorageInsuranceFund storage dsInsuranceFund =
[codex:514648] LibDiamondStorageInsuranceFund.diamondStorageInsuranceFund();
[codex:514648] return (
[codex:514648] dsInsuranceFund.interval,
[codex:514648] dsInsuranceFund.withdrawalFactor,
[codex:514648] dsInsuranceFund.advanceIntervalReward,
[codex:514648] dsInsuranceFund.minedAmount,
[codex:514648]
[codex:514648] thinking
[codex:514648] **Continuing exploration**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '3001,4000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] contract Trader {
[codex:514648] using SafeMath96 for uint96;
[codex:514648] using SafeMath for uint256;
[codex:514648] using SafeERC20 for IERC20;
[codex:514648]
[codex:514648] event RewardCliffSet(bool rewardCliffSet);
[codex:514648]
[codex:514648] event DDXRewardIssued(address trader, uint96 amount);
[codex:514648]
[codex:514648] /**
[codex:514648] * @notice Limits functions to only be called via governance.
[codex:514648] */
[codex:514648] modifier onlyAdmin {
[codex:514648] LibDiamondStorageDerivaDEX.DiamondStorageDerivaDEX storage dsDerivaDEX =
[codex:514648] LibDiamondStorageDerivaDEX.diamondStorageDerivaDEX();
[codex:514648] require(msg.sender == dsDerivaDEX.admin, "Trader: must be called by Gov.");
[codex:514648] _;
[codex:514648] }
[codex:514648]
[codex:514648] /**
[codex:514648]
[codex:514648] thinking
[codex:514648] **Continuing with next steps**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '4001,5000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] pragma solidity 0.6.12;
[codex:514648]
[codex:514648] import { LibEIP712 } from "./LibEIP712.sol";
[codex:514648]
[codex:514648] library LibVoteCast {
[codex:514648] struct VoteCast {
[codex:514648] uint128 proposalId; // Proposal ID
[codex:514648] bool support; // Support
[codex:514648] }
[codex:514648]
[codex:514648] // Hash for the EIP712 OrderParams Schema
[codex:514648] // bytes32 constant internal EIP712_VOTE_CAST_SCHEMA_HASH = keccak256(abi.encodePacked(
[codex:514648] // "VoteCast(",
[codex:514648] // "uint128 proposalId,",
[codex:514648] // "bool support",
[codex:514648] // ")"
[codex:514648] // ));
[codex:514648] bytes32 internal constant EIP712_VOTE_CAST_SCHEMA_HASH =
[codex:514648] 0x4abb8ae9facc09d5584ac64f616551bfc03c3ac63e5c431132305bd9bc8f8246;
[codex:514648]
[codex:514648]
[codex:514648] thinking
[codex:514648] **Continuing review**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '5001,6000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 12ms:
[codex:514648] uint96 amount;
[codex:514648] if (_amount == uint256(-1)) {
[codex:514648] amount = uint96(-1);
[codex:514648] } else {
[codex:514648] amount = safe96(_amount, "DDX: amount exceeds 96 bits.");
[codex:514648] }
[codex:514648]
[codex:514648] // Transfer tokens from sender to recipient
[codex:514648] _transferTokens(msg.sender, _recipient, amount);
[codex:514648] return true;
[codex:514648] }
[codex:514648]
[codex:514648] /**
[codex:514648] * @notice Transfer `amount` tokens from `src` to `dst`
[codex:514648] * @param _from The address of the source account
[codex:514648] * @param _recipient The address of the destination account
[codex:514648] * @param _amount The number of tokens to transfer
[codex:514648] * @return Whether or not the transfer succeeded
[codex:514648] */
[codex:514648] function transferFrom(
[codex:514648]
[codex:514648] thinking
[codex:514648] **Proceeding to next chunk**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '6001,7000p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648]
[codex:514648] if (numTotalCheckpoints == 0) {
[codex:514648] return 0;
[codex:514648] }
[codex:514648]
[codex:514648] // First check most recent balance
[codex:514648] if (totalCheckpoints[numTotalCheckpoints - 1].id <= _blockNumber) {
[codex:514648] return totalCheckpoints[numTotalCheckpoints - 1].values;
[codex:514648] }
[codex:514648]
[codex:514648] // Next check implicit zero balance
[codex:514648] if (totalCheckpoints[0].id > _blockNumber) {
[codex:514648] return 0;
[codex:514648] }
[codex:514648]
[codex:514648] // Perform binary search to find the most recent token holdings
[codex:514648] // leading to a measure of voting power
[codex:514648] uint256 lower = 0;
[codex:514648] uint256 upper = numTotalCheckpoints - 1;
[codex:514648] while (upper > lower) {
[codex:514648]
[codex:514648] thinking
[codex:514648] **Preparing to read final file section**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '7001,7812p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] ================================================================================
[codex:514648] // SPDX-License-Identifier: MIT
[codex:514648]
[codex:514648] pragma solidity ^0.6.0;
[codex:514648]
[codex:514648] /**
[codex:514648] * @dev Standard math utilities missing in the Solidity language.
[codex:514648] */
[codex:514648] library Math {
[codex:514648] /**
[codex:514648] * @dev Returns the largest of two numbers.
[codex:514648] */
[codex:514648] function max(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:514648] return a >= b ? a : b;
[codex:514648] }
[codex:514648]
[codex:514648] /**
[codex:514648] * @dev Returns the smallest of two numbers.
[codex:514648] */
[codex:514648] function min(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing security audit scope and reentrancy risks**
[codex:514648]
[codex:514648] I'm mapping out a security audit plan focusing on core contracts and libraries, targeting known vulnerability patterns like reentrancy, access controls, signature handling, and upgradeability. I’m carefully examining signature validation quirks and potential reentrancy scenarios—especially in InsuranceFund’s token transfers and withdrawal logic—considering how external calls and state updates might interact to cause subtle issues or exploits. I'll dig deeper into contract lines to confirm these findings and document precise vulnerabilities with evidence and recommendations.
[codex:514648] exec
[codex:514648] /bin/bash -lc 'rg -n "transferTokensAave|transferTokensCompound|claimOtherRewardsFromInsuranceMining" -n contracts/contracts/facets/insurance-fund/InsuranceFund.sol' in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] 771: claimOtherRewardsFromInsuranceMining(_claimant);
[codex:514648] 931: function claimOtherRewardsFromInsuranceMining(address _claimant) internal {
[codex:514648] 969: transferTokensAave(_claimant, dsInsuranceFund.collateralNames[i], collateralStaker, collateralTotal);
[codex:514648] 990: transferTokensCompound(_claimant, compClaimedAmountSum);
[codex:514648] 997: function transferTokensAave(
[codex:514648] 1021: function transferTokensCompound(address _claimant, uint96 _amount) internal {
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '900,1045p' contracts/contracts/facets/insurance-fund/InsuranceFund.sol" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] InsuranceFundDefs.StakeCollateral storage stakeCollateral = dsInsuranceFund.stakeCollaterals[_collateralName];
[codex:514648]
[codex:514648] // Get DIFund tokens for staker as of the checkpointed block
[codex:514648] uint96 stakerStake =
[codex:514648] stakeCollateral.diFundToken.getPriorValues(_staker, dsInsuranceFund.otherRewardsCheckpointBlock.sub(1));
[codex:514648]
[codex:514648] // Get DIFund tokens globally as of the checkpointed block
[codex:514648] uint96 globalCap =
[codex:514648] stakeCollateral.diFundToken.getTotalPriorValues(dsInsuranceFund.otherRewardsCheckpointBlock.sub(1));
[codex:514648]
[codex:514648] // If Aave, don't worry about the normalized values since 1-1
[codex:514648] if (stakeCollateral.flavor == InsuranceFundDefs.Flavor.Aave) {
[codex:514648] return (stakerStake, globalCap, 0, 0);
[codex:514648] }
[codex:514648]
[codex:514648] // Compute global USD-denominated stake capitalization. This is
[codex:514648] // is straightforward for non-Compound assets, but requires
[codex:514648] // exchange rate conversion for Compound assets.
[codex:514648] uint96 normalizedGlobalCap =
[codex:514648] getUnderlyingTokenAmountForCompound(stakeCollateral.checkpointCap, stakeCollateral.exchangeRate);
[codex:514648]
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing potential risks and logic errors**
[codex:514648]
[codex:514648] There is a lot here! I'm reviewing failures swallowing, access control peculiarities with admin set to the contract itself, signature handling quirks, reentrancy concerns, and a critical mischeck in withdrawal factor validation that could break accounting by allowing withdrawal fees over 100%. I'm carefully following the logic paths to identify whether these are vulnerabilities or design risks, especially focusing on governance-controlled functions and upgradeability mechanisms.
[codex:514648] thinking
[codex:514648] **Evaluating subtle edge cases and initialization concerns**
[codex:514648]
[codex:514648] I'm exploring finer points like division by zero guards tied to token supply, signature handling in governance, clone initialization safety, and potential faults from unset clone targets causing delegatecalls to zero addresses. These look like design edge cases or misconfigurations rather than straightforward exploits, but they could cause failures or unexpected reverts if overlooked.
[codex:514648] exec
[codex:514648] /bin/bash -lc 'rg -n "initializeDiamondCut" -n contracts/contracts/diamond/LibDiamondCut.sol' in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] 37: initializeDiamondCut(_init, _calldata);
[codex:514648] 131: function initializeDiamondCut(address _init, bytes memory _calldata) internal {
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '120,200p' contracts/contracts/diamond/LibDiamondCut.sol" in /tmp/codex-multi-elw9d4cd succeeded in 5ms:
[codex:514648] address lastFacetAddress = ds.facetAddresses[lastFacetAddressPosition];
[codex:514648] uint256 facetAddressPosition = ds.facetFunctionSelectors[_oldFacetAddress].facetAddressPosition;
[codex:514648] if (_oldFacetAddress != lastFacetAddress) {
[codex:514648] ds.facetAddresses[facetAddressPosition] = lastFacetAddress;
[codex:514648] ds.facetFunctionSelectors[lastFacetAddress].facetAddressPosition = uint16(facetAddressPosition);
[codex:514648] }
[codex:514648] ds.facetAddresses.pop();
[codex:514648] delete ds.facetFunctionSelectors[_oldFacetAddress];
[codex:514648] }
[codex:514648] }
[codex:514648]
[codex:514648] function initializeDiamondCut(address _init, bytes memory _calldata) internal {
[codex:514648] if (_init == address(0)) {
[codex:514648] require(_calldata.length == 0, "LibDiamondCut: _init is address(0) but_calldata is not empty");
[codex:514648] } else {
[codex:514648] require(_calldata.length > 0, "LibDiamondCut: _calldata is empty but _init is not address(0)");
[codex:514648] if (_init != address(this)) {
[codex:514648] LibDiamondCut.ensureHasContractCode(_init, "LibDiamondCut: _init address has no code");
[codex:514648] }
[codex:514648] (bool success, bytes memory error) = _init.delegatecall(_calldata);
[codex:514648]
[codex:514648] thinking
[codex:514648] **Checking IERCCustom usage**
[codex:514648] exec
[codex:514648] /bin/bash -lc 'rg -n "interface IERCCustom|IERCCustom" contracts/contracts/facets/insurance-fund/InsuranceFund.sol' in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] 25:interface IERCCustom {
[codex:514648] 344: IERCCustom(_collateralToken).decimals()
[codex:514648] 1115: uint256 vanillaDecimals = uint256(IERCCustom(_collateral).decimals());
[codex:514648]
[codex:514648] thinking
[codex:514648] **Inspecting InsuranceFund and related interfaces**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '1,120p' contracts/contracts/facets/insurance-fund/InsuranceFund.sol" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] // SPDX-License-Identifier: MIT
[codex:514648] pragma solidity 0.6.12;
[codex:514648] pragma experimental ABIEncoderV2;
[codex:514648]
[codex:514648] import { SafeMath } from "openzeppelin-solidity/contracts/math/SafeMath.sol";
[codex:514648] import { Math } from "openzeppelin-solidity/contracts/math/Math.sol";
[codex:514648] import { IERC20 } from "openzeppelin-solidity/contracts/token/ERC20/IERC20.sol";
[codex:514648] import { SafeERC20 } from "openzeppelin-solidity/contracts/token/ERC20/SafeERC20.sol";
[codex:514648] import { SafeMath32 } from "../../libs/SafeMath32.sol";
[codex:514648] import { SafeMath96 } from "../../libs/SafeMath96.sol";
[codex:514648] import { MathHelpers } from "../../libs/MathHelpers.sol";
[codex:514648] import { InsuranceFundDefs } from "../../libs/defs/InsuranceFundDefs.sol";
[codex:514648] import { LibDiamondStorageDerivaDEX } from "../../storage/LibDiamondStorageDerivaDEX.sol";
[codex:514648] import { LibDiamondStorageInsuranceFund } from "../../storage/LibDiamondStorageInsuranceFund.sol";
[codex:514648] import { LibDiamondStorageTrader } from "../../storage/LibDiamondStorageTrader.sol";
[codex:514648] import { LibDiamondStoragePause } from "../../storage/LibDiamondStoragePause.sol";
[codex:514648] import { IDDX } from "../../tokens/interfaces/IDDX.sol";
[codex:514648] import { LibTraderInternal } from "../trader/LibTraderInternal.sol";
[codex:514648] import { IAToken } from "../interfaces/IAToken.sol";
[codex:514648] import { IComptroller } from "../interfaces/IComptroller.sol";
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing complex smart contract interactions and potential issues**
[codex:514648]
[codex:514648] I'm reviewing numerous subtle behaviors in the InsuranceFund, DIFundToken, Governance, and related contracts—focusing on reward claiming, state updates, signature handling, access control, and potential oracle manipulation. There is a lot here! I'm carefully checking for double claims, timing conditions, math correctness, and how different components interact, especially around reward distributions and delegatecall security. Some findings hint at risks but mostly confirm expected protections or minor issues. This is a deep dive into nuanced protocol logic!
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '493,578p' contracts/contracts/diamond/LibDiamondStorage.sol" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648]
[codex:514648]
[codex:514648] thinking
[codex:514648] **Checking for file end**
[codex:514648] exec
[codex:514648] /bin/bash -lc "sed -n '493,560p' contracts/contracts/diamond/LibDiamondStorage.sol" in /tmp/codex-multi-elw9d4cd succeeded in 5ms:
[codex:514648]
[codex:514648]
[codex:514648] thinking
[codex:514648] **Viewing entire file**
[codex:514648] exec
[codex:514648] /bin/bash -lc 'cat contracts/contracts/diamond/LibDiamondStorage.sol' in /tmp/codex-multi-elw9d4cd succeeded in 5ms:
[codex:514648] // SPDX-License-Identifier: MIT
[codex:514648] pragma solidity 0.6.12;
[codex:514648] pragma experimental ABIEncoderV2;
[codex:514648]
[codex:514648] /******************************************************************************\
[codex:514648] * Author: Nick Mudge <nick@perfectabstractions.com> (https://twitter.com/mudgen)
[codex:514648] /******************************************************************************/
[codex:514648]
[codex:514648] library LibDiamondStorage {
[codex:514648] struct FacetAddressAndPosition {
[codex:514648] address facetAddress;
[codex:514648] uint16 functionSelectorPosition; // position in facetFunctionSelectors.functionSelectors array
[codex:514648] }
[codex:514648]
[codex:514648] struct FacetFunctionSelectors {
[codex:514648] bytes4[] functionSelectors;
[codex:514648] uint16 facetAddressPosition; // position of facetAddress in facetAddresses array
[codex:514648] }
[codex:514648]
[codex:514648] struct DiamondStorage {
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing potential smart contract vulnerabilities**
[codex:514648]
[codex:514648] I'm going through various smart contracts to identify potential issues like missing checks in signatures, permissionless functions, and edge cases in token transfers and delegation. I'm verifying if these behaviors are intended or pose risks, and noting subtle concerns like stale data use or unusual delegatecall patterns while confirming which concerns are mitigated by contract logic.
[codex:514648] exec
[codex:514648] /bin/bash -lc "nl -ba contracts/contracts/facets/insurance-fund/InsuranceFund.sol | sed -n '230,320p'" in /tmp/codex-multi-elw9d4cd succeeded in 6ms:
[codex:514648] 230
[codex:514648] 231 /**
[codex:514648] 232 * @notice This function sets the advance interval reward.
[codex:514648] 233 * @param _advanceIntervalReward DDX reward for advancing interval.
[codex:514648] 234 */
[codex:514648] 235 function setAdvanceIntervalReward(uint96 _advanceIntervalReward)
[codex:514648] 236 external
[codex:514648] 237 onlyAdmin
[codex:514648] 238 insuranceMiningOngoing
[codex:514648] 239 isNotPaused
[codex:514648] 240 {
[codex:514648] 241 LibDiamondStorageInsuranceFund.DiamondStorageInsuranceFund storage dsInsuranceFund =
[codex:514648] 242 LibDiamondStorageInsuranceFund.diamondStorageInsuranceFund();
[codex:514648] 243
[codex:514648] 244 require(_advanceIntervalReward != dsInsuranceFund.advanceIntervalReward, "IFund: same as current value.");
[codex:514648] 245 // Set the advance interval reward
[codex:514648] 246 dsInsuranceFund.advanceIntervalReward = _advanceIntervalReward;
[codex:514648] 247
[codex:514648] 248 emit AdvanceIntervalRewardSet(_advanceIntervalReward);
[codex:514648] 249 }
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing potential deep contract issues**
[codex:514648]
[codex:514648] There's a lot here! I'm carefully reviewing various contract functions for subtle bugs, especially around signature handling, arithmetic underflows, reentrancy, permission checks, and token interactions, weighing if any pose real security risks or just design quirks. I’m curious about multiple spots like Governance’s signature verification, InsuranceFund’s rewards accounting, and low-level assembly for string keys, and noting where safe math or state updates prevent exploits.
[codex:514648] exec
[codex:514648] /bin/bash -lc 'rg -n "delegatecall" contracts/contracts' in /tmp/codex-multi-elw9d4cd succeeded in 12ms:
[codex:514648] contracts/contracts/DerivaDEX.sol:108: let result := delegatecall(gas(), facet, 0, calldatasize(), 0, 0)
[codex:514648] contracts/contracts/diamond/DiamondFacet.sol:21: /// a function with delegatecall
[codex:514648] contracts/contracts/diamond/DiamondFacet.sol:25: /// _calldata is executed with delegatecall on _init
[codex:514648] contracts/contracts/diamond/LibDiamondCut.sol:139: (bool success, bytes memory error) = _init.delegatecall(_calldata);
[codex:514648] contracts/contracts/diamond/IDiamondCut.sol:21: /// a function with delegatecall
[codex:514648] contracts/contracts/diamond/IDiamondCut.sol:25: /// _calldata is executed with delegatecall on _init
[codex:514648]
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing reentrancy and vulnerabilities in contracts**
[codex:514648]
[codex:514648] I’m diving into external calls and state updates to spot reentrancy risks, focusing on InsuranceFund, Trader, and Governance contracts. There’s a tricky reentrancy risk in InsuranceFund.withdrawFromInsuranceFund due to external token calls before burning tokens, which might let attackers withdraw multiple times before balances update. I’m also checking access controls, unchecked external call returns, and potential parameter validation bugs, identifying issues like a withdrawal factor bug and silent transfer failures that could affect rewards. There’s a complex mix of patterns here, with some centralization risks and accounting quirks worth noting. Overall, I’m piecing together where state changes and external calls might open doors for exploits or unintended behaviors.
[codex:514648] thinking
[codex:514648] **Evaluating token transfer patterns and signature handling**
[codex:514648]
[codex:514648] I’m examining subtle issues like unchecked ERC20 transfer returns in reward claims, access control nuances in burning tokens, and signature malleability risks in governance and delegation. There are some quirks in permit and transfer logic, plus potential minor overflow concerns with token decimals. The main points are low-severity risks around silent transfer failures and missing strict signature validations, which might impact reliability or integration but aren’t direct exploits. I’m connecting these findings to provide a rounded view of code robustness and areas worth attention.
[codex:514648] exec
[codex:514648] /bin/bash -lc "nl -ba contracts/contracts/facets/insurance-fund/InsuranceFund.sol | sed -n '720,820p'" in /tmp/codex-multi-elw9d4cd succeeded in 8ms:
[codex:514648] 720 // Compute the difference between the latest DDX market state
[codex:514648] 721 // index and the claimant's index
[codex:514648] 722 uint256 deltaIndex = uint256(dsInsuranceFund.ddxMarketState.index).sub(ddxClaimantIndex);
[codex:514648] 723
[codex:514648] 724 // Maintain a running total of USDT-normalized claimant tokens
[codex:514648] 725 // (i.e. 1e6 multiplier)
[codex:514648] 726 uint256 claimantTokens;
[codex:514648] 727
[codex:514648] 728 // Loop through each of the supported collateral types
[codex:514648] 729 for (uint256 i = 0; i < dsInsuranceFund.collateralNames.length; i++) {
[codex:514648] 730 // Obtain the collateral struct for the collateral type
[codex:514648] 731 // participant is staking
[codex:514648] 732 InsuranceFundDefs.StakeCollateral storage stakeCollateral =
[codex:514648] 733 dsInsuranceFund.stakeCollaterals[dsInsuranceFund.collateralNames[i]];
[codex:514648] 734
[codex:514648] 735 // Increment the USDT-normalized claimant tokens count with
[codex:514648] 736 // the current balance
[codex:514648] 737 claimantTokens = claimantTokens.add(
[codex:514648] 738 getNormalizedCollateralValue(
[codex:514648] 739 dsInsuranceFund.collateralNames[i],
[codex:514648]
[codex:514648] thinking
[codex:514648] **Analyzing potential vulnerabilities and categorizing findings**
[codex:514648] exec
[codex:514648] /bin/bash -lc "nl -ba contracts/contracts/facets/insurance-fund/InsuranceFund.sol | sed -n '930,1045p'" in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] 930 */
[codex:514648] 931 function claimOtherRewardsFromInsuranceMining(address _claimant) internal {
[codex:514648] 932 LibDiamondStorageInsuranceFund.DiamondStorageInsuranceFund storage dsInsuranceFund =
[codex:514648] 933 LibDiamondStorageInsuranceFund.diamondStorageInsuranceFund();
[codex:514648] 934
[codex:514648] 935 // Maintain a running total of COMP to be claimed from
[codex:514648] 936 // insurance mining contract as a by product of cToken deposits
[codex:514648] 937 uint96 compClaimedAmountSum;
[codex:514648] 938
[codex:514648] 939 // Loop through collateral names that are supported
[codex:514648] 940 for (uint256 i = 0; i < dsInsuranceFund.collateralNames.length; i++) {
[codex:514648] 941 // Obtain collateral struct under consideration
[codex:514648] 942 InsuranceFundDefs.StakeCollateral storage stakeCollateral =
[codex:514648] 943 dsInsuranceFund.stakeCollaterals[dsInsuranceFund.collateralNames[i]];
[codex:514648] 944
[codex:514648] 945 if (stakeCollateral.flavor == InsuranceFundDefs.Flavor.Vanilla) {
[codex:514648] 946 // If collateral is of Vanilla flavor, we just
[codex:514648] 947 // continue...
[codex:514648] 948 continue;
[codex:514648] 949 }
[codex:514648]
[codex:514648] thinking
[codex:514648] **Identifying relevant code sections**
[codex:514648] exec
[codex:514648] /bin/bash -lc "nl -ba contracts/contracts/facets/insurance-fund/InsuranceFund.sol | sed -n '420,520p'" in /tmp/codex-multi-elw9d4cd succeeded in 7ms:
[codex:514648] 420 // also has 0 tokens in their possession, and thus would have
[codex:514648] 421 // nothing to be redeemed anyways.
[codex:514648] 422 uint96 underlyingToTransferNoFee =
[codex:514648] 423 _amount.proportion96(stakeCollateral.cap, stakeCollateral.diFundToken.totalSupply());
[codex:514648] 424 uint96 underlyingToTransfer = underlyingToTransferNoFee.proportion96(dsInsuranceFund.withdrawalFactor, 1e3);
[codex:514648] 425
[codex:514648] 426 // Decrement the capitalization
[codex:514648] 427 stakeCollateral.cap = stakeCollateral.cap.sub96(underlyingToTransferNoFee);
[codex:514648] 428
[codex:514648] 429 // Increment the withdrawal fee cap
[codex:514648] 430 stakeCollateral.withdrawalFeeCap = stakeCollateral.withdrawalFeeCap.add96(
[codex:514648] 431 underlyingToTransferNoFee.sub96(underlyingToTransfer)
[codex:514648] 432 );
[codex:514648] 433
[codex:514648] 434 // Transfer collateral amount from proxy contract to user
[codex:514648] 435 IERC20(stakeCollateral.collateralToken).safeTransfer(msg.sender, underlyingToTransfer);
[codex:514648] 436
[codex:514648] 437 // Burn DIFund tokens being redeemed from user
[codex:514648] 438 stakeCollateral.diFundToken.burnFrom(msg.sender, _amount);
[codex:514648] 439
[codex:514648]
[codex:514648] thinking
[codex:514648] **Composing detailed JSON findings**
[codex:514648]
[codex:514648] I'm drafting JSON that captures two issues: a medium-severity math bug with withdrawal factor validation allowing over 100% withdrawals and a low-severity problem where reward claim statuses update despite transfer failures. I’m carefully including titles, categories, scenarios, recommendations, evidence with code references, and exact file line locations while ensuring proper JSON formatting and schema compliance.
[codex:514648] codex
[codex:514648] {"no_findings":false,"summary":"Found 2 issues: a withdrawal-factor validation bug that can enable >100% withdrawals, and reward transfers that silently fail while claims are marked used.","findings":[{"severity":"medium","category":"math","title":"Withdrawal factor validation checks the old value, enabling >100% withdrawals","exploit_scenario":"Governance (or a compromised admin) can set `_withdrawalFactor` to a value >1000 because the require check validates the current stored value instead of the new value. Once set, users can withdraw more collateral than their pro‑rata share (`underlyingToTransfer` > `underlyingToTransferNoFee`), draining the fund. Because the check uses the stored value, it also becomes impossible to reset if the current value exceeds 1000.","recommendation":"Validate the input value instead (`require(_withdrawalFactor <= 1000, ...)`) and consider adding an emergency reset path. Add tests asserting that values >1000 are rejected.","evidence":"`setWithdrawalFactor` checks `dsInsuranceFund.withdrawalFactor <= 1000` instead of `_withdrawalFactor`, while `withdrawFromInsuranceFund` uses `dsInsuranceFund.withdrawalFactor` to scale withdrawals.","locations":["contracts/contracts/facets/insurance-fund/InsuranceFund.sol:255","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:422"]},{"severity":"low","category":"other","title":"External reward transfers can fail silently after claims are marked used","exploit_scenario":"`claimDDXFromInsuranceMining` marks `stakerToOtherRewardsClaims` before attempting external COMP/aToken transfers. The transfer helpers intentionally swallow failures (`try ... catch {}`), so a failing transfer (non‑standard token behavior, blacklisting, or insufficient balance) causes the claimant to permanently lose rewards for that interval with no retry path. A malicious or misconfigured collateral token could grief claimers this way.","recommendation":"Only mark the claim after successful transfers, or revert on transfer failures. Alternatively, track per‑reward claim status and allow retries when transfers fail.","evidence":"`stakerToOtherRewardsClaims` is updated before `claimOtherRewardsFromInsuranceMining`, and both `transferTokensAave` and `transferTokensCompound` ignore failures via `try/catch` without state rollback.","locations":["contracts/contracts/facets/insurance-fund/InsuranceFund.sol:764","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1011","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1021"]}]}
[codex:514648] tokens used
[codex:514648] 154,357
[codex:514648] {"no_findings":false,"summary":"Found 2 issues: a withdrawal-factor validation bug that can enable >100% withdrawals, and reward transfers that silently fail while claims are marked used.","findings":[{"severity":"medium","category":"math","title":"Withdrawal factor validation checks the old value, enabling >100% withdrawals","exploit_scenario":"Governance (or a compromised admin) can set `_withdrawalFactor` to a value >1000 because the require check validates the current stored value instead of the new value. Once set, users can withdraw more collateral than their pro‑rata share (`underlyingToTransfer` > `underlyingToTransferNoFee`), draining the fund. Because the check uses the stored value, it also becomes impossible to reset if the current value exceeds 1000.","recommendation":"Validate the input value instead (`require(_withdrawalFactor <= 1000, ...)`) and consider adding an emergency reset path. Add tests asserting that values >1000 are rejected.","evidence":"`setWithdrawalFactor` checks `dsInsuranceFund.withdrawalFactor <= 1000` instead of `_withdrawalFactor`, while `withdrawFromInsuranceFund` uses `dsInsuranceFund.withdrawalFactor` to scale withdrawals.","locations":["contracts/contracts/facets/insurance-fund/InsuranceFund.sol:255","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:422"]},{"severity":"low","category":"other","title":"External reward transfers can fail silently after claims are marked used","exploit_scenario":"`claimDDXFromInsuranceMining` marks `stakerToOtherRewardsClaims` before attempting external COMP/aToken transfers. The transfer helpers intentionally swallow failures (`try ... catch {}`), so a failing transfer (non‑standard token behavior, blacklisting, or insufficient balance) causes the claimant to permanently lose rewards for that interval with no retry path. A malicious or misconfigured collateral token could grief claimers this way.","recommendation":"Only mark the claim after successful transfers, or revert on transfer failures. Alternatively, track per‑reward claim status and allow retries when transfers fail.","evidence":"`stakerToOtherRewardsClaims` is updated before `claimOtherRewardsFromInsuranceMining`, and both `transferTokensAave` and `transferTokensCompound` ignore failures via `try/catch` without state rollback.","locations":["contracts/contracts/facets/insurance-fund/InsuranceFund.sol:764","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1011","contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1021"]}]}
{
"codex": {
"ran_at": "2025-12-29T08:40:11.867992+00:00",
"returncode": 0
},
"summary": "Found 2 issues: a withdrawal-factor validation bug that can enable >100% withdrawals, and reward transfers that silently fail while claims are marked used.",
"raw_final": {
"summary": "Found 2 issues: a withdrawal-factor validation bug that can enable >100% withdrawals, and reward transfers that silently fail while claims are marked used.",
"findings": [
{
"title": "Withdrawal factor validation checks the old value, enabling >100% withdrawals",
"category": "math",
"evidence": "`setWithdrawalFactor` checks `dsInsuranceFund.withdrawalFactor <= 1000` instead of `_withdrawalFactor`, while `withdrawFromInsuranceFund` uses `dsInsuranceFund.withdrawalFactor` to scale withdrawals.",
"severity": "medium",
"locations": [
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:255",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:422"
],
"recommendation": "Validate the input value instead (`require(_withdrawalFactor <= 1000, ...)`) and consider adding an emergency reset path. Add tests asserting that values >1000 are rejected.",
"exploit_scenario": "Governance (or a compromised admin) can set `_withdrawalFactor` to a value >1000 because the require check validates the current stored value instead of the new value. Once set, users can withdraw more collateral than their pro\u2011rata share (`underlyingToTransfer` > `underlyingToTransferNoFee`), draining the fund. Because the check uses the stored value, it also becomes impossible to reset if the current value exceeds 1000."
},
{
"title": "External reward transfers can fail silently after claims are marked used",
"category": "other",
"evidence": "`stakerToOtherRewardsClaims` is updated before `claimOtherRewardsFromInsuranceMining`, and both `transferTokensAave` and `transferTokensCompound` ignore failures via `try/catch` without state rollback.",
"severity": "low",
"locations": [
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:764",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1011",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1021"
],
"recommendation": "Only mark the claim after successful transfers, or revert on transfer failures. Alternatively, track per\u2011reward claim status and allow retries when transfers fail.",
"exploit_scenario": "`claimDDXFromInsuranceMining` marks `stakerToOtherRewardsClaims` before attempting external COMP/aToken transfers. The transfer helpers intentionally swallow failures (`try ... catch {}`), so a failing transfer (non\u2011standard token behavior, blacklisting, or insufficient balance) causes the claimant to permanently lose rewards for that interval with no retry path. A malicious or misconfigured collateral token could grief claimers this way."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: PUSH2 0x0044 00000009: JUMPI 0000000a: PUSH1 0x40 0000000c: MLOAD 0000000d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000002e: DUP2 0000002f: MSTORE 00000030: PUSH1 0x04 00000032: ADD 00000033: PUSH2 0x003b 00000036: SWAP1 00000037: PUSH2 0x1565 0000003a: JUMP 0000003b: JUMPDEST 0000003c: PUSH1 0x40 0000003e: MLOAD 0000003f: DUP1 00000040: SWAP2 00000041: SUB 00000042: SWAP1 00000043: REVERT 00000044: JUMPDEST 00000045: PUSH1 0x00 00000047: DUP1 00000048: CALLDATALOAD 00000049: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 0000006a: AND 0000006b: DUP2 0000006c: MSTORE 0000006d: PUSH32 0xc8fcad8db84d3cc18b4c41d551ea0ee66dd599cde068d998e57d5e09332c131c 0000008e: PUSH1 0x20 00000090: DUP2 00000091: SWAP1 00000092: MSTORE 00000093: PUSH1 0x40 00000095: SWAP1 00000096: SWAP2 00000097: KECCAK256 00000098: SLOAD 00000099: DUP2 0000009a: SWAP1 0000009b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000b0: AND 000000b1: DUP1 000000b2: PUSH2 0x00e7 000000b5: JUMPI 000000b6: PUSH1 0x40 000000b8: MLOAD 000000b9: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000000da: DUP2 000000db: MSTORE 000000dc: PUSH1 0x04 000000de: ADD 000000df: PUSH2 0x003b 000000e2: SWAP1 000000e3: PUSH2 0x1505 000000e6: JUMP 000000e7: JUMPDEST 000000e8: CALLDATASIZE 000000e9: PUSH1 0x00 000000eb: DUP1 000000ec: CALLDATACOPY 000000ed: PUSH1 0x00 000000ef: DUP1 000000f0: CALLDATASIZE 000000f1: PUSH1 0x00 000000f3: DUP5 000000f4: GAS 000000f5: DELEGATECALL 000000f6: RETURNDATASIZE 000000f7: DUP1 000000f8: PUSH1 0x00 000000fa: DUP1 000000fb: RETURNDATACOPY 000000fc: DUP2 000000fd: DUP1 000000fe: ISZERO 000000ff: PUSH2 0x0107 00000102: JUMPI 00000103: DUP2 00000104: PUSH1 0x00 00000106: RETURN 00000107: JUMPDEST 00000108: DUP2 00000109: PUSH1 0x00 0000010b: REVERT 0000010c: JUMPDEST 0000010d: PUSH32 0xc8fcad8db84d3cc18b4c41d551ea0ee66dd599cde068d998e57d5e09332c131c 0000012e: SWAP1 0000012f: JUMP 00000130: JUMPDEST 00000131: PUSH32 0x2282c0f253670b5926c98189f0f7727e7f3274999270900ce9f60067a35b3129 00000152: SWAP1 00000153: JUMP 00000154: JUMPDEST 00000155: PUSH1 0x00 00000157: DUP4 00000158: MLOAD 00000159: GT 0000015a: PUSH2 0x018f 0000015d: JUMPI 0000015e: PUSH1 0x40 00000160: MLOAD 00000161: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000182: DUP2 00000183: MSTORE 00000184: PUSH1 0x04 00000186: ADD 00000187: PUSH2 0x003b 0000018a: SWAP1 0000018b: PUSH2 0x1545 0000018e: JUMP 0000018f: JUMPDEST 00000190: PUSH1 0x00 00000192: JUMPDEST 00000193: DUP4 00000194: MLOAD 00000195: DUP2 00000196: LT 00000197: ISZERO 00000198: PUSH2 0x01f3 0000019b: JUMPI 0000019c: PUSH2 0x01eb 0000019f: DUP5 000001a0: DUP3 000001a1: DUP2 000001a2: MLOAD 000001a3: DUP2 000001a4: LT 000001a5: PUSH2 0x01aa 000001a8: JUMPI 000001a9: INVALID 000001aa: JUMPDEST 000001ab: PUSH1 0x20 000001ad: MUL 000001ae: PUSH1 0x20 000001b0: ADD 000001b1: ADD 000001b2: MLOAD 000001b3: PUSH1 0x00 000001b5: ADD 000001b6: MLOAD 000001b7: DUP6 000001b8: DUP4 000001b9: DUP2 000001ba: MLOAD 000001bb: DUP2 000001bc: LT 000001bd: PUSH2 0x01c2 000001c0: JUMPI 000001c1: INVALID 000001c2: JUMPDEST 000001c3: PUSH1 0x20 000001c5: MUL 000001c6: PUSH1 0x20 000001c8: ADD 000001c9: ADD 000001ca: MLOAD 000001cb: PUSH1 0x20 000001cd: ADD 000001ce: MLOAD 000001cf: DUP7 000001d0: DUP5 000001d1: DUP2 000001d2: MLOAD 000001d3: DUP2 000001d4: LT 000001d5: PUSH2 0x01da 000001d8: JUMPI 000001d9: INVALID 000001da: JUMPDEST 000001db: PUSH1 0x20 000001dd: MUL 000001de: PUSH1 0x20 000001e0: ADD 000001e1: ADD 000001e2: MLOAD 000001e3: PUSH1 0x40 000001e5: ADD 000001e6: MLOAD 000001e7: PUSH2 0x027f 000001ea: JUMP 000001eb: JUMPDEST 000001ec: PUSH1 0x01 000001ee: ADD 000001ef: PUSH2 0x0192 000001f2: JUMP 000001f3: JUMPDEST 000001f4: POP 000001f5: PUSH32 0x8faa70878671ccd212d20771b795c50af8fd3ff6cf27f4bde57e5d4de0aeb673 00000216: DUP4 00000217: DUP4 00000218: DUP4 00000219: PUSH1 0x40 0000021b: MLOAD 0000021c: PUSH2 0x0227 0000021f: SWAP4 00000220: SWAP3 00000221: SWAP2 00000222: SWAP1 00000223: PUSH2 0x149c 00000226: JUMP 00000227: JUMPDEST 00000228: PUSH1 0x40 0000022a: MLOAD 0000022b: DUP1 0000022c: SWAP2 0000022d: SUB 0000022e: SWAP1 0000022f: LOG1 00000230: PUSH2 0x0239 00000233: DUP3 00000234: DUP3 00000235: PUSH2 0x0679 00000238: JUMP 00000239: JUMPDEST 0000023a: POP 0000023b: POP 0000023c: POP 0000023d: JUMP 0000023e: JUMPDEST 0000023f: DUP2 00000240: EXTCODESIZE 00000241: DUP2 00000242: DUP2 00000243: PUSH2 0x0279 00000246: JUMPI 00000247: PUSH1 0x40 00000249: MLOAD 0000024a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000026b: DUP2 0000026c: MSTORE 0000026d: PUSH1 0x04 0000026f: ADD 00000270: PUSH2 0x003b 00000273: SWAP2 00000274: SWAP1 00000275: PUSH2 0x14ce 00000278: JUMP 00000279: JUMPDEST 0000027a: POP 0000027b: POP 0000027c: POP 0000027d: POP 0000027e: JUMP 0000027f: JUMPDEST 00000280: PUSH1 0x00 00000282: PUSH2 0x0289 00000285: PUSH2 0x010c 00000288: JUMP 00000289: JUMPDEST 0000028a: SWAP1 0000028b: POP 0000028c: PUSH1 0x00 0000028e: DUP3 0000028f: MLOAD 00000290: GT 00000291: PUSH2 0x02c6 00000294: JUMPI 00000295: PUSH1 0x40 00000297: MLOAD 00000298: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000002b9: DUP2 000002ba: MSTORE 000002bb: PUSH1 0x04 000002bd: ADD 000002be: PUSH2 0x003b 000002c1: SWAP1 000002c2: PUSH2 0x1515 000002c5: JUMP 000002c6: JUMPDEST 000002c7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002dc: DUP5 000002dd: AND 000002de: ISZERO 000002df: PUSH2 0x05a9 000002e2: JUMPI 000002e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002f8: DUP5 000002f9: AND 000002fa: PUSH1 0x00 000002fc: SWAP1 000002fd: DUP2 000002fe: MSTORE 000002ff: PUSH1 0x01 00000301: DUP1 00000302: DUP4 00000303: ADD 00000304: PUSH1 0x20 00000306: MSTORE 00000307: PUSH1 0x40 00000309: SWAP1 0000030a: SWAP2 0000030b: KECCAK256 0000030c: ADD 0000030d: SLOAD 0000030e: PUSH2 0xffff 00000311: AND 00000312: DUP1 00000313: ISZERO 00000314: DUP1 00000315: ISZERO 00000316: PUSH2 0x0344 00000319: JUMPI 0000031a: POP 0000031b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000330: DUP6 00000331: AND 00000332: PUSH1 0x00 00000334: SWAP1 00000335: DUP2 00000336: MSTORE 00000337: PUSH1 0x01 00000339: DUP4 0000033a: ADD 0000033b: PUSH1 0x20 0000033d: MSTORE 0000033e: PUSH1 0x40 00000340: SWAP1 00000341: KECCAK256 00000342: SLOAD 00000343: ISZERO 00000344: JUMPDEST 00000345: ISZERO 00000346: PUSH2 0x0402 00000349: JUMPI 0000034a: PUSH2 0x036b 0000034d: DUP6 0000034e: PUSH1 0x40 00000350: MLOAD 00000351: DUP1 00000352: PUSH1 0x60 00000354: ADD 00000355: PUSH1 0x40 00000357: MSTORE 00000358: DUP1 00000359: PUSH1 0x24 0000035b: DUP2 0000035c: MSTORE 0000035d: PUSH1 0x20 0000035f: ADD 00000360: PUSH2 0x16a2 00000363: PUSH1 0x24 00000365: SWAP2 00000366: CODECOPY 00000367: PUSH2 0x023e 0000036a: JUMP 0000036b: JUMPDEST 0000036c: POP 0000036d: PUSH1 0x02 0000036f: DUP2 00000370: ADD 00000371: DUP1 00000372: SLOAD 00000373: PUSH1 0x01 00000375: DUP1 00000376: DUP3 00000377: ADD 00000378: DUP4 00000379: SSTORE 0000037a: PUSH1 0x00 0000037c: SWAP3 0000037d: DUP4 0000037e: MSTORE 0000037f: PUSH1 0x20 00000381: DUP1 00000382: DUP5 00000383: KECCAK256 00000384: DUP4 00000385: ADD 00000386: DUP1 00000387: SLOAD 00000388: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 000003a9: AND 000003aa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003bf: DUP11 000003c0: AND 000003c1: SWAP1 000003c2: DUP2 000003c3: OR 000003c4: SWAP1 000003c5: SWAP2 000003c6: SSTORE 000003c7: DUP5 000003c8: MSTORE 000003c9: DUP2 000003ca: DUP6 000003cb: ADD 000003cc: SWAP1 000003cd: MSTORE 000003ce: PUSH1 0x40 000003d0: SWAP1 000003d1: SWAP3 000003d2: KECCAK256 000003d3: SWAP1 000003d4: SWAP2 000003d5: ADD 000003d6: DUP1 000003d7: SLOAD 000003d8: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000 000003f9: AND 000003fa: PUSH2 0xffff 000003fd: DUP4 000003fe: AND 000003ff: OR 00000400: SWAP1 00000401: SSTORE 00000402: JUMPDEST 00000403: PUSH1 0x00 00000405: JUMPDEST 00000406: DUP4 00000407: MLOAD 00000408: DUP2 00000409: LT 0000040a: ISZERO 0000040b: PUSH2 0x05a2 0000040e: JUMPI 0000040f: PUSH1 0x00 00000411: DUP5 00000412: DUP3 00000413: DUP2 00000414: MLOAD 00000415: DUP2 00000416: LT 00000417: PUSH2 0x041c 0000041a: JUMPI 0000041b: INVALID 0000041c: JUMPDEST 0000041d: PUSH1 0x20 0000041f: SWAP1 00000420: DUP2 00000421: MUL 00000422: SWAP2 00000423: SWAP1 00000424: SWAP2 00000425: ADD 00000426: DUP2 00000427: ADD 00000428: MLOAD 00000429: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 0000044a: DUP2 0000044b: AND 0000044c: PUSH1 0x00 0000044e: SWAP1 0000044f: DUP2 00000450: MSTORE 00000451: SWAP2 00000452: DUP7 00000453: SWAP1 00000454: MSTORE 00000455: PUSH1 0x40 00000457: DUP3 00000458: KECCAK256 00000459: SLOAD 0000045a: SWAP1 0000045b: SWAP3 0000045c: POP 0000045d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000472: AND 00000473: SWAP1 00000474: DUP8 00000475: PUSH1 0x02 00000477: DUP2 00000478: GT 00000479: ISZERO 0000047a: PUSH2 0x047f 0000047d: JUMPI 0000047e: INVALID 0000047f: JUMPDEST 00000480: EQ 00000481: ISZERO 00000482: PUSH2 0x04e2 00000485: JUMPI 00000486: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000049b: DUP2 0000049c: AND 0000049d: ISZERO 0000049e: PUSH2 0x04d3 000004a1: JUMPI 000004a2: PUSH1 0x40 000004a4: MLOAD 000004a5: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000004c6: DUP2 000004c7: MSTORE 000004c8: PUSH1 0x04 000004ca: ADD 000004cb: PUSH2 0x003b 000004ce: SWAP1 000004cf: PUSH2 0x1575 000004d2: JUMP 000004d3: JUMPDEST 000004d4: PUSH2 0x04dd 000004d7: DUP9 000004d8: DUP4 000004d9: PUSH2 0x0830 000004dc: JUMP 000004dd: JUMPDEST 000004de: PUSH2 0x0598 000004e1: JUMP 000004e2: JUMPDEST 000004e3: PUSH1 0x01 000004e5: DUP8 000004e6: PUSH1 0x02 000004e8: DUP2 000004e9: GT 000004ea: ISZERO 000004eb: PUSH2 0x04f0 000004ee: JUMPI 000004ef: INVALID 000004f0: JUMPDEST 000004f1: EQ 000004f2: ISZERO 000004f3: PUSH2 0x0566 000004f6: JUMPI 000004f7: DUP8 000004f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000050d: AND 0000050e: DUP2 0000050f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000524: AND 00000525: EQ 00000526: ISZERO 00000527: PUSH2 0x055c 0000052a: JUMPI 0000052b: PUSH1 0x40 0000052d: MLOAD 0000052e: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000054f: DUP2 00000550: MSTORE 00000551: PUSH1 0x04 00000553: ADD 00000554: PUSH2 0x003b 00000557: SWAP1 00000558: PUSH2 0x1595 0000055b: JUMP 0000055c: JUMPDEST 0000055d: PUSH2 0x04d3 00000560: DUP2 00000561: DUP4 00000562: PUSH2 0x093d 00000565: JUMP 00000566: JUMPDEST 00000567: PUSH1 0x40 00000569: MLOAD 0000056a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000058b: DUP2 0000058c: MSTORE 0000058d: PUSH1 0x04 0000058f: ADD 00000590: PUSH2 0x003b 00000593: SWAP1 00000594: PUSH2 0x1535 00000597: JUMP 00000598: JUMPDEST 00000599: POP 0000059a: POP 0000059b: PUSH1 0x01 0000059d: ADD 0000059e: PUSH2 0x0405 000005a1: JUMP 000005a2: JUMPDEST 000005a3: POP 000005a4: POP 000005a5: PUSH2 0x0279 000005a8: JUMP 000005a9: JUMPDEST 000005aa: PUSH1 0x02 000005ac: DUP4 000005ad: PUSH1 0x02 000005af: DUP2 000005b0: GT 000005b1: ISZERO 000005b2: PUSH2 0x05b7 000005b5: JUMPI 000005b6: INVALID 000005b7: JUMPDEST 000005b8: EQ 000005b9: PUSH2 0x05ee 000005bc: JUMPI 000005bd: PUSH1 0x40 000005bf: MLOAD 000005c0: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000005e1: DUP2 000005e2: MSTORE 000005e3: PUSH1 0x04 000005e5: ADD 000005e6: PUSH2 0x003b 000005e9: SWAP1 000005ea: PUSH2 0x1525 000005ed: JUMP 000005ee: JUMPDEST 000005ef: PUSH1 0x00 000005f1: JUMPDEST 000005f2: DUP3 000005f3: MLOAD 000005f4: DUP2 000005f5: LT 000005f6: ISZERO 000005f7: PUSH2 0x0672 000005fa: JUMPI 000005fb: PUSH1 0x00 000005fd: DUP4 000005fe: DUP3 000005ff: DUP2 00000600: MLOAD 00000601: DUP2 00000602: LT 00000603: PUSH2 0x0608 00000606: JUMPI 00000607: INVALID 00000608: JUMPDEST 00000609: PUSH1 0x20 0000060b: SWAP1 0000060c: DUP2 0000060d: MUL 0000060e: SWAP2 0000060f: SWAP1 00000610: SWAP2 00000611: ADD 00000612: DUP2 00000613: ADD 00000614: MLOAD 00000615: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000636: DUP2 00000637: AND 00000638: PUSH1 0x00 0000063a: SWAP1 0000063b: DUP2 0000063c: MSTORE 0000063d: SWAP2 0000063e: DUP6 0000063f: SWAP1 00000640: MSTORE 00000641: PUSH1 0x40 00000643: SWAP1 00000644: SWAP2 00000645: KECCAK256 00000646: SLOAD 00000647: SWAP1 00000648: SWAP2 00000649: POP 0000064a: PUSH2 0x0669 0000064d: SWAP1 0000064e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000663: AND 00000664: DUP3 00000665: PUSH2 0x093d 00000668: JUMP 00000669: JUMPDEST 0000066a: POP 0000066b: PUSH1 0x01 0000066d: ADD 0000066e: PUSH2 0x05f1 00000671: JUMP 00000672: JUMPDEST 00000673: POP 00000674: POP 00000675: POP 00000676: POP 00000677: POP 00000678: JUMP 00000679: JUMPDEST 0000067a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000068f: DUP3 00000690: AND 00000691: PUSH2 0x06d2 00000694: JUMPI 00000695: DUP1 00000696: MLOAD 00000697: ISZERO 00000698: PUSH2 0x06cd 0000069b: JUMPI 0000069c: PUSH1 0x40 0000069e: MLOAD 0000069f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000006c0: DUP2 000006c1: MSTORE 000006c2: PUSH1 0x04 000006c4: ADD 000006c5: PUSH2 0x003b 000006c8: SWAP1 000006c9: PUSH2 0x14df 000006cc: JUMP 000006cd: JUMPDEST 000006ce: PUSH2 0x082c 000006d1: JUMP 000006d2: JUMPDEST 000006d3: PUSH1 0x00 000006d5: DUP2 000006d6: MLOAD 000006d7: GT 000006d8: PUSH2 0x070d 000006db: JUMPI 000006dc: PUSH1 0x40 000006de: MLOAD 000006df: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000700: DUP2 00000701: MSTORE 00000702: PUSH1 0x04 00000704: ADD 00000705: PUSH2 0x003b 00000708: SWAP1 00000709: PUSH2 0x1555 0000070c: JUMP 0000070d: JUMPDEST 0000070e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000723: DUP3 00000724: AND 00000725: ADDRESS 00000726: EQ 00000727: PUSH2 0x074c 0000072a: JUMPI 0000072b: PUSH2 0x074c 0000072e: DUP3 0000072f: PUSH1 0x40 00000731: MLOAD 00000732: DUP1 00000733: PUSH1 0x60 00000735: ADD 00000736: PUSH1 0x40 00000738: MSTORE 00000739: DUP1 0000073a: PUSH1 0x28 0000073c: DUP2 0000073d: MSTORE 0000073e: PUSH1 0x20 00000740: ADD 00000741: PUSH2 0x167a 00000744: PUSH1 0x28 00000746: SWAP2 00000747: CODECOPY 00000748: PUSH2 0x023e 0000074b: JUMP 0000074c: JUMPDEST 0000074d: PUSH1 0x00 0000074f: PUSH1 0x60 00000751: DUP4 00000752: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000767: AND 00000768: DUP4 00000769: PUSH1 0x40 0000076b: MLOAD 0000076c: PUSH2 0x0775 0000076f: SWAP2 00000770: SWAP1 00000771: PUSH2 0x1490 00000774: JUMP 00000775: JUMPDEST 00000776: PUSH1 0x00 00000778: PUSH1 0x40 0000077a: MLOAD 0000077b: DUP1 0000077c: DUP4 0000077d: SUB 0000077e: DUP2 0000077f: DUP6 00000780: GAS 00000781: DELEGATECALL 00000782: SWAP2 00000783: POP 00000784: POP 00000785: RETURNDATASIZE 00000786: DUP1 00000787: PUSH1 0x00 00000789: DUP2 0000078a: EQ 0000078b: PUSH2 0x07b0 0000078e: JUMPI 0000078f: PUSH1 0x40 00000791: MLOAD 00000792: SWAP2 00000793: POP 00000794: PUSH1 0x1f 00000796: NOT 00000797: PUSH1 0x3f 00000799: RETURNDATASIZE 0000079a: ADD 0000079b: AND 0000079c: DUP3 0000079d: ADD 0000079e: PUSH1 0x40 000007a0: MSTORE 000007a1: RETURNDATASIZE 000007a2: DUP3 000007a3: MSTORE 000007a4: RETURNDATASIZE 000007a5: PUSH1 0x00 000007a7: PUSH1 0x20 000007a9: DUP5 000007aa: ADD 000007ab: RETURNDATACOPY 000007ac: PUSH2 0x07b5 000007af: JUMP 000007b0: JUMPDEST 000007b1: PUSH1 0x60 000007b3: SWAP2 000007b4: POP 000007b5: JUMPDEST 000007b6: POP 000007b7: SWAP2 000007b8: POP 000007b9: SWAP2 000007ba: POP 000007bb: DUP2 000007bc: PUSH2 0x0279 000007bf: JUMPI 000007c0: DUP1 000007c1: MLOAD 000007c2: ISZERO 000007c3: PUSH2 0x07fa 000007c6: JUMPI 000007c7: DUP1 000007c8: PUSH1 0x40 000007ca: MLOAD 000007cb: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000007ec: DUP2 000007ed: MSTORE 000007ee: PUSH1 0x04 000007f0: ADD 000007f1: PUSH2 0x003b 000007f4: SWAP2 000007f5: SWAP1 000007f6: PUSH2 0x14ce 000007f9: JUMP 000007fa: JUMPDEST 000007fb: PUSH1 0x40 000007fd: MLOAD 000007fe: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000081f: DUP2 00000820: MSTORE 00000821: PUSH1 0x04 00000823: ADD 00000824: PUSH2 0x003b 00000827: SWAP1 00000828: PUSH2 0x14f5 0000082b: JUMP 0000082c: JUMPDEST 0000082d: POP 0000082e: POP 0000082f: JUMP 00000830: JUMPDEST 00000831: PUSH1 0x00 00000833: PUSH2 0x083a 00000836: PUSH2 0x010c 00000839: JUMP 0000083a: JUMPDEST 0000083b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000850: SWAP4 00000851: SWAP1 00000852: SWAP4 00000853: AND 00000854: PUSH1 0x00 00000856: DUP2 00000857: DUP2 00000858: MSTORE 00000859: PUSH1 0x01 0000085b: DUP1 0000085c: DUP7 0000085d: ADD 0000085e: PUSH1 0x20 00000860: SWAP1 00000861: DUP2 00000862: MSTORE 00000863: PUSH1 0x40 00000865: DUP1 00000866: DUP5 00000867: KECCAK256 00000868: DUP1 00000869: SLOAD 0000086a: SWAP4 0000086b: DUP5 0000086c: ADD 0000086d: DUP2 0000086e: SSTORE 0000086f: DUP5 00000870: MSTORE 00000871: DUP2 00000872: DUP5 00000873: KECCAK256 00000874: PUSH1 0x08 00000876: DUP5 00000877: DIV 00000878: ADD 00000879: DUP1 0000087a: SLOAD 0000087b: PUSH4 0xffffffff 00000880: PUSH1 0x07 00000882: DUP7 00000883: AND 00000884: PUSH1 0x04 00000886: MUL 00000887: PUSH2 0x0100 0000088a: EXP 0000088b: SWAP1 0000088c: DUP2 0000088d: MUL 0000088e: NOT 0000088f: SWAP1 00000890: SWAP2 00000891: AND 00000892: PUSH1 0xe0 00000894: DUP11 00000895: SWAP1 00000896: SHR 00000897: SWAP2 00000898: SWAP1 00000899: SWAP2 0000089a: MUL 0000089b: OR 0000089c: SWAP1 0000089d: SSTORE 0000089e: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 000008bf: SWAP1 000008c0: SWAP7 000008c1: AND 000008c2: DUP4 000008c3: MSTORE 000008c4: SWAP6 000008c5: SWAP1 000008c6: SWAP6 000008c7: MSTORE 000008c8: SWAP3 000008c9: SWAP1 000008ca: SWAP3 000008cb: KECCAK256 000008cc: DUP1 000008cd: SLOAD 000008ce: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 000008ef: AND 000008f0: SWAP1 000008f1: SWAP3 000008f2: OR 000008f3: PUSH32 0xffffffffffffffffffff0000ffffffffffffffffffffffffffffffffffffffff 00000914: AND 00000915: PUSH21 0x010000000000000000000000000000000000000000 0000092b: PUSH2 0xffff 0000092e: SWAP1 0000092f: SWAP5 00000930: AND 00000931: SWAP4 00000932: SWAP1 00000933: SWAP4 00000934: MUL 00000935: SWAP3 00000936: SWAP1 00000937: SWAP3 00000938: OR 00000939: SWAP1 0000093a: SSTORE 0000093b: POP 0000093c: JUMP 0000093d: JUMPDEST 0000093e: PUSH1 0x00 00000940: PUSH2 0x0947 00000943: PUSH2 0x010c 00000946: JUMP 00000947: JUMPDEST 00000948: SWAP1 00000949: POP 0000094a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000095f: DUP4 00000960: AND 00000961: PUSH2 0x0996 00000964: JUMPI 00000965: PUSH1 0x40 00000967: MLOAD 00000968: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000989: DUP2 0000098a: MSTORE 0000098b: PUSH1 0x04 0000098d: ADD 0000098e: PUSH2 0x003b 00000991: SWAP1 00000992: PUSH2 0x1585 00000995: JUMP 00000996: JUMPDEST 00000997: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 000009b8: DUP3 000009b9: AND 000009ba: PUSH1 0x00 000009bc: SWAP1 000009bd: DUP2 000009be: MSTORE 000009bf: PUSH1 0x20 000009c1: DUP3 000009c2: DUP2 000009c3: MSTORE 000009c4: PUSH1 0x40 000009c6: DUP1 000009c7: DUP4 000009c8: KECCAK256 000009c9: SLOAD 000009ca: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009df: DUP8 000009e0: AND 000009e1: DUP5 000009e2: MSTORE 000009e3: PUSH1 0x01 000009e5: DUP6 000009e6: ADD 000009e7: SWAP1 000009e8: SWAP3 000009e9: MSTORE 000009ea: DUP3 000009eb: KECCAK256 000009ec: DUP1 000009ed: SLOAD 000009ee: PUSH21 0x010000000000000000000000000000000000000000 00000a04: SWAP1 00000a05: SWAP3 00000a06: DIV 00000a07: PUSH2 0xffff 00000a0a: AND 00000a0b: SWAP3 00000a0c: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000a2d: DUP4 00000a2e: ADD 00000a2f: SWAP3 00000a30: SWAP1 00000a31: SWAP2 00000a32: SWAP1 00000a33: DUP4 00000a34: SWAP1 00000a35: DUP2 00000a36: LT 00000a37: PUSH2 0x0a3c 00000a3a: JUMPI 00000a3b: INVALID 00000a3c: JUMPDEST 00000a3d: SWAP1 00000a3e: PUSH1 0x00 00000a40: MSTORE 00000a41: PUSH1 0x20 00000a43: PUSH1 0x00 00000a45: KECCAK256 00000a46: SWAP1 00000a47: PUSH1 0x08 00000a49: SWAP2 00000a4a: DUP3 00000a4b: DUP3 00000a4c: DIV 00000a4d: ADD 00000a4e: SWAP2 00000a4f: SWAP1 00000a50: MOD 00000a51: PUSH1 0x04 00000a53: MUL 00000a54: SWAP1 00000a55: SLOAD 00000a56: SWAP1 00000a57: PUSH2 0x0100 00000a5a: EXP 00000a5b: SWAP1 00000a5c: DIV 00000a5d: PUSH1 0xe0 00000a5f: SHL 00000a60: SWAP1 00000a61: POP 00000a62: DUP5 00000a63: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000a80: NOT 00000a81: AND 00000a82: DUP2 00000a83: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000aa0: NOT 00000aa1: AND 00000aa2: EQ 00000aa3: PUSH2 0x0b84 00000aa6: JUMPI 00000aa7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000abc: DUP7 00000abd: AND 00000abe: PUSH1 0x00 00000ac0: SWAP1 00000ac1: DUP2 00000ac2: MSTORE 00000ac3: PUSH1 0x01 00000ac5: DUP6 00000ac6: ADD 00000ac7: PUSH1 0x20 00000ac9: MSTORE 00000aca: PUSH1 0x40 00000acc: SWAP1 00000acd: KECCAK256 00000ace: DUP1 00000acf: SLOAD 00000ad0: DUP3 00000ad1: SWAP2 00000ad2: SWAP1 00000ad3: DUP6 00000ad4: SWAP1 00000ad5: DUP2 00000ad6: LT 00000ad7: PUSH2 0x0adc 00000ada: JUMPI 00000adb: INVALID 00000adc: JUMPDEST 00000add: PUSH1 0x00 00000adf: SWAP2 00000ae0: DUP3 00000ae1: MSTORE 00000ae2: PUSH1 0x20 00000ae4: DUP1 00000ae5: DUP4 00000ae6: KECCAK256 00000ae7: PUSH1 0x08 00000ae9: DUP4 00000aea: DIV 00000aeb: ADD 00000aec: DUP1 00000aed: SLOAD 00000aee: PUSH4 0xffffffff 00000af3: PUSH1 0x07 00000af5: SWAP1 00000af6: SWAP5 00000af7: AND 00000af8: PUSH1 0x04 00000afa: MUL 00000afb: PUSH2 0x0100 00000afe: EXP 00000aff: SWAP4 00000b00: DUP5 00000b01: MUL 00000b02: NOT 00000b03: AND 00000b04: PUSH1 0xe0 00000b06: SWAP6 00000b07: SWAP1 00000b08: SWAP6 00000b09: SHR 00000b0a: SWAP3 00000b0b: SWAP1 00000b0c: SWAP3 00000b0d: MUL 00000b0e: SWAP4 00000b0f: SWAP1 00000b10: SWAP4 00000b11: OR 00000b12: SWAP1 00000b13: SSTORE 00000b14: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000b35: DUP4 00000b36: AND 00000b37: DUP2 00000b38: MSTORE 00000b39: SWAP1 00000b3a: DUP6 00000b3b: SWAP1 00000b3c: MSTORE 00000b3d: PUSH1 0x40 00000b3f: SWAP1 00000b40: KECCAK256 00000b41: DUP1 00000b42: SLOAD 00000b43: PUSH32 0xffffffffffffffffffff0000ffffffffffffffffffffffffffffffffffffffff 00000b64: AND 00000b65: PUSH21 0x010000000000000000000000000000000000000000 00000b7b: PUSH2 0xffff 00000b7e: DUP7 00000b7f: AND 00000b80: MUL 00000b81: OR 00000b82: SWAP1 00000b83: SSTORE 00000b84: JUMPDEST 00000b85: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b9a: DUP7 00000b9b: AND 00000b9c: PUSH1 0x00 00000b9e: SWAP1 00000b9f: DUP2 00000ba0: MSTORE 00000ba1: PUSH1 0x01 00000ba3: DUP6 00000ba4: ADD 00000ba5: PUSH1 0x20 00000ba7: MSTORE 00000ba8: PUSH1 0x40 00000baa: SWAP1 00000bab: KECCAK256 00000bac: DUP1 00000bad: SLOAD 00000bae: DUP1 00000baf: PUSH2 0x0bb4 00000bb2: JUMPI 00000bb3: INVALID 00000bb4: JUMPDEST 00000bb5: PUSH1 0x00 00000bb7: DUP3 00000bb8: DUP2 00000bb9: MSTORE 00000bba: PUSH1 0x20 00000bbc: DUP1 00000bbd: DUP3 00000bbe: KECCAK256 00000bbf: PUSH1 0x08 00000bc1: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000be2: SWAP1 00000be3: SWAP5 00000be4: ADD 00000be5: SWAP4 00000be6: DUP5 00000be7: DIV 00000be8: ADD 00000be9: DUP1 00000bea: SLOAD 00000beb: PUSH4 0xffffffff 00000bf0: PUSH1 0x04 00000bf2: PUSH1 0x07 00000bf4: DUP8 00000bf5: AND 00000bf6: MUL 00000bf7: PUSH2 0x0100 00000bfa: EXP 00000bfb: MUL 00000bfc: NOT 00000bfd: AND 00000bfe: SWAP1 00000bff: SSTORE 00000c00: SWAP2 00000c01: SWAP1 00000c02: SWAP3 00000c03: SSTORE 00000c04: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000c25: DUP8 00000c26: AND 00000c27: DUP3 00000c28: MSTORE 00000c29: DUP6 00000c2a: SWAP1 00000c2b: MSTORE 00000c2c: PUSH1 0x40 00000c2e: SWAP1 00000c2f: KECCAK256 00000c30: DUP1 00000c31: SLOAD 00000c32: PUSH32 0xffffffffffffffffffff00000000000000000000000000000000000000000000 00000c53: AND 00000c54: SWAP1 00000c55: SSTORE 00000c56: DUP2 00000c57: PUSH2 0x0e3b 00000c5a: JUMPI 00000c5b: PUSH1 0x02 00000c5d: DUP5 00000c5e: ADD 00000c5f: DUP1 00000c60: SLOAD 00000c61: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000c82: DUP2 00000c83: ADD 00000c84: SWAP2 00000c85: PUSH1 0x00 00000c87: SWAP2 00000c88: DUP4 00000c89: SWAP1 00000c8a: DUP2 00000c8b: LT 00000c8c: PUSH2 0x0c91 00000c8f: JUMPI 00000c90: INVALID 00000c91: JUMPDEST 00000c92: PUSH1 0x00 00000c94: SWAP2 00000c95: DUP3 00000c96: MSTORE 00000c97: PUSH1 0x20 00000c99: DUP1 00000c9a: DUP4 00000c9b: KECCAK256 00000c9c: SWAP1 00000c9d: SWAP2 00000c9e: ADD 00000c9f: SLOAD 00000ca0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000cb5: DUP12 00000cb6: DUP2 00000cb7: AND 00000cb8: DUP1 00000cb9: DUP6 00000cba: MSTORE 00000cbb: PUSH1 0x01 00000cbd: DUP12 00000cbe: DUP2 00000cbf: ADD 00000cc0: SWAP1 00000cc1: SWAP5 00000cc2: MSTORE 00000cc3: PUSH1 0x40 00000cc5: SWAP1 00000cc6: SWAP5 00000cc7: KECCAK256 00000cc8: SWAP1 00000cc9: SWAP3 00000cca: ADD 00000ccb: SLOAD 00000ccc: SWAP2 00000ccd: AND 00000cce: SWAP3 00000ccf: POP 00000cd0: PUSH2 0xffff 00000cd3: AND 00000cd4: SWAP1 00000cd5: DUP3 00000cd6: EQ 00000cd7: PUSH2 0x0d76 00000cda: JUMPI 00000cdb: DUP2 00000cdc: DUP8 00000cdd: PUSH1 0x02 00000cdf: ADD 00000ce0: DUP3 00000ce1: DUP2 00000ce2: SLOAD 00000ce3: DUP2 00000ce4: LT 00000ce5: PUSH2 0x0cea 00000ce8: JUMPI 00000ce9: INVALID 00000cea: JUMPDEST 00000ceb: PUSH1 0x00 00000ced: SWAP2 00000cee: DUP3 00000cef: MSTORE 00000cf0: PUSH1 0x20 00000cf2: DUP1 00000cf3: DUP4 00000cf4: KECCAK256 00000cf5: SWAP2 00000cf6: SWAP1 00000cf7: SWAP2 00000cf8: ADD 00000cf9: DUP1 00000cfa: SLOAD 00000cfb: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 00000d1c: AND 00000d1d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000d32: SWAP5 00000d33: DUP6 00000d34: AND 00000d35: OR 00000d36: SWAP1 00000d37: SSTORE 00000d38: SWAP2 00000d39: DUP5 00000d3a: AND 00000d3b: DUP2 00000d3c: MSTORE 00000d3d: PUSH1 0x01 00000d3f: DUP10 00000d40: DUP2 00000d41: ADD 00000d42: SWAP1 00000d43: SWAP3 00000d44: MSTORE 00000d45: PUSH1 0x40 00000d47: SWAP1 00000d48: KECCAK256 00000d49: ADD 00000d4a: DUP1 00000d4b: SLOAD 00000d4c: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000 00000d6d: AND 00000d6e: PUSH2 0xffff 00000d71: DUP4 00000d72: AND 00000d73: OR 00000d74: SWAP1 00000d75: SSTORE 00000d76: JUMPDEST 00000d77: DUP7 00000d78: PUSH1 0x02 00000d7a: ADD 00000d7b: DUP1 00000d7c: SLOAD 00000d7d: DUP1 00000d7e: PUSH2 0x0d83 00000d81: JUMPI 00000d82: INVALID 00000d83: JUMPDEST 00000d84: PUSH1 0x00 00000d86: DUP3 00000d87: DUP2 00000d88: MSTORE 00000d89: PUSH1 0x20 00000d8b: DUP1 00000d8c: DUP3 00000d8d: KECCAK256 00000d8e: DUP4 00000d8f: ADD 00000d90: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000db1: SWAP1 00000db2: DUP2 00000db3: ADD 00000db4: DUP1 00000db5: SLOAD 00000db6: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 00000dd7: AND 00000dd8: SWAP1 00000dd9: SSTORE 00000dda: SWAP1 00000ddb: SWAP3 00000ddc: ADD 00000ddd: SWAP1 00000dde: SWAP3 00000ddf: SSTORE 00000de0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000df5: DUP12 00000df6: AND 00000df7: DUP3 00000df8: MSTORE 00000df9: PUSH1 0x01 00000dfb: DUP10 00000dfc: ADD 00000dfd: SWAP1 00000dfe: MSTORE 00000dff: PUSH1 0x40 00000e01: DUP2 00000e02: KECCAK256 00000e03: SWAP1 00000e04: PUSH2 0x0e0d 00000e07: DUP3 00000e08: DUP3 00000e09: PUSH2 0x0e43 00000e0c: JUMP 00000e0d: JUMPDEST 00000e0e: POP 00000e0f: PUSH1 0x01 00000e11: ADD 00000e12: DUP1 00000e13: SLOAD 00000e14: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000 00000e35: AND 00000e36: SWAP1 00000e37: SSTORE 00000e38: POP 00000e39: POP 00000e3a: POP 00000e3b: JUMPDEST 00000e3c: POP 00000e3d: POP 00000e3e: POP 00000e3f: POP 00000e40: POP 00000e41: POP 00000e42: JUMP 00000e43: JUMPDEST 00000e44: POP 00000e45: DUP1 00000e46: SLOAD 00000e47: PUSH1 0x00 00000e49: DUP3 00000e4a: SSTORE 00000e4b: PUSH1 0x07 00000e4d: ADD 00000e4e: PUSH1 0x08 00000e50: SWAP1 00000e51: DIV 00000e52: SWAP1 00000e53: PUSH1 0x00 00000e55: MSTORE 00000e56: PUSH1 0x20 00000e58: PUSH1 0x00 00000e5a: KECCAK256 00000e5b: SWAP1 00000e5c: DUP2 00000e5d: ADD 00000e5e: SWAP1 00000e5f: PUSH2 0x0e68 00000e62: SWAP2 00000e63: SWAP1 00000e64: PUSH2 0x0e6b 00000e67: JUMP 00000e68: JUMPDEST 00000e69: POP 00000e6a: JUMP 00000e6b: JUMPDEST 00000e6c: JUMPDEST 00000e6d: DUP1 00000e6e: DUP3 00000e6f: GT 00000e70: ISZERO 00000e71: PUSH2 0x0e80 00000e74: JUMPI 00000e75: PUSH1 0x00 00000e77: DUP2 00000e78: SSTORE 00000e79: PUSH1 0x01 00000e7b: ADD 00000e7c: PUSH2 0x0e6c 00000e7f: JUMP 00000e80: JUMPDEST 00000e81: POP 00000e82: SWAP1 00000e83: JUMP 00000e84: JUMPDEST 00000e85: PUSH1 0x00 00000e87: PUSH2 0x0e90 00000e8a: DUP4 00000e8b: DUP4 00000e8c: PUSH2 0x0f81 00000e8f: JUMP 00000e90: JUMPDEST 00000e91: POP 00000e92: POP 00000e93: PUSH1 0x20 00000e95: ADD 00000e96: SWAP1 00000e97: JUMP 00000e98: JUMPDEST 00000e99: PUSH1 0x00 00000e9b: PUSH2 0x0ea4 00000e9e: DUP4 00000e9f: DUP4 00000ea0: PUSH2 0x1448 00000ea3: JUMP 00000ea4: JUMPDEST 00000ea5: SWAP4 00000ea6: SWAP3 00000ea7: POP 00000ea8: POP 00000ea9: POP 00000eaa: JUMP 00000eab: JUMPDEST 00000eac: PUSH2 0x0eb4 00000eaf: DUP2 00000eb0: PUSH2 0x15bd 00000eb3: JUMP 00000eb4: JUMPDEST 00000eb5: DUP3 00000eb6: MSTORE 00000eb7: POP 00000eb8: POP 00000eb9: JUMP 00000eba: JUMPDEST 00000ebb: PUSH1 0x00 00000ebd: PUSH2 0x0ec5 00000ec0: DUP3 00000ec1: PUSH2 0x15ab 00000ec4: JUMP 00000ec5: JUMPDEST 00000ec6: PUSH2 0x0ecf 00000ec9: DUP2 00000eca: DUP6 00000ecb: PUSH2 0x15af 00000ece: JUMP 00000ecf: JUMPDEST 00000ed0: SWAP4 00000ed1: POP 00000ed2: PUSH2 0x0eda 00000ed5: DUP4 00000ed6: PUSH2 0x15a5 00000ed9: JUMP 00000eda: JUMPDEST 00000edb: DUP1 00000edc: PUSH1 0x00 00000ede: JUMPDEST 00000edf: DUP4 00000ee0: DUP2 00000ee1: LT 00000ee2: ISZERO 00000ee3: PUSH2 0x0f08 00000ee6: JUMPI 00000ee7: DUP2 00000ee8: MLOAD 00000ee9: PUSH2 0x0ef2 00000eec: DUP9 00000eed: DUP3 00000eee: PUSH2 0x0e84 00000ef1: JUMP 00000ef2: JUMPDEST 00000ef3: SWAP8 00000ef4: POP 00000ef5: PUSH2 0x0efd 00000ef8: DUP4 00000ef9: PUSH2 0x15a5 00000efc: JUMP 00000efd: JUMPDEST 00000efe: SWAP3 00000eff: POP 00000f00: POP 00000f01: PUSH1 0x01 00000f03: ADD 00000f04: PUSH2 0x0ede 00000f07: JUMP 00000f08: JUMPDEST 00000f09: POP 00000f0a: SWAP5 00000f0b: SWAP6 00000f0c: SWAP5 00000f0d: POP 00000f0e: POP 00000f0f: POP 00000f10: POP 00000f11: POP 00000f12: JUMP 00000f13: JUMPDEST 00000f14: PUSH1 0x00 00000f16: PUSH2 0x0f1e 00000f19: DUP3 00000f1a: PUSH2 0x15ab 00000f1d: JUMP 00000f1e: JUMPDEST 00000f1f: PUSH2 0x0f28 00000f22: DUP2 00000f23: DUP6 00000f24: PUSH2 0x15af 00000f27: JUMP 00000f28: JUMPDEST 00000f29: SWAP4 00000f2a: POP 00000f2b: DUP4 00000f2c: PUSH1 0x20 00000f2e: DUP3 00000f2f: MUL 00000f30: DUP6 00000f31: ADD 00000f32: PUSH2 0x0f3a 00000f35: DUP6 00000f36: PUSH2 0x15a5 00000f39: JUMP 00000f3a: JUMPDEST 00000f3b: DUP1 00000f3c: PUSH1 0x00 00000f3e: JUMPDEST 00000f3f: DUP6 00000f40: DUP2 00000f41: LT 00000f42: ISZERO 00000f43: PUSH2 0x0f74 00000f46: JUMPI 00000f47: DUP5 00000f48: DUP5 00000f49: SUB 00000f4a: DUP10 00000f4b: MSTORE 00000f4c: DUP2 00000f4d: MLOAD 00000f4e: PUSH2 0x0f57 00000f51: DUP6 00000f52: DUP3 00000f53: PUSH2 0x0e98 00000f56: JUMP 00000f57: JUMPDEST 00000f58: SWAP5 00000f59: POP 00000f5a: PUSH2 0x0f62 00000f5d: DUP4 00000f5e: PUSH2 0x15a5 00000f61: JUMP 00000f62: JUMPDEST 00000f63: PUSH1 0x20 00000f65: SWAP11 00000f66: SWAP1 00000f67: SWAP11 00000f68: ADD 00000f69: SWAP10 00000f6a: SWAP3 00000f6b: POP 00000f6c: POP 00000f6d: PUSH1 0x01 00000f6f: ADD 00000f70: PUSH2 0x0f3e 00000f73: JUMP 00000f74: JUMPDEST 00000f75: POP 00000f76: SWAP2 00000f77: SWAP8 00000f78: SWAP7 00000f79: POP 00000f7a: POP 00000f7b: POP 00000f7c: POP 00000f7d: POP 00000f7e: POP 00000f7f: POP 00000f80: JUMP 00000f81: JUMPDEST 00000f82: PUSH2 0x0eb4 00000f85: DUP2 00000f86: PUSH2 0x15c8 00000f89: JUMP 00000f8a: JUMPDEST 00000f8b: PUSH1 0x00 00000f8d: PUSH2 0x0f95 00000f90: DUP3 00000f91: PUSH2 0x15ab 00000f94: JUMP 00000f95: JUMPDEST 00000f96: PUSH2 0x0f9f 00000f99: DUP2 00000f9a: DUP6 00000f9b: PUSH2 0x15af 00000f9e: JUMP 00000f9f: JUMPDEST 00000fa0: SWAP4 00000fa1: POP 00000fa2: PUSH2 0x0faf 00000fa5: DUP2 00000fa6: DUP6 00000fa7: PUSH1 0x20 00000fa9: DUP7 00000faa: ADD 00000fab: PUSH2 0x161b 00000fae: JUMP 00000faf: JUMPDEST 00000fb0: PUSH2 0x0fb8 00000fb3: DUP2 00000fb4: PUSH2 0x1647 00000fb7: JUMP 00000fb8: JUMPDEST 00000fb9: SWAP1 00000fba: SWAP4 00000fbb: ADD 00000fbc: SWAP4 00000fbd: SWAP3 00000fbe: POP 00000fbf: POP 00000fc0: POP 00000fc1: JUMP 00000fc2: JUMPDEST 00000fc3: PUSH1 0x00 00000fc5: PUSH2 0x0fcd 00000fc8: DUP3 00000fc9: PUSH2 0x15ab 00000fcc: JUMP 00000fcd: JUMPDEST 00000fce: PUSH2 0x0fd7 00000fd1: DUP2 00000fd2: DUP6 00000fd3: PUSH2 0x15b8 00000fd6: JUMP 00000fd7: JUMPDEST 00000fd8: SWAP4 00000fd9: POP 00000fda: PUSH2 0x0fe7 00000fdd: DUP2 00000fde: DUP6 00000fdf: PUSH1 0x20 00000fe1: DUP7 00000fe2: ADD 00000fe3: PUSH2 0x161b 00000fe6: JUMP 00000fe7: JUMPDEST 00000fe8: SWAP3 00000fe9: SWAP1 00000fea: SWAP3 00000feb: ADD 00000fec: SWAP3 00000fed: SWAP2 00000fee: POP 00000fef: POP 00000ff0: JUMP 00000ff1: JUMPDEST 00000ff2: PUSH2 0x0eb4 00000ff5: DUP2 00000ff6: PUSH2 0x1610 00000ff9: JUMP 00000ffa: JUMPDEST 00000ffb: PUSH1 0x00 00000ffd: PUSH2 0x1007 00001000: PUSH1 0x3c 00001002: DUP4 00001003: PUSH2 0x15af 00001006: JUMP 00001007: JUMPDEST 00001008: PUSH32 0x4c69624469616d6f6e644375743a205f696e6974206973206164647265737328 00001029: DUP2 0000102a: MSTORE 0000102b: PUSH32 0x3029206275745f63616c6c64617461206973206e6f7420656d70747900000000 0000104c: PUSH1 0x20 0000104e: DUP3 0000104f: ADD 00001050: MSTORE 00001051: PUSH1 0x40 00001053: ADD 00001054: SWAP3 00001055: SWAP2 00001056: POP 00001057: POP 00001058: JUMP 00001059: JUMPDEST 0000105a: PUSH1 0x00 0000105c: PUSH2 0x1066 0000105f: PUSH1 0x26 00001061: DUP4 00001062: PUSH2 0x15af 00001065: JUMP 00001066: JUMPDEST 00001067: PUSH32 0x4c69624469616d6f6e644375743a205f696e69742066756e6374696f6e207265 00001088: DUP2 00001089: MSTORE 0000108a: PUSH32 0x7665727465640000000000000000000000000000000000000000000000000000 000010ab: PUSH1 0x20 000010ad: DUP3 000010ae: ADD 000010af: MSTORE 000010b0: PUSH1 0x40 000010b2: ADD 000010b3: SWAP3 000010b4: SWAP2 000010b5: POP 000010b6: POP 000010b7: JUMP 000010b8: JUMPDEST 000010b9: PUSH1 0x00 000010bb: PUSH2 0x10c5 000010be: PUSH1 0x18 000010c0: DUP4 000010c1: PUSH2 0x15af 000010c4: JUMP 000010c5: JUMPDEST 000010c6: PUSH32 0x46756e6374696f6e20646f6573206e6f742065786973742e0000000000000000 000010e7: DUP2 000010e8: MSTORE 000010e9: PUSH1 0x20 000010eb: ADD 000010ec: SWAP3 000010ed: SWAP2 000010ee: POP 000010ef: POP 000010f0: JUMP 000010f1: JUMPDEST 000010f2: PUSH1 0x00 000010f4: PUSH2 0x10fe 000010f7: PUSH1 0x2b 000010f9: DUP4 000010fa: PUSH2 0x15af 000010fd: JUMP 000010fe: JUMPDEST 000010ff: PUSH32 0x4c69624469616d6f6e644375743a204e6f2073656c6563746f727320696e2066 00001120: DUP2 00001121: MSTORE 00001122: PUSH32 0x6163657420746f20637574000000000000000000000000000000000000000000 00001143: PUSH1 0x20 00001145: DUP3 00001146: ADD 00001147: MSTORE 00001148: PUSH1 0x40 0000114a: ADD 0000114b: SWAP3 0000114c: SWAP2 0000114d: POP 0000114e: POP 0000114f: JUMP 00001150: JUMPDEST 00001151: PUSH1 0x00 00001153: PUSH2 0x115d 00001156: PUSH1 0x36 00001158: DUP4 00001159: PUSH2 0x15af 0000115c: JUMP 0000115d: JUMPDEST 0000115e: PUSH32 0x4c69624469616d6f6e644375743a20616374696f6e206e6f742073657420746f 0000117f: DUP2 00001180: MSTORE 00001181: PUSH32 0x204661636574437574416374696f6e2e52656d6f766500000000000000000000 000011a2: PUSH1 0x20 000011a4: DUP3 000011a5: ADD 000011a6: MSTORE 000011a7: PUSH1 0x40 000011a9: ADD 000011aa: SWAP3 000011ab: SWAP2 000011ac: POP 000011ad: POP 000011ae: JUMP 000011af: JUMPDEST 000011b0: PUSH1 0x00 000011b2: PUSH2 0x11bc 000011b5: PUSH1 0x27 000011b7: DUP4 000011b8: PUSH2 0x15af 000011bb: JUMP 000011bc: JUMPDEST 000011bd: PUSH32 0x4c69624469616d6f6e644375743a20496e636f72726563742046616365744375 000011de: DUP2 000011df: MSTORE 000011e0: PUSH32 0x74416374696f6e00000000000000000000000000000000000000000000000000 00001201: PUSH1 0x20 00001203: DUP3 00001204: ADD 00001205: MSTORE 00001206: PUSH1 0x40 00001208: ADD 00001209: SWAP3 0000120a: SWAP2 0000120b: POP 0000120c: POP 0000120d: JUMP 0000120e: JUMPDEST 0000120f: PUSH1 0x00 00001211: PUSH2 0x121b 00001214: PUSH1 0x1f 00001216: DUP4 00001217: PUSH2 0x15af 0000121a: JUMP 0000121b: JUMPDEST 0000121c: PUSH32 0x4c69624469616d6f6e644375743a204e6f2066616365747320746f2063757400 0000123d: DUP2 0000123e: MSTORE 0000123f: PUSH1 0x20 00001241: ADD 00001242: SWAP3 00001243: SWAP2 00001244: POP 00001245: POP 00001246: JUMP 00001247: JUMPDEST 00001248: PUSH1 0x00 0000124a: PUSH2 0x1254 0000124d: PUSH1 0x3d 0000124f: DUP4 00001250: PUSH2 0x15af 00001253: JUMP 00001254: JUMPDEST 00001255: PUSH32 0x4c69624469616d6f6e644375743a205f63616c6c6461746120697320656d7074 00001276: DUP2 00001277: MSTORE 00001278: PUSH32 0x7920627574205f696e6974206973206e6f742061646472657373283029000000 00001299: PUSH1 0x20 0000129b: DUP3 0000129c: ADD 0000129d: MSTORE 0000129e: PUSH1 0x40 000012a0: ADD 000012a1: SWAP3 000012a2: SWAP2 000012a3: POP 000012a4: POP 000012a5: JUMP 000012a6: JUMPDEST 000012a7: PUSH1 0x00 000012a9: PUSH2 0x12b3 000012ac: PUSH1 0x29 000012ae: DUP4 000012af: PUSH2 0x15af 000012b2: JUMP 000012b3: JUMPDEST 000012b4: PUSH32 0x44657269766144455820646f6573206e6f74206469726563746c792061636365 000012d5: DUP2 000012d6: MSTORE 000012d7: PUSH32 0x70742065746865722e0000000000000000000000000000000000000000000000 000012f8: PUSH1 0x20 000012fa: DUP3 000012fb: ADD 000012fc: MSTORE 000012fd: PUSH1 0x40 000012ff: ADD 00001300: SWAP3 00001301: SWAP2 00001302: POP 00001303: POP 00001304: JUMP 00001305: JUMPDEST 00001306: PUSH1 0x00 00001308: PUSH2 0x1312 0000130b: PUSH1 0x35 0000130d: DUP4 0000130e: PUSH2 0x15af 00001311: JUMP 00001312: JUMPDEST 00001313: PUSH32 0x4c69624469616d6f6e644375743a2043616e2774206164642066756e6374696f 00001334: DUP2 00001335: MSTORE 00001336: PUSH32 0x6e207468617420616c7265616479206578697374730000000000000000000000 00001357: PUSH1 0x20 00001359: DUP3 0000135a: ADD 0000135b: MSTORE 0000135c: PUSH1 0x40 0000135e: ADD 0000135f: SWAP3 00001360: SWAP2 00001361: POP 00001362: POP 00001363: JUMP 00001364: JUMPDEST 00001365: PUSH1 0x00 00001367: PUSH2 0x1371 0000136a: PUSH1 0x42 0000136c: DUP4 0000136d: PUSH2 0x15af 00001370: JUMP 00001371: JUMPDEST 00001372: PUSH32 0x4c69624469616d6f6e644375743a2043616e27742072656d6f7665206f722072 00001393: DUP2 00001394: MSTORE 00001395: PUSH32 0x65706c6163652066756e6374696f6e207468617420646f65736e277420657869 000013b6: PUSH1 0x20 000013b8: DUP3 000013b9: ADD 000013ba: MSTORE 000013bb: PUSH32 0x7374000000000000000000000000000000000000000000000000000000000000 000013dc: PUSH1 0x40 000013de: DUP3 000013df: ADD 000013e0: MSTORE 000013e1: PUSH1 0x60 000013e3: ADD 000013e4: SWAP3 000013e5: SWAP2 000013e6: POP 000013e7: POP 000013e8: JUMP 000013e9: JUMPDEST 000013ea: PUSH1 0x00 000013ec: PUSH2 0x13f6 000013ef: PUSH1 0x38 000013f1: DUP4 000013f2: PUSH2 0x15af 000013f5: JUMP 000013f6: JUMPDEST 000013f7: PUSH32 0x4c69624469616d6f6e644375743a2043616e2774207265706c6163652066756e 00001418: DUP2 00001419: MSTORE 0000141a: PUSH32 0x6374696f6e20776974682073616d652066756e6374696f6e0000000000000000 0000143b: PUSH1 0x20 0000143d: DUP3 0000143e: ADD 0000143f: MSTORE 00001440: PUSH1 0x40 00001442: ADD 00001443: SWAP3 00001444: SWAP2 00001445: POP 00001446: POP 00001447: JUMP 00001448: JUMPDEST 00001449: DUP1 0000144a: MLOAD 0000144b: PUSH1 0x00 0000144d: SWAP1 0000144e: PUSH1 0x60 00001450: DUP5 00001451: ADD 00001452: SWAP1 00001453: PUSH2 0x145c 00001456: DUP6 00001457: DUP3 00001458: PUSH2 0x0eab 0000145b: JUMP 0000145c: JUMPDEST 0000145d: POP 0000145e: PUSH1 0x20 00001460: DUP4 00001461: ADD 00001462: MLOAD 00001463: PUSH2 0x146f 00001466: PUSH1 0x20 00001468: DUP7 00001469: ADD 0000146a: DUP3 0000146b: PUSH2 0x0ff1 0000146e: JUMP 0000146f: JUMPDEST 00001470: POP 00001471: PUSH1 0x40 00001473: DUP4 00001474: ADD 00001475: MLOAD 00001476: DUP5 00001477: DUP3 00001478: SUB 00001479: PUSH1 0x40 0000147b: DUP7 0000147c: ADD 0000147d: MSTORE 0000147e: PUSH2 0x1487 00001481: DUP3 00001482: DUP3 00001483: PUSH2 0x0eba 00001486: JUMP 00001487: JUMPDEST 00001488: SWAP6 00001489: SWAP5 0000148a: POP 0000148b: POP 0000148c: POP 0000148d: POP 0000148e: POP 0000148f: JUMP 00001490: JUMPDEST 00001491: PUSH1 0x00 00001493: PUSH2 0x0ea4 00001496: DUP3 00001497: DUP5 00001498: PUSH2 0x0fc2 0000149b: JUMP 0000149c: JUMPDEST 0000149d: PUSH1 0x60 0000149f: DUP1 000014a0: DUP3 000014a1: MSTORE 000014a2: DUP2 000014a3: ADD 000014a4: PUSH2 0x14ad 000014a7: DUP2 000014a8: DUP7 000014a9: PUSH2 0x0f13 000014ac: JUMP 000014ad: JUMPDEST 000014ae: SWAP1 000014af: POP 000014b0: PUSH2 0x14bc 000014b3: PUSH1 0x20 000014b5: DUP4 000014b6: ADD 000014b7: DUP6 000014b8: PUSH2 0x0eab 000014bb: JUMP 000014bc: JUMPDEST 000014bd: DUP2 000014be: DUP2 000014bf: SUB 000014c0: PUSH1 0x40 000014c2: DUP4 000014c3: ADD 000014c4: MSTORE 000014c5: PUSH2 0x1487 000014c8: DUP2 000014c9: DUP5 000014ca: PUSH2 0x0f8a 000014cd: JUMP 000014ce: JUMPDEST 000014cf: PUSH1 0x20 000014d1: DUP1 000014d2: DUP3 000014d3: MSTORE 000014d4: DUP2 000014d5: ADD 000014d6: PUSH2 0x0ea4 000014d9: DUP2 000014da: DUP5 000014db: PUSH2 0x0f8a 000014de: JUMP 000014df: JUMPDEST 000014e0: PUSH1 0x20 000014e2: DUP1 000014e3: DUP3 000014e4: MSTORE 000014e5: DUP2 000014e6: ADD 000014e7: PUSH2 0x14ef 000014ea: DUP2 000014eb: PUSH2 0x0ffa 000014ee: JUMP 000014ef: JUMPDEST 000014f0: SWAP3 000014f1: SWAP2 000014f2: POP 000014f3: POP 000014f4: JUMP 000014f5: JUMPDEST 000014f6: PUSH1 0x20 000014f8: DUP1 000014f9: DUP3 000014fa: MSTORE 000014fb: DUP2 000014fc: ADD 000014fd: PUSH2 0x14ef 00001500: DUP2 00001501: PUSH2 0x1059 00001504: JUMP 00001505: JUMPDEST 00001506: PUSH1 0x20 00001508: DUP1 00001509: DUP3 0000150a: MSTORE 0000150b: DUP2 0000150c: ADD 0000150d: PUSH2 0x14ef 00001510: DUP2 00001511: PUSH2 0x10b8 00001514: JUMP 00001515: JUMPDEST 00001516: PUSH1 0x20 00001518: DUP1 00001519: DUP3 0000151a: MSTORE 0000151b: DUP2 0000151c: ADD 0000151d: PUSH2 0x14ef 00001520: DUP2 00001521: PUSH2 0x10f1 00001524: JUMP 00001525: JUMPDEST 00001526: PUSH1 0x20 00001528: DUP1 00001529: DUP3 0000152a: MSTORE 0000152b: DUP2 0000152c: ADD 0000152d: PUSH2 0x14ef 00001530: DUP2 00001531: PUSH2 0x1150 00001534: JUMP 00001535: JUMPDEST 00001536: PUSH1 0x20 00001538: DUP1 00001539: DUP3 0000153a: MSTORE 0000153b: DUP2 0000153c: ADD 0000153d: PUSH2 0x14ef 00001540: DUP2 00001541: PUSH2 0x11af 00001544: JUMP 00001545: JUMPDEST 00001546: PUSH1 0x20 00001548: DUP1 00001549: DUP3 0000154a: MSTORE 0000154b: DUP2 0000154c: ADD 0000154d: PUSH2 0x14ef 00001550: DUP2 00001551: PUSH2 0x120e 00001554: JUMP 00001555: JUMPDEST 00001556: PUSH1 0x20 00001558: DUP1 00001559: DUP3 0000155a: MSTORE 0000155b: DUP2 0000155c: ADD 0000155d: PUSH2 0x14ef 00001560: DUP2 00001561: PUSH2 0x1247 00001564: JUMP 00001565: JUMPDEST 00001566: PUSH1 0x20 00001568: DUP1 00001569: DUP3 0000156a: MSTORE 0000156b: DUP2 0000156c: ADD 0000156d: PUSH2 0x14ef 00001570: DUP2 00001571: PUSH2 0x12a6 00001574: JUMP 00001575: JUMPDEST 00001576: PUSH1 0x20 00001578: DUP1 00001579: DUP3 0000157a: MSTORE 0000157b: DUP2 0000157c: ADD 0000157d: PUSH2 0x14ef 00001580: DUP2 00001581: PUSH2 0x1305 00001584: JUMP 00001585: JUMPDEST 00001586: PUSH1 0x20 00001588: DUP1 00001589: DUP3 0000158a: MSTORE 0000158b: DUP2 0000158c: ADD 0000158d: PUSH2 0x14ef 00001590: DUP2 00001591: PUSH2 0x1364 00001594: JUMP 00001595: JUMPDEST 00001596: PUSH1 0x20 00001598: DUP1 00001599: DUP3 0000159a: MSTORE 0000159b: DUP2 0000159c: ADD 0000159d: PUSH2 0x14ef 000015a0: DUP2 000015a1: PUSH2 0x13e9 000015a4: JUMP 000015a5: JUMPDEST 000015a6: PUSH1 0x20 000015a8: ADD 000015a9: SWAP1 000015aa: JUMP 000015ab: JUMPDEST 000015ac: MLOAD 000015ad: SWAP1 000015ae: JUMP 000015af: JUMPDEST 000015b0: SWAP1 000015b1: DUP2 000015b2: MSTORE 000015b3: PUSH1 0x20 000015b5: ADD 000015b6: SWAP1 000015b7: JUMP 000015b8: JUMPDEST 000015b9: SWAP2 000015ba: SWAP1 000015bb: POP 000015bc: JUMP 000015bd: JUMPDEST 000015be: PUSH1 0x00 000015c0: PUSH2 0x14ef 000015c3: DUP3 000015c4: PUSH2 0x15f7 000015c7: JUMP 000015c8: JUMPDEST 000015c9: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 000015ea: AND 000015eb: SWAP1 000015ec: JUMP 000015ed: JUMPDEST 000015ee: DUP1 000015ef: PUSH2 0x15b8 000015f2: DUP2 000015f3: PUSH2 0x166f 000015f6: JUMP 000015f7: JUMPDEST 000015f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000160d: AND 0000160e: SWAP1 0000160f: JUMP 00001610: JUMPDEST 00001611: PUSH1 0x00 00001613: PUSH2 0x14ef 00001616: DUP3 00001617: PUSH2 0x15ed 0000161a: JUMP 0000161b: JUMPDEST 0000161c: PUSH1 0x00 0000161e: JUMPDEST 0000161f: DUP4 00001620: DUP2 00001621: LT 00001622: ISZERO 00001623: PUSH2 0x1636 00001626: JUMPI 00001627: DUP2 00001628: DUP2 00001629: ADD 0000162a: MLOAD 0000162b: DUP4 0000162c: DUP3 0000162d: ADD 0000162e: MSTORE 0000162f: PUSH1 0x20 00001631: ADD 00001632: PUSH2 0x161e 00001635: JUMP 00001636: JUMPDEST 00001637: DUP4 00001638: DUP2 00001639: GT 0000163a: ISZERO 0000163b: PUSH2 0x0279 0000163e: JUMPI 0000163f: POP 00001640: POP 00001641: PUSH1 0x00 00001643: SWAP2 00001644: ADD 00001645: MSTORE 00001646: JUMP 00001647: JUMPDEST 00001648: PUSH1 0x1f 0000164a: ADD 0000164b: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 0000166c: AND 0000166d: SWAP1 0000166e: JUMP 0000166f: JUMPDEST 00001670: PUSH1 0x03 00001672: DUP2 00001673: LT 00001674: PUSH2 0x0e68 00001677: JUMPI 00001678: INVALID 00001679: INVALID 0000167a: UNKNOWN(0x4C) 0000167b: PUSH10 0x624469616d6f6e644375 00001686: PUSH21 0x3a205f696e6974206164647265737320686173206e 0000169c: PUSH16 0x20636f64654c69624469616d6f6e6443 000016ad: PUSH22 0x743a204e657720666163657420686173206e6f20636f 000016c4: PUSH5 0x65a2646970 000016ca: PUSH7 0x735822122037e8 000016d2: MCOPY 000016d3: PUSH21 0x6c805680341443fac4e39de6470acdb3e3eeffd56b 000016e9: DUP6 000016ea: XOR 000016eb: TLOAD 000016ec: UNKNOWN(0xF7) 000016ed: PUSH9 0x270d64736f6c634300 000016f7: MOD 000016f8: UNKNOWN(0x0C) 000016f9: STOP 000016fa: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewvalidation_json{
"sink": "DELEGATECALL",
"errors": 10,
"status": "unknown",
"attempts": 11,
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x",
"selector": "fallback",
"calldata_variants": [
"0x"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 245,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 1921,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | math | codex | Withdrawal factor validation checks the old value, enabling >100% withdrawals | 75 | no | — |
viewevidence_json{
"evidence": "`setWithdrawalFactor` checks `dsInsuranceFund.withdrawalFactor <= 1000` instead of `_withdrawalFactor`, while `withdrawFromInsuranceFund` uses `dsInsuranceFund.withdrawalFactor` to scale withdrawals.",
"locations": [
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:255",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:422"
],
"recommendation": "Validate the input value instead (`require(_withdrawalFactor <= 1000, ...)`) and consider adding an emergency reset path. Add tests asserting that values >1000 are rejected.",
"exploit_scenario": "Governance (or a compromised admin) can set `_withdrawalFactor` to a value >1000 because the require check validates the current stored value instead of the new value. Once set, users can withdraw more collateral than their pro\u2011rata share (`underlyingToTransfer` > `underlyingToTransferNoFee`), draining the fund. Because the check uses the stored value, it also becomes impossible to reset if the current value exceeds 1000."
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|
| low | other | codex | External reward transfers can fail silently after claims are marked used | 65 | no | — |
viewevidence_json{
"evidence": "`stakerToOtherRewardsClaims` is updated before `claimOtherRewardsFromInsuranceMining`, and both `transferTokensAave` and `transferTokensCompound` ignore failures via `try/catch` without state rollback.",
"locations": [
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:764",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1011",
"contracts/contracts/facets/insurance-fund/InsuranceFund.sol:1021"
],
"recommendation": "Only mark the claim after successful transfers, or revert on transfer failures. Alternatively, track per\u2011reward claim status and allow retries when transfers fail.",
"exploit_scenario": "`claimDDXFromInsuranceMining` marks `stakerToOtherRewardsClaims` before attempting external COMP/aToken transfers. The transfer helpers intentionally swallow failures (`try ... catch {}`), so a failing transfer (non\u2011standard token behavior, blacklisting, or insufficient balance) causes the claimant to permanently lose rewards for that interval with no retry path. A malicious or misconfigured collateral token could grief claimers this way."
}
|