068cc26f-8640-427e-bfcd-13790bdfe7cf
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31310 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 110858 | artifact.fetch | failed | 1 / 3 | 1 week ago |
| 110859 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 110860 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 110861 | capability.graph | complete | 1 / 3 | 1 week ago |
| 110862 | detector.run | complete | 1 / 3 | 1 week ago |
| 110863 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:483358] OpenAI Codex v0.77.0 (research preview)
[codex:483358] --------
[codex:483358] workdir: /tmp/codex-multi-ehbebx4d
[codex:483358] model: gpt-5.2-codex
[codex:483358] provider: openai
[codex:483358] approval: never
[codex:483358] sandbox: read-only
[codex:483358] reasoning effort: xhigh
[codex:483358] reasoning summaries: auto
[codex:483358] session id: 019b7fd4-7263-7892-abae-8259d45a7ae0
[codex:483358] --------
[codex:483358] user
[codex:483358] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:483358]
[codex:483358] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:483358]
[codex:483358] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:483358] - Gas inefficiency, code quality, naming, or best practices
[codex:483358] - Theoretical vulnerabilities without a clear extraction path
[codex:483358] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:483358] - Front-running unless it enables theft beyond MEV
[codex:483358] - DoS, griefing, or issues that don't result in attacker profit
[codex:483358] - Missing events, view function issues, or informational findings
[codex:483358]
[codex:483358] HIGH-VALUE PATTERNS TO HUNT:
[codex:483358] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:483358] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:483358] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:483358] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:483358] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:483358] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:483358] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:483358] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:483358] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:483358]
[codex:483358] For each finding, you MUST provide:
[codex:483358] 1. Exact file and line numbers of vulnerable code
[codex:483358] 2. Step-by-step exploit transaction sequence
[codex:483358] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:483358]
[codex:483358] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:483358]
[codex:483358] Output MUST be valid JSON matching the provided schema.
[codex:483358] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:483358] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:483358] mcp startup: no servers
[codex:483358]
[codex:483358] thinking
[codex:483358] **Checking for AUDIT_BUNDLE instructions**
[codex:483358] exec
[codex:483358] /bin/bash -lc ls in /tmp/codex-multi-ehbebx4d succeeded in 5ms:
[codex:483358] AUDIT_BUNDLE.txt
[codex:483358] codex-output-schema.json
[codex:483358] contracts
[codex:483358]
[codex:483358] thinking
[codex:483358] **Reading AUDIT_BUNDLE.txt**
[codex:483358] exec
[codex:483358] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-ehbebx4d succeeded in 5ms:
[codex:483358] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:483358]
[codex:483358] ================================================================================
[codex:483358] FILE: contracts/Contract.sol
[codex:483358] ================================================================================
[codex:483358] pragma solidity 0.5.16;
[codex:483358]
[codex:483358] library SafeMath {
[codex:483358]
[codex:483358] function mul(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:483358] if (a == 0)
[codex:483358] return 0;
[codex:483358] uint256 c = a * b;
[codex:483358] require(c / a == b);
[codex:483358] return c;
[codex:483358] }
[codex:483358]
[codex:483358] function div(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:483358] require(b > 0);
[codex:483358] uint256 c = a / b;
[codex:483358]
[codex:483358]
[codex:483358]
[codex:483358]
[codex:483358] thinking
[codex:483358] **Analyzing contract reentrancy and token withdrawal risks**
[codex:483358] thinking
[codex:483358] **Investigating token transfer hooks and burn function assumptions**
[codex:483358]
[codex:483358] I'll think through how token transfer hooks might trigger unexpected calls and whether the burn function's external calls could be exploited, especially if burn silently fails or if tokens with unexpected behavior interact with the withdrawal logic.
[codex:483358] thinking
[codex:483358] **Summarizing audit conclusions with no concrete issues**
[codex:483358]
[codex:483358] I've reviewed the full audit scope carefully and found no concrete exploit paths or vulnerabilities in the contract logic, access controls, or reentrancy guards. The design appears sound given the assumptions about external token behavior.
[codex:483358] thinking
[codex:483358] **Preparing final JSON audit summary**
[codex:483358] codex
[codex:483358] {"no_findings":true,"summary":"No concrete, exploitable path to extract value found in the provided Burner/GuildBank logic under the stated assumptions.","findings":[]}
[codex:483358] tokens used
[codex:483358] 14,316
[codex:483358] {"no_findings":true,"summary":"No concrete, exploitable path to extract value found in the provided Burner/GuildBank logic under the stated assumptions.","findings":[]}
{
"codex": {
"ran_at": "2026-01-02T17:53:15.251655+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable path to extract value found in the provided Burner/GuildBank logic under the stated assumptions.",
"raw_final": {
"summary": "No concrete, exploitable path to extract value found in the provided Burner/GuildBank logic under the stated assumptions.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0034 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x8da5cb5b 00000019: EQ 0000001a: PUSH2 0x0036 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xd9caed12 00000024: EQ 00000025: PUSH2 0x0067 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xf2fde38b 0000002f: EQ 00000030: PUSH2 0x00be 00000033: JUMPI 00000034: JUMPDEST 00000035: STOP 00000036: JUMPDEST 00000037: CALLVALUE 00000038: DUP1 00000039: ISZERO 0000003a: PUSH2 0x0042 0000003d: JUMPI 0000003e: PUSH1 0x00 00000040: DUP1 00000041: REVERT 00000042: JUMPDEST 00000043: POP 00000044: PUSH2 0x004b 00000047: PUSH2 0x00f1 0000004a: JUMP 0000004b: JUMPDEST 0000004c: PUSH1 0x40 0000004e: DUP1 0000004f: MLOAD 00000050: PUSH1 0x01 00000052: PUSH1 0x01 00000054: PUSH1 0xa0 00000056: SHL 00000057: SUB 00000058: SWAP1 00000059: SWAP3 0000005a: AND 0000005b: DUP3 0000005c: MSTORE 0000005d: MLOAD 0000005e: SWAP1 0000005f: DUP2 00000060: SWAP1 00000061: SUB 00000062: PUSH1 0x20 00000064: ADD 00000065: SWAP1 00000066: RETURN 00000067: JUMPDEST 00000068: CALLVALUE 00000069: DUP1 0000006a: ISZERO 0000006b: PUSH2 0x0073 0000006e: JUMPI 0000006f: PUSH1 0x00 00000071: DUP1 00000072: REVERT 00000073: JUMPDEST 00000074: POP 00000075: PUSH2 0x00aa 00000078: PUSH1 0x04 0000007a: DUP1 0000007b: CALLDATASIZE 0000007c: SUB 0000007d: PUSH1 0x60 0000007f: DUP2 00000080: LT 00000081: ISZERO 00000082: PUSH2 0x008a 00000085: JUMPI 00000086: PUSH1 0x00 00000088: DUP1 00000089: REVERT 0000008a: JUMPDEST 0000008b: POP 0000008c: PUSH1 0x01 0000008e: PUSH1 0x01 00000090: PUSH1 0xa0 00000092: SHL 00000093: SUB 00000094: DUP2 00000095: CALLDATALOAD 00000096: DUP2 00000097: AND 00000098: SWAP2 00000099: PUSH1 0x20 0000009b: DUP2 0000009c: ADD 0000009d: CALLDATALOAD 0000009e: SWAP1 0000009f: SWAP2 000000a0: AND 000000a1: SWAP1 000000a2: PUSH1 0x40 000000a4: ADD 000000a5: CALLDATALOAD 000000a6: PUSH2 0x0100 000000a9: JUMP 000000aa: JUMPDEST 000000ab: PUSH1 0x40 000000ad: DUP1 000000ae: MLOAD 000000af: SWAP2 000000b0: ISZERO 000000b1: ISZERO 000000b2: DUP3 000000b3: MSTORE 000000b4: MLOAD 000000b5: SWAP1 000000b6: DUP2 000000b7: SWAP1 000000b8: SUB 000000b9: PUSH1 0x20 000000bb: ADD 000000bc: SWAP1 000000bd: RETURN 000000be: JUMPDEST 000000bf: CALLVALUE 000000c0: DUP1 000000c1: ISZERO 000000c2: PUSH2 0x00ca 000000c5: JUMPI 000000c6: PUSH1 0x00 000000c8: DUP1 000000c9: REVERT 000000ca: JUMPDEST 000000cb: POP 000000cc: PUSH2 0x0034 000000cf: PUSH1 0x04 000000d1: DUP1 000000d2: CALLDATASIZE 000000d3: SUB 000000d4: PUSH1 0x20 000000d6: DUP2 000000d7: LT 000000d8: ISZERO 000000d9: PUSH2 0x00e1 000000dc: JUMPI 000000dd: PUSH1 0x00 000000df: DUP1 000000e0: REVERT 000000e1: JUMPDEST 000000e2: POP 000000e3: CALLDATALOAD 000000e4: PUSH1 0x01 000000e6: PUSH1 0x01 000000e8: PUSH1 0xa0 000000ea: SHL 000000eb: SUB 000000ec: AND 000000ed: PUSH2 0x0257 000000f0: JUMP 000000f1: JUMPDEST 000000f2: PUSH1 0x00 000000f4: SLOAD 000000f5: PUSH1 0x01 000000f7: PUSH1 0x01 000000f9: PUSH1 0xa0 000000fb: SHL 000000fc: SUB 000000fd: AND 000000fe: DUP2 000000ff: JUMP 00000100: JUMPDEST 00000101: PUSH1 0x00 00000103: DUP1 00000104: SLOAD 00000105: PUSH1 0x01 00000107: PUSH1 0x01 00000109: PUSH1 0xa0 0000010b: SHL 0000010c: SUB 0000010d: AND 0000010e: CALLER 0000010f: EQ 00000110: DUP1 00000111: PUSH2 0x012d 00000114: JUMPI 00000115: POP 00000116: CALLER 00000117: PUSH20 0xde02313f8bf17f31380c63e41cdecee98bc2b16d 0000012c: EQ 0000012d: JUMPDEST 0000012e: PUSH2 0x0172 00000131: JUMPI 00000132: PUSH1 0x40 00000134: DUP1 00000135: MLOAD 00000136: PUSH3 0x461bcd 0000013a: PUSH1 0xe5 0000013c: SHL 0000013d: DUP2 0000013e: MSTORE 0000013f: PUSH1 0x20 00000141: PUSH1 0x04 00000143: DUP3 00000144: ADD 00000145: MSTORE 00000146: PUSH1 0x11 00000148: PUSH1 0x24 0000014a: DUP3 0000014b: ADD 0000014c: MSTORE 0000014d: PUSH17 0x1c195c9b5a5cdcda5bdb8819195b9a5959 0000015f: PUSH1 0x7a 00000161: SHL 00000162: PUSH1 0x44 00000164: DUP3 00000165: ADD 00000166: MSTORE 00000167: SWAP1 00000168: MLOAD 00000169: SWAP1 0000016a: DUP2 0000016b: SWAP1 0000016c: SUB 0000016d: PUSH1 0x64 0000016f: ADD 00000170: SWAP1 00000171: REVERT 00000172: JUMPDEST 00000173: PUSH1 0x01 00000175: PUSH1 0x01 00000177: PUSH1 0xa0 00000179: SHL 0000017a: SUB 0000017b: DUP5 0000017c: AND 0000017d: PUSH20 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee 00000192: EQ 00000193: ISZERO 00000194: PUSH2 0x01f0 00000197: JUMPI 00000198: PUSH1 0x40 0000019a: MLOAD 0000019b: PUSH1 0x01 0000019d: PUSH1 0x01 0000019f: PUSH1 0xa0 000001a1: SHL 000001a2: SUB 000001a3: DUP5 000001a4: AND 000001a5: SWAP1 000001a6: DUP4 000001a7: SWAP1 000001a8: PUSH1 0x00 000001aa: DUP2 000001ab: DUP2 000001ac: DUP2 000001ad: DUP6 000001ae: DUP8 000001af: GAS 000001b0: CALL 000001b1: SWAP3 000001b2: POP 000001b3: POP 000001b4: POP 000001b5: RETURNDATASIZE 000001b6: DUP1 000001b7: PUSH1 0x00 000001b9: DUP2 000001ba: EQ 000001bb: PUSH2 0x01e0 000001be: JUMPI 000001bf: PUSH1 0x40 000001c1: MLOAD 000001c2: SWAP2 000001c3: POP 000001c4: PUSH1 0x1f 000001c6: NOT 000001c7: PUSH1 0x3f 000001c9: RETURNDATASIZE 000001ca: ADD 000001cb: AND 000001cc: DUP3 000001cd: ADD 000001ce: PUSH1 0x40 000001d0: MSTORE 000001d1: RETURNDATASIZE 000001d2: DUP3 000001d3: MSTORE 000001d4: RETURNDATASIZE 000001d5: PUSH1 0x00 000001d7: PUSH1 0x20 000001d9: DUP5 000001da: ADD 000001db: RETURNDATACOPY 000001dc: PUSH2 0x01e5 000001df: JUMP 000001e0: JUMPDEST 000001e1: PUSH1 0x60 000001e3: SWAP2 000001e4: POP 000001e5: JUMPDEST 000001e6: POP 000001e7: POP 000001e8: DUP1 000001e9: SWAP2 000001ea: POP 000001eb: POP 000001ec: PUSH2 0x01fe 000001ef: JUMP 000001f0: JUMPDEST 000001f1: PUSH2 0x01fb 000001f4: DUP5 000001f5: DUP5 000001f6: DUP5 000001f7: PUSH2 0x0352 000001fa: JUMP 000001fb: JUMPDEST 000001fc: SWAP1 000001fd: POP 000001fe: JUMPDEST 000001ff: DUP1 00000200: ISZERO 00000201: PUSH2 0x0250 00000204: JUMPI 00000205: DUP3 00000206: PUSH1 0x01 00000208: PUSH1 0x01 0000020a: PUSH1 0xa0 0000020c: SHL 0000020d: SUB 0000020e: AND 0000020f: DUP5 00000210: PUSH1 0x01 00000212: PUSH1 0x01 00000214: PUSH1 0xa0 00000216: SHL 00000217: SUB 00000218: AND 00000219: PUSH32 0x2717ead6b9200dd235aad468c9809ea400fe33ac69b5bfaa6d3e90fc922b6398 0000023a: DUP5 0000023b: PUSH1 0x40 0000023d: MLOAD 0000023e: DUP1 0000023f: DUP3 00000240: DUP2 00000241: MSTORE 00000242: PUSH1 0x20 00000244: ADD 00000245: SWAP2 00000246: POP 00000247: POP 00000248: PUSH1 0x40 0000024a: MLOAD 0000024b: DUP1 0000024c: SWAP2 0000024d: SUB 0000024e: SWAP1 0000024f: LOG3 00000250: JUMPDEST 00000251: SWAP4 00000252: SWAP3 00000253: POP 00000254: POP 00000255: POP 00000256: JUMP 00000257: JUMPDEST 00000258: PUSH1 0x00 0000025a: SLOAD 0000025b: PUSH1 0x01 0000025d: PUSH1 0x01 0000025f: PUSH1 0xa0 00000261: SHL 00000262: SUB 00000263: AND 00000264: CALLER 00000265: EQ 00000266: PUSH2 0x02aa 00000269: JUMPI 0000026a: PUSH1 0x40 0000026c: DUP1 0000026d: MLOAD 0000026e: PUSH3 0x461bcd 00000272: PUSH1 0xe5 00000274: SHL 00000275: DUP2 00000276: MSTORE 00000277: PUSH1 0x20 00000279: PUSH1 0x04 0000027b: DUP3 0000027c: ADD 0000027d: MSTORE 0000027e: PUSH1 0x11 00000280: PUSH1 0x24 00000282: DUP3 00000283: ADD 00000284: MSTORE 00000285: PUSH17 0x1c195c9b5a5cdcda5bdb8819195b9a5959 00000297: PUSH1 0x7a 00000299: SHL 0000029a: PUSH1 0x44 0000029c: DUP3 0000029d: ADD 0000029e: MSTORE 0000029f: SWAP1 000002a0: MLOAD 000002a1: SWAP1 000002a2: DUP2 000002a3: SWAP1 000002a4: SUB 000002a5: PUSH1 0x64 000002a7: ADD 000002a8: SWAP1 000002a9: REVERT 000002aa: JUMPDEST 000002ab: PUSH1 0x01 000002ad: PUSH1 0x01 000002af: PUSH1 0xa0 000002b1: SHL 000002b2: SUB 000002b3: DUP2 000002b4: AND 000002b5: PUSH2 0x02f7 000002b8: JUMPI 000002b9: PUSH1 0x40 000002bb: DUP1 000002bc: MLOAD 000002bd: PUSH3 0x461bcd 000002c1: PUSH1 0xe5 000002c3: SHL 000002c4: DUP2 000002c5: MSTORE 000002c6: PUSH1 0x20 000002c8: PUSH1 0x04 000002ca: DUP3 000002cb: ADD 000002cc: MSTORE 000002cd: PUSH1 0x0f 000002cf: PUSH1 0x24 000002d1: DUP3 000002d2: ADD 000002d3: MSTORE 000002d4: PUSH15 0x696e76616c69642061646472657373 000002e4: PUSH1 0x88 000002e6: SHL 000002e7: PUSH1 0x44 000002e9: DUP3 000002ea: ADD 000002eb: MSTORE 000002ec: SWAP1 000002ed: MLOAD 000002ee: SWAP1 000002ef: DUP2 000002f0: SWAP1 000002f1: SUB 000002f2: PUSH1 0x64 000002f4: ADD 000002f5: SWAP1 000002f6: REVERT 000002f7: JUMPDEST 000002f8: PUSH1 0x00 000002fa: DUP1 000002fb: SLOAD 000002fc: PUSH1 0x40 000002fe: MLOAD 000002ff: PUSH1 0x01 00000301: PUSH1 0x01 00000303: PUSH1 0xa0 00000305: SHL 00000306: SUB 00000307: DUP1 00000308: DUP6 00000309: AND 0000030a: SWAP4 0000030b: SWAP3 0000030c: AND 0000030d: SWAP2 0000030e: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 0000032f: SWAP2 00000330: LOG3 00000331: PUSH1 0x00 00000333: DUP1 00000334: SLOAD 00000335: PUSH1 0x01 00000337: PUSH1 0x01 00000339: PUSH1 0xa0 0000033b: SHL 0000033c: SUB 0000033d: NOT 0000033e: AND 0000033f: PUSH1 0x01 00000341: PUSH1 0x01 00000343: PUSH1 0xa0 00000345: SHL 00000346: SUB 00000347: SWAP3 00000348: SWAP1 00000349: SWAP3 0000034a: AND 0000034b: SWAP2 0000034c: SWAP1 0000034d: SWAP2 0000034e: OR 0000034f: SWAP1 00000350: SSTORE 00000351: JUMP 00000352: JUMPDEST 00000353: PUSH1 0x40 00000355: DUP1 00000356: MLOAD 00000357: PUSH4 0xa9059cbb 0000035c: PUSH1 0xe0 0000035e: SHL 0000035f: DUP2 00000360: MSTORE 00000361: PUSH1 0x01 00000363: PUSH1 0x01 00000365: PUSH1 0xa0 00000367: SHL 00000368: SUB 00000369: DUP5 0000036a: DUP2 0000036b: AND 0000036c: PUSH1 0x04 0000036e: DUP4 0000036f: ADD 00000370: MSTORE 00000371: PUSH1 0x24 00000373: DUP3 00000374: ADD 00000375: DUP5 00000376: SWAP1 00000377: MSTORE 00000378: SWAP2 00000379: MLOAD 0000037a: PUSH1 0x00 0000037c: SWAP3 0000037d: DUP7 0000037e: SWAP3 0000037f: SWAP1 00000380: DUP4 00000381: AND 00000382: SWAP2 00000383: PUSH4 0xa9059cbb 00000388: SWAP2 00000389: PUSH1 0x44 0000038b: DUP1 0000038c: DUP3 0000038d: ADD 0000038e: SWAP3 0000038f: DUP8 00000390: SWAP3 00000391: SWAP1 00000392: SWAP2 00000393: SWAP1 00000394: DUP3 00000395: SWAP1 00000396: SUB 00000397: ADD 00000398: DUP2 00000399: DUP4 0000039a: DUP8 0000039b: DUP1 0000039c: EXTCODESIZE 0000039d: ISZERO 0000039e: DUP1 0000039f: ISZERO 000003a0: PUSH2 0x03a8 000003a3: JUMPI 000003a4: PUSH1 0x00 000003a6: DUP1 000003a7: REVERT 000003a8: JUMPDEST 000003a9: POP 000003aa: GAS 000003ab: CALL 000003ac: ISZERO 000003ad: DUP1 000003ae: ISZERO 000003af: PUSH2 0x03bc 000003b2: JUMPI 000003b3: RETURNDATASIZE 000003b4: PUSH1 0x00 000003b6: DUP1 000003b7: RETURNDATACOPY 000003b8: RETURNDATASIZE 000003b9: PUSH1 0x00 000003bb: REVERT 000003bc: JUMPDEST 000003bd: POP 000003be: POP 000003bf: POP 000003c0: POP 000003c1: RETURNDATASIZE 000003c2: PUSH1 0x00 000003c4: DUP2 000003c5: EQ 000003c6: PUSH2 0x03d6 000003c9: JUMPI 000003ca: PUSH1 0x20 000003cc: DUP2 000003cd: EQ 000003ce: PUSH2 0x03e0 000003d1: JUMPI 000003d2: PUSH1 0x00 000003d4: DUP1 000003d5: REVERT 000003d6: JUMPDEST 000003d7: PUSH1 0x00 000003d9: NOT 000003da: SWAP3 000003db: POP 000003dc: PUSH2 0x03ec 000003df: JUMP 000003e0: JUMPDEST 000003e1: PUSH1 0x20 000003e3: PUSH1 0x00 000003e5: DUP1 000003e6: RETURNDATACOPY 000003e7: PUSH1 0x00 000003e9: MLOAD 000003ea: SWAP3 000003eb: POP 000003ec: JUMPDEST 000003ed: POP 000003ee: POP 000003ef: SWAP4 000003f0: SWAP3 000003f1: POP 000003f2: POP 000003f3: POP 000003f4: JUMP 000003f5: INVALID 000003f6: LOG2 000003f7: PUSH6 0x627a7a723158 000003fe: KECCAK256 000003ff: CODECOPY 00000400: ORIGIN 00000401: UNKNOWN(0x0D) 00000402: UNKNOWN(0xC4) 00000403: PUSH26 0x2f9018c3fd273e4b4fc736427d56ba57c9b74034df0404c64116 0000041e: SWAP11 0000041f: PUSH5 0x736f6c6343 00000425: STOP 00000426: SDIV 00000427: LT 00000428: STOP 00000429: ORIGIN
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd9caed12",
"selector": "0xd9caed12",
"calldata_variants": [
"0xd9caed12",
"0xd9caed120000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 300,
"type": "msg_sender_eq_const",
"value": 1.2674448427391058e+48
},
{
"pc": 278,
"type": "msg_sender_eq_const",
"value": "0xde02313f8bf17f31380c63e41cdecee98bc2b16d"
},
{
"pc": 1024,
"type": "tx_origin_used"
},
{
"pc": 1065,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x805bcb60e2a32498cfc981bdf63505f7750b38400936219105ebc5b3271d9520
call_targets:
0x83d0d842e6db3b020f384a2af11bd14787bec8e7
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x805bcb60e2a32498cfc981bdf63505f7750b38400936219105ebc5b3271d9520",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x83d0d842e6db3b020f384a2af11bd14787bec8e7"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd9caed12",
"selector": "0xd9caed12",
"calldata_variants": [
"0xd9caed12",
"0xd9caed120000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 432,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 939,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [
{
"pc": 300,
"type": "msg_sender_eq_const",
"value": 1.2674448427391058e+48
},
{
"pc": 278,
"type": "msg_sender_eq_const",
"value": "0xde02313f8bf17f31380c63e41cdecee98bc2b16d"
},
{
"pc": 1024,
"type": "tx_origin_used"
},
{
"pc": 1065,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 2
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x805bcb60e2a32498cfc981bdf63505f7750b38400936219105ebc5b3271d9520
call_targets:
0x83d0d842e6db3b020f384a2af11bd14787bec8e7
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x805bcb60e2a32498cfc981bdf63505f7750b38400936219105ebc5b3271d9520",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x83d0d842e6db3b020f384a2af11bd14787bec8e7"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd9caed12",
"selector": "0xd9caed12",
"calldata_variants": [
"0xd9caed12",
"0xd9caed120000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 432,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 939,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": [
{
"pc": 300,
"type": "msg_sender_eq_const",
"value": 1.2674448427391058e+48
},
{
"pc": 278,
"type": "msg_sender_eq_const",
"value": "0xde02313f8bf17f31380c63e41cdecee98bc2b16d"
},
{
"pc": 1024,
"type": "tx_origin_used"
},
{
"pc": 1065,
"type": "tx_origin_used"
}
]
}
|