28412e30-849b-401f-9be8-a74404101d7b
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31256 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 110534 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 110535 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 110536 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 110537 | capability.graph | complete | 1 / 3 | 1 week ago |
| 110538 | detector.run | complete | 1 / 3 | 1 week ago |
| 110539 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:69] OpenAI Codex v0.77.0 (research preview)
[codex:69] --------
[codex:69] workdir: /tmp/codex-multi-ybafq4s0
[codex:69] model: gpt-5.2-codex
[codex:69] provider: openai
[codex:69] approval: never
[codex:69] sandbox: read-only
[codex:69] reasoning effort: xhigh
[codex:69] reasoning summaries: auto
[codex:69] session id: 019b7d6a-618a-7cf1-8dfe-66fb9ad86df9
[codex:69] --------
[codex:69] user
[codex:69] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:69]
[codex:69] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:69]
[codex:69] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:69] - Gas inefficiency, code quality, or best practices
[codex:69] - Theoretical vulnerabilities without a clear extraction path
[codex:69] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:69] - Issues requiring social engineering or off-chain coordination
[codex:69]
[codex:69] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:69] - CALL/DELEGATECALL with controllable destination or calldata
[codex:69] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:69] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:69] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:69] - External calls before state updates (reentrancy)
[codex:69] - SELFDESTRUCT with controllable beneficiary
[codex:69] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:69]
[codex:69] For each finding, you MUST explain:
[codex:69] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:69] 2. The concrete sequence of transactions to extract value
[codex:69] 3. Why you believe this is exploitable (not just suspicious)
[codex:69]
[codex:69] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:69] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:69]
[codex:69] Output MUST be valid JSON matching the provided schema.
[codex:69] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:69] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:69] mcp startup: no servers
[codex:69]
[codex:69] thinking
[codex:69] **Checking for relevant skills and reading BYTECODE_BUNDLE.txt**
[codex:69] exec
[codex:69] /bin/bash -lc ls in /tmp/codex-multi-ybafq4s0 succeeded in 5ms:
[codex:69] BYTECODE_BUNDLE.txt
[codex:69] codex-output-schema.json
[codex:69]
[codex:69] thinking
[codex:69] **Reading file**
[codex:69] exec
[codex:69] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-ybafq4s0 succeeded in 5ms:
[codex:69] Runtime bytecode bundle for best-effort auditing.
[codex:69] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:69]
[codex:69] FILE: runtime_bytecode.hex
[codex:69] 0x600061039f537c0100000000000000000000000000000000000000000000000000000000600035046345466f3a81141561011557600034141561004757600060405260206040f35b60025443121561010757600060006000600034600154611388f150346060606059905901600090526000815260005481602001526001816040015280905020554360606060599059016000905260008152600054816020015260028160400152809050205532606060605990590160009052600081526000548160200152600081604001528090502055600054604060405990590160009052600281523281602001528090502055600160005401600055600160e052602060e0f3610114565b6000610100526020610100f35b5b63cd8c55988114156101bf57600435610120526000610140526000610160525b6000546101605112156101b057606060605990590160009052600081526101605181602001526000816040015280905020546101205114156101a057606060605990590160009052600081526101605181602001526001816040015280905020546101405101610140525b6001610160510161016052610135565b610140516101c05260206101c0f35b632b96d14d81141561021c57600435610120526060606059905901600090526000815260406040599059016000905260028152610120518160200152809050205481602001526002816040015280905020546101e05260206101e0f35b63c6bdc5d281141561023657600054610240526020610240f35b63111f45df811415610279576004356102605260606060599059016000905260008152610260518160200152600181604001528090502054610280526020610280f35b6303ba34818114156102bc5760043561026052606060605990590160009052600081526102605181602001526000816040015280905020546102c05260206102c0f35b63654fcc028114156102ff576004356102605260606060599059016000905260008152610260518160200152600281604001528090502054610300526020610300f35b63f0a0cdf481141561033b5760043561012052604060405990590160009052600281526101205181602001528090502054610340526020610340f35b63b0e66aca8114156103565760015431610380526020610380f35b50
[codex:69]
[codex:69] thinking
[codex:69] **Preparing to analyze bytecode**
[codex:69] exec
[codex:69] /bin/bash -lc "python - <<'PY'
[codex:69] import binascii
[codex:69] code=open('BYTECODE_BUNDLE.txt').read().split('0x')[1].split('\\n')[0]
[codex:69] # get runtime bytecode in file? Actually file contains 0x... line only. We'll parse hex.
[codex:69] hexcode=code.strip()
[codex:69] # ensure even
[codex:69] if len(hexcode)%2: print('odd')
[codex:69] # opcode mapping
[codex:69] opcodes={
[codex:69] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:69] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:69] 0x20:'SHA3',
[codex:69] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:69] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:69] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:69] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:69] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:69] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:69] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:69] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:69] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:69] }
[codex:69]
[codex:69] b=binascii.unhexlify(hexcode)
[codex:69] # disassemble with offsets
[codex:69] pc=0
[codex:69] out=[]
[codex:69] while pc<len(b):
[codex:69] op=b[pc]
[codex:69] name=opcodes.get(op,'UNKNOWN')
[codex:69] pc0=pc
[codex:69] pc+=1
[codex:69] if 0x60<=op<=0x7f:
[codex:69] n=op-0x5f
[codex:69] data=b[pc:pc+n]
[codex:69] pc+=n
[codex:69] out.append((pc0,f'{name} 0x{data.hex()}'))
[codex:69] else:
[codex:69] out.append((pc0,name))
[codex:69]
[codex:69] # print
[codex:69] for off,ins in out:
[codex:69] print(f'{off:04x}: {ins}')
[codex:69] PY" in /tmp/codex-multi-ybafq4s0 succeeded in 19ms:
[codex:69] 0000: PUSH1 0x00
[codex:69] 0002: PUSH2 0x039f
[codex:69] 0005: MSTORE8
[codex:69] 0006: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:69] 0024: PUSH1 0x00
[codex:69] 0026: CALLDATALOAD
[codex:69] 0027: DIV
[codex:69] 0028: PUSH4 0x45466f3a
[codex:69] 002d: DUP2
[codex:69] 002e: EQ
[codex:69] 002f: ISZERO
[codex:69] 0030: PUSH2 0x0115
[codex:69] 0033: JUMPI
[codex:69] 0034: PUSH1 0x00
[codex:69] 0036: CALLVALUE
[codex:69] 0037: EQ
[codex:69] 0038: ISZERO
[codex:69] 0039: PUSH2 0x0047
[codex:69] 003c: JUMPI
[codex:69] 003d: PUSH1 0x00
[codex:69]
[codex:69]
[codex:69] thinking
[codex:69] **Decoding and analyzing multiple contract functions**
[codex:69]
[codex:69] I'm closely examining the bytecode’s various function selectors to understand their logic and how storage is accessed or updated. I see one payable function that forwards msg.value to an address stored in slot1 and updates mappings, plus several read-only functions aggregating or returning stored data. I'm interpreting conditional jumps, storage slots, and the use of ORIGIN versus CALLER, trying to spot vulnerabilities or fund extraction paths. The deposit function seems guarded by block number checks and limited gas calls; overall, I’m piecing together if any storage or call pattern could enable exploits or withdrawals.
[codex:69] thinking
[codex:69] **Preparing detailed JSON findings report**
[codex:69]
[codex:69] I’m summarizing that after full bytecode review, no exploitable paths exist: the deposit forwards msg.value to a fixed, immutable slot1 address with no withdrawal or admin controls; no delegatecalls or selfdestruct present; storage writes confined to deposit function; block number checks prevent misuse. I’ll produce a JSON object reflecting no findings per the user’s schema and instructions.
[codex:69] codex
[codex:69] {"no_findings":true,"summary":"Reviewed the full runtime bytecode bundle. The only value transfer is a CALL that forwards msg.value to the fixed address in storage slot 1, with no user-controlled destination and no withdrawal paths from contract balance; no DELEGATECALL/SELFDESTRUCT/unprotected admin storage writes observed. No concrete, exploitable profit path identified from bytecode alone.","findings":[]}
[codex:69] tokens used
[codex:69] 19,914
[codex:69] {"no_findings":true,"summary":"Reviewed the full runtime bytecode bundle. The only value transfer is a CALL that forwards msg.value to the fixed address in storage slot 1, with no user-controlled destination and no withdrawal paths from contract balance; no DELEGATECALL/SELFDESTRUCT/unprotected admin storage writes observed. No concrete, exploitable profit path identified from bytecode alone.","findings":[]}
{
"codex": {
"ran_at": "2026-01-02T06:36:53.258771+00:00",
"returncode": 0
},
"summary": "Reviewed the full runtime bytecode bundle. The only value transfer is a CALL that forwards msg.value to the fixed address in storage slot 1, with no user-controlled destination and no withdrawal paths from contract balance; no DELEGATECALL/SELFDESTRUCT/unprotected admin storage writes observed. No concrete, exploitable profit path identified from bytecode alone.",
"raw_final": {
"summary": "Reviewed the full runtime bytecode bundle. The only value transfer is a CALL that forwards msg.value to the fixed address in storage slot 1, with no user-controlled destination and no withdrawal paths from contract balance; no DELEGATECALL/SELFDESTRUCT/unprotected admin storage writes observed. No concrete, exploitable profit path identified from bytecode alone.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x00 00000002: PUSH2 0x039f 00000005: MSTORE8 00000006: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000024: PUSH1 0x00 00000026: CALLDATALOAD 00000027: DIV 00000028: PUSH4 0x45466f3a 0000002d: DUP2 0000002e: EQ 0000002f: ISZERO 00000030: PUSH2 0x0115 00000033: JUMPI 00000034: PUSH1 0x00 00000036: CALLVALUE 00000037: EQ 00000038: ISZERO 00000039: PUSH2 0x0047 0000003c: JUMPI 0000003d: PUSH1 0x00 0000003f: PUSH1 0x40 00000041: MSTORE 00000042: PUSH1 0x20 00000044: PUSH1 0x40 00000046: RETURN 00000047: JUMPDEST 00000048: PUSH1 0x02 0000004a: SLOAD 0000004b: NUMBER 0000004c: SLT 0000004d: ISZERO 0000004e: PUSH2 0x0107 00000051: JUMPI 00000052: PUSH1 0x00 00000054: PUSH1 0x00 00000056: PUSH1 0x00 00000058: PUSH1 0x00 0000005a: CALLVALUE 0000005b: PUSH1 0x01 0000005d: SLOAD 0000005e: PUSH2 0x1388 00000061: CALL 00000062: POP 00000063: CALLVALUE 00000064: PUSH1 0x60 00000066: PUSH1 0x60 00000068: MSIZE 00000069: SWAP1 0000006a: MSIZE 0000006b: ADD 0000006c: PUSH1 0x00 0000006e: SWAP1 0000006f: MSTORE 00000070: PUSH1 0x00 00000072: DUP2 00000073: MSTORE 00000074: PUSH1 0x00 00000076: SLOAD 00000077: DUP2 00000078: PUSH1 0x20 0000007a: ADD 0000007b: MSTORE 0000007c: PUSH1 0x01 0000007e: DUP2 0000007f: PUSH1 0x40 00000081: ADD 00000082: MSTORE 00000083: DUP1 00000084: SWAP1 00000085: POP 00000086: KECCAK256 00000087: SSTORE 00000088: NUMBER 00000089: PUSH1 0x60 0000008b: PUSH1 0x60 0000008d: MSIZE 0000008e: SWAP1 0000008f: MSIZE 00000090: ADD 00000091: PUSH1 0x00 00000093: SWAP1 00000094: MSTORE 00000095: PUSH1 0x00 00000097: DUP2 00000098: MSTORE 00000099: PUSH1 0x00 0000009b: SLOAD 0000009c: DUP2 0000009d: PUSH1 0x20 0000009f: ADD 000000a0: MSTORE 000000a1: PUSH1 0x02 000000a3: DUP2 000000a4: PUSH1 0x40 000000a6: ADD 000000a7: MSTORE 000000a8: DUP1 000000a9: SWAP1 000000aa: POP 000000ab: KECCAK256 000000ac: SSTORE 000000ad: ORIGIN 000000ae: PUSH1 0x60 000000b0: PUSH1 0x60 000000b2: MSIZE 000000b3: SWAP1 000000b4: MSIZE 000000b5: ADD 000000b6: PUSH1 0x00 000000b8: SWAP1 000000b9: MSTORE 000000ba: PUSH1 0x00 000000bc: DUP2 000000bd: MSTORE 000000be: PUSH1 0x00 000000c0: SLOAD 000000c1: DUP2 000000c2: PUSH1 0x20 000000c4: ADD 000000c5: MSTORE 000000c6: PUSH1 0x00 000000c8: DUP2 000000c9: PUSH1 0x40 000000cb: ADD 000000cc: MSTORE 000000cd: DUP1 000000ce: SWAP1 000000cf: POP 000000d0: KECCAK256 000000d1: SSTORE 000000d2: PUSH1 0x00 000000d4: SLOAD 000000d5: PUSH1 0x40 000000d7: PUSH1 0x40 000000d9: MSIZE 000000da: SWAP1 000000db: MSIZE 000000dc: ADD 000000dd: PUSH1 0x00 000000df: SWAP1 000000e0: MSTORE 000000e1: PUSH1 0x02 000000e3: DUP2 000000e4: MSTORE 000000e5: ORIGIN 000000e6: DUP2 000000e7: PUSH1 0x20 000000e9: ADD 000000ea: MSTORE 000000eb: DUP1 000000ec: SWAP1 000000ed: POP 000000ee: KECCAK256 000000ef: SSTORE 000000f0: PUSH1 0x01 000000f2: PUSH1 0x00 000000f4: SLOAD 000000f5: ADD 000000f6: PUSH1 0x00 000000f8: SSTORE 000000f9: PUSH1 0x01 000000fb: PUSH1 0xe0 000000fd: MSTORE 000000fe: PUSH1 0x20 00000100: PUSH1 0xe0 00000102: RETURN 00000103: PUSH2 0x0114 00000106: JUMP 00000107: JUMPDEST 00000108: PUSH1 0x00 0000010a: PUSH2 0x0100 0000010d: MSTORE 0000010e: PUSH1 0x20 00000110: PUSH2 0x0100 00000113: RETURN 00000114: JUMPDEST 00000115: JUMPDEST 00000116: PUSH4 0xcd8c5598 0000011b: DUP2 0000011c: EQ 0000011d: ISZERO 0000011e: PUSH2 0x01bf 00000121: JUMPI 00000122: PUSH1 0x04 00000124: CALLDATALOAD 00000125: PUSH2 0x0120 00000128: MSTORE 00000129: PUSH1 0x00 0000012b: PUSH2 0x0140 0000012e: MSTORE 0000012f: PUSH1 0x00 00000131: PUSH2 0x0160 00000134: MSTORE 00000135: JUMPDEST 00000136: PUSH1 0x00 00000138: SLOAD 00000139: PUSH2 0x0160 0000013c: MLOAD 0000013d: SLT 0000013e: ISZERO 0000013f: PUSH2 0x01b0 00000142: JUMPI 00000143: PUSH1 0x60 00000145: PUSH1 0x60 00000147: MSIZE 00000148: SWAP1 00000149: MSIZE 0000014a: ADD 0000014b: PUSH1 0x00 0000014d: SWAP1 0000014e: MSTORE 0000014f: PUSH1 0x00 00000151: DUP2 00000152: MSTORE 00000153: PUSH2 0x0160 00000156: MLOAD 00000157: DUP2 00000158: PUSH1 0x20 0000015a: ADD 0000015b: MSTORE 0000015c: PUSH1 0x00 0000015e: DUP2 0000015f: PUSH1 0x40 00000161: ADD 00000162: MSTORE 00000163: DUP1 00000164: SWAP1 00000165: POP 00000166: KECCAK256 00000167: SLOAD 00000168: PUSH2 0x0120 0000016b: MLOAD 0000016c: EQ 0000016d: ISZERO 0000016e: PUSH2 0x01a0 00000171: JUMPI 00000172: PUSH1 0x60 00000174: PUSH1 0x60 00000176: MSIZE 00000177: SWAP1 00000178: MSIZE 00000179: ADD 0000017a: PUSH1 0x00 0000017c: SWAP1 0000017d: MSTORE 0000017e: PUSH1 0x00 00000180: DUP2 00000181: MSTORE 00000182: PUSH2 0x0160 00000185: MLOAD 00000186: DUP2 00000187: PUSH1 0x20 00000189: ADD 0000018a: MSTORE 0000018b: PUSH1 0x01 0000018d: DUP2 0000018e: PUSH1 0x40 00000190: ADD 00000191: MSTORE 00000192: DUP1 00000193: SWAP1 00000194: POP 00000195: KECCAK256 00000196: SLOAD 00000197: PUSH2 0x0140 0000019a: MLOAD 0000019b: ADD 0000019c: PUSH2 0x0140 0000019f: MSTORE 000001a0: JUMPDEST 000001a1: PUSH1 0x01 000001a3: PUSH2 0x0160 000001a6: MLOAD 000001a7: ADD 000001a8: PUSH2 0x0160 000001ab: MSTORE 000001ac: PUSH2 0x0135 000001af: JUMP 000001b0: JUMPDEST 000001b1: PUSH2 0x0140 000001b4: MLOAD 000001b5: PUSH2 0x01c0 000001b8: MSTORE 000001b9: PUSH1 0x20 000001bb: PUSH2 0x01c0 000001be: RETURN 000001bf: JUMPDEST 000001c0: PUSH4 0x2b96d14d 000001c5: DUP2 000001c6: EQ 000001c7: ISZERO 000001c8: PUSH2 0x021c 000001cb: JUMPI 000001cc: PUSH1 0x04 000001ce: CALLDATALOAD 000001cf: PUSH2 0x0120 000001d2: MSTORE 000001d3: PUSH1 0x60 000001d5: PUSH1 0x60 000001d7: MSIZE 000001d8: SWAP1 000001d9: MSIZE 000001da: ADD 000001db: PUSH1 0x00 000001dd: SWAP1 000001de: MSTORE 000001df: PUSH1 0x00 000001e1: DUP2 000001e2: MSTORE 000001e3: PUSH1 0x40 000001e5: PUSH1 0x40 000001e7: MSIZE 000001e8: SWAP1 000001e9: MSIZE 000001ea: ADD 000001eb: PUSH1 0x00 000001ed: SWAP1 000001ee: MSTORE 000001ef: PUSH1 0x02 000001f1: DUP2 000001f2: MSTORE 000001f3: PUSH2 0x0120 000001f6: MLOAD 000001f7: DUP2 000001f8: PUSH1 0x20 000001fa: ADD 000001fb: MSTORE 000001fc: DUP1 000001fd: SWAP1 000001fe: POP 000001ff: KECCAK256 00000200: SLOAD 00000201: DUP2 00000202: PUSH1 0x20 00000204: ADD 00000205: MSTORE 00000206: PUSH1 0x02 00000208: DUP2 00000209: PUSH1 0x40 0000020b: ADD 0000020c: MSTORE 0000020d: DUP1 0000020e: SWAP1 0000020f: POP 00000210: KECCAK256 00000211: SLOAD 00000212: PUSH2 0x01e0 00000215: MSTORE 00000216: PUSH1 0x20 00000218: PUSH2 0x01e0 0000021b: RETURN 0000021c: JUMPDEST 0000021d: PUSH4 0xc6bdc5d2 00000222: DUP2 00000223: EQ 00000224: ISZERO 00000225: PUSH2 0x0236 00000228: JUMPI 00000229: PUSH1 0x00 0000022b: SLOAD 0000022c: PUSH2 0x0240 0000022f: MSTORE 00000230: PUSH1 0x20 00000232: PUSH2 0x0240 00000235: RETURN 00000236: JUMPDEST 00000237: PUSH4 0x111f45df 0000023c: DUP2 0000023d: EQ 0000023e: ISZERO 0000023f: PUSH2 0x0279 00000242: JUMPI 00000243: PUSH1 0x04 00000245: CALLDATALOAD 00000246: PUSH2 0x0260 00000249: MSTORE 0000024a: PUSH1 0x60 0000024c: PUSH1 0x60 0000024e: MSIZE 0000024f: SWAP1 00000250: MSIZE 00000251: ADD 00000252: PUSH1 0x00 00000254: SWAP1 00000255: MSTORE 00000256: PUSH1 0x00 00000258: DUP2 00000259: MSTORE 0000025a: PUSH2 0x0260 0000025d: MLOAD 0000025e: DUP2 0000025f: PUSH1 0x20 00000261: ADD 00000262: MSTORE 00000263: PUSH1 0x01 00000265: DUP2 00000266: PUSH1 0x40 00000268: ADD 00000269: MSTORE 0000026a: DUP1 0000026b: SWAP1 0000026c: POP 0000026d: KECCAK256 0000026e: SLOAD 0000026f: PUSH2 0x0280 00000272: MSTORE 00000273: PUSH1 0x20 00000275: PUSH2 0x0280 00000278: RETURN 00000279: JUMPDEST 0000027a: PUSH4 0x03ba3481 0000027f: DUP2 00000280: EQ 00000281: ISZERO 00000282: PUSH2 0x02bc 00000285: JUMPI 00000286: PUSH1 0x04 00000288: CALLDATALOAD 00000289: PUSH2 0x0260 0000028c: MSTORE 0000028d: PUSH1 0x60 0000028f: PUSH1 0x60 00000291: MSIZE 00000292: SWAP1 00000293: MSIZE 00000294: ADD 00000295: PUSH1 0x00 00000297: SWAP1 00000298: MSTORE 00000299: PUSH1 0x00 0000029b: DUP2 0000029c: MSTORE 0000029d: PUSH2 0x0260 000002a0: MLOAD 000002a1: DUP2 000002a2: PUSH1 0x20 000002a4: ADD 000002a5: MSTORE 000002a6: PUSH1 0x00 000002a8: DUP2 000002a9: PUSH1 0x40 000002ab: ADD 000002ac: MSTORE 000002ad: DUP1 000002ae: SWAP1 000002af: POP 000002b0: KECCAK256 000002b1: SLOAD 000002b2: PUSH2 0x02c0 000002b5: MSTORE 000002b6: PUSH1 0x20 000002b8: PUSH2 0x02c0 000002bb: RETURN 000002bc: JUMPDEST 000002bd: PUSH4 0x654fcc02 000002c2: DUP2 000002c3: EQ 000002c4: ISZERO 000002c5: PUSH2 0x02ff 000002c8: JUMPI 000002c9: PUSH1 0x04 000002cb: CALLDATALOAD 000002cc: PUSH2 0x0260 000002cf: MSTORE 000002d0: PUSH1 0x60 000002d2: PUSH1 0x60 000002d4: MSIZE 000002d5: SWAP1 000002d6: MSIZE 000002d7: ADD 000002d8: PUSH1 0x00 000002da: SWAP1 000002db: MSTORE 000002dc: PUSH1 0x00 000002de: DUP2 000002df: MSTORE 000002e0: PUSH2 0x0260 000002e3: MLOAD 000002e4: DUP2 000002e5: PUSH1 0x20 000002e7: ADD 000002e8: MSTORE 000002e9: PUSH1 0x02 000002eb: DUP2 000002ec: PUSH1 0x40 000002ee: ADD 000002ef: MSTORE 000002f0: DUP1 000002f1: SWAP1 000002f2: POP 000002f3: KECCAK256 000002f4: SLOAD 000002f5: PUSH2 0x0300 000002f8: MSTORE 000002f9: PUSH1 0x20 000002fb: PUSH2 0x0300 000002fe: RETURN 000002ff: JUMPDEST 00000300: PUSH4 0xf0a0cdf4 00000305: DUP2 00000306: EQ 00000307: ISZERO 00000308: PUSH2 0x033b 0000030b: JUMPI 0000030c: PUSH1 0x04 0000030e: CALLDATALOAD 0000030f: PUSH2 0x0120 00000312: MSTORE 00000313: PUSH1 0x40 00000315: PUSH1 0x40 00000317: MSIZE 00000318: SWAP1 00000319: MSIZE 0000031a: ADD 0000031b: PUSH1 0x00 0000031d: SWAP1 0000031e: MSTORE 0000031f: PUSH1 0x02 00000321: DUP2 00000322: MSTORE 00000323: PUSH2 0x0120 00000326: MLOAD 00000327: DUP2 00000328: PUSH1 0x20 0000032a: ADD 0000032b: MSTORE 0000032c: DUP1 0000032d: SWAP1 0000032e: POP 0000032f: KECCAK256 00000330: SLOAD 00000331: PUSH2 0x0340 00000334: MSTORE 00000335: PUSH1 0x20 00000337: PUSH2 0x0340 0000033a: RETURN 0000033b: JUMPDEST 0000033c: PUSH4 0xb0e66aca 00000341: DUP2 00000342: EQ 00000343: ISZERO 00000344: PUSH2 0x0356 00000347: JUMPI 00000348: PUSH1 0x01 0000034a: SLOAD 0000034b: BALANCE 0000034c: PUSH2 0x0380 0000034f: MSTORE 00000350: PUSH1 0x20 00000352: PUSH2 0x0380 00000355: RETURN 00000356: JUMPDEST 00000357: POP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x45466f3a",
"selector": "0x45466f3a",
"calldata_variants": [
"0x45466f3a",
"0x45466f3a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcd8c5598",
"selector": "0xcd8c5598",
"calldata_variants": [
"0xcd8c5598",
"0xcd8c55980000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2b96d14d",
"selector": "0x2b96d14d",
"calldata_variants": [
"0x2b96d14d",
"0x2b96d14d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc6bdc5d2",
"selector": "0xc6bdc5d2",
"calldata_variants": [
"0xc6bdc5d2",
"0xc6bdc5d20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x111f45df",
"selector": "0x111f45df",
"calldata_variants": [
"0x111f45df",
"0x111f45df0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x03ba3481",
"selector": "0x03ba3481",
"calldata_variants": [
"0x03ba3481",
"0x03ba34810000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x654fcc02",
"selector": "0x654fcc02",
"calldata_variants": [
"0x654fcc02",
"0x654fcc020000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf0a0cdf4",
"selector": "0xf0a0cdf4",
"calldata_variants": [
"0xf0a0cdf4",
"0xf0a0cdf40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 173,
"type": "tx_origin_used"
},
{
"pc": 229,
"type": "tx_origin_used"
}
]
}
|
| low | other | detector | External CALL present | 40 | no | no |
viewtrace_id: 0x27419031dd58fc291b345ddc8dbf141622068f1e30b4075453f6d8da3ee3ab08
call_targets:
0xe28e72fcf78647adce1f1252f240bbfaebd63bcc
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x27419031dd58fc291b345ddc8dbf141622068f1e30b4075453f6d8da3ee3ab08",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xe28e72fcf78647adce1f1252f240bbfaebd63bcc"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x45466f3a",
"selector": "0x45466f3a",
"calldata_variants": [
"0x45466f3a",
"0x45466f3a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcd8c5598",
"selector": "0xcd8c5598",
"calldata_variants": [
"0xcd8c5598",
"0xcd8c55980000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2b96d14d",
"selector": "0x2b96d14d",
"calldata_variants": [
"0x2b96d14d",
"0x2b96d14d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc6bdc5d2",
"selector": "0xc6bdc5d2",
"calldata_variants": [
"0xc6bdc5d2",
"0xc6bdc5d20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x111f45df",
"selector": "0x111f45df",
"calldata_variants": [
"0x111f45df",
"0x111f45df0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x03ba3481",
"selector": "0x03ba3481",
"calldata_variants": [
"0x03ba3481",
"0x03ba34810000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x654fcc02",
"selector": "0x654fcc02",
"calldata_variants": [
"0x654fcc02",
"0x654fcc020000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf0a0cdf4",
"selector": "0xf0a0cdf4",
"calldata_variants": [
"0xf0a0cdf4",
"0xf0a0cdf40000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"call_count": 1
}
|