TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

2a314066-1e96-41a4-a96d-3f8fd40245a0

failed
Chain ID
1
Address
0x734e1524c99e28defbb9a14e0bffb0adfef2515b
Block Number
Created
Mon, Jan 5, 2026 5:25 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31697 report.consolidate complete 1 / 1 3 months ago
95605 artifact.fetch failed 1 / 3 1 week ago
95606 tool.cast_disasm complete 1 / 3 1 week ago
95607 analysis.bundle complete 1 / 3 1 week ago
95608 capability.graph complete 1 / 3 1 week ago
95609 detector.run complete 1 / 3 1 week ago
95610 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
Reviewed `contracts/contracts/PaymentSplitter.sol` in `AUDIT_BUNDLE.txt`; standard OZ-style splitter with pull payments and no exploitable profit paths found.
View stderr 
[codex:579683] OpenAI Codex v0.77.0 (research preview)
[codex:579683] --------
[codex:579683] workdir: /tmp/codex-multi-w6sgq1jf
[codex:579683] model: gpt-5.2-codex
[codex:579683] provider: openai
[codex:579683] approval: never
[codex:579683] sandbox: read-only
[codex:579683] reasoning effort: xhigh
[codex:579683] reasoning summaries: auto
[codex:579683] session id: 019b8c9e-0762-7760-bec1-94abf6f75655
[codex:579683] --------
[codex:579683] user
[codex:579683] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:579683] 
[codex:579683] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:579683] 
[codex:579683] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:579683] - Gas inefficiency, code quality, naming, or best practices
[codex:579683] - Theoretical vulnerabilities without a clear extraction path
[codex:579683] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:579683] - Front-running unless it enables theft beyond MEV
[codex:579683] - DoS, griefing, or issues that don't result in attacker profit
[codex:579683] - Missing events, view function issues, or informational findings
[codex:579683] 
[codex:579683] HIGH-VALUE PATTERNS TO HUNT:
[codex:579683] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:579683] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:579683] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:579683] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:579683] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:579683] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:579683] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:579683] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:579683] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:579683] 
[codex:579683] For each finding, you MUST provide:
[codex:579683] 1. Exact file and line numbers of vulnerable code
[codex:579683] 2. Step-by-step exploit transaction sequence
[codex:579683] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:579683] 
[codex:579683] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:579683] 
[codex:579683] Output MUST be valid JSON matching the provided schema.
[codex:579683] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:579683] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:579683] mcp startup: no servers
[codex:579683] 
[codex:579683] thinking
[codex:579683] **Preparing to audit by reviewing AUDIT_BUNDLE.txt**
[codex:579683] exec
[codex:579683] /bin/bash -lc ls in /tmp/codex-multi-w6sgq1jf succeeded in 6ms:
[codex:579683] AUDIT_BUNDLE.txt
[codex:579683] codex-output-schema.json
[codex:579683] contracts
[codex:579683] exec
[codex:579683] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-w6sgq1jf succeeded in 5ms:
[codex:579683] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:579683] 
[codex:579683] ================================================================================
[codex:579683] FILE: contracts/contracts/PaymentSplitter.sol
[codex:579683] ================================================================================
[codex:579683] // SPDX-License-Identifier: MIT
[codex:579683] 
[codex:579683] pragma solidity ^0.8.0;
[codex:579683] 
[codex:579683] import "@openzeppelin/contracts/utils/Address.sol";
[codex:579683] import "@openzeppelin/contracts/utils/Context.sol";
[codex:579683] import "@openzeppelin/contracts/utils/math/SafeMath.sol";
[codex:579683] 
[codex:579683] /**
[codex:579683]  * @title PaymentSplitter
[codex:579683]  * @dev This contract allows to split Ether payments among a group of accounts. The sender does not need to be aware
[codex:579683]  * that the Ether will be split in this way, since it is handled transparently by the contract.
[codex:579683]  *
[codex:579683]  * The split can be in equal parts or in any other arbitrary proportion. The way this is specified is by assigning each
[codex:579683]  * account to a number of shares. Of all the Ether that this contract receives, each account will then be able to claim
[codex:579683] 
[codex:579683] thinking
[codex:579683] **Confirming no vulnerabilities found**
[codex:579683] codex
[codex:579683] {"no_findings":true,"summary":"Reviewed `contracts/contracts/PaymentSplitter.sol` in `AUDIT_BUNDLE.txt`; standard OZ-style splitter with pull payments and no exploitable profit paths found.","findings":[]}
[codex:579683] tokens used
[codex:579683] 7,612
[codex:579683] {"no_findings":true,"summary":"Reviewed `contracts/contracts/PaymentSplitter.sol` in `AUDIT_BUNDLE.txt`; standard OZ-style splitter with pull payments and no exploitable profit paths found.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-05T05:25:32.389428+00:00",
        "returncode": 0
    },
    "summary": "Reviewed `contracts/contracts/PaymentSplitter.sol` in `AUDIT_BUNDLE.txt`; standard OZ-style splitter with pull payments and no exploitable profit paths found.",
    "raw_final": {
        "summary": "Reviewed `contracts/contracts/PaymentSplitter.sol` in `AUDIT_BUNDLE.txt`; standard OZ-style splitter with pull payments and no exploitable profit paths found.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
957
Flags
create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0059
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x19165587
00000019: EQ
0000001a: PUSH2 0x00a5
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x3a98ef39
00000024: EQ
00000025: PUSH2 0x00c7
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x8b83209b
0000002f: EQ
00000030: PUSH2 0x00f2
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0x9852595c
0000003a: EQ
0000003b: PUSH2 0x011f
0000003e: JUMPI
0000003f: DUP1
00000040: PUSH4 0xce7c2ac2
00000045: EQ
00000046: PUSH2 0x013f
00000049: JUMPI
0000004a: DUP1
0000004b: PUSH4 0xe33b7de3
00000050: EQ
00000051: PUSH2 0x015f
00000054: JUMPI
00000055: PUSH2 0x00a0
00000058: JUMP
00000059: JUMPDEST
0000005a: CALLDATASIZE
0000005b: PUSH2 0x00a0
0000005e: JUMPI
0000005f: PUSH32 0x6ef95f06320e7a25a04a175ca677b7052bdd97131872c2192525a629f51be770
00000080: PUSH2 0x0087
00000083: PUSH2 0x0174
00000086: JUMP
00000087: JUMPDEST
00000088: CALLVALUE
00000089: PUSH1 0x40
0000008b: MLOAD
0000008c: PUSH2 0x0096
0000008f: SWAP3
00000090: SWAP2
00000091: SWAP1
00000092: PUSH2 0x0438
00000095: JUMP
00000096: JUMPDEST
00000097: PUSH1 0x40
00000099: MLOAD
0000009a: DUP1
0000009b: SWAP2
0000009c: SUB
0000009d: SWAP1
0000009e: LOG1
0000009f: STOP
000000a0: JUMPDEST
000000a1: PUSH1 0x00
000000a3: DUP1
000000a4: REVERT
000000a5: JUMPDEST
000000a6: CALLVALUE
000000a7: DUP1
000000a8: ISZERO
000000a9: PUSH2 0x00b1
000000ac: JUMPI
000000ad: PUSH1 0x00
000000af: DUP1
000000b0: REVERT
000000b1: JUMPDEST
000000b2: POP
000000b3: PUSH2 0x00c5
000000b6: PUSH2 0x00c0
000000b9: CALLDATASIZE
000000ba: PUSH1 0x04
000000bc: PUSH2 0x03e6
000000bf: JUMP
000000c0: JUMPDEST
000000c1: PUSH2 0x0178
000000c4: JUMP
000000c5: JUMPDEST
000000c6: STOP
000000c7: JUMPDEST
000000c8: CALLVALUE
000000c9: DUP1
000000ca: ISZERO
000000cb: PUSH2 0x00d3
000000ce: JUMPI
000000cf: PUSH1 0x00
000000d1: DUP1
000000d2: REVERT
000000d3: JUMPDEST
000000d4: POP
000000d5: PUSH2 0x00dc
000000d8: PUSH2 0x02c5
000000db: JUMP
000000dc: JUMPDEST
000000dd: PUSH1 0x40
000000df: MLOAD
000000e0: PUSH2 0x00e9
000000e3: SWAP2
000000e4: SWAP1
000000e5: PUSH2 0x0576
000000e8: JUMP
000000e9: JUMPDEST
000000ea: PUSH1 0x40
000000ec: MLOAD
000000ed: DUP1
000000ee: SWAP2
000000ef: SUB
000000f0: SWAP1
000000f1: RETURN
000000f2: JUMPDEST
000000f3: CALLVALUE
000000f4: DUP1
000000f5: ISZERO
000000f6: PUSH2 0x00fe
000000f9: JUMPI
000000fa: PUSH1 0x00
000000fc: DUP1
000000fd: REVERT
000000fe: JUMPDEST
000000ff: POP
00000100: PUSH2 0x0112
00000103: PUSH2 0x010d
00000106: CALLDATASIZE
00000107: PUSH1 0x04
00000109: PUSH2 0x0409
0000010c: JUMP
0000010d: JUMPDEST
0000010e: PUSH2 0x02cb
00000111: JUMP
00000112: JUMPDEST
00000113: PUSH1 0x40
00000115: MLOAD
00000116: PUSH2 0x00e9
00000119: SWAP2
0000011a: SWAP1
0000011b: PUSH2 0x0424
0000011e: JUMP
0000011f: JUMPDEST
00000120: CALLVALUE
00000121: DUP1
00000122: ISZERO
00000123: PUSH2 0x012b
00000126: JUMPI
00000127: PUSH1 0x00
00000129: DUP1
0000012a: REVERT
0000012b: JUMPDEST
0000012c: POP
0000012d: PUSH2 0x00dc
00000130: PUSH2 0x013a
00000133: CALLDATASIZE
00000134: PUSH1 0x04
00000136: PUSH2 0x03e6
00000139: JUMP
0000013a: JUMPDEST
0000013b: PUSH2 0x0309
0000013e: JUMP
0000013f: JUMPDEST
00000140: CALLVALUE
00000141: DUP1
00000142: ISZERO
00000143: PUSH2 0x014b
00000146: JUMPI
00000147: PUSH1 0x00
00000149: DUP1
0000014a: REVERT
0000014b: JUMPDEST
0000014c: POP
0000014d: PUSH2 0x00dc
00000150: PUSH2 0x015a
00000153: CALLDATASIZE
00000154: PUSH1 0x04
00000156: PUSH2 0x03e6
00000159: JUMP
0000015a: JUMPDEST
0000015b: PUSH2 0x0324
0000015e: JUMP
0000015f: JUMPDEST
00000160: CALLVALUE
00000161: DUP1
00000162: ISZERO
00000163: PUSH2 0x016b
00000166: JUMPI
00000167: PUSH1 0x00
00000169: DUP1
0000016a: REVERT
0000016b: JUMPDEST
0000016c: POP
0000016d: PUSH2 0x00dc
00000170: PUSH2 0x033f
00000173: JUMP
00000174: JUMPDEST
00000175: CALLER
00000176: SWAP1
00000177: JUMP
00000178: JUMPDEST
00000179: PUSH1 0x01
0000017b: PUSH1 0x01
0000017d: PUSH1 0xa0
0000017f: SHL
00000180: SUB
00000181: DUP2
00000182: AND
00000183: PUSH1 0x00
00000185: SWAP1
00000186: DUP2
00000187: MSTORE
00000188: PUSH1 0x02
0000018a: PUSH1 0x20
0000018c: MSTORE
0000018d: PUSH1 0x40
0000018f: SWAP1
00000190: KECCAK256
00000191: SLOAD
00000192: PUSH2 0x01b6
00000195: JUMPI
00000196: PUSH1 0x40
00000198: MLOAD
00000199: PUSH3 0x461bcd
0000019d: PUSH1 0xe5
0000019f: SHL
000001a0: DUP2
000001a1: MSTORE
000001a2: PUSH1 0x04
000001a4: ADD
000001a5: PUSH2 0x01ad
000001a8: SWAP1
000001a9: PUSH2 0x0451
000001ac: JUMP
000001ad: JUMPDEST
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: DUP1
000001b2: SWAP2
000001b3: SUB
000001b4: SWAP1
000001b5: REVERT
000001b6: JUMPDEST
000001b7: PUSH1 0x00
000001b9: PUSH1 0x01
000001bb: SLOAD
000001bc: SELFBALANCE
000001bd: PUSH2 0x01c6
000001c0: SWAP2
000001c1: SWAP1
000001c2: PUSH2 0x057f
000001c5: JUMP
000001c6: JUMPDEST
000001c7: PUSH1 0x01
000001c9: PUSH1 0x01
000001cb: PUSH1 0xa0
000001cd: SHL
000001ce: SUB
000001cf: DUP4
000001d0: AND
000001d1: PUSH1 0x00
000001d3: SWAP1
000001d4: DUP2
000001d5: MSTORE
000001d6: PUSH1 0x03
000001d8: PUSH1 0x20
000001da: SWAP1
000001db: DUP2
000001dc: MSTORE
000001dd: PUSH1 0x40
000001df: DUP1
000001e0: DUP4
000001e1: KECCAK256
000001e2: SLOAD
000001e3: DUP4
000001e4: SLOAD
000001e5: PUSH1 0x02
000001e7: SWAP1
000001e8: SWAP4
000001e9: MSTORE
000001ea: SWAP1
000001eb: DUP4
000001ec: KECCAK256
000001ed: SLOAD
000001ee: SWAP4
000001ef: SWAP5
000001f0: POP
000001f1: SWAP2
000001f2: SWAP3
000001f3: PUSH2 0x01fc
000001f6: SWAP1
000001f7: DUP6
000001f8: PUSH2 0x05b7
000001fb: JUMP
000001fc: JUMPDEST
000001fd: PUSH2 0x0206
00000200: SWAP2
00000201: SWAP1
00000202: PUSH2 0x0597
00000205: JUMP
00000206: JUMPDEST
00000207: PUSH2 0x0210
0000020a: SWAP2
0000020b: SWAP1
0000020c: PUSH2 0x05d6
0000020f: JUMP
00000210: JUMPDEST
00000211: SWAP1
00000212: POP
00000213: DUP1
00000214: PUSH2 0x022f
00000217: JUMPI
00000218: PUSH1 0x40
0000021a: MLOAD
0000021b: PUSH3 0x461bcd
0000021f: PUSH1 0xe5
00000221: SHL
00000222: DUP2
00000223: MSTORE
00000224: PUSH1 0x04
00000226: ADD
00000227: PUSH2 0x01ad
0000022a: SWAP1
0000022b: PUSH2 0x052b
0000022e: JUMP
0000022f: JUMPDEST
00000230: PUSH1 0x01
00000232: PUSH1 0x01
00000234: PUSH1 0xa0
00000236: SHL
00000237: SUB
00000238: DUP4
00000239: AND
0000023a: PUSH1 0x00
0000023c: SWAP1
0000023d: DUP2
0000023e: MSTORE
0000023f: PUSH1 0x03
00000241: PUSH1 0x20
00000243: MSTORE
00000244: PUSH1 0x40
00000246: SWAP1
00000247: KECCAK256
00000248: SLOAD
00000249: PUSH2 0x0253
0000024c: SWAP1
0000024d: DUP3
0000024e: SWAP1
0000024f: PUSH2 0x057f
00000252: JUMP
00000253: JUMPDEST
00000254: PUSH1 0x01
00000256: PUSH1 0x01
00000258: PUSH1 0xa0
0000025a: SHL
0000025b: SUB
0000025c: DUP5
0000025d: AND
0000025e: PUSH1 0x00
00000260: SWAP1
00000261: DUP2
00000262: MSTORE
00000263: PUSH1 0x03
00000265: PUSH1 0x20
00000267: MSTORE
00000268: PUSH1 0x40
0000026a: SWAP1
0000026b: KECCAK256
0000026c: SSTORE
0000026d: PUSH1 0x01
0000026f: SLOAD
00000270: PUSH2 0x027a
00000273: SWAP1
00000274: DUP3
00000275: SWAP1
00000276: PUSH2 0x057f
00000279: JUMP
0000027a: JUMPDEST
0000027b: PUSH1 0x01
0000027d: SSTORE
0000027e: PUSH2 0x0287
00000281: DUP4
00000282: DUP3
00000283: PUSH2 0x0345
00000286: JUMP
00000287: JUMPDEST
00000288: PUSH32 0xdf20fd1e76bc69d672e4814fafb2c449bba3a5369d8359adf9e05e6fde87b056
000002a9: DUP4
000002aa: DUP3
000002ab: PUSH1 0x40
000002ad: MLOAD
000002ae: PUSH2 0x02b8
000002b1: SWAP3
000002b2: SWAP2
000002b3: SWAP1
000002b4: PUSH2 0x0438
000002b7: JUMP
000002b8: JUMPDEST
000002b9: PUSH1 0x40
000002bb: MLOAD
000002bc: DUP1
000002bd: SWAP2
000002be: SUB
000002bf: SWAP1
000002c0: LOG1
000002c1: POP
000002c2: POP
000002c3: POP
000002c4: JUMP
000002c5: JUMPDEST
000002c6: PUSH1 0x00
000002c8: SLOAD
000002c9: SWAP1
000002ca: JUMP
000002cb: JUMPDEST
000002cc: PUSH1 0x00
000002ce: PUSH1 0x04
000002d0: DUP3
000002d1: DUP2
000002d2: SLOAD
000002d3: DUP2
000002d4: LT
000002d5: PUSH2 0x02ee
000002d8: JUMPI
000002d9: PUSH4 0x4e487b71
000002de: PUSH1 0xe0
000002e0: SHL
000002e1: PUSH1 0x00
000002e3: MSTORE
000002e4: PUSH1 0x32
000002e6: PUSH1 0x04
000002e8: MSTORE
000002e9: PUSH1 0x24
000002eb: PUSH1 0x00
000002ed: REVERT
000002ee: JUMPDEST
000002ef: PUSH1 0x00
000002f1: SWAP2
000002f2: DUP3
000002f3: MSTORE
000002f4: PUSH1 0x20
000002f6: SWAP1
000002f7: SWAP2
000002f8: KECCAK256
000002f9: ADD
000002fa: SLOAD
000002fb: PUSH1 0x01
000002fd: PUSH1 0x01
000002ff: PUSH1 0xa0
00000301: SHL
00000302: SUB
00000303: AND
00000304: SWAP3
00000305: SWAP2
00000306: POP
00000307: POP
00000308: JUMP
00000309: JUMPDEST
0000030a: PUSH1 0x01
0000030c: PUSH1 0x01
0000030e: PUSH1 0xa0
00000310: SHL
00000311: SUB
00000312: AND
00000313: PUSH1 0x00
00000315: SWAP1
00000316: DUP2
00000317: MSTORE
00000318: PUSH1 0x03
0000031a: PUSH1 0x20
0000031c: MSTORE
0000031d: PUSH1 0x40
0000031f: SWAP1
00000320: KECCAK256
00000321: SLOAD
00000322: SWAP1
00000323: JUMP
00000324: JUMPDEST
00000325: PUSH1 0x01
00000327: PUSH1 0x01
00000329: PUSH1 0xa0
0000032b: SHL
0000032c: SUB
0000032d: AND
0000032e: PUSH1 0x00
00000330: SWAP1
00000331: DUP2
00000332: MSTORE
00000333: PUSH1 0x02
00000335: PUSH1 0x20
00000337: MSTORE
00000338: PUSH1 0x40
0000033a: SWAP1
0000033b: KECCAK256
0000033c: SLOAD
0000033d: SWAP1
0000033e: JUMP
0000033f: JUMPDEST
00000340: PUSH1 0x01
00000342: SLOAD
00000343: SWAP1
00000344: JUMP
00000345: JUMPDEST
00000346: DUP1
00000347: SELFBALANCE
00000348: LT
00000349: ISZERO
0000034a: PUSH2 0x0365
0000034d: JUMPI
0000034e: PUSH1 0x40
00000350: MLOAD
00000351: PUSH3 0x461bcd
00000355: PUSH1 0xe5
00000357: SHL
00000358: DUP2
00000359: MSTORE
0000035a: PUSH1 0x04
0000035c: ADD
0000035d: PUSH2 0x01ad
00000360: SWAP1
00000361: PUSH2 0x04f4
00000364: JUMP
00000365: JUMPDEST
00000366: PUSH1 0x00
00000368: DUP3
00000369: PUSH1 0x01
0000036b: PUSH1 0x01
0000036d: PUSH1 0xa0
0000036f: SHL
00000370: SUB
00000371: AND
00000372: DUP3
00000373: PUSH1 0x40
00000375: MLOAD
00000376: PUSH2 0x037e
00000379: SWAP1
0000037a: PUSH2 0x0421
0000037d: JUMP
0000037e: JUMPDEST
0000037f: PUSH1 0x00
00000381: PUSH1 0x40
00000383: MLOAD
00000384: DUP1
00000385: DUP4
00000386: SUB
00000387: DUP2
00000388: DUP6
00000389: DUP8
0000038a: GAS
0000038b: CALL
0000038c: SWAP3
0000038d: POP
0000038e: POP
0000038f: POP
00000390: RETURNDATASIZE
00000391: DUP1
00000392: PUSH1 0x00
00000394: DUP2
00000395: EQ
00000396: PUSH2 0x03bb
00000399: JUMPI
0000039a: PUSH1 0x40
0000039c: MLOAD
0000039d: SWAP2
0000039e: POP
0000039f: PUSH1 0x1f
000003a1: NOT
000003a2: PUSH1 0x3f
000003a4: RETURNDATASIZE
000003a5: ADD
000003a6: AND
000003a7: DUP3
000003a8: ADD
000003a9: PUSH1 0x40
000003ab: MSTORE
000003ac: RETURNDATASIZE
000003ad: DUP3
000003ae: MSTORE
000003af: RETURNDATASIZE
000003b0: PUSH1 0x00
000003b2: PUSH1 0x20
000003b4: DUP5
000003b5: ADD
000003b6: RETURNDATACOPY
000003b7: PUSH2 0x03c0
000003ba: JUMP
000003bb: JUMPDEST
000003bc: PUSH1 0x60
000003be: SWAP2
000003bf: POP
000003c0: JUMPDEST
000003c1: POP
000003c2: POP
000003c3: SWAP1
000003c4: POP
000003c5: DUP1
000003c6: PUSH2 0x03e1
000003c9: JUMPI
000003ca: PUSH1 0x40
000003cc: MLOAD
000003cd: PUSH3 0x461bcd
000003d1: PUSH1 0xe5
000003d3: SHL
000003d4: DUP2
000003d5: MSTORE
000003d6: PUSH1 0x04
000003d8: ADD
000003d9: PUSH2 0x01ad
000003dc: SWAP1
000003dd: PUSH2 0x0497
000003e0: JUMP
000003e1: JUMPDEST
000003e2: POP
000003e3: POP
000003e4: POP
000003e5: JUMP
000003e6: JUMPDEST
000003e7: PUSH1 0x00
000003e9: PUSH1 0x20
000003eb: DUP3
000003ec: DUP5
000003ed: SUB
000003ee: SLT
000003ef: ISZERO
000003f0: PUSH2 0x03f7
000003f3: JUMPI
000003f4: DUP1
000003f5: DUP2
000003f6: REVERT
000003f7: JUMPDEST
000003f8: DUP2
000003f9: CALLDATALOAD
000003fa: PUSH2 0x0402
000003fd: DUP2
000003fe: PUSH2 0x0603
00000401: JUMP
00000402: JUMPDEST
00000403: SWAP4
00000404: SWAP3
00000405: POP
00000406: POP
00000407: POP
00000408: JUMP
00000409: JUMPDEST
0000040a: PUSH1 0x00
0000040c: PUSH1 0x20
0000040e: DUP3
0000040f: DUP5
00000410: SUB
00000411: SLT
00000412: ISZERO
00000413: PUSH2 0x041a
00000416: JUMPI
00000417: DUP1
00000418: DUP2
00000419: REVERT
0000041a: JUMPDEST
0000041b: POP
0000041c: CALLDATALOAD
0000041d: SWAP2
0000041e: SWAP1
0000041f: POP
00000420: JUMP
00000421: JUMPDEST
00000422: SWAP1
00000423: JUMP
00000424: JUMPDEST
00000425: PUSH1 0x01
00000427: PUSH1 0x01
00000429: PUSH1 0xa0
0000042b: SHL
0000042c: SUB
0000042d: SWAP2
0000042e: SWAP1
0000042f: SWAP2
00000430: AND
00000431: DUP2
00000432: MSTORE
00000433: PUSH1 0x20
00000435: ADD
00000436: SWAP1
00000437: JUMP
00000438: JUMPDEST
00000439: PUSH1 0x01
0000043b: PUSH1 0x01
0000043d: PUSH1 0xa0
0000043f: SHL
00000440: SUB
00000441: SWAP3
00000442: SWAP1
00000443: SWAP3
00000444: AND
00000445: DUP3
00000446: MSTORE
00000447: PUSH1 0x20
00000449: DUP3
0000044a: ADD
0000044b: MSTORE
0000044c: PUSH1 0x40
0000044e: ADD
0000044f: SWAP1
00000450: JUMP
00000451: JUMPDEST
00000452: PUSH1 0x20
00000454: DUP1
00000455: DUP3
00000456: MSTORE
00000457: PUSH1 0x26
00000459: SWAP1
0000045a: DUP3
0000045b: ADD
0000045c: MSTORE
0000045d: PUSH32 0x5061796d656e7453706c69747465723a206163636f756e7420686173206e6f20
0000047e: PUSH1 0x40
00000480: DUP3
00000481: ADD
00000482: MSTORE
00000483: PUSH6 0x736861726573
0000048a: PUSH1 0xd0
0000048c: SHL
0000048d: PUSH1 0x60
0000048f: DUP3
00000490: ADD
00000491: MSTORE
00000492: PUSH1 0x80
00000494: ADD
00000495: SWAP1
00000496: JUMP
00000497: JUMPDEST
00000498: PUSH1 0x20
0000049a: DUP1
0000049b: DUP3
0000049c: MSTORE
0000049d: PUSH1 0x3a
0000049f: SWAP1
000004a0: DUP3
000004a1: ADD
000004a2: MSTORE
000004a3: PUSH32 0x416464726573733a20756e61626c6520746f2073656e642076616c75652c2072
000004c4: PUSH1 0x40
000004c6: DUP3
000004c7: ADD
000004c8: MSTORE
000004c9: PUSH32 0x6563697069656e74206d61792068617665207265766572746564000000000000
000004ea: PUSH1 0x60
000004ec: DUP3
000004ed: ADD
000004ee: MSTORE
000004ef: PUSH1 0x80
000004f1: ADD
000004f2: SWAP1
000004f3: JUMP
000004f4: JUMPDEST
000004f5: PUSH1 0x20
000004f7: DUP1
000004f8: DUP3
000004f9: MSTORE
000004fa: PUSH1 0x1d
000004fc: SWAP1
000004fd: DUP3
000004fe: ADD
000004ff: MSTORE
00000500: PUSH32 0x416464726573733a20696e73756666696369656e742062616c616e6365000000
00000521: PUSH1 0x40
00000523: DUP3
00000524: ADD
00000525: MSTORE
00000526: PUSH1 0x60
00000528: ADD
00000529: SWAP1
0000052a: JUMP
0000052b: JUMPDEST
0000052c: PUSH1 0x20
0000052e: DUP1
0000052f: DUP3
00000530: MSTORE
00000531: PUSH1 0x2b
00000533: SWAP1
00000534: DUP3
00000535: ADD
00000536: MSTORE
00000537: PUSH32 0x5061796d656e7453706c69747465723a206163636f756e74206973206e6f7420
00000558: PUSH1 0x40
0000055a: DUP3
0000055b: ADD
0000055c: MSTORE
0000055d: PUSH11 0x191d59481c185e5b595b9d
00000569: PUSH1 0xaa
0000056b: SHL
0000056c: PUSH1 0x60
0000056e: DUP3
0000056f: ADD
00000570: MSTORE
00000571: PUSH1 0x80
00000573: ADD
00000574: SWAP1
00000575: JUMP
00000576: JUMPDEST
00000577: SWAP1
00000578: DUP2
00000579: MSTORE
0000057a: PUSH1 0x20
0000057c: ADD
0000057d: SWAP1
0000057e: JUMP
0000057f: JUMPDEST
00000580: PUSH1 0x00
00000582: DUP3
00000583: NOT
00000584: DUP3
00000585: GT
00000586: ISZERO
00000587: PUSH2 0x0592
0000058a: JUMPI
0000058b: PUSH2 0x0592
0000058e: PUSH2 0x05ed
00000591: JUMP
00000592: JUMPDEST
00000593: POP
00000594: ADD
00000595: SWAP1
00000596: JUMP
00000597: JUMPDEST
00000598: PUSH1 0x00
0000059a: DUP3
0000059b: PUSH2 0x05b2
0000059e: JUMPI
0000059f: PUSH4 0x4e487b71
000005a4: PUSH1 0xe0
000005a6: SHL
000005a7: DUP2
000005a8: MSTORE
000005a9: PUSH1 0x12
000005ab: PUSH1 0x04
000005ad: MSTORE
000005ae: PUSH1 0x24
000005b0: DUP2
000005b1: REVERT
000005b2: JUMPDEST
000005b3: POP
000005b4: DIV
000005b5: SWAP1
000005b6: JUMP
000005b7: JUMPDEST
000005b8: PUSH1 0x00
000005ba: DUP2
000005bb: PUSH1 0x00
000005bd: NOT
000005be: DIV
000005bf: DUP4
000005c0: GT
000005c1: DUP3
000005c2: ISZERO
000005c3: ISZERO
000005c4: AND
000005c5: ISZERO
000005c6: PUSH2 0x05d1
000005c9: JUMPI
000005ca: PUSH2 0x05d1
000005cd: PUSH2 0x05ed
000005d0: JUMP
000005d1: JUMPDEST
000005d2: POP
000005d3: MUL
000005d4: SWAP1
000005d5: JUMP
000005d6: JUMPDEST
000005d7: PUSH1 0x00
000005d9: DUP3
000005da: DUP3
000005db: LT
000005dc: ISZERO
000005dd: PUSH2 0x05e8
000005e0: JUMPI
000005e1: PUSH2 0x05e8
000005e4: PUSH2 0x05ed
000005e7: JUMP
000005e8: JUMPDEST
000005e9: POP
000005ea: SUB
000005eb: SWAP1
000005ec: JUMP
000005ed: JUMPDEST
000005ee: PUSH4 0x4e487b71
000005f3: PUSH1 0xe0
000005f5: SHL
000005f6: PUSH1 0x00
000005f8: MSTORE
000005f9: PUSH1 0x11
000005fb: PUSH1 0x04
000005fd: MSTORE
000005fe: PUSH1 0x24
00000600: PUSH1 0x00
00000602: REVERT
00000603: JUMPDEST
00000604: PUSH1 0x01
00000606: PUSH1 0x01
00000608: PUSH1 0xa0
0000060a: SHL
0000060b: SUB
0000060c: DUP2
0000060d: AND
0000060e: DUP2
0000060f: EQ
00000610: PUSH2 0x0618
00000613: JUMPI
00000614: PUSH1 0x00
00000616: DUP1
00000617: REVERT
00000618: JUMPDEST
00000619: POP
0000061a: JUMP
0000061b: INVALID
0000061c: LOG2
0000061d: PUSH5 0x6970667358
00000623: UNKNOWN(0x22)
00000624: SLT
00000625: KECCAK256
00000626: GT
00000627: SELFBALANCE
00000628: UNKNOWN(0xE8)
00000629: SWAP2
0000062a: UNKNOWN(0xC9)
0000062b: UNKNOWN(0xF8)
0000062c: UNKNOWN(0x22)
0000062d: DUP1
0000062e: UNKNOWN(0xBF)
0000062f: CREATE
00000630: UNKNOWN(0xAF)
00000631: DUP10
00000632: UNKNOWN(0x2F)
00000633: UNKNOWN(0x2A)
00000634: UNKNOWN(0xC4)
00000635: PUSH0
00000636: UNKNOWN(0xD3)
00000637: UNKNOWN(0xB4)
00000638: CODESIZE
00000639: UNKNOWN(0x0C)
0000063a: UNKNOWN(0xA5)
0000063b: UNKNOWN(0xD6)
0000063c: UNKNOWN(0xE8)
0000063d: CREATE
0000063e: PUSH10 0xafb21eb963c96f64736f
00000649: PUSH13

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x673078d5eb23c6186f454e81489de4cf90f9186877dec1a8f3b66fdd1f1258c6
call_targets: 0x734e1524c99e28defbb9a14e0bffb0adfef2515b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x673078d5eb23c6186f454e81489de4cf90f9186877dec1a8f3b66fdd1f1258c6",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x734e1524c99e28defbb9a14e0bffb0adfef2515b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x19165587",
            "selector": "0x19165587",
            "calldata_variants": [
                "0x19165587",
                "0x191655870000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3a98ef39",
            "selector": "0x3a98ef39",
            "calldata_variants": [
                "0x3a98ef39",
                "0x3a98ef390000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8b83209b",
            "selector": "0x8b83209b",
            "calldata_variants": [
                "0x8b83209b",
                "0x8b83209b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9852595c",
            "selector": "0x9852595c",
            "calldata_variants": [
                "0x9852595c",
                "0x9852595c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xce7c2ac2",
            "selector": "0xce7c2ac2",
            "calldata_variants": [
                "0xce7c2ac2",
                "0xce7c2ac20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe33b7de3",
            "selector": "0xe33b7de3",
            "calldata_variants": [
                "0xe33b7de3",
                "0xe33b7de30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 907,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x673078d5eb23c6186f454e81489de4cf90f9186877dec1a8f3b66fdd1f1258c6
call_targets: 0x734e1524c99e28defbb9a14e0bffb0adfef2515b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x673078d5eb23c6186f454e81489de4cf90f9186877dec1a8f3b66fdd1f1258c6",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x734e1524c99e28defbb9a14e0bffb0adfef2515b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x19165587",
            "selector": "0x19165587",
            "calldata_variants": [
                "0x19165587",
                "0x191655870000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3a98ef39",
            "selector": "0x3a98ef39",
            "calldata_variants": [
                "0x3a98ef39",
                "0x3a98ef390000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8b83209b",
            "selector": "0x8b83209b",
            "calldata_variants": [
                "0x8b83209b",
                "0x8b83209b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9852595c",
            "selector": "0x9852595c",
            "calldata_variants": [
                "0x9852595c",
                "0x9852595c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xce7c2ac2",
            "selector": "0xce7c2ac2",
            "calldata_variants": [
                "0xce7c2ac2",
                "0xce7c2ac20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe33b7de3",
            "selector": "0xe33b7de3",
            "calldata_variants": [
                "0xe33b7de3",
                "0xe33b7de30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 907,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0xa20cf2517b2946b758fb9df234f8dd9f01637bd31094e8964b8301a4435a7201
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0xa20cf2517b2946b758fb9df234f8dd9f01637bd31094e8964b8301a4435a7201",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x19165587",
            "selector": "0x19165587",
            "calldata_variants": [
                "0x19165587",
                "0x191655870000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3a98ef39",
            "selector": "0x3a98ef39",
            "calldata_variants": [
                "0x3a98ef39",
                "0x3a98ef390000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8b83209b",
            "selector": "0x8b83209b",
            "calldata_variants": [
                "0x8b83209b",
                "0x8b83209b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9852595c",
            "selector": "0x9852595c",
            "calldata_variants": [
                "0x9852595c",
                "0x9852595c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xce7c2ac2",
            "selector": "0xce7c2ac2",
            "calldata_variants": [
                "0xce7c2ac2",
                "0xce7c2ac20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe33b7de3",
            "selector": "0xe33b7de3",
            "calldata_variants": [
                "0xe33b7de3",
                "0xe33b7de30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 2,
    "create2_count": 0
}
low other cast Contract creation opcode present 60 no
view
evidence_json 
{
    "notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
    "create_count": 2,
    "create2_count": 0
}