2b79fb9f-7d1c-451a-9d0e-5446ac5f2f28
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 30203 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 93817 | artifact.fetch | complete | 1 / 3 | 2 weeks ago |
| 93818 | tool.cast_disasm | complete | 1 / 3 | 2 weeks ago |
| 93819 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 93820 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 93821 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 93822 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
[codex:955364] OpenAI Codex v0.77.0 (research preview)
[codex:955364] --------
[codex:955364] workdir: /tmp/codex-multi-yl08esee
[codex:955364] model: gpt-5.2-codex
[codex:955364] provider: openai
[codex:955364] approval: never
[codex:955364] sandbox: read-only
[codex:955364] reasoning effort: xhigh
[codex:955364] reasoning summaries: auto
[codex:955364] session id: 019b61b1-050c-7140-ba9d-234c732a55fc
[codex:955364] --------
[codex:955364] user
[codex:955364] You are a security auditor. You are given EVM runtime bytecode (and possibly a disassembly) for a contract with NO verified source.
[codex:955364] This is best-effort. Do not hallucinate: only flag issues when there's a concrete, explainable angle from bytecode/disasm patterns.
[codex:955364]
[codex:955364] You MUST read the full `BYTECODE_BUNDLE.txt` before concluding.
[codex:955364]
[codex:955364] Output MUST be valid JSON matching the provided schema.
[codex:955364] - If you cannot identify a concrete issue from bytecode/disasm alone: set no_findings=true and findings=[].
[codex:955364] - Otherwise: include findings with severity/category/title/evidence and point locations to BYTECODE_BUNDLE.txt line ranges when possible.
[codex:955364]
[codex:955364] Output constraints (IMPORTANT):
[codex:955364] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:955364] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:955364] mcp startup: no servers
[codex:955364]
[codex:955364] thinking
[codex:955364] **Preparing to read BYTECODE_BUNDLE.txt**
[codex:955364] exec
[codex:955364] /bin/bash -lc ls in /tmp/codex-multi-yl08esee succeeded in 5ms:
[codex:955364] BYTECODE_BUNDLE.txt
[codex:955364] codex-output-schema.json
[codex:955364]
[codex:955364] thinking
[codex:955364] **Reading entire file**
[codex:955364] exec
[codex:955364] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-yl08esee succeeded in 5ms:
[codex:955364] Runtime bytecode bundle for best-effort auditing.
[codex:955364] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:955364]
[codex:955364] FILE: runtime_bytecode.hex
[codex:955364] 0x60806040526004361061007f5760003560e01c806378e979251161004e57806378e9792514610135578063828047a51461016057806386d1a69f14610189578063fc0c546a146101a057610086565b80630d6680871461008b57806319906dc8146100b657806338af3eed146100df5780633ecf10c61461010a57610086565b3661008657005b600080fd5b34801561009757600080fd5b506100a06101cb565b6040516100ad91906112bb565b60405180910390f35b3480156100c257600080fd5b506100dd60048036038101906100d89190610d03565b6101d1565b005b3480156100eb57600080fd5b506100f4610638565b604051610101919061111c565b60405180910390f35b34801561011657600080fd5b5061011f61065c565b60405161012c91906112bb565b60405180910390f35b34801561014157600080fd5b5061014a610680565b60405161015791906112bb565b60405180910390f35b34801561016c57600080fd5b5061018760048036038101906101829190610cb1565b610686565b005b34801561019557600080fd5b5061019e6108e8565b005b3480156101ac57600080fd5b506101b5610c10565b6040516101c29190611160565b60405180910390f35b60005481565b7f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461025f576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016102569061119b565b60405180910390fd5b60005460015461026f9190611310565b4210156102b1576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016102a8906111db565b60405180910390fd5b7f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc273ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415610340576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016103379061123b565b60405180910390fd5b81471015610383576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161037a906111bb565b60405180910390fd5b7f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff166108fc839081150290604051600060405180830381858888f193505050501580156103e9573d6000803e3d6000fd5b50600081905060008173ffffffffffffffffffffffffffffffffffffffff166370a08231306040518263ffffffff1660e01b815260040161042a919061111c565b60206040518083038186803b15801561044257600080fd5b505afa158015610456573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061047a9190610cda565b9050600081116104bf576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016104b69061117b565b60405180910390fd5b8173ffffffffffffffffffffffffffffffffffffffff1663a9059cbb7f000000000000000000000000611cce5d440a941893587ac04228d957003d6313836040518363ffffffff1660e01b815260040161051a929190611137565b602060405180830381600087803b15801561053457600080fd5b505af1158015610548573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061056c9190610c88565b6105ab576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016105a29061125b565b60405180910390fd5b8273ffffffffffffffffffffffffffffffffffffffff167f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff167f10b55f01b1cfe0feeb7d144f66162661602d8e73256499b6d8342aac37ff0679428460405161062a9291906112d6565b60405180910390a350505050565b7f000000000000000000000000611cce5d440a941893587ac04228d957003d631381565b7f000000000000000000000000000000000000000000000000000000007b7ed2e281565b60015481565b7f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610714576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161070b9061127b565b60405180910390fd5b6000546001546107249190611310565b421015610766576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161075d9061129b565b60405180910390fd5b600081116107a9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016107a09061121b565b60405180910390fd5b7f000000000000000000000000000000000000000000000000000000007b7ed2e2816000546001546107db9190611310565b6107e59190611310565b1115610826576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161081d906111fb565b60405180910390fd5b806000808282546108379190611310565b925050819055507f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc273ffffffffffffffffffffffffffffffffffffffff167f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff167fff89fcf2f8a70fe268488ded07719ee35217ba8ca9f92b9068bf4ea4ceb4950c6000546040516108dd91906112bb565b60405180910390a350565b7f000000000000000000000000611cce5d440a941893587ac04228d957003d631373ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610976576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161096d9061119b565b60405180910390fd5b6000546001546109869190611310565b4210156109c8576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016109bf906111db565b60405180910390fd5b60007f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc273ffffffffffffffffffffffffffffffffffffffff166370a08231306040518263ffffffff1660e01b8152600401610a23919061111c565b60206040518083038186803b158015610a3b57600080fd5b505afa158015610a4f573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a739190610cda565b905060008111610ab8576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610aaf9061117b565b60405180910390fd5b7f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc273ffffffffffffffffffffffffffffffffffffffff1663a9059cbb7f000000000000000000000000611cce5d440a941893587ac04228d957003d6313836040518363ffffffff1660e01b8152600401610b33929190611137565b602060405180830381600087803b158015610b4d57600080fd5b505af1158015610b61573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610b859190610c88565b507f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc273ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff167f10b55f01b1cfe0feeb7d144f66162661602d8e73256499b6d8342aac37ff06794284604051610c059291906112d6565b60405180910390a350565b7f000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc281565b600081359050610c4381611401565b92915050565b600081519050610c5881611418565b92915050565b600081359050610c6d8161142f565b92915050565b600081519050610c828161142f565b92915050565b600060208284031215610c9a57600080fd5b6000610ca884828501610c49565b91505092915050565b600060208284031215610cc357600080fd5b6000610cd184828501610c5e565b91505092915050565b600060208284031215610cec57600080fd5b6000610cfa84828501610c73565b91505092915050565b60008060408385031215610d1657600080fd5b6000610d2485828601610c5e565b9250506020610d3585828601610c34565b9150509250929050565b610d4881611366565b82525050565b610d57816113ae565b82525050565b6000610d6a601f836112ff565b91507f546f6b656e4c6f636b3a206e6f20746f6b656e7320746f2072656c65617365006000830152602082019050919050565b6000610daa602b836112ff565b91507f546f6b656e4c6f636b3a204f6e6c79207468652062656e65666963696172792060008301527f63616e206f7065726174650000000000000000000000000000000000000000006020830152604082019050919050565b6000610e106025836112ff565b91507f546f6b656e4c6f636b3a20696e73756666696369656e7420657468657220626160008301527f6c616e63650000000000000000000000000000000000000000000000000000006020830152604082019050919050565b6000610e76602e836112ff565b91507f546f6b656e4c6f636b3a2063757272656e742074696d65206973206265666f7260008301527f652072656c656173652074696d650000000000000000000000000000000000006020830152604082019050919050565b6000610edc603c836112ff565b91507f546f6b656e4c6f636b3a20657874656e646564206c6f636b2074696d6520657860008301527f6365656473206d6178696d756d20657874656e73696f6e2074696d65000000006020830152604082019050919050565b6000610f426038836112ff565b91507f546f6b656e4c6f636b3a206164646974696f6e616c206c6f636b2074696d652060008301527f73686f756c642062652067726561746572207468616e203000000000000000006020830152604082019050919050565b6000610fa86021836112ff565b91507f546f6b656e4c6f636b3a20496e76616c696420746f6b656e20636f6e7472616360008301527f74000000000000000000000000000000000000000000000000000000000000006020830152604082019050919050565b600061100e6020836112ff565b91507f546f6b656e4c6f636b3a20746f6b656e207472616e73666572206661696c65646000830152602082019050919050565b600061104e6038836112ff565b91507f546f6b656e4c6f636b3a206f6e6c79207468652062656e65666963696172792060008301527f63616e20657874656e6420746865206c6f636b2074696d6500000000000000006020830152604082019050919050565b60006110b46033836112ff565b91507f546f6b656e4c6f636b3a2063757272656e742074696d65206973206265666f7260008301527f65206c6f636b2074696d652065787069726573000000000000000000000000006020830152604082019050919050565b611116816113a4565b82525050565b60006020820190506111316000830184610d3f565b92915050565b600060408201905061114c6000830185610d3f565b611159602083018461110d565b9392505050565b60006020820190506111756000830184610d4e565b92915050565b6000602082019050818103600083015261119481610d5d565b9050919050565b600060208201905081810360008301526111b481610d9d565b9050919050565b600060208201905081810360008301526111d481610e03565b9050919050565b600060208201905081810360008301526111f481610e69565b9050919050565b6000602082019050818103600083015261121481610ecf565b9050919050565b6000602082019050818103600083015261123481610f35565b9050919050565b6000602082019050818103600083015261125481610f9b565b9050919050565b6000602082019050818103600083015261127481611001565b9050919050565b6000602082019050818103600083015261129481611041565b9050919050565b600060208201905081810360008301526112b4816110a7565b9050919050565b60006020820190506112d0600083018461110d565b92915050565b60006040820190506112eb600083018561110d565b6112f8602083018461110d565b9392505050565b600082825260208201905092915050565b600061131b826113a4565b9150611326836113a4565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0382111561135b5761135a6113d2565b5b828201905092915050565b600061137182611384565b9050919050565b60008115159050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b60006113b9826113c0565b9050919050565b60006113cb82611384565b9050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b61140a81611366565b811461141557600080fd5b50565b61142181611378565b811461142c57600080fd5b50565b611438816113a4565b811461144357600080fd5b5056fea264697066735822122011b09196d31c19629d4a3ea0a85a2b8149247ae3cba0acaecea7ebe5c067d84664736f6c63430008000033
[codex:955364]
[codex:955364] thinking
[codex:955364] **Analyzing runtime bytecode for TokenLock**
[codex:955364]
[codex:955364] I'm digging into the runtime bytecode, identifying key function selectors and constants like beneficiary and WETH addresses, and reasoning about contract logic—especially time lock checks and beneficiary-only restrictions. To understand control flow better, I'll write a Python script to disassemble the bytecode into readable opcodes so I can analyze potential issues systematically.
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] bytecode = open('BYTECODE_BUNDLE.txt').read().split('FILE: runtime_bytecode.hex')[1]
[codex:955364] # extract hex after 0x
[codex:955364] import re
[codex:955364] m=re.search(r'0x([0-9a-fA-F]+)', bytecode)
[codex:955364] hexstr=m.group(1)
[codex:955364] # disassemble
[codex:955364] ops = {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:955364] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:955364] 0x20:'SHA3',
[codex:955364] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:955364] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:955364] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:955364] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:955364] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:955364] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:955364] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:955364] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:955364] }
[codex:955364]
[codex:955364] bs = bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=ops.get(op,'UNKNOWN')
[codex:955364] if 0x60 <= op <= 0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] print(f\"{i:04x}: {name} 0x{data.hex()}\")
[codex:955364] i += 1+n
[codex:955364] else:
[codex:955364] print(f\"{i:04x}: {name}\")
[codex:955364] i+=1
[codex:955364] PY" in /tmp/codex-multi-yl08esee succeeded in 51ms:
[codex:955364] 0000: PUSH1 0x80
[codex:955364] 0002: PUSH1 0x40
[codex:955364] 0004: MSTORE
[codex:955364] 0005: PUSH1 0x04
[codex:955364] 0007: CALLDATASIZE
[codex:955364] 0008: LT
[codex:955364] 0009: PUSH2 0x007f
[codex:955364] 000c: JUMPI
[codex:955364] 000d: PUSH1 0x00
[codex:955364] 000f: CALLDATALOAD
[codex:955364] 0010: PUSH1 0xe0
[codex:955364] 0012: SHR
[codex:955364] 0013: DUP1
[codex:955364] 0014: PUSH4 0x78e97925
[codex:955364] 0019: GT
[codex:955364] 001a: PUSH2 0x004e
[codex:955364] 001d: JUMPI
[codex:955364] 001e: DUP1
[codex:955364] 001f: PUSH4 0x78e97925
[codex:955364] 0024: EQ
[codex:955364]
[codex:955364]
[codex:955364] thinking
[codex:955364] **Analyzing function argument decoding and stack usage**
[codex:955364] thinking
[codex:955364] **Preparing symbolic execution simulation**
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] from collections import deque
[codex:955364] import re
[codex:955364]
[codex:955364] # load bytecode
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] # disassemble into (pc, op, immediate)
[codex:955364] ops = {}
[codex:955364] # (same as earlier) quick mapping for opcodes we need
[codex:955364] opnames = {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:955364] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:955364] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:955364] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:955364] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:955364] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:955364] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:955364] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:955364] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:955364] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:955364] }
[codex:955364]
[codex:955364] def disasm(bs):
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op, 'UNKNOWN')
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] yield i, name, data
[codex:955364] i += 1+n
[codex:955364] else:
[codex:955364] yield i, name, None
[codex:955364] i += 1
[codex:955364]
[codex:955364] # build map
[codex:955364] instrs = {pc:(name,data) for pc,name,data in disasm(bs)}
[codex:955364]
[codex:955364] start=0x01d1
[codex:955364] end=0x0348
[codex:955364]
[codex:955364] # simulate from start to end in straight-line ignoring jumps except JUMPI to continue (assume condition false for revert paths)
[codex:955364] # We'll stop at end.
[codex:955364]
[codex:955364] # define stack operations
[codex:955364] def pop(stack,n=1):
[codex:955364] if len(stack)<n:
[codex:955364] raise Exception('stack underflow')
[codex:955364] res=[stack.pop(0) for _ in range(n)]
[codex:955364] return res
[codex:955364]
[codex:955364] def push(stack, val):
[codex:955364] stack.insert(0,val)
[codex:955364]
[codex:955364] # start with two args placeholder in unknown order for testing
[codex:955364]
[codex:955364] def simulate(order):
[codex:955364] # order is list top->bottom
[codex:955364] stack=list(order)
[codex:955364] pc=start
[codex:955364] # We'll execute until pc reaches end (exclusive)
[codex:955364] steps=0
[codex:955364] visited=set()
[codex:955364] while pc < end and steps<1000:
[codex:955364] steps+=1
[codex:955364] name,data=instrs[pc]
[codex:955364] # print(pc, name, stack[:5])
[codex:955364] if name.startswith('PUSH'):
[codex:955364] push(stack, f\"{name}({data.hex()})\")
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] push(stack, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name in ('POP',):
[codex:955364] pop(stack,1)
[codex:955364] elif name in ('ADD','SUB','MUL','DIV','MOD','LT','GT','EQ','AND','OR','XOR','ISZERO','SHL','SHR','SAR'):
[codex:955364] a,b=pop(stack,2)
[codex:955364] push(stack,f\"{name}({a},{b})\")
[codex:955364] elif name in ('SLOAD','MLOAD','CALLDATALOAD','SELFBALANCE','TIMESTAMP','CALLER','ADDRESS'):
[codex:955364] # pop for SLOAD? it needs key
[codex:955364] if name=='SLOAD':
[codex:955364] key=pop(stack,1)[0]
[codex:955364] push(stack,f\"SLOAD({key})\")
[codex:955364] elif name in ('MLOAD','CALLDATALOAD'):
[codex:955364] offset=pop(stack,1)[0]
[codex:955364] push(stack,f\"{name}({offset})\")
[codex:955364] else:
[codex:955364] push(stack,name)
[codex:955364] elif name in ('JUMPI','JUMP'):
[codex:955364] # pop destination and condition
[codex:955364] if name=='JUMPI':
[codex:955364] dest, cond = pop(stack,2)
[codex:955364] # assume condition false -> continue
[codex:955364] pc = pc + 1
[codex:955364] continue
[codex:955364] else:
[codex:955364] dest=pop(stack,1)[0]
[codex:955364] # stop on JUMP
[codex:955364] break
[codex:955364] elif name in ('CALL','STATICCALL','REVERT','RETURN','LOG3','LOG4','LOG2','LOG1','LOG0'):
[codex:955364] # not simulating
[codex:955364] pass
[codex:955364] # increment pc
[codex:955364] pc += 1
[codex:955364] return stack
[codex:955364]
[codex:955364] for order in ([\"arg0\",\"arg1\"],[\"arg1\",\"arg0\"]):
[codex:955364] st=simulate(order)
[codex:955364] print('order',order,'stack at',hex(end), st[:4])
[codex:955364] PY" in /tmp/codex-multi-yl08esee succeeded in 26ms:
[codex:955364] order ['arg0', 'arg1'] stack at 0x348 ['ADD(PUSH1(04),MLOAD(PUSH1(40)))', 'PUSH2(0256)', 'PUSH32(08c379a000000000000000000000000000000000000000000000000000000000)', 'MLOAD(PUSH1(40))']
[codex:955364] order ['arg1', 'arg0'] stack at 0x348 ['ADD(PUSH1(04),MLOAD(PUSH1(40)))', 'PUSH2(0256)', 'PUSH32(08c379a000000000000000000000000000000000000000000000000000000000)', 'MLOAD(PUSH1(40))']
[codex:955364]
[codex:955364] thinking
[codex:955364] **Clarifying JUMPI control flow logic**
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] from collections import deque
[codex:955364] import re
[codex:955364]
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] opnames = {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:955364] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:955364] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:955364] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:955364] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:955364] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:955364] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:955364] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:955364] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:955364] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:955364] }
[codex:955364]
[codex:955364] # disassemble
[codex:955364] instrs = {}
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op,'UNKNOWN')
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] instrs[i]=(name,data)
[codex:955364] i+=1+n
[codex:955364] else:
[codex:955364] instrs[i]=(name,None)
[codex:955364] i+=1
[codex:955364]
[codex:955364] # simulate
[codex:955364]
[codex:955364] def simulate(order, start=0x01d1, stop=0x05ab):
[codex:955364] stack=list(order)
[codex:955364] pc=start
[codex:955364] steps=0
[codex:955364] while pc<stop and steps<10000:
[codex:955364] steps+=1
[codex:955364] name,data=instrs[pc]
[codex:955364] # print(hex(pc), name, stack[:6])
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0,f\"{name}({data.hex()})\")
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name=='POP':
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('ADD','SUB','MUL','DIV','MOD','LT','GT','EQ','AND','OR','XOR','ISZERO','SHL','SHR','SAR'):
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,f\"{name}({a},{b})\")
[codex:955364] elif name=='SLOAD':
[codex:955364] key=stack.pop(0)
[codex:955364] stack.insert(0,f\"SLOAD({key})\")
[codex:955364] elif name in ('MLOAD','CALLDATALOAD'):
[codex:955364] off=stack.pop(0)
[codex:955364] stack.insert(0,f\"{name}({off})\")
[codex:955364] elif name in ('SELFBALANCE','TIMESTAMP','CALLER','ADDRESS','GAS'):
[codex:955364] stack.insert(0,name)
[codex:955364] elif name=='JUMPI':
[codex:955364] dest=stack.pop(0); cond=stack.pop(0)
[codex:955364] # always jump to dest (success path) if dest is numeric push
[codex:955364] if isinstance(dest,str) and dest.startswith('PUSH'):
[codex:955364] # parse dest
[codex:955364] d=int(dest[dest.find('(')+1:dest.find(')')],16)
[codex:955364] pc = d
[codex:955364] continue
[codex:955364] else:
[codex:955364] # can't parse, stop
[codex:955364] break
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest,str) and dest.startswith('PUSH'):
[codex:955364] d=int(dest[dest.find('(')+1:dest.find(')')],16)
[codex:955364] pc = d
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] elif name in ('CALL','STATICCALL'):
[codex:955364] # pop 7 for CALL, 6 for STATICCALL
[codex:955364] n=7 if name=='CALL' else 6
[codex:955364] args=[stack.pop(0) for _ in range(n)]
[codex:955364] stack.insert(0,f\"{name}({','.join(args)})\")
[codex:955364] elif name.startswith('LOG'):
[codex:955364] # LOGn pops 2+n items (mem start/size + topics)
[codex:955364] n=int(name[3:])
[codex:955364] for _ in range(2+n):
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('REVERT','RETURN','STOP'):
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] return stack
[codex:955364]
[codex:955364] for order in ([\"arg0\",\"arg1\"],[\"arg1\",\"arg0\"]):
[codex:955364] st=simulate(order)
[codex:955364] print('order',order,'stack top',st[:6])
[codex:955364] PY" in /tmp/codex-multi-yl08esee succeeded in 26ms:
[codex:955364] order ['arg0', 'arg1'] stack top ['SLOAD(PUSH1(01))', 'SLOAD(PUSH1(00))', 'PUSH2(026f)', 'arg0', 'arg1']
[codex:955364] order ['arg1', 'arg0'] stack top ['SLOAD(PUSH1(01))', 'SLOAD(PUSH1(00))', 'PUSH2(026f)', 'arg1', 'arg0']
[codex:955364]
[codex:955364]
[codex:955364] thinking
[codex:955364] **Analyzing token lock contract behavior**
[codex:955364]
[codex:955364] I'm working through a detailed symbolic simulation of a token lock contract, focusing on how it manages ETH and token releases, gas usage in external calls, reentrancy risks, and lock time extensions. The code is complex with dynamic jumps and helper calls, so I'm carefully tracing stack operations and call parameters to identify potential security or usability concerns in the release and extendLockTime functions. Let's explore this carefully!
[codex:955364] thinking
[codex:955364] **Tracing argument order through stack and ABI decoding**
[codex:955364]
[codex:955364] I’m methodically analyzing the stack order of function arguments, comparing how token and amount values are positioned during execution and how ABI decoding impacts their order. It’s a bit tricky since stack manipulation affects which argument is on top, so I’m planning to simulate the relevant decoding routines to confirm how parameters map to stack positions and clarify potential inconsistencies. This should help me understand the function’s behavior better!
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] import re
[codex:955364]
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] opnames = {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:955364] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:955364] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:955364] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:955364] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:955364] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:955364] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:955364] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:955364] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:955364] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:955364] }
[codex:955364]
[codex:955364] instrs = {}
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op,'UNKNOWN')
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] instrs[i]=(name,data)
[codex:955364] i+=1+n
[codex:955364] else:
[codex:955364] instrs[i]=(name,None)
[codex:955364] i+=1
[codex:955364]
[codex:955364] # simple interpreter that can follow jumps for decode routine
[codex:955364]
[codex:955364] def interpret(start, stack, steps=1000):
[codex:955364] pc=start
[codex:955364] for _ in range(steps):
[codex:955364] name,data = instrs[pc]
[codex:955364] # print(hex(pc), name, stack)
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name=='POP':
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('ADD','SUB','MUL','DIV','MOD','LT','GT','EQ','AND','OR','XOR','ISZERO','SHL','SHR','SAR'):
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,(name,a,b))
[codex:955364] elif name=='CALLDATALOAD':
[codex:955364] off=stack.pop(0)
[codex:955364] # represent as arg(off)
[codex:955364] stack.insert(0,('CALLDATALOAD',off))
[codex:955364] elif name=='SLOAD':
[codex:955364] key=stack.pop(0)
[codex:955364] stack.insert(0,('SLOAD',key))
[codex:955364] elif name in ('MLOAD','SELFBALANCE','TIMESTAMP','CALLER','ADDRESS','GAS'):
[codex:955364] stack.insert(0,(name,))
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc = dest[1]
[codex:955364] continue
[codex:955364] else:
[codex:955364] # unknown jump, stop
[codex:955364] break
[codex:955364] elif name=='JUMPI':
[codex:955364] dest=stack.pop(0); cond=stack.pop(0)
[codex:955364] # assume jump taken
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc = dest[1]
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] elif name in ('REVERT','RETURN','STOP'):
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] return pc, stack
[codex:955364]
[codex:955364] # simulate setup in dispatcher for function 0x19906dc8
[codex:955364] # stack before decoder at 0x0d03? we simulate the setup sequence from 0x00c4
[codex:955364]
[codex:955364] # Build initial stack as would be before 0x00c4 maybe empty
[codex:955364] stack=[]
[codex:955364] # We run sequence from 0x00c4 to 0x00d8 to reach decoder
[codex:955364] pc=0x00c4
[codex:955364] while pc "'!= 0x00d8:
[codex:955364] name,data=instrs[pc]
[codex:955364] if name.startswith('"'PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name=='CALLDATASIZE':
[codex:955364] stack.insert(0, ('CALLDATASIZE',))
[codex:955364] elif name=='SUB':
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,('SUB',a,b))
[codex:955364] elif name=='ADD':
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,('ADD',a,b))
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc = dest[1]
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] pc += 1
[codex:955364]
[codex:955364] print('stack before decoder', stack)
[codex:955364] # Now interpret decoder
[codex:955364] pc, stack = interpret(0x0d03, stack)
[codex:955364] print('after decoder, pc', hex(pc))
[codex:955364] print('stack after decoder', stack)
[codex:955364] PY" in /tmp/codex-multi-yl08esee exited 124 in 10.00s:
[codex:955364]
[codex:955364]
[codex:955364] thinking
[codex:955364] **Investigating interpreter timeout and loops**
[codex:955364]
[codex:955364] I'm tackling the timeout issue by adding a step limit and loop detection to the interpreter, aiming to prevent infinite JUMPI/JUMP cycles. I plan to re-run with max steps and track visited states to catch loops, while trying to simulate the decode routine more efficiently without raw opcode execution.
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] import re
[codex:955364]
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] opnames = {i:'OP' for i in range(256)}
[codex:955364] # minimal names
[codex:955364] for k,v in {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x03:'SUB',0x10:'LT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x40:'BLOCKHASH',0x42:'TIMESTAMP',0x47:'SELFBALANCE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x5b:'JUMPDEST',0x5a:'GAS',0xfd:'REVERT',0xf3:'RETURN'}.items():
[codex:955364] opnames[k]=v
[codex:955364] for i in range(0x60,0x80):
[codex:955364] opnames[i]=f'PUSH{i-0x5f}'
[codex:955364] for i in range(0x80,0x90):
[codex:955364] opnames[i]=f'DUP{i-0x7f}'
[codex:955364] for i in range(0x90,0xa0):
[codex:955364] opnames[i]=f'SWAP{i-0x8f}'
[codex:955364]
[codex:955364] # disassemble
[codex:955364] instrs={}
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op, f'OP_{op:02x}')
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] instrs[i]=(name,data)
[codex:955364] i+=1+n
[codex:955364] else:
[codex:955364] instrs[i]=(name,None)
[codex:955364] i+=1
[codex:955364]
[codex:955364] # helper to run sequence until target
[codex:955364]
[codex:955364] def run_sequence(start, stack, max_steps=500):
[codex:955364] pc=start
[codex:955364] visited=set()
[codex:955364] for step in range(max_steps):
[codex:955364] state=(pc,len(stack))
[codex:955364] if state in visited:
[codex:955364] print('loop detected at',hex(pc),'stack size',len(stack))
[codex:955364] break
[codex:955364] visited.add(state)
[codex:955364] name,data=instrs[pc]
[codex:955364] # print(step, hex(pc), name, stack)
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n]=stack[n], stack[0]
[codex:955364] elif name=='POP':
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('ADD','SUB','LT','EQ','AND','ISZERO'):
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,(name,a,b))
[codex:955364] elif name=='CALLDATASIZE':
[codex:955364] stack.insert(0,('CALLDATASIZE',))
[codex:955364] elif name=='CALLDATALOAD':
[codex:955364] off=stack.pop(0); stack.insert(0,('CALLDATALOAD',off))
[codex:955364] elif name=='SLOAD':
[codex:955364] key=stack.pop(0); stack.insert(0,('SLOAD',key))
[codex:955364] elif name in ('MLOAD','SELFBALANCE','TIMESTAMP','CALLER','GAS'):
[codex:955364] stack.insert(0,(name,))
[codex:955364] elif name=='JUMPI':
[codex:955364] dest=stack.pop(0); cond=stack.pop(0)
[codex:955364] # assume jump taken if dest is PUSH
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] print('jump dest unknown', dest)
[codex:955364] break
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] print('jump dest unknown', dest)
[codex:955364] break
[codex:955364] elif name in ('REVERT','RETURN','STOP'):
[codex:955364] print('halt at',hex(pc),name)
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] return pc, stack
[codex:955364]
[codex:955364] # Build stack by simulating from 0x00c4 to 0x00d8
[codex:955364] stack=[]
[codex:955364] pc=0x00c4
[codex:955364] while pc"'!=0x00d8:
[codex:955364] name,data=instrs[pc]
[codex:955364] if name.startswith('"'PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name=='CALLDATASIZE':
[codex:955364] stack.insert(0,('CALLDATASIZE',))
[codex:955364] elif name in ('SUB','ADD'):
[codex:955364] a=stack.pop(0); b=stack.pop(0); stack.insert(0,(name,a,b))
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] pc += 1
[codex:955364]
[codex:955364] print('stack before decoder',stack)
[codex:955364]
[codex:955364] pc, stack = run_sequence(0x0d03, stack)
[codex:955364] print('pc after',hex(pc))
[codex:955364] print('stack after',stack)
[codex:955364] PY" in /tmp/codex-multi-yl08esee exited 124 in 10.00s:
[codex:955364]
[codex:955364]
[codex:955364] thinking
[codex:955364] **Diagnosing infinite loop causes**
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] import re
[codex:955364]
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] opnames = {i:'OP' for i in range(256)}
[codex:955364] for k,v in {
[codex:955364] 0x00:'STOP',0x01:'ADD',0x03:'SUB',0x10:'LT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x40:'BLOCKHASH',0x42:'TIMESTAMP',0x47:'SELFBALANCE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x5b:'JUMPDEST',0x5a:'GAS',0xfd:'REVERT',0xf3:'RETURN'}.items():
[codex:955364] opnames[k]=v
[codex:955364] for i in range(0x60,0x80):
[codex:955364] opnames[i]=f'PUSH{i-0x5f}'
[codex:955364] for i in range(0x80,0x90):
[codex:955364] opnames[i]=f'DUP{i-0x7f}'
[codex:955364] for i in range(0x90,0xa0):
[codex:955364] opnames[i]=f'SWAP{i-0x8f}'
[codex:955364]
[codex:955364] # disassemble
[codex:955364] instrs={}
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op, f'OP_{op:02x}')
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] instrs[i]=(name,data)
[codex:955364] i+=1+n
[codex:955364] else:
[codex:955364] instrs[i]=(name,None)
[codex:955364] i+=1
[codex:955364]
[codex:955364]
[codex:955364] def run_sequence(start, stack, max_steps=200):
[codex:955364] pc=start
[codex:955364] visited=set()
[codex:955364] for step in range(max_steps):
[codex:955364] state=(pc,len(stack))
[codex:955364] if state in visited:
[codex:955364] print('loop detected at',hex(pc),'stack size',len(stack))
[codex:955364] break
[codex:955364] visited.add(state)
[codex:955364] name,data=instrs[pc]
[codex:955364] # print(step, hex(pc), name, stack)
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n]=stack[n], stack[0]
[codex:955364] elif name=='POP':
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('ADD','SUB','LT','EQ','AND','ISZERO'):
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0,(name,a,b))
[codex:955364] elif name=='CALLDATASIZE':
[codex:955364] stack.insert(0,('CALLDATASIZE',))
[codex:955364] elif name=='CALLDATALOAD':
[codex:955364] off=stack.pop(0); stack.insert(0,('CALLDATALOAD',off))
[codex:955364] elif name=='SLOAD':
[codex:955364] key=stack.pop(0); stack.insert(0,('SLOAD',key))
[codex:955364] elif name in ('MLOAD','SELFBALANCE','TIMESTAMP','CALLER','GAS'):
[codex:955364] stack.insert(0,(name,))
[codex:955364] elif name=='JUMPI':
[codex:955364] dest=stack.pop(0); cond=stack.pop(0)
[codex:955364] # assume jump taken
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] print('jump dest unknown', dest)
[codex:955364] break
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] print('jump dest unknown', dest)
[codex:955364] break
[codex:955364] elif name in ('REVERT','RETURN','STOP'):
[codex:955364] print('halt at',hex(pc),name)
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] return pc, stack
[codex:955364]
[codex:955364] # simulate setup from 0x00c4 to 0x00d8 with step limit
[codex:955364] stack=[]
[codex:955364] pc=0x00c4
[codex:955364] for _ in range(100):
[codex:955364] if pc==0x00d8:
[codex:955364] break
[codex:955364] name,data=instrs[pc]
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1 + len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n] = stack[n], stack[0]
[codex:955364] elif name=='CALLDATASIZE':
[codex:955364] stack.insert(0,('CALLDATASIZE',))
[codex:955364] elif name in ('SUB','ADD'):
[codex:955364] a=stack.pop(0); b=stack.pop(0); stack.insert(0,(name,a,b))
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] else:
[codex:955364] print('did not reach decoder setup end')
[codex:955364]
[codex:955364] print('pc after setup',hex(pc))
[codex:955364] print('stack before decoder',stack)
[codex:955364]
[codex:955364] pc, stack = run_sequence(0x0d03, stack)
[codex:955364] print('pc after decoder run',hex(pc))
[codex:955364] print('stack after decoder',stack)
[codex:955364] PY" in /tmp/codex-multi-yl08esee succeeded in 28ms:
[codex:955364] did not reach decoder setup end
[codex:955364] pc after setup 0x87
[codex:955364] stack before decoder [('PUSH', 416), ('PUSH', 4228666474), ('PUSH', 393), ('PUSH', 393), ('PUSH', 2261886623), ('PUSH', 352), ('PUSH', 352), ('PUSH', 2189445029), ('PUSH', 309), ('PUSH', 309), ('PUSH', 2028566821), ('PUSH', 78), ('PUSH', 78), ('PUSH', 2028566821), ('PUSH', 224), ('PUSH', 224), ('PUSH', 0), ('PUSH', 127), ('CALLDATASIZE',), ('PUSH', 4), ('PUSH', 64), ('PUSH', 128), ('PUSH', 0), ('PUSH', 0), ('PUSH', 5176), ('PUSH', 0), ('PUSH', 3181), ('PUSH', 0), ('ADD', ('PUSH', 3350), ('PUSH', 0)), ('ADD', ('PUSH', 3350), ('PUSH', 0)), ('SUB', ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 4)), ('PUSH', 3364), ('PUSH', 0), ('PUSH', 0), ('PUSH', 0), ('PUSH', 3350), ('SUB', ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 4)), ('PUSH', 64), ('PUSH', 0), ('PUSH', 0), ('PUSH', 4), ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 216), ('PUSH', 221)]
[codex:955364] loop detected at 0x13a4 stack size 48
[codex:955364] pc after decoder run 0x13a4
[codex:955364] stack after decoder [('SLOAD', ('PUSH', 0)), ('PUSH', 4902), ('PUSH', 0), ('SLOAD', ('PUSH', 1)), ('SLOAD', ('PUSH', 0)), ('PUSH', 2438), ('PUSH', 414), ('PUSH', 393), ('PUSH', 2261886623), ('PUSH', 352), ('PUSH', 352), ('PUSH', 2189445029), ('PUSH', 309), ('PUSH', 309), ('PUSH', 2028566821), ('PUSH', 78), ('PUSH', 78), ('PUSH', 2028566821), ('PUSH', 224), ('PUSH', 224), ('PUSH', 0), ('PUSH', 127), ('CALLDATASIZE',), ('PUSH', 4), ('PUSH', 64), ('PUSH', 128), ('PUSH', 0), ('PUSH', 0), ('PUSH', 5176), ('PUSH', 0), ('PUSH', 3181), ('PUSH', 0), ('ADD', ('PUSH', 3350), ('PUSH', 0)), ('ADD', ('PUSH', 3350), ('PUSH', 0)), ('SUB', ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 4)), ('PUSH', 3364), ('PUSH', 0), ('PUSH', 0), ('PUSH', 0), ('PUSH', 3350), ('SUB', ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 4)), ('PUSH', 64), ('PUSH', 0), ('PUSH', 0), ('PUSH', 4), ('ADD', ('PUSH', 4), ('SUB', ('CALLDATASIZE',), ('PUSH', 4))), ('PUSH', 216), ('PUSH', 221)]
[codex:955364]
[codex:955364]
[codex:955364] thinking
[codex:955364] **Analyzing contract bytecode for vulnerabilities**
[codex:955364] thinking
[codex:955364] **Tracing EVM stack to decode CALL arguments**
[codex:955364]
[codex:955364] I’m working through detailed stack simulation to understand how the CALL instruction’s gas, value, and target address are set up, especially how the gas depends on whether the value (amount) is zero or not. I’m carefully tracking stack manipulations and considering implementing a minimal interpreter to accurately capture complex jumps and function calls like safeAdd. This will help clarify whether the call parameters behave as intended or reveal a nuance in the contract’s bytecode.
[codex:955364] exec
[codex:955364] /bin/bash -lc "python - <<'PY'
[codex:955364] import re
[codex:955364]
[codex:955364] text=open('BYTECODE_BUNDLE.txt').read()
[codex:955364] hexstr=re.search(r'0x([0-9a-fA-F]+)', text).group(1)
[codex:955364] bs=bytes.fromhex(hexstr)
[codex:955364]
[codex:955364] # opcode names
[codex:955364] opnames={}
[codex:955364] for i in range(256):
[codex:955364] opnames[i]=None
[codex:955364] simple={
[codex:955364] 0x00:'STOP',0x01:'ADD',0x03:'SUB',0x10:'LT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x40:'BLOCKHASH',0x42:'TIMESTAMP',0x47:'SELFBALANCE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x5b:'JUMPDEST',0x5a:'GAS',0xf1:'CALL',0xfa:'STATICCALL',0xfd:'REVERT',0xf3:'RETURN'}
[codex:955364] for k,v in simple.items():
[codex:955364] opnames[k]=v
[codex:955364] for i in range(0x60,0x80):
[codex:955364] opnames[i]=f'PUSH{i-0x5f}'
[codex:955364] for i in range(0x80,0x90):
[codex:955364] opnames[i]=f'DUP{i-0x7f}'
[codex:955364] for i in range(0x90,0xa0):
[codex:955364] opnames[i]=f'SWAP{i-0x8f}'
[codex:955364]
[codex:955364] # disassemble
[codex:955364] instrs={}
[codex:955364] i=0
[codex:955364] while i<len(bs):
[codex:955364] op=bs[i]
[codex:955364] name=opnames.get(op) or f'OP_{op:02x}'
[codex:955364] if 0x60<=op<=0x7f:
[codex:955364] n=op-0x5f
[codex:955364] data=bs[i+1:i+1+n]
[codex:955364] instrs[i]=(name,data)
[codex:955364] i+=1+n
[codex:955364] else:
[codex:955364] instrs[i]=(name,None)
[codex:955364] i+=1
[codex:955364]
[codex:955364] # interpreter
[codex:955364]
[codex:955364] class Sym(str):
[codex:955364] pass
[codex:955364]
[codex:955364]
[codex:955364] def run(start, stack, stop_pc=None, max_steps=1000):
[codex:955364] pc=start
[codex:955364] steps=0
[codex:955364] while steps<max_steps:
[codex:955364] steps+=1
[codex:955364] if pc==stop_pc:
[codex:955364] break
[codex:955364] # intercept safe add at 0x1310
[codex:955364] if pc==0x1310:
[codex:955364] # expect stack: [ret, a, b, ...] or [a,b,ret] ???
[codex:955364] # Look at call sites: PUSH2 ret; SWAP2; SWAP1; PUSH2 0x1310; JUMP
[codex:955364] # That sequence puts stack top as ret, below are two operands.
[codex:955364] ret = stack.pop(0)
[codex:955364] a = stack.pop(0)
[codex:955364] b = stack.pop(0)
[codex:955364] stack.insert(0, Sym(f\"add({a},{b})\"))
[codex:955364] # jump to ret if it's a PUSH
[codex:955364] if isinstance(ret, tuple) and ret[0]=='PUSH':
[codex:955364] pc = ret[1]
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] name,data=instrs[pc]
[codex:955364] # print(hex(pc), name, stack)
[codex:955364] if name.startswith('PUSH'):
[codex:955364] stack.insert(0, ('PUSH', int(data.hex(),16)))
[codex:955364] pc += 1+len(data)
[codex:955364] continue
[codex:955364] if name.startswith('DUP'):
[codex:955364] n=int(name[3:])
[codex:955364] stack.insert(0, stack[n-1])
[codex:955364] elif name.startswith('SWAP'):
[codex:955364] n=int(name[4:])
[codex:955364] stack[0], stack[n]=stack[n], stack[0]
[codex:955364] elif name=='POP':
[codex:955364] stack.pop(0)
[codex:955364] elif name in ('ADD','SUB','LT','EQ','AND','ISZERO','MUL'):
[codex:955364] a=stack.pop(0); b=stack.pop(0)
[codex:955364] stack.insert(0, Sym(f\"{name.lower()}({a},{b})\"))
[codex:955364] elif name=='SLOAD':
[codex:955364] key=stack.pop(0)
[codex:955364] stack.insert(0, Sym(f\"sload({key})\"))
[codex:955364] elif name in ('MLOAD','SELFBALANCE','TIMESTAMP','CALLER','ADDRESS','GAS'):
[codex:955364] stack.insert(0, Sym(name.lower()))
[codex:955364] elif name=='JUMPI':
[codex:955364] dest=stack.pop(0); cond=stack.pop(0)
[codex:955364] # assume jump taken to dest
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] elif name=='JUMP':
[codex:955364] dest=stack.pop(0)
[codex:955364] if isinstance(dest, tuple) and dest[0]=='PUSH':
[codex:955364] pc=dest[1];
[codex:955364] continue
[codex:955364] else:
[codex:955364] break
[codex:955364] elif name in ('CALL','STATICCALL','REVERT','RETURN','STOP'):
[codex:955364] # stop at call for our purposes
[codex:955364] print('stopping at',hex(pc),name)
[codex:955364] break
[codex:955364] pc += 1
[codex:955364] return pc, stack
[codex:955364]
[codex:955364] # start at 0x01d1 with stack [arg0,arg1]
[codex:955364] for order in (['arg0','arg1'], ['arg1','arg0']):
[codex:955364] pc, stack = run(0x01d1, [Sym(o) for o in order], stop_pc=0x03d3)
[codex:955364] print('order',order,'pc',hex(pc),'stack top',stack[:10])
[codex:955364] PY" in /tmp/codex-multi-yl08esee succeeded in 25ms:
[codex:955364] order ['arg0', 'arg1'] pc 0x1310 stack top ["add(sload(('PUSH', 0)),('PUSH', 623))", 'arg0', 'arg1']
[codex:955364] order ['arg1', 'arg0'] pc 0x1310 stack top ["add(sload(('PUSH', 0)),('PUSH', 623))", 'arg1', 'arg0']
[codex:955364]
[codex:955364] thinking
[codex:955364] **Summarizing bytecode audit findings**
[codex:955364]
[codex:955364] I'm analyzing bytecode patterns and disassembly to check for concrete vulnerabilities but mostly see typical token lock and release logic with beneficiary restrictions. There are no clear security flaws like reentrancy or missing access control, just some centralization due to hardcoded addresses and a minor logic quirk in extending lock time that isn't a vulnerability. I'll prepare a JSON output stating no findings with a summary highlighting the best-effort nature and bytecode-only limitations.
[codex:955364] codex
[codex:955364] {"no_findings":true,"summary":"No concrete, explainable vulnerabilities were identified from the runtime bytecode patterns alone. Observed logic appears to be a beneficiary-restricted token lock/release with time checks; without verified source, conclusions remain low-confidence.","findings":[]}
[codex:955364] tokens used
[codex:955364] 83,272
[codex:955364] {"no_findings":true,"summary":"No concrete, explainable vulnerabilities were identified from the runtime bytecode patterns alone. Observed logic appears to be a beneficiary-restricted token lock/release with time checks; without verified source, conclusions remain low-confidence.","findings":[]}
{
"codex": {
"ran_at": "2025-12-27T21:34:59.828839+00:00",
"returncode": 0
},
"summary": "No concrete, explainable vulnerabilities were identified from the runtime bytecode patterns alone. Observed logic appears to be a beneficiary-restricted token lock/release with time checks; without verified source, conclusions remain low-confidence.",
"raw_final": {
"summary": "No concrete, explainable vulnerabilities were identified from the runtime bytecode patterns alone. Observed logic appears to be a beneficiary-restricted token lock/release with time checks; without verified source, conclusions remain low-confidence.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x007f 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x78e97925 00000019: GT 0000001a: PUSH2 0x004e 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x78e97925 00000024: EQ 00000025: PUSH2 0x0135 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x828047a5 0000002f: EQ 00000030: PUSH2 0x0160 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x86d1a69f 0000003a: EQ 0000003b: PUSH2 0x0189 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xfc0c546a 00000045: EQ 00000046: PUSH2 0x01a0 00000049: JUMPI 0000004a: PUSH2 0x0086 0000004d: JUMP 0000004e: JUMPDEST 0000004f: DUP1 00000050: PUSH4 0x0d668087 00000055: EQ 00000056: PUSH2 0x008b 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x19906dc8 00000060: EQ 00000061: PUSH2 0x00b6 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0x38af3eed 0000006b: EQ 0000006c: PUSH2 0x00df 0000006f: JUMPI 00000070: DUP1 00000071: PUSH4 0x3ecf10c6 00000076: EQ 00000077: PUSH2 0x010a 0000007a: JUMPI 0000007b: PUSH2 0x0086 0000007e: JUMP 0000007f: JUMPDEST 00000080: CALLDATASIZE 00000081: PUSH2 0x0086 00000084: JUMPI 00000085: STOP 00000086: JUMPDEST 00000087: PUSH1 0x00 00000089: DUP1 0000008a: REVERT 0000008b: JUMPDEST 0000008c: CALLVALUE 0000008d: DUP1 0000008e: ISZERO 0000008f: PUSH2 0x0097 00000092: JUMPI 00000093: PUSH1 0x00 00000095: DUP1 00000096: REVERT 00000097: JUMPDEST 00000098: POP 00000099: PUSH2 0x00a0 0000009c: PUSH2 0x01cb 0000009f: JUMP 000000a0: JUMPDEST 000000a1: PUSH1 0x40 000000a3: MLOAD 000000a4: PUSH2 0x00ad 000000a7: SWAP2 000000a8: SWAP1 000000a9: PUSH2 0x12bb 000000ac: JUMP 000000ad: JUMPDEST 000000ae: PUSH1 0x40 000000b0: MLOAD 000000b1: DUP1 000000b2: SWAP2 000000b3: SUB 000000b4: SWAP1 000000b5: RETURN 000000b6: JUMPDEST 000000b7: CALLVALUE 000000b8: DUP1 000000b9: ISZERO 000000ba: PUSH2 0x00c2 000000bd: JUMPI 000000be: PUSH1 0x00 000000c0: DUP1 000000c1: REVERT 000000c2: JUMPDEST 000000c3: POP 000000c4: PUSH2 0x00dd 000000c7: PUSH1 0x04 000000c9: DUP1 000000ca: CALLDATASIZE 000000cb: SUB 000000cc: DUP2 000000cd: ADD 000000ce: SWAP1 000000cf: PUSH2 0x00d8 000000d2: SWAP2 000000d3: SWAP1 000000d4: PUSH2 0x0d03 000000d7: JUMP 000000d8: JUMPDEST 000000d9: PUSH2 0x01d1 000000dc: JUMP 000000dd: JUMPDEST 000000de: STOP 000000df: JUMPDEST 000000e0: CALLVALUE 000000e1: DUP1 000000e2: ISZERO 000000e3: PUSH2 0x00eb 000000e6: JUMPI 000000e7: PUSH1 0x00 000000e9: DUP1 000000ea: REVERT 000000eb: JUMPDEST 000000ec: POP 000000ed: PUSH2 0x00f4 000000f0: PUSH2 0x0638 000000f3: JUMP 000000f4: JUMPDEST 000000f5: PUSH1 0x40 000000f7: MLOAD 000000f8: PUSH2 0x0101 000000fb: SWAP2 000000fc: SWAP1 000000fd: PUSH2 0x111c 00000100: JUMP 00000101: JUMPDEST 00000102: PUSH1 0x40 00000104: MLOAD 00000105: DUP1 00000106: SWAP2 00000107: SUB 00000108: SWAP1 00000109: RETURN 0000010a: JUMPDEST 0000010b: CALLVALUE 0000010c: DUP1 0000010d: ISZERO 0000010e: PUSH2 0x0116 00000111: JUMPI 00000112: PUSH1 0x00 00000114: DUP1 00000115: REVERT 00000116: JUMPDEST 00000117: POP 00000118: PUSH2 0x011f 0000011b: PUSH2 0x065c 0000011e: JUMP 0000011f: JUMPDEST 00000120: PUSH1 0x40 00000122: MLOAD 00000123: PUSH2 0x012c 00000126: SWAP2 00000127: SWAP1 00000128: PUSH2 0x12bb 0000012b: JUMP 0000012c: JUMPDEST 0000012d: PUSH1 0x40 0000012f: MLOAD 00000130: DUP1 00000131: SWAP2 00000132: SUB 00000133: SWAP1 00000134: RETURN 00000135: JUMPDEST 00000136: CALLVALUE 00000137: DUP1 00000138: ISZERO 00000139: PUSH2 0x0141 0000013c: JUMPI 0000013d: PUSH1 0x00 0000013f: DUP1 00000140: REVERT 00000141: JUMPDEST 00000142: POP 00000143: PUSH2 0x014a 00000146: PUSH2 0x0680 00000149: JUMP 0000014a: JUMPDEST 0000014b: PUSH1 0x40 0000014d: MLOAD 0000014e: PUSH2 0x0157 00000151: SWAP2 00000152: SWAP1 00000153: PUSH2 0x12bb 00000156: JUMP 00000157: JUMPDEST 00000158: PUSH1 0x40 0000015a: MLOAD 0000015b: DUP1 0000015c: SWAP2 0000015d: SUB 0000015e: SWAP1 0000015f: RETURN 00000160: JUMPDEST 00000161: CALLVALUE 00000162: DUP1 00000163: ISZERO 00000164: PUSH2 0x016c 00000167: JUMPI 00000168: PUSH1 0x00 0000016a: DUP1 0000016b: REVERT 0000016c: JUMPDEST 0000016d: POP 0000016e: PUSH2 0x0187 00000171: PUSH1 0x04 00000173: DUP1 00000174: CALLDATASIZE 00000175: SUB 00000176: DUP2 00000177: ADD 00000178: SWAP1 00000179: PUSH2 0x0182 0000017c: SWAP2 0000017d: SWAP1 0000017e: PUSH2 0x0cb1 00000181: JUMP 00000182: JUMPDEST 00000183: PUSH2 0x0686 00000186: JUMP 00000187: JUMPDEST 00000188: STOP 00000189: JUMPDEST 0000018a: CALLVALUE 0000018b: DUP1 0000018c: ISZERO 0000018d: PUSH2 0x0195 00000190: JUMPI 00000191: PUSH1 0x00 00000193: DUP1 00000194: REVERT 00000195: JUMPDEST 00000196: POP 00000197: PUSH2 0x019e 0000019a: PUSH2 0x08e8 0000019d: JUMP 0000019e: JUMPDEST 0000019f: STOP 000001a0: JUMPDEST 000001a1: CALLVALUE 000001a2: DUP1 000001a3: ISZERO 000001a4: PUSH2 0x01ac 000001a7: JUMPI 000001a8: PUSH1 0x00 000001aa: DUP1 000001ab: REVERT 000001ac: JUMPDEST 000001ad: POP 000001ae: PUSH2 0x01b5 000001b1: PUSH2 0x0c10 000001b4: JUMP 000001b5: JUMPDEST 000001b6: PUSH1 0x40 000001b8: MLOAD 000001b9: PUSH2 0x01c2 000001bc: SWAP2 000001bd: SWAP1 000001be: PUSH2 0x1160 000001c1: JUMP 000001c2: JUMPDEST 000001c3: PUSH1 0x40 000001c5: MLOAD 000001c6: DUP1 000001c7: SWAP2 000001c8: SUB 000001c9: SWAP1 000001ca: RETURN 000001cb: JUMPDEST 000001cc: PUSH1 0x00 000001ce: SLOAD 000001cf: DUP2 000001d0: JUMP 000001d1: JUMPDEST 000001d2: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 000001f3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000208: AND 00000209: CALLER 0000020a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000021f: AND 00000220: EQ 00000221: PUSH2 0x025f 00000224: JUMPI 00000225: PUSH1 0x40 00000227: MLOAD 00000228: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000249: DUP2 0000024a: MSTORE 0000024b: PUSH1 0x04 0000024d: ADD 0000024e: PUSH2 0x0256 00000251: SWAP1 00000252: PUSH2 0x119b 00000255: JUMP 00000256: JUMPDEST 00000257: PUSH1 0x40 00000259: MLOAD 0000025a: DUP1 0000025b: SWAP2 0000025c: SUB 0000025d: SWAP1 0000025e: REVERT 0000025f: JUMPDEST 00000260: PUSH1 0x00 00000262: SLOAD 00000263: PUSH1 0x01 00000265: SLOAD 00000266: PUSH2 0x026f 00000269: SWAP2 0000026a: SWAP1 0000026b: PUSH2 0x1310 0000026e: JUMP 0000026f: JUMPDEST 00000270: TIMESTAMP 00000271: LT 00000272: ISZERO 00000273: PUSH2 0x02b1 00000276: JUMPI 00000277: PUSH1 0x40 00000279: MLOAD 0000027a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000029b: DUP2 0000029c: MSTORE 0000029d: PUSH1 0x04 0000029f: ADD 000002a0: PUSH2 0x02a8 000002a3: SWAP1 000002a4: PUSH2 0x11db 000002a7: JUMP 000002a8: JUMPDEST 000002a9: PUSH1 0x40 000002ab: MLOAD 000002ac: DUP1 000002ad: SWAP2 000002ae: SUB 000002af: SWAP1 000002b0: REVERT 000002b1: JUMPDEST 000002b2: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 000002d3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002e8: AND 000002e9: DUP2 000002ea: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002ff: AND 00000300: EQ 00000301: ISZERO 00000302: PUSH2 0x0340 00000305: JUMPI 00000306: PUSH1 0x40 00000308: MLOAD 00000309: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000032a: DUP2 0000032b: MSTORE 0000032c: PUSH1 0x04 0000032e: ADD 0000032f: PUSH2 0x0337 00000332: SWAP1 00000333: PUSH2 0x123b 00000336: JUMP 00000337: JUMPDEST 00000338: PUSH1 0x40 0000033a: MLOAD 0000033b: DUP1 0000033c: SWAP2 0000033d: SUB 0000033e: SWAP1 0000033f: REVERT 00000340: JUMPDEST 00000341: DUP2 00000342: SELFBALANCE 00000343: LT 00000344: ISZERO 00000345: PUSH2 0x0383 00000348: JUMPI 00000349: PUSH1 0x40 0000034b: MLOAD 0000034c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000036d: DUP2 0000036e: MSTORE 0000036f: PUSH1 0x04 00000371: ADD 00000372: PUSH2 0x037a 00000375: SWAP1 00000376: PUSH2 0x11bb 00000379: JUMP 0000037a: JUMPDEST 0000037b: PUSH1 0x40 0000037d: MLOAD 0000037e: DUP1 0000037f: SWAP2 00000380: SUB 00000381: SWAP1 00000382: REVERT 00000383: JUMPDEST 00000384: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 000003a5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003ba: AND 000003bb: PUSH2 0x08fc 000003be: DUP4 000003bf: SWAP1 000003c0: DUP2 000003c1: ISZERO 000003c2: MUL 000003c3: SWAP1 000003c4: PUSH1 0x40 000003c6: MLOAD 000003c7: PUSH1 0x00 000003c9: PUSH1 0x40 000003cb: MLOAD 000003cc: DUP1 000003cd: DUP4 000003ce: SUB 000003cf: DUP2 000003d0: DUP6 000003d1: DUP9 000003d2: DUP9 000003d3: CALL 000003d4: SWAP4 000003d5: POP 000003d6: POP 000003d7: POP 000003d8: POP 000003d9: ISZERO 000003da: DUP1 000003db: ISZERO 000003dc: PUSH2 0x03e9 000003df: JUMPI 000003e0: RETURNDATASIZE 000003e1: PUSH1 0x00 000003e3: DUP1 000003e4: RETURNDATACOPY 000003e5: RETURNDATASIZE 000003e6: PUSH1 0x00 000003e8: REVERT 000003e9: JUMPDEST 000003ea: POP 000003eb: PUSH1 0x00 000003ed: DUP2 000003ee: SWAP1 000003ef: POP 000003f0: PUSH1 0x00 000003f2: DUP2 000003f3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000408: AND 00000409: PUSH4 0x70a08231 0000040e: ADDRESS 0000040f: PUSH1 0x40 00000411: MLOAD 00000412: DUP3 00000413: PUSH4 0xffffffff 00000418: AND 00000419: PUSH1 0xe0 0000041b: SHL 0000041c: DUP2 0000041d: MSTORE 0000041e: PUSH1 0x04 00000420: ADD 00000421: PUSH2 0x042a 00000424: SWAP2 00000425: SWAP1 00000426: PUSH2 0x111c 00000429: JUMP 0000042a: JUMPDEST 0000042b: PUSH1 0x20 0000042d: PUSH1 0x40 0000042f: MLOAD 00000430: DUP1 00000431: DUP4 00000432: SUB 00000433: DUP2 00000434: DUP7 00000435: DUP1 00000436: EXTCODESIZE 00000437: ISZERO 00000438: DUP1 00000439: ISZERO 0000043a: PUSH2 0x0442 0000043d: JUMPI 0000043e: PUSH1 0x00 00000440: DUP1 00000441: REVERT 00000442: JUMPDEST 00000443: POP 00000444: GAS 00000445: STATICCALL 00000446: ISZERO 00000447: DUP1 00000448: ISZERO 00000449: PUSH2 0x0456 0000044c: JUMPI 0000044d: RETURNDATASIZE 0000044e: PUSH1 0x00 00000450: DUP1 00000451: RETURNDATACOPY 00000452: RETURNDATASIZE 00000453: PUSH1 0x00 00000455: REVERT 00000456: JUMPDEST 00000457: POP 00000458: POP 00000459: POP 0000045a: POP 0000045b: PUSH1 0x40 0000045d: MLOAD 0000045e: RETURNDATASIZE 0000045f: PUSH1 0x1f 00000461: NOT 00000462: PUSH1 0x1f 00000464: DUP3 00000465: ADD 00000466: AND 00000467: DUP3 00000468: ADD 00000469: DUP1 0000046a: PUSH1 0x40 0000046c: MSTORE 0000046d: POP 0000046e: DUP2 0000046f: ADD 00000470: SWAP1 00000471: PUSH2 0x047a 00000474: SWAP2 00000475: SWAP1 00000476: PUSH2 0x0cda 00000479: JUMP 0000047a: JUMPDEST 0000047b: SWAP1 0000047c: POP 0000047d: PUSH1 0x00 0000047f: DUP2 00000480: GT 00000481: PUSH2 0x04bf 00000484: JUMPI 00000485: PUSH1 0x40 00000487: MLOAD 00000488: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000004a9: DUP2 000004aa: MSTORE 000004ab: PUSH1 0x04 000004ad: ADD 000004ae: PUSH2 0x04b6 000004b1: SWAP1 000004b2: PUSH2 0x117b 000004b5: JUMP 000004b6: JUMPDEST 000004b7: PUSH1 0x40 000004b9: MLOAD 000004ba: DUP1 000004bb: SWAP2 000004bc: SUB 000004bd: SWAP1 000004be: REVERT 000004bf: JUMPDEST 000004c0: DUP2 000004c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004d6: AND 000004d7: PUSH4 0xa9059cbb 000004dc: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 000004fd: DUP4 000004fe: PUSH1 0x40 00000500: MLOAD 00000501: DUP4 00000502: PUSH4 0xffffffff 00000507: AND 00000508: PUSH1 0xe0 0000050a: SHL 0000050b: DUP2 0000050c: MSTORE 0000050d: PUSH1 0x04 0000050f: ADD 00000510: PUSH2 0x051a 00000513: SWAP3 00000514: SWAP2 00000515: SWAP1 00000516: PUSH2 0x1137 00000519: JUMP 0000051a: JUMPDEST 0000051b: PUSH1 0x20 0000051d: PUSH1 0x40 0000051f: MLOAD 00000520: DUP1 00000521: DUP4 00000522: SUB 00000523: DUP2 00000524: PUSH1 0x00 00000526: DUP8 00000527: DUP1 00000528: EXTCODESIZE 00000529: ISZERO 0000052a: DUP1 0000052b: ISZERO 0000052c: PUSH2 0x0534 0000052f: JUMPI 00000530: PUSH1 0x00 00000532: DUP1 00000533: REVERT 00000534: JUMPDEST 00000535: POP 00000536: GAS 00000537: CALL 00000538: ISZERO 00000539: DUP1 0000053a: ISZERO 0000053b: PUSH2 0x0548 0000053e: JUMPI 0000053f: RETURNDATASIZE 00000540: PUSH1 0x00 00000542: DUP1 00000543: RETURNDATACOPY 00000544: RETURNDATASIZE 00000545: PUSH1 0x00 00000547: REVERT 00000548: JUMPDEST 00000549: POP 0000054a: POP 0000054b: POP 0000054c: POP 0000054d: PUSH1 0x40 0000054f: MLOAD 00000550: RETURNDATASIZE 00000551: PUSH1 0x1f 00000553: NOT 00000554: PUSH1 0x1f 00000556: DUP3 00000557: ADD 00000558: AND 00000559: DUP3 0000055a: ADD 0000055b: DUP1 0000055c: PUSH1 0x40 0000055e: MSTORE 0000055f: POP 00000560: DUP2 00000561: ADD 00000562: SWAP1 00000563: PUSH2 0x056c 00000566: SWAP2 00000567: SWAP1 00000568: PUSH2 0x0c88 0000056b: JUMP 0000056c: JUMPDEST 0000056d: PUSH2 0x05ab 00000570: JUMPI 00000571: PUSH1 0x40 00000573: MLOAD 00000574: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000595: DUP2 00000596: MSTORE 00000597: PUSH1 0x04 00000599: ADD 0000059a: PUSH2 0x05a2 0000059d: SWAP1 0000059e: PUSH2 0x125b 000005a1: JUMP 000005a2: JUMPDEST 000005a3: PUSH1 0x40 000005a5: MLOAD 000005a6: DUP1 000005a7: SWAP2 000005a8: SUB 000005a9: SWAP1 000005aa: REVERT 000005ab: JUMPDEST 000005ac: DUP3 000005ad: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005c2: AND 000005c3: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 000005e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005f9: AND 000005fa: PUSH32 0x10b55f01b1cfe0feeb7d144f66162661602d8e73256499b6d8342aac37ff0679 0000061b: TIMESTAMP 0000061c: DUP5 0000061d: PUSH1 0x40 0000061f: MLOAD 00000620: PUSH2 0x062a 00000623: SWAP3 00000624: SWAP2 00000625: SWAP1 00000626: PUSH2 0x12d6 00000629: JUMP 0000062a: JUMPDEST 0000062b: PUSH1 0x40 0000062d: MLOAD 0000062e: DUP1 0000062f: SWAP2 00000630: SUB 00000631: SWAP1 00000632: LOG3 00000633: POP 00000634: POP 00000635: POP 00000636: POP 00000637: JUMP 00000638: JUMPDEST 00000639: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 0000065a: DUP2 0000065b: JUMP 0000065c: JUMPDEST 0000065d: PUSH32 0x000000000000000000000000000000000000000000000000000000007b7ed2e2 0000067e: DUP2 0000067f: JUMP 00000680: JUMPDEST 00000681: PUSH1 0x01 00000683: SLOAD 00000684: DUP2 00000685: JUMP 00000686: JUMPDEST 00000687: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 000006a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006bd: AND 000006be: CALLER 000006bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006d4: AND 000006d5: EQ 000006d6: PUSH2 0x0714 000006d9: JUMPI 000006da: PUSH1 0x40 000006dc: MLOAD 000006dd: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000006fe: DUP2 000006ff: MSTORE 00000700: PUSH1 0x04 00000702: ADD 00000703: PUSH2 0x070b 00000706: SWAP1 00000707: PUSH2 0x127b 0000070a: JUMP 0000070b: JUMPDEST 0000070c: PUSH1 0x40 0000070e: MLOAD 0000070f: DUP1 00000710: SWAP2 00000711: SUB 00000712: SWAP1 00000713: REVERT 00000714: JUMPDEST 00000715: PUSH1 0x00 00000717: SLOAD 00000718: PUSH1 0x01 0000071a: SLOAD 0000071b: PUSH2 0x0724 0000071e: SWAP2 0000071f: SWAP1 00000720: PUSH2 0x1310 00000723: JUMP 00000724: JUMPDEST 00000725: TIMESTAMP 00000726: LT 00000727: ISZERO 00000728: PUSH2 0x0766 0000072b: JUMPI 0000072c: PUSH1 0x40 0000072e: MLOAD 0000072f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000750: DUP2 00000751: MSTORE 00000752: PUSH1 0x04 00000754: ADD 00000755: PUSH2 0x075d 00000758: SWAP1 00000759: PUSH2 0x129b 0000075c: JUMP 0000075d: JUMPDEST 0000075e: PUSH1 0x40 00000760: MLOAD 00000761: DUP1 00000762: SWAP2 00000763: SUB 00000764: SWAP1 00000765: REVERT 00000766: JUMPDEST 00000767: PUSH1 0x00 00000769: DUP2 0000076a: GT 0000076b: PUSH2 0x07a9 0000076e: JUMPI 0000076f: PUSH1 0x40 00000771: MLOAD 00000772: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000793: DUP2 00000794: MSTORE 00000795: PUSH1 0x04 00000797: ADD 00000798: PUSH2 0x07a0 0000079b: SWAP1 0000079c: PUSH2 0x121b 0000079f: JUMP 000007a0: JUMPDEST 000007a1: PUSH1 0x40 000007a3: MLOAD 000007a4: DUP1 000007a5: SWAP2 000007a6: SUB 000007a7: SWAP1 000007a8: REVERT 000007a9: JUMPDEST 000007aa: PUSH32 0x000000000000000000000000000000000000000000000000000000007b7ed2e2 000007cb: DUP2 000007cc: PUSH1 0x00 000007ce: SLOAD 000007cf: PUSH1 0x01 000007d1: SLOAD 000007d2: PUSH2 0x07db 000007d5: SWAP2 000007d6: SWAP1 000007d7: PUSH2 0x1310 000007da: JUMP 000007db: JUMPDEST 000007dc: PUSH2 0x07e5 000007df: SWAP2 000007e0: SWAP1 000007e1: PUSH2 0x1310 000007e4: JUMP 000007e5: JUMPDEST 000007e6: GT 000007e7: ISZERO 000007e8: PUSH2 0x0826 000007eb: JUMPI 000007ec: PUSH1 0x40 000007ee: MLOAD 000007ef: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000810: DUP2 00000811: MSTORE 00000812: PUSH1 0x04 00000814: ADD 00000815: PUSH2 0x081d 00000818: SWAP1 00000819: PUSH2 0x11fb 0000081c: JUMP 0000081d: JUMPDEST 0000081e: PUSH1 0x40 00000820: MLOAD 00000821: DUP1 00000822: SWAP2 00000823: SUB 00000824: SWAP1 00000825: REVERT 00000826: JUMPDEST 00000827: DUP1 00000828: PUSH1 0x00 0000082a: DUP1 0000082b: DUP3 0000082c: DUP3 0000082d: SLOAD 0000082e: PUSH2 0x0837 00000831: SWAP2 00000832: SWAP1 00000833: PUSH2 0x1310 00000836: JUMP 00000837: JUMPDEST 00000838: SWAP3 00000839: POP 0000083a: POP 0000083b: DUP2 0000083c: SWAP1 0000083d: SSTORE 0000083e: POP 0000083f: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000860: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000875: AND 00000876: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 00000897: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008ac: AND 000008ad: PUSH32 0xff89fcf2f8a70fe268488ded07719ee35217ba8ca9f92b9068bf4ea4ceb4950c 000008ce: PUSH1 0x00 000008d0: SLOAD 000008d1: PUSH1 0x40 000008d3: MLOAD 000008d4: PUSH2 0x08dd 000008d7: SWAP2 000008d8: SWAP1 000008d9: PUSH2 0x12bb 000008dc: JUMP 000008dd: JUMPDEST 000008de: PUSH1 0x40 000008e0: MLOAD 000008e1: DUP1 000008e2: SWAP2 000008e3: SUB 000008e4: SWAP1 000008e5: LOG3 000008e6: POP 000008e7: JUMP 000008e8: JUMPDEST 000008e9: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 0000090a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000091f: AND 00000920: CALLER 00000921: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000936: AND 00000937: EQ 00000938: PUSH2 0x0976 0000093b: JUMPI 0000093c: PUSH1 0x40 0000093e: MLOAD 0000093f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000960: DUP2 00000961: MSTORE 00000962: PUSH1 0x04 00000964: ADD 00000965: PUSH2 0x096d 00000968: SWAP1 00000969: PUSH2 0x119b 0000096c: JUMP 0000096d: JUMPDEST 0000096e: PUSH1 0x40 00000970: MLOAD 00000971: DUP1 00000972: SWAP2 00000973: SUB 00000974: SWAP1 00000975: REVERT 00000976: JUMPDEST 00000977: PUSH1 0x00 00000979: SLOAD 0000097a: PUSH1 0x01 0000097c: SLOAD 0000097d: PUSH2 0x0986 00000980: SWAP2 00000981: SWAP1 00000982: PUSH2 0x1310 00000985: JUMP 00000986: JUMPDEST 00000987: TIMESTAMP 00000988: LT 00000989: ISZERO 0000098a: PUSH2 0x09c8 0000098d: JUMPI 0000098e: PUSH1 0x40 00000990: MLOAD 00000991: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000009b2: DUP2 000009b3: MSTORE 000009b4: PUSH1 0x04 000009b6: ADD 000009b7: PUSH2 0x09bf 000009ba: SWAP1 000009bb: PUSH2 0x11db 000009be: JUMP 000009bf: JUMPDEST 000009c0: PUSH1 0x40 000009c2: MLOAD 000009c3: DUP1 000009c4: SWAP2 000009c5: SUB 000009c6: SWAP1 000009c7: REVERT 000009c8: JUMPDEST 000009c9: PUSH1 0x00 000009cb: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 000009ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a01: AND 00000a02: PUSH4 0x70a08231 00000a07: ADDRESS 00000a08: PUSH1 0x40 00000a0a: MLOAD 00000a0b: DUP3 00000a0c: PUSH4 0xffffffff 00000a11: AND 00000a12: PUSH1 0xe0 00000a14: SHL 00000a15: DUP2 00000a16: MSTORE 00000a17: PUSH1 0x04 00000a19: ADD 00000a1a: PUSH2 0x0a23 00000a1d: SWAP2 00000a1e: SWAP1 00000a1f: PUSH2 0x111c 00000a22: JUMP 00000a23: JUMPDEST 00000a24: PUSH1 0x20 00000a26: PUSH1 0x40 00000a28: MLOAD 00000a29: DUP1 00000a2a: DUP4 00000a2b: SUB 00000a2c: DUP2 00000a2d: DUP7 00000a2e: DUP1 00000a2f: EXTCODESIZE 00000a30: ISZERO 00000a31: DUP1 00000a32: ISZERO 00000a33: PUSH2 0x0a3b 00000a36: JUMPI 00000a37: PUSH1 0x00 00000a39: DUP1 00000a3a: REVERT 00000a3b: JUMPDEST 00000a3c: POP 00000a3d: GAS 00000a3e: STATICCALL 00000a3f: ISZERO 00000a40: DUP1 00000a41: ISZERO 00000a42: PUSH2 0x0a4f 00000a45: JUMPI 00000a46: RETURNDATASIZE 00000a47: PUSH1 0x00 00000a49: DUP1 00000a4a: RETURNDATACOPY 00000a4b: RETURNDATASIZE 00000a4c: PUSH1 0x00 00000a4e: REVERT 00000a4f: JUMPDEST 00000a50: POP 00000a51: POP 00000a52: POP 00000a53: POP 00000a54: PUSH1 0x40 00000a56: MLOAD 00000a57: RETURNDATASIZE 00000a58: PUSH1 0x1f 00000a5a: NOT 00000a5b: PUSH1 0x1f 00000a5d: DUP3 00000a5e: ADD 00000a5f: AND 00000a60: DUP3 00000a61: ADD 00000a62: DUP1 00000a63: PUSH1 0x40 00000a65: MSTORE 00000a66: POP 00000a67: DUP2 00000a68: ADD 00000a69: SWAP1 00000a6a: PUSH2 0x0a73 00000a6d: SWAP2 00000a6e: SWAP1 00000a6f: PUSH2 0x0cda 00000a72: JUMP 00000a73: JUMPDEST 00000a74: SWAP1 00000a75: POP 00000a76: PUSH1 0x00 00000a78: DUP2 00000a79: GT 00000a7a: PUSH2 0x0ab8 00000a7d: JUMPI 00000a7e: PUSH1 0x40 00000a80: MLOAD 00000a81: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000aa2: DUP2 00000aa3: MSTORE 00000aa4: PUSH1 0x04 00000aa6: ADD 00000aa7: PUSH2 0x0aaf 00000aaa: SWAP1 00000aab: PUSH2 0x117b 00000aae: JUMP 00000aaf: JUMPDEST 00000ab0: PUSH1 0x40 00000ab2: MLOAD 00000ab3: DUP1 00000ab4: SWAP2 00000ab5: SUB 00000ab6: SWAP1 00000ab7: REVERT 00000ab8: JUMPDEST 00000ab9: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000ada: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000aef: AND 00000af0: PUSH4 0xa9059cbb 00000af5: PUSH32 0x000000000000000000000000611cce5d440a941893587ac04228d957003d6313 00000b16: DUP4 00000b17: PUSH1 0x40 00000b19: MLOAD 00000b1a: DUP4 00000b1b: PUSH4 0xffffffff 00000b20: AND 00000b21: PUSH1 0xe0 00000b23: SHL 00000b24: DUP2 00000b25: MSTORE 00000b26: PUSH1 0x04 00000b28: ADD 00000b29: PUSH2 0x0b33 00000b2c: SWAP3 00000b2d: SWAP2 00000b2e: SWAP1 00000b2f: PUSH2 0x1137 00000b32: JUMP 00000b33: JUMPDEST 00000b34: PUSH1 0x20 00000b36: PUSH1 0x40 00000b38: MLOAD 00000b39: DUP1 00000b3a: DUP4 00000b3b: SUB 00000b3c: DUP2 00000b3d: PUSH1 0x00 00000b3f: DUP8 00000b40: DUP1 00000b41: EXTCODESIZE 00000b42: ISZERO 00000b43: DUP1 00000b44: ISZERO 00000b45: PUSH2 0x0b4d 00000b48: JUMPI 00000b49: PUSH1 0x00 00000b4b: DUP1 00000b4c: REVERT 00000b4d: JUMPDEST 00000b4e: POP 00000b4f: GAS 00000b50: CALL 00000b51: ISZERO 00000b52: DUP1 00000b53: ISZERO 00000b54: PUSH2 0x0b61 00000b57: JUMPI 00000b58: RETURNDATASIZE 00000b59: PUSH1 0x00 00000b5b: DUP1 00000b5c: RETURNDATACOPY 00000b5d: RETURNDATASIZE 00000b5e: PUSH1 0x00 00000b60: REVERT 00000b61: JUMPDEST 00000b62: POP 00000b63: POP 00000b64: POP 00000b65: POP 00000b66: PUSH1 0x40 00000b68: MLOAD 00000b69: RETURNDATASIZE 00000b6a: PUSH1 0x1f 00000b6c: NOT 00000b6d: PUSH1 0x1f 00000b6f: DUP3 00000b70: ADD 00000b71: AND 00000b72: DUP3 00000b73: ADD 00000b74: DUP1 00000b75: PUSH1 0x40 00000b77: MSTORE 00000b78: POP 00000b79: DUP2 00000b7a: ADD 00000b7b: SWAP1 00000b7c: PUSH2 0x0b85 00000b7f: SWAP2 00000b80: SWAP1 00000b81: PUSH2 0x0c88 00000b84: JUMP 00000b85: JUMPDEST 00000b86: POP 00000b87: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000ba8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bbd: AND 00000bbe: CALLER 00000bbf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bd4: AND 00000bd5: PUSH32 0x10b55f01b1cfe0feeb7d144f66162661602d8e73256499b6d8342aac37ff0679 00000bf6: TIMESTAMP 00000bf7: DUP5 00000bf8: PUSH1 0x40 00000bfa: MLOAD 00000bfb: PUSH2 0x0c05 00000bfe: SWAP3 00000bff: SWAP2 00000c00: SWAP1 00000c01: PUSH2 0x12d6 00000c04: JUMP 00000c05: JUMPDEST 00000c06: PUSH1 0x40 00000c08: MLOAD 00000c09: DUP1 00000c0a: SWAP2 00000c0b: SUB 00000c0c: SWAP1 00000c0d: LOG3 00000c0e: POP 00000c0f: JUMP 00000c10: JUMPDEST 00000c11: PUSH32 0x000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 00000c32: DUP2 00000c33: JUMP 00000c34: JUMPDEST 00000c35: PUSH1 0x00 00000c37: DUP2 00000c38: CALLDATALOAD 00000c39: SWAP1 00000c3a: POP 00000c3b: PUSH2 0x0c43 00000c3e: DUP2 00000c3f: PUSH2 0x1401 00000c42: JUMP 00000c43: JUMPDEST 00000c44: SWAP3 00000c45: SWAP2 00000c46: POP 00000c47: POP 00000c48: JUMP 00000c49: JUMPDEST 00000c4a: PUSH1 0x00 00000c4c: DUP2 00000c4d: MLOAD 00000c4e: SWAP1 00000c4f: POP 00000c50: PUSH2 0x0c58 00000c53: DUP2 00000c54: PUSH2 0x1418 00000c57: JUMP 00000c58: JUMPDEST 00000c59: SWAP3 00000c5a: SWAP2 00000c5b: POP 00000c5c: POP 00000c5d: JUMP 00000c5e: JUMPDEST 00000c5f: PUSH1 0x00 00000c61: DUP2 00000c62: CALLDATALOAD 00000c63: SWAP1 00000c64: POP 00000c65: PUSH2 0x0c6d 00000c68: DUP2 00000c69: PUSH2 0x142f 00000c6c: JUMP 00000c6d: JUMPDEST 00000c6e: SWAP3 00000c6f: SWAP2 00000c70: POP 00000c71: POP 00000c72: JUMP 00000c73: JUMPDEST 00000c74: PUSH1 0x00 00000c76: DUP2 00000c77: MLOAD 00000c78: SWAP1 00000c79: POP 00000c7a: PUSH2 0x0c82 00000c7d: DUP2 00000c7e: PUSH2 0x142f 00000c81: JUMP 00000c82: JUMPDEST 00000c83: SWAP3 00000c84: SWAP2 00000c85: POP 00000c86: POP 00000c87: JUMP 00000c88: JUMPDEST 00000c89: PUSH1 0x00 00000c8b: PUSH1 0x20 00000c8d: DUP3 00000c8e: DUP5 00000c8f: SUB 00000c90: SLT 00000c91: ISZERO 00000c92: PUSH2 0x0c9a 00000c95: JUMPI 00000c96: PUSH1 0x00 00000c98: DUP1 00000c99: REVERT 00000c9a: JUMPDEST 00000c9b: PUSH1 0x00 00000c9d: PUSH2 0x0ca8 00000ca0: DUP5 00000ca1: DUP3 00000ca2: DUP6 00000ca3: ADD 00000ca4: PUSH2 0x0c49 00000ca7: JUMP 00000ca8: JUMPDEST 00000ca9: SWAP2 00000caa: POP 00000cab: POP 00000cac: SWAP3 00000cad: SWAP2 00000cae: POP 00000caf: POP 00000cb0: JUMP 00000cb1: JUMPDEST 00000cb2: PUSH1 0x00 00000cb4: PUSH1 0x20 00000cb6: DUP3 00000cb7: DUP5 00000cb8: SUB 00000cb9: SLT 00000cba: ISZERO 00000cbb: PUSH2 0x0cc3 00000cbe: JUMPI 00000cbf: PUSH1 0x00 00000cc1: DUP1 00000cc2: REVERT 00000cc3: JUMPDEST 00000cc4: PUSH1 0x00 00000cc6: PUSH2 0x0cd1 00000cc9: DUP5 00000cca: DUP3 00000ccb: DUP6 00000ccc: ADD 00000ccd: PUSH2 0x0c5e 00000cd0: JUMP 00000cd1: JUMPDEST 00000cd2: SWAP2 00000cd3: POP 00000cd4: POP 00000cd5: SWAP3 00000cd6: SWAP2 00000cd7: POP 00000cd8: POP 00000cd9: JUMP 00000cda: JUMPDEST 00000cdb: PUSH1 0x00 00000cdd: PUSH1 0x20 00000cdf: DUP3 00000ce0: DUP5 00000ce1: SUB 00000ce2: SLT 00000ce3: ISZERO 00000ce4: PUSH2 0x0cec 00000ce7: JUMPI 00000ce8: PUSH1 0x00 00000cea: DUP1 00000ceb: REVERT 00000cec: JUMPDEST 00000ced: PUSH1 0x00 00000cef: PUSH2 0x0cfa 00000cf2: DUP5 00000cf3: DUP3 00000cf4: DUP6 00000cf5: ADD 00000cf6: PUSH2 0x0c73 00000cf9: JUMP 00000cfa: JUMPDEST 00000cfb: SWAP2 00000cfc: POP 00000cfd: POP 00000cfe: SWAP3 00000cff: SWAP2 00000d00: POP 00000d01: POP 00000d02: JUMP 00000d03: JUMPDEST 00000d04: PUSH1 0x00 00000d06: DUP1 00000d07: PUSH1 0x40 00000d09: DUP4 00000d0a: DUP6 00000d0b: SUB 00000d0c: SLT 00000d0d: ISZERO 00000d0e: PUSH2 0x0d16 00000d11: JUMPI 00000d12: PUSH1 0x00 00000d14: DUP1 00000d15: REVERT 00000d16: JUMPDEST 00000d17: PUSH1 0x00 00000d19: PUSH2 0x0d24 00000d1c: DUP6 00000d1d: DUP3 00000d1e: DUP7 00000d1f: ADD 00000d20: PUSH2 0x0c5e 00000d23: JUMP 00000d24: JUMPDEST 00000d25: SWAP3 00000d26: POP 00000d27: POP 00000d28: PUSH1 0x20 00000d2a: PUSH2 0x0d35 00000d2d: DUP6 00000d2e: DUP3 00000d2f: DUP7 00000d30: ADD 00000d31: PUSH2 0x0c34 00000d34: JUMP 00000d35: JUMPDEST 00000d36: SWAP2 00000d37: POP 00000d38: POP 00000d39: SWAP3 00000d3a: POP 00000d3b: SWAP3 00000d3c: SWAP1 00000d3d: POP 00000d3e: JUMP 00000d3f: JUMPDEST 00000d40: PUSH2 0x0d48 00000d43: DUP2 00000d44: PUSH2 0x1366 00000d47: JUMP 00000d48: JUMPDEST 00000d49: DUP3 00000d4a: MSTORE 00000d4b: POP 00000d4c: POP 00000d4d: JUMP 00000d4e: JUMPDEST 00000d4f: PUSH2 0x0d57 00000d52: DUP2 00000d53: PUSH2 0x13ae 00000d56: JUMP 00000d57: JUMPDEST 00000d58: DUP3 00000d59: MSTORE 00000d5a: POP 00000d5b: POP 00000d5c: JUMP 00000d5d: JUMPDEST 00000d5e: PUSH1 0x00 00000d60: PUSH2 0x0d6a 00000d63: PUSH1 0x1f 00000d65: DUP4 00000d66: PUSH2 0x12ff 00000d69: JUMP 00000d6a: JUMPDEST 00000d6b: SWAP2 00000d6c: POP 00000d6d: PUSH32 0x546f6b656e4c6f636b3a206e6f20746f6b656e7320746f2072656c6561736500 00000d8e: PUSH1 0x00 00000d90: DUP4 00000d91: ADD 00000d92: MSTORE 00000d93: PUSH1 0x20 00000d95: DUP3 00000d96: ADD 00000d97: SWAP1 00000d98: POP 00000d99: SWAP2 00000d9a: SWAP1 00000d9b: POP 00000d9c: JUMP 00000d9d: JUMPDEST 00000d9e: PUSH1 0x00 00000da0: PUSH2 0x0daa 00000da3: PUSH1 0x2b 00000da5: DUP4 00000da6: PUSH2 0x12ff 00000da9: JUMP 00000daa: JUMPDEST 00000dab: SWAP2 00000dac: POP 00000dad: PUSH32 0x546f6b656e4c6f636b3a204f6e6c79207468652062656e656669636961727920 00000dce: PUSH1 0x00 00000dd0: DUP4 00000dd1: ADD 00000dd2: MSTORE 00000dd3: PUSH32 0x63616e206f706572617465000000000000000000000000000000000000000000 00000df4: PUSH1 0x20 00000df6: DUP4 00000df7: ADD 00000df8: MSTORE 00000df9: PUSH1 0x40 00000dfb: DUP3 00000dfc: ADD 00000dfd: SWAP1 00000dfe: POP 00000dff: SWAP2 00000e00: SWAP1 00000e01: POP 00000e02: JUMP 00000e03: JUMPDEST 00000e04: PUSH1 0x00 00000e06: PUSH2 0x0e10 00000e09: PUSH1 0x25 00000e0b: DUP4 00000e0c: PUSH2 0x12ff 00000e0f: JUMP 00000e10: JUMPDEST 00000e11: SWAP2 00000e12: POP 00000e13: PUSH32 0x546f6b656e4c6f636b3a20696e73756666696369656e74206574686572206261 00000e34: PUSH1 0x00 00000e36: DUP4 00000e37: ADD 00000e38: MSTORE 00000e39: PUSH32 0x6c616e6365000000000000000000000000000000000000000000000000000000 00000e5a: PUSH1 0x20 00000e5c: DUP4 00000e5d: ADD 00000e5e: MSTORE 00000e5f: PUSH1 0x40 00000e61: DUP3 00000e62: ADD 00000e63: SWAP1 00000e64: POP 00000e65: SWAP2 00000e66: SWAP1 00000e67: POP 00000e68: JUMP 00000e69: JUMPDEST 00000e6a: PUSH1 0x00 00000e6c: PUSH2 0x0e76 00000e6f: PUSH1 0x2e 00000e71: DUP4 00000e72: PUSH2 0x12ff 00000e75: JUMP 00000e76: JUMPDEST 00000e77: SWAP2 00000e78: POP 00000e79: PUSH32 0x546f6b656e4c6f636b3a2063757272656e742074696d65206973206265666f72 00000e9a: PUSH1 0x00 00000e9c: DUP4 00000e9d: ADD 00000e9e: MSTORE 00000e9f: PUSH32 0x652072656c656173652074696d65000000000000000000000000000000000000 00000ec0: PUSH1 0x20 00000ec2: DUP4 00000ec3: ADD 00000ec4: MSTORE 00000ec5: PUSH1 0x40 00000ec7: DUP3 00000ec8: ADD 00000ec9: SWAP1 00000eca: POP 00000ecb: SWAP2 00000ecc: SWAP1 00000ecd: POP 00000ece: JUMP 00000ecf: JUMPDEST 00000ed0: PUSH1 0x00 00000ed2: PUSH2 0x0edc 00000ed5: PUSH1 0x3c 00000ed7: DUP4 00000ed8: PUSH2 0x12ff 00000edb: JUMP 00000edc: JUMPDEST 00000edd: SWAP2 00000ede: POP 00000edf: PUSH32 0x546f6b656e4c6f636b3a20657874656e646564206c6f636b2074696d65206578 00000f00: PUSH1 0x00 00000f02: DUP4 00000f03: ADD 00000f04: MSTORE 00000f05: PUSH32 0x6365656473206d6178696d756d20657874656e73696f6e2074696d6500000000 00000f26: PUSH1 0x20 00000f28: DUP4 00000f29: ADD 00000f2a: MSTORE 00000f2b: PUSH1 0x40 00000f2d: DUP3 00000f2e: ADD 00000f2f: SWAP1 00000f30: POP 00000f31: SWAP2 00000f32: SWAP1 00000f33: POP 00000f34: JUMP 00000f35: JUMPDEST 00000f36: PUSH1 0x00 00000f38: PUSH2 0x0f42 00000f3b: PUSH1 0x38 00000f3d: DUP4 00000f3e: PUSH2 0x12ff 00000f41: JUMP 00000f42: JUMPDEST 00000f43: SWAP2 00000f44: POP 00000f45: PUSH32 0x546f6b656e4c6f636b3a206164646974696f6e616c206c6f636b2074696d6520 00000f66: PUSH1 0x00 00000f68: DUP4 00000f69: ADD 00000f6a: MSTORE 00000f6b: PUSH32 0x73686f756c642062652067726561746572207468616e20300000000000000000 00000f8c: PUSH1 0x20 00000f8e: DUP4 00000f8f: ADD 00000f90: MSTORE 00000f91: PUSH1 0x40 00000f93: DUP3 00000f94: ADD 00000f95: SWAP1 00000f96: POP 00000f97: SWAP2 00000f98: SWAP1 00000f99: POP 00000f9a: JUMP 00000f9b: JUMPDEST 00000f9c: PUSH1 0x00 00000f9e: PUSH2 0x0fa8 00000fa1: PUSH1 0x21 00000fa3: DUP4 00000fa4: PUSH2 0x12ff 00000fa7: JUMP 00000fa8: JUMPDEST 00000fa9: SWAP2 00000faa: POP 00000fab: PUSH32 0x546f6b656e4c6f636b3a20496e76616c696420746f6b656e20636f6e74726163 00000fcc: PUSH1 0x00 00000fce: DUP4 00000fcf: ADD 00000fd0: MSTORE 00000fd1: PUSH32 0x7400000000000000000000000000000000000000000000000000000000000000 00000ff2: PUSH1 0x20 00000ff4: DUP4 00000ff5: ADD 00000ff6: MSTORE 00000ff7: PUSH1 0x40 00000ff9: DUP3 00000ffa: ADD 00000ffb: SWAP1 00000ffc: POP 00000ffd: SWAP2 00000ffe: SWAP1 00000fff: POP 00001000: JUMP 00001001: JUMPDEST 00001002: PUSH1 0x00 00001004: PUSH2 0x100e 00001007: PUSH1 0x20 00001009: DUP4 0000100a: PUSH2 0x12ff 0000100d: JUMP 0000100e: JUMPDEST 0000100f: SWAP2 00001010: POP 00001011: PUSH32 0x546f6b656e4c6f636b3a20746f6b656e207472616e73666572206661696c6564 00001032: PUSH1 0x00 00001034: DUP4 00001035: ADD 00001036: MSTORE 00001037: PUSH1 0x20 00001039: DUP3 0000103a: ADD 0000103b: SWAP1 0000103c: POP 0000103d: SWAP2 0000103e: SWAP1 0000103f: POP 00001040: JUMP 00001041: JUMPDEST 00001042: PUSH1 0x00 00001044: PUSH2 0x104e 00001047: PUSH1 0x38 00001049: DUP4 0000104a: PUSH2 0x12ff 0000104d: JUMP 0000104e: JUMPDEST 0000104f: SWAP2 00001050: POP 00001051: PUSH32 0x546f6b656e4c6f636b3a206f6e6c79207468652062656e656669636961727920 00001072: PUSH1 0x00 00001074: DUP4 00001075: ADD 00001076: MSTORE 00001077: PUSH32 0x63616e20657874656e6420746865206c6f636b2074696d650000000000000000 00001098: PUSH1 0x20 0000109a: DUP4 0000109b: ADD 0000109c: MSTORE 0000109d: PUSH1 0x40 0000109f: DUP3 000010a0: ADD 000010a1: SWAP1 000010a2: POP 000010a3: SWAP2 000010a4: SWAP1 000010a5: POP 000010a6: JUMP 000010a7: JUMPDEST 000010a8: PUSH1 0x00 000010aa: PUSH2 0x10b4 000010ad: PUSH1 0x33 000010af: DUP4 000010b0: PUSH2 0x12ff 000010b3: JUMP 000010b4: JUMPDEST 000010b5: SWAP2 000010b6: POP 000010b7: PUSH32 0x546f6b656e4c6f636b3a2063757272656e742074696d65206973206265666f72 000010d8: PUSH1 0x00 000010da: DUP4 000010db: ADD 000010dc: MSTORE 000010dd: PUSH32 0x65206c6f636b2074696d65206578706972657300000000000000000000000000 000010fe: PUSH1 0x20 00001100: DUP4 00001101: ADD 00001102: MSTORE 00001103: PUSH1 0x40 00001105: DUP3 00001106: ADD 00001107: SWAP1 00001108: POP 00001109: SWAP2 0000110a: SWAP1 0000110b: POP 0000110c: JUMP 0000110d: JUMPDEST 0000110e: PUSH2 0x1116 00001111: DUP2 00001112: PUSH2 0x13a4 00001115: JUMP 00001116: JUMPDEST 00001117: DUP3 00001118: MSTORE 00001119: POP 0000111a: POP 0000111b: JUMP 0000111c: JUMPDEST 0000111d: PUSH1 0x00 0000111f: PUSH1 0x20 00001121: DUP3 00001122: ADD 00001123: SWAP1 00001124: POP 00001125: PUSH2 0x1131 00001128: PUSH1 0x00 0000112a: DUP4 0000112b: ADD 0000112c: DUP5 0000112d: PUSH2 0x0d3f 00001130: JUMP 00001131: JUMPDEST 00001132: SWAP3 00001133: SWAP2 00001134: POP 00001135: POP 00001136: JUMP 00001137: JUMPDEST 00001138: PUSH1 0x00 0000113a: PUSH1 0x40 0000113c: DUP3 0000113d: ADD 0000113e: SWAP1 0000113f: POP 00001140: PUSH2 0x114c 00001143: PUSH1 0x00 00001145: DUP4 00001146: ADD 00001147: DUP6 00001148: PUSH2 0x0d3f 0000114b: JUMP 0000114c: JUMPDEST 0000114d: PUSH2 0x1159 00001150: PUSH1 0x20 00001152: DUP4 00001153: ADD 00001154: DUP5 00001155: PUSH2 0x110d 00001158: JUMP 00001159: JUMPDEST 0000115a: SWAP4 0000115b: SWAP3 0000115c: POP 0000115d: POP 0000115e: POP 0000115f: JUMP 00001160: JUMPDEST 00001161: PUSH1 0x00 00001163: PUSH1 0x20 00001165: DUP3 00001166: ADD 00001167: SWAP1 00001168: POP 00001169: PUSH2 0x1175 0000116c: PUSH1 0x00 0000116e: DUP4 0000116f: ADD 00001170: DUP5 00001171: PUSH2 0x0d4e 00001174: JUMP 00001175: JUMPDEST 00001176: SWAP3 00001177: SWAP2 00001178: POP 00001179: POP 0000117a: JUMP 0000117b: JUMPDEST 0000117c: PUSH1 0x00 0000117e: PUSH1 0x20 00001180: DUP3 00001181: ADD 00001182: SWAP1 00001183: POP 00001184: DUP2 00001185: DUP2 00001186: SUB 00001187: PUSH1 0x00 00001189: DUP4 0000118a: ADD 0000118b: MSTORE 0000118c: PUSH2 0x1194 0000118f: DUP2 00001190: PUSH2 0x0d5d 00001193: JUMP 00001194: JUMPDEST 00001195: SWAP1 00001196: POP 00001197: SWAP2 00001198: SWAP1 00001199: POP 0000119a: JUMP 0000119b: JUMPDEST 0000119c: PUSH1 0x00 0000119e: PUSH1 0x20 000011a0: DUP3 000011a1: ADD 000011a2: SWAP1 000011a3: POP 000011a4: DUP2 000011a5: DUP2 000011a6: SUB 000011a7: PUSH1 0x00 000011a9: DUP4 000011aa: ADD 000011ab: MSTORE 000011ac: PUSH2 0x11b4 000011af: DUP2 000011b0: PUSH2 0x0d9d 000011b3: JUMP 000011b4: JUMPDEST 000011b5: SWAP1 000011b6: POP 000011b7: SWAP2 000011b8: SWAP1 000011b9: POP 000011ba: JUMP 000011bb: JUMPDEST 000011bc: PUSH1 0x00 000011be: PUSH1 0x20 000011c0: DUP3 000011c1: ADD 000011c2: SWAP1 000011c3: POP 000011c4: DUP2 000011c5: DUP2 000011c6: SUB 000011c7: PUSH1 0x00 000011c9: DUP4 000011ca: ADD 000011cb: MSTORE 000011cc: PUSH2 0x11d4 000011cf: DUP2 000011d0: PUSH2 0x0e03 000011d3: JUMP 000011d4: JUMPDEST 000011d5: SWAP1 000011d6: POP 000011d7: SWAP2 000011d8: SWAP1 000011d9: POP 000011da: JUMP 000011db: JUMPDEST 000011dc: PUSH1 0x00 000011de: PUSH1 0x20 000011e0: DUP3 000011e1: ADD 000011e2: SWAP1 000011e3: POP 000011e4: DUP2 000011e5: DUP2 000011e6: SUB 000011e7: PUSH1 0x00 000011e9: DUP4 000011ea: ADD 000011eb: MSTORE 000011ec: PUSH2 0x11f4 000011ef: DUP2 000011f0: PUSH2 0x0e69 000011f3: JUMP 000011f4: JUMPDEST 000011f5: SWAP1 000011f6: POP 000011f7: SWAP2 000011f8: SWAP1 000011f9: POP 000011fa: JUMP 000011fb: JUMPDEST 000011fc: PUSH1 0x00 000011fe: PUSH1 0x20 00001200: DUP3 00001201: ADD 00001202: SWAP1 00001203: POP 00001204: DUP2 00001205: DUP2 00001206: SUB 00001207: PUSH1 0x00 00001209: DUP4 0000120a: ADD 0000120b: MSTORE 0000120c: PUSH2 0x1214 0000120f: DUP2 00001210: PUSH2 0x0ecf 00001213: JUMP 00001214: JUMPDEST 00001215: SWAP1 00001216: POP 00001217: SWAP2 00001218: SWAP1 00001219: POP 0000121a: JUMP 0000121b: JUMPDEST 0000121c: PUSH1 0x00 0000121e: PUSH1 0x20 00001220: DUP3 00001221: ADD 00001222: SWAP1 00001223: POP 00001224: DUP2 00001225: DUP2 00001226: SUB 00001227: PUSH1 0x00 00001229: DUP4 0000122a: ADD 0000122b: MSTORE 0000122c: PUSH2 0x1234 0000122f: DUP2 00001230: PUSH2 0x0f35 00001233: JUMP 00001234: JUMPDEST 00001235: SWAP1 00001236: POP 00001237: SWAP2 00001238: SWAP1 00001239: POP 0000123a: JUMP 0000123b: JUMPDEST 0000123c: PUSH1 0x00 0000123e: PUSH1 0x20 00001240: DUP3 00001241: ADD 00001242: SWAP1 00001243: POP 00001244: DUP2 00001245: DUP2 00001246: SUB 00001247: PUSH1 0x00 00001249: DUP4 0000124a: ADD 0000124b: MSTORE 0000124c: PUSH2 0x1254 0000124f: DUP2 00001250: PUSH2 0x0f9b 00001253: JUMP 00001254: JUMPDEST 00001255: SWAP1 00001256: POP 00001257: SWAP2 00001258: SWAP1 00001259: POP 0000125a: JUMP 0000125b: JUMPDEST 0000125c: PUSH1 0x00 0000125e: PUSH1 0x20 00001260: DUP3 00001261: ADD 00001262: SWAP1 00001263: POP 00001264: DUP2 00001265: DUP2 00001266: SUB 00001267: PUSH1 0x00 00001269: DUP4 0000126a: ADD 0000126b: MSTORE 0000126c: PUSH2 0x1274 0000126f: DUP2 00001270: PUSH2 0x1001 00001273: JUMP 00001274: JUMPDEST 00001275: SWAP1 00001276: POP 00001277: SWAP2 00001278: SWAP1 00001279: POP 0000127a: JUMP 0000127b: JUMPDEST 0000127c: PUSH1 0x00 0000127e: PUSH1 0x20 00001280: DUP3 00001281: ADD 00001282: SWAP1 00001283: POP 00001284: DUP2 00001285: DUP2 00001286: SUB 00001287: PUSH1 0x00 00001289: DUP4 0000128a: ADD 0000128b: MSTORE 0000128c: PUSH2 0x1294 0000128f: DUP2 00001290: PUSH2 0x1041 00001293: JUMP 00001294: JUMPDEST 00001295: SWAP1 00001296: POP 00001297: SWAP2 00001298: SWAP1 00001299: POP 0000129a: JUMP 0000129b: JUMPDEST 0000129c: PUSH1 0x00 0000129e: PUSH1 0x20 000012a0: DUP3 000012a1: ADD 000012a2: SWAP1 000012a3: POP 000012a4: DUP2 000012a5: DUP2 000012a6: SUB 000012a7: PUSH1 0x00 000012a9: DUP4 000012aa: ADD 000012ab: MSTORE 000012ac: PUSH2 0x12b4 000012af: DUP2 000012b0: PUSH2 0x10a7 000012b3: JUMP 000012b4: JUMPDEST 000012b5: SWAP1 000012b6: POP 000012b7: SWAP2 000012b8: SWAP1 000012b9: POP 000012ba: JUMP 000012bb: JUMPDEST 000012bc: PUSH1 0x00 000012be: PUSH1 0x20 000012c0: DUP3 000012c1: ADD 000012c2: SWAP1 000012c3: POP 000012c4: PUSH2 0x12d0 000012c7: PUSH1 0x00 000012c9: DUP4 000012ca: ADD 000012cb: DUP5 000012cc: PUSH2 0x110d 000012cf: JUMP 000012d0: JUMPDEST 000012d1: SWAP3 000012d2: SWAP2 000012d3: POP 000012d4: POP 000012d5: JUMP 000012d6: JUMPDEST 000012d7: PUSH1 0x00 000012d9: PUSH1 0x40 000012db: DUP3 000012dc: ADD 000012dd: SWAP1 000012de: POP 000012df: PUSH2 0x12eb 000012e2: PUSH1 0x00 000012e4: DUP4 000012e5: ADD 000012e6: DUP6 000012e7: PUSH2 0x110d 000012ea: JUMP 000012eb: JUMPDEST 000012ec: PUSH2 0x12f8 000012ef: PUSH1 0x20 000012f1: DUP4 000012f2: ADD 000012f3: DUP5 000012f4: PUSH2 0x110d 000012f7: JUMP 000012f8: JUMPDEST 000012f9: SWAP4 000012fa: SWAP3 000012fb: POP 000012fc: POP 000012fd: POP 000012fe: JUMP 000012ff: JUMPDEST 00001300: PUSH1 0x00 00001302: DUP3 00001303: DUP3 00001304: MSTORE 00001305: PUSH1 0x20 00001307: DUP3 00001308: ADD 00001309: SWAP1 0000130a: POP 0000130b: SWAP3 0000130c: SWAP2 0000130d: POP 0000130e: POP 0000130f: JUMP 00001310: JUMPDEST 00001311: PUSH1 0x00 00001313: PUSH2 0x131b 00001316: DUP3 00001317: PUSH2 0x13a4 0000131a: JUMP 0000131b: JUMPDEST 0000131c: SWAP2 0000131d: POP 0000131e: PUSH2 0x1326 00001321: DUP4 00001322: PUSH2 0x13a4 00001325: JUMP 00001326: JUMPDEST 00001327: SWAP3 00001328: POP 00001329: DUP3 0000132a: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000134b: SUB 0000134c: DUP3 0000134d: GT 0000134e: ISZERO 0000134f: PUSH2 0x135b 00001352: JUMPI 00001353: PUSH2 0x135a 00001356: PUSH2 0x13d2 00001359: JUMP 0000135a: JUMPDEST 0000135b: JUMPDEST 0000135c: DUP3 0000135d: DUP3 0000135e: ADD 0000135f: SWAP1 00001360: POP 00001361: SWAP3 00001362: SWAP2 00001363: POP 00001364: POP 00001365: JUMP 00001366: JUMPDEST 00001367: PUSH1 0x00 00001369: PUSH2 0x1371 0000136c: DUP3 0000136d: PUSH2 0x1384 00001370: JUMP 00001371: JUMPDEST 00001372: SWAP1 00001373: POP 00001374: SWAP2 00001375: SWAP1 00001376: POP 00001377: JUMP 00001378: JUMPDEST 00001379: PUSH1 0x00 0000137b: DUP2 0000137c: ISZERO 0000137d: ISZERO 0000137e: SWAP1 0000137f: POP 00001380: SWAP2 00001381: SWAP1 00001382: POP 00001383: JUMP 00001384: JUMPDEST 00001385: PUSH1 0x00 00001387: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000139c: DUP3 0000139d: AND 0000139e: SWAP1 0000139f: POP 000013a0: SWAP2 000013a1: SWAP1 000013a2: POP 000013a3: JUMP 000013a4: JUMPDEST 000013a5: PUSH1 0x00 000013a7: DUP2 000013a8: SWAP1 000013a9: POP 000013aa: SWAP2 000013ab: SWAP1 000013ac: POP 000013ad: JUMP 000013ae: JUMPDEST 000013af: PUSH1 0x00 000013b1: PUSH2 0x13b9 000013b4: DUP3 000013b5: PUSH2 0x13c0 000013b8: JUMP 000013b9: JUMPDEST 000013ba: SWAP1 000013bb: POP 000013bc: SWAP2 000013bd: SWAP1 000013be: POP 000013bf: JUMP 000013c0: JUMPDEST 000013c1: PUSH1 0x00 000013c3: PUSH2 0x13cb 000013c6: DUP3 000013c7: PUSH2 0x1384 000013ca: JUMP 000013cb: JUMPDEST 000013cc: SWAP1 000013cd: POP 000013ce: SWAP2 000013cf: SWAP1 000013d0: POP 000013d1: JUMP 000013d2: JUMPDEST 000013d3: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000 000013f4: PUSH1 0x00 000013f6: MSTORE 000013f7: PUSH1 0x11 000013f9: PUSH1 0x04 000013fb: MSTORE 000013fc: PUSH1 0x24 000013fe: PUSH1 0x00 00001400: REVERT 00001401: JUMPDEST 00001402: PUSH2 0x140a 00001405: DUP2 00001406: PUSH2 0x1366 00001409: JUMP 0000140a: JUMPDEST 0000140b: DUP2 0000140c: EQ 0000140d: PUSH2 0x1415 00001410: JUMPI 00001411: PUSH1 0x00 00001413: DUP1 00001414: REVERT 00001415: JUMPDEST 00001416: POP 00001417: JUMP 00001418: JUMPDEST 00001419: PUSH2 0x1421 0000141c: DUP2 0000141d: PUSH2 0x1378 00001420: JUMP 00001421: JUMPDEST 00001422: DUP2 00001423: EQ 00001424: PUSH2 0x142c 00001427: JUMPI 00001428: PUSH1 0x00 0000142a: DUP1 0000142b: REVERT 0000142c: JUMPDEST 0000142d: POP 0000142e: JUMP 0000142f: JUMPDEST 00001430: PUSH2 0x1438 00001433: DUP2 00001434: PUSH2 0x13a4 00001437: JUMP 00001438: JUMPDEST 00001439: DUP2 0000143a: EQ 0000143b: PUSH2 0x1443 0000143e: JUMPI 0000143f: PUSH1 0x00 00001441: DUP1 00001442: REVERT 00001443: JUMPDEST 00001444: POP 00001445: JUMP 00001446: INVALID 00001447: LOG2 00001448: PUSH5 0x6970667358 0000144e: UNKNOWN(0x22) 0000144f: SLT 00001450: KECCAK256 00001451: GT 00001452: UNKNOWN(0xB0) 00001453: SWAP2 00001454: SWAP7 00001455: UNKNOWN(0xD3) 00001456: SHR 00001457: NOT 00001458: PUSH3 0x9d4a3e 0000145c: LOG0 0000145d: UNKNOWN(0xA8) 0000145e: GAS 0000145f: UNKNOWN(0x2B) 00001460: DUP2 00001461: BLOBHASH 00001462: UNKNOWN(0x24) 00001463: PUSH27
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x549679f8206fbc4889583fa4baeefa04c32aff3c11a4cfdb7bbb407d0c841cdb
call_targets:
0xec34231dfdf6144a539a4914dc14481914afad1c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x549679f8206fbc4889583fa4baeefa04c32aff3c11a4cfdb7bbb407d0c841cdb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xec34231dfdf6144a539a4914dc14481914afad1c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x78e97925",
"selector": "0x78e97925",
"calldata_variants": [
"0x78e97925",
"0x78e979250000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x828047a5",
"selector": "0x828047a5",
"calldata_variants": [
"0x828047a5",
"0x828047a50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x86d1a69f",
"selector": "0x86d1a69f",
"calldata_variants": [
"0x86d1a69f",
"0x86d1a69f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xfc0c546a",
"selector": "0xfc0c546a",
"calldata_variants": [
"0xfc0c546a",
"0xfc0c546a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x0d668087",
"selector": "0x0d668087",
"calldata_variants": [
"0x0d668087",
"0x0d6680870000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x19906dc8",
"selector": "0x19906dc8",
"calldata_variants": [
"0x19906dc8",
"0x19906dc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38af3eed",
"selector": "0x38af3eed",
"calldata_variants": [
"0x38af3eed",
"0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ecf10c6",
"selector": "0x3ecf10c6",
"calldata_variants": [
"0x3ecf10c6",
"0x3ecf10c60000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 979,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1335,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2896,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 3,
"guards_detected": [
{
"pc": 521,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1726,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2336,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 3
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x549679f8206fbc4889583fa4baeefa04c32aff3c11a4cfdb7bbb407d0c841cdb
call_targets:
0xec34231dfdf6144a539a4914dc14481914afad1c
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x549679f8206fbc4889583fa4baeefa04c32aff3c11a4cfdb7bbb407d0c841cdb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xec34231dfdf6144a539a4914dc14481914afad1c"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x78e97925",
"selector": "0x78e97925",
"calldata_variants": [
"0x78e97925",
"0x78e979250000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x828047a5",
"selector": "0x828047a5",
"calldata_variants": [
"0x828047a5",
"0x828047a50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x86d1a69f",
"selector": "0x86d1a69f",
"calldata_variants": [
"0x86d1a69f",
"0x86d1a69f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xfc0c546a",
"selector": "0xfc0c546a",
"calldata_variants": [
"0xfc0c546a",
"0xfc0c546a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x0d668087",
"selector": "0x0d668087",
"calldata_variants": [
"0x0d668087",
"0x0d6680870000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x19906dc8",
"selector": "0x19906dc8",
"calldata_variants": [
"0x19906dc8",
"0x19906dc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x38af3eed",
"selector": "0x38af3eed",
"calldata_variants": [
"0x38af3eed",
"0x38af3eed0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ecf10c6",
"selector": "0x3ecf10c6",
"calldata_variants": [
"0x3ecf10c6",
"0x3ecf10c60000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 979,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1335,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2896,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 3,
"guards_detected": [
{
"pc": 521,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1726,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2336,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|