3d6d006a-9c50-4251-902e-0c8eccdcb5c8
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31439 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77260 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 77261 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 77262 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 77263 | capability.graph | complete | 1 / 3 | 1 week ago |
| 77264 | detector.run | complete | 1 / 3 | 1 week ago |
| 77265 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:1056391] OpenAI Codex v0.77.0 (research preview)
[codex:1056391] --------
[codex:1056391] workdir: /tmp/codex-multi-345my9dq
[codex:1056391] model: gpt-5.2-codex
[codex:1056391] provider: openai
[codex:1056391] approval: never
[codex:1056391] sandbox: read-only
[codex:1056391] reasoning effort: xhigh
[codex:1056391] reasoning summaries: auto
[codex:1056391] session id: 019b81c7-7ff7-7ae3-b1ea-3dd3aad6f7bd
[codex:1056391] --------
[codex:1056391] user
[codex:1056391] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:1056391]
[codex:1056391] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:1056391]
[codex:1056391] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:1056391] - Gas inefficiency, code quality, or best practices
[codex:1056391] - Theoretical vulnerabilities without a clear extraction path
[codex:1056391] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:1056391] - Issues requiring social engineering or off-chain coordination
[codex:1056391]
[codex:1056391] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:1056391] - CALL/DELEGATECALL with controllable destination or calldata
[codex:1056391] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:1056391] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:1056391] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:1056391] - External calls before state updates (reentrancy)
[codex:1056391] - SELFDESTRUCT with controllable beneficiary
[codex:1056391] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:1056391]
[codex:1056391] For each finding, you MUST explain:
[codex:1056391] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:1056391] 2. The concrete sequence of transactions to extract value
[codex:1056391] 3. Why you believe this is exploitable (not just suspicious)
[codex:1056391]
[codex:1056391] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:1056391] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:1056391]
[codex:1056391] Output MUST be valid JSON matching the provided schema.
[codex:1056391] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:1056391] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:1056391] mcp startup: no servers
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Reading BYTECODE_BUNDLE.txt file**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc ls in /tmp/codex-multi-345my9dq succeeded in 5ms:
[codex:1056391] BYTECODE_BUNDLE.txt
[codex:1056391] codex-output-schema.json
[codex:1056391] exec
[codex:1056391] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-345my9dq succeeded in 5ms:
[codex:1056391] Runtime bytecode bundle for best-effort auditing.
[codex:1056391] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:1056391]
[codex:1056391] FILE: runtime_bytecode.hex
[codex:1056391] 0x6080604052600436106100e0575f3560e01c8063802a81d81161007e578063aa2d4a2911610058578063aa2d4a2914610331578063d89da49c14610350578063eded61911461036c578063efbb98c21461038b576100e7565b8063802a81d8146102d4578063810d6ce5146102f3578063a435891714610312576100e7565b80631fceed7f116100ba5780631fceed7f14610258578063234ecf06146102775780635a703223146102965780635f850252146102b5576100e7565b80630ae50a39146101e357806312038e5d14610218578063167d3e9c14610239576100e7565b366100e757005b335f9081526002602052604081205436906060906001148061011357506003546001600160a01b031633145b8061011d57503330145b8061013257506001546001600160a01b031633145b6101575760405162461bcd60e51b815260040161014e90610a00565b60405180910390fd5b5f805460045460405183926001600160a01b0316919061017a9084903690610a24565b5f604051808303818686f4925050503d805f81146101b3576040519150601f19603f3d011682016040523d82523d5f602084013e6101b8565b606091505b509150915081156101cc5791506101d89050565b6040513d805f833e8082fd5b915050805190602001f35b3480156101ee575f80fd5b506001546001600160a01b03165b6040516001600160a01b03909116815260200160405180910390f35b348015610223575f80fd5b50610237610232366004610a4e565b6103aa565b005b348015610244575f80fd5b50610237610253366004610a4e565b61042e565b348015610263575f80fd5b50610237610272366004610aff565b61047a565b348015610282575f80fd5b50610237610291366004610b8c565b6104fb565b3480156102a1575f80fd5b506102376102b0366004610b8c565b610581565b3480156102c0575f80fd5b506102376102cf366004610a4e565b610621565b3480156102df575f80fd5b506102376102ee366004610b8c565b61066c565b3480156102fe575f80fd5b5061023761030d366004610bb4565b6106ed565b34801561031d575f80fd5b5061023761032c366004610aff565b61071c565b34801561033c575f80fd5b5061023761034b366004610bcb565b610791565b34801561035b575f80fd5b505f546001600160a01b03166101fc565b348015610377575f80fd5b50610237610386366004610c90565b610808565b348015610396575f80fd5b506102376103a5366004610bb4565b61083e565b335f90815260026020526040902054600114806103d157506003546001600160a01b031633145b806103db57503330145b806103f057506001546001600160a01b031633145b61040c5760405162461bcd60e51b815260040161014e90610a00565b600380546001600160a01b0319166001600160a01b0392909216919091179055565b6001546001600160a01b031633146104585760405162461bcd60e51b815260040161014e90610a00565b600180546001600160a01b0319166001600160a01b0392909216919091179055565b6001546001600160a01b031633146104a45760405162461bcd60e51b815260040161014e90610a00565b80515f5b818110156104f6575f8382815181106104c3576104c3610cc9565b6020908102919091018101516001600160a01b03165f9081526002909152604090206001908190559190910190506104a8565b505050565b6001546001600160a01b031633146105255760405162461bcd60e51b815260040161014e90610a00565b604051632e1a7d4d60e01b81526004810182905282906001600160a01b03821690632e1a7d4d906024015f604051808303815f87803b158015610566575f80fd5b505af1158015610578573d5f803e3d5ffd5b50505050505050565b6001546001600160a01b031633146105ab5760405162461bcd60e51b815260040161014e90610a00565b60405163a9059cbb60e01b81523360048201526024810182905282906001600160a01b0382169063a9059cbb906044016020604051808303815f875af11580156105f7573d5f803e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061061b9190610cdd565b50505050565b6001546001600160a01b0316331461064b5760405162461bcd60e51b815260040161014e90610a00565b5f80546001600160a01b0319166001600160a01b0392909216919091179055565b6001546001600160a01b031633146106965760405162461bcd60e51b815260040161014e90610a00565b6004546040516001600160a01b038416919083905f818181858888f193505050503d805f81146106e1576040519150601f19603f3d011682016040523d82523d5f602084013e6106e6565b606091505b5050505050565b6001546001600160a01b031633146107175760405162461bcd60e51b815260040161014e90610a00565b600455565b6001546001600160a01b031633146107465760405162461bcd60e51b815260040161014e90610a00565b80515f5b818110156104f6575f83828151811061076557610765610cc9565b6020908102919091018101516001600160a01b03165f908152600290915260408120555060010161074a565b6001546001600160a01b031633146107bb5760405162461bcd60e51b815260040161014e90610a00565b80515f5b818110156104f6575f8382815181106107da576107da610cc9565b602002602001015190505f815f015190506107fe8183602001518460400151610896565b50506001016107bf565b6001546001600160a01b031633146108325760405162461bcd60e51b815260040161014e90610a00565b8261061b818484610896565b6001546001600160a01b031633146108685760405162461bcd60e51b815260040161014e90610a00565b604051339082156108fc029083905f818181858888f19350505050158015610892573d5f803e3d5ffd5b5050565b604080516001600160a01b038416602482015260448082018490528251808303909101815260649091018252602080820180516001600160e01b031663095ea7b360e01b17905282519081019092525f8083526104f692869291906108fe9084908490610924565b8051909150156104f6578080602001905181019061091c9190610cdd565b6104f6575f80fd5b606061093284845f8561093a565b949350505050565b606082471015610948575f80fd5b843b610952575f80fd5b5f80866001600160a01b0316858760405161096d9190610d1e565b5f6040518083038185875af1925050503d805f81146109a7576040519150601f19603f3d011682016040523d82523d5f602084013e6109ac565b606091505b50915091506109bc8282866109c7565b979650505050505050565b6060836109f8578251156109de5782518084602001fd5b8160405162461bcd60e51b815260040161014e9190610d39565b509092915050565b6020808252600a90820152692337b93134b23232b71760b11b604082015260600190565b818382375f9101908152919050565b80356001600160a01b0381168114610a49575f80fd5b919050565b5f60208284031215610a5e575f80fd5b610a6782610a33565b9392505050565b634e487b7160e01b5f52604160045260245ffd5b6040516060810167ffffffffffffffff81118282101715610aa557610aa5610a6e565b60405290565b604051601f8201601f1916810167ffffffffffffffff81118282101715610ad457610ad4610a6e565b604052919050565b5f67ffffffffffffffff821115610af557610af5610a6e565b5060051b60200190565b5f6020808385031215610b10575f80fd5b823567ffffffffffffffff811115610b26575f80fd5b8301601f81018513610b36575f80fd5b8035610b49610b4482610adc565b610aab565b81815260059190911b82018301908381019087831115610b67575f80fd5b928401925b828410156109bc57610b7d84610a33565b82529284019290840190610b6c565b5f8060408385031215610b9d575f80fd5b610ba683610a33565b946020939093013593505050565b5f60208284031215610bc4575f80fd5b5035919050565b5f6020808385031215610bdc575f80fd5b823567ffffffffffffffff811115610bf2575f80fd5b8301601f81018513610c02575f80fd5b8035610c10610b4482610adc565b81815260609182028301840191848201919088841115610c2e575f80fd5b938501935b83851015610c845780858a031215610c49575f80fd5b610c51610a82565b610c5a86610a33565b8152610c67878701610a33565b818801526040868101359082015283529384019391850191610c33565b50979650505050505050565b5f805f60608486031215610ca2575f80fd5b610cab84610a33565b9250610cb960208501610a33565b9150604084013590509250925092565b634e487b7160e01b5f52603260045260245ffd5b5f60208284031215610ced575f80fd5b81518015158114610a67575f80fd5b5f5b83811015610d16578181015183820152602001610cfe565b50505f910152565b5f8251610d2f818460208701610cfc565b9190910192915050565b602081525f8251806020840152610d57816040850160208701610cfc565b601f01601f1916919091016040019291505056fea264697066735822122008155a3f4e3520d272429fe32c594aaaa74bdbb3b789c8d9a57fe9da746e45d364736f6c63430008180033
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing bytecode for vulnerabilities**
[codex:1056391]
[codex:1056391] I'm digging into the runtime bytecode to spot any exploitable paths, focusing on ownership checks and identifying unprotected calls like value transfers or delegatecalls. There’s a rich set of functions with access control, and I’m parsing how owner and admin roles are stored and checked, decoding function selectors, and mapping key internal functions to their permissions and actions. I'll keep decoding to uncover any weak points or missing authorization checks.
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] # opcode table
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391] for i in range(0,5):
[codex:1056391] opcodes[0xa0+i]=f'LOG{i}'
[codex:1056391] opcodes.update({0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
[codex:1056391]
[codex:1056391] # simple disassembler: print around key offsets
[codex:1056391]
[codex:1056391] def disasm(start, end):
[codex:1056391] i=start
[codex:1056391] while i<end:
[codex:1056391] op=code[i]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[i+1:i+1+n]
[codex:1056391] print(f'{i:04x}: {name} 0x{val.hex()}')
[codex:1056391] i+=1+n
[codex:1056391] else:
[codex:1056391] print(f'{i:04x}: {name}')
[codex:1056391] i+=1
[codex:1056391]
[codex:1056391] # Show JUMPDESTs around 0x03aa etc
[codex:1056391] for addr in [0x03aa,0x042e,0x047a,0x04fb,0x0581,0x0621,0x066c,0x06ed,0x071c,0x0791,0x0808,0x083e,0x0896,0x08fe,0x093a]:
[codex:1056391] print('\\n=== disasm around', hex(addr))
[codex:1056391] disasm(addr, addr+0x60)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 30ms:
[codex:1056391]
[codex:1056391] === disasm around 0x3aa
[codex:1056391] 03aa: JUMPDEST
[codex:1056391] 03ab: CALLER
[codex:1056391] 03ac: PUSH0 0x
[codex:1056391] 03ad: SWAP1
[codex:1056391] 03ae: DUP2
[codex:1056391] 03af: MSTORE
[codex:1056391] 03b0: PUSH1 0x02
[codex:1056391] 03b2: PUSH1 0x20
[codex:1056391] 03b4: MSTORE
[codex:1056391] 03b5: PUSH1 0x40
[codex:1056391] 03b7: SWAP1
[codex:1056391] 03b8: SHA3
[codex:1056391] 03b9: SLOAD
[codex:1056391] 03ba: PUSH1 0x01
[codex:1056391] 03bc: EQ
[codex:1056391] 03bd: DUP1
[codex:1056391] 03be: PUSH2 0x03d1
[codex:1056391] 03c1: JUMPI
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing storage slots and function calls**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391] for i in range(0,5):
[codex:1056391] opcodes[0xa0+i]=f'LOG{i}'
[codex:1056391] opcodes.update({0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
[codex:1056391]
[codex:1056391]
[codex:1056391] def disasm(start, end):
[codex:1056391] i=start
[codex:1056391] while i<end:
[codex:1056391] op=code[i]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[i+1:i+1+n]
[codex:1056391] print(f'{i:04x}: {name} 0x{val.hex()}')
[codex:1056391] i+=1+n
[codex:1056391] else:
[codex:1056391] print(f'{i:04x}: {name}')
[codex:1056391] i+=1
[codex:1056391]
[codex:1056391] print('Function 0x066c..0x06ed')
[codex:1056391] disasm(0x066c,0x06ed)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 27ms:
[codex:1056391] Function 0x066c..0x06ed
[codex:1056391] 066c: JUMPDEST
[codex:1056391] 066d: PUSH1 0x01
[codex:1056391] 066f: SLOAD
[codex:1056391] 0670: PUSH1 0x01
[codex:1056391] 0672: PUSH1 0x01
[codex:1056391] 0674: PUSH1 0xa0
[codex:1056391] 0676: SHL
[codex:1056391] 0677: SUB
[codex:1056391] 0678: AND
[codex:1056391] 0679: CALLER
[codex:1056391] 067a: EQ
[codex:1056391] 067b: PUSH2 0x0696
[codex:1056391] 067e: JUMPI
[codex:1056391] 067f: PUSH1 0x40
[codex:1056391] 0681: MLOAD
[codex:1056391] 0682: PUSH3 0x461bcd
[codex:1056391] 0686: PUSH1 0xe5
[codex:1056391] 0688: SHL
[codex:1056391] 0689: DUP2
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing function dispatch and access controls**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] # find occurrences of sequence PUSH1 0x03 SLOAD ... CALLER EQ within next 10 bytes
[codex:1056391] seq = bytes([0x60,0x03,0x54])
[codex:1056391] for i in range(len(code)-3):
[codex:1056391] if code[i:i+3]==seq:
[codex:1056391] # search within next 20 bytes for CALLER EQ
[codex:1056391] window=code[i:i+40]
[codex:1056391] if 0x33 in window and 0x14 in window:
[codex:1056391] print(hex(i), window.hex())
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 28ms:
[codex:1056391] 0x105 6003546001600160a01b031633145b8061011d57503330145b8061013257506001546001600160a0
[codex:1056391] 0x3c3 6003546001600160a01b031633145b806103db57503330145b806103f057506001546001600160a0
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Investigating CALL instructions and access control**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391] for i in range(0,5):
[codex:1056391] opcodes[0xa0+i]=f'LOG{i}'
[codex:1056391] opcodes.update({0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
[codex:1056391]
[codex:1056391]
[codex:1056391] def disasm(start, end):
[codex:1056391] i=start
[codex:1056391] while i<end:
[codex:1056391] op=code[i]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[i+1:i+1+n]
[codex:1056391] print(f'{i:04x}: {name} 0x{val.hex()}')
[codex:1056391] i+=1+n
[codex:1056391] else:
[codex:1056391] print(f'{i:04x}: {name}')
[codex:1056391] i+=1
[codex:1056391]
[codex:1056391] print('Disasm 0x00e0..0x0200')
[codex:1056391] disasm(0x00e0,0x0200)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 25ms:
[codex:1056391] Disasm 0x00e0..0x0200
[codex:1056391] 00e0: JUMPDEST
[codex:1056391] 00e1: CALLDATASIZE
[codex:1056391] 00e2: PUSH2 0x00e7
[codex:1056391] 00e5: JUMPI
[codex:1056391] 00e6: STOP
[codex:1056391] 00e7: JUMPDEST
[codex:1056391] 00e8: CALLER
[codex:1056391] 00e9: PUSH0 0x
[codex:1056391] 00ea: SWAP1
[codex:1056391] 00eb: DUP2
[codex:1056391] 00ec: MSTORE
[codex:1056391] 00ed: PUSH1 0x02
[codex:1056391] 00ef: PUSH1 0x20
[codex:1056391] 00f1: MSTORE
[codex:1056391] 00f2: PUSH1 0x40
[codex:1056391] 00f4: DUP2
[codex:1056391] 00f5: SHA3
[codex:1056391] 00f6: SLOAD
[codex:1056391] 00f7: CALLDATASIZE
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Dissecting fallback and delegatecall logic**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391] for i in range(0,5):
[codex:1056391] opcodes[0xa0+i]=f'LOG{i}'
[codex:1056391] opcodes.update({0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
[codex:1056391]
[codex:1056391]
[codex:1056391] def disasm(start, end):
[codex:1056391] i=start
[codex:1056391] while i<end:
[codex:1056391] op=code[i]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[i+1:i+1+n]
[codex:1056391] print(f'{i:04x}: {name} 0x{val.hex()}')
[codex:1056391] i+=1+n
[codex:1056391] else:
[codex:1056391] print(f'{i:04x}: {name}')
[codex:1056391] i+=1
[codex:1056391]
[codex:1056391] print('0x0a00..0x0a80')
[codex:1056391] disasm(0x0a00,0x0a80)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 24ms:
[codex:1056391] 0x0a00..0x0a80
[codex:1056391] 0a00: JUMPDEST
[codex:1056391] 0a01: PUSH1 0x20
[codex:1056391] 0a03: DUP1
[codex:1056391] 0a04: DUP3
[codex:1056391] 0a05: MSTORE
[codex:1056391] 0a06: PUSH1 0x0a
[codex:1056391] 0a08: SWAP1
[codex:1056391] 0a09: DUP3
[codex:1056391] 0a0a: ADD
[codex:1056391] 0a0b: MSTORE
[codex:1056391] 0a0c: PUSH10 0x2337b93134b23232b717
[codex:1056391] 0a17: PUSH1 0xb1
[codex:1056391] 0a19: SHL
[codex:1056391] 0a1a: PUSH1 0x40
[codex:1056391] 0a1c: DUP3
[codex:1056391] 0a1d: ADD
[codex:1056391] 0a1e: MSTORE
[codex:1056391] 0a1f: PUSH1 0x60
[codex:1056391] 0a21: ADD
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing restricted proxy delegatecall flow**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391] for i in range(0,5):
[codex:1056391] opcodes[0xa0+i]=f'LOG{i}'
[codex:1056391] opcodes.update({0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'})
[codex:1056391]
[codex:1056391]
[codex:1056391] def disasm(start, end):
[codex:1056391] i=start
[codex:1056391] while i<end:
[codex:1056391] op=code[i]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[i+1:i+1+n]
[codex:1056391] print(f'{i:04x}: {name} 0x{val.hex()}')
[codex:1056391] i+=1+n
[codex:1056391] else:
[codex:1056391] print(f'{i:04x}: {name}')
[codex:1056391] i+=1
[codex:1056391]
[codex:1056391] print('0x071c..0x0791')
[codex:1056391] disasm(0x071c,0x0791)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 27ms:
[codex:1056391] 0x071c..0x0791
[codex:1056391] 071c: JUMPDEST
[codex:1056391] 071d: PUSH1 0x01
[codex:1056391] 071f: SLOAD
[codex:1056391] 0720: PUSH1 0x01
[codex:1056391] 0722: PUSH1 0x01
[codex:1056391] 0724: PUSH1 0xa0
[codex:1056391] 0726: SHL
[codex:1056391] 0727: SUB
[codex:1056391] 0728: AND
[codex:1056391] 0729: CALLER
[codex:1056391] 072a: EQ
[codex:1056391] 072b: PUSH2 0x0746
[codex:1056391] 072e: JUMPI
[codex:1056391] 072f: PUSH1 0x40
[codex:1056391] 0731: MLOAD
[codex:1056391] 0732: PUSH3 0x461bcd
[codex:1056391] 0736: PUSH1 0xe5
[codex:1056391] 0738: SHL
[codex:1056391] 0739: DUP2
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing mapping store and access control logic**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] # load code
[codex:1056391] text=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',text).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] # minimal disasm to map opcodes
[codex:1056391] opcodes={
[codex:1056391] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:1056391] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:1056391] 0x20:'SHA3',
[codex:1056391] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:1056391] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:1056391] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:1056391] 0x5f:'PUSH0',
[codex:1056391] }
[codex:1056391] for i in range(1,33):
[codex:1056391] opcodes[0x5f+i]=f'PUSH{i}'
[codex:1056391] for i in range(1,17):
[codex:1056391] opcodes[0x7f+i]=f'DUP{i}'
[codex:1056391] opcodes[0x8f+i]=f'SWAP{i}'
[codex:1056391]
[codex:1056391] # symbolic stack
[codex:1056391] stack=[]
[codex:1056391]
[codex:1056391] def push(val):
[codex:1056391] stack.append(val)
[codex:1056391]
[codex:1056391] # We'll symbolically execute from 0x00e7 to 0x0186 assuming whitelist passes (jump to 0x0113)
[codex:1056391] # Need to handle JUMPI to 0x0113. We'll ignore actual jump destinations after 0x0113 and continue sequentially until 0x0186.
[codex:1056391]
[codex:1056391] pc=0x00e7
[codex:1056391] end=0x0186
[codex:1056391]
[codex:1056391] # define memory? not needed
[codex:1056391]
[codex:1056391] while pc < end:
[codex:1056391] op=code[pc]
[codex:1056391] name=opcodes.get(op, f'OP{op:02x}')
[codex:1056391] # print step
[codex:1056391] #print(hex(pc), name, stack)
[codex:1056391] if name.startswith('PUSH'):
[codex:1056391] n=int(name[4:])
[codex:1056391] val=code[pc+1:pc+1+n]
[codex:1056391] push(f'0x{val.hex()}')
[codex:1056391] pc+=1+n
[codex:1056391] continue
[codex:1056391] if name=='PUSH0':
[codex:1056391] push('0x0')
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name.startswith('DUP'):
[codex:1056391] n=int(name[3:])
[codex:1056391] push(stack[-n])
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name.startswith('SWAP'):
[codex:1056391] n=int(name[4:])
[codex:1056391] stack[-1], stack[-1-n] = stack[-1-n], stack[-1]
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name in ['CALLER','CALLDATASIZE','ADDRESS','SELFBALANCE','CALLVALUE']:
[codex:1056391] push(name)
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name=='SLOAD':
[codex:1056391] key=stack.pop()
[codex:1056391] push(f'SLOAD[{key}]')
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name=='MLOAD':
[codex:1056391] key=stack.pop(); push(f'MLOAD[{key}]'); pc+=1; continue
[codex:1056391] if name=='MSTORE':
[codex:1056391] val=stack.pop(); off=stack.pop(); pc+=1; continue
[codex:1056391] if name=='SHA3':
[codex:1056391] b=stack.pop(); a=stack.pop(); push(f'SHA3({a},{b})'); pc+=1; continue
[codex:1056391] if name in ['AND','OR','EQ','ISZERO','SUB','ADD','MUL','LT','GT','SHL','SHR','NOT']:
[codex:1056391] # binary ops (except NOT)
[codex:1056391] if name=='NOT':
[codex:1056391] a=stack.pop(); push(f'NOT({a})')
[codex:1056391] else:
[codex:1056391] b=stack.pop(); a=stack.pop(); push(f'{name}({a},{b})')
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name=='JUMPI':
[codex:1056391] # pop dest, cond
[codex:1056391] dest=stack.pop(); cond=stack.pop();
[codex:1056391] # if cond is whitelist==1, we want to take jump to 0x0113. We'll set pc accordingly when dest matches.
[codex:1056391] if dest=='0x0113':
[codex:1056391] pc=0x0113
[codex:1056391] else:
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name=='JUMP':
[codex:1056391] dest=stack.pop();
[codex:1056391] # if dest is 0x017a or 0x0a24? We'll just set pc to int if possible
[codex:1056391] if isinstance(dest,str) and dest.startswith('0x'):
[codex:1056391] try:
[codex:1056391] pc=int(dest,16)
[codex:1056391] continue
[codex:1056391] except:
[codex:1056391] pass
[codex:1056391] pc+=1
[codex:1056391] continue
[codex:1056391] if name=='POP':
[codex:1056391] stack.pop(); pc+=1; continue
[codex:1056391] if name=='JUMPDEST':
[codex:1056391] pc+=1; continue
[codex:1056391] if name=='CALLDATACOPY':
[codex:1056391] length=stack.pop(); data_off=stack.pop(); mem_off=stack.pop(); pc+=1; continue
[codex:1056391] if name=='DELEGATECALL':
[codex:1056391] out_size=stack.pop(); out_off=stack.pop(); in_size=stack.pop(); in_off=stack.pop(); to=stack.pop(); gas=stack.pop();
[codex:1056391] push(f'DELEGATECALL({gas},{to},{in_off},{in_size},{out_off},{out_size})'); pc+=1; continue
[codex:1056391] if name=='GAS':
[codex:1056391] push('GAS'); pc+=1; continue
[codex:1056391] if name=='RETURNDATASIZE':
[codex:1056391] push('RETURNDATASIZE'); pc+=1; continue
[codex:1056391] # ignore other ops
[codex:1056391] pc+=1
[codex:1056391]
[codex:1056391] print('Final stack:', stack)
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 25ms:
[codex:1056391] Final stack: ['0x', 'CALLDATASIZE', '0x60', '0x014e', 'ADD(MLOAD[0x40],0x04)']
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Analyzing fallback and access control logic**
[codex:1056391]
[codex:1056391] I'm reviewing the contract's fallback restrictions and owner-only function protections, especially around delegatecall and self-calls. I'm focused on ensuring no external function can bypass access control to exploit delegatecall, and checking for any unprotected withdrawal or selfdestruct paths by examining opcodes.
[codex:1056391] exec
[codex:1056391] /bin/bash -lc "python - <<'PY'
[codex:1056391] from binascii import unhexlify
[codex:1056391] import re
[codex:1056391]
[codex:1056391] data=open('/tmp/codex-multi-345my9dq/BYTECODE_BUNDLE.txt').read()
[codex:1056391] hexstr=re.search(r'0x[0-9a-fA-F]+',data).group(0)[2:]
[codex:1056391] code=bytes.fromhex(hexstr)
[codex:1056391]
[codex:1056391] # find positions of opcode 0xff
[codex:1056391] positions=[i for i,b in enumerate(code) if b==0xff]
[codex:1056391] print('selfdestruct positions', [hex(p) for p in positions[:10]], 'count', len(positions))
[codex:1056391]
[codex:1056391] # disasm around any 0xff to see if actual opcode
[codex:1056391] opcodes={
[codex:1056391] 0xff:'SELFDESTRUCT',0xfe:'INVALID',0xfd:'REVERT',0xf4:'DELEGATECALL',0xf1:'CALL',0x5b:'JUMPDEST'
[codex:1056391] }
[codex:1056391]
[codex:1056391] for p in positions:
[codex:1056391] # check if this is opcode or part of PUSH data by verifying if any PUSH preceding includes it
[codex:1056391] # naive: we skip, just print few bytes around
[codex:1056391] print('around', hex(p), code[p-2:p+3].hex())
[codex:1056391] if p>200: break
[codex:1056391] PY" in /tmp/codex-multi-345my9dq succeeded in 25ms:
[codex:1056391] selfdestruct positions ['0x270', '0x32a', '0xa8b', '0xa8c', '0xa8d', '0xa8e', '0xa8f', '0xa90', '0xa91', '0xa92'] count 42
[codex:1056391] around 0x270 610aff565b
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Reviewing bytecode for vulnerabilities**
[codex:1056391] exec
[codex:1056391] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-345my9dq succeeded in 5ms:
[codex:1056391] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:1056391]
[codex:1056391] thinking
[codex:1056391] **Preparing final JSON output**
[codex:1056391] codex
[codex:1056391] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the provided runtime bytecode; all value-transferring/external-call paths appear gated by owner/whitelist checks, and the delegatecall proxy entry is access-controlled.","findings":[]}
[codex:1056391] tokens used
[codex:1056391] 53,960
[codex:1056391] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the provided runtime bytecode; all value-transferring/external-call paths appear gated by owner/whitelist checks, and the delegatecall proxy entry is access-controlled.","findings":[]}
{
"codex": {
"ran_at": "2026-01-03T03:00:52.004826+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable profit path identified from the provided runtime bytecode; all value-transferring/external-call paths appear gated by owner/whitelist checks, and the delegatecall proxy entry is access-controlled.",
"raw_final": {
"summary": "No concrete, exploitable profit path identified from the provided runtime bytecode; all value-transferring/external-call paths appear gated by owner/whitelist checks, and the delegatecall proxy entry is access-controlled.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x00e0 0000000c: JUMPI 0000000d: PUSH0 0000000e: CALLDATALOAD 0000000f: PUSH1 0xe0 00000011: SHR 00000012: DUP1 00000013: PUSH4 0x802a81d8 00000018: GT 00000019: PUSH2 0x007e 0000001c: JUMPI 0000001d: DUP1 0000001e: PUSH4 0xaa2d4a29 00000023: GT 00000024: PUSH2 0x0058 00000027: JUMPI 00000028: DUP1 00000029: PUSH4 0xaa2d4a29 0000002e: EQ 0000002f: PUSH2 0x0331 00000032: JUMPI 00000033: DUP1 00000034: PUSH4 0xd89da49c 00000039: EQ 0000003a: PUSH2 0x0350 0000003d: JUMPI 0000003e: DUP1 0000003f: PUSH4 0xeded6191 00000044: EQ 00000045: PUSH2 0x036c 00000048: JUMPI 00000049: DUP1 0000004a: PUSH4 0xefbb98c2 0000004f: EQ 00000050: PUSH2 0x038b 00000053: JUMPI 00000054: PUSH2 0x00e7 00000057: JUMP 00000058: JUMPDEST 00000059: DUP1 0000005a: PUSH4 0x802a81d8 0000005f: EQ 00000060: PUSH2 0x02d4 00000063: JUMPI 00000064: DUP1 00000065: PUSH4 0x810d6ce5 0000006a: EQ 0000006b: PUSH2 0x02f3 0000006e: JUMPI 0000006f: DUP1 00000070: PUSH4 0xa4358917 00000075: EQ 00000076: PUSH2 0x0312 00000079: JUMPI 0000007a: PUSH2 0x00e7 0000007d: JUMP 0000007e: JUMPDEST 0000007f: DUP1 00000080: PUSH4 0x1fceed7f 00000085: GT 00000086: PUSH2 0x00ba 00000089: JUMPI 0000008a: DUP1 0000008b: PUSH4 0x1fceed7f 00000090: EQ 00000091: PUSH2 0x0258 00000094: JUMPI 00000095: DUP1 00000096: PUSH4 0x234ecf06 0000009b: EQ 0000009c: PUSH2 0x0277 0000009f: JUMPI 000000a0: DUP1 000000a1: PUSH4 0x5a703223 000000a6: EQ 000000a7: PUSH2 0x0296 000000aa: JUMPI 000000ab: DUP1 000000ac: PUSH4 0x5f850252 000000b1: EQ 000000b2: PUSH2 0x02b5 000000b5: JUMPI 000000b6: PUSH2 0x00e7 000000b9: JUMP 000000ba: JUMPDEST 000000bb: DUP1 000000bc: PUSH4 0x0ae50a39 000000c1: EQ 000000c2: PUSH2 0x01e3 000000c5: JUMPI 000000c6: DUP1 000000c7: PUSH4 0x12038e5d 000000cc: EQ 000000cd: PUSH2 0x0218 000000d0: JUMPI 000000d1: DUP1 000000d2: PUSH4 0x167d3e9c 000000d7: EQ 000000d8: PUSH2 0x0239 000000db: JUMPI 000000dc: PUSH2 0x00e7 000000df: JUMP 000000e0: JUMPDEST 000000e1: CALLDATASIZE 000000e2: PUSH2 0x00e7 000000e5: JUMPI 000000e6: STOP 000000e7: JUMPDEST 000000e8: CALLER 000000e9: PUSH0 000000ea: SWAP1 000000eb: DUP2 000000ec: MSTORE 000000ed: PUSH1 0x02 000000ef: PUSH1 0x20 000000f1: MSTORE 000000f2: PUSH1 0x40 000000f4: DUP2 000000f5: KECCAK256 000000f6: SLOAD 000000f7: CALLDATASIZE 000000f8: SWAP1 000000f9: PUSH1 0x60 000000fb: SWAP1 000000fc: PUSH1 0x01 000000fe: EQ 000000ff: DUP1 00000100: PUSH2 0x0113 00000103: JUMPI 00000104: POP 00000105: PUSH1 0x03 00000107: SLOAD 00000108: PUSH1 0x01 0000010a: PUSH1 0x01 0000010c: PUSH1 0xa0 0000010e: SHL 0000010f: SUB 00000110: AND 00000111: CALLER 00000112: EQ 00000113: JUMPDEST 00000114: DUP1 00000115: PUSH2 0x011d 00000118: JUMPI 00000119: POP 0000011a: CALLER 0000011b: ADDRESS 0000011c: EQ 0000011d: JUMPDEST 0000011e: DUP1 0000011f: PUSH2 0x0132 00000122: JUMPI 00000123: POP 00000124: PUSH1 0x01 00000126: SLOAD 00000127: PUSH1 0x01 00000129: PUSH1 0x01 0000012b: PUSH1 0xa0 0000012d: SHL 0000012e: SUB 0000012f: AND 00000130: CALLER 00000131: EQ 00000132: JUMPDEST 00000133: PUSH2 0x0157 00000136: JUMPI 00000137: PUSH1 0x40 00000139: MLOAD 0000013a: PUSH3 0x461bcd 0000013e: PUSH1 0xe5 00000140: SHL 00000141: DUP2 00000142: MSTORE 00000143: PUSH1 0x04 00000145: ADD 00000146: PUSH2 0x014e 00000149: SWAP1 0000014a: PUSH2 0x0a00 0000014d: JUMP 0000014e: JUMPDEST 0000014f: PUSH1 0x40 00000151: MLOAD 00000152: DUP1 00000153: SWAP2 00000154: SUB 00000155: SWAP1 00000156: REVERT 00000157: JUMPDEST 00000158: PUSH0 00000159: DUP1 0000015a: SLOAD 0000015b: PUSH1 0x04 0000015d: SLOAD 0000015e: PUSH1 0x40 00000160: MLOAD 00000161: DUP4 00000162: SWAP3 00000163: PUSH1 0x01 00000165: PUSH1 0x01 00000167: PUSH1 0xa0 00000169: SHL 0000016a: SUB 0000016b: AND 0000016c: SWAP2 0000016d: SWAP1 0000016e: PUSH2 0x017a 00000171: SWAP1 00000172: DUP5 00000173: SWAP1 00000174: CALLDATASIZE 00000175: SWAP1 00000176: PUSH2 0x0a24 00000179: JUMP 0000017a: JUMPDEST 0000017b: PUSH0 0000017c: PUSH1 0x40 0000017e: MLOAD 0000017f: DUP1 00000180: DUP4 00000181: SUB 00000182: DUP2 00000183: DUP7 00000184: DUP7 00000185: DELEGATECALL 00000186: SWAP3 00000187: POP 00000188: POP 00000189: POP 0000018a: RETURNDATASIZE 0000018b: DUP1 0000018c: PUSH0 0000018d: DUP2 0000018e: EQ 0000018f: PUSH2 0x01b3 00000192: JUMPI 00000193: PUSH1 0x40 00000195: MLOAD 00000196: SWAP2 00000197: POP 00000198: PUSH1 0x1f 0000019a: NOT 0000019b: PUSH1 0x3f 0000019d: RETURNDATASIZE 0000019e: ADD 0000019f: AND 000001a0: DUP3 000001a1: ADD 000001a2: PUSH1 0x40 000001a4: MSTORE 000001a5: RETURNDATASIZE 000001a6: DUP3 000001a7: MSTORE 000001a8: RETURNDATASIZE 000001a9: PUSH0 000001aa: PUSH1 0x20 000001ac: DUP5 000001ad: ADD 000001ae: RETURNDATACOPY 000001af: PUSH2 0x01b8 000001b2: JUMP 000001b3: JUMPDEST 000001b4: PUSH1 0x60 000001b6: SWAP2 000001b7: POP 000001b8: JUMPDEST 000001b9: POP 000001ba: SWAP2 000001bb: POP 000001bc: SWAP2 000001bd: POP 000001be: DUP2 000001bf: ISZERO 000001c0: PUSH2 0x01cc 000001c3: JUMPI 000001c4: SWAP2 000001c5: POP 000001c6: PUSH2 0x01d8 000001c9: SWAP1 000001ca: POP 000001cb: JUMP 000001cc: JUMPDEST 000001cd: PUSH1 0x40 000001cf: MLOAD 000001d0: RETURNDATASIZE 000001d1: DUP1 000001d2: PUSH0 000001d3: DUP4 000001d4: RETURNDATACOPY 000001d5: DUP1 000001d6: DUP3 000001d7: REVERT 000001d8: JUMPDEST 000001d9: SWAP2 000001da: POP 000001db: POP 000001dc: DUP1 000001dd: MLOAD 000001de: SWAP1 000001df: PUSH1 0x20 000001e1: ADD 000001e2: RETURN 000001e3: JUMPDEST 000001e4: CALLVALUE 000001e5: DUP1 000001e6: ISZERO 000001e7: PUSH2 0x01ee 000001ea: JUMPI 000001eb: PUSH0 000001ec: DUP1 000001ed: REVERT 000001ee: JUMPDEST 000001ef: POP 000001f0: PUSH1 0x01 000001f2: SLOAD 000001f3: PUSH1 0x01 000001f5: PUSH1 0x01 000001f7: PUSH1 0xa0 000001f9: SHL 000001fa: SUB 000001fb: AND 000001fc: JUMPDEST 000001fd: PUSH1 0x40 000001ff: MLOAD 00000200: PUSH1 0x01 00000202: PUSH1 0x01 00000204: PUSH1 0xa0 00000206: SHL 00000207: SUB 00000208: SWAP1 00000209: SWAP2 0000020a: AND 0000020b: DUP2 0000020c: MSTORE 0000020d: PUSH1 0x20 0000020f: ADD 00000210: PUSH1 0x40 00000212: MLOAD 00000213: DUP1 00000214: SWAP2 00000215: SUB 00000216: SWAP1 00000217: RETURN 00000218: JUMPDEST 00000219: CALLVALUE 0000021a: DUP1 0000021b: ISZERO 0000021c: PUSH2 0x0223 0000021f: JUMPI 00000220: PUSH0 00000221: DUP1 00000222: REVERT 00000223: JUMPDEST 00000224: POP 00000225: PUSH2 0x0237 00000228: PUSH2 0x0232 0000022b: CALLDATASIZE 0000022c: PUSH1 0x04 0000022e: PUSH2 0x0a4e 00000231: JUMP 00000232: JUMPDEST 00000233: PUSH2 0x03aa 00000236: JUMP 00000237: JUMPDEST 00000238: STOP 00000239: JUMPDEST 0000023a: CALLVALUE 0000023b: DUP1 0000023c: ISZERO 0000023d: PUSH2 0x0244 00000240: JUMPI 00000241: PUSH0 00000242: DUP1 00000243: REVERT 00000244: JUMPDEST 00000245: POP 00000246: PUSH2 0x0237 00000249: PUSH2 0x0253 0000024c: CALLDATASIZE 0000024d: PUSH1 0x04 0000024f: PUSH2 0x0a4e 00000252: JUMP 00000253: JUMPDEST 00000254: PUSH2 0x042e 00000257: JUMP 00000258: JUMPDEST 00000259: CALLVALUE 0000025a: DUP1 0000025b: ISZERO 0000025c: PUSH2 0x0263 0000025f: JUMPI 00000260: PUSH0 00000261: DUP1 00000262: REVERT 00000263: JUMPDEST 00000264: POP 00000265: PUSH2 0x0237 00000268: PUSH2 0x0272 0000026b: CALLDATASIZE 0000026c: PUSH1 0x04 0000026e: PUSH2 0x0aff 00000271: JUMP 00000272: JUMPDEST 00000273: PUSH2 0x047a 00000276: JUMP 00000277: JUMPDEST 00000278: CALLVALUE 00000279: DUP1 0000027a: ISZERO 0000027b: PUSH2 0x0282 0000027e: JUMPI 0000027f: PUSH0 00000280: DUP1 00000281: REVERT 00000282: JUMPDEST 00000283: POP 00000284: PUSH2 0x0237 00000287: PUSH2 0x0291 0000028a: CALLDATASIZE 0000028b: PUSH1 0x04 0000028d: PUSH2 0x0b8c 00000290: JUMP 00000291: JUMPDEST 00000292: PUSH2 0x04fb 00000295: JUMP 00000296: JUMPDEST 00000297: CALLVALUE 00000298: DUP1 00000299: ISZERO 0000029a: PUSH2 0x02a1 0000029d: JUMPI 0000029e: PUSH0 0000029f: DUP1 000002a0: REVERT 000002a1: JUMPDEST 000002a2: POP 000002a3: PUSH2 0x0237 000002a6: PUSH2 0x02b0 000002a9: CALLDATASIZE 000002aa: PUSH1 0x04 000002ac: PUSH2 0x0b8c 000002af: JUMP 000002b0: JUMPDEST 000002b1: PUSH2 0x0581 000002b4: JUMP 000002b5: JUMPDEST 000002b6: CALLVALUE 000002b7: DUP1 000002b8: ISZERO 000002b9: PUSH2 0x02c0 000002bc: JUMPI 000002bd: PUSH0 000002be: DUP1 000002bf: REVERT 000002c0: JUMPDEST 000002c1: POP 000002c2: PUSH2 0x0237 000002c5: PUSH2 0x02cf 000002c8: CALLDATASIZE 000002c9: PUSH1 0x04 000002cb: PUSH2 0x0a4e 000002ce: JUMP 000002cf: JUMPDEST 000002d0: PUSH2 0x0621 000002d3: JUMP 000002d4: JUMPDEST 000002d5: CALLVALUE 000002d6: DUP1 000002d7: ISZERO 000002d8: PUSH2 0x02df 000002db: JUMPI 000002dc: PUSH0 000002dd: DUP1 000002de: REVERT 000002df: JUMPDEST 000002e0: POP 000002e1: PUSH2 0x0237 000002e4: PUSH2 0x02ee 000002e7: CALLDATASIZE 000002e8: PUSH1 0x04 000002ea: PUSH2 0x0b8c 000002ed: JUMP 000002ee: JUMPDEST 000002ef: PUSH2 0x066c 000002f2: JUMP 000002f3: JUMPDEST 000002f4: CALLVALUE 000002f5: DUP1 000002f6: ISZERO 000002f7: PUSH2 0x02fe 000002fa: JUMPI 000002fb: PUSH0 000002fc: DUP1 000002fd: REVERT 000002fe: JUMPDEST 000002ff: POP 00000300: PUSH2 0x0237 00000303: PUSH2 0x030d 00000306: CALLDATASIZE 00000307: PUSH1 0x04 00000309: PUSH2 0x0bb4 0000030c: JUMP 0000030d: JUMPDEST 0000030e: PUSH2 0x06ed 00000311: JUMP 00000312: JUMPDEST 00000313: CALLVALUE 00000314: DUP1 00000315: ISZERO 00000316: PUSH2 0x031d 00000319: JUMPI 0000031a: PUSH0 0000031b: DUP1 0000031c: REVERT 0000031d: JUMPDEST 0000031e: POP 0000031f: PUSH2 0x0237 00000322: PUSH2 0x032c 00000325: CALLDATASIZE 00000326: PUSH1 0x04 00000328: PUSH2 0x0aff 0000032b: JUMP 0000032c: JUMPDEST 0000032d: PUSH2 0x071c 00000330: JUMP 00000331: JUMPDEST 00000332: CALLVALUE 00000333: DUP1 00000334: ISZERO 00000335: PUSH2 0x033c 00000338: JUMPI 00000339: PUSH0 0000033a: DUP1 0000033b: REVERT 0000033c: JUMPDEST 0000033d: POP 0000033e: PUSH2 0x0237 00000341: PUSH2 0x034b 00000344: CALLDATASIZE 00000345: PUSH1 0x04 00000347: PUSH2 0x0bcb 0000034a: JUMP 0000034b: JUMPDEST 0000034c: PUSH2 0x0791 0000034f: JUMP 00000350: JUMPDEST 00000351: CALLVALUE 00000352: DUP1 00000353: ISZERO 00000354: PUSH2 0x035b 00000357: JUMPI 00000358: PUSH0 00000359: DUP1 0000035a: REVERT 0000035b: JUMPDEST 0000035c: POP 0000035d: PUSH0 0000035e: SLOAD 0000035f: PUSH1 0x01 00000361: PUSH1 0x01 00000363: PUSH1 0xa0 00000365: SHL 00000366: SUB 00000367: AND 00000368: PUSH2 0x01fc 0000036b: JUMP 0000036c: JUMPDEST 0000036d: CALLVALUE 0000036e: DUP1 0000036f: ISZERO 00000370: PUSH2 0x0377 00000373: JUMPI 00000374: PUSH0 00000375: DUP1 00000376: REVERT 00000377: JUMPDEST 00000378: POP 00000379: PUSH2 0x0237 0000037c: PUSH2 0x0386 0000037f: CALLDATASIZE 00000380: PUSH1 0x04 00000382: PUSH2 0x0c90 00000385: JUMP 00000386: JUMPDEST 00000387: PUSH2 0x0808 0000038a: JUMP 0000038b: JUMPDEST 0000038c: CALLVALUE 0000038d: DUP1 0000038e: ISZERO 0000038f: PUSH2 0x0396 00000392: JUMPI 00000393: PUSH0 00000394: DUP1 00000395: REVERT 00000396: JUMPDEST 00000397: POP 00000398: PUSH2 0x0237 0000039b: PUSH2 0x03a5 0000039e: CALLDATASIZE 0000039f: PUSH1 0x04 000003a1: PUSH2 0x0bb4 000003a4: JUMP 000003a5: JUMPDEST 000003a6: PUSH2 0x083e 000003a9: JUMP 000003aa: JUMPDEST 000003ab: CALLER 000003ac: PUSH0 000003ad: SWAP1 000003ae: DUP2 000003af: MSTORE 000003b0: PUSH1 0x02 000003b2: PUSH1 0x20 000003b4: MSTORE 000003b5: PUSH1 0x40 000003b7: SWAP1 000003b8: KECCAK256 000003b9: SLOAD 000003ba: PUSH1 0x01 000003bc: EQ 000003bd: DUP1 000003be: PUSH2 0x03d1 000003c1: JUMPI 000003c2: POP 000003c3: PUSH1 0x03 000003c5: SLOAD 000003c6: PUSH1 0x01 000003c8: PUSH1 0x01 000003ca: PUSH1 0xa0 000003cc: SHL 000003cd: SUB 000003ce: AND 000003cf: CALLER 000003d0: EQ 000003d1: JUMPDEST 000003d2: DUP1 000003d3: PUSH2 0x03db 000003d6: JUMPI 000003d7: POP 000003d8: CALLER 000003d9: ADDRESS 000003da: EQ 000003db: JUMPDEST 000003dc: DUP1 000003dd: PUSH2 0x03f0 000003e0: JUMPI 000003e1: POP 000003e2: PUSH1 0x01 000003e4: SLOAD 000003e5: PUSH1 0x01 000003e7: PUSH1 0x01 000003e9: PUSH1 0xa0 000003eb: SHL 000003ec: SUB 000003ed: AND 000003ee: CALLER 000003ef: EQ 000003f0: JUMPDEST 000003f1: PUSH2 0x040c 000003f4: JUMPI 000003f5: PUSH1 0x40 000003f7: MLOAD 000003f8: PUSH3 0x461bcd 000003fc: PUSH1 0xe5 000003fe: SHL 000003ff: DUP2 00000400: MSTORE 00000401: PUSH1 0x04 00000403: ADD 00000404: PUSH2 0x014e 00000407: SWAP1 00000408: PUSH2 0x0a00 0000040b: JUMP 0000040c: JUMPDEST 0000040d: PUSH1 0x03 0000040f: DUP1 00000410: SLOAD 00000411: PUSH1 0x01 00000413: PUSH1 0x01 00000415: PUSH1 0xa0 00000417: SHL 00000418: SUB 00000419: NOT 0000041a: AND 0000041b: PUSH1 0x01 0000041d: PUSH1 0x01 0000041f: PUSH1 0xa0 00000421: SHL 00000422: SUB 00000423: SWAP3 00000424: SWAP1 00000425: SWAP3 00000426: AND 00000427: SWAP2 00000428: SWAP1 00000429: SWAP2 0000042a: OR 0000042b: SWAP1 0000042c: SSTORE 0000042d: JUMP 0000042e: JUMPDEST 0000042f: PUSH1 0x01 00000431: SLOAD 00000432: PUSH1 0x01 00000434: PUSH1 0x01 00000436: PUSH1 0xa0 00000438: SHL 00000439: SUB 0000043a: AND 0000043b: CALLER 0000043c: EQ 0000043d: PUSH2 0x0458 00000440: JUMPI 00000441: PUSH1 0x40 00000443: MLOAD 00000444: PUSH3 0x461bcd 00000448: PUSH1 0xe5 0000044a: SHL 0000044b: DUP2 0000044c: MSTORE 0000044d: PUSH1 0x04 0000044f: ADD 00000450: PUSH2 0x014e 00000453: SWAP1 00000454: PUSH2 0x0a00 00000457: JUMP 00000458: JUMPDEST 00000459: PUSH1 0x01 0000045b: DUP1 0000045c: SLOAD 0000045d: PUSH1 0x01 0000045f: PUSH1 0x01 00000461: PUSH1 0xa0 00000463: SHL 00000464: SUB 00000465: NOT 00000466: AND 00000467: PUSH1 0x01 00000469: PUSH1 0x01 0000046b: PUSH1 0xa0 0000046d: SHL 0000046e: SUB 0000046f: SWAP3 00000470: SWAP1 00000471: SWAP3 00000472: AND 00000473: SWAP2 00000474: SWAP1 00000475: SWAP2 00000476: OR 00000477: SWAP1 00000478: SSTORE 00000479: JUMP 0000047a: JUMPDEST 0000047b: PUSH1 0x01 0000047d: SLOAD 0000047e: PUSH1 0x01 00000480: PUSH1 0x01 00000482: PUSH1 0xa0 00000484: SHL 00000485: SUB 00000486: AND 00000487: CALLER 00000488: EQ 00000489: PUSH2 0x04a4 0000048c: JUMPI 0000048d: PUSH1 0x40 0000048f: MLOAD 00000490: PUSH3 0x461bcd 00000494: PUSH1 0xe5 00000496: SHL 00000497: DUP2 00000498: MSTORE 00000499: PUSH1 0x04 0000049b: ADD 0000049c: PUSH2 0x014e 0000049f: SWAP1 000004a0: PUSH2 0x0a00 000004a3: JUMP 000004a4: JUMPDEST 000004a5: DUP1 000004a6: MLOAD 000004a7: PUSH0 000004a8: JUMPDEST 000004a9: DUP2 000004aa: DUP2 000004ab: LT 000004ac: ISZERO 000004ad: PUSH2 0x04f6 000004b0: JUMPI 000004b1: PUSH0 000004b2: DUP4 000004b3: DUP3 000004b4: DUP2 000004b5: MLOAD 000004b6: DUP2 000004b7: LT 000004b8: PUSH2 0x04c3 000004bb: JUMPI 000004bc: PUSH2 0x04c3 000004bf: PUSH2 0x0cc9 000004c2: JUMP 000004c3: JUMPDEST 000004c4: PUSH1 0x20 000004c6: SWAP1 000004c7: DUP2 000004c8: MUL 000004c9: SWAP2 000004ca: SWAP1 000004cb: SWAP2 000004cc: ADD 000004cd: DUP2 000004ce: ADD 000004cf: MLOAD 000004d0: PUSH1 0x01 000004d2: PUSH1 0x01 000004d4: PUSH1 0xa0 000004d6: SHL 000004d7: SUB 000004d8: AND 000004d9: PUSH0 000004da: SWAP1 000004db: DUP2 000004dc: MSTORE 000004dd: PUSH1 0x02 000004df: SWAP1 000004e0: SWAP2 000004e1: MSTORE 000004e2: PUSH1 0x40 000004e4: SWAP1 000004e5: KECCAK256 000004e6: PUSH1 0x01 000004e8: SWAP1 000004e9: DUP2 000004ea: SWAP1 000004eb: SSTORE 000004ec: SWAP2 000004ed: SWAP1 000004ee: SWAP2 000004ef: ADD 000004f0: SWAP1 000004f1: POP 000004f2: PUSH2 0x04a8 000004f5: JUMP 000004f6: JUMPDEST 000004f7: POP 000004f8: POP 000004f9: POP 000004fa: JUMP 000004fb: JUMPDEST 000004fc: PUSH1 0x01 000004fe: SLOAD 000004ff: PUSH1 0x01 00000501: PUSH1 0x01 00000503: PUSH1 0xa0 00000505: SHL 00000506: SUB 00000507: AND 00000508: CALLER 00000509: EQ 0000050a: PUSH2 0x0525 0000050d: JUMPI 0000050e: PUSH1 0x40 00000510: MLOAD 00000511: PUSH3 0x461bcd 00000515: PUSH1 0xe5 00000517: SHL 00000518: DUP2 00000519: MSTORE 0000051a: PUSH1 0x04 0000051c: ADD 0000051d: PUSH2 0x014e 00000520: SWAP1 00000521: PUSH2 0x0a00 00000524: JUMP 00000525: JUMPDEST 00000526: PUSH1 0x40 00000528: MLOAD 00000529: PUSH4 0x2e1a7d4d 0000052e: PUSH1 0xe0 00000530: SHL 00000531: DUP2 00000532: MSTORE 00000533: PUSH1 0x04 00000535: DUP2 00000536: ADD 00000537: DUP3 00000538: SWAP1 00000539: MSTORE 0000053a: DUP3 0000053b: SWAP1 0000053c: PUSH1 0x01 0000053e: PUSH1 0x01 00000540: PUSH1 0xa0 00000542: SHL 00000543: SUB 00000544: DUP3 00000545: AND 00000546: SWAP1 00000547: PUSH4 0x2e1a7d4d 0000054c: SWAP1 0000054d: PUSH1 0x24 0000054f: ADD 00000550: PUSH0 00000551: PUSH1 0x40 00000553: MLOAD 00000554: DUP1 00000555: DUP4 00000556: SUB 00000557: DUP2 00000558: PUSH0 00000559: DUP8 0000055a: DUP1 0000055b: EXTCODESIZE 0000055c: ISZERO 0000055d: DUP1 0000055e: ISZERO 0000055f: PUSH2 0x0566 00000562: JUMPI 00000563: PUSH0 00000564: DUP1 00000565: REVERT 00000566: JUMPDEST 00000567: POP 00000568: GAS 00000569: CALL 0000056a: ISZERO 0000056b: DUP1 0000056c: ISZERO 0000056d: PUSH2 0x0578 00000570: JUMPI 00000571: RETURNDATASIZE 00000572: PUSH0 00000573: DUP1 00000574: RETURNDATACOPY 00000575: RETURNDATASIZE 00000576: PUSH0 00000577: REVERT 00000578: JUMPDEST 00000579: POP 0000057a: POP 0000057b: POP 0000057c: POP 0000057d: POP 0000057e: POP 0000057f: POP 00000580: JUMP 00000581: JUMPDEST 00000582: PUSH1 0x01 00000584: SLOAD 00000585: PUSH1 0x01 00000587: PUSH1 0x01 00000589: PUSH1 0xa0 0000058b: SHL 0000058c: SUB 0000058d: AND 0000058e: CALLER 0000058f: EQ 00000590: PUSH2 0x05ab 00000593: JUMPI 00000594: PUSH1 0x40 00000596: MLOAD 00000597: PUSH3 0x461bcd 0000059b: PUSH1 0xe5 0000059d: SHL 0000059e: DUP2 0000059f: MSTORE 000005a0: PUSH1 0x04 000005a2: ADD 000005a3: PUSH2 0x014e 000005a6: SWAP1 000005a7: PUSH2 0x0a00 000005aa: JUMP 000005ab: JUMPDEST 000005ac: PUSH1 0x40 000005ae: MLOAD 000005af: PUSH4 0xa9059cbb 000005b4: PUSH1 0xe0 000005b6: SHL 000005b7: DUP2 000005b8: MSTORE 000005b9: CALLER 000005ba: PUSH1 0x04 000005bc: DUP3 000005bd: ADD 000005be: MSTORE 000005bf: PUSH1 0x24 000005c1: DUP2 000005c2: ADD 000005c3: DUP3 000005c4: SWAP1 000005c5: MSTORE 000005c6: DUP3 000005c7: SWAP1 000005c8: PUSH1 0x01 000005ca: PUSH1 0x01 000005cc: PUSH1 0xa0 000005ce: SHL 000005cf: SUB 000005d0: DUP3 000005d1: AND 000005d2: SWAP1 000005d3: PUSH4 0xa9059cbb 000005d8: SWAP1 000005d9: PUSH1 0x44 000005db: ADD 000005dc: PUSH1 0x20 000005de: PUSH1 0x40 000005e0: MLOAD 000005e1: DUP1 000005e2: DUP4 000005e3: SUB 000005e4: DUP2 000005e5: PUSH0 000005e6: DUP8 000005e7: GAS 000005e8: CALL 000005e9: ISZERO 000005ea: DUP1 000005eb: ISZERO 000005ec: PUSH2 0x05f7 000005ef: JUMPI 000005f0: RETURNDATASIZE 000005f1: PUSH0 000005f2: DUP1 000005f3: RETURNDATACOPY 000005f4: RETURNDATASIZE 000005f5: PUSH0 000005f6: REVERT 000005f7: JUMPDEST 000005f8: POP 000005f9: POP 000005fa: POP 000005fb: POP 000005fc: PUSH1 0x40 000005fe: MLOAD 000005ff: RETURNDATASIZE 00000600: PUSH1 0x1f 00000602: NOT 00000603: PUSH1 0x1f 00000605: DUP3 00000606: ADD 00000607: AND 00000608: DUP3 00000609: ADD 0000060a: DUP1 0000060b: PUSH1 0x40 0000060d: MSTORE 0000060e: POP 0000060f: DUP2 00000610: ADD 00000611: SWAP1 00000612: PUSH2 0x061b 00000615: SWAP2 00000616: SWAP1 00000617: PUSH2 0x0cdd 0000061a: JUMP 0000061b: JUMPDEST 0000061c: POP 0000061d: POP 0000061e: POP 0000061f: POP 00000620: JUMP 00000621: JUMPDEST 00000622: PUSH1 0x01 00000624: SLOAD 00000625: PUSH1 0x01 00000627: PUSH1 0x01 00000629: PUSH1 0xa0 0000062b: SHL 0000062c: SUB 0000062d: AND 0000062e: CALLER 0000062f: EQ 00000630: PUSH2 0x064b 00000633: JUMPI 00000634: PUSH1 0x40 00000636: MLOAD 00000637: PUSH3 0x461bcd 0000063b: PUSH1 0xe5 0000063d: SHL 0000063e: DUP2 0000063f: MSTORE 00000640: PUSH1 0x04 00000642: ADD 00000643: PUSH2 0x014e 00000646: SWAP1 00000647: PUSH2 0x0a00 0000064a: JUMP 0000064b: JUMPDEST 0000064c: PUSH0 0000064d: DUP1 0000064e: SLOAD 0000064f: PUSH1 0x01 00000651: PUSH1 0x01 00000653: PUSH1 0xa0 00000655: SHL 00000656: SUB 00000657: NOT 00000658: AND 00000659: PUSH1 0x01 0000065b: PUSH1 0x01 0000065d: PUSH1 0xa0 0000065f: SHL 00000660: SUB 00000661: SWAP3 00000662: SWAP1 00000663: SWAP3 00000664: AND 00000665: SWAP2 00000666: SWAP1 00000667: SWAP2 00000668: OR 00000669: SWAP1 0000066a: SSTORE 0000066b: JUMP 0000066c: JUMPDEST 0000066d: PUSH1 0x01 0000066f: SLOAD 00000670: PUSH1 0x01 00000672: PUSH1 0x01 00000674: PUSH1 0xa0 00000676: SHL 00000677: SUB 00000678: AND 00000679: CALLER 0000067a: EQ 0000067b: PUSH2 0x0696 0000067e: JUMPI 0000067f: PUSH1 0x40 00000681: MLOAD 00000682: PUSH3 0x461bcd 00000686: PUSH1 0xe5 00000688: SHL 00000689: DUP2 0000068a: MSTORE 0000068b: PUSH1 0x04 0000068d: ADD 0000068e: PUSH2 0x014e 00000691: SWAP1 00000692: PUSH2 0x0a00 00000695: JUMP 00000696: JUMPDEST 00000697: PUSH1 0x04 00000699: SLOAD 0000069a: PUSH1 0x40 0000069c: MLOAD 0000069d: PUSH1 0x01 0000069f: PUSH1 0x01 000006a1: PUSH1 0xa0 000006a3: SHL 000006a4: SUB 000006a5: DUP5 000006a6: AND 000006a7: SWAP2 000006a8: SWAP1 000006a9: DUP4 000006aa: SWAP1 000006ab: PUSH0 000006ac: DUP2 000006ad: DUP2 000006ae: DUP2 000006af: DUP6 000006b0: DUP9 000006b1: DUP9 000006b2: CALL 000006b3: SWAP4 000006b4: POP 000006b5: POP 000006b6: POP 000006b7: POP 000006b8: RETURNDATASIZE 000006b9: DUP1 000006ba: PUSH0 000006bb: DUP2 000006bc: EQ 000006bd: PUSH2 0x06e1 000006c0: JUMPI 000006c1: PUSH1 0x40 000006c3: MLOAD 000006c4: SWAP2 000006c5: POP 000006c6: PUSH1 0x1f 000006c8: NOT 000006c9: PUSH1 0x3f 000006cb: RETURNDATASIZE 000006cc: ADD 000006cd: AND 000006ce: DUP3 000006cf: ADD 000006d0: PUSH1 0x40 000006d2: MSTORE 000006d3: RETURNDATASIZE 000006d4: DUP3 000006d5: MSTORE 000006d6: RETURNDATASIZE 000006d7: PUSH0 000006d8: PUSH1 0x20 000006da: DUP5 000006db: ADD 000006dc: RETURNDATACOPY 000006dd: PUSH2 0x06e6 000006e0: JUMP 000006e1: JUMPDEST 000006e2: PUSH1 0x60 000006e4: SWAP2 000006e5: POP 000006e6: JUMPDEST 000006e7: POP 000006e8: POP 000006e9: POP 000006ea: POP 000006eb: POP 000006ec: JUMP 000006ed: JUMPDEST 000006ee: PUSH1 0x01 000006f0: SLOAD 000006f1: PUSH1 0x01 000006f3: PUSH1 0x01 000006f5: PUSH1 0xa0 000006f7: SHL 000006f8: SUB 000006f9: AND 000006fa: CALLER 000006fb: EQ 000006fc: PUSH2 0x0717 000006ff: JUMPI 00000700: PUSH1 0x40 00000702: MLOAD 00000703: PUSH3 0x461bcd 00000707: PUSH1 0xe5 00000709: SHL 0000070a: DUP2 0000070b: MSTORE 0000070c: PUSH1 0x04 0000070e: ADD 0000070f: PUSH2 0x014e 00000712: SWAP1 00000713: PUSH2 0x0a00 00000716: JUMP 00000717: JUMPDEST 00000718: PUSH1 0x04 0000071a: SSTORE 0000071b: JUMP 0000071c: JUMPDEST 0000071d: PUSH1 0x01 0000071f: SLOAD 00000720: PUSH1 0x01 00000722: PUSH1 0x01 00000724: PUSH1 0xa0 00000726: SHL 00000727: SUB 00000728: AND 00000729: CALLER 0000072a: EQ 0000072b: PUSH2 0x0746 0000072e: JUMPI 0000072f: PUSH1 0x40 00000731: MLOAD 00000732: PUSH3 0x461bcd 00000736: PUSH1 0xe5 00000738: SHL 00000739: DUP2 0000073a: MSTORE 0000073b: PUSH1 0x04 0000073d: ADD 0000073e: PUSH2 0x014e 00000741: SWAP1 00000742: PUSH2 0x0a00 00000745: JUMP 00000746: JUMPDEST 00000747: DUP1 00000748: MLOAD 00000749: PUSH0 0000074a: JUMPDEST 0000074b: DUP2 0000074c: DUP2 0000074d: LT 0000074e: ISZERO 0000074f: PUSH2 0x04f6 00000752: JUMPI 00000753: PUSH0 00000754: DUP4 00000755: DUP3 00000756: DUP2 00000757: MLOAD 00000758: DUP2 00000759: LT 0000075a: PUSH2 0x0765 0000075d: JUMPI 0000075e: PUSH2 0x0765 00000761: PUSH2 0x0cc9 00000764: JUMP 00000765: JUMPDEST 00000766: PUSH1 0x20 00000768: SWAP1 00000769: DUP2 0000076a: MUL 0000076b: SWAP2 0000076c: SWAP1 0000076d: SWAP2 0000076e: ADD 0000076f: DUP2 00000770: ADD 00000771: MLOAD 00000772: PUSH1 0x01 00000774: PUSH1 0x01 00000776: PUSH1 0xa0 00000778: SHL 00000779: SUB 0000077a: AND 0000077b: PUSH0 0000077c: SWAP1 0000077d: DUP2 0000077e: MSTORE 0000077f: PUSH1 0x02 00000781: SWAP1 00000782: SWAP2 00000783: MSTORE 00000784: PUSH1 0x40 00000786: DUP2 00000787: KECCAK256 00000788: SSTORE 00000789: POP 0000078a: PUSH1 0x01 0000078c: ADD 0000078d: PUSH2 0x074a 00000790: JUMP 00000791: JUMPDEST 00000792: PUSH1 0x01 00000794: SLOAD 00000795: PUSH1 0x01 00000797: PUSH1 0x01 00000799: PUSH1 0xa0 0000079b: SHL 0000079c: SUB 0000079d: AND 0000079e: CALLER 0000079f: EQ 000007a0: PUSH2 0x07bb 000007a3: JUMPI 000007a4: PUSH1 0x40 000007a6: MLOAD 000007a7: PUSH3 0x461bcd 000007ab: PUSH1 0xe5 000007ad: SHL 000007ae: DUP2 000007af: MSTORE 000007b0: PUSH1 0x04 000007b2: ADD 000007b3: PUSH2 0x014e 000007b6: SWAP1 000007b7: PUSH2 0x0a00 000007ba: JUMP 000007bb: JUMPDEST 000007bc: DUP1 000007bd: MLOAD 000007be: PUSH0 000007bf: JUMPDEST 000007c0: DUP2 000007c1: DUP2 000007c2: LT 000007c3: ISZERO 000007c4: PUSH2 0x04f6 000007c7: JUMPI 000007c8: PUSH0 000007c9: DUP4 000007ca: DUP3 000007cb: DUP2 000007cc: MLOAD 000007cd: DUP2 000007ce: LT 000007cf: PUSH2 0x07da 000007d2: JUMPI 000007d3: PUSH2 0x07da 000007d6: PUSH2 0x0cc9 000007d9: JUMP 000007da: JUMPDEST 000007db: PUSH1 0x20 000007dd: MUL 000007de: PUSH1 0x20 000007e0: ADD 000007e1: ADD 000007e2: MLOAD 000007e3: SWAP1 000007e4: POP 000007e5: PUSH0 000007e6: DUP2 000007e7: PUSH0 000007e8: ADD 000007e9: MLOAD 000007ea: SWAP1 000007eb: POP 000007ec: PUSH2 0x07fe 000007ef: DUP2 000007f0: DUP4 000007f1: PUSH1 0x20 000007f3: ADD 000007f4: MLOAD 000007f5: DUP5 000007f6: PUSH1 0x40 000007f8: ADD 000007f9: MLOAD 000007fa: PUSH2 0x0896 000007fd: JUMP 000007fe: JUMPDEST 000007ff: POP 00000800: POP 00000801: PUSH1 0x01 00000803: ADD 00000804: PUSH2 0x07bf 00000807: JUMP 00000808: JUMPDEST 00000809: PUSH1 0x01 0000080b: SLOAD 0000080c: PUSH1 0x01 0000080e: PUSH1 0x01 00000810: PUSH1 0xa0 00000812: SHL 00000813: SUB 00000814: AND 00000815: CALLER 00000816: EQ 00000817: PUSH2 0x0832 0000081a: JUMPI 0000081b: PUSH1 0x40 0000081d: MLOAD 0000081e: PUSH3 0x461bcd 00000822: PUSH1 0xe5 00000824: SHL 00000825: DUP2 00000826: MSTORE 00000827: PUSH1 0x04 00000829: ADD 0000082a: PUSH2 0x014e 0000082d: SWAP1 0000082e: PUSH2 0x0a00 00000831: JUMP 00000832: JUMPDEST 00000833: DUP3 00000834: PUSH2 0x061b 00000837: DUP2 00000838: DUP5 00000839: DUP5 0000083a: PUSH2 0x0896 0000083d: JUMP 0000083e: JUMPDEST 0000083f: PUSH1 0x01 00000841: SLOAD 00000842: PUSH1 0x01 00000844: PUSH1 0x01 00000846: PUSH1 0xa0 00000848: SHL 00000849: SUB 0000084a: AND 0000084b: CALLER 0000084c: EQ 0000084d: PUSH2 0x0868 00000850: JUMPI 00000851: PUSH1 0x40 00000853: MLOAD 00000854: PUSH3 0x461bcd 00000858: PUSH1 0xe5 0000085a: SHL 0000085b: DUP2 0000085c: MSTORE 0000085d: PUSH1 0x04 0000085f: ADD 00000860: PUSH2 0x014e 00000863: SWAP1 00000864: PUSH2 0x0a00 00000867: JUMP 00000868: JUMPDEST 00000869: PUSH1 0x40 0000086b: MLOAD 0000086c: CALLER 0000086d: SWAP1 0000086e: DUP3 0000086f: ISZERO 00000870: PUSH2 0x08fc 00000873: MUL 00000874: SWAP1 00000875: DUP4 00000876: SWAP1 00000877: PUSH0 00000878: DUP2 00000879: DUP2 0000087a: DUP2 0000087b: DUP6 0000087c: DUP9 0000087d: DUP9 0000087e: CALL 0000087f: SWAP4 00000880: POP 00000881: POP 00000882: POP 00000883: POP 00000884: ISZERO 00000885: DUP1 00000886: ISZERO 00000887: PUSH2 0x0892 0000088a: JUMPI 0000088b: RETURNDATASIZE 0000088c: PUSH0 0000088d: DUP1 0000088e: RETURNDATACOPY 0000088f: RETURNDATASIZE 00000890: PUSH0 00000891: REVERT 00000892: JUMPDEST 00000893: POP 00000894: POP 00000895: JUMP 00000896: JUMPDEST 00000897: PUSH1 0x40 00000899: DUP1 0000089a: MLOAD 0000089b: PUSH1 0x01 0000089d: PUSH1 0x01 0000089f: PUSH1 0xa0 000008a1: SHL 000008a2: SUB 000008a3: DUP5 000008a4: AND 000008a5: PUSH1 0x24 000008a7: DUP3 000008a8: ADD 000008a9: MSTORE 000008aa: PUSH1 0x44 000008ac: DUP1 000008ad: DUP3 000008ae: ADD 000008af: DUP5 000008b0: SWAP1 000008b1: MSTORE 000008b2: DUP3 000008b3: MLOAD 000008b4: DUP1 000008b5: DUP4 000008b6: SUB 000008b7: SWAP1 000008b8: SWAP2 000008b9: ADD 000008ba: DUP2 000008bb: MSTORE 000008bc: PUSH1 0x64 000008be: SWAP1 000008bf: SWAP2 000008c0: ADD 000008c1: DUP3 000008c2: MSTORE 000008c3: PUSH1 0x20 000008c5: DUP1 000008c6: DUP3 000008c7: ADD 000008c8: DUP1 000008c9: MLOAD 000008ca: PUSH1 0x01 000008cc: PUSH1 0x01 000008ce: PUSH1 0xe0 000008d0: SHL 000008d1: SUB 000008d2: AND 000008d3: PUSH4 0x095ea7b3 000008d8: PUSH1 0xe0 000008da: SHL 000008db: OR 000008dc: SWAP1 000008dd: MSTORE 000008de: DUP3 000008df: MLOAD 000008e0: SWAP1 000008e1: DUP2 000008e2: ADD 000008e3: SWAP1 000008e4: SWAP3 000008e5: MSTORE 000008e6: PUSH0 000008e7: DUP1 000008e8: DUP4 000008e9: MSTORE 000008ea: PUSH2 0x04f6 000008ed: SWAP3 000008ee: DUP7 000008ef: SWAP3 000008f0: SWAP2 000008f1: SWAP1 000008f2: PUSH2 0x08fe 000008f5: SWAP1 000008f6: DUP5 000008f7: SWAP1 000008f8: DUP5 000008f9: SWAP1 000008fa: PUSH2 0x0924 000008fd: JUMP 000008fe: JUMPDEST 000008ff: DUP1 00000900: MLOAD 00000901: SWAP1 00000902: SWAP2 00000903: POP 00000904: ISZERO 00000905: PUSH2 0x04f6 00000908: JUMPI 00000909: DUP1 0000090a: DUP1 0000090b: PUSH1 0x20 0000090d: ADD 0000090e: SWAP1 0000090f: MLOAD 00000910: DUP2 00000911: ADD 00000912: SWAP1 00000913: PUSH2 0x091c 00000916: SWAP2 00000917: SWAP1 00000918: PUSH2 0x0cdd 0000091b: JUMP 0000091c: JUMPDEST 0000091d: PUSH2 0x04f6 00000920: JUMPI 00000921: PUSH0 00000922: DUP1 00000923: REVERT 00000924: JUMPDEST 00000925: PUSH1 0x60 00000927: PUSH2 0x0932 0000092a: DUP5 0000092b: DUP5 0000092c: PUSH0 0000092d: DUP6 0000092e: PUSH2 0x093a 00000931: JUMP 00000932: JUMPDEST 00000933: SWAP5 00000934: SWAP4 00000935: POP 00000936: POP 00000937: POP 00000938: POP 00000939: JUMP 0000093a: JUMPDEST 0000093b: PUSH1 0x60 0000093d: DUP3 0000093e: SELFBALANCE 0000093f: LT 00000940: ISZERO 00000941: PUSH2 0x0948 00000944: JUMPI 00000945: PUSH0 00000946: DUP1 00000947: REVERT 00000948: JUMPDEST 00000949: DUP5 0000094a: EXTCODESIZE 0000094b: PUSH2 0x0952 0000094e: JUMPI 0000094f: PUSH0 00000950: DUP1 00000951: REVERT 00000952: JUMPDEST 00000953: PUSH0 00000954: DUP1 00000955: DUP7 00000956: PUSH1 0x01 00000958: PUSH1 0x01 0000095a: PUSH1 0xa0 0000095c: SHL 0000095d: SUB 0000095e: AND 0000095f: DUP6 00000960: DUP8 00000961: PUSH1 0x40 00000963: MLOAD 00000964: PUSH2 0x096d 00000967: SWAP2 00000968: SWAP1 00000969: PUSH2 0x0d1e 0000096c: JUMP 0000096d: JUMPDEST 0000096e: PUSH0 0000096f: PUSH1 0x40 00000971: MLOAD 00000972: DUP1 00000973: DUP4 00000974: SUB 00000975: DUP2 00000976: DUP6 00000977: DUP8 00000978: GAS 00000979: CALL 0000097a: SWAP3 0000097b: POP 0000097c: POP 0000097d: POP 0000097e: RETURNDATASIZE 0000097f: DUP1 00000980: PUSH0 00000981: DUP2 00000982: EQ 00000983: PUSH2 0x09a7 00000986: JUMPI 00000987: PUSH1 0x40 00000989: MLOAD 0000098a: SWAP2 0000098b: POP 0000098c: PUSH1 0x1f 0000098e: NOT 0000098f: PUSH1 0x3f 00000991: RETURNDATASIZE 00000992: ADD 00000993: AND 00000994: DUP3 00000995: ADD 00000996: PUSH1 0x40 00000998: MSTORE 00000999: RETURNDATASIZE 0000099a: DUP3 0000099b: MSTORE 0000099c: RETURNDATASIZE 0000099d: PUSH0 0000099e: PUSH1 0x20 000009a0: DUP5 000009a1: ADD 000009a2: RETURNDATACOPY 000009a3: PUSH2 0x09ac 000009a6: JUMP 000009a7: JUMPDEST 000009a8: PUSH1 0x60 000009aa: SWAP2 000009ab: POP 000009ac: JUMPDEST 000009ad: POP 000009ae: SWAP2 000009af: POP 000009b0: SWAP2 000009b1: POP 000009b2: PUSH2 0x09bc 000009b5: DUP3 000009b6: DUP3 000009b7: DUP7 000009b8: PUSH2 0x09c7 000009bb: JUMP 000009bc: JUMPDEST 000009bd: SWAP8 000009be: SWAP7 000009bf: POP 000009c0: POP 000009c1: POP 000009c2: POP 000009c3: POP 000009c4: POP 000009c5: POP 000009c6: JUMP 000009c7: JUMPDEST 000009c8: PUSH1 0x60 000009ca: DUP4 000009cb: PUSH2 0x09f8 000009ce: JUMPI 000009cf: DUP3 000009d0: MLOAD 000009d1: ISZERO 000009d2: PUSH2 0x09de 000009d5: JUMPI 000009d6: DUP3 000009d7: MLOAD 000009d8: DUP1 000009d9: DUP5 000009da: PUSH1 0x20 000009dc: ADD 000009dd: REVERT 000009de: JUMPDEST 000009df: DUP2 000009e0: PUSH1 0x40 000009e2: MLOAD 000009e3: PUSH3 0x461bcd 000009e7: PUSH1 0xe5 000009e9: SHL 000009ea: DUP2 000009eb: MSTORE 000009ec: PUSH1 0x04 000009ee: ADD 000009ef: PUSH2 0x014e 000009f2: SWAP2 000009f3: SWAP1 000009f4: PUSH2 0x0d39 000009f7: JUMP 000009f8: JUMPDEST 000009f9: POP 000009fa: SWAP1 000009fb: SWAP3 000009fc: SWAP2 000009fd: POP 000009fe: POP 000009ff: JUMP 00000a00: JUMPDEST 00000a01: PUSH1 0x20 00000a03: DUP1 00000a04: DUP3 00000a05: MSTORE 00000a06: PUSH1 0x0a 00000a08: SWAP1 00000a09: DUP3 00000a0a: ADD 00000a0b: MSTORE 00000a0c: PUSH10 0x2337b93134b23232b717 00000a17: PUSH1 0xb1 00000a19: SHL 00000a1a: PUSH1 0x40 00000a1c: DUP3 00000a1d: ADD 00000a1e: MSTORE 00000a1f: PUSH1 0x60 00000a21: ADD 00000a22: SWAP1 00000a23: JUMP 00000a24: JUMPDEST 00000a25: DUP2 00000a26: DUP4 00000a27: DUP3 00000a28: CALLDATACOPY 00000a29: PUSH0 00000a2a: SWAP2 00000a2b: ADD 00000a2c: SWAP1 00000a2d: DUP2 00000a2e: MSTORE 00000a2f: SWAP2 00000a30: SWAP1 00000a31: POP 00000a32: JUMP 00000a33: JUMPDEST 00000a34: DUP1 00000a35: CALLDATALOAD 00000a36: PUSH1 0x01 00000a38: PUSH1 0x01 00000a3a: PUSH1 0xa0 00000a3c: SHL 00000a3d: SUB 00000a3e: DUP2 00000a3f: AND 00000a40: DUP2 00000a41: EQ 00000a42: PUSH2 0x0a49 00000a45: JUMPI 00000a46: PUSH0 00000a47: DUP1 00000a48: REVERT 00000a49: JUMPDEST 00000a4a: SWAP2 00000a4b: SWAP1 00000a4c: POP 00000a4d: JUMP 00000a4e: JUMPDEST 00000a4f: PUSH0 00000a50: PUSH1 0x20 00000a52: DUP3 00000a53: DUP5 00000a54: SUB 00000a55: SLT 00000a56: ISZERO 00000a57: PUSH2 0x0a5e 00000a5a: JUMPI 00000a5b: PUSH0 00000a5c: DUP1 00000a5d: REVERT 00000a5e: JUMPDEST 00000a5f: PUSH2 0x0a67 00000a62: DUP3 00000a63: PUSH2 0x0a33 00000a66: JUMP 00000a67: JUMPDEST 00000a68: SWAP4 00000a69: SWAP3 00000a6a: POP 00000a6b: POP 00000a6c: POP 00000a6d: JUMP 00000a6e: JUMPDEST 00000a6f: PUSH4 0x4e487b71 00000a74: PUSH1 0xe0 00000a76: SHL 00000a77: PUSH0 00000a78: MSTORE 00000a79: PUSH1 0x41 00000a7b: PUSH1 0x04 00000a7d: MSTORE 00000a7e: PUSH1 0x24 00000a80: PUSH0 00000a81: REVERT 00000a82: JUMPDEST 00000a83: PUSH1 0x40 00000a85: MLOAD 00000a86: PUSH1 0x60 00000a88: DUP2 00000a89: ADD 00000a8a: PUSH8 0xffffffffffffffff 00000a93: DUP2 00000a94: GT 00000a95: DUP3 00000a96: DUP3 00000a97: LT 00000a98: OR 00000a99: ISZERO 00000a9a: PUSH2 0x0aa5 00000a9d: JUMPI 00000a9e: PUSH2 0x0aa5 00000aa1: PUSH2 0x0a6e 00000aa4: JUMP 00000aa5: JUMPDEST 00000aa6: PUSH1 0x40 00000aa8: MSTORE 00000aa9: SWAP1 00000aaa: JUMP 00000aab: JUMPDEST 00000aac: PUSH1 0x40 00000aae: MLOAD 00000aaf: PUSH1 0x1f 00000ab1: DUP3 00000ab2: ADD 00000ab3: PUSH1 0x1f 00000ab5: NOT 00000ab6: AND 00000ab7: DUP2 00000ab8: ADD 00000ab9: PUSH8 0xffffffffffffffff 00000ac2: DUP2 00000ac3: GT 00000ac4: DUP3 00000ac5: DUP3 00000ac6: LT 00000ac7: OR 00000ac8: ISZERO 00000ac9: PUSH2 0x0ad4 00000acc: JUMPI 00000acd: PUSH2 0x0ad4 00000ad0: PUSH2 0x0a6e 00000ad3: JUMP 00000ad4: JUMPDEST 00000ad5: PUSH1 0x40 00000ad7: MSTORE 00000ad8: SWAP2 00000ad9: SWAP1 00000ada: POP 00000adb: JUMP 00000adc: JUMPDEST 00000add: PUSH0 00000ade: PUSH8 0xffffffffffffffff 00000ae7: DUP3 00000ae8: GT 00000ae9: ISZERO 00000aea: PUSH2 0x0af5 00000aed: JUMPI 00000aee: PUSH2 0x0af5 00000af1: PUSH2 0x0a6e 00000af4: JUMP 00000af5: JUMPDEST 00000af6: POP 00000af7: PUSH1 0x05 00000af9: SHL 00000afa: PUSH1 0x20 00000afc: ADD 00000afd: SWAP1 00000afe: JUMP 00000aff: JUMPDEST 00000b00: PUSH0 00000b01: PUSH1 0x20 00000b03: DUP1 00000b04: DUP4 00000b05: DUP6 00000b06: SUB 00000b07: SLT 00000b08: ISZERO 00000b09: PUSH2 0x0b10 00000b0c: JUMPI 00000b0d: PUSH0 00000b0e: DUP1 00000b0f: REVERT 00000b10: JUMPDEST 00000b11: DUP3 00000b12: CALLDATALOAD 00000b13: PUSH8 0xffffffffffffffff 00000b1c: DUP2 00000b1d: GT 00000b1e: ISZERO 00000b1f: PUSH2 0x0b26 00000b22: JUMPI 00000b23: PUSH0 00000b24: DUP1 00000b25: REVERT 00000b26: JUMPDEST 00000b27: DUP4 00000b28: ADD 00000b29: PUSH1 0x1f 00000b2b: DUP2 00000b2c: ADD 00000b2d: DUP6 00000b2e: SGT 00000b2f: PUSH2 0x0b36 00000b32: JUMPI 00000b33: PUSH0 00000b34: DUP1 00000b35: REVERT 00000b36: JUMPDEST 00000b37: DUP1 00000b38: CALLDATALOAD 00000b39: PUSH2 0x0b49 00000b3c: PUSH2 0x0b44 00000b3f: DUP3 00000b40: PUSH2 0x0adc 00000b43: JUMP 00000b44: JUMPDEST 00000b45: PUSH2 0x0aab 00000b48: JUMP 00000b49: JUMPDEST 00000b4a: DUP2 00000b4b: DUP2 00000b4c: MSTORE 00000b4d: PUSH1 0x05 00000b4f: SWAP2 00000b50: SWAP1 00000b51: SWAP2 00000b52: SHL 00000b53: DUP3 00000b54: ADD 00000b55: DUP4 00000b56: ADD 00000b57: SWAP1 00000b58: DUP4 00000b59: DUP2 00000b5a: ADD 00000b5b: SWAP1 00000b5c: DUP8 00000b5d: DUP4 00000b5e: GT 00000b5f: ISZERO 00000b60: PUSH2 0x0b67 00000b63: JUMPI 00000b64: PUSH0 00000b65: DUP1 00000b66: REVERT 00000b67: JUMPDEST 00000b68: SWAP3 00000b69: DUP5 00000b6a: ADD 00000b6b: SWAP3 00000b6c: JUMPDEST 00000b6d: DUP3 00000b6e: DUP5 00000b6f: LT 00000b70: ISZERO 00000b71: PUSH2 0x09bc 00000b74: JUMPI 00000b75: PUSH2 0x0b7d 00000b78: DUP5 00000b79: PUSH2 0x0a33 00000b7c: JUMP 00000b7d: JUMPDEST 00000b7e: DUP3 00000b7f: MSTORE 00000b80: SWAP3 00000b81: DUP5 00000b82: ADD 00000b83: SWAP3 00000b84: SWAP1 00000b85: DUP5 00000b86: ADD 00000b87: SWAP1 00000b88: PUSH2 0x0b6c 00000b8b: JUMP 00000b8c: JUMPDEST 00000b8d: PUSH0 00000b8e: DUP1 00000b8f: PUSH1 0x40 00000b91: DUP4 00000b92: DUP6 00000b93: SUB 00000b94: SLT 00000b95: ISZERO 00000b96: PUSH2 0x0b9d 00000b99: JUMPI 00000b9a: PUSH0 00000b9b: DUP1 00000b9c: REVERT 00000b9d: JUMPDEST 00000b9e: PUSH2 0x0ba6 00000ba1: DUP4 00000ba2: PUSH2 0x0a33 00000ba5: JUMP 00000ba6: JUMPDEST 00000ba7: SWAP5 00000ba8: PUSH1 0x20 00000baa: SWAP4 00000bab: SWAP1 00000bac: SWAP4 00000bad: ADD 00000bae: CALLDATALOAD 00000baf: SWAP4 00000bb0: POP 00000bb1: POP 00000bb2: POP 00000bb3: JUMP 00000bb4: JUMPDEST 00000bb5: PUSH0 00000bb6: PUSH1 0x20 00000bb8: DUP3 00000bb9: DUP5 00000bba: SUB 00000bbb: SLT 00000bbc: ISZERO 00000bbd: PUSH2 0x0bc4 00000bc0: JUMPI 00000bc1: PUSH0 00000bc2: DUP1 00000bc3: REVERT 00000bc4: JUMPDEST 00000bc5: POP 00000bc6: CALLDATALOAD 00000bc7: SWAP2 00000bc8: SWAP1 00000bc9: POP 00000bca: JUMP 00000bcb: JUMPDEST 00000bcc: PUSH0 00000bcd: PUSH1 0x20 00000bcf: DUP1 00000bd0: DUP4 00000bd1: DUP6 00000bd2: SUB 00000bd3: SLT 00000bd4: ISZERO 00000bd5: PUSH2 0x0bdc 00000bd8: JUMPI 00000bd9: PUSH0 00000bda: DUP1 00000bdb: REVERT 00000bdc: JUMPDEST 00000bdd: DUP3 00000bde: CALLDATALOAD 00000bdf: PUSH8 0xffffffffffffffff 00000be8: DUP2 00000be9: GT 00000bea: ISZERO 00000beb: PUSH2 0x0bf2 00000bee: JUMPI 00000bef: PUSH0 00000bf0: DUP1 00000bf1: REVERT 00000bf2: JUMPDEST 00000bf3: DUP4 00000bf4: ADD 00000bf5: PUSH1 0x1f 00000bf7: DUP2 00000bf8: ADD 00000bf9: DUP6 00000bfa: SGT 00000bfb: PUSH2 0x0c02 00000bfe: JUMPI 00000bff: PUSH0 00000c00: DUP1 00000c01: REVERT 00000c02: JUMPDEST 00000c03: DUP1 00000c04: CALLDATALOAD 00000c05: PUSH2 0x0c10 00000c08: PUSH2 0x0b44 00000c0b: DUP3 00000c0c: PUSH2 0x0adc 00000c0f: JUMP 00000c10: JUMPDEST 00000c11: DUP2 00000c12: DUP2 00000c13: MSTORE 00000c14: PUSH1 0x60 00000c16: SWAP2 00000c17: DUP3 00000c18: MUL 00000c19: DUP4 00000c1a: ADD 00000c1b: DUP5 00000c1c: ADD 00000c1d: SWAP2 00000c1e: DUP5 00000c1f: DUP3 00000c20: ADD 00000c21: SWAP2 00000c22: SWAP1 00000c23: DUP9 00000c24: DUP5 00000c25: GT 00000c26: ISZERO 00000c27: PUSH2 0x0c2e 00000c2a: JUMPI 00000c2b: PUSH0 00000c2c: DUP1 00000c2d: REVERT 00000c2e: JUMPDEST 00000c2f: SWAP4 00000c30: DUP6 00000c31: ADD 00000c32: SWAP4 00000c33: JUMPDEST 00000c34: DUP4 00000c35: DUP6 00000c36: LT 00000c37: ISZERO 00000c38: PUSH2 0x0c84 00000c3b: JUMPI 00000c3c: DUP1 00000c3d: DUP6 00000c3e: DUP11 00000c3f: SUB 00000c40: SLT 00000c41: ISZERO 00000c42: PUSH2 0x0c49 00000c45: JUMPI 00000c46: PUSH0 00000c47: DUP1 00000c48: REVERT 00000c49: JUMPDEST 00000c4a: PUSH2 0x0c51 00000c4d: PUSH2 0x0a82 00000c50: JUMP 00000c51: JUMPDEST 00000c52: PUSH2 0x0c5a 00000c55: DUP7 00000c56: PUSH2 0x0a33 00000c59: JUMP 00000c5a: JUMPDEST 00000c5b: DUP2 00000c5c: MSTORE 00000c5d: PUSH2 0x0c67 00000c60: DUP8 00000c61: DUP8 00000c62: ADD 00000c63: PUSH2 0x0a33 00000c66: JUMP 00000c67: JUMPDEST 00000c68: DUP2 00000c69: DUP9 00000c6a: ADD 00000c6b: MSTORE 00000c6c: PUSH1 0x40 00000c6e: DUP7 00000c6f: DUP2 00000c70: ADD 00000c71: CALLDATALOAD 00000c72: SWAP1 00000c73: DUP3 00000c74: ADD 00000c75: MSTORE 00000c76: DUP4 00000c77: MSTORE 00000c78: SWAP4 00000c79: DUP5 00000c7a: ADD 00000c7b: SWAP4 00000c7c: SWAP2 00000c7d: DUP6 00000c7e: ADD 00000c7f: SWAP2 00000c80: PUSH2 0x0c33 00000c83: JUMP 00000c84: JUMPDEST 00000c85: POP 00000c86: SWAP8 00000c87: SWAP7 00000c88: POP 00000c89: POP 00000c8a: POP 00000c8b: POP 00000c8c: POP 00000c8d: POP 00000c8e: POP 00000c8f: JUMP 00000c90: JUMPDEST 00000c91: PUSH0 00000c92: DUP1 00000c93: PUSH0 00000c94: PUSH1 0x60 00000c96: DUP5 00000c97: DUP7 00000c98: SUB 00000c99: SLT 00000c9a: ISZERO 00000c9b: PUSH2 0x0ca2 00000c9e: JUMPI 00000c9f: PUSH0 00000ca0: DUP1 00000ca1: REVERT 00000ca2: JUMPDEST 00000ca3: PUSH2 0x0cab 00000ca6: DUP5 00000ca7: PUSH2 0x0a33 00000caa: JUMP 00000cab: JUMPDEST 00000cac: SWAP3 00000cad: POP 00000cae: PUSH2 0x0cb9 00000cb1: PUSH1 0x20 00000cb3: DUP6 00000cb4: ADD 00000cb5: PUSH2 0x0a33 00000cb8: JUMP 00000cb9: JUMPDEST 00000cba: SWAP2 00000cbb: POP 00000cbc: PUSH1 0x40 00000cbe: DUP5 00000cbf: ADD 00000cc0: CALLDATALOAD 00000cc1: SWAP1 00000cc2: POP 00000cc3: SWAP3 00000cc4: POP 00000cc5: SWAP3 00000cc6: POP 00000cc7: SWAP3 00000cc8: JUMP 00000cc9: JUMPDEST 00000cca: PUSH4 0x4e487b71 00000ccf: PUSH1 0xe0 00000cd1: SHL 00000cd2: PUSH0 00000cd3: MSTORE 00000cd4: PUSH1 0x32 00000cd6: PUSH1 0x04 00000cd8: MSTORE 00000cd9: PUSH1 0x24 00000cdb: PUSH0 00000cdc: REVERT 00000cdd: JUMPDEST 00000cde: PUSH0 00000cdf: PUSH1 0x20 00000ce1: DUP3 00000ce2: DUP5 00000ce3: SUB 00000ce4: SLT 00000ce5: ISZERO 00000ce6: PUSH2 0x0ced 00000ce9: JUMPI 00000cea: PUSH0 00000ceb: DUP1 00000cec: REVERT 00000ced: JUMPDEST 00000cee: DUP2 00000cef: MLOAD 00000cf0: DUP1 00000cf1: ISZERO 00000cf2: ISZERO 00000cf3: DUP2 00000cf4: EQ 00000cf5: PUSH2 0x0a67 00000cf8: JUMPI 00000cf9: PUSH0 00000cfa: DUP1 00000cfb: REVERT 00000cfc: JUMPDEST 00000cfd: PUSH0 00000cfe: JUMPDEST 00000cff: DUP4 00000d00: DUP2 00000d01: LT 00000d02: ISZERO 00000d03: PUSH2 0x0d16 00000d06: JUMPI 00000d07: DUP2 00000d08: DUP2 00000d09: ADD 00000d0a: MLOAD 00000d0b: DUP4 00000d0c: DUP3 00000d0d: ADD 00000d0e: MSTORE 00000d0f: PUSH1 0x20 00000d11: ADD 00000d12: PUSH2 0x0cfe 00000d15: JUMP 00000d16: JUMPDEST 00000d17: POP 00000d18: POP 00000d19: PUSH0 00000d1a: SWAP2 00000d1b: ADD 00000d1c: MSTORE 00000d1d: JUMP 00000d1e: JUMPDEST 00000d1f: PUSH0 00000d20: DUP3 00000d21: MLOAD 00000d22: PUSH2 0x0d2f 00000d25: DUP2 00000d26: DUP5 00000d27: PUSH1 0x20 00000d29: DUP8 00000d2a: ADD 00000d2b: PUSH2 0x0cfc 00000d2e: JUMP 00000d2f: JUMPDEST 00000d30: SWAP2 00000d31: SWAP1 00000d32: SWAP2 00000d33: ADD 00000d34: SWAP3 00000d35: SWAP2 00000d36: POP 00000d37: POP 00000d38: JUMP 00000d39: JUMPDEST 00000d3a: PUSH1 0x20 00000d3c: DUP2 00000d3d: MSTORE 00000d3e: PUSH0 00000d3f: DUP3 00000d40: MLOAD 00000d41: DUP1 00000d42: PUSH1 0x20 00000d44: DUP5 00000d45: ADD 00000d46: MSTORE 00000d47: PUSH2 0x0d57 00000d4a: DUP2 00000d4b: PUSH1 0x40 00000d4d: DUP6 00000d4e: ADD 00000d4f: PUSH1 0x20 00000d51: DUP8 00000d52: ADD 00000d53: PUSH2 0x0cfc 00000d56: JUMP 00000d57: JUMPDEST 00000d58: PUSH1 0x1f 00000d5a: ADD 00000d5b: PUSH1 0x1f 00000d5d: NOT 00000d5e: AND 00000d5f: SWAP2 00000d60: SWAP1 00000d61: SWAP2 00000d62: ADD 00000d63: PUSH1 0x40 00000d65: ADD 00000d66: SWAP3 00000d67: SWAP2 00000d68: POP 00000d69: POP 00000d6a: JUMP 00000d6b: INVALID 00000d6c: LOG2 00000d6d: PUSH5 0x6970667358 00000d73: UNKNOWN(0x22) 00000d74: SLT 00000d75: KECCAK256 00000d76: ADDMOD 00000d77: ISZERO 00000d78: GAS 00000d79: EXTCODEHASH 00000d7a: UNKNOWN(0x4E) 00000d7b: CALLDATALOAD 00000d7c: KECCAK256 00000d7d: UNKNOWN(0xD2) 00000d7e: PUSH19 0x429fe32c594aaaa74bdbb3b789c8d9a57fe9da 00000d92: PUSH21
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0xbdf0475578a8983b3a544a1242c049b1e527aef6b9f71953ed57aae615ecabe1
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "unknown",
"attempts": 168,
"trace_id": "0xbdf0475578a8983b3a544a1242c049b1e527aef6b9f71953ed57aae615ecabe1",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xaa2d4a29",
"selector": "0xaa2d4a29",
"calldata_variants": [
"0xaa2d4a29",
"0xaa2d4a290000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd89da49c",
"selector": "0xd89da49c",
"calldata_variants": [
"0xd89da49c",
"0xd89da49c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xeded6191",
"selector": "0xeded6191",
"calldata_variants": [
"0xeded6191",
"0xeded61910000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xefbb98c2",
"selector": "0xefbb98c2",
"calldata_variants": [
"0xefbb98c2",
"0xefbb98c20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x802a81d8",
"selector": "0x802a81d8",
"calldata_variants": [
"0x802a81d8",
"0x802a81d80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x810d6ce5",
"selector": "0x810d6ce5",
"calldata_variants": [
"0x810d6ce5",
"0x810d6ce50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4358917",
"selector": "0xa4358917",
"calldata_variants": [
"0xa4358917",
"0xa43589170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1fceed7f",
"selector": "0x1fceed7f",
"calldata_variants": [
"0x1fceed7f",
"0x1fceed7f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 389,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x9e5ed55af5ec38c746d71ecee03c2730f212c2b027eec325e8b002631b6ab2e8
call_targets:
0xbadc0de76438f9524d42c219b390636196bfbdfc
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x9e5ed55af5ec38c746d71ecee03c2730f212c2b027eec325e8b002631b6ab2e8",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xbadc0de76438f9524d42c219b390636196bfbdfc"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xaa2d4a29",
"selector": "0xaa2d4a29",
"calldata_variants": [
"0xaa2d4a29",
"0xaa2d4a290000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd89da49c",
"selector": "0xd89da49c",
"calldata_variants": [
"0xd89da49c",
"0xd89da49c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xeded6191",
"selector": "0xeded6191",
"calldata_variants": [
"0xeded6191",
"0xeded61910000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xefbb98c2",
"selector": "0xefbb98c2",
"calldata_variants": [
"0xefbb98c2",
"0xefbb98c20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x802a81d8",
"selector": "0x802a81d8",
"calldata_variants": [
"0x802a81d8",
"0x802a81d80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x810d6ce5",
"selector": "0x810d6ce5",
"calldata_variants": [
"0x810d6ce5",
"0x810d6ce50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4358917",
"selector": "0xa4358917",
"calldata_variants": [
"0xa4358917",
"0xa43589170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1fceed7f",
"selector": "0x1fceed7f",
"calldata_variants": [
"0x1fceed7f",
"0x1fceed7f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1385,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1512,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1714,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 5,
"guards_detected": [],
"untrusted_call_count": 5
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x9e5ed55af5ec38c746d71ecee03c2730f212c2b027eec325e8b002631b6ab2e8
call_targets:
0xbadc0de76438f9524d42c219b390636196bfbdfc
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x9e5ed55af5ec38c746d71ecee03c2730f212c2b027eec325e8b002631b6ab2e8",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xbadc0de76438f9524d42c219b390636196bfbdfc"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xaa2d4a29",
"selector": "0xaa2d4a29",
"calldata_variants": [
"0xaa2d4a29",
"0xaa2d4a290000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd89da49c",
"selector": "0xd89da49c",
"calldata_variants": [
"0xd89da49c",
"0xd89da49c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xeded6191",
"selector": "0xeded6191",
"calldata_variants": [
"0xeded6191",
"0xeded61910000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xefbb98c2",
"selector": "0xefbb98c2",
"calldata_variants": [
"0xefbb98c2",
"0xefbb98c20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x802a81d8",
"selector": "0x802a81d8",
"calldata_variants": [
"0x802a81d8",
"0x802a81d80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x810d6ce5",
"selector": "0x810d6ce5",
"calldata_variants": [
"0x810d6ce5",
"0x810d6ce50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa4358917",
"selector": "0xa4358917",
"calldata_variants": [
"0xa4358917",
"0xa43589170000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1fceed7f",
"selector": "0x1fceed7f",
"calldata_variants": [
"0x1fceed7f",
"0x1fceed7f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1385,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1512,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1714,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 5,
"guards_detected": []
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 1
}
|