TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

47476ed3-1130-4cc2-88bc-4e11d7602cbd

complete
Chain ID
1
Address
0xde5120b839e79470f18a86cdc8e78ce48d1b30f3
Block Number
Created
Mon, Jan 5, 2026 1:51 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
SELFDESTRUCT present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31642 report.consolidate complete 1 / 1 3 months ago
95275 artifact.fetch complete 1 / 3 1 week ago
95276 tool.cast_disasm complete 1 / 3 1 week ago
95277 analysis.bundle complete 1 / 3 1 week ago
95278 capability.graph complete 1 / 3 1 week ago
95279 detector.run complete 1 / 3 1 week ago
95280 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
Reviewed the runtime bytecode fully; it implements owner-gated withdrawal/recipient management and a payable fallback that only logs when msg.value matches stored constants. No unprotected value transfers, delegatecalls, selfdestructs, or upgrade paths were found, so there is no concrete exploitable profit path from bytecode alone.
View stderr 
[codex:363824] OpenAI Codex v0.77.0 (research preview)
[codex:363824] --------
[codex:363824] workdir: /tmp/codex-multi-6rw3ig1e
[codex:363824] model: gpt-5.2-codex
[codex:363824] provider: openai
[codex:363824] approval: never
[codex:363824] sandbox: read-only
[codex:363824] reasoning effort: xhigh
[codex:363824] reasoning summaries: auto
[codex:363824] session id: 019b8bd2-950b-7062-bf42-f2bbb55c8974
[codex:363824] --------
[codex:363824] user
[codex:363824] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:363824] 
[codex:363824] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:363824] 
[codex:363824] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:363824] - Gas inefficiency, code quality, or best practices
[codex:363824] - Theoretical vulnerabilities without a clear extraction path
[codex:363824] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:363824] - Issues requiring social engineering or off-chain coordination
[codex:363824] 
[codex:363824] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:363824] - CALL/DELEGATECALL with controllable destination or calldata
[codex:363824] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:363824] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:363824] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:363824] - External calls before state updates (reentrancy)
[codex:363824] - SELFDESTRUCT with controllable beneficiary
[codex:363824] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:363824] 
[codex:363824] For each finding, you MUST explain:
[codex:363824] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:363824] 2. The concrete sequence of transactions to extract value
[codex:363824] 3. Why you believe this is exploitable (not just suspicious)
[codex:363824] 
[codex:363824] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:363824] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:363824] 
[codex:363824] Output MUST be valid JSON matching the provided schema.
[codex:363824] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:363824] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:363824] mcp startup: no servers
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Preparing to read BYTECODE_BUNDLE.txt**
[codex:363824] exec
[codex:363824] /bin/bash -lc ls in /tmp/codex-multi-6rw3ig1e succeeded in 5ms:
[codex:363824] BYTECODE_BUNDLE.txt
[codex:363824] codex-output-schema.json
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Reading BYTECODE_BUNDLE.txt**
[codex:363824] exec
[codex:363824] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-6rw3ig1e succeeded in 5ms:
[codex:363824] Runtime bytecode bundle for best-effort auditing.
[codex:363824] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:363824] 
[codex:363824] FILE: runtime_bytecode.hex
[codex:363824] 0x60806040526004361061008d576000357c010000000000000000000000000000000000000000000000000000000090048063715018a61161006b578063715018a6146103995780638da5cb5b146103b05780638f32d59b14610407578063f2fde38b146104365761008d565b80633ccfd60b146102da57806354c03ab7146102f15780636f48e79b14610348575b600073ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16141580156100f657503073ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614155b151561010157600080fd5b600554341480610112575060065434145b8061011e575060075434145b8061012a575060085434145b80610136575060095434145b806101425750600a5434145b8061014e5750600b5434145b8061015a5750600c5434145b806101665750600d5434145b806101725750600e5434145b8061017e5750600f5434145b8061018a575060105434145b80610196575060115434145b806101a2575060125434145b806101ae575060135434145b806101ba575060145434145b806101c6575060155434145b806101d2575060165434145b806101de575060175434145b806101ea575060185434145b806101f6575060195434145b806102025750601a5434145b8061020e5750601b5434145b8061021a5750601c5434145b806102265750601d5434145b806102325750601e5434145b8061023e5750601f5434145b8061024a575060205434145b80610256575060215434145b80610262575060225434145b151561026d57600080fd5b7fdd6c6913dd4f1ff7839115927f06a4bbea5f26a0e88f55c64159155cf9f9f1753334604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a1005b3480156102e657600080fd5b506102ef610487565b005b3480156102fd57600080fd5b506103066105c0565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34801561035457600080fd5b506103976004803603602081101561036b57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506105fd565b005b3480156103a557600080fd5b506103ae610690565b005b3480156103bc57600080fd5b506103c5610764565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34801561041357600080fd5b5061041c61078e565b604051808215151515815260200191505060405180910390f35b34801561044257600080fd5b506104856004803603602081101561045957600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506107e6565b005b61048f61078e565b151561049a57600080fd5b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f19350505050158015610519573d6000803e3d6000fd5b507f41caea7d684d5ba5fba1924d54c5169a147971fb5ffdde987624e8bbd450828b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff163073ffffffffffffffffffffffffffffffffffffffff1631604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390a1565b60006105ca61078e565b15156105d557600080fd5b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b61060561078e565b151561061057600080fd5b600073ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161415151561064c57600080fd5b80600360006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b61069861078e565b15156106a357600080fd5b600073ffffffffffffffffffffffffffffffffffffffff16600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a36000600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614905090565b6107ee61078e565b15156107f957600080fd5b61080281610805565b50565b600073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415151561084157600080fd5b8073ffffffffffffffffffffffffffffffffffffffff16600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a380600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b6000808314156109145760009050610939565b6000828402905082848281151561092757fe5b0414151561093457600080fd5b809150505b9291505056fea165627a7a723058208e2e1213fa3e5ffba142112e98e66003a7eb8e1589ff81dd860a4cb9e727b1d90029
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Decoding bytecode and analyzing functions**
[codex:363824] exec
[codex:363824] /bin/bash -lc "python - <<'PY'
[codex:363824] import re
[codex:363824] from pathlib import Path
[codex:363824] hexdata=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:363824] # extract runtime_bytecode.hex
[codex:363824] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata)
[codex:363824] hexstr=m.group(1)[2:]
[codex:363824] 
[codex:363824] # opcode map
[codex:363824] opcodes={
[codex:363824]     0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:363824]     0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:363824]     0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:363824]     0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:363824]     0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:363824]     0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:363824]     0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:363824]     0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:363824]     0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:363824]     0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:363824] }
[codex:363824] 
[codex:363824] b=bytes.fromhex(hexstr)
[codex:363824] 
[codex:363824] i=0
[codex:363824] while i < len(b):
[codex:363824]     op=b[i]
[codex:363824]     name=opcodes.get(op, f'UNKNOWN_{op:02x}')
[codex:363824]     if 0x60 <= op <= 0x7f:
[codex:363824]         n=op-0x5f
[codex:363824]         data=b[i+1:i+1+n]
[codex:363824]         print(f\"{i:04x}: {name} 0x{data.hex()}\")
[codex:363824]         i+=1+n
[codex:363824]     else:
[codex:363824]         print(f\"{i:04x}: {name}\")
[codex:363824]         i+=1
[codex:363824] PY" in /tmp/codex-multi-6rw3ig1e succeeded in 36ms:
[codex:363824] 0000: PUSH1 0x80
[codex:363824] 0002: PUSH1 0x40
[codex:363824] 0004: MSTORE
[codex:363824] 0005: PUSH1 0x04
[codex:363824] 0007: CALLDATASIZE
[codex:363824] 0008: LT
[codex:363824] 0009: PUSH2 0x008d
[codex:363824] 000c: JUMPI
[codex:363824] 000d: PUSH1 0x00
[codex:363824] 000f: CALLDATALOAD
[codex:363824] 0010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:363824] 002e: SWAP1
[codex:363824] 002f: DIV
[codex:363824] 0030: DUP1
[codex:363824] 0031: PUSH4 0x715018a6
[codex:363824] 0036: GT
[codex:363824] 0037: PUSH2 0x006b
[codex:363824] 003a: JUMPI
[codex:363824] 003b: DUP1
[codex:363824] 003c: PUSH4 0x715018a6
[codex:363824] 
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Analyzing fallback function logic in disassembly**
[codex:363824] thinking
[codex:363824] **Interpreting storage access and owner-related functions**
[codex:363824] 
[codex:363824] I'm examining typical Solidity storage reading patterns with shifts and masks, trying to decode how owner and recipient addresses are loaded and verified. I’m verifying owner checks in key functions like renounceOwnership, transferOwnership, setRecipient, and withdraw, confirming they require ownership correctly. I’m also considering the fallback’s role in logging deposits and ensuring no bypass of access controls, while preparing to simulate stack state to understand the low-level call in the withdraw function.
[codex:363824] exec
[codex:363824] /bin/bash -lc "python - <<'PY'
[codex:363824] from pathlib import Path
[codex:363824] import re
[codex:363824] 
[codex:363824] hexdata=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:363824] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:]
[codex:363824] code=bytes.fromhex(hexstr)
[codex:363824] 
[codex:363824] start=0x0487
[codex:363824] end=0x0504  # include CALL at 0x0503
[codex:363824] 
[codex:363824] # opcode info
[codex:363824] opcodes={
[codex:363824]     0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:363824]     0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:363824]     0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:363824]     0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:363824]     0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:363824]     0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:363824]     0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:363824]     0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:363824]     0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:363824]     0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:363824] }
[codex:363824] 
[codex:363824] # simple stack interpreter with symbolic values
[codex:363824] 
[codex:363824] class Sym:
[codex:363824]     def __init__(self, name): self.name=name
[codex:363824]     def __repr__(self): return self.name
[codex:363824] 
[codex:363824] stack=[]
[codex:363824] 
[codex:363824] # helper to pop
[codex:363824] 
[codex:363824] def pop(n=1):
[codex:363824]     if n==1:
[codex:363824]         return stack.pop()
[codex:363824]     res=stack[-n:]
[codex:363824]     del stack[-n:]
[codex:363824]     return res
[codex:363824] 
[codex:363824] pc=start
[codex:363824] step=0
[codex:363824] while pc < end:
[codex:363824]     op=code[pc]
[codex:363824]     name=opcodes.get(op, f'UNKNOWN_{op:02x}')
[codex:363824]     pc0=pc
[codex:363824]     pc+=1
[codex:363824]     arg=None
[codex:363824]     if 0x60 <= op <= 0x7f:
[codex:363824]         n=op-0x5f
[codex:363824]         data=code[pc:pc+n]
[codex:363824]         pc+=n
[codex:363824]         arg=int.from_bytes(data,'big')
[codex:363824]         stack.append(arg)
[codex:363824]     elif name.startswith('DUP'):
[codex:363824]         idx=int(name[3:])
[codex:363824]         stack.append(stack[-idx])
[codex:363824]     elif name.startswith('SWAP'):
[codex:363824]         idx=int(name[4:])
[codex:363824]         stack[-1], stack[-1-idx] = stack[-1-idx], stack[-1]
[codex:363824]     elif name=='POP':
[codex:363824]         pop()
[codex:363824]     elif name=='SLOAD':
[codex:363824]         key=pop()
[codex:363824]         stack.append(Sym(f'sload({key})'))
[codex:363824]     elif name=='ADDRESS':
[codex:363824]         stack.append(Sym('address(this)'))
[codex:363824]     elif name=='BALANCE':
[codex:363824]         addr=pop()
[codex:363824]         stack.append(Sym(f'balance({addr})'))
[codex:363824]     elif name=='CALLER':
[codex:363824]         stack.append(Sym('caller'))
[codex:363824]     elif name=='CALLVALUE':
[codex:363824]         stack.append(Sym('callvalue'))
[codex:363824]     elif name=='MLOAD':
[codex:363824]         addr=pop()
[codex:363824]         stack.append(Sym(f'mload({addr})'))
[codex:363824]     elif name=='MSTORE':
[codex:363824]         val, addr = pop(2)
[codex:363824]     elif name in ('EQ','AND','OR','XOR','ADD','SUB','MUL','DIV','EXP'):
[codex:363824]         b,a=pop(2)
[codex:363824]         stack.append(Sym(f'({a} {name} {b})'))
[codex:363824]     elif name=='ISZERO':
[codex:363824]         a=pop()
[codex:363824]         stack.append(Sym(f'"'!{a}'"'))
[codex:363824]     elif name=='CALL':
[codex:363824]         # do nothing
[codex:363824]         break
[codex:363824]     elif name=='JUMPDEST':
[codex:363824]         pass
[codex:363824]     elif name=='JUMP' or name=='JUMPI':
[codex:363824]         # ignore control flow
[codex:363824]         pass
[codex:363824]     else:
[codex:363824]         # ignore
[codex:363824]         pass
[codex:363824] 
[codex:363824]     step+=1
[codex:363824]     if step>2000:
[codex:363824]         break
[codex:363824] 
[codex:363824] print('Stack before CALL at 0x0503 (approx):')
[codex:363824] print(stack)
[codex:363824] PY" in /tmp/codex-multi-6rw3ig1e succeeded in 33ms:
[codex:363824] Stack before CALL at 0x0503 (approx):
[codex:363824] [1167, !!1934, 1178, 0, 0, (1461501637330902918203684832716283019655932542975 AND (1461501637330902918203684832716283019655932542975 AND (sload(3) DIV (256 EXP 0)))), (!balance((1461501637330902918203684832716283019655932542975 AND address(this))) MUL 2300), balance((1461501637330902918203684832716283019655932542975 AND address(this))), mload(64), 0, mload(64), (mload(64) SUB mload(64)), mload(64), balance((1461501637330902918203684832716283019655932542975 AND address(this))), (1461501637330902918203684832716283019655932542975 AND (1461501637330902918203684832716283019655932542975 AND (sload(3) DIV (256 EXP 0)))), (!balance((1461501637330902918203684832716283019655932542975 AND address(this))) MUL 2300)]
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Reevaluating EVM stack behavior and instruction effects**
[codex:363824] 
[codex:363824] I'm inspecting how the interpreter handles stack operations around the CALL instruction and noticing some misinterpretations of instructions like EXP and SWAP1. I want to carefully reconstruct the stack state, verify instruction effects, and consider the role of earlier stack entries and jumps to fully understand the function's behavior. Let's try tracing actual bytecode and stack changes precisely.
[codex:363824] exec
[codex:363824] /bin/bash -lc "python - <<'PY'
[codex:363824] from pathlib import Path
[codex:363824] import re
[codex:363824] hexdata=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:363824] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:]
[codex:363824] code=bytes.fromhex(hexstr)
[codex:363824] start=0x0490
[codex:363824] end=0x04b5
[codex:363824] print(code[start:end].hex())
[codex:363824] PY" in /tmp/codex-multi-6rw3ig1e succeeded in 32ms:
[codex:363824] 151561049a57600080fd5b600360009054906101000a900473ffffffffffffffffffffffff
[codex:363824] 
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Analyzing complex EVM bytecode stack behavior**
[codex:363824] thinking
[codex:363824] **Clarifying operand order for EVM instructions**
[codex:363824] 
[codex:363824] I’m sorting out the exact operand order for EVM operations like EXP and DIV, confirming that the top of the stack is the first operand and the next is the second—meaning EXP computes base^exponent with base at the top. This clears up previous confusion and lets me accurately interpret the bytecode stack transformations.
[codex:363824] exec
[codex:363824] /bin/bash -lc "python - <<'PY'
[codex:363824] from pathlib import Path
[codex:363824] import re
[codex:363824] 
[codex:363824] hexdata=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:363824] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:]
[codex:363824] code=bytes.fromhex(hexstr)
[codex:363824] 
[codex:363824] start=0x0487
[codex:363824] end=0x0503
[codex:363824] 
[codex:363824] opcodes={
[codex:363824]     0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:363824]     0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:363824]     0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:363824]     0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:363824]     0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:363824]     0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:363824]     0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:363824]     0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:363824]     0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:363824]     0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:363824] }
[codex:363824] 
[codex:363824] class Sym:
[codex:363824]     def __init__(self, name): self.name=name
[codex:363824]     def __repr__(self): return self.name
[codex:363824] 
[codex:363824] stack=[]
[codex:363824] 
[codex:363824] def pop(n=1):
[codex:363824]     if n==1:
[codex:363824]         return stack.pop()
[codex:363824]     res=stack[-n:]
[codex:363824]     del stack[-n:]
[codex:363824]     return res
[codex:363824] 
[codex:363824] pc=start
[codex:363824] while pc < end:
[codex:363824]     op=code[pc]; pc+=1
[codex:363824]     name=opcodes.get(op, f'UNKNOWN_{op:02x}')
[codex:363824]     if 0x60 <= op <= 0x7f:
[codex:363824]         n=op-0x5f
[codex:363824]         data=code[pc:pc+n]; pc+=n
[codex:363824]         stack.append(int.from_bytes(data,'big'))
[codex:363824]     elif name.startswith('DUP'):
[codex:363824]         idx=int(name[3:])
[codex:363824]         stack.append(stack[-idx])
[codex:363824]     elif name.startswith('SWAP'):
[codex:363824]         idx=int(name[4:])
[codex:363824]         stack[-1], stack[-1-idx] = stack[-1-idx], stack[-1]
[codex:363824]     elif name=='POP':
[codex:363824]         pop()
[codex:363824]     elif name=='SLOAD':
[codex:363824]         key=pop()
[codex:363824]         stack.append(Sym(f'sload({key})'))
[codex:363824]     elif name=='ADDRESS':
[codex:363824]         stack.append(Sym('address(this)'))
[codex:363824]     elif name=='BALANCE':
[codex:363824]         addr=pop()
[codex:363824]         stack.append(Sym(f'balance({addr})'))
[codex:363824]     elif name=='CALLER':
[codex:363824]         stack.append(Sym('caller'))
[codex:363824]     elif name=='CALLVALUE':
[codex:363824]         stack.append(Sym('callvalue'))
[codex:363824]     elif name=='MLOAD':
[codex:363824]         addr=pop()
[codex:363824]         stack.append(Sym(f'mload({addr})'))
[codex:363824]     elif name=='MSTORE':
[codex:363824]         val, addr = pop(2)
[codex:363824]     elif name in ('EQ','AND','OR','XOR','ADD','SUB','MUL','DIV','EXP'):
[codex:363824]         a,b=pop(2)  # a=top, b=next
[codex:363824]         stack.append(Sym(f'({a} {name} {b})'))
[codex:363824]     elif name=='ISZERO':
[codex:363824]         a=pop(); stack.append(Sym(f'"'!{a}'"'))
[codex:363824]     elif name=='JUMPDEST':
[codex:363824]         pass
[codex:363824]     elif name in ('JUMP','JUMPI'):
[codex:363824]         # ignore control flow
[codex:363824]         pass
[codex:363824]     else:
[codex:363824]         pass
[codex:363824] 
[codex:363824] # show last 12 stack items
[codex:363824] print('Stack before CALL (top last):')
[codex:363824] for i, item in enumerate(stack[-12:], start=len(stack)-12):
[codex:363824]     print(i, item)
[codex:363824] 
[codex:363824] # show 7 call args if any
[codex:363824] if len(stack) >= 7:
[codex:363824]     gas,to,value,in_offset,in_size,out_offset,out_size = stack[-7:]
[codex:363824]     print('\\nCALL args:')
[codex:363824]     print('gas', gas)
[codex:363824]     print('to', to)
[codex:363824]     print('value', value)
[codex:363824]     print('in_offset', in_offset)
[codex:363824]     print('in_size', in_size)
[codex:363824]     print('out_offset', out_offset)
[codex:363824]     print('out_size', out_size)
[codex:363824] PY" in /tmp/codex-multi-6rw3ig1e succeeded in 28ms:
[codex:363824] Stack before CALL (top last):
[codex:363824] 4 0
[codex:363824] 5 ((((0 EXP 256) DIV sload(3)) AND 1461501637330902918203684832716283019655932542975) AND 1461501637330902918203684832716283019655932542975)
[codex:363824] 6 (2300 MUL !balance((address(this) AND 1461501637330902918203684832716283019655932542975)))
[codex:363824] 7 balance((address(this) AND 1461501637330902918203684832716283019655932542975))
[codex:363824] 8 mload(64)
[codex:363824] 9 0
[codex:363824] 10 mload(64)
[codex:363824] 11 (mload(64) SUB mload(64))
[codex:363824] 12 mload(64)
[codex:363824] 13 balance((address(this) AND 1461501637330902918203684832716283019655932542975))
[codex:363824] 14 ((((0 EXP 256) DIV sload(3)) AND 1461501637330902918203684832716283019655932542975) AND 1461501637330902918203684832716283019655932542975)
[codex:363824] 15 (2300 MUL !balance((address(this) AND 1461501637330902918203684832716283019655932542975)))
[codex:363824] 
[codex:363824] CALL args:
[codex:363824] gas 0
[codex:363824] to mload(64)
[codex:363824] value (mload(64) SUB mload(64))
[codex:363824] in_offset mload(64)
[codex:363824] in_size balance((address(this) AND 1461501637330902918203684832716283019655932542975))
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Analyzing call and owner check logic**
[codex:363824] 
[codex:363824] I'm looking closely at the withdraw call where funds go to slot3 and checking the owner authorization using CALLER versus stored owner. I want to confirm the correct storage slot access and verify no bypass of the onlyOwner check by precisely interpreting the SLOAD and arithmetic sequence around 0x078e. This should help me ensure that only the owner can trigger the withdrawal without risk.
[codex:363824] exec
[codex:363824] /bin/bash -lc "python - <<'PY'
[codex:363824] from pathlib import Path
[codex:363824] import re
[codex:363824] 
[codex:363824] hexdata=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:363824] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:]
[codex:363824] code=bytes.fromhex(hexstr)
[codex:363824] 
[codex:363824] start=0x078e
[codex:363824] end=0x07e6
[codex:363824] 
[codex:363824] opcodes={
[codex:363824]     0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:363824]     0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:363824]     0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:363824]     0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:363824]     0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:363824]     0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:363824]     0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:363824]     0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:363824]     0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:363824]     0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:363824] }
[codex:363824] 
[codex:363824] class Sym:
[codex:363824]     def __init__(self, name): self.name=name
[codex:363824]     def __repr__(self): return self.name
[codex:363824] 
[codex:363824] stack=[Sym('ret')]  # internal functions expect return address on stack
[codex:363824] 
[codex:363824] pc=start
[codex:363824] while pc < end:
[codex:363824]     op=code[pc]; pc+=1
[codex:363824]     name=opcodes.get(op, f'UNKNOWN_{op:02x}')
[codex:363824]     if 0x60 <= op <= 0x7f:
[codex:363824]         n=op-0x5f
[codex:363824]         data=code[pc:pc+n]; pc+=n
[codex:363824]         stack.append(int.from_bytes(data,'big'))
[codex:363824]     elif name.startswith('DUP'):
[codex:363824]         idx=int(name[3:])
[codex:363824]         stack.append(stack[-idx])
[codex:363824]     elif name.startswith('SWAP'):
[codex:363824]         idx=int(name[4:])
[codex:363824]         stack[-1], stack[-1-idx] = stack[-1-idx], stack[-1]
[codex:363824]     elif name=='POP':
[codex:363824]         stack.pop()
[codex:363824]     elif name=='SLOAD':
[codex:363824]         key=stack.pop(); stack.append(Sym(f'sload({key})'))
[codex:363824]     elif name=='CALLER':
[codex:363824]         stack.append(Sym('caller'))
[codex:363824]     elif name in ('EQ','AND','OR','XOR','ADD','SUB','MUL','DIV','EXP'):
[codex:363824]         a=stack.pop(); b=stack.pop(); stack.append(Sym(f'({a} {name} {b})'))
[codex:363824]     elif name=='ISZERO':
[codex:363824]         a=stack.pop(); stack.append(Sym(f'"'!{a}'"'))
[codex:363824]     elif name=='JUMP':
[codex:363824]         # end
[codex:363824]         break
[codex:363824]     elif name=='JUMPDEST':
[codex:363824]         pass
[codex:363824]     else:
[codex:363824]         pass
[codex:363824] 
[codex:363824] print(stack)
[codex:363824] PY" in /tmp/codex-multi-6rw3ig1e succeeded in 27ms:
[codex:363824] [((1461501637330902918203684832716283019655932542975 AND caller) EQ (1461501637330902918203684832716283019655932542975 AND (1461501637330902918203684832716283019655932542975 AND (sload(1) DIV (256 EXP 0))))), ret]
[codex:363824] 
[codex:363824] thinking
[codex:363824] **Summarizing bytecode security analysis**
[codex:363824] codex
[codex:363824] {"no_findings":true,"summary":"Reviewed the runtime bytecode fully; it implements owner-gated withdrawal/recipient management and a payable fallback that only logs when msg.value matches stored constants. No unprotected value transfers, delegatecalls, selfdestructs, or upgrade paths were found, so there is no concrete exploitable profit path from bytecode alone.","findings":[]}
[codex:363824] tokens used
[codex:363824] 58,534
[codex:363824] {"no_findings":true,"summary":"Reviewed the runtime bytecode fully; it implements owner-gated withdrawal/recipient management and a payable fallback that only logs when msg.value matches stored constants. No unprotected value transfers, delegatecalls, selfdestructs, or upgrade paths were found, so there is no concrete exploitable profit path from bytecode alone.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-05T01:51:01.037037+00:00",
        "returncode": 0
    },
    "summary": "Reviewed the runtime bytecode fully; it implements owner-gated withdrawal/recipient management and a payable fallback that only logs when msg.value matches stored constants. No unprotected value transfers, delegatecalls, selfdestructs, or upgrade paths were found, so there is no concrete exploitable profit path from bytecode alone.",
    "raw_final": {
        "summary": "Reviewed the runtime bytecode fully; it implements owner-gated withdrawal/recipient management and a payable fallback that only logs when msg.value matches stored constants. No unprotected value transfers, delegatecalls, selfdestructs, or upgrade paths were found, so there is no concrete exploitable profit path from bytecode alone.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
2
Total opcodes
1099
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x008d
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: DUP1
00000031: PUSH4 0x715018a6
00000036: GT
00000037: PUSH2 0x006b
0000003a: JUMPI
0000003b: DUP1
0000003c: PUSH4 0x715018a6
00000041: EQ
00000042: PUSH2 0x0399
00000045: JUMPI
00000046: DUP1
00000047: PUSH4 0x8da5cb5b
0000004c: EQ
0000004d: PUSH2 0x03b0
00000050: JUMPI
00000051: DUP1
00000052: PUSH4 0x8f32d59b
00000057: EQ
00000058: PUSH2 0x0407
0000005b: JUMPI
0000005c: DUP1
0000005d: PUSH4 0xf2fde38b
00000062: EQ
00000063: PUSH2 0x0436
00000066: JUMPI
00000067: PUSH2 0x008d
0000006a: JUMP
0000006b: JUMPDEST
0000006c: DUP1
0000006d: PUSH4 0x3ccfd60b
00000072: EQ
00000073: PUSH2 0x02da
00000076: JUMPI
00000077: DUP1
00000078: PUSH4 0x54c03ab7
0000007d: EQ
0000007e: PUSH2 0x02f1
00000081: JUMPI
00000082: DUP1
00000083: PUSH4 0x6f48e79b
00000088: EQ
00000089: PUSH2 0x0348
0000008c: JUMPI
0000008d: JUMPDEST
0000008e: PUSH1 0x00
00000090: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000a5: AND
000000a6: CALLER
000000a7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000bc: AND
000000bd: EQ
000000be: ISZERO
000000bf: DUP1
000000c0: ISZERO
000000c1: PUSH2 0x00f6
000000c4: JUMPI
000000c5: POP
000000c6: ADDRESS
000000c7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000dc: AND
000000dd: CALLER
000000de: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000f3: AND
000000f4: EQ
000000f5: ISZERO
000000f6: JUMPDEST
000000f7: ISZERO
000000f8: ISZERO
000000f9: PUSH2 0x0101
000000fc: JUMPI
000000fd: PUSH1 0x00
000000ff: DUP1
00000100: REVERT
00000101: JUMPDEST
00000102: PUSH1 0x05
00000104: SLOAD
00000105: CALLVALUE
00000106: EQ
00000107: DUP1
00000108: PUSH2 0x0112
0000010b: JUMPI
0000010c: POP
0000010d: PUSH1 0x06
0000010f: SLOAD
00000110: CALLVALUE
00000111: EQ
00000112: JUMPDEST
00000113: DUP1
00000114: PUSH2 0x011e
00000117: JUMPI
00000118: POP
00000119: PUSH1 0x07
0000011b: SLOAD
0000011c: CALLVALUE
0000011d: EQ
0000011e: JUMPDEST
0000011f: DUP1
00000120: PUSH2 0x012a
00000123: JUMPI
00000124: POP
00000125: PUSH1 0x08
00000127: SLOAD
00000128: CALLVALUE
00000129: EQ
0000012a: JUMPDEST
0000012b: DUP1
0000012c: PUSH2 0x0136
0000012f: JUMPI
00000130: POP
00000131: PUSH1 0x09
00000133: SLOAD
00000134: CALLVALUE
00000135: EQ
00000136: JUMPDEST
00000137: DUP1
00000138: PUSH2 0x0142
0000013b: JUMPI
0000013c: POP
0000013d: PUSH1 0x0a
0000013f: SLOAD
00000140: CALLVALUE
00000141: EQ
00000142: JUMPDEST
00000143: DUP1
00000144: PUSH2 0x014e
00000147: JUMPI
00000148: POP
00000149: PUSH1 0x0b
0000014b: SLOAD
0000014c: CALLVALUE
0000014d: EQ
0000014e: JUMPDEST
0000014f: DUP1
00000150: PUSH2 0x015a
00000153: JUMPI
00000154: POP
00000155: PUSH1 0x0c
00000157: SLOAD
00000158: CALLVALUE
00000159: EQ
0000015a: JUMPDEST
0000015b: DUP1
0000015c: PUSH2 0x0166
0000015f: JUMPI
00000160: POP
00000161: PUSH1 0x0d
00000163: SLOAD
00000164: CALLVALUE
00000165: EQ
00000166: JUMPDEST
00000167: DUP1
00000168: PUSH2 0x0172
0000016b: JUMPI
0000016c: POP
0000016d: PUSH1 0x0e
0000016f: SLOAD
00000170: CALLVALUE
00000171: EQ
00000172: JUMPDEST
00000173: DUP1
00000174: PUSH2 0x017e
00000177: JUMPI
00000178: POP
00000179: PUSH1 0x0f
0000017b: SLOAD
0000017c: CALLVALUE
0000017d: EQ
0000017e: JUMPDEST
0000017f: DUP1
00000180: PUSH2 0x018a
00000183: JUMPI
00000184: POP
00000185: PUSH1 0x10
00000187: SLOAD
00000188: CALLVALUE
00000189: EQ
0000018a: JUMPDEST
0000018b: DUP1
0000018c: PUSH2 0x0196
0000018f: JUMPI
00000190: POP
00000191: PUSH1 0x11
00000193: SLOAD
00000194: CALLVALUE
00000195: EQ
00000196: JUMPDEST
00000197: DUP1
00000198: PUSH2 0x01a2
0000019b: JUMPI
0000019c: POP
0000019d: PUSH1 0x12
0000019f: SLOAD
000001a0: CALLVALUE
000001a1: EQ
000001a2: JUMPDEST
000001a3: DUP1
000001a4: PUSH2 0x01ae
000001a7: JUMPI
000001a8: POP
000001a9: PUSH1 0x13
000001ab: SLOAD
000001ac: CALLVALUE
000001ad: EQ
000001ae: JUMPDEST
000001af: DUP1
000001b0: PUSH2 0x01ba
000001b3: JUMPI
000001b4: POP
000001b5: PUSH1 0x14
000001b7: SLOAD
000001b8: CALLVALUE
000001b9: EQ
000001ba: JUMPDEST
000001bb: DUP1
000001bc: PUSH2 0x01c6
000001bf: JUMPI
000001c0: POP
000001c1: PUSH1 0x15
000001c3: SLOAD
000001c4: CALLVALUE
000001c5: EQ
000001c6: JUMPDEST
000001c7: DUP1
000001c8: PUSH2 0x01d2
000001cb: JUMPI
000001cc: POP
000001cd: PUSH1 0x16
000001cf: SLOAD
000001d0: CALLVALUE
000001d1: EQ
000001d2: JUMPDEST
000001d3: DUP1
000001d4: PUSH2 0x01de
000001d7: JUMPI
000001d8: POP
000001d9: PUSH1 0x17
000001db: SLOAD
000001dc: CALLVALUE
000001dd: EQ
000001de: JUMPDEST
000001df: DUP1
000001e0: PUSH2 0x01ea
000001e3: JUMPI
000001e4: POP
000001e5: PUSH1 0x18
000001e7: SLOAD
000001e8: CALLVALUE
000001e9: EQ
000001ea: JUMPDEST
000001eb: DUP1
000001ec: PUSH2 0x01f6
000001ef: JUMPI
000001f0: POP
000001f1: PUSH1 0x19
000001f3: SLOAD
000001f4: CALLVALUE
000001f5: EQ
000001f6: JUMPDEST
000001f7: DUP1
000001f8: PUSH2 0x0202
000001fb: JUMPI
000001fc: POP
000001fd: PUSH1 0x1a
000001ff: SLOAD
00000200: CALLVALUE
00000201: EQ
00000202: JUMPDEST
00000203: DUP1
00000204: PUSH2 0x020e
00000207: JUMPI
00000208: POP
00000209: PUSH1 0x1b
0000020b: SLOAD
0000020c: CALLVALUE
0000020d: EQ
0000020e: JUMPDEST
0000020f: DUP1
00000210: PUSH2 0x021a
00000213: JUMPI
00000214: POP
00000215: PUSH1 0x1c
00000217: SLOAD
00000218: CALLVALUE
00000219: EQ
0000021a: JUMPDEST
0000021b: DUP1
0000021c: PUSH2 0x0226
0000021f: JUMPI
00000220: POP
00000221: PUSH1 0x1d
00000223: SLOAD
00000224: CALLVALUE
00000225: EQ
00000226: JUMPDEST
00000227: DUP1
00000228: PUSH2 0x0232
0000022b: JUMPI
0000022c: POP
0000022d: PUSH1 0x1e
0000022f: SLOAD
00000230: CALLVALUE
00000231: EQ
00000232: JUMPDEST
00000233: DUP1
00000234: PUSH2 0x023e
00000237: JUMPI
00000238: POP
00000239: PUSH1 0x1f
0000023b: SLOAD
0000023c: CALLVALUE
0000023d: EQ
0000023e: JUMPDEST
0000023f: DUP1
00000240: PUSH2 0x024a
00000243: JUMPI
00000244: POP
00000245: PUSH1 0x20
00000247: SLOAD
00000248: CALLVALUE
00000249: EQ
0000024a: JUMPDEST
0000024b: DUP1
0000024c: PUSH2 0x0256
0000024f: JUMPI
00000250: POP
00000251: PUSH1 0x21
00000253: SLOAD
00000254: CALLVALUE
00000255: EQ
00000256: JUMPDEST
00000257: DUP1
00000258: PUSH2 0x0262
0000025b: JUMPI
0000025c: POP
0000025d: PUSH1 0x22
0000025f: SLOAD
00000260: CALLVALUE
00000261: EQ
00000262: JUMPDEST
00000263: ISZERO
00000264: ISZERO
00000265: PUSH2 0x026d
00000268: JUMPI
00000269: PUSH1 0x00
0000026b: DUP1
0000026c: REVERT
0000026d: JUMPDEST
0000026e: PUSH32 0xdd6c6913dd4f1ff7839115927f06a4bbea5f26a0e88f55c64159155cf9f9f175
0000028f: CALLER
00000290: CALLVALUE
00000291: PUSH1 0x40
00000293: MLOAD
00000294: DUP1
00000295: DUP4
00000296: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002ab: AND
000002ac: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002c1: AND
000002c2: DUP2
000002c3: MSTORE
000002c4: PUSH1 0x20
000002c6: ADD
000002c7: DUP3
000002c8: DUP2
000002c9: MSTORE
000002ca: PUSH1 0x20
000002cc: ADD
000002cd: SWAP3
000002ce: POP
000002cf: POP
000002d0: POP
000002d1: PUSH1 0x40
000002d3: MLOAD
000002d4: DUP1
000002d5: SWAP2
000002d6: SUB
000002d7: SWAP1
000002d8: LOG1
000002d9: STOP
000002da: JUMPDEST
000002db: CALLVALUE
000002dc: DUP1
000002dd: ISZERO
000002de: PUSH2 0x02e6
000002e1: JUMPI
000002e2: PUSH1 0x00
000002e4: DUP1
000002e5: REVERT
000002e6: JUMPDEST
000002e7: POP
000002e8: PUSH2 0x02ef
000002eb: PUSH2 0x0487
000002ee: JUMP
000002ef: JUMPDEST
000002f0: STOP
000002f1: JUMPDEST
000002f2: CALLVALUE
000002f3: DUP1
000002f4: ISZERO
000002f5: PUSH2 0x02fd
000002f8: JUMPI
000002f9: PUSH1 0x00
000002fb: DUP1
000002fc: REVERT
000002fd: JUMPDEST
000002fe: POP
000002ff: PUSH2 0x0306
00000302: PUSH2 0x05c0
00000305: JUMP
00000306: JUMPDEST
00000307: PUSH1 0x40
00000309: MLOAD
0000030a: DUP1
0000030b: DUP3
0000030c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000321: AND
00000322: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000337: AND
00000338: DUP2
00000339: MSTORE
0000033a: PUSH1 0x20
0000033c: ADD
0000033d: SWAP2
0000033e: POP
0000033f: POP
00000340: PUSH1 0x40
00000342: MLOAD
00000343: DUP1
00000344: SWAP2
00000345: SUB
00000346: SWAP1
00000347: RETURN
00000348: JUMPDEST
00000349: CALLVALUE
0000034a: DUP1
0000034b: ISZERO
0000034c: PUSH2 0x0354
0000034f: JUMPI
00000350: PUSH1 0x00
00000352: DUP1
00000353: REVERT
00000354: JUMPDEST
00000355: POP
00000356: PUSH2 0x0397
00000359: PUSH1 0x04
0000035b: DUP1
0000035c: CALLDATASIZE
0000035d: SUB
0000035e: PUSH1 0x20
00000360: DUP2
00000361: LT
00000362: ISZERO
00000363: PUSH2 0x036b
00000366: JUMPI
00000367: PUSH1 0x00
00000369: DUP1
0000036a: REVERT
0000036b: JUMPDEST
0000036c: DUP2
0000036d: ADD
0000036e: SWAP1
0000036f: DUP1
00000370: DUP1
00000371: CALLDATALOAD
00000372: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000387: AND
00000388: SWAP1
00000389: PUSH1 0x20
0000038b: ADD
0000038c: SWAP1
0000038d: SWAP3
0000038e: SWAP2
0000038f: SWAP1
00000390: POP
00000391: POP
00000392: POP
00000393: PUSH2 0x05fd
00000396: JUMP
00000397: JUMPDEST
00000398: STOP
00000399: JUMPDEST
0000039a: CALLVALUE
0000039b: DUP1
0000039c: ISZERO
0000039d: PUSH2 0x03a5
000003a0: JUMPI
000003a1: PUSH1 0x00
000003a3: DUP1
000003a4: REVERT
000003a5: JUMPDEST
000003a6: POP
000003a7: PUSH2 0x03ae
000003aa: PUSH2 0x0690
000003ad: JUMP
000003ae: JUMPDEST
000003af: STOP
000003b0: JUMPDEST
000003b1: CALLVALUE
000003b2: DUP1
000003b3: ISZERO
000003b4: PUSH2 0x03bc
000003b7: JUMPI
000003b8: PUSH1 0x00
000003ba: DUP1
000003bb: REVERT
000003bc: JUMPDEST
000003bd: POP
000003be: PUSH2 0x03c5
000003c1: PUSH2 0x0764
000003c4: JUMP
000003c5: JUMPDEST
000003c6: PUSH1 0x40
000003c8: MLOAD
000003c9: DUP1
000003ca: DUP3
000003cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003e0: AND
000003e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003f6: AND
000003f7: DUP2
000003f8: MSTORE
000003f9: PUSH1 0x20
000003fb: ADD
000003fc: SWAP2
000003fd: POP
000003fe: POP
000003ff: PUSH1 0x40
00000401: MLOAD
00000402: DUP1
00000403: SWAP2
00000404: SUB
00000405: SWAP1
00000406: RETURN
00000407: JUMPDEST
00000408: CALLVALUE
00000409: DUP1
0000040a: ISZERO
0000040b: PUSH2 0x0413
0000040e: JUMPI
0000040f: PUSH1 0x00
00000411: DUP1
00000412: REVERT
00000413: JUMPDEST
00000414: POP
00000415: PUSH2 0x041c
00000418: PUSH2 0x078e
0000041b: JUMP
0000041c: JUMPDEST
0000041d: PUSH1 0x40
0000041f: MLOAD
00000420: DUP1
00000421: DUP3
00000422: ISZERO
00000423: ISZERO
00000424: ISZERO
00000425: ISZERO
00000426: DUP2
00000427: MSTORE
00000428: PUSH1 0x20
0000042a: ADD
0000042b: SWAP2
0000042c: POP
0000042d: POP
0000042e: PUSH1 0x40
00000430: MLOAD
00000431: DUP1
00000432: SWAP2
00000433: SUB
00000434: SWAP1
00000435: RETURN
00000436: JUMPDEST
00000437: CALLVALUE
00000438: DUP1
00000439: ISZERO
0000043a: PUSH2 0x0442
0000043d: JUMPI
0000043e: PUSH1 0x00
00000440: DUP1
00000441: REVERT
00000442: JUMPDEST
00000443: POP
00000444: PUSH2 0x0485
00000447: PUSH1 0x04
00000449: DUP1
0000044a: CALLDATASIZE
0000044b: SUB
0000044c: PUSH1 0x20
0000044e: DUP2
0000044f: LT
00000450: ISZERO
00000451: PUSH2 0x0459
00000454: JUMPI
00000455: PUSH1 0x00
00000457: DUP1
00000458: REVERT
00000459: JUMPDEST
0000045a: DUP2
0000045b: ADD
0000045c: SWAP1
0000045d: DUP1
0000045e: DUP1
0000045f: CALLDATALOAD
00000460: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000475: AND
00000476: SWAP1
00000477: PUSH1 0x20
00000479: ADD
0000047a: SWAP1
0000047b: SWAP3
0000047c: SWAP2
0000047d: SWAP1
0000047e: POP
0000047f: POP
00000480: POP
00000481: PUSH2 0x07e6
00000484: JUMP
00000485: JUMPDEST
00000486: STOP
00000487: JUMPDEST
00000488: PUSH2 0x048f
0000048b: PUSH2 0x078e
0000048e: JUMP
0000048f: JUMPDEST
00000490: ISZERO
00000491: ISZERO
00000492: PUSH2 0x049a
00000495: JUMPI
00000496: PUSH1 0x00
00000498: DUP1
00000499: REVERT
0000049a: JUMPDEST
0000049b: PUSH1 0x03
0000049d: PUSH1 0x00
0000049f: SWAP1
000004a0: SLOAD
000004a1: SWAP1
000004a2: PUSH2 0x0100
000004a5: EXP
000004a6: SWAP1
000004a7: DIV
000004a8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004bd: AND
000004be: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004d3: AND
000004d4: PUSH2 0x08fc
000004d7: ADDRESS
000004d8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004ed: AND
000004ee: BALANCE
000004ef: SWAP1
000004f0: DUP2
000004f1: ISZERO
000004f2: MUL
000004f3: SWAP1
000004f4: PUSH1 0x40
000004f6: MLOAD
000004f7: PUSH1 0x00
000004f9: PUSH1 0x40
000004fb: MLOAD
000004fc: DUP1
000004fd: DUP4
000004fe: SUB
000004ff: DUP2
00000500: DUP6
00000501: DUP9
00000502: DUP9
00000503: CALL
00000504: SWAP4
00000505: POP
00000506: POP
00000507: POP
00000508: POP
00000509: ISZERO
0000050a: DUP1
0000050b: ISZERO
0000050c: PUSH2 0x0519
0000050f: JUMPI
00000510: RETURNDATASIZE
00000511: PUSH1 0x00
00000513: DUP1
00000514: RETURNDATACOPY
00000515: RETURNDATASIZE
00000516: PUSH1 0x00
00000518: REVERT
00000519: JUMPDEST
0000051a: POP
0000051b: PUSH32 0x41caea7d684d5ba5fba1924d54c5169a147971fb5ffdde987624e8bbd450828b
0000053c: PUSH1 0x03
0000053e: PUSH1 0x00
00000540: SWAP1
00000541: SLOAD
00000542: SWAP1
00000543: PUSH2 0x0100
00000546: EXP
00000547: SWAP1
00000548: DIV
00000549: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000055e: AND
0000055f: ADDRESS
00000560: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000575: AND
00000576: BALANCE
00000577: PUSH1 0x40
00000579: MLOAD
0000057a: DUP1
0000057b: DUP4
0000057c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000591: AND
00000592: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005a7: AND
000005a8: DUP2
000005a9: MSTORE
000005aa: PUSH1 0x20
000005ac: ADD
000005ad: DUP3
000005ae: DUP2
000005af: MSTORE
000005b0: PUSH1 0x20
000005b2: ADD
000005b3: SWAP3
000005b4: POP
000005b5: POP
000005b6: POP
000005b7: PUSH1 0x40
000005b9: MLOAD
000005ba: DUP1
000005bb: SWAP2
000005bc: SUB
000005bd: SWAP1
000005be: LOG1
000005bf: JUMP
000005c0: JUMPDEST
000005c1: PUSH1 0x00
000005c3: PUSH2 0x05ca
000005c6: PUSH2 0x078e
000005c9: JUMP
000005ca: JUMPDEST
000005cb: ISZERO
000005cc: ISZERO
000005cd: PUSH2 0x05d5
000005d0: JUMPI
000005d1: PUSH1 0x00
000005d3: DUP1
000005d4: REVERT
000005d5: JUMPDEST
000005d6: PUSH1 0x03
000005d8: PUSH1 0x00
000005da: SWAP1
000005db: SLOAD
000005dc: SWAP1
000005dd: PUSH2 0x0100
000005e0: EXP
000005e1: SWAP1
000005e2: DIV
000005e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005f8: AND
000005f9: SWAP1
000005fa: POP
000005fb: SWAP1
000005fc: JUMP
000005fd: JUMPDEST
000005fe: PUSH2 0x0605
00000601: PUSH2 0x078e
00000604: JUMP
00000605: JUMPDEST
00000606: ISZERO
00000607: ISZERO
00000608: PUSH2 0x0610
0000060b: JUMPI
0000060c: PUSH1 0x00
0000060e: DUP1
0000060f: REVERT
00000610: JUMPDEST
00000611: PUSH1 0x00
00000613: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000628: AND
00000629: CALLER
0000062a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000063f: AND
00000640: EQ
00000641: ISZERO
00000642: ISZERO
00000643: ISZERO
00000644: PUSH2 0x064c
00000647: JUMPI
00000648: PUSH1 0x00
0000064a: DUP1
0000064b: REVERT
0000064c: JUMPDEST
0000064d: DUP1
0000064e: PUSH1 0x03
00000650: PUSH1 0x00
00000652: PUSH2 0x0100
00000655: EXP
00000656: DUP2
00000657: SLOAD
00000658: DUP2
00000659: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000066e: MUL
0000066f: NOT
00000670: AND
00000671: SWAP1
00000672: DUP4
00000673: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000688: AND
00000689: MUL
0000068a: OR
0000068b: SWAP1
0000068c: SSTORE
0000068d: POP
0000068e: POP
0000068f: JUMP
00000690: JUMPDEST
00000691: PUSH2 0x0698
00000694: PUSH2 0x078e
00000697: JUMP
00000698: JUMPDEST
00000699: ISZERO
0000069a: ISZERO
0000069b: PUSH2 0x06a3
0000069e: JUMPI
0000069f: PUSH1 0x00
000006a1: DUP1
000006a2: REVERT
000006a3: JUMPDEST
000006a4: PUSH1 0x00
000006a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006bb: AND
000006bc: PUSH1 0x01
000006be: PUSH1 0x00
000006c0: SWAP1
000006c1: SLOAD
000006c2: SWAP1
000006c3: PUSH2 0x0100
000006c6: EXP
000006c7: SWAP1
000006c8: DIV
000006c9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006de: AND
000006df: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006f4: AND
000006f5: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0
00000716: PUSH1 0x40
00000718: MLOAD
00000719: PUSH1 0x40
0000071b: MLOAD
0000071c: DUP1
0000071d: SWAP2
0000071e: SUB
0000071f: SWAP1
00000720: LOG3
00000721: PUSH1 0x00
00000723: PUSH1 0x01
00000725: PUSH1 0x00
00000727: PUSH2 0x0100
0000072a: EXP
0000072b: DUP2
0000072c: SLOAD
0000072d: DUP2
0000072e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000743: MUL
00000744: NOT
00000745: AND
00000746: SWAP1
00000747: DUP4
00000748: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000075d: AND
0000075e: MUL
0000075f: OR
00000760: SWAP1
00000761: SSTORE
00000762: POP
00000763: JUMP
00000764: JUMPDEST
00000765: PUSH1 0x00
00000767: PUSH1 0x01
00000769: PUSH1 0x00
0000076b: SWAP1
0000076c: SLOAD
0000076d: SWAP1
0000076e: PUSH2 0x0100
00000771: EXP
00000772: SWAP1
00000773: DIV
00000774: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000789: AND
0000078a: SWAP1
0000078b: POP
0000078c: SWAP1
0000078d: JUMP
0000078e: JUMPDEST
0000078f: PUSH1 0x00
00000791: PUSH1 0x01
00000793: PUSH1 0x00
00000795: SWAP1
00000796: SLOAD
00000797: SWAP1
00000798: PUSH2 0x0100
0000079b: EXP
0000079c: SWAP1
0000079d: DIV
0000079e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007b3: AND
000007b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007c9: AND
000007ca: CALLER
000007cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007e0: AND
000007e1: EQ
000007e2: SWAP1
000007e3: POP
000007e4: SWAP1
000007e5: JUMP
000007e6: JUMPDEST
000007e7: PUSH2 0x07ee
000007ea: PUSH2 0x078e
000007ed: JUMP
000007ee: JUMPDEST
000007ef: ISZERO
000007f0: ISZERO
000007f1: PUSH2 0x07f9
000007f4: JUMPI
000007f5: PUSH1 0x00
000007f7: DUP1
000007f8: REVERT
000007f9: JUMPDEST
000007fa: PUSH2 0x0802
000007fd: DUP2
000007fe: PUSH2 0x0805
00000801: JUMP
00000802: JUMPDEST
00000803: POP
00000804: JUMP
00000805: JUMPDEST
00000806: PUSH1 0x00
00000808: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000081d: AND
0000081e: DUP2
0000081f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000834: AND
00000835: EQ
00000836: ISZERO
00000837: ISZERO
00000838: ISZERO
00000839: PUSH2 0x0841
0000083c: JUMPI
0000083d: PUSH1 0x00
0000083f: DUP1
00000840: REVERT
00000841: JUMPDEST
00000842: DUP1
00000843: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000858: AND
00000859: PUSH1 0x01
0000085b: PUSH1 0x00
0000085d: SWAP1
0000085e: SLOAD
0000085f: SWAP1
00000860: PUSH2 0x0100
00000863: EXP
00000864: SWAP1
00000865: DIV
00000866: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000087b: AND
0000087c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000891: AND
00000892: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0
000008b3: PUSH1 0x40
000008b5: MLOAD
000008b6: PUSH1 0x40
000008b8: MLOAD
000008b9: DUP1
000008ba: SWAP2
000008bb: SUB
000008bc: SWAP1
000008bd: LOG3
000008be: DUP1
000008bf: PUSH1 0x01
000008c1: PUSH1 0x00
000008c3: PUSH2 0x0100
000008c6: EXP
000008c7: DUP2
000008c8: SLOAD
000008c9: DUP2
000008ca: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000008df: MUL
000008e0: NOT
000008e1: AND
000008e2: SWAP1
000008e3: DUP4
000008e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000008f9: AND
000008fa: MUL
000008fb: OR
000008fc: SWAP1
000008fd: SSTORE
000008fe: POP
000008ff: POP
00000900: JUMP
00000901: JUMPDEST
00000902: PUSH1 0x00
00000904: DUP1
00000905: DUP4
00000906: EQ
00000907: ISZERO
00000908: PUSH2 0x0914
0000090b: JUMPI
0000090c: PUSH1 0x00
0000090e: SWAP1
0000090f: POP
00000910: PUSH2 0x0939
00000913: JUMP
00000914: JUMPDEST
00000915: PUSH1 0x00
00000917: DUP3
00000918: DUP5
00000919: MUL
0000091a: SWAP1
0000091b: POP
0000091c: DUP3
0000091d: DUP5
0000091e: DUP3
0000091f: DUP2
00000920: ISZERO
00000921: ISZERO
00000922: PUSH2 0x0927
00000925: JUMPI
00000926: INVALID
00000927: JUMPDEST
00000928: DIV
00000929: EQ
0000092a: ISZERO
0000092b: ISZERO
0000092c: PUSH2 0x0934
0000092f: JUMPI
00000930: PUSH1 0x00
00000932: DUP1
00000933: REVERT
00000934: JUMPDEST
00000935: DUP1
00000936: SWAP2
00000937: POP
00000938: POP
00000939: JUMPDEST
0000093a: SWAP3
0000093b: SWAP2
0000093c: POP
0000093d: POP
0000093e: JUMP
0000093f: INVALID
00000940: LOG1
00000941: PUSH6 0x627a7a723058
00000948: KECCAK256
00000949: DUP15
0000094a: UNKNOWN(0x2E)
0000094b: SLT
0000094c: SGT
0000094d: STATICCALL
0000094e: RETURNDATACOPY
0000094f: PUSH0
00000950: UNKNOWN(0xFB)
00000951: LOG1
00000952: TIMESTAMP
00000953: GT
00000954: UNKNOWN(0x2E)
00000955: SWAP9
00000956: UNKNOWN(0xE6)
00000957: PUSH1 0x03
00000959: UNKNOWN(0xA7)
0000095a: UNKNOWN(0xEB)
0000095b: DUP15
0000095c: ISZERO
0000095d: DUP10
0000095e: SELFDESTRUCT
0000095f: DUP2
00000960: UNKNOWN(0xDD)
00000961: DUP7
00000962: EXP
00000963: UNKNOWN(0x4C)
00000964: UNKNOWN(0xB9)
00000965: UNKNOWN(0xE7)
00000966: UNKNOWN(0x27)
00000967: UNKNOWN(0xB1)
00000968: UNKNOWN(0xD9)
00000969: STOP
0000096a: UNKNOWN(0x29)

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other cast SELFDESTRUCT present 85 no
view
evidence_json 
{
    "notes": "selfdestruct can remove contract code and send funds; review reachability",
    "selfdestruct_count": 1
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x3d95259c165d2ed2f0c1a3167f0cf46e1834a24b154b1d14d105e97234ea4c79
call_targets: 0xde5120b839e79470f18a86cdc8e78ce48d1b30f3
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x3d95259c165d2ed2f0c1a3167f0cf46e1834a24b154b1d14d105e97234ea4c79",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xde5120b839e79470f18a86cdc8e78ce48d1b30f3"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x715018a6",
            "selector": "0x715018a6",
            "calldata_variants": [
                "0x715018a6",
                "0x715018a60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f32d59b",
            "selector": "0x8f32d59b",
            "calldata_variants": [
                "0x8f32d59b",
                "0x8f32d59b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf2fde38b",
            "selector": "0xf2fde38b",
            "calldata_variants": [
                "0xf2fde38b",
                "0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x54c03ab7",
            "selector": "0x54c03ab7",
            "calldata_variants": [
                "0x54c03ab7",
                "0x54c03ab70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6f48e79b",
            "selector": "0x6f48e79b",
            "calldata_variants": [
                "0x6f48e79b",
                "0x6f48e79b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1283,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 166,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 221,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1577,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1994,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x3d95259c165d2ed2f0c1a3167f0cf46e1834a24b154b1d14d105e97234ea4c79
call_targets: 0xde5120b839e79470f18a86cdc8e78ce48d1b30f3
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x3d95259c165d2ed2f0c1a3167f0cf46e1834a24b154b1d14d105e97234ea4c79",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xde5120b839e79470f18a86cdc8e78ce48d1b30f3"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x715018a6",
            "selector": "0x715018a6",
            "calldata_variants": [
                "0x715018a6",
                "0x715018a60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f32d59b",
            "selector": "0x8f32d59b",
            "calldata_variants": [
                "0x8f32d59b",
                "0x8f32d59b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf2fde38b",
            "selector": "0xf2fde38b",
            "calldata_variants": [
                "0xf2fde38b",
                "0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x54c03ab7",
            "selector": "0x54c03ab7",
            "calldata_variants": [
                "0x54c03ab7",
                "0x54c03ab70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6f48e79b",
            "selector": "0x6f48e79b",
            "calldata_variants": [
                "0x6f48e79b",
                "0x6f48e79b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1283,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 166,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 221,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1577,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1994,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0xc4de7dddaf2f6c106218698d1f5c7a7c10384e5b91e7e99fb74df7d5afc30a01
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 14,
    "trace_id": "0xc4de7dddaf2f6c106218698d1f5c7a7c10384e5b91e7e99fb74df7d5afc30a01",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x715018a6",
            "selector": "0x715018a6",
            "calldata_variants": [
                "0x715018a6",
                "0x715018a60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f32d59b",
            "selector": "0x8f32d59b",
            "calldata_variants": [
                "0x8f32d59b",
                "0x8f32d59b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf2fde38b",
            "selector": "0xf2fde38b",
            "calldata_variants": [
                "0xf2fde38b",
                "0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x54c03ab7",
            "selector": "0x54c03ab7",
            "calldata_variants": [
                "0x54c03ab7",
                "0x54c03ab70000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6f48e79b",
            "selector": "0x6f48e79b",
            "calldata_variants": [
                "0x6f48e79b",
                "0x6f48e79b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 166,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 221,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1577,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1994,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "selfdestruct_count": 1
}