TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

4e22cd5b-4962-4023-b255-f35d5e861e60

complete
Chain ID
1
Address
0xe2b8eb988735f7709d08b7d07b41460073904830
Block Number
Created
Mon, Dec 29, 2025 5:05 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Present
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
30426 report.consolidate complete 1 / 1 3 months ago
93955 artifact.fetch complete 1 / 3 1 week ago
93956 tool.cast_disasm complete 1 / 3 1 week ago
93957 analysis.bundle complete 1 / 3 1 week ago
93958 capability.graph complete 1 / 3 1 week ago
93959 detector.run complete 1 / 3 1 week ago
93960 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
1
No findings?
no
Summary
Found 1 issue: an owner-gated path allows arbitrary delegatecall to calldata-supplied targets, enabling full contract context execution by the privileged address.
View stderr 
[codex:699305] OpenAI Codex v0.77.0 (research preview)
[codex:699305] --------
[codex:699305] workdir: /tmp/codex-multi-ucv4w0kq
[codex:699305] model: gpt-5.2-codex
[codex:699305] provider: openai
[codex:699305] approval: never
[codex:699305] sandbox: read-only
[codex:699305] reasoning effort: xhigh
[codex:699305] reasoning summaries: auto
[codex:699305] session id: 019b687b-f6d1-73e1-8303-dc4b4ec4a60a
[codex:699305] --------
[codex:699305] user
[codex:699305] You are a security auditor. You are given EVM runtime bytecode (and possibly a disassembly) for a contract with NO verified source.
[codex:699305] This is best-effort. Do not hallucinate: only flag issues when there's a concrete, explainable angle from bytecode/disasm patterns.
[codex:699305] 
[codex:699305] You MUST read the full `BYTECODE_BUNDLE.txt` before concluding.
[codex:699305] 
[codex:699305] Output MUST be valid JSON matching the provided schema.
[codex:699305] - If you cannot identify a concrete issue from bytecode/disasm alone: set no_findings=true and findings=[].
[codex:699305] - Otherwise: include findings with severity/category/title/evidence and point locations to BYTECODE_BUNDLE.txt line ranges when possible.
[codex:699305] 
[codex:699305] Output constraints (IMPORTANT):
[codex:699305] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:699305] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:699305] mcp startup: no servers
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Reading BYTECODE_BUNDLE.txt**
[codex:699305] exec
[codex:699305] /bin/bash -lc ls in /tmp/codex-multi-ucv4w0kq succeeded in 6ms:
[codex:699305] BYTECODE_BUNDLE.txt
[codex:699305] codex-output-schema.json
[codex:699305] exec
[codex:699305] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-ucv4w0kq succeeded in 5ms:
[codex:699305] Runtime bytecode bundle for best-effort auditing.
[codex:699305] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:699305] 
[codex:699305] FILE: runtime_bytecode.hex
[codex:699305] 0x361561009e576000803560f81c806010146101e4578060fa146101bb57801561018e578060011461014d57806002146100a05760031461003b57005b80808061009e93737dacfce9eacdca48cad5ba0b61560586c375890b610062813314610fb3565b632e1a7d4d825260013560205261009582806024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b47905af1610fb3565b005b506100c0737dacfce9eacdca48cad5ba0b61560586c375890b3314610fb3565b8060025b36811061012457506001358060f81c6100d957005b67ff00000000000000906370a082318352306020526101146020846024601c73c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25afa610fb3565b60c01c1681511061012157005b80fd5b81808235928180602083013592836040918183820185370101955af16100c457503d81803e3d90fd5b5061016d737dacfce9eacdca48cad5ba0b61560586c375890b3314610fb3565b80806044358060648337816004355af43d82803e1561018a573d90f35b3d90fd5b50506101b3303314737dacfce9eacdca48cad5ba0b61560586c375890b331417610fb3565b61009e61026f565b50506101dc32737dacfce9eacdca48cad5ba0b61560586c375890b14610fb3565b61009e610236565b505061020532737dacfce9eacdca48cad5ba0b61560586c375890b14610fb3565b61009e61023460a47fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff33610399565b565b6024356004358060008312610266575b5060000360843560a81c136102615760a46102349133610399565b600080fd5b91905038610246565b61028360013560e01c801590431017610fb3565b60113560901c80610367575b506102bc60477fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b6005358060f81c61031a575b5060063560a81c806102d75750565b61023490600080808093632e1a7d4d82528060205261031282806024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b415af1610fb3565b67ff000000000000006000916370a082318352306020526103586020846024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b60c01c16815110156102c85780fd5b6000906370a08231825260333560601c60205261038f6020836024601c826013355af1610fb3565b81511461028f5780fd5b90918035918260a81c93600b83013560f81c9485600014610fa15785600114610f8e5785600214610f095785600314610e7a5785600414610d825785600514610d0e5785600614610c8c5785600714610b415785600814610a1957856009146109135785600a146107d05785600b146107065785600c146106325785600d146105b65785600e1461050a5785600f1461048b575050508260101461044557505060111461023457600080fd5b610234925073ffffffffffffffffffffffffffffffffffffffff60207fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff92019216610399565b919450929160206104be91017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b3084036104cc575b50505050565b601c6000809493836104f99786849760449711610502575b5063a9059cbb84526020526040525af1610fb3565b388080806104c6565b9150386104e4565b945050909161053d603584017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610586601c60206084950135926000958692838093635b41b90882528760fc1c602052600f8860f81c166040526affffffffffffffffffffff88166060528a6080525af1610fb3565b3082036105935750505050565b601c836044926104f996829563a9059cbb845260205260405260581c5af1610fb3565b94505090916105e9603584017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610586601c60206084950135926000958692838093633df0212482528760fc1c602052600f8860f81c166040526affffffffffffffffffffff88166060528a6080525af1610fb3565b91939450507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff610666605484018230610399565b6102349460208473ffffffffffffffffffffffffffffffffffffffff9360406affffffffffffffffffffff970135956000986352bbbe298a5260e0855230604052896060526080528860a05260c05260e052013561010052846101205216610140528060601c6101605260081c166101805260c06101a052806101c052806101c4601c8273ba12222222228d8ba445958a75a0704d566bf2c85af1610fb3565b945050907fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9061073a604882018330610399565b6affffffffffffffffffffff93602060a4601c8473ffffffffffffffffffffffffffffffffffffffff60346107a3970135958660601c9860009b8c9889988996638201aa3f8852013560601c60205260081c16604052896060528c60805260a052165af1610fb3565b3082036107b05750505050565b601c836044926104f996829563a9059cbb84526020526040525af1610fb3565b93919450507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90610805603484018330610399565b60008060c4601c61089994602073ffffffffffffffffffffffffffffffffffffffff859216980135966affffffffffffffffffffff8860601c9860081c1673eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee998a81146108db575b63d3a4acd38752602052886040526060528960805260a0528960c05273eef417e1d5cc832e619ae18d2f140de2999dd4fb5af1610fb3565b146108a2575050565b60006004601c82936108b8610234963014610fb3565b63d0e30db0845273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b9280632e1a7d4d61090c925282602052806024878273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8092610861565b94505090610945603482017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b602073eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee9101359273ffffffffffffffffffffffffffffffffffffffff8460601c91731f573d6fb3f13d689ff844b4ce37794d79a7ff1c61010052166101205280610140526affffffffffffffffffffff60009463b77d239b865260c060205260081c1660405284606052826080528360a0528360c052600360e0526109fb8480610144601c82732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b14610a0557505050565b6004601c610234946108b885943014610fb3565b929193945050610a4d603482017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b601c61023494600094859461014494602073ffffffffffffffffffffffffffffffffffffffff8895169101356affffffffffffffffffffff8160081c169173eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee8114610b09575b6101005260601c61012052731f573d6fb3f13d689ff844b4ce37794d79a7ff1c6101405263b77d239b875260c06020526040526060526080528360a0528360c052600360e052732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b9480632e1a7d4d610b3a925283602052806024898273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8194610aa7565b939291945050610b75605c82017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610899600080610184601c73ffffffffffffffffffffffffffffffffffffffff839716966048870135966affffffffffffffffffffff8860601c9860081c169073eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee998a8114610c4e575b9060349161010052602081013560601c61012052731f573d6fb3f13d689ff844b4ce37794d79a7ff1c61014052013560601c61016052876101805263b77d239b855260c060205260405288606052896080528360a0528360c052600560e052732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b9290610c8282632e1a7d4d6034945284602052806024888273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8293909150610bd3565b9293916102349550601c915060c56000958695869363128acb08855260205283604052830360605273fffd8963efd1fc6a506488495d951d5263988d2560805260a08052601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82360301179060018201908160c05260e03701925af1610fb3565b6102349550601c915060c56000959394869592869363128acb088552602052600160405283036060526401000276a460805260a08052601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82360301179060018201908160c05260e03701925af1610fb3565b94505090913082148015610e31575b610234946000948594859263022c0d9f845260205282604052606052608080528160a05260a492610dc9575b50601c91925af1610fb3565b601c925080601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdf60a59336037fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0810160a052011790602060018301910160c0370191610dbd565b610e75602085017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff73ffffffffffffffffffffffffffffffffffffffff8516610399565b610d91565b94505090913082148015610ec0575b610234946000948594859263022c0d9f845283602052604052606052608080528160a05260a492610dc95750601c91925af1610fb3565b610f04602085017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff73ffffffffffffffffffffffffffffffffffffffff8516610399565b610e89565b945091610f3c919350600c017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b308203610f4857505050565b808311610f86575b5063a9059cbb6000526020526040526102346000806044601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b915038610f50565b9194509291503084036104cc5750505050565b945091509150308203610f4857505050565b156102615756
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Investigating runtime bytecode for risks**
[codex:699305] 
[codex:699305] I'm analyzing the raw bytecode carefully to spot any possible risks like dangerous delegatecall usage or missing access control. The bytecode shows external calls, hardcoded addresses for owner checks, and a delegatecall opcode that might allow user-controlled code execution, so I’m planning to write a Python disassembler script to trace the context of the delegatecall and understand its safety implications better.
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] # extract hex after 0x in runtime_bytecode
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] if not m:
[codex:699305]     raise SystemExit('no hex')
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] # opcode names
[codex:699305] opnames={
[codex:699305] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:699305] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:699305] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:699305] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:699305] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:699305] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:699305] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:699305] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:699305] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:699305] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:699305] }
[codex:699305] 
[codex:699305] def disasm(code, start=0, end=None):
[codex:699305]     i=start
[codex:699305]     out=[]
[codex:699305]     end = len(code) if end is None else end
[codex:699305]     while i<end:
[codex:699305]         op=code[i]
[codex:699305]         name=opnames.get(op, f'OP{op:02x}')
[codex:699305]         if 0x60<=op<=0x7f:
[codex:699305]             n=op-0x5f
[codex:699305]             data=code[i+1:i+1+n]
[codex:699305]             out.append((i, name, data.hex()))
[codex:699305]             i += 1+n
[codex:699305]         else:
[codex:699305]             out.append((i, name, None))
[codex:699305]             i += 1
[codex:699305]     return out
[codex:699305] 
[codex:699305] # find delegatecall positions
[codex:699305] positions=[i for i,b in enumerate(code) if b==0xf4]
[codex:699305] print('delegatecall positions', positions)
[codex:699305] # show some context around each
[codex:699305] for pos in positions:
[codex:699305]     start=max(0,pos-20)
[codex:699305]     end=min(len(code), pos+20)
[codex:699305]     ctx=disasm(code, start, end)
[codex:699305]     print('--- around', pos)
[codex:699305]     for off,name,data in ctx:
[codex:699305]         if data is None:
[codex:699305]             print(f'{off:04x} {name}')
[codex:699305]         else:
[codex:699305]             print(f'{off:04x} {name} 0x{data}')
[codex:699305] 
[codex:699305] # check for SELFDESTRUCT
[codex:699305] if 0xff in code:
[codex:699305]     print('selfdestruct positions', [i for i,b in enumerate(code) if b==0xff][:20])
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq succeeded in 44ms:
[codex:699305] delegatecall positions [381, 2176]
[codex:699305] --- around 381
[codex:699305] 0169 PUSH2 0x0fb3
[codex:699305] 016c JUMP
[codex:699305] 016d JUMPDEST
[codex:699305] 016e DUP1
[codex:699305] 016f DUP1
[codex:699305] 0170 PUSH1 0x44
[codex:699305] 0172 CALLDATALOAD
[codex:699305] 0173 DUP1
[codex:699305] 0174 PUSH1 0x64
[codex:699305] 0176 DUP4
[codex:699305] 0177 CALLDATACOPY
[codex:699305] 0178 DUP2
[codex:699305] 0179 PUSH1 0x04
[codex:699305] 017b CALLDATALOAD
[codex:699305] 017c GAS
[codex:699305] 017d DELEGATECALL
[codex:699305] 017e RETURNDATASIZE
[codex:699305] 017f DUP3
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Analyzing delegatecall usage and access control**
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] import re
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] # quick disasm near 0x0140-0x01a0
[codex:699305] opnames={
[codex:699305] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:699305] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:699305] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:699305] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:699305] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:699305] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:699305] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:699305] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:699305] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:699305] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:699305] }
[codex:699305] 
[codex:699305] def disasm(code, start=0, end=None):
[codex:699305]     i=start
[codex:699305]     out=[]
[codex:699305]     end = len(code) if end is None else end
[codex:699305]     while i<end:
[codex:699305]         op=code[i]
[codex:699305]         name=opnames.get(op, f'OP{op:02x}')
[codex:699305]         if 0x60<=op<=0x7f:
[codex:699305]             n=op-0x5f
[codex:699305]             data=code[i+1:i+1+n]
[codex:699305]             out.append((i, name, data.hex()))
[codex:699305]             i += 1+n
[codex:699305]         else:
[codex:699305]             out.append((i, name, None))
[codex:699305]             i += 1
[codex:699305]     return out
[codex:699305] 
[codex:699305] for off,name,data in disasm(code, 0x0120, 0x0195):
[codex:699305]     if data is None:
[codex:699305]         print(f'{off:04x} {name}')
[codex:699305]     else:
[codex:699305]         print(f'{off:04x} {name} 0x{data}')
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq succeeded in 33ms:
[codex:699305] 0120 STOP
[codex:699305] 0121 JUMPDEST
[codex:699305] 0122 DUP1
[codex:699305] 0123 REVERT
[codex:699305] 0124 JUMPDEST
[codex:699305] 0125 DUP2
[codex:699305] 0126 DUP1
[codex:699305] 0127 DUP3
[codex:699305] 0128 CALLDATALOAD
[codex:699305] 0129 SWAP3
[codex:699305] 012a DUP2
[codex:699305] 012b DUP1
[codex:699305] 012c PUSH1 0x20
[codex:699305] 012e DUP4
[codex:699305] 012f ADD
[codex:699305] 0130 CALLDATALOAD
[codex:699305] 0131 SWAP3
[codex:699305] 0132 DUP4
[codex:699305] 0133 PUSH1 0x40
[codex:699305] 0135 SWAP2
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Analyzing conditional jump pattern**
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] # disasm around 0x0fb0
[codex:699305] opnames={
[codex:699305] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:699305] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:699305] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:699305] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:699305] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:699305] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:699305] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:699305] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:699305] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:699305] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:699305] }
[codex:699305] 
[codex:699305] def disasm(code, start=0, end=None):
[codex:699305]     i=start
[codex:699305]     out=[]
[codex:699305]     end = len(code) if end is None else end
[codex:699305]     while i<end:
[codex:699305]         op=code[i]
[codex:699305]         name=opnames.get(op, f'OP{op:02x}')
[codex:699305]         if 0x60<=op<=0x7f:
[codex:699305]             n=op-0x5f
[codex:699305]             data=code[i+1:i+1+n]
[codex:699305]             out.append((i, name, data.hex()))
[codex:699305]             i += 1+n
[codex:699305]         else:
[codex:699305]             out.append((i, name, None))
[codex:699305]             i += 1
[codex:699305]     return out
[codex:699305] 
[codex:699305] for off,name,data in disasm(code, 0x0fa0, 0x0fd5):
[codex:699305]     if data is None:
[codex:699305]         print(f'{off:04x} {name}')
[codex:699305]     else:
[codex:699305]         print(f'{off:04x} {name} 0x{data}')
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq exited 1 in 36ms:
[codex:699305] Traceback (most recent call last):
[codex:699305]   File "<stdin>", line 37, in <module>
[codex:699305]   File "<stdin>", line 25, in disasm
[codex:699305] IndexError: index out of range
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Checking disassembly length**
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] print(len(code))
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq succeeded in 28ms:
[codex:699305] 4026
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Adjusting disassembly range**
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] # disasm last part
[codex:699305] opnames={
[codex:699305] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:699305] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:699305] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:699305] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:699305] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:699305] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:699305] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:699305] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:699305] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:699305] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT',
[codex:699305] }
[codex:699305] 
[codex:699305] def disasm(code, start=0, end=None):
[codex:699305]     i=start
[codex:699305]     out=[]
[codex:699305]     end = len(code) if end is None else end
[codex:699305]     while i<end:
[codex:699305]         op=code[i]
[codex:699305]         name=opnames.get(op, f'OP{op:02x}')
[codex:699305]         if 0x60<=op<=0x7f:
[codex:699305]             n=op-0x5f
[codex:699305]             data=code[i+1:i+1+n]
[codex:699305]             out.append((i, name, data.hex()))
[codex:699305]             i += 1+n
[codex:699305]         else:
[codex:699305]             out.append((i, name, None))
[codex:699305]             i += 1
[codex:699305]     return out
[codex:699305] 
[codex:699305] for off,name,data in disasm(code, 0x0f80, len(code)):
[codex:699305]     if data is None:
[codex:699305]         print(f'{off:04x} {name}')
[codex:699305]     else:
[codex:699305]         print(f'{off:04x} {name} 0x{data}')
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq succeeded in 30ms:
[codex:699305] 0f80 GAS
[codex:699305] 0f81 CALL
[codex:699305] 0f82 PUSH2 0x0fb3
[codex:699305] 0f85 JUMP
[codex:699305] 0f86 JUMPDEST
[codex:699305] 0f87 SWAP2
[codex:699305] 0f88 POP
[codex:699305] 0f89 CODESIZE
[codex:699305] 0f8a PUSH2 0x0f50
[codex:699305] 0f8d JUMP
[codex:699305] 0f8e JUMPDEST
[codex:699305] 0f8f SWAP2
[codex:699305] 0f90 SWAP5
[codex:699305] 0f91 POP
[codex:699305] 0f92 SWAP3
[codex:699305] 0f93 SWAP2
[codex:699305] 0f94 POP
[codex:699305] 0f95 ADDRESS
[codex:699305] 0f96 DUP5
[codex:699305] 0f97 SUB
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Analyzing delegatecall access control and risks**
[codex:699305] exec
[codex:699305] /bin/bash -lc "python - <<'PY'
[codex:699305] import re
[codex:699305] from pathlib import Path
[codex:699305] hexstr=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:699305] m=re.search(r\"runtime_bytecode\\.hex\\n0x([0-9a-fA-F]+)\", hexstr)
[codex:699305] code=bytes.fromhex(m.group(1))
[codex:699305] # minimal disasm to find opcodes == 0xff
[codex:699305] ops=[]
[codex:699305] i=0
[codex:699305] while i<len(code):
[codex:699305]     op=code[i]
[codex:699305]     if op==0xff:
[codex:699305]         ops.append(i)
[codex:699305]     if 0x60<=op<=0x7f:
[codex:699305]         i += 1+(op-0x5f)
[codex:699305]     else:
[codex:699305]         i += 1
[codex:699305] print('selfdestruct opcodes at', ops)
[codex:699305] PY" in /tmp/codex-multi-ucv4w0kq succeeded in 27ms:
[codex:699305] selfdestruct opcodes at []
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Assessing CALL and delegatecall risks**
[codex:699305] exec
[codex:699305] /bin/bash -lc 'nl -ba BYTECODE_BUNDLE.txt' in /tmp/codex-multi-ucv4w0kq succeeded in 6ms:
[codex:699305]      1	Runtime bytecode bundle for best-effort auditing.
[codex:699305]      2	Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:699305]      3	
[codex:699305]      4	FILE: runtime_bytecode.hex
[codex:699305]      5	0x361561009e576000803560f81c806010146101e4578060fa146101bb57801561018e578060011461014d57806002146100a05760031461003b57005b80808061009e93737dacfce9eacdca48cad5ba0b61560586c375890b610062813314610fb3565b632e1a7d4d825260013560205261009582806024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b47905af1610fb3565b005b506100c0737dacfce9eacdca48cad5ba0b61560586c375890b3314610fb3565b8060025b36811061012457506001358060f81c6100d957005b67ff00000000000000906370a082318352306020526101146020846024601c73c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25afa610fb3565b60c01c1681511061012157005b80fd5b81808235928180602083013592836040918183820185370101955af16100c457503d81803e3d90fd5b5061016d737dacfce9eacdca48cad5ba0b61560586c375890b3314610fb3565b80806044358060648337816004355af43d82803e1561018a573d90f35b3d90fd5b50506101b3303314737dacfce9eacdca48cad5ba0b61560586c375890b331417610fb3565b61009e61026f565b50506101dc32737dacfce9eacdca48cad5ba0b61560586c375890b14610fb3565b61009e610236565b505061020532737dacfce9eacdca48cad5ba0b61560586c375890b14610fb3565b61009e61023460a47fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff33610399565b565b6024356004358060008312610266575b5060000360843560a81c136102615760a46102349133610399565b600080fd5b91905038610246565b61028360013560e01c801590431017610fb3565b60113560901c80610367575b506102bc60477fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b6005358060f81c61031a575b5060063560a81c806102d75750565b61023490600080808093632e1a7d4d82528060205261031282806024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b415af1610fb3565b67ff000000000000006000916370a082318352306020526103586020846024601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b60c01c16815110156102c85780fd5b6000906370a08231825260333560601c60205261038f6020836024601c826013355af1610fb3565b81511461028f5780fd5b90918035918260a81c93600b83013560f81c9485600014610fa15785600114610f8e5785600214610f095785600314610e7a5785600414610d825785600514610d0e5785600614610c8c5785600714610b415785600814610a1957856009146109135785600a146107d05785600b146107065785600c146106325785600d146105b65785600e1461050a5785600f1461048b575050508260101461044557505060111461023457600080fd5b610234925073ffffffffffffffffffffffffffffffffffffffff60207fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff92019216610399565b919450929160206104be91017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b3084036104cc575b50505050565b601c6000809493836104f99786849760449711610502575b5063a9059cbb84526020526040525af1610fb3565b388080806104c6565b9150386104e4565b945050909161053d603584017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610586601c60206084950135926000958692838093635b41b90882528760fc1c602052600f8860f81c166040526affffffffffffffffffffff88166060528a6080525af1610fb3565b3082036105935750505050565b601c836044926104f996829563a9059cbb845260205260405260581c5af1610fb3565b94505090916105e9603584017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610586601c60206084950135926000958692838093633df0212482528760fc1c602052600f8860f81c166040526affffffffffffffffffffff88166060528a6080525af1610fb3565b91939450507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff610666605484018230610399565b6102349460208473ffffffffffffffffffffffffffffffffffffffff9360406affffffffffffffffffffff970135956000986352bbbe298a5260e0855230604052896060526080528860a05260c05260e052013561010052846101205216610140528060601c6101605260081c166101805260c06101a052806101c052806101c4601c8273ba12222222228d8ba445958a75a0704d566bf2c85af1610fb3565b945050907fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9061073a604882018330610399565b6affffffffffffffffffffff93602060a4601c8473ffffffffffffffffffffffffffffffffffffffff60346107a3970135958660601c9860009b8c9889988996638201aa3f8852013560601c60205260081c16604052896060528c60805260a052165af1610fb3565b3082036107b05750505050565b601c836044926104f996829563a9059cbb84526020526040525af1610fb3565b93919450507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90610805603484018330610399565b60008060c4601c61089994602073ffffffffffffffffffffffffffffffffffffffff859216980135966affffffffffffffffffffff8860601c9860081c1673eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee998a81146108db575b63d3a4acd38752602052886040526060528960805260a0528960c05273eef417e1d5cc832e619ae18d2f140de2999dd4fb5af1610fb3565b146108a2575050565b60006004601c82936108b8610234963014610fb3565b63d0e30db0845273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b9280632e1a7d4d61090c925282602052806024878273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8092610861565b94505090610945603482017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b602073eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee9101359273ffffffffffffffffffffffffffffffffffffffff8460601c91731f573d6fb3f13d689ff844b4ce37794d79a7ff1c61010052166101205280610140526affffffffffffffffffffff60009463b77d239b865260c060205260081c1660405284606052826080528360a0528360c052600360e0526109fb8480610144601c82732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b14610a0557505050565b6004601c610234946108b885943014610fb3565b929193945050610a4d603482017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b601c61023494600094859461014494602073ffffffffffffffffffffffffffffffffffffffff8895169101356affffffffffffffffffffff8160081c169173eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee8114610b09575b6101005260601c61012052731f573d6fb3f13d689ff844b4ce37794d79a7ff1c6101405263b77d239b875260c06020526040526060526080528360a0528360c052600360e052732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b9480632e1a7d4d610b3a925283602052806024898273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8194610aa7565b939291945050610b75605c82017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b610899600080610184601c73ffffffffffffffffffffffffffffffffffffffff839716966048870135966affffffffffffffffffffff8860601c9860081c169073eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee998a8114610c4e575b9060349161010052602081013560601c61012052731f573d6fb3f13d689ff844b4ce37794d79a7ff1c61014052013560601c61016052876101805263b77d239b855260c060205260405288606052896080528360a0528360c052600560e052732f9ec37d6ccfff1cab21733bdadede11c823ccb05af1610fb3565b9290610c8282632e1a7d4d6034945284602052806024888273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b8293909150610bd3565b9293916102349550601c915060c56000958695869363128acb08855260205283604052830360605273fffd8963efd1fc6a506488495d951d5263988d2560805260a08052601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82360301179060018201908160c05260e03701925af1610fb3565b6102349550601c915060c56000959394869592869363128acb088552602052600160405283036060526401000276a460805260a08052601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82360301179060018201908160c05260e03701925af1610fb3565b94505090913082148015610e31575b610234946000948594859263022c0d9f845260205282604052606052608080528160a05260a492610dc9575b50601c91925af1610fb3565b601c925080601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdf60a59336037fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0810160a052011790602060018301910160c0370191610dbd565b610e75602085017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff73ffffffffffffffffffffffffffffffffffffffff8516610399565b610d91565b94505090913082148015610ec0575b610234946000948594859263022c0d9f845283602052604052606052608080528160a05260a492610dc95750601c91925af1610fb3565b610f04602085017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff73ffffffffffffffffffffffffffffffffffffffff8516610399565b610e89565b945091610f3c919350600c017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30610399565b308203610f4857505050565b808311610f86575b5063a9059cbb6000526020526040526102346000806044601c8273c02aaa39b223fe8d0a0e5c4f27ead9083c756cc25af1610fb3565b915038610f50565b9194509291503084036104cc5750505050565b945091509150308203610f4857505050565b156102615756
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Analyzing bytecode for security findings**
[codex:699305] exec
[codex:699305] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-ucv4w0kq succeeded in 6ms:
[codex:699305] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:699305] 
[codex:699305] thinking
[codex:699305] **Formulating exploit scenario and report details**
[codex:699305] codex
[codex:699305] {"no_findings":false,"summary":"Found 1 issue: an owner-gated path allows arbitrary delegatecall to calldata-supplied targets, enabling full contract context execution by the privileged address.","findings":[{"severity":"high","category":"access_control","title":"Privileged arbitrary delegatecall (owner backdoor)","exploit_scenario":"The hardcoded owner address can call a function that performs DELEGATECALL to an address read directly from calldata. If the owner key is compromised or misused, the caller can execute arbitrary code in the contract’s context, allowing storage corruption and draining any assets held by the contract.","recommendation":"Remove the arbitrary delegatecall or restrict it to vetted/immutable implementations. If upgradeability is required, use a transparent upgrade pattern with timelock/multisig governance and explicit implementation whitelisting.","evidence":"Disassembly of the runtime bytecode shows an owner check followed immediately by a DELEGATECALL to an address loaded from calldata: `PUSH20 0x7dacf... CALLER EQ` gated via the jump helper at 0x0fb3, then `CALLDATALOAD 0x04` (target) and `DELEGATECALL` around offsets 0x0179–0x017d.","locations":["BYTECODE_BUNDLE.txt:5"]}]}
[codex:699305] tokens used
[codex:699305] 34,059
[codex:699305] {"no_findings":false,"summary":"Found 1 issue: an owner-gated path allows arbitrary delegatecall to calldata-supplied targets, enabling full contract context execution by the privileged address.","findings":[{"severity":"high","category":"access_control","title":"Privileged arbitrary delegatecall (owner backdoor)","exploit_scenario":"The hardcoded owner address can call a function that performs DELEGATECALL to an address read directly from calldata. If the owner key is compromised or misused, the caller can execute arbitrary code in the contract’s context, allowing storage corruption and draining any assets held by the contract.","recommendation":"Remove the arbitrary delegatecall or restrict it to vetted/immutable implementations. If upgradeability is required, use a transparent upgrade pattern with timelock/multisig governance and explicit implementation whitelisting.","evidence":"Disassembly of the runtime bytecode shows an owner check followed immediately by a DELEGATECALL to an address loaded from calldata: `PUSH20 0x7dacf... CALLER EQ` gated via the jump helper at 0x0fb3, then `CALLDATALOAD 0x04` (target) and `DELEGATECALL` around offsets 0x0179–0x017d.","locations":["BYTECODE_BUNDLE.txt:5"]}]}
Metadata 
{
    "codex": {
        "ran_at": "2025-12-29T05:05:39.282589+00:00",
        "returncode": 0
    },
    "summary": "Found 1 issue: an owner-gated path allows arbitrary delegatecall to calldata-supplied targets, enabling full contract context execution by the privileged address.",
    "raw_final": {
        "summary": "Found 1 issue: an owner-gated path allows arbitrary delegatecall to calldata-supplied targets, enabling full contract context execution by the privileged address.",
        "findings": [
            {
                "title": "Privileged arbitrary delegatecall (owner backdoor)",
                "category": "access_control",
                "evidence": "Disassembly of the runtime bytecode shows an owner check followed immediately by a DELEGATECALL to an address loaded from calldata: `PUSH20 0x7dacf... CALLER EQ` gated via the jump helper at 0x0fb3, then `CALLDATALOAD 0x04` (target) and `DELEGATECALL` around offsets 0x0179\u20130x017d.",
                "severity": "high",
                "locations": [
                    "BYTECODE_BUNDLE.txt:5"
                ],
                "recommendation": "Remove the arbitrary delegatecall or restrict it to vetted/immutable implementations. If upgradeability is required, use a transparent upgrade pattern with timelock/multisig governance and explicit implementation whitelisting.",
                "exploit_scenario": "The hardcoded owner address can call a function that performs DELEGATECALL to an address read directly from calldata. If the owner key is compromised or misused, the caller can execute arbitrary code in the contract\u2019s context, allowing storage corruption and draining any assets held by the contract."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
28
EXT*/BALANCE
0
Total opcodes
1793
Flags
delegatecall_present call_family_heavy
View cast disassembly output 
00000000: CALLDATASIZE
00000001: ISZERO
00000002: PUSH2 0x009e
00000005: JUMPI
00000006: PUSH1 0x00
00000008: DUP1
00000009: CALLDATALOAD
0000000a: PUSH1 0xf8
0000000c: SHR
0000000d: DUP1
0000000e: PUSH1 0x10
00000010: EQ
00000011: PUSH2 0x01e4
00000014: JUMPI
00000015: DUP1
00000016: PUSH1 0xfa
00000018: EQ
00000019: PUSH2 0x01bb
0000001c: JUMPI
0000001d: DUP1
0000001e: ISZERO
0000001f: PUSH2 0x018e
00000022: JUMPI
00000023: DUP1
00000024: PUSH1 0x01
00000026: EQ
00000027: PUSH2 0x014d
0000002a: JUMPI
0000002b: DUP1
0000002c: PUSH1 0x02
0000002e: EQ
0000002f: PUSH2 0x00a0
00000032: JUMPI
00000033: PUSH1 0x03
00000035: EQ
00000036: PUSH2 0x003b
00000039: JUMPI
0000003a: STOP
0000003b: JUMPDEST
0000003c: DUP1
0000003d: DUP1
0000003e: DUP1
0000003f: PUSH2 0x009e
00000042: SWAP4
00000043: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
00000058: PUSH2 0x0062
0000005b: DUP2
0000005c: CALLER
0000005d: EQ
0000005e: PUSH2 0x0fb3
00000061: JUMP
00000062: JUMPDEST
00000063: PUSH4 0x2e1a7d4d
00000068: DUP3
00000069: MSTORE
0000006a: PUSH1 0x01
0000006c: CALLDATALOAD
0000006d: PUSH1 0x20
0000006f: MSTORE
00000070: PUSH2 0x0095
00000073: DUP3
00000074: DUP1
00000075: PUSH1 0x24
00000077: PUSH1 0x1c
00000079: DUP3
0000007a: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
0000008f: GAS
00000090: CALL
00000091: PUSH2 0x0fb3
00000094: JUMP
00000095: JUMPDEST
00000096: SELFBALANCE
00000097: SWAP1
00000098: GAS
00000099: CALL
0000009a: PUSH2 0x0fb3
0000009d: JUMP
0000009e: JUMPDEST
0000009f: STOP
000000a0: JUMPDEST
000000a1: POP
000000a2: PUSH2 0x00c0
000000a5: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
000000ba: CALLER
000000bb: EQ
000000bc: PUSH2 0x0fb3
000000bf: JUMP
000000c0: JUMPDEST
000000c1: DUP1
000000c2: PUSH1 0x02
000000c4: JUMPDEST
000000c5: CALLDATASIZE
000000c6: DUP2
000000c7: LT
000000c8: PUSH2 0x0124
000000cb: JUMPI
000000cc: POP
000000cd: PUSH1 0x01
000000cf: CALLDATALOAD
000000d0: DUP1
000000d1: PUSH1 0xf8
000000d3: SHR
000000d4: PUSH2 0x00d9
000000d7: JUMPI
000000d8: STOP
000000d9: JUMPDEST
000000da: PUSH8 0xff00000000000000
000000e3: SWAP1
000000e4: PUSH4 0x70a08231
000000e9: DUP4
000000ea: MSTORE
000000eb: ADDRESS
000000ec: PUSH1 0x20
000000ee: MSTORE
000000ef: PUSH2 0x0114
000000f2: PUSH1 0x20
000000f4: DUP5
000000f5: PUSH1 0x24
000000f7: PUSH1 0x1c
000000f9: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
0000010e: GAS
0000010f: STATICCALL
00000110: PUSH2 0x0fb3
00000113: JUMP
00000114: JUMPDEST
00000115: PUSH1 0xc0
00000117: SHR
00000118: AND
00000119: DUP2
0000011a: MLOAD
0000011b: LT
0000011c: PUSH2 0x0121
0000011f: JUMPI
00000120: STOP
00000121: JUMPDEST
00000122: DUP1
00000123: REVERT
00000124: JUMPDEST
00000125: DUP2
00000126: DUP1
00000127: DUP3
00000128: CALLDATALOAD
00000129: SWAP3
0000012a: DUP2
0000012b: DUP1
0000012c: PUSH1 0x20
0000012e: DUP4
0000012f: ADD
00000130: CALLDATALOAD
00000131: SWAP3
00000132: DUP4
00000133: PUSH1 0x40
00000135: SWAP2
00000136: DUP2
00000137: DUP4
00000138: DUP3
00000139: ADD
0000013a: DUP6
0000013b: CALLDATACOPY
0000013c: ADD
0000013d: ADD
0000013e: SWAP6
0000013f: GAS
00000140: CALL
00000141: PUSH2 0x00c4
00000144: JUMPI
00000145: POP
00000146: RETURNDATASIZE
00000147: DUP2
00000148: DUP1
00000149: RETURNDATACOPY
0000014a: RETURNDATASIZE
0000014b: SWAP1
0000014c: REVERT
0000014d: JUMPDEST
0000014e: POP
0000014f: PUSH2 0x016d
00000152: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
00000167: CALLER
00000168: EQ
00000169: PUSH2 0x0fb3
0000016c: JUMP
0000016d: JUMPDEST
0000016e: DUP1
0000016f: DUP1
00000170: PUSH1 0x44
00000172: CALLDATALOAD
00000173: DUP1
00000174: PUSH1 0x64
00000176: DUP4
00000177: CALLDATACOPY
00000178: DUP2
00000179: PUSH1 0x04
0000017b: CALLDATALOAD
0000017c: GAS
0000017d: DELEGATECALL
0000017e: RETURNDATASIZE
0000017f: DUP3
00000180: DUP1
00000181: RETURNDATACOPY
00000182: ISZERO
00000183: PUSH2 0x018a
00000186: JUMPI
00000187: RETURNDATASIZE
00000188: SWAP1
00000189: RETURN
0000018a: JUMPDEST
0000018b: RETURNDATASIZE
0000018c: SWAP1
0000018d: REVERT
0000018e: JUMPDEST
0000018f: POP
00000190: POP
00000191: PUSH2 0x01b3
00000194: ADDRESS
00000195: CALLER
00000196: EQ
00000197: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
000001ac: CALLER
000001ad: EQ
000001ae: OR
000001af: PUSH2 0x0fb3
000001b2: JUMP
000001b3: JUMPDEST
000001b4: PUSH2 0x009e
000001b7: PUSH2 0x026f
000001ba: JUMP
000001bb: JUMPDEST
000001bc: POP
000001bd: POP
000001be: PUSH2 0x01dc
000001c1: ORIGIN
000001c2: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
000001d7: EQ
000001d8: PUSH2 0x0fb3
000001db: JUMP
000001dc: JUMPDEST
000001dd: PUSH2 0x009e
000001e0: PUSH2 0x0236
000001e3: JUMP
000001e4: JUMPDEST
000001e5: POP
000001e6: POP
000001e7: PUSH2 0x0205
000001ea: ORIGIN
000001eb: PUSH20 0x7dacfce9eacdca48cad5ba0b61560586c375890b
00000200: EQ
00000201: PUSH2 0x0fb3
00000204: JUMP
00000205: JUMPDEST
00000206: PUSH2 0x009e
00000209: PUSH2 0x0234
0000020c: PUSH1 0xa4
0000020e: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000022f: CALLER
00000230: PUSH2 0x0399
00000233: JUMP
00000234: JUMPDEST
00000235: JUMP
00000236: JUMPDEST
00000237: PUSH1 0x24
00000239: CALLDATALOAD
0000023a: PUSH1 0x04
0000023c: CALLDATALOAD
0000023d: DUP1
0000023e: PUSH1 0x00
00000240: DUP4
00000241: SLT
00000242: PUSH2 0x0266
00000245: JUMPI
00000246: JUMPDEST
00000247: POP
00000248: PUSH1 0x00
0000024a: SUB
0000024b: PUSH1 0x84
0000024d: CALLDATALOAD
0000024e: PUSH1 0xa8
00000250: SHR
00000251: SGT
00000252: PUSH2 0x0261
00000255: JUMPI
00000256: PUSH1 0xa4
00000258: PUSH2 0x0234
0000025b: SWAP2
0000025c: CALLER
0000025d: PUSH2 0x0399
00000260: JUMP
00000261: JUMPDEST
00000262: PUSH1 0x00
00000264: DUP1
00000265: REVERT
00000266: JUMPDEST
00000267: SWAP2
00000268: SWAP1
00000269: POP
0000026a: CODESIZE
0000026b: PUSH2 0x0246
0000026e: JUMP
0000026f: JUMPDEST
00000270: PUSH2 0x0283
00000273: PUSH1 0x01
00000275: CALLDATALOAD
00000276: PUSH1 0xe0
00000278: SHR
00000279: DUP1
0000027a: ISZERO
0000027b: SWAP1
0000027c: NUMBER
0000027d: LT
0000027e: OR
0000027f: PUSH2 0x0fb3
00000282: JUMP
00000283: JUMPDEST
00000284: PUSH1 0x11
00000286: CALLDATALOAD
00000287: PUSH1 0x90
00000289: SHR
0000028a: DUP1
0000028b: PUSH2 0x0367
0000028e: JUMPI
0000028f: JUMPDEST
00000290: POP
00000291: PUSH2 0x02bc
00000294: PUSH1 0x47
00000296: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000002b7: ADDRESS
000002b8: PUSH2 0x0399
000002bb: JUMP
000002bc: JUMPDEST
000002bd: PUSH1 0x05
000002bf: CALLDATALOAD
000002c0: DUP1
000002c1: PUSH1 0xf8
000002c3: SHR
000002c4: PUSH2 0x031a
000002c7: JUMPI
000002c8: JUMPDEST
000002c9: POP
000002ca: PUSH1 0x06
000002cc: CALLDATALOAD
000002cd: PUSH1 0xa8
000002cf: SHR
000002d0: DUP1
000002d1: PUSH2 0x02d7
000002d4: JUMPI
000002d5: POP
000002d6: JUMP
000002d7: JUMPDEST
000002d8: PUSH2 0x0234
000002db: SWAP1
000002dc: PUSH1 0x00
000002de: DUP1
000002df: DUP1
000002e0: DUP1
000002e1: SWAP4
000002e2: PUSH4 0x2e1a7d4d
000002e7: DUP3
000002e8: MSTORE
000002e9: DUP1
000002ea: PUSH1 0x20
000002ec: MSTORE
000002ed: PUSH2 0x0312
000002f0: DUP3
000002f1: DUP1
000002f2: PUSH1 0x24
000002f4: PUSH1 0x1c
000002f6: DUP3
000002f7: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
0000030c: GAS
0000030d: CALL
0000030e: PUSH2 0x0fb3
00000311: JUMP
00000312: JUMPDEST
00000313: COINBASE
00000314: GAS
00000315: CALL
00000316: PUSH2 0x0fb3
00000319: JUMP
0000031a: JUMPDEST
0000031b: PUSH8 0xff00000000000000
00000324: PUSH1 0x00
00000326: SWAP2
00000327: PUSH4 0x70a08231
0000032c: DUP4
0000032d: MSTORE
0000032e: ADDRESS
0000032f: PUSH1 0x20
00000331: MSTORE
00000332: PUSH2 0x0358
00000335: PUSH1 0x20
00000337: DUP5
00000338: PUSH1 0x24
0000033a: PUSH1 0x1c
0000033c: DUP3
0000033d: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
00000352: GAS
00000353: CALL
00000354: PUSH2 0x0fb3
00000357: JUMP
00000358: JUMPDEST
00000359: PUSH1 0xc0
0000035b: SHR
0000035c: AND
0000035d: DUP2
0000035e: MLOAD
0000035f: LT
00000360: ISZERO
00000361: PUSH2 0x02c8
00000364: JUMPI
00000365: DUP1
00000366: REVERT
00000367: JUMPDEST
00000368: PUSH1 0x00
0000036a: SWAP1
0000036b: PUSH4 0x70a08231
00000370: DUP3
00000371: MSTORE
00000372: PUSH1 0x33
00000374: CALLDATALOAD
00000375: PUSH1 0x60
00000377: SHR
00000378: PUSH1 0x20
0000037a: MSTORE
0000037b: PUSH2 0x038f
0000037e: PUSH1 0x20
00000380: DUP4
00000381: PUSH1 0x24
00000383: PUSH1 0x1c
00000385: DUP3
00000386: PUSH1 0x13
00000388: CALLDATALOAD
00000389: GAS
0000038a: CALL
0000038b: PUSH2 0x0fb3
0000038e: JUMP
0000038f: JUMPDEST
00000390: DUP2
00000391: MLOAD
00000392: EQ
00000393: PUSH2 0x028f
00000396: JUMPI
00000397: DUP1
00000398: REVERT
00000399: JUMPDEST
0000039a: SWAP1
0000039b: SWAP2
0000039c: DUP1
0000039d: CALLDATALOAD
0000039e: SWAP2
0000039f: DUP3
000003a0: PUSH1 0xa8
000003a2: SHR
000003a3: SWAP4
000003a4: PUSH1 0x0b
000003a6: DUP4
000003a7: ADD
000003a8: CALLDATALOAD
000003a9: PUSH1 0xf8
000003ab: SHR
000003ac: SWAP5
000003ad: DUP6
000003ae: PUSH1 0x00
000003b0: EQ
000003b1: PUSH2 0x0fa1
000003b4: JUMPI
000003b5: DUP6
000003b6: PUSH1 0x01
000003b8: EQ
000003b9: PUSH2 0x0f8e
000003bc: JUMPI
000003bd: DUP6
000003be: PUSH1 0x02
000003c0: EQ
000003c1: PUSH2 0x0f09
000003c4: JUMPI
000003c5: DUP6
000003c6: PUSH1 0x03
000003c8: EQ
000003c9: PUSH2 0x0e7a
000003cc: JUMPI
000003cd: DUP6
000003ce: PUSH1 0x04
000003d0: EQ
000003d1: PUSH2 0x0d82
000003d4: JUMPI
000003d5: DUP6
000003d6: PUSH1 0x05
000003d8: EQ
000003d9: PUSH2 0x0d0e
000003dc: JUMPI
000003dd: DUP6
000003de: PUSH1 0x06
000003e0: EQ
000003e1: PUSH2 0x0c8c
000003e4: JUMPI
000003e5: DUP6
000003e6: PUSH1 0x07
000003e8: EQ
000003e9: PUSH2 0x0b41
000003ec: JUMPI
000003ed: DUP6
000003ee: PUSH1 0x08
000003f0: EQ
000003f1: PUSH2 0x0a19
000003f4: JUMPI
000003f5: DUP6
000003f6: PUSH1 0x09
000003f8: EQ
000003f9: PUSH2 0x0913
000003fc: JUMPI
000003fd: DUP6
000003fe: PUSH1 0x0a
00000400: EQ
00000401: PUSH2 0x07d0
00000404: JUMPI
00000405: DUP6
00000406: PUSH1 0x0b
00000408: EQ
00000409: PUSH2 0x0706
0000040c: JUMPI
0000040d: DUP6
0000040e: PUSH1 0x0c
00000410: EQ
00000411: PUSH2 0x0632
00000414: JUMPI
00000415: DUP6
00000416: PUSH1 0x0d
00000418: EQ
00000419: PUSH2 0x05b6
0000041c: JUMPI
0000041d: DUP6
0000041e: PUSH1 0x0e
00000420: EQ
00000421: PUSH2 0x050a
00000424: JUMPI
00000425: DUP6
00000426: PUSH1 0x0f
00000428: EQ
00000429: PUSH2 0x048b
0000042c: JUMPI
0000042d: POP
0000042e: POP
0000042f: POP
00000430: DUP3
00000431: PUSH1 0x10
00000433: EQ
00000434: PUSH2 0x0445
00000437: JUMPI
00000438: POP
00000439: POP
0000043a: PUSH1 0x11
0000043c: EQ
0000043d: PUSH2 0x0234
00000440: JUMPI
00000441: PUSH1 0x00
00000443: DUP1
00000444: REVERT
00000445: JUMPDEST
00000446: PUSH2 0x0234
00000449: SWAP3
0000044a: POP
0000044b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000460: PUSH1 0x20
00000462: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000483: SWAP3
00000484: ADD
00000485: SWAP3
00000486: AND
00000487: PUSH2 0x0399
0000048a: JUMP
0000048b: JUMPDEST
0000048c: SWAP2
0000048d: SWAP5
0000048e: POP
0000048f: SWAP3
00000490: SWAP2
00000491: PUSH1 0x20
00000493: PUSH2 0x04be
00000496: SWAP2
00000497: ADD
00000498: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000004b9: ADDRESS
000004ba: PUSH2 0x0399
000004bd: JUMP
000004be: JUMPDEST
000004bf: ADDRESS
000004c0: DUP5
000004c1: SUB
000004c2: PUSH2 0x04cc
000004c5: JUMPI
000004c6: JUMPDEST
000004c7: POP
000004c8: POP
000004c9: POP
000004ca: POP
000004cb: JUMP
000004cc: JUMPDEST
000004cd: PUSH1 0x1c
000004cf: PUSH1 0x00
000004d1: DUP1
000004d2: SWAP5
000004d3: SWAP4
000004d4: DUP4
000004d5: PUSH2 0x04f9
000004d8: SWAP8
000004d9: DUP7
000004da: DUP5
000004db: SWAP8
000004dc: PUSH1 0x44
000004de: SWAP8
000004df: GT
000004e0: PUSH2 0x0502
000004e3: JUMPI
000004e4: JUMPDEST
000004e5: POP
000004e6: PUSH4 0xa9059cbb
000004eb: DUP5
000004ec: MSTORE
000004ed: PUSH1 0x20
000004ef: MSTORE
000004f0: PUSH1 0x40
000004f2: MSTORE
000004f3: GAS
000004f4: CALL
000004f5: PUSH2 0x0fb3
000004f8: JUMP
000004f9: JUMPDEST
000004fa: CODESIZE
000004fb: DUP1
000004fc: DUP1
000004fd: DUP1
000004fe: PUSH2 0x04c6
00000501: JUMP
00000502: JUMPDEST
00000503: SWAP2
00000504: POP
00000505: CODESIZE
00000506: PUSH2 0x04e4
00000509: JUMP
0000050a: JUMPDEST
0000050b: SWAP5
0000050c: POP
0000050d: POP
0000050e: SWAP1
0000050f: SWAP2
00000510: PUSH2 0x053d
00000513: PUSH1 0x35
00000515: DUP5
00000516: ADD
00000517: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000538: ADDRESS
00000539: PUSH2 0x0399
0000053c: JUMP
0000053d: JUMPDEST
0000053e: PUSH2 0x0586
00000541: PUSH1 0x1c
00000543: PUSH1 0x20
00000545: PUSH1 0x84
00000547: SWAP6
00000548: ADD
00000549: CALLDATALOAD
0000054a: SWAP3
0000054b: PUSH1 0x00
0000054d: SWAP6
0000054e: DUP7
0000054f: SWAP3
00000550: DUP4
00000551: DUP1
00000552: SWAP4
00000553: PUSH4 0x5b41b908
00000558: DUP3
00000559: MSTORE
0000055a: DUP8
0000055b: PUSH1 0xfc
0000055d: SHR
0000055e: PUSH1 0x20
00000560: MSTORE
00000561: PUSH1 0x0f
00000563: DUP9
00000564: PUSH1 0xf8
00000566: SHR
00000567: AND
00000568: PUSH1 0x40
0000056a: MSTORE
0000056b: PUSH11 0xffffffffffffffffffffff
00000577: DUP9
00000578: AND
00000579: PUSH1 0x60
0000057b: MSTORE
0000057c: DUP11
0000057d: PUSH1 0x80
0000057f: MSTORE
00000580: GAS
00000581: CALL
00000582: PUSH2 0x0fb3
00000585: JUMP
00000586: JUMPDEST
00000587: ADDRESS
00000588: DUP3
00000589: SUB
0000058a: PUSH2 0x0593
0000058d: JUMPI
0000058e: POP
0000058f: POP
00000590: POP
00000591: POP
00000592: JUMP
00000593: JUMPDEST
00000594: PUSH1 0x1c
00000596: DUP4
00000597: PUSH1 0x44
00000599: SWAP3
0000059a: PUSH2 0x04f9
0000059d: SWAP7
0000059e: DUP3
0000059f: SWAP6
000005a0: PUSH4 0xa9059cbb
000005a5: DUP5
000005a6: MSTORE
000005a7: PUSH1 0x20
000005a9: MSTORE
000005aa: PUSH1 0x40
000005ac: MSTORE
000005ad: PUSH1 0x58
000005af: SHR
000005b0: GAS
000005b1: CALL
000005b2: PUSH2 0x0fb3
000005b5: JUMP
000005b6: JUMPDEST
000005b7: SWAP5
000005b8: POP
000005b9: POP
000005ba: SWAP1
000005bb: SWAP2
000005bc: PUSH2 0x05e9
000005bf: PUSH1 0x35
000005c1: DUP5
000005c2: ADD
000005c3: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000005e4: ADDRESS
000005e5: PUSH2 0x0399
000005e8: JUMP
000005e9: JUMPDEST
000005ea: PUSH2 0x0586
000005ed: PUSH1 0x1c
000005ef: PUSH1 0x20
000005f1: PUSH1 0x84
000005f3: SWAP6
000005f4: ADD
000005f5: CALLDATALOAD
000005f6: SWAP3
000005f7: PUSH1 0x00
000005f9: SWAP6
000005fa: DUP7
000005fb: SWAP3
000005fc: DUP4
000005fd: DUP1
000005fe: SWAP4
000005ff: PUSH4 0x3df02124
00000604: DUP3
00000605: MSTORE
00000606: DUP8
00000607: PUSH1 0xfc
00000609: SHR
0000060a: PUSH1 0x20
0000060c: MSTORE
0000060d: PUSH1 0x0f
0000060f: DUP9
00000610: PUSH1 0xf8
00000612: SHR
00000613: AND
00000614: PUSH1 0x40
00000616: MSTORE
00000617: PUSH11 0xffffffffffffffffffffff
00000623: DUP9
00000624: AND
00000625: PUSH1 0x60
00000627: MSTORE
00000628: DUP11
00000629: PUSH1 0x80
0000062b: MSTORE
0000062c: GAS
0000062d: CALL
0000062e: PUSH2 0x0fb3
00000631: JUMP
00000632: JUMPDEST
00000633: SWAP2
00000634: SWAP4
00000635: SWAP5
00000636: POP
00000637: POP
00000638: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000659: PUSH2 0x0666
0000065c: PUSH1 0x54
0000065e: DUP5
0000065f: ADD
00000660: DUP3
00000661: ADDRESS
00000662: PUSH2 0x0399
00000665: JUMP
00000666: JUMPDEST
00000667: PUSH2 0x0234
0000066a: SWAP5
0000066b: PUSH1 0x20
0000066d: DUP5
0000066e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000683: SWAP4
00000684: PUSH1 0x40
00000686: PUSH11 0xffffffffffffffffffffff
00000692: SWAP8
00000693: ADD
00000694: CALLDATALOAD
00000695: SWAP6
00000696: PUSH1 0x00
00000698: SWAP9
00000699: PUSH4 0x52bbbe29
0000069e: DUP11
0000069f: MSTORE
000006a0: PUSH1 0xe0
000006a2: DUP6
000006a3: MSTORE
000006a4: ADDRESS
000006a5: PUSH1 0x40
000006a7: MSTORE
000006a8: DUP10
000006a9: PUSH1 0x60
000006ab: MSTORE
000006ac: PUSH1 0x80
000006ae: MSTORE
000006af: DUP9
000006b0: PUSH1 0xa0
000006b2: MSTORE
000006b3: PUSH1 0xc0
000006b5: MSTORE
000006b6: PUSH1 0xe0
000006b8: MSTORE
000006b9: ADD
000006ba: CALLDATALOAD
000006bb: PUSH2 0x0100
000006be: MSTORE
000006bf: DUP5
000006c0: PUSH2 0x0120
000006c3: MSTORE
000006c4: AND
000006c5: PUSH2 0x0140
000006c8: MSTORE
000006c9: DUP1
000006ca: PUSH1 0x60
000006cc: SHR
000006cd: PUSH2 0x0160
000006d0: MSTORE
000006d1: PUSH1 0x08
000006d3: SHR
000006d4: AND
000006d5: PUSH2 0x0180
000006d8: MSTORE
000006d9: PUSH1 0xc0
000006db: PUSH2 0x01a0
000006de: MSTORE
000006df: DUP1
000006e0: PUSH2 0x01c0
000006e3: MSTORE
000006e4: DUP1
000006e5: PUSH2 0x01c4
000006e8: PUSH1 0x1c
000006ea: DUP3
000006eb: PUSH20 0xba12222222228d8ba445958a75a0704d566bf2c8
00000700: GAS
00000701: CALL
00000702: PUSH2 0x0fb3
00000705: JUMP
00000706: JUMPDEST
00000707: SWAP5
00000708: POP
00000709: POP
0000070a: SWAP1
0000070b: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000072c: SWAP1
0000072d: PUSH2 0x073a
00000730: PUSH1 0x48
00000732: DUP3
00000733: ADD
00000734: DUP4
00000735: ADDRESS
00000736: PUSH2 0x0399
00000739: JUMP
0000073a: JUMPDEST
0000073b: PUSH11 0xffffffffffffffffffffff
00000747: SWAP4
00000748: PUSH1 0x20
0000074a: PUSH1 0xa4
0000074c: PUSH1 0x1c
0000074e: DUP5
0000074f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000764: PUSH1 0x34
00000766: PUSH2 0x07a3
00000769: SWAP8
0000076a: ADD
0000076b: CALLDATALOAD
0000076c: SWAP6
0000076d: DUP7
0000076e: PUSH1 0x60
00000770: SHR
00000771: SWAP9
00000772: PUSH1 0x00
00000774: SWAP12
00000775: DUP13
00000776: SWAP9
00000777: DUP10
00000778: SWAP9
00000779: DUP10
0000077a: SWAP7
0000077b: PUSH4 0x8201aa3f
00000780: DUP9
00000781: MSTORE
00000782: ADD
00000783: CALLDATALOAD
00000784: PUSH1 0x60
00000786: SHR
00000787: PUSH1 0x20
00000789: MSTORE
0000078a: PUSH1 0x08
0000078c: SHR
0000078d: AND
0000078e: PUSH1 0x40
00000790: MSTORE
00000791: DUP10
00000792: PUSH1 0x60
00000794: MSTORE
00000795: DUP13
00000796: PUSH1 0x80
00000798: MSTORE
00000799: PUSH1 0xa0
0000079b: MSTORE
0000079c: AND
0000079d: GAS
0000079e: CALL
0000079f: PUSH2 0x0fb3
000007a2: JUMP
000007a3: JUMPDEST
000007a4: ADDRESS
000007a5: DUP3
000007a6: SUB
000007a7: PUSH2 0x07b0
000007aa: JUMPI
000007ab: POP
000007ac: POP
000007ad: POP
000007ae: POP
000007af: JUMP
000007b0: JUMPDEST
000007b1: PUSH1 0x1c
000007b3: DUP4
000007b4: PUSH1 0x44
000007b6: SWAP3
000007b7: PUSH2 0x04f9
000007ba: SWAP7
000007bb: DUP3
000007bc: SWAP6
000007bd: PUSH4 0xa9059cbb
000007c2: DUP5
000007c3: MSTORE
000007c4: PUSH1 0x20
000007c6: MSTORE
000007c7: PUSH1 0x40
000007c9: MSTORE
000007ca: GAS
000007cb: CALL
000007cc: PUSH2 0x0fb3
000007cf: JUMP
000007d0: JUMPDEST
000007d1: SWAP4
000007d2: SWAP2
000007d3: SWAP5
000007d4: POP
000007d5: POP
000007d6: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000007f7: SWAP1
000007f8: PUSH2 0x0805
000007fb: PUSH1 0x34
000007fd: DUP5
000007fe: ADD
000007ff: DUP4
00000800: ADDRESS
00000801: PUSH2 0x0399
00000804: JUMP
00000805: JUMPDEST
00000806: PUSH1 0x00
00000808: DUP1
00000809: PUSH1 0xc4
0000080b: PUSH1 0x1c
0000080d: PUSH2 0x0899
00000810: SWAP5
00000811: PUSH1 0x20
00000813: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000828: DUP6
00000829: SWAP3
0000082a: AND
0000082b: SWAP9
0000082c: ADD
0000082d: CALLDATALOAD
0000082e: SWAP7
0000082f: PUSH11 0xffffffffffffffffffffff
0000083b: DUP9
0000083c: PUSH1 0x60
0000083e: SHR
0000083f: SWAP9
00000840: PUSH1 0x08
00000842: SHR
00000843: AND
00000844: PUSH20 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
00000859: SWAP10
0000085a: DUP11
0000085b: DUP2
0000085c: EQ
0000085d: PUSH2 0x08db
00000860: JUMPI
00000861: JUMPDEST
00000862: PUSH4 0xd3a4acd3
00000867: DUP8
00000868: MSTORE
00000869: PUSH1 0x20
0000086b: MSTORE
0000086c: DUP9
0000086d: PUSH1 0x40
0000086f: MSTORE
00000870: PUSH1 0x60
00000872: MSTORE
00000873: DUP10
00000874: PUSH1 0x80
00000876: MSTORE
00000877: PUSH1 0xa0
00000879: MSTORE
0000087a: DUP10
0000087b: PUSH1 0xc0
0000087d: MSTORE
0000087e: PUSH20 0xeef417e1d5cc832e619ae18d2f140de2999dd4fb
00000893: GAS
00000894: CALL
00000895: PUSH2 0x0fb3
00000898: JUMP
00000899: JUMPDEST
0000089a: EQ
0000089b: PUSH2 0x08a2
0000089e: JUMPI
0000089f: POP
000008a0: POP
000008a1: JUMP
000008a2: JUMPDEST
000008a3: PUSH1 0x00
000008a5: PUSH1 0x04
000008a7: PUSH1 0x1c
000008a9: DUP3
000008aa: SWAP4
000008ab: PUSH2 0x08b8
000008ae: PUSH2 0x0234
000008b1: SWAP7
000008b2: ADDRESS
000008b3: EQ
000008b4: PUSH2 0x0fb3
000008b7: JUMP
000008b8: JUMPDEST
000008b9: PUSH4 0xd0e30db0
000008be: DUP5
000008bf: MSTORE
000008c0: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
000008d5: GAS
000008d6: CALL
000008d7: PUSH2 0x0fb3
000008da: JUMP
000008db: JUMPDEST
000008dc: SWAP3
000008dd: DUP1
000008de: PUSH4 0x2e1a7d4d
000008e3: PUSH2 0x090c
000008e6: SWAP3
000008e7: MSTORE
000008e8: DUP3
000008e9: PUSH1 0x20
000008eb: MSTORE
000008ec: DUP1
000008ed: PUSH1 0x24
000008ef: DUP8
000008f0: DUP3
000008f1: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
00000906: GAS
00000907: CALL
00000908: PUSH2 0x0fb3
0000090b: JUMP
0000090c: JUMPDEST
0000090d: DUP1
0000090e: SWAP3
0000090f: PUSH2 0x0861
00000912: JUMP
00000913: JUMPDEST
00000914: SWAP5
00000915: POP
00000916: POP
00000917: SWAP1
00000918: PUSH2 0x0945
0000091b: PUSH1 0x34
0000091d: DUP3
0000091e: ADD
0000091f: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000940: ADDRESS
00000941: PUSH2 0x0399
00000944: JUMP
00000945: JUMPDEST
00000946: PUSH1 0x20
00000948: PUSH20 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
0000095d: SWAP2
0000095e: ADD
0000095f: CALLDATALOAD
00000960: SWAP3
00000961: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000976: DUP5
00000977: PUSH1 0x60
00000979: SHR
0000097a: SWAP2
0000097b: PUSH20 0x1f573d6fb3f13d689ff844b4ce37794d79a7ff1c
00000990: PUSH2 0x0100
00000993: MSTORE
00000994: AND
00000995: PUSH2 0x0120
00000998: MSTORE
00000999: DUP1
0000099a: PUSH2 0x0140
0000099d: MSTORE
0000099e: PUSH11 0xffffffffffffffffffffff
000009aa: PUSH1 0x00
000009ac: SWAP5
000009ad: PUSH4 0xb77d239b
000009b2: DUP7
000009b3: MSTORE
000009b4: PUSH1 0xc0
000009b6: PUSH1 0x20
000009b8: MSTORE
000009b9: PUSH1 0x08
000009bb: SHR
000009bc: AND
000009bd: PUSH1 0x40
000009bf: MSTORE
000009c0: DUP5
000009c1: PUSH1 0x60
000009c3: MSTORE
000009c4: DUP3
000009c5: PUSH1 0x80
000009c7: MSTORE
000009c8: DUP4
000009c9: PUSH1 0xa0
000009cb: MSTORE
000009cc: DUP4
000009cd: PUSH1 0xc0
000009cf: MSTORE
000009d0: PUSH1 0x03
000009d2: PUSH1 0xe0
000009d4: MSTORE
000009d5: PUSH2 0x09fb
000009d8: DUP5
000009d9: DUP1
000009da: PUSH2 0x0144
000009dd: PUSH1 0x1c
000009df: DUP3
000009e0: PUSH20 0x2f9ec37d6ccfff1cab21733bdadede11c823ccb0
000009f5: GAS
000009f6: CALL
000009f7: PUSH2 0x0fb3
000009fa: JUMP
000009fb: JUMPDEST
000009fc: EQ
000009fd: PUSH2 0x0a05
00000a00: JUMPI
00000a01: POP
00000a02: POP
00000a03: POP
00000a04: JUMP
00000a05: JUMPDEST
00000a06: PUSH1 0x04
00000a08: PUSH1 0x1c
00000a0a: PUSH2 0x0234
00000a0d: SWAP5
00000a0e: PUSH2 0x08b8
00000a11: DUP6
00000a12: SWAP5
00000a13: ADDRESS
00000a14: EQ
00000a15: PUSH2 0x0fb3
00000a18: JUMP
00000a19: JUMPDEST
00000a1a: SWAP3
00000a1b: SWAP2
00000a1c: SWAP4
00000a1d: SWAP5
00000a1e: POP
00000a1f: POP
00000a20: PUSH2 0x0a4d
00000a23: PUSH1 0x34
00000a25: DUP3
00000a26: ADD
00000a27: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000a48: ADDRESS
00000a49: PUSH2 0x0399
00000a4c: JUMP
00000a4d: JUMPDEST
00000a4e: PUSH1 0x1c
00000a50: PUSH2 0x0234
00000a53: SWAP5
00000a54: PUSH1 0x00
00000a56: SWAP5
00000a57: DUP6
00000a58: SWAP5
00000a59: PUSH2 0x0144
00000a5c: SWAP5
00000a5d: PUSH1 0x20
00000a5f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000a74: DUP9
00000a75: SWAP6
00000a76: AND
00000a77: SWAP2
00000a78: ADD
00000a79: CALLDATALOAD
00000a7a: PUSH11 0xffffffffffffffffffffff
00000a86: DUP2
00000a87: PUSH1 0x08
00000a89: SHR
00000a8a: AND
00000a8b: SWAP2
00000a8c: PUSH20 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
00000aa1: DUP2
00000aa2: EQ
00000aa3: PUSH2 0x0b09
00000aa6: JUMPI
00000aa7: JUMPDEST
00000aa8: PUSH2 0x0100
00000aab: MSTORE
00000aac: PUSH1 0x60
00000aae: SHR
00000aaf: PUSH2 0x0120
00000ab2: MSTORE
00000ab3: PUSH20 0x1f573d6fb3f13d689ff844b4ce37794d79a7ff1c
00000ac8: PUSH2 0x0140
00000acb: MSTORE
00000acc: PUSH4 0xb77d239b
00000ad1: DUP8
00000ad2: MSTORE
00000ad3: PUSH1 0xc0
00000ad5: PUSH1 0x20
00000ad7: MSTORE
00000ad8: PUSH1 0x40
00000ada: MSTORE
00000adb: PUSH1 0x60
00000add: MSTORE
00000ade: PUSH1 0x80
00000ae0: MSTORE
00000ae1: DUP4
00000ae2: PUSH1 0xa0
00000ae4: MSTORE
00000ae5: DUP4
00000ae6: PUSH1 0xc0
00000ae8: MSTORE
00000ae9: PUSH1 0x03
00000aeb: PUSH1 0xe0
00000aed: MSTORE
00000aee: PUSH20 0x2f9ec37d6ccfff1cab21733bdadede11c823ccb0
00000b03: GAS
00000b04: CALL
00000b05: PUSH2 0x0fb3
00000b08: JUMP
00000b09: JUMPDEST
00000b0a: SWAP5
00000b0b: DUP1
00000b0c: PUSH4 0x2e1a7d4d
00000b11: PUSH2 0x0b3a
00000b14: SWAP3
00000b15: MSTORE
00000b16: DUP4
00000b17: PUSH1 0x20
00000b19: MSTORE
00000b1a: DUP1
00000b1b: PUSH1 0x24
00000b1d: DUP10
00000b1e: DUP3
00000b1f: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
00000b34: GAS
00000b35: CALL
00000b36: PUSH2 0x0fb3
00000b39: JUMP
00000b3a: JUMPDEST
00000b3b: DUP2
00000b3c: SWAP5
00000b3d: PUSH2 0x0aa7
00000b40: JUMP
00000b41: JUMPDEST
00000b42: SWAP4
00000b43: SWAP3
00000b44: SWAP2
00000b45: SWAP5
00000b46: POP
00000b47: POP
00000b48: PUSH2 0x0b75
00000b4b: PUSH1 0x5c
00000b4d: DUP3
00000b4e: ADD
00000b4f: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000b70: ADDRESS
00000b71: PUSH2 0x0399
00000b74: JUMP
00000b75: JUMPDEST
00000b76: PUSH2 0x0899
00000b79: PUSH1 0x00
00000b7b: DUP1
00000b7c: PUSH2 0x0184
00000b7f: PUSH1 0x1c
00000b81: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000b96: DUP4
00000b97: SWAP8
00000b98: AND
00000b99: SWAP7
00000b9a: PUSH1 0x48
00000b9c: DUP8
00000b9d: ADD
00000b9e: CALLDATALOAD
00000b9f: SWAP7
00000ba0: PUSH11 0xffffffffffffffffffffff
00000bac: DUP9
00000bad: PUSH1 0x60
00000baf: SHR
00000bb0: SWAP9
00000bb1: PUSH1 0x08
00000bb3: SHR
00000bb4: AND
00000bb5: SWAP1
00000bb6: PUSH20 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
00000bcb: SWAP10
00000bcc: DUP11
00000bcd: DUP2
00000bce: EQ
00000bcf: PUSH2 0x0c4e
00000bd2: JUMPI
00000bd3: JUMPDEST
00000bd4: SWAP1
00000bd5: PUSH1 0x34
00000bd7: SWAP2
00000bd8: PUSH2 0x0100
00000bdb: MSTORE
00000bdc: PUSH1 0x20
00000bde: DUP2
00000bdf: ADD
00000be0: CALLDATALOAD
00000be1: PUSH1 0x60
00000be3: SHR
00000be4: PUSH2 0x0120
00000be7: MSTORE
00000be8: PUSH20 0x1f573d6fb3f13d689ff844b4ce37794d79a7ff1c
00000bfd: PUSH2 0x0140
00000c00: MSTORE
00000c01: ADD
00000c02: CALLDATALOAD
00000c03: PUSH1 0x60
00000c05: SHR
00000c06: PUSH2 0x0160
00000c09: MSTORE
00000c0a: DUP8
00000c0b: PUSH2 0x0180
00000c0e: MSTORE
00000c0f: PUSH4 0xb77d239b
00000c14: DUP6
00000c15: MSTORE
00000c16: PUSH1 0xc0
00000c18: PUSH1 0x20
00000c1a: MSTORE
00000c1b: PUSH1 0x40
00000c1d: MSTORE
00000c1e: DUP9
00000c1f: PUSH1 0x60
00000c21: MSTORE
00000c22: DUP10
00000c23: PUSH1 0x80
00000c25: MSTORE
00000c26: DUP4
00000c27: PUSH1 0xa0
00000c29: MSTORE
00000c2a: DUP4
00000c2b: PUSH1 0xc0
00000c2d: MSTORE
00000c2e: PUSH1 0x05
00000c30: PUSH1 0xe0
00000c32: MSTORE
00000c33: PUSH20 0x2f9ec37d6ccfff1cab21733bdadede11c823ccb0
00000c48: GAS
00000c49: CALL
00000c4a: PUSH2 0x0fb3
00000c4d: JUMP
00000c4e: JUMPDEST
00000c4f: SWAP3
00000c50: SWAP1
00000c51: PUSH2 0x0c82
00000c54: DUP3
00000c55: PUSH4 0x2e1a7d4d
00000c5a: PUSH1 0x34
00000c5c: SWAP5
00000c5d: MSTORE
00000c5e: DUP5
00000c5f: PUSH1 0x20
00000c61: MSTORE
00000c62: DUP1
00000c63: PUSH1 0x24
00000c65: DUP9
00000c66: DUP3
00000c67: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
00000c7c: GAS
00000c7d: CALL
00000c7e: PUSH2 0x0fb3
00000c81: JUMP
00000c82: JUMPDEST
00000c83: DUP3
00000c84: SWAP4
00000c85: SWAP1
00000c86: SWAP2
00000c87: POP
00000c88: PUSH2 0x0bd3
00000c8b: JUMP
00000c8c: JUMPDEST
00000c8d: SWAP3
00000c8e: SWAP4
00000c8f: SWAP2
00000c90: PUSH2 0x0234
00000c93: SWAP6
00000c94: POP
00000c95: PUSH1 0x1c
00000c97: SWAP2
00000c98: POP
00000c99: PUSH1 0xc5
00000c9b: PUSH1 0x00
00000c9d: SWAP6
00000c9e: DUP7
00000c9f: SWAP6
00000ca0: DUP7
00000ca1: SWAP4
00000ca2: PUSH4 0x128acb08
00000ca7: DUP6
00000ca8: MSTORE
00000ca9: PUSH1 0x20
00000cab: MSTORE
00000cac: DUP4
00000cad: PUSH1 0x40
00000caf: MSTORE
00000cb0: DUP4
00000cb1: SUB
00000cb2: PUSH1 0x60
00000cb4: MSTORE
00000cb5: PUSH20 0xfffd8963efd1fc6a506488495d951d5263988d25
00000cca: PUSH1 0x80
00000ccc: MSTORE
00000ccd: PUSH1 0xa0
00000ccf: DUP1
00000cd0: MSTORE
00000cd1: PUSH1 0x1f
00000cd3: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000cf4: DUP3
00000cf5: CALLDATASIZE
00000cf6: SUB
00000cf7: ADD
00000cf8: OR
00000cf9: SWAP1
00000cfa: PUSH1 0x01
00000cfc: DUP3
00000cfd: ADD
00000cfe: SWAP1
00000cff: DUP2
00000d00: PUSH1 0xc0
00000d02: MSTORE
00000d03: PUSH1 0xe0
00000d05: CALLDATACOPY
00000d06: ADD
00000d07: SWAP3
00000d08: GAS
00000d09: CALL
00000d0a: PUSH2 0x0fb3
00000d0d: JUMP
00000d0e: JUMPDEST
00000d0f: PUSH2 0x0234
00000d12: SWAP6
00000d13: POP
00000d14: PUSH1 0x1c
00000d16: SWAP2
00000d17: POP
00000d18: PUSH1 0xc5
00000d1a: PUSH1 0x00
00000d1c: SWAP6
00000d1d: SWAP4
00000d1e: SWAP5
00000d1f: DUP7
00000d20: SWAP6
00000d21: SWAP3
00000d22: DUP7
00000d23: SWAP4
00000d24: PUSH4 0x128acb08
00000d29: DUP6
00000d2a: MSTORE
00000d2b: PUSH1 0x20
00000d2d: MSTORE
00000d2e: PUSH1 0x01
00000d30: PUSH1 0x40
00000d32: MSTORE
00000d33: DUP4
00000d34: SUB
00000d35: PUSH1 0x60
00000d37: MSTORE
00000d38: PUSH5 0x01000276a4
00000d3e: PUSH1 0x80
00000d40: MSTORE
00000d41: PUSH1 0xa0
00000d43: DUP1
00000d44: MSTORE
00000d45: PUSH1 0x1f
00000d47: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000d68: DUP3
00000d69: CALLDATASIZE
00000d6a: SUB
00000d6b: ADD
00000d6c: OR
00000d6d: SWAP1
00000d6e: PUSH1 0x01
00000d70: DUP3
00000d71: ADD
00000d72: SWAP1
00000d73: DUP2
00000d74: PUSH1 0xc0
00000d76: MSTORE
00000d77: PUSH1 0xe0
00000d79: CALLDATACOPY
00000d7a: ADD
00000d7b: SWAP3
00000d7c: GAS
00000d7d: CALL
00000d7e: PUSH2 0x0fb3
00000d81: JUMP
00000d82: JUMPDEST
00000d83: SWAP5
00000d84: POP
00000d85: POP
00000d86: SWAP1
00000d87: SWAP2
00000d88: ADDRESS
00000d89: DUP3
00000d8a: EQ
00000d8b: DUP1
00000d8c: ISZERO
00000d8d: PUSH2 0x0e31
00000d90: JUMPI
00000d91: JUMPDEST
00000d92: PUSH2 0x0234
00000d95: SWAP5
00000d96: PUSH1 0x00
00000d98: SWAP5
00000d99: DUP6
00000d9a: SWAP5
00000d9b: DUP6
00000d9c: SWAP3
00000d9d: PUSH4 0x022c0d9f
00000da2: DUP5
00000da3: MSTORE
00000da4: PUSH1 0x20
00000da6: MSTORE
00000da7: DUP3
00000da8: PUSH1 0x40
00000daa: MSTORE
00000dab: PUSH1 0x60
00000dad: MSTORE
00000dae: PUSH1 0x80
00000db0: DUP1
00000db1: MSTORE
00000db2: DUP2
00000db3: PUSH1 0xa0
00000db5: MSTORE
00000db6: PUSH1 0xa4
00000db8: SWAP3
00000db9: PUSH2 0x0dc9
00000dbc: JUMPI
00000dbd: JUMPDEST
00000dbe: POP
00000dbf: PUSH1 0x1c
00000dc1: SWAP2
00000dc2: SWAP3
00000dc3: GAS
00000dc4: CALL
00000dc5: PUSH2 0x0fb3
00000dc8: JUMP
00000dc9: JUMPDEST
00000dca: PUSH1 0x1c
00000dcc: SWAP3
00000dcd: POP
00000dce: DUP1
00000dcf: PUSH1 0x1f
00000dd1: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdf
00000df2: PUSH1 0xa5
00000df4: SWAP4
00000df5: CALLDATASIZE
00000df6: SUB
00000df7: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
00000e18: DUP2
00000e19: ADD
00000e1a: PUSH1 0xa0
00000e1c: MSTORE
00000e1d: ADD
00000e1e: OR
00000e1f: SWAP1
00000e20: PUSH1 0x20
00000e22: PUSH1 0x01
00000e24: DUP4
00000e25: ADD
00000e26: SWAP2
00000e27: ADD
00000e28: PUSH1 0xc0
00000e2a: CALLDATACOPY
00000e2b: ADD
00000e2c: SWAP2
00000e2d: PUSH2 0x0dbd
00000e30: JUMP
00000e31: JUMPDEST
00000e32: PUSH2 0x0e75
00000e35: PUSH1 0x20
00000e37: DUP6
00000e38: ADD
00000e39: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000e5a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000e6f: DUP6
00000e70: AND
00000e71: PUSH2 0x0399
00000e74: JUMP
00000e75: JUMPDEST
00000e76: PUSH2 0x0d91
00000e79: JUMP
00000e7a: JUMPDEST
00000e7b: SWAP5
00000e7c: POP
00000e7d: POP
00000e7e: SWAP1
00000e7f: SWAP2
00000e80: ADDRESS
00000e81: DUP3
00000e82: EQ
00000e83: DUP1
00000e84: ISZERO
00000e85: PUSH2 0x0ec0
00000e88: JUMPI
00000e89: JUMPDEST
00000e8a: PUSH2 0x0234
00000e8d: SWAP5
00000e8e: PUSH1 0x00
00000e90: SWAP5
00000e91: DUP6
00000e92: SWAP5
00000e93: DUP6
00000e94: SWAP3
00000e95: PUSH4 0x022c0d9f
00000e9a: DUP5
00000e9b: MSTORE
00000e9c: DUP4
00000e9d: PUSH1 0x20
00000e9f: MSTORE
00000ea0: PUSH1 0x40
00000ea2: MSTORE
00000ea3: PUSH1 0x60
00000ea5: MSTORE
00000ea6: PUSH1 0x80
00000ea8: DUP1
00000ea9: MSTORE
00000eaa: DUP2
00000eab: PUSH1 0xa0
00000ead: MSTORE
00000eae: PUSH1 0xa4
00000eb0: SWAP3
00000eb1: PUSH2 0x0dc9
00000eb4: JUMPI
00000eb5: POP
00000eb6: PUSH1 0x1c
00000eb8: SWAP2
00000eb9: SWAP3
00000eba: GAS
00000ebb: CALL
00000ebc: PUSH2 0x0fb3
00000ebf: JUMP
00000ec0: JUMPDEST
00000ec1: PUSH2 0x0f04
00000ec4: PUSH1 0x20
00000ec6: DUP6
00000ec7: ADD
00000ec8: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000ee9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000efe: DUP6
00000eff: AND
00000f00: PUSH2 0x0399
00000f03: JUMP
00000f04: JUMPDEST
00000f05: PUSH2 0x0e89
00000f08: JUMP
00000f09: JUMPDEST
00000f0a: SWAP5
00000f0b: POP
00000f0c: SWAP2
00000f0d: PUSH2 0x0f3c
00000f10: SWAP2
00000f11: SWAP4
00000f12: POP
00000f13: PUSH1 0x0c
00000f15: ADD
00000f16: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
00000f37: ADDRESS
00000f38: PUSH2 0x0399
00000f3b: JUMP
00000f3c: JUMPDEST
00000f3d: ADDRESS
00000f3e: DUP3
00000f3f: SUB
00000f40: PUSH2 0x0f48
00000f43: JUMPI
00000f44: POP
00000f45: POP
00000f46: POP
00000f47: JUMP
00000f48: JUMPDEST
00000f49: DUP1
00000f4a: DUP4
00000f4b: GT
00000f4c: PUSH2 0x0f86
00000f4f: JUMPI
00000f50: JUMPDEST
00000f51: POP
00000f52: PUSH4 0xa9059cbb
00000f57: PUSH1 0x00
00000f59: MSTORE
00000f5a: PUSH1 0x20
00000f5c: MSTORE
00000f5d: PUSH1 0x40
00000f5f: MSTORE
00000f60: PUSH2 0x0234
00000f63: PUSH1 0x00
00000f65: DUP1
00000f66: PUSH1 0x44
00000f68: PUSH1 0x1c
00000f6a: DUP3
00000f6b: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
00000f80: GAS
00000f81: CALL
00000f82: PUSH2 0x0fb3
00000f85: JUMP
00000f86: JUMPDEST
00000f87: SWAP2
00000f88: POP
00000f89: CODESIZE
00000f8a: PUSH2 0x0f50
00000f8d: JUMP
00000f8e: JUMPDEST
00000f8f: SWAP2
00000f90: SWAP5
00000f91: POP
00000f92: SWAP3
00000f93: SWAP2
00000f94: POP
00000f95: ADDRESS
00000f96: DUP5
00000f97: SUB
00000f98: PUSH2 0x04cc
00000f9b: JUMPI
00000f9c: POP
00000f9d: POP
00000f9e: POP
00000f9f: POP
00000fa0: JUMP
00000fa1: JUMPDEST
00000fa2: SWAP5
00000fa3: POP
00000fa4: SWAP2
00000fa5: POP
00000fa6: SWAP2
00000fa7: POP
00000fa8: ADDRESS
00000fa9: DUP3
00000faa: SUB
00000fab: PUSH2 0x0f48
00000fae: JUMPI
00000faf: POP
00000fb0: POP
00000fb1: POP
00000fb2: JUMP
00000fb3: JUMPDEST
00000fb4: ISZERO
00000fb5: PUSH2 0x0261
00000fb8: JUMPI
00000fb9: JUMP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 10,
    "status": "unknown",
    "attempts": 11,
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 381,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 93,
            "type": "msg_sender_eq_const",
            "value": 98
        },
        {
            "pc": 187,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 360,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 406,
            "type": "msg_sender_eq_const",
            "value": 435
        },
        {
            "pc": 429,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 471,
            "type": "tx_origin_used"
        },
        {
            "pc": 512,
            "type": "tx_origin_used"
        },
        {
            "pc": 405,
            "type": "msg_sender_eq_const",
            "value": "0x7dacfce9eacdca48cad5ba0b61560586c375890b"
        },
        {
            "pc": 449,
            "type": "tx_origin_used"
        },
        {
            "pc": 490,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 93,
            "type": "msg_sender_eq_const",
            "value": 98
        },
        {
            "pc": 187,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 360,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 406,
            "type": "msg_sender_eq_const",
            "value": 435
        },
        {
            "pc": 429,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 471,
            "type": "tx_origin_used"
        },
        {
            "pc": 512,
            "type": "tx_origin_used"
        },
        {
            "pc": 405,
            "type": "msg_sender_eq_const",
            "value": "0x7dacfce9eacdca48cad5ba0b61560586c375890b"
        },
        {
            "pc": 449,
            "type": "tx_origin_used"
        },
        {
            "pc": 490,
            "type": "tx_origin_used"
        }
    ]
}
high access_control codex Privileged arbitrary delegatecall (owner backdoor) 85 no
view
evidence_json 
{
    "evidence": "Disassembly of the runtime bytecode shows an owner check followed immediately by a DELEGATECALL to an address loaded from calldata: `PUSH20 0x7dacf... CALLER EQ` gated via the jump helper at 0x0fb3, then `CALLDATALOAD 0x04` (target) and `DELEGATECALL` around offsets 0x0179\u20130x017d.",
    "locations": [
        "BYTECODE_BUNDLE.txt:5"
    ],
    "recommendation": "Remove the arbitrary delegatecall or restrict it to vetted/immutable implementations. If upgradeability is required, use a transparent upgrade pattern with timelock/multisig governance and explicit implementation whitelisting.",
    "exploit_scenario": "The hardcoded owner address can call a function that performs DELEGATECALL to an address read directly from calldata. If the owner key is compromised or misused, the caller can execute arbitrary code in the contract\u2019s context, allowing storage corruption and draining any assets held by the contract."
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x417d771c9d03a22a1b39b4f85b9f2645476e7e8db877c8f5dc12459fb60d24c5
call_targets: 0xe2b8eb988735f7709d08b7d07b41460073904830
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x417d771c9d03a22a1b39b4f85b9f2645476e7e8db877c8f5dc12459fb60d24c5",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xe2b8eb988735f7709d08b7d07b41460073904830"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 144,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "calldata-derived",
            "target_expression_category": "computed"
        },
        {
            "pc": 153,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 320,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 27,
    "guards_detected": [
        {
            "pc": 93,
            "type": "msg_sender_eq_const",
            "value": 98
        },
        {
            "pc": 187,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 360,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 406,
            "type": "msg_sender_eq_const",
            "value": 435
        },
        {
            "pc": 429,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 471,
            "type": "tx_origin_used"
        },
        {
            "pc": 512,
            "type": "tx_origin_used"
        },
        {
            "pc": 405,
            "type": "msg_sender_eq_const",
            "value": "0x7dacfce9eacdca48cad5ba0b61560586c375890b"
        },
        {
            "pc": 449,
            "type": "tx_origin_used"
        },
        {
            "pc": 490,
            "type": "tx_origin_used"
        }
    ],
    "untrusted_call_count": 24
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x417d771c9d03a22a1b39b4f85b9f2645476e7e8db877c8f5dc12459fb60d24c5
call_targets: 0xe2b8eb988735f7709d08b7d07b41460073904830
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x417d771c9d03a22a1b39b4f85b9f2645476e7e8db877c8f5dc12459fb60d24c5",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xe2b8eb988735f7709d08b7d07b41460073904830"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 144,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "calldata-derived",
            "target_expression_category": "computed"
        },
        {
            "pc": 153,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 320,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 26,
    "guards_detected": [
        {
            "pc": 93,
            "type": "msg_sender_eq_const",
            "value": 98
        },
        {
            "pc": 187,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 360,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 406,
            "type": "msg_sender_eq_const",
            "value": 435
        },
        {
            "pc": 429,
            "type": "msg_sender_eq_const",
            "value": 7.174816064210814e+47
        },
        {
            "pc": 471,
            "type": "tx_origin_used"
        },
        {
            "pc": 512,
            "type": "tx_origin_used"
        },
        {
            "pc": 405,
            "type": "msg_sender_eq_const",
            "value": "0x7dacfce9eacdca48cad5ba0b61560586c375890b"
        },
        {
            "pc": 449,
            "type": "tx_origin_used"
        },
        {
            "pc": 490,
            "type": "tx_origin_used"
        }
    ]
}
info other cast Heavy CALL-family usage 55 no
view
evidence_json 
{
    "notes": "large number of CALL/CALLCODE/STATICCALL opcodes; review external call patterns",
    "call_family_count": 28
}