4f57b112-a012-4461-9365-56faeb58ee4f
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 30212 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 73456 | artifact.fetch | failed | 1 / 3 | 1 week ago |
| 73457 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 73458 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 73459 | capability.graph | complete | 1 / 3 | 1 week ago |
| 73460 | detector.run | complete | 1 / 3 | 1 week ago |
| 73461 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113558 | tool.slither | complete | 1 / 2 | 1 week ago |
'forge clean' running (wd: /tmp/slither-ft04k78d) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-ft04k78d) ImmutableBeaconProxy.constructor(bytes) (contracts/base/proxy/ImmutableBeaconProxy.sol#17-23) ignores return value by _implementation().safeDelegateCall(initDataWithSelector) (contracts/base/proxy/ImmutableBeaconProxy.sol#21) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return Proxy._delegate(address) (lib/openzeppelin-contracts/contracts/proxy/Proxy.sol#22-45) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/proxy/Proxy.sol#23-44) LowLevelCall.callNoReturn(address,uint256,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#19-23) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#20-22) LowLevelCall.callReturn64Bytes(address,uint256,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#38-48) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#43-47) LowLevelCall.staticcallNoReturn(address,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#51-55) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#52-54) LowLevelCall.staticcallReturn64Bytes(address,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#62-71) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#66-70) LowLevelCall.delegatecallNoReturn(address,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#74-78) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#75-77) LowLevelCall.delegatecallReturn64Bytes(address,bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#85-94) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#89-93) LowLevelCall.returnDataSize() (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#97-101) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#98-100) LowLevelCall.returnData() (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#104-111) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#105-110) LowLevelCall.bubbleRevert() (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#114-120) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#115-119) LowLevelCall.bubbleRevert(bytes) (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#122-126) uses assembly - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#123-125) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage 3 different versions of Solidity are used: - Version constraint 0.8.22 is used by: -0.8.22 (contracts/base/proxy/ImmutableBeaconProxy.sol#2) -0.8.22 (contracts/interfaces/base/proxy/IBeacon.sol#2) -0.8.22 (contracts/interfaces/compiler/Command.sol#2) -0.8.22 (contracts/libraries/CommandLibrary.sol#2) -0.8.22 (contracts/libraries/SafeCall.sol#2) - Version constraint ^0.8.20 is used by: -^0.8.20 (lib/openzeppelin-contracts/contracts/proxy/Proxy.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Address.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Errors.sol#4) -^0.8.20 (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#4) - Version constraint >=0.4.16 is used by: ->=0.4.16 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used Version constraint 0.8.22 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - VerbatimInvalidDeduplication. It is used by: - 0.8.22 (contracts/base/proxy/ImmutableBeaconProxy.sol#2) - 0.8.22 (contracts/interfaces/base/proxy/IBeacon.sol#2) - 0.8.22 (contracts/interfaces/compiler/Command.sol#2) - 0.8.22 (contracts/libraries/CommandLibrary.sol#2) - 0.8.22 (contracts/libraries/SafeCall.sol#2) Version constraint ^0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - VerbatimInvalidDeduplication - FullInlinerNonExpressionSplitArgumentEvaluationOrder - MissingSideEffectsOnSelectorAccess. It is used by: - ^0.8.20 (lib/openzeppelin-contracts/contracts/proxy/Proxy.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Address.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Errors.sol#4) - ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/LowLevelCall.sol#4) Version constraint >=0.4.16 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) - DirtyBytesArrayToStorage - ABIDecodeTwoDimensionalArrayMemory - KeccakCaching - EmptyByteArrayCopy - DynamicArrayCleanup - ImplicitConstructorCallvalueCheck - TupleAssignmentMultiStackSlotComponents - MemoryArrayCreationOverflow - privateCanBeOverridden - SignedArrayStorageCopy - ABIEncoderV2StorageArrayWithMultiSlotElement - DynamicConstructorArgumentsClippedABIV2 - UninitializedFunctionPointerInConstructor_0.4.x - IncorrectEventSignatureInLibraries_0.4.x - ExpExponentCleanup - NestedArrayFunctionCallDecoder - ZeroFunctionSelector. It is used by: - >=0.4.16 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity Low level call in ImmutableBeaconProxy._implementation() (contracts/base/proxy/ImmutableBeaconProxy.sol#25-35): - (success,result) = beacon.staticcall(abi.encodeWithSelector(IBeacon.implementation.selector)) (contracts/base/proxy/ImmutableBeaconProxy.sol#26-28) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls Parameter CommandPresets.approve(address,address,uint256)._token (contracts/libraries/CommandLibrary.sol#13) is not in mixedCase Parameter CommandPresets.approve(address,address,uint256)._to (contracts/libraries/CommandLibrary.sol#14) is not in mixedCase Parameter CommandPresets.approve(address,address,uint256)._amount (contracts/libraries/CommandLibrary.sol#15) is not in mixedCase Parameter CommandPresets.transfer(address,address,uint256)._token (contracts/libraries/CommandLibrary.sol#23) is not in mixedCase Parameter CommandPresets.transfer(address,address,uint256)._to (contracts/libraries/CommandLibrary.sol#24) is not in mixedCase Parameter CommandPresets.transfer(address,address,uint256)._amount (contracts/libraries/CommandLibrary.sol#25) is not in mixedCase Parameter CommandExecutor.execute(Command[])._cmds (contracts/libraries/CommandLibrary.sol#35) is not in mixedCase Parameter CommandLibrary.last(Command[])._self (contracts/libraries/CommandLibrary.sol#43) is not in mixedCase Parameter CommandLibrary.asArray(Command)._self (contracts/libraries/CommandLibrary.sol#47) is not in mixedCase Parameter CommandLibrary.append(Command[],Command[])._self (contracts/libraries/CommandLibrary.sol#53) is not in mixedCase Parameter CommandLibrary.append(Command[],Command[])._cmds (contracts/libraries/CommandLibrary.sol#54) is not in mixedCase Parameter CommandLibrary.push(Command[],Command)._self (contracts/libraries/CommandLibrary.sol#67) is not in mixedCase Parameter CommandLibrary.push(Command[],Command)._cmd (contracts/libraries/CommandLibrary.sol#68) is not in mixedCase Parameter CommandLibrary.populateWithApprove(Command,address,uint256)._self (contracts/libraries/CommandLibrary.sol#78) is not in mixedCase Parameter CommandLibrary.populateWithApprove(Command,address,uint256)._token (contracts/libraries/CommandLibrary.sol#79) is not in mixedCase Parameter CommandLibrary.populateWithApprove(Command,address,uint256)._amount (contracts/libraries/CommandLibrary.sol#80) is not in mixedCase Parameter SafeCall.safeCallAll(Command[])._cmds (contracts/libraries/SafeCall.sol#14) is not in mixedCase Parameter SafeCall.safeCall(Command)._cmd (contracts/libraries/SafeCall.sol#20) is not in mixedCase Parameter SafeCall.safeCall(address,bytes)._target (contracts/libraries/SafeCall.sol#24) is not in mixedCase Parameter SafeCall.safeCall(address,bytes)._data (contracts/libraries/SafeCall.sol#24) is not in mixedCase Parameter SafeCall.safeCall(address,uint256,bytes)._target (contracts/libraries/SafeCall.sol#29) is not in mixedCase Parameter SafeCall.safeCall(address,uint256,bytes)._value (contracts/libraries/SafeCall.sol#30) is not in mixedCase Parameter SafeCall.safeCall(address,uint256,bytes)._data (contracts/libraries/SafeCall.sol#31) is not in mixedCase Parameter SafeCall.safeDelegateCall(address,bytes)._target (contracts/libraries/SafeCall.sol#37) is not in mixedCase Parameter SafeCall.safeDelegateCall(address,bytes)._data (contracts/libraries/SafeCall.sol#38) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions . analyzed (11 contracts with 100 detectors), 42 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.22",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.22",
"install_stderr": null,
"install_stdout": "Version '0.8.22' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-ft04k78d --include-path /tmp/slither-ft04k78d/lib --include-path /tmp/slither-ft04k78d/lib/openzeppelin-contracts --allow-paths /tmp/slither-ft04k78d,/tmp/slither-ft04k78d/lib,/tmp/slither-ft04k78d/lib/openzeppelin-contracts,/tmp/slither-ft04k78d/src",
"remappings": [
"openzeppelin-contracts/=lib/openzeppelin-contracts/",
"@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/"
],
"source_files": [
"@openzeppelin/contracts/proxy/Proxy.sol",
"@openzeppelin/contracts/token/ERC20/IERC20.sol",
"@openzeppelin/contracts/utils/Address.sol",
"contracts/base/proxy/ImmutableBeaconProxy.sol",
"contracts/interfaces/base/proxy/IBeacon.sol",
"contracts/interfaces/compiler/Command.sol",
"contracts/libraries/CommandLibrary.sol",
"contracts/libraries/SafeCall.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 42,
"workspace_hash": "c1a6ff6e8678e8ab03c26b77cf029d5644228c9d046c8ed8a6d8314fa7da0c0d",
"duration_seconds": 0.5612480640411377,
"solc_version_requested": "0.8.22"
}
[codex:1518983] OpenAI Codex v0.77.0 (research preview)
[codex:1518983] --------
[codex:1518983] workdir: /tmp/codex-multi-2jpzj1t4
[codex:1518983] model: gpt-5.2-codex
[codex:1518983] provider: openai
[codex:1518983] approval: never
[codex:1518983] sandbox: read-only
[codex:1518983] reasoning effort: xhigh
[codex:1518983] reasoning summaries: auto
[codex:1518983] session id: 019b61eb-5de3-7701-af45-7f5e9f07f5bb
[codex:1518983] --------
[codex:1518983] user
[codex:1518983] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:1518983] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:1518983] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:1518983]
[codex:1518983] Scope rules:
[codex:1518983] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:1518983] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:1518983]
[codex:1518983] Output MUST be valid JSON matching the provided schema.
[codex:1518983] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:1518983] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:1518983]
[codex:1518983] Output constraints (IMPORTANT):
[codex:1518983] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:1518983] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:1518983] mcp startup: no servers
[codex:1518983]
[codex:1518983] thinking
[codex:1518983] **Reading AUDIT_BUNDLE.txt**
[codex:1518983] exec
[codex:1518983] /bin/bash -lc ls in /tmp/codex-multi-2jpzj1t4 succeeded in 5ms:
[codex:1518983] AUDIT_BUNDLE.txt
[codex:1518983] codex-output-schema.json
[codex:1518983] contracts
[codex:1518983] exec
[codex:1518983] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-2jpzj1t4 succeeded in 5ms:
[codex:1518983] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:1518983]
[codex:1518983] ================================================================================
[codex:1518983] FILE: contracts/@openzeppelin/contracts/proxy/Proxy.sol
[codex:1518983] ================================================================================
[codex:1518983] // SPDX-License-Identifier: MIT
[codex:1518983] // OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
[codex:1518983]
[codex:1518983] pragma solidity ^0.8.20;
[codex:1518983]
[codex:1518983] /**
[codex:1518983] * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
[codex:1518983] * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
[codex:1518983] * be specified by overriding the virtual {_implementation} function.
[codex:1518983] *
[codex:1518983] * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
[codex:1518983] * different contract through the {_delegate} function.
[codex:1518983] *
[codex:1518983] * The success and return data of the delegated call will be returned back to the caller of the proxy.
[codex:1518983] */
[codex:1518983]
[codex:1518983] thinking
[codex:1518983] **Analyzing audit bundle for vulnerabilities**
[codex:1518983] codex
[codex:1518983] {"no_findings":true,"summary":"Reviewed first-party contracts in `AUDIT_BUNDLE.txt` (proxy/beacon wrapper and command/call libraries). No exploitable issues found in the requested categories given the current scope.","findings":[]}
[codex:1518983] tokens used
[codex:1518983] 10,655
[codex:1518983] {"no_findings":true,"summary":"Reviewed first-party contracts in `AUDIT_BUNDLE.txt` (proxy/beacon wrapper and command/call libraries). No exploitable issues found in the requested categories given the current scope.","findings":[]}
{
"codex": {
"ran_at": "2025-12-27T22:26:50.052177+00:00",
"returncode": 0
},
"summary": "Reviewed first-party contracts in `AUDIT_BUNDLE.txt` (proxy/beacon wrapper and command/call libraries). No exploitable issues found in the requested categories given the current scope.",
"raw_final": {
"summary": "Reviewed first-party contracts in `AUDIT_BUNDLE.txt` (proxy/beacon wrapper and command/call libraries). No exploitable issues found in the requested categories given the current scope.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH2 0x000c 00000008: PUSH2 0x000e 0000000b: JUMP 0000000c: JUMPDEST 0000000d: STOP 0000000e: JUMPDEST 0000000f: PUSH2 0x001e 00000012: PUSH2 0x0019 00000015: PUSH2 0x0020 00000018: JUMP 00000019: JUMPDEST 0000001a: PUSH2 0x01ec 0000001d: JUMP 0000001e: JUMPDEST 0000001f: JUMP 00000020: JUMPDEST 00000021: PUSH1 0x40 00000023: DUP1 00000024: MLOAD 00000025: PUSH1 0x04 00000027: DUP2 00000028: MSTORE 00000029: PUSH1 0x24 0000002b: DUP2 0000002c: ADD 0000002d: DUP3 0000002e: MSTORE 0000002f: PUSH1 0x20 00000031: DUP2 00000032: ADD 00000033: DUP1 00000034: MLOAD 00000035: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 00000052: AND 00000053: PUSH32 0x5c60da1b00000000000000000000000000000000000000000000000000000000 00000074: OR 00000075: SWAP1 00000076: MSTORE 00000077: SWAP1 00000078: MLOAD 00000079: PUSH1 0x00 0000007b: SWAP2 0000007c: DUP3 0000007d: SWAP2 0000007e: DUP3 0000007f: SWAP2 00000080: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000095: PUSH32 0x000000000000000000000000e70d11d23f36826c58f30c61b4deaf0a89a6d837 000000b6: AND 000000b7: SWAP2 000000b8: PUSH2 0x00c1 000000bb: SWAP2 000000bc: SWAP1 000000bd: PUSH2 0x0256 000000c0: JUMP 000000c1: JUMPDEST 000000c2: PUSH1 0x00 000000c4: PUSH1 0x40 000000c6: MLOAD 000000c7: DUP1 000000c8: DUP4 000000c9: SUB 000000ca: DUP2 000000cb: DUP6 000000cc: GAS 000000cd: STATICCALL 000000ce: SWAP2 000000cf: POP 000000d0: POP 000000d1: RETURNDATASIZE 000000d2: DUP1 000000d3: PUSH1 0x00 000000d5: DUP2 000000d6: EQ 000000d7: PUSH2 0x00fc 000000da: JUMPI 000000db: PUSH1 0x40 000000dd: MLOAD 000000de: SWAP2 000000df: POP 000000e0: PUSH1 0x1f 000000e2: NOT 000000e3: PUSH1 0x3f 000000e5: RETURNDATASIZE 000000e6: ADD 000000e7: AND 000000e8: DUP3 000000e9: ADD 000000ea: PUSH1 0x40 000000ec: MSTORE 000000ed: RETURNDATASIZE 000000ee: DUP3 000000ef: MSTORE 000000f0: RETURNDATASIZE 000000f1: PUSH1 0x00 000000f3: PUSH1 0x20 000000f5: DUP5 000000f6: ADD 000000f7: RETURNDATACOPY 000000f8: PUSH2 0x0101 000000fb: JUMP 000000fc: JUMPDEST 000000fd: PUSH1 0x60 000000ff: SWAP2 00000100: POP 00000101: JUMPDEST 00000102: POP 00000103: SWAP2 00000104: POP 00000105: SWAP2 00000106: POP 00000107: DUP2 00000108: PUSH2 0x013d 0000010b: JUMPI 0000010c: PUSH1 0x40 0000010e: MLOAD 0000010f: PUSH32 0x73a769bf00000000000000000000000000000000000000000000000000000000 00000130: DUP2 00000131: MSTORE 00000132: PUSH1 0x04 00000134: ADD 00000135: PUSH1 0x40 00000137: MLOAD 00000138: DUP1 00000139: SWAP2 0000013a: SUB 0000013b: SWAP1 0000013c: REVERT 0000013d: JUMPDEST 0000013e: DUP1 0000013f: MLOAD 00000140: PUSH1 0x20 00000142: EQ 00000143: PUSH2 0x0184 00000146: JUMPI 00000147: DUP1 00000148: MLOAD 00000149: PUSH1 0x40 0000014b: MLOAD 0000014c: PUSH32 0x7ce64c7800000000000000000000000000000000000000000000000000000000 0000016d: DUP2 0000016e: MSTORE 0000016f: PUSH1 0x04 00000171: ADD 00000172: PUSH2 0x017b 00000175: SWAP2 00000176: SWAP1 00000177: PUSH2 0x0266 0000017a: JUMP 0000017b: JUMPDEST 0000017c: PUSH1 0x40 0000017e: MLOAD 0000017f: DUP1 00000180: SWAP2 00000181: SUB 00000182: SWAP1 00000183: REVERT 00000184: JUMPDEST 00000185: DUP1 00000186: DUP1 00000187: PUSH1 0x20 00000189: ADD 0000018a: SWAP1 0000018b: MLOAD 0000018c: DUP2 0000018d: ADD 0000018e: SWAP1 0000018f: PUSH2 0x0198 00000192: SWAP2 00000193: SWAP1 00000194: PUSH2 0x02b2 00000197: JUMP 00000198: JUMPDEST 00000199: SWAP3 0000019a: POP 0000019b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001b0: DUP4 000001b1: AND 000001b2: PUSH2 0x01e7 000001b5: JUMPI 000001b6: PUSH1 0x40 000001b8: MLOAD 000001b9: PUSH32 0xfb678c3000000000000000000000000000000000000000000000000000000000 000001da: DUP2 000001db: MSTORE 000001dc: PUSH1 0x04 000001de: ADD 000001df: PUSH1 0x40 000001e1: MLOAD 000001e2: DUP1 000001e3: SWAP2 000001e4: SUB 000001e5: SWAP1 000001e6: REVERT 000001e7: JUMPDEST 000001e8: POP 000001e9: POP 000001ea: SWAP1 000001eb: JUMP 000001ec: JUMPDEST 000001ed: CALLDATASIZE 000001ee: PUSH1 0x00 000001f0: DUP1 000001f1: CALLDATACOPY 000001f2: PUSH1 0x00 000001f4: DUP1 000001f5: CALLDATASIZE 000001f6: PUSH1 0x00 000001f8: DUP5 000001f9: GAS 000001fa: DELEGATECALL 000001fb: RETURNDATASIZE 000001fc: PUSH1 0x00 000001fe: DUP1 000001ff: RETURNDATACOPY 00000200: DUP1 00000201: DUP1 00000202: ISZERO 00000203: PUSH2 0x020b 00000206: JUMPI 00000207: RETURNDATASIZE 00000208: PUSH1 0x00 0000020a: RETURN 0000020b: JUMPDEST 0000020c: RETURNDATASIZE 0000020d: PUSH1 0x00 0000020f: REVERT 00000210: JUMPDEST 00000211: PUSH1 0x00 00000213: JUMPDEST 00000214: DUP4 00000215: DUP2 00000216: LT 00000217: ISZERO 00000218: PUSH2 0x022b 0000021b: JUMPI 0000021c: DUP2 0000021d: DUP2 0000021e: ADD 0000021f: MLOAD 00000220: DUP4 00000221: DUP3 00000222: ADD 00000223: MSTORE 00000224: PUSH1 0x20 00000226: ADD 00000227: PUSH2 0x0213 0000022a: JUMP 0000022b: JUMPDEST 0000022c: POP 0000022d: POP 0000022e: PUSH1 0x00 00000230: SWAP2 00000231: ADD 00000232: MSTORE 00000233: JUMP 00000234: JUMPDEST 00000235: PUSH1 0x00 00000237: PUSH2 0x023e 0000023a: DUP3 0000023b: MLOAD 0000023c: SWAP1 0000023d: JUMP 0000023e: JUMPDEST 0000023f: PUSH2 0x024c 00000242: DUP2 00000243: DUP6 00000244: PUSH1 0x20 00000246: DUP7 00000247: ADD 00000248: PUSH2 0x0210 0000024b: JUMP 0000024c: JUMPDEST 0000024d: SWAP3 0000024e: SWAP1 0000024f: SWAP3 00000250: ADD 00000251: SWAP3 00000252: SWAP2 00000253: POP 00000254: POP 00000255: JUMP 00000256: JUMPDEST 00000257: PUSH2 0x0260 0000025a: DUP2 0000025b: DUP4 0000025c: PUSH2 0x0234 0000025f: JUMP 00000260: JUMPDEST 00000261: SWAP3 00000262: SWAP2 00000263: POP 00000264: POP 00000265: JUMP 00000266: JUMPDEST 00000267: DUP2 00000268: DUP2 00000269: MSTORE 0000026a: PUSH1 0x20 0000026c: DUP2 0000026d: ADD 0000026e: PUSH2 0x0260 00000271: JUMP 00000272: JUMPDEST 00000273: PUSH1 0x00 00000275: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000028a: DUP3 0000028b: AND 0000028c: PUSH2 0x0260 0000028f: JUMP 00000290: JUMPDEST 00000291: PUSH2 0x0299 00000294: DUP2 00000295: PUSH2 0x0272 00000298: JUMP 00000299: JUMPDEST 0000029a: DUP2 0000029b: EQ 0000029c: PUSH2 0x02a4 0000029f: JUMPI 000002a0: PUSH1 0x00 000002a2: DUP1 000002a3: REVERT 000002a4: JUMPDEST 000002a5: POP 000002a6: JUMP 000002a7: JUMPDEST 000002a8: DUP1 000002a9: MLOAD 000002aa: PUSH2 0x0260 000002ad: DUP2 000002ae: PUSH2 0x0290 000002b1: JUMP 000002b2: JUMPDEST 000002b3: PUSH1 0x00 000002b5: PUSH1 0x20 000002b7: DUP3 000002b8: DUP5 000002b9: SUB 000002ba: SLT 000002bb: ISZERO 000002bc: PUSH2 0x02c7 000002bf: JUMPI 000002c0: PUSH2 0x02c7 000002c3: PUSH1 0x00 000002c5: DUP1 000002c6: REVERT 000002c7: JUMPDEST 000002c8: PUSH2 0x02d1 000002cb: DUP4 000002cc: DUP4 000002cd: PUSH2 0x02a7 000002d0: JUMP 000002d1: JUMPDEST 000002d2: SWAP4 000002d3: SWAP3 000002d4: POP 000002d5: POP 000002d6: POP 000002d7: JUMP 000002d8: INVALID 000002d9: LOG2 000002da: PUSH5 0x6970667358 000002e0: UNKNOWN(0x22) 000002e1: SLT 000002e2: KECCAK256 000002e3: UNKNOWN(0xE9) 000002e4: UNKNOWN(0xD2) 000002e5: CLZ 000002e6: PUSH20 0x399766fd4a2b1c6e9767ef0aba61b69658e29e68 000002fb: UNKNOWN(0x0E) 000002fc: PUSH13 0x3d0c0b50155f64736f6c634300 0000030a: ADDMOD 0000030b: AND 0000030c: STOP 0000030d: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | yes | yes |
viewtrace_id: 0x121a11f3f669a2098bf17ccbb614aeb4a768ba518cbca448c8eec8eb565f6a57
call_targets:
0xa999417be0bc8ef2bc482a55ce1c6a502c927f77, 0xc3f3e1b112c1a9053530ecb0e165befc0b705a29
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x121a11f3f669a2098bf17ccbb614aeb4a768ba518cbca448c8eec8eb565f6a57",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0xa999417be0bc8ef2bc482a55ce1c6a502c927f77",
"0xc3f3e1b112c1a9053530ecb0e165befc0b705a29"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x",
"selector": "fallback",
"calldata_variants": [
"0x"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 506,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 1
}
|