TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

50359475-d1aa-45c1-a3a0-b53eac44be3b

failed
Chain ID
1
Address
0x35a5d1bd68f3139971027b92c1ee9384a0708554
Block Number
Created
Mon, Dec 29, 2025 9:42 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
30582 report.consolidate complete 1 / 1 3 months ago
104351 artifact.fetch failed 1 / 3 1 week ago
104352 tool.cast_disasm complete 1 / 3 1 week ago
104353 analysis.bundle complete 1 / 3 1 week ago
104354 capability.graph complete 1 / 3 1 week ago
104355 detector.run complete 1 / 3 1 week ago
104356 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
Reviewed `AUDIT_BUNDLE.txt` (WildcatFeeRecipient and LibERC20). No exploitable issues found in scope areas given current access-control and fund-flow design.
View stderr 
[codex:1263824] OpenAI Codex v0.77.0 (research preview)
[codex:1263824] --------
[codex:1263824] workdir: /tmp/codex-multi-ltmm8xk7
[codex:1263824] model: gpt-5.2-codex
[codex:1263824] provider: openai
[codex:1263824] approval: never
[codex:1263824] sandbox: read-only
[codex:1263824] reasoning effort: xhigh
[codex:1263824] reasoning summaries: auto
[codex:1263824] session id: 019b6c0f-3c32-7c51-a22e-758a9a46352d
[codex:1263824] --------
[codex:1263824] user
[codex:1263824] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:1263824] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:1263824] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:1263824] 
[codex:1263824] Scope rules:
[codex:1263824] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:1263824] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:1263824] 
[codex:1263824] Output MUST be valid JSON matching the provided schema.
[codex:1263824] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:1263824] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:1263824] 
[codex:1263824] Output constraints (IMPORTANT):
[codex:1263824] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:1263824] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:1263824] mcp startup: no servers
[codex:1263824] 
[codex:1263824] thinking
[codex:1263824] **Reading AUDIT_BUNDLE.txt file**
[codex:1263824] exec
[codex:1263824] /bin/bash -lc ls in /tmp/codex-multi-ltmm8xk7 succeeded in 8ms:
[codex:1263824] AUDIT_BUNDLE.txt
[codex:1263824] codex-output-schema.json
[codex:1263824] contracts
[codex:1263824] exec
[codex:1263824] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-ltmm8xk7 succeeded in 5ms:
[codex:1263824] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:1263824] 
[codex:1263824] ================================================================================
[codex:1263824] FILE: contracts/src/WildcatFeeRecipient.sol
[codex:1263824] ================================================================================
[codex:1263824] // SPDX-License-Identifier: UNLICENSED
[codex:1263824] pragma solidity ^0.8.25;
[codex:1263824] 
[codex:1263824] import "./libraries/LibERC20.sol";
[codex:1263824] 
[codex:1263824] contract WildcatFeeRecipient {
[codex:1263824]     using LibERC20 for address;
[codex:1263824] 
[codex:1263824]     address public owner;
[codex:1263824]     address public recipient;
[codex:1263824] 
[codex:1263824]     error NotOwner();
[codex:1263824]     error NotOwnerOrRecipient();
[codex:1263824]     error NoETHInContract();
[codex:1263824]     error ETHTransferFailed();
[codex:1263824] 
[codex:1263824] thinking
[codex:1263824] **Analyzing WildcatFeeRecipient contract for vulnerabilities**
[codex:1263824] 
[codex:1263824] I'm carefully auditing the WildcatFeeRecipient contract for potential issues like reentrancy, improper balance checks, and unauthorized access. It seems releaseETH(uint) might revert if asked to send more than the balance, but that's expected and not a vulnerability. The owner and recipient have allowed permissions, so even tricky reentrant calls from the recipient contract are authorized and don't pose security risks beyond intended behavior. Overall, no real vulnerabilities stand out, so I'll prepare a JSON output indicating no findings with a summary of this audit.
[codex:1263824] codex
[codex:1263824] {"no_findings":true,"summary":"Reviewed `AUDIT_BUNDLE.txt` (WildcatFeeRecipient and LibERC20). No exploitable issues found in scope areas given current access-control and fund-flow design.","findings":[]}
[codex:1263824] tokens used
[codex:1263824] 8,858
[codex:1263824] {"no_findings":true,"summary":"Reviewed `AUDIT_BUNDLE.txt` (WildcatFeeRecipient and LibERC20). No exploitable issues found in scope areas given current access-control and fund-flow design.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2025-12-29T21:42:05.599231+00:00",
        "returncode": 0
    },
    "summary": "Reviewed `AUDIT_BUNDLE.txt` (WildcatFeeRecipient and LibERC20). No exploitable issues found in scope areas given current access-control and fund-flow design.",
    "raw_final": {
        "summary": "Reviewed `AUDIT_BUNDLE.txt` (WildcatFeeRecipient and LibERC20). No exploitable issues found in scope areas given current access-control and fund-flow design.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
5
EXT*/BALANCE
0
Total opcodes
1040
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: DUP2
00000005: DUP2
00000006: MSTORE
00000007: PUSH1 0x04
00000009: SWAP2
0000000a: DUP3
0000000b: CALLDATASIZE
0000000c: LT
0000000d: ISZERO
0000000e: PUSH2 0x0015
00000011: JUMPI
00000012: PUSH0
00000013: DUP1
00000014: REVERT
00000015: JUMPDEST
00000016: PUSH0
00000017: CALLDATALOAD
00000018: PUSH1 0xe0
0000001a: SHR
0000001b: SWAP1
0000001c: DUP2
0000001d: PUSH4 0x0aaff8f2
00000022: EQ
00000023: PUSH2 0x04bd
00000026: JUMPI
00000027: POP
00000028: DUP1
00000029: PUSH4 0x1cff79cd
0000002e: EQ
0000002f: PUSH2 0x0404
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x6639016b
00000039: EQ
0000003a: PUSH2 0x0393
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x66d003ac
00000044: EQ
00000045: PUSH2 0x036b
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0x8da5cb5b
0000004f: EQ
00000050: PUSH2 0x0344
00000053: JUMPI
00000054: DUP1
00000055: PUSH4 0x92c2bcb4
0000005a: EQ
0000005b: PUSH2 0x02a8
0000005e: JUMPI
0000005f: DUP1
00000060: PUSH4 0xa6f9dae1
00000065: EQ
00000066: PUSH2 0x0218
00000069: JUMPI
0000006a: DUP1
0000006b: PUSH4 0xd261300f
00000070: EQ
00000071: PUSH2 0x0146
00000074: JUMPI
00000075: PUSH4 0xf9a075dc
0000007a: EQ
0000007b: PUSH2 0x0082
0000007e: JUMPI
0000007f: PUSH0
00000080: DUP1
00000081: REVERT
00000082: JUMPDEST
00000083: CALLVALUE
00000084: PUSH2 0x0142
00000087: JUMPI
00000088: PUSH1 0x20
0000008a: CALLDATASIZE
0000008b: PUSH1 0x03
0000008d: NOT
0000008e: ADD
0000008f: SLT
00000090: PUSH2 0x0142
00000093: JUMPI
00000094: PUSH0
00000095: SLOAD
00000096: DUP3
00000097: CALLDATALOAD
00000098: SWAP3
00000099: PUSH1 0x01
0000009b: PUSH1 0x01
0000009d: PUSH1 0xa0
0000009f: SHL
000000a0: SUB
000000a1: SWAP2
000000a2: DUP3
000000a3: AND
000000a4: CALLER
000000a5: EQ
000000a6: ISZERO
000000a7: DUP1
000000a8: PUSH2 0x0134
000000ab: JUMPI
000000ac: JUMPDEST
000000ad: PUSH2 0x0126
000000b0: JUMPI
000000b1: PUSH0
000000b2: DUP1
000000b3: DUP1
000000b4: DUP1
000000b5: DUP8
000000b6: DUP7
000000b7: PUSH1 0x01
000000b9: SLOAD
000000ba: AND
000000bb: GAS
000000bc: CALL
000000bd: PUSH2 0x00c4
000000c0: PUSH2 0x05d1
000000c3: JUMP
000000c4: JUMPDEST
000000c5: POP
000000c6: ISZERO
000000c7: PUSH2 0x0118
000000ca: JUMPI
000000cb: POP
000000cc: PUSH1 0x01
000000ce: SLOAD
000000cf: DUP3
000000d0: MLOAD
000000d1: SWAP2
000000d2: AND
000000d3: PUSH1 0x01
000000d5: PUSH1 0x01
000000d7: PUSH1 0xa0
000000d9: SHL
000000da: SUB
000000db: AND
000000dc: DUP2
000000dd: MSTORE
000000de: PUSH1 0x20
000000e0: DUP1
000000e1: DUP3
000000e2: ADD
000000e3: SWAP4
000000e4: SWAP1
000000e5: SWAP4
000000e6: MSTORE
000000e7: PUSH32 0x1445764fe3fdfc2a9812ff42e9b65c2e7896d5162851f78f7d4a5578f7346ff1
00000108: SWAP1
00000109: DUP1
0000010a: PUSH1 0x40
0000010c: DUP2
0000010d: ADD
0000010e: JUMPDEST
0000010f: SUB
00000110: SWAP1
00000111: LOG1
00000112: MLOAD
00000113: PUSH1 0x01
00000115: DUP2
00000116: MSTORE
00000117: RETURN
00000118: JUMPDEST
00000119: DUP3
0000011a: MLOAD
0000011b: PUSH4 0xb12d13eb
00000120: PUSH1 0xe0
00000122: SHL
00000123: DUP2
00000124: MSTORE
00000125: REVERT
00000126: JUMPDEST
00000127: DUP3
00000128: MLOAD
00000129: PUSH4 0x4b67e1c5
0000012e: PUSH1 0xe0
00000130: SHL
00000131: DUP2
00000132: MSTORE
00000133: REVERT
00000134: JUMPDEST
00000135: POP
00000136: DUP2
00000137: PUSH1 0x01
00000139: SLOAD
0000013a: AND
0000013b: CALLER
0000013c: EQ
0000013d: ISZERO
0000013e: PUSH2 0x00ac
00000141: JUMP
00000142: JUMPDEST
00000143: PUSH0
00000144: DUP1
00000145: REVERT
00000146: JUMPDEST
00000147: POP
00000148: CALLVALUE
00000149: PUSH2 0x0142
0000014c: JUMPI
0000014d: DUP1
0000014e: PUSH1 0x03
00000150: NOT
00000151: CALLDATASIZE
00000152: ADD
00000153: SLT
00000154: PUSH2 0x0142
00000157: JUMPI
00000158: PUSH2 0x015f
0000015b: PUSH2 0x0565
0000015e: JUMP
0000015f: JUMPDEST
00000160: PUSH0
00000161: SLOAD
00000162: PUSH1 0x24
00000164: CALLDATALOAD
00000165: SWAP4
00000166: PUSH1 0x01
00000168: PUSH1 0x01
0000016a: PUSH1 0xa0
0000016c: SHL
0000016d: SUB
0000016e: SWAP3
0000016f: SWAP2
00000170: DUP4
00000171: AND
00000172: CALLER
00000173: EQ
00000174: ISZERO
00000175: DUP1
00000176: PUSH2 0x020a
00000179: JUMPI
0000017a: JUMPDEST
0000017b: PUSH2 0x01fc
0000017e: JUMPI
0000017f: PUSH2 0x0188
00000182: ADDRESS
00000183: DUP4
00000184: PUSH2 0x05f6
00000187: JUMP
00000188: JUMPDEST
00000189: DUP6
0000018a: GT
0000018b: PUSH2 0x01ee
0000018e: JUMPI
0000018f: POP
00000190: SWAP3
00000191: DUP2
00000192: PUSH2 0x01c4
00000195: DUP3
00000196: PUSH1 0x20
00000198: SWAP7
00000199: PUSH32 0xe8de91d538b06154a2c48315768c5046f47e127d7fd3f726fd85cc723f29b052
000001ba: SWAP6
000001bb: PUSH1 0x01
000001bd: SLOAD
000001be: AND
000001bf: SWAP1
000001c0: PUSH2 0x0626
000001c3: JUMP
000001c4: JUMPDEST
000001c5: PUSH1 0x01
000001c7: SLOAD
000001c8: DUP5
000001c9: MLOAD
000001ca: ADDRESS
000001cb: DUP2
000001cc: MSTORE
000001cd: SWAP2
000001ce: AND
000001cf: PUSH1 0x01
000001d1: PUSH1 0x01
000001d3: PUSH1 0xa0
000001d5: SHL
000001d6: SUB
000001d7: AND
000001d8: PUSH1 0x20
000001da: DUP3
000001db: ADD
000001dc: MSTORE
000001dd: PUSH1 0x40
000001df: DUP2
000001e0: ADD
000001e1: SWAP2
000001e2: SWAP1
000001e3: SWAP2
000001e4: MSTORE
000001e5: DUP1
000001e6: PUSH1 0x60
000001e8: DUP2
000001e9: ADD
000001ea: PUSH2 0x010e
000001ed: JUMP
000001ee: JUMPDEST
000001ef: DUP4
000001f0: MLOAD
000001f1: PUSH4 0x930e5433
000001f6: PUSH1 0xe0
000001f8: SHL
000001f9: DUP2
000001fa: MSTORE
000001fb: REVERT
000001fc: JUMPDEST
000001fd: DUP4
000001fe: MLOAD
000001ff: PUSH4 0x4b67e1c5
00000204: PUSH1 0xe0
00000206: SHL
00000207: DUP2
00000208: MSTORE
00000209: REVERT
0000020a: JUMPDEST
0000020b: POP
0000020c: DUP3
0000020d: PUSH1 0x01
0000020f: SLOAD
00000210: AND
00000211: CALLER
00000212: EQ
00000213: ISZERO
00000214: PUSH2 0x017a
00000217: JUMP
00000218: JUMPDEST
00000219: POP
0000021a: CALLVALUE
0000021b: PUSH2 0x0142
0000021e: JUMPI
0000021f: PUSH1 0x20
00000221: CALLDATASIZE
00000222: PUSH1 0x03
00000224: NOT
00000225: ADD
00000226: SLT
00000227: PUSH2 0x0142
0000022a: JUMPI
0000022b: PUSH2 0x0232
0000022e: PUSH2 0x0565
00000231: JUMP
00000232: JUMPDEST
00000233: PUSH0
00000234: SLOAD
00000235: SWAP1
00000236: SWAP3
00000237: PUSH1 0x01
00000239: PUSH1 0x01
0000023b: PUSH1 0xa0
0000023d: SHL
0000023e: SUB
0000023f: SWAP1
00000240: DUP2
00000241: DUP4
00000242: AND
00000243: CALLER
00000244: SUB
00000245: PUSH2 0x029a
00000248: JUMPI
00000249: PUSH1 0x01
0000024b: PUSH1 0x01
0000024d: PUSH1 0xa0
0000024f: SHL
00000250: SUB
00000251: NOT
00000252: DUP4
00000253: AND
00000254: DUP3
00000255: DUP7
00000256: AND
00000257: OR
00000258: PUSH0
00000259: SSTORE
0000025a: DUP4
0000025b: MLOAD
0000025c: CALLER
0000025d: DUP2
0000025e: MSTORE
0000025f: PUSH1 0x01
00000261: PUSH1 0x01
00000263: PUSH1 0xa0
00000265: SHL
00000266: SUB
00000267: DUP7
00000268: AND
00000269: PUSH1 0x20
0000026b: DUP3
0000026c: ADD
0000026d: MSTORE
0000026e: PUSH32 0xb532073b38c83145e3e5135377a08bf9aab55bc0fd7c1179cd4fb995d2a5159c
0000028f: SWAP1
00000290: DUP1
00000291: PUSH1 0x40
00000293: DUP2
00000294: ADD
00000295: JUMPDEST
00000296: SUB
00000297: SWAP1
00000298: LOG1
00000299: STOP
0000029a: JUMPDEST
0000029b: DUP4
0000029c: MLOAD
0000029d: PUSH4 0x30cd7471
000002a2: PUSH1 0xe0
000002a4: SHL
000002a5: DUP2
000002a6: MSTORE
000002a7: REVERT
000002a8: JUMPDEST
000002a9: POP
000002aa: SWAP1
000002ab: CALLVALUE
000002ac: PUSH2 0x0142
000002af: JUMPI
000002b0: PUSH1 0x20
000002b2: CALLDATASIZE
000002b3: PUSH1 0x03
000002b5: NOT
000002b6: ADD
000002b7: SLT
000002b8: PUSH2 0x0142
000002bb: JUMPI
000002bc: PUSH2 0x02c3
000002bf: PUSH2 0x0565
000002c2: JUMP
000002c3: JUMPDEST
000002c4: PUSH0
000002c5: SLOAD
000002c6: SWAP1
000002c7: SWAP3
000002c8: PUSH1 0x01
000002ca: PUSH1 0x01
000002cc: PUSH1 0xa0
000002ce: SHL
000002cf: SUB
000002d0: SWAP3
000002d1: SWAP1
000002d2: SWAP2
000002d3: DUP4
000002d4: AND
000002d5: CALLER
000002d6: SUB
000002d7: PUSH2 0x0336
000002da: JUMPI
000002db: POP
000002dc: PUSH1 0x01
000002de: DUP1
000002df: SLOAD
000002e0: PUSH1 0x01
000002e2: PUSH1 0x01
000002e4: PUSH1 0xa0
000002e6: SHL
000002e7: SUB
000002e8: NOT
000002e9: DUP2
000002ea: AND
000002eb: DUP5
000002ec: DUP7
000002ed: AND
000002ee: OR
000002ef: SWAP1
000002f0: SWAP2
000002f1: SSTORE
000002f2: SWAP1
000002f3: MLOAD
000002f4: PUSH1 0x01
000002f6: PUSH1 0x01
000002f8: PUSH1 0xa0
000002fa: SHL
000002fb: SUB
000002fc: SWAP3
000002fd: SWAP1
000002fe: SWAP2
000002ff: AND
00000300: DUP3
00000301: AND
00000302: DUP2
00000303: MSTORE
00000304: SWAP2
00000305: AND
00000306: PUSH1 0x20
00000308: DUP3
00000309: ADD
0000030a: MSTORE
0000030b: PUSH32 0x4a9d367b1b0cd787be10021f1c55cb49c9f2302334e6df35c9621005eb222514
0000032c: SWAP1
0000032d: DUP1
0000032e: PUSH1 0x40
00000330: DUP2
00000331: ADD
00000332: PUSH2 0x0295
00000335: JUMP
00000336: JUMPDEST
00000337: SWAP1
00000338: MLOAD
00000339: PUSH4 0x30cd7471
0000033e: PUSH1 0xe0
00000340: SHL
00000341: DUP2
00000342: MSTORE
00000343: REVERT
00000344: JUMPDEST
00000345: POP
00000346: CALLVALUE
00000347: PUSH2 0x0142
0000034a: JUMPI
0000034b: PUSH0
0000034c: CALLDATASIZE
0000034d: PUSH1 0x03
0000034f: NOT
00000350: ADD
00000351: SLT
00000352: PUSH2 0x0142
00000355: JUMPI
00000356: PUSH0
00000357: SLOAD
00000358: SWAP1
00000359: MLOAD
0000035a: PUSH1 0x01
0000035c: PUSH1 0x01
0000035e: PUSH1 0xa0
00000360: SHL
00000361: SUB
00000362: SWAP1
00000363: SWAP2
00000364: AND
00000365: DUP2
00000366: MSTORE
00000367: PUSH1 0x20
00000369: SWAP1
0000036a: RETURN
0000036b: JUMPDEST
0000036c: POP
0000036d: CALLVALUE
0000036e: PUSH2 0x0142
00000371: JUMPI
00000372: PUSH0
00000373: CALLDATASIZE
00000374: PUSH1 0x03
00000376: NOT
00000377: ADD
00000378: SLT
00000379: PUSH2 0x0142
0000037c: JUMPI
0000037d: PUSH1 0x01
0000037f: SLOAD
00000380: SWAP1
00000381: MLOAD
00000382: PUSH1 0x01
00000384: PUSH1 0x01
00000386: PUSH1 0xa0
00000388: SHL
00000389: SUB
0000038a: SWAP1
0000038b: SWAP2
0000038c: AND
0000038d: DUP2
0000038e: MSTORE
0000038f: PUSH1 0x20
00000391: SWAP1
00000392: RETURN
00000393: JUMPDEST
00000394: POP
00000395: CALLVALUE
00000396: PUSH2 0x0142
00000399: JUMPI
0000039a: PUSH0
0000039b: CALLDATASIZE
0000039c: PUSH1 0x03
0000039e: NOT
0000039f: ADD
000003a0: SLT
000003a1: PUSH2 0x0142
000003a4: JUMPI
000003a5: PUSH0
000003a6: SLOAD
000003a7: PUSH1 0x01
000003a9: PUSH1 0x01
000003ab: PUSH1 0xa0
000003ad: SHL
000003ae: SUB
000003af: SWAP1
000003b0: DUP2
000003b1: AND
000003b2: CALLER
000003b3: EQ
000003b4: ISZERO
000003b5: DUP1
000003b6: PUSH2 0x03f6
000003b9: JUMPI
000003ba: JUMPDEST
000003bb: PUSH2 0x03e8
000003be: JUMPI
000003bf: SELFBALANCE
000003c0: SWAP3
000003c1: DUP4
000003c2: ISZERO
000003c3: PUSH2 0x03da
000003c6: JUMPI
000003c7: PUSH0
000003c8: DUP1
000003c9: DUP1
000003ca: DUP1
000003cb: DUP8
000003cc: DUP7
000003cd: PUSH1 0x01
000003cf: SLOAD
000003d0: AND
000003d1: GAS
000003d2: CALL
000003d3: PUSH2 0x00c4
000003d6: PUSH2 0x05d1
000003d9: JUMP
000003da: JUMPDEST
000003db: DUP3
000003dc: MLOAD
000003dd: PUSH4 0x565dfaef
000003e2: PUSH1 0xe1
000003e4: SHL
000003e5: DUP2
000003e6: MSTORE
000003e7: REVERT
000003e8: JUMPDEST
000003e9: POP
000003ea: MLOAD
000003eb: PUSH4 0x4b67e1c5
000003f0: PUSH1 0xe0
000003f2: SHL
000003f3: DUP2
000003f4: MSTORE
000003f5: REVERT
000003f6: JUMPDEST
000003f7: POP
000003f8: DUP1
000003f9: PUSH1 0x01
000003fb: SLOAD
000003fc: AND
000003fd: CALLER
000003fe: EQ
000003ff: ISZERO
00000400: PUSH2 0x03ba
00000403: JUMP
00000404: JUMPDEST
00000405: POP
00000406: DUP1
00000407: PUSH1 0x03
00000409: NOT
0000040a: CALLDATASIZE
0000040b: ADD
0000040c: SLT
0000040d: PUSH2 0x0142
00000410: JUMPI
00000411: DUP2
00000412: CALLDATALOAD
00000413: PUSH1 0x01
00000415: PUSH1 0x01
00000417: PUSH1 0xa0
00000419: SHL
0000041a: SUB
0000041b: DUP2
0000041c: DUP2
0000041d: AND
0000041e: SWAP2
0000041f: DUP3
00000420: SWAP1
00000421: SUB
00000422: PUSH2 0x0142
00000425: JUMPI
00000426: PUSH1 0x24
00000428: CALLDATALOAD
00000429: SWAP2
0000042a: PUSH8 0xffffffffffffffff
00000433: DUP4
00000434: GT
00000435: PUSH2 0x0142
00000438: JUMPI
00000439: CALLDATASIZE
0000043a: PUSH1 0x23
0000043c: DUP5
0000043d: ADD
0000043e: SLT
0000043f: ISZERO
00000440: PUSH2 0x0142
00000443: JUMPI
00000444: DUP3
00000445: DUP6
00000446: ADD
00000447: CALLDATALOAD
00000448: SWAP2
00000449: PUSH2 0x0459
0000044c: PUSH2 0x0454
0000044f: DUP5
00000450: PUSH2 0x05b5
00000453: JUMP
00000454: JUMPDEST
00000455: PUSH2 0x057b
00000458: JUMP
00000459: JUMPDEST
0000045a: SWAP3
0000045b: DUP1
0000045c: DUP5
0000045d: MSTORE
0000045e: PUSH1 0x20
00000460: DUP5
00000461: ADD
00000462: SWAP5
00000463: CALLDATASIZE
00000464: PUSH1 0x24
00000466: DUP4
00000467: DUP4
00000468: ADD
00000469: ADD
0000046a: GT
0000046b: PUSH2 0x0142
0000046e: JUMPI
0000046f: DUP2
00000470: PUSH0
00000471: SWAP3
00000472: PUSH1 0x24
00000474: PUSH1 0x20
00000476: SWAP4
00000477: ADD
00000478: DUP9
00000479: CALLDATACOPY
0000047a: DUP6
0000047b: ADD
0000047c: ADD
0000047d: MSTORE
0000047e: PUSH0
0000047f: SLOAD
00000480: AND
00000481: CALLER
00000482: SUB
00000483: PUSH2 0x04ad
00000486: JUMPI
00000487: PUSH0
00000488: SWAP3
00000489: DUP4
0000048a: SWAP3
0000048b: MLOAD
0000048c: SWAP2
0000048d: CALLVALUE
0000048e: SWAP1
0000048f: GAS
00000490: CALL
00000491: PUSH2 0x0498
00000494: PUSH2 0x05d1
00000497: JUMP
00000498: JUMPDEST
00000499: POP
0000049a: ISZERO
0000049b: PUSH2 0x04a0
0000049e: JUMPI
0000049f: STOP
000004a0: JUMPDEST
000004a1: MLOAD
000004a2: PUSH4 0x3204506f
000004a7: PUSH1 0xe0
000004a9: SHL
000004aa: DUP2
000004ab: MSTORE
000004ac: REVERT
000004ad: JUMPDEST
000004ae: POP
000004af: POP
000004b0: POP
000004b1: MLOAD
000004b2: PUSH4 0x30cd7471
000004b7: PUSH1 0xe0
000004b9: SHL
000004ba: DUP2
000004bb: MSTORE
000004bc: REVERT
000004bd: JUMPDEST
000004be: SWAP1
000004bf: POP
000004c0: CALLVALUE
000004c1: PUSH2 0x0142
000004c4: JUMPI
000004c5: PUSH1 0x20
000004c7: CALLDATASIZE
000004c8: PUSH1 0x03
000004ca: NOT
000004cb: ADD
000004cc: SLT
000004cd: PUSH2 0x0142
000004d0: JUMPI
000004d1: PUSH2 0x04d8
000004d4: PUSH2 0x0565
000004d7: JUMP
000004d8: JUMPDEST
000004d9: PUSH0
000004da: SLOAD
000004db: PUSH1 0x01
000004dd: PUSH1 0x01
000004df: PUSH1 0xa0
000004e1: SHL
000004e2: SUB
000004e3: SWAP3
000004e4: SWAP1
000004e5: DUP4
000004e6: AND
000004e7: CALLER
000004e8: EQ
000004e9: ISZERO
000004ea: DUP1
000004eb: PUSH2 0x0557
000004ee: JUMPI
000004ef: JUMPDEST
000004f0: PUSH2 0x0549
000004f3: JUMPI
000004f4: POP
000004f5: PUSH2 0x04fe
000004f8: ADDRESS
000004f9: DUP3
000004fa: PUSH2 0x05f6
000004fd: JUMP
000004fe: JUMPDEST
000004ff: SWAP4
00000500: DUP5
00000501: ISZERO
00000502: PUSH2 0x053b
00000505: JUMPI
00000506: POP
00000507: SWAP3
00000508: DUP2
00000509: PUSH2 0x01c4
0000050c: DUP3
0000050d: PUSH1 0x20
0000050f: SWAP7
00000510: PUSH32 0xe8de91d538b06154a2c48315768c5046f47e127d7fd3f726fd85cc723f29b052
00000531: SWAP6
00000532: PUSH1 0x01
00000534: SLOAD
00000535: AND
00000536: SWAP1
00000537: PUSH2 0x0626
0000053a: JUMP
0000053b: JUMPDEST
0000053c: DUP4
0000053d: MLOAD
0000053e: PUSH4 0xb28fbb29
00000543: PUSH1 0xe0
00000545: SHL
00000546: DUP2
00000547: MSTORE
00000548: REVERT
00000549: JUMPDEST
0000054a: PUSH4 0x4b67e1c5
0000054f: PUSH1 0xe0
00000551: SHL
00000552: DUP2
00000553: MSTORE
00000554: DUP5
00000555: SWAP1
00000556: REVERT
00000557: JUMPDEST
00000558: POP
00000559: DUP3
0000055a: PUSH1 0x01
0000055c: SLOAD
0000055d: AND
0000055e: CALLER
0000055f: EQ
00000560: ISZERO
00000561: PUSH2 0x04ef
00000564: JUMP
00000565: JUMPDEST
00000566: PUSH1 0x04
00000568: CALLDATALOAD
00000569: SWAP1
0000056a: PUSH1 0x01
0000056c: PUSH1 0x01
0000056e: PUSH1 0xa0
00000570: SHL
00000571: SUB
00000572: DUP3
00000573: AND
00000574: DUP3
00000575: SUB
00000576: PUSH2 0x0142
00000579: JUMPI
0000057a: JUMP
0000057b: JUMPDEST
0000057c: PUSH1 0x40
0000057e: MLOAD
0000057f: SWAP2
00000580: SWAP1
00000581: PUSH1 0x1f
00000583: ADD
00000584: PUSH1 0x1f
00000586: NOT
00000587: AND
00000588: DUP3
00000589: ADD
0000058a: PUSH8 0xffffffffffffffff
00000593: DUP2
00000594: GT
00000595: DUP4
00000596: DUP3
00000597: LT
00000598: OR
00000599: PUSH2 0x05a1
0000059c: JUMPI
0000059d: PUSH1 0x40
0000059f: MSTORE
000005a0: JUMP
000005a1: JUMPDEST
000005a2: PUSH4 0x4e487b71
000005a7: PUSH1 0xe0
000005a9: SHL
000005aa: PUSH0
000005ab: MSTORE
000005ac: PUSH1 0x41
000005ae: PUSH1 0x04
000005b0: MSTORE
000005b1: PUSH1 0x24
000005b3: PUSH0
000005b4: REVERT
000005b5: JUMPDEST
000005b6: PUSH8 0xffffffffffffffff
000005bf: DUP2
000005c0: GT
000005c1: PUSH2 0x05a1
000005c4: JUMPI
000005c5: PUSH1 0x1f
000005c7: ADD
000005c8: PUSH1 0x1f
000005ca: NOT
000005cb: AND
000005cc: PUSH1 0x20
000005ce: ADD
000005cf: SWAP1
000005d0: JUMP
000005d1: JUMPDEST
000005d2: RETURNDATASIZE
000005d3: ISZERO
000005d4: PUSH2 0x05f1
000005d7: JUMPI
000005d8: RETURNDATASIZE
000005d9: SWAP1
000005da: PUSH2 0x05e5
000005dd: PUSH2 0x0454
000005e0: DUP4
000005e1: PUSH2 0x05b5
000005e4: JUMP
000005e5: JUMPDEST
000005e6: SWAP2
000005e7: DUP3
000005e8: MSTORE
000005e9: RETURNDATASIZE
000005ea: PUSH0
000005eb: PUSH1 0x20
000005ed: DUP5
000005ee: ADD
000005ef: RETURNDATACOPY
000005f0: JUMP
000005f1: JUMPDEST
000005f2: PUSH1 0x60
000005f4: SWAP1
000005f5: JUMP
000005f6: JUMPDEST
000005f7: PUSH1 0x24
000005f9: PUSH1 0x1c
000005fb: PUSH0
000005fc: SWAP3
000005fd: PUSH1 0x20
000005ff: SWAP5
00000600: PUSH4 0x70a08231
00000605: DUP6
00000606: MSTORE
00000607: DUP6
00000608: MSTORE
00000609: GAS
0000060a: STATICCALL
0000060b: PUSH1 0x1f
0000060d: RETURNDATASIZE
0000060e: GT
0000060f: AND
00000610: ISZERO
00000611: PUSH2 0x0619
00000614: JUMPI
00000615: PUSH0
00000616: MLOAD
00000617: SWAP1
00000618: JUMP
00000619: JUMPDEST
0000061a: PUSH4 0x4963f6d5
0000061f: PUSH0
00000620: MSTORE
00000621: PUSH1 0x04
00000623: PUSH1 0x1c
00000625: REVERT
00000626: JUMPDEST
00000627: PUSH1 0x10
00000629: PUSH0
0000062a: PUSH1 0x44
0000062c: SWAP3
0000062d: PUSH1 0x20
0000062f: SWAP6
00000630: DUP3
00000631: SWAP6
00000632: PUSH1 0x14
00000634: MSTORE
00000635: PUSH1 0x34
00000637: MSTORE
00000638: PUSH4 0xa9059cbb
0000063d: PUSH1 0x60
0000063f: SHL
00000640: DUP3
00000641: MSTORE
00000642: GAS
00000643: CALL
00000644: RETURNDATASIZE
00000645: ISZERO
00000646: PUSH1 0x01
00000648: PUSH0
00000649: MLOAD
0000064a: EQ
0000064b: OR
0000064c: AND
0000064d: ISZERO
0000064e: PUSH2 0x0657
00000651: JUMPI
00000652: PUSH0
00000653: PUSH1 0x34
00000655: MSTORE
00000656: JUMP
00000657: JUMPDEST
00000658: PUSH4 0x90b8ec18
0000065d: PUSH0
0000065e: MSTORE
0000065f: PUSH1 0x04
00000661: PUSH1 0x1c
00000663: REVERT
00000664: INVALID
00000665: LOG1
00000666: PUSH5 0x736f6c6343
0000066c: STOP
0000066d: ADDMOD
0000066e: NOT
0000066f: STOP
00000670: EXP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x2769def485c4d86c2a3566cd87fc6bfb4b0d0e42b46be0341ce95252a6ccca7e
call_targets: 0x35a5d1bd68f3139971027b92c1ee9384a0708554
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x2769def485c4d86c2a3566cd87fc6bfb4b0d0e42b46be0341ce95252a6ccca7e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x35a5d1bd68f3139971027b92c1ee9384a0708554"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0aaff8f2",
            "selector": "0x0aaff8f2",
            "calldata_variants": [
                "0x0aaff8f2",
                "0x0aaff8f20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x1cff79cd",
            "selector": "0x1cff79cd",
            "calldata_variants": [
                "0x1cff79cd",
                "0x1cff79cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6639016b",
            "selector": "0x6639016b",
            "calldata_variants": [
                "0x6639016b",
                "0x6639016b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d003ac",
            "selector": "0x66d003ac",
            "calldata_variants": [
                "0x66d003ac",
                "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x92c2bcb4",
            "selector": "0x92c2bcb4",
            "calldata_variants": [
                "0x92c2bcb4",
                "0x92c2bcb40000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6f9dae1",
            "selector": "0xa6f9dae1",
            "calldata_variants": [
                "0xa6f9dae1",
                "0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd261300f",
            "selector": "0xd261300f",
            "calldata_variants": [
                "0xd261300f",
                "0xd261300f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 188,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 978,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1168,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 4,
    "guards_detected": [],
    "untrusted_call_count": 4
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x2769def485c4d86c2a3566cd87fc6bfb4b0d0e42b46be0341ce95252a6ccca7e
call_targets: 0x35a5d1bd68f3139971027b92c1ee9384a0708554
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x2769def485c4d86c2a3566cd87fc6bfb4b0d0e42b46be0341ce95252a6ccca7e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x35a5d1bd68f3139971027b92c1ee9384a0708554"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0aaff8f2",
            "selector": "0x0aaff8f2",
            "calldata_variants": [
                "0x0aaff8f2",
                "0x0aaff8f20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x1cff79cd",
            "selector": "0x1cff79cd",
            "calldata_variants": [
                "0x1cff79cd",
                "0x1cff79cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6639016b",
            "selector": "0x6639016b",
            "calldata_variants": [
                "0x6639016b",
                "0x6639016b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d003ac",
            "selector": "0x66d003ac",
            "calldata_variants": [
                "0x66d003ac",
                "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x92c2bcb4",
            "selector": "0x92c2bcb4",
            "calldata_variants": [
                "0x92c2bcb4",
                "0x92c2bcb40000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6f9dae1",
            "selector": "0xa6f9dae1",
            "calldata_variants": [
                "0xa6f9dae1",
                "0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd261300f",
            "selector": "0xd261300f",
            "calldata_variants": [
                "0xd261300f",
                "0xd261300f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 188,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 978,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1168,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 4,
    "guards_detected": []
}