TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

59b08d80-7ebc-411b-b65a-eb101bdc88a8

failed
Chain ID
1
Address
0x1ca9db430401ce71d6da53cd571035e210e6c9fe
Block Number
Created
Sat, Jan 3, 2026 12:59 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31410 report.consolidate complete 1 / 1 3 months ago
77086 artifact.fetch failed 1 / 3 1 week ago
77087 tool.cast_disasm complete 1 / 3 1 week ago
77088 analysis.bundle complete 1 / 3 1 week ago
77089 capability.graph complete 1 / 3 1 week ago
77090 detector.run complete 1 / 3 1 week ago
77091 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
No concrete, exploitable profit path found in the provided contracts.
View stderr 
[codex:882730] OpenAI Codex v0.77.0 (research preview)
[codex:882730] --------
[codex:882730] workdir: /tmp/codex-multi-xrg4i04c
[codex:882730] model: gpt-5.2-codex
[codex:882730] provider: openai
[codex:882730] approval: never
[codex:882730] sandbox: read-only
[codex:882730] reasoning effort: xhigh
[codex:882730] reasoning summaries: auto
[codex:882730] session id: 019b8157-2dc7-7673-83f4-4c7546cb607d
[codex:882730] --------
[codex:882730] user
[codex:882730] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:882730] 
[codex:882730] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:882730] 
[codex:882730] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:882730] - Gas inefficiency, code quality, naming, or best practices
[codex:882730] - Theoretical vulnerabilities without a clear extraction path
[codex:882730] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:882730] - Front-running unless it enables theft beyond MEV
[codex:882730] - DoS, griefing, or issues that don't result in attacker profit
[codex:882730] - Missing events, view function issues, or informational findings
[codex:882730] 
[codex:882730] HIGH-VALUE PATTERNS TO HUNT:
[codex:882730] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:882730] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:882730] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:882730] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:882730] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:882730] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:882730] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:882730] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:882730] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:882730] 
[codex:882730] For each finding, you MUST provide:
[codex:882730] 1. Exact file and line numbers of vulnerable code
[codex:882730] 2. Step-by-step exploit transaction sequence
[codex:882730] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:882730] 
[codex:882730] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:882730] 
[codex:882730] Output MUST be valid JSON matching the provided schema.
[codex:882730] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:882730] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:882730] mcp startup: no servers
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Checking for skill documentation**
[codex:882730] exec
[codex:882730] /bin/bash -lc ls in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] AUDIT_BUNDLE.txt
[codex:882730] codex-output-schema.json
[codex:882730] contracts
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Checking for skill triggers**
[codex:882730] exec
[codex:882730] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-xrg4i04c succeeded in 6ms:
[codex:882730] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:882730] 
[codex:882730] ================================================================================
[codex:882730] FILE: contracts/contracts/Registrar.sol
[codex:882730] ================================================================================
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { AdminAgent } from "./access/AdminAgent.sol";
[codex:882730] import { IRegistrarClient } from "./RegistrarClient.sol";
[codex:882730] import { VYToken } from "./token/VYToken.sol";
[codex:882730] 
[codex:882730] contract Registrar is AdminAgent {
[codex:882730] 
[codex:882730]   bytes32 private constant ECOSYSTEM_ID = keccak256(bytes("VY_ETH"));
[codex:882730] 
[codex:882730]   address[] private _contracts;
[codex:882730]   address[] private _prevContracts;
[codex:882730]   bool private _finalized;
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing audit bundle for exploits**
[codex:882730] exec
[codex:882730] /bin/bash -lc 'rg --files' in /tmp/codex-multi-xrg4i04c succeeded in 10ms:
[codex:882730] codex-output-schema.json
[codex:882730] AUDIT_BUNDLE.txt
[codex:882730] contracts/contracts/VETHReverseStakingTreasury.sol
[codex:882730] contracts/contracts/RegistrarClient.sol
[codex:882730] contracts/contracts/RegistrarMigrator.sol
[codex:882730] contracts/contracts/treasury/VETHYieldRateTreasury.sol
[codex:882730] contracts/contracts/access/AdminAgent.sol
[codex:882730] contracts/contracts/access/BackendAgent.sol
[codex:882730] contracts/contracts/access/AdminGovernanceAgent.sol
[codex:882730] contracts/contracts/Registrar.sol
[codex:882730] contracts/contracts/governance/Governable.sol
[codex:882730] contracts/contracts/governance/VETHGovernance.sol
[codex:882730] contracts/contracts/Router.sol
[codex:882730] contracts/contracts/token/VYToken.sol
[codex:882730] contracts/contracts/exchange/VYRevenueCycleCirculationTracker.sol
[codex:882730] contracts/contracts/exchange/VETHP2P.sol
[codex:882730] contracts/contracts/exchange/VETHRevenueCycleTreasury.sol
[codex:882730] contracts/contracts/lib/utils/Strings.sol
[codex:882730] contracts/contracts/lib/utils/math/SignedMath.sol
[codex:882730] contracts/contracts/lib/utils/math/Math.sol
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Examining first-party contract files**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,200p' contracts/contracts/access/AdminAgent.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity ^0.8.18;
[codex:882730] 
[codex:882730] import { Context } from "../lib/utils/Context.sol";
[codex:882730] 
[codex:882730] contract AdminAgent is Context {
[codex:882730] 
[codex:882730]   mapping(address => bool) private _adminAgents;
[codex:882730] 
[codex:882730]   constructor(address[] memory adminAgents_) {
[codex:882730]     for (uint i = 0; i < adminAgents_.length; i++) {
[codex:882730]       require(adminAgents_[i] != address(0), "Invalid address");
[codex:882730]       _adminAgents[adminAgents_[i]] = true;
[codex:882730]     }
[codex:882730]   }
[codex:882730] 
[codex:882730]   modifier onlyAdminAgents() {
[codex:882730]     require(_adminAgents[_msgSender()], "Unauthorized");
[codex:882730]     _;
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Considering BackendAgent**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,200p' contracts/contracts/access/BackendAgent.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity ^0.8.18;
[codex:882730] 
[codex:882730] import { Context } from "../lib/utils/Context.sol";
[codex:882730] 
[codex:882730] contract BackendAgent is Context {
[codex:882730] 
[codex:882730]   mapping(address => bool) private _backendAdminAgents;
[codex:882730]   mapping(address => bool) private _backendAgents;
[codex:882730] 
[codex:882730]   event SetBackendAgent(address agent);
[codex:882730]   event RevokeBackendAgent(address agent);
[codex:882730] 
[codex:882730]   modifier onlyBackendAdminAgents() {
[codex:882730]     require(_backendAdminAgents[_msgSender()], "Unauthorized");
[codex:882730]     _;
[codex:882730]   }
[codex:882730] 
[codex:882730]   modifier onlyBackendAgents() {
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Checking for AdminGovernanceAgent**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,200p' contracts/contracts/access/AdminGovernanceAgent.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity ^0.8.18;
[codex:882730] 
[codex:882730] import { Context } from "../lib/utils/Context.sol";
[codex:882730] 
[codex:882730] contract AdminGovernanceAgent is Context {
[codex:882730] 
[codex:882730]   mapping(address => bool) private _adminGovAgents;
[codex:882730] 
[codex:882730]   constructor(address[] memory adminGovAgents_) {
[codex:882730]     for (uint i = 0; i < adminGovAgents_.length; i++) {
[codex:882730]       require(adminGovAgents_[i] != address(0), "Invalid address");
[codex:882730]       _adminGovAgents[adminGovAgents_[i]] = true;
[codex:882730]     }
[codex:882730]   }
[codex:882730] 
[codex:882730]   modifier onlyAdminGovAgents() {
[codex:882730]     require(_adminGovAgents[_msgSender()], "Unauthorized");
[codex:882730]     _;
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Inspecting contracts for vulnerabilities**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,240p' contracts/contracts/exchange/VETHP2P.sol" in /tmp/codex-multi-xrg4i04c succeeded in 6ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { VETHRevenueCycleTreasury } from "./VETHRevenueCycleTreasury.sol";
[codex:882730] import { ERC20 } from "../lib/token/ERC20/ERC20.sol";
[codex:882730] import { VYToken } from "../token/VYToken.sol";
[codex:882730] import { BackendAgent } from "../access/BackendAgent.sol";
[codex:882730] import { RegistrarClient } from "../RegistrarClient.sol";
[codex:882730] import { Router } from "../Router.sol";
[codex:882730] 
[codex:882730] contract VETHP2P is BackendAgent, RegistrarClient {
[codex:882730] 
[codex:882730]   uint256 private constant MULTIPLIER = 10**18;
[codex:882730] 
[codex:882730]   struct TradeOfferCalcInfo {
[codex:882730]     uint256 amountOut;
[codex:882730]     uint256 takerReceives;
[codex:882730]     uint256 takerFee;
[codex:882730]     uint256 makerReceives;
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '240,520p' contracts/contracts/exchange/VETHP2P.sol" in /tmp/codex-multi-xrg4i04c succeeded in 7ms:
[codex:882730]     }
[codex:882730] 
[codex:882730]     emit TradeOffer(id, _msgSender(), calc.amountOut, quantity, _offers[seller][id].quantity, block.timestamp);
[codex:882730] 
[codex:882730]     return calc;
[codex:882730]   }
[codex:882730] 
[codex:882730]   function closeOffer(uint256 id) external onlyOpenOffer(id, _msgSender()) {
[codex:882730]     _closeOffer(id, _msgSender());
[codex:882730]   }
[codex:882730] 
[codex:882730]   function closeOffer(address seller, uint256 id) external onlyOpenOffer(id, seller) onlyBackendAgents {
[codex:882730]     _closeOffer(id, seller);
[codex:882730]   }
[codex:882730] 
[codex:882730]   function _pairExist(TradingPairs tradingPair) private view returns (bool) {
[codex:882730]     return _tradingPairs[tradingPair].makerAssetAddress != address(0) || _tradingPairs[tradingPair].takerAssetAddress != address(0);
[codex:882730]   }
[codex:882730] 
[codex:882730]   function _isOfferActive(uint256 id, address seller) private view returns (bool) {
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential reentrancy vulnerabilities**
[codex:882730] 
[codex:882730] I'm examining how the VETHP2P contract handles trade offers, focusing on its use of external calls during ETH transfers without reentrancy guards. I'm reasoning through scenarios where malicious sellers or takers might reenter functions like tradeOffer or closeOffer during the flow to see if they can withdraw more assets than allowed. After tracing the token transfers and state updates, it seems reentrancy may accelerate closure but not enable double withdrawals or profit from others, though I'm still scrutinizing some edge cases in ETH_VY trades and will next review related contracts like VETHRevenueCycleTreasury.
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,260p' contracts/contracts/exchange/VETHRevenueCycleTreasury.sol" in /tmp/codex-multi-xrg4i04c succeeded in 7ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] //
[codex:882730] // VETHRevenueCycleTreasury [VY_ETH]
[codex:882730] //
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { BackendAgent } from "../access/BackendAgent.sol";
[codex:882730] import { VYToken } from "../token/VYToken.sol";
[codex:882730] import { RegistrarClient } from "../RegistrarClient.sol";
[codex:882730] import { RegistrarMigrator } from "../RegistrarMigrator.sol";
[codex:882730] import { AdminGovernanceAgent } from "../access/AdminGovernanceAgent.sol";
[codex:882730] import { Governable } from "../governance/Governable.sol";
[codex:882730] import { VETHYieldRateTreasury } from "../treasury/VETHYieldRateTreasury.sol";
[codex:882730] import { VYRevenueCycleCirculationTracker } from "./VYRevenueCycleCirculationTracker.sol";
[codex:882730] import { Registrar } from "../Registrar.sol";
[codex:882730] import { Router } from "../Router.sol";
[codex:882730] 
[codex:882730] contract VETHRevenueCycleTreasury is BackendAgent, RegistrarClient, RegistrarMigrator, AdminGovernanceAgent, Governable, VYRevenueCycleCirculationTracker {
[codex:882730] 
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential treasury manipulation exploits**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,240p' contracts/contracts/VETHReverseStakingTreasury.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { BackendAgent } from "./access/BackendAgent.sol";
[codex:882730] import { VYToken } from "./token/VYToken.sol";
[codex:882730] import { VETHP2P } from "./exchange/VETHP2P.sol";
[codex:882730] import { VETHRevenueCycleTreasury } from "./exchange/VETHRevenueCycleTreasury.sol";
[codex:882730] import { VETHYieldRateTreasury } from "./treasury/VETHYieldRateTreasury.sol";
[codex:882730] import { RegistrarClient } from "./RegistrarClient.sol";
[codex:882730] import { AdminGovernanceAgent } from "./access/AdminGovernanceAgent.sol";
[codex:882730] import { Governable } from "./governance/Governable.sol";
[codex:882730] import { RegistrarMigrator } from "./RegistrarMigrator.sol";
[codex:882730] import { Registrar } from "./Registrar.sol";
[codex:882730] import { Router } from "./Router.sol";
[codex:882730] 
[codex:882730] contract VETHReverseStakingTreasury is BackendAgent, RegistrarClient, RegistrarMigrator, AdminGovernanceAgent, Governable {
[codex:882730] 
[codex:882730]   uint256 private constant MINIMUM_REVERSE_STAKE_AUTOCLOSE = 100000000; // 0.1 gwei
[codex:882730]   uint256 private constant MULTIPLIER = 10**18;
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Seeking functions for ETH or VY extraction**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '240,520p' contracts/contracts/VETHReverseStakingTreasury.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730]     DataTypes extensionMinimumRemainingStakeType,
[codex:882730]     uint256 restakeMinimumPayout
[codex:882730]   ) external onlyBackendAdminAgents {
[codex:882730]     require(_reverseStakeTermsNonce == 0, "Reverse stake terms already set up");
[codex:882730]     _createNewReverseStakeTerm(
[codex:882730]       dailyBurnRate,
[codex:882730]       durationInDays,
[codex:882730]       minimumReverseStakeETH,
[codex:882730]       processingFeePercentage,
[codex:882730]       extensionMinimumRemainingStake,
[codex:882730]       extensionMinimumRemainingStakeType,
[codex:882730]       restakeMinimumPayout
[codex:882730]     );
[codex:882730]   }
[codex:882730] 
[codex:882730]   function createNewReverseStakeTerm(
[codex:882730]     uint256 dailyBurnRate,
[codex:882730]     uint256 durationInDays,
[codex:882730]     uint256 minimumReverseStakeETH,
[codex:882730]     uint256 processingFeePercentage,
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '520,1040p' contracts/contracts/VETHReverseStakingTreasury.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] 
[codex:882730]     // Update totalClaimedYield
[codex:882730]     require(reverseStakeData.newReverseStakeClaimedYieldETH >= totalCurrentClaimedYieldETH, "Restaked reverseStakes must increase in value");
[codex:882730]     reverseStakeData.yieldPayout = reverseStakeData.newReverseStakeClaimedYieldETH - totalCurrentClaimedYieldETH;
[codex:882730]     _totalClaimedYieldETH += reverseStakeData.yieldPayout;
[codex:882730] 
[codex:882730]     // Processing fee
[codex:882730]     reverseStakeData.processingFeeETH = reverseStakeData.yieldPayout * _reverseStakeTerms[firstReverseStakeTermId].processingFeePercentage / MULTIPLIER;
[codex:882730] 
[codex:882730]     // Yield payout
[codex:882730]     require(reverseStakeData.yieldPayout >= _reverseStakeTerms[firstReverseStakeTermId].restakeMinimumPayout, "Minimum yield payout not met");
[codex:882730]     reverseStakeData.yieldPayout -= reverseStakeData.processingFeeETH;
[codex:882730] 
[codex:882730]     // Transfers
[codex:882730]     _vethYRT.reverseStakingTransfer(borrower, reverseStakeData.yieldPayout);
[codex:882730]     _vethYRT.reverseStakingRoute(address(_ethComptroller), reverseStakeData.processingFeeETH, ROUTE_SELECTOR);
[codex:882730]     _transferToRevenueCycleTreasury(reverseStakeData.vyToBurn);
[codex:882730] 
[codex:882730]     emit Restake(
[codex:882730]       borrower,                                           // borrower
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential reentrancy risks**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,320p' contracts/contracts/governance/VETHGovernance.sol" in /tmp/codex-multi-xrg4i04c succeeded in 6ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { AdminAgent } from "../access/AdminAgent.sol";
[codex:882730] import { VETHYieldRateTreasury } from "../treasury/VETHYieldRateTreasury.sol";
[codex:882730] import { VYToken } from "../token/VYToken.sol";
[codex:882730] import { VETHRevenueCycleTreasury } from "../exchange/VETHRevenueCycleTreasury.sol";
[codex:882730] import { VETHReverseStakingTreasury } from "../VETHReverseStakingTreasury.sol";
[codex:882730] import { RegistrarClient } from "../RegistrarClient.sol";
[codex:882730] 
[codex:882730] contract VETHGovernance is AdminAgent, RegistrarClient {
[codex:882730] 
[codex:882730]   enum VoteOptions {
[codex:882730]     YES,
[codex:882730]     NO
[codex:882730]   }
[codex:882730] 
[codex:882730]   enum ProposalType {
[codex:882730]     Migration,
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential uninitialized proxy risks**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,200p' contracts/contracts/governance/Governable.sol" in /tmp/codex-multi-xrg4i04c succeeded in 6ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity ^0.8.18;
[codex:882730] 
[codex:882730] import { Context } from "../lib/utils/Context.sol";
[codex:882730] import { Registrar } from "../Registrar.sol";
[codex:882730] 
[codex:882730] contract Governable is Context {
[codex:882730] 
[codex:882730]   address internal _governanceAddress;
[codex:882730] 
[codex:882730]   constructor() {}
[codex:882730] 
[codex:882730]   modifier onlyGovernance() {
[codex:882730]     require(_governanceAddress == _msgSender(), "Unauthorized");
[codex:882730]     _;
[codex:882730]   }
[codex:882730] 
[codex:882730]   function _updateGovernable(Registrar registrar) internal {
[codex:882730]     _governanceAddress = registrar.getVETHGovernance();
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Checking VYRevenueCycleCirculationTracker**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,200p' contracts/contracts/exchange/VYRevenueCycleCirculationTracker.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] 
[codex:882730] pragma solidity 0.8.18;
[codex:882730] 
[codex:882730] import { Registrar } from "../Registrar.sol";
[codex:882730] import { Context } from "../lib/utils/Context.sol";
[codex:882730] 
[codex:882730] contract VYRevenueCycleCirculationTracker is Context {
[codex:882730] 
[codex:882730]   uint256 private _revenueCycleCirculation;
[codex:882730]   address private _vyTokenAddress;
[codex:882730] 
[codex:882730]   constructor(uint256 initialCirculation) {
[codex:882730]     _revenueCycleCirculation = initialCirculation;
[codex:882730]   }
[codex:882730] 
[codex:882730]   modifier onlyVYToken() {
[codex:882730]     require(_msgSender() == _vyTokenAddress, "Caller must be VYToken");
[codex:882730]     _;
[codex:882730]   }
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential yield rate manipulation and reentrancy risks**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1,220p' contracts/contracts/lib/token/ERC20/ERC20.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] // SPDX-License-Identifier: MIT
[codex:882730] // OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/ERC20.sol)
[codex:882730] 
[codex:882730] pragma solidity ^0.8.0;
[codex:882730] 
[codex:882730] import "./IERC20.sol";
[codex:882730] import "./extensions/IERC20Metadata.sol";
[codex:882730] import "../../utils/Context.sol";
[codex:882730] 
[codex:882730] /**
[codex:882730]  * @dev Implementation of the {IERC20} interface.
[codex:882730]  *
[codex:882730]  * This implementation is agnostic to the way tokens are created. This means
[codex:882730]  * that a supply mechanism has to be added in a derived contract using {_mint}.
[codex:882730]  * For a generic mechanism see {ERC20PresetMinterPauser}.
[codex:882730]  *
[codex:882730]  * TIP: For a detailed writeup see our guide
[codex:882730]  * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
[codex:882730]  * to implement supply mechanisms].
[codex:882730]  *
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Investigating potential vulnerabilities in staking and trade functions**
[codex:882730] exec
[codex:882730] /bin/bash -lc 'rg -n "external payable" contracts/contracts' in /tmp/codex-multi-xrg4i04c succeeded in 11ms:
[codex:882730] contracts/contracts/VETHReverseStakingTreasury.sol:386:  function returnETHToUnstake(uint256 reverseStakeId) external payable onlyActiveReverseStake(_msgSender(), reverseStakeId) {
[codex:882730] contracts/contracts/VETHReverseStakingTreasury.sol:437:  function extendReverseStake(uint256 reverseStakeId) external payable onlyActiveReverseStake(_msgSender(), reverseStakeId) {
[codex:882730] contracts/contracts/VETHReverseStakingTreasury.sol:613:  function tradeOffer(address borrower, uint256 reverseStakeId) external payable onlyActiveOffer(borrower, reverseStakeId) {
[codex:882730] contracts/contracts/VETHReverseStakingTreasury.sol:1041:  receive() external payable {}
[codex:882730] contracts/contracts/treasury/VETHYieldRateTreasury.sol:67:  receive() external payable {}
[codex:882730] contracts/contracts/Router.sol:26:  function route() external payable {
[codex:882730] contracts/contracts/Router.sol:43:  receive() external payable {}
[codex:882730] contracts/contracts/exchange/VETHRevenueCycleTreasury.sol:135:  function tradeOffer(uint256 id) external payable {
[codex:882730] contracts/contracts/lib/openzeppelin-upgradeable/proxy/utils/UUPSUpgradeable.sol:85:    function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Checking for receive function in contract**
[codex:882730] exec
[codex:882730] /bin/bash -lc "sed -n '1040,1105p' contracts/contracts/VETHReverseStakingTreasury.sol" in /tmp/codex-multi-xrg4i04c succeeded in 5ms:
[codex:882730] 
[codex:882730]   receive() external payable {}
[codex:882730] }
[codex:882730] 
[codex:882730] 
[codex:882730] 
[codex:882730] 
[codex:882730] thinking
[codex:882730] **Analyzing potential smart contract vulnerabilities**
[codex:882730] 
[codex:882730] I'm reviewing various contract functions for possible exploits, focusing on initialization risks, array bounds, token transfer fees, allowance handling, yield rate calculations, and reentrancy; I find some edge cases and subtle behaviors but no clear, concrete exploit paths without assumptions or external manipulation.
[codex:882730] thinking
[codex:882730] **Examining complex payment and pricing mechanisms**
[codex:882730] 
[codex:882730] I'm working through the interplay of VY token trades, ETH payments, and debt repayment logic to see if pricing constraints or rounding errors could let borrowers underpay debt or extract value unfairly; so far, the enforced minimum price and proportional calculations seem to prevent such exploits, but the system’s complexity makes it important to carefully trace each step and fee calculation.
[codex:882730] thinking
[codex:882730] **Analyzing trade frequency and rounding effects on debt repayment**
[codex:882730] 
[codex:882730] I'm investigating whether fast repeated trades could let borrowers minimize VY burning and whether rounding in ETH repayments might create exploitable gaps; the burn mechanism aligns with elapsed time, and price floors along with floor rounding in debt reduction seem to guard against underpayment, so no clear profit emerges despite the complexity.
[codex:882730] thinking
[codex:882730] **Reviewing fee calculations and offer updates for vulnerabilities**
[codex:882730] 
[codex:882730] I'm checking if fee computations or offer quantity updates could be exploited, particularly where offers close but unfilled quantities aren't updated; after careful analysis, transfers and state changes appear consistent with no exploitable discrepancies or unauthorized minting, so no concrete issues stand out.
[codex:882730] codex
[codex:882730] {"no_findings":true,"summary":"No concrete, exploitable profit path found in the provided contracts.","findings":[]}
[codex:882730] tokens used
[codex:882730] 62,602
[codex:882730] {"no_findings":true,"summary":"No concrete, exploitable profit path found in the provided contracts.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-03T00:59:48.123562+00:00",
        "returncode": 0
    },
    "summary": "No concrete, exploitable profit path found in the provided contracts.",
    "raw_final": {
        "summary": "No concrete, exploitable profit path found in the provided contracts.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
4
EXT*/BALANCE
0
Total opcodes
1511
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x009a
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x8555d03c
00000019: GT
0000001a: PUSH2 0x0069
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xd54fb850
00000024: GT
00000025: PUSH2 0x004e
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xd54fb850
0000002f: EQ
00000030: PUSH2 0x017b
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xe26db6fc
0000003a: EQ
0000003b: PUSH2 0x019b
0000003e: JUMPI
0000003f: DUP1
00000040: PUSH4 0xf38a3f84
00000045: EQ
00000046: PUSH2 0x01b0
00000049: JUMPI
0000004a: PUSH1 0x00
0000004c: DUP1
0000004d: REVERT
0000004e: JUMPDEST
0000004f: DUP1
00000050: PUSH4 0x8555d03c
00000055: EQ
00000056: PUSH2 0x013b
00000059: JUMPI
0000005a: DUP1
0000005b: PUSH4 0xb1957e5d
00000060: EQ
00000061: PUSH2 0x015b
00000064: JUMPI
00000065: PUSH1 0x00
00000067: DUP1
00000068: REVERT
00000069: JUMPDEST
0000006a: DUP1
0000006b: PUSH4 0x0f2ad452
00000070: EQ
00000071: PUSH2 0x00a6
00000074: JUMPI
00000075: DUP1
00000076: PUSH4 0x223eb640
0000007b: EQ
0000007c: PUSH2 0x00c8
0000007f: JUMPI
00000080: DUP1
00000081: PUSH4 0x4d3f7334
00000086: EQ
00000087: PUSH2 0x00ff
0000008a: JUMPI
0000008b: DUP1
0000008c: PUSH4 0x73252494
00000091: EQ
00000092: PUSH2 0x011d
00000095: JUMPI
00000096: PUSH1 0x00
00000098: DUP1
00000099: REVERT
0000009a: JUMPDEST
0000009b: CALLDATASIZE
0000009c: PUSH2 0x00a1
0000009f: JUMPI
000000a0: STOP
000000a1: JUMPDEST
000000a2: PUSH1 0x00
000000a4: DUP1
000000a5: REVERT
000000a6: JUMPDEST
000000a7: CALLVALUE
000000a8: DUP1
000000a9: ISZERO
000000aa: PUSH2 0x00b2
000000ad: JUMPI
000000ae: PUSH1 0x00
000000b0: DUP1
000000b1: REVERT
000000b2: JUMPDEST
000000b3: POP
000000b4: PUSH2 0x00c6
000000b7: PUSH2 0x00c1
000000ba: CALLDATASIZE
000000bb: PUSH1 0x04
000000bd: PUSH2 0x07a9
000000c0: JUMP
000000c1: JUMPDEST
000000c2: PUSH2 0x01d3
000000c5: JUMP
000000c6: JUMPDEST
000000c7: STOP
000000c8: JUMPDEST
000000c9: CALLVALUE
000000ca: DUP1
000000cb: ISZERO
000000cc: PUSH2 0x00d4
000000cf: JUMPI
000000d0: PUSH1 0x00
000000d2: DUP1
000000d3: REVERT
000000d4: JUMPDEST
000000d5: POP
000000d6: PUSH1 0x03
000000d8: SLOAD
000000d9: PUSH1 0x01
000000db: PUSH1 0x01
000000dd: PUSH1 0xa0
000000df: SHL
000000e0: SUB
000000e1: AND
000000e2: JUMPDEST
000000e3: PUSH1 0x40
000000e5: MLOAD
000000e6: PUSH1 0x01
000000e8: PUSH1 0x01
000000ea: PUSH1 0xa0
000000ec: SHL
000000ed: SUB
000000ee: SWAP1
000000ef: SWAP2
000000f0: AND
000000f1: DUP2
000000f2: MSTORE
000000f3: PUSH1 0x20
000000f5: ADD
000000f6: JUMPDEST
000000f7: PUSH1 0x40
000000f9: MLOAD
000000fa: DUP1
000000fb: SWAP2
000000fc: SUB
000000fd: SWAP1
000000fe: RETURN
000000ff: JUMPDEST
00000100: CALLVALUE
00000101: DUP1
00000102: ISZERO
00000103: PUSH2 0x010b
00000106: JUMPI
00000107: PUSH1 0x00
00000109: DUP1
0000010a: REVERT
0000010b: JUMPDEST
0000010c: POP
0000010d: PUSH1 0x02
0000010f: SLOAD
00000110: PUSH1 0x01
00000112: PUSH1 0x01
00000114: PUSH1 0xa0
00000116: SHL
00000117: SUB
00000118: AND
00000119: PUSH2 0x00e2
0000011c: JUMP
0000011d: JUMPDEST
0000011e: CALLVALUE
0000011f: DUP1
00000120: ISZERO
00000121: PUSH2 0x0129
00000124: JUMPI
00000125: PUSH1 0x00
00000127: DUP1
00000128: REVERT
00000129: JUMPDEST
0000012a: POP
0000012b: PUSH1 0x01
0000012d: SLOAD
0000012e: PUSH1 0x01
00000130: PUSH1 0x01
00000132: PUSH1 0xa0
00000134: SHL
00000135: SUB
00000136: AND
00000137: PUSH2 0x00e2
0000013a: JUMP
0000013b: JUMPDEST
0000013c: CALLVALUE
0000013d: DUP1
0000013e: ISZERO
0000013f: PUSH2 0x0147
00000142: JUMPI
00000143: PUSH1 0x00
00000145: DUP1
00000146: REVERT
00000147: JUMPDEST
00000148: POP
00000149: PUSH2 0x00c6
0000014c: PUSH2 0x0156
0000014f: CALLDATASIZE
00000150: PUSH1 0x04
00000152: PUSH2 0x07cd
00000155: JUMP
00000156: JUMPDEST
00000157: PUSH2 0x0250
0000015a: JUMP
0000015b: JUMPDEST
0000015c: CALLVALUE
0000015d: DUP1
0000015e: ISZERO
0000015f: PUSH2 0x0167
00000162: JUMPI
00000163: PUSH1 0x00
00000165: DUP1
00000166: REVERT
00000167: JUMPDEST
00000168: POP
00000169: PUSH2 0x00c6
0000016c: PUSH2 0x0176
0000016f: CALLDATASIZE
00000170: PUSH1 0x04
00000172: PUSH2 0x07f9
00000175: JUMP
00000176: JUMPDEST
00000177: PUSH2 0x02f9
0000017a: JUMP
0000017b: JUMPDEST
0000017c: CALLVALUE
0000017d: DUP1
0000017e: ISZERO
0000017f: PUSH2 0x0187
00000182: JUMPI
00000183: PUSH1 0x00
00000185: DUP1
00000186: REVERT
00000187: JUMPDEST
00000188: POP
00000189: PUSH2 0x00c6
0000018c: PUSH2 0x0196
0000018f: CALLDATASIZE
00000190: PUSH1 0x04
00000192: PUSH2 0x0828
00000195: JUMP
00000196: JUMPDEST
00000197: PUSH2 0x03c9
0000019a: JUMP
0000019b: JUMPDEST
0000019c: CALLVALUE
0000019d: DUP1
0000019e: ISZERO
0000019f: PUSH2 0x01a7
000001a2: JUMPI
000001a3: PUSH1 0x00
000001a5: DUP1
000001a6: REVERT
000001a7: JUMPDEST
000001a8: POP
000001a9: PUSH2 0x00c6
000001ac: PUSH2 0x0464
000001af: JUMP
000001b0: JUMPDEST
000001b1: CALLVALUE
000001b2: DUP1
000001b3: ISZERO
000001b4: PUSH2 0x01bc
000001b7: JUMPI
000001b8: PUSH1 0x00
000001ba: DUP1
000001bb: REVERT
000001bc: JUMPDEST
000001bd: POP
000001be: PUSH2 0x01c5
000001c1: PUSH2 0x0576
000001c4: JUMP
000001c5: JUMPDEST
000001c6: PUSH1 0x40
000001c8: MLOAD
000001c9: SWAP1
000001ca: DUP2
000001cb: MSTORE
000001cc: PUSH1 0x20
000001ce: ADD
000001cf: PUSH2 0x00f6
000001d2: JUMP
000001d3: JUMPDEST
000001d4: PUSH1 0x01
000001d6: SLOAD
000001d7: PUSH1 0x01
000001d9: PUSH1 0x01
000001db: PUSH1 0xa0
000001dd: SHL
000001de: SUB
000001df: AND
000001e0: CALLER
000001e1: EQ
000001e2: PUSH2 0x0221
000001e5: JUMPI
000001e6: PUSH1 0x40
000001e8: MLOAD
000001e9: PUSH3 0x461bcd
000001ed: PUSH1 0xe5
000001ef: SHL
000001f0: DUP2
000001f1: MSTORE
000001f2: PUSH1 0x20
000001f4: PUSH1 0x04
000001f6: DUP3
000001f7: ADD
000001f8: MSTORE
000001f9: PUSH1 0x0c
000001fb: PUSH1 0x24
000001fd: DUP3
000001fe: ADD
000001ff: MSTORE
00000200: PUSH12 0x155b985d5d1a1bdc9a5e9959
0000020d: PUSH1 0xa2
0000020f: SHL
00000210: PUSH1 0x44
00000212: DUP3
00000213: ADD
00000214: MSTORE
00000215: PUSH1 0x64
00000217: ADD
00000218: JUMPDEST
00000219: PUSH1 0x40
0000021b: MLOAD
0000021c: DUP1
0000021d: SWAP2
0000021e: SUB
0000021f: SWAP1
00000220: REVERT
00000221: JUMPDEST
00000222: PUSH1 0x03
00000224: DUP1
00000225: SLOAD
00000226: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000023b: NOT
0000023c: AND
0000023d: PUSH1 0x01
0000023f: PUSH1 0x01
00000241: PUSH1 0xa0
00000243: SHL
00000244: SUB
00000245: SWAP3
00000246: SWAP1
00000247: SWAP3
00000248: AND
00000249: SWAP2
0000024a: SWAP1
0000024b: SWAP2
0000024c: OR
0000024d: SWAP1
0000024e: SSTORE
0000024f: JUMP
00000250: JUMPDEST
00000251: PUSH1 0x04
00000253: SLOAD
00000254: PUSH1 0x01
00000256: PUSH1 0x01
00000258: PUSH1 0xa0
0000025a: SHL
0000025b: SUB
0000025c: AND
0000025d: CALLER
0000025e: EQ
0000025f: PUSH2 0x0299
00000262: JUMPI
00000263: PUSH1 0x40
00000265: MLOAD
00000266: PUSH3 0x461bcd
0000026a: PUSH1 0xe5
0000026c: SHL
0000026d: DUP2
0000026e: MSTORE
0000026f: PUSH1 0x20
00000271: PUSH1 0x04
00000273: DUP3
00000274: ADD
00000275: MSTORE
00000276: PUSH1 0x0c
00000278: PUSH1 0x24
0000027a: DUP3
0000027b: ADD
0000027c: MSTORE
0000027d: PUSH12 0x155b985d5d1a1bdc9a5e9959
0000028a: PUSH1 0xa2
0000028c: SHL
0000028d: PUSH1 0x44
0000028f: DUP3
00000290: ADD
00000291: MSTORE
00000292: PUSH1 0x64
00000294: ADD
00000295: PUSH2 0x0218
00000298: JUMP
00000299: JUMPDEST
0000029a: PUSH2 0x02b3
0000029d: DUP3
0000029e: DUP3
0000029f: PUSH1 0x40
000002a1: MLOAD
000002a2: DUP1
000002a3: PUSH1 0x20
000002a5: ADD
000002a6: PUSH1 0x40
000002a8: MSTORE
000002a9: DUP1
000002aa: PUSH1 0x00
000002ac: DUP2
000002ad: MSTORE
000002ae: POP
000002af: PUSH2 0x05fe
000002b2: JUMP
000002b3: JUMPDEST
000002b4: PUSH1 0x40
000002b6: DUP1
000002b7: MLOAD
000002b8: PUSH1 0x01
000002ba: PUSH1 0x01
000002bc: PUSH1 0xa0
000002be: SHL
000002bf: SUB
000002c0: DUP5
000002c1: AND
000002c2: DUP2
000002c3: MSTORE
000002c4: PUSH1 0x20
000002c6: DUP2
000002c7: ADD
000002c8: DUP4
000002c9: SWAP1
000002ca: MSTORE
000002cb: PUSH32 0xcb7f9c311b8ad4dfa64bb0b954da2b11b42672893b3e60d4c4f2958c89f00d1e
000002ec: SWAP2
000002ed: ADD
000002ee: PUSH1 0x40
000002f0: MLOAD
000002f1: DUP1
000002f2: SWAP2
000002f3: SUB
000002f4: SWAP1
000002f5: LOG1
000002f6: POP
000002f7: POP
000002f8: JUMP
000002f9: JUMPDEST
000002fa: CALLER
000002fb: PUSH1 0x00
000002fd: SWAP1
000002fe: DUP2
000002ff: MSTORE
00000300: PUSH1 0x20
00000302: DUP2
00000303: SWAP1
00000304: MSTORE
00000305: PUSH1 0x40
00000307: SWAP1
00000308: KECCAK256
00000309: SLOAD
0000030a: PUSH1 0xff
0000030c: AND
0000030d: PUSH2 0x0347
00000310: JUMPI
00000311: PUSH1 0x40
00000313: MLOAD
00000314: PUSH3 0x461bcd
00000318: PUSH1 0xe5
0000031a: SHL
0000031b: DUP2
0000031c: MSTORE
0000031d: PUSH1 0x20
0000031f: PUSH1 0x04
00000321: DUP3
00000322: ADD
00000323: MSTORE
00000324: PUSH1 0x0c
00000326: PUSH1 0x24
00000328: DUP3
00000329: ADD
0000032a: MSTORE
0000032b: PUSH12 0x155b985d5d1a1bdc9a5e9959
00000338: PUSH1 0xa2
0000033a: SHL
0000033b: PUSH1 0x44
0000033d: DUP3
0000033e: ADD
0000033f: MSTORE
00000340: PUSH1 0x64
00000342: ADD
00000343: PUSH2 0x0218
00000346: JUMP
00000347: JUMPDEST
00000348: PUSH1 0x03
0000034a: SLOAD
0000034b: PUSH1 0x01
0000034d: PUSH1 0x01
0000034f: PUSH1 0xa0
00000351: SHL
00000352: SUB
00000353: AND
00000354: PUSH2 0x039f
00000357: JUMPI
00000358: PUSH1 0x40
0000035a: MLOAD
0000035b: PUSH3 0x461bcd
0000035f: PUSH1 0xe5
00000361: SHL
00000362: DUP2
00000363: MSTORE
00000364: PUSH1 0x20
00000366: PUSH1 0x04
00000368: DUP3
00000369: ADD
0000036a: MSTORE
0000036b: PUSH1 0x11
0000036d: PUSH1 0x24
0000036f: DUP3
00000370: ADD
00000371: MSTORE
00000372: PUSH32 0x4d6967726174696f6e206e6f7420736574000000000000000000000000000000
00000393: PUSH1 0x44
00000395: DUP3
00000396: ADD
00000397: MSTORE
00000398: PUSH1 0x64
0000039a: ADD
0000039b: PUSH2 0x0218
0000039e: JUMP
0000039f: JUMPDEST
000003a0: PUSH1 0x03
000003a2: SLOAD
000003a3: PUSH1 0x40
000003a5: DUP1
000003a6: MLOAD
000003a7: PUSH1 0x20
000003a9: DUP2
000003aa: ADD
000003ab: SWAP1
000003ac: SWAP2
000003ad: MSTORE
000003ae: PUSH1 0x00
000003b0: DUP2
000003b1: MSTORE
000003b2: PUSH2 0x03c6
000003b5: SWAP2
000003b6: PUSH1 0x01
000003b8: PUSH1 0x01
000003ba: PUSH1 0xa0
000003bc: SHL
000003bd: SUB
000003be: AND
000003bf: SWAP1
000003c0: DUP4
000003c1: SWAP1
000003c2: PUSH2 0x05fe
000003c5: JUMP
000003c6: JUMPDEST
000003c7: POP
000003c8: JUMP
000003c9: JUMPDEST
000003ca: PUSH1 0x04
000003cc: SLOAD
000003cd: PUSH1 0x01
000003cf: PUSH1 0x01
000003d1: PUSH1 0xa0
000003d3: SHL
000003d4: SUB
000003d5: AND
000003d6: CALLER
000003d7: EQ
000003d8: PUSH2 0x0412
000003db: JUMPI
000003dc: PUSH1 0x40
000003de: MLOAD
000003df: PUSH3 0x461bcd
000003e3: PUSH1 0xe5
000003e5: SHL
000003e6: DUP2
000003e7: MSTORE
000003e8: PUSH1 0x20
000003ea: PUSH1 0x04
000003ec: DUP3
000003ed: ADD
000003ee: MSTORE
000003ef: PUSH1 0x0c
000003f1: PUSH1 0x24
000003f3: DUP3
000003f4: ADD
000003f5: MSTORE
000003f6: PUSH12 0x155b985d5d1a1bdc9a5e9959
00000403: PUSH1 0xa2
00000405: SHL
00000406: PUSH1 0x44
00000408: DUP3
00000409: ADD
0000040a: MSTORE
0000040b: PUSH1 0x64
0000040d: ADD
0000040e: PUSH2 0x0218
00000411: JUMP
00000412: JUMPDEST
00000413: PUSH2 0x041d
00000416: DUP4
00000417: DUP4
00000418: DUP4
00000419: PUSH2 0x05fe
0000041c: JUMP
0000041d: JUMPDEST
0000041e: PUSH1 0x40
00000420: DUP1
00000421: MLOAD
00000422: PUSH1 0x01
00000424: PUSH1 0x01
00000426: PUSH1 0xa0
00000428: SHL
00000429: SUB
0000042a: DUP6
0000042b: AND
0000042c: DUP2
0000042d: MSTORE
0000042e: PUSH1 0x20
00000430: DUP2
00000431: ADD
00000432: DUP5
00000433: SWAP1
00000434: MSTORE
00000435: PUSH32 0xcb7f9c311b8ad4dfa64bb0b954da2b11b42672893b3e60d4c4f2958c89f00d1e
00000456: SWAP2
00000457: ADD
00000458: PUSH1 0x40
0000045a: MLOAD
0000045b: DUP1
0000045c: SWAP2
0000045d: SUB
0000045e: SWAP1
0000045f: LOG1
00000460: POP
00000461: POP
00000462: POP
00000463: JUMP
00000464: JUMPDEST
00000465: PUSH1 0x02
00000467: SLOAD
00000468: PUSH1 0x01
0000046a: PUSH1 0x01
0000046c: PUSH1 0xa0
0000046e: SHL
0000046f: SUB
00000470: AND
00000471: CALLER
00000472: PUSH1 0x01
00000474: PUSH1 0x01
00000476: PUSH1 0xa0
00000478: SHL
00000479: SUB
0000047a: AND
0000047b: EQ
0000047c: PUSH2 0x04c7
0000047f: JUMPI
00000480: PUSH1 0x40
00000482: MLOAD
00000483: PUSH3 0x461bcd
00000487: PUSH1 0xe5
00000489: SHL
0000048a: DUP2
0000048b: MSTORE
0000048c: PUSH1 0x20
0000048e: PUSH1 0x04
00000490: DUP3
00000491: ADD
00000492: MSTORE
00000493: PUSH1 0x1c
00000495: PUSH1 0x24
00000497: DUP3
00000498: ADD
00000499: MSTORE
0000049a: PUSH32 0x556e617574686f72697a65642c20726567697374726172206f6e6c7900000000
000004bb: PUSH1 0x44
000004bd: DUP3
000004be: ADD
000004bf: MSTORE
000004c0: PUSH1 0x64
000004c2: ADD
000004c3: PUSH2 0x0218
000004c6: JUMP
000004c7: JUMPDEST
000004c8: PUSH1 0x02
000004ca: PUSH1 0x00
000004cc: SWAP1
000004cd: SLOAD
000004ce: SWAP1
000004cf: PUSH2 0x0100
000004d2: EXP
000004d3: SWAP1
000004d4: DIV
000004d5: PUSH1 0x01
000004d7: PUSH1 0x01
000004d9: PUSH1 0xa0
000004db: SHL
000004dc: SUB
000004dd: AND
000004de: PUSH1 0x01
000004e0: PUSH1 0x01
000004e2: PUSH1 0xa0
000004e4: SHL
000004e5: SUB
000004e6: AND
000004e7: PUSH4 0xe25629cb
000004ec: PUSH1 0x40
000004ee: MLOAD
000004ef: DUP2
000004f0: PUSH4 0xffffffff
000004f5: AND
000004f6: PUSH1 0xe0
000004f8: SHL
000004f9: DUP2
000004fa: MSTORE
000004fb: PUSH1 0x04
000004fd: ADD
000004fe: PUSH1 0x20
00000500: PUSH1 0x40
00000502: MLOAD
00000503: DUP1
00000504: DUP4
00000505: SUB
00000506: DUP2
00000507: DUP7
00000508: GAS
00000509: STATICCALL
0000050a: ISZERO
0000050b: DUP1
0000050c: ISZERO
0000050d: PUSH2 0x051a
00000510: JUMPI
00000511: RETURNDATASIZE
00000512: PUSH1 0x00
00000514: DUP1
00000515: RETURNDATACOPY
00000516: RETURNDATASIZE
00000517: PUSH1 0x00
00000519: REVERT
0000051a: JUMPDEST
0000051b: POP
0000051c: POP
0000051d: POP
0000051e: POP
0000051f: PUSH1 0x40
00000521: MLOAD
00000522: RETURNDATASIZE
00000523: PUSH1 0x1f
00000525: NOT
00000526: PUSH1 0x1f
00000528: DUP3
00000529: ADD
0000052a: AND
0000052b: DUP3
0000052c: ADD
0000052d: DUP1
0000052e: PUSH1 0x40
00000530: MSTORE
00000531: POP
00000532: DUP2
00000533: ADD
00000534: SWAP1
00000535: PUSH2 0x053e
00000538: SWAP2
00000539: SWAP1
0000053a: PUSH2 0x08f5
0000053d: JUMP
0000053e: JUMPDEST
0000053f: PUSH1 0x04
00000541: DUP1
00000542: SLOAD
00000543: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000558: NOT
00000559: AND
0000055a: PUSH1 0x01
0000055c: PUSH1 0x01
0000055e: PUSH1 0xa0
00000560: SHL
00000561: SUB
00000562: SWAP3
00000563: DUP4
00000564: AND
00000565: OR
00000566: SWAP1
00000567: SSTORE
00000568: PUSH1 0x02
0000056a: SLOAD
0000056b: PUSH2 0x0574
0000056e: SWAP2
0000056f: AND
00000570: PUSH2 0x0702
00000573: JUMP
00000574: JUMPDEST
00000575: JUMP
00000576: JUMPDEST
00000577: PUSH1 0x00
00000579: PUSH1 0x04
0000057b: PUSH1 0x00
0000057d: SWAP1
0000057e: SLOAD
0000057f: SWAP1
00000580: PUSH2 0x0100
00000583: EXP
00000584: SWAP1
00000585: DIV
00000586: PUSH1 0x01
00000588: PUSH1 0x01
0000058a: PUSH1 0xa0
0000058c: SHL
0000058d: SUB
0000058e: AND
0000058f: PUSH1 0x01
00000591: PUSH1 0x01
00000593: PUSH1 0xa0
00000595: SHL
00000596: SUB
00000597: AND
00000598: PUSH4 0xe335c8ca
0000059d: PUSH1 0x40
0000059f: MLOAD
000005a0: DUP2
000005a1: PUSH4 0xffffffff
000005a6: AND
000005a7: PUSH1 0xe0
000005a9: SHL
000005aa: DUP2
000005ab: MSTORE
000005ac: PUSH1 0x04
000005ae: ADD
000005af: PUSH1 0x20
000005b1: PUSH1 0x40
000005b3: MLOAD
000005b4: DUP1
000005b5: DUP4
000005b6: SUB
000005b7: DUP2
000005b8: DUP7
000005b9: GAS
000005ba: STATICCALL
000005bb: ISZERO
000005bc: DUP1
000005bd: ISZERO
000005be: PUSH2 0x05cb
000005c1: JUMPI
000005c2: RETURNDATASIZE
000005c3: PUSH1 0x00
000005c5: DUP1
000005c6: RETURNDATACOPY
000005c7: RETURNDATASIZE
000005c8: PUSH1 0x00
000005ca: REVERT
000005cb: JUMPDEST
000005cc: POP
000005cd: POP
000005ce: POP
000005cf: POP
000005d0: PUSH1 0x40
000005d2: MLOAD
000005d3: RETURNDATASIZE
000005d4: PUSH1 0x1f
000005d6: NOT
000005d7: PUSH1 0x1f
000005d9: DUP3
000005da: ADD
000005db: AND
000005dc: DUP3
000005dd: ADD
000005de: DUP1
000005df: PUSH1 0x40
000005e1: MSTORE
000005e2: POP
000005e3: DUP2
000005e4: ADD
000005e5: SWAP1
000005e6: PUSH2 0x05ef
000005e9: SWAP2
000005ea: SWAP1
000005eb: PUSH2 0x0912
000005ee: JUMP
000005ef: JUMPDEST
000005f0: PUSH2 0x05f9
000005f3: SWAP1
000005f4: SELFBALANCE
000005f5: PUSH2 0x092b
000005f8: JUMP
000005f9: JUMPDEST
000005fa: SWAP1
000005fb: POP
000005fc: SWAP1
000005fd: JUMP
000005fe: JUMPDEST
000005ff: DUP2
00000600: SELFBALANCE
00000601: LT
00000602: ISZERO
00000603: PUSH2 0x064e
00000606: JUMPI
00000607: PUSH1 0x40
00000609: MLOAD
0000060a: PUSH3 0x461bcd
0000060e: PUSH1 0xe5
00000610: SHL
00000611: DUP2
00000612: MSTORE
00000613: PUSH1 0x20
00000615: PUSH1 0x04
00000617: DUP3
00000618: ADD
00000619: MSTORE
0000061a: PUSH1 0x14
0000061c: PUSH1 0x24
0000061e: DUP3
0000061f: ADD
00000620: MSTORE
00000621: PUSH32 0x496e73756666696369656e742062616c616e6365000000000000000000000000
00000642: PUSH1 0x44
00000644: DUP3
00000645: ADD
00000646: MSTORE
00000647: PUSH1 0x64
00000649: ADD
0000064a: PUSH2 0x0218
0000064d: JUMP
0000064e: JUMPDEST
0000064f: PUSH1 0x00
00000651: DUP4
00000652: PUSH1 0x01
00000654: PUSH1 0x01
00000656: PUSH1 0xa0
00000658: SHL
00000659: SUB
0000065a: AND
0000065b: DUP4
0000065c: DUP4
0000065d: PUSH1 0x40
0000065f: MLOAD
00000660: PUSH2 0x0669
00000663: SWAP2
00000664: SWAP1
00000665: PUSH2 0x0952
00000668: JUMP
00000669: JUMPDEST
0000066a: PUSH1 0x00
0000066c: PUSH1 0x40
0000066e: MLOAD
0000066f: DUP1
00000670: DUP4
00000671: SUB
00000672: DUP2
00000673: DUP6
00000674: DUP8
00000675: GAS
00000676: CALL
00000677: SWAP3
00000678: POP
00000679: POP
0000067a: POP
0000067b: RETURNDATASIZE
0000067c: DUP1
0000067d: PUSH1 0x00
0000067f: DUP2
00000680: EQ
00000681: PUSH2 0x06a6
00000684: JUMPI
00000685: PUSH1 0x40
00000687: MLOAD
00000688: SWAP2
00000689: POP
0000068a: PUSH1 0x1f
0000068c: NOT
0000068d: PUSH1 0x3f
0000068f: RETURNDATASIZE
00000690: ADD
00000691: AND
00000692: DUP3
00000693: ADD
00000694: PUSH1 0x40
00000696: MSTORE
00000697: RETURNDATASIZE
00000698: DUP3
00000699: MSTORE
0000069a: RETURNDATASIZE
0000069b: PUSH1 0x00
0000069d: PUSH1 0x20
0000069f: DUP5
000006a0: ADD
000006a1: RETURNDATACOPY
000006a2: PUSH2 0x06ab
000006a5: JUMP
000006a6: JUMPDEST
000006a7: PUSH1 0x60
000006a9: SWAP2
000006aa: POP
000006ab: JUMPDEST
000006ac: POP
000006ad: POP
000006ae: SWAP1
000006af: POP
000006b0: DUP1
000006b1: PUSH2 0x06fc
000006b4: JUMPI
000006b5: PUSH1 0x40
000006b7: MLOAD
000006b8: PUSH3 0x461bcd
000006bc: PUSH1 0xe5
000006be: SHL
000006bf: DUP2
000006c0: MSTORE
000006c1: PUSH1 0x20
000006c3: PUSH1 0x04
000006c5: DUP3
000006c6: ADD
000006c7: MSTORE
000006c8: PUSH1 0x14
000006ca: PUSH1 0x24
000006cc: DUP3
000006cd: ADD
000006ce: MSTORE
000006cf: PUSH32 0x4661696c656420746f2073656e64204574686572000000000000000000000000
000006f0: PUSH1 0x44
000006f2: DUP3
000006f3: ADD
000006f4: MSTORE
000006f5: PUSH1 0x64
000006f7: ADD
000006f8: PUSH2 0x0218
000006fb: JUMP
000006fc: JUMPDEST
000006fd: POP
000006fe: POP
000006ff: POP
00000700: POP
00000701: JUMP
00000702: JUMPDEST
00000703: DUP1
00000704: PUSH1 0x01
00000706: PUSH1 0x01
00000708: PUSH1 0xa0
0000070a: SHL
0000070b: SUB
0000070c: AND
0000070d: PUSH4 0xda91d796
00000712: PUSH1 0x40
00000714: MLOAD
00000715: DUP2
00000716: PUSH4 0xffffffff
0000071b: AND
0000071c: PUSH1 0xe0
0000071e: SHL
0000071f: DUP2
00000720: MSTORE
00000721: PUSH1 0x04
00000723: ADD
00000724: PUSH1 0x20
00000726: PUSH1 0x40
00000728: MLOAD
00000729: DUP1
0000072a: DUP4
0000072b: SUB
0000072c: DUP2
0000072d: DUP7
0000072e: GAS
0000072f: STATICCALL
00000730: ISZERO
00000731: DUP1
00000732: ISZERO
00000733: PUSH2 0x0740
00000736: JUMPI
00000737: RETURNDATASIZE
00000738: PUSH1 0x00
0000073a: DUP1
0000073b: RETURNDATACOPY
0000073c: RETURNDATASIZE
0000073d: PUSH1 0x00
0000073f: REVERT
00000740: JUMPDEST
00000741: POP
00000742: POP
00000743: POP
00000744: POP
00000745: PUSH1 0x40
00000747: MLOAD
00000748: RETURNDATASIZE
00000749: PUSH1 0x1f
0000074b: NOT
0000074c: PUSH1 0x1f
0000074e: DUP3
0000074f: ADD
00000750: AND
00000751: DUP3
00000752: ADD
00000753: DUP1
00000754: PUSH1 0x40
00000756: MSTORE
00000757: POP
00000758: DUP2
00000759: ADD
0000075a: SWAP1
0000075b: PUSH2 0x0764
0000075e: SWAP2
0000075f: SWAP1
00000760: PUSH2 0x08f5
00000763: JUMP
00000764: JUMPDEST
00000765: PUSH1 0x01
00000767: DUP1
00000768: SLOAD
00000769: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000077e: NOT
0000077f: AND
00000780: PUSH1 0x01
00000782: PUSH1 0x01
00000784: PUSH1 0xa0
00000786: SHL
00000787: SUB
00000788: SWAP3
00000789: SWAP1
0000078a: SWAP3
0000078b: AND
0000078c: SWAP2
0000078d: SWAP1
0000078e: SWAP2
0000078f: OR
00000790: SWAP1
00000791: SSTORE
00000792: POP
00000793: JUMP
00000794: JUMPDEST
00000795: PUSH1 0x01
00000797: PUSH1 0x01
00000799: PUSH1 0xa0
0000079b: SHL
0000079c: SUB
0000079d: DUP2
0000079e: AND
0000079f: DUP2
000007a0: EQ
000007a1: PUSH2 0x03c6
000007a4: JUMPI
000007a5: PUSH1 0x00
000007a7: DUP1
000007a8: REVERT
000007a9: JUMPDEST
000007aa: PUSH1 0x00
000007ac: PUSH1 0x20
000007ae: DUP3
000007af: DUP5
000007b0: SUB
000007b1: SLT
000007b2: ISZERO
000007b3: PUSH2 0x07bb
000007b6: JUMPI
000007b7: PUSH1 0x00
000007b9: DUP1
000007ba: REVERT
000007bb: JUMPDEST
000007bc: DUP2
000007bd: CALLDATALOAD
000007be: PUSH2 0x07c6
000007c1: DUP2
000007c2: PUSH2 0x0794
000007c5: JUMP
000007c6: JUMPDEST
000007c7: SWAP4
000007c8: SWAP3
000007c9: POP
000007ca: POP
000007cb: POP
000007cc: JUMP
000007cd: JUMPDEST
000007ce: PUSH1 0x00
000007d0: DUP1
000007d1: PUSH1 0x40
000007d3: DUP4
000007d4: DUP6
000007d5: SUB
000007d6: SLT
000007d7: ISZERO
000007d8: PUSH2 0x07e0
000007db: JUMPI
000007dc: PUSH1 0x00
000007de: DUP1
000007df: REVERT
000007e0: JUMPDEST
000007e1: DUP3
000007e2: CALLDATALOAD
000007e3: PUSH2 0x07eb
000007e6: DUP2
000007e7: PUSH2 0x0794
000007ea: JUMP
000007eb: JUMPDEST
000007ec: SWAP5
000007ed: PUSH1 0x20
000007ef: SWAP4
000007f0: SWAP1
000007f1: SWAP4
000007f2: ADD
000007f3: CALLDATALOAD
000007f4: SWAP4
000007f5: POP
000007f6: POP
000007f7: POP
000007f8: JUMP
000007f9: JUMPDEST
000007fa: PUSH1 0x00
000007fc: PUSH1 0x20
000007fe: DUP3
000007ff: DUP5
00000800: SUB
00000801: SLT
00000802: ISZERO
00000803: PUSH2 0x080b
00000806: JUMPI
00000807: PUSH1 0x00
00000809: DUP1
0000080a: REVERT
0000080b: JUMPDEST
0000080c: POP
0000080d: CALLDATALOAD
0000080e: SWAP2
0000080f: SWAP1
00000810: POP
00000811: JUMP
00000812: JUMPDEST
00000813: PUSH4 0x4e487b71
00000818: PUSH1 0xe0
0000081a: SHL
0000081b: PUSH1 0x00
0000081d: MSTORE
0000081e: PUSH1 0x41
00000820: PUSH1 0x04
00000822: MSTORE
00000823: PUSH1 0x24
00000825: PUSH1 0x00
00000827: REVERT
00000828: JUMPDEST
00000829: PUSH1 0x00
0000082b: DUP1
0000082c: PUSH1 0x00
0000082e: PUSH1 0x60
00000830: DUP5
00000831: DUP7
00000832: SUB
00000833: SLT
00000834: ISZERO
00000835: PUSH2 0x083d
00000838: JUMPI
00000839: PUSH1 0x00
0000083b: DUP1
0000083c: REVERT
0000083d: JUMPDEST
0000083e: DUP4
0000083f: CALLDATALOAD
00000840: PUSH2 0x0848
00000843: DUP2
00000844: PUSH2 0x0794
00000847: JUMP
00000848: JUMPDEST
00000849: SWAP3
0000084a: POP
0000084b: PUSH1 0x20
0000084d: DUP5
0000084e: ADD
0000084f: CALLDATALOAD
00000850: SWAP2
00000851: POP
00000852: PUSH1 0x40
00000854: DUP5
00000855: ADD
00000856: CALLDATALOAD
00000857: PUSH8 0xffffffffffffffff
00000860: DUP1
00000861: DUP3
00000862: GT
00000863: ISZERO
00000864: PUSH2 0x086c
00000867: JUMPI
00000868: PUSH1 0x00
0000086a: DUP1
0000086b: REVERT
0000086c: JUMPDEST
0000086d: DUP2
0000086e: DUP7
0000086f: ADD
00000870: SWAP2
00000871: POP
00000872: DUP7
00000873: PUSH1 0x1f
00000875: DUP4
00000876: ADD
00000877: SLT
00000878: PUSH2 0x0880
0000087b: JUMPI
0000087c: PUSH1 0x00
0000087e: DUP1
0000087f: REVERT
00000880: JUMPDEST
00000881: DUP2
00000882: CALLDATALOAD
00000883: DUP2
00000884: DUP2
00000885: GT
00000886: ISZERO
00000887: PUSH2 0x0892
0000088a: JUMPI
0000088b: PUSH2 0x0892
0000088e: PUSH2 0x0812
00000891: JUMP
00000892: JUMPDEST
00000893: PUSH1 0x40
00000895: MLOAD
00000896: PUSH1 0x1f
00000898: DUP3
00000899: ADD
0000089a: PUSH1 0x1f
0000089c: NOT
0000089d: SWAP1
0000089e: DUP2
0000089f: AND
000008a0: PUSH1 0x3f
000008a2: ADD
000008a3: AND
000008a4: DUP2
000008a5: ADD
000008a6: SWAP1
000008a7: DUP4
000008a8: DUP3
000008a9: GT
000008aa: DUP2
000008ab: DUP4
000008ac: LT
000008ad: OR
000008ae: ISZERO
000008af: PUSH2 0x08ba
000008b2: JUMPI
000008b3: PUSH2 0x08ba
000008b6: PUSH2 0x0812
000008b9: JUMP
000008ba: JUMPDEST
000008bb: DUP2
000008bc: PUSH1 0x40
000008be: MSTORE
000008bf: DUP3
000008c0: DUP2
000008c1: MSTORE
000008c2: DUP10
000008c3: PUSH1 0x20
000008c5: DUP5
000008c6: DUP8
000008c7: ADD
000008c8: ADD
000008c9: GT
000008ca: ISZERO
000008cb: PUSH2 0x08d3
000008ce: JUMPI
000008cf: PUSH1 0x00
000008d1: DUP1
000008d2: REVERT
000008d3: JUMPDEST
000008d4: DUP3
000008d5: PUSH1 0x20
000008d7: DUP7
000008d8: ADD
000008d9: PUSH1 0x20
000008db: DUP4
000008dc: ADD
000008dd: CALLDATACOPY
000008de: PUSH1 0x00
000008e0: PUSH1 0x20
000008e2: DUP5
000008e3: DUP4
000008e4: ADD
000008e5: ADD
000008e6: MSTORE
000008e7: DUP1
000008e8: SWAP6
000008e9: POP
000008ea: POP
000008eb: POP
000008ec: POP
000008ed: POP
000008ee: POP
000008ef: SWAP3
000008f0: POP
000008f1: SWAP3
000008f2: POP
000008f3: SWAP3
000008f4: JUMP
000008f5: JUMPDEST
000008f6: PUSH1 0x00
000008f8: PUSH1 0x20
000008fa: DUP3
000008fb: DUP5
000008fc: SUB
000008fd: SLT
000008fe: ISZERO
000008ff: PUSH2 0x0907
00000902: JUMPI
00000903: PUSH1 0x00
00000905: DUP1
00000906: REVERT
00000907: JUMPDEST
00000908: DUP2
00000909: MLOAD
0000090a: PUSH2 0x07c6
0000090d: DUP2
0000090e: PUSH2 0x0794
00000911: JUMP
00000912: JUMPDEST
00000913: PUSH1 0x00
00000915: PUSH1 0x20
00000917: DUP3
00000918: DUP5
00000919: SUB
0000091a: SLT
0000091b: ISZERO
0000091c: PUSH2 0x0924
0000091f: JUMPI
00000920: PUSH1 0x00
00000922: DUP1
00000923: REVERT
00000924: JUMPDEST
00000925: POP
00000926: MLOAD
00000927: SWAP2
00000928: SWAP1
00000929: POP
0000092a: JUMP
0000092b: JUMPDEST
0000092c: DUP1
0000092d: DUP3
0000092e: ADD
0000092f: DUP1
00000930: DUP3
00000931: GT
00000932: ISZERO
00000933: PUSH2 0x094c
00000936: JUMPI
00000937: PUSH4 0x4e487b71
0000093c: PUSH1 0xe0
0000093e: SHL
0000093f: PUSH1 0x00
00000941: MSTORE
00000942: PUSH1 0x11
00000944: PUSH1 0x04
00000946: MSTORE
00000947: PUSH1 0x24
00000949: PUSH1 0x00
0000094b: REVERT
0000094c: JUMPDEST
0000094d: SWAP3
0000094e: SWAP2
0000094f: POP
00000950: POP
00000951: JUMP
00000952: JUMPDEST
00000953: PUSH1 0x00
00000955: DUP3
00000956: MLOAD
00000957: PUSH1 0x00
00000959: JUMPDEST
0000095a: DUP2
0000095b: DUP2
0000095c: LT
0000095d: ISZERO
0000095e: PUSH2 0x0973
00000961: JUMPI
00000962: PUSH1 0x20
00000964: DUP2
00000965: DUP7
00000966: ADD
00000967: DUP2
00000968: ADD
00000969: MLOAD
0000096a: DUP6
0000096b: DUP4
0000096c: ADD
0000096d: MSTORE
0000096e: ADD
0000096f: PUSH2 0x0959
00000972: JUMP
00000973: JUMPDEST
00000974: POP
00000975: PUSH1 0x00
00000977: SWAP3
00000978: ADD
00000979: SWAP2
0000097a: DUP3
0000097b: MSTORE
0000097c: POP
0000097d: SWAP2
0000097e: SWAP1
0000097f: POP
00000980: JUMP
00000981: INVALID
00000982: LOG2
00000983: PUSH5 0x6970667358
00000989: UNKNOWN(0x22)
0000098a: SLT
0000098b: KECCAK256
0000098c: PUSH19 0x95ca239db31c40b64f215f3e6436ec10566642
000009a0: PUSH32

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x958ac6fd4683724063f38305db38b00b862e973218ae10629a9cd60321f9f88b
call_targets: 0x1ca9db430401ce71d6da53cd571035e210e6c9fe
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x958ac6fd4683724063f38305db38b00b862e973218ae10629a9cd60321f9f88b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x1ca9db430401ce71d6da53cd571035e210e6c9fe"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xd54fb850",
            "selector": "0xd54fb850",
            "calldata_variants": [
                "0xd54fb850",
                "0xd54fb8500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe26db6fc",
            "selector": "0xe26db6fc",
            "calldata_variants": [
                "0xe26db6fc",
                "0xe26db6fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf38a3f84",
            "selector": "0xf38a3f84",
            "calldata_variants": [
                "0xf38a3f84",
                "0xf38a3f840000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8555d03c",
            "selector": "0x8555d03c",
            "calldata_variants": [
                "0x8555d03c",
                "0x8555d03c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb1957e5d",
            "selector": "0xb1957e5d",
            "calldata_variants": [
                "0xb1957e5d",
                "0xb1957e5d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x0f2ad452",
            "selector": "0x0f2ad452",
            "calldata_variants": [
                "0x0f2ad452",
                "0x0f2ad4520000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x223eb640",
            "selector": "0x223eb640",
            "calldata_variants": [
                "0x223eb640",
                "0x223eb6400000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4d3f7334",
            "selector": "0x4d3f7334",
            "calldata_variants": [
                "0x4d3f7334",
                "0x4d3f73340000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1654,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x958ac6fd4683724063f38305db38b00b862e973218ae10629a9cd60321f9f88b
call_targets: 0x1ca9db430401ce71d6da53cd571035e210e6c9fe
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x958ac6fd4683724063f38305db38b00b862e973218ae10629a9cd60321f9f88b",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x1ca9db430401ce71d6da53cd571035e210e6c9fe"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xd54fb850",
            "selector": "0xd54fb850",
            "calldata_variants": [
                "0xd54fb850",
                "0xd54fb8500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe26db6fc",
            "selector": "0xe26db6fc",
            "calldata_variants": [
                "0xe26db6fc",
                "0xe26db6fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf38a3f84",
            "selector": "0xf38a3f84",
            "calldata_variants": [
                "0xf38a3f84",
                "0xf38a3f840000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8555d03c",
            "selector": "0x8555d03c",
            "calldata_variants": [
                "0x8555d03c",
                "0x8555d03c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb1957e5d",
            "selector": "0xb1957e5d",
            "calldata_variants": [
                "0xb1957e5d",
                "0xb1957e5d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x0f2ad452",
            "selector": "0x0f2ad452",
            "calldata_variants": [
                "0x0f2ad452",
                "0x0f2ad4520000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x223eb640",
            "selector": "0x223eb640",
            "calldata_variants": [
                "0x223eb640",
                "0x223eb6400000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4d3f7334",
            "selector": "0x4d3f7334",
            "calldata_variants": [
                "0x4d3f7334",
                "0x4d3f73340000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 1654,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}