60ed7a90-3d7b-4616-abba-573f64440894
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31077 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 76276 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 76277 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 76278 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 76279 | capability.graph | complete | 1 / 3 | 1 week ago |
| 76280 | detector.run | complete | 1 / 3 | 1 week ago |
| 76281 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:703565] OpenAI Codex v0.77.0 (research preview)
[codex:703565] --------
[codex:703565] workdir: /tmp/codex-multi-e9g7ovah
[codex:703565] model: gpt-5.2-codex
[codex:703565] provider: openai
[codex:703565] approval: never
[codex:703565] sandbox: read-only
[codex:703565] reasoning effort: xhigh
[codex:703565] reasoning summaries: auto
[codex:703565] session id: 019b7a5c-0ea3-76b2-b97b-1187045434e4
[codex:703565] --------
[codex:703565] user
[codex:703565] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:703565]
[codex:703565] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:703565]
[codex:703565] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:703565] - Gas inefficiency, code quality, or best practices
[codex:703565] - Theoretical vulnerabilities without a clear extraction path
[codex:703565] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:703565] - Issues requiring social engineering or off-chain coordination
[codex:703565]
[codex:703565] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:703565] - CALL/DELEGATECALL with controllable destination or calldata
[codex:703565] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:703565] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:703565] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:703565] - External calls before state updates (reentrancy)
[codex:703565] - SELFDESTRUCT with controllable beneficiary
[codex:703565] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:703565]
[codex:703565] For each finding, you MUST explain:
[codex:703565] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:703565] 2. The concrete sequence of transactions to extract value
[codex:703565] 3. Why you believe this is exploitable (not just suspicious)
[codex:703565]
[codex:703565] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:703565] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:703565]
[codex:703565] Output MUST be valid JSON matching the provided schema.
[codex:703565] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:703565] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:703565] mcp startup: no servers
[codex:703565]
[codex:703565] thinking
[codex:703565] **Searching for bytecode files**
[codex:703565] exec
[codex:703565] /bin/bash -lc ls in /tmp/codex-multi-e9g7ovah succeeded in 6ms:
[codex:703565] BYTECODE_BUNDLE.txt
[codex:703565] codex-output-schema.json
[codex:703565]
[codex:703565] thinking
[codex:703565] **Reading file content**
[codex:703565] exec
[codex:703565] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-e9g7ovah succeeded in 5ms:
[codex:703565] Runtime bytecode bundle for best-effort auditing.
[codex:703565] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:703565]
[codex:703565] FILE: runtime_bytecode.hex
[codex:703565] 0x6080604052600436106100ec5760003560e01c80638da5cb5b1161008a578063b429afeb11610059578063b429afeb1461023b578063c0c53b8b1461025b578063ca350aa61461027b578063f6a74ed71461029b576100f3565b80638da5cb5b146101c45780639fd0506d146101e6578063a6f9dae1146101fb578063a7fc7a071461021b576100f3565b80633f4ba83a116100c65780633f4ba83a1461016557806345c23df21461017a5780635c975abb1461019a5780638456cb59146101af576100f3565b8063158ef93e146100f85780631a1da075146101235780632d88af4a14610145576100f3565b366100f357005b600080fd5b34801561010457600080fd5b5061010d6102bb565b60405161011a91906119e5565b60405180910390f35b34801561012f57600080fd5b5061014361013e366004611977565b6102c4565b005b34801561015157600080fd5b50610143610160366004611846565b610566565b34801561017157600080fd5b506101436105fd565b34801561018657600080fd5b506101436101953660046118a9565b6106f1565b3480156101a657600080fd5b5061010d6108d0565b3480156101bb57600080fd5b506101436108f1565b3480156101d057600080fd5b506101d96109fc565b60405161011a91906119c4565b3480156101f257600080fd5b506101d9610a1d565b34801561020757600080fd5b50610143610216366004611846565b610a39565b34801561022757600080fd5b50610143610236366004611846565b610acd565b34801561024757600080fd5b5061010d610256366004611846565b610b61565b34801561026757600080fd5b50610143610276366004611867565b610b90565b34801561028757600080fd5b50610143610296366004611901565b610cad565b3480156102a757600080fd5b506101436102b6366004611846565b610ea3565b60005460ff1690565b3360009081526001602052604090205460ff1661034257604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601a60248201527f63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000604482015290519081900360640190fd5b60025474010000000000000000000000000000000000000000900460ff16156103cc57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f636f6e7472616374206973207061757365640000000000000000000000000000604482015290519081900360640190fd5b60005b8281101561056057368484838181106103e457fe5b60400291909101915060009050806103ff6020840184611846565b73ffffffffffffffffffffffffffffffffffffffff1683602001358690604051610428906119c1565b600060405180830381858888f193505050503d8060008114610466576040519150601f19603f3d011682016040523d82523d6000602084013e61046b565b606091505b5091509150816105545782602001354710156104e95761048e6020840184611846565b73ffffffffffffffffffffffffffffffffffffffff167fdc386723e55a1ab06e0a64036ce7bb4fd1e1aea21f6def62d2d577e9d12f9dfc8460200135866040516104d9929190611a70565b60405180910390a2505050610558565b6104f66020840184611846565b73ffffffffffffffffffffffffffffffffffffffff167fdc386723e55a1ab06e0a64036ce7bb4fd1e1aea21f6def62d2d577e9d12f9dfc84602001358661053c85610f37565b60405161054b939291906119f0565b60405180910390a25b5050505b6001016103cf565b50505050565b600054610100900473ffffffffffffffffffffffffffffffffffffffff1633146105f157604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f63616c6c6572206973206e6f7420746865206f776e6572000000000000000000604482015290519081900360640190fd5b6105fa8161104e565b50565b60025473ffffffffffffffffffffffffffffffffffffffff16331461068357604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f63616c6c6572206973206e6f7420746865207061757365720000000000000000604482015290519081900360640190fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff811690915560405173ffffffffffffffffffffffffffffffffffffffff909116907f5db9ee0a495bf2e6ff9c91a7834c1ba4fdd244a5e8aa4e537bd38aeae4b073aa90600090a2565b3360009081526001602052604090205460ff1661076f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601a60248201527f63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000604482015290519081900360640190fd5b60025474010000000000000000000000000000000000000000900460ff16156107f957604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f636f6e7472616374206973207061757365640000000000000000000000000000604482015290519081900360640190fd5b60005b828110156108c9573684848381811061081157fe5b604002919091019150600090508061083b61082f6020850185611846565b84602001358a886110dc565b91509150816108be576108516020840184611846565b73ffffffffffffffffffffffffffffffffffffffff168873ffffffffffffffffffffffffffffffffffffffff167fb188237eb0771568342dc85d228544faf9ace28e6a2895296b14044755415146856020013587856040516108b5939291906119f0565b60405180910390a35b5050506001016107fc565b5050505050565b60025474010000000000000000000000000000000000000000900460ff1690565b60025473ffffffffffffffffffffffffffffffffffffffff16331461097757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f63616c6c6572206973206e6f7420746865207061757365720000000000000000604482015290519081900360640190fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff1674010000000000000000000000000000000000000000179081905560405173ffffffffffffffffffffffffffffffffffffffff909116907f62e78cea01bee320cd4e420270b5ea74000d11b0c9f74754ebdbfc544b05a25890600090a2565b600054610100900473ffffffffffffffffffffffffffffffffffffffff1690565b60025473ffffffffffffffffffffffffffffffffffffffff1690565b600054610100900473ffffffffffffffffffffffffffffffffffffffff163314610ac457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f63616c6c6572206973206e6f7420746865206f776e6572000000000000000000604482015290519081900360640190fd5b6105fa816112d4565b600054610100900473ffffffffffffffffffffffffffffffffffffffff163314610b5857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f63616c6c6572206973206e6f7420746865206f776e6572000000000000000000604482015290519081900360640190fd5b6105fa81611472565b73ffffffffffffffffffffffffffffffffffffffff811660009081526001602052604090205460ff165b919050565b60005460ff1615610c0257604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601360248201527f616c726561647920696e697469616c697a656400000000000000000000000000604482015290519081900360640190fd5b610c0b836112d4565b73ffffffffffffffffffffffffffffffffffffffff821615610c3057610c3082611472565b73ffffffffffffffffffffffffffffffffffffffff811615610c5557610c558161104e565b600080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016600117815560405133917f908408e307fc569b417f6cbec5d5a06f44a0a505ac0479b47d421a4b2fd6a1e691a2505050565b3360009081526001602052604090205460ff16610d2b57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601a60248201527f63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000604482015290519081900360640190fd5b60025474010000000000000000000000000000000000000000900460ff1615610db557604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f636f6e7472616374206973207061757365640000000000000000000000000000604482015290519081900360640190fd5b60005b828110156105605736848483818110610dcd57fe5b9050606002019050600080610e06836020016020810190610dee9190611846565b6040850135610e006020870187611846565b886110dc565b9150915081610e9857610e1f6040840160208501611846565b73ffffffffffffffffffffffffffffffffffffffff16610e426020850185611846565b73ffffffffffffffffffffffffffffffffffffffff167fb188237eb0771568342dc85d228544faf9ace28e6a2895296b1404475541514685604001358785604051610e8f939291906119f0565b60405180910390a35b505050600101610db8565b600054610100900473ffffffffffffffffffffffffffffffffffffffff163314610f2e57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f63616c6c6572206973206e6f7420746865206f776e6572000000000000000000604482015290519081900360640190fd5b6105fa816116ac565b6060606482511015610f7d575060408051808201909152601981527f6e6f20726561736f6e20737472696e672070726f7669646564000000000000006020820152610b8b565b60048201805160248401906020811015610f9657600080fd5b8101908080516040519392919084640100000000821115610fb657600080fd5b908301906020820185811115610fcb57600080fd5b8251640100000000811182820188101715610fe557600080fd5b82525081516020918201929091019080838360005b83811015611012578181015183820152602001610ffa565b50505050905090810190601f16801561103f5780820380516001836020036101000a031916815260200191505b50604052505050915050919050565b60025460405173ffffffffffffffffffffffffffffffffffffffff8084169216907f95bb211a5a393c4d30c3edc9a745825fba4e6ad3e3bb949e6bf8ccdfe431a81190600090a3600280547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff92909216919091179055565b6040805173ffffffffffffffffffffffffffffffffffffffff8087166024830152604480830187905283518084039091018152606490920183526020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fa9059cbb00000000000000000000000000000000000000000000000000000000178152925182516000946060949386938493918a1692899287929182918083835b602083106111b957805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0909201916020918201910161117c565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038160008787f1925050503d806000811461121c576040519150601f19603f3d011682016040523d82523d6000602084013e611221565b606091505b509150915081156112b85760008151118015611251575080806020019051602081101561124d57600080fd5b5051155b1561129a5760006040518060400160405280600e81526020017f66616c73652072657475726e6564000000000000000000000000000000000000815250945094505050506112cb565b600160405180602001604052806000815250945094505050506112cb565b60006112c382610f37565b945094505050505b94509492505050565b73ffffffffffffffffffffffffffffffffffffffff811661135657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f6163636f756e7420697320746865207a65726f20616464726573730000000000604482015290519081900360640190fd5b73ffffffffffffffffffffffffffffffffffffffff81163014156113db57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f6163636f756e74206973207468697320636f6e74726163740000000000000000604482015290519081900360640190fd5b6000805460405173ffffffffffffffffffffffffffffffffffffffff8085169361010090930416917fb532073b38c83145e3e5135377a08bf9aab55bc0fd7c1179cd4fb995d2a5159c91a36000805473ffffffffffffffffffffffffffffffffffffffff909216610100027fffffffffffffffffffffff0000000000000000000000000000000000000000ff909216919091179055565b73ffffffffffffffffffffffffffffffffffffffff81166114f457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f6163636f756e7420697320746865207a65726f20616464726573730000000000604482015290519081900360640190fd5b73ffffffffffffffffffffffffffffffffffffffff811630141561157957604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f6163636f756e74206973207468697320636f6e74726163740000000000000000604482015290519081900360640190fd5b73ffffffffffffffffffffffffffffffffffffffff811660009081526001602052604090205460ff161561160e57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601f60248201527f6163636f756e7420697320616c7265616479206120636f6e74726f6c6c657200604482015290519081900360640190fd5b6000805460405173ffffffffffffffffffffffffffffffffffffffff610100909204821692918416917f09703263c91de41f96b822b3995609acf9858ba081d151c4e7ec3398085ae32691a373ffffffffffffffffffffffffffffffffffffffff16600090815260016020819052604090912080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00169091179055565b73ffffffffffffffffffffffffffffffffffffffff811660009081526001602052604090205460ff1661174057604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f6163636f756e74206973206e6f74206120636f6e74726f6c6c65720000000000604482015290519081900360640190fd5b6000805460405173ffffffffffffffffffffffffffffffffffffffff610100909204821692918416917f41f64ada53a9badeceff01974383e6c72edbc9d5761a759526902033848c74eb91a373ffffffffffffffffffffffffffffffffffffffff16600090815260016020526040902080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00169055565b803573ffffffffffffffffffffffffffffffffffffffff81168114610b8b57600080fd5b60008083601f84011261180d578182fd5b50813567ffffffffffffffff811115611824578182fd5b60208301915083602060408302850101111561183f57600080fd5b9250929050565b600060208284031215611857578081fd5b611860826117d8565b9392505050565b60008060006060848603121561187b578182fd5b611884846117d8565b9250611892602085016117d8565b91506118a0604085016117d8565b90509250925092565b600080600080606085870312156118be578081fd5b6118c7856117d8565b9350602085013567ffffffffffffffff8111156118e2578182fd5b6118ee878288016117fc565b9598909750949560400135949350505050565b600080600060408486031215611915578283fd5b833567ffffffffffffffff8082111561192c578485fd5b818601915086601f83011261193f578485fd5b81358181111561194d578586fd5b876020606083028501011115611961578586fd5b6020928301989097509590910135949350505050565b60008060006040848603121561198b578283fd5b833567ffffffffffffffff8111156119a1578384fd5b6119ad868287016117fc565b909790965060209590950135949350505050565b90565b73ffffffffffffffffffffffffffffffffffffffff91909116815260200190565b901515815260200190565b600084825260208481840152606060408401528351806060850152825b81811015611a2957858101830151858201608001528201611a0d565b81811115611a3a5783608083870101525b50601f017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0169290920160800195945050505050565b9182526020820152606060408201819052601f908201527f7472616e7366657220616d6f756e7420657863656564732062616c616e636500608082015260a0019056fea2646970667358221220674af724c5bbcb225884f534356fc75f739803449d2d49690575b700fe11aceb64736f6c63430007060033
[codex:703565]
[codex:703565]
[codex:703565] thinking
[codex:703565] **Analyzing Solidity bytecode functions**
[codex:703565] thinking
[codex:703565] **Mapping owner-only and controller functions**
[codex:703565]
[codex:703565] I’m identifying which functions are owner-restricted (like adding/removing controllers, transferring ownership, setting pauser) and confirming internal helpers enforce these checks tightly. This helps clarify where privileged control lies and narrows down potential exploit spots.
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] from eth_utils import keccak
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 233ms:
[codex:703565]
[codex:703565]
[codex:703565] thinking
[codex:703565] **Preparing simple disassembler script**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] # extract runtime_bytecode.hex line after
[codex:703565] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata)
[codex:703565] code=m.group(1)[2:]
[codex:703565] # remove metadata? keep all
[codex:703565] # opcode map
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] # build list
[codex:703565] code_bytes=bytes.fromhex(code)
[codex:703565]
[codex:703565] # function to disassemble a range
[codex:703565]
[codex:703565] def disasm(start, end):
[codex:703565] i=start
[codex:703565] out=[]
[codex:703565] while i<end:
[codex:703565] op=code_bytes[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code_bytes[i+1:i+1+n]
[codex:703565] out.append((i,name,data.hex()))
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] out.append((i,name,None))
[codex:703565] i+=1
[codex:703565] return out
[codex:703565]
[codex:703565] # print ranges around 0x2c4 and 0x6f1 and 0xcad
[codex:703565] for start in [0x2c4,0x6f1,0xcad,0xea3]:
[codex:703565] end=start+0x120
[codex:703565] print('---',hex(start),'---')
[codex:703565] for off,name,data in disasm(start,end):
[codex:703565] if data is None:
[codex:703565] print(f'{off:04x}: {name}')
[codex:703565] else:
[codex:703565] print(f'{off:04x}: {name} 0x{data}')
[codex:703565] print()
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 28ms:
[codex:703565] --- 0x2c4 ---
[codex:703565] 02c4: JUMPDEST
[codex:703565] 02c5: CALLER
[codex:703565] 02c6: PUSH1 0x00
[codex:703565] 02c8: SWAP1
[codex:703565] 02c9: DUP2
[codex:703565] 02ca: MSTORE
[codex:703565] 02cb: PUSH1 0x01
[codex:703565] 02cd: PUSH1 0x20
[codex:703565] 02cf: MSTORE
[codex:703565] 02d0: PUSH1 0x40
[codex:703565] 02d2: SWAP1
[codex:703565] 02d3: SHA3
[codex:703565] 02d4: SLOAD
[codex:703565] 02d5: PUSH1 0xff
[codex:703565] 02d7: AND
[codex:703565] 02d8: PUSH2 0x0342
[codex:703565] 02db: JUMPI
[codex:703565] 02dc: PUSH1 0x40
[codex:703565] 02de: DUP1
[codex:703565]
[codex:703565] thinking
[codex:703565] **Reevaluating function offsets and roles**
[codex:703565]
[codex:703565] I see that the code at 0xcad is misidentified—it’s actually a controller-only batch function with access checks, not the initializer I expected. The initializer might be near 0xc02, where the “already initialized” revert string shows up, so I want to locate it precisely by searching for that ASCII string’s offset in the bytecode using Python. This should help me correctly map functions.
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata)
[codex:703565] code=bytes.fromhex(m.group(1)[2:])
[codex:703565] needle=b'already initialized'
[codex:703565] idx=code.find(needle)
[codex:703565] print('idx',hex(idx))
[codex:703565] # show some bytes around idx
[codex:703565] start=max(0,idx-40); end=idx+len(needle)+40
[codex:703565] print(code[start:end].hex())
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 24ms:
[codex:703565] idx 0xbd2
[codex:703565] 0000000000000000000000000000000000000000000000815260206004820152601360248201527f616c726561647920696e697469616c697a656400000000000000000000000000604482015290519081900360640190fd5b610c0b836112d4565b73
[codex:703565]
[codex:703565] thinking
[codex:703565] **Preparing disassembly range**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # opcode map
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] code_bytes=code
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code_bytes[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code_bytes[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('--- 0xb60..0xd20 ---')
[codex:703565] disasm(0xb60,0xd20)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 32ms:
[codex:703565] --- 0xb60..0xd20 ---
[codex:703565] 0b60: JUMP
[codex:703565] 0b61: JUMPDEST
[codex:703565] 0b62: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:703565] 0b77: DUP2
[codex:703565] 0b78: AND
[codex:703565] 0b79: PUSH1 0x00
[codex:703565] 0b7b: SWAP1
[codex:703565] 0b7c: DUP2
[codex:703565] 0b7d: MSTORE
[codex:703565] 0b7e: PUSH1 0x01
[codex:703565] 0b80: PUSH1 0x20
[codex:703565] 0b82: MSTORE
[codex:703565] 0b83: PUSH1 0x40
[codex:703565] 0b85: SWAP1
[codex:703565] 0b86: SHA3
[codex:703565] 0b87: SLOAD
[codex:703565] 0b88: PUSH1 0xff
[codex:703565] 0b8a: AND
[codex:703565] 0b8b: JUMPDEST
[codex:703565]
[codex:703565] thinking
[codex:703565] **Analyzing upgradeable contract initializer and controller drain risk**
[codex:703565]
[codex:703565] I’m piecing together how the initializer function works and confirming it’s publicly callable without ownership checks—typical in upgradeable contracts but risky if not initialized. I’m mapping how the initializer sets owner, controller, and pauser addresses, then exploring controller-only functions that transfer ETH or ERC20 tokens, which could let an attacker drain assets if they can become controller by calling initialize first. I’ll dig deeper into bytecode patterns and function selectors to verify these possibilities and identify any other vulnerabilities.
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # opcode map (short)
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] code_bytes=code
[codex:703565]
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code_bytes[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code_bytes[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('--- 0x3e0..0x560 ---')
[codex:703565] disasm(0x3e0,0x560)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 26ms:
[codex:703565] --- 0x3e0..0x560 ---
[codex:703565] 03e0: SUB
[codex:703565] 03e1: 0xe4
[codex:703565] 03e2: JUMPI
[codex:703565] 03e3: INVALID
[codex:703565] 03e4: JUMPDEST
[codex:703565] 03e5: PUSH1 0x40
[codex:703565] 03e7: MUL
[codex:703565] 03e8: SWAP2
[codex:703565] 03e9: SWAP1
[codex:703565] 03ea: SWAP2
[codex:703565] 03eb: ADD
[codex:703565] 03ec: SWAP2
[codex:703565] 03ed: POP
[codex:703565] 03ee: PUSH1 0x00
[codex:703565] 03f0: SWAP1
[codex:703565] 03f1: POP
[codex:703565] 03f2: DUP1
[codex:703565] 03f3: PUSH2 0x03ff
[codex:703565] 03f6: PUSH1 0x20
[codex:703565]
[codex:703565] thinking
[codex:703565] **Analyzing low-level CALL usage in disassembly**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # opcode map
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] code_bytes=code
[codex:703565]
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code_bytes[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code_bytes[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('--- 0x810..0x8c9 ---')
[codex:703565] disasm(0x810,0x8c9)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 34ms:
[codex:703565] --- 0x810..0x8c9 ---
[codex:703565] 0810: INVALID
[codex:703565] 0811: JUMPDEST
[codex:703565] 0812: PUSH1 0x40
[codex:703565] 0814: MUL
[codex:703565] 0815: SWAP2
[codex:703565] 0816: SWAP1
[codex:703565] 0817: SWAP2
[codex:703565] 0818: ADD
[codex:703565] 0819: SWAP2
[codex:703565] 081a: POP
[codex:703565] 081b: PUSH1 0x00
[codex:703565] 081d: SWAP1
[codex:703565] 081e: POP
[codex:703565] 081f: DUP1
[codex:703565] 0820: PUSH2 0x083b
[codex:703565] 0823: PUSH2 0x082f
[codex:703565] 0826: PUSH1 0x20
[codex:703565] 0828: DUP6
[codex:703565] 0829: ADD
[codex:703565]
[codex:703565] thinking
[codex:703565] **Analyzing unprotected initializer vulnerability**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # simple disasm from 0x2b0 to 0x2c0
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x2b0..0x2c0---')
[codex:703565] disasm(0x2b0,0x2c0)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 25ms:
[codex:703565] ---0x2b0..0x2c0---
[codex:703565] 02b0: PUSH1 0x04
[codex:703565] 02b2: PUSH2 0x1846
[codex:703565] 02b5: JUMP
[codex:703565] 02b6: JUMPDEST
[codex:703565] 02b7: PUSH2 0x0ea3
[codex:703565] 02ba: JUMP
[codex:703565] 02bb: JUMPDEST
[codex:703565] 02bc: PUSH1 0x00
[codex:703565] 02be: SLOAD
[codex:703565] 02bf: PUSH1 0xff
[codex:703565]
[codex:703565] thinking
[codex:703565] **Continuing process**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x2bb..0x2c4
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x2bb..0x2c6---')
[codex:703565] disasm(0x2bb,0x2c6)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 28ms:
[codex:703565] ---0x2bb..0x2c6---
[codex:703565] 02bb: JUMPDEST
[codex:703565] 02bc: PUSH1 0x00
[codex:703565] 02be: SLOAD
[codex:703565] 02bf: PUSH1 0xff
[codex:703565] 02c1: AND
[codex:703565] 02c2: SWAP1
[codex:703565] 02c3: JUMP
[codex:703565] 02c4: JUMPDEST
[codex:703565] 02c5: CALLER
[codex:703565]
[codex:703565] thinking
[codex:703565] **Analyzing initializer and owner setting evidence**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x12d4..0x1330
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x12d4..0x1330---')
[codex:703565] disasm(0x12d4,0x1330)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 30ms:
[codex:703565] ---0x12d4..0x1330---
[codex:703565] 12d4: JUMPDEST
[codex:703565] 12d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:703565] 12ea: DUP2
[codex:703565] 12eb: AND
[codex:703565] 12ec: PUSH2 0x1356
[codex:703565] 12ef: JUMPI
[codex:703565] 12f0: PUSH1 0x40
[codex:703565] 12f2: DUP1
[codex:703565] 12f3: MLOAD
[codex:703565] 12f4: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
[codex:703565] 1315: DUP2
[codex:703565] 1316: MSTORE
[codex:703565] 1317: PUSH1 0x20
[codex:703565] 1319: PUSH1 0x04
[codex:703565] 131b: DUP3
[codex:703565] 131c: ADD
[codex:703565] 131d: MSTORE
[codex:703565] 131e: PUSH1 0x1b
[codex:703565] 1320: PUSH1 0x24
[codex:703565]
[codex:703565] thinking
[codex:703565] **Exploring for SSTORE opcode**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x1330..0x13c0
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x1330..0x13c0---')
[codex:703565] disasm(0x1330,0x13c0)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 24ms:
[codex:703565] ---0x1330..0x13c0---
[codex:703565] 1330: SHA3
[codex:703565] 1331: PUSH21 0x6865207a65726f2061646472657373000000000060
[codex:703565] 1347: DIFFICULTY
[codex:703565] 1348: DUP3
[codex:703565] 1349: ADD
[codex:703565] 134a: MSTORE
[codex:703565] 134b: SWAP1
[codex:703565] 134c: MLOAD
[codex:703565] 134d: SWAP1
[codex:703565] 134e: DUP2
[codex:703565] 134f: SWAP1
[codex:703565] 1350: SUB
[codex:703565] 1351: PUSH1 0x64
[codex:703565] 1353: ADD
[codex:703565] 1354: SWAP1
[codex:703565] 1355: REVERT
[codex:703565] 1356: JUMPDEST
[codex:703565] 1357: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:703565] 136c: DUP2
[codex:703565]
[codex:703565] thinking
[codex:703565] **Continuing to examine SSTORE usage**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x13c0..0x1430
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x13c0..0x1440---')
[codex:703565] disasm(0x13c0,0x1440)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 26ms:
[codex:703565] ---0x13c0..0x1440---
[codex:703565] 13c0: PUSH2 0x6374
[codex:703565] 13c3: STOP
[codex:703565] 13c4: STOP
[codex:703565] 13c5: STOP
[codex:703565] 13c6: STOP
[codex:703565] 13c7: STOP
[codex:703565] 13c8: STOP
[codex:703565] 13c9: STOP
[codex:703565] 13ca: STOP
[codex:703565] 13cb: PUSH1 0x44
[codex:703565] 13cd: DUP3
[codex:703565] 13ce: ADD
[codex:703565] 13cf: MSTORE
[codex:703565] 13d0: SWAP1
[codex:703565] 13d1: MLOAD
[codex:703565] 13d2: SWAP1
[codex:703565] 13d3: DUP2
[codex:703565] 13d4: SWAP1
[codex:703565] 13d5: SUB
[codex:703565]
[codex:703565] thinking
[codex:703565] **Summarizing unprotected initializer vulnerability**
[codex:703565]
[codex:703565] I'm putting together a detailed finding about a critical access control flaw caused by an unprotected initializer function that lets an attacker become owner/controller and drain ETH or tokens. I’m verifying evidence from bytecode offsets showing no caller checks and highlighting the exploit scenario with function selectors and relevant opcode actions, making sure the JSON output matches the required schema and includes all necessary references and recommendations.
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x10dc..0x1130
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x10dc..0x1130---')
[codex:703565] disasm(0x10dc,0x1130)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 23ms:
[codex:703565] ---0x10dc..0x1130---
[codex:703565] 10dc: JUMPDEST
[codex:703565] 10dd: PUSH1 0x40
[codex:703565] 10df: DUP1
[codex:703565] 10e0: MLOAD
[codex:703565] 10e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:703565] 10f6: DUP1
[codex:703565] 10f7: DUP8
[codex:703565] 10f8: AND
[codex:703565] 10f9: PUSH1 0x24
[codex:703565] 10fb: DUP4
[codex:703565] 10fc: ADD
[codex:703565] 10fd: MSTORE
[codex:703565] 10fe: PUSH1 0x44
[codex:703565] 1100: DUP1
[codex:703565] 1101: DUP4
[codex:703565] 1102: ADD
[codex:703565] 1103: DUP8
[codex:703565] 1104: SWAP1
[codex:703565] 1105: MSTORE
[codex:703565]
[codex:703565] thinking
[codex:703565] **Continuing to display commit and function call**
[codex:703565] exec
[codex:703565] /bin/bash -lc "python - <<'PY'
[codex:703565] import re
[codex:703565] hexdata=open('/tmp/codex-multi-e9g7ovah/BYTECODE_BUNDLE.txt').read()
[codex:703565] code=bytes.fromhex(re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', hexdata).group(1)[2:])
[codex:703565] # disasm 0x1120..0x11f0
[codex:703565] opnames={
[codex:703565] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:703565] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:703565] 0x20:'SHA3',
[codex:703565] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:703565] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:703565] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:703565] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:703565] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:703565] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:703565] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:703565] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:703565] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:703565] }
[codex:703565]
[codex:703565] def disasm(start,end):
[codex:703565] i=start
[codex:703565] while i<end:
[codex:703565] op=code[i]
[codex:703565] name=opnames.get(op,hex(op))
[codex:703565] if 0x60<=op<=0x7f:
[codex:703565] n=op-0x5f
[codex:703565] data=code[i+1:i+1+n]
[codex:703565] print(f'{i:04x}: {name} 0x{data.hex()}')
[codex:703565] i+=1+n
[codex:703565] else:
[codex:703565] print(f'{i:04x}: {name}')
[codex:703565] i+=1
[codex:703565]
[codex:703565] print('---0x1120..0x11f0---')
[codex:703565] disasm(0x1120,0x11f0)
[codex:703565] PY" in /tmp/codex-multi-e9g7ovah succeeded in 47ms:
[codex:703565] ---0x1120..0x11f0---
[codex:703565] 1120: SELFDESTRUCT
[codex:703565] 1121: SELFDESTRUCT
[codex:703565] 1122: SELFDESTRUCT
[codex:703565] 1123: SELFDESTRUCT
[codex:703565] 1124: SELFDESTRUCT
[codex:703565] 1125: SELFDESTRUCT
[codex:703565] 1126: SELFDESTRUCT
[codex:703565] 1127: SELFDESTRUCT
[codex:703565] 1128: SELFDESTRUCT
[codex:703565] 1129: SELFDESTRUCT
[codex:703565] 112a: SELFDESTRUCT
[codex:703565] 112b: SELFDESTRUCT
[codex:703565] 112c: SELFDESTRUCT
[codex:703565] 112d: SELFDESTRUCT
[codex:703565] 112e: SELFDESTRUCT
[codex:703565] 112f: SELFDESTRUCT
[codex:703565] 1130: SELFDESTRUCT
[codex:703565] 1131: SELFDESTRUCT
[codex:703565] 1132: SELFDESTRUCT
[codex:703565]
[codex:703565] thinking
[codex:703565] **Summarizing exploit analysis and JSON report**
[codex:703565]
[codex:703565] I’m putting together a thorough JSON report on the unprotected initializer vulnerability that lets anyone take ownership and control, enabling arbitrary ETH and ERC20 token transfers. I’m carefully noting relevant bytecode offsets, the exploit scenario steps—including checking the initialized flag and calling initializer and batch transfer functions—and crafting recommendations to prevent this issue. I’ll make sure the output is strictly JSON and properly formatted before finalizing.
[codex:703565] codex
[codex:703565] {"no_findings":false,"summary":"Unprotected initializer allows anyone to seize owner/controller roles when the init flag is unset, enabling arbitrary ETH/ERC20 transfers via controller-only batch calls.","findings":[{"severity":"critical","category":"access_control","title":"Unprotected initializer enables full takeover and fund drain when not yet initialized","exploit_scenario":"1) Call selector `0x158ef93e` to read the init flag (slot0 & 0xff). If it returns 0, the contract is uninitialized.\n2) Call selector `0xc0c53b8b` with three attacker-controlled addresses (owner/controller/pauser). This sets ownership and controller status without any caller check.\n3) As controller, call selector `0x1a1da075` with arrays so the contract performs `CALL` with value to an attacker address (draining ETH), or call selector `0x45c23df2` to transfer ERC20 tokens via the internal `a9059cbb` transfer call.","recommendation":"Ensure initialization is performed in the constructor (or via proxy deployment) and remove or restrict the external initializer (e.g., onlyOwner/onlyInitializing). If this is a clone/proxy pattern, deploy with an immediate init call and/or add an immutable deployer gate.","evidence":"Initializer logic at 0xb90 checks only `SLOAD slot0 & 0xff` then proceeds with no CALLER check, calling `0x12d4` (set owner), optional `0x1472` (add controller), `0x104e` (set pauser), then `SSTORE` sets init flag at 0xc7f. ETH drain path: controller-only function starting 0x2c4 performs a low-level `CALL` at 0x0435 using recipient/value loaded from calldata (0x0400/0x041a). Token drain path: controller loop jumps to internal token transfer at 0x10dc and embeds `a9059cbb` at 0x113b, followed by `CALL` at 0x11ec.","locations":["runtime_bytecode.hex:0xb90","runtime_bytecode.hex:0xc7f","runtime_bytecode.hex:0x0435","runtime_bytecode.hex:0x10dc"]}]}
[codex:703565] tokens used
[codex:703565] 86,311
[codex:703565] {"no_findings":false,"summary":"Unprotected initializer allows anyone to seize owner/controller roles when the init flag is unset, enabling arbitrary ETH/ERC20 transfers via controller-only batch calls.","findings":[{"severity":"critical","category":"access_control","title":"Unprotected initializer enables full takeover and fund drain when not yet initialized","exploit_scenario":"1) Call selector `0x158ef93e` to read the init flag (slot0 & 0xff). If it returns 0, the contract is uninitialized.\n2) Call selector `0xc0c53b8b` with three attacker-controlled addresses (owner/controller/pauser). This sets ownership and controller status without any caller check.\n3) As controller, call selector `0x1a1da075` with arrays so the contract performs `CALL` with value to an attacker address (draining ETH), or call selector `0x45c23df2` to transfer ERC20 tokens via the internal `a9059cbb` transfer call.","recommendation":"Ensure initialization is performed in the constructor (or via proxy deployment) and remove or restrict the external initializer (e.g., onlyOwner/onlyInitializing). If this is a clone/proxy pattern, deploy with an immediate init call and/or add an immutable deployer gate.","evidence":"Initializer logic at 0xb90 checks only `SLOAD slot0 & 0xff` then proceeds with no CALLER check, calling `0x12d4` (set owner), optional `0x1472` (add controller), `0x104e` (set pauser), then `SSTORE` sets init flag at 0xc7f. ETH drain path: controller-only function starting 0x2c4 performs a low-level `CALL` at 0x0435 using recipient/value loaded from calldata (0x0400/0x041a). Token drain path: controller loop jumps to internal token transfer at 0x10dc and embeds `a9059cbb` at 0x113b, followed by `CALL` at 0x11ec.","locations":["runtime_bytecode.hex:0xb90","runtime_bytecode.hex:0xc7f","runtime_bytecode.hex:0x0435","runtime_bytecode.hex:0x10dc"]}]}
{
"codex": {
"ran_at": "2026-01-01T16:29:59.618840+00:00",
"returncode": 0
},
"summary": "Unprotected initializer allows anyone to seize owner/controller roles when the init flag is unset, enabling arbitrary ETH/ERC20 transfers via controller-only batch calls.",
"raw_final": {
"summary": "Unprotected initializer allows anyone to seize owner/controller roles when the init flag is unset, enabling arbitrary ETH/ERC20 transfers via controller-only batch calls.",
"findings": [
{
"title": "Unprotected initializer enables full takeover and fund drain when not yet initialized",
"category": "access_control",
"evidence": "Initializer logic at 0xb90 checks only `SLOAD slot0 & 0xff` then proceeds with no CALLER check, calling `0x12d4` (set owner), optional `0x1472` (add controller), `0x104e` (set pauser), then `SSTORE` sets init flag at 0xc7f. ETH drain path: controller-only function starting 0x2c4 performs a low-level `CALL` at 0x0435 using recipient/value loaded from calldata (0x0400/0x041a). Token drain path: controller loop jumps to internal token transfer at 0x10dc and embeds `a9059cbb` at 0x113b, followed by `CALL` at 0x11ec.",
"severity": "critical",
"locations": [
"runtime_bytecode.hex:0xb90",
"runtime_bytecode.hex:0xc7f",
"runtime_bytecode.hex:0x0435",
"runtime_bytecode.hex:0x10dc"
],
"recommendation": "Ensure initialization is performed in the constructor (or via proxy deployment) and remove or restrict the external initializer (e.g., onlyOwner/onlyInitializing). If this is a clone/proxy pattern, deploy with an immediate init call and/or add an immutable deployer gate.",
"exploit_scenario": "1) Call selector `0x158ef93e` to read the init flag (slot0 & 0xff). If it returns 0, the contract is uninitialized.\n2) Call selector `0xc0c53b8b` with three attacker-controlled addresses (owner/controller/pauser). This sets ownership and controller status without any caller check.\n3) As controller, call selector `0x1a1da075` with arrays so the contract performs `CALL` with value to an attacker address (draining ETH), or call selector `0x45c23df2` to transfer ERC20 tokens via the internal `a9059cbb` transfer call."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x00ec 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x8da5cb5b 00000019: GT 0000001a: PUSH2 0x008a 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xb429afeb 00000024: GT 00000025: PUSH2 0x0059 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xb429afeb 0000002f: EQ 00000030: PUSH2 0x023b 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xc0c53b8b 0000003a: EQ 0000003b: PUSH2 0x025b 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xca350aa6 00000045: EQ 00000046: PUSH2 0x027b 00000049: JUMPI 0000004a: DUP1 0000004b: PUSH4 0xf6a74ed7 00000050: EQ 00000051: PUSH2 0x029b 00000054: JUMPI 00000055: PUSH2 0x00f3 00000058: JUMP 00000059: JUMPDEST 0000005a: DUP1 0000005b: PUSH4 0x8da5cb5b 00000060: EQ 00000061: PUSH2 0x01c4 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0x9fd0506d 0000006b: EQ 0000006c: PUSH2 0x01e6 0000006f: JUMPI 00000070: DUP1 00000071: PUSH4 0xa6f9dae1 00000076: EQ 00000077: PUSH2 0x01fb 0000007a: JUMPI 0000007b: DUP1 0000007c: PUSH4 0xa7fc7a07 00000081: EQ 00000082: PUSH2 0x021b 00000085: JUMPI 00000086: PUSH2 0x00f3 00000089: JUMP 0000008a: JUMPDEST 0000008b: DUP1 0000008c: PUSH4 0x3f4ba83a 00000091: GT 00000092: PUSH2 0x00c6 00000095: JUMPI 00000096: DUP1 00000097: PUSH4 0x3f4ba83a 0000009c: EQ 0000009d: PUSH2 0x0165 000000a0: JUMPI 000000a1: DUP1 000000a2: PUSH4 0x45c23df2 000000a7: EQ 000000a8: PUSH2 0x017a 000000ab: JUMPI 000000ac: DUP1 000000ad: PUSH4 0x5c975abb 000000b2: EQ 000000b3: PUSH2 0x019a 000000b6: JUMPI 000000b7: DUP1 000000b8: PUSH4 0x8456cb59 000000bd: EQ 000000be: PUSH2 0x01af 000000c1: JUMPI 000000c2: PUSH2 0x00f3 000000c5: JUMP 000000c6: JUMPDEST 000000c7: DUP1 000000c8: PUSH4 0x158ef93e 000000cd: EQ 000000ce: PUSH2 0x00f8 000000d1: JUMPI 000000d2: DUP1 000000d3: PUSH4 0x1a1da075 000000d8: EQ 000000d9: PUSH2 0x0123 000000dc: JUMPI 000000dd: DUP1 000000de: PUSH4 0x2d88af4a 000000e3: EQ 000000e4: PUSH2 0x0145 000000e7: JUMPI 000000e8: PUSH2 0x00f3 000000eb: JUMP 000000ec: JUMPDEST 000000ed: CALLDATASIZE 000000ee: PUSH2 0x00f3 000000f1: JUMPI 000000f2: STOP 000000f3: JUMPDEST 000000f4: PUSH1 0x00 000000f6: DUP1 000000f7: REVERT 000000f8: JUMPDEST 000000f9: CALLVALUE 000000fa: DUP1 000000fb: ISZERO 000000fc: PUSH2 0x0104 000000ff: JUMPI 00000100: PUSH1 0x00 00000102: DUP1 00000103: REVERT 00000104: JUMPDEST 00000105: POP 00000106: PUSH2 0x010d 00000109: PUSH2 0x02bb 0000010c: JUMP 0000010d: JUMPDEST 0000010e: PUSH1 0x40 00000110: MLOAD 00000111: PUSH2 0x011a 00000114: SWAP2 00000115: SWAP1 00000116: PUSH2 0x19e5 00000119: JUMP 0000011a: JUMPDEST 0000011b: PUSH1 0x40 0000011d: MLOAD 0000011e: DUP1 0000011f: SWAP2 00000120: SUB 00000121: SWAP1 00000122: RETURN 00000123: JUMPDEST 00000124: CALLVALUE 00000125: DUP1 00000126: ISZERO 00000127: PUSH2 0x012f 0000012a: JUMPI 0000012b: PUSH1 0x00 0000012d: DUP1 0000012e: REVERT 0000012f: JUMPDEST 00000130: POP 00000131: PUSH2 0x0143 00000134: PUSH2 0x013e 00000137: CALLDATASIZE 00000138: PUSH1 0x04 0000013a: PUSH2 0x1977 0000013d: JUMP 0000013e: JUMPDEST 0000013f: PUSH2 0x02c4 00000142: JUMP 00000143: JUMPDEST 00000144: STOP 00000145: JUMPDEST 00000146: CALLVALUE 00000147: DUP1 00000148: ISZERO 00000149: PUSH2 0x0151 0000014c: JUMPI 0000014d: PUSH1 0x00 0000014f: DUP1 00000150: REVERT 00000151: JUMPDEST 00000152: POP 00000153: PUSH2 0x0143 00000156: PUSH2 0x0160 00000159: CALLDATASIZE 0000015a: PUSH1 0x04 0000015c: PUSH2 0x1846 0000015f: JUMP 00000160: JUMPDEST 00000161: PUSH2 0x0566 00000164: JUMP 00000165: JUMPDEST 00000166: CALLVALUE 00000167: DUP1 00000168: ISZERO 00000169: PUSH2 0x0171 0000016c: JUMPI 0000016d: PUSH1 0x00 0000016f: DUP1 00000170: REVERT 00000171: JUMPDEST 00000172: POP 00000173: PUSH2 0x0143 00000176: PUSH2 0x05fd 00000179: JUMP 0000017a: JUMPDEST 0000017b: CALLVALUE 0000017c: DUP1 0000017d: ISZERO 0000017e: PUSH2 0x0186 00000181: JUMPI 00000182: PUSH1 0x00 00000184: DUP1 00000185: REVERT 00000186: JUMPDEST 00000187: POP 00000188: PUSH2 0x0143 0000018b: PUSH2 0x0195 0000018e: CALLDATASIZE 0000018f: PUSH1 0x04 00000191: PUSH2 0x18a9 00000194: JUMP 00000195: JUMPDEST 00000196: PUSH2 0x06f1 00000199: JUMP 0000019a: JUMPDEST 0000019b: CALLVALUE 0000019c: DUP1 0000019d: ISZERO 0000019e: PUSH2 0x01a6 000001a1: JUMPI 000001a2: PUSH1 0x00 000001a4: DUP1 000001a5: REVERT 000001a6: JUMPDEST 000001a7: POP 000001a8: PUSH2 0x010d 000001ab: PUSH2 0x08d0 000001ae: JUMP 000001af: JUMPDEST 000001b0: CALLVALUE 000001b1: DUP1 000001b2: ISZERO 000001b3: PUSH2 0x01bb 000001b6: JUMPI 000001b7: PUSH1 0x00 000001b9: DUP1 000001ba: REVERT 000001bb: JUMPDEST 000001bc: POP 000001bd: PUSH2 0x0143 000001c0: PUSH2 0x08f1 000001c3: JUMP 000001c4: JUMPDEST 000001c5: CALLVALUE 000001c6: DUP1 000001c7: ISZERO 000001c8: PUSH2 0x01d0 000001cb: JUMPI 000001cc: PUSH1 0x00 000001ce: DUP1 000001cf: REVERT 000001d0: JUMPDEST 000001d1: POP 000001d2: PUSH2 0x01d9 000001d5: PUSH2 0x09fc 000001d8: JUMP 000001d9: JUMPDEST 000001da: PUSH1 0x40 000001dc: MLOAD 000001dd: PUSH2 0x011a 000001e0: SWAP2 000001e1: SWAP1 000001e2: PUSH2 0x19c4 000001e5: JUMP 000001e6: JUMPDEST 000001e7: CALLVALUE 000001e8: DUP1 000001e9: ISZERO 000001ea: PUSH2 0x01f2 000001ed: JUMPI 000001ee: PUSH1 0x00 000001f0: DUP1 000001f1: REVERT 000001f2: JUMPDEST 000001f3: POP 000001f4: PUSH2 0x01d9 000001f7: PUSH2 0x0a1d 000001fa: JUMP 000001fb: JUMPDEST 000001fc: CALLVALUE 000001fd: DUP1 000001fe: ISZERO 000001ff: PUSH2 0x0207 00000202: JUMPI 00000203: PUSH1 0x00 00000205: DUP1 00000206: REVERT 00000207: JUMPDEST 00000208: POP 00000209: PUSH2 0x0143 0000020c: PUSH2 0x0216 0000020f: CALLDATASIZE 00000210: PUSH1 0x04 00000212: PUSH2 0x1846 00000215: JUMP 00000216: JUMPDEST 00000217: PUSH2 0x0a39 0000021a: JUMP 0000021b: JUMPDEST 0000021c: CALLVALUE 0000021d: DUP1 0000021e: ISZERO 0000021f: PUSH2 0x0227 00000222: JUMPI 00000223: PUSH1 0x00 00000225: DUP1 00000226: REVERT 00000227: JUMPDEST 00000228: POP 00000229: PUSH2 0x0143 0000022c: PUSH2 0x0236 0000022f: CALLDATASIZE 00000230: PUSH1 0x04 00000232: PUSH2 0x1846 00000235: JUMP 00000236: JUMPDEST 00000237: PUSH2 0x0acd 0000023a: JUMP 0000023b: JUMPDEST 0000023c: CALLVALUE 0000023d: DUP1 0000023e: ISZERO 0000023f: PUSH2 0x0247 00000242: JUMPI 00000243: PUSH1 0x00 00000245: DUP1 00000246: REVERT 00000247: JUMPDEST 00000248: POP 00000249: PUSH2 0x010d 0000024c: PUSH2 0x0256 0000024f: CALLDATASIZE 00000250: PUSH1 0x04 00000252: PUSH2 0x1846 00000255: JUMP 00000256: JUMPDEST 00000257: PUSH2 0x0b61 0000025a: JUMP 0000025b: JUMPDEST 0000025c: CALLVALUE 0000025d: DUP1 0000025e: ISZERO 0000025f: PUSH2 0x0267 00000262: JUMPI 00000263: PUSH1 0x00 00000265: DUP1 00000266: REVERT 00000267: JUMPDEST 00000268: POP 00000269: PUSH2 0x0143 0000026c: PUSH2 0x0276 0000026f: CALLDATASIZE 00000270: PUSH1 0x04 00000272: PUSH2 0x1867 00000275: JUMP 00000276: JUMPDEST 00000277: PUSH2 0x0b90 0000027a: JUMP 0000027b: JUMPDEST 0000027c: CALLVALUE 0000027d: DUP1 0000027e: ISZERO 0000027f: PUSH2 0x0287 00000282: JUMPI 00000283: PUSH1 0x00 00000285: DUP1 00000286: REVERT 00000287: JUMPDEST 00000288: POP 00000289: PUSH2 0x0143 0000028c: PUSH2 0x0296 0000028f: CALLDATASIZE 00000290: PUSH1 0x04 00000292: PUSH2 0x1901 00000295: JUMP 00000296: JUMPDEST 00000297: PUSH2 0x0cad 0000029a: JUMP 0000029b: JUMPDEST 0000029c: CALLVALUE 0000029d: DUP1 0000029e: ISZERO 0000029f: PUSH2 0x02a7 000002a2: JUMPI 000002a3: PUSH1 0x00 000002a5: DUP1 000002a6: REVERT 000002a7: JUMPDEST 000002a8: POP 000002a9: PUSH2 0x0143 000002ac: PUSH2 0x02b6 000002af: CALLDATASIZE 000002b0: PUSH1 0x04 000002b2: PUSH2 0x1846 000002b5: JUMP 000002b6: JUMPDEST 000002b7: PUSH2 0x0ea3 000002ba: JUMP 000002bb: JUMPDEST 000002bc: PUSH1 0x00 000002be: SLOAD 000002bf: PUSH1 0xff 000002c1: AND 000002c2: SWAP1 000002c3: JUMP 000002c4: JUMPDEST 000002c5: CALLER 000002c6: PUSH1 0x00 000002c8: SWAP1 000002c9: DUP2 000002ca: MSTORE 000002cb: PUSH1 0x01 000002cd: PUSH1 0x20 000002cf: MSTORE 000002d0: PUSH1 0x40 000002d2: SWAP1 000002d3: KECCAK256 000002d4: SLOAD 000002d5: PUSH1 0xff 000002d7: AND 000002d8: PUSH2 0x0342 000002db: JUMPI 000002dc: PUSH1 0x40 000002de: DUP1 000002df: MLOAD 000002e0: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000301: DUP2 00000302: MSTORE 00000303: PUSH1 0x20 00000305: PUSH1 0x04 00000307: DUP3 00000308: ADD 00000309: MSTORE 0000030a: PUSH1 0x1a 0000030c: PUSH1 0x24 0000030e: DUP3 0000030f: ADD 00000310: MSTORE 00000311: PUSH32 0x63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000 00000332: PUSH1 0x44 00000334: DUP3 00000335: ADD 00000336: MSTORE 00000337: SWAP1 00000338: MLOAD 00000339: SWAP1 0000033a: DUP2 0000033b: SWAP1 0000033c: SUB 0000033d: PUSH1 0x64 0000033f: ADD 00000340: SWAP1 00000341: REVERT 00000342: JUMPDEST 00000343: PUSH1 0x02 00000345: SLOAD 00000346: PUSH21 0x010000000000000000000000000000000000000000 0000035c: SWAP1 0000035d: DIV 0000035e: PUSH1 0xff 00000360: AND 00000361: ISZERO 00000362: PUSH2 0x03cc 00000365: JUMPI 00000366: PUSH1 0x40 00000368: DUP1 00000369: MLOAD 0000036a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000038b: DUP2 0000038c: MSTORE 0000038d: PUSH1 0x20 0000038f: PUSH1 0x04 00000391: DUP3 00000392: ADD 00000393: MSTORE 00000394: PUSH1 0x12 00000396: PUSH1 0x24 00000398: DUP3 00000399: ADD 0000039a: MSTORE 0000039b: PUSH32 0x636f6e7472616374206973207061757365640000000000000000000000000000 000003bc: PUSH1 0x44 000003be: DUP3 000003bf: ADD 000003c0: MSTORE 000003c1: SWAP1 000003c2: MLOAD 000003c3: SWAP1 000003c4: DUP2 000003c5: SWAP1 000003c6: SUB 000003c7: PUSH1 0x64 000003c9: ADD 000003ca: SWAP1 000003cb: REVERT 000003cc: JUMPDEST 000003cd: PUSH1 0x00 000003cf: JUMPDEST 000003d0: DUP3 000003d1: DUP2 000003d2: LT 000003d3: ISZERO 000003d4: PUSH2 0x0560 000003d7: JUMPI 000003d8: CALLDATASIZE 000003d9: DUP5 000003da: DUP5 000003db: DUP4 000003dc: DUP2 000003dd: DUP2 000003de: LT 000003df: PUSH2 0x03e4 000003e2: JUMPI 000003e3: INVALID 000003e4: JUMPDEST 000003e5: PUSH1 0x40 000003e7: MUL 000003e8: SWAP2 000003e9: SWAP1 000003ea: SWAP2 000003eb: ADD 000003ec: SWAP2 000003ed: POP 000003ee: PUSH1 0x00 000003f0: SWAP1 000003f1: POP 000003f2: DUP1 000003f3: PUSH2 0x03ff 000003f6: PUSH1 0x20 000003f8: DUP5 000003f9: ADD 000003fa: DUP5 000003fb: PUSH2 0x1846 000003fe: JUMP 000003ff: JUMPDEST 00000400: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000415: AND 00000416: DUP4 00000417: PUSH1 0x20 00000419: ADD 0000041a: CALLDATALOAD 0000041b: DUP7 0000041c: SWAP1 0000041d: PUSH1 0x40 0000041f: MLOAD 00000420: PUSH2 0x0428 00000423: SWAP1 00000424: PUSH2 0x19c1 00000427: JUMP 00000428: JUMPDEST 00000429: PUSH1 0x00 0000042b: PUSH1 0x40 0000042d: MLOAD 0000042e: DUP1 0000042f: DUP4 00000430: SUB 00000431: DUP2 00000432: DUP6 00000433: DUP9 00000434: DUP9 00000435: CALL 00000436: SWAP4 00000437: POP 00000438: POP 00000439: POP 0000043a: POP 0000043b: RETURNDATASIZE 0000043c: DUP1 0000043d: PUSH1 0x00 0000043f: DUP2 00000440: EQ 00000441: PUSH2 0x0466 00000444: JUMPI 00000445: PUSH1 0x40 00000447: MLOAD 00000448: SWAP2 00000449: POP 0000044a: PUSH1 0x1f 0000044c: NOT 0000044d: PUSH1 0x3f 0000044f: RETURNDATASIZE 00000450: ADD 00000451: AND 00000452: DUP3 00000453: ADD 00000454: PUSH1 0x40 00000456: MSTORE 00000457: RETURNDATASIZE 00000458: DUP3 00000459: MSTORE 0000045a: RETURNDATASIZE 0000045b: PUSH1 0x00 0000045d: PUSH1 0x20 0000045f: DUP5 00000460: ADD 00000461: RETURNDATACOPY 00000462: PUSH2 0x046b 00000465: JUMP 00000466: JUMPDEST 00000467: PUSH1 0x60 00000469: SWAP2 0000046a: POP 0000046b: JUMPDEST 0000046c: POP 0000046d: SWAP2 0000046e: POP 0000046f: SWAP2 00000470: POP 00000471: DUP2 00000472: PUSH2 0x0554 00000475: JUMPI 00000476: DUP3 00000477: PUSH1 0x20 00000479: ADD 0000047a: CALLDATALOAD 0000047b: SELFBALANCE 0000047c: LT 0000047d: ISZERO 0000047e: PUSH2 0x04e9 00000481: JUMPI 00000482: PUSH2 0x048e 00000485: PUSH1 0x20 00000487: DUP5 00000488: ADD 00000489: DUP5 0000048a: PUSH2 0x1846 0000048d: JUMP 0000048e: JUMPDEST 0000048f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004a4: AND 000004a5: PUSH32 0xdc386723e55a1ab06e0a64036ce7bb4fd1e1aea21f6def62d2d577e9d12f9dfc 000004c6: DUP5 000004c7: PUSH1 0x20 000004c9: ADD 000004ca: CALLDATALOAD 000004cb: DUP7 000004cc: PUSH1 0x40 000004ce: MLOAD 000004cf: PUSH2 0x04d9 000004d2: SWAP3 000004d3: SWAP2 000004d4: SWAP1 000004d5: PUSH2 0x1a70 000004d8: JUMP 000004d9: JUMPDEST 000004da: PUSH1 0x40 000004dc: MLOAD 000004dd: DUP1 000004de: SWAP2 000004df: SUB 000004e0: SWAP1 000004e1: LOG2 000004e2: POP 000004e3: POP 000004e4: POP 000004e5: PUSH2 0x0558 000004e8: JUMP 000004e9: JUMPDEST 000004ea: PUSH2 0x04f6 000004ed: PUSH1 0x20 000004ef: DUP5 000004f0: ADD 000004f1: DUP5 000004f2: PUSH2 0x1846 000004f5: JUMP 000004f6: JUMPDEST 000004f7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000050c: AND 0000050d: PUSH32 0xdc386723e55a1ab06e0a64036ce7bb4fd1e1aea21f6def62d2d577e9d12f9dfc 0000052e: DUP5 0000052f: PUSH1 0x20 00000531: ADD 00000532: CALLDATALOAD 00000533: DUP7 00000534: PUSH2 0x053c 00000537: DUP6 00000538: PUSH2 0x0f37 0000053b: JUMP 0000053c: JUMPDEST 0000053d: PUSH1 0x40 0000053f: MLOAD 00000540: PUSH2 0x054b 00000543: SWAP4 00000544: SWAP3 00000545: SWAP2 00000546: SWAP1 00000547: PUSH2 0x19f0 0000054a: JUMP 0000054b: JUMPDEST 0000054c: PUSH1 0x40 0000054e: MLOAD 0000054f: DUP1 00000550: SWAP2 00000551: SUB 00000552: SWAP1 00000553: LOG2 00000554: JUMPDEST 00000555: POP 00000556: POP 00000557: POP 00000558: JUMPDEST 00000559: PUSH1 0x01 0000055b: ADD 0000055c: PUSH2 0x03cf 0000055f: JUMP 00000560: JUMPDEST 00000561: POP 00000562: POP 00000563: POP 00000564: POP 00000565: JUMP 00000566: JUMPDEST 00000567: PUSH1 0x00 00000569: SLOAD 0000056a: PUSH2 0x0100 0000056d: SWAP1 0000056e: DIV 0000056f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000584: AND 00000585: CALLER 00000586: EQ 00000587: PUSH2 0x05f1 0000058a: JUMPI 0000058b: PUSH1 0x40 0000058d: DUP1 0000058e: MLOAD 0000058f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000005b0: DUP2 000005b1: MSTORE 000005b2: PUSH1 0x20 000005b4: PUSH1 0x04 000005b6: DUP3 000005b7: ADD 000005b8: MSTORE 000005b9: PUSH1 0x17 000005bb: PUSH1 0x24 000005bd: DUP3 000005be: ADD 000005bf: MSTORE 000005c0: PUSH32 0x63616c6c6572206973206e6f7420746865206f776e6572000000000000000000 000005e1: PUSH1 0x44 000005e3: DUP3 000005e4: ADD 000005e5: MSTORE 000005e6: SWAP1 000005e7: MLOAD 000005e8: SWAP1 000005e9: DUP2 000005ea: SWAP1 000005eb: SUB 000005ec: PUSH1 0x64 000005ee: ADD 000005ef: SWAP1 000005f0: REVERT 000005f1: JUMPDEST 000005f2: PUSH2 0x05fa 000005f5: DUP2 000005f6: PUSH2 0x104e 000005f9: JUMP 000005fa: JUMPDEST 000005fb: POP 000005fc: JUMP 000005fd: JUMPDEST 000005fe: PUSH1 0x02 00000600: SLOAD 00000601: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000616: AND 00000617: CALLER 00000618: EQ 00000619: PUSH2 0x0683 0000061c: JUMPI 0000061d: PUSH1 0x40 0000061f: DUP1 00000620: MLOAD 00000621: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000642: DUP2 00000643: MSTORE 00000644: PUSH1 0x20 00000646: PUSH1 0x04 00000648: DUP3 00000649: ADD 0000064a: MSTORE 0000064b: PUSH1 0x18 0000064d: PUSH1 0x24 0000064f: DUP3 00000650: ADD 00000651: MSTORE 00000652: PUSH32 0x63616c6c6572206973206e6f7420746865207061757365720000000000000000 00000673: PUSH1 0x44 00000675: DUP3 00000676: ADD 00000677: MSTORE 00000678: SWAP1 00000679: MLOAD 0000067a: SWAP1 0000067b: DUP2 0000067c: SWAP1 0000067d: SUB 0000067e: PUSH1 0x64 00000680: ADD 00000681: SWAP1 00000682: REVERT 00000683: JUMPDEST 00000684: PUSH1 0x02 00000686: DUP1 00000687: SLOAD 00000688: PUSH32 0xffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff 000006a9: DUP2 000006aa: AND 000006ab: SWAP1 000006ac: SWAP2 000006ad: SSTORE 000006ae: PUSH1 0x40 000006b0: MLOAD 000006b1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006c6: SWAP1 000006c7: SWAP2 000006c8: AND 000006c9: SWAP1 000006ca: PUSH32 0x5db9ee0a495bf2e6ff9c91a7834c1ba4fdd244a5e8aa4e537bd38aeae4b073aa 000006eb: SWAP1 000006ec: PUSH1 0x00 000006ee: SWAP1 000006ef: LOG2 000006f0: JUMP 000006f1: JUMPDEST 000006f2: CALLER 000006f3: PUSH1 0x00 000006f5: SWAP1 000006f6: DUP2 000006f7: MSTORE 000006f8: PUSH1 0x01 000006fa: PUSH1 0x20 000006fc: MSTORE 000006fd: PUSH1 0x40 000006ff: SWAP1 00000700: KECCAK256 00000701: SLOAD 00000702: PUSH1 0xff 00000704: AND 00000705: PUSH2 0x076f 00000708: JUMPI 00000709: PUSH1 0x40 0000070b: DUP1 0000070c: MLOAD 0000070d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000072e: DUP2 0000072f: MSTORE 00000730: PUSH1 0x20 00000732: PUSH1 0x04 00000734: DUP3 00000735: ADD 00000736: MSTORE 00000737: PUSH1 0x1a 00000739: PUSH1 0x24 0000073b: DUP3 0000073c: ADD 0000073d: MSTORE 0000073e: PUSH32 0x63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000 0000075f: PUSH1 0x44 00000761: DUP3 00000762: ADD 00000763: MSTORE 00000764: SWAP1 00000765: MLOAD 00000766: SWAP1 00000767: DUP2 00000768: SWAP1 00000769: SUB 0000076a: PUSH1 0x64 0000076c: ADD 0000076d: SWAP1 0000076e: REVERT 0000076f: JUMPDEST 00000770: PUSH1 0x02 00000772: SLOAD 00000773: PUSH21 0x010000000000000000000000000000000000000000 00000789: SWAP1 0000078a: DIV 0000078b: PUSH1 0xff 0000078d: AND 0000078e: ISZERO 0000078f: PUSH2 0x07f9 00000792: JUMPI 00000793: PUSH1 0x40 00000795: DUP1 00000796: MLOAD 00000797: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000007b8: DUP2 000007b9: MSTORE 000007ba: PUSH1 0x20 000007bc: PUSH1 0x04 000007be: DUP3 000007bf: ADD 000007c0: MSTORE 000007c1: PUSH1 0x12 000007c3: PUSH1 0x24 000007c5: DUP3 000007c6: ADD 000007c7: MSTORE 000007c8: PUSH32 0x636f6e7472616374206973207061757365640000000000000000000000000000 000007e9: PUSH1 0x44 000007eb: DUP3 000007ec: ADD 000007ed: MSTORE 000007ee: SWAP1 000007ef: MLOAD 000007f0: SWAP1 000007f1: DUP2 000007f2: SWAP1 000007f3: SUB 000007f4: PUSH1 0x64 000007f6: ADD 000007f7: SWAP1 000007f8: REVERT 000007f9: JUMPDEST 000007fa: PUSH1 0x00 000007fc: JUMPDEST 000007fd: DUP3 000007fe: DUP2 000007ff: LT 00000800: ISZERO 00000801: PUSH2 0x08c9 00000804: JUMPI 00000805: CALLDATASIZE 00000806: DUP5 00000807: DUP5 00000808: DUP4 00000809: DUP2 0000080a: DUP2 0000080b: LT 0000080c: PUSH2 0x0811 0000080f: JUMPI 00000810: INVALID 00000811: JUMPDEST 00000812: PUSH1 0x40 00000814: MUL 00000815: SWAP2 00000816: SWAP1 00000817: SWAP2 00000818: ADD 00000819: SWAP2 0000081a: POP 0000081b: PUSH1 0x00 0000081d: SWAP1 0000081e: POP 0000081f: DUP1 00000820: PUSH2 0x083b 00000823: PUSH2 0x082f 00000826: PUSH1 0x20 00000828: DUP6 00000829: ADD 0000082a: DUP6 0000082b: PUSH2 0x1846 0000082e: JUMP 0000082f: JUMPDEST 00000830: DUP5 00000831: PUSH1 0x20 00000833: ADD 00000834: CALLDATALOAD 00000835: DUP11 00000836: DUP9 00000837: PUSH2 0x10dc 0000083a: JUMP 0000083b: JUMPDEST 0000083c: SWAP2 0000083d: POP 0000083e: SWAP2 0000083f: POP 00000840: DUP2 00000841: PUSH2 0x08be 00000844: JUMPI 00000845: PUSH2 0x0851 00000848: PUSH1 0x20 0000084a: DUP5 0000084b: ADD 0000084c: DUP5 0000084d: PUSH2 0x1846 00000850: JUMP 00000851: JUMPDEST 00000852: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000867: AND 00000868: DUP9 00000869: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000087e: AND 0000087f: PUSH32 0xb188237eb0771568342dc85d228544faf9ace28e6a2895296b14044755415146 000008a0: DUP6 000008a1: PUSH1 0x20 000008a3: ADD 000008a4: CALLDATALOAD 000008a5: DUP8 000008a6: DUP6 000008a7: PUSH1 0x40 000008a9: MLOAD 000008aa: PUSH2 0x08b5 000008ad: SWAP4 000008ae: SWAP3 000008af: SWAP2 000008b0: SWAP1 000008b1: PUSH2 0x19f0 000008b4: JUMP 000008b5: JUMPDEST 000008b6: PUSH1 0x40 000008b8: MLOAD 000008b9: DUP1 000008ba: SWAP2 000008bb: SUB 000008bc: SWAP1 000008bd: LOG3 000008be: JUMPDEST 000008bf: POP 000008c0: POP 000008c1: POP 000008c2: PUSH1 0x01 000008c4: ADD 000008c5: PUSH2 0x07fc 000008c8: JUMP 000008c9: JUMPDEST 000008ca: POP 000008cb: POP 000008cc: POP 000008cd: POP 000008ce: POP 000008cf: JUMP 000008d0: JUMPDEST 000008d1: PUSH1 0x02 000008d3: SLOAD 000008d4: PUSH21 0x010000000000000000000000000000000000000000 000008ea: SWAP1 000008eb: DIV 000008ec: PUSH1 0xff 000008ee: AND 000008ef: SWAP1 000008f0: JUMP 000008f1: JUMPDEST 000008f2: PUSH1 0x02 000008f4: SLOAD 000008f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000090a: AND 0000090b: CALLER 0000090c: EQ 0000090d: PUSH2 0x0977 00000910: JUMPI 00000911: PUSH1 0x40 00000913: DUP1 00000914: MLOAD 00000915: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000936: DUP2 00000937: MSTORE 00000938: PUSH1 0x20 0000093a: PUSH1 0x04 0000093c: DUP3 0000093d: ADD 0000093e: MSTORE 0000093f: PUSH1 0x18 00000941: PUSH1 0x24 00000943: DUP3 00000944: ADD 00000945: MSTORE 00000946: PUSH32 0x63616c6c6572206973206e6f7420746865207061757365720000000000000000 00000967: PUSH1 0x44 00000969: DUP3 0000096a: ADD 0000096b: MSTORE 0000096c: SWAP1 0000096d: MLOAD 0000096e: SWAP1 0000096f: DUP2 00000970: SWAP1 00000971: SUB 00000972: PUSH1 0x64 00000974: ADD 00000975: SWAP1 00000976: REVERT 00000977: JUMPDEST 00000978: PUSH1 0x02 0000097a: DUP1 0000097b: SLOAD 0000097c: PUSH32 0xffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff 0000099d: AND 0000099e: PUSH21 0x010000000000000000000000000000000000000000 000009b4: OR 000009b5: SWAP1 000009b6: DUP2 000009b7: SWAP1 000009b8: SSTORE 000009b9: PUSH1 0x40 000009bb: MLOAD 000009bc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009d1: SWAP1 000009d2: SWAP2 000009d3: AND 000009d4: SWAP1 000009d5: PUSH32 0x62e78cea01bee320cd4e420270b5ea74000d11b0c9f74754ebdbfc544b05a258 000009f6: SWAP1 000009f7: PUSH1 0x00 000009f9: SWAP1 000009fa: LOG2 000009fb: JUMP 000009fc: JUMPDEST 000009fd: PUSH1 0x00 000009ff: SLOAD 00000a00: PUSH2 0x0100 00000a03: SWAP1 00000a04: DIV 00000a05: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a1a: AND 00000a1b: SWAP1 00000a1c: JUMP 00000a1d: JUMPDEST 00000a1e: PUSH1 0x02 00000a20: SLOAD 00000a21: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a36: AND 00000a37: SWAP1 00000a38: JUMP 00000a39: JUMPDEST 00000a3a: PUSH1 0x00 00000a3c: SLOAD 00000a3d: PUSH2 0x0100 00000a40: SWAP1 00000a41: DIV 00000a42: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a57: AND 00000a58: CALLER 00000a59: EQ 00000a5a: PUSH2 0x0ac4 00000a5d: JUMPI 00000a5e: PUSH1 0x40 00000a60: DUP1 00000a61: MLOAD 00000a62: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000a83: DUP2 00000a84: MSTORE 00000a85: PUSH1 0x20 00000a87: PUSH1 0x04 00000a89: DUP3 00000a8a: ADD 00000a8b: MSTORE 00000a8c: PUSH1 0x17 00000a8e: PUSH1 0x24 00000a90: DUP3 00000a91: ADD 00000a92: MSTORE 00000a93: PUSH32 0x63616c6c6572206973206e6f7420746865206f776e6572000000000000000000 00000ab4: PUSH1 0x44 00000ab6: DUP3 00000ab7: ADD 00000ab8: MSTORE 00000ab9: SWAP1 00000aba: MLOAD 00000abb: SWAP1 00000abc: DUP2 00000abd: SWAP1 00000abe: SUB 00000abf: PUSH1 0x64 00000ac1: ADD 00000ac2: SWAP1 00000ac3: REVERT 00000ac4: JUMPDEST 00000ac5: PUSH2 0x05fa 00000ac8: DUP2 00000ac9: PUSH2 0x12d4 00000acc: JUMP 00000acd: JUMPDEST 00000ace: PUSH1 0x00 00000ad0: SLOAD 00000ad1: PUSH2 0x0100 00000ad4: SWAP1 00000ad5: DIV 00000ad6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000aeb: AND 00000aec: CALLER 00000aed: EQ 00000aee: PUSH2 0x0b58 00000af1: JUMPI 00000af2: PUSH1 0x40 00000af4: DUP1 00000af5: MLOAD 00000af6: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000b17: DUP2 00000b18: MSTORE 00000b19: PUSH1 0x20 00000b1b: PUSH1 0x04 00000b1d: DUP3 00000b1e: ADD 00000b1f: MSTORE 00000b20: PUSH1 0x17 00000b22: PUSH1 0x24 00000b24: DUP3 00000b25: ADD 00000b26: MSTORE 00000b27: PUSH32 0x63616c6c6572206973206e6f7420746865206f776e6572000000000000000000 00000b48: PUSH1 0x44 00000b4a: DUP3 00000b4b: ADD 00000b4c: MSTORE 00000b4d: SWAP1 00000b4e: MLOAD 00000b4f: SWAP1 00000b50: DUP2 00000b51: SWAP1 00000b52: SUB 00000b53: PUSH1 0x64 00000b55: ADD 00000b56: SWAP1 00000b57: REVERT 00000b58: JUMPDEST 00000b59: PUSH2 0x05fa 00000b5c: DUP2 00000b5d: PUSH2 0x1472 00000b60: JUMP 00000b61: JUMPDEST 00000b62: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b77: DUP2 00000b78: AND 00000b79: PUSH1 0x00 00000b7b: SWAP1 00000b7c: DUP2 00000b7d: MSTORE 00000b7e: PUSH1 0x01 00000b80: PUSH1 0x20 00000b82: MSTORE 00000b83: PUSH1 0x40 00000b85: SWAP1 00000b86: KECCAK256 00000b87: SLOAD 00000b88: PUSH1 0xff 00000b8a: AND 00000b8b: JUMPDEST 00000b8c: SWAP2 00000b8d: SWAP1 00000b8e: POP 00000b8f: JUMP 00000b90: JUMPDEST 00000b91: PUSH1 0x00 00000b93: SLOAD 00000b94: PUSH1 0xff 00000b96: AND 00000b97: ISZERO 00000b98: PUSH2 0x0c02 00000b9b: JUMPI 00000b9c: PUSH1 0x40 00000b9e: DUP1 00000b9f: MLOAD 00000ba0: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000bc1: DUP2 00000bc2: MSTORE 00000bc3: PUSH1 0x20 00000bc5: PUSH1 0x04 00000bc7: DUP3 00000bc8: ADD 00000bc9: MSTORE 00000bca: PUSH1 0x13 00000bcc: PUSH1 0x24 00000bce: DUP3 00000bcf: ADD 00000bd0: MSTORE 00000bd1: PUSH32 0x616c726561647920696e697469616c697a656400000000000000000000000000 00000bf2: PUSH1 0x44 00000bf4: DUP3 00000bf5: ADD 00000bf6: MSTORE 00000bf7: SWAP1 00000bf8: MLOAD 00000bf9: SWAP1 00000bfa: DUP2 00000bfb: SWAP1 00000bfc: SUB 00000bfd: PUSH1 0x64 00000bff: ADD 00000c00: SWAP1 00000c01: REVERT 00000c02: JUMPDEST 00000c03: PUSH2 0x0c0b 00000c06: DUP4 00000c07: PUSH2 0x12d4 00000c0a: JUMP 00000c0b: JUMPDEST 00000c0c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c21: DUP3 00000c22: AND 00000c23: ISZERO 00000c24: PUSH2 0x0c30 00000c27: JUMPI 00000c28: PUSH2 0x0c30 00000c2b: DUP3 00000c2c: PUSH2 0x1472 00000c2f: JUMP 00000c30: JUMPDEST 00000c31: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c46: DUP2 00000c47: AND 00000c48: ISZERO 00000c49: PUSH2 0x0c55 00000c4c: JUMPI 00000c4d: PUSH2 0x0c55 00000c50: DUP2 00000c51: PUSH2 0x104e 00000c54: JUMP 00000c55: JUMPDEST 00000c56: PUSH1 0x00 00000c58: DUP1 00000c59: SLOAD 00000c5a: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00 00000c7b: AND 00000c7c: PUSH1 0x01 00000c7e: OR 00000c7f: DUP2 00000c80: SSTORE 00000c81: PUSH1 0x40 00000c83: MLOAD 00000c84: CALLER 00000c85: SWAP2 00000c86: PUSH32 0x908408e307fc569b417f6cbec5d5a06f44a0a505ac0479b47d421a4b2fd6a1e6 00000ca7: SWAP2 00000ca8: LOG2 00000ca9: POP 00000caa: POP 00000cab: POP 00000cac: JUMP 00000cad: JUMPDEST 00000cae: CALLER 00000caf: PUSH1 0x00 00000cb1: SWAP1 00000cb2: DUP2 00000cb3: MSTORE 00000cb4: PUSH1 0x01 00000cb6: PUSH1 0x20 00000cb8: MSTORE 00000cb9: PUSH1 0x40 00000cbb: SWAP1 00000cbc: KECCAK256 00000cbd: SLOAD 00000cbe: PUSH1 0xff 00000cc0: AND 00000cc1: PUSH2 0x0d2b 00000cc4: JUMPI 00000cc5: PUSH1 0x40 00000cc7: DUP1 00000cc8: MLOAD 00000cc9: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000cea: DUP2 00000ceb: MSTORE 00000cec: PUSH1 0x20 00000cee: PUSH1 0x04 00000cf0: DUP3 00000cf1: ADD 00000cf2: MSTORE 00000cf3: PUSH1 0x1a 00000cf5: PUSH1 0x24 00000cf7: DUP3 00000cf8: ADD 00000cf9: MSTORE 00000cfa: PUSH32 0x63616c6c6572206973206e6f74206120636f6e74726f6c6c6572000000000000 00000d1b: PUSH1 0x44 00000d1d: DUP3 00000d1e: ADD 00000d1f: MSTORE 00000d20: SWAP1 00000d21: MLOAD 00000d22: SWAP1 00000d23: DUP2 00000d24: SWAP1 00000d25: SUB 00000d26: PUSH1 0x64 00000d28: ADD 00000d29: SWAP1 00000d2a: REVERT 00000d2b: JUMPDEST 00000d2c: PUSH1 0x02 00000d2e: SLOAD 00000d2f: PUSH21 0x010000000000000000000000000000000000000000 00000d45: SWAP1 00000d46: DIV 00000d47: PUSH1 0xff 00000d49: AND 00000d4a: ISZERO 00000d4b: PUSH2 0x0db5 00000d4e: JUMPI 00000d4f: PUSH1 0x40 00000d51: DUP1 00000d52: MLOAD 00000d53: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000d74: DUP2 00000d75: MSTORE 00000d76: PUSH1 0x20 00000d78: PUSH1 0x04 00000d7a: DUP3 00000d7b: ADD 00000d7c: MSTORE 00000d7d: PUSH1 0x12 00000d7f: PUSH1 0x24 00000d81: DUP3 00000d82: ADD 00000d83: MSTORE 00000d84: PUSH32 0x636f6e7472616374206973207061757365640000000000000000000000000000 00000da5: PUSH1 0x44 00000da7: DUP3 00000da8: ADD 00000da9: MSTORE 00000daa: SWAP1 00000dab: MLOAD 00000dac: SWAP1 00000dad: DUP2 00000dae: SWAP1 00000daf: SUB 00000db0: PUSH1 0x64 00000db2: ADD 00000db3: SWAP1 00000db4: REVERT 00000db5: JUMPDEST 00000db6: PUSH1 0x00 00000db8: JUMPDEST 00000db9: DUP3 00000dba: DUP2 00000dbb: LT 00000dbc: ISZERO 00000dbd: PUSH2 0x0560 00000dc0: JUMPI 00000dc1: CALLDATASIZE 00000dc2: DUP5 00000dc3: DUP5 00000dc4: DUP4 00000dc5: DUP2 00000dc6: DUP2 00000dc7: LT 00000dc8: PUSH2 0x0dcd 00000dcb: JUMPI 00000dcc: INVALID 00000dcd: JUMPDEST 00000dce: SWAP1 00000dcf: POP 00000dd0: PUSH1 0x60 00000dd2: MUL 00000dd3: ADD 00000dd4: SWAP1 00000dd5: POP 00000dd6: PUSH1 0x00 00000dd8: DUP1 00000dd9: PUSH2 0x0e06 00000ddc: DUP4 00000ddd: PUSH1 0x20 00000ddf: ADD 00000de0: PUSH1 0x20 00000de2: DUP2 00000de3: ADD 00000de4: SWAP1 00000de5: PUSH2 0x0dee 00000de8: SWAP2 00000de9: SWAP1 00000dea: PUSH2 0x1846 00000ded: JUMP 00000dee: JUMPDEST 00000def: PUSH1 0x40 00000df1: DUP6 00000df2: ADD 00000df3: CALLDATALOAD 00000df4: PUSH2 0x0e00 00000df7: PUSH1 0x20 00000df9: DUP8 00000dfa: ADD 00000dfb: DUP8 00000dfc: PUSH2 0x1846 00000dff: JUMP 00000e00: JUMPDEST 00000e01: DUP9 00000e02: PUSH2 0x10dc 00000e05: JUMP 00000e06: JUMPDEST 00000e07: SWAP2 00000e08: POP 00000e09: SWAP2 00000e0a: POP 00000e0b: DUP2 00000e0c: PUSH2 0x0e98 00000e0f: JUMPI 00000e10: PUSH2 0x0e1f 00000e13: PUSH1 0x40 00000e15: DUP5 00000e16: ADD 00000e17: PUSH1 0x20 00000e19: DUP6 00000e1a: ADD 00000e1b: PUSH2 0x1846 00000e1e: JUMP 00000e1f: JUMPDEST 00000e20: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000e35: AND 00000e36: PUSH2 0x0e42 00000e39: PUSH1 0x20 00000e3b: DUP6 00000e3c: ADD 00000e3d: DUP6 00000e3e: PUSH2 0x1846 00000e41: JUMP 00000e42: JUMPDEST 00000e43: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000e58: AND 00000e59: PUSH32 0xb188237eb0771568342dc85d228544faf9ace28e6a2895296b14044755415146 00000e7a: DUP6 00000e7b: PUSH1 0x40 00000e7d: ADD 00000e7e: CALLDATALOAD 00000e7f: DUP8 00000e80: DUP6 00000e81: PUSH1 0x40 00000e83: MLOAD 00000e84: PUSH2 0x0e8f 00000e87: SWAP4 00000e88: SWAP3 00000e89: SWAP2 00000e8a: SWAP1 00000e8b: PUSH2 0x19f0 00000e8e: JUMP 00000e8f: JUMPDEST 00000e90: PUSH1 0x40 00000e92: MLOAD 00000e93: DUP1 00000e94: SWAP2 00000e95: SUB 00000e96: SWAP1 00000e97: LOG3 00000e98: JUMPDEST 00000e99: POP 00000e9a: POP 00000e9b: POP 00000e9c: PUSH1 0x01 00000e9e: ADD 00000e9f: PUSH2 0x0db8 00000ea2: JUMP 00000ea3: JUMPDEST 00000ea4: PUSH1 0x00 00000ea6: SLOAD 00000ea7: PUSH2 0x0100 00000eaa: SWAP1 00000eab: DIV 00000eac: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000ec1: AND 00000ec2: CALLER 00000ec3: EQ 00000ec4: PUSH2 0x0f2e 00000ec7: JUMPI 00000ec8: PUSH1 0x40 00000eca: DUP1 00000ecb: MLOAD 00000ecc: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000eed: DUP2 00000eee: MSTORE 00000eef: PUSH1 0x20 00000ef1: PUSH1 0x04 00000ef3: DUP3 00000ef4: ADD 00000ef5: MSTORE 00000ef6: PUSH1 0x17 00000ef8: PUSH1 0x24 00000efa: DUP3 00000efb: ADD 00000efc: MSTORE 00000efd: PUSH32 0x63616c6c6572206973206e6f7420746865206f776e6572000000000000000000 00000f1e: PUSH1 0x44 00000f20: DUP3 00000f21: ADD 00000f22: MSTORE 00000f23: SWAP1 00000f24: MLOAD 00000f25: SWAP1 00000f26: DUP2 00000f27: SWAP1 00000f28: SUB 00000f29: PUSH1 0x64 00000f2b: ADD 00000f2c: SWAP1 00000f2d: REVERT 00000f2e: JUMPDEST 00000f2f: PUSH2 0x05fa 00000f32: DUP2 00000f33: PUSH2 0x16ac 00000f36: JUMP 00000f37: JUMPDEST 00000f38: PUSH1 0x60 00000f3a: PUSH1 0x64 00000f3c: DUP3 00000f3d: MLOAD 00000f3e: LT 00000f3f: ISZERO 00000f40: PUSH2 0x0f7d 00000f43: JUMPI 00000f44: POP 00000f45: PUSH1 0x40 00000f47: DUP1 00000f48: MLOAD 00000f49: DUP1 00000f4a: DUP3 00000f4b: ADD 00000f4c: SWAP1 00000f4d: SWAP2 00000f4e: MSTORE 00000f4f: PUSH1 0x19 00000f51: DUP2 00000f52: MSTORE 00000f53: PUSH32 0x6e6f20726561736f6e20737472696e672070726f766964656400000000000000 00000f74: PUSH1 0x20 00000f76: DUP3 00000f77: ADD 00000f78: MSTORE 00000f79: PUSH2 0x0b8b 00000f7c: JUMP 00000f7d: JUMPDEST 00000f7e: PUSH1 0x04 00000f80: DUP3 00000f81: ADD 00000f82: DUP1 00000f83: MLOAD 00000f84: PUSH1 0x24 00000f86: DUP5 00000f87: ADD 00000f88: SWAP1 00000f89: PUSH1 0x20 00000f8b: DUP2 00000f8c: LT 00000f8d: ISZERO 00000f8e: PUSH2 0x0f96 00000f91: JUMPI 00000f92: PUSH1 0x00 00000f94: DUP1 00000f95: REVERT 00000f96: JUMPDEST 00000f97: DUP2 00000f98: ADD 00000f99: SWAP1 00000f9a: DUP1 00000f9b: DUP1 00000f9c: MLOAD 00000f9d: PUSH1 0x40 00000f9f: MLOAD 00000fa0: SWAP4 00000fa1: SWAP3 00000fa2: SWAP2 00000fa3: SWAP1 00000fa4: DUP5 00000fa5: PUSH5 0x0100000000 00000fab: DUP3 00000fac: GT 00000fad: ISZERO 00000fae: PUSH2 0x0fb6 00000fb1: JUMPI 00000fb2: PUSH1 0x00 00000fb4: DUP1 00000fb5: REVERT 00000fb6: JUMPDEST 00000fb7: SWAP1 00000fb8: DUP4 00000fb9: ADD 00000fba: SWAP1 00000fbb: PUSH1 0x20 00000fbd: DUP3 00000fbe: ADD 00000fbf: DUP6 00000fc0: DUP2 00000fc1: GT 00000fc2: ISZERO 00000fc3: PUSH2 0x0fcb 00000fc6: JUMPI 00000fc7: PUSH1 0x00 00000fc9: DUP1 00000fca: REVERT 00000fcb: JUMPDEST 00000fcc: DUP3 00000fcd: MLOAD 00000fce: PUSH5 0x0100000000 00000fd4: DUP2 00000fd5: GT 00000fd6: DUP3 00000fd7: DUP3 00000fd8: ADD 00000fd9: DUP9 00000fda: LT 00000fdb: OR 00000fdc: ISZERO 00000fdd: PUSH2 0x0fe5 00000fe0: JUMPI 00000fe1: PUSH1 0x00 00000fe3: DUP1 00000fe4: REVERT 00000fe5: JUMPDEST 00000fe6: DUP3 00000fe7: MSTORE 00000fe8: POP 00000fe9: DUP2 00000fea: MLOAD 00000feb: PUSH1 0x20 00000fed: SWAP2 00000fee: DUP3 00000fef: ADD 00000ff0: SWAP3 00000ff1: SWAP1 00000ff2: SWAP2 00000ff3: ADD 00000ff4: SWAP1 00000ff5: DUP1 00000ff6: DUP4 00000ff7: DUP4 00000ff8: PUSH1 0x00 00000ffa: JUMPDEST 00000ffb: DUP4 00000ffc: DUP2 00000ffd: LT 00000ffe: ISZERO 00000fff: PUSH2 0x1012 00001002: JUMPI 00001003: DUP2 00001004: DUP2 00001005: ADD 00001006: MLOAD 00001007: DUP4 00001008: DUP3 00001009: ADD 0000100a: MSTORE 0000100b: PUSH1 0x20 0000100d: ADD 0000100e: PUSH2 0x0ffa 00001011: JUMP 00001012: JUMPDEST 00001013: POP 00001014: POP 00001015: POP 00001016: POP 00001017: SWAP1 00001018: POP 00001019: SWAP1 0000101a: DUP2 0000101b: ADD 0000101c: SWAP1 0000101d: PUSH1 0x1f 0000101f: AND 00001020: DUP1 00001021: ISZERO 00001022: PUSH2 0x103f 00001025: JUMPI 00001026: DUP1 00001027: DUP3 00001028: SUB 00001029: DUP1 0000102a: MLOAD 0000102b: PUSH1 0x01 0000102d: DUP4 0000102e: PUSH1 0x20 00001030: SUB 00001031: PUSH2 0x0100 00001034: EXP 00001035: SUB 00001036: NOT 00001037: AND 00001038: DUP2 00001039: MSTORE 0000103a: PUSH1 0x20 0000103c: ADD 0000103d: SWAP2 0000103e: POP 0000103f: JUMPDEST 00001040: POP 00001041: PUSH1 0x40 00001043: MSTORE 00001044: POP 00001045: POP 00001046: POP 00001047: SWAP2 00001048: POP 00001049: POP 0000104a: SWAP2 0000104b: SWAP1 0000104c: POP 0000104d: JUMP 0000104e: JUMPDEST 0000104f: PUSH1 0x02 00001051: SLOAD 00001052: PUSH1 0x40 00001054: MLOAD 00001055: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000106a: DUP1 0000106b: DUP5 0000106c: AND 0000106d: SWAP3 0000106e: AND 0000106f: SWAP1 00001070: PUSH32 0x95bb211a5a393c4d30c3edc9a745825fba4e6ad3e3bb949e6bf8ccdfe431a811 00001091: SWAP1 00001092: PUSH1 0x00 00001094: SWAP1 00001095: LOG3 00001096: PUSH1 0x02 00001098: DUP1 00001099: SLOAD 0000109a: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000 000010bb: AND 000010bc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000010d1: SWAP3 000010d2: SWAP1 000010d3: SWAP3 000010d4: AND 000010d5: SWAP2 000010d6: SWAP1 000010d7: SWAP2 000010d8: OR 000010d9: SWAP1 000010da: SSTORE 000010db: JUMP 000010dc: JUMPDEST 000010dd: PUSH1 0x40 000010df: DUP1 000010e0: MLOAD 000010e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000010f6: DUP1 000010f7: DUP8 000010f8: AND 000010f9: PUSH1 0x24 000010fb: DUP4 000010fc: ADD 000010fd: MSTORE 000010fe: PUSH1 0x44 00001100: DUP1 00001101: DUP4 00001102: ADD 00001103: DUP8 00001104: SWAP1 00001105: MSTORE 00001106: DUP4 00001107: MLOAD 00001108: DUP1 00001109: DUP5 0000110a: SUB 0000110b: SWAP1 0000110c: SWAP2 0000110d: ADD 0000110e: DUP2 0000110f: MSTORE 00001110: PUSH1 0x64 00001112: SWAP1 00001113: SWAP3 00001114: ADD 00001115: DUP4 00001116: MSTORE 00001117: PUSH1 0x20 00001119: DUP3 0000111a: ADD 0000111b: DUP1 0000111c: MLOAD 0000111d: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000113a: AND 0000113b: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 0000115c: OR 0000115d: DUP2 0000115e: MSTORE 0000115f: SWAP3 00001160: MLOAD 00001161: DUP3 00001162: MLOAD 00001163: PUSH1 0x00 00001165: SWAP5 00001166: PUSH1 0x60 00001168: SWAP5 00001169: SWAP4 0000116a: DUP7 0000116b: SWAP4 0000116c: DUP5 0000116d: SWAP4 0000116e: SWAP2 0000116f: DUP11 00001170: AND 00001171: SWAP3 00001172: DUP10 00001173: SWAP3 00001174: DUP8 00001175: SWAP3 00001176: SWAP2 00001177: DUP3 00001178: SWAP2 00001179: DUP1 0000117a: DUP4 0000117b: DUP4 0000117c: JUMPDEST 0000117d: PUSH1 0x20 0000117f: DUP4 00001180: LT 00001181: PUSH2 0x11b9 00001184: JUMPI 00001185: DUP1 00001186: MLOAD 00001187: DUP3 00001188: MSTORE 00001189: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 000011aa: SWAP1 000011ab: SWAP3 000011ac: ADD 000011ad: SWAP2 000011ae: PUSH1 0x20 000011b0: SWAP2 000011b1: DUP3 000011b2: ADD 000011b3: SWAP2 000011b4: ADD 000011b5: PUSH2 0x117c 000011b8: JUMP 000011b9: JUMPDEST 000011ba: PUSH1 0x01 000011bc: DUP4 000011bd: PUSH1 0x20 000011bf: SUB 000011c0: PUSH2 0x0100 000011c3: EXP 000011c4: SUB 000011c5: DUP1 000011c6: NOT 000011c7: DUP3 000011c8: MLOAD 000011c9: AND 000011ca: DUP2 000011cb: DUP5 000011cc: MLOAD 000011cd: AND 000011ce: DUP1 000011cf: DUP3 000011d0: OR 000011d1: DUP6 000011d2: MSTORE 000011d3: POP 000011d4: POP 000011d5: POP 000011d6: POP 000011d7: POP 000011d8: POP 000011d9: SWAP1 000011da: POP 000011db: ADD 000011dc: SWAP2 000011dd: POP 000011de: POP 000011df: PUSH1 0x00 000011e1: PUSH1 0x40 000011e3: MLOAD 000011e4: DUP1 000011e5: DUP4 000011e6: SUB 000011e7: DUP2 000011e8: PUSH1 0x00 000011ea: DUP8 000011eb: DUP8 000011ec: CALL 000011ed: SWAP3 000011ee: POP 000011ef: POP 000011f0: POP 000011f1: RETURNDATASIZE 000011f2: DUP1 000011f3: PUSH1 0x00 000011f5: DUP2 000011f6: EQ 000011f7: PUSH2 0x121c 000011fa: JUMPI 000011fb: PUSH1 0x40 000011fd: MLOAD 000011fe: SWAP2 000011ff: POP 00001200: PUSH1 0x1f 00001202: NOT 00001203: PUSH1 0x3f 00001205: RETURNDATASIZE 00001206: ADD 00001207: AND 00001208: DUP3 00001209: ADD 0000120a: PUSH1 0x40 0000120c: MSTORE 0000120d: RETURNDATASIZE 0000120e: DUP3 0000120f: MSTORE 00001210: RETURNDATASIZE 00001211: PUSH1 0x00 00001213: PUSH1 0x20 00001215: DUP5 00001216: ADD 00001217: RETURNDATACOPY 00001218: PUSH2 0x1221 0000121b: JUMP 0000121c: JUMPDEST 0000121d: PUSH1 0x60 0000121f: SWAP2 00001220: POP 00001221: JUMPDEST 00001222: POP 00001223: SWAP2 00001224: POP 00001225: SWAP2 00001226: POP 00001227: DUP2 00001228: ISZERO 00001229: PUSH2 0x12b8 0000122c: JUMPI 0000122d: PUSH1 0x00 0000122f: DUP2 00001230: MLOAD 00001231: GT 00001232: DUP1 00001233: ISZERO 00001234: PUSH2 0x1251 00001237: JUMPI 00001238: POP 00001239: DUP1 0000123a: DUP1 0000123b: PUSH1 0x20 0000123d: ADD 0000123e: SWAP1 0000123f: MLOAD 00001240: PUSH1 0x20 00001242: DUP2 00001243: LT 00001244: ISZERO 00001245: PUSH2 0x124d 00001248: JUMPI 00001249: PUSH1 0x00 0000124b: DUP1 0000124c: REVERT 0000124d: JUMPDEST 0000124e: POP 0000124f: MLOAD 00001250: ISZERO 00001251: JUMPDEST 00001252: ISZERO 00001253: PUSH2 0x129a 00001256: JUMPI 00001257: PUSH1 0x00 00001259: PUSH1 0x40 0000125b: MLOAD 0000125c: DUP1 0000125d: PUSH1 0x40 0000125f: ADD 00001260: PUSH1 0x40 00001262: MSTORE 00001263: DUP1 00001264: PUSH1 0x0e 00001266: DUP2 00001267: MSTORE 00001268: PUSH1 0x20 0000126a: ADD 0000126b: PUSH32 0x66616c73652072657475726e6564000000000000000000000000000000000000 0000128c: DUP2 0000128d: MSTORE 0000128e: POP 0000128f: SWAP5 00001290: POP 00001291: SWAP5 00001292: POP 00001293: POP 00001294: POP 00001295: POP 00001296: PUSH2 0x12cb 00001299: JUMP 0000129a: JUMPDEST 0000129b: PUSH1 0x01 0000129d: PUSH1 0x40 0000129f: MLOAD 000012a0: DUP1 000012a1: PUSH1 0x20 000012a3: ADD 000012a4: PUSH1 0x40 000012a6: MSTORE 000012a7: DUP1 000012a8: PUSH1 0x00 000012aa: DUP2 000012ab: MSTORE 000012ac: POP 000012ad: SWAP5 000012ae: POP 000012af: SWAP5 000012b0: POP 000012b1: POP 000012b2: POP 000012b3: POP 000012b4: PUSH2 0x12cb 000012b7: JUMP 000012b8: JUMPDEST 000012b9: PUSH1 0x00 000012bb: PUSH2 0x12c3 000012be: DUP3 000012bf: PUSH2 0x0f37 000012c2: JUMP 000012c3: JUMPDEST 000012c4: SWAP5 000012c5: POP 000012c6: SWAP5 000012c7: POP 000012c8: POP 000012c9: POP 000012ca: POP 000012cb: JUMPDEST 000012cc: SWAP5 000012cd: POP 000012ce: SWAP5 000012cf: SWAP3 000012d0: POP 000012d1: POP 000012d2: POP 000012d3: JUMP 000012d4: JUMPDEST 000012d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000012ea: DUP2 000012eb: AND 000012ec: PUSH2 0x1356 000012ef: JUMPI 000012f0: PUSH1 0x40 000012f2: DUP1 000012f3: MLOAD 000012f4: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001315: DUP2 00001316: MSTORE 00001317: PUSH1 0x20 00001319: PUSH1 0x04 0000131b: DUP3 0000131c: ADD 0000131d: MSTORE 0000131e: PUSH1 0x1b 00001320: PUSH1 0x24 00001322: DUP3 00001323: ADD 00001324: MSTORE 00001325: PUSH32 0x6163636f756e7420697320746865207a65726f20616464726573730000000000 00001346: PUSH1 0x44 00001348: DUP3 00001349: ADD 0000134a: MSTORE 0000134b: SWAP1 0000134c: MLOAD 0000134d: SWAP1 0000134e: DUP2 0000134f: SWAP1 00001350: SUB 00001351: PUSH1 0x64 00001353: ADD 00001354: SWAP1 00001355: REVERT 00001356: JUMPDEST 00001357: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000136c: DUP2 0000136d: AND 0000136e: ADDRESS 0000136f: EQ 00001370: ISZERO 00001371: PUSH2 0x13db 00001374: JUMPI 00001375: PUSH1 0x40 00001377: DUP1 00001378: MLOAD 00001379: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000139a: DUP2 0000139b: MSTORE 0000139c: PUSH1 0x20 0000139e: PUSH1 0x04 000013a0: DUP3 000013a1: ADD 000013a2: MSTORE 000013a3: PUSH1 0x18 000013a5: PUSH1 0x24 000013a7: DUP3 000013a8: ADD 000013a9: MSTORE 000013aa: PUSH32 0x6163636f756e74206973207468697320636f6e74726163740000000000000000 000013cb: PUSH1 0x44 000013cd: DUP3 000013ce: ADD 000013cf: MSTORE 000013d0: SWAP1 000013d1: MLOAD 000013d2: SWAP1 000013d3: DUP2 000013d4: SWAP1 000013d5: SUB 000013d6: PUSH1 0x64 000013d8: ADD 000013d9: SWAP1 000013da: REVERT 000013db: JUMPDEST 000013dc: PUSH1 0x00 000013de: DUP1 000013df: SLOAD 000013e0: PUSH1 0x40 000013e2: MLOAD 000013e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000013f8: DUP1 000013f9: DUP6 000013fa: AND 000013fb: SWAP4 000013fc: PUSH2 0x0100 000013ff: SWAP1 00001400: SWAP4 00001401: DIV 00001402: AND 00001403: SWAP2 00001404: PUSH32 0xb532073b38c83145e3e5135377a08bf9aab55bc0fd7c1179cd4fb995d2a5159c 00001425: SWAP2 00001426: LOG3 00001427: PUSH1 0x00 00001429: DUP1 0000142a: SLOAD 0000142b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001440: SWAP1 00001441: SWAP3 00001442: AND 00001443: PUSH2 0x0100 00001446: MUL 00001447: PUSH32 0xffffffffffffffffffffff0000000000000000000000000000000000000000ff 00001468: SWAP1 00001469: SWAP3 0000146a: AND 0000146b: SWAP2 0000146c: SWAP1 0000146d: SWAP2 0000146e: OR 0000146f: SWAP1 00001470: SSTORE 00001471: JUMP 00001472: JUMPDEST 00001473: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001488: DUP2 00001489: AND 0000148a: PUSH2 0x14f4 0000148d: JUMPI 0000148e: PUSH1 0x40 00001490: DUP1 00001491: MLOAD 00001492: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000014b3: DUP2 000014b4: MSTORE 000014b5: PUSH1 0x20 000014b7: PUSH1 0x04 000014b9: DUP3 000014ba: ADD 000014bb: MSTORE 000014bc: PUSH1 0x1b 000014be: PUSH1 0x24 000014c0: DUP3 000014c1: ADD 000014c2: MSTORE 000014c3: PUSH32 0x6163636f756e7420697320746865207a65726f20616464726573730000000000 000014e4: PUSH1 0x44 000014e6: DUP3 000014e7: ADD 000014e8: MSTORE 000014e9: SWAP1 000014ea: MLOAD 000014eb: SWAP1 000014ec: DUP2 000014ed: SWAP1 000014ee: SUB 000014ef: PUSH1 0x64 000014f1: ADD 000014f2: SWAP1 000014f3: REVERT 000014f4: JUMPDEST 000014f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000150a: DUP2 0000150b: AND 0000150c: ADDRESS 0000150d: EQ 0000150e: ISZERO 0000150f: PUSH2 0x1579 00001512: JUMPI 00001513: PUSH1 0x40 00001515: DUP1 00001516: MLOAD 00001517: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00001538: DUP2 00001539: MSTORE 0000153a: PUSH1 0x20 0000153c: PUSH1 0x04 0000153e: DUP3 0000153f: ADD 00001540: MSTORE 00001541: PUSH1 0x18 00001543: PUSH1 0x24 00001545: DUP3 00001546: ADD 00001547: MSTORE 00001548: PUSH32 0x6163636f756e74206973207468697320636f6e74726163740000000000000000 00001569: PUSH1 0x44 0000156b: DUP3 0000156c: ADD 0000156d: MSTORE 0000156e: SWAP1 0000156f: MLOAD 00001570: SWAP1 00001571: DUP2 00001572: SWAP1 00001573: SUB 00001574: PUSH1 0x64 00001576: ADD 00001577: SWAP1 00001578: REVERT 00001579: JUMPDEST 0000157a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000158f: DUP2 00001590: AND 00001591: PUSH1 0x00 00001593: SWAP1 00001594: DUP2 00001595: MSTORE 00001596: PUSH1 0x01 00001598: PUSH1 0x20 0000159a: MSTORE 0000159b: PUSH1 0x40 0000159d: SWAP1 0000159e: KECCAK256 0000159f: SLOAD 000015a0: PUSH1 0xff 000015a2: AND 000015a3: ISZERO 000015a4: PUSH2 0x160e 000015a7: JUMPI 000015a8: PUSH1 0x40 000015aa: DUP1 000015ab: MLOAD 000015ac: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000015cd: DUP2 000015ce: MSTORE 000015cf: PUSH1 0x20 000015d1: PUSH1 0x04 000015d3: DUP3 000015d4: ADD 000015d5: MSTORE 000015d6: PUSH1 0x1f 000015d8: PUSH1 0x24 000015da: DUP3 000015db: ADD 000015dc: MSTORE 000015dd: PUSH32 0x6163636f756e7420697320616c7265616479206120636f6e74726f6c6c657200 000015fe: PUSH1 0x44 00001600: DUP3 00001601: ADD 00001602: MSTORE 00001603: SWAP1 00001604: MLOAD 00001605: SWAP1 00001606: DUP2 00001607: SWAP1 00001608: SUB 00001609: PUSH1 0x64 0000160b: ADD 0000160c: SWAP1 0000160d: REVERT 0000160e: JUMPDEST 0000160f: PUSH1 0x00 00001611: DUP1 00001612: SLOAD 00001613: PUSH1 0x40 00001615: MLOAD 00001616: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000162b: PUSH2 0x0100 0000162e: SWAP1 0000162f: SWAP3 00001630: DIV 00001631: DUP3 00001632: AND 00001633: SWAP3 00001634: SWAP2 00001635: DUP5 00001636: AND 00001637: SWAP2 00001638: PUSH32 0x09703263c91de41f96b822b3995609acf9858ba081d151c4e7ec3398085ae326 00001659: SWAP2 0000165a: LOG3 0000165b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00001670: AND 00001671: PUSH1 0x00 00001673: SWAP1 00001674: DUP2 00001675: MSTORE 00001676: PUSH1 0x01 00001678: PUSH1 0x20 0000167a: DUP2 0000167b: SWAP1 0000167c: MSTORE 0000167d: PUSH1 0x40 0000167f: SWAP1 00001680: SWAP2 00001681: KECCAK256 00001682: DUP1 00001683: SLOAD 00001684: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00 000016a5: AND 000016a6: SWAP1 000016a7: SWAP2 000016a8: OR 000016a9: SWAP1 000016aa: SSTORE 000016ab: JUMP 000016ac: JUMPDEST 000016ad: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000016c2: DUP2 000016c3: AND 000016c4: PUSH1 0x00 000016c6: SWAP1 000016c7: DUP2 000016c8: MSTORE 000016c9: PUSH1 0x01 000016cb: PUSH1 0x20 000016cd: MSTORE 000016ce: PUSH1 0x40 000016d0: SWAP1 000016d1: KECCAK256 000016d2: SLOAD 000016d3: PUSH1 0xff 000016d5: AND 000016d6: PUSH2 0x1740 000016d9: JUMPI 000016da: PUSH1 0x40 000016dc: DUP1 000016dd: MLOAD 000016de: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000016ff: DUP2 00001700: MSTORE 00001701: PUSH1 0x20 00001703: PUSH1 0x04 00001705: DUP3 00001706: ADD 00001707: MSTORE 00001708: PUSH1 0x1b 0000170a: PUSH1 0x24 0000170c: DUP3 0000170d: ADD 0000170e: MSTORE 0000170f: PUSH32 0x6163636f756e74206973206e6f74206120636f6e74726f6c6c65720000000000 00001730: PUSH1 0x44 00001732: DUP3 00001733: ADD 00001734: MSTORE 00001735: SWAP1 00001736: MLOAD 00001737: SWAP1 00001738: DUP2 00001739: SWAP1 0000173a: SUB 0000173b: PUSH1 0x64 0000173d: ADD 0000173e: SWAP1 0000173f: REVERT 00001740: JUMPDEST 00001741: PUSH1 0x00 00001743: DUP1 00001744: SLOAD 00001745: PUSH1 0x40 00001747: MLOAD 00001748: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000175d: PUSH2 0x0100 00001760: SWAP1 00001761: SWAP3 00001762: DIV 00001763: DUP3 00001764: AND 00001765: SWAP3 00001766: SWAP2 00001767: DUP5 00001768: AND 00001769: SWAP2 0000176a: PUSH32 0x41f64ada53a9badeceff01974383e6c72edbc9d5761a759526902033848c74eb 0000178b: SWAP2 0000178c: LOG3 0000178d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000017a2: AND 000017a3: PUSH1 0x00 000017a5: SWAP1 000017a6: DUP2 000017a7: MSTORE 000017a8: PUSH1 0x01 000017aa: PUSH1 0x20 000017ac: MSTORE 000017ad: PUSH1 0x40 000017af: SWAP1 000017b0: KECCAK256 000017b1: DUP1 000017b2: SLOAD 000017b3: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00 000017d4: AND 000017d5: SWAP1 000017d6: SSTORE 000017d7: JUMP 000017d8: JUMPDEST 000017d9: DUP1 000017da: CALLDATALOAD 000017db: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000017f0: DUP2 000017f1: AND 000017f2: DUP2 000017f3: EQ 000017f4: PUSH2 0x0b8b 000017f7: JUMPI 000017f8: PUSH1 0x00 000017fa: DUP1 000017fb: REVERT 000017fc: JUMPDEST 000017fd: PUSH1 0x00 000017ff: DUP1 00001800: DUP4 00001801: PUSH1 0x1f 00001803: DUP5 00001804: ADD 00001805: SLT 00001806: PUSH2 0x180d 00001809: JUMPI 0000180a: DUP2 0000180b: DUP3 0000180c: REVERT 0000180d: JUMPDEST 0000180e: POP 0000180f: DUP2 00001810: CALLDATALOAD 00001811: PUSH8 0xffffffffffffffff 0000181a: DUP2 0000181b: GT 0000181c: ISZERO 0000181d: PUSH2 0x1824 00001820: JUMPI 00001821: DUP2 00001822: DUP3 00001823: REVERT 00001824: JUMPDEST 00001825: PUSH1 0x20 00001827: DUP4 00001828: ADD 00001829: SWAP2 0000182a: POP 0000182b: DUP4 0000182c: PUSH1 0x20 0000182e: PUSH1 0x40 00001830: DUP4 00001831: MUL 00001832: DUP6 00001833: ADD 00001834: ADD 00001835: GT 00001836: ISZERO 00001837: PUSH2 0x183f 0000183a: JUMPI 0000183b: PUSH1 0x00 0000183d: DUP1 0000183e: REVERT 0000183f: JUMPDEST 00001840: SWAP3 00001841: POP 00001842: SWAP3 00001843: SWAP1 00001844: POP 00001845: JUMP 00001846: JUMPDEST 00001847: PUSH1 0x00 00001849: PUSH1 0x20 0000184b: DUP3 0000184c: DUP5 0000184d: SUB 0000184e: SLT 0000184f: ISZERO 00001850: PUSH2 0x1857 00001853: JUMPI 00001854: DUP1 00001855: DUP2 00001856: REVERT 00001857: JUMPDEST 00001858: PUSH2 0x1860 0000185b: DUP3 0000185c: PUSH2 0x17d8 0000185f: JUMP 00001860: JUMPDEST 00001861: SWAP4 00001862: SWAP3 00001863: POP 00001864: POP 00001865: POP 00001866: JUMP 00001867: JUMPDEST 00001868: PUSH1 0x00 0000186a: DUP1 0000186b: PUSH1 0x00 0000186d: PUSH1 0x60 0000186f: DUP5 00001870: DUP7 00001871: SUB 00001872: SLT 00001873: ISZERO 00001874: PUSH2 0x187b 00001877: JUMPI 00001878: DUP2 00001879: DUP3 0000187a: REVERT 0000187b: JUMPDEST 0000187c: PUSH2 0x1884 0000187f: DUP5 00001880: PUSH2 0x17d8 00001883: JUMP 00001884: JUMPDEST 00001885: SWAP3 00001886: POP 00001887: PUSH2 0x1892 0000188a: PUSH1 0x20 0000188c: DUP6 0000188d: ADD 0000188e: PUSH2 0x17d8 00001891: JUMP 00001892: JUMPDEST 00001893: SWAP2 00001894: POP 00001895: PUSH2 0x18a0 00001898: PUSH1 0x40 0000189a: DUP6 0000189b: ADD 0000189c: PUSH2 0x17d8 0000189f: JUMP 000018a0: JUMPDEST 000018a1: SWAP1 000018a2: POP 000018a3: SWAP3 000018a4: POP 000018a5: SWAP3 000018a6: POP 000018a7: SWAP3 000018a8: JUMP 000018a9: JUMPDEST 000018aa: PUSH1 0x00 000018ac: DUP1 000018ad: PUSH1 0x00 000018af: DUP1 000018b0: PUSH1 0x60 000018b2: DUP6 000018b3: DUP8 000018b4: SUB 000018b5: SLT 000018b6: ISZERO 000018b7: PUSH2 0x18be 000018ba: JUMPI 000018bb: DUP1 000018bc: DUP2 000018bd: REVERT 000018be: JUMPDEST 000018bf: PUSH2 0x18c7 000018c2: DUP6 000018c3: PUSH2 0x17d8 000018c6: JUMP 000018c7: JUMPDEST 000018c8: SWAP4 000018c9: POP 000018ca: PUSH1 0x20 000018cc: DUP6 000018cd: ADD 000018ce: CALLDATALOAD 000018cf: PUSH8 0xffffffffffffffff 000018d8: DUP2 000018d9: GT 000018da: ISZERO 000018db: PUSH2 0x18e2 000018de: JUMPI 000018df: DUP2 000018e0: DUP3 000018e1: REVERT 000018e2: JUMPDEST 000018e3: PUSH2 0x18ee 000018e6: DUP8 000018e7: DUP3 000018e8: DUP9 000018e9: ADD 000018ea: PUSH2 0x17fc 000018ed: JUMP 000018ee: JUMPDEST 000018ef: SWAP6 000018f0: SWAP9 000018f1: SWAP1 000018f2: SWAP8 000018f3: POP 000018f4: SWAP5 000018f5: SWAP6 000018f6: PUSH1 0x40 000018f8: ADD 000018f9: CALLDATALOAD 000018fa: SWAP5 000018fb: SWAP4 000018fc: POP 000018fd: POP 000018fe: POP 000018ff: POP 00001900: JUMP 00001901: JUMPDEST 00001902: PUSH1 0x00 00001904: DUP1 00001905: PUSH1 0x00 00001907: PUSH1 0x40 00001909: DUP5 0000190a: DUP7 0000190b: SUB 0000190c: SLT 0000190d: ISZERO 0000190e: PUSH2 0x1915 00001911: JUMPI 00001912: DUP3 00001913: DUP4 00001914: REVERT 00001915: JUMPDEST 00001916: DUP4 00001917: CALLDATALOAD 00001918: PUSH8 0xffffffffffffffff 00001921: DUP1 00001922: DUP3 00001923: GT 00001924: ISZERO 00001925: PUSH2 0x192c 00001928: JUMPI 00001929: DUP5 0000192a: DUP6 0000192b: REVERT 0000192c: JUMPDEST 0000192d: DUP2 0000192e: DUP7 0000192f: ADD 00001930: SWAP2 00001931: POP 00001932: DUP7 00001933: PUSH1 0x1f 00001935: DUP4 00001936: ADD 00001937: SLT 00001938: PUSH2 0x193f 0000193b: JUMPI 0000193c: DUP5 0000193d: DUP6 0000193e: REVERT 0000193f: JUMPDEST 00001940: DUP2 00001941: CALLDATALOAD 00001942: DUP2 00001943: DUP2 00001944: GT 00001945: ISZERO 00001946: PUSH2 0x194d 00001949: JUMPI 0000194a: DUP6 0000194b: DUP7 0000194c: REVERT 0000194d: JUMPDEST 0000194e: DUP8 0000194f: PUSH1 0x20 00001951: PUSH1 0x60 00001953: DUP4 00001954: MUL 00001955: DUP6 00001956: ADD 00001957: ADD 00001958: GT 00001959: ISZERO 0000195a: PUSH2 0x1961 0000195d: JUMPI 0000195e: DUP6 0000195f: DUP7 00001960: REVERT 00001961: JUMPDEST 00001962: PUSH1 0x20 00001964: SWAP3 00001965: DUP4 00001966: ADD 00001967: SWAP9 00001968: SWAP1 00001969: SWAP8 0000196a: POP 0000196b: SWAP6 0000196c: SWAP1 0000196d: SWAP2 0000196e: ADD 0000196f: CALLDATALOAD 00001970: SWAP5 00001971: SWAP4 00001972: POP 00001973: POP 00001974: POP 00001975: POP 00001976: JUMP 00001977: JUMPDEST 00001978: PUSH1 0x00 0000197a: DUP1 0000197b: PUSH1 0x00 0000197d: PUSH1 0x40 0000197f: DUP5 00001980: DUP7 00001981: SUB 00001982: SLT 00001983: ISZERO 00001984: PUSH2 0x198b 00001987: JUMPI 00001988: DUP3 00001989: DUP4 0000198a: REVERT 0000198b: JUMPDEST 0000198c: DUP4 0000198d: CALLDATALOAD 0000198e: PUSH8 0xffffffffffffffff 00001997: DUP2 00001998: GT 00001999: ISZERO 0000199a: PUSH2 0x19a1 0000199d: JUMPI 0000199e: DUP4 0000199f: DUP5 000019a0: REVERT 000019a1: JUMPDEST 000019a2: PUSH2 0x19ad 000019a5: DUP7 000019a6: DUP3 000019a7: DUP8 000019a8: ADD 000019a9: PUSH2 0x17fc 000019ac: JUMP 000019ad: JUMPDEST 000019ae: SWAP1 000019af: SWAP8 000019b0: SWAP1 000019b1: SWAP7 000019b2: POP 000019b3: PUSH1 0x20 000019b5: SWAP6 000019b6: SWAP1 000019b7: SWAP6 000019b8: ADD 000019b9: CALLDATALOAD 000019ba: SWAP5 000019bb: SWAP4 000019bc: POP 000019bd: POP 000019be: POP 000019bf: POP 000019c0: JUMP 000019c1: JUMPDEST 000019c2: SWAP1 000019c3: JUMP 000019c4: JUMPDEST 000019c5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000019da: SWAP2 000019db: SWAP1 000019dc: SWAP2 000019dd: AND 000019de: DUP2 000019df: MSTORE 000019e0: PUSH1 0x20 000019e2: ADD 000019e3: SWAP1 000019e4: JUMP 000019e5: JUMPDEST 000019e6: SWAP1 000019e7: ISZERO 000019e8: ISZERO 000019e9: DUP2 000019ea: MSTORE 000019eb: PUSH1 0x20 000019ed: ADD 000019ee: SWAP1 000019ef: JUMP 000019f0: JUMPDEST 000019f1: PUSH1 0x00 000019f3: DUP5 000019f4: DUP3 000019f5: MSTORE 000019f6: PUSH1 0x20 000019f8: DUP5 000019f9: DUP2 000019fa: DUP5 000019fb: ADD 000019fc: MSTORE 000019fd: PUSH1 0x60 000019ff: PUSH1 0x40 00001a01: DUP5 00001a02: ADD 00001a03: MSTORE 00001a04: DUP4 00001a05: MLOAD 00001a06: DUP1 00001a07: PUSH1 0x60 00001a09: DUP6 00001a0a: ADD 00001a0b: MSTORE 00001a0c: DUP3 00001a0d: JUMPDEST 00001a0e: DUP2 00001a0f: DUP2 00001a10: LT 00001a11: ISZERO 00001a12: PUSH2 0x1a29 00001a15: JUMPI 00001a16: DUP6 00001a17: DUP2 00001a18: ADD 00001a19: DUP4 00001a1a: ADD 00001a1b: MLOAD 00001a1c: DUP6 00001a1d: DUP3 00001a1e: ADD 00001a1f: PUSH1 0x80 00001a21: ADD 00001a22: MSTORE 00001a23: DUP3 00001a24: ADD 00001a25: PUSH2 0x1a0d 00001a28: JUMP 00001a29: JUMPDEST 00001a2a: DUP2 00001a2b: DUP2 00001a2c: GT 00001a2d: ISZERO 00001a2e: PUSH2 0x1a3a 00001a31: JUMPI 00001a32: DUP4 00001a33: PUSH1 0x80 00001a35: DUP4 00001a36: DUP8 00001a37: ADD 00001a38: ADD 00001a39: MSTORE 00001a3a: JUMPDEST 00001a3b: POP 00001a3c: PUSH1 0x1f 00001a3e: ADD 00001a3f: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 00001a60: AND 00001a61: SWAP3 00001a62: SWAP1 00001a63: SWAP3 00001a64: ADD 00001a65: PUSH1 0x80 00001a67: ADD 00001a68: SWAP6 00001a69: SWAP5 00001a6a: POP 00001a6b: POP 00001a6c: POP 00001a6d: POP 00001a6e: POP 00001a6f: JUMP 00001a70: JUMPDEST 00001a71: SWAP2 00001a72: DUP3 00001a73: MSTORE 00001a74: PUSH1 0x20 00001a76: DUP3 00001a77: ADD 00001a78: MSTORE 00001a79: PUSH1 0x60 00001a7b: PUSH1 0x40 00001a7d: DUP3 00001a7e: ADD 00001a7f: DUP2 00001a80: SWAP1 00001a81: MSTORE 00001a82: PUSH1 0x1f 00001a84: SWAP1 00001a85: DUP3 00001a86: ADD 00001a87: MSTORE 00001a88: PUSH32 0x7472616e7366657220616d6f756e7420657863656564732062616c616e636500 00001aa9: PUSH1 0x80 00001aab: DUP3 00001aac: ADD 00001aad: MSTORE 00001aae: PUSH1 0xa0 00001ab0: ADD 00001ab1: SWAP1 00001ab2: JUMP 00001ab3: INVALID 00001ab4: LOG2 00001ab5: PUSH5 0x6970667358 00001abb: UNKNOWN(0x22) 00001abc: SLT 00001abd: KECCAK256 00001abe: PUSH8 0x4af724c5bbcb2258 00001ac7: DUP5 00001ac8: CREATE2 00001ac9: CALLVALUE 00001aca: CALLDATALOAD 00001acb: PUSH16 0xc75f739803449d2d49690575b700fe11 00001adc: UNKNOWN(0xAC) 00001add: UNKNOWN(0xEB) 00001ade: PUSH5 0x736f6c6343 00001ae4: STOP 00001ae5: SMOD 00001ae6: MOD 00001ae7: STOP 00001ae8: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | access_control | codex | Unprotected initializer enables full takeover and fund drain when not yet initialized | 90 | no | — |
viewevidence_json{
"evidence": "Initializer logic at 0xb90 checks only `SLOAD slot0 & 0xff` then proceeds with no CALLER check, calling `0x12d4` (set owner), optional `0x1472` (add controller), `0x104e` (set pauser), then `SSTORE` sets init flag at 0xc7f. ETH drain path: controller-only function starting 0x2c4 performs a low-level `CALL` at 0x0435 using recipient/value loaded from calldata (0x0400/0x041a). Token drain path: controller loop jumps to internal token transfer at 0x10dc and embeds `a9059cbb` at 0x113b, followed by `CALL` at 0x11ec.",
"locations": [
"runtime_bytecode.hex:0xb90",
"runtime_bytecode.hex:0xc7f",
"runtime_bytecode.hex:0x0435",
"runtime_bytecode.hex:0x10dc"
],
"recommendation": "Ensure initialization is performed in the constructor (or via proxy deployment) and remove or restrict the external initializer (e.g., onlyOwner/onlyInitializing). If this is a clone/proxy pattern, deploy with an immediate init call and/or add an immutable deployer gate.",
"exploit_scenario": "1) Call selector `0x158ef93e` to read the init flag (slot0 & 0xff). If it returns 0, the contract is uninitialized.\n2) Call selector `0xc0c53b8b` with three attacker-controlled addresses (owner/controller/pauser). This sets ownership and controller status without any caller check.\n3) As controller, call selector `0x1a1da075` with arrays so the contract performs `CALL` with value to an attacker address (draining ETH), or call selector `0x45c23df2` to transfer ERC20 tokens via the internal `a9059cbb` transfer call."
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x8799633f950bbf53389824ffe60a9362bdb4f1423053cdb2dac9976ba5a4d44f
call_targets:
0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x8799633f950bbf53389824ffe60a9362bdb4f1423053cdb2dac9976ba5a4d44f",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xb429afeb",
"selector": "0xb429afeb",
"calldata_variants": [
"0xb429afeb",
"0xb429afeb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc0c53b8b",
"selector": "0xc0c53b8b",
"calldata_variants": [
"0xc0c53b8b",
"0xc0c53b8b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xca350aa6",
"selector": "0xca350aa6",
"calldata_variants": [
"0xca350aa6",
"0xca350aa60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6a74ed7",
"selector": "0xf6a74ed7",
"calldata_variants": [
"0xf6a74ed7",
"0xf6a74ed70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9fd0506d",
"selector": "0x9fd0506d",
"calldata_variants": [
"0x9fd0506d",
"0x9fd0506d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa6f9dae1",
"selector": "0xa6f9dae1",
"calldata_variants": [
"0xa6f9dae1",
"0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa7fc7a07",
"selector": "0xa7fc7a07",
"calldata_variants": [
"0xa7fc7a07",
"0xa7fc7a070000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1077,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 4588,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [],
"untrusted_call_count": 2
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x8799633f950bbf53389824ffe60a9362bdb4f1423053cdb2dac9976ba5a4d44f
call_targets:
0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x8799633f950bbf53389824ffe60a9362bdb4f1423053cdb2dac9976ba5a4d44f",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xb429afeb",
"selector": "0xb429afeb",
"calldata_variants": [
"0xb429afeb",
"0xb429afeb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc0c53b8b",
"selector": "0xc0c53b8b",
"calldata_variants": [
"0xc0c53b8b",
"0xc0c53b8b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xca350aa6",
"selector": "0xca350aa6",
"calldata_variants": [
"0xca350aa6",
"0xca350aa60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6a74ed7",
"selector": "0xf6a74ed7",
"calldata_variants": [
"0xf6a74ed7",
"0xf6a74ed70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9fd0506d",
"selector": "0x9fd0506d",
"calldata_variants": [
"0x9fd0506d",
"0x9fd0506d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa6f9dae1",
"selector": "0xa6f9dae1",
"calldata_variants": [
"0xa6f9dae1",
"0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa7fc7a07",
"selector": "0xa7fc7a07",
"calldata_variants": [
"0xa7fc7a07",
"0xa7fc7a070000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1077,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 4588,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": []
}
|
| medium | other | detector | CREATE/CREATE2 reachable | 45 | no | no |
viewtrace_id: 0x77290cbfc5bc19e354954d0c6931c9517ed8455796d9fa6ea20f6d3f634fd911
validation_json{
"sink": "CREATE",
"errors": 0,
"status": "unknown",
"attempts": 30,
"trace_id": "0x77290cbfc5bc19e354954d0c6931c9517ed8455796d9fa6ea20f6d3f634fd911",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xb429afeb",
"selector": "0xb429afeb",
"calldata_variants": [
"0xb429afeb",
"0xb429afeb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xc0c53b8b",
"selector": "0xc0c53b8b",
"calldata_variants": [
"0xc0c53b8b",
"0xc0c53b8b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xca350aa6",
"selector": "0xca350aa6",
"calldata_variants": [
"0xca350aa6",
"0xca350aa60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf6a74ed7",
"selector": "0xf6a74ed7",
"calldata_variants": [
"0xf6a74ed7",
"0xf6a74ed70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9fd0506d",
"selector": "0x9fd0506d",
"calldata_variants": [
"0x9fd0506d",
"0x9fd0506d0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa6f9dae1",
"selector": "0xa6f9dae1",
"calldata_variants": [
"0xa6f9dae1",
"0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa7fc7a07",
"selector": "0xa7fc7a07",
"calldata_variants": [
"0xa7fc7a07",
"0xa7fc7a070000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"create_count": 0,
"create2_count": 1
}
|
| low | other | cast | Contract creation opcode present | 60 | no | — |
viewevidence_json{
"notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
"create_count": 0,
"create2_count": 1
}
|