TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

6bebe1d9-282f-4e82-8628-d3de8bb9b5a0

complete
Chain ID
1
Address
0x046dd36dfd03c2e604fc4cd927a508770486cce4
Block Number
Created
Sat, Jan 3, 2026 11:31 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31481 report.consolidate complete 1 / 1 3 months ago
77512 artifact.fetch complete 1 / 3 1 week ago
77513 tool.cast_disasm complete 1 / 3 1 week ago
77514 analysis.bundle complete 1 / 3 1 week ago
77515 capability.graph complete 1 / 3 1 week ago
77516 detector.run complete 1 / 3 1 week ago
77517 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
No concrete, exploitable value-extraction path is visible in the runtime bytecode; value transfers are gated by a hardcoded owner check and a timelock condition, with no unprotected external calls, delegatecalls, or state writes that could be leveraged.
View stderr 
[codex:1482207] OpenAI Codex v0.77.0 (research preview)
[codex:1482207] --------
[codex:1482207] workdir: /tmp/codex-multi-ximg_5ue
[codex:1482207] model: gpt-5.2-codex
[codex:1482207] provider: openai
[codex:1482207] approval: never
[codex:1482207] sandbox: read-only
[codex:1482207] reasoning effort: xhigh
[codex:1482207] reasoning summaries: auto
[codex:1482207] session id: 019b8631-c522-72a0-80a3-4e148ffef275
[codex:1482207] --------
[codex:1482207] user
[codex:1482207] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:1482207] 
[codex:1482207] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:1482207] 
[codex:1482207] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:1482207] - Gas inefficiency, code quality, or best practices
[codex:1482207] - Theoretical vulnerabilities without a clear extraction path
[codex:1482207] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:1482207] - Issues requiring social engineering or off-chain coordination
[codex:1482207] 
[codex:1482207] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:1482207] - CALL/DELEGATECALL with controllable destination or calldata
[codex:1482207] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:1482207] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:1482207] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:1482207] - External calls before state updates (reentrancy)
[codex:1482207] - SELFDESTRUCT with controllable beneficiary
[codex:1482207] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:1482207] 
[codex:1482207] For each finding, you MUST explain:
[codex:1482207] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:1482207] 2. The concrete sequence of transactions to extract value
[codex:1482207] 3. Why you believe this is exploitable (not just suspicious)
[codex:1482207] 
[codex:1482207] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:1482207] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:1482207] 
[codex:1482207] Output MUST be valid JSON matching the provided schema.
[codex:1482207] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:1482207] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:1482207] mcp startup: no servers
[codex:1482207] 
[codex:1482207] thinking
[codex:1482207] **Opening file for reading**
[codex:1482207] exec
[codex:1482207] /bin/bash -lc ls in /tmp/codex-multi-ximg_5ue succeeded in 5ms:
[codex:1482207] BYTECODE_BUNDLE.txt
[codex:1482207] codex-output-schema.json
[codex:1482207] exec
[codex:1482207] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-ximg_5ue succeeded in 5ms:
[codex:1482207] Runtime bytecode bundle for best-effort auditing.
[codex:1482207] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:1482207] 
[codex:1482207] FILE: runtime_bytecode.hex
[codex:1482207] 0x608060405260043610610058575f3560e01c8063251c1aa314610063578063602bc62b1461008d5780636e947298146100b757806389476069146100e15780638da5cb5b14610109578063e086e5ec146101335761005f565b3661005f57005b5f5ffd5b34801561006e575f5ffd5b50610077610149565b604051610084919061053f565b60405180910390f35b348015610098575f5ffd5b506100a161016d565b6040516100ae919061053f565b60405180910390f35b3480156100c2575f5ffd5b506100cb610194565b6040516100d8919061053f565b60405180910390f35b3480156100ec575f5ffd5b50610107600480360381019061010291906105b6565b61019b565b005b348015610114575f5ffd5b5061011d6103ac565b60405161012a91906105f0565b60405180910390f35b34801561013e575f5ffd5b506101476103d0565b005b7f0000000000000000000000000000000000000000000000000000000069440fe781565b5f7f0000000000000000000000000000000000000000000000000000000069440fe7905090565b5f47905090565b7f000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a46473ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610229576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161022090610663565b60405180910390fd5b7f0000000000000000000000000000000000000000000000000000000069440fe742101561028c576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610283906106cb565b60405180910390fd5b5f8190505f8173ffffffffffffffffffffffffffffffffffffffff166370a08231306040518263ffffffff1660e01b81526004016102ca91906105f0565b602060405180830381865afa1580156102e5573d5f5f3e3d5ffd5b505050506040513d601f19601f820116820180604052508101906103099190610713565b90508173ffffffffffffffffffffffffffffffffffffffff1663a9059cbb7f000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464836040518363ffffffff1660e01b815260040161036692919061073e565b6020604051808303815f875af1158015610382573d5f5f3e3d5ffd5b505050506040513d601f19601f820116820180604052508101906103a6919061079a565b50505050565b7f000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a46481565b7f000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a46473ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461045e576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161045590610663565b60405180910390fd5b7f0000000000000000000000000000000000000000000000000000000069440fe74210156104c1576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016104b8906106cb565b60405180910390fd5b7f000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a46473ffffffffffffffffffffffffffffffffffffffff166108fc4790811502906040515f60405180830381858888f19350505050158015610524573d5f5f3e3d5ffd5b50565b5f819050919050565b61053981610527565b82525050565b5f6020820190506105525f830184610530565b92915050565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f6105858261055c565b9050919050565b6105958161057b565b811461059f575f5ffd5b50565b5f813590506105b08161058c565b92915050565b5f602082840312156105cb576105ca610558565b5b5f6105d8848285016105a2565b91505092915050565b6105ea8161057b565b82525050565b5f6020820190506106035f8301846105e1565b92915050565b5f82825260208201905092915050565b7f4e6f7420746865206f776e6572000000000000000000000000000000000000005f82015250565b5f61064d600d83610609565b915061065882610619565b602082019050919050565b5f6020820190508181035f83015261067a81610641565b9050919050565b7f5374696c6c206c6f636b656400000000000000000000000000000000000000005f82015250565b5f6106b5600c83610609565b91506106c082610681565b602082019050919050565b5f6020820190508181035f8301526106e2816106a9565b9050919050565b6106f281610527565b81146106fc575f5ffd5b50565b5f8151905061070d816106e9565b92915050565b5f6020828403121561072857610727610558565b5b5f610735848285016106ff565b91505092915050565b5f6040820190506107515f8301856105e1565b61075e6020830184610530565b9392505050565b5f8115159050919050565b61077981610765565b8114610783575f5ffd5b50565b5f8151905061079481610770565b92915050565b5f602082840312156107af576107ae610558565b5b5f6107bc84828501610786565b9150509291505056fea2646970667358221220f15c1c9cb1d4f556419bf4401c8fb3c0f33f5d583ee9672dcd03f439f4c9db5364736f6c634300081e0033
[codex:1482207] 
[codex:1482207] 
[codex:1482207] thinking
[codex:1482207] **Analyzing bytecode for exploit potential**
[codex:1482207] 
[codex:1482207] I'm examining key function selectors in the bytecode, decoding their behavior to understand owner checks, timelocks, and token or ETH withdrawal logic. After detailed walkthroughs of conditions, especially timelock comparisons and owner verification, I find no apparent bypass or exploitable path; the contract uses hardcoded owner addresses and typical safety checks. I'll summarize this with a JSON output stating no findings and a brief summary.
[codex:1482207] thinking
[codex:1482207] **Finalizing analysis results**
[codex:1482207] 
[codex:1482207] I'm confirming that all critical functions enforce owner and timelock restrictions without storage or proxy patterns, so no exploitable conditions appear. I'll produce the required JSON output with a clear summary stating no exploit paths were found and an empty findings list.
[codex:1482207] codex
[codex:1482207] {"no_findings":true,"summary":"No concrete, exploitable value-extraction path is visible in the runtime bytecode; value transfers are gated by a hardcoded owner check and a timelock condition, with no unprotected external calls, delegatecalls, or state writes that could be leveraged.","findings":[]}
[codex:1482207] tokens used
[codex:1482207] 12,510
[codex:1482207] {"no_findings":true,"summary":"No concrete, exploitable value-extraction path is visible in the runtime bytecode; value transfers are gated by a hardcoded owner check and a timelock condition, with no unprotected external calls, delegatecalls, or state writes that could be leveraged.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-03T23:31:13.322429+00:00",
        "returncode": 0
    },
    "summary": "No concrete, exploitable value-extraction path is visible in the runtime bytecode; value transfers are gated by a hardcoded owner check and a timelock condition, with no unprotected external calls, delegatecalls, or state writes that could be leveraged.",
    "raw_final": {
        "summary": "No concrete, exploitable value-extraction path is visible in the runtime bytecode; value transfers are gated by a hardcoded owner check and a timelock condition, with no unprotected external calls, delegatecalls, or state writes that could be leveraged.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
1
CALL-family (heavy)
4
EXT*/BALANCE
1
Total opcodes
1052
Flags
delegatecall_present create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0058
0000000c: JUMPI
0000000d: PUSH0
0000000e: CALLDATALOAD
0000000f: PUSH1 0xe0
00000011: SHR
00000012: DUP1
00000013: PUSH4 0x251c1aa3
00000018: EQ
00000019: PUSH2 0x0063
0000001c: JUMPI
0000001d: DUP1
0000001e: PUSH4 0x602bc62b
00000023: EQ
00000024: PUSH2 0x008d
00000027: JUMPI
00000028: DUP1
00000029: PUSH4 0x6e947298
0000002e: EQ
0000002f: PUSH2 0x00b7
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0x89476069
00000039: EQ
0000003a: PUSH2 0x00e1
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0x8da5cb5b
00000044: EQ
00000045: PUSH2 0x0109
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0xe086e5ec
0000004f: EQ
00000050: PUSH2 0x0133
00000053: JUMPI
00000054: PUSH2 0x005f
00000057: JUMP
00000058: JUMPDEST
00000059: CALLDATASIZE
0000005a: PUSH2 0x005f
0000005d: JUMPI
0000005e: STOP
0000005f: JUMPDEST
00000060: PUSH0
00000061: PUSH0
00000062: REVERT
00000063: JUMPDEST
00000064: CALLVALUE
00000065: DUP1
00000066: ISZERO
00000067: PUSH2 0x006e
0000006a: JUMPI
0000006b: PUSH0
0000006c: PUSH0
0000006d: REVERT
0000006e: JUMPDEST
0000006f: POP
00000070: PUSH2 0x0077
00000073: PUSH2 0x0149
00000076: JUMP
00000077: JUMPDEST
00000078: PUSH1 0x40
0000007a: MLOAD
0000007b: PUSH2 0x0084
0000007e: SWAP2
0000007f: SWAP1
00000080: PUSH2 0x053f
00000083: JUMP
00000084: JUMPDEST
00000085: PUSH1 0x40
00000087: MLOAD
00000088: DUP1
00000089: SWAP2
0000008a: SUB
0000008b: SWAP1
0000008c: RETURN
0000008d: JUMPDEST
0000008e: CALLVALUE
0000008f: DUP1
00000090: ISZERO
00000091: PUSH2 0x0098
00000094: JUMPI
00000095: PUSH0
00000096: PUSH0
00000097: REVERT
00000098: JUMPDEST
00000099: POP
0000009a: PUSH2 0x00a1
0000009d: PUSH2 0x016d
000000a0: JUMP
000000a1: JUMPDEST
000000a2: PUSH1 0x40
000000a4: MLOAD
000000a5: PUSH2 0x00ae
000000a8: SWAP2
000000a9: SWAP1
000000aa: PUSH2 0x053f
000000ad: JUMP
000000ae: JUMPDEST
000000af: PUSH1 0x40
000000b1: MLOAD
000000b2: DUP1
000000b3: SWAP2
000000b4: SUB
000000b5: SWAP1
000000b6: RETURN
000000b7: JUMPDEST
000000b8: CALLVALUE
000000b9: DUP1
000000ba: ISZERO
000000bb: PUSH2 0x00c2
000000be: JUMPI
000000bf: PUSH0
000000c0: PUSH0
000000c1: REVERT
000000c2: JUMPDEST
000000c3: POP
000000c4: PUSH2 0x00cb
000000c7: PUSH2 0x0194
000000ca: JUMP
000000cb: JUMPDEST
000000cc: PUSH1 0x40
000000ce: MLOAD
000000cf: PUSH2 0x00d8
000000d2: SWAP2
000000d3: SWAP1
000000d4: PUSH2 0x053f
000000d7: JUMP
000000d8: JUMPDEST
000000d9: PUSH1 0x40
000000db: MLOAD
000000dc: DUP1
000000dd: SWAP2
000000de: SUB
000000df: SWAP1
000000e0: RETURN
000000e1: JUMPDEST
000000e2: CALLVALUE
000000e3: DUP1
000000e4: ISZERO
000000e5: PUSH2 0x00ec
000000e8: JUMPI
000000e9: PUSH0
000000ea: PUSH0
000000eb: REVERT
000000ec: JUMPDEST
000000ed: POP
000000ee: PUSH2 0x0107
000000f1: PUSH1 0x04
000000f3: DUP1
000000f4: CALLDATASIZE
000000f5: SUB
000000f6: DUP2
000000f7: ADD
000000f8: SWAP1
000000f9: PUSH2 0x0102
000000fc: SWAP2
000000fd: SWAP1
000000fe: PUSH2 0x05b6
00000101: JUMP
00000102: JUMPDEST
00000103: PUSH2 0x019b
00000106: JUMP
00000107: JUMPDEST
00000108: STOP
00000109: JUMPDEST
0000010a: CALLVALUE
0000010b: DUP1
0000010c: ISZERO
0000010d: PUSH2 0x0114
00000110: JUMPI
00000111: PUSH0
00000112: PUSH0
00000113: REVERT
00000114: JUMPDEST
00000115: POP
00000116: PUSH2 0x011d
00000119: PUSH2 0x03ac
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH1 0x40
00000120: MLOAD
00000121: PUSH2 0x012a
00000124: SWAP2
00000125: SWAP1
00000126: PUSH2 0x05f0
00000129: JUMP
0000012a: JUMPDEST
0000012b: PUSH1 0x40
0000012d: MLOAD
0000012e: DUP1
0000012f: SWAP2
00000130: SUB
00000131: SWAP1
00000132: RETURN
00000133: JUMPDEST
00000134: CALLVALUE
00000135: DUP1
00000136: ISZERO
00000137: PUSH2 0x013e
0000013a: JUMPI
0000013b: PUSH0
0000013c: PUSH0
0000013d: REVERT
0000013e: JUMPDEST
0000013f: POP
00000140: PUSH2 0x0147
00000143: PUSH2 0x03d0
00000146: JUMP
00000147: JUMPDEST
00000148: STOP
00000149: JUMPDEST
0000014a: PUSH32 0x0000000000000000000000000000000000000000000000000000000069440fe7
0000016b: DUP2
0000016c: JUMP
0000016d: JUMPDEST
0000016e: PUSH0
0000016f: PUSH32 0x0000000000000000000000000000000000000000000000000000000069440fe7
00000190: SWAP1
00000191: POP
00000192: SWAP1
00000193: JUMP
00000194: JUMPDEST
00000195: PUSH0
00000196: SELFBALANCE
00000197: SWAP1
00000198: POP
00000199: SWAP1
0000019a: JUMP
0000019b: JUMPDEST
0000019c: PUSH32 0x000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464
000001bd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d2: AND
000001d3: CALLER
000001d4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001e9: AND
000001ea: EQ
000001eb: PUSH2 0x0229
000001ee: JUMPI
000001ef: PUSH1 0x40
000001f1: MLOAD
000001f2: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000213: DUP2
00000214: MSTORE
00000215: PUSH1 0x04
00000217: ADD
00000218: PUSH2 0x0220
0000021b: SWAP1
0000021c: PUSH2 0x0663
0000021f: JUMP
00000220: JUMPDEST
00000221: PUSH1 0x40
00000223: MLOAD
00000224: DUP1
00000225: SWAP2
00000226: SUB
00000227: SWAP1
00000228: REVERT
00000229: JUMPDEST
0000022a: PUSH32 0x0000000000000000000000000000000000000000000000000000000069440fe7
0000024b: TIMESTAMP
0000024c: LT
0000024d: ISZERO
0000024e: PUSH2 0x028c
00000251: JUMPI
00000252: PUSH1 0x40
00000254: MLOAD
00000255: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000276: DUP2
00000277: MSTORE
00000278: PUSH1 0x04
0000027a: ADD
0000027b: PUSH2 0x0283
0000027e: SWAP1
0000027f: PUSH2 0x06cb
00000282: JUMP
00000283: JUMPDEST
00000284: PUSH1 0x40
00000286: MLOAD
00000287: DUP1
00000288: SWAP2
00000289: SUB
0000028a: SWAP1
0000028b: REVERT
0000028c: JUMPDEST
0000028d: PUSH0
0000028e: DUP2
0000028f: SWAP1
00000290: POP
00000291: PUSH0
00000292: DUP2
00000293: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002a8: AND
000002a9: PUSH4 0x70a08231
000002ae: ADDRESS
000002af: PUSH1 0x40
000002b1: MLOAD
000002b2: DUP3
000002b3: PUSH4 0xffffffff
000002b8: AND
000002b9: PUSH1 0xe0
000002bb: SHL
000002bc: DUP2
000002bd: MSTORE
000002be: PUSH1 0x04
000002c0: ADD
000002c1: PUSH2 0x02ca
000002c4: SWAP2
000002c5: SWAP1
000002c6: PUSH2 0x05f0
000002c9: JUMP
000002ca: JUMPDEST
000002cb: PUSH1 0x20
000002cd: PUSH1 0x40
000002cf: MLOAD
000002d0: DUP1
000002d1: DUP4
000002d2: SUB
000002d3: DUP2
000002d4: DUP7
000002d5: GAS
000002d6: STATICCALL
000002d7: ISZERO
000002d8: DUP1
000002d9: ISZERO
000002da: PUSH2 0x02e5
000002dd: JUMPI
000002de: RETURNDATASIZE
000002df: PUSH0
000002e0: PUSH0
000002e1: RETURNDATACOPY
000002e2: RETURNDATASIZE
000002e3: PUSH0
000002e4: REVERT
000002e5: JUMPDEST
000002e6: POP
000002e7: POP
000002e8: POP
000002e9: POP
000002ea: PUSH1 0x40
000002ec: MLOAD
000002ed: RETURNDATASIZE
000002ee: PUSH1 0x1f
000002f0: NOT
000002f1: PUSH1 0x1f
000002f3: DUP3
000002f4: ADD
000002f5: AND
000002f6: DUP3
000002f7: ADD
000002f8: DUP1
000002f9: PUSH1 0x40
000002fb: MSTORE
000002fc: POP
000002fd: DUP2
000002fe: ADD
000002ff: SWAP1
00000300: PUSH2 0x0309
00000303: SWAP2
00000304: SWAP1
00000305: PUSH2 0x0713
00000308: JUMP
00000309: JUMPDEST
0000030a: SWAP1
0000030b: POP
0000030c: DUP2
0000030d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000322: AND
00000323: PUSH4 0xa9059cbb
00000328: PUSH32 0x000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464
00000349: DUP4
0000034a: PUSH1 0x40
0000034c: MLOAD
0000034d: DUP4
0000034e: PUSH4 0xffffffff
00000353: AND
00000354: PUSH1 0xe0
00000356: SHL
00000357: DUP2
00000358: MSTORE
00000359: PUSH1 0x04
0000035b: ADD
0000035c: PUSH2 0x0366
0000035f: SWAP3
00000360: SWAP2
00000361: SWAP1
00000362: PUSH2 0x073e
00000365: JUMP
00000366: JUMPDEST
00000367: PUSH1 0x20
00000369: PUSH1 0x40
0000036b: MLOAD
0000036c: DUP1
0000036d: DUP4
0000036e: SUB
0000036f: DUP2
00000370: PUSH0
00000371: DUP8
00000372: GAS
00000373: CALL
00000374: ISZERO
00000375: DUP1
00000376: ISZERO
00000377: PUSH2 0x0382
0000037a: JUMPI
0000037b: RETURNDATASIZE
0000037c: PUSH0
0000037d: PUSH0
0000037e: RETURNDATACOPY
0000037f: RETURNDATASIZE
00000380: PUSH0
00000381: REVERT
00000382: JUMPDEST
00000383: POP
00000384: POP
00000385: POP
00000386: POP
00000387: PUSH1 0x40
00000389: MLOAD
0000038a: RETURNDATASIZE
0000038b: PUSH1 0x1f
0000038d: NOT
0000038e: PUSH1 0x1f
00000390: DUP3
00000391: ADD
00000392: AND
00000393: DUP3
00000394: ADD
00000395: DUP1
00000396: PUSH1 0x40
00000398: MSTORE
00000399: POP
0000039a: DUP2
0000039b: ADD
0000039c: SWAP1
0000039d: PUSH2 0x03a6
000003a0: SWAP2
000003a1: SWAP1
000003a2: PUSH2 0x079a
000003a5: JUMP
000003a6: JUMPDEST
000003a7: POP
000003a8: POP
000003a9: POP
000003aa: POP
000003ab: JUMP
000003ac: JUMPDEST
000003ad: PUSH32 0x000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464
000003ce: DUP2
000003cf: JUMP
000003d0: JUMPDEST
000003d1: PUSH32 0x000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464
000003f2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000407: AND
00000408: CALLER
00000409: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000041e: AND
0000041f: EQ
00000420: PUSH2 0x045e
00000423: JUMPI
00000424: PUSH1 0x40
00000426: MLOAD
00000427: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000448: DUP2
00000449: MSTORE
0000044a: PUSH1 0x04
0000044c: ADD
0000044d: PUSH2 0x0455
00000450: SWAP1
00000451: PUSH2 0x0663
00000454: JUMP
00000455: JUMPDEST
00000456: PUSH1 0x40
00000458: MLOAD
00000459: DUP1
0000045a: SWAP2
0000045b: SUB
0000045c: SWAP1
0000045d: REVERT
0000045e: JUMPDEST
0000045f: PUSH32 0x0000000000000000000000000000000000000000000000000000000069440fe7
00000480: TIMESTAMP
00000481: LT
00000482: ISZERO
00000483: PUSH2 0x04c1
00000486: JUMPI
00000487: PUSH1 0x40
00000489: MLOAD
0000048a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000004ab: DUP2
000004ac: MSTORE
000004ad: PUSH1 0x04
000004af: ADD
000004b0: PUSH2 0x04b8
000004b3: SWAP1
000004b4: PUSH2 0x06cb
000004b7: JUMP
000004b8: JUMPDEST
000004b9: PUSH1 0x40
000004bb: MLOAD
000004bc: DUP1
000004bd: SWAP2
000004be: SUB
000004bf: SWAP1
000004c0: REVERT
000004c1: JUMPDEST
000004c2: PUSH32 0x000000000000000000000000b7fc8401e12a2dc2431085eb3318e289e9a8a464
000004e3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004f8: AND
000004f9: PUSH2 0x08fc
000004fc: SELFBALANCE
000004fd: SWAP1
000004fe: DUP2
000004ff: ISZERO
00000500: MUL
00000501: SWAP1
00000502: PUSH1 0x40
00000504: MLOAD
00000505: PUSH0
00000506: PUSH1 0x40
00000508: MLOAD
00000509: DUP1
0000050a: DUP4
0000050b: SUB
0000050c: DUP2
0000050d: DUP6
0000050e: DUP9
0000050f: DUP9
00000510: CALL
00000511: SWAP4
00000512: POP
00000513: POP
00000514: POP
00000515: POP
00000516: ISZERO
00000517: DUP1
00000518: ISZERO
00000519: PUSH2 0x0524
0000051c: JUMPI
0000051d: RETURNDATASIZE
0000051e: PUSH0
0000051f: PUSH0
00000520: RETURNDATACOPY
00000521: RETURNDATASIZE
00000522: PUSH0
00000523: REVERT
00000524: JUMPDEST
00000525: POP
00000526: JUMP
00000527: JUMPDEST
00000528: PUSH0
00000529: DUP2
0000052a: SWAP1
0000052b: POP
0000052c: SWAP2
0000052d: SWAP1
0000052e: POP
0000052f: JUMP
00000530: JUMPDEST
00000531: PUSH2 0x0539
00000534: DUP2
00000535: PUSH2 0x0527
00000538: JUMP
00000539: JUMPDEST
0000053a: DUP3
0000053b: MSTORE
0000053c: POP
0000053d: POP
0000053e: JUMP
0000053f: JUMPDEST
00000540: PUSH0
00000541: PUSH1 0x20
00000543: DUP3
00000544: ADD
00000545: SWAP1
00000546: POP
00000547: PUSH2 0x0552
0000054a: PUSH0
0000054b: DUP4
0000054c: ADD
0000054d: DUP5
0000054e: PUSH2 0x0530
00000551: JUMP
00000552: JUMPDEST
00000553: SWAP3
00000554: SWAP2
00000555: POP
00000556: POP
00000557: JUMP
00000558: JUMPDEST
00000559: PUSH0
0000055a: PUSH0
0000055b: REVERT
0000055c: JUMPDEST
0000055d: PUSH0
0000055e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000573: DUP3
00000574: AND
00000575: SWAP1
00000576: POP
00000577: SWAP2
00000578: SWAP1
00000579: POP
0000057a: JUMP
0000057b: JUMPDEST
0000057c: PUSH0
0000057d: PUSH2 0x0585
00000580: DUP3
00000581: PUSH2 0x055c
00000584: JUMP
00000585: JUMPDEST
00000586: SWAP1
00000587: POP
00000588: SWAP2
00000589: SWAP1
0000058a: POP
0000058b: JUMP
0000058c: JUMPDEST
0000058d: PUSH2 0x0595
00000590: DUP2
00000591: PUSH2 0x057b
00000594: JUMP
00000595: JUMPDEST
00000596: DUP2
00000597: EQ
00000598: PUSH2 0x059f
0000059b: JUMPI
0000059c: PUSH0
0000059d: PUSH0
0000059e: REVERT
0000059f: JUMPDEST
000005a0: POP
000005a1: JUMP
000005a2: JUMPDEST
000005a3: PUSH0
000005a4: DUP2
000005a5: CALLDATALOAD
000005a6: SWAP1
000005a7: POP
000005a8: PUSH2 0x05b0
000005ab: DUP2
000005ac: PUSH2 0x058c
000005af: JUMP
000005b0: JUMPDEST
000005b1: SWAP3
000005b2: SWAP2
000005b3: POP
000005b4: POP
000005b5: JUMP
000005b6: JUMPDEST
000005b7: PUSH0
000005b8: PUSH1 0x20
000005ba: DUP3
000005bb: DUP5
000005bc: SUB
000005bd: SLT
000005be: ISZERO
000005bf: PUSH2 0x05cb
000005c2: JUMPI
000005c3: PUSH2 0x05ca
000005c6: PUSH2 0x0558
000005c9: JUMP
000005ca: JUMPDEST
000005cb: JUMPDEST
000005cc: PUSH0
000005cd: PUSH2 0x05d8
000005d0: DUP5
000005d1: DUP3
000005d2: DUP6
000005d3: ADD
000005d4: PUSH2 0x05a2
000005d7: JUMP
000005d8: JUMPDEST
000005d9: SWAP2
000005da: POP
000005db: POP
000005dc: SWAP3
000005dd: SWAP2
000005de: POP
000005df: POP
000005e0: JUMP
000005e1: JUMPDEST
000005e2: PUSH2 0x05ea
000005e5: DUP2
000005e6: PUSH2 0x057b
000005e9: JUMP
000005ea: JUMPDEST
000005eb: DUP3
000005ec: MSTORE
000005ed: POP
000005ee: POP
000005ef: JUMP
000005f0: JUMPDEST
000005f1: PUSH0
000005f2: PUSH1 0x20
000005f4: DUP3
000005f5: ADD
000005f6: SWAP1
000005f7: POP
000005f8: PUSH2 0x0603
000005fb: PUSH0
000005fc: DUP4
000005fd: ADD
000005fe: DUP5
000005ff: PUSH2 0x05e1
00000602: JUMP
00000603: JUMPDEST
00000604: SWAP3
00000605: SWAP2
00000606: POP
00000607: POP
00000608: JUMP
00000609: JUMPDEST
0000060a: PUSH0
0000060b: DUP3
0000060c: DUP3
0000060d: MSTORE
0000060e: PUSH1 0x20
00000610: DUP3
00000611: ADD
00000612: SWAP1
00000613: POP
00000614: SWAP3
00000615: SWAP2
00000616: POP
00000617: POP
00000618: JUMP
00000619: JUMPDEST
0000061a: PUSH32 0x4e6f7420746865206f776e657200000000000000000000000000000000000000
0000063b: PUSH0
0000063c: DUP3
0000063d: ADD
0000063e: MSTORE
0000063f: POP
00000640: JUMP
00000641: JUMPDEST
00000642: PUSH0
00000643: PUSH2 0x064d
00000646: PUSH1 0x0d
00000648: DUP4
00000649: PUSH2 0x0609
0000064c: JUMP
0000064d: JUMPDEST
0000064e: SWAP2
0000064f: POP
00000650: PUSH2 0x0658
00000653: DUP3
00000654: PUSH2 0x0619
00000657: JUMP
00000658: JUMPDEST
00000659: PUSH1 0x20
0000065b: DUP3
0000065c: ADD
0000065d: SWAP1
0000065e: POP
0000065f: SWAP2
00000660: SWAP1
00000661: POP
00000662: JUMP
00000663: JUMPDEST
00000664: PUSH0
00000665: PUSH1 0x20
00000667: DUP3
00000668: ADD
00000669: SWAP1
0000066a: POP
0000066b: DUP2
0000066c: DUP2
0000066d: SUB
0000066e: PUSH0
0000066f: DUP4
00000670: ADD
00000671: MSTORE
00000672: PUSH2 0x067a
00000675: DUP2
00000676: PUSH2 0x0641
00000679: JUMP
0000067a: JUMPDEST
0000067b: SWAP1
0000067c: POP
0000067d: SWAP2
0000067e: SWAP1
0000067f: POP
00000680: JUMP
00000681: JUMPDEST
00000682: PUSH32 0x5374696c6c206c6f636b65640000000000000000000000000000000000000000
000006a3: PUSH0
000006a4: DUP3
000006a5: ADD
000006a6: MSTORE
000006a7: POP
000006a8: JUMP
000006a9: JUMPDEST
000006aa: PUSH0
000006ab: PUSH2 0x06b5
000006ae: PUSH1 0x0c
000006b0: DUP4
000006b1: PUSH2 0x0609
000006b4: JUMP
000006b5: JUMPDEST
000006b6: SWAP2
000006b7: POP
000006b8: PUSH2 0x06c0
000006bb: DUP3
000006bc: PUSH2 0x0681
000006bf: JUMP
000006c0: JUMPDEST
000006c1: PUSH1 0x20
000006c3: DUP3
000006c4: ADD
000006c5: SWAP1
000006c6: POP
000006c7: SWAP2
000006c8: SWAP1
000006c9: POP
000006ca: JUMP
000006cb: JUMPDEST
000006cc: PUSH0
000006cd: PUSH1 0x20
000006cf: DUP3
000006d0: ADD
000006d1: SWAP1
000006d2: POP
000006d3: DUP2
000006d4: DUP2
000006d5: SUB
000006d6: PUSH0
000006d7: DUP4
000006d8: ADD
000006d9: MSTORE
000006da: PUSH2 0x06e2
000006dd: DUP2
000006de: PUSH2 0x06a9
000006e1: JUMP
000006e2: JUMPDEST
000006e3: SWAP1
000006e4: POP
000006e5: SWAP2
000006e6: SWAP1
000006e7: POP
000006e8: JUMP
000006e9: JUMPDEST
000006ea: PUSH2 0x06f2
000006ed: DUP2
000006ee: PUSH2 0x0527
000006f1: JUMP
000006f2: JUMPDEST
000006f3: DUP2
000006f4: EQ
000006f5: PUSH2 0x06fc
000006f8: JUMPI
000006f9: PUSH0
000006fa: PUSH0
000006fb: REVERT
000006fc: JUMPDEST
000006fd: POP
000006fe: JUMP
000006ff: JUMPDEST
00000700: PUSH0
00000701: DUP2
00000702: MLOAD
00000703: SWAP1
00000704: POP
00000705: PUSH2 0x070d
00000708: DUP2
00000709: PUSH2 0x06e9
0000070c: JUMP
0000070d: JUMPDEST
0000070e: SWAP3
0000070f: SWAP2
00000710: POP
00000711: POP
00000712: JUMP
00000713: JUMPDEST
00000714: PUSH0
00000715: PUSH1 0x20
00000717: DUP3
00000718: DUP5
00000719: SUB
0000071a: SLT
0000071b: ISZERO
0000071c: PUSH2 0x0728
0000071f: JUMPI
00000720: PUSH2 0x0727
00000723: PUSH2 0x0558
00000726: JUMP
00000727: JUMPDEST
00000728: JUMPDEST
00000729: PUSH0
0000072a: PUSH2 0x0735
0000072d: DUP5
0000072e: DUP3
0000072f: DUP6
00000730: ADD
00000731: PUSH2 0x06ff
00000734: JUMP
00000735: JUMPDEST
00000736: SWAP2
00000737: POP
00000738: POP
00000739: SWAP3
0000073a: SWAP2
0000073b: POP
0000073c: POP
0000073d: JUMP
0000073e: JUMPDEST
0000073f: PUSH0
00000740: PUSH1 0x40
00000742: DUP3
00000743: ADD
00000744: SWAP1
00000745: POP
00000746: PUSH2 0x0751
00000749: PUSH0
0000074a: DUP4
0000074b: ADD
0000074c: DUP6
0000074d: PUSH2 0x05e1
00000750: JUMP
00000751: JUMPDEST
00000752: PUSH2 0x075e
00000755: PUSH1 0x20
00000757: DUP4
00000758: ADD
00000759: DUP5
0000075a: PUSH2 0x0530
0000075d: JUMP
0000075e: JUMPDEST
0000075f: SWAP4
00000760: SWAP3
00000761: POP
00000762: POP
00000763: POP
00000764: JUMP
00000765: JUMPDEST
00000766: PUSH0
00000767: DUP2
00000768: ISZERO
00000769: ISZERO
0000076a: SWAP1
0000076b: POP
0000076c: SWAP2
0000076d: SWAP1
0000076e: POP
0000076f: JUMP
00000770: JUMPDEST
00000771: PUSH2 0x0779
00000774: DUP2
00000775: PUSH2 0x0765
00000778: JUMP
00000779: JUMPDEST
0000077a: DUP2
0000077b: EQ
0000077c: PUSH2 0x0783
0000077f: JUMPI
00000780: PUSH0
00000781: PUSH0
00000782: REVERT
00000783: JUMPDEST
00000784: POP
00000785: JUMP
00000786: JUMPDEST
00000787: PUSH0
00000788: DUP2
00000789: MLOAD
0000078a: SWAP1
0000078b: POP
0000078c: PUSH2 0x0794
0000078f: DUP2
00000790: PUSH2 0x0770
00000793: JUMP
00000794: JUMPDEST
00000795: SWAP3
00000796: SWAP2
00000797: POP
00000798: POP
00000799: JUMP
0000079a: JUMPDEST
0000079b: PUSH0
0000079c: PUSH1 0x20
0000079e: DUP3
0000079f: DUP5
000007a0: SUB
000007a1: SLT
000007a2: ISZERO
000007a3: PUSH2 0x07af
000007a6: JUMPI
000007a7: PUSH2 0x07ae
000007aa: PUSH2 0x0558
000007ad: JUMP
000007ae: JUMPDEST
000007af: JUMPDEST
000007b0: PUSH0
000007b1: PUSH2 0x07bc
000007b4: DUP5
000007b5: DUP3
000007b6: DUP6
000007b7: ADD
000007b8: PUSH2 0x0786
000007bb: JUMP
000007bc: JUMPDEST
000007bd: SWAP2
000007be: POP
000007bf: POP
000007c0: SWAP3
000007c1: SWAP2
000007c2: POP
000007c3: POP
000007c4: JUMP
000007c5: INVALID
000007c6: LOG2
000007c7: PUSH5 0x6970667358
000007cd: UNKNOWN(0x22)
000007ce: SLT
000007cf: KECCAK256
000007d0: CALL
000007d1: TLOAD
000007d2: SHR
000007d3: SWAP13
000007d4: UNKNOWN(0xB1)
000007d5: UNKNOWN(0xD4)
000007d6: CREATE2
000007d7: JUMP
000007d8: COINBASE
000007d9: SWAP12
000007da: DELEGATECALL
000007db: BLOCKHASH
000007dc: SHR
000007dd: DUP16
000007de: UNKNOWN(0xB3)
000007df: UNKNOWN(0xC0)
000007e0: RETURN
000007e1: EXTCODEHASH
000007e2: TSTORE
000007e3: PC
000007e4: RETURNDATACOPY
000007e5: UNKNOWN(0xE9)
000007e6: PUSH8 0x2dcd03f439f4c9db
000007ef: MSTORE8
000007f0: PUSH5 0x736f6c6343
000007f6: STOP
000007f7: ADDMOD
000007f8: CLZ
000007f9: STOP
000007fa: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x5fcf0bc42284ea3d16e8a525b47f2af0a4d9af619f6ac2fe014b4f2cd2f7a5e7
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 72,
    "trace_id": "0x5fcf0bc42284ea3d16e8a525b47f2af0a4d9af619f6ac2fe014b4f2cd2f7a5e7",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x251c1aa3",
            "selector": "0x251c1aa3",
            "calldata_variants": [
                "0x251c1aa3",
                "0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x602bc62b",
            "selector": "0x602bc62b",
            "calldata_variants": [
                "0x602bc62b",
                "0x602bc62b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e947298",
            "selector": "0x6e947298",
            "calldata_variants": [
                "0x6e947298",
                "0x6e9472980000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x89476069",
            "selector": "0x89476069",
            "calldata_variants": [
                "0x89476069",
                "0x894760690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe086e5ec",
            "selector": "0xe086e5ec",
            "calldata_variants": [
                "0xe086e5ec",
                "0xe086e5ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 2010,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 467,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1032,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0xa4fe51f313f10bf7a126da0ae35003199c39891d363195ecbb389f9d6b1e9a2a
call_targets: 0x046dd36dfd03c2e604fc4cd927a508770486cce4
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xa4fe51f313f10bf7a126da0ae35003199c39891d363195ecbb389f9d6b1e9a2a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x046dd36dfd03c2e604fc4cd927a508770486cce4"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x251c1aa3",
            "selector": "0x251c1aa3",
            "calldata_variants": [
                "0x251c1aa3",
                "0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x602bc62b",
            "selector": "0x602bc62b",
            "calldata_variants": [
                "0x602bc62b",
                "0x602bc62b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e947298",
            "selector": "0x6e947298",
            "calldata_variants": [
                "0x6e947298",
                "0x6e9472980000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x89476069",
            "selector": "0x89476069",
            "calldata_variants": [
                "0x89476069",
                "0x894760690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe086e5ec",
            "selector": "0xe086e5ec",
            "calldata_variants": [
                "0xe086e5ec",
                "0xe086e5ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 883,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1296,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 2000,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [
        {
            "pc": 467,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1032,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 3
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0xa4fe51f313f10bf7a126da0ae35003199c39891d363195ecbb389f9d6b1e9a2a
call_targets: 0x046dd36dfd03c2e604fc4cd927a508770486cce4
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xa4fe51f313f10bf7a126da0ae35003199c39891d363195ecbb389f9d6b1e9a2a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x046dd36dfd03c2e604fc4cd927a508770486cce4"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x251c1aa3",
            "selector": "0x251c1aa3",
            "calldata_variants": [
                "0x251c1aa3",
                "0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x602bc62b",
            "selector": "0x602bc62b",
            "calldata_variants": [
                "0x602bc62b",
                "0x602bc62b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e947298",
            "selector": "0x6e947298",
            "calldata_variants": [
                "0x6e947298",
                "0x6e9472980000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x89476069",
            "selector": "0x89476069",
            "calldata_variants": [
                "0x89476069",
                "0x894760690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe086e5ec",
            "selector": "0xe086e5ec",
            "calldata_variants": [
                "0xe086e5ec",
                "0xe086e5ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 883,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1296,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 2000,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": [
        {
            "pc": 467,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1032,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0xb9e8324773db6b2dd7df21ea18c3aa3d87365b55c6aaeb7832799eb62622e370
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0xb9e8324773db6b2dd7df21ea18c3aa3d87365b55c6aaeb7832799eb62622e370",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x251c1aa3",
            "selector": "0x251c1aa3",
            "calldata_variants": [
                "0x251c1aa3",
                "0x251c1aa30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x602bc62b",
            "selector": "0x602bc62b",
            "calldata_variants": [
                "0x602bc62b",
                "0x602bc62b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6e947298",
            "selector": "0x6e947298",
            "calldata_variants": [
                "0x6e947298",
                "0x6e9472980000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x89476069",
            "selector": "0x89476069",
            "calldata_variants": [
                "0x89476069",
                "0x894760690000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe086e5ec",
            "selector": "0xe086e5ec",
            "calldata_variants": [
                "0xe086e5ec",
                "0xe086e5ec0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 0,
    "create2_count": 1
}
low other cast Contract creation opcode present 60 no
view
evidence_json 
{
    "notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
    "create_count": 0,
    "create2_count": 1
}