9e32300e-1613-44d6-b67d-60f3dfe1279c
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31779 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 96097 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 96098 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 96099 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 96100 | capability.graph | complete | 1 / 3 | 1 week ago |
| 96101 | detector.run | complete | 1 / 3 | 1 week ago |
| 96102 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:399885] OpenAI Codex v0.77.0 (research preview)
[codex:399885] --------
[codex:399885] workdir: /tmp/codex-multi-bq9zvlr8
[codex:399885] model: gpt-5.2-codex
[codex:399885] provider: openai
[codex:399885] approval: never
[codex:399885] sandbox: read-only
[codex:399885] reasoning effort: xhigh
[codex:399885] reasoning summaries: auto
[codex:399885] session id: 019b9009-c73d-7c20-adbb-2a53e9f9ebc5
[codex:399885] --------
[codex:399885] user
[codex:399885] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:399885]
[codex:399885] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:399885]
[codex:399885] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:399885] - Gas inefficiency, code quality, or best practices
[codex:399885] - Theoretical vulnerabilities without a clear extraction path
[codex:399885] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:399885] - Issues requiring social engineering or off-chain coordination
[codex:399885]
[codex:399885] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:399885] - CALL/DELEGATECALL with controllable destination or calldata
[codex:399885] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:399885] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:399885] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:399885] - External calls before state updates (reentrancy)
[codex:399885] - SELFDESTRUCT with controllable beneficiary
[codex:399885] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:399885]
[codex:399885] For each finding, you MUST explain:
[codex:399885] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:399885] 2. The concrete sequence of transactions to extract value
[codex:399885] 3. Why you believe this is exploitable (not just suspicious)
[codex:399885]
[codex:399885] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:399885] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:399885]
[codex:399885] Output MUST be valid JSON matching the provided schema.
[codex:399885] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:399885] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:399885] mcp startup: no servers
[codex:399885]
[codex:399885] thinking
[codex:399885] **Searching for bytecode files**
[codex:399885] exec
[codex:399885] /bin/bash -lc ls in /tmp/codex-multi-bq9zvlr8 succeeded in 5ms:
[codex:399885] BYTECODE_BUNDLE.txt
[codex:399885] codex-output-schema.json
[codex:399885]
[codex:399885] thinking
[codex:399885] **Reading file contents**
[codex:399885] exec
[codex:399885] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-bq9zvlr8 succeeded in 6ms:
[codex:399885] Runtime bytecode bundle for best-effort auditing.
[codex:399885] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:399885]
[codex:399885] FILE: runtime_bytecode.hex
[codex:399885] 0x608060405260043610610099576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806327d7874c146100a85780632ca15122146100eb5780633ccfd067146101025780634bc935d71461012f5780634e0a3379146101c957806393a2f9c71461020c578063d0cff12f146102a6578063d0e30db0146102f3578063eb3aa5f1146102fd575b600015156100a657600080fd5b005b3480156100b457600080fd5b506100e9600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919050505061032a565b005b3480156100f757600080fd5b506101006103c8565b005b34801561010e57600080fd5b5061012d60048036038101908080359060200190929190505050610584565b005b34801561013b57600080fd5b506101af600480360381019080803590602001908201803590602001908080602002602001604051908101604052809392919081815260200183836020028082843782019150505050505091929192908035600019169060200190929190803560001916906020019092919050505061058e565b604051808215151515815260200191505060405180910390f35b3480156101d557600080fd5b5061020a600480360381019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610731565b005b34801561021857600080fd5b506102a4600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291908035906020019092919080359060200190929190803590602001908201803590602001908080602002602001604051908101604052809392919081815260200183836020028082843782019150505050505091929192905050506107d0565b005b3480156102b257600080fd5b506102f1600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610c39565b005b6102fb610cdf565b005b34801561030957600080fd5b5061032860048036038101908080359060200190929190505050610d8f565b005b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614151561038557600080fd5b806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b600080600660003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205491506003546104238342610df590919063ffffffff16565b1015151561043057600080fd5b6104836001600560003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054610e0e90919063ffffffff16565b905042600660003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000208190555080600560003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f6606a8bb80a4c7f8f56d2eb4774e6b48ad1d979612a8c130bc4c80538175a08d338242604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001838152602001828152602001935050505060405180910390a15050565b8060038190555050565b600080600080849250600091505b865182101561071a5786828151811015156105b357fe5b9060200190602002015190508060001916836000191610156106705782816040516020018083600019166000191681526020018260001916600019168152602001925050506040516020818303038152906040526040518082805190602001908083835b60208310151561063c5780518252602082019150602081019050602083039250610617565b6001836020036101000a0380198251168184511680821785525050505050509050019150506040518091039020925061070d565b80836040516020018083600019166000191681526020018260001916600019168152602001925050506040516020818303038152906040526040518082805190602001908083835b6020831015156106dd57805182526020820191506020810190506020830392506106b8565b6001836020036101000a038019825116818451168082178552505050505050905001915050604051809103902092505b818060010192505061059c565b856000191683600019161493505050509392505050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614151561078c57600080fd5b80600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b600080600080600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614151561083257600080fd5b60008711151561084157600080fd5b8560405160200180807f77697468647261770000000000000000000000000000000000000000000000008152506008018281526020019150506040516020818303038152906040526040518082805190602001908083835b6020831015156108be5780518252602082019150602081019050602083039250610899565b6001836020036101000a03801982511681845116808217855250505050505090500191505060405180910390209150600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166354f6127f836040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018082600019166000191681526020019150506040805180830381600087803b15801561098557600080fd5b505af1158015610999573d6000803e3d6000fd5b505050506040513d60408110156109af57600080fd5b81019080805190602001909291908051906020019092919050505080945081955050508787604051602001808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166c01000000000000000000000000028152601401828152602001925050506040516020818303038152906040526040518082805190602001908083835b602083101515610a6a5780518252602082019150602081019050602083039250610a45565b6001836020036101000a03801982511681845116808217855250505050505090500191505060405180910390209050831515610aa557600080fd5b610ab085848361058e565b1515610abb57600080fd5b60006004600085600019166000191681526020019081526020016000206000836000191660001916815260200190815260200160002054141515610afe57600080fd5b8773ffffffffffffffffffffffffffffffffffffffff166108fc889081150290604051600060405180830381858888f19350505050158015610b44573d6000803e3d6000fd5b50600160046000856000191660001916815260200190815260200160002060008360001916600019168152602001908152602001600020600082825401925050819055507ff341246adaac6f497bc2a656f546ab9e182111d630394f0c57c710a59a2cb56730898989604051808573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200183815260200182815260200194505050505060405180910390a15050505050505050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16141515610c9457600080fd5b8173ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f19350505050158015610cda573d6000803e3d6000fd5b505050565b600034111515610cee57600080fd5b7f5548c837ab068cf56a2c2479df0882a4922fd203edb7517321831d95078c5f62333034604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001828152602001935050505060405180910390a1565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16141515610deb57600080fd5b8060038190555050565b6000828211151515610e0357fe5b818303905092915050565b6000808284019050838110151515610e2257fe5b80915050929150505600a165627a7a72305820175b854fdfbbf1640f4c392a5f4c0edf58b638ad059d014517630e83500779d90029
[codex:399885]
[codex:399885] thinking
[codex:399885] **Decoding and analyzing EVM bytecode for exploits**
[codex:399885]
[codex:399885] I'm parsing the bytecode to identify function selectors, map storage slots, and understand contract logic. My goal is to detect any clear profit-driven exploits like unprotected calls or reentrancy by interpreting key functions and their storage checks. Since the environment is read-only, I'll write a Python script inline to disassemble opcodes and analyze contract behavior without external tools.
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] # extract hex after 0x
[codex:399885] m=re.search(r'0x[0-9a-fA-F]+', code)
[codex:399885] hexstr=m.group(0)[2:]
[codex:399885] # remove metadata? ignore
[codex:399885] # disassemble
[codex:399885] opcodes=[
[codex:399885] 'STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND',
[codex:399885] 'LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR',
[codex:399885] 'SHA3',
[codex:399885] ]
[codex:399885] # 0x20..0x2f
[codex:399885] for i in range(0x20,0x30):
[codex:399885] opcodes.append(f'OP{i:02x}')
[codex:399885] # 0x30..0x3f
[codex:399885] ops30=['ADDRESS','BALANCE','ORIGIN','CALLER','CALLVALUE','CALLDATALOAD','CALLDATASIZE','CALLDATACOPY','CODESIZE','CODECOPY','GASPRICE','EXTCODESIZE','EXTCODECOPY','RETURNDATASIZE','RETURNDATACOPY','EXTCODEHASH']
[codex:399885] for o in ops30: opcodes.append(o)
[codex:399885] # 0x40..0x4f
[codex:399885] ops40=['BLOCKHASH','COINBASE','TIMESTAMP','NUMBER','DIFFICULTY','GASLIMIT','CHAINID','SELFBALANCE','BASEFEE']
[codex:399885] for o in ops40: opcodes.append(o)
[codex:399885] # 0x50..0x5f
[codex:399885] ops50=['POP','MLOAD','MSTORE','MSTORE8','SLOAD','SSTORE','JUMP','JUMPI','PC','MSIZE','GAS','JUMPDEST']
[codex:399885] for o in ops50: opcodes.append(o)
[codex:399885] # 0x60..0x7f PUSH
[codex:399885] for i in range(1,33):
[codex:399885] opcodes.append(f'PUSH{i}')
[codex:399885] # 0x80..0x8f DUP
[codex:399885] for i in range(1,17): opcodes.append(f'DUP{i}')
[codex:399885] # 0x90..0x9f SWAP
[codex:399885] for i in range(1,17): opcodes.append(f'SWAP{i}')
[codex:399885] # 0xa0..0xa4 LOG
[codex:399885] for i in range(0,5): opcodes.append(f'LOG{i}')
[codex:399885] # 0xa5..0xef
[codex:399885] for i in range(0xa5,0xf0): opcodes.append(f'OP{i:02x}')
[codex:399885] # 0xf0..0xff
[codex:399885] opsf0=['CREATE','CALL','CALLCODE','RETURN','DELEGATECALL','CREATE2','OPf6','OPf7','OPf8','OPf9','OPfa','STATICCALL','OPfc','REVERT','INVALID','SELFDESTRUCT']
[codex:399885] for o in opsf0: opcodes.append(o)
[codex:399885]
[codex:399885] # map opcode byte to name
[codex:399885] opmap={i:op for i,op in enumerate(opcodes)}
[codex:399885]
[codex:399885] # disassemble
[codex:399885] b=bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # function to iterate
[codex:399885] pc=0
[codex:399885] out=[]
[codex:399885] while pc<len(b):
[codex:399885] op=b[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=b[pc:pc+n]
[codex:399885] pc+=n
[codex:399885] out.append((pc0,name,arg.hex()))
[codex:399885] else:
[codex:399885] out.append((pc0,name,None))
[codex:399885]
[codex:399885] # print selected opcodes near CALL/DELEGATECALL/SELFDESTRUCT
[codex:399885] for pc,name,arg in out:
[codex:399885] if name in ('CALL','DELEGATECALL','SELFDESTRUCT','SSTORE','STATICCALL'):
[codex:399885] print(f'{pc:04x}: {name} {arg or \"\"}')
[codex:399885]
[codex:399885] # also print JUMPDEST labels? no
[codex:399885]
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 46ms:
[codex:399885]
[codex:399885]
[codex:399885] thinking
[codex:399885] **Diagnosing opcode mapping issue**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] interesting = {0xf1:'CALL',0xf4:'DELEGATECALL',0xfa:'STATICCALL',0xff:'SELFDESTRUCT',0x55:'SSTORE'}
[codex:399885]
[codex:399885] pc=0
[codex:399885] hits=[]
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op - 0x5f
[codex:399885] pc += n
[codex:399885] continue
[codex:399885] if op in interesting:
[codex:399885] hits.append((pc0, interesting[op]))
[codex:399885]
[codex:399885] for pc, name in hits:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 26ms:
[codex:399885] 03c4: SSTORE
[codex:399885] 04c8: SSTORE
[codex:399885] 050c: SSTORE
[codex:399885] 058a: SSTORE
[codex:399885] 07cc: SSTORE
[codex:399885] 0988: CALL
[codex:399885] 0b2e: CALL
[codex:399885] 0b87: SSTORE
[codex:399885] 0cc4: CALL
[codex:399885] 0df1: SSTORE
[codex:399885] 0e3c: CALL
[codex:399885]
[codex:399885] thinking
[codex:399885] **Preparing opcode disassembler script**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # build opmap
[codex:399885] opmap = {}
[codex:399885] # 0x00-0x0b
[codex:399885] names = ['STOP','ADD','MUL','SUB','DIV','SDIV','MOD','SMOD','ADDMOD','MULMOD','EXP','SIGNEXTEND']
[codex:399885] for i,name in enumerate(names): opmap[i]=name
[codex:399885] # 0x10-0x1f
[codex:399885] names = ['LT','GT','SLT','SGT','EQ','ISZERO','AND','OR','XOR','NOT','BYTE','SHL','SHR','SAR']
[codex:399885] for i,name in enumerate(names,0x10): opmap[i]=name
[codex:399885] # 0x20
[codex:399885] opmap[0x20]='SHA3'
[codex:399885] # 0x30-0x3f
[codex:399885] names = ['ADDRESS','BALANCE','ORIGIN','CALLER','CALLVALUE','CALLDATALOAD','CALLDATASIZE','CALLDATACOPY','CODESIZE','CODECOPY','GASPRICE','EXTCODESIZE','EXTCODECOPY','RETURNDATASIZE','RETURNDATACOPY','EXTCODEHASH']
[codex:399885] for i,name in enumerate(names,0x30): opmap[i]=name
[codex:399885] # 0x40-0x48
[codex:399885] names = ['BLOCKHASH','COINBASE','TIMESTAMP','NUMBER','DIFFICULTY','GASLIMIT','CHAINID','SELFBALANCE','BASEFEE']
[codex:399885] for i,name in enumerate(names,0x40): opmap[i]=name
[codex:399885] # 0x50-0x5b
[codex:399885] names = ['POP','MLOAD','MSTORE','MSTORE8','SLOAD','SSTORE','JUMP','JUMPI','PC','MSIZE','GAS','JUMPDEST']
[codex:399885] for i,name in enumerate(names,0x50): opmap[i]=name
[codex:399885] # push
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] # dup
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] # swap
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] # log
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885] # 0xf0-0xff
[codex:399885] names = ['CREATE','CALL','CALLCODE','RETURN','DELEGATECALL','CREATE2','OPf6','OPf7','OPf8','OPf9','STATICCALL','OPfb','REVERT','INVALID','SELFDESTRUCT']
[codex:399885] for i,name in enumerate(names,0xf0): opmap[i]=name
[codex:399885]
[codex:399885] # disassemble
[codex:399885]
[codex:399885] def disasm(start, end):
[codex:399885] pc=start
[codex:399885] while pc<end:
[codex:399885] op = bytecode[pc]
[codex:399885] name = opmap.get(op, f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n].hex()
[codex:399885] pc+=n
[codex:399885] print(f'{pc0:04x}: {name} 0x{arg}')
[codex:399885] else:
[codex:399885] print(f'{pc0:04x}: {name}')
[codex:399885]
[codex:399885] # disasm around CALLs
[codex:399885] for pc in [0x980,0x988,0x9a0,0xb20,0xb2e,0xb50,0xcb0,0xcc4,0xce0,0xe20,0xe3c,0xe50]:
[codex:399885] print('\\n-- around', hex(pc))
[codex:399885] disasm(pc-20, pc+20)
[codex:399885]
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 31ms:
[codex:399885]
[codex:399885] -- around 0x980
[codex:399885] 096c: POP
[codex:399885] 096d: PUSH1 0x40
[codex:399885] 096f: DUP1
[codex:399885] 0970: MLOAD
[codex:399885] 0971: DUP1
[codex:399885] 0972: DUP4
[codex:399885] 0973: SUB
[codex:399885] 0974: DUP2
[codex:399885] 0975: PUSH1 0x00
[codex:399885] 0977: DUP8
[codex:399885] 0978: DUP1
[codex:399885] 0979: EXTCODESIZE
[codex:399885] 097a: ISZERO
[codex:399885] 097b: DUP1
[codex:399885] 097c: ISZERO
[codex:399885] 097d: PUSH2 0x0985
[codex:399885] 0980: JUMPI
[codex:399885] 0981: PUSH1 0x00
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing suspicious disassembly segments**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # opmap minimal
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] start=0x0dd0
[codex:399885] end=0x0e40
[codex:399885] pc=start
[codex:399885] while pc<end:
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n].hex()
[codex:399885] pc+=n
[codex:399885] print(f'{pc0:04x}: {name} 0x{arg}')
[codex:399885] else:
[codex:399885] print(f'{pc0:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 31ms:
[codex:399885] 0dd0: SELFDESTRUCT
[codex:399885] 0dd1: SELFDESTRUCT
[codex:399885] 0dd2: SELFDESTRUCT
[codex:399885] 0dd3: SELFDESTRUCT
[codex:399885] 0dd4: SELFDESTRUCT
[codex:399885] 0dd5: SELFDESTRUCT
[codex:399885] 0dd6: SELFDESTRUCT
[codex:399885] 0dd7: SELFDESTRUCT
[codex:399885] 0dd8: SELFDESTRUCT
[codex:399885] 0dd9: SELFDESTRUCT
[codex:399885] 0dda: SELFDESTRUCT
[codex:399885] 0ddb: SELFDESTRUCT
[codex:399885] 0ddc: SELFDESTRUCT
[codex:399885] 0ddd: SELFDESTRUCT
[codex:399885] 0dde: SELFDESTRUCT
[codex:399885] 0ddf: AND
[codex:399885] 0de0: EQ
[codex:399885] 0de1: ISZERO
[codex:399885] 0de2: ISZERO
[codex:399885] 0de3: PUSH2 0x0deb
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing misaligned disassembly**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # opmap
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] name = opmap.get(op, f'OP{op:02x}')
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] arg=None
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0, name, arg))
[codex:399885]
[codex:399885] # create index by pc to line idx
[codex:399885] pc_to_idx = {pc:i for i,(pc,_,_) in enumerate(instrs)}
[codex:399885]
[codex:399885] # function to print around pc
[codex:399885]
[codex:399885] def show(pc, before=8, after=8):
[codex:399885] idx = pc_to_idx.get(pc)
[codex:399885] if idx is None:
[codex:399885] # find nearest
[codex:399885] pcs=[p for p,_,_ in instrs]
[codex:399885] for i,p in enumerate(pcs):
[codex:399885] if p>pc:
[codex:399885] idx=i
[codex:399885] break
[codex:399885] else:
[codex:399885] idx=len(instrs)-1
[codex:399885] start=max(0, idx-before)
[codex:399885] end=min(len(instrs), idx+after+1)
[codex:399885] for pc,name,arg in instrs[start:end]:
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885]
[codex:399885] # show around actual CALL pcs from earlier detection
[codex:399885] call_pcs=[pc for pc,name,_ in instrs if name in ('CALL','DELEGATECALL','STATICCALL','SELFDESTRUCT')]
[codex:399885] print('call-like pcs', [hex(p) for p in call_pcs])
[codex:399885] for pc in call_pcs:
[codex:399885] print('\\n-- around', hex(pc))
[codex:399885] show(pc)
[codex:399885]
[codex:399885] # also show around SSTORE for slot0/1 maybe at 0x32a etc
[codex:399885]
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 29ms:
[codex:399885] call-like pcs ['0x988', '0xb2e', '0xcc4', '0xe3c']
[codex:399885]
[codex:399885] -- around 0x988
[codex:399885] 097d: PUSH2 0x0985
[codex:399885] 0980: JUMPI
[codex:399885] 0981: PUSH1 0x00
[codex:399885] 0983: DUP1
[codex:399885] 0984: REVERT
[codex:399885] 0985: JUMPDEST
[codex:399885] 0986: POP
[codex:399885] 0987: GAS
[codex:399885] 0988: CALL
[codex:399885] 0989: ISZERO
[codex:399885] 098a: DUP1
[codex:399885] 098b: ISZERO
[codex:399885] 098c: PUSH2 0x0999
[codex:399885] 098f: JUMPI
[codex:399885] 0990: RETURNDATASIZE
[codex:399885] 0991: PUSH1 0x00
[codex:399885] 0993: DUP1
[codex:399885]
[codex:399885] thinking
[codex:399885] **Preparing detailed CALL analysis**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] # linear disasm
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] name = opmap.get(op, f'OP{op:02x}')
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] arg=None
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] pc_to_idx={pc:i for i,(pc,_,_) in enumerate(instrs)}
[codex:399885]
[codex:399885] def show_range(start_pc, end_pc):
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start_pc: continue
[codex:399885] if pc>end_pc: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885]
[codex:399885] print('--- call 0x988 context ---')
[codex:399885] show_range(0x940,0x9c0)
[codex:399885] print('--- call 0xb2e context ---')
[codex:399885] show_range(0xae0,0xb80)
[codex:399885] print('--- call 0xcc4 context ---')
[codex:399885] show_range(0xc60,0xd00)
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 33ms:
[codex:399885] --- call 0x988 context ---
[codex:399885] 0955: MUL
[codex:399885] 0956: DUP2
[codex:399885] 0957: MSTORE
[codex:399885] 0958: PUSH1 0x04
[codex:399885] 095a: ADD
[codex:399885] 095b: DUP1
[codex:399885] 095c: DUP3
[codex:399885] 095d: PUSH1 0x00
[codex:399885] 095f: NOT
[codex:399885] 0960: AND
[codex:399885] 0961: PUSH1 0x00
[codex:399885] 0963: NOT
[codex:399885] 0964: AND
[codex:399885] 0965: DUP2
[codex:399885] 0966: MSTORE
[codex:399885] 0967: PUSH1 0x20
[codex:399885] 0969: ADD
[codex:399885] 096a: SWAP2
[codex:399885] 096b: POP
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing CALL instruction arguments**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] name = opmap.get(op, f'OP{op:02x}')
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] arg=None
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] # print from 0x8f0 to 0x9a0
[codex:399885] start=0x8f0; end=0x9a0
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 28ms:
[codex:399885] 08f0: PUSH1 0x00
[codex:399885] 08f2: SWAP1
[codex:399885] 08f3: SLOAD
[codex:399885] 08f4: SWAP1
[codex:399885] 08f5: PUSH2 0x0100
[codex:399885] 08f8: EXP
[codex:399885] 08f9: SWAP1
[codex:399885] 08fa: DIV
[codex:399885] 08fb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 0910: AND
[codex:399885] 0911: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 0926: AND
[codex:399885] 0927: PUSH4 0x54f6127f
[codex:399885] 092c: DUP4
[codex:399885] 092d: PUSH1 0x40
[codex:399885] 092f: MLOAD
[codex:399885] 0930: DUP3
[codex:399885] 0931: PUSH4 0xffffffff
[codex:399885] 0936: AND
[codex:399885] 0937: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing CALL instructions and storage usage**
[codex:399885]
[codex:399885] I'm tracing how CALL instructions use addresses loaded from storage slots, especially slot2, and examining the function selectors and calldata structures to infer which contract functions are being invoked. I’m comparing selectors against known ERC standards, checking call arguments and values to distinguish token calls from ETH transfers, and analyzing function boundaries and owner checks to understand call purposes. There is a lot here to piece together!
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc+=n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] start=0x0c39; end=0x0cdf
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 29ms:
[codex:399885] 0c39: JUMPDEST
[codex:399885] 0c3a: PUSH1 0x00
[codex:399885] 0c3c: DUP1
[codex:399885] 0c3d: SWAP1
[codex:399885] 0c3e: SLOAD
[codex:399885] 0c3f: SWAP1
[codex:399885] 0c40: PUSH2 0x0100
[codex:399885] 0c43: EXP
[codex:399885] 0c44: SWAP1
[codex:399885] 0c45: DIV
[codex:399885] 0c46: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 0c5b: AND
[codex:399885] 0c5c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 0c71: AND
[codex:399885] 0c72: CALLER
[codex:399885] 0c73: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 0c88: AND
[codex:399885] 0c89: EQ
[codex:399885] 0c8a: ISZERO
[codex:399885] 0c8b: ISZERO
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing CALL argument pattern and function roles**
[codex:399885]
[codex:399885] I'm working through the stack operations around 0xcc4 to confirm the call uses 2300 gas, indicating ETH transfer with limited gas—likely a send or transfer. I’m comparing this with calls at 0xb2e and 0x988 to understand their purpose and whether calls have proper access control, focusing on the long function starting at 0x07d0 that might handle withdrawals. I want to verify no vulnerabilities arise from these calls.
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # opmap as before
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] start=0x07d0; end=0x0c39
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 30ms:
[codex:399885] 07d0: JUMPDEST
[codex:399885] 07d1: PUSH1 0x00
[codex:399885] 07d3: DUP1
[codex:399885] 07d4: PUSH1 0x00
[codex:399885] 07d6: DUP1
[codex:399885] 07d7: PUSH1 0x01
[codex:399885] 07d9: PUSH1 0x00
[codex:399885] 07db: SWAP1
[codex:399885] 07dc: SLOAD
[codex:399885] 07dd: SWAP1
[codex:399885] 07de: PUSH2 0x0100
[codex:399885] 07e1: EXP
[codex:399885] 07e2: SWAP1
[codex:399885] 07e3: DIV
[codex:399885] 07e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 07f9: AND
[codex:399885] 07fa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 080f: AND
[codex:399885] 0810: CALLER
[codex:399885] 0811: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing contract storage and functions**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc+=n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] start=0x0570; end=0x0595
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 31ms:
[codex:399885] 0570: MSTORE
[codex:399885] 0571: PUSH1 0x20
[codex:399885] 0573: ADD
[codex:399885] 0574: SWAP4
[codex:399885] 0575: POP
[codex:399885] 0576: POP
[codex:399885] 0577: POP
[codex:399885] 0578: POP
[codex:399885] 0579: PUSH1 0x40
[codex:399885] 057b: MLOAD
[codex:399885] 057c: DUP1
[codex:399885] 057d: SWAP2
[codex:399885] 057e: SUB
[codex:399885] 057f: SWAP1
[codex:399885] 0580: LOG1
[codex:399885] 0581: POP
[codex:399885] 0582: POP
[codex:399885] 0583: JUMP
[codex:399885] 0584: JUMPDEST
[codex:399885] 0585: DUP1
[codex:399885]
[codex:399885] thinking
[codex:399885] **Inspecting uncontrolled storage slot**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # opmap
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc+=n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] start=0x03c8; end=0x0584
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 27ms:
[codex:399885] 03c8: JUMPDEST
[codex:399885] 03c9: PUSH1 0x00
[codex:399885] 03cb: DUP1
[codex:399885] 03cc: PUSH1 0x06
[codex:399885] 03ce: PUSH1 0x00
[codex:399885] 03d0: CALLER
[codex:399885] 03d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 03e6: AND
[codex:399885] 03e7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:399885] 03fc: AND
[codex:399885] 03fd: DUP2
[codex:399885] 03fe: MSTORE
[codex:399885] 03ff: PUSH1 0x20
[codex:399885] 0401: ADD
[codex:399885] 0402: SWAP1
[codex:399885] 0403: DUP2
[codex:399885] 0404: MSTORE
[codex:399885] 0405: PUSH1 0x20
[codex:399885] 0407: ADD
[codex:399885] 0408: PUSH1 0x00
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing smart contract time-lock logic**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # build opmap with push length
[codex:399885] opmap = {}
[codex:399885] for i in range(1,33): opmap[0x5f+i]=('PUSH', i)
[codex:399885] for i in range(1,17): opmap[0x7f+i]=('DUP', i)
[codex:399885] for i in range(1,17): opmap[0x8f+i]=('SWAP', i)
[codex:399885]
[codex:399885] # parse instructions with pc
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0, 'PUSH', int.from_bytes(arg,'big'), n))
[codex:399885] else:
[codex:399885] instrs.append((pc0, op, None, None))
[codex:399885]
[codex:399885] # map opcode numbers for a few
[codex:399885] OP = {
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885]
[codex:399885] # build pc->instr index
[codex:399885] pc_index={pc:i for i,(pc,_,_,_) in enumerate(instrs)}
[codex:399885]
[codex:399885] # emulate from 0x03c8 to 0x0430 (or until jump)
[codex:399885] start=0x03c8; end=0x0430
[codex:399885] stack=[]
[codex:399885]
[codex:399885] def pop():
[codex:399885] return stack.pop() if stack else '<?> '
[codex:399885]
[codex:399885] def push(v):
[codex:399885] stack.append(v)
[codex:399885]
[codex:399885] pc = start
[codex:399885] while pc <= end:
[codex:399885] idx = pc_index[pc]
[codex:399885] pc, op, val, n = instrs[idx]
[codex:399885] name = op if op=='PUSH' else OP.get(op,f'OP{op:02x}')
[codex:399885] if op=='PUSH':
[codex:399885] push(hex(val))
[codex:399885] elif name.startswith('DUP'):
[codex:399885] pass
[codex:399885] elif name.startswith('SWAP'):
[codex:399885] pass
[codex:399885] elif name=='DUP':
[codex:399885] pass
[codex:399885] else:
[codex:399885] pass
[codex:399885] # handle DUP/SWAP from opmap
[codex:399885] if op not in ('PUSH') and op in opmap:
[codex:399885] kind, num = opmap[op]
[codex:399885] if kind=='DUP':
[codex:399885] if len(stack) >= num:
[codex:399885] push(stack[-num])
[codex:399885] else:
[codex:399885] push('<?>')
[codex:399885] elif kind=='SWAP':
[codex:399885] if len(stack) >= num+1:
[codex:399885] stack[-1], stack[-(num+1)] = stack[-(num+1)], stack[-1]
[codex:399885] pc_next = instrs[idx+1][0] if idx+1 < len(instrs) else end+1
[codex:399885] pc = pc_next
[codex:399885] continue
[codex:399885] # handle some ops
[codex:399885] if name=='POP':
[codex:399885] pop()
[codex:399885] elif name=='MSTORE' or name=='MSTORE8':
[codex:399885] pop(); pop()
[codex:399885] elif name=='SLOAD':
[codex:399885] slot=pop(); push(f'SLOAD({slot})')
[codex:399885] elif name=='SHA3':
[codex:399885] a=pop(); b=pop(); push(f'SHA3({b},{a})')
[codex:399885] elif name=='CALLER':
[codex:399885] push('CALLER')
[codex:399885] elif name=='TIMESTAMP':
[codex:399885] push('TIMESTAMP')
[codex:399885] elif name=='EQ':
[codex:399885] a=pop(); b=pop(); push(f'({b}=={a})')
[codex:399885] elif name=='AND':
[codex:399885] a=pop(); b=pop(); push(f'({b}&{a})')
[codex:399885] elif name=='ADD':
[codex:399885] a=pop(); b=pop(); push(f'({b}+{a})')
[codex:399885] elif name=='SUB':
[codex:399885] a=pop(); b=pop(); push(f'({b}-{a})')
[codex:399885] elif name=='LT':
[codex:399885] a=pop(); b=pop(); push(f'({b}<{a})')
[codex:399885] elif name=='GT':
[codex:399885] a=pop(); b=pop(); push(f'({b}>{a})')
[codex:399885] elif name=='ISZERO':
[codex:399885] a=pop(); push(f'ISZERO({a})')
[codex:399885] elif name=='JUMP' or name=='JUMPI':
[codex:399885] # stop tracing on jump
[codex:399885] break
[codex:399885] # advance
[codex:399885] pc_next = instrs[idx+1][0] if idx+1 < len(instrs) else end+1
[codex:399885] pc = pc_next
[codex:399885]
[codex:399885] print('Final stack (top last):')
[codex:399885] for i,s in enumerate(stack):
[codex:399885] print(i, s)
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 exited 1 in 39ms:
[codex:399885] Traceback (most recent call last):
[codex:399885] File "<stdin>", line 68, in <module>
[codex:399885] TypeError: 'in <string>' requires string as left operand, not int
[codex:399885]
[codex:399885] thinking
[codex:399885] **Fixing type error in script**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # opcode mapping for DUP/SWAP
[codex:399885] opmap = {}
[codex:399885] for i in range(1,17): opmap[0x7f+i]=('DUP', i)
[codex:399885] for i in range(1,17): opmap[0x8f+i]=('SWAP', i)
[codex:399885]
[codex:399885] # parse instructions with pc
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0, 'PUSH', int.from_bytes(arg,'big'), n))
[codex:399885] else:
[codex:399885] instrs.append((pc0, op, None, None))
[codex:399885]
[codex:399885] OP = {
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885]
[codex:399885] pc_index={pc:i for i,(pc,_,_,_) in enumerate(instrs)}
[codex:399885]
[codex:399885] start=0x03c8; end=0x0430
[codex:399885] stack=[]
[codex:399885]
[codex:399885] def pop():
[codex:399885] return stack.pop() if stack else '<?> '
[codex:399885]
[codex:399885]
[codex:399885] def push(v):
[codex:399885] stack.append(v)
[codex:399885]
[codex:399885] pc = start
[codex:399885] while pc <= end:
[codex:399885] idx = pc_index[pc]
[codex:399885] pc, op, val, n = instrs[idx]
[codex:399885] if op=='PUSH':
[codex:399885] push(hex(val))
[codex:399885] elif op in opmap:
[codex:399885] kind, num = opmap[op]
[codex:399885] if kind=='DUP':
[codex:399885] if len(stack) >= num:
[codex:399885] push(stack[-num])
[codex:399885] else:
[codex:399885] push('<?>')
[codex:399885] elif kind=='SWAP':
[codex:399885] if len(stack) >= num+1:
[codex:399885] stack[-1], stack[-(num+1)] = stack[-(num+1)], stack[-1]
[codex:399885] else:
[codex:399885] name = OP.get(op, f'OP{op:02x}')
[codex:399885] if name=='POP':
[codex:399885] pop()
[codex:399885] elif name in ('MSTORE','MSTORE8'):
[codex:399885] pop(); pop()
[codex:399885] elif name=='SLOAD':
[codex:399885] slot=pop(); push(f'SLOAD({slot})')
[codex:399885] elif name=='SHA3':
[codex:399885] a=pop(); b=pop(); push(f'SHA3({b},{a})')
[codex:399885] elif name=='CALLER':
[codex:399885] push('CALLER')
[codex:399885] elif name=='TIMESTAMP':
[codex:399885] push('TIMESTAMP')
[codex:399885] elif name=='EQ':
[codex:399885] a=pop(); b=pop(); push(f'({b}=={a})')
[codex:399885] elif name=='AND':
[codex:399885] a=pop(); b=pop(); push(f'({b}&{a})')
[codex:399885] elif name=='ADD':
[codex:399885] a=pop(); b=pop(); push(f'({b}+{a})')
[codex:399885] elif name=='SUB':
[codex:399885] a=pop(); b=pop(); push(f'({b}-{a})')
[codex:399885] elif name=='LT':
[codex:399885] a=pop(); b=pop(); push(f'({b}<{a})')
[codex:399885] elif name=='GT':
[codex:399885] a=pop(); b=pop(); push(f'({b}>{a})')
[codex:399885] elif name=='ISZERO':
[codex:399885] a=pop(); push(f'ISZERO({a})')
[codex:399885] elif name in ('JUMP','JUMPI'):
[codex:399885] break
[codex:399885] else:
[codex:399885] # default: pop/push not handled
[codex:399885] pass
[codex:399885] pc_next = instrs[idx+1][0] if idx+1 < len(instrs) else end+1
[codex:399885] pc = pc_next
[codex:399885]
[codex:399885] print('Final stack (top last):')
[codex:399885] for i,s in enumerate(stack):
[codex:399885] print(i, s)
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 33ms:
[codex:399885] Final stack (top last):
[codex:399885] 0 SLOAD(SHA3(((0x0+0x20)+0x20),0x0))
[codex:399885] 1 0x0
[codex:399885] 2 SLOAD(0x3)
[codex:399885] 3 0x423
[codex:399885] 4 TIMESTAMP
[codex:399885] 5 SLOAD(SHA3(((0x0+0x20)+0x20),0x0))
[codex:399885] 6 (0xdf5&0xffffffff)
[codex:399885]
[codex:399885] thinking
[codex:399885] **Enhancing symbolic emulator with more operations**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] # parse instructions
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op = bytecode[pc]
[codex:399885] pc0 = pc
[codex:399885] pc += 1
[codex:399885] if 0x60 <= op <= 0x7f:
[codex:399885] n = op-0x5f
[codex:399885] arg = bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0, 'PUSH', int.from_bytes(arg,'big'), n))
[codex:399885] else:
[codex:399885] instrs.append((pc0, op, None, None))
[codex:399885]
[codex:399885] # build index
[codex:399885] pc_index={pc:i for i,(pc,_,_,_) in enumerate(instrs)}
[codex:399885]
[codex:399885] # symbolic stack operations
[codex:399885] stack=[]
[codex:399885]
[codex:399885] def pop():
[codex:399885] return stack.pop() if stack else '<?> '
[codex:399885]
[codex:399885] def push(v):
[codex:399885] stack.append(v)
[codex:399885]
[codex:399885] # op groups
[codex:399885] op_dup={op:op-0x7f for op in range(0x80,0x90)}
[codex:399885] op_swap={op:op-0x8f for op in range(0x90,0xa0)}
[codex:399885]
[codex:399885] # map for simple ops
[codex:399885]
[codex:399885] # We'll emulate from 0x03c8 to just before 0x0422 (JUMP)
[codex:399885] start=0x03c8; end=0x0422
[codex:399885] pc=start
[codex:399885] while pc<=end:
[codex:399885] idx = pc_index[pc]
[codex:399885] pc, op, val, n = instrs[idx]
[codex:399885] if op=='PUSH':
[codex:399885] push(hex(val))
[codex:399885] elif op in op_dup:
[codex:399885] num=op_dup[op]
[codex:399885] push(stack[-num] if len(stack)>=num else '<?>')
[codex:399885] elif op in op_swap:
[codex:399885] num=op_swap[op]
[codex:399885] if len(stack)>=num+1:
[codex:399885] stack[-1], stack[-(num+1)] = stack[-(num+1)], stack[-1]
[codex:399885] else:
[codex:399885] # handle op by numeric code
[codex:399885] if op==0x50: # POP
[codex:399885] pop()
[codex:399885] elif op==0x52 or op==0x53: # MSTORE/MSTORE8
[codex:399885] pop(); pop()
[codex:399885] elif op==0x51: # MLOAD
[codex:399885] a=pop(); push(f'MLOAD({a})')
[codex:399885] elif op==0x54: # SLOAD
[codex:399885] slot=pop(); push(f'SLOAD({slot})')
[codex:399885] elif op==0x20: # SHA3
[codex:399885] a=pop(); b=pop(); push(f'SHA3({b},{a})')
[codex:399885] elif op==0x01: # ADD
[codex:399885] a=pop(); b=pop(); push(f'({b}+{a})')
[codex:399885] elif op==0x03: # SUB
[codex:399885] a=pop(); b=pop(); push(f'({b}-{a})')
[codex:399885] elif op==0x02: # MUL
[codex:399885] a=pop(); b=pop(); push(f'({b}*{a})')
[codex:399885] elif op==0x04: # DIV
[codex:399885] a=pop(); b=pop(); push(f'({b}/{a})')
[codex:399885] elif op==0x0a: # EXP
[codex:399885] a=pop(); b=pop(); push(f'({b}**{a})')
[codex:399885] elif op==0x16: # AND
[codex:399885] a=pop(); b=pop(); push(f'({b}&{a})')
[codex:399885] elif op==0x17: # OR
[codex:399885] a=pop(); b=pop(); push(f'({b}|{a})')
[codex:399885] elif op==0x19: # NOT
[codex:399885] a=pop(); push(f'(~{a})')
[codex:399885] elif op==0x14: # EQ
[codex:399885] a=pop(); b=pop(); push(f'({b}=={a})')
[codex:399885] elif op==0x10: # LT
[codex:399885] a=pop(); b=pop(); push(f'({b}<{a})')
[codex:399885] elif op==0x11: # GT
[codex:399885] a=pop(); b=pop(); push(f'({b}>{a})')
[codex:399885] elif op==0x15: # ISZERO
[codex:399885] a=pop(); push(f'ISZERO({a})')
[codex:399885] elif op==0x33: # CALLER
[codex:399885] push('CALLER')
[codex:399885] elif op==0x42: # TIMESTAMP
[codex:399885] push('TIMESTAMP')
[codex:399885] elif op==0x57 or op==0x56:
[codex:399885] # stop on jump
[codex:399885] break
[codex:399885] else:
[codex:399885] # ignore others
[codex:399885] pass
[codex:399885] # next
[codex:399885] pc_next = instrs[idx+1][0] if idx+1 < len(instrs) else end+1
[codex:399885] pc = pc_next
[codex:399885]
[codex:399885] print('Stack before JUMP at 0x0422 (top last):')
[codex:399885] for i,s in enumerate(stack):
[codex:399885] print(i, s)
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 32ms:
[codex:399885] Stack before JUMP at 0x0422 (top last):
[codex:399885] 0 SLOAD(SHA3(((0x0+0x20)+0x20),0x0))
[codex:399885] 1 0x0
[codex:399885] 2 SLOAD(0x3)
[codex:399885] 3 0x423
[codex:399885] 4 TIMESTAMP
[codex:399885] 5 SLOAD(SHA3(((0x0+0x20)+0x20),0x0))
[codex:399885] 6 (0xdf5&0xffffffff)
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing function call stack and storage usage**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] # find occurrences of 600354 (PUSH1 0x03 SLOAD)
[codex:399885] pattern = '600354'
[codex:399885] idx=0
[codex:399885] while True:
[codex:399885] pos = hexstr.find(pattern, idx)
[codex:399885] if pos==-1: break
[codex:399885] print('found at byte offset', pos//2)
[codex:399885] idx=pos+1
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 28ms:
[codex:399885] found at byte offset 1038
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing storage slot usage and function roles**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] pattern = '600255'
[codex:399885] idx=0
[codex:399885] while True:
[codex:399885] pos = hexstr.find(pattern, idx)
[codex:399885] if pos==-1: break
[codex:399885] print('found at byte offset', pos//2)
[codex:399885] idx=pos+1
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 26ms:
[codex:399885]
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing storage slot usage and access control**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] for slot in range(0,10):
[codex:399885] pattern = f'60{slot:02x}54' # PUSH1 slot, SLOAD
[codex:399885] if pattern in hexstr:
[codex:399885] idx=0
[codex:399885] while True:
[codex:399885] pos=hexstr.find(pattern, idx)
[codex:399885] if pos==-1: break
[codex:399885] print(f'slot {slot} SLOAD at byte offset {pos//2}')
[codex:399885] idx=pos+1
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 27ms:
[codex:399885] slot 3 SLOAD at byte offset 1038
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing storage slot usage and updates**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] bytecode = bytes.fromhex(hexstr)
[codex:399885]
[codex:399885] opmap={
[codex:399885] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:399885] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:399885] 0x20:'SHA3',
[codex:399885] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:399885] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:399885] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:399885] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:399885] }
[codex:399885] for i in range(1,33): opmap[0x5f+i]=f'PUSH{i}'
[codex:399885] for i in range(1,17): opmap[0x7f+i]=f'DUP{i}'
[codex:399885] for i in range(1,17): opmap[0x8f+i]=f'SWAP{i}'
[codex:399885] for i in range(0,5): opmap[0xa0+i]=f'LOG{i}'
[codex:399885]
[codex:399885] instrs=[]
[codex:399885] pc=0
[codex:399885] while pc < len(bytecode):
[codex:399885] op=bytecode[pc]
[codex:399885] name=opmap.get(op,f'OP{op:02x}')
[codex:399885] pc0=pc
[codex:399885] pc+=1
[codex:399885] arg=None
[codex:399885] if 0x60<=op<=0x7f:
[codex:399885] n=op-0x5f
[codex:399885] arg=bytecode[pc:pc+n]
[codex:399885] pc += n
[codex:399885] instrs.append((pc0,name,arg))
[codex:399885]
[codex:399885] start=0x0310; end=0x0340
[codex:399885] for pc,name,arg in instrs:
[codex:399885] if pc<start: continue
[codex:399885] if pc>end: break
[codex:399885] if arg is not None:
[codex:399885] print(f'{pc:04x}: {name} 0x{arg.hex()}')
[codex:399885] else:
[codex:399885] print(f'{pc:04x}: {name}')
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 29ms:
[codex:399885] 0310: DUP1
[codex:399885] 0311: CALLDATASIZE
[codex:399885] 0312: SUB
[codex:399885] 0313: DUP2
[codex:399885] 0314: ADD
[codex:399885] 0315: SWAP1
[codex:399885] 0316: DUP1
[codex:399885] 0317: DUP1
[codex:399885] 0318: CALLDATALOAD
[codex:399885] 0319: SWAP1
[codex:399885] 031a: PUSH1 0x20
[codex:399885] 031c: ADD
[codex:399885] 031d: SWAP1
[codex:399885] 031e: SWAP3
[codex:399885] 031f: SWAP2
[codex:399885] 0320: SWAP1
[codex:399885] 0321: POP
[codex:399885] 0322: POP
[codex:399885] 0323: POP
[codex:399885] 0324: PUSH2 0x0d8f
[codex:399885]
[codex:399885] thinking
[codex:399885] **Investigating potential slot5 access patterns**
[codex:399885] exec
[codex:399885] /bin/bash -lc "python - <<'PY'
[codex:399885] import re
[codex:399885] from pathlib import Path
[codex:399885] code = Path('BYTECODE_BUNDLE.txt').read_text()
[codex:399885] hexstr = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:399885] # find occurrences of PUSH1 0x05 (6005)
[codex:399885] pattern='6005'
[codex:399885] idx=0
[codex:399885] locs=[]
[codex:399885] while True:
[codex:399885] pos=hexstr.find(pattern, idx)
[codex:399885] if pos==-1: break
[codex:399885] locs.append(pos//2)
[codex:399885] idx=pos+1
[codex:399885] print(locs)
[codex:399885] PY" in /tmp/codex-multi-bq9zvlr8 succeeded in 27ms:
[codex:399885] [1078, 1227]
[codex:399885]
[codex:399885] thinking
[codex:399885] **Analyzing contract functions and access controls**
[codex:399885]
[codex:399885] I've carefully reviewed the contract's bytecode, focusing on functions related to withdrawals, ownership, and access checks. I verified that only authorized roles (owner or operator) can initiate ETH transfers and that public setters do not expose direct profit exploits. While some public functions modify state variables, none directly facilitate unauthorized ETH withdrawal. Overall, no concrete exploit path to profit emerged from this thorough bytecode-only analysis.
[codex:399885] codex
[codex:399885] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the bytecode-only analysis; all value-transferring CALL sites appear gated by owner/operator checks, and no DELEGATECALL/SELFDESTRUCT or unprotected ETH transfer was found.","findings":[]}
[codex:399885] tokens used
[codex:399885] 141,161
[codex:399885] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the bytecode-only analysis; all value-transferring CALL sites appear gated by owner/operator checks, and no DELEGATECALL/SELFDESTRUCT or unprotected ETH transfer was found.","findings":[]}
{
"codex": {
"ran_at": "2026-01-05T21:32:24.017237+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable profit path identified from the bytecode-only analysis; all value-transferring CALL sites appear gated by owner/operator checks, and no DELEGATECALL/SELFDESTRUCT or unprotected ETH transfer was found.",
"raw_final": {
"summary": "No concrete, exploitable profit path identified from the bytecode-only analysis; all value-transferring CALL sites appear gated by owner/operator checks, and no DELEGATECALL/SELFDESTRUCT or unprotected ETH transfer was found.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0099 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002e: SWAP1 0000002f: DIV 00000030: PUSH4 0xffffffff 00000035: AND 00000036: DUP1 00000037: PUSH4 0x27d7874c 0000003c: EQ 0000003d: PUSH2 0x00a8 00000040: JUMPI 00000041: DUP1 00000042: PUSH4 0x2ca15122 00000047: EQ 00000048: PUSH2 0x00eb 0000004b: JUMPI 0000004c: DUP1 0000004d: PUSH4 0x3ccfd067 00000052: EQ 00000053: PUSH2 0x0102 00000056: JUMPI 00000057: DUP1 00000058: PUSH4 0x4bc935d7 0000005d: EQ 0000005e: PUSH2 0x012f 00000061: JUMPI 00000062: DUP1 00000063: PUSH4 0x4e0a3379 00000068: EQ 00000069: PUSH2 0x01c9 0000006c: JUMPI 0000006d: DUP1 0000006e: PUSH4 0x93a2f9c7 00000073: EQ 00000074: PUSH2 0x020c 00000077: JUMPI 00000078: DUP1 00000079: PUSH4 0xd0cff12f 0000007e: EQ 0000007f: PUSH2 0x02a6 00000082: JUMPI 00000083: DUP1 00000084: PUSH4 0xd0e30db0 00000089: EQ 0000008a: PUSH2 0x02f3 0000008d: JUMPI 0000008e: DUP1 0000008f: PUSH4 0xeb3aa5f1 00000094: EQ 00000095: PUSH2 0x02fd 00000098: JUMPI 00000099: JUMPDEST 0000009a: PUSH1 0x00 0000009c: ISZERO 0000009d: ISZERO 0000009e: PUSH2 0x00a6 000000a1: JUMPI 000000a2: PUSH1 0x00 000000a4: DUP1 000000a5: REVERT 000000a6: JUMPDEST 000000a7: STOP 000000a8: JUMPDEST 000000a9: CALLVALUE 000000aa: DUP1 000000ab: ISZERO 000000ac: PUSH2 0x00b4 000000af: JUMPI 000000b0: PUSH1 0x00 000000b2: DUP1 000000b3: REVERT 000000b4: JUMPDEST 000000b5: POP 000000b6: PUSH2 0x00e9 000000b9: PUSH1 0x04 000000bb: DUP1 000000bc: CALLDATASIZE 000000bd: SUB 000000be: DUP2 000000bf: ADD 000000c0: SWAP1 000000c1: DUP1 000000c2: DUP1 000000c3: CALLDATALOAD 000000c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000d9: AND 000000da: SWAP1 000000db: PUSH1 0x20 000000dd: ADD 000000de: SWAP1 000000df: SWAP3 000000e0: SWAP2 000000e1: SWAP1 000000e2: POP 000000e3: POP 000000e4: POP 000000e5: PUSH2 0x032a 000000e8: JUMP 000000e9: JUMPDEST 000000ea: STOP 000000eb: JUMPDEST 000000ec: CALLVALUE 000000ed: DUP1 000000ee: ISZERO 000000ef: PUSH2 0x00f7 000000f2: JUMPI 000000f3: PUSH1 0x00 000000f5: DUP1 000000f6: REVERT 000000f7: JUMPDEST 000000f8: POP 000000f9: PUSH2 0x0100 000000fc: PUSH2 0x03c8 000000ff: JUMP 00000100: JUMPDEST 00000101: STOP 00000102: JUMPDEST 00000103: CALLVALUE 00000104: DUP1 00000105: ISZERO 00000106: PUSH2 0x010e 00000109: JUMPI 0000010a: PUSH1 0x00 0000010c: DUP1 0000010d: REVERT 0000010e: JUMPDEST 0000010f: POP 00000110: PUSH2 0x012d 00000113: PUSH1 0x04 00000115: DUP1 00000116: CALLDATASIZE 00000117: SUB 00000118: DUP2 00000119: ADD 0000011a: SWAP1 0000011b: DUP1 0000011c: DUP1 0000011d: CALLDATALOAD 0000011e: SWAP1 0000011f: PUSH1 0x20 00000121: ADD 00000122: SWAP1 00000123: SWAP3 00000124: SWAP2 00000125: SWAP1 00000126: POP 00000127: POP 00000128: POP 00000129: PUSH2 0x0584 0000012c: JUMP 0000012d: JUMPDEST 0000012e: STOP 0000012f: JUMPDEST 00000130: CALLVALUE 00000131: DUP1 00000132: ISZERO 00000133: PUSH2 0x013b 00000136: JUMPI 00000137: PUSH1 0x00 00000139: DUP1 0000013a: REVERT 0000013b: JUMPDEST 0000013c: POP 0000013d: PUSH2 0x01af 00000140: PUSH1 0x04 00000142: DUP1 00000143: CALLDATASIZE 00000144: SUB 00000145: DUP2 00000146: ADD 00000147: SWAP1 00000148: DUP1 00000149: DUP1 0000014a: CALLDATALOAD 0000014b: SWAP1 0000014c: PUSH1 0x20 0000014e: ADD 0000014f: SWAP1 00000150: DUP3 00000151: ADD 00000152: DUP1 00000153: CALLDATALOAD 00000154: SWAP1 00000155: PUSH1 0x20 00000157: ADD 00000158: SWAP1 00000159: DUP1 0000015a: DUP1 0000015b: PUSH1 0x20 0000015d: MUL 0000015e: PUSH1 0x20 00000160: ADD 00000161: PUSH1 0x40 00000163: MLOAD 00000164: SWAP1 00000165: DUP2 00000166: ADD 00000167: PUSH1 0x40 00000169: MSTORE 0000016a: DUP1 0000016b: SWAP4 0000016c: SWAP3 0000016d: SWAP2 0000016e: SWAP1 0000016f: DUP2 00000170: DUP2 00000171: MSTORE 00000172: PUSH1 0x20 00000174: ADD 00000175: DUP4 00000176: DUP4 00000177: PUSH1 0x20 00000179: MUL 0000017a: DUP1 0000017b: DUP3 0000017c: DUP5 0000017d: CALLDATACOPY 0000017e: DUP3 0000017f: ADD 00000180: SWAP2 00000181: POP 00000182: POP 00000183: POP 00000184: POP 00000185: POP 00000186: POP 00000187: SWAP2 00000188: SWAP3 00000189: SWAP2 0000018a: SWAP3 0000018b: SWAP1 0000018c: DUP1 0000018d: CALLDATALOAD 0000018e: PUSH1 0x00 00000190: NOT 00000191: AND 00000192: SWAP1 00000193: PUSH1 0x20 00000195: ADD 00000196: SWAP1 00000197: SWAP3 00000198: SWAP2 00000199: SWAP1 0000019a: DUP1 0000019b: CALLDATALOAD 0000019c: PUSH1 0x00 0000019e: NOT 0000019f: AND 000001a0: SWAP1 000001a1: PUSH1 0x20 000001a3: ADD 000001a4: SWAP1 000001a5: SWAP3 000001a6: SWAP2 000001a7: SWAP1 000001a8: POP 000001a9: POP 000001aa: POP 000001ab: PUSH2 0x058e 000001ae: JUMP 000001af: JUMPDEST 000001b0: PUSH1 0x40 000001b2: MLOAD 000001b3: DUP1 000001b4: DUP3 000001b5: ISZERO 000001b6: ISZERO 000001b7: ISZERO 000001b8: ISZERO 000001b9: DUP2 000001ba: MSTORE 000001bb: PUSH1 0x20 000001bd: ADD 000001be: SWAP2 000001bf: POP 000001c0: POP 000001c1: PUSH1 0x40 000001c3: MLOAD 000001c4: DUP1 000001c5: SWAP2 000001c6: SUB 000001c7: SWAP1 000001c8: RETURN 000001c9: JUMPDEST 000001ca: CALLVALUE 000001cb: DUP1 000001cc: ISZERO 000001cd: PUSH2 0x01d5 000001d0: JUMPI 000001d1: PUSH1 0x00 000001d3: DUP1 000001d4: REVERT 000001d5: JUMPDEST 000001d6: POP 000001d7: PUSH2 0x020a 000001da: PUSH1 0x04 000001dc: DUP1 000001dd: CALLDATASIZE 000001de: SUB 000001df: DUP2 000001e0: ADD 000001e1: SWAP1 000001e2: DUP1 000001e3: DUP1 000001e4: CALLDATALOAD 000001e5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001fa: AND 000001fb: SWAP1 000001fc: PUSH1 0x20 000001fe: ADD 000001ff: SWAP1 00000200: SWAP3 00000201: SWAP2 00000202: SWAP1 00000203: POP 00000204: POP 00000205: POP 00000206: PUSH2 0x0731 00000209: JUMP 0000020a: JUMPDEST 0000020b: STOP 0000020c: JUMPDEST 0000020d: CALLVALUE 0000020e: DUP1 0000020f: ISZERO 00000210: PUSH2 0x0218 00000213: JUMPI 00000214: PUSH1 0x00 00000216: DUP1 00000217: REVERT 00000218: JUMPDEST 00000219: POP 0000021a: PUSH2 0x02a4 0000021d: PUSH1 0x04 0000021f: DUP1 00000220: CALLDATASIZE 00000221: SUB 00000222: DUP2 00000223: ADD 00000224: SWAP1 00000225: DUP1 00000226: DUP1 00000227: CALLDATALOAD 00000228: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000023d: AND 0000023e: SWAP1 0000023f: PUSH1 0x20 00000241: ADD 00000242: SWAP1 00000243: SWAP3 00000244: SWAP2 00000245: SWAP1 00000246: DUP1 00000247: CALLDATALOAD 00000248: SWAP1 00000249: PUSH1 0x20 0000024b: ADD 0000024c: SWAP1 0000024d: SWAP3 0000024e: SWAP2 0000024f: SWAP1 00000250: DUP1 00000251: CALLDATALOAD 00000252: SWAP1 00000253: PUSH1 0x20 00000255: ADD 00000256: SWAP1 00000257: SWAP3 00000258: SWAP2 00000259: SWAP1 0000025a: DUP1 0000025b: CALLDATALOAD 0000025c: SWAP1 0000025d: PUSH1 0x20 0000025f: ADD 00000260: SWAP1 00000261: DUP3 00000262: ADD 00000263: DUP1 00000264: CALLDATALOAD 00000265: SWAP1 00000266: PUSH1 0x20 00000268: ADD 00000269: SWAP1 0000026a: DUP1 0000026b: DUP1 0000026c: PUSH1 0x20 0000026e: MUL 0000026f: PUSH1 0x20 00000271: ADD 00000272: PUSH1 0x40 00000274: MLOAD 00000275: SWAP1 00000276: DUP2 00000277: ADD 00000278: PUSH1 0x40 0000027a: MSTORE 0000027b: DUP1 0000027c: SWAP4 0000027d: SWAP3 0000027e: SWAP2 0000027f: SWAP1 00000280: DUP2 00000281: DUP2 00000282: MSTORE 00000283: PUSH1 0x20 00000285: ADD 00000286: DUP4 00000287: DUP4 00000288: PUSH1 0x20 0000028a: MUL 0000028b: DUP1 0000028c: DUP3 0000028d: DUP5 0000028e: CALLDATACOPY 0000028f: DUP3 00000290: ADD 00000291: SWAP2 00000292: POP 00000293: POP 00000294: POP 00000295: POP 00000296: POP 00000297: POP 00000298: SWAP2 00000299: SWAP3 0000029a: SWAP2 0000029b: SWAP3 0000029c: SWAP1 0000029d: POP 0000029e: POP 0000029f: POP 000002a0: PUSH2 0x07d0 000002a3: JUMP 000002a4: JUMPDEST 000002a5: STOP 000002a6: JUMPDEST 000002a7: CALLVALUE 000002a8: DUP1 000002a9: ISZERO 000002aa: PUSH2 0x02b2 000002ad: JUMPI 000002ae: PUSH1 0x00 000002b0: DUP1 000002b1: REVERT 000002b2: JUMPDEST 000002b3: POP 000002b4: PUSH2 0x02f1 000002b7: PUSH1 0x04 000002b9: DUP1 000002ba: CALLDATASIZE 000002bb: SUB 000002bc: DUP2 000002bd: ADD 000002be: SWAP1 000002bf: DUP1 000002c0: DUP1 000002c1: CALLDATALOAD 000002c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002d7: AND 000002d8: SWAP1 000002d9: PUSH1 0x20 000002db: ADD 000002dc: SWAP1 000002dd: SWAP3 000002de: SWAP2 000002df: SWAP1 000002e0: DUP1 000002e1: CALLDATALOAD 000002e2: SWAP1 000002e3: PUSH1 0x20 000002e5: ADD 000002e6: SWAP1 000002e7: SWAP3 000002e8: SWAP2 000002e9: SWAP1 000002ea: POP 000002eb: POP 000002ec: POP 000002ed: PUSH2 0x0c39 000002f0: JUMP 000002f1: JUMPDEST 000002f2: STOP 000002f3: JUMPDEST 000002f4: PUSH2 0x02fb 000002f7: PUSH2 0x0cdf 000002fa: JUMP 000002fb: JUMPDEST 000002fc: STOP 000002fd: JUMPDEST 000002fe: CALLVALUE 000002ff: DUP1 00000300: ISZERO 00000301: PUSH2 0x0309 00000304: JUMPI 00000305: PUSH1 0x00 00000307: DUP1 00000308: REVERT 00000309: JUMPDEST 0000030a: POP 0000030b: PUSH2 0x0328 0000030e: PUSH1 0x04 00000310: DUP1 00000311: CALLDATASIZE 00000312: SUB 00000313: DUP2 00000314: ADD 00000315: SWAP1 00000316: DUP1 00000317: DUP1 00000318: CALLDATALOAD 00000319: SWAP1 0000031a: PUSH1 0x20 0000031c: ADD 0000031d: SWAP1 0000031e: SWAP3 0000031f: SWAP2 00000320: SWAP1 00000321: POP 00000322: POP 00000323: POP 00000324: PUSH2 0x0d8f 00000327: JUMP 00000328: JUMPDEST 00000329: STOP 0000032a: JUMPDEST 0000032b: PUSH1 0x00 0000032d: DUP1 0000032e: SWAP1 0000032f: SLOAD 00000330: SWAP1 00000331: PUSH2 0x0100 00000334: EXP 00000335: SWAP1 00000336: DIV 00000337: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000034c: AND 0000034d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000362: AND 00000363: CALLER 00000364: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000379: AND 0000037a: EQ 0000037b: ISZERO 0000037c: ISZERO 0000037d: PUSH2 0x0385 00000380: JUMPI 00000381: PUSH1 0x00 00000383: DUP1 00000384: REVERT 00000385: JUMPDEST 00000386: DUP1 00000387: PUSH1 0x00 00000389: DUP1 0000038a: PUSH2 0x0100 0000038d: EXP 0000038e: DUP2 0000038f: SLOAD 00000390: DUP2 00000391: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003a6: MUL 000003a7: NOT 000003a8: AND 000003a9: SWAP1 000003aa: DUP4 000003ab: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003c0: AND 000003c1: MUL 000003c2: OR 000003c3: SWAP1 000003c4: SSTORE 000003c5: POP 000003c6: POP 000003c7: JUMP 000003c8: JUMPDEST 000003c9: PUSH1 0x00 000003cb: DUP1 000003cc: PUSH1 0x06 000003ce: PUSH1 0x00 000003d0: CALLER 000003d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003e6: AND 000003e7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003fc: AND 000003fd: DUP2 000003fe: MSTORE 000003ff: PUSH1 0x20 00000401: ADD 00000402: SWAP1 00000403: DUP2 00000404: MSTORE 00000405: PUSH1 0x20 00000407: ADD 00000408: PUSH1 0x00 0000040a: KECCAK256 0000040b: SLOAD 0000040c: SWAP2 0000040d: POP 0000040e: PUSH1 0x03 00000410: SLOAD 00000411: PUSH2 0x0423 00000414: DUP4 00000415: TIMESTAMP 00000416: PUSH2 0x0df5 00000419: SWAP1 0000041a: SWAP2 0000041b: SWAP1 0000041c: PUSH4 0xffffffff 00000421: AND 00000422: JUMP 00000423: JUMPDEST 00000424: LT 00000425: ISZERO 00000426: ISZERO 00000427: ISZERO 00000428: PUSH2 0x0430 0000042b: JUMPI 0000042c: PUSH1 0x00 0000042e: DUP1 0000042f: REVERT 00000430: JUMPDEST 00000431: PUSH2 0x0483 00000434: PUSH1 0x01 00000436: PUSH1 0x05 00000438: PUSH1 0x00 0000043a: CALLER 0000043b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000450: AND 00000451: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000466: AND 00000467: DUP2 00000468: MSTORE 00000469: PUSH1 0x20 0000046b: ADD 0000046c: SWAP1 0000046d: DUP2 0000046e: MSTORE 0000046f: PUSH1 0x20 00000471: ADD 00000472: PUSH1 0x00 00000474: KECCAK256 00000475: SLOAD 00000476: PUSH2 0x0e0e 00000479: SWAP1 0000047a: SWAP2 0000047b: SWAP1 0000047c: PUSH4 0xffffffff 00000481: AND 00000482: JUMP 00000483: JUMPDEST 00000484: SWAP1 00000485: POP 00000486: TIMESTAMP 00000487: PUSH1 0x06 00000489: PUSH1 0x00 0000048b: CALLER 0000048c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004a1: AND 000004a2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004b7: AND 000004b8: DUP2 000004b9: MSTORE 000004ba: PUSH1 0x20 000004bc: ADD 000004bd: SWAP1 000004be: DUP2 000004bf: MSTORE 000004c0: PUSH1 0x20 000004c2: ADD 000004c3: PUSH1 0x00 000004c5: KECCAK256 000004c6: DUP2 000004c7: SWAP1 000004c8: SSTORE 000004c9: POP 000004ca: DUP1 000004cb: PUSH1 0x05 000004cd: PUSH1 0x00 000004cf: CALLER 000004d0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004e5: AND 000004e6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004fb: AND 000004fc: DUP2 000004fd: MSTORE 000004fe: PUSH1 0x20 00000500: ADD 00000501: SWAP1 00000502: DUP2 00000503: MSTORE 00000504: PUSH1 0x20 00000506: ADD 00000507: PUSH1 0x00 00000509: KECCAK256 0000050a: DUP2 0000050b: SWAP1 0000050c: SSTORE 0000050d: POP 0000050e: PUSH32 0x6606a8bb80a4c7f8f56d2eb4774e6b48ad1d979612a8c130bc4c80538175a08d 0000052f: CALLER 00000530: DUP3 00000531: TIMESTAMP 00000532: PUSH1 0x40 00000534: MLOAD 00000535: DUP1 00000536: DUP5 00000537: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000054c: AND 0000054d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000562: AND 00000563: DUP2 00000564: MSTORE 00000565: PUSH1 0x20 00000567: ADD 00000568: DUP4 00000569: DUP2 0000056a: MSTORE 0000056b: PUSH1 0x20 0000056d: ADD 0000056e: DUP3 0000056f: DUP2 00000570: MSTORE 00000571: PUSH1 0x20 00000573: ADD 00000574: SWAP4 00000575: POP 00000576: POP 00000577: POP 00000578: POP 00000579: PUSH1 0x40 0000057b: MLOAD 0000057c: DUP1 0000057d: SWAP2 0000057e: SUB 0000057f: SWAP1 00000580: LOG1 00000581: POP 00000582: POP 00000583: JUMP 00000584: JUMPDEST 00000585: DUP1 00000586: PUSH1 0x03 00000588: DUP2 00000589: SWAP1 0000058a: SSTORE 0000058b: POP 0000058c: POP 0000058d: JUMP 0000058e: JUMPDEST 0000058f: PUSH1 0x00 00000591: DUP1 00000592: PUSH1 0x00 00000594: DUP1 00000595: DUP5 00000596: SWAP3 00000597: POP 00000598: PUSH1 0x00 0000059a: SWAP2 0000059b: POP 0000059c: JUMPDEST 0000059d: DUP7 0000059e: MLOAD 0000059f: DUP3 000005a0: LT 000005a1: ISZERO 000005a2: PUSH2 0x071a 000005a5: JUMPI 000005a6: DUP7 000005a7: DUP3 000005a8: DUP2 000005a9: MLOAD 000005aa: DUP2 000005ab: LT 000005ac: ISZERO 000005ad: ISZERO 000005ae: PUSH2 0x05b3 000005b1: JUMPI 000005b2: INVALID 000005b3: JUMPDEST 000005b4: SWAP1 000005b5: PUSH1 0x20 000005b7: ADD 000005b8: SWAP1 000005b9: PUSH1 0x20 000005bb: MUL 000005bc: ADD 000005bd: MLOAD 000005be: SWAP1 000005bf: POP 000005c0: DUP1 000005c1: PUSH1 0x00 000005c3: NOT 000005c4: AND 000005c5: DUP4 000005c6: PUSH1 0x00 000005c8: NOT 000005c9: AND 000005ca: LT 000005cb: ISZERO 000005cc: PUSH2 0x0670 000005cf: JUMPI 000005d0: DUP3 000005d1: DUP2 000005d2: PUSH1 0x40 000005d4: MLOAD 000005d5: PUSH1 0x20 000005d7: ADD 000005d8: DUP1 000005d9: DUP4 000005da: PUSH1 0x00 000005dc: NOT 000005dd: AND 000005de: PUSH1 0x00 000005e0: NOT 000005e1: AND 000005e2: DUP2 000005e3: MSTORE 000005e4: PUSH1 0x20 000005e6: ADD 000005e7: DUP3 000005e8: PUSH1 0x00 000005ea: NOT 000005eb: AND 000005ec: PUSH1 0x00 000005ee: NOT 000005ef: AND 000005f0: DUP2 000005f1: MSTORE 000005f2: PUSH1 0x20 000005f4: ADD 000005f5: SWAP3 000005f6: POP 000005f7: POP 000005f8: POP 000005f9: PUSH1 0x40 000005fb: MLOAD 000005fc: PUSH1 0x20 000005fe: DUP2 000005ff: DUP4 00000600: SUB 00000601: SUB 00000602: DUP2 00000603: MSTORE 00000604: SWAP1 00000605: PUSH1 0x40 00000607: MSTORE 00000608: PUSH1 0x40 0000060a: MLOAD 0000060b: DUP1 0000060c: DUP3 0000060d: DUP1 0000060e: MLOAD 0000060f: SWAP1 00000610: PUSH1 0x20 00000612: ADD 00000613: SWAP1 00000614: DUP1 00000615: DUP4 00000616: DUP4 00000617: JUMPDEST 00000618: PUSH1 0x20 0000061a: DUP4 0000061b: LT 0000061c: ISZERO 0000061d: ISZERO 0000061e: PUSH2 0x063c 00000621: JUMPI 00000622: DUP1 00000623: MLOAD 00000624: DUP3 00000625: MSTORE 00000626: PUSH1 0x20 00000628: DUP3 00000629: ADD 0000062a: SWAP2 0000062b: POP 0000062c: PUSH1 0x20 0000062e: DUP2 0000062f: ADD 00000630: SWAP1 00000631: POP 00000632: PUSH1 0x20 00000634: DUP4 00000635: SUB 00000636: SWAP3 00000637: POP 00000638: PUSH2 0x0617 0000063b: JUMP 0000063c: JUMPDEST 0000063d: PUSH1 0x01 0000063f: DUP4 00000640: PUSH1 0x20 00000642: SUB 00000643: PUSH2 0x0100 00000646: EXP 00000647: SUB 00000648: DUP1 00000649: NOT 0000064a: DUP3 0000064b: MLOAD 0000064c: AND 0000064d: DUP2 0000064e: DUP5 0000064f: MLOAD 00000650: AND 00000651: DUP1 00000652: DUP3 00000653: OR 00000654: DUP6 00000655: MSTORE 00000656: POP 00000657: POP 00000658: POP 00000659: POP 0000065a: POP 0000065b: POP 0000065c: SWAP1 0000065d: POP 0000065e: ADD 0000065f: SWAP2 00000660: POP 00000661: POP 00000662: PUSH1 0x40 00000664: MLOAD 00000665: DUP1 00000666: SWAP2 00000667: SUB 00000668: SWAP1 00000669: KECCAK256 0000066a: SWAP3 0000066b: POP 0000066c: PUSH2 0x070d 0000066f: JUMP 00000670: JUMPDEST 00000671: DUP1 00000672: DUP4 00000673: PUSH1 0x40 00000675: MLOAD 00000676: PUSH1 0x20 00000678: ADD 00000679: DUP1 0000067a: DUP4 0000067b: PUSH1 0x00 0000067d: NOT 0000067e: AND 0000067f: PUSH1 0x00 00000681: NOT 00000682: AND 00000683: DUP2 00000684: MSTORE 00000685: PUSH1 0x20 00000687: ADD 00000688: DUP3 00000689: PUSH1 0x00 0000068b: NOT 0000068c: AND 0000068d: PUSH1 0x00 0000068f: NOT 00000690: AND 00000691: DUP2 00000692: MSTORE 00000693: PUSH1 0x20 00000695: ADD 00000696: SWAP3 00000697: POP 00000698: POP 00000699: POP 0000069a: PUSH1 0x40 0000069c: MLOAD 0000069d: PUSH1 0x20 0000069f: DUP2 000006a0: DUP4 000006a1: SUB 000006a2: SUB 000006a3: DUP2 000006a4: MSTORE 000006a5: SWAP1 000006a6: PUSH1 0x40 000006a8: MSTORE 000006a9: PUSH1 0x40 000006ab: MLOAD 000006ac: DUP1 000006ad: DUP3 000006ae: DUP1 000006af: MLOAD 000006b0: SWAP1 000006b1: PUSH1 0x20 000006b3: ADD 000006b4: SWAP1 000006b5: DUP1 000006b6: DUP4 000006b7: DUP4 000006b8: JUMPDEST 000006b9: PUSH1 0x20 000006bb: DUP4 000006bc: LT 000006bd: ISZERO 000006be: ISZERO 000006bf: PUSH2 0x06dd 000006c2: JUMPI 000006c3: DUP1 000006c4: MLOAD 000006c5: DUP3 000006c6: MSTORE 000006c7: PUSH1 0x20 000006c9: DUP3 000006ca: ADD 000006cb: SWAP2 000006cc: POP 000006cd: PUSH1 0x20 000006cf: DUP2 000006d0: ADD 000006d1: SWAP1 000006d2: POP 000006d3: PUSH1 0x20 000006d5: DUP4 000006d6: SUB 000006d7: SWAP3 000006d8: POP 000006d9: PUSH2 0x06b8 000006dc: JUMP 000006dd: JUMPDEST 000006de: PUSH1 0x01 000006e0: DUP4 000006e1: PUSH1 0x20 000006e3: SUB 000006e4: PUSH2 0x0100 000006e7: EXP 000006e8: SUB 000006e9: DUP1 000006ea: NOT 000006eb: DUP3 000006ec: MLOAD 000006ed: AND 000006ee: DUP2 000006ef: DUP5 000006f0: MLOAD 000006f1: AND 000006f2: DUP1 000006f3: DUP3 000006f4: OR 000006f5: DUP6 000006f6: MSTORE 000006f7: POP 000006f8: POP 000006f9: POP 000006fa: POP 000006fb: POP 000006fc: POP 000006fd: SWAP1 000006fe: POP 000006ff: ADD 00000700: SWAP2 00000701: POP 00000702: POP 00000703: PUSH1 0x40 00000705: MLOAD 00000706: DUP1 00000707: SWAP2 00000708: SUB 00000709: SWAP1 0000070a: KECCAK256 0000070b: SWAP3 0000070c: POP 0000070d: JUMPDEST 0000070e: DUP2 0000070f: DUP1 00000710: PUSH1 0x01 00000712: ADD 00000713: SWAP3 00000714: POP 00000715: POP 00000716: PUSH2 0x059c 00000719: JUMP 0000071a: JUMPDEST 0000071b: DUP6 0000071c: PUSH1 0x00 0000071e: NOT 0000071f: AND 00000720: DUP4 00000721: PUSH1 0x00 00000723: NOT 00000724: AND 00000725: EQ 00000726: SWAP4 00000727: POP 00000728: POP 00000729: POP 0000072a: POP 0000072b: SWAP4 0000072c: SWAP3 0000072d: POP 0000072e: POP 0000072f: POP 00000730: JUMP 00000731: JUMPDEST 00000732: PUSH1 0x00 00000734: DUP1 00000735: SWAP1 00000736: SLOAD 00000737: SWAP1 00000738: PUSH2 0x0100 0000073b: EXP 0000073c: SWAP1 0000073d: DIV 0000073e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000753: AND 00000754: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000769: AND 0000076a: CALLER 0000076b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000780: AND 00000781: EQ 00000782: ISZERO 00000783: ISZERO 00000784: PUSH2 0x078c 00000787: JUMPI 00000788: PUSH1 0x00 0000078a: DUP1 0000078b: REVERT 0000078c: JUMPDEST 0000078d: DUP1 0000078e: PUSH1 0x01 00000790: PUSH1 0x00 00000792: PUSH2 0x0100 00000795: EXP 00000796: DUP2 00000797: SLOAD 00000798: DUP2 00000799: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007ae: MUL 000007af: NOT 000007b0: AND 000007b1: SWAP1 000007b2: DUP4 000007b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007c8: AND 000007c9: MUL 000007ca: OR 000007cb: SWAP1 000007cc: SSTORE 000007cd: POP 000007ce: POP 000007cf: JUMP 000007d0: JUMPDEST 000007d1: PUSH1 0x00 000007d3: DUP1 000007d4: PUSH1 0x00 000007d6: DUP1 000007d7: PUSH1 0x01 000007d9: PUSH1 0x00 000007db: SWAP1 000007dc: SLOAD 000007dd: SWAP1 000007de: PUSH2 0x0100 000007e1: EXP 000007e2: SWAP1 000007e3: DIV 000007e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007f9: AND 000007fa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000080f: AND 00000810: CALLER 00000811: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000826: AND 00000827: EQ 00000828: ISZERO 00000829: ISZERO 0000082a: PUSH2 0x0832 0000082d: JUMPI 0000082e: PUSH1 0x00 00000830: DUP1 00000831: REVERT 00000832: JUMPDEST 00000833: PUSH1 0x00 00000835: DUP8 00000836: GT 00000837: ISZERO 00000838: ISZERO 00000839: PUSH2 0x0841 0000083c: JUMPI 0000083d: PUSH1 0x00 0000083f: DUP1 00000840: REVERT 00000841: JUMPDEST 00000842: DUP6 00000843: PUSH1 0x40 00000845: MLOAD 00000846: PUSH1 0x20 00000848: ADD 00000849: DUP1 0000084a: DUP1 0000084b: PUSH32 0x7769746864726177000000000000000000000000000000000000000000000000 0000086c: DUP2 0000086d: MSTORE 0000086e: POP 0000086f: PUSH1 0x08 00000871: ADD 00000872: DUP3 00000873: DUP2 00000874: MSTORE 00000875: PUSH1 0x20 00000877: ADD 00000878: SWAP2 00000879: POP 0000087a: POP 0000087b: PUSH1 0x40 0000087d: MLOAD 0000087e: PUSH1 0x20 00000880: DUP2 00000881: DUP4 00000882: SUB 00000883: SUB 00000884: DUP2 00000885: MSTORE 00000886: SWAP1 00000887: PUSH1 0x40 00000889: MSTORE 0000088a: PUSH1 0x40 0000088c: MLOAD 0000088d: DUP1 0000088e: DUP3 0000088f: DUP1 00000890: MLOAD 00000891: SWAP1 00000892: PUSH1 0x20 00000894: ADD 00000895: SWAP1 00000896: DUP1 00000897: DUP4 00000898: DUP4 00000899: JUMPDEST 0000089a: PUSH1 0x20 0000089c: DUP4 0000089d: LT 0000089e: ISZERO 0000089f: ISZERO 000008a0: PUSH2 0x08be 000008a3: JUMPI 000008a4: DUP1 000008a5: MLOAD 000008a6: DUP3 000008a7: MSTORE 000008a8: PUSH1 0x20 000008aa: DUP3 000008ab: ADD 000008ac: SWAP2 000008ad: POP 000008ae: PUSH1 0x20 000008b0: DUP2 000008b1: ADD 000008b2: SWAP1 000008b3: POP 000008b4: PUSH1 0x20 000008b6: DUP4 000008b7: SUB 000008b8: SWAP3 000008b9: POP 000008ba: PUSH2 0x0899 000008bd: JUMP 000008be: JUMPDEST 000008bf: PUSH1 0x01 000008c1: DUP4 000008c2: PUSH1 0x20 000008c4: SUB 000008c5: PUSH2 0x0100 000008c8: EXP 000008c9: SUB 000008ca: DUP1 000008cb: NOT 000008cc: DUP3 000008cd: MLOAD 000008ce: AND 000008cf: DUP2 000008d0: DUP5 000008d1: MLOAD 000008d2: AND 000008d3: DUP1 000008d4: DUP3 000008d5: OR 000008d6: DUP6 000008d7: MSTORE 000008d8: POP 000008d9: POP 000008da: POP 000008db: POP 000008dc: POP 000008dd: POP 000008de: SWAP1 000008df: POP 000008e0: ADD 000008e1: SWAP2 000008e2: POP 000008e3: POP 000008e4: PUSH1 0x40 000008e6: MLOAD 000008e7: DUP1 000008e8: SWAP2 000008e9: SUB 000008ea: SWAP1 000008eb: KECCAK256 000008ec: SWAP2 000008ed: POP 000008ee: PUSH1 0x02 000008f0: PUSH1 0x00 000008f2: SWAP1 000008f3: SLOAD 000008f4: SWAP1 000008f5: PUSH2 0x0100 000008f8: EXP 000008f9: SWAP1 000008fa: DIV 000008fb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000910: AND 00000911: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000926: AND 00000927: PUSH4 0x54f6127f 0000092c: DUP4 0000092d: PUSH1 0x40 0000092f: MLOAD 00000930: DUP3 00000931: PUSH4 0xffffffff 00000936: AND 00000937: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000955: MUL 00000956: DUP2 00000957: MSTORE 00000958: PUSH1 0x04 0000095a: ADD 0000095b: DUP1 0000095c: DUP3 0000095d: PUSH1 0x00 0000095f: NOT 00000960: AND 00000961: PUSH1 0x00 00000963: NOT 00000964: AND 00000965: DUP2 00000966: MSTORE 00000967: PUSH1 0x20 00000969: ADD 0000096a: SWAP2 0000096b: POP 0000096c: POP 0000096d: PUSH1 0x40 0000096f: DUP1 00000970: MLOAD 00000971: DUP1 00000972: DUP4 00000973: SUB 00000974: DUP2 00000975: PUSH1 0x00 00000977: DUP8 00000978: DUP1 00000979: EXTCODESIZE 0000097a: ISZERO 0000097b: DUP1 0000097c: ISZERO 0000097d: PUSH2 0x0985 00000980: JUMPI 00000981: PUSH1 0x00 00000983: DUP1 00000984: REVERT 00000985: JUMPDEST 00000986: POP 00000987: GAS 00000988: CALL 00000989: ISZERO 0000098a: DUP1 0000098b: ISZERO 0000098c: PUSH2 0x0999 0000098f: JUMPI 00000990: RETURNDATASIZE 00000991: PUSH1 0x00 00000993: DUP1 00000994: RETURNDATACOPY 00000995: RETURNDATASIZE 00000996: PUSH1 0x00 00000998: REVERT 00000999: JUMPDEST 0000099a: POP 0000099b: POP 0000099c: POP 0000099d: POP 0000099e: PUSH1 0x40 000009a0: MLOAD 000009a1: RETURNDATASIZE 000009a2: PUSH1 0x40 000009a4: DUP2 000009a5: LT 000009a6: ISZERO 000009a7: PUSH2 0x09af 000009aa: JUMPI 000009ab: PUSH1 0x00 000009ad: DUP1 000009ae: REVERT 000009af: JUMPDEST 000009b0: DUP2 000009b1: ADD 000009b2: SWAP1 000009b3: DUP1 000009b4: DUP1 000009b5: MLOAD 000009b6: SWAP1 000009b7: PUSH1 0x20 000009b9: ADD 000009ba: SWAP1 000009bb: SWAP3 000009bc: SWAP2 000009bd: SWAP1 000009be: DUP1 000009bf: MLOAD 000009c0: SWAP1 000009c1: PUSH1 0x20 000009c3: ADD 000009c4: SWAP1 000009c5: SWAP3 000009c6: SWAP2 000009c7: SWAP1 000009c8: POP 000009c9: POP 000009ca: POP 000009cb: DUP1 000009cc: SWAP5 000009cd: POP 000009ce: DUP2 000009cf: SWAP6 000009d0: POP 000009d1: POP 000009d2: POP 000009d3: DUP8 000009d4: DUP8 000009d5: PUSH1 0x40 000009d7: MLOAD 000009d8: PUSH1 0x20 000009da: ADD 000009db: DUP1 000009dc: DUP4 000009dd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009f2: AND 000009f3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a08: AND 00000a09: PUSH13 0x01000000000000000000000000 00000a17: MUL 00000a18: DUP2 00000a19: MSTORE 00000a1a: PUSH1 0x14 00000a1c: ADD 00000a1d: DUP3 00000a1e: DUP2 00000a1f: MSTORE 00000a20: PUSH1 0x20 00000a22: ADD 00000a23: SWAP3 00000a24: POP 00000a25: POP 00000a26: POP 00000a27: PUSH1 0x40 00000a29: MLOAD 00000a2a: PUSH1 0x20 00000a2c: DUP2 00000a2d: DUP4 00000a2e: SUB 00000a2f: SUB 00000a30: DUP2 00000a31: MSTORE 00000a32: SWAP1 00000a33: PUSH1 0x40 00000a35: MSTORE 00000a36: PUSH1 0x40 00000a38: MLOAD 00000a39: DUP1 00000a3a: DUP3 00000a3b: DUP1 00000a3c: MLOAD 00000a3d: SWAP1 00000a3e: PUSH1 0x20 00000a40: ADD 00000a41: SWAP1 00000a42: DUP1 00000a43: DUP4 00000a44: DUP4 00000a45: JUMPDEST 00000a46: PUSH1 0x20 00000a48: DUP4 00000a49: LT 00000a4a: ISZERO 00000a4b: ISZERO 00000a4c: PUSH2 0x0a6a 00000a4f: JUMPI 00000a50: DUP1 00000a51: MLOAD 00000a52: DUP3 00000a53: MSTORE 00000a54: PUSH1 0x20 00000a56: DUP3 00000a57: ADD 00000a58: SWAP2 00000a59: POP 00000a5a: PUSH1 0x20 00000a5c: DUP2 00000a5d: ADD 00000a5e: SWAP1 00000a5f: POP 00000a60: PUSH1 0x20 00000a62: DUP4 00000a63: SUB 00000a64: SWAP3 00000a65: POP 00000a66: PUSH2 0x0a45 00000a69: JUMP 00000a6a: JUMPDEST 00000a6b: PUSH1 0x01 00000a6d: DUP4 00000a6e: PUSH1 0x20 00000a70: SUB 00000a71: PUSH2 0x0100 00000a74: EXP 00000a75: SUB 00000a76: DUP1 00000a77: NOT 00000a78: DUP3 00000a79: MLOAD 00000a7a: AND 00000a7b: DUP2 00000a7c: DUP5 00000a7d: MLOAD 00000a7e: AND 00000a7f: DUP1 00000a80: DUP3 00000a81: OR 00000a82: DUP6 00000a83: MSTORE 00000a84: POP 00000a85: POP 00000a86: POP 00000a87: POP 00000a88: POP 00000a89: POP 00000a8a: SWAP1 00000a8b: POP 00000a8c: ADD 00000a8d: SWAP2 00000a8e: POP 00000a8f: POP 00000a90: PUSH1 0x40 00000a92: MLOAD 00000a93: DUP1 00000a94: SWAP2 00000a95: SUB 00000a96: SWAP1 00000a97: KECCAK256 00000a98: SWAP1 00000a99: POP 00000a9a: DUP4 00000a9b: ISZERO 00000a9c: ISZERO 00000a9d: PUSH2 0x0aa5 00000aa0: JUMPI 00000aa1: PUSH1 0x00 00000aa3: DUP1 00000aa4: REVERT 00000aa5: JUMPDEST 00000aa6: PUSH2 0x0ab0 00000aa9: DUP6 00000aaa: DUP5 00000aab: DUP4 00000aac: PUSH2 0x058e 00000aaf: JUMP 00000ab0: JUMPDEST 00000ab1: ISZERO 00000ab2: ISZERO 00000ab3: PUSH2 0x0abb 00000ab6: JUMPI 00000ab7: PUSH1 0x00 00000ab9: DUP1 00000aba: REVERT 00000abb: JUMPDEST 00000abc: PUSH1 0x00 00000abe: PUSH1 0x04 00000ac0: PUSH1 0x00 00000ac2: DUP6 00000ac3: PUSH1 0x00 00000ac5: NOT 00000ac6: AND 00000ac7: PUSH1 0x00 00000ac9: NOT 00000aca: AND 00000acb: DUP2 00000acc: MSTORE 00000acd: PUSH1 0x20 00000acf: ADD 00000ad0: SWAP1 00000ad1: DUP2 00000ad2: MSTORE 00000ad3: PUSH1 0x20 00000ad5: ADD 00000ad6: PUSH1 0x00 00000ad8: KECCAK256 00000ad9: PUSH1 0x00 00000adb: DUP4 00000adc: PUSH1 0x00 00000ade: NOT 00000adf: AND 00000ae0: PUSH1 0x00 00000ae2: NOT 00000ae3: AND 00000ae4: DUP2 00000ae5: MSTORE 00000ae6: PUSH1 0x20 00000ae8: ADD 00000ae9: SWAP1 00000aea: DUP2 00000aeb: MSTORE 00000aec: PUSH1 0x20 00000aee: ADD 00000aef: PUSH1 0x00 00000af1: KECCAK256 00000af2: SLOAD 00000af3: EQ 00000af4: ISZERO 00000af5: ISZERO 00000af6: PUSH2 0x0afe 00000af9: JUMPI 00000afa: PUSH1 0x00 00000afc: DUP1 00000afd: REVERT 00000afe: JUMPDEST 00000aff: DUP8 00000b00: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b15: AND 00000b16: PUSH2 0x08fc 00000b19: DUP9 00000b1a: SWAP1 00000b1b: DUP2 00000b1c: ISZERO 00000b1d: MUL 00000b1e: SWAP1 00000b1f: PUSH1 0x40 00000b21: MLOAD 00000b22: PUSH1 0x00 00000b24: PUSH1 0x40 00000b26: MLOAD 00000b27: DUP1 00000b28: DUP4 00000b29: SUB 00000b2a: DUP2 00000b2b: DUP6 00000b2c: DUP9 00000b2d: DUP9 00000b2e: CALL 00000b2f: SWAP4 00000b30: POP 00000b31: POP 00000b32: POP 00000b33: POP 00000b34: ISZERO 00000b35: DUP1 00000b36: ISZERO 00000b37: PUSH2 0x0b44 00000b3a: JUMPI 00000b3b: RETURNDATASIZE 00000b3c: PUSH1 0x00 00000b3e: DUP1 00000b3f: RETURNDATACOPY 00000b40: RETURNDATASIZE 00000b41: PUSH1 0x00 00000b43: REVERT 00000b44: JUMPDEST 00000b45: POP 00000b46: PUSH1 0x01 00000b48: PUSH1 0x04 00000b4a: PUSH1 0x00 00000b4c: DUP6 00000b4d: PUSH1 0x00 00000b4f: NOT 00000b50: AND 00000b51: PUSH1 0x00 00000b53: NOT 00000b54: AND 00000b55: DUP2 00000b56: MSTORE 00000b57: PUSH1 0x20 00000b59: ADD 00000b5a: SWAP1 00000b5b: DUP2 00000b5c: MSTORE 00000b5d: PUSH1 0x20 00000b5f: ADD 00000b60: PUSH1 0x00 00000b62: KECCAK256 00000b63: PUSH1 0x00 00000b65: DUP4 00000b66: PUSH1 0x00 00000b68: NOT 00000b69: AND 00000b6a: PUSH1 0x00 00000b6c: NOT 00000b6d: AND 00000b6e: DUP2 00000b6f: MSTORE 00000b70: PUSH1 0x20 00000b72: ADD 00000b73: SWAP1 00000b74: DUP2 00000b75: MSTORE 00000b76: PUSH1 0x20 00000b78: ADD 00000b79: PUSH1 0x00 00000b7b: KECCAK256 00000b7c: PUSH1 0x00 00000b7e: DUP3 00000b7f: DUP3 00000b80: SLOAD 00000b81: ADD 00000b82: SWAP3 00000b83: POP 00000b84: POP 00000b85: DUP2 00000b86: SWAP1 00000b87: SSTORE 00000b88: POP 00000b89: PUSH32 0xf341246adaac6f497bc2a656f546ab9e182111d630394f0c57c710a59a2cb567 00000baa: ADDRESS 00000bab: DUP10 00000bac: DUP10 00000bad: DUP10 00000bae: PUSH1 0x40 00000bb0: MLOAD 00000bb1: DUP1 00000bb2: DUP6 00000bb3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bc8: AND 00000bc9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bde: AND 00000bdf: DUP2 00000be0: MSTORE 00000be1: PUSH1 0x20 00000be3: ADD 00000be4: DUP5 00000be5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bfa: AND 00000bfb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c10: AND 00000c11: DUP2 00000c12: MSTORE 00000c13: PUSH1 0x20 00000c15: ADD 00000c16: DUP4 00000c17: DUP2 00000c18: MSTORE 00000c19: PUSH1 0x20 00000c1b: ADD 00000c1c: DUP3 00000c1d: DUP2 00000c1e: MSTORE 00000c1f: PUSH1 0x20 00000c21: ADD 00000c22: SWAP5 00000c23: POP 00000c24: POP 00000c25: POP 00000c26: POP 00000c27: POP 00000c28: PUSH1 0x40 00000c2a: MLOAD 00000c2b: DUP1 00000c2c: SWAP2 00000c2d: SUB 00000c2e: SWAP1 00000c2f: LOG1 00000c30: POP 00000c31: POP 00000c32: POP 00000c33: POP 00000c34: POP 00000c35: POP 00000c36: POP 00000c37: POP 00000c38: JUMP 00000c39: JUMPDEST 00000c3a: PUSH1 0x00 00000c3c: DUP1 00000c3d: SWAP1 00000c3e: SLOAD 00000c3f: SWAP1 00000c40: PUSH2 0x0100 00000c43: EXP 00000c44: SWAP1 00000c45: DIV 00000c46: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c5b: AND 00000c5c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c71: AND 00000c72: CALLER 00000c73: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c88: AND 00000c89: EQ 00000c8a: ISZERO 00000c8b: ISZERO 00000c8c: PUSH2 0x0c94 00000c8f: JUMPI 00000c90: PUSH1 0x00 00000c92: DUP1 00000c93: REVERT 00000c94: JUMPDEST 00000c95: DUP2 00000c96: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000cab: AND 00000cac: PUSH2 0x08fc 00000caf: DUP3 00000cb0: SWAP1 00000cb1: DUP2 00000cb2: ISZERO 00000cb3: MUL 00000cb4: SWAP1 00000cb5: PUSH1 0x40 00000cb7: MLOAD 00000cb8: PUSH1 0x00 00000cba: PUSH1 0x40 00000cbc: MLOAD 00000cbd: DUP1 00000cbe: DUP4 00000cbf: SUB 00000cc0: DUP2 00000cc1: DUP6 00000cc2: DUP9 00000cc3: DUP9 00000cc4: CALL 00000cc5: SWAP4 00000cc6: POP 00000cc7: POP 00000cc8: POP 00000cc9: POP 00000cca: ISZERO 00000ccb: DUP1 00000ccc: ISZERO 00000ccd: PUSH2 0x0cda 00000cd0: JUMPI 00000cd1: RETURNDATASIZE 00000cd2: PUSH1 0x00 00000cd4: DUP1 00000cd5: RETURNDATACOPY 00000cd6: RETURNDATASIZE 00000cd7: PUSH1 0x00 00000cd9: REVERT 00000cda: JUMPDEST 00000cdb: POP 00000cdc: POP 00000cdd: POP 00000cde: JUMP 00000cdf: JUMPDEST 00000ce0: PUSH1 0x00 00000ce2: CALLVALUE 00000ce3: GT 00000ce4: ISZERO 00000ce5: ISZERO 00000ce6: PUSH2 0x0cee 00000ce9: JUMPI 00000cea: PUSH1 0x00 00000cec: DUP1 00000ced: REVERT 00000cee: JUMPDEST 00000cef: PUSH32 0x5548c837ab068cf56a2c2479df0882a4922fd203edb7517321831d95078c5f62 00000d10: CALLER 00000d11: ADDRESS 00000d12: CALLVALUE 00000d13: PUSH1 0x40 00000d15: MLOAD 00000d16: DUP1 00000d17: DUP5 00000d18: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000d2d: AND 00000d2e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000d43: AND 00000d44: DUP2 00000d45: MSTORE 00000d46: PUSH1 0x20 00000d48: ADD 00000d49: DUP4 00000d4a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000d5f: AND 00000d60: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000d75: AND 00000d76: DUP2 00000d77: MSTORE 00000d78: PUSH1 0x20 00000d7a: ADD 00000d7b: DUP3 00000d7c: DUP2 00000d7d: MSTORE 00000d7e: PUSH1 0x20 00000d80: ADD 00000d81: SWAP4 00000d82: POP 00000d83: POP 00000d84: POP 00000d85: POP 00000d86: PUSH1 0x40 00000d88: MLOAD 00000d89: DUP1 00000d8a: SWAP2 00000d8b: SUB 00000d8c: SWAP1 00000d8d: LOG1 00000d8e: JUMP 00000d8f: JUMPDEST 00000d90: PUSH1 0x01 00000d92: PUSH1 0x00 00000d94: SWAP1 00000d95: SLOAD 00000d96: SWAP1 00000d97: PUSH2 0x0100 00000d9a: EXP 00000d9b: SWAP1 00000d9c: DIV 00000d9d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000db2: AND 00000db3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000dc8: AND 00000dc9: CALLER 00000dca: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000ddf: AND 00000de0: EQ 00000de1: ISZERO 00000de2: ISZERO 00000de3: PUSH2 0x0deb 00000de6: JUMPI 00000de7: PUSH1 0x00 00000de9: DUP1 00000dea: REVERT 00000deb: JUMPDEST 00000dec: DUP1 00000ded: PUSH1 0x03 00000def: DUP2 00000df0: SWAP1 00000df1: SSTORE 00000df2: POP 00000df3: POP 00000df4: JUMP 00000df5: JUMPDEST 00000df6: PUSH1 0x00 00000df8: DUP3 00000df9: DUP3 00000dfa: GT 00000dfb: ISZERO 00000dfc: ISZERO 00000dfd: ISZERO 00000dfe: PUSH2 0x0e03 00000e01: JUMPI 00000e02: INVALID 00000e03: JUMPDEST 00000e04: DUP2 00000e05: DUP4 00000e06: SUB 00000e07: SWAP1 00000e08: POP 00000e09: SWAP3 00000e0a: SWAP2 00000e0b: POP 00000e0c: POP 00000e0d: JUMP 00000e0e: JUMPDEST 00000e0f: PUSH1 0x00 00000e11: DUP1 00000e12: DUP3 00000e13: DUP5 00000e14: ADD 00000e15: SWAP1 00000e16: POP 00000e17: DUP4 00000e18: DUP2 00000e19: LT 00000e1a: ISZERO 00000e1b: ISZERO 00000e1c: ISZERO 00000e1d: PUSH2 0x0e22 00000e20: JUMPI 00000e21: INVALID 00000e22: JUMPDEST 00000e23: DUP1 00000e24: SWAP2 00000e25: POP 00000e26: POP 00000e27: SWAP3 00000e28: SWAP2 00000e29: POP 00000e2a: POP 00000e2b: JUMP 00000e2c: STOP 00000e2d: LOG1 00000e2e: PUSH6 0x627a7a723058 00000e35: KECCAK256 00000e36: OR 00000e37: JUMPDEST 00000e38: DUP6 00000e39: UNKNOWN(0x4F) 00000e3a: UNKNOWN(0xDF) 00000e3b: UNKNOWN(0xBB) 00000e3c: CALL 00000e3d: PUSH5 0x0f4c392a5f 00000e43: UNKNOWN(0x4C) 00000e44: UNKNOWN(0x0E) 00000e45: UNKNOWN(0xDF) 00000e46: PC 00000e47: UNKNOWN(0xB6) 00000e48: CODESIZE 00000e49: UNKNOWN(0xAD) 00000e4a: SDIV 00000e4b: SWAP14 00000e4c: ADD 00000e4d: GASLIMIT 00000e4e: OR 00000e4f: PUSH4 0x0e835007 00000e54: PUSH26
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x1c3da7b196a7f572dd32ebddead3fad769ee5339a2ac7975173b1b0fe986070a
call_targets:
0xc50489a925e9c8dcfe792951fe85f96d14f41ffc
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1c3da7b196a7f572dd32ebddead3fad769ee5339a2ac7975173b1b0fe986070a",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xc50489a925e9c8dcfe792951fe85f96d14f41ffc"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27d7874c",
"selector": "0x27d7874c",
"calldata_variants": [
"0x27d7874c",
"0x27d7874c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2ca15122",
"selector": "0x2ca15122",
"calldata_variants": [
"0x2ca15122",
"0x2ca151220000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ccfd067",
"selector": "0x3ccfd067",
"calldata_variants": [
"0x3ccfd067",
"0x3ccfd0670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4bc935d7",
"selector": "0x4bc935d7",
"calldata_variants": [
"0x4bc935d7",
"0x4bc935d70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4e0a3379",
"selector": "0x4e0a3379",
"calldata_variants": [
"0x4e0a3379",
"0x4e0a33790000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x93a2f9c7",
"selector": "0x93a2f9c7",
"calldata_variants": [
"0x93a2f9c7",
"0x93a2f9c70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd0cff12f",
"selector": "0xd0cff12f",
"calldata_variants": [
"0xd0cff12f",
"0xd0cff12f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2440,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2862,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 3268,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 4,
"guards_detected": [
{
"pc": 867,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1898,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2064,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3186,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3529,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 4
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x1c3da7b196a7f572dd32ebddead3fad769ee5339a2ac7975173b1b0fe986070a
call_targets:
0xc50489a925e9c8dcfe792951fe85f96d14f41ffc
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1c3da7b196a7f572dd32ebddead3fad769ee5339a2ac7975173b1b0fe986070a",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xc50489a925e9c8dcfe792951fe85f96d14f41ffc"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xffffffff",
"selector": "0xffffffff",
"calldata_variants": [
"0xffffffff",
"0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x27d7874c",
"selector": "0x27d7874c",
"calldata_variants": [
"0x27d7874c",
"0x27d7874c0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2ca15122",
"selector": "0x2ca15122",
"calldata_variants": [
"0x2ca15122",
"0x2ca151220000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3ccfd067",
"selector": "0x3ccfd067",
"calldata_variants": [
"0x3ccfd067",
"0x3ccfd0670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4bc935d7",
"selector": "0x4bc935d7",
"calldata_variants": [
"0x4bc935d7",
"0x4bc935d70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4e0a3379",
"selector": "0x4e0a3379",
"calldata_variants": [
"0x4e0a3379",
"0x4e0a33790000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x93a2f9c7",
"selector": "0x93a2f9c7",
"calldata_variants": [
"0x93a2f9c7",
"0x93a2f9c70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd0cff12f",
"selector": "0xd0cff12f",
"calldata_variants": [
"0xd0cff12f",
"0xd0cff12f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2440,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2862,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 3268,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 4,
"guards_detected": [
{
"pc": 867,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1898,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 2064,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3186,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3529,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|