TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

a960024e-2b54-4060-916f-c51d68cfaf24

complete
Chain ID
1
Address
0x953c32158602e9690c6e86b94b230b5951b51a73
Block Number
Created
Mon, Dec 29, 2025 11:54 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Present
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
30621 report.consolidate complete 1 / 1 3 months ago
74722 artifact.fetch complete 1 / 3 1 week ago
74723 tool.cast_disasm complete 1 / 3 1 week ago
74724 analysis.bundle complete 1 / 3 1 week ago
74725 capability.graph complete 1 / 3 1 week ago
74726 detector.run complete 1 / 3 1 week ago
74727 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
1
No findings?
no
Summary
Found 1 low-severity issue in Vesting claim transfer handling.
View stderr 
[codex:576755] OpenAI Codex v0.77.0 (research preview)
[codex:576755] --------
[codex:576755] workdir: /tmp/codex-multi-r67l6cna
[codex:576755] model: gpt-5.2-codex
[codex:576755] provider: openai
[codex:576755] approval: never
[codex:576755] sandbox: read-only
[codex:576755] reasoning effort: xhigh
[codex:576755] reasoning summaries: auto
[codex:576755] session id: 019b6c87-f552-74d0-b739-1b910a244a37
[codex:576755] --------
[codex:576755] user
[codex:576755] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:576755] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:576755] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:576755] 
[codex:576755] Scope rules:
[codex:576755] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:576755] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:576755] 
[codex:576755] Output MUST be valid JSON matching the provided schema.
[codex:576755] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:576755] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:576755] 
[codex:576755] Output constraints (IMPORTANT):
[codex:576755] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:576755] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:576755] mcp startup: no servers
[codex:576755] 
[codex:576755] thinking
[codex:576755] **Checking for skills and instructions**
[codex:576755] exec
[codex:576755] /bin/bash -lc ls in /tmp/codex-multi-r67l6cna succeeded in 5ms:
[codex:576755] AUDIT_BUNDLE.txt
[codex:576755] codex-output-schema.json
[codex:576755] contracts
[codex:576755] 
[codex:576755] thinking
[codex:576755] **Reading AUDIT_BUNDLE.txt**
[codex:576755] exec
[codex:576755] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-r67l6cna succeeded in 5ms:
[codex:576755] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:576755] 
[codex:576755] ================================================================================
[codex:576755] FILE: contracts/@openzeppelin/contracts/math/SafeMath.sol
[codex:576755] ================================================================================
[codex:576755] // SPDX-License-Identifier: MIT
[codex:576755] 
[codex:576755] pragma solidity >=0.6.0 <0.8.0;
[codex:576755] 
[codex:576755] /**
[codex:576755]  * @dev Wrappers over Solidity's arithmetic operations with added overflow
[codex:576755]  * checks.
[codex:576755]  *
[codex:576755]  * Arithmetic operations in Solidity wrap on overflow. This can easily result
[codex:576755]  * in bugs, because programmers usually assume that an overflow raises an
[codex:576755]  * error, which is the standard behavior in high level programming languages.
[codex:576755]  * `SafeMath` restores this intuition by reverting the transaction when an
[codex:576755]  * operation overflows.
[codex:576755]  *
[codex:576755]  * Using this library instead of the unchecked operations eliminates an entire
[codex:576755] 
[codex:576755] thinking
[codex:576755] **Analyzing vesting contract vulnerabilities**
[codex:576755] 
[codex:576755] I’m reviewing the Vesting contract for security issues, focusing on unchecked token transfer returns, potential reentrancy risks, and how state updates relate to token transfers. I’m considering how failure to check IERC20 transfer success could lead to stuck tokens or accounting errors, while also verifying reentrancy protections and edge cases like zero-address recipients. Next, I plan to get line numbers by numbering the contract file to produce the required JSON audit output.
[codex:576755] exec
[codex:576755] /bin/bash -lc 'nl -ba contracts/contracts/Vesting.sol' in /tmp/codex-multi-r67l6cna succeeded in 5ms:
[codex:576755]      1	pragma solidity ^0.6.10;
[codex:576755]      2	
[codex:576755]      3	import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
[codex:576755]      4	import { SafeMath } from "@openzeppelin/contracts/math/SafeMath.sol";
[codex:576755]      5	
[codex:576755]      6	
[codex:576755]      7	contract Vesting {
[codex:576755]      8	    using SafeMath for uint256;
[codex:576755]      9	
[codex:576755]     10	    address public visr;
[codex:576755]     11	    address public recipient;
[codex:576755]     12	
[codex:576755]     13	    uint256 public vestingAmount;
[codex:576755]     14	    uint256 public vestingBegin;
[codex:576755]     15	    uint256 public vestingCliff;
[codex:576755]     16	    uint256 public vestingEnd;
[codex:576755]     17	
[codex:576755]     18	    uint256 public lastUpdate;
[codex:576755]     19	
[codex:576755]     20	    constructor(
[codex:576755] 
[codex:576755] thinking
[codex:576755] **Reviewing JSON schema**
[codex:576755] exec
[codex:576755] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-r67l6cna succeeded in 5ms:
[codex:576755] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:576755] 
[codex:576755] thinking
[codex:576755] **Summarizing vulnerability analysis**
[codex:576755] 
[codex:576755] I'm preparing a JSON report highlighting one low-severity issue: the Vesting contract calls IERC20.transfer without checking its return value, which could cause silent failures and inconsistent vesting state. I'm including evidence lines from the contract and explain the exploit scenario focusing on non-standard token behaviors, while noting other potential concerns but ruling them non-exploitable.
[codex:576755] codex
[codex:576755] {"no_findings":false,"summary":"Found 1 low-severity issue in Vesting claim transfer handling.","findings":[{"severity":"low","category":"other","title":"Unchecked ERC20 transfer return value can silently fail and skew vesting behavior","exploit_scenario":"If the VISR token is non-standard or returns false without reverting, `claim()` will still succeed. Before `vestingEnd`, `lastUpdate` is advanced even if no tokens were transferred, so interim claims can silently fail and mislead recipients (tokens remain in the contract until `vestingEnd`, or permanently if the token always returns false).","recommendation":"Use OpenZeppelin SafeERC20 (`safeTransfer`) or explicitly check the boolean return value and revert on failure. Consider updating `lastUpdate` only after a successful transfer.","evidence":"`claim()` calls `IERC20(visr).transfer(recipient, amount)` without checking the returned boolean; `lastUpdate` is advanced before the transfer in the non-terminal branch.","locations":["contracts/contracts/Vesting.sol:54","contracts/contracts/Vesting.sol:55","contracts/contracts/Vesting.sol:57"]}]}
[codex:576755] tokens used
[codex:576755] 13,009
[codex:576755] {"no_findings":false,"summary":"Found 1 low-severity issue in Vesting claim transfer handling.","findings":[{"severity":"low","category":"other","title":"Unchecked ERC20 transfer return value can silently fail and skew vesting behavior","exploit_scenario":"If the VISR token is non-standard or returns false without reverting, `claim()` will still succeed. Before `vestingEnd`, `lastUpdate` is advanced even if no tokens were transferred, so interim claims can silently fail and mislead recipients (tokens remain in the contract until `vestingEnd`, or permanently if the token always returns false).","recommendation":"Use OpenZeppelin SafeERC20 (`safeTransfer`) or explicitly check the boolean return value and revert on failure. Consider updating `lastUpdate` only after a successful transfer.","evidence":"`claim()` calls `IERC20(visr).transfer(recipient, amount)` without checking the returned boolean; `lastUpdate` is advanced before the transfer in the non-terminal branch.","locations":["contracts/contracts/Vesting.sol:54","contracts/contracts/Vesting.sol:55","contracts/contracts/Vesting.sol:57"]}]}
Metadata 
{
    "codex": {
        "ran_at": "2025-12-29T23:54:52.170423+00:00",
        "returncode": 0
    },
    "summary": "Found 1 low-severity issue in Vesting claim transfer handling.",
    "raw_final": {
        "summary": "Found 1 low-severity issue in Vesting claim transfer handling.",
        "findings": [
            {
                "title": "Unchecked ERC20 transfer return value can silently fail and skew vesting behavior",
                "category": "other",
                "evidence": "`claim()` calls `IERC20(visr).transfer(recipient, amount)` without checking the returned boolean; `lastUpdate` is advanced before the transfer in the non-terminal branch.",
                "severity": "low",
                "locations": [
                    "contracts/contracts/Vesting.sol:54",
                    "contracts/contracts/Vesting.sol:55",
                    "contracts/contracts/Vesting.sol:57"
                ],
                "recommendation": "Use OpenZeppelin SafeERC20 (`safeTransfer`) or explicitly check the boolean return value and revert on failure. Consider updating `lastUpdate` only after a successful transfer.",
                "exploit_scenario": "If the VISR token is non-standard or returns false without reverting, `claim()` will still succeed. Before `vestingEnd`, `lastUpdate` is advanced even if no tokens were transferred, so interim claims can silently fail and mislead recipients (tokens remain in the contract until `vestingEnd`, or permanently if the token always returns false)."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
2
Total opcodes
811
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLVALUE
00000006: DUP1
00000007: ISZERO
00000008: PUSH2 0x0010
0000000b: JUMPI
0000000c: PUSH1 0x00
0000000e: DUP1
0000000f: REVERT
00000010: JUMPDEST
00000011: POP
00000012: PUSH1 0x04
00000014: CALLDATASIZE
00000015: LT
00000016: PUSH2 0x00a2
00000019: JUMPI
0000001a: PUSH1 0x00
0000001c: CALLDATALOAD
0000001d: PUSH1 0xe0
0000001f: SHR
00000020: DUP1
00000021: PUSH4 0x84a1931f
00000026: GT
00000027: PUSH2 0x0076
0000002a: JUMPI
0000002b: DUP1
0000002c: PUSH4 0xc0463711
00000031: GT
00000032: PUSH2 0x005b
00000035: JUMPI
00000036: DUP1
00000037: PUSH4 0xc0463711
0000003c: EQ
0000003d: PUSH2 0x0125
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0xe29bc68b
00000047: EQ
00000048: PUSH2 0x012d
0000004b: JUMPI
0000004c: DUP1
0000004d: PUSH4 0xf3640e74
00000052: EQ
00000053: PUSH2 0x0135
00000056: JUMPI
00000057: PUSH2 0x00a2
0000005a: JUMP
0000005b: JUMPDEST
0000005c: DUP1
0000005d: PUSH4 0x84a1931f
00000062: EQ
00000063: PUSH2 0x0115
00000066: JUMPI
00000067: DUP1
00000068: PUSH4 0x8d1dc56a
0000006d: EQ
0000006e: PUSH2 0x011d
00000071: JUMPI
00000072: PUSH2 0x00a2
00000075: JUMP
00000076: JUMPDEST
00000077: DUP1
00000078: PUSH3 0x728f76
0000007c: EQ
0000007d: PUSH2 0x00a7
00000080: JUMPI
00000081: DUP1
00000082: PUSH4 0x3bbed4a0
00000087: EQ
00000088: PUSH2 0x00c1
0000008b: JUMPI
0000008c: DUP1
0000008d: PUSH4 0x4e71d92d
00000092: EQ
00000093: PUSH2 0x00e9
00000096: JUMPI
00000097: DUP1
00000098: PUSH4 0x66d003ac
0000009d: EQ
0000009e: PUSH2 0x00f1
000000a1: JUMPI
000000a2: JUMPDEST
000000a3: PUSH1 0x00
000000a5: DUP1
000000a6: REVERT
000000a7: JUMPDEST
000000a8: PUSH2 0x00af
000000ab: PUSH2 0x013d
000000ae: JUMP
000000af: JUMPDEST
000000b0: PUSH1 0x40
000000b2: DUP1
000000b3: MLOAD
000000b4: SWAP2
000000b5: DUP3
000000b6: MSTORE
000000b7: MLOAD
000000b8: SWAP1
000000b9: DUP2
000000ba: SWAP1
000000bb: SUB
000000bc: PUSH1 0x20
000000be: ADD
000000bf: SWAP1
000000c0: RETURN
000000c1: JUMPDEST
000000c2: PUSH2 0x00e7
000000c5: PUSH1 0x04
000000c7: DUP1
000000c8: CALLDATASIZE
000000c9: SUB
000000ca: PUSH1 0x20
000000cc: DUP2
000000cd: LT
000000ce: ISZERO
000000cf: PUSH2 0x00d7
000000d2: JUMPI
000000d3: PUSH1 0x00
000000d5: DUP1
000000d6: REVERT
000000d7: JUMPDEST
000000d8: POP
000000d9: CALLDATALOAD
000000da: PUSH1 0x01
000000dc: PUSH1 0x01
000000de: PUSH1 0xa0
000000e0: SHL
000000e1: SUB
000000e2: AND
000000e3: PUSH2 0x0143
000000e6: JUMP
000000e7: JUMPDEST
000000e8: STOP
000000e9: JUMPDEST
000000ea: PUSH2 0x00e7
000000ed: PUSH2 0x01c6
000000f0: JUMP
000000f1: JUMPDEST
000000f2: PUSH2 0x00f9
000000f5: PUSH2 0x036f
000000f8: JUMP
000000f9: JUMPDEST
000000fa: PUSH1 0x40
000000fc: DUP1
000000fd: MLOAD
000000fe: PUSH1 0x01
00000100: PUSH1 0x01
00000102: PUSH1 0xa0
00000104: SHL
00000105: SUB
00000106: SWAP1
00000107: SWAP3
00000108: AND
00000109: DUP3
0000010a: MSTORE
0000010b: MLOAD
0000010c: SWAP1
0000010d: DUP2
0000010e: SWAP1
0000010f: SUB
00000110: PUSH1 0x20
00000112: ADD
00000113: SWAP1
00000114: RETURN
00000115: JUMPDEST
00000116: PUSH2 0x00af
00000119: PUSH2 0x037e
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH2 0x00f9
00000121: PUSH2 0x0384
00000124: JUMP
00000125: JUMPDEST
00000126: PUSH2 0x00af
00000129: PUSH2 0x0393
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH2 0x00af
00000131: PUSH2 0x0399
00000134: JUMP
00000135: JUMPDEST
00000136: PUSH2 0x00af
00000139: PUSH2 0x039f
0000013c: JUMP
0000013d: JUMPDEST
0000013e: PUSH1 0x02
00000140: SLOAD
00000141: DUP2
00000142: JUMP
00000143: JUMPDEST
00000144: PUSH1 0x01
00000146: SLOAD
00000147: PUSH1 0x01
00000149: PUSH1 0x01
0000014b: PUSH1 0xa0
0000014d: SHL
0000014e: SUB
0000014f: AND
00000150: CALLER
00000151: EQ
00000152: PUSH2 0x018c
00000155: JUMPI
00000156: PUSH1 0x40
00000158: MLOAD
00000159: PUSH3 0x461bcd
0000015d: PUSH1 0xe5
0000015f: SHL
00000160: DUP2
00000161: MSTORE
00000162: PUSH1 0x04
00000164: ADD
00000165: DUP1
00000166: DUP1
00000167: PUSH1 0x20
00000169: ADD
0000016a: DUP3
0000016b: DUP2
0000016c: SUB
0000016d: DUP3
0000016e: MSTORE
0000016f: PUSH1 0x29
00000171: DUP2
00000172: MSTORE
00000173: PUSH1 0x20
00000175: ADD
00000176: DUP1
00000177: PUSH2 0x04cf
0000017a: PUSH1 0x29
0000017c: SWAP2
0000017d: CODECOPY
0000017e: PUSH1 0x40
00000180: ADD
00000181: SWAP2
00000182: POP
00000183: POP
00000184: PUSH1 0x40
00000186: MLOAD
00000187: DUP1
00000188: SWAP2
00000189: SUB
0000018a: SWAP1
0000018b: REVERT
0000018c: JUMPDEST
0000018d: PUSH1 0x01
0000018f: DUP1
00000190: SLOAD
00000191: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000
000001b2: AND
000001b3: PUSH1 0x01
000001b5: PUSH1 0x01
000001b7: PUSH1 0xa0
000001b9: SHL
000001ba: SUB
000001bb: SWAP3
000001bc: SWAP1
000001bd: SWAP3
000001be: AND
000001bf: SWAP2
000001c0: SWAP1
000001c1: SWAP2
000001c2: OR
000001c3: SWAP1
000001c4: SSTORE
000001c5: JUMP
000001c6: JUMPDEST
000001c7: PUSH1 0x04
000001c9: SLOAD
000001ca: TIMESTAMP
000001cb: LT
000001cc: ISZERO
000001cd: PUSH2 0x0207
000001d0: JUMPI
000001d1: PUSH1 0x40
000001d3: MLOAD
000001d4: PUSH3 0x461bcd
000001d8: PUSH1 0xe5
000001da: SHL
000001db: DUP2
000001dc: MSTORE
000001dd: PUSH1 0x04
000001df: ADD
000001e0: DUP1
000001e1: DUP1
000001e2: PUSH1 0x20
000001e4: ADD
000001e5: DUP3
000001e6: DUP2
000001e7: SUB
000001e8: DUP3
000001e9: MSTORE
000001ea: PUSH1 0x22
000001ec: DUP2
000001ed: MSTORE
000001ee: PUSH1 0x20
000001f0: ADD
000001f1: DUP1
000001f2: PUSH2 0x04f8
000001f5: PUSH1 0x22
000001f7: SWAP2
000001f8: CODECOPY
000001f9: PUSH1 0x40
000001fb: ADD
000001fc: SWAP2
000001fd: POP
000001fe: POP
000001ff: PUSH1 0x40
00000201: MLOAD
00000202: DUP1
00000203: SWAP2
00000204: SUB
00000205: SWAP1
00000206: REVERT
00000207: JUMPDEST
00000208: PUSH1 0x00
0000020a: PUSH1 0x05
0000020c: SLOAD
0000020d: TIMESTAMP
0000020e: LT
0000020f: PUSH2 0x0290
00000212: JUMPI
00000213: PUSH1 0x00
00000215: SLOAD
00000216: PUSH1 0x40
00000218: DUP1
00000219: MLOAD
0000021a: PUSH4 0x70a08231
0000021f: PUSH1 0xe0
00000221: SHL
00000222: DUP2
00000223: MSTORE
00000224: ADDRESS
00000225: PUSH1 0x04
00000227: DUP3
00000228: ADD
00000229: MSTORE
0000022a: SWAP1
0000022b: MLOAD
0000022c: PUSH1 0x01
0000022e: PUSH1 0x01
00000230: PUSH1 0xa0
00000232: SHL
00000233: SUB
00000234: SWAP1
00000235: SWAP3
00000236: AND
00000237: SWAP2
00000238: PUSH4 0x70a08231
0000023d: SWAP2
0000023e: PUSH1 0x24
00000240: DUP1
00000241: DUP3
00000242: ADD
00000243: SWAP3
00000244: PUSH1 0x20
00000246: SWAP3
00000247: SWAP1
00000248: SWAP2
00000249: SWAP1
0000024a: DUP3
0000024b: SWAP1
0000024c: SUB
0000024d: ADD
0000024e: DUP2
0000024f: DUP7
00000250: DUP1
00000251: EXTCODESIZE
00000252: ISZERO
00000253: DUP1
00000254: ISZERO
00000255: PUSH2 0x025d
00000258: JUMPI
00000259: PUSH1 0x00
0000025b: DUP1
0000025c: REVERT
0000025d: JUMPDEST
0000025e: POP
0000025f: GAS
00000260: STATICCALL
00000261: ISZERO
00000262: DUP1
00000263: ISZERO
00000264: PUSH2 0x0271
00000267: JUMPI
00000268: RETURNDATASIZE
00000269: PUSH1 0x00
0000026b: DUP1
0000026c: RETURNDATACOPY
0000026d: RETURNDATASIZE
0000026e: PUSH1 0x00
00000270: REVERT
00000271: JUMPDEST
00000272: POP
00000273: POP
00000274: POP
00000275: POP
00000276: PUSH1 0x40
00000278: MLOAD
00000279: RETURNDATASIZE
0000027a: PUSH1 0x20
0000027c: DUP2
0000027d: LT
0000027e: ISZERO
0000027f: PUSH2 0x0287
00000282: JUMPI
00000283: PUSH1 0x00
00000285: DUP1
00000286: REVERT
00000287: JUMPDEST
00000288: POP
00000289: MLOAD
0000028a: SWAP1
0000028b: POP
0000028c: PUSH2 0x02e4
0000028f: JUMP
00000290: JUMPDEST
00000291: PUSH2 0x02dd
00000294: PUSH2 0x02aa
00000297: PUSH1 0x03
00000299: SLOAD
0000029a: PUSH1 0x05
0000029c: SLOAD
0000029d: PUSH2 0x03a5
000002a0: SWAP1
000002a1: SWAP2
000002a2: SWAP1
000002a3: PUSH4 0xffffffff
000002a8: AND
000002a9: JUMP
000002aa: JUMPDEST
000002ab: PUSH2 0x02d1
000002ae: PUSH2 0x02c2
000002b1: PUSH1 0x06
000002b3: SLOAD
000002b4: TIMESTAMP
000002b5: PUSH2 0x03a5
000002b8: SWAP1
000002b9: SWAP2
000002ba: SWAP1
000002bb: PUSH4 0xffffffff
000002c0: AND
000002c1: JUMP
000002c2: JUMPDEST
000002c3: PUSH1 0x02
000002c5: SLOAD
000002c6: SWAP1
000002c7: PUSH4 0xffffffff
000002cc: PUSH2 0x0407
000002cf: AND
000002d0: JUMP
000002d1: JUMPDEST
000002d2: SWAP1
000002d3: PUSH4 0xffffffff
000002d8: PUSH2 0x0467
000002db: AND
000002dc: JUMP
000002dd: JUMPDEST
000002de: TIMESTAMP
000002df: PUSH1 0x06
000002e1: SSTORE
000002e2: SWAP1
000002e3: POP
000002e4: JUMPDEST
000002e5: PUSH1 0x00
000002e7: DUP1
000002e8: SLOAD
000002e9: PUSH1 0x01
000002eb: SLOAD
000002ec: PUSH1 0x40
000002ee: DUP1
000002ef: MLOAD
000002f0: PUSH4 0xa9059cbb
000002f5: PUSH1 0xe0
000002f7: SHL
000002f8: DUP2
000002f9: MSTORE
000002fa: PUSH1 0x01
000002fc: PUSH1 0x01
000002fe: PUSH1 0xa0
00000300: SHL
00000301: SUB
00000302: SWAP3
00000303: DUP4
00000304: AND
00000305: PUSH1 0x04
00000307: DUP3
00000308: ADD
00000309: MSTORE
0000030a: PUSH1 0x24
0000030c: DUP2
0000030d: ADD
0000030e: DUP7
0000030f: SWAP1
00000310: MSTORE
00000311: SWAP1
00000312: MLOAD
00000313: SWAP2
00000314: SWAP1
00000315: SWAP3
00000316: AND
00000317: SWAP3
00000318: PUSH4 0xa9059cbb
0000031d: SWAP3
0000031e: PUSH1 0x44
00000320: DUP1
00000321: DUP3
00000322: ADD
00000323: SWAP4
00000324: PUSH1 0x20
00000326: SWAP4
00000327: SWAP1
00000328: SWAP3
00000329: DUP4
0000032a: SWAP1
0000032b: SUB
0000032c: SWAP1
0000032d: SWAP2
0000032e: ADD
0000032f: SWAP1
00000330: DUP3
00000331: SWAP1
00000332: DUP8
00000333: DUP1
00000334: EXTCODESIZE
00000335: ISZERO
00000336: DUP1
00000337: ISZERO
00000338: PUSH2 0x0340
0000033b: JUMPI
0000033c: PUSH1 0x00
0000033e: DUP1
0000033f: REVERT
00000340: JUMPDEST
00000341: POP
00000342: GAS
00000343: CALL
00000344: ISZERO
00000345: DUP1
00000346: ISZERO
00000347: PUSH2 0x0354
0000034a: JUMPI
0000034b: RETURNDATASIZE
0000034c: PUSH1 0x00
0000034e: DUP1
0000034f: RETURNDATACOPY
00000350: RETURNDATASIZE
00000351: PUSH1 0x00
00000353: REVERT
00000354: JUMPDEST
00000355: POP
00000356: POP
00000357: POP
00000358: POP
00000359: PUSH1 0x40
0000035b: MLOAD
0000035c: RETURNDATASIZE
0000035d: PUSH1 0x20
0000035f: DUP2
00000360: LT
00000361: ISZERO
00000362: PUSH2 0x036a
00000365: JUMPI
00000366: PUSH1 0x00
00000368: DUP1
00000369: REVERT
0000036a: JUMPDEST
0000036b: POP
0000036c: POP
0000036d: POP
0000036e: JUMP
0000036f: JUMPDEST
00000370: PUSH1 0x01
00000372: SLOAD
00000373: PUSH1 0x01
00000375: PUSH1 0x01
00000377: PUSH1 0xa0
00000379: SHL
0000037a: SUB
0000037b: AND
0000037c: DUP2
0000037d: JUMP
0000037e: JUMPDEST
0000037f: PUSH1 0x05
00000381: SLOAD
00000382: DUP2
00000383: JUMP
00000384: JUMPDEST
00000385: PUSH1 0x00
00000387: SLOAD
00000388: PUSH1 0x01
0000038a: PUSH1 0x01
0000038c: PUSH1 0xa0
0000038e: SHL
0000038f: SUB
00000390: AND
00000391: DUP2
00000392: JUMP
00000393: JUMPDEST
00000394: PUSH1 0x06
00000396: SLOAD
00000397: DUP2
00000398: JUMP
00000399: JUMPDEST
0000039a: PUSH1 0x03
0000039c: SLOAD
0000039d: DUP2
0000039e: JUMP
0000039f: JUMPDEST
000003a0: PUSH1 0x04
000003a2: SLOAD
000003a3: DUP2
000003a4: JUMP
000003a5: JUMPDEST
000003a6: PUSH1 0x00
000003a8: DUP3
000003a9: DUP3
000003aa: GT
000003ab: ISZERO
000003ac: PUSH2 0x03fc
000003af: JUMPI
000003b0: PUSH1 0x40
000003b2: DUP1
000003b3: MLOAD
000003b4: PUSH3 0x461bcd
000003b8: PUSH1 0xe5
000003ba: SHL
000003bb: DUP2
000003bc: MSTORE
000003bd: PUSH1 0x20
000003bf: PUSH1 0x04
000003c1: DUP3
000003c2: ADD
000003c3: MSTORE
000003c4: PUSH1 0x1e
000003c6: PUSH1 0x24
000003c8: DUP3
000003c9: ADD
000003ca: MSTORE
000003cb: PUSH32 0x536166654d6174683a207375627472616374696f6e206f766572666c6f770000
000003ec: PUSH1 0x44
000003ee: DUP3
000003ef: ADD
000003f0: MSTORE
000003f1: SWAP1
000003f2: MLOAD
000003f3: SWAP1
000003f4: DUP2
000003f5: SWAP1
000003f6: SUB
000003f7: PUSH1 0x64
000003f9: ADD
000003fa: SWAP1
000003fb: REVERT
000003fc: JUMPDEST
000003fd: POP
000003fe: DUP1
000003ff: DUP3
00000400: SUB
00000401: JUMPDEST
00000402: SWAP3
00000403: SWAP2
00000404: POP
00000405: POP
00000406: JUMP
00000407: JUMPDEST
00000408: PUSH1 0x00
0000040a: DUP3
0000040b: PUSH2 0x0416
0000040e: JUMPI
0000040f: POP
00000410: PUSH1 0x00
00000412: PUSH2 0x0401
00000415: JUMP
00000416: JUMPDEST
00000417: DUP3
00000418: DUP3
00000419: MUL
0000041a: DUP3
0000041b: DUP5
0000041c: DUP3
0000041d: DUP2
0000041e: PUSH2 0x0423
00000421: JUMPI
00000422: INVALID
00000423: JUMPDEST
00000424: DIV
00000425: EQ
00000426: PUSH2 0x0460
00000429: JUMPI
0000042a: PUSH1 0x40
0000042c: MLOAD
0000042d: PUSH3 0x461bcd
00000431: PUSH1 0xe5
00000433: SHL
00000434: DUP2
00000435: MSTORE
00000436: PUSH1 0x04
00000438: ADD
00000439: DUP1
0000043a: DUP1
0000043b: PUSH1 0x20
0000043d: ADD
0000043e: DUP3
0000043f: DUP2
00000440: SUB
00000441: DUP3
00000442: MSTORE
00000443: PUSH1 0x21
00000445: DUP2
00000446: MSTORE
00000447: PUSH1 0x20
00000449: ADD
0000044a: DUP1
0000044b: PUSH2 0x051a
0000044e: PUSH1 0x21
00000450: SWAP2
00000451: CODECOPY
00000452: PUSH1 0x40
00000454: ADD
00000455: SWAP2
00000456: POP
00000457: POP
00000458: PUSH1 0x40
0000045a: MLOAD
0000045b: DUP1
0000045c: SWAP2
0000045d: SUB
0000045e: SWAP1
0000045f: REVERT
00000460: JUMPDEST
00000461: SWAP4
00000462: SWAP3
00000463: POP
00000464: POP
00000465: POP
00000466: JUMP
00000467: JUMPDEST
00000468: PUSH1 0x00
0000046a: DUP1
0000046b: DUP3
0000046c: GT
0000046d: PUSH2 0x04bd
00000470: JUMPI
00000471: PUSH1 0x40
00000473: DUP1
00000474: MLOAD
00000475: PUSH3 0x461bcd
00000479: PUSH1 0xe5
0000047b: SHL
0000047c: DUP2
0000047d: MSTORE
0000047e: PUSH1 0x20
00000480: PUSH1 0x04
00000482: DUP3
00000483: ADD
00000484: MSTORE
00000485: PUSH1 0x1a
00000487: PUSH1 0x24
00000489: DUP3
0000048a: ADD
0000048b: MSTORE
0000048c: PUSH32 0x536166654d6174683a206469766973696f6e206279207a65726f000000000000
000004ad: PUSH1 0x44
000004af: DUP3
000004b0: ADD
000004b1: MSTORE
000004b2: SWAP1
000004b3: MLOAD
000004b4: SWAP1
000004b5: DUP2
000004b6: SWAP1
000004b7: SUB
000004b8: PUSH1 0x64
000004ba: ADD
000004bb: SWAP1
000004bc: REVERT
000004bd: JUMPDEST
000004be: DUP2
000004bf: DUP4
000004c0: DUP2
000004c1: PUSH2 0x04c6
000004c4: JUMPI
000004c5: INVALID
000004c6: JUMPDEST
000004c7: DIV
000004c8: SWAP4
000004c9: SWAP3
000004ca: POP
000004cb: POP
000004cc: POP
000004cd: JUMP
000004ce: INVALID
000004cf: SLOAD
000004d0: PUSH19 0x6561737572795665737465722e736574526563
000004e4: PUSH10 0x7069656e743a20756e61
000004ef: PUSH22 0x74686f72697a65645472656173757279566573746572
00000506: UNKNOWN(0x2E)
00000507: PUSH4 0x6c61696d
0000050c: GASPRICE
0000050d: KECCAK256
0000050e: PUSH15 0x6f742074696d652079657453616665
0000051e: UNKNOWN(0x4D)
0000051f: PUSH2 0x7468
00000522: GASPRICE
00000523: KECCAK256
00000524: PUSH14 0x756c7469706c69636174696f6e20
00000533: PUSH16 0x766572666c6f77a164736f6c63430006
00000544: EXP
00000545: STOP
00000546: EXP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xecebe9bb10ccb1a02cb3be5c2b036ac4b9210bab19d1f2445f5f18e822509ed3
call_targets: 0x953c32158602e9690c6e86b94b230b5951b51a73
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xecebe9bb10ccb1a02cb3be5c2b036ac4b9210bab19d1f2445f5f18e822509ed3",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x953c32158602e9690c6e86b94b230b5951b51a73"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xc0463711",
            "selector": "0xc0463711",
            "calldata_variants": [
                "0xc0463711",
                "0xc04637110000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe29bc68b",
            "selector": "0xe29bc68b",
            "calldata_variants": [
                "0xe29bc68b",
                "0xe29bc68b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3640e74",
            "selector": "0xf3640e74",
            "calldata_variants": [
                "0xf3640e74",
                "0xf3640e740000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x84a1931f",
            "selector": "0x84a1931f",
            "calldata_variants": [
                "0x84a1931f",
                "0x84a1931f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8d1dc56a",
            "selector": "0x8d1dc56a",
            "calldata_variants": [
                "0x8d1dc56a",
                "0x8d1dc56a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3bbed4a0",
            "selector": "0x3bbed4a0",
            "calldata_variants": [
                "0x3bbed4a0",
                "0x3bbed4a00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4e71d92d",
            "selector": "0x4e71d92d",
            "calldata_variants": [
                "0x4e71d92d",
                "0x4e71d92d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d003ac",
            "selector": "0x66d003ac",
            "calldata_variants": [
                "0x66d003ac",
                "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 835,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xecebe9bb10ccb1a02cb3be5c2b036ac4b9210bab19d1f2445f5f18e822509ed3
call_targets: 0x953c32158602e9690c6e86b94b230b5951b51a73
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xecebe9bb10ccb1a02cb3be5c2b036ac4b9210bab19d1f2445f5f18e822509ed3",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x953c32158602e9690c6e86b94b230b5951b51a73"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xc0463711",
            "selector": "0xc0463711",
            "calldata_variants": [
                "0xc0463711",
                "0xc04637110000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe29bc68b",
            "selector": "0xe29bc68b",
            "calldata_variants": [
                "0xe29bc68b",
                "0xe29bc68b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3640e74",
            "selector": "0xf3640e74",
            "calldata_variants": [
                "0xf3640e74",
                "0xf3640e740000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x84a1931f",
            "selector": "0x84a1931f",
            "calldata_variants": [
                "0x84a1931f",
                "0x84a1931f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8d1dc56a",
            "selector": "0x8d1dc56a",
            "calldata_variants": [
                "0x8d1dc56a",
                "0x8d1dc56a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3bbed4a0",
            "selector": "0x3bbed4a0",
            "calldata_variants": [
                "0x3bbed4a0",
                "0x3bbed4a00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4e71d92d",
            "selector": "0x4e71d92d",
            "calldata_variants": [
                "0x4e71d92d",
                "0x4e71d92d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d003ac",
            "selector": "0x66d003ac",
            "calldata_variants": [
                "0x66d003ac",
                "0x66d003ac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 835,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}
low other codex Unchecked ERC20 transfer return value can silently fail and skew vesting behavior 65 no
view
evidence_json 
{
    "evidence": "`claim()` calls `IERC20(visr).transfer(recipient, amount)` without checking the returned boolean; `lastUpdate` is advanced before the transfer in the non-terminal branch.",
    "locations": [
        "contracts/contracts/Vesting.sol:54",
        "contracts/contracts/Vesting.sol:55",
        "contracts/contracts/Vesting.sol:57"
    ],
    "recommendation": "Use OpenZeppelin SafeERC20 (`safeTransfer`) or explicitly check the boolean return value and revert on failure. Consider updating `lastUpdate` only after a successful transfer.",
    "exploit_scenario": "If the VISR token is non-standard or returns false without reverting, `claim()` will still succeed. Before `vestingEnd`, `lastUpdate` is advanced even if no tokens were transferred, so interim claims can silently fail and mislead recipients (tokens remain in the contract until `vestingEnd`, or permanently if the token always returns false)."
}