ad46f78f-a745-4ff4-8f16-a6adcc507f12
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31627 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 111560 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 111561 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 111562 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 111563 | capability.graph | complete | 1 / 3 | 1 week ago |
| 111564 | detector.run | complete | 1 / 3 | 1 week ago |
| 111565 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:2199] OpenAI Codex v0.77.0 (research preview)
[codex:2199] --------
[codex:2199] workdir: /tmp/codex-multi-5k10l5mp
[codex:2199] model: gpt-5.2-codex
[codex:2199] provider: openai
[codex:2199] approval: never
[codex:2199] sandbox: read-only
[codex:2199] reasoning effort: xhigh
[codex:2199] reasoning summaries: auto
[codex:2199] session id: 019b8875-0fe0-7302-ad9e-e93c8a7bab9d
[codex:2199] --------
[codex:2199] user
[codex:2199] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:2199]
[codex:2199] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:2199]
[codex:2199] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:2199] - Gas inefficiency, code quality, or best practices
[codex:2199] - Theoretical vulnerabilities without a clear extraction path
[codex:2199] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:2199] - Issues requiring social engineering or off-chain coordination
[codex:2199]
[codex:2199] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:2199] - CALL/DELEGATECALL with controllable destination or calldata
[codex:2199] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:2199] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:2199] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:2199] - External calls before state updates (reentrancy)
[codex:2199] - SELFDESTRUCT with controllable beneficiary
[codex:2199] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:2199]
[codex:2199] For each finding, you MUST explain:
[codex:2199] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:2199] 2. The concrete sequence of transactions to extract value
[codex:2199] 3. Why you believe this is exploitable (not just suspicious)
[codex:2199]
[codex:2199] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:2199] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:2199]
[codex:2199] Output MUST be valid JSON matching the provided schema.
[codex:2199] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:2199] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:2199] mcp startup: no servers
[codex:2199]
[codex:2199] thinking
[codex:2199] **Reading file using shell command**
[codex:2199] exec
[codex:2199] /bin/bash -lc ls in /tmp/codex-multi-5k10l5mp succeeded in 6ms:
[codex:2199] BYTECODE_BUNDLE.txt
[codex:2199] codex-output-schema.json
[codex:2199] exec
[codex:2199] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-5k10l5mp succeeded in 6ms:
[codex:2199] Runtime bytecode bundle for best-effort auditing.
[codex:2199] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:2199]
[codex:2199] FILE: runtime_bytecode.hex
[codex:2199] 0x606060405236156100c1576000357c010000000000000000000000000000000000000000000000000000000090048063095ea7b3146100c357806318160ddd146100f857806323b872dd1461011b57806323de6651146101595780633018205f146101835780635687f2b8146101bc57806370a08231146101e65780637e1db2a11461021257806392eefe9b14610233578063a9059cbb1461024b578063c2205ee114610280578063d551f601146102b9578063dd62ed3e146102dc576100c1565b005b6100e26004808035906020019091908035906020019091905050610972565b6040518082815260200191505060405180910390f35b6101056004805050610569565b6040518082815260200191505060405180910390f35b6101436004808035906020019091908035906020019091908035906020019091905050610873565b6040518082815260200191505060405180910390f35b6101816004808035906020019091908035906020019091908035906020019091905050610465565b005b6101906004805050610436565b604051808273ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6101e460048080359060200190919080359060200190919080359060200190919050506104e7565b005b6101fc6004808035906020019091905050610602565b6040518082815260200191505060405180910390f35b6102316004808035906020019091908035906020019091905050610311565b005b61024960048080359060200190919050506103b7565b005b61026a6004808035906020019091908035906020019091905050610793565b6040518082815260200191505060405180910390f35b61028d6004805050610410565b604051808273ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6102c660048050506103fd565b6040518082815260200191505060405180910390f35b6102fb60048080359060200190919080359060200190919050506106bb565b6040518082815260200191505060405180910390f35b610319610a52565b156103ad5781600060016101000a81548173ffffffffffffffffffffffffffffffffffffffff0219169083021790555080600060006101000a81548160ff02191690830217905550808273ffffffffffffffffffffffffffffffffffffffff167fb96a5204da93e5d7ddd5b0c2616fd5f76322b9c383c5010b94fdc3df11b7be5260405180905060405180910390a36103b2565b610002565b5b5050565b6103bf610a52565b156103f45780600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908302179055506103f9565b610002565b5b50565b600060009054906101000a900460ff1681565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff169050610462565b90565b61046d610a52565b156104dc578173ffffffffffffffffffffffffffffffffffffffff168373ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef836040518082815260200191505060405180910390a36104e1565b610002565b5b505050565b6104ef610a52565b1561055e578173ffffffffffffffffffffffffffffffffffffffff168373ffffffffffffffffffffffffffffffffffffffff167f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925836040518082815260200191505060405180910390a3610563565b610002565b5b505050565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166318160ddd604051817c01000000000000000000000000000000000000000000000000000000000281526004018090506020604051808303816000876161da5a03f115610002575050506040518051906020015090506105ff565b90565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166370a0823183604051827c0100000000000000000000000000000000000000000000000000000000028152600401808273ffffffffffffffffffffffffffffffffffffffff1681526020019150506020604051808303816000876161da5a03f115610002575050506040518051906020015090506106b6565b919050565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663dd62ed3e8484604051837c0100000000000000000000000000000000000000000000000000000000028152600401808373ffffffffffffffffffffffffffffffffffffffff1681526020018273ffffffffffffffffffffffffffffffffffffffff168152602001925050506020604051808303816000876161da5a03f1156100025750505060405180519060200150905061078d565b92915050565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663beabacc8338585604051847c0100000000000000000000000000000000000000000000000000000000028152600401808473ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff16815260200182815260200193505050506020604051808303816000876161da5a03f1156100025750505060405180519060200150905061086d565b92915050565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166315dacbea33868686604051857c0100000000000000000000000000000000000000000000000000000000028152600401808573ffffffffffffffffffffffffffffffffffffffff1681526020018473ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019450505050506020604051808303816000876161da5a03f1156100025750505060405180519060200150905061096b565b9392505050565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663e1f21c67338585604051847c0100000000000000000000000000000000000000000000000000000000028152600401808473ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff16815260200182815260200193505050506020604051808303816000876161da5a03f11561000257505050604051805190602001509050610a4c565b92915050565b60006000600060009054906101000a900460ff161415610ac457600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16149050610bdd565b6001600060009054906101000a900460ff161415610bd857600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663b700961333306000357fffffffff0000000000000000000000000000000000000000000000000000000016604051847c0100000000000000000000000000000000000000000000000000000000028152600401808473ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff16815260200182815260200193505050506020604051808303816000876161da5a03f11561000257505050604051805190602001509050610bdd565b610002565b9056
[codex:2199]
[codex:2199]
[codex:2199] thinking
[codex:2199] **Interpreting bytecode and mapping functions**
[codex:2199] thinking
[codex:2199] **Examining storage and authorization patterns**
[codex:2199]
[codex:2199] I'm analyzing how this contract uses a boolean and address in storage slots, comparing it to common ownership and authority patterns like DSAuth. The bool might mark initialization, with slot1 holding an owner or authority address. I’m considering the impact of this on potential unauthorized changes, especially around initialization and access control. To get precise insights, I plan to disassemble critical functions and see exactly how the access checks work under the hood.
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] # extract hex string after FILE: runtime_bytecode.hex
[codex:2199] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text)
[codex:2199] hexstr=m.group(1)[2:]
[codex:2199] # disassemble minimal
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] # print disassembly around 0x0a52
[codex:2199] for off, instr in disassemble(0x0a40, 0x0b10):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 27ms:
[codex:2199] 0a40: MLOAD
[codex:2199] 0a41: SWAP1
[codex:2199] 0a42: PUSH1 0x20
[codex:2199] 0a44: ADD
[codex:2199] 0a45: POP
[codex:2199] 0a46: SWAP1
[codex:2199] 0a47: POP
[codex:2199] 0a48: PUSH2 0x0a4c
[codex:2199] 0a4b: JUMP
[codex:2199] 0a4c: JUMPDEST
[codex:2199] 0a4d: SWAP3
[codex:2199] 0a4e: SWAP2
[codex:2199] 0a4f: POP
[codex:2199] 0a50: POP
[codex:2199] 0a51: JUMP
[codex:2199] 0a52: JUMPDEST
[codex:2199] 0a53: PUSH1 0x00
[codex:2199] 0a55: PUSH1 0x00
[codex:2199] 0a57: PUSH1 0x00
[codex:2199] 0a59: PUSH1 0x00
[codex:2199]
[codex:2199] thinking
[codex:2199] **Continuing disassembly**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199] # disassemble 0x0b00 onwards
[codex:2199] opnames={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] for off, instr in disassemble(0x0b00, 0x0c10):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp exited 1 in 31ms:
[codex:2199] 0b00: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 0b15: AND
[codex:2199] 0b16: PUSH4 0xb7009613
[codex:2199] 0b1b: CALLER
[codex:2199] 0b1c: ADDRESS
[codex:2199] 0b1d: PUSH1 0x00
[codex:2199] 0b1f: CALLDATALOAD
[codex:2199] 0b20: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
[codex:2199] 0b41: AND
[codex:2199] 0b42: PUSH1 0x40
[codex:2199] 0b44: MLOAD
[codex:2199] 0b45: DUP5
[codex:2199] 0b46: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:2199] 0b64: MUL
[codex:2199] 0b65: DUP2
[codex:2199] 0b66: MSTORE
[codex:2199] 0b67: PUSH1 0x04
[codex:2199] 0b69: ADD
[codex:2199] 0b6a: DUP1
[codex:2199] 0b6b: DUP5
[codex:2199]
[codex:2199] thinking
[codex:2199] **Analyzing authorization logic in contract bytecode**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] # print first 0x200 bytes
[codex:2199] for off, instr in disassemble(0, 0x200):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 28ms:
[codex:2199] 0000: PUSH1 0x60
[codex:2199] 0002: PUSH1 0x40
[codex:2199] 0004: MSTORE
[codex:2199] 0005: CALLDATASIZE
[codex:2199] 0006: ISZERO
[codex:2199] 0007: PUSH2 0x00c1
[codex:2199] 000a: JUMPI
[codex:2199] 000b: PUSH1 0x00
[codex:2199] 000d: CALLDATALOAD
[codex:2199] 000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:2199] 002c: SWAP1
[codex:2199] 002d: DIV
[codex:2199] 002e: DUP1
[codex:2199] 002f: PUSH4 0x095ea7b3
[codex:2199] 0034: EQ
[codex:2199] 0035: PUSH2 0x00c3
[codex:2199] 0038: JUMPI
[codex:2199] 0039: DUP1
[codex:2199] 003a: PUSH4 0x18160ddd
[codex:2199] 003f: EQ
[codex:2199]
[codex:2199] thinking
[codex:2199] **Disassembling functions for analysis**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] for off, instr in disassemble(0x0311, 0x0510):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 27ms:
[codex:2199] 0311: JUMPDEST
[codex:2199] 0312: PUSH2 0x0319
[codex:2199] 0315: PUSH2 0x0a52
[codex:2199] 0318: JUMP
[codex:2199] 0319: JUMPDEST
[codex:2199] 031a: ISZERO
[codex:2199] 031b: PUSH2 0x03ad
[codex:2199] 031e: JUMPI
[codex:2199] 031f: DUP2
[codex:2199] 0320: PUSH1 0x00
[codex:2199] 0322: PUSH1 0x01
[codex:2199] 0324: PUSH2 0x0100
[codex:2199] 0327: EXP
[codex:2199] 0328: DUP2
[codex:2199] 0329: SLOAD
[codex:2199] 032a: DUP2
[codex:2199] 032b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 0340: MUL
[codex:2199] 0341: NOT
[codex:2199] 0342: AND
[codex:2199]
[codex:2199] thinking
[codex:2199] **Continuing code review at specific address**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] for off, instr in disassemble(0x04e7, 0x06c0):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 31ms:
[codex:2199] 04e7: JUMPDEST
[codex:2199] 04e8: PUSH2 0x04ef
[codex:2199] 04eb: PUSH2 0x0a52
[codex:2199] 04ee: JUMP
[codex:2199] 04ef: JUMPDEST
[codex:2199] 04f0: ISZERO
[codex:2199] 04f1: PUSH2 0x055e
[codex:2199] 04f4: JUMPI
[codex:2199] 04f5: DUP2
[codex:2199] 04f6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 050b: AND
[codex:2199] 050c: DUP4
[codex:2199] 050d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 0522: AND
[codex:2199] 0523: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
[codex:2199] 0544: DUP4
[codex:2199] 0545: PUSH1 0x40
[codex:2199] 0547: MLOAD
[codex:2199] 0548: DUP1
[codex:2199] 0549: DUP3
[codex:2199]
[codex:2199] thinking
[codex:2199] **Continuing with transfer approval**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] for off, instr in disassemble(0x06bb, 0x09c0):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 28ms:
[codex:2199] 06bb: JUMPDEST
[codex:2199] 06bc: PUSH1 0x00
[codex:2199] 06be: PUSH1 0x01
[codex:2199] 06c0: PUSH1 0x00
[codex:2199] 06c2: SWAP1
[codex:2199] 06c3: SLOAD
[codex:2199] 06c4: SWAP1
[codex:2199] 06c5: PUSH2 0x0100
[codex:2199] 06c8: EXP
[codex:2199] 06c9: SWAP1
[codex:2199] 06ca: DIV
[codex:2199] 06cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 06e0: AND
[codex:2199] 06e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 06f6: AND
[codex:2199] 06f7: PUSH4 0xdd62ed3e
[codex:2199] 06fc: DUP5
[codex:2199] 06fd: DUP5
[codex:2199] 06fe: PUSH1 0x40
[codex:2199] 0700: MLOAD
[codex:2199]
[codex:2199] thinking
[codex:2199] **Finishing approve function**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] def disassemble(start=0, end=None):
[codex:2199] i=start
[codex:2199] if end is None: end=len(code)
[codex:2199] while i<end:
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] data=code[i:i+n]
[codex:2199] i+=n
[codex:2199] yield i-n-1, f'{name} 0x{data.hex()}'
[codex:2199] else:
[codex:2199] yield i-1, name
[codex:2199]
[codex:2199] for off, instr in disassemble(0x0972, 0x0a60):
[codex:2199] print(f'{off:04x}: {instr}')
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 27ms:
[codex:2199] 0972: JUMPDEST
[codex:2199] 0973: PUSH1 0x00
[codex:2199] 0975: PUSH1 0x01
[codex:2199] 0977: PUSH1 0x00
[codex:2199] 0979: SWAP1
[codex:2199] 097a: SLOAD
[codex:2199] 097b: SWAP1
[codex:2199] 097c: PUSH2 0x0100
[codex:2199] 097f: EXP
[codex:2199] 0980: SWAP1
[codex:2199] 0981: DIV
[codex:2199] 0982: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 0997: AND
[codex:2199] 0998: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:2199] 09ad: AND
[codex:2199] 09ae: PUSH4 0xe1f21c67
[codex:2199] 09b3: CALLER
[codex:2199] 09b4: DUP6
[codex:2199] 09b5: DUP6
[codex:2199] 09b6: PUSH1 0x40
[codex:2199]
[codex:2199] thinking
[codex:2199] **Analyzing storage and authorization logic**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199] print('selfdestruct', 'ff' in hexstr)
[codex:2199] print('delegatecall', 'f4' in hexstr)
[codex:2199] # show positions of opcodes
[codex:2199] self_positions=[i for i,b in enumerate(code) if b==0xff]
[codex:2199] print('self positions', self_positions[:5])
[codex:2199]
[codex:2199] # positions of DELEGATECALL
[codex:2199] print('delegatecall positions', [i for i,b in enumerate(code) if b==0xf4][:5])
[codex:2199]
[codex:2199] # positions of CALL with value? Hard to determine.
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 28ms:
[codex:2199] selfdestruct True
[codex:2199] delegatecall True
[codex:2199] self positions [407, 408, 409, 410, 411]
[codex:2199] delegatecall positions [963]
[codex:2199]
[codex:2199] thinking
[codex:2199] **Verifying opcode usage in disassembly**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199] # disassemble and find selfdestruct/delegatecall
[codex:2199] opnames={
[codex:2199] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:2199] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:2199] 0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:2199] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:2199] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:2199] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:2199] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:2199] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:2199] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:2199] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:2199]
[codex:2199] out=[]
[codex:2199] i=0
[codex:2199] while i<len(code):
[codex:2199] op=code[i]
[codex:2199] name=opnames.get(op, f'UNK_{op:02x}')
[codex:2199] i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] n=op-0x5f
[codex:2199] i+=n
[codex:2199] else:
[codex:2199] if name in ('SELFDESTRUCT','DELEGATECALL'):
[codex:2199] out.append((i-1,name))
[codex:2199]
[codex:2199] print(out)
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 37ms:
[codex:2199] []
[codex:2199]
[codex:2199] thinking
[codex:2199] **Examining call and authorization logic**
[codex:2199] exec
[codex:2199] /bin/bash -lc "python - <<'PY'
[codex:2199] import re
[codex:2199] from pathlib import Path
[codex:2199] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:2199] hexstr=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)[2:]
[codex:2199] code=bytes.fromhex(hexstr)
[codex:2199]
[codex:2199] sstore_offsets=[]
[codex:2199] i=0
[codex:2199] while i<len(code):
[codex:2199] op=code[i]; i+=1
[codex:2199] if 0x60<=op<=0x7f:
[codex:2199] i+=op-0x5f
[codex:2199] continue
[codex:2199] if op==0x55:
[codex:2199] sstore_offsets.append(i-1)
[codex:2199]
[codex:2199] print(sstore_offsets)
[codex:2199] PY" in /tmp/codex-multi-5k10l5mp succeeded in 30ms:
[codex:2199] [840, 864, 1006]
[codex:2199]
[codex:2199] thinking
[codex:2199] **Assessing storage writes and profit paths**
[codex:2199] exec
[codex:2199] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-5k10l5mp succeeded in 5ms:
[codex:2199] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:2199]
[codex:2199] thinking
[codex:2199] **Preparing JSON output**
[codex:2199] codex
[codex:2199] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the runtime bytecode; storage writes are auth-gated and external calls are to a stored address with zero value transfers and no delegatecall/selfdestruct patterns.","findings":[]}
[codex:2199] tokens used
[codex:2199] 64,376
[codex:2199] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the runtime bytecode; storage writes are auth-gated and external calls are to a stored address with zero value transfers and no delegatecall/selfdestruct patterns.","findings":[]}
{
"codex": {
"ran_at": "2026-01-04T10:10:09.235520+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable profit path identified from the runtime bytecode; storage writes are auth-gated and external calls are to a stored address with zero value transfers and no delegatecall/selfdestruct patterns.",
"raw_final": {
"summary": "No concrete, exploitable profit path identified from the runtime bytecode; storage writes are auth-gated and external calls are to a stored address with zero value transfers and no delegatecall/selfdestruct patterns.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00c1 0000000a: JUMPI 0000000b: PUSH1 0x00 0000000d: CALLDATALOAD 0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002c: SWAP1 0000002d: DIV 0000002e: DUP1 0000002f: PUSH4 0x095ea7b3 00000034: EQ 00000035: PUSH2 0x00c3 00000038: JUMPI 00000039: DUP1 0000003a: PUSH4 0x18160ddd 0000003f: EQ 00000040: PUSH2 0x00f8 00000043: JUMPI 00000044: DUP1 00000045: PUSH4 0x23b872dd 0000004a: EQ 0000004b: PUSH2 0x011b 0000004e: JUMPI 0000004f: DUP1 00000050: PUSH4 0x23de6651 00000055: EQ 00000056: PUSH2 0x0159 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x3018205f 00000060: EQ 00000061: PUSH2 0x0183 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0x5687f2b8 0000006b: EQ 0000006c: PUSH2 0x01bc 0000006f: JUMPI 00000070: DUP1 00000071: PUSH4 0x70a08231 00000076: EQ 00000077: PUSH2 0x01e6 0000007a: JUMPI 0000007b: DUP1 0000007c: PUSH4 0x7e1db2a1 00000081: EQ 00000082: PUSH2 0x0212 00000085: JUMPI 00000086: DUP1 00000087: PUSH4 0x92eefe9b 0000008c: EQ 0000008d: PUSH2 0x0233 00000090: JUMPI 00000091: DUP1 00000092: PUSH4 0xa9059cbb 00000097: EQ 00000098: PUSH2 0x024b 0000009b: JUMPI 0000009c: DUP1 0000009d: PUSH4 0xc2205ee1 000000a2: EQ 000000a3: PUSH2 0x0280 000000a6: JUMPI 000000a7: DUP1 000000a8: PUSH4 0xd551f601 000000ad: EQ 000000ae: PUSH2 0x02b9 000000b1: JUMPI 000000b2: DUP1 000000b3: PUSH4 0xdd62ed3e 000000b8: EQ 000000b9: PUSH2 0x02dc 000000bc: JUMPI 000000bd: PUSH2 0x00c1 000000c0: JUMP 000000c1: JUMPDEST 000000c2: STOP 000000c3: JUMPDEST 000000c4: PUSH2 0x00e2 000000c7: PUSH1 0x04 000000c9: DUP1 000000ca: DUP1 000000cb: CALLDATALOAD 000000cc: SWAP1 000000cd: PUSH1 0x20 000000cf: ADD 000000d0: SWAP1 000000d1: SWAP2 000000d2: SWAP1 000000d3: DUP1 000000d4: CALLDATALOAD 000000d5: SWAP1 000000d6: PUSH1 0x20 000000d8: ADD 000000d9: SWAP1 000000da: SWAP2 000000db: SWAP1 000000dc: POP 000000dd: POP 000000de: PUSH2 0x0972 000000e1: JUMP 000000e2: JUMPDEST 000000e3: PUSH1 0x40 000000e5: MLOAD 000000e6: DUP1 000000e7: DUP3 000000e8: DUP2 000000e9: MSTORE 000000ea: PUSH1 0x20 000000ec: ADD 000000ed: SWAP2 000000ee: POP 000000ef: POP 000000f0: PUSH1 0x40 000000f2: MLOAD 000000f3: DUP1 000000f4: SWAP2 000000f5: SUB 000000f6: SWAP1 000000f7: RETURN 000000f8: JUMPDEST 000000f9: PUSH2 0x0105 000000fc: PUSH1 0x04 000000fe: DUP1 000000ff: POP 00000100: POP 00000101: PUSH2 0x0569 00000104: JUMP 00000105: JUMPDEST 00000106: PUSH1 0x40 00000108: MLOAD 00000109: DUP1 0000010a: DUP3 0000010b: DUP2 0000010c: MSTORE 0000010d: PUSH1 0x20 0000010f: ADD 00000110: SWAP2 00000111: POP 00000112: POP 00000113: PUSH1 0x40 00000115: MLOAD 00000116: DUP1 00000117: SWAP2 00000118: SUB 00000119: SWAP1 0000011a: RETURN 0000011b: JUMPDEST 0000011c: PUSH2 0x0143 0000011f: PUSH1 0x04 00000121: DUP1 00000122: DUP1 00000123: CALLDATALOAD 00000124: SWAP1 00000125: PUSH1 0x20 00000127: ADD 00000128: SWAP1 00000129: SWAP2 0000012a: SWAP1 0000012b: DUP1 0000012c: CALLDATALOAD 0000012d: SWAP1 0000012e: PUSH1 0x20 00000130: ADD 00000131: SWAP1 00000132: SWAP2 00000133: SWAP1 00000134: DUP1 00000135: CALLDATALOAD 00000136: SWAP1 00000137: PUSH1 0x20 00000139: ADD 0000013a: SWAP1 0000013b: SWAP2 0000013c: SWAP1 0000013d: POP 0000013e: POP 0000013f: PUSH2 0x0873 00000142: JUMP 00000143: JUMPDEST 00000144: PUSH1 0x40 00000146: MLOAD 00000147: DUP1 00000148: DUP3 00000149: DUP2 0000014a: MSTORE 0000014b: PUSH1 0x20 0000014d: ADD 0000014e: SWAP2 0000014f: POP 00000150: POP 00000151: PUSH1 0x40 00000153: MLOAD 00000154: DUP1 00000155: SWAP2 00000156: SUB 00000157: SWAP1 00000158: RETURN 00000159: JUMPDEST 0000015a: PUSH2 0x0181 0000015d: PUSH1 0x04 0000015f: DUP1 00000160: DUP1 00000161: CALLDATALOAD 00000162: SWAP1 00000163: PUSH1 0x20 00000165: ADD 00000166: SWAP1 00000167: SWAP2 00000168: SWAP1 00000169: DUP1 0000016a: CALLDATALOAD 0000016b: SWAP1 0000016c: PUSH1 0x20 0000016e: ADD 0000016f: SWAP1 00000170: SWAP2 00000171: SWAP1 00000172: DUP1 00000173: CALLDATALOAD 00000174: SWAP1 00000175: PUSH1 0x20 00000177: ADD 00000178: SWAP1 00000179: SWAP2 0000017a: SWAP1 0000017b: POP 0000017c: POP 0000017d: PUSH2 0x0465 00000180: JUMP 00000181: JUMPDEST 00000182: STOP 00000183: JUMPDEST 00000184: PUSH2 0x0190 00000187: PUSH1 0x04 00000189: DUP1 0000018a: POP 0000018b: POP 0000018c: PUSH2 0x0436 0000018f: JUMP 00000190: JUMPDEST 00000191: PUSH1 0x40 00000193: MLOAD 00000194: DUP1 00000195: DUP3 00000196: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001ab: AND 000001ac: DUP2 000001ad: MSTORE 000001ae: PUSH1 0x20 000001b0: ADD 000001b1: SWAP2 000001b2: POP 000001b3: POP 000001b4: PUSH1 0x40 000001b6: MLOAD 000001b7: DUP1 000001b8: SWAP2 000001b9: SUB 000001ba: SWAP1 000001bb: RETURN 000001bc: JUMPDEST 000001bd: PUSH2 0x01e4 000001c0: PUSH1 0x04 000001c2: DUP1 000001c3: DUP1 000001c4: CALLDATALOAD 000001c5: SWAP1 000001c6: PUSH1 0x20 000001c8: ADD 000001c9: SWAP1 000001ca: SWAP2 000001cb: SWAP1 000001cc: DUP1 000001cd: CALLDATALOAD 000001ce: SWAP1 000001cf: PUSH1 0x20 000001d1: ADD 000001d2: SWAP1 000001d3: SWAP2 000001d4: SWAP1 000001d5: DUP1 000001d6: CALLDATALOAD 000001d7: SWAP1 000001d8: PUSH1 0x20 000001da: ADD 000001db: SWAP1 000001dc: SWAP2 000001dd: SWAP1 000001de: POP 000001df: POP 000001e0: PUSH2 0x04e7 000001e3: JUMP 000001e4: JUMPDEST 000001e5: STOP 000001e6: JUMPDEST 000001e7: PUSH2 0x01fc 000001ea: PUSH1 0x04 000001ec: DUP1 000001ed: DUP1 000001ee: CALLDATALOAD 000001ef: SWAP1 000001f0: PUSH1 0x20 000001f2: ADD 000001f3: SWAP1 000001f4: SWAP2 000001f5: SWAP1 000001f6: POP 000001f7: POP 000001f8: PUSH2 0x0602 000001fb: JUMP 000001fc: JUMPDEST 000001fd: PUSH1 0x40 000001ff: MLOAD 00000200: DUP1 00000201: DUP3 00000202: DUP2 00000203: MSTORE 00000204: PUSH1 0x20 00000206: ADD 00000207: SWAP2 00000208: POP 00000209: POP 0000020a: PUSH1 0x40 0000020c: MLOAD 0000020d: DUP1 0000020e: SWAP2 0000020f: SUB 00000210: SWAP1 00000211: RETURN 00000212: JUMPDEST 00000213: PUSH2 0x0231 00000216: PUSH1 0x04 00000218: DUP1 00000219: DUP1 0000021a: CALLDATALOAD 0000021b: SWAP1 0000021c: PUSH1 0x20 0000021e: ADD 0000021f: SWAP1 00000220: SWAP2 00000221: SWAP1 00000222: DUP1 00000223: CALLDATALOAD 00000224: SWAP1 00000225: PUSH1 0x20 00000227: ADD 00000228: SWAP1 00000229: SWAP2 0000022a: SWAP1 0000022b: POP 0000022c: POP 0000022d: PUSH2 0x0311 00000230: JUMP 00000231: JUMPDEST 00000232: STOP 00000233: JUMPDEST 00000234: PUSH2 0x0249 00000237: PUSH1 0x04 00000239: DUP1 0000023a: DUP1 0000023b: CALLDATALOAD 0000023c: SWAP1 0000023d: PUSH1 0x20 0000023f: ADD 00000240: SWAP1 00000241: SWAP2 00000242: SWAP1 00000243: POP 00000244: POP 00000245: PUSH2 0x03b7 00000248: JUMP 00000249: JUMPDEST 0000024a: STOP 0000024b: JUMPDEST 0000024c: PUSH2 0x026a 0000024f: PUSH1 0x04 00000251: DUP1 00000252: DUP1 00000253: CALLDATALOAD 00000254: SWAP1 00000255: PUSH1 0x20 00000257: ADD 00000258: SWAP1 00000259: SWAP2 0000025a: SWAP1 0000025b: DUP1 0000025c: CALLDATALOAD 0000025d: SWAP1 0000025e: PUSH1 0x20 00000260: ADD 00000261: SWAP1 00000262: SWAP2 00000263: SWAP1 00000264: POP 00000265: POP 00000266: PUSH2 0x0793 00000269: JUMP 0000026a: JUMPDEST 0000026b: PUSH1 0x40 0000026d: MLOAD 0000026e: DUP1 0000026f: DUP3 00000270: DUP2 00000271: MSTORE 00000272: PUSH1 0x20 00000274: ADD 00000275: SWAP2 00000276: POP 00000277: POP 00000278: PUSH1 0x40 0000027a: MLOAD 0000027b: DUP1 0000027c: SWAP2 0000027d: SUB 0000027e: SWAP1 0000027f: RETURN 00000280: JUMPDEST 00000281: PUSH2 0x028d 00000284: PUSH1 0x04 00000286: DUP1 00000287: POP 00000288: POP 00000289: PUSH2 0x0410 0000028c: JUMP 0000028d: JUMPDEST 0000028e: PUSH1 0x40 00000290: MLOAD 00000291: DUP1 00000292: DUP3 00000293: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002a8: AND 000002a9: DUP2 000002aa: MSTORE 000002ab: PUSH1 0x20 000002ad: ADD 000002ae: SWAP2 000002af: POP 000002b0: POP 000002b1: PUSH1 0x40 000002b3: MLOAD 000002b4: DUP1 000002b5: SWAP2 000002b6: SUB 000002b7: SWAP1 000002b8: RETURN 000002b9: JUMPDEST 000002ba: PUSH2 0x02c6 000002bd: PUSH1 0x04 000002bf: DUP1 000002c0: POP 000002c1: POP 000002c2: PUSH2 0x03fd 000002c5: JUMP 000002c6: JUMPDEST 000002c7: PUSH1 0x40 000002c9: MLOAD 000002ca: DUP1 000002cb: DUP3 000002cc: DUP2 000002cd: MSTORE 000002ce: PUSH1 0x20 000002d0: ADD 000002d1: SWAP2 000002d2: POP 000002d3: POP 000002d4: PUSH1 0x40 000002d6: MLOAD 000002d7: DUP1 000002d8: SWAP2 000002d9: SUB 000002da: SWAP1 000002db: RETURN 000002dc: JUMPDEST 000002dd: PUSH2 0x02fb 000002e0: PUSH1 0x04 000002e2: DUP1 000002e3: DUP1 000002e4: CALLDATALOAD 000002e5: SWAP1 000002e6: PUSH1 0x20 000002e8: ADD 000002e9: SWAP1 000002ea: SWAP2 000002eb: SWAP1 000002ec: DUP1 000002ed: CALLDATALOAD 000002ee: SWAP1 000002ef: PUSH1 0x20 000002f1: ADD 000002f2: SWAP1 000002f3: SWAP2 000002f4: SWAP1 000002f5: POP 000002f6: POP 000002f7: PUSH2 0x06bb 000002fa: JUMP 000002fb: JUMPDEST 000002fc: PUSH1 0x40 000002fe: MLOAD 000002ff: DUP1 00000300: DUP3 00000301: DUP2 00000302: MSTORE 00000303: PUSH1 0x20 00000305: ADD 00000306: SWAP2 00000307: POP 00000308: POP 00000309: PUSH1 0x40 0000030b: MLOAD 0000030c: DUP1 0000030d: SWAP2 0000030e: SUB 0000030f: SWAP1 00000310: RETURN 00000311: JUMPDEST 00000312: PUSH2 0x0319 00000315: PUSH2 0x0a52 00000318: JUMP 00000319: JUMPDEST 0000031a: ISZERO 0000031b: PUSH2 0x03ad 0000031e: JUMPI 0000031f: DUP2 00000320: PUSH1 0x00 00000322: PUSH1 0x01 00000324: PUSH2 0x0100 00000327: EXP 00000328: DUP2 00000329: SLOAD 0000032a: DUP2 0000032b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000340: MUL 00000341: NOT 00000342: AND 00000343: SWAP1 00000344: DUP4 00000345: MUL 00000346: OR 00000347: SWAP1 00000348: SSTORE 00000349: POP 0000034a: DUP1 0000034b: PUSH1 0x00 0000034d: PUSH1 0x00 0000034f: PUSH2 0x0100 00000352: EXP 00000353: DUP2 00000354: SLOAD 00000355: DUP2 00000356: PUSH1 0xff 00000358: MUL 00000359: NOT 0000035a: AND 0000035b: SWAP1 0000035c: DUP4 0000035d: MUL 0000035e: OR 0000035f: SWAP1 00000360: SSTORE 00000361: POP 00000362: DUP1 00000363: DUP3 00000364: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000379: AND 0000037a: PUSH32 0xb96a5204da93e5d7ddd5b0c2616fd5f76322b9c383c5010b94fdc3df11b7be52 0000039b: PUSH1 0x40 0000039d: MLOAD 0000039e: DUP1 0000039f: SWAP1 000003a0: POP 000003a1: PUSH1 0x40 000003a3: MLOAD 000003a4: DUP1 000003a5: SWAP2 000003a6: SUB 000003a7: SWAP1 000003a8: LOG3 000003a9: PUSH2 0x03b2 000003ac: JUMP 000003ad: JUMPDEST 000003ae: PUSH2 0x0002 000003b1: JUMP 000003b2: JUMPDEST 000003b3: JUMPDEST 000003b4: POP 000003b5: POP 000003b6: JUMP 000003b7: JUMPDEST 000003b8: PUSH2 0x03bf 000003bb: PUSH2 0x0a52 000003be: JUMP 000003bf: JUMPDEST 000003c0: ISZERO 000003c1: PUSH2 0x03f4 000003c4: JUMPI 000003c5: DUP1 000003c6: PUSH1 0x01 000003c8: PUSH1 0x00 000003ca: PUSH2 0x0100 000003cd: EXP 000003ce: DUP2 000003cf: SLOAD 000003d0: DUP2 000003d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003e6: MUL 000003e7: NOT 000003e8: AND 000003e9: SWAP1 000003ea: DUP4 000003eb: MUL 000003ec: OR 000003ed: SWAP1 000003ee: SSTORE 000003ef: POP 000003f0: PUSH2 0x03f9 000003f3: JUMP 000003f4: JUMPDEST 000003f5: PUSH2 0x0002 000003f8: JUMP 000003f9: JUMPDEST 000003fa: JUMPDEST 000003fb: POP 000003fc: JUMP 000003fd: JUMPDEST 000003fe: PUSH1 0x00 00000400: PUSH1 0x00 00000402: SWAP1 00000403: SLOAD 00000404: SWAP1 00000405: PUSH2 0x0100 00000408: EXP 00000409: SWAP1 0000040a: DIV 0000040b: PUSH1 0xff 0000040d: AND 0000040e: DUP2 0000040f: JUMP 00000410: JUMPDEST 00000411: PUSH1 0x00 00000413: PUSH1 0x01 00000415: SWAP1 00000416: SLOAD 00000417: SWAP1 00000418: PUSH2 0x0100 0000041b: EXP 0000041c: SWAP1 0000041d: DIV 0000041e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000433: AND 00000434: DUP2 00000435: JUMP 00000436: JUMPDEST 00000437: PUSH1 0x00 00000439: PUSH1 0x01 0000043b: PUSH1 0x00 0000043d: SWAP1 0000043e: SLOAD 0000043f: SWAP1 00000440: PUSH2 0x0100 00000443: EXP 00000444: SWAP1 00000445: DIV 00000446: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000045b: AND 0000045c: SWAP1 0000045d: POP 0000045e: PUSH2 0x0462 00000461: JUMP 00000462: JUMPDEST 00000463: SWAP1 00000464: JUMP 00000465: JUMPDEST 00000466: PUSH2 0x046d 00000469: PUSH2 0x0a52 0000046c: JUMP 0000046d: JUMPDEST 0000046e: ISZERO 0000046f: PUSH2 0x04dc 00000472: JUMPI 00000473: DUP2 00000474: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000489: AND 0000048a: DUP4 0000048b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004a0: AND 000004a1: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000004c2: DUP4 000004c3: PUSH1 0x40 000004c5: MLOAD 000004c6: DUP1 000004c7: DUP3 000004c8: DUP2 000004c9: MSTORE 000004ca: PUSH1 0x20 000004cc: ADD 000004cd: SWAP2 000004ce: POP 000004cf: POP 000004d0: PUSH1 0x40 000004d2: MLOAD 000004d3: DUP1 000004d4: SWAP2 000004d5: SUB 000004d6: SWAP1 000004d7: LOG3 000004d8: PUSH2 0x04e1 000004db: JUMP 000004dc: JUMPDEST 000004dd: PUSH2 0x0002 000004e0: JUMP 000004e1: JUMPDEST 000004e2: JUMPDEST 000004e3: POP 000004e4: POP 000004e5: POP 000004e6: JUMP 000004e7: JUMPDEST 000004e8: PUSH2 0x04ef 000004eb: PUSH2 0x0a52 000004ee: JUMP 000004ef: JUMPDEST 000004f0: ISZERO 000004f1: PUSH2 0x055e 000004f4: JUMPI 000004f5: DUP2 000004f6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000050b: AND 0000050c: DUP4 0000050d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000522: AND 00000523: PUSH32 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925 00000544: DUP4 00000545: PUSH1 0x40 00000547: MLOAD 00000548: DUP1 00000549: DUP3 0000054a: DUP2 0000054b: MSTORE 0000054c: PUSH1 0x20 0000054e: ADD 0000054f: SWAP2 00000550: POP 00000551: POP 00000552: PUSH1 0x40 00000554: MLOAD 00000555: DUP1 00000556: SWAP2 00000557: SUB 00000558: SWAP1 00000559: LOG3 0000055a: PUSH2 0x0563 0000055d: JUMP 0000055e: JUMPDEST 0000055f: PUSH2 0x0002 00000562: JUMP 00000563: JUMPDEST 00000564: JUMPDEST 00000565: POP 00000566: POP 00000567: POP 00000568: JUMP 00000569: JUMPDEST 0000056a: PUSH1 0x00 0000056c: PUSH1 0x01 0000056e: PUSH1 0x00 00000570: SWAP1 00000571: SLOAD 00000572: SWAP1 00000573: PUSH2 0x0100 00000576: EXP 00000577: SWAP1 00000578: DIV 00000579: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000058e: AND 0000058f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005a4: AND 000005a5: PUSH4 0x18160ddd 000005aa: PUSH1 0x40 000005ac: MLOAD 000005ad: DUP2 000005ae: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000005cc: MUL 000005cd: DUP2 000005ce: MSTORE 000005cf: PUSH1 0x04 000005d1: ADD 000005d2: DUP1 000005d3: SWAP1 000005d4: POP 000005d5: PUSH1 0x20 000005d7: PUSH1 0x40 000005d9: MLOAD 000005da: DUP1 000005db: DUP4 000005dc: SUB 000005dd: DUP2 000005de: PUSH1 0x00 000005e0: DUP8 000005e1: PUSH2 0x61da 000005e4: GAS 000005e5: SUB 000005e6: CALL 000005e7: ISZERO 000005e8: PUSH2 0x0002 000005eb: JUMPI 000005ec: POP 000005ed: POP 000005ee: POP 000005ef: PUSH1 0x40 000005f1: MLOAD 000005f2: DUP1 000005f3: MLOAD 000005f4: SWAP1 000005f5: PUSH1 0x20 000005f7: ADD 000005f8: POP 000005f9: SWAP1 000005fa: POP 000005fb: PUSH2 0x05ff 000005fe: JUMP 000005ff: JUMPDEST 00000600: SWAP1 00000601: JUMP 00000602: JUMPDEST 00000603: PUSH1 0x00 00000605: PUSH1 0x01 00000607: PUSH1 0x00 00000609: SWAP1 0000060a: SLOAD 0000060b: SWAP1 0000060c: PUSH2 0x0100 0000060f: EXP 00000610: SWAP1 00000611: DIV 00000612: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000627: AND 00000628: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000063d: AND 0000063e: PUSH4 0x70a08231 00000643: DUP4 00000644: PUSH1 0x40 00000646: MLOAD 00000647: DUP3 00000648: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000666: MUL 00000667: DUP2 00000668: MSTORE 00000669: PUSH1 0x04 0000066b: ADD 0000066c: DUP1 0000066d: DUP3 0000066e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000683: AND 00000684: DUP2 00000685: MSTORE 00000686: PUSH1 0x20 00000688: ADD 00000689: SWAP2 0000068a: POP 0000068b: POP 0000068c: PUSH1 0x20 0000068e: PUSH1 0x40 00000690: MLOAD 00000691: DUP1 00000692: DUP4 00000693: SUB 00000694: DUP2 00000695: PUSH1 0x00 00000697: DUP8 00000698: PUSH2 0x61da 0000069b: GAS 0000069c: SUB 0000069d: CALL 0000069e: ISZERO 0000069f: PUSH2 0x0002 000006a2: JUMPI 000006a3: POP 000006a4: POP 000006a5: POP 000006a6: PUSH1 0x40 000006a8: MLOAD 000006a9: DUP1 000006aa: MLOAD 000006ab: SWAP1 000006ac: PUSH1 0x20 000006ae: ADD 000006af: POP 000006b0: SWAP1 000006b1: POP 000006b2: PUSH2 0x06b6 000006b5: JUMP 000006b6: JUMPDEST 000006b7: SWAP2 000006b8: SWAP1 000006b9: POP 000006ba: JUMP 000006bb: JUMPDEST 000006bc: PUSH1 0x00 000006be: PUSH1 0x01 000006c0: PUSH1 0x00 000006c2: SWAP1 000006c3: SLOAD 000006c4: SWAP1 000006c5: PUSH2 0x0100 000006c8: EXP 000006c9: SWAP1 000006ca: DIV 000006cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006e0: AND 000006e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006f6: AND 000006f7: PUSH4 0xdd62ed3e 000006fc: DUP5 000006fd: DUP5 000006fe: PUSH1 0x40 00000700: MLOAD 00000701: DUP4 00000702: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000720: MUL 00000721: DUP2 00000722: MSTORE 00000723: PUSH1 0x04 00000725: ADD 00000726: DUP1 00000727: DUP4 00000728: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000073d: AND 0000073e: DUP2 0000073f: MSTORE 00000740: PUSH1 0x20 00000742: ADD 00000743: DUP3 00000744: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000759: AND 0000075a: DUP2 0000075b: MSTORE 0000075c: PUSH1 0x20 0000075e: ADD 0000075f: SWAP3 00000760: POP 00000761: POP 00000762: POP 00000763: PUSH1 0x20 00000765: PUSH1 0x40 00000767: MLOAD 00000768: DUP1 00000769: DUP4 0000076a: SUB 0000076b: DUP2 0000076c: PUSH1 0x00 0000076e: DUP8 0000076f: PUSH2 0x61da 00000772: GAS 00000773: SUB 00000774: CALL 00000775: ISZERO 00000776: PUSH2 0x0002 00000779: JUMPI 0000077a: POP 0000077b: POP 0000077c: POP 0000077d: PUSH1 0x40 0000077f: MLOAD 00000780: DUP1 00000781: MLOAD 00000782: SWAP1 00000783: PUSH1 0x20 00000785: ADD 00000786: POP 00000787: SWAP1 00000788: POP 00000789: PUSH2 0x078d 0000078c: JUMP 0000078d: JUMPDEST 0000078e: SWAP3 0000078f: SWAP2 00000790: POP 00000791: POP 00000792: JUMP 00000793: JUMPDEST 00000794: PUSH1 0x00 00000796: PUSH1 0x01 00000798: PUSH1 0x00 0000079a: SWAP1 0000079b: SLOAD 0000079c: SWAP1 0000079d: PUSH2 0x0100 000007a0: EXP 000007a1: SWAP1 000007a2: DIV 000007a3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007b8: AND 000007b9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007ce: AND 000007cf: PUSH4 0xbeabacc8 000007d4: CALLER 000007d5: DUP6 000007d6: DUP6 000007d7: PUSH1 0x40 000007d9: MLOAD 000007da: DUP5 000007db: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000007f9: MUL 000007fa: DUP2 000007fb: MSTORE 000007fc: PUSH1 0x04 000007fe: ADD 000007ff: DUP1 00000800: DUP5 00000801: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000816: AND 00000817: DUP2 00000818: MSTORE 00000819: PUSH1 0x20 0000081b: ADD 0000081c: DUP4 0000081d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000832: AND 00000833: DUP2 00000834: MSTORE 00000835: PUSH1 0x20 00000837: ADD 00000838: DUP3 00000839: DUP2 0000083a: MSTORE 0000083b: PUSH1 0x20 0000083d: ADD 0000083e: SWAP4 0000083f: POP 00000840: POP 00000841: POP 00000842: POP 00000843: PUSH1 0x20 00000845: PUSH1 0x40 00000847: MLOAD 00000848: DUP1 00000849: DUP4 0000084a: SUB 0000084b: DUP2 0000084c: PUSH1 0x00 0000084e: DUP8 0000084f: PUSH2 0x61da 00000852: GAS 00000853: SUB 00000854: CALL 00000855: ISZERO 00000856: PUSH2 0x0002 00000859: JUMPI 0000085a: POP 0000085b: POP 0000085c: POP 0000085d: PUSH1 0x40 0000085f: MLOAD 00000860: DUP1 00000861: MLOAD 00000862: SWAP1 00000863: PUSH1 0x20 00000865: ADD 00000866: POP 00000867: SWAP1 00000868: POP 00000869: PUSH2 0x086d 0000086c: JUMP 0000086d: JUMPDEST 0000086e: SWAP3 0000086f: SWAP2 00000870: POP 00000871: POP 00000872: JUMP 00000873: JUMPDEST 00000874: PUSH1 0x00 00000876: PUSH1 0x01 00000878: PUSH1 0x00 0000087a: SWAP1 0000087b: SLOAD 0000087c: SWAP1 0000087d: PUSH2 0x0100 00000880: EXP 00000881: SWAP1 00000882: DIV 00000883: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000898: AND 00000899: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008ae: AND 000008af: PUSH4 0x15dacbea 000008b4: CALLER 000008b5: DUP7 000008b6: DUP7 000008b7: DUP7 000008b8: PUSH1 0x40 000008ba: MLOAD 000008bb: DUP6 000008bc: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000008da: MUL 000008db: DUP2 000008dc: MSTORE 000008dd: PUSH1 0x04 000008df: ADD 000008e0: DUP1 000008e1: DUP6 000008e2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000008f7: AND 000008f8: DUP2 000008f9: MSTORE 000008fa: PUSH1 0x20 000008fc: ADD 000008fd: DUP5 000008fe: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000913: AND 00000914: DUP2 00000915: MSTORE 00000916: PUSH1 0x20 00000918: ADD 00000919: DUP4 0000091a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000092f: AND 00000930: DUP2 00000931: MSTORE 00000932: PUSH1 0x20 00000934: ADD 00000935: DUP3 00000936: DUP2 00000937: MSTORE 00000938: PUSH1 0x20 0000093a: ADD 0000093b: SWAP5 0000093c: POP 0000093d: POP 0000093e: POP 0000093f: POP 00000940: POP 00000941: PUSH1 0x20 00000943: PUSH1 0x40 00000945: MLOAD 00000946: DUP1 00000947: DUP4 00000948: SUB 00000949: DUP2 0000094a: PUSH1 0x00 0000094c: DUP8 0000094d: PUSH2 0x61da 00000950: GAS 00000951: SUB 00000952: CALL 00000953: ISZERO 00000954: PUSH2 0x0002 00000957: JUMPI 00000958: POP 00000959: POP 0000095a: POP 0000095b: PUSH1 0x40 0000095d: MLOAD 0000095e: DUP1 0000095f: MLOAD 00000960: SWAP1 00000961: PUSH1 0x20 00000963: ADD 00000964: POP 00000965: SWAP1 00000966: POP 00000967: PUSH2 0x096b 0000096a: JUMP 0000096b: JUMPDEST 0000096c: SWAP4 0000096d: SWAP3 0000096e: POP 0000096f: POP 00000970: POP 00000971: JUMP 00000972: JUMPDEST 00000973: PUSH1 0x00 00000975: PUSH1 0x01 00000977: PUSH1 0x00 00000979: SWAP1 0000097a: SLOAD 0000097b: SWAP1 0000097c: PUSH2 0x0100 0000097f: EXP 00000980: SWAP1 00000981: DIV 00000982: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000997: AND 00000998: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009ad: AND 000009ae: PUSH4 0xe1f21c67 000009b3: CALLER 000009b4: DUP6 000009b5: DUP6 000009b6: PUSH1 0x40 000009b8: MLOAD 000009b9: DUP5 000009ba: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 000009d8: MUL 000009d9: DUP2 000009da: MSTORE 000009db: PUSH1 0x04 000009dd: ADD 000009de: DUP1 000009df: DUP5 000009e0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009f5: AND 000009f6: DUP2 000009f7: MSTORE 000009f8: PUSH1 0x20 000009fa: ADD 000009fb: DUP4 000009fc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a11: AND 00000a12: DUP2 00000a13: MSTORE 00000a14: PUSH1 0x20 00000a16: ADD 00000a17: DUP3 00000a18: DUP2 00000a19: MSTORE 00000a1a: PUSH1 0x20 00000a1c: ADD 00000a1d: SWAP4 00000a1e: POP 00000a1f: POP 00000a20: POP 00000a21: POP 00000a22: PUSH1 0x20 00000a24: PUSH1 0x40 00000a26: MLOAD 00000a27: DUP1 00000a28: DUP4 00000a29: SUB 00000a2a: DUP2 00000a2b: PUSH1 0x00 00000a2d: DUP8 00000a2e: PUSH2 0x61da 00000a31: GAS 00000a32: SUB 00000a33: CALL 00000a34: ISZERO 00000a35: PUSH2 0x0002 00000a38: JUMPI 00000a39: POP 00000a3a: POP 00000a3b: POP 00000a3c: PUSH1 0x40 00000a3e: MLOAD 00000a3f: DUP1 00000a40: MLOAD 00000a41: SWAP1 00000a42: PUSH1 0x20 00000a44: ADD 00000a45: POP 00000a46: SWAP1 00000a47: POP 00000a48: PUSH2 0x0a4c 00000a4b: JUMP 00000a4c: JUMPDEST 00000a4d: SWAP3 00000a4e: SWAP2 00000a4f: POP 00000a50: POP 00000a51: JUMP 00000a52: JUMPDEST 00000a53: PUSH1 0x00 00000a55: PUSH1 0x00 00000a57: PUSH1 0x00 00000a59: PUSH1 0x00 00000a5b: SWAP1 00000a5c: SLOAD 00000a5d: SWAP1 00000a5e: PUSH2 0x0100 00000a61: EXP 00000a62: SWAP1 00000a63: DIV 00000a64: PUSH1 0xff 00000a66: AND 00000a67: EQ 00000a68: ISZERO 00000a69: PUSH2 0x0ac4 00000a6c: JUMPI 00000a6d: PUSH1 0x00 00000a6f: PUSH1 0x01 00000a71: SWAP1 00000a72: SLOAD 00000a73: SWAP1 00000a74: PUSH2 0x0100 00000a77: EXP 00000a78: SWAP1 00000a79: DIV 00000a7a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000a8f: AND 00000a90: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000aa5: AND 00000aa6: CALLER 00000aa7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000abc: AND 00000abd: EQ 00000abe: SWAP1 00000abf: POP 00000ac0: PUSH2 0x0bdd 00000ac3: JUMP 00000ac4: JUMPDEST 00000ac5: PUSH1 0x01 00000ac7: PUSH1 0x00 00000ac9: PUSH1 0x00 00000acb: SWAP1 00000acc: SLOAD 00000acd: SWAP1 00000ace: PUSH2 0x0100 00000ad1: EXP 00000ad2: SWAP1 00000ad3: DIV 00000ad4: PUSH1 0xff 00000ad6: AND 00000ad7: EQ 00000ad8: ISZERO 00000ad9: PUSH2 0x0bd8 00000adc: JUMPI 00000add: PUSH1 0x00 00000adf: PUSH1 0x01 00000ae1: SWAP1 00000ae2: SLOAD 00000ae3: SWAP1 00000ae4: PUSH2 0x0100 00000ae7: EXP 00000ae8: SWAP1 00000ae9: DIV 00000aea: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000aff: AND 00000b00: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b15: AND 00000b16: PUSH4 0xb7009613 00000b1b: CALLER 00000b1c: ADDRESS 00000b1d: PUSH1 0x00 00000b1f: CALLDATALOAD 00000b20: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000b41: AND 00000b42: PUSH1 0x40 00000b44: MLOAD 00000b45: DUP5 00000b46: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000b64: MUL 00000b65: DUP2 00000b66: MSTORE 00000b67: PUSH1 0x04 00000b69: ADD 00000b6a: DUP1 00000b6b: DUP5 00000b6c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b81: AND 00000b82: DUP2 00000b83: MSTORE 00000b84: PUSH1 0x20 00000b86: ADD 00000b87: DUP4 00000b88: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b9d: AND 00000b9e: DUP2 00000b9f: MSTORE 00000ba0: PUSH1 0x20 00000ba2: ADD 00000ba3: DUP3 00000ba4: DUP2 00000ba5: MSTORE 00000ba6: PUSH1 0x20 00000ba8: ADD 00000ba9: SWAP4 00000baa: POP 00000bab: POP 00000bac: POP 00000bad: POP 00000bae: PUSH1 0x20 00000bb0: PUSH1 0x40 00000bb2: MLOAD 00000bb3: DUP1 00000bb4: DUP4 00000bb5: SUB 00000bb6: DUP2 00000bb7: PUSH1 0x00 00000bb9: DUP8 00000bba: PUSH2 0x61da 00000bbd: GAS 00000bbe: SUB 00000bbf: CALL 00000bc0: ISZERO 00000bc1: PUSH2 0x0002 00000bc4: JUMPI 00000bc5: POP 00000bc6: POP 00000bc7: POP 00000bc8: PUSH1 0x40 00000bca: MLOAD 00000bcb: DUP1 00000bcc: MLOAD 00000bcd: SWAP1 00000bce: PUSH1 0x20 00000bd0: ADD 00000bd1: POP 00000bd2: SWAP1 00000bd3: POP 00000bd4: PUSH2 0x0bdd 00000bd7: JUMP 00000bd8: JUMPDEST 00000bd9: PUSH2 0x0002 00000bdc: JUMP 00000bdd: JUMPDEST 00000bde: SWAP1 00000bdf: JUMP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | yes | yes |
viewtrace_id: 0x4c6039fa534935c141f27cf080fee53f2bab6812c93dca9c53f00438c305071d
call_targets:
0x77a79a78c56504c6c1f7499852b6e1918a6d0ab4, 0x96477a1c968a0e64e53b7ed01d0d6e4a311945c2, 0xbaf42749e027bb38ce4f23ddae8c84da8a15488f, 0xc66ea802717bfb9833400264dd12c2bceaa34a6d
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x4c6039fa534935c141f27cf080fee53f2bab6812c93dca9c53f00438c305071d",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x77a79a78c56504c6c1f7499852b6e1918a6d0ab4",
"0x96477a1c968a0e64e53b7ed01d0d6e4a311945c2",
"0xbaf42749e027bb38ce4f23ddae8c84da8a15488f",
"0xc66ea802717bfb9833400264dd12c2bceaa34a6d"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x095ea7b3",
"selector": "0x095ea7b3",
"calldata_variants": [
"0x095ea7b3",
"0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23de6651",
"selector": "0x23de6651",
"calldata_variants": [
"0x23de6651",
"0x23de66510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3018205f",
"selector": "0x3018205f",
"calldata_variants": [
"0x3018205f",
"0x3018205f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5687f2b8",
"selector": "0x5687f2b8",
"calldata_variants": [
"0x5687f2b8",
"0x5687f2b80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7e1db2a1",
"selector": "0x7e1db2a1",
"calldata_variants": [
"0x7e1db2a1",
"0x7e1db2a10000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1510,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1693,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1908,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 7,
"guards_detected": [
{
"pc": 2726,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 7
}
|
| medium | other | detector | ETH value transfer possible | 40 | yes | yes |
viewtrace_id: 0x4c6039fa534935c141f27cf080fee53f2bab6812c93dca9c53f00438c305071d
call_targets:
0x77a79a78c56504c6c1f7499852b6e1918a6d0ab4, 0x96477a1c968a0e64e53b7ed01d0d6e4a311945c2, 0xbaf42749e027bb38ce4f23ddae8c84da8a15488f, 0xc66ea802717bfb9833400264dd12c2bceaa34a6d
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x4c6039fa534935c141f27cf080fee53f2bab6812c93dca9c53f00438c305071d",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x77a79a78c56504c6c1f7499852b6e1918a6d0ab4",
"0x96477a1c968a0e64e53b7ed01d0d6e4a311945c2",
"0xbaf42749e027bb38ce4f23ddae8c84da8a15488f",
"0xc66ea802717bfb9833400264dd12c2bceaa34a6d"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x095ea7b3",
"selector": "0x095ea7b3",
"calldata_variants": [
"0x095ea7b3",
"0x095ea7b30000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x18160ddd",
"selector": "0x18160ddd",
"calldata_variants": [
"0x18160ddd",
"0x18160ddd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23b872dd",
"selector": "0x23b872dd",
"calldata_variants": [
"0x23b872dd",
"0x23b872dd0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x23de6651",
"selector": "0x23de6651",
"calldata_variants": [
"0x23de6651",
"0x23de66510000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x3018205f",
"selector": "0x3018205f",
"calldata_variants": [
"0x3018205f",
"0x3018205f0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5687f2b8",
"selector": "0x5687f2b8",
"calldata_variants": [
"0x5687f2b8",
"0x5687f2b80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7e1db2a1",
"selector": "0x7e1db2a1",
"calldata_variants": [
"0x7e1db2a1",
"0x7e1db2a10000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1510,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1693,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1908,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 7,
"guards_detected": [
{
"pc": 2726,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|