TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

b4192733-5270-437d-8131-4673f2bc5bb6

complete
Chain ID
1
Address
0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
Block Number
Created
Fri, Jan 2, 2026 4:41 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
CREATE/CREATE2 reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31293 report.consolidate complete 1 / 1 3 months ago
110756 artifact.fetch complete 1 / 3 1 week ago
110757 tool.cast_disasm complete 1 / 3 1 week ago
110758 analysis.bundle complete 1 / 3 1 week ago
110759 capability.graph complete 1 / 3 1 week ago
110760 detector.run complete 1 / 3 1 week ago
110761 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
No concrete, exploitable value-extraction paths found in the provided runtime bytecode. The only external-value transfers are gated by a hardcoded owner check (0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0), and there is no mutable admin storage or bypass visible.
View stderr 
[codex:1003734] OpenAI Codex v0.77.0 (research preview)
[codex:1003734] --------
[codex:1003734] workdir: /tmp/codex-multi-rgnj1lj8
[codex:1003734] model: gpt-5.2-codex
[codex:1003734] provider: openai
[codex:1003734] approval: never
[codex:1003734] sandbox: read-only
[codex:1003734] reasoning effort: xhigh
[codex:1003734] reasoning summaries: auto
[codex:1003734] session id: 019b7f95-4656-7f30-be6d-06ad0ba8adbb
[codex:1003734] --------
[codex:1003734] user
[codex:1003734] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:1003734] 
[codex:1003734] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:1003734] 
[codex:1003734] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:1003734] - Gas inefficiency, code quality, or best practices
[codex:1003734] - Theoretical vulnerabilities without a clear extraction path
[codex:1003734] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:1003734] - Issues requiring social engineering or off-chain coordination
[codex:1003734] 
[codex:1003734] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:1003734] - CALL/DELEGATECALL with controllable destination or calldata
[codex:1003734] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:1003734] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:1003734] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:1003734] - External calls before state updates (reentrancy)
[codex:1003734] - SELFDESTRUCT with controllable beneficiary
[codex:1003734] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:1003734] 
[codex:1003734] For each finding, you MUST explain:
[codex:1003734] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:1003734] 2. The concrete sequence of transactions to extract value
[codex:1003734] 3. Why you believe this is exploitable (not just suspicious)
[codex:1003734] 
[codex:1003734] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:1003734] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:1003734] 
[codex:1003734] Output MUST be valid JSON matching the provided schema.
[codex:1003734] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:1003734] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:1003734] mcp startup: no servers
[codex:1003734] 
[codex:1003734] thinking
[codex:1003734] **Reading BYTECODE_BUNDLE.txt**
[codex:1003734] exec
[codex:1003734] /bin/bash -lc ls in /tmp/codex-multi-rgnj1lj8 succeeded in 6ms:
[codex:1003734] BYTECODE_BUNDLE.txt
[codex:1003734] codex-output-schema.json
[codex:1003734] exec
[codex:1003734] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-rgnj1lj8 succeeded in 5ms:
[codex:1003734] Runtime bytecode bundle for best-effort auditing.
[codex:1003734] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:1003734] 
[codex:1003734] FILE: runtime_bytecode.hex
[codex:1003734] 0x60806040526004361061002d5760003560e01c806375e6850214610036578063cbbf72801461007e57610034565b3661003457005b005b34801561004257600080fd5b506100346004803603604081101561005957600080fd5b5073ffffffffffffffffffffffffffffffffffffffff813581169160200135166100be565b34801561008a57600080fd5b50610034600480360360208110156100a157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1661028b565b3373267be1c1d684f78cb4f6a176c4911b741e4ffdc01461014057604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f54782073656e646572206973206e6f74206f776e657200000000000000000000604482015290519081900360640190fd5b604080517f70a082310000000000000000000000000000000000000000000000000000000081523060048201529051839160009173ffffffffffffffffffffffffffffffffffffffff8416916370a08231916024808301926020929190829003018186803b1580156101b157600080fd5b505afa1580156101c5573d6000803e3d6000fd5b505050506040513d60208110156101db57600080fd5b5051604080517fa9059cbb00000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff86811660048301526024820184905291519293509084169163a9059cbb916044808201926020929091908290030181600087803b15801561025957600080fd5b505af115801561026d573d6000803e3d6000fd5b505050506040513d602081101561028357600080fd5b505050505050565b3373267be1c1d684f78cb4f6a176c4911b741e4ffdc01461030d57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f54782073656e646572206973206e6f74206f776e657200000000000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8216904780156108fc02916000818181858888f1935050505015801561034f573d6000803e3d6000fd5b505056fea264697066735822122047155b64aed62fd62bca522680e90455b124c7f551a75c8a378038749da28ba464736f6c634300060b0033
[codex:1003734] 
[codex:1003734] thinking
[codex:1003734] **Analyzing bytecode for vulnerabilities**
[codex:1003734] 
[codex:1003734] I'm reviewing the bytecode of two owner-only functions restricting access to a hardcoded owner address; they withdraw tokens and ETH but lack any mutable ownership or bypass routes. After detailed opcode inspection, I see no exploitable paths or reentrancy issues, so I'll prepare a JSON report stating no findings with a concise summary.
[codex:1003734] codex
[codex:1003734] {"no_findings":true,"summary":"No concrete, exploitable value-extraction paths found in the provided runtime bytecode. The only external-value transfers are gated by a hardcoded owner check (0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0), and there is no mutable admin storage or bypass visible.","findings":[]}
[codex:1003734] tokens used
[codex:1003734] 7,807
[codex:1003734] {"no_findings":true,"summary":"No concrete, exploitable value-extraction paths found in the provided runtime bytecode. The only external-value transfers are gated by a hardcoded owner check (0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0), and there is no mutable admin storage or bypass visible.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-02T16:41:34.403074+00:00",
        "returncode": 0
    },
    "summary": "No concrete, exploitable value-extraction paths found in the provided runtime bytecode. The only external-value transfers are gated by a hardcoded owner check (0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0), and there is no mutable admin storage or bypass visible.",
    "raw_final": {
        "summary": "No concrete, exploitable value-extraction paths found in the provided runtime bytecode. The only external-value transfers are gated by a hardcoded owner check (0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0), and there is no mutable admin storage or bypass visible.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
1
CALL-family (heavy)
3
EXT*/BALANCE
2
Total opcodes
431
Flags
create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x002d
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x75e68502
00000019: EQ
0000001a: PUSH2 0x0036
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xcbbf7280
00000024: EQ
00000025: PUSH2 0x007e
00000028: JUMPI
00000029: PUSH2 0x0034
0000002c: JUMP
0000002d: JUMPDEST
0000002e: CALLDATASIZE
0000002f: PUSH2 0x0034
00000032: JUMPI
00000033: STOP
00000034: JUMPDEST
00000035: STOP
00000036: JUMPDEST
00000037: CALLVALUE
00000038: DUP1
00000039: ISZERO
0000003a: PUSH2 0x0042
0000003d: JUMPI
0000003e: PUSH1 0x00
00000040: DUP1
00000041: REVERT
00000042: JUMPDEST
00000043: POP
00000044: PUSH2 0x0034
00000047: PUSH1 0x04
00000049: DUP1
0000004a: CALLDATASIZE
0000004b: SUB
0000004c: PUSH1 0x40
0000004e: DUP2
0000004f: LT
00000050: ISZERO
00000051: PUSH2 0x0059
00000054: JUMPI
00000055: PUSH1 0x00
00000057: DUP1
00000058: REVERT
00000059: JUMPDEST
0000005a: POP
0000005b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000070: DUP2
00000071: CALLDATALOAD
00000072: DUP2
00000073: AND
00000074: SWAP2
00000075: PUSH1 0x20
00000077: ADD
00000078: CALLDATALOAD
00000079: AND
0000007a: PUSH2 0x00be
0000007d: JUMP
0000007e: JUMPDEST
0000007f: CALLVALUE
00000080: DUP1
00000081: ISZERO
00000082: PUSH2 0x008a
00000085: JUMPI
00000086: PUSH1 0x00
00000088: DUP1
00000089: REVERT
0000008a: JUMPDEST
0000008b: POP
0000008c: PUSH2 0x0034
0000008f: PUSH1 0x04
00000091: DUP1
00000092: CALLDATASIZE
00000093: SUB
00000094: PUSH1 0x20
00000096: DUP2
00000097: LT
00000098: ISZERO
00000099: PUSH2 0x00a1
0000009c: JUMPI
0000009d: PUSH1 0x00
0000009f: DUP1
000000a0: REVERT
000000a1: JUMPDEST
000000a2: POP
000000a3: CALLDATALOAD
000000a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b9: AND
000000ba: PUSH2 0x028b
000000bd: JUMP
000000be: JUMPDEST
000000bf: CALLER
000000c0: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0
000000d5: EQ
000000d6: PUSH2 0x0140
000000d9: JUMPI
000000da: PUSH1 0x40
000000dc: DUP1
000000dd: MLOAD
000000de: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000000ff: DUP2
00000100: MSTORE
00000101: PUSH1 0x20
00000103: PUSH1 0x04
00000105: DUP3
00000106: ADD
00000107: MSTORE
00000108: PUSH1 0x16
0000010a: PUSH1 0x24
0000010c: DUP3
0000010d: ADD
0000010e: MSTORE
0000010f: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000
00000130: PUSH1 0x44
00000132: DUP3
00000133: ADD
00000134: MSTORE
00000135: SWAP1
00000136: MLOAD
00000137: SWAP1
00000138: DUP2
00000139: SWAP1
0000013a: SUB
0000013b: PUSH1 0x64
0000013d: ADD
0000013e: SWAP1
0000013f: REVERT
00000140: JUMPDEST
00000141: PUSH1 0x40
00000143: DUP1
00000144: MLOAD
00000145: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000
00000166: DUP2
00000167: MSTORE
00000168: ADDRESS
00000169: PUSH1 0x04
0000016b: DUP3
0000016c: ADD
0000016d: MSTORE
0000016e: SWAP1
0000016f: MLOAD
00000170: DUP4
00000171: SWAP2
00000172: PUSH1 0x00
00000174: SWAP2
00000175: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018a: DUP5
0000018b: AND
0000018c: SWAP2
0000018d: PUSH4 0x70a08231
00000192: SWAP2
00000193: PUSH1 0x24
00000195: DUP1
00000196: DUP4
00000197: ADD
00000198: SWAP3
00000199: PUSH1 0x20
0000019b: SWAP3
0000019c: SWAP2
0000019d: SWAP1
0000019e: DUP3
0000019f: SWAP1
000001a0: SUB
000001a1: ADD
000001a2: DUP2
000001a3: DUP7
000001a4: DUP1
000001a5: EXTCODESIZE
000001a6: ISZERO
000001a7: DUP1
000001a8: ISZERO
000001a9: PUSH2 0x01b1
000001ac: JUMPI
000001ad: PUSH1 0x00
000001af: DUP1
000001b0: REVERT
000001b1: JUMPDEST
000001b2: POP
000001b3: GAS
000001b4: STATICCALL
000001b5: ISZERO
000001b6: DUP1
000001b7: ISZERO
000001b8: PUSH2 0x01c5
000001bb: JUMPI
000001bc: RETURNDATASIZE
000001bd: PUSH1 0x00
000001bf: DUP1
000001c0: RETURNDATACOPY
000001c1: RETURNDATASIZE
000001c2: PUSH1 0x00
000001c4: REVERT
000001c5: JUMPDEST
000001c6: POP
000001c7: POP
000001c8: POP
000001c9: POP
000001ca: PUSH1 0x40
000001cc: MLOAD
000001cd: RETURNDATASIZE
000001ce: PUSH1 0x20
000001d0: DUP2
000001d1: LT
000001d2: ISZERO
000001d3: PUSH2 0x01db
000001d6: JUMPI
000001d7: PUSH1 0x00
000001d9: DUP1
000001da: REVERT
000001db: JUMPDEST
000001dc: POP
000001dd: MLOAD
000001de: PUSH1 0x40
000001e0: DUP1
000001e1: MLOAD
000001e2: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000
00000203: DUP2
00000204: MSTORE
00000205: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000021a: DUP7
0000021b: DUP2
0000021c: AND
0000021d: PUSH1 0x04
0000021f: DUP4
00000220: ADD
00000221: MSTORE
00000222: PUSH1 0x24
00000224: DUP3
00000225: ADD
00000226: DUP5
00000227: SWAP1
00000228: MSTORE
00000229: SWAP2
0000022a: MLOAD
0000022b: SWAP3
0000022c: SWAP4
0000022d: POP
0000022e: SWAP1
0000022f: DUP5
00000230: AND
00000231: SWAP2
00000232: PUSH4 0xa9059cbb
00000237: SWAP2
00000238: PUSH1 0x44
0000023a: DUP1
0000023b: DUP3
0000023c: ADD
0000023d: SWAP3
0000023e: PUSH1 0x20
00000240: SWAP3
00000241: SWAP1
00000242: SWAP2
00000243: SWAP1
00000244: DUP3
00000245: SWAP1
00000246: SUB
00000247: ADD
00000248: DUP2
00000249: PUSH1 0x00
0000024b: DUP8
0000024c: DUP1
0000024d: EXTCODESIZE
0000024e: ISZERO
0000024f: DUP1
00000250: ISZERO
00000251: PUSH2 0x0259
00000254: JUMPI
00000255: PUSH1 0x00
00000257: DUP1
00000258: REVERT
00000259: JUMPDEST
0000025a: POP
0000025b: GAS
0000025c: CALL
0000025d: ISZERO
0000025e: DUP1
0000025f: ISZERO
00000260: PUSH2 0x026d
00000263: JUMPI
00000264: RETURNDATASIZE
00000265: PUSH1 0x00
00000267: DUP1
00000268: RETURNDATACOPY
00000269: RETURNDATASIZE
0000026a: PUSH1 0x00
0000026c: REVERT
0000026d: JUMPDEST
0000026e: POP
0000026f: POP
00000270: POP
00000271: POP
00000272: PUSH1 0x40
00000274: MLOAD
00000275: RETURNDATASIZE
00000276: PUSH1 0x20
00000278: DUP2
00000279: LT
0000027a: ISZERO
0000027b: PUSH2 0x0283
0000027e: JUMPI
0000027f: PUSH1 0x00
00000281: DUP1
00000282: REVERT
00000283: JUMPDEST
00000284: POP
00000285: POP
00000286: POP
00000287: POP
00000288: POP
00000289: POP
0000028a: JUMP
0000028b: JUMPDEST
0000028c: CALLER
0000028d: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0
000002a2: EQ
000002a3: PUSH2 0x030d
000002a6: JUMPI
000002a7: PUSH1 0x40
000002a9: DUP1
000002aa: MLOAD
000002ab: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000002cc: DUP2
000002cd: MSTORE
000002ce: PUSH1 0x20
000002d0: PUSH1 0x04
000002d2: DUP3
000002d3: ADD
000002d4: MSTORE
000002d5: PUSH1 0x16
000002d7: PUSH1 0x24
000002d9: DUP3
000002da: ADD
000002db: MSTORE
000002dc: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000
000002fd: PUSH1 0x44
000002ff: DUP3
00000300: ADD
00000301: MSTORE
00000302: SWAP1
00000303: MLOAD
00000304: SWAP1
00000305: DUP2
00000306: SWAP1
00000307: SUB
00000308: PUSH1 0x64
0000030a: ADD
0000030b: SWAP1
0000030c: REVERT
0000030d: JUMPDEST
0000030e: PUSH1 0x40
00000310: MLOAD
00000311: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000326: DUP3
00000327: AND
00000328: SWAP1
00000329: SELFBALANCE
0000032a: DUP1
0000032b: ISZERO
0000032c: PUSH2 0x08fc
0000032f: MUL
00000330: SWAP2
00000331: PUSH1 0x00
00000333: DUP2
00000334: DUP2
00000335: DUP2
00000336: DUP6
00000337: DUP9
00000338: DUP9
00000339: CALL
0000033a: SWAP4
0000033b: POP
0000033c: POP
0000033d: POP
0000033e: POP
0000033f: ISZERO
00000340: DUP1
00000341: ISZERO
00000342: PUSH2 0x034f
00000345: JUMPI
00000346: RETURNDATASIZE
00000347: PUSH1 0x00
00000349: DUP1
0000034a: RETURNDATACOPY
0000034b: RETURNDATASIZE
0000034c: PUSH1 0x00
0000034e: REVERT
0000034f: JUMPDEST
00000350: POP
00000351: POP
00000352: JUMP
00000353: INVALID
00000354: LOG2
00000355: PUSH5 0x6970667358
0000035b: UNKNOWN(0x22)
0000035c: SLT
0000035d: KECCAK256
0000035e: SELFBALANCE
0000035f: ISZERO
00000360: JUMPDEST
00000361: PUSH5 0xaed62fd62b
00000367: UNKNOWN(0xCA)
00000368: MSTORE
00000369: UNKNOWN(0x26)
0000036a: DUP1
0000036b: UNKNOWN(0xE9)
0000036c: DIV
0000036d: SSTORE
0000036e: UNKNOWN(0xB1)
0000036f: UNKNOWN(0x24)
00000370: UNKNOWN(0xC7)
00000371: CREATE2
00000372: MLOAD
00000373: UNKNOWN(0xA7)
00000374: TLOAD
00000375: DUP11
00000376: CALLDATACOPY
00000377: DUP1
00000378: CODESIZE
00000379: PUSH21

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0x7e307295c8aa936bd1458aba9d7dd46b077c81f6914a269894c4b6cdf01c123c
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 4,
    "trace_id": "0x7e307295c8aa936bd1458aba9d7dd46b077c81f6914a269894c4b6cdf01c123c",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 0,
    "create2_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e
call_targets: 0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0ad1b3766f572c71cdfc4073f3effe1bbf129385"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 604,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 825,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": [
        {
            "pc": 213,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 674,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 191,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        },
        {
            "pc": 652,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        }
    ]
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e
call_targets: 0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0ad1b3766f572c71cdfc4073f3effe1bbf129385"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 604,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 825,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 213,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 674,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 191,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        },
        {
            "pc": 652,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        }
    ],
    "untrusted_call_count": 2
}
low other cast Contract creation opcode present 60 no
view
evidence_json 
{
    "notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
    "create_count": 0,
    "create2_count": 1
}