Analysis Run

[codex:961679] OpenAI Codex v0.77.0 (research preview)
[codex:961679] --------
[codex:961679] workdir: /tmp/codex-multi-5kr0a331
[codex:961679] model: gpt-5.2-codex
[codex:961679] provider: openai
[codex:961679] approval: never
[codex:961679] sandbox: read-only
[codex:961679] reasoning effort: xhigh
[codex:961679] reasoning summaries: auto
[codex:961679] session id: 019b7156-544a-7910-ab54-83588b97b9fc
[codex:961679] --------
[codex:961679] user
[codex:961679] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:961679] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:961679] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:961679] 
[codex:961679] Scope rules:
[codex:961679] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:961679] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:961679] 
[codex:961679] Output MUST be valid JSON matching the provided schema.
[codex:961679] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:961679] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:961679] 
[codex:961679] Output constraints (IMPORTANT):
[codex:961679] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:961679] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:961679] mcp startup: no servers
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Preparing to read AUDIT_BUNDLE file**
[codex:961679] exec
[codex:961679] /bin/bash -lc ls in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] AUDIT_BUNDLE.txt
[codex:961679] codex-output-schema.json
[codex:961679] contracts
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Reading full AUDIT_BUNDLE file**
[codex:961679] exec
[codex:961679] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:961679] 
[codex:961679] ================================================================================
[codex:961679] FILE: contracts/@openzeppelin/contracts-0.6/access/Ownable.sol
[codex:961679] ================================================================================
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] 
[codex:961679] pragma solidity >=0.6.0 <0.8.0;
[codex:961679] 
[codex:961679] import "../utils/Context.sol";
[codex:961679] /**
[codex:961679]  * @dev Contract module which provides a basic access control mechanism, where
[codex:961679]  * there is an account (an owner) that can be granted exclusive access to
[codex:961679]  * specific functions.
[codex:961679]  *
[codex:961679]  * By default, the owner account will be the one that deploys the contract. This
[codex:961679]  * can later be changed with {transferOwnership}.
[codex:961679]  *
[codex:961679]  * This module is used through inheritance. It will make available the modifier
[codex:961679]  * `onlyOwner`, which can be applied to your functions to restrict their use to
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing large AUDIT_BUNDLE**
[codex:961679] 
[codex:961679] I'm dealing with a massive AUDIT_BUNDLE file that includes both first-party and third-party code like OpenZeppelin. Since the instructions say to treat library folders as third-party and generally skip them unless misused, I'll focus on parsing the first-party Solidity files, especially those in contracts like convex-platform. It's a huge task, so I'll prioritize searching for key contracts and vulnerable patterns using rg to quickly pinpoint areas like Booster or BaseRewardPool where issues like reentrancy might occur.
[codex:961679] exec
[codex:961679] /bin/bash -lc 'rg -n "FILE:" AUDIT_BUNDLE.txt' in /tmp/codex-multi-5kr0a331 succeeded in 7ms:
[codex:961679] 4:FILE: contracts/@openzeppelin/contracts-0.6/access/Ownable.sol
[codex:961679] 76:FILE: contracts/@openzeppelin/contracts-0.6/math/SafeMath.sol
[codex:961679] 294:FILE: contracts/@openzeppelin/contracts-0.6/token/ERC20/ERC20.sol
[codex:961679] 604:FILE: contracts/@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol
[codex:961679] 685:FILE: contracts/@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol
[codex:961679] 764:FILE: contracts/@openzeppelin/contracts-0.6/utils/Address.sol
[codex:961679] 957:FILE: contracts/@openzeppelin/contracts-0.6/utils/Context.sol
[codex:961679] 985:FILE: contracts/@openzeppelin/contracts-0.6/utils/ReentrancyGuard.sol
[codex:961679] 1051:FILE: contracts/convex-platform/contracts/contracts/ArbitartorVault.sol
[codex:961679] 1116:FILE: contracts/convex-platform/contracts/contracts/BaseRewardPool.sol
[codex:961679] 1504:FILE: contracts/convex-platform/contracts/contracts/BaseRewardPool4626.sol
[codex:961679] 1804:FILE: contracts/convex-platform/contracts/contracts/Booster.sol
[codex:961679] 2487:FILE: contracts/convex-platform/contracts/contracts/ConvexMasterChef.sol
[codex:961679] 2805:FILE: contracts/convex-platform/contracts/contracts/CrvDepositor.sol
[codex:961679] 3023:FILE: contracts/convex-platform/contracts/contracts/DepositToken.sol
[codex:961679] 3086:FILE: contracts/convex-platform/contracts/contracts/ExtraRewardStashV3.sol
[codex:961679] 3314:FILE: contracts/convex-platform/contracts/contracts/Interfaces.sol
[codex:961679] 3467:FILE: contracts/convex-platform/contracts/contracts/PoolManagerProxy.sol
[codex:961679] 3553:FILE: contracts/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol
[codex:961679] 3682:FILE: contracts/convex-platform/contracts/contracts/PoolManagerV3.sol
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Preparing for contract security review**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,220p' contracts/convex-platform/contracts/contracts/ArbitartorVault.sol" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   ArbitratorVault
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Hold extra reward tokens on behalf of pools that have the same token as a reward (e.g. stkAAVE fro multiple aave pools)
[codex:961679]  * @dev     Sits on top of the STASH to basically handle the re-distribution of rewards to multiple stashes.
[codex:961679]  *          Because anyone can call gauge.claim_rewards(address) for the convex staking contract, rewards
[codex:961679]  *          could be forced to the wrong pool. Hold tokens here and distribute fairly(or at least more fairly),
[codex:961679]  *          to both pools at a later timing.
[codex:961679]  */
[codex:961679] contract ArbitratorVault{
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing token distribution logic**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,240p' contracts/convex-platform/contracts/contracts/BaseRewardPool.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] /**
[codex:961679]  *Submitted for verification at Etherscan.io on 2020-07-17
[codex:961679]  */
[codex:961679] 
[codex:961679] /*
[codex:961679]    ____            __   __        __   _
[codex:961679]   / __/__ __ ___  / /_ / /  ___  / /_ (_)__ __
[codex:961679]  _\ \ / // // _ \/ __// _ \/ -_)/ __// / \ \ /
[codex:961679] /___/ \_, //_//_/\__//_//_/\__/ \__//_/ /_\_\
[codex:961679]      /___/
[codex:961679] 
[codex:961679] * Synthetix: BaseRewardPool.sol
[codex:961679] *
[codex:961679] * Docs: https://docs.synthetix.io/
[codex:961679] *
[codex:961679] *
[codex:961679] * MIT License
[codex:961679] * ===========
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '240,520p' contracts/convex-platform/contracts/contracts/BaseRewardPool.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] 
[codex:961679]         stakingToken.safeTransfer(msg.sender, amount);
[codex:961679]         emit Withdrawn(msg.sender, amount);
[codex:961679]      
[codex:961679]         if(claim){
[codex:961679]             getReward(msg.sender,true);
[codex:961679]         }
[codex:961679] 
[codex:961679]         return true;
[codex:961679]     }
[codex:961679] 
[codex:961679]     function withdrawAll(bool claim) external{
[codex:961679]         withdraw(_balances[msg.sender],claim);
[codex:961679]     }
[codex:961679] 
[codex:961679]     function withdrawAndUnwrap(uint256 amount, bool claim) public returns(bool){
[codex:961679]         _withdrawAndUnwrapTo(amount, msg.sender, msg.sender);
[codex:961679]         //get rewards too
[codex:961679]         if(claim){
[codex:961679]             getReward(msg.sender,true);
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing reentrancy risks in BaseRewardPool**
[codex:961679] 
[codex:961679] I'm carefully inspecting external calls to extraRewards within BaseRewardPool methods like _processStake and withdraw to see if any reentrancy gaps exist, especially since state updates happen after these calls. The absence of explicit reentrancy guards and reliance on trusted rewardManager control of extraRewards makes me weigh potential attack scenarios, including malicious reward contracts exploiting reentrancy to withdraw more or manipulate rewards before balances update. I'll keep analyzing how updateReward interacts with these flows and whether any access controls mitigate risk.
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/BaseRewardPool4626.sol" in /tmp/codex-multi-5kr0a331 succeeded in 8ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import { BaseRewardPool, IDeposit } from "./BaseRewardPool.sol";
[codex:961679] import { IERC4626, IERC20Metadata } from "./interfaces/IERC4626.sol";
[codex:961679] import { IERC20 } from "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import { ReentrancyGuard } from "@openzeppelin/contracts-0.6/utils/ReentrancyGuard.sol";
[codex:961679] import { SafeERC20 } from "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   BaseRewardPool4626
[codex:961679]  * @notice  Simply wraps the BaseRewardPool with the new IERC4626 Vault standard functions.
[codex:961679]  * @dev     See https://github.com/fei-protocol/ERC4626/blob/main/src/interfaces/IERC4626.sol#L58
[codex:961679]  *          This is not so much a vault as a Reward Pool, therefore asset:share ratio is always 1:1.
[codex:961679]  *          To create most utility for this RewardPool, the "asset" has been made to be the crvLP token,
[codex:961679]  *          as opposed to the cvxLP token. Therefore, users can easily deposit crvLP, and it will first
[codex:961679]  *          go to the Booster and mint the cvxLP before performing the normal staking function.
[codex:961679]  */
[codex:961679] contract BaseRewardPool4626 is BaseRewardPool, ReentrancyGuard, IERC4626 {
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '260,620p' contracts/convex-platform/contracts/contracts/BaseRewardPool4626.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679]      */
[codex:961679]     function allowance(address owner, address spender) public view virtual override returns (uint256) {
[codex:961679]         return _allowances[owner][spender];
[codex:961679]     }
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @dev See {IERC20-approve}.
[codex:961679]      *
[codex:961679]      * Requirements:
[codex:961679]      *
[codex:961679]      * - `spender` cannot be the zero address.
[codex:961679]      */
[codex:961679]     function approve(address spender, uint256 amount) public virtual override returns (bool) {
[codex:961679]         _approve(msg.sender, spender, amount);
[codex:961679]         return true;
[codex:961679]     }
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
[codex:961679]      */
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing Reentrancy and External Calls**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/Booster.sol" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   Booster
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Main deposit contract; keeps track of pool info & user deposits; distributes rewards.
[codex:961679]  * @dev     They say all paths lead to Rome, and the cvxBooster is no different. This is where it all goes down.
[codex:961679]  *          It is responsible for tracking all the pools, it collects rewards from all pools and redirects it.
[codex:961679]  */
[codex:961679] contract Booster{
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679]     using Address for address;
[codex:961679]     using SafeMath for uint256;
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '260,620p' contracts/convex-platform/contracts/contracts/Booster.sol" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679] 
[codex:961679]         feeTokens[_feeToken].active = _active;
[codex:961679] 
[codex:961679]         emit FeeInfoChanged(_feeToken, _active);
[codex:961679]     }
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @notice Fee manager can set all the relevant fees
[codex:961679]      * @param _lockFees     % for cvxCrv stakers where 1% == 100
[codex:961679]      * @param _stakerFees   % for CVX stakers where 1% == 100
[codex:961679]      * @param _callerFees   % for whoever calls the claim where 1% == 100
[codex:961679]      * @param _platform     % for "treasury" or vlCVX where 1% == 100
[codex:961679]      */
[codex:961679]     function setFees(uint256 _lockFees, uint256 _stakerFees, uint256 _callerFees, uint256 _platform) external{
[codex:961679]         require(msg.sender==feeManager, "!auth");
[codex:961679] 
[codex:961679]         uint256 total = _lockFees.add(_stakerFees).add(_callerFees).add(_platform);
[codex:961679]         require(total <= MaxFees, ">MaxFees");
[codex:961679] 
[codex:961679]         require(_lockFees >= 300 && _lockFees <= 1500, "!lockFees");
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '620,980p' contracts/convex-platform/contracts/contracts/Booster.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] 
[codex:961679]             //send lockers' share of crv to reward contract
[codex:961679]             IERC20(crv).safeTransfer(lockRewards, _lockIncentive);
[codex:961679]             IRewards(lockRewards).queueNewRewards(_lockIncentive);
[codex:961679] 
[codex:961679]             //send stakers's share of crv to reward contract
[codex:961679]             IERC20(crv).safeTransfer(stakerRewards, _stakerIncentive);
[codex:961679]         }
[codex:961679]     }
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @notice Basically a hugely pivotal function.
[codex:961679]      *         Responsible for collecting the crv from gauge, and then redistributing to the correct place.
[codex:961679]      *         Pays the caller a fee to process this.
[codex:961679]      */
[codex:961679]     function earmarkRewards(uint256 _pid) external returns(bool){
[codex:961679]         require(!isShutdown,"shutdown");
[codex:961679]         _earmarkRewards(_pid);
[codex:961679]         return true;
[codex:961679]     }
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing potential access control and reentrancy risks**
[codex:961679] 
[codex:961679] I'm carefully examining external calls in Booster, especially around poolManager's unusual self-update pattern and varying factory permissions, to spot access control quirks. I'm also scrutinizing reward distribution flows for reentrancy possibilities, notably in reward contracts and stash interactions, and planning to expand my check to related contracts like ExtraRewardStashV3 and Proxy patterns.
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/ConvexMasterChef.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] 
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import { ReentrancyGuard } from "@openzeppelin/contracts-0.6/utils/ReentrancyGuard.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Context.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/access/Ownable.sol";
[codex:961679] import "./interfaces/IRewarder.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   ConvexMasterChef
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Masterchef can distribute rewards to n pools over x time
[codex:961679]  * @dev     There are some caveats with this usage - once it's turned on it can't be turned off,
[codex:961679]  *          and thus it can over complicate the distribution of these rewards.
[codex:961679]  *          To kick things off, just transfer CVX here and add some pools - rewards will be distributed
[codex:961679]  *          pro-rata based on the allocation points in each pool vs the total alloc.
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '260,620p' contracts/convex-platform/contracts/contracts/ConvexMasterChef.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679]         if (address(_rewarder) != address(0)) {
[codex:961679]             _rewarder.onReward(_pid, msg.sender, msg.sender, pending, user.amount);
[codex:961679]         }
[codex:961679] 
[codex:961679]         emit RewardPaid(msg.sender, _pid, pending);
[codex:961679]         emit Withdraw(msg.sender, _pid, _amount);
[codex:961679]     }
[codex:961679] 
[codex:961679]     function claim(uint256 _pid, address _account) external nonReentrant {
[codex:961679]         PoolInfo storage pool = poolInfo[_pid];
[codex:961679]         UserInfo storage user = userInfo[_pid][_account];
[codex:961679] 
[codex:961679]         updatePool(_pid);
[codex:961679]         uint256 pending = user.amount.mul(pool.accCvxPerShare).div(1e12).sub(
[codex:961679]             user.rewardDebt
[codex:961679]         );
[codex:961679]         safeRewardTransfer(_account, pending);
[codex:961679]         user.rewardDebt = user.amount.mul(pool.accCvxPerShare).div(1e12);
[codex:961679] 
[codex:961679]         //extra rewards
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing external calls and reentrancy**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/CrvDepositor.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   CrvDepositor
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  This is the entry point for CRV > cvxCRV wrapping. It accepts CRV, sends to 'staker'
[codex:961679]  *          for depositing into Curves VotingEscrow, and then mints cvxCRV at 1:1 via the 'minter' (cCrv) minus
[codex:961679]  *          the lockIncentive (initially 1%) which is used to basically compensate users who call the `lock` function on Curves
[codex:961679]  *          system (larger depositors would likely want to lock).
[codex:961679]  */
[codex:961679] contract CrvDepositor{
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing potential reentrancy and approval risks**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,240p' contracts/convex-platform/contracts/contracts/DepositToken.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/ERC20.sol";
[codex:961679] 
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   DepositToken
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Simply creates a token that can be minted and burned from the operator
[codex:961679]  */
[codex:961679] contract DepositToken is ERC20 {
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679]     using Address for address;
[codex:961679]     using SafeMath for uint256;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Noticing no issues with ExtraRewardStashV3**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,280p' contracts/convex-platform/contracts/contracts/ExtraRewardStashV3.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./interfaces/IRewardHook.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   ExtraRewardStashV3
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  ExtraRewardStash for pools added to the Booster to handle extra rewards
[codex:961679]  *          that aren't CRV that can be claimed from a gauge.
[codex:961679]  *          - v3.0: Support for curve gauge reward redirect
[codex:961679]  *            The Booster contract has a function called setGaugeRedirect. This function calls set_rewards_receiver
[codex:961679]  *            On the Curve Guage. This tells the Gauge where to send rewards. The Booster crafts the calldata for this
[codex:961679]  *            transaction and then calls execute on the VoterProxy which executes this transaction on the Curve Gauge
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Assessing potential reentrancy risks**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,220p' contracts/convex-platform/contracts/contracts/PoolManagerProxy.sol" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   PoolManagerProxy
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Immutable pool manager proxy to enforce that there are no multiple pools of the same gauge
[codex:961679]  *          as well as new lp tokens are not gauge tokens
[codex:961679]  * @dev     Called by PoolManagerShutdownProxy 
[codex:961679]  */
[codex:961679] contract PoolManagerProxy{
[codex:961679] 
[codex:961679]     address public immutable pools;
[codex:961679]     address public owner;
[codex:961679]     address public operator;
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @param _pools      Contract can call addPool currently Booster
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Checking access control implementation**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,240p' contracts/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./interfaces/IGaugeController.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   PoolManagerSecondaryProxy
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Basically a PoolManager that has a better shutdown and calls addPool on PoolManagerProxy. 
[codex:961679]  *          Immutable pool manager proxy to enforce that when a  pool is shutdown, the proper number
[codex:961679]  *          of lp tokens are returned to the booster contract for withdrawal.
[codex:961679]  */
[codex:961679] contract PoolManagerSecondaryProxy{
[codex:961679]     using SafeMath for uint256;
[codex:961679] 
[codex:961679]     address public immutable gaugeController;
[codex:961679]     address public immutable pools;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Reviewing PoolManager components**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,320p' contracts/convex-platform/contracts/contracts/PoolManagerV3.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./interfaces/IGaugeController.sol";
[codex:961679] 
[codex:961679] /** 
[codex:961679]  * @title   PoolManagerV3
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Pool Manager v3
[codex:961679]  *          PoolManagerV3 calls addPool on PoolManagerShutdownProxy which calls
[codex:961679]  *          addPool on PoolManagerProxy which calls addPool on Booster. 
[codex:961679]  *          PoolManager-ception
[codex:961679]  * @dev     Add pools to the Booster contract
[codex:961679]  */
[codex:961679] contract PoolManagerV3{
[codex:961679] 
[codex:961679]     address public immutable pools;
[codex:961679]     address public immutable gaugeController;
[codex:961679]     address public operator;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Evaluating protectAddPool flag implications**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/RewardFactory.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./BaseRewardPool4626.sol";
[codex:961679] import "./VirtualBalanceRewardPool.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   RewardFactory
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Used to deploy reward pools when a new pool is added to the Booster
[codex:961679]  *          contract. This contract deploys two types of reward pools:
[codex:961679]  *          - BaseRewardPool handles CRV rewards for guages
[codex:961679]  *          - VirtualBalanceRewardPool for extra rewards
[codex:961679]  */
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Noting RewardHook mention**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,200p' contracts/convex-platform/contracts/contracts/RewardHook.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] 
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   RewardHook
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Example Reward hook for stash
[codex:961679]  * @dev     ExtraRewardStash contracts call this hook if it is set. This hook
[codex:961679]  *          can be used to pull rewards during a claim. For example pulling
[codex:961679]  *          rewards from master chef.
[codex:961679]  */
[codex:961679] contract RewardHook{
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679]     using Address for address;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Checking StashFactoryV2 status**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,240p' contracts/convex-platform/contracts/contracts/StashFactoryV2.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./interfaces/IProxyFactory.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   StashFactoryV2
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Factory to deploy reward stash contracts that handle extra rewards
[codex:961679]  */
[codex:961679] contract StashFactoryV2 {
[codex:961679]     using Address for address;
[codex:961679] 
[codex:961679]     bytes4 private constant rewarded_token = 0x16fa50b1; //rewarded_token()
[codex:961679]     bytes4 private constant reward_tokens = 0x54c49fe9; //reward_tokens(uint256)
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing StashFactoryV2 mechanics**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,240p' contracts/convex-platform/contracts/contracts/TokenFactory.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "./DepositToken.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   TokenFactory
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  Token factory used to create Deposit Tokens. These are the tokenized
[codex:961679]  *          pool deposit tokens e.g cvx3crv
[codex:961679]  */
[codex:961679] contract TokenFactory {
[codex:961679]     using Address for address;
[codex:961679] 
[codex:961679]     address public immutable operator;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Checking VirtualBalanceRewardPool status**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] /**
[codex:961679]  *Submitted for verification at Etherscan.io on 2020-07-17
[codex:961679]  */
[codex:961679] 
[codex:961679] /*
[codex:961679]    ____            __   __        __   _
[codex:961679]   / __/__ __ ___  / /_ / /  ___  / /_ (_)__ __
[codex:961679]  _\ \ / // // _ \/ __// _ \/ -_)/ __// / \ \ /
[codex:961679] /___/ \_, //_//_/\__//_//_/\__/ \__//_/ /_\_\
[codex:961679]      /___/
[codex:961679] 
[codex:961679] * Synthetix: VirtualBalanceRewardPool.sol
[codex:961679] *
[codex:961679] * Docs: https://docs.synthetix.io/
[codex:961679] *
[codex:961679] *
[codex:961679] * MIT License
[codex:961679] * ===========
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing reentrancy concerns in reward transfer**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/VoterProxy.sol" in /tmp/codex-multi-5kr0a331 succeeded in 7ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] import "./Interfaces.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/math/SafeMath.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/IERC20.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/utils/Address.sol";
[codex:961679] import "@openzeppelin/contracts-0.6/token/ERC20/SafeERC20.sol";
[codex:961679] 
[codex:961679] /**
[codex:961679]  * @title   VoterProxy
[codex:961679]  * @author  ConvexFinance
[codex:961679]  * @notice  VoterProxy whitelisted in the curve SmartWalletWhitelist that
[codex:961679]  *          participates in Curve governance. Also handles all deposits since this is 
[codex:961679]  *          the address that has the voting power.
[codex:961679]  */
[codex:961679] contract VoterProxy {
[codex:961679]     using SafeERC20 for IERC20;
[codex:961679]     using Address for address;
[codex:961679]     using SafeMath for uint256;
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '260,620p' contracts/convex-platform/contracts/contracts/VoterProxy.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @notice Called by the CrvDepositor to increase unlocked time of curve
[codex:961679]      * @param _value Timestamp to increase locking to
[codex:961679]      */
[codex:961679]     function increaseTime(uint256 _value) external returns(bool){
[codex:961679]         require(msg.sender == depositor, "!auth");
[codex:961679]         ICurveVoteEscrow(escrow).increase_unlock_time(_value);
[codex:961679]         return true;
[codex:961679]     }
[codex:961679] 
[codex:961679]     /**
[codex:961679]      * @notice  Withdraw all CRV from Curve's voting escrow contract
[codex:961679]      * @dev     Only callable by CrvDepositor and can only withdraw if lock has expired
[codex:961679]      */
[codex:961679]     function release() external returns(bool){
[codex:961679]         require(msg.sender == depositor, "!auth");
[codex:961679]         ICurveVoteEscrow(escrow).withdraw();
[codex:961679]         return true;
[codex:961679]     }
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing potential reentrancy and signature risks**
[codex:961679] exec
[codex:961679] /bin/bash -lc "sed -n '1,260p' contracts/convex-platform/contracts/contracts/Interfaces.sol" in /tmp/codex-multi-5kr0a331 succeeded in 5ms:
[codex:961679] // SPDX-License-Identifier: MIT
[codex:961679] pragma solidity 0.6.12;
[codex:961679] 
[codex:961679] 
[codex:961679] 
[codex:961679] interface ICurveGauge {
[codex:961679]     function deposit(uint256) external;
[codex:961679]     function balanceOf(address) external view returns (uint256);
[codex:961679]     function withdraw(uint256) external;
[codex:961679]     function claim_rewards() external;
[codex:961679]     function reward_tokens(uint256) external view returns(address);//v2
[codex:961679]     function rewarded_token() external view returns(address);//v1
[codex:961679]     function lp_token() external view returns(address);
[codex:961679] }
[codex:961679] 
[codex:961679] interface ICurveVoteEscrow {
[codex:961679]     function create_lock(uint256, uint256) external;
[codex:961679]     function increase_amount(uint256) external;
[codex:961679]     function increase_unlock_time(uint256) external;
[codex:961679]     function withdraw() external;
[codex:961679] 
[codex:961679] 
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing potential reentrancy and access control issues**
[codex:961679] 
[codex:961679] I'm carefully examining BaseRewardPool and related contracts for reentrancy risks, especially around external calls before state updates and the behavior of extraRewards contracts. I’m also considering access control peculiarities in Booster and VoterProxy functions, as well as token minting flows and proxy clone initialization safeguards. While some edge cases and design quirks stand out, the core privileges and trusted roles appear to mitigate major vulnerabilities. I’m focusing on whether any overlooked reentrancy, unchecked calls, or permission gaps could be exploitable in practice.
[codex:961679] thinking
[codex:961679] **Evaluating reentrancy and initialization nuances**
[codex:961679] 
[codex:961679] I'm reviewing BaseRewardPool4626’s interaction with ReentrancyGuard and the safety of deposit, stake, and withdraw functions, along with ExtraRewardStashV3’s initialization sequence and token handling. I’m considering whether cloning and initialization gaps could be exploited and checking access restrictions on critical setters. Additionally, I’m analyzing subtle behavioral quirks in reward minting, external calls, and approval patterns to see if anything unexpected might emerge under unusual conditions. Overall, I'm piecing together how the design choices influence security boundaries and potential edge cases.
[codex:961679] thinking
[codex:961679] **Reviewing reward distribution and external call patterns**
[codex:961679] 
[codex:961679] I’m assessing functions like ConvexMasterChef’s reward transfers, ExtraRewardStashV3’s token management, and Booster’s reward earmarking for any unchecked external calls or access gaps. I’m also considering contract upgrade patterns, staking token flows, and signature validation mechanisms to understand if any subtle risks emerge in complex reward or proxy setups. The balance between expected trust and potential edge cases is key here.
[codex:961679] exec
[codex:961679] /bin/bash -lc 'rg -n "delegatecall" contracts/convex-platform/contracts/contracts' in /tmp/codex-multi-5kr0a331 exited 1 in 9ms:
[codex:961679] 
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Searching for low-level .call usage**
[codex:961679] exec
[codex:961679] /bin/bash -lc "rg -n \"\\.call\" contracts/convex-platform/contracts/contracts" in /tmp/codex-multi-5kr0a331 succeeded in 9ms:
[codex:961679] contracts/convex-platform/contracts/contracts/VoterProxy.sol:352:        (bool success, bytes memory result) = _to.call{value:_value}(_data);
[codex:961679] contracts/convex-platform/contracts/contracts/StashFactoryV2.sol:90:        (bool success,) = _gauge.call(data);
[codex:961679] contracts/convex-platform/contracts/contracts/StashFactoryV2.sol:96:        (bool success,) = _gauge.call(data);
[codex:961679] contracts/convex-platform/contracts/contracts/StashFactoryV2.sol:102:        (bool success,) = _gauge.call(data);
[codex:961679] 
[codex:961679] 
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing potential smart contract risks**
[codex:961679] thinking
[codex:961679] **Highlighting shutdown function fund-lock risk**
[codex:961679] 
[codex:961679] I’m spotting a notable issue where the `Booster.shutdownPool` method marks a pool as shut down even if the withdrawal of tokens from the gauge fails, potentially locking user funds in the gauge. This could cause users to be unable to withdraw their tokens afterward since the system assumes funds are unstaked when they might not be. It seems mitigated if the pool manager is the SecondaryProxy (which verifies balances), but could be risky if another manager calls this directly without checks. This subtle interplay around shutdown and external call failures is worth flagging carefully!
[codex:961679] thinking
[codex:961679] **Evaluating mitigation around shutdown pool balances**
[codex:961679] 
[codex:961679] I’m confirming that when the shutdown is called through the SecondaryProxy, it verifies booster balances and reverts on mismatch, effectively preventing the pool from being marked shutdown without successful fund withdrawal. However, if other managers call shutdownPool directly, this safety check is absent, leaving a risk of marking shutdown despite failed withdrawals. There are also some nuanced edge cases and minor issues with unchecked external call results and math operations, but the primary concern remains the shutdown and fund locking pattern.
[codex:961679] exec
[codex:961679] /bin/bash -lc "nl -ba contracts/convex-platform/contracts/contracts/Booster.sol | sed -n '340,470p'" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679]    340	        //give stashes access to rewardfactory and voteproxy
[codex:961679]    341	        //   voteproxy so it can grab the incentive tokens off the contract after claiming rewards
[codex:961679]    342	        //   reward factory so that stashes can make new extra reward contracts if a new incentive is added to the gauge
[codex:961679]    343	        if(stash != address(0)){
[codex:961679]    344	            poolInfo[pid].stash = stash;
[codex:961679]    345	            IStaker(staker).setStashAccess(stash,true);
[codex:961679]    346	            IRewardFactory(rewardFactory).setAccess(stash,true);
[codex:961679]    347	        }
[codex:961679]    348	
[codex:961679]    349	        emit PoolAdded(_lptoken, _gauge, token, newRewardPool, stash, pid);
[codex:961679]    350	        return true;
[codex:961679]    351	    }
[codex:961679]    352	
[codex:961679]    353	    /**
[codex:961679]    354	     * @notice Shuts down the pool by withdrawing everything from the gauge to here (can later be
[codex:961679]    355	     *         claimed from depositors by using the withdraw fn) and marking it as shut down
[codex:961679]    356	     */
[codex:961679]    357	    function shutdownPool(uint256 _pid) external returns(bool){
[codex:961679]    358	        require(msg.sender==poolManager, "!auth");
[codex:961679]    359	        PoolInfo storage pool = poolInfo[_pid];
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Analyzing shutdownPool and signature validation risks**
[codex:961679] exec
[codex:961679] /bin/bash -lc "nl -ba contracts/convex-platform/contracts/contracts/VoterProxy.sol | sed -n '120,220p'" in /tmp/codex-multi-5kr0a331 succeeded in 6ms:
[codex:961679]    120	    }
[codex:961679]    121	
[codex:961679]    122	    function setStashAccess(address _stash, bool _status) external returns(bool){
[codex:961679]    123	        require(msg.sender == operator, "!auth");
[codex:961679]    124	        if(_stash != address(0)){
[codex:961679]    125	            stashPool[_stash] = _status;
[codex:961679]    126	        }
[codex:961679]    127	        return true;
[codex:961679]    128	    }
[codex:961679]    129	
[codex:961679]    130	    /**
[codex:961679]    131	     * @notice Save a vote hash so when snapshot.org asks this contract if 
[codex:961679]    132	     *          a vote signature is valid we are able to check for a valid hash
[codex:961679]    133	     *          and return the appropriate response inline with EIP 1721
[codex:961679]    134	     * @param _hash  Hash of vote signature that was sent to snapshot.org
[codex:961679]    135	     * @param _valid Is the hash valid
[codex:961679]    136	     */
[codex:961679]    137	    function setVote(bytes32 _hash, bool _valid) external {
[codex:961679]    138	        require(msg.sender == operator, "!auth");
[codex:961679]    139	        votes[_hash] = _valid;
[codex:961679] 
[codex:961679] thinking
[codex:961679] **Summarizing security findings and JSON report**
[codex:961679] 
[codex:961679] I'm organizing detailed observations into a clear JSON report with two main findings: a medium-severity pool shutdown issue that may lock LP tokens permanently due to skipped gauge withdrawals and a low-severity signature validation flaw in EIP-1271 relying on preapproved hashes without cryptographic checks. I'll include evidence references, exploit scenarios, recommendations, and precise file locations to make the report comprehensive.
[codex:961679] codex
[codex:961679] {"no_findings":false,"summary":"Two issues identified: a shutdown path that can lock LP funds if gauge withdrawal fails, and EIP-1271 validation that relies on preapproved hashes rather than signature checks.","findings":[{"severity":"medium","category":"other","title":"Pool shutdown ignores failed gauge withdrawals, risking permanent LP lock","exploit_scenario":"If a gauge’s `withdrawAll` call reverts (e.g., gauge bug, temporary pause, or malicious gauge), `shutdownPool` still marks the pool as shutdown. Subsequent user withdrawals burn deposit tokens but skip withdrawing from the gauge, so if the Booster does not already hold enough LP tokens, users cannot withdraw and the remaining LP stays trapped in the gauge indefinitely.","recommendation":"Only set `pool.shutdown = true` after a successful withdrawal (e.g., check return/balance delta), or add a recovery path that allows the operator to retry `IStaker.withdraw` even after shutdown. Consider reverting the shutdown if `withdrawAll` fails.","evidence":"`shutdownPool` swallows `withdrawAll` errors and unconditionally sets `pool.shutdown = true`, while `_withdraw` only pulls from the gauge when `pool.shutdown` is false.","locations":["contracts/convex-platform/contracts/contracts/Booster.sol:357","contracts/convex-platform/contracts/contracts/Booster.sol:454"]},{"severity":"low","category":"auth","title":"EIP-1271 signature validation ignores signature bytes and relies solely on preapproved hashes","exploit_scenario":"`isValidSignature` returns the magic value purely based on a stored hash set by `setVote`, ignoring the provided signature bytes. If the operator/vote delegate is compromised, they can preapprove arbitrary vote hashes and have Snapshot treat them as valid without cryptographic verification of the signer.","recommendation":"Validate signatures against an expected signer (e.g., an EOA/contract) or bind the approved hash to a signer/domain with expiry. If the intent is an allowlist, document the trust model explicitly and consider additional safeguards (e.g., timelocks or multisig controls).","evidence":"`setVote` stores `_hash` as valid and `isValidSignature` ignores the signature parameter, returning validity solely based on `votes[_hash]`.","locations":["contracts/convex-platform/contracts/contracts/VoterProxy.sol:137","contracts/convex-platform/contracts/contracts/VoterProxy.sol:151"]}]}
[codex:961679] tokens used
[codex:961679] 130,702
[codex:961679] {"no_findings":false,"summary":"Two issues identified: a shutdown path that can lock LP funds if gauge withdrawal fails, and EIP-1271 validation that relies on preapproved hashes rather than signature checks.","findings":[{"severity":"medium","category":"other","title":"Pool shutdown ignores failed gauge withdrawals, risking permanent LP lock","exploit_scenario":"If a gauge’s `withdrawAll` call reverts (e.g., gauge bug, temporary pause, or malicious gauge), `shutdownPool` still marks the pool as shutdown. Subsequent user withdrawals burn deposit tokens but skip withdrawing from the gauge, so if the Booster does not already hold enough LP tokens, users cannot withdraw and the remaining LP stays trapped in the gauge indefinitely.","recommendation":"Only set `pool.shutdown = true` after a successful withdrawal (e.g., check return/balance delta), or add a recovery path that allows the operator to retry `IStaker.withdraw` even after shutdown. Consider reverting the shutdown if `withdrawAll` fails.","evidence":"`shutdownPool` swallows `withdrawAll` errors and unconditionally sets `pool.shutdown = true`, while `_withdraw` only pulls from the gauge when `pool.shutdown` is false.","locations":["contracts/convex-platform/contracts/contracts/Booster.sol:357","contracts/convex-platform/contracts/contracts/Booster.sol:454"]},{"severity":"low","category":"auth","title":"EIP-1271 signature validation ignores signature bytes and relies solely on preapproved hashes","exploit_scenario":"`isValidSignature` returns the magic value purely based on a stored hash set by `setVote`, ignoring the provided signature bytes. If the operator/vote delegate is compromised, they can preapprove arbitrary vote hashes and have Snapshot treat them as valid without cryptographic verification of the signer.","recommendation":"Validate signatures against an expected signer (e.g., an EOA/contract) or bind the approved hash to a signer/domain with expiry. If the intent is an allowlist, document the trust model explicitly and consider additional safeguards (e.g., timelocks or multisig controls).","evidence":"`setVote` stores `_hash` as valid and `isValidSignature` ignores the signature parameter, returning validity solely based on `votes[_hash]`.","locations":["contracts/convex-platform/contracts/contracts/VoterProxy.sol:137","contracts/convex-platform/contracts/contracts/VoterProxy.sol:151"]}]}

{
    "codex": {
        "ran_at": "2025-12-30T22:27:13.354894+00:00",
        "returncode": 0
    },
    "summary": "Two issues identified: a shutdown path that can lock LP funds if gauge withdrawal fails, and EIP-1271 validation that relies on preapproved hashes rather than signature checks.",
    "raw_final": {
        "summary": "Two issues identified: a shutdown path that can lock LP funds if gauge withdrawal fails, and EIP-1271 validation that relies on preapproved hashes rather than signature checks.",
        "findings": [
            {
                "title": "Pool shutdown ignores failed gauge withdrawals, risking permanent LP lock",
                "category": "other",
                "evidence": "`shutdownPool` swallows `withdrawAll` errors and unconditionally sets `pool.shutdown = true`, while `_withdraw` only pulls from the gauge when `pool.shutdown` is false.",
                "severity": "medium",
                "locations": [
                    "contracts/convex-platform/contracts/contracts/Booster.sol:357",
                    "contracts/convex-platform/contracts/contracts/Booster.sol:454"
                ],
                "recommendation": "Only set `pool.shutdown = true` after a successful withdrawal (e.g., check return/balance delta), or add a recovery path that allows the operator to retry `IStaker.withdraw` even after shutdown. Consider reverting the shutdown if `withdrawAll` fails.",
                "exploit_scenario": "If a gauge\u2019s `withdrawAll` call reverts (e.g., gauge bug, temporary pause, or malicious gauge), `shutdownPool` still marks the pool as shutdown. Subsequent user withdrawals burn deposit tokens but skip withdrawing from the gauge, so if the Booster does not already hold enough LP tokens, users cannot withdraw and the remaining LP stays trapped in the gauge indefinitely."
            },
            {
                "title": "EIP-1271 signature validation ignores signature bytes and relies solely on preapproved hashes",
                "category": "auth",
                "evidence": "`setVote` stores `_hash` as valid and `isValidSignature` ignores the signature parameter, returning validity solely based on `votes[_hash]`.",
                "severity": "low",
                "locations": [
                    "contracts/convex-platform/contracts/contracts/VoterProxy.sol:137",
                    "contracts/convex-platform/contracts/contracts/VoterProxy.sol:151"
                ],
                "recommendation": "Validate signatures against an expected signer (e.g., an EOA/contract) or bind the approved hash to a signer/domain with expiry. If the intent is an allowlist, document the trust model explicitly and consider additional safeguards (e.g., timelocks or multisig controls).",
                "exploit_scenario": "`isValidSignature` returns the magic value purely based on a stored hash set by `setVote`, ignoring the provided signature bytes. If the operator/vote delegate is compromised, they can preapprove arbitrary vote hashes and have Snapshot treat them as valid without cryptographic verification of the signer."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLVALUE
00000006: DUP1
00000007: ISZERO
00000008: PUSH2 0x0010
0000000b: JUMPI
0000000c: PUSH1 0x00
0000000e: DUP1
0000000f: REVERT
00000010: JUMPDEST
00000011: POP
00000012: PUSH1 0x04
00000014: CALLDATASIZE
00000015: LT
00000016: PUSH2 0x0172
00000019: JUMPI
0000001a: PUSH1 0x00
0000001c: CALLDATALOAD
0000001d: PUSH1 0xe0
0000001f: SHR
00000020: DUP1
00000021: PUSH4 0x7b0a47ee
00000026: GT
00000027: PUSH2 0x00de
0000002a: JUMPI
0000002b: DUP1
0000002c: PUSH4 0xc8f33c91
00000031: GT
00000032: PUSH2 0x0097
00000035: JUMPI
00000036: DUP1
00000037: PUSH4 0xebe2b12b
0000003c: GT
0000003d: PUSH2 0x0071
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0xebe2b12b
00000047: EQ
00000048: PUSH2 0x031e
0000004b: JUMPI
0000004c: DUP1
0000004d: PUSH4 0xf14faf6f
00000052: EQ
00000053: PUSH2 0x0326
00000056: JUMPI
00000057: DUP1
00000058: PUSH4 0xf3fef3a3
0000005d: EQ
0000005e: PUSH2 0x0357
00000061: JUMPI
00000062: DUP1
00000063: PUSH4 0xf7c618c1
00000068: EQ
00000069: PUSH2 0x0383
0000006c: JUMPI
0000006d: PUSH2 0x0172
00000070: JUMP
00000071: JUMPDEST
00000072: DUP1
00000073: PUSH4 0xc8f33c91
00000078: EQ
00000079: PUSH2 0x0306
0000007c: JUMPI
0000007d: DUP1
0000007e: PUSH4 0xcd3daf9d
00000083: EQ
00000084: PUSH2 0x030e
00000087: JUMPI
00000088: DUP1
00000089: PUSH4 0xdf136d65
0000008e: EQ
0000008f: PUSH2 0x0316
00000092: JUMPI
00000093: PUSH2 0x0172
00000096: JUMP
00000097: JUMPDEST
00000098: DUP1
00000099: PUSH4 0x7b0a47ee
0000009e: EQ
0000009f: PUSH2 0x0276
000000a2: JUMPI
000000a3: DUP1
000000a4: PUSH4 0x80faa57d
000000a9: EQ
000000aa: PUSH2 0x027e
000000ad: JUMPI
000000ae: DUP1
000000af: PUSH4 0x8b876347
000000b4: EQ
000000b5: PUSH2 0x0286
000000b8: JUMPI
000000b9: DUP1
000000ba: PUSH4 0x901a7d53
000000bf: EQ
000000c0: PUSH2 0x02ac
000000c3: JUMPI
000000c4: DUP1
000000c5: PUSH4 0xadc9772e
000000ca: EQ
000000cb: PUSH2 0x02b4
000000ce: JUMPI
000000cf: DUP1
000000d0: PUSH4 0xc00007b0
000000d5: EQ
000000d6: PUSH2 0x02e0
000000d9: JUMPI
000000da: PUSH2 0x0172
000000dd: JUMP
000000de: JUMPDEST
000000df: DUP1
000000e0: PUSH4 0x3d18b912
000000e5: GT
000000e6: PUSH2 0x0130
000000e9: JUMPI
000000ea: DUP1
000000eb: PUSH4 0x3d18b912
000000f0: EQ
000000f1: PUSH2 0x0211
000000f4: JUMPI
000000f5: DUP1
000000f6: PUSH4 0x570ca735
000000fb: EQ
000000fc: PUSH2 0x021b
000000ff: JUMPI
00000100: DUP1
00000101: PUSH4 0x590a41f5
00000106: EQ
00000107: PUSH2 0x0223
0000010a: JUMPI
0000010b: DUP1
0000010c: PUSH4 0x63d38c3b
00000111: EQ
00000112: PUSH2 0x0240
00000115: JUMPI
00000116: DUP1
00000117: PUSH4 0x6c8bcee8
0000011c: EQ
0000011d: PUSH2 0x0248
00000120: JUMPI
00000121: DUP1
00000122: PUSH4 0x70a08231
00000127: EQ
00000128: PUSH2 0x0250
0000012b: JUMPI
0000012c: PUSH2 0x0172
0000012f: JUMP
00000130: JUMPDEST
00000131: DUP1
00000132: PUSH3 0x8cc262
00000136: EQ
00000137: PUSH2 0x0177
0000013a: JUMPI
0000013b: DUP1
0000013c: PUSH4 0x0700037d
00000141: EQ
00000142: PUSH2 0x01af
00000145: JUMPI
00000146: DUP1
00000147: PUSH4 0x0fb5a6b4
0000014c: EQ
0000014d: PUSH2 0x01d5
00000150: JUMPI
00000151: DUP1
00000152: PUSH4 0x18160ddd
00000157: EQ
00000158: PUSH2 0x01dd
0000015b: JUMPI
0000015c: DUP1
0000015d: PUSH4 0x262d3d6d
00000162: EQ
00000163: PUSH2 0x01e5
00000166: JUMPI
00000167: DUP1
00000168: PUSH4 0x323a5e0b
0000016d: EQ
0000016e: PUSH2 0x01ed
00000171: JUMPI
00000172: JUMPDEST
00000173: PUSH1 0x00
00000175: DUP1
00000176: REVERT
00000177: JUMPDEST
00000178: PUSH2 0x019d
0000017b: PUSH1 0x04
0000017d: DUP1
0000017e: CALLDATASIZE
0000017f: SUB
00000180: PUSH1 0x20
00000182: DUP2
00000183: LT
00000184: ISZERO
00000185: PUSH2 0x018d
00000188: JUMPI
00000189: PUSH1 0x00
0000018b: DUP1
0000018c: REVERT
0000018d: JUMPDEST
0000018e: POP
0000018f: CALLDATALOAD
00000190: PUSH1 0x01
00000192: PUSH1 0x01
00000194: PUSH1 0xa0
00000196: SHL
00000197: SUB
00000198: AND
00000199: PUSH2 0x038b
0000019c: JUMP
0000019d: JUMPDEST
0000019e: PUSH1 0x40
000001a0: DUP1
000001a1: MLOAD
000001a2: SWAP2
000001a3: DUP3
000001a4: MSTORE
000001a5: MLOAD
000001a6: SWAP1
000001a7: DUP2
000001a8: SWAP1
000001a9: SUB
000001aa: PUSH1 0x20
000001ac: ADD
000001ad: SWAP1
000001ae: RETURN
000001af: JUMPDEST
000001b0: PUSH2 0x019d
000001b3: PUSH1 0x04
000001b5: DUP1
000001b6: CALLDATASIZE
000001b7: SUB
000001b8: PUSH1 0x20
000001ba: DUP2
000001bb: LT
000001bc: ISZERO
000001bd: PUSH2 0x01c5
000001c0: JUMPI
000001c1: PUSH1 0x00
000001c3: DUP1
000001c4: REVERT
000001c5: JUMPDEST
000001c6: POP
000001c7: CALLDATALOAD
000001c8: PUSH1 0x01
000001ca: PUSH1 0x01
000001cc: PUSH1 0xa0
000001ce: SHL
000001cf: SUB
000001d0: AND
000001d1: PUSH2 0x03f9
000001d4: JUMP
000001d5: JUMPDEST
000001d6: PUSH2 0x019d
000001d9: PUSH2 0x040b
000001dc: JUMP
000001dd: JUMPDEST
000001de: PUSH2 0x019d
000001e1: PUSH2 0x0412
000001e4: JUMP
000001e5: JUMPDEST
000001e6: PUSH2 0x019d
000001e9: PUSH2 0x049f
000001ec: JUMP
000001ed: JUMPDEST
000001ee: PUSH2 0x01f5
000001f1: PUSH2 0x04a5
000001f4: JUMP
000001f5: JUMPDEST
000001f6: PUSH1 0x40
000001f8: DUP1
000001f9: MLOAD
000001fa: PUSH1 0x01
000001fc: PUSH1 0x01
000001fe: PUSH1 0xa0
00000200: SHL
00000201: SUB
00000202: SWAP1
00000203: SWAP3
00000204: AND
00000205: DUP3
00000206: MSTORE
00000207: MLOAD
00000208: SWAP1
00000209: DUP2
0000020a: SWAP1
0000020b: SUB
0000020c: PUSH1 0x20
0000020e: ADD
0000020f: SWAP1
00000210: RETURN
00000211: JUMPDEST
00000212: PUSH2 0x0219
00000215: PUSH2 0x04c9
00000218: JUMP
00000219: JUMPDEST
0000021a: STOP
0000021b: JUMPDEST
0000021c: PUSH2 0x01f5
0000021f: PUSH2 0x04d4
00000222: JUMP
00000223: JUMPDEST
00000224: PUSH2 0x0219
00000227: PUSH1 0x04
00000229: DUP1
0000022a: CALLDATASIZE
0000022b: SUB
0000022c: PUSH1 0x20
0000022e: DUP2
0000022f: LT
00000230: ISZERO
00000231: PUSH2 0x0239
00000234: JUMPI
00000235: PUSH1 0x00
00000237: DUP1
00000238: REVERT
00000239: JUMPDEST
0000023a: POP
0000023b: CALLDATALOAD
0000023c: PUSH2 0x04f8
0000023f: JUMP
00000240: JUMPDEST
00000241: PUSH2 0x019d
00000244: PUSH2 0x05f1
00000247: JUMP
00000248: JUMPDEST
00000249: PUSH2 0x019d
0000024c: PUSH2 0x05f7
0000024f: JUMP
00000250: JUMPDEST
00000251: PUSH2 0x019d
00000254: PUSH1 0x04
00000256: DUP1
00000257: CALLDATASIZE
00000258: SUB
00000259: PUSH1 0x20
0000025b: DUP2
0000025c: LT
0000025d: ISZERO
0000025e: PUSH2 0x0266
00000261: JUMPI
00000262: PUSH1 0x00
00000264: DUP1
00000265: REVERT
00000266: JUMPDEST
00000267: POP
00000268: CALLDATALOAD
00000269: PUSH1 0x01
0000026b: PUSH1 0x01
0000026d: PUSH1 0xa0
0000026f: SHL
00000270: SUB
00000271: AND
00000272: PUSH2 0x05fd
00000275: JUMP
00000276: JUMPDEST
00000277: PUSH2 0x019d
0000027a: PUSH2 0x069e
0000027d: JUMP
0000027e: JUMPDEST
0000027f: PUSH2 0x019d
00000282: PUSH2 0x06a4
00000285: JUMP
00000286: JUMPDEST
00000287: PUSH2 0x019d
0000028a: PUSH1 0x04
0000028c: DUP1
0000028d: CALLDATASIZE
0000028e: SUB
0000028f: PUSH1 0x20
00000291: DUP2
00000292: LT
00000293: ISZERO
00000294: PUSH2 0x029c
00000297: JUMPI
00000298: PUSH1 0x00
0000029a: DUP1
0000029b: REVERT
0000029c: JUMPDEST
0000029d: POP
0000029e: CALLDATALOAD
0000029f: PUSH1 0x01
000002a1: PUSH1 0x01
000002a3: PUSH1 0xa0
000002a5: SHL
000002a6: SUB
000002a7: AND
000002a8: PUSH2 0x06b7
000002ab: JUMP
000002ac: JUMPDEST
000002ad: PUSH2 0x019d
000002b0: PUSH2 0x06c9
000002b3: JUMP
000002b4: JUMPDEST
000002b5: PUSH2 0x0219
000002b8: PUSH1 0x04
000002ba: DUP1
000002bb: CALLDATASIZE
000002bc: SUB
000002bd: PUSH1 0x40
000002bf: DUP2
000002c0: LT
000002c1: ISZERO
000002c2: PUSH2 0x02ca
000002c5: JUMPI
000002c6: PUSH1 0x00
000002c8: DUP1
000002c9: REVERT
000002ca: JUMPDEST
000002cb: POP
000002cc: PUSH1 0x01
000002ce: PUSH1 0x01
000002d0: PUSH1 0xa0
000002d2: SHL
000002d3: SUB
000002d4: DUP2
000002d5: CALLDATALOAD
000002d6: AND
000002d7: SWAP1
000002d8: PUSH1 0x20
000002da: ADD
000002db: CALLDATALOAD
000002dc: PUSH2 0x06cf
000002df: JUMP
000002e0: JUMPDEST
000002e1: PUSH2 0x0219
000002e4: PUSH1 0x04
000002e6: DUP1
000002e7: CALLDATASIZE
000002e8: SUB
000002e9: PUSH1 0x20
000002eb: DUP2
000002ec: LT
000002ed: ISZERO
000002ee: PUSH2 0x02f6
000002f1: JUMPI
000002f2: PUSH1 0x00
000002f4: DUP1
000002f5: REVERT
000002f6: JUMPDEST
000002f7: POP
000002f8: CALLDATALOAD
000002f9: PUSH1 0x01
000002fb: PUSH1 0x01
000002fd: PUSH1 0xa0
000002ff: SHL
00000300: SUB
00000301: AND
00000302: PUSH2 0x07d9
00000305: JUMP
00000306: JUMPDEST
00000307: PUSH2 0x019d
0000030a: PUSH2 0x08d3
0000030d: JUMP
0000030e: JUMPDEST
0000030f: PUSH2 0x019d
00000312: PUSH2 0x08d9
00000315: JUMP
00000316: JUMPDEST
00000317: PUSH2 0x019d
0000031a: PUSH2 0x0927
0000031d: JUMP
0000031e: JUMPDEST
0000031f: PUSH2 0x019d
00000322: PUSH2 0x092d
00000325: JUMP
00000326: JUMPDEST
00000327: PUSH2 0x0343
0000032a: PUSH1 0x04
0000032c: DUP1
0000032d: CALLDATASIZE
0000032e: SUB
0000032f: PUSH1 0x20
00000331: DUP2
00000332: LT
00000333: ISZERO
00000334: PUSH2 0x033c
00000337: JUMPI
00000338: PUSH1 0x00
0000033a: DUP1
0000033b: REVERT
0000033c: JUMPDEST
0000033d: POP
0000033e: CALLDATALOAD
0000033f: PUSH2 0x0933
00000342: JUMP
00000343: JUMPDEST
00000344: PUSH1 0x40
00000346: DUP1
00000347: MLOAD
00000348: SWAP2
00000349: ISZERO
0000034a: ISZERO
0000034b: DUP3
0000034c: MSTORE
0000034d: MLOAD
0000034e: SWAP1
0000034f: DUP2
00000350: SWAP1
00000351: SUB
00000352: PUSH1 0x20
00000354: ADD
00000355: SWAP1
00000356: RETURN
00000357: JUMPDEST
00000358: PUSH2 0x0219
0000035b: PUSH1 0x04
0000035d: DUP1
0000035e: CALLDATASIZE
0000035f: SUB
00000360: PUSH1 0x40
00000362: DUP2
00000363: LT
00000364: ISZERO
00000365: PUSH2 0x036d
00000368: JUMPI
00000369: PUSH1 0x00
0000036b: DUP1
0000036c: REVERT
0000036d: JUMPDEST
0000036e: POP
0000036f: PUSH1 0x01
00000371: PUSH1 0x01
00000373: PUSH1 0xa0
00000375: SHL
00000376: SUB
00000377: DUP2
00000378: CALLDATALOAD
00000379: AND
0000037a: SWAP1
0000037b: PUSH1 0x20
0000037d: ADD
0000037e: CALLDATALOAD
0000037f: PUSH2 0x097f
00000382: JUMP
00000383: JUMPDEST
00000384: PUSH2 0x01f5
00000387: PUSH2 0x0a89
0000038a: JUMP
0000038b: JUMPDEST
0000038c: PUSH1 0x01
0000038e: PUSH1 0x01
00000390: PUSH1 0xa0
00000392: SHL
00000393: SUB
00000394: DUP2
00000395: AND
00000396: PUSH1 0x00
00000398: SWAP1
00000399: DUP2
0000039a: MSTORE
0000039b: PUSH1 0x08
0000039d: PUSH1 0x20
0000039f: SWAP1
000003a0: DUP2
000003a1: MSTORE
000003a2: PUSH1 0x40
000003a4: DUP1
000003a5: DUP4
000003a6: KECCAK256
000003a7: SLOAD
000003a8: PUSH1 0x07
000003aa: SWAP1
000003ab: SWAP3
000003ac: MSTORE
000003ad: DUP3
000003ae: KECCAK256
000003af: SLOAD
000003b0: PUSH2 0x03f3
000003b3: SWAP2
000003b4: SWAP1
000003b5: PUSH2 0x03ed
000003b8: SWAP1
000003b9: PUSH8 0x0de0b6b3a7640000
000003c2: SWAP1
000003c3: PUSH2 0x03e7
000003c6: SWAP1
000003c7: PUSH2 0x03d8
000003ca: SWAP1
000003cb: PUSH2 0x03d2
000003ce: PUSH2 0x08d9
000003d1: JUMP
000003d2: JUMPDEST
000003d3: SWAP1
000003d4: PUSH2 0x0aad
000003d7: JUMP
000003d8: JUMPDEST
000003d9: PUSH2 0x03e1
000003dc: DUP9
000003dd: PUSH2 0x05fd
000003e0: JUMP
000003e1: JUMPDEST
000003e2: SWAP1
000003e3: PUSH2 0x0b0a
000003e6: JUMP
000003e7: JUMPDEST
000003e8: SWAP1
000003e9: PUSH2 0x0b6a
000003ec: JUMP
000003ed: JUMPDEST
000003ee: SWAP1
000003ef: PUSH2 0x0bd1
000003f2: JUMP
000003f3: JUMPDEST
000003f4: SWAP3
000003f5: SWAP2
000003f6: POP
000003f7: POP
000003f8: JUMP
000003f9: JUMPDEST
000003fa: PUSH1 0x08
000003fc: PUSH1 0x20
000003fe: MSTORE
000003ff: PUSH1 0x00
00000401: SWAP1
00000402: DUP2
00000403: MSTORE
00000404: PUSH1 0x40
00000406: SWAP1
00000407: KECCAK256
00000408: SLOAD
00000409: DUP2
0000040a: JUMP
0000040b: JUMPDEST
0000040c: PUSH3 0x093a80
00000410: DUP2
00000411: JUMP
00000412: JUMPDEST
00000413: PUSH1 0x00
00000415: PUSH32 0x00000000000000000000000000a7ba8ae7bca0b10a32ea1f8e2a1da980c6cad2
00000436: PUSH1 0x01
00000438: PUSH1 0x01
0000043a: PUSH1 0xa0
0000043c: SHL
0000043d: SUB
0000043e: AND
0000043f: PUSH4 0x18160ddd
00000444: PUSH1 0x40
00000446: MLOAD
00000447: DUP2
00000448: PUSH4 0xffffffff
0000044d: AND
0000044e: PUSH1 0xe0
00000450: SHL
00000451: DUP2
00000452: MSTORE
00000453: PUSH1 0x04
00000455: ADD
00000456: PUSH1 0x20
00000458: PUSH1 0x40
0000045a: MLOAD
0000045b: DUP1
0000045c: DUP4
0000045d: SUB
0000045e: DUP2
0000045f: DUP7
00000460: DUP1
00000461: EXTCODESIZE
00000462: ISZERO
00000463: DUP1
00000464: ISZERO
00000465: PUSH2 0x046d
00000468: JUMPI
00000469: PUSH1 0x00
0000046b: DUP1
0000046c: REVERT
0000046d: JUMPDEST
0000046e: POP
0000046f: GAS
00000470: STATICCALL
00000471: ISZERO
00000472: DUP1
00000473: ISZERO
00000474: PUSH2 0x0481
00000477: JUMPI
00000478: RETURNDATASIZE
00000479: PUSH1 0x00
0000047b: DUP1
0000047c: RETURNDATACOPY
0000047d: RETURNDATASIZE
0000047e: PUSH1 0x00
00000480: REVERT
00000481: JUMPDEST
00000482: POP
00000483: POP
00000484: POP
00000485: POP
00000486: PUSH1 0x40
00000488: MLOAD
00000489: RETURNDATASIZE
0000048a: PUSH1 0x20
0000048c: DUP2
0000048d: LT
0000048e: ISZERO
0000048f: PUSH2 0x0497
00000492: JUMPI
00000493: PUSH1 0x00
00000495: DUP1
00000496: REVERT
00000497: JUMPDEST
00000498: POP
00000499: MLOAD
0000049a: SWAP1
0000049b: POP
0000049c: JUMPDEST
0000049d: SWAP1
0000049e: JUMP
0000049f: JUMPDEST
000004a0: PUSH1 0x06
000004a2: SLOAD
000004a3: DUP2
000004a4: JUMP
000004a5: JUMPDEST
000004a6: PUSH32 0x00000000000000000000000000a7ba8ae7bca0b10a32ea1f8e2a1da980c6cad2
000004c7: DUP2
000004c8: JUMP
000004c9: JUMPDEST
000004ca: PUSH2 0x04d2
000004cd: CALLER
000004ce: PUSH2 0x07d9
000004d1: JUMP
000004d2: JUMPDEST
000004d3: JUMP
000004d4: JUMPDEST
000004d5: PUSH32 0x000000000000000000000000a57b8d98dae62b26ec3bcc4a365338157060b234
000004f6: DUP2
000004f7: JUMP
000004f8: JUMPDEST
000004f9: CALLER
000004fa: PUSH1 0x01
000004fc: PUSH1 0x01
000004fe: PUSH1 0xa0
00000500: SHL
00000501: SUB
00000502: PUSH32 0x000000000000000000000000a57b8d98dae62b26ec3bcc4a365338157060b234
00000523: AND
00000524: EQ
00000525: PUSH2 0x0563
00000528: JUMPI
00000529: PUSH1 0x40
0000052b: DUP1
0000052c: MLOAD
0000052d: PUSH3 0x461bcd
00000531: PUSH1 0xe5
00000533: SHL
00000534: DUP2
00000535: MSTORE
00000536: PUSH1 0x20
00000538: PUSH1 0x04
0000053a: DUP3
0000053b: ADD
0000053c: MSTORE
0000053d: PUSH1 0x0b
0000053f: PUSH1 0x24
00000541: DUP3
00000542: ADD
00000543: MSTORE
00000544: PUSH11 0x08585d5d1a1bdc9a5e9959
00000550: PUSH1 0xaa
00000552: SHL
00000553: PUSH1 0x44
00000555: DUP3
00000556: ADD
00000557: MSTORE
00000558: SWAP1
00000559: MLOAD
0000055a: SWAP1
0000055b: DUP2
0000055c: SWAP1
0000055d: SUB
0000055e: PUSH1 0x64
00000560: ADD
00000561: SWAP1
00000562: REVERT
00000563: JUMPDEST
00000564: PUSH1 0x04
00000566: SLOAD
00000567: PUSH2 0x0571
0000056a: SWAP1
0000056b: DUP3
0000056c: SWAP1
0000056d: PUSH2 0x0bd1
00000570: JUMP
00000571: JUMPDEST
00000572: SWAP1
00000573: POP
00000574: PUSH1 0x00
00000576: SLOAD
00000577: TIMESTAMP
00000578: LT
00000579: PUSH2 0x058f
0000057c: JUMPI
0000057d: PUSH2 0x0585
00000580: DUP2
00000581: PUSH2 0x0c2b
00000584: JUMP
00000585: JUMPDEST
00000586: PUSH1 0x00
00000588: PUSH1 0x04
0000058a: SSTORE
0000058b: PUSH2 0x05ee
0000058e: JUMP
0000058f: JUMPDEST
00000590: PUSH1 0x00
00000592: DUP1
00000593: SLOAD
00000594: PUSH2 0x05ab
00000597: SWAP1
00000598: PUSH2 0x05a4
0000059b: SWAP1
0000059c: PUSH3 0x093a80
000005a0: PUSH2 0x0aad
000005a3: JUMP
000005a4: JUMPDEST
000005a5: TIMESTAMP
000005a6: SWAP1
000005a7: PUSH2 0x0aad
000005aa: JUMP
000005ab: JUMPDEST
000005ac: PUSH1 0x01
000005ae: SLOAD
000005af: SWAP1
000005b0: SWAP2
000005b1: POP
000005b2: DUP2
000005b3: MUL
000005b4: PUSH1 0x00
000005b6: PUSH2 0x05c5
000005b9: DUP5
000005ba: PUSH2 0x03e7
000005bd: DUP5
000005be: PUSH2 0x03e8
000005c1: PUSH2 0x0b0a
000005c4: JUMP
000005c5: JUMPDEST
000005c6: SWAP1
000005c7: POP
000005c8: PUSH2 0x033e
000005cb: DUP2
000005cc: LT
000005cd: ISZERO
000005ce: PUSH2 0x05e4
000005d1: JUMPI
000005d2: PUSH2 0x05da
000005d5: DUP5
000005d6: PUSH2 0x0c2b
000005d9: JUMP
000005da: JUMPDEST
000005db: PUSH1 0x00
000005dd: PUSH1 0x04
000005df: SSTORE
000005e0: PUSH2 0x05ea
000005e3: JUMP
000005e4: JUMPDEST
000005e5: PUSH1 0x04
000005e7: DUP5
000005e8: SWAP1
000005e9: SSTORE
000005ea: JUMPDEST
000005eb: POP
000005ec: POP
000005ed: POP
000005ee: JUMPDEST
000005ef: POP
000005f0: JUMP
000005f1: JUMPDEST
000005f2: PUSH1 0x04
000005f4: SLOAD
000005f5: DUP2
000005f6: JUMP
000005f7: JUMPDEST
000005f8: PUSH2 0x033e
000005fb: DUP2
000005fc: JUMP
000005fd: JUMPDEST
000005fe: PUSH1 0x00
00000600: PUSH32 0x00000000000000000000000000a7ba8ae7bca0b10a32ea1f8e2a1da980c6cad2
00000621: PUSH1 0x01
00000623: PUSH1 0x01
00000625: PUSH1 0xa0
00000627: SHL
00000628: SUB
00000629: AND
0000062a: PUSH4 0x70a08231
0000062f: DUP4
00000630: PUSH1 0x40
00000632: MLOAD
00000633: DUP3
00000634: PUSH4 0xffffffff
00000639: AND
0000063a: PUSH1 0xe0
0000063c: SHL
0000063d: DUP2
0000063e: MSTORE
0000063f: PUSH1 0x04
00000641: ADD
00000642: DUP1
00000643: DUP3
00000644: PUSH1 0x01
00000646: PUSH1 0x01
00000648: PUSH1 0xa0
0000064a: SHL
0000064b: SUB
0000064c: AND
0000064d: DUP2
0000064e: MSTORE
0000064f: PUSH1 0x20
00000651: ADD
00000652: SWAP2
00000653: POP
00000654: POP
00000655: PUSH1 0x20
00000657: PUSH1 0x40
00000659: MLOAD
0000065a: DUP1
0000065b: DUP4
0000065c: SUB
0000065d: DUP2
0000065e: DUP7
0000065f: DUP1
00000660: EXTCODESIZE
00000661: ISZERO
00000662: DUP1
00000663: ISZERO
00000664: PUSH2 0x066c
00000667: JUMPI
00000668: PUSH1 0x00
0000066a: DUP1
0000066b: REVERT
0000066c: JUMPDEST
0000066d: POP
0000066e: GAS
0000066f: STATICCALL
00000670: ISZERO
00000671: DUP1
00000672: ISZERO
00000673: PUSH2 0x0680
00000676: JUMPI
00000677: RETURNDATASIZE
00000678: PUSH1 0x00
0000067a: DUP1
0000067b: RETURNDATACOPY
0000067c: RETURNDATASIZE
0000067d: PUSH1 0x00
0000067f: REVERT
00000680: JUMPDEST
00000681: POP
00000682: POP
00000683: POP
00000684: POP
00000685: PUSH1 0x40
00000687: MLOAD
00000688: RETURNDATASIZE
00000689: PUSH1 0x20
0000068b: DUP2
0000068c: LT
0000068d: ISZERO
0000068e: PUSH2 0x0696
00000691: JUMPI
00000692: PUSH1 0x00
00000694: DUP1
00000695: REVERT
00000696: JUMPDEST
00000697: POP
00000698: MLOAD
00000699: SWAP3
0000069a: SWAP2
0000069b: POP
0000069c: POP
0000069d: JUMP
0000069e: JUMPDEST
0000069f: PUSH1 0x01
000006a1: SLOAD
000006a2: DUP2
000006a3: JUMP
000006a4: JUMPDEST
000006a5: PUSH1 0x00
000006a7: PUSH2 0x06b2
000006aa: TIMESTAMP
000006ab: PUSH1 0x00
000006ad: SLOAD
000006ae: PUSH2 0x0d4f
000006b1: JUMP
000006b2: JUMPDEST
000006b3: SWAP1
000006b4: POP
000006b5: SWAP1
000006b6: JUMP
000006b7: JUMPDEST
000006b8: PUSH1 0x07
000006ba: PUSH1 0x20
000006bc: MSTORE
000006bd: PUSH1 0x00
000006bf: SWAP1
000006c0: DUP2
000006c1: MSTORE
000006c2: PUSH1 0x40
000006c4: SWAP1
000006c5: KECCAK256
000006c6: SLOAD
000006c7: DUP2
000006c8: JUMP
000006c9: JUMPDEST
000006ca: PUSH1 0x05
000006cc: SLOAD
000006cd: DUP2
000006ce: JUMP
000006cf: JUMPDEST
000006d0: DUP2
000006d1: PUSH2 0x06d8
000006d4: PUSH2 0x08d9
000006d7: JUMP
000006d8: JUMPDEST
000006d9: PUSH1 0x03
000006db: SSTORE
000006dc: PUSH2 0x06e3
000006df: PUSH2 0x06a4
000006e2: JUMP
000006e3: JUMPDEST
000006e4: PUSH1 0x02
000006e6: SSTORE
000006e7: PUSH1 0x01
000006e9: PUSH1 0x01
000006eb: PUSH1 0xa0
000006ed: SHL
000006ee: SUB
000006ef: DUP2
000006f0: AND
000006f1: ISZERO
000006f2: PUSH2 0x072a
000006f5: JUMPI
000006f6: PUSH2 0x06fe
000006f9: DUP2
000006fa: PUSH2 0x038b
000006fd: JUMP
000006fe: JUMPDEST
000006ff: PUSH1 0x01
00000701: PUSH1 0x01
00000703: PUSH1 0xa0
00000705: SHL
00000706: SUB
00000707: DUP3
00000708: AND
00000709: PUSH1 0x00
0000070b: SWAP1
0000070c: DUP2
0000070d: MSTORE
0000070e: PUSH1 0x08
00000710: PUSH1 0x20
00000712: SWAP1
00000713: DUP2
00000714: MSTORE
00000715: PUSH1 0x40
00000717: DUP1
00000718: DUP4
00000719: KECCAK256
0000071a: SWAP4
0000071b: SWAP1
0000071c: SWAP4
0000071d: SSTORE
0000071e: PUSH1 0x03
00000720: SLOAD
00000721: PUSH1 0x07
00000723: SWAP1
00000724: SWAP2
00000725: MSTORE
00000726: SWAP2
00000727: SWAP1
00000728: KECCAK256
00000729: SSTORE
0000072a: JUMPDEST
0000072b: CALLER
0000072c: PUSH1 0x01
0000072e: PUSH1 0x01
00000730: PUSH1 0xa0
00000732: SHL
00000733: SUB
00000734: PUSH32 0x00000000000000000000000000a7ba8ae7bca0b10a32ea1f8e2a1da980c6cad2
00000755: AND
00000756: EQ
00000757: PUSH2 0x0795
0000075a: JUMPI
0000075b: PUSH1 0x40
0000075d: DUP1
0000075e: MLOAD
0000075f: PUSH3 0x461bcd
00000763: PUSH1 0xe5
00000765: SHL
00000766: DUP2
00000767: MSTORE
00000768: PUSH1 0x20
0000076a: PUSH1 0x04
0000076c: DUP3
0000076d: ADD
0000076e: MSTORE
0000076f: PUSH1 0x0b
00000771: PUSH1 0x24
00000773: DUP3
00000774: ADD
00000775: MSTORE
00000776: PUSH11 0x08585d5d1a1bdc9a5e9959
00000782: PUSH1 0xaa
00000784: SHL
00000785: PUSH1 0x44
00000787: DUP3
00000788: ADD
00000789: MSTORE
0000078a: SWAP1
0000078b: MLOAD
0000078c: SWAP1
0000078d: DUP2
0000078e: SWAP1
0000078f: SUB
00000790: PUSH1 0x64
00000792: ADD
00000793: SWAP1
00000794: REVERT
00000795: JUMPDEST
00000796: PUSH1 0x40
00000798: DUP1
00000799: MLOAD
0000079a: DUP4
0000079b: DUP2
0000079c: MSTORE
0000079d: SWAP1
0000079e: MLOAD
0000079f: PUSH1 0x01
000007a1: PUSH1 0x01
000007a3: PUSH1 0xa0
000007a5: SHL
000007a6: SUB
000007a7: DUP6
000007a8: AND
000007a9: SWAP2
000007aa: PUSH32 0x9e71bc8eea02a63969f509818f2dafb9254532904319f9dbda79b67bd34a5f3d
000007cb: SWAP2
000007cc: SWAP1
000007cd: DUP2
000007ce: SWAP1
000007cf: SUB
000007d0: PUSH1 0x20
000007d2: ADD
000007d3: SWAP1
000007d4: LOG2
000007d5: POP
000007d6: POP
000007d7: POP
000007d8: JUMP
000007d9: JUMPDEST
000007da: DUP1
000007db: PUSH2 0x07e2
000007de: PUSH2 0x08d9
000007e1: JUMP
000007e2: JUMPDEST
000007e3: PUSH1 0x03
000007e5: SSTORE
000007e6: PUSH2 0x07ed
000007e9: PUSH2 0x06a4
000007ec: JUMP
000007ed: JUMPDEST
000007ee: PUSH1 0x02
000007f0: SSTORE
000007f1: PUSH1 0x01
000007f3: PUSH1 0x01
000007f5: PUSH1 0xa0
000007f7: SHL
000007f8: SUB
000007f9: DUP2
000007fa: AND
000007fb: ISZERO
000007fc: PUSH2 0x0834
000007ff: JUMPI
00000800: PUSH2 0x0808
00000803: DUP2
00000804: PUSH2 0x038b
00000807: JUMP
00000808: JUMPDEST
00000809: PUSH1 0x01
0000080b: PUSH1 0x01
0000080d: PUSH1 0xa0
0000080f: SHL
00000810: SUB
00000811: DUP3
00000812: AND
00000813: PUSH1 0x00
00000815: SWAP1
00000816: DUP2
00000817: MSTORE
00000818: PUSH1 0x08
0000081a: PUSH1 0x20
0000081c: SWAP1
0000081d: DUP2
0000081e: MSTORE
0000081f: PUSH1 0x40
00000821: DUP1
00000822: DUP4
00000823: KECCAK256
00000824: SWAP4
00000825: SWAP1
00000826: SWAP4
00000827: SSTORE
00000828: PUSH1 0x03
0000082a: SLOAD
0000082b: PUSH1 0x07
0000082d: SWAP1
0000082e: SWAP2
0000082f: MSTORE
00000830: SWAP2
00000831: SWAP1
00000832: KECCAK256
00000833: SSTORE
00000834: JUMPDEST
00000835: PUSH1 0x00
00000837: PUSH2 0x083f
0000083a: DUP4
0000083b: PUSH2 0x038b
0000083e: JUMP
0000083f: JUMPDEST
00000840: SWAP1
00000841: POP
00000842: DUP1
00000843: ISZERO
00000844: PUSH2 0x08ce
00000847: JUMPI
00000848: PUSH1 0x01
0000084a: PUSH1 0x01
0000084c: PUSH1 0xa0
0000084e: SHL
0000084f: SUB
00000850: DUP1
00000851: DUP5
00000852: AND
00000853: PUSH1 0x00
00000855: SWAP1
00000856: DUP2
00000857: MSTORE
00000858: PUSH1 0x08
0000085a: PUSH1 0x20
0000085c: MSTORE
0000085d: PUSH1 0x40
0000085f: DUP2
00000860: KECCAK256
00000861: SSTORE
00000862: PUSH2 0x088e
00000865: SWAP1
00000866: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
00000887: AND
00000888: DUP5
00000889: DUP4
0000088a: PUSH2 0x0d65
0000088d: JUMP
0000088e: JUMPDEST
0000088f: PUSH1 0x40
00000891: DUP1
00000892: MLOAD
00000893: DUP3
00000894: DUP2
00000895: MSTORE
00000896: SWAP1
00000897: MLOAD
00000898: PUSH1 0x01
0000089a: PUSH1 0x01
0000089c: PUSH1 0xa0
0000089e: SHL
0000089f: SUB
000008a0: DUP6
000008a1: AND
000008a2: SWAP2
000008a3: PUSH32 0xe2403640ba68fed3a2f88b7557551d1993f84b99bb10ff833f0cf8db0c5e0486
000008c4: SWAP2
000008c5: SWAP1
000008c6: DUP2
000008c7: SWAP1
000008c8: SUB
000008c9: PUSH1 0x20
000008cb: ADD
000008cc: SWAP1
000008cd: LOG2
000008ce: JUMPDEST
000008cf: POP
000008d0: POP
000008d1: POP
000008d2: JUMP
000008d3: JUMPDEST
000008d4: PUSH1 0x02
000008d6: SLOAD
000008d7: DUP2
000008d8: JUMP
000008d9: JUMPDEST
000008da: PUSH1 0x00
000008dc: PUSH2 0x08e3
000008df: PUSH2 0x0412
000008e2: JUMP
000008e3: JUMPDEST
000008e4: PUSH2 0x08f0
000008e7: JUMPI
000008e8: POP
000008e9: PUSH1 0x03
000008eb: SLOAD
000008ec: PUSH2 0x049c
000008ef: JUMP
000008f0: JUMPDEST
000008f1: PUSH2 0x06b2
000008f4: PUSH2 0x091e
000008f7: PUSH2 0x08fe
000008fa: PUSH2 0x0412
000008fd: JUMP
000008fe: JUMPDEST
000008ff: PUSH2 0x03e7
00000902: PUSH8 0x0de0b6b3a7640000
0000090b: PUSH2 0x03e1
0000090e: PUSH1 0x01
00000910: SLOAD
00000911: PUSH2 0x03e1
00000914: PUSH1 0x02
00000916: SLOAD
00000917: PUSH2 0x03d2
0000091a: PUSH2 0x06a4
0000091d: JUMP
0000091e: JUMPDEST
0000091f: PUSH1 0x03
00000921: SLOAD
00000922: SWAP1
00000923: PUSH2 0x0bd1
00000926: JUMP
00000927: JUMPDEST
00000928: PUSH1 0x03
0000092a: SLOAD
0000092b: DUP2
0000092c: JUMP
0000092d: JUMPDEST
0000092e: PUSH1 0x00
00000930: SLOAD
00000931: DUP2
00000932: JUMP
00000933: JUMPDEST
00000934: PUSH1 0x00
00000936: PUSH2 0x096a
00000939: PUSH1 0x01
0000093b: PUSH1 0x01
0000093d: PUSH1 0xa0
0000093f: SHL
00000940: SUB
00000941: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
00000962: AND
00000963: CALLER
00000964: ADDRESS
00000965: DUP6
00000966: PUSH2 0x0db7
00000969: JUMP
0000096a: JUMPDEST
0000096b: PUSH1 0x04
0000096d: SLOAD
0000096e: PUSH2 0x0977
00000971: SWAP1
00000972: DUP4
00000973: PUSH2 0x0bd1
00000976: JUMP
00000977: JUMPDEST
00000978: PUSH1 0x04
0000097a: SSTORE
0000097b: SWAP2
0000097c: SWAP1
0000097d: POP
0000097e: JUMP
0000097f: JUMPDEST
00000980: DUP2
00000981: PUSH2 0x0988
00000984: PUSH2 0x08d9
00000987: JUMP
00000988: JUMPDEST
00000989: PUSH1 0x03
0000098b: SSTORE
0000098c: PUSH2 0x0993
0000098f: PUSH2 0x06a4
00000992: JUMP
00000993: JUMPDEST
00000994: PUSH1 0x02
00000996: SSTORE
00000997: PUSH1 0x01
00000999: PUSH1 0x01
0000099b: PUSH1 0xa0
0000099d: SHL
0000099e: SUB
0000099f: DUP2
000009a0: AND
000009a1: ISZERO
000009a2: PUSH2 0x09da
000009a5: JUMPI
000009a6: PUSH2 0x09ae
000009a9: DUP2
000009aa: PUSH2 0x038b
000009ad: JUMP
000009ae: JUMPDEST
000009af: PUSH1 0x01
000009b1: PUSH1 0x01
000009b3: PUSH1 0xa0
000009b5: SHL
000009b6: SUB
000009b7: DUP3
000009b8: AND
000009b9: PUSH1 0x00
000009bb: SWAP1
000009bc: DUP2
000009bd: MSTORE
000009be: PUSH1 0x08
000009c0: PUSH1 0x20
000009c2: SWAP1
000009c3: DUP2
000009c4: MSTORE
000009c5: PUSH1 0x40
000009c7: DUP1
000009c8: DUP4
000009c9: KECCAK256
000009ca: SWAP4
000009cb: SWAP1
000009cc: SWAP4
000009cd: SSTORE
000009ce: PUSH1 0x03
000009d0: SLOAD
000009d1: PUSH1 0x07
000009d3: SWAP1
000009d4: SWAP2
000009d5: MSTORE
000009d6: SWAP2
000009d7: SWAP1
000009d8: KECCAK256
000009d9: SSTORE
000009da: JUMPDEST
000009db: CALLER
000009dc: PUSH1 0x01
000009de: PUSH1 0x01
000009e0: PUSH1 0xa0
000009e2: SHL
000009e3: SUB
000009e4: PUSH32 0x00000000000000000000000000a7ba8ae7bca0b10a32ea1f8e2a1da980c6cad2
00000a05: AND
00000a06: EQ
00000a07: PUSH2 0x0a45
00000a0a: JUMPI
00000a0b: PUSH1 0x40
00000a0d: DUP1
00000a0e: MLOAD
00000a0f: PUSH3 0x461bcd
00000a13: PUSH1 0xe5
00000a15: SHL
00000a16: DUP2
00000a17: MSTORE
00000a18: PUSH1 0x20
00000a1a: PUSH1 0x04
00000a1c: DUP3
00000a1d: ADD
00000a1e: MSTORE
00000a1f: PUSH1 0x0b
00000a21: PUSH1 0x24
00000a23: DUP3
00000a24: ADD
00000a25: MSTORE
00000a26: PUSH11 0x08585d5d1a1bdc9a5e9959
00000a32: PUSH1 0xaa
00000a34: SHL
00000a35: PUSH1 0x44
00000a37: DUP3
00000a38: ADD
00000a39: MSTORE
00000a3a: SWAP1
00000a3b: MLOAD
00000a3c: SWAP1
00000a3d: DUP2
00000a3e: SWAP1
00000a3f: SUB
00000a40: PUSH1 0x64
00000a42: ADD
00000a43: SWAP1
00000a44: REVERT
00000a45: JUMPDEST
00000a46: PUSH1 0x40
00000a48: DUP1
00000a49: MLOAD
00000a4a: DUP4
00000a4b: DUP2
00000a4c: MSTORE
00000a4d: SWAP1
00000a4e: MLOAD
00000a4f: PUSH1 0x01
00000a51: PUSH1 0x01
00000a53: PUSH1 0xa0
00000a55: SHL
00000a56: SUB
00000a57: DUP6
00000a58: AND
00000a59: SWAP2
00000a5a: PUSH32 0x7084f5476618d8e60b11ef0d7d3f06914655adb8793e28ff7f018d4c76d505d5
00000a7b: SWAP2
00000a7c: SWAP1
00000a7d: DUP2
00000a7e: SWAP1
00000a7f: SUB
00000a80: PUSH1 0x20
00000a82: ADD
00000a83: SWAP1
00000a84: LOG2
00000a85: POP
00000a86: POP
00000a87: POP
00000a88: JUMP
00000a89: JUMPDEST
00000a8a: PUSH32 0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
00000aab: DUP2
00000aac: JUMP
00000aad: JUMPDEST
00000aae: PUSH1 0x00
00000ab0: DUP3
00000ab1: DUP3
00000ab2: GT
00000ab3: ISZERO
00000ab4: PUSH2 0x0b04
00000ab7: JUMPI
00000ab8: PUSH1 0x40
00000aba: DUP1
00000abb: MLOAD
00000abc: PUSH3 0x461bcd
00000ac0: PUSH1 0xe5
00000ac2: SHL
00000ac3: DUP2
00000ac4: MSTORE
00000ac5: PUSH1 0x20
00000ac7: PUSH1 0x04
00000ac9: DUP3
00000aca: ADD
00000acb: MSTORE
00000acc: PUSH1 0x1e
00000ace: PUSH1 0x24
00000ad0: DUP3
00000ad1: ADD
00000ad2: MSTORE
00000ad3: PUSH32 0x536166654d6174683a207375627472616374696f6e206f766572666c6f770000
00000af4: PUSH1 0x44
00000af6: DUP3
00000af7: ADD
00000af8: MSTORE
00000af9: SWAP1
00000afa: MLOAD
00000afb: SWAP1
00000afc: DUP2
00000afd: SWAP1
00000afe: SUB
00000aff: PUSH1 0x64
00000b01: ADD
00000b02: SWAP1
00000b03: REVERT
00000b04: JUMPDEST
00000b05: POP
00000b06: SWAP1
00000b07: SUB
00000b08: SWAP1
00000b09: JUMP
00000b0a: JUMPDEST
00000b0b: PUSH1 0x00
00000b0d: DUP3
00000b0e: PUSH2 0x0b19
00000b11: JUMPI
00000b12: POP
00000b13: PUSH1 0x00
00000b15: PUSH2 0x03f3
00000b18: JUMP
00000b19: JUMPDEST
00000b1a: DUP3
00000b1b: DUP3
00000b1c: MUL
00000b1d: DUP3
00000b1e: DUP5
00000b1f: DUP3
00000b20: DUP2
00000b21: PUSH2 0x0b26
00000b24: JUMPI
00000b25: INVALID
00000b26: JUMPDEST
00000b27: DIV
00000b28: EQ
00000b29: PUSH2 0x0b63
00000b2c: JUMPI
00000b2d: PUSH1 0x40
00000b2f: MLOAD
00000b30: PUSH3 0x461bcd
00000b34: PUSH1 0xe5
00000b36: SHL
00000b37: DUP2
00000b38: MSTORE
00000b39: PUSH1 0x04
00000b3b: ADD
00000b3c: DUP1
00000b3d: DUP1
00000b3e: PUSH1 0x20
00000b40: ADD
00000b41: DUP3
00000b42: DUP2
00000b43: SUB
00000b44: DUP3
00000b45: MSTORE
00000b46: PUSH1 0x21
00000b48: DUP2
00000b49: MSTORE
00000b4a: PUSH1 0x20
00000b4c: ADD
00000b4d: DUP1
00000b4e: PUSH2 0x1102
00000b51: PUSH1 0x21
00000b53: SWAP2
00000b54: CODECOPY
00000b55: PUSH1 0x40
00000b57: ADD
00000b58: SWAP2
00000b59: POP
00000b5a: POP
00000b5b: PUSH1 0x40
00000b5d: MLOAD
00000b5e: DUP1
00000b5f: SWAP2
00000b60: SUB
00000b61: SWAP1
00000b62: REVERT
00000b63: JUMPDEST
00000b64: SWAP4
00000b65: SWAP3
00000b66: POP
00000b67: POP
00000b68: POP
00000b69: JUMP
00000b6a: JUMPDEST
00000b6b: PUSH1 0x00
00000b6d: DUP1
00000b6e: DUP3
00000b6f: GT
00000b70: PUSH2 0x0bc0
00000b73: JUMPI
00000b74: PUSH1 0x40
00000b76: DUP1
00000b77: MLOAD
00000b78: PUSH3 0x461bcd
00000b7c: PUSH1 0xe5
00000b7e: SHL
00000b7f: DUP2
00000b80: MSTORE
00000b81: PUSH1 0x20
00000b83: PUSH1 0x04
00000b85: DUP3
00000b86: ADD
00000b87: MSTORE
00000b88: PUSH1 0x1a
00000b8a: PUSH1 0x24
00000b8c: DUP3
00000b8d: ADD
00000b8e: MSTORE
00000b8f: PUSH32 0x536166654d6174683a206469766973696f6e206279207a65726f000000000000
00000bb0: PUSH1 0x44
00000bb2: DUP3
00000bb3: ADD
00000bb4: MSTORE
00000bb5: SWAP1
00000bb6: MLOAD
00000bb7: SWAP1
00000bb8: DUP2
00000bb9: SWAP1
00000bba: SUB
00000bbb: PUSH1 0x64
00000bbd: ADD
00000bbe: SWAP1
00000bbf: REVERT
00000bc0: JUMPDEST
00000bc1: DUP2
00000bc2: DUP4
00000bc3: DUP2
00000bc4: PUSH2 0x0bc9
00000bc7: JUMPI
00000bc8: INVALID
00000bc9: JUMPDEST
00000bca: DIV
00000bcb: SWAP4
00000bcc: SWAP3
00000bcd: POP
00000bce: POP
00000bcf: POP
00000bd0: JUMP
00000bd1: JUMPDEST
00000bd2: PUSH1 0x00
00000bd4: DUP3
00000bd5: DUP3
00000bd6: ADD
00000bd7: DUP4
00000bd8: DUP2
00000bd9: LT
00000bda: ISZERO
00000bdb: PUSH2 0x0b63
00000bde: JUMPI
00000bdf: PUSH1 0x40
00000be1: DUP1
00000be2: MLOAD
00000be3: PUSH3 0x461bcd
00000be7: PUSH1 0xe5
00000be9: SHL
00000bea: DUP2
00000beb: MSTORE
00000bec: PUSH1 0x20
00000bee: PUSH1 0x04
00000bf0: DUP3
00000bf1: ADD
00000bf2: MSTORE
00000bf3: PUSH1 0x1b
00000bf5: PUSH1 0x24
00000bf7: DUP3
00000bf8: ADD
00000bf9: MSTORE
00000bfa: PUSH32 0x536166654d6174683a206164646974696f6e206f766572666c6f770000000000
00000c1b: PUSH1 0x44
00000c1d: DUP3
00000c1e: ADD
00000c1f: MSTORE
00000c20: SWAP1
00000c21: MLOAD
00000c22: SWAP1
00000c23: DUP2
00000c24: SWAP1
00000c25: SUB
00000c26: PUSH1 0x64
00000c28: ADD
00000c29: SWAP1
00000c2a: REVERT
00000c2b: JUMPDEST
00000c2c: PUSH1 0x00
00000c2e: PUSH2 0x0c35
00000c31: PUSH2 0x08d9
00000c34: JUMP
00000c35: JUMPDEST
00000c36: PUSH1 0x03
00000c38: SSTORE
00000c39: PUSH2 0x0c40
00000c3c: PUSH2 0x06a4
00000c3f: JUMP
00000c40: JUMPDEST
00000c41: PUSH1 0x02
00000c43: SSTORE
00000c44: PUSH1 0x01
00000c46: PUSH1 0x01
00000c48: PUSH1 0xa0
00000c4a: SHL
00000c4b: SUB
00000c4c: DUP2
00000c4d: AND
00000c4e: ISZERO
00000c4f: PUSH2 0x0c87
00000c52: JUMPI
00000c53: PUSH2 0x0c5b
00000c56: DUP2
00000c57: PUSH2 0x038b
00000c5a: JUMP
00000c5b: JUMPDEST
00000c5c: PUSH1 0x01
00000c5e: PUSH1 0x01
00000c60: PUSH1 0xa0
00000c62: SHL
00000c63: SUB
00000c64: DUP3
00000c65: AND
00000c66: PUSH1 0x00
00000c68: SWAP1
00000c69: DUP2
00000c6a: MSTORE
00000c6b: PUSH1 0x08
00000c6d: PUSH1 0x20
00000c6f: SWAP1
00000c70: DUP2
00000c71: MSTORE
00000c72: PUSH1 0x40
00000c74: DUP1
00000c75: DUP4
00000c76: KECCAK256
00000c77: SWAP4
00000c78: SWAP1
00000c79: SWAP4
00000c7a: SSTORE
00000c7b: PUSH1 0x03
00000c7d: SLOAD
00000c7e: PUSH1 0x07
00000c80: SWAP1
00000c81: SWAP2
00000c82: MSTORE
00000c83: SWAP2
00000c84: SWAP1
00000c85: KECCAK256
00000c86: SSTORE
00000c87: JUMPDEST
00000c88: PUSH1 0x06
00000c8a: SLOAD
00000c8b: PUSH2 0x0c94
00000c8e: SWAP1
00000c8f: DUP4
00000c90: PUSH2 0x0bd1
00000c93: JUMP
00000c94: JUMPDEST
00000c95: PUSH1 0x06
00000c97: SSTORE
00000c98: PUSH1 0x00
00000c9a: SLOAD
00000c9b: TIMESTAMP
00000c9c: LT
00000c9d: PUSH2 0x0cb5
00000ca0: JUMPI
00000ca1: PUSH2 0x0cad
00000ca4: DUP3
00000ca5: PUSH3 0x093a80
00000ca9: PUSH2 0x0b6a
00000cac: JUMP
00000cad: JUMPDEST
00000cae: PUSH1 0x01
00000cb0: SSTORE
00000cb1: PUSH2 0x0cfd
00000cb4: JUMP
00000cb5: JUMPDEST
00000cb6: PUSH1 0x00
00000cb8: DUP1
00000cb9: SLOAD
00000cba: PUSH2 0x0cc3
00000cbd: SWAP1
00000cbe: TIMESTAMP
00000cbf: PUSH2 0x0aad
00000cc2: JUMP
00000cc3: JUMPDEST
00000cc4: SWAP1
00000cc5: POP
00000cc6: PUSH1 0x00
00000cc8: PUSH2 0x0cdc
00000ccb: PUSH1 0x01
00000ccd: SLOAD
00000cce: DUP4
00000ccf: PUSH2 0x0b0a
00000cd2: SWAP1
00000cd3: SWAP2
00000cd4: SWAP1
00000cd5: PUSH4 0xffffffff
00000cda: AND
00000cdb: JUMP
00000cdc: JUMPDEST
00000cdd: SWAP1
00000cde: POP
00000cdf: PUSH2 0x0ce8
00000ce2: DUP5
00000ce3: DUP3
00000ce4: PUSH2 0x0bd1
00000ce7: JUMP
00000ce8: JUMPDEST
00000ce9: SWAP4
00000cea: POP
00000ceb: PUSH2 0x0cf7
00000cee: DUP5
00000cef: PUSH3 0x093a80
00000cf3: PUSH2 0x0b6a
00000cf6: JUMP
00000cf7: JUMPDEST
00000cf8: PUSH1 0x01
00000cfa: SSTORE
00000cfb: POP
00000cfc: POP
00000cfd: JUMPDEST
00000cfe: PUSH1 0x05
00000d00: DUP3
00000d01: SWAP1
00000d02: SSTORE
00000d03: TIMESTAMP
00000d04: PUSH1 0x02
00000d06: DUP2
00000d07: SWAP1
00000d08: SSTORE
00000d09: PUSH2 0x0d15
00000d0c: SWAP1
00000d0d: PUSH3 0x093a80
00000d11: PUSH2 0x0bd1
00000d14: JUMP
00000d15: JUMPDEST
00000d16: PUSH1 0x00
00000d18: SSTORE
00000d19: PUSH1 0x40
00000d1b: DUP1
00000d1c: MLOAD
00000d1d: DUP4
00000d1e: DUP2
00000d1f: MSTORE
00000d20: SWAP1
00000d21: MLOAD
00000d22: PUSH32 0xde88a922e0d3b88b24e9623efeb464919c6bf9f66857a65e2bfcf2ce87a9433d
00000d43: SWAP2
00000d44: DUP2
00000d45: SWAP1
00000d46: SUB
00000d47: PUSH1 0x20
00000d49: ADD
00000d4a: SWAP1
00000d4b: LOG1
00000d4c: POP
00000d4d: POP
00000d4e: JUMP
00000d4f: JUMPDEST
00000d50: PUSH1 0x00
00000d52: DUP2
00000d53: DUP4
00000d54: LT
00000d55: PUSH2 0x0d5e
00000d58: JUMPI
00000d59: DUP2
00000d5a: PUSH2 0x0b63
00000d5d: JUMP
00000d5e: JUMPDEST
00000d5f: POP
00000d60: SWAP1
00000d61: SWAP2
00000d62: SWAP1
00000d63: POP
00000d64: JUMP
00000d65: JUMPDEST
00000d66: PUSH1 0x40
00000d68: DUP1
00000d69: MLOAD
00000d6a: PUSH1 0x01
00000d6c: PUSH1 0x01
00000d6e: PUSH1 0xa0
00000d70: SHL
00000d71: SUB
00000d72: DUP5
00000d73: AND
00000d74: PUSH1 0x24
00000d76: DUP3
00000d77: ADD
00000d78: MSTORE
00000d79: PUSH1 0x44
00000d7b: DUP1
00000d7c: DUP3
00000d7d: ADD
00000d7e: DUP5
00000d7f: SWAP1
00000d80: MSTORE
00000d81: DUP3
00000d82: MLOAD
00000d83: DUP1
00000d84: DUP4
00000d85: SUB
00000d86: SWAP1
00000d87: SWAP2
00000d88: ADD
00000d89: DUP2
00000d8a: MSTORE
00000d8b: PUSH1 0x64
00000d8d: SWAP1
00000d8e: SWAP2
00000d8f: ADD
00000d90: SWAP1
00000d91: SWAP2
00000d92: MSTORE
00000d93: PUSH1 0x20
00000d95: DUP2
00000d96: ADD
00000d97: DUP1
00000d98: MLOAD
00000d99: PUSH1 0x01
00000d9b: PUSH1 0x01
00000d9d: PUSH1 0xe0
00000d9f: SHL
00000da0: SUB
00000da1: AND
00000da2: PUSH4 0xa9059cbb
00000da7: PUSH1 0xe0
00000da9: SHL
00000daa: OR
00000dab: SWAP1
00000dac: MSTORE
00000dad: PUSH2 0x08ce
00000db0: SWAP1
00000db1: DUP5
00000db2: SWAP1
00000db3: PUSH2 0x0e0d
00000db6: JUMP
00000db7: JUMPDEST
00000db8: PUSH1 0x40
00000dba: DUP1
00000dbb: MLOAD
00000dbc: PUSH1 0x01
00000dbe: PUSH1 0x01
00000dc0: PUSH1 0xa0
00000dc2: SHL
00000dc3: SUB
00000dc4: DUP1
00000dc5: DUP7
00000dc6: AND
00000dc7: PUSH1 0x24
00000dc9: DUP4
00000dca: ADD
00000dcb: MSTORE
00000dcc: DUP5
00000dcd: AND
00000dce: PUSH1 0x44
00000dd0: DUP3
00000dd1: ADD
00000dd2: MSTORE
00000dd3: PUSH1 0x64
00000dd5: DUP1
00000dd6: DUP3
00000dd7: ADD
00000dd8: DUP5
00000dd9: SWAP1
00000dda: MSTORE
00000ddb: DUP3
00000ddc: MLOAD
00000ddd: DUP1
00000dde: DUP4
00000ddf: SUB
00000de0: SWAP1
00000de1: SWAP2
00000de2: ADD
00000de3: DUP2
00000de4: MSTORE
00000de5: PUSH1 0x84
00000de7: SWAP1
00000de8: SWAP2
00000de9: ADD
00000dea: SWAP1
00000deb: SWAP2
00000dec: MSTORE
00000ded: PUSH1 0x20
00000def: DUP2
00000df0: ADD
00000df1: DUP1
00000df2: MLOAD
00000df3: PUSH1 0x01
00000df5: PUSH1 0x01
00000df7: PUSH1 0xe0
00000df9: SHL
00000dfa: SUB
00000dfb: AND
00000dfc: PUSH4 0x23b872dd
00000e01: PUSH1 0xe0
00000e03: SHL
00000e04: OR
00000e05: SWAP1
00000e06: MSTORE
00000e07: PUSH2 0x05ea
00000e0a: SWAP1
00000e0b: DUP6
00000e0c: SWAP1
00000e0d: JUMPDEST
00000e0e: PUSH1 0x60
00000e10: PUSH2 0x0e62
00000e13: DUP3
00000e14: PUSH1 0x40
00000e16: MLOAD
00000e17: DUP1
00000e18: PUSH1 0x40
00000e1a: ADD
00000e1b: PUSH1 0x40
00000e1d: MSTORE
00000e1e: DUP1
00000e1f: PUSH1 0x20
00000e21: DUP2
00000e22: MSTORE
00000e23: PUSH1 0x20
00000e25: ADD
00000e26: PUSH32 0x5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564
00000e47: DUP2
00000e48: MSTORE
00000e49: POP
00000e4a: DUP6
00000e4b: PUSH1 0x01
00000e4d: PUSH1 0x01
00000e4f: PUSH1 0xa0
00000e51: SHL
00000e52: SUB
00000e53: AND
00000e54: PUSH2 0x0ebe
00000e57: SWAP1
00000e58: SWAP3
00000e59: SWAP2
00000e5a: SWAP1
00000e5b: PUSH4 0xffffffff
00000e60: AND
00000e61: JUMP
00000e62: JUMPDEST
00000e63: DUP1
00000e64: MLOAD
00000e65: SWAP1
00000e66: SWAP2
00000e67: POP
00000e68: ISZERO
00000e69: PUSH2 0x08ce
00000e6c: JUMPI
00000e6d: DUP1
00000e6e: DUP1
00000e6f: PUSH1 0x20
00000e71: ADD
00000e72: SWAP1
00000e73: MLOAD
00000e74: PUSH1 0x20
00000e76: DUP2
00000e77: LT
00000e78: ISZERO
00000e79: PUSH2 0x0e81
00000e7c: JUMPI
00000e7d: PUSH1 0x00
00000e7f: DUP1
00000e80: REVERT
00000e81: JUMPDEST
00000e82: POP
00000e83: MLOAD
00000e84: PUSH2 0x08ce
00000e87: JUMPI
00000e88: PUSH1 0x40
00000e8a: MLOAD
00000e8b: PUSH3 0x461bcd
00000e8f: PUSH1 0xe5
00000e91: SHL
00000e92: DUP2
00000e93: MSTORE
00000e94: PUSH1 0x04
00000e96: ADD
00000e97: DUP1
00000e98: DUP1
00000e99: PUSH1 0x20
00000e9b: ADD
00000e9c: DUP3
00000e9d: DUP2
00000e9e: SUB
00000e9f: DUP3
00000ea0: MSTORE
00000ea1: PUSH1 0x2a
00000ea3: DUP2
00000ea4: MSTORE
00000ea5: PUSH1 0x20
00000ea7: ADD
00000ea8: DUP1
00000ea9: PUSH2 0x1123
00000eac: PUSH1 0x2a
00000eae: SWAP2
00000eaf: CODECOPY
00000eb0: PUSH1 0x40
00000eb2: ADD
00000eb3: SWAP2
00000eb4: POP
00000eb5: POP
00000eb6: PUSH1 0x40
00000eb8: MLOAD
00000eb9: DUP1
00000eba: SWAP2
00000ebb: SUB
00000ebc: SWAP1
00000ebd: REVERT
00000ebe: JUMPDEST
00000ebf: PUSH1 0x60
00000ec1: PUSH2 0x0ecd
00000ec4: DUP5
00000ec5: DUP5
00000ec6: PUSH1 0x00
00000ec8: DUP6
00000ec9: PUSH2 0x0ed5
00000ecc: JUMP
00000ecd: JUMPDEST
00000ece: SWAP5
00000ecf: SWAP4
00000ed0: POP
00000ed1: POP
00000ed2: POP
00000ed3: POP
00000ed4: JUMP
00000ed5: JUMPDEST
00000ed6: PUSH1 0x60
00000ed8: DUP3
00000ed9: SELFBALANCE
00000eda: LT
00000edb: ISZERO
00000edc: PUSH2 0x0f16
00000edf: JUMPI
00000ee0: PUSH1 0x40
00000ee2: MLOAD
00000ee3: PUSH3 0x461bcd
00000ee7: PUSH1 0xe5
00000ee9: SHL
00000eea: DUP2
00000eeb: MSTORE
00000eec: PUSH1 0x04
00000eee: ADD
00000eef: DUP1
00000ef0: DUP1
00000ef1: PUSH1 0x20
00000ef3: ADD
00000ef4: DUP3
00000ef5: DUP2
00000ef6: SUB
00000ef7: DUP3
00000ef8: MSTORE
00000ef9: PUSH1 0x26
00000efb: DUP2
00000efc: MSTORE
00000efd: PUSH1 0x20
00000eff: ADD
00000f00: DUP1
00000f01: PUSH2 0x10dc
00000f04: PUSH1 0x26
00000f06: SWAP2
00000f07: CODECOPY
00000f08: PUSH1 0x40
00000f0a: ADD
00000f0b: SWAP2
00000f0c: POP
00000f0d: POP
00000f0e: PUSH1 0x40
00000f10: MLOAD
00000f11: DUP1
00000f12: SWAP2
00000f13: SUB
00000f14: SWAP1
00000f15: REVERT
00000f16: JUMPDEST
00000f17: PUSH2 0x0f1f
00000f1a: DUP6
00000f1b: PUSH2 0x1031
00000f1e: JUMP
00000f1f: JUMPDEST
00000f20: PUSH2 0x0f70
00000f23: JUMPI
00000f24: PUSH1 0x40
00000f26: DUP1
00000f27: MLOAD
00000f28: PUSH3 0x461bcd
00000f2c: PUSH1 0xe5
00000f2e: SHL
00000f2f: DUP2
00000f30: MSTORE
00000f31: PUSH1 0x20
00000f33: PUSH1 0x04
00000f35: DUP3
00000f36: ADD
00000f37: MSTORE
00000f38: PUSH1 0x1d
00000f3a: PUSH1 0x24
00000f3c: DUP3
00000f3d: ADD
00000f3e: MSTORE
00000f3f: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
00000f60: PUSH1 0x44
00000f62: DUP3
00000f63: ADD
00000f64: MSTORE
00000f65: SWAP1
00000f66: MLOAD
00000f67: SWAP1
00000f68: DUP2
00000f69: SWAP1
00000f6a: SUB
00000f6b: PUSH1 0x64
00000f6d: ADD
00000f6e: SWAP1
00000f6f: REVERT
00000f70: JUMPDEST
00000f71: PUSH1 0x00
00000f73: PUSH1 0x60
00000f75: DUP7
00000f76: PUSH1 0x01
00000f78: PUSH1 0x01
00000f7a: PUSH1 0xa0
00000f7c: SHL
00000f7d: SUB
00000f7e: AND
00000f7f: DUP6
00000f80: DUP8
00000f81: PUSH1 0x40
00000f83: MLOAD
00000f84: DUP1
00000f85: DUP3
00000f86: DUP1
00000f87: MLOAD
00000f88: SWAP1
00000f89: PUSH1 0x20
00000f8b: ADD
00000f8c: SWAP1
00000f8d: DUP1
00000f8e: DUP4
00000f8f: DUP4
00000f90: JUMPDEST
00000f91: PUSH1 0x20
00000f93: DUP4
00000f94: LT
00000f95: PUSH2 0x0faf
00000f98: JUMPI
00000f99: DUP1
00000f9a: MLOAD
00000f9b: DUP3
00000f9c: MSTORE
00000f9d: PUSH1 0x1f
00000f9f: NOT
00000fa0: SWAP1
00000fa1: SWAP3
00000fa2: ADD
00000fa3: SWAP2
00000fa4: PUSH1 0x20
00000fa6: SWAP2
00000fa7: DUP3
00000fa8: ADD
00000fa9: SWAP2
00000faa: ADD
00000fab: PUSH2 0x0f90
00000fae: JUMP
00000faf: JUMPDEST
00000fb0: PUSH1 0x01
00000fb2: DUP4
00000fb3: PUSH1 0x20
00000fb5: SUB
00000fb6: PUSH2 0x0100
00000fb9: EXP
00000fba: SUB
00000fbb: DUP1
00000fbc: NOT
00000fbd: DUP3
00000fbe: MLOAD
00000fbf: AND
00000fc0: DUP2
00000fc1: DUP5
00000fc2: MLOAD
00000fc3: AND
00000fc4: DUP1
00000fc5: DUP3
00000fc6: OR
00000fc7: DUP6
00000fc8: MSTORE
00000fc9: POP
00000fca: POP
00000fcb: POP
00000fcc: POP
00000fcd: POP
00000fce: POP
00000fcf: SWAP1
00000fd0: POP
00000fd1: ADD
00000fd2: SWAP2
00000fd3: POP
00000fd4: POP
00000fd5: PUSH1 0x00
00000fd7: PUSH1 0x40
00000fd9: MLOAD
00000fda: DUP1
00000fdb: DUP4
00000fdc: SUB
00000fdd: DUP2
00000fde: DUP6
00000fdf: DUP8
00000fe0: GAS
00000fe1: CALL
00000fe2: SWAP3
00000fe3: POP
00000fe4: POP
00000fe5: POP
00000fe6: RETURNDATASIZE
00000fe7: DUP1
00000fe8: PUSH1 0x00
00000fea: DUP2
00000feb: EQ
00000fec: PUSH2 0x1011
00000fef: JUMPI
00000ff0: PUSH1 0x40
00000ff2: MLOAD
00000ff3: SWAP2
00000ff4: POP
00000ff5: PUSH1 0x1f
00000ff7: NOT
00000ff8: PUSH1 0x3f
00000ffa: RETURNDATASIZE
00000ffb: ADD
00000ffc: AND
00000ffd: DUP3
00000ffe: ADD
00000fff: PUSH1 0x40
00001001: MSTORE
00001002: RETURNDATASIZE
00001003: DUP3
00001004: MSTORE
00001005: RETURNDATASIZE
00001006: PUSH1 0x00
00001008: PUSH1 0x20
0000100a: DUP5
0000100b: ADD
0000100c: RETURNDATACOPY
0000100d: PUSH2 0x1016
00001010: JUMP
00001011: JUMPDEST
00001012: PUSH1 0x60
00001014: SWAP2
00001015: POP
00001016: JUMPDEST
00001017: POP
00001018: SWAP2
00001019: POP
0000101a: SWAP2
0000101b: POP
0000101c: PUSH2 0x1026
0000101f: DUP3
00001020: DUP3
00001021: DUP7
00001022: PUSH2 0x1037
00001025: JUMP
00001026: JUMPDEST
00001027: SWAP8
00001028: SWAP7
00001029: POP
0000102a: POP
0000102b: POP
0000102c: POP
0000102d: POP
0000102e: POP
0000102f: POP
00001030: JUMP
00001031: JUMPDEST
00001032: EXTCODESIZE
00001033: ISZERO
00001034: ISZERO
00001035: SWAP1
00001036: JUMP
00001037: JUMPDEST
00001038: PUSH1 0x60
0000103a: DUP4
0000103b: ISZERO
0000103c: PUSH2 0x1046
0000103f: JUMPI
00001040: POP
00001041: DUP2
00001042: PUSH2 0x0b63
00001045: JUMP
00001046: JUMPDEST
00001047: DUP3
00001048: MLOAD
00001049: ISZERO
0000104a: PUSH2 0x1056
0000104d: JUMPI
0000104e: DUP3
0000104f: MLOAD
00001050: DUP1
00001051: DUP5
00001052: PUSH1 0x20
00001054: ADD
00001055: REVERT
00001056: JUMPDEST
00001057: DUP2
00001058: PUSH1 0x40
0000105a: MLOAD
0000105b: PUSH3 0x461bcd
0000105f: PUSH1 0xe5
00001061: SHL
00001062: DUP2
00001063: MSTORE
00001064: PUSH1 0x04
00001066: ADD
00001067: DUP1
00001068: DUP1
00001069: PUSH1 0x20
0000106b: ADD
0000106c: DUP3
0000106d: DUP2
0000106e: SUB
0000106f: DUP3
00001070: MSTORE
00001071: DUP4
00001072: DUP2
00001073: DUP2
00001074: MLOAD
00001075: DUP2
00001076: MSTORE
00001077: PUSH1 0x20
00001079: ADD
0000107a: SWAP2
0000107b: POP
0000107c: DUP1
0000107d: MLOAD
0000107e: SWAP1
0000107f: PUSH1 0x20
00001081: ADD
00001082: SWAP1
00001083: DUP1
00001084: DUP4
00001085: DUP4
00001086: PUSH1 0x00
00001088: JUMPDEST
00001089: DUP4
0000108a: DUP2
0000108b: LT
0000108c: ISZERO
0000108d: PUSH2 0x10a0
00001090: JUMPI
00001091: DUP2
00001092: DUP2
00001093: ADD
00001094: MLOAD
00001095: DUP4
00001096: DUP3
00001097: ADD
00001098: MSTORE
00001099: PUSH1 0x20
0000109b: ADD
0000109c: PUSH2 0x1088
0000109f: JUMP
000010a0: JUMPDEST
000010a1: POP
000010a2: POP
000010a3: POP
000010a4: POP
000010a5: SWAP1
000010a6: POP
000010a7: SWAP1
000010a8: DUP2
000010a9: ADD
000010aa: SWAP1
000010ab: PUSH1 0x1f
000010ad: AND
000010ae: DUP1
000010af: ISZERO
000010b0: PUSH2 0x10cd
000010b3: JUMPI
000010b4: DUP1
000010b5: DUP3
000010b6: SUB
000010b7: DUP1
000010b8: MLOAD
000010b9: PUSH1 0x01
000010bb: DUP4
000010bc: PUSH1 0x20
000010be: SUB
000010bf: PUSH2 0x0100
000010c2: EXP
000010c3: SUB
000010c4: NOT
000010c5: AND
000010c6: DUP2
000010c7: MSTORE
000010c8: PUSH1 0x20
000010ca: ADD
000010cb: SWAP2
000010cc: POP
000010cd: JUMPDEST
000010ce: POP
000010cf: SWAP3
000010d0: POP
000010d1: POP
000010d2: POP
000010d3: PUSH1 0x40
000010d5: MLOAD
000010d6: DUP1
000010d7: SWAP2
000010d8: SUB
000010d9: SWAP1
000010da: REVERT
000010db: INVALID
000010dc: COINBASE
000010dd: PUSH5 0x6472657373
000010e3: GASPRICE
000010e4: KECCAK256
000010e5: PUSH10 0x6e73756666696369656e
000010f0: PUSH21 0x2062616c616e636520666f722063616c6c53616665
00001106: UNKNOWN(0x4D)
00001107: PUSH2 0x7468
0000110a: GASPRICE
0000110b: KECCAK256
0000110c: PUSH14 0x756c7469706c69636174696f6e20
0000111b: PUSH16 0x766572666c6f77536166654552433230
0000112c: GASPRICE
0000112d: KECCAK256
0000112e: GASLIMIT
0000112f: MSTORE
00001130: NUMBER
00001131: ORIGIN
00001132: ADDRESS
00001133: KECCAK256
00001134: PUSH16 0x7065726174696f6e20646964206e6f74
00001145: KECCAK256
00001146: PUSH20 0x756363656564a2646970667358221220818e3b90
0000115b: PUSH20 0x10ec2d911af5daa283622c5e04934a947f88ce5e
00001170: SWAP13
00001171: PUSH24