TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

bec9065d-c913-49da-b1b6-128b7aa79ec8

failed
Chain ID
1
Address
0x0286f920f893513c7ec9fe35ba0a4760229a243e
Block Number
Created
Fri, Jan 2, 2026 4:33 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
ETH value transfer possible
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31290 report.consolidate complete 1 / 1 3 months ago
110738 artifact.fetch failed 1 / 3 1 week ago
110739 tool.cast_disasm complete 1 / 3 1 week ago
110740 analysis.bundle complete 1 / 3 1 week ago
110741 capability.graph complete 1 / 3 1 week ago
110742 detector.run complete 1 / 3 1 week ago
110743 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
No concrete, exploitable profit paths found in the provided contracts.
View stderr 
[codex:183125] OpenAI Codex v0.77.0 (research preview)
[codex:183125] --------
[codex:183125] workdir: /tmp/codex-multi-5fcidax2
[codex:183125] model: gpt-5.2-codex
[codex:183125] provider: openai
[codex:183125] approval: never
[codex:183125] sandbox: read-only
[codex:183125] reasoning effort: xhigh
[codex:183125] reasoning summaries: auto
[codex:183125] session id: 019b7f8c-7155-72e1-a407-4bc20ba6e5fa
[codex:183125] --------
[codex:183125] user
[codex:183125] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:183125] 
[codex:183125] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:183125] 
[codex:183125] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:183125] - Gas inefficiency, code quality, naming, or best practices
[codex:183125] - Theoretical vulnerabilities without a clear extraction path
[codex:183125] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:183125] - Front-running unless it enables theft beyond MEV
[codex:183125] - DoS, griefing, or issues that don't result in attacker profit
[codex:183125] - Missing events, view function issues, or informational findings
[codex:183125] 
[codex:183125] HIGH-VALUE PATTERNS TO HUNT:
[codex:183125] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:183125] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:183125] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:183125] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:183125] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:183125] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:183125] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:183125] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:183125] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:183125] 
[codex:183125] For each finding, you MUST provide:
[codex:183125] 1. Exact file and line numbers of vulnerable code
[codex:183125] 2. Step-by-step exploit transaction sequence
[codex:183125] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:183125] 
[codex:183125] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:183125] 
[codex:183125] Output MUST be valid JSON matching the provided schema.
[codex:183125] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:183125] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:183125] mcp startup: no servers
[codex:183125] 
[codex:183125] thinking
[codex:183125] **Preparing to audit skills**
[codex:183125] exec
[codex:183125] /bin/bash -lc ls in /tmp/codex-multi-5fcidax2 succeeded in 5ms:
[codex:183125] AUDIT_BUNDLE.txt
[codex:183125] codex-output-schema.json
[codex:183125] contracts
[codex:183125] exec
[codex:183125] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-5fcidax2 succeeded in 5ms:
[codex:183125] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:183125] 
[codex:183125] ================================================================================
[codex:183125] FILE: contracts/Contract.sol
[codex:183125] ================================================================================
[codex:183125] pragma solidity ^0.4.15;
[codex:183125] 
[codex:183125] /**
[codex:183125]  * @title SafeMath
[codex:183125]  * @dev Math operations with safety checks that throw on error
[codex:183125]  */
[codex:183125] library SafeMath {
[codex:183125]   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
[codex:183125]     uint256 c = a * b;
[codex:183125]     assert(a == 0 || c / a == b);
[codex:183125]     return c;
[codex:183125]   }
[codex:183125] 
[codex:183125]   function div(uint256 a, uint256 b) internal constant returns (uint256) {
[codex:183125]     // assert(b > 0); // Solidity automatically throws when dividing by 0
[codex:183125] 
[codex:183125] thinking
[codex:183125] **Identifying exploit locations with line numbers**
[codex:183125] exec
[codex:183125] /bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-multi-5fcidax2 succeeded in 5ms:
[codex:183125]      1	pragma solidity ^0.4.15;
[codex:183125]      2	
[codex:183125]      3	/**
[codex:183125]      4	 * @title SafeMath
[codex:183125]      5	 * @dev Math operations with safety checks that throw on error
[codex:183125]      6	 */
[codex:183125]      7	library SafeMath {
[codex:183125]      8	  function mul(uint256 a, uint256 b) internal constant returns (uint256) {
[codex:183125]      9	    uint256 c = a * b;
[codex:183125]     10	    assert(a == 0 || c / a == b);
[codex:183125]     11	    return c;
[codex:183125]     12	  }
[codex:183125]     13	
[codex:183125]     14	  function div(uint256 a, uint256 b) internal constant returns (uint256) {
[codex:183125]     15	    // assert(b > 0); // Solidity automatically throws when dividing by 0
[codex:183125]     16	    uint256 c = a / b;
[codex:183125]     17	    // assert(a == b * c + a % b); // There is no case in which this doesn't hold
[codex:183125]     18	    return c;
[codex:183125]     19	  }
[codex:183125]     20	
[codex:183125] 
[codex:183125] 
[codex:183125] 
[codex:183125] thinking
[codex:183125] **Assessing reward distribution vulnerabilities**
[codex:183125] thinking
[codex:183125] **Evaluating absence of clear profit exploits**
[codex:183125] 
[codex:183125] I’m carefully weighing if any concrete profit exploits exist, including flash loan manipulation, reentrancy, overflow, or access control issues. While some design considerations like reward timing could be exploited in theory, none yield a straightforward, provable path to drain funds or gain unearned rewards here. The use of external calls and token interactions appear safe under current constraints, so I conclude no solid findings.
[codex:183125] thinking
[codex:183125] **Preparing final audit output**
[codex:183125] 
[codex:183125] I’m wrapping up by confirming no exploitable profit paths exist based on token behavior, reward calculations, and transfer mechanics, and I'll produce the required JSON summary indicating no findings.
[codex:183125] codex
[codex:183125] {"no_findings":true,"summary":"No concrete, exploitable profit paths found in the provided contracts.","findings":[]}
[codex:183125] tokens used
[codex:183125] 24,964
[codex:183125] {"no_findings":true,"summary":"No concrete, exploitable profit paths found in the provided contracts.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-02T16:33:38.608735+00:00",
        "returncode": 0
    },
    "summary": "No concrete, exploitable profit paths found in the provided contracts.",
    "raw_final": {
        "summary": "No concrete, exploitable profit paths found in the provided contracts.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
2
Total opcodes
1121
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0088
0000000a: JUMPI
0000000b: PUSH4 0xffffffff
00000010: PUSH1 0xe0
00000012: PUSH1 0x02
00000014: EXP
00000015: PUSH1 0x00
00000017: CALLDATALOAD
00000018: DIV
00000019: AND
0000001a: PUSH4 0x3d103b6d
0000001f: DUP2
00000020: EQ
00000021: PUSH2 0x00ab
00000024: JUMPI
00000025: DUP1
00000026: PUSH4 0x54fd4d50
0000002b: EQ
0000002c: PUSH2 0x00dc
0000002f: JUMPI
00000030: DUP1
00000031: PUSH4 0x5ec2dc8d
00000036: EQ
00000037: PUSH2 0x0167
0000003a: JUMPI
0000003b: DUP1
0000003c: PUSH4 0x66d38203
00000041: EQ
00000042: PUSH2 0x0183
00000045: JUMPI
00000046: DUP1
00000047: PUSH4 0x750142e6
0000004c: EQ
0000004d: PUSH2 0x01b6
00000050: JUMPI
00000051: DUP1
00000052: PUSH4 0x87efeeb6
00000057: EQ
00000058: PUSH2 0x01db
0000005b: JUMPI
0000005c: DUP1
0000005d: PUSH4 0x8da5cb5b
00000062: EQ
00000063: PUSH2 0x020a
00000066: JUMPI
00000067: DUP1
00000068: PUSH4 0xb1622818
0000006d: EQ
0000006e: PUSH2 0x0239
00000071: JUMPI
00000072: DUP1
00000073: PUSH4 0xc885bc58
00000078: EQ
00000079: PUSH2 0x026a
0000007c: JUMPI
0000007d: DUP1
0000007e: PUSH4 0xdf18e047
00000083: EQ
00000084: PUSH2 0x028f
00000087: JUMPI
00000088: JUMPDEST
00000089: JUMPDEST
0000008a: CALLVALUE
0000008b: ISZERO
0000008c: ISZERO
0000008d: PUSH2 0x009e
00000090: JUMPI
00000091: PUSH2 0x0098
00000094: PUSH2 0x02c0
00000097: JUMP
00000098: JUMPDEST
00000099: POP
0000009a: PUSH2 0x00a8
0000009d: JUMP
0000009e: JUMPDEST
0000009f: PUSH2 0x00a6
000000a2: PUSH2 0x0365
000000a5: JUMP
000000a6: JUMPDEST
000000a7: POP
000000a8: JUMPDEST
000000a9: JUMPDEST
000000aa: STOP
000000ab: JUMPDEST
000000ac: CALLVALUE
000000ad: ISZERO
000000ae: PUSH2 0x00b6
000000b1: JUMPI
000000b2: PUSH1 0x00
000000b4: DUP1
000000b5: REVERT
000000b6: JUMPDEST
000000b7: PUSH2 0x00ca
000000ba: PUSH1 0x01
000000bc: PUSH1 0xa0
000000be: PUSH1 0x02
000000c0: EXP
000000c1: SUB
000000c2: PUSH1 0x04
000000c4: CALLDATALOAD
000000c5: AND
000000c6: PUSH2 0x0373
000000c9: JUMP
000000ca: JUMPDEST
000000cb: PUSH1 0x40
000000cd: MLOAD
000000ce: SWAP1
000000cf: DUP2
000000d0: MSTORE
000000d1: PUSH1 0x20
000000d3: ADD
000000d4: PUSH1 0x40
000000d6: MLOAD
000000d7: DUP1
000000d8: SWAP2
000000d9: SUB
000000da: SWAP1
000000db: RETURN
000000dc: JUMPDEST
000000dd: CALLVALUE
000000de: ISZERO
000000df: PUSH2 0x00e7
000000e2: JUMPI
000000e3: PUSH1 0x00
000000e5: DUP1
000000e6: REVERT
000000e7: JUMPDEST
000000e8: PUSH2 0x00ef
000000eb: PUSH2 0x0385
000000ee: JUMP
000000ef: JUMPDEST
000000f0: PUSH1 0x40
000000f2: MLOAD
000000f3: PUSH1 0x20
000000f5: DUP1
000000f6: DUP3
000000f7: MSTORE
000000f8: DUP2
000000f9: SWAP1
000000fa: DUP2
000000fb: ADD
000000fc: DUP4
000000fd: DUP2
000000fe: DUP2
000000ff: MLOAD
00000100: DUP2
00000101: MSTORE
00000102: PUSH1 0x20
00000104: ADD
00000105: SWAP2
00000106: POP
00000107: DUP1
00000108: MLOAD
00000109: SWAP1
0000010a: PUSH1 0x20
0000010c: ADD
0000010d: SWAP1
0000010e: DUP1
0000010f: DUP4
00000110: DUP4
00000111: PUSH1 0x00
00000113: JUMPDEST
00000114: DUP4
00000115: DUP2
00000116: LT
00000117: ISZERO
00000118: PUSH2 0x012c
0000011b: JUMPI
0000011c: DUP1
0000011d: DUP3
0000011e: ADD
0000011f: MLOAD
00000120: DUP2
00000121: DUP5
00000122: ADD
00000123: MSTORE
00000124: JUMPDEST
00000125: PUSH1 0x20
00000127: ADD
00000128: PUSH2 0x0113
0000012b: JUMP
0000012c: JUMPDEST
0000012d: POP
0000012e: POP
0000012f: POP
00000130: POP
00000131: SWAP1
00000132: POP
00000133: SWAP1
00000134: DUP2
00000135: ADD
00000136: SWAP1
00000137: PUSH1 0x1f
00000139: AND
0000013a: DUP1
0000013b: ISZERO
0000013c: PUSH2 0x0159
0000013f: JUMPI
00000140: DUP1
00000141: DUP3
00000142: SUB
00000143: DUP1
00000144: MLOAD
00000145: PUSH1 0x01
00000147: DUP4
00000148: PUSH1 0x20
0000014a: SUB
0000014b: PUSH2 0x0100
0000014e: EXP
0000014f: SUB
00000150: NOT
00000151: AND
00000152: DUP2
00000153: MSTORE
00000154: PUSH1 0x20
00000156: ADD
00000157: SWAP2
00000158: POP
00000159: JUMPDEST
0000015a: POP
0000015b: SWAP3
0000015c: POP
0000015d: POP
0000015e: POP
0000015f: PUSH1 0x40
00000161: MLOAD
00000162: DUP1
00000163: SWAP2
00000164: SUB
00000165: SWAP1
00000166: RETURN
00000167: JUMPDEST
00000168: PUSH2 0x016f
0000016b: PUSH2 0x0365
0000016e: JUMP
0000016f: JUMPDEST
00000170: PUSH1 0x40
00000172: MLOAD
00000173: SWAP1
00000174: ISZERO
00000175: ISZERO
00000176: DUP2
00000177: MSTORE
00000178: PUSH1 0x20
0000017a: ADD
0000017b: PUSH1 0x40
0000017d: MLOAD
0000017e: DUP1
0000017f: SWAP2
00000180: SUB
00000181: SWAP1
00000182: RETURN
00000183: JUMPDEST
00000184: CALLVALUE
00000185: ISZERO
00000186: PUSH2 0x018e
00000189: JUMPI
0000018a: PUSH1 0x00
0000018c: DUP1
0000018d: REVERT
0000018e: JUMPDEST
0000018f: PUSH2 0x016f
00000192: PUSH1 0x01
00000194: PUSH1 0xa0
00000196: PUSH1 0x02
00000198: EXP
00000199: SUB
0000019a: PUSH1 0x04
0000019c: CALLDATALOAD
0000019d: AND
0000019e: PUSH2 0x0423
000001a1: JUMP
000001a2: JUMPDEST
000001a3: PUSH1 0x40
000001a5: MLOAD
000001a6: SWAP1
000001a7: ISZERO
000001a8: ISZERO
000001a9: DUP2
000001aa: MSTORE
000001ab: PUSH1 0x20
000001ad: ADD
000001ae: PUSH1 0x40
000001b0: MLOAD
000001b1: DUP1
000001b2: SWAP2
000001b3: SUB
000001b4: SWAP1
000001b5: RETURN
000001b6: JUMPDEST
000001b7: CALLVALUE
000001b8: ISZERO
000001b9: PUSH2 0x01c1
000001bc: JUMPI
000001bd: PUSH1 0x00
000001bf: DUP1
000001c0: REVERT
000001c1: JUMPDEST
000001c2: PUSH2 0x00ca
000001c5: PUSH2 0x048b
000001c8: JUMP
000001c9: JUMPDEST
000001ca: PUSH1 0x40
000001cc: MLOAD
000001cd: SWAP1
000001ce: DUP2
000001cf: MSTORE
000001d0: PUSH1 0x20
000001d2: ADD
000001d3: PUSH1 0x40
000001d5: MLOAD
000001d6: DUP1
000001d7: SWAP2
000001d8: SUB
000001d9: SWAP1
000001da: RETURN
000001db: JUMPDEST
000001dc: CALLVALUE
000001dd: ISZERO
000001de: PUSH2 0x01e6
000001e1: JUMPI
000001e2: PUSH1 0x00
000001e4: DUP1
000001e5: REVERT
000001e6: JUMPDEST
000001e7: PUSH2 0x01ee
000001ea: PUSH2 0x0491
000001ed: JUMP
000001ee: JUMPDEST
000001ef: PUSH1 0x40
000001f1: MLOAD
000001f2: PUSH1 0x01
000001f4: PUSH1 0xa0
000001f6: PUSH1 0x02
000001f8: EXP
000001f9: SUB
000001fa: SWAP1
000001fb: SWAP2
000001fc: AND
000001fd: DUP2
000001fe: MSTORE
000001ff: PUSH1 0x20
00000201: ADD
00000202: PUSH1 0x40
00000204: MLOAD
00000205: DUP1
00000206: SWAP2
00000207: SUB
00000208: SWAP1
00000209: RETURN
0000020a: JUMPDEST
0000020b: CALLVALUE
0000020c: ISZERO
0000020d: PUSH2 0x0215
00000210: JUMPI
00000211: PUSH1 0x00
00000213: DUP1
00000214: REVERT
00000215: JUMPDEST
00000216: PUSH2 0x01ee
00000219: PUSH2 0x04a0
0000021c: JUMP
0000021d: JUMPDEST
0000021e: PUSH1 0x40
00000220: MLOAD
00000221: PUSH1 0x01
00000223: PUSH1 0xa0
00000225: PUSH1 0x02
00000227: EXP
00000228: SUB
00000229: SWAP1
0000022a: SWAP2
0000022b: AND
0000022c: DUP2
0000022d: MSTORE
0000022e: PUSH1 0x20
00000230: ADD
00000231: PUSH1 0x40
00000233: MLOAD
00000234: DUP1
00000235: SWAP2
00000236: SUB
00000237: SWAP1
00000238: RETURN
00000239: JUMPDEST
0000023a: CALLVALUE
0000023b: ISZERO
0000023c: PUSH2 0x0244
0000023f: JUMPI
00000240: PUSH1 0x00
00000242: DUP1
00000243: REVERT
00000244: JUMPDEST
00000245: PUSH2 0x00ca
00000248: PUSH1 0x01
0000024a: PUSH1 0xa0
0000024c: PUSH1 0x02
0000024e: EXP
0000024f: SUB
00000250: PUSH1 0x04
00000252: CALLDATALOAD
00000253: AND
00000254: PUSH2 0x04af
00000257: JUMP
00000258: JUMPDEST
00000259: PUSH1 0x40
0000025b: MLOAD
0000025c: SWAP1
0000025d: DUP2
0000025e: MSTORE
0000025f: PUSH1 0x20
00000261: ADD
00000262: PUSH1 0x40
00000264: MLOAD
00000265: DUP1
00000266: SWAP2
00000267: SUB
00000268: SWAP1
00000269: RETURN
0000026a: JUMPDEST
0000026b: CALLVALUE
0000026c: ISZERO
0000026d: PUSH2 0x0275
00000270: JUMPI
00000271: PUSH1 0x00
00000273: DUP1
00000274: REVERT
00000275: JUMPDEST
00000276: PUSH2 0x00ca
00000279: PUSH2 0x02c0
0000027c: JUMP
0000027d: JUMPDEST
0000027e: PUSH1 0x40
00000280: MLOAD
00000281: SWAP1
00000282: DUP2
00000283: MSTORE
00000284: PUSH1 0x20
00000286: ADD
00000287: PUSH1 0x40
00000289: MLOAD
0000028a: DUP1
0000028b: SWAP2
0000028c: SUB
0000028d: SWAP1
0000028e: RETURN
0000028f: JUMPDEST
00000290: CALLVALUE
00000291: ISZERO
00000292: PUSH2 0x029a
00000295: JUMPI
00000296: PUSH1 0x00
00000298: DUP1
00000299: REVERT
0000029a: JUMPDEST
0000029b: PUSH2 0x00ca
0000029e: PUSH1 0x01
000002a0: PUSH1 0xa0
000002a2: PUSH1 0x02
000002a4: EXP
000002a5: SUB
000002a6: PUSH1 0x04
000002a8: CALLDATALOAD
000002a9: AND
000002aa: PUSH2 0x04f4
000002ad: JUMP
000002ae: JUMPDEST
000002af: PUSH1 0x40
000002b1: MLOAD
000002b2: SWAP1
000002b3: DUP2
000002b4: MSTORE
000002b5: PUSH1 0x20
000002b7: ADD
000002b8: PUSH1 0x40
000002ba: MLOAD
000002bb: DUP1
000002bc: SWAP2
000002bd: SUB
000002be: SWAP1
000002bf: RETURN
000002c0: JUMPDEST
000002c1: PUSH1 0x00
000002c3: DUP1
000002c4: PUSH1 0x05
000002c6: PUSH1 0x00
000002c8: CALLER
000002c9: PUSH1 0x01
000002cb: PUSH1 0xa0
000002cd: PUSH1 0x02
000002cf: EXP
000002d0: SUB
000002d1: AND
000002d2: PUSH1 0x01
000002d4: PUSH1 0xa0
000002d6: PUSH1 0x02
000002d8: EXP
000002d9: SUB
000002da: AND
000002db: DUP2
000002dc: MSTORE
000002dd: PUSH1 0x20
000002df: ADD
000002e0: SWAP1
000002e1: DUP2
000002e2: MSTORE
000002e3: PUSH1 0x20
000002e5: ADD
000002e6: PUSH1 0x00
000002e8: KECCAK256
000002e9: SLOAD
000002ea: PUSH2 0x02f2
000002ed: CALLER
000002ee: PUSH2 0x0506
000002f1: JUMP
000002f2: JUMPDEST
000002f3: PUSH1 0x03
000002f5: SLOAD
000002f6: PUSH1 0x01
000002f8: PUSH1 0xa0
000002fa: PUSH1 0x02
000002fc: EXP
000002fd: SUB
000002fe: CALLER
000002ff: AND
00000300: PUSH1 0x00
00000302: SWAP1
00000303: DUP2
00000304: MSTORE
00000305: PUSH1 0x04
00000307: PUSH1 0x20
00000309: SWAP1
0000030a: DUP2
0000030b: MSTORE
0000030c: PUSH1 0x40
0000030e: DUP1
0000030f: DUP4
00000310: KECCAK256
00000311: SWAP4
00000312: SWAP1
00000313: SWAP4
00000314: SSTORE
00000315: PUSH1 0x05
00000317: SWAP1
00000318: MSTORE
00000319: SWAP1
0000031a: DUP2
0000031b: KECCAK256
0000031c: DUP2
0000031d: SWAP1
0000031e: SSTORE
0000031f: SWAP2
00000320: ADD
00000321: SWAP2
00000322: POP
00000323: DUP2
00000324: GT
00000325: DUP1
00000326: ISZERO
00000327: PUSH2 0x0353
0000032a: JUMPI
0000032b: POP
0000032c: PUSH1 0x01
0000032e: PUSH1 0xa0
00000330: PUSH1 0x02
00000332: EXP
00000333: SUB
00000334: CALLER
00000335: AND
00000336: DUP2
00000337: ISZERO
00000338: PUSH2 0x08fc
0000033b: MUL
0000033c: DUP3
0000033d: PUSH1 0x40
0000033f: MLOAD
00000340: PUSH1 0x00
00000342: PUSH1 0x40
00000344: MLOAD
00000345: DUP1
00000346: DUP4
00000347: SUB
00000348: DUP2
00000349: DUP6
0000034a: DUP9
0000034b: DUP9
0000034c: CALL
0000034d: SWAP4
0000034e: POP
0000034f: POP
00000350: POP
00000351: POP
00000352: ISZERO
00000353: JUMPDEST
00000354: ISZERO
00000355: PUSH2 0x035d
00000358: JUMPI
00000359: PUSH1 0x00
0000035b: DUP1
0000035c: REVERT
0000035d: JUMPDEST
0000035e: DUP1
0000035f: SWAP2
00000360: POP
00000361: JUMPDEST
00000362: POP
00000363: SWAP1
00000364: JUMP
00000365: JUMPDEST
00000366: PUSH1 0x03
00000368: DUP1
00000369: SLOAD
0000036a: CALLVALUE
0000036b: ADD
0000036c: SWAP1
0000036d: SSTORE
0000036e: PUSH1 0x01
00000370: JUMPDEST
00000371: SWAP1
00000372: JUMP
00000373: JUMPDEST
00000374: PUSH1 0x04
00000376: PUSH1 0x20
00000378: MSTORE
00000379: PUSH1 0x00
0000037b: SWAP1
0000037c: DUP2
0000037d: MSTORE
0000037e: PUSH1 0x40
00000380: SWAP1
00000381: KECCAK256
00000382: SLOAD
00000383: DUP2
00000384: JUMP
00000385: JUMPDEST
00000386: PUSH1 0x00
00000388: DUP1
00000389: SLOAD
0000038a: PUSH1 0x01
0000038c: DUP2
0000038d: PUSH1 0x01
0000038f: AND
00000390: ISZERO
00000391: PUSH2 0x0100
00000394: MUL
00000395: SUB
00000396: AND
00000397: PUSH1 0x02
00000399: SWAP1
0000039a: DIV
0000039b: DUP1
0000039c: PUSH1 0x1f
0000039e: ADD
0000039f: PUSH1 0x20
000003a1: DUP1
000003a2: SWAP2
000003a3: DIV
000003a4: MUL
000003a5: PUSH1 0x20
000003a7: ADD
000003a8: PUSH1 0x40
000003aa: MLOAD
000003ab: SWAP1
000003ac: DUP2
000003ad: ADD
000003ae: PUSH1 0x40
000003b0: MSTORE
000003b1: DUP1
000003b2: SWAP3
000003b3: SWAP2
000003b4: SWAP1
000003b5: DUP2
000003b6: DUP2
000003b7: MSTORE
000003b8: PUSH1 0x20
000003ba: ADD
000003bb: DUP3
000003bc: DUP1
000003bd: SLOAD
000003be: PUSH1 0x01
000003c0: DUP2
000003c1: PUSH1 0x01
000003c3: AND
000003c4: ISZERO
000003c5: PUSH2 0x0100
000003c8: MUL
000003c9: SUB
000003ca: AND
000003cb: PUSH1 0x02
000003cd: SWAP1
000003ce: DIV
000003cf: DUP1
000003d0: ISZERO
000003d1: PUSH2 0x041b
000003d4: JUMPI
000003d5: DUP1
000003d6: PUSH1 0x1f
000003d8: LT
000003d9: PUSH2 0x03f0
000003dc: JUMPI
000003dd: PUSH2 0x0100
000003e0: DUP1
000003e1: DUP4
000003e2: SLOAD
000003e3: DIV
000003e4: MUL
000003e5: DUP4
000003e6: MSTORE
000003e7: SWAP2
000003e8: PUSH1 0x20
000003ea: ADD
000003eb: SWAP2
000003ec: PUSH2 0x041b
000003ef: JUMP
000003f0: JUMPDEST
000003f1: DUP3
000003f2: ADD
000003f3: SWAP2
000003f4: SWAP1
000003f5: PUSH1 0x00
000003f7: MSTORE
000003f8: PUSH1 0x20
000003fa: PUSH1 0x00
000003fc: KECCAK256
000003fd: SWAP1
000003fe: JUMPDEST
000003ff: DUP2
00000400: SLOAD
00000401: DUP2
00000402: MSTORE
00000403: SWAP1
00000404: PUSH1 0x01
00000406: ADD
00000407: SWAP1
00000408: PUSH1 0x20
0000040a: ADD
0000040b: DUP1
0000040c: DUP4
0000040d: GT
0000040e: PUSH2 0x03fe
00000411: JUMPI
00000412: DUP3
00000413: SWAP1
00000414: SUB
00000415: PUSH1 0x1f
00000417: AND
00000418: DUP3
00000419: ADD
0000041a: SWAP2
0000041b: JUMPDEST
0000041c: POP
0000041d: POP
0000041e: POP
0000041f: POP
00000420: POP
00000421: DUP2
00000422: JUMP
00000423: JUMPDEST
00000424: PUSH1 0x02
00000426: SLOAD
00000427: PUSH1 0x00
00000429: SWAP1
0000042a: CALLER
0000042b: PUSH1 0x01
0000042d: PUSH1 0xa0
0000042f: PUSH1 0x02
00000431: EXP
00000432: SUB
00000433: SWAP1
00000434: DUP2
00000435: AND
00000436: SWAP2
00000437: AND
00000438: EQ
00000439: PUSH2 0x0441
0000043c: JUMPI
0000043d: PUSH1 0x00
0000043f: DUP1
00000440: REVERT
00000441: JUMPDEST
00000442: PUSH1 0x01
00000444: SLOAD
00000445: PUSH1 0x01
00000447: PUSH1 0xa0
00000449: PUSH1 0x02
0000044b: EXP
0000044c: SUB
0000044d: AND
0000044e: ISZERO
0000044f: ISZERO
00000450: PUSH2 0x0481
00000453: JUMPI
00000454: POP
00000455: PUSH1 0x01
00000457: DUP1
00000458: SLOAD
00000459: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000046e: NOT
0000046f: AND
00000470: PUSH1 0x01
00000472: PUSH1 0xa0
00000474: PUSH1 0x02
00000476: EXP
00000477: SUB
00000478: DUP4
00000479: AND
0000047a: OR
0000047b: DUP2
0000047c: SSTORE
0000047d: PUSH2 0x0485
00000480: JUMP
00000481: JUMPDEST
00000482: POP
00000483: PUSH1 0x00
00000485: JUMPDEST
00000486: JUMPDEST
00000487: SWAP2
00000488: SWAP1
00000489: POP
0000048a: JUMP
0000048b: JUMPDEST
0000048c: PUSH1 0x03
0000048e: SLOAD
0000048f: DUP2
00000490: JUMP
00000491: JUMPDEST
00000492: PUSH1 0x01
00000494: SLOAD
00000495: PUSH1 0x01
00000497: PUSH1 0xa0
00000499: PUSH1 0x02
0000049b: EXP
0000049c: SUB
0000049d: AND
0000049e: DUP2
0000049f: JUMP
000004a0: JUMPDEST
000004a1: PUSH1 0x02
000004a3: SLOAD
000004a4: PUSH1 0x01
000004a6: PUSH1 0xa0
000004a8: PUSH1 0x02
000004aa: EXP
000004ab: SUB
000004ac: AND
000004ad: DUP2
000004ae: JUMP
000004af: JUMPDEST
000004b0: PUSH1 0x00
000004b2: DUP1
000004b3: PUSH2 0x04bb
000004b6: DUP4
000004b7: PUSH2 0x0506
000004ba: JUMP
000004bb: JUMPDEST
000004bc: PUSH1 0x03
000004be: SLOAD
000004bf: PUSH1 0x01
000004c1: PUSH1 0xa0
000004c3: PUSH1 0x02
000004c5: EXP
000004c6: SUB
000004c7: DUP6
000004c8: AND
000004c9: PUSH1 0x00
000004cb: SWAP1
000004cc: DUP2
000004cd: MSTORE
000004ce: PUSH1 0x04
000004d0: PUSH1 0x20
000004d2: SWAP1
000004d3: DUP2
000004d4: MSTORE
000004d5: PUSH1 0x40
000004d7: DUP1
000004d8: DUP4
000004d9: KECCAK256
000004da: SWAP4
000004db: SWAP1
000004dc: SWAP4
000004dd: SSTORE
000004de: PUSH1 0x05
000004e0: SWAP1
000004e1: MSTORE
000004e2: KECCAK256
000004e3: DUP1
000004e4: SLOAD
000004e5: DUP3
000004e6: ADD
000004e7: SWAP1
000004e8: SSTORE
000004e9: SWAP2
000004ea: POP
000004eb: DUP2
000004ec: SWAP1
000004ed: POP
000004ee: JUMPDEST
000004ef: POP
000004f0: SWAP2
000004f1: SWAP1
000004f2: POP
000004f3: JUMP
000004f4: JUMPDEST
000004f5: PUSH1 0x05
000004f7: PUSH1 0x20
000004f9: MSTORE
000004fa: PUSH1 0x00
000004fc: SWAP1
000004fd: DUP2
000004fe: MSTORE
000004ff: PUSH1 0x40
00000501: SWAP1
00000502: KECCAK256
00000503: SLOAD
00000504: DUP2
00000505: JUMP
00000506: JUMPDEST
00000507: PUSH1 0x01
00000509: SLOAD
0000050a: PUSH1 0x00
0000050c: SWAP1
0000050d: PUSH1 0x01
0000050f: PUSH1 0xa0
00000511: PUSH1 0x02
00000513: EXP
00000514: SUB
00000515: AND
00000516: PUSH4 0x18160ddd
0000051b: DUP3
0000051c: PUSH1 0x40
0000051e: MLOAD
0000051f: PUSH1 0x20
00000521: ADD
00000522: MSTORE
00000523: PUSH1 0x40
00000525: MLOAD
00000526: DUP2
00000527: PUSH4 0xffffffff
0000052c: AND
0000052d: PUSH1 0xe0
0000052f: PUSH1 0x02
00000531: EXP
00000532: MUL
00000533: DUP2
00000534: MSTORE
00000535: PUSH1 0x04
00000537: ADD
00000538: PUSH1 0x20
0000053a: PUSH1 0x40
0000053c: MLOAD
0000053d: DUP1
0000053e: DUP4
0000053f: SUB
00000540: DUP2
00000541: PUSH1 0x00
00000543: DUP8
00000544: DUP1
00000545: EXTCODESIZE
00000546: ISZERO
00000547: ISZERO
00000548: PUSH2 0x0550
0000054b: JUMPI
0000054c: PUSH1 0x00
0000054e: DUP1
0000054f: REVERT
00000550: JUMPDEST
00000551: PUSH2 0x02c6
00000554: GAS
00000555: SUB
00000556: CALL
00000557: ISZERO
00000558: ISZERO
00000559: PUSH2 0x0561
0000055c: JUMPI
0000055d: PUSH1 0x00
0000055f: DUP1
00000560: REVERT
00000561: JUMPDEST
00000562: POP
00000563: POP
00000564: POP
00000565: PUSH1 0x40
00000567: MLOAD
00000568: DUP1
00000569: MLOAD
0000056a: PUSH1 0x01
0000056c: PUSH1 0xa0
0000056e: PUSH1 0x02
00000570: EXP
00000571: SUB
00000572: DUP1
00000573: DUP6
00000574: AND
00000575: PUSH1 0x00
00000577: SWAP1
00000578: DUP2
00000579: MSTORE
0000057a: PUSH1 0x04
0000057c: PUSH1 0x20
0000057e: MSTORE
0000057f: PUSH1 0x40
00000581: DUP1
00000582: DUP3
00000583: KECCAK256
00000584: SLOAD
00000585: PUSH1 0x03
00000587: SLOAD
00000588: PUSH1 0x01
0000058a: SLOAD
0000058b: SWAP6
0000058c: SWAP7
0000058d: POP
0000058e: SUB
0000058f: SWAP4
00000590: SWAP1
00000591: SWAP3
00000592: AND
00000593: SWAP2
00000594: PUSH4 0x70a08231
00000599: SWAP2
0000059a: DUP8
0000059b: SWAP2
0000059c: MLOAD
0000059d: PUSH1 0x20
0000059f: ADD
000005a0: MSTORE
000005a1: PUSH1 0x40
000005a3: MLOAD
000005a4: PUSH1 0xe0
000005a6: PUSH1 0x02
000005a8: EXP
000005a9: PUSH4 0xffffffff
000005ae: DUP5
000005af: AND
000005b0: MUL
000005b1: DUP2
000005b2: MSTORE
000005b3: PUSH1 0x01
000005b5: PUSH1 0xa0
000005b7: PUSH1 0x02
000005b9: EXP
000005ba: SUB
000005bb: SWAP1
000005bc: SWAP2
000005bd: AND
000005be: PUSH1 0x04
000005c0: DUP3
000005c1: ADD
000005c2: MSTORE
000005c3: PUSH1 0x24
000005c5: ADD
000005c6: PUSH1 0x20
000005c8: PUSH1 0x40
000005ca: MLOAD
000005cb: DUP1
000005cc: DUP4
000005cd: SUB
000005ce: DUP2
000005cf: PUSH1 0x00
000005d1: DUP8
000005d2: DUP1
000005d3: EXTCODESIZE
000005d4: ISZERO
000005d5: ISZERO
000005d6: PUSH2 0x05de
000005d9: JUMPI
000005da: PUSH1 0x00
000005dc: DUP1
000005dd: REVERT
000005de: JUMPDEST
000005df: PUSH2 0x02c6
000005e2: GAS
000005e3: SUB
000005e4: CALL
000005e5: ISZERO
000005e6: ISZERO
000005e7: PUSH2 0x05ef
000005ea: JUMPI
000005eb: PUSH1 0x00
000005ed: DUP1
000005ee: REVERT
000005ef: JUMPDEST
000005f0: POP
000005f1: POP
000005f2: POP
000005f3: PUSH1 0x40
000005f5: MLOAD
000005f6: DUP1
000005f7: MLOAD
000005f8: SWAP1
000005f9: POP
000005fa: MUL
000005fb: DUP2
000005fc: ISZERO
000005fd: ISZERO
000005fe: PUSH2 0x0603
00000601: JUMPI
00000602: INVALID
00000603: JUMPDEST
00000604: DIV
00000605: SWAP1
00000606: POP
00000607: JUMPDEST
00000608: SWAP2
00000609: SWAP1
0000060a: POP
0000060b: JUMP
0000060c: STOP
0000060d: LOG1
0000060e: PUSH6 0x627a7a723058
00000615: KECCAK256
00000616: UNKNOWN(0xCF)
00000617: SWAP9
00000618: PUSH9 0x89bb0d759ec4f262dc
00000622: PUSH15 0x87422ae67688668d3b17af5c23e0b5
00000632: PUSH22

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x26d472bdd49761fa26b5c8dc1f810f615830fedce9114bdc2bf9e0eaaf42b5e1
call_targets: 0x0286f920f893513c7ec9fe35ba0a4760229a243e
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x26d472bdd49761fa26b5c8dc1f810f615830fedce9114bdc2bf9e0eaaf42b5e1",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0286f920f893513c7ec9fe35ba0a4760229a243e"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3d103b6d",
            "selector": "0x3d103b6d",
            "calldata_variants": [
                "0x3d103b6d",
                "0x3d103b6d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x54fd4d50",
            "selector": "0x54fd4d50",
            "calldata_variants": [
                "0x54fd4d50",
                "0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5ec2dc8d",
            "selector": "0x5ec2dc8d",
            "calldata_variants": [
                "0x5ec2dc8d",
                "0x5ec2dc8d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d38203",
            "selector": "0x66d38203",
            "calldata_variants": [
                "0x66d38203",
                "0x66d382030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x750142e6",
            "selector": "0x750142e6",
            "calldata_variants": [
                "0x750142e6",
                "0x750142e60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x87efeeb6",
            "selector": "0x87efeeb6",
            "calldata_variants": [
                "0x87efeeb6",
                "0x87efeeb60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb1622818",
            "selector": "0xb1622818",
            "calldata_variants": [
                "0xb1622818",
                "0xb16228180000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 844,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1366,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1508,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x26d472bdd49761fa26b5c8dc1f810f615830fedce9114bdc2bf9e0eaaf42b5e1
call_targets: 0x0286f920f893513c7ec9fe35ba0a4760229a243e
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x26d472bdd49761fa26b5c8dc1f810f615830fedce9114bdc2bf9e0eaaf42b5e1",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0286f920f893513c7ec9fe35ba0a4760229a243e"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3d103b6d",
            "selector": "0x3d103b6d",
            "calldata_variants": [
                "0x3d103b6d",
                "0x3d103b6d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x54fd4d50",
            "selector": "0x54fd4d50",
            "calldata_variants": [
                "0x54fd4d50",
                "0x54fd4d500000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5ec2dc8d",
            "selector": "0x5ec2dc8d",
            "calldata_variants": [
                "0x5ec2dc8d",
                "0x5ec2dc8d0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x66d38203",
            "selector": "0x66d38203",
            "calldata_variants": [
                "0x66d38203",
                "0x66d382030000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x750142e6",
            "selector": "0x750142e6",
            "calldata_variants": [
                "0x750142e6",
                "0x750142e60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x87efeeb6",
            "selector": "0x87efeeb6",
            "calldata_variants": [
                "0x87efeeb6",
                "0x87efeeb60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb1622818",
            "selector": "0xb1622818",
            "calldata_variants": [
                "0xb1622818",
                "0xb16228180000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 844,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1366,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1508,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}