bfd9d0a7-8265-4b53-8690-af824db6f378
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31297 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 110780 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 110781 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 110782 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 110783 | capability.graph | complete | 1 / 3 | 1 week ago |
| 110784 | detector.run | complete | 1 / 3 | 1 week ago |
| 110785 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:652660] OpenAI Codex v0.77.0 (research preview)
[codex:652660] --------
[codex:652660] workdir: /tmp/codex-multi-p_h2tebn
[codex:652660] model: gpt-5.2-codex
[codex:652660] provider: openai
[codex:652660] approval: never
[codex:652660] sandbox: read-only
[codex:652660] reasoning effort: xhigh
[codex:652660] reasoning summaries: auto
[codex:652660] session id: 019b7f98-fdb0-7472-8a71-2c62632a1fc8
[codex:652660] --------
[codex:652660] user
[codex:652660] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:652660]
[codex:652660] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:652660]
[codex:652660] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:652660] - Gas inefficiency, code quality, or best practices
[codex:652660] - Theoretical vulnerabilities without a clear extraction path
[codex:652660] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:652660] - Issues requiring social engineering or off-chain coordination
[codex:652660]
[codex:652660] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:652660] - CALL/DELEGATECALL with controllable destination or calldata
[codex:652660] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:652660] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:652660] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:652660] - External calls before state updates (reentrancy)
[codex:652660] - SELFDESTRUCT with controllable beneficiary
[codex:652660] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:652660]
[codex:652660] For each finding, you MUST explain:
[codex:652660] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:652660] 2. The concrete sequence of transactions to extract value
[codex:652660] 3. Why you believe this is exploitable (not just suspicious)
[codex:652660]
[codex:652660] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:652660] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:652660]
[codex:652660] Output MUST be valid JSON matching the provided schema.
[codex:652660] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:652660] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:652660] mcp startup: no servers
[codex:652660]
[codex:652660] thinking
[codex:652660] **Planning to locate BYTECODE_BUNDLE.txt**
[codex:652660] exec
[codex:652660] /bin/bash -lc ls in /tmp/codex-multi-p_h2tebn succeeded in 5ms:
[codex:652660] BYTECODE_BUNDLE.txt
[codex:652660] codex-output-schema.json
[codex:652660]
[codex:652660] thinking
[codex:652660] **Reading file**
[codex:652660] exec
[codex:652660] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-p_h2tebn succeeded in 6ms:
[codex:652660] Runtime bytecode bundle for best-effort auditing.
[codex:652660] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:652660]
[codex:652660] FILE: runtime_bytecode.hex
[codex:652660] 0x6080604052600436106100595760003560e01c80635aa6e675146101d4578063715018a6146101ff578063845affc8146102165780638a7f7fd6146102535780638da5cb5b1461027c578063f2fde38b146102a757610060565b3661006057005b34801561006c57600080fd5b50600073ffffffffffffffffffffffffffffffffffffffff16600460008154811061009357fe5b9060005260206000200160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff161415610115576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161010c90610a76565b60405180910390fd5b6000600460008154811061012557fe5b9060005260206000200160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16600036604051610177929190610a42565b600060405180830381855af49150503d80600081146101b2576040519150601f19603f3d011682016040523d82523d6000602084013e6101b7565b606091505b505090506040513d6000823e81600081146101d0573d82f35b3d82fd5b3480156101e057600080fd5b506101e96102d0565b6040516101f69190610a5b565b60405180910390f35b34801561020b57600080fd5b506102146102f6565b005b34801561022257600080fd5b5061023d600480360381019061023891906108f0565b610430565b60405161024a9190610a5b565b60405180910390f35b34801561025f57600080fd5b5061027a600480360381019061027591906108af565b61046c565b005b34801561028857600080fd5b5061029161053a565b60405161029e9190610a5b565b60405180910390f35b3480156102b357600080fd5b506102ce60048036038101906102c99190610886565b610563565b005b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6102fe61070c565b73ffffffffffffffffffffffffffffffffffffffff1661031c61053a565b73ffffffffffffffffffffffffffffffffffffffff1614610372576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161036990610ab6565b60405180910390fd5b600073ffffffffffffffffffffffffffffffffffffffff1660008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a360008060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b6004818154811061043d57fe5b906000526020600020016000915054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b61047461070c565b73ffffffffffffffffffffffffffffffffffffffff1661049261053a565b73ffffffffffffffffffffffffffffffffffffffff16146104e8576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016104df90610ab6565b60405180910390fd5b80600490805190602001906104fe929190610714565b507fd185b5a7934c79098a4109d219bda6291f588e82a24d9102918c3d40cd3f2a7a815160405161052f9190610ad6565b60405180910390a150565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b61056b61070c565b73ffffffffffffffffffffffffffffffffffffffff1661058961053a565b73ffffffffffffffffffffffffffffffffffffffff16146105df576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016105d690610ab6565b60405180910390fd5b600073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff16141561064f576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161064690610a96565b60405180910390fd5b8073ffffffffffffffffffffffffffffffffffffffff1660008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a3806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050565b600033905090565b82805482825590600052602060002090810192821561078d579160200282015b8281111561078c5782518260006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555091602001919060010190610734565b5b50905061079a919061079e565b5090565b5b808211156107d557600081816101000a81549073ffffffffffffffffffffffffffffffffffffffff02191690555060010161079f565b5090565b6000813590506107e881610bad565b92915050565b600082601f8301126107ff57600080fd5b813561081261080d82610b1e565b610af1565b9150818183526020840193506020810190508385602084028201111561083757600080fd5b60005b83811015610867578161084d88826107d9565b84526020840193506020830192505060018101905061083a565b5050505092915050565b60008135905061088081610bc4565b92915050565b60006020828403121561089857600080fd5b60006108a6848285016107d9565b91505092915050565b6000602082840312156108c157600080fd5b600082013567ffffffffffffffff8111156108db57600080fd5b6108e7848285016107ee565b91505092915050565b60006020828403121561090257600080fd5b600061091084828501610871565b91505092915050565b61092281610b62565b82525050565b60006109348385610b46565b9350610941838584610b9e565b82840190509392505050565b600061095a601783610b51565b91507f696e76616c69642020696d706c656d656e746174696f6e0000000000000000006000830152602082019050919050565b600061099a602683610b51565b91507f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160008301527f64647265737300000000000000000000000000000000000000000000000000006020830152604082019050919050565b6000610a00602083610b51565b91507f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e65726000830152602082019050919050565b610a3c81610b94565b82525050565b6000610a4f828486610928565b91508190509392505050565b6000602082019050610a706000830184610919565b92915050565b60006020820190508181036000830152610a8f8161094d565b9050919050565b60006020820190508181036000830152610aaf8161098d565b9050919050565b60006020820190508181036000830152610acf816109f3565b9050919050565b6000602082019050610aeb6000830184610a33565b92915050565b6000604051905081810181811067ffffffffffffffff82111715610b1457600080fd5b8060405250919050565b600067ffffffffffffffff821115610b3557600080fd5b602082029050602081019050919050565b600081905092915050565b600082825260208201905092915050565b6000610b6d82610b74565b9050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b82818337600083830152505050565b610bb681610b62565b8114610bc157600080fd5b50565b610bcd81610b94565b8114610bd857600080fd5b5056fea264697066735822122000ea179cdc39bf144a1a8efcbc80c52498cc96a5b039321c6584e2a93af7294264736f6c634300060c0033
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing bytecode structure and functions**
[codex:652660]
[codex:652660] I'm decoding the contract's bytecode to identify functions by their selectors and understand storage patterns; it looks like a proxy with standard Ownable functions plus an array stored at slot 4. I'm mapping function selectors to behaviors like ownership management and array access while scrutinizing fallback handling for potential delegatecall vulnerabilities. I plan to write a quick disassembler script to clarify ambiguous opcode sections.
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import sys, binascii, textwrap
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] # extract hex after 0x...
[codex:652660] import re
[codex:652660] m=re.search(r'0x([0-9a-fA-F]+)', code)
[codex:652660] hexstr=m.group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] # simple disassembler
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] pc=0
[codex:652660] out=[]
[codex:652660] while pc < len(code_bytes):
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc+1:pc+1+n]
[codex:652660] out.append(f\"{pc:04x}: {name} 0x{data.hex()}\")
[codex:652660] pc+=1+n
[codex:652660] else:
[codex:652660] out.append(f\"{pc:04x}: {name}\")
[codex:652660] pc+=1
[codex:652660]
[codex:652660] print('\\n'.join(out[:200]))
[codex:652660] print('...')
[codex:652660] print('\\n'.join(out[200:260]))
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 35ms:
[codex:652660] 0000: PUSH1 0x80
[codex:652660] 0002: PUSH1 0x40
[codex:652660] 0004: MSTORE
[codex:652660] 0005: PUSH1 0x04
[codex:652660] 0007: CALLDATASIZE
[codex:652660] 0008: LT
[codex:652660] 0009: PUSH2 0x0059
[codex:652660] 000c: JUMPI
[codex:652660] 000d: PUSH1 0x00
[codex:652660] 000f: CALLDATALOAD
[codex:652660] 0010: PUSH1 0xe0
[codex:652660] 0012: SHR
[codex:652660] 0013: DUP1
[codex:652660] 0014: PUSH4 0x5aa6e675
[codex:652660] 0019: EQ
[codex:652660] 001a: PUSH2 0x01d4
[codex:652660] 001d: JUMPI
[codex:652660] 001e: DUP1
[codex:652660] 001f: PUSH4 0x715018a6
[codex:652660] 0024: EQ
[codex:652660]
[codex:652660] thinking
[codex:652660] **Scanning for more functions**
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660] # simple disassembler from 0x01d4 onward
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] start=0x01ff
[codex:652660] pc=start
[codex:652660] out=[]
[codex:652660] while pc < len(code_bytes):
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc+1:pc+1+n]
[codex:652660] out.append(f\"{pc:04x}: {name} 0x{data.hex()}\")
[codex:652660] pc+=1+n
[codex:652660] else:
[codex:652660] out.append(f\"{pc:04x}: {name}\")
[codex:652660] pc+=1
[codex:652660] if pc>0x0400:
[codex:652660] break
[codex:652660] print('\\n'.join(out[:120]))
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 39ms:
[codex:652660] 01ff: JUMPDEST
[codex:652660] 0200: CALLVALUE
[codex:652660] 0201: DUP1
[codex:652660] 0202: ISZERO
[codex:652660] 0203: PUSH2 0x020b
[codex:652660] 0206: JUMPI
[codex:652660] 0207: PUSH1 0x00
[codex:652660] 0209: DUP1
[codex:652660] 020a: REVERT
[codex:652660] 020b: JUMPDEST
[codex:652660] 020c: POP
[codex:652660] 020d: PUSH2 0x0214
[codex:652660] 0210: PUSH2 0x02f6
[codex:652660] 0213: JUMP
[codex:652660] 0214: JUMPDEST
[codex:652660] 0215: STOP
[codex:652660] 0216: JUMPDEST
[codex:652660] 0217: CALLVALUE
[codex:652660] 0218: DUP1
[codex:652660] 0219: ISZERO
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing fallback function assembly**
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] pc=0x0060
[codex:652660] stack=[]
[codex:652660]
[codex:652660] def push(v):
[codex:652660] stack.append(v)
[codex:652660]
[codex:652660] def pop():
[codex:652660] return stack.pop() if stack else None
[codex:652660]
[codex:652660] # simple symbolic op
[codex:652660]
[codex:652660] def op_name(op):
[codex:652660] return opnames.get(op)
[codex:652660]
[codex:652660] limit=0x00d8
[codex:652660]
[codex:652660] while pc < len(code_bytes) and pc < limit:
[codex:652660] op=code_bytes[pc]
[codex:652660] name=op_name(op)
[codex:652660] pc0=pc
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc+1:pc+1+n]
[codex:652660] val=int.from_bytes(data,'big')
[codex:652660] push(f\"0x{val:x}\")
[codex:652660] pc+=1+n
[codex:652660] print(f\"{pc0:04x} {name} {val:#x} -> stack {stack}\")
[codex:652660] continue
[codex:652660] pc+=1
[codex:652660] if name=='JUMPDEST':
[codex:652660] print(f\"{pc0:04x} JUMPDEST stack {stack}\")
[codex:652660] elif name=='CALLVALUE':
[codex:652660] push('CALLVALUE')
[codex:652660] elif name=='CALLER':
[codex:652660] push('CALLER')
[codex:652660] elif name=='CALLDATASIZE':
[codex:652660] push('CALLDATASIZE')
[codex:652660] elif name=='CALLDATALOAD':
[codex:652660] push('CALLDATALOAD')
[codex:652660] elif name=='DUP1':
[codex:652660] push(stack[-1])
[codex:652660] elif name=='DUP2':
[codex:652660] push(stack[-2])
[codex:652660] elif name=='DUP3':
[codex:652660] push(stack[-3])
[codex:652660] elif name=='SWAP1':
[codex:652660] stack[-1], stack[-2] = stack[-2], stack[-1]
[codex:652660] elif name=='SWAP2':
[codex:652660] stack[-1], stack[-3] = stack[-3], stack[-1]
[codex:652660] elif name=='POP':
[codex:652660] pop()
[codex:652660] elif name=='ISZERO':
[codex:652660] a=pop(); push(f\"ISZERO({a})\")
[codex:652660] elif name=='LT':
[codex:652660] a=pop(); b=pop(); push(f\"LT({b},{a})\")
[codex:652660] elif name=='EQ':
[codex:652660] a=pop(); b=pop(); push(f\"EQ({b},{a})\")
[codex:652660] elif name=='AND':
[codex:652660] a=pop(); b=pop(); push(f\"AND({b},{a})\")
[codex:652660] elif name=='ADD':
[codex:652660] a=pop(); b=pop(); push(f\"ADD({b},{a})\")
[codex:652660] elif name=='SUB':
[codex:652660] a=pop(); b=pop(); push(f\"SUB({b},{a})\")
[codex:652660] elif name=='SHA3':
[codex:652660] a=pop(); b=pop(); push(f\"SHA3({b},{a})\")
[codex:652660] elif name=='SLOAD':
[codex:652660] a=pop(); push(f\"SLOAD({a})\")
[codex:652660] elif name=='MSTORE':
[codex:652660] off=pop(); val=pop();
[codex:652660] print(f\"{pc0:04x} MSTORE offset {off} value {val}\")
[codex:652660] elif name=='EXP':
[codex:652660] a=pop(); b=pop(); push(f\"EXP({b},{a})\")
[codex:652660] elif name=='DIV':
[codex:652660] a=pop(); b=pop(); push(f\"DIV({b},{a})\")
[codex:652660] elif name=='JUMPI':
[codex:652660] dest=pop(); cond=pop();
[codex:652660] print(f\"{pc0:04x} JUMPI dest {dest} cond {cond} -> stack {stack}\")
[codex:652660] else:
[codex:652660] print(f\"{pc0:04x} {name} -> stack {stack}\")
[codex:652660]
[codex:652660] print('final stack', stack)
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 28ms:
[codex:652660] 0060 JUMPDEST stack []
[codex:652660] 0064 PUSH2 0x6c -> stack ['CALLVALUE', 'ISZERO(CALLVALUE)', '0x6c']
[codex:652660] 0067 JUMPI dest 0x6c cond ISZERO(CALLVALUE) -> stack ['CALLVALUE']
[codex:652660] 0068 PUSH1 0x0 -> stack ['CALLVALUE', '0x0']
[codex:652660] 006b REVERT -> stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 006c JUMPDEST stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 006e PUSH1 0x0 -> stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 0070 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -> stack ['CALLVALUE', '0x0', '0x0', '0xffffffffffffffffffffffffffffffffffffffff']
[codex:652660] 0086 PUSH1 0x4 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4']
[codex:652660] 0088 PUSH1 0x0 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0']
[codex:652660] 008e PUSH2 0x93 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0', 'LT(SLOAD(0x4),0x0)', '0x93']
[codex:652660] 0091 JUMPI dest 0x93 cond LT(SLOAD(0x4),0x0) -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0']
[codex:652660] 0092 INVALID -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0']
[codex:652660] 0093 JUMPDEST stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0']
[codex:652660] 0095 PUSH1 0x0 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x0', '0x4', '0x0']
[codex:652660] 0097 MSTORE offset 0x0 value 0x4
[codex:652660] 0098 PUSH1 0x20 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x0', '0x20']
[codex:652660] 009a PUSH1 0x0 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x0', '0x20', '0x0']
[codex:652660] 009e PUSH1 0x0 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', 'ADD(0x0,SHA3(0x20,0x0))', '0x0']
[codex:652660] 00a3 PUSH2 0x100 -> stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', 'SLOAD(ADD(0x0,SHA3(0x20,0x0)))', '0x0', '0x100']
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing and improving opcode simulation**
[codex:652660]
[codex:652660] I'm realizing the symbolic tracer missed some operations like SWAP1 and DUP, and didn't handle JUMPI control flow properly, so the trace is incomplete and out of sync. I need to enhance the script to print every operation with stack states and implement all missing instructions, then rerun the trace to get a clearer view from 0x0060 to 0x00d7.
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] pc=0x0060
[codex:652660] stack=[]
[codex:652660]
[codex:652660] def push(v):
[codex:652660] stack.append(v)
[codex:652660]
[codex:652660] def pop():
[codex:652660] return stack.pop() if stack else None
[codex:652660]
[codex:652660]
[codex:652660] def log(op, extra=''):
[codex:652660] print(f\"{pc-1:04x}: {op} {extra} | stack {stack}\")
[codex:652660]
[codex:652660] limit=0x00e0
[codex:652660]
[codex:652660] while pc < len(code_bytes) and pc < limit:
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] pc+=1
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc:pc+n]
[codex:652660] val=int.from_bytes(data,'big')
[codex:652660] push(f\"0x{val:x}\")
[codex:652660] pc+=n
[codex:652660] log(name, hex(val))
[codex:652660] continue
[codex:652660] if name=='JUMPDEST':
[codex:652660] log('JUMPDEST')
[codex:652660] elif name=='CALLVALUE':
[codex:652660] push('CALLVALUE'); log('CALLVALUE')
[codex:652660] elif name=='CALLER':
[codex:652660] push('CALLER'); log('CALLER')
[codex:652660] elif name=='CALLDATASIZE':
[codex:652660] push('CALLDATASIZE'); log('CALLDATASIZE')
[codex:652660] elif name=='CALLDATALOAD':
[codex:652660] push('CALLDATALOAD'); log('CALLDATALOAD')
[codex:652660] elif name=='DUP1':
[codex:652660] push(stack[-1]); log('DUP1')
[codex:652660] elif name=='DUP2':
[codex:652660] push(stack[-2]); log('DUP2')
[codex:652660] elif name=='DUP3':
[codex:652660] push(stack[-3]); log('DUP3')
[codex:652660] elif name=='SWAP1':
[codex:652660] stack[-1], stack[-2] = stack[-2], stack[-1]; log('SWAP1')
[codex:652660] elif name=='SWAP2':
[codex:652660] stack[-1], stack[-3] = stack[-3], stack[-1]; log('SWAP2')
[codex:652660] elif name=='POP':
[codex:652660] pop(); log('POP')
[codex:652660] elif name=='ISZERO':
[codex:652660] a=pop(); push(f\"ISZERO({a})\"); log('ISZERO')
[codex:652660] elif name=='LT':
[codex:652660] a=pop(); b=pop(); push(f\"LT({b},{a})\"); log('LT')
[codex:652660] elif name=='EQ':
[codex:652660] a=pop(); b=pop(); push(f\"EQ({b},{a})\"); log('EQ')
[codex:652660] elif name=='AND':
[codex:652660] a=pop(); b=pop(); push(f\"AND({b},{a})\"); log('AND')
[codex:652660] elif name=='ADD':
[codex:652660] a=pop(); b=pop(); push(f\"ADD({b},{a})\"); log('ADD')
[codex:652660] elif name=='SUB':
[codex:652660] a=pop(); b=pop(); push(f\"SUB({b},{a})\"); log('SUB')
[codex:652660] elif name=='SHA3':
[codex:652660] a=pop(); b=pop(); push(f\"SHA3({b},{a})\"); log('SHA3')
[codex:652660] elif name=='SLOAD':
[codex:652660] a=pop(); push(f\"SLOAD({a})\"); log('SLOAD')
[codex:652660] elif name=='MSTORE':
[codex:652660] off=pop(); val=pop(); log('MSTORE', f\"off={off} val={val}\")
[codex:652660] elif name=='EXP':
[codex:652660] a=pop(); b=pop(); push(f\"EXP({b},{a})\"); log('EXP')
[codex:652660] elif name=='DIV':
[codex:652660] a=pop(); b=pop(); push(f\"DIV({b},{a})\"); log('DIV')
[codex:652660] elif name=='JUMPI':
[codex:652660] dest=pop(); cond=pop(); log('JUMPI', f\"dest={dest} cond={cond}\")
[codex:652660] elif name=='REVERT':
[codex:652660] log('REVERT')
[codex:652660] else:
[codex:652660] log(name)
[codex:652660]
[codex:652660] print('final stack', stack)
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 25ms:
[codex:652660] 0060: JUMPDEST | stack []
[codex:652660] 0061: CALLVALUE | stack ['CALLVALUE']
[codex:652660] 0062: DUP1 | stack ['CALLVALUE', 'CALLVALUE']
[codex:652660] 0063: ISZERO | stack ['CALLVALUE', 'ISZERO(CALLVALUE)']
[codex:652660] 0066: PUSH2 0x6c | stack ['CALLVALUE', 'ISZERO(CALLVALUE)', '0x6c']
[codex:652660] 0067: JUMPI dest=0x6c cond=ISZERO(CALLVALUE) | stack ['CALLVALUE']
[codex:652660] 0069: PUSH1 0x0 | stack ['CALLVALUE', '0x0']
[codex:652660] 006a: DUP1 | stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 006b: REVERT | stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 006c: JUMPDEST | stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 006d: POP | stack ['CALLVALUE', '0x0']
[codex:652660] 006f: PUSH1 0x0 | stack ['CALLVALUE', '0x0', '0x0']
[codex:652660] 0084: PUSH20 0xffffffffffffffffffffffffffffffffffffffff | stack ['CALLVALUE', '0x0', '0x0', '0xffffffffffffffffffffffffffffffffffffffff']
[codex:652660] 0085: AND | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)']
[codex:652660] 0087: PUSH1 0x4 | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4']
[codex:652660] 0089: PUSH1 0x0 | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0']
[codex:652660] 008a: DUP2 | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0', '0x4']
[codex:652660] 008b: SLOAD | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0', 'SLOAD(0x4)']
[codex:652660] 008c: DUP2 | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0', 'SLOAD(0x4)', '0x0']
[codex:652660] 008d: LT | stack ['CALLVALUE', '0x0', 'AND(0x0,0xffffffffffffffffffffffffffffffffffffffff)', '0x4', '0x0', 'LT(SLOAD(0x4),0x0)']
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing proxy contract logic and storage**
[codex:652660]
[codex:652660] I'm untangling the proxy's fallback that checks if an implementation address in an array is nonzero before delegatecalling it, suggesting a dynamic implementations list. The contract has owner and another slot (possibly admin), with functions to add implementations and return specific storage slots, but no clear way to switch active implementation besides always using array[0]. I'm curious about the role of slot3 and how the array and permissions interplay here.
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] # disassemble a range
[codex:652660] start=0x0460; end=0x0600
[codex:652660] pc=start
[codex:652660] out=[]
[codex:652660] while pc < len(code_bytes) and pc < end:
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc+1:pc+1+n]
[codex:652660] out.append(f\"{pc:04x}: {name} 0x{data.hex()}\")
[codex:652660] pc+=1+n
[codex:652660] else:
[codex:652660] out.append(f\"{pc:04x}: {name}\")
[codex:652660] pc+=1
[codex:652660]
[codex:652660] print('\\n'.join(out))
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 24ms:
[codex:652660] 0460: SELFDESTRUCT
[codex:652660] 0461: SELFDESTRUCT
[codex:652660] 0462: SELFDESTRUCT
[codex:652660] 0463: SELFDESTRUCT
[codex:652660] 0464: SELFDESTRUCT
[codex:652660] 0465: SELFDESTRUCT
[codex:652660] 0466: SELFDESTRUCT
[codex:652660] 0467: SELFDESTRUCT
[codex:652660] 0468: SELFDESTRUCT
[codex:652660] 0469: AND
[codex:652660] 046a: DUP2
[codex:652660] 046b: JUMP
[codex:652660] 046c: JUMPDEST
[codex:652660] 046d: PUSH2 0x0474
[codex:652660] 0470: PUSH2 0x070c
[codex:652660] 0473: JUMP
[codex:652660] 0474: JUMPDEST
[codex:652660] 0475: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
[codex:652660] 048a: AND
[codex:652660] 048b: PUSH2 0x0492
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing suspicious SELFDESTRUCT instructions**
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] start=0x070c; end=0x07d8
[codex:652660] pc=start
[codex:652660] out=[]
[codex:652660] while pc < len(code_bytes) and pc < end:
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc+1:pc+1+n]
[codex:652660] out.append(f\"{pc:04x}: {name} 0x{data.hex()}\")
[codex:652660] pc+=1+n
[codex:652660] else:
[codex:652660] out.append(f\"{pc:04x}: {name}\")
[codex:652660] pc+=1
[codex:652660]
[codex:652660] print('\\n'.join(out))
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 24ms:
[codex:652660] 070c: JUMPDEST
[codex:652660] 070d: PUSH1 0x00
[codex:652660] 070f: CALLER
[codex:652660] 0710: SWAP1
[codex:652660] 0711: POP
[codex:652660] 0712: SWAP1
[codex:652660] 0713: JUMP
[codex:652660] 0714: JUMPDEST
[codex:652660] 0715: DUP3
[codex:652660] 0716: DUP1
[codex:652660] 0717: SLOAD
[codex:652660] 0718: DUP3
[codex:652660] 0719: DUP3
[codex:652660] 071a: SSTORE
[codex:652660] 071b: SWAP1
[codex:652660] 071c: PUSH1 0x00
[codex:652660] 071e: MSTORE
[codex:652660] 071f: PUSH1 0x20
[codex:652660] 0721: PUSH1 0x00
[codex:652660] 0723: SHA3
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing proxy array storage and fallback delegatecall**
[codex:652660] exec
[codex:652660] /bin/bash -lc "python - <<'PY'
[codex:652660] import re
[codex:652660] code=open('BYTECODE_BUNDLE.txt').read()
[codex:652660] hexstr=re.search(r'0x([0-9a-fA-F]+)', code).group(1)
[codex:652660] code_bytes=bytes.fromhex(hexstr)
[codex:652660]
[codex:652660] opnames={
[codex:652660] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:652660] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:652660] 0x20:'SHA3',
[codex:652660] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:652660] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:652660] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:652660] 0x60:'PUSH1',0x61:'PUSH2',0x62:'PUSH3',0x63:'PUSH4',0x64:'PUSH5',0x65:'PUSH6',0x66:'PUSH7',0x67:'PUSH8',0x68:'PUSH9',0x69:'PUSH10',0x6a:'PUSH11',0x6b:'PUSH12',0x6c:'PUSH13',0x6d:'PUSH14',0x6e:'PUSH15',0x6f:'PUSH16',
[codex:652660] 0x70:'PUSH17',0x71:'PUSH18',0x72:'PUSH19',0x73:'PUSH20',0x74:'PUSH21',0x75:'PUSH22',0x76:'PUSH23',0x77:'PUSH24',0x78:'PUSH25',0x79:'PUSH26',0x7a:'PUSH27',0x7b:'PUSH28',0x7c:'PUSH29',0x7d:'PUSH30',0x7e:'PUSH31',0x7f:'PUSH32',
[codex:652660] 0x80:'DUP1',0x81:'DUP2',0x82:'DUP3',0x83:'DUP4',0x84:'DUP5',0x85:'DUP6',0x86:'DUP7',0x87:'DUP8',0x88:'DUP9',0x89:'DUP10',0x8a:'DUP11',0x8b:'DUP12',0x8c:'DUP13',0x8d:'DUP14',0x8e:'DUP15',0x8f:'DUP16',
[codex:652660] 0x90:'SWAP1',0x91:'SWAP2',0x92:'SWAP3',0x93:'SWAP4',0x94:'SWAP5',0x95:'SWAP6',0x96:'SWAP7',0x97:'SWAP8',0x98:'SWAP9',0x99:'SWAP10',0x9a:'SWAP11',0x9b:'SWAP12',0x9c:'SWAP13',0x9d:'SWAP14',0x9e:'SWAP15',0x9f:'SWAP16',
[codex:652660] 0xa0:'LOG0',0xa1:'LOG1',0xa2:'LOG2',0xa3:'LOG3',0xa4:'LOG4',
[codex:652660] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:652660] }
[codex:652660]
[codex:652660] pc=0x006e
[codex:652660] stack=[]
[codex:652660]
[codex:652660] def push(v):
[codex:652660] stack.append(v)
[codex:652660]
[codex:652660] def pop():
[codex:652660] return stack.pop()
[codex:652660]
[codex:652660] # start after POP at 0x006d; stack empty
[codex:652660]
[codex:652660] end=0x00d7
[codex:652660]
[codex:652660] while pc < end:
[codex:652660] op=code_bytes[pc]
[codex:652660] name=opnames.get(op,'OP%02x'%op)
[codex:652660] pc+=1
[codex:652660] if 0x60 <= op <= 0x7f:
[codex:652660] n=op-0x5f
[codex:652660] data=code_bytes[pc:pc+n]
[codex:652660] val=int.from_bytes(data,'big')
[codex:652660] push(f\"0x{val:x}\")
[codex:652660] pc+=n
[codex:652660] continue
[codex:652660] if name=='DUP1': push(stack[-1])
[codex:652660] elif name=='DUP2': push(stack[-2])
[codex:652660] elif name=='DUP3': push(stack[-3])
[codex:652660] elif name=='SWAP1': stack[-1], stack[-2] = stack[-2], stack[-1]
[codex:652660] elif name=='SWAP2': stack[-1], stack[-3] = stack[-3], stack[-1]
[codex:652660] elif name=='POP': pop()
[codex:652660] elif name=='LT':
[codex:652660] a=pop(); b=pop(); push(f\"LT({b},{a})\")
[codex:652660] elif name=='EQ':
[codex:652660] a=pop(); b=pop(); push(f\"EQ({b},{a})\")
[codex:652660] elif name=='ISZERO':
[codex:652660] a=pop(); push(f\"ISZERO({a})\")
[codex:652660] elif name=='AND':
[codex:652660] a=pop(); b=pop(); push(f\"AND({b},{a})\")
[codex:652660] elif name=='ADD':
[codex:652660] a=pop(); b=pop(); push(f\"ADD({b},{a})\")
[codex:652660] elif name=='SHA3':
[codex:652660] a=pop(); b=pop(); push(f\"SHA3({b},{a})\")
[codex:652660] elif name=='SLOAD':
[codex:652660] a=pop(); push(f\"SLOAD({a})\")
[codex:652660] elif name=='MSTORE':
[codex:652660] off=pop(); val=pop();
[codex:652660] elif name=='EXP':
[codex:652660] a=pop(); b=pop(); push(f\"EXP({b},{a})\")
[codex:652660] elif name=='DIV':
[codex:652660] a=pop(); b=pop(); push(f\"DIV({b},{a})\")
[codex:652660] elif name=='JUMPI':
[codex:652660] dest=pop(); cond=pop();
[codex:652660] # assume cond true to follow JUMPI target; stack already popped
[codex:652660] elif name=='JUMPDEST':
[codex:652660] pass
[codex:652660] elif name=='CALLDATASIZE':
[codex:652660] push('CALLDATASIZE')
[codex:652660] elif name=='CALLDATALOAD':
[codex:652660] push('CALLDATALOAD')
[codex:652660] elif name=='CALLER':
[codex:652660] push('CALLER')
[codex:652660] elif name=='CALLVALUE':
[codex:652660] push('CALLVALUE')
[codex:652660] elif name=='MLOAD':
[codex:652660] a=pop(); push(f\"MLOAD({a})\")
[codex:652660] elif name=='SUB':
[codex:652660] a=pop(); b=pop(); push(f\"SUB({b},{a})\")
[codex:652660] elif name=='GAS':
[codex:652660] push('GAS')
[codex:652660] elif name=='DELEGATECALL':
[codex:652660] # pop args (out of range for this segment)
[codex:652660] pass
[codex:652660] else:
[codex:652660] # ignore other ops
[codex:652660] pass
[codex:652660]
[codex:652660] print('final stack', stack)
[codex:652660] PY" in /tmp/codex-multi-p_h2tebn succeeded in 24ms:
[codex:652660] final stack ['ISZERO(EQ(AND(0x0,0xffffffffffffffffffffffffffffffffffffffff),AND(AND(DIV(EXP(0x0,0x100),SLOAD(ADD(0x0,SHA3(0x20,0x0)))),0xffffffffffffffffffffffffffffffffffffffff),0xffffffffffffffffffffffffffffffffffffffff)))']
[codex:652660]
[codex:652660] thinking
[codex:652660] **Analyzing potential proxy vulnerabilities**
[codex:652660]
[codex:652660] I'm carefully verifying if the proxy contract has exploitable paths like bypassing onlyOwner, delegatecall misuse, or storage collisions, but everything points to no concrete, profit-relevant vulnerabilities. I'm preparing to confirm no findings with a brief summary and ensuring output matches the required schema.
[codex:652660] exec
[codex:652660] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-p_h2tebn succeeded in 5ms:
[codex:652660] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:652660]
[codex:652660] thinking
[codex:652660] **Composing final analysis summary**
[codex:652660] codex
[codex:652660] {"no_findings":true,"summary":"No concrete exploit path to extract value is visible from the proxy bytecode alone. The fallback delegates to the implementation stored at slot4[0] after a nonzero check, and the only SSTORE paths (ownership changes and implementation array update) are gated by an owner check. Without implementation bytecode, there is no provable non-owner profit path.","findings":[]}
[codex:652660] tokens used
[codex:652660] 57,583
[codex:652660] {"no_findings":true,"summary":"No concrete exploit path to extract value is visible from the proxy bytecode alone. The fallback delegates to the implementation stored at slot4[0] after a nonzero check, and the only SSTORE paths (ownership changes and implementation array update) are gated by an owner check. Without implementation bytecode, there is no provable non-owner profit path.","findings":[]}
{
"codex": {
"ran_at": "2026-01-02T16:52:55.751628+00:00",
"returncode": 0
},
"summary": "No concrete exploit path to extract value is visible from the proxy bytecode alone. The fallback delegates to the implementation stored at slot4[0] after a nonzero check, and the only SSTORE paths (ownership changes and implementation array update) are gated by an owner check. Without implementation bytecode, there is no provable non-owner profit path.",
"raw_final": {
"summary": "No concrete exploit path to extract value is visible from the proxy bytecode alone. The fallback delegates to the implementation stored at slot4[0] after a nonzero check, and the only SSTORE paths (ownership changes and implementation array update) are gated by an owner check. Without implementation bytecode, there is no provable non-owner profit path.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0059 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x5aa6e675 00000019: EQ 0000001a: PUSH2 0x01d4 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x715018a6 00000024: EQ 00000025: PUSH2 0x01ff 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x845affc8 0000002f: EQ 00000030: PUSH2 0x0216 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0x8a7f7fd6 0000003a: EQ 0000003b: PUSH2 0x0253 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0x8da5cb5b 00000045: EQ 00000046: PUSH2 0x027c 00000049: JUMPI 0000004a: DUP1 0000004b: PUSH4 0xf2fde38b 00000050: EQ 00000051: PUSH2 0x02a7 00000054: JUMPI 00000055: PUSH2 0x0060 00000058: JUMP 00000059: JUMPDEST 0000005a: CALLDATASIZE 0000005b: PUSH2 0x0060 0000005e: JUMPI 0000005f: STOP 00000060: JUMPDEST 00000061: CALLVALUE 00000062: DUP1 00000063: ISZERO 00000064: PUSH2 0x006c 00000067: JUMPI 00000068: PUSH1 0x00 0000006a: DUP1 0000006b: REVERT 0000006c: JUMPDEST 0000006d: POP 0000006e: PUSH1 0x00 00000070: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000085: AND 00000086: PUSH1 0x04 00000088: PUSH1 0x00 0000008a: DUP2 0000008b: SLOAD 0000008c: DUP2 0000008d: LT 0000008e: PUSH2 0x0093 00000091: JUMPI 00000092: INVALID 00000093: JUMPDEST 00000094: SWAP1 00000095: PUSH1 0x00 00000097: MSTORE 00000098: PUSH1 0x20 0000009a: PUSH1 0x00 0000009c: KECCAK256 0000009d: ADD 0000009e: PUSH1 0x00 000000a0: SWAP1 000000a1: SLOAD 000000a2: SWAP1 000000a3: PUSH2 0x0100 000000a6: EXP 000000a7: SWAP1 000000a8: DIV 000000a9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000be: AND 000000bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000d4: AND 000000d5: EQ 000000d6: ISZERO 000000d7: PUSH2 0x0115 000000da: JUMPI 000000db: PUSH1 0x40 000000dd: MLOAD 000000de: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000000ff: DUP2 00000100: MSTORE 00000101: PUSH1 0x04 00000103: ADD 00000104: PUSH2 0x010c 00000107: SWAP1 00000108: PUSH2 0x0a76 0000010b: JUMP 0000010c: JUMPDEST 0000010d: PUSH1 0x40 0000010f: MLOAD 00000110: DUP1 00000111: SWAP2 00000112: SUB 00000113: SWAP1 00000114: REVERT 00000115: JUMPDEST 00000116: PUSH1 0x00 00000118: PUSH1 0x04 0000011a: PUSH1 0x00 0000011c: DUP2 0000011d: SLOAD 0000011e: DUP2 0000011f: LT 00000120: PUSH2 0x0125 00000123: JUMPI 00000124: INVALID 00000125: JUMPDEST 00000126: SWAP1 00000127: PUSH1 0x00 00000129: MSTORE 0000012a: PUSH1 0x20 0000012c: PUSH1 0x00 0000012e: KECCAK256 0000012f: ADD 00000130: PUSH1 0x00 00000132: SWAP1 00000133: SLOAD 00000134: SWAP1 00000135: PUSH2 0x0100 00000138: EXP 00000139: SWAP1 0000013a: DIV 0000013b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000150: AND 00000151: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000166: AND 00000167: PUSH1 0x00 00000169: CALLDATASIZE 0000016a: PUSH1 0x40 0000016c: MLOAD 0000016d: PUSH2 0x0177 00000170: SWAP3 00000171: SWAP2 00000172: SWAP1 00000173: PUSH2 0x0a42 00000176: JUMP 00000177: JUMPDEST 00000178: PUSH1 0x00 0000017a: PUSH1 0x40 0000017c: MLOAD 0000017d: DUP1 0000017e: DUP4 0000017f: SUB 00000180: DUP2 00000181: DUP6 00000182: GAS 00000183: DELEGATECALL 00000184: SWAP2 00000185: POP 00000186: POP 00000187: RETURNDATASIZE 00000188: DUP1 00000189: PUSH1 0x00 0000018b: DUP2 0000018c: EQ 0000018d: PUSH2 0x01b2 00000190: JUMPI 00000191: PUSH1 0x40 00000193: MLOAD 00000194: SWAP2 00000195: POP 00000196: PUSH1 0x1f 00000198: NOT 00000199: PUSH1 0x3f 0000019b: RETURNDATASIZE 0000019c: ADD 0000019d: AND 0000019e: DUP3 0000019f: ADD 000001a0: PUSH1 0x40 000001a2: MSTORE 000001a3: RETURNDATASIZE 000001a4: DUP3 000001a5: MSTORE 000001a6: RETURNDATASIZE 000001a7: PUSH1 0x00 000001a9: PUSH1 0x20 000001ab: DUP5 000001ac: ADD 000001ad: RETURNDATACOPY 000001ae: PUSH2 0x01b7 000001b1: JUMP 000001b2: JUMPDEST 000001b3: PUSH1 0x60 000001b5: SWAP2 000001b6: POP 000001b7: JUMPDEST 000001b8: POP 000001b9: POP 000001ba: SWAP1 000001bb: POP 000001bc: PUSH1 0x40 000001be: MLOAD 000001bf: RETURNDATASIZE 000001c0: PUSH1 0x00 000001c2: DUP3 000001c3: RETURNDATACOPY 000001c4: DUP2 000001c5: PUSH1 0x00 000001c7: DUP2 000001c8: EQ 000001c9: PUSH2 0x01d0 000001cc: JUMPI 000001cd: RETURNDATASIZE 000001ce: DUP3 000001cf: RETURN 000001d0: JUMPDEST 000001d1: RETURNDATASIZE 000001d2: DUP3 000001d3: REVERT 000001d4: JUMPDEST 000001d5: CALLVALUE 000001d6: DUP1 000001d7: ISZERO 000001d8: PUSH2 0x01e0 000001db: JUMPI 000001dc: PUSH1 0x00 000001de: DUP1 000001df: REVERT 000001e0: JUMPDEST 000001e1: POP 000001e2: PUSH2 0x01e9 000001e5: PUSH2 0x02d0 000001e8: JUMP 000001e9: JUMPDEST 000001ea: PUSH1 0x40 000001ec: MLOAD 000001ed: PUSH2 0x01f6 000001f0: SWAP2 000001f1: SWAP1 000001f2: PUSH2 0x0a5b 000001f5: JUMP 000001f6: JUMPDEST 000001f7: PUSH1 0x40 000001f9: MLOAD 000001fa: DUP1 000001fb: SWAP2 000001fc: SUB 000001fd: SWAP1 000001fe: RETURN 000001ff: JUMPDEST 00000200: CALLVALUE 00000201: DUP1 00000202: ISZERO 00000203: PUSH2 0x020b 00000206: JUMPI 00000207: PUSH1 0x00 00000209: DUP1 0000020a: REVERT 0000020b: JUMPDEST 0000020c: POP 0000020d: PUSH2 0x0214 00000210: PUSH2 0x02f6 00000213: JUMP 00000214: JUMPDEST 00000215: STOP 00000216: JUMPDEST 00000217: CALLVALUE 00000218: DUP1 00000219: ISZERO 0000021a: PUSH2 0x0222 0000021d: JUMPI 0000021e: PUSH1 0x00 00000220: DUP1 00000221: REVERT 00000222: JUMPDEST 00000223: POP 00000224: PUSH2 0x023d 00000227: PUSH1 0x04 00000229: DUP1 0000022a: CALLDATASIZE 0000022b: SUB 0000022c: DUP2 0000022d: ADD 0000022e: SWAP1 0000022f: PUSH2 0x0238 00000232: SWAP2 00000233: SWAP1 00000234: PUSH2 0x08f0 00000237: JUMP 00000238: JUMPDEST 00000239: PUSH2 0x0430 0000023c: JUMP 0000023d: JUMPDEST 0000023e: PUSH1 0x40 00000240: MLOAD 00000241: PUSH2 0x024a 00000244: SWAP2 00000245: SWAP1 00000246: PUSH2 0x0a5b 00000249: JUMP 0000024a: JUMPDEST 0000024b: PUSH1 0x40 0000024d: MLOAD 0000024e: DUP1 0000024f: SWAP2 00000250: SUB 00000251: SWAP1 00000252: RETURN 00000253: JUMPDEST 00000254: CALLVALUE 00000255: DUP1 00000256: ISZERO 00000257: PUSH2 0x025f 0000025a: JUMPI 0000025b: PUSH1 0x00 0000025d: DUP1 0000025e: REVERT 0000025f: JUMPDEST 00000260: POP 00000261: PUSH2 0x027a 00000264: PUSH1 0x04 00000266: DUP1 00000267: CALLDATASIZE 00000268: SUB 00000269: DUP2 0000026a: ADD 0000026b: SWAP1 0000026c: PUSH2 0x0275 0000026f: SWAP2 00000270: SWAP1 00000271: PUSH2 0x08af 00000274: JUMP 00000275: JUMPDEST 00000276: PUSH2 0x046c 00000279: JUMP 0000027a: JUMPDEST 0000027b: STOP 0000027c: JUMPDEST 0000027d: CALLVALUE 0000027e: DUP1 0000027f: ISZERO 00000280: PUSH2 0x0288 00000283: JUMPI 00000284: PUSH1 0x00 00000286: DUP1 00000287: REVERT 00000288: JUMPDEST 00000289: POP 0000028a: PUSH2 0x0291 0000028d: PUSH2 0x053a 00000290: JUMP 00000291: JUMPDEST 00000292: PUSH1 0x40 00000294: MLOAD 00000295: PUSH2 0x029e 00000298: SWAP2 00000299: SWAP1 0000029a: PUSH2 0x0a5b 0000029d: JUMP 0000029e: JUMPDEST 0000029f: PUSH1 0x40 000002a1: MLOAD 000002a2: DUP1 000002a3: SWAP2 000002a4: SUB 000002a5: SWAP1 000002a6: RETURN 000002a7: JUMPDEST 000002a8: CALLVALUE 000002a9: DUP1 000002aa: ISZERO 000002ab: PUSH2 0x02b3 000002ae: JUMPI 000002af: PUSH1 0x00 000002b1: DUP1 000002b2: REVERT 000002b3: JUMPDEST 000002b4: POP 000002b5: PUSH2 0x02ce 000002b8: PUSH1 0x04 000002ba: DUP1 000002bb: CALLDATASIZE 000002bc: SUB 000002bd: DUP2 000002be: ADD 000002bf: SWAP1 000002c0: PUSH2 0x02c9 000002c3: SWAP2 000002c4: SWAP1 000002c5: PUSH2 0x0886 000002c8: JUMP 000002c9: JUMPDEST 000002ca: PUSH2 0x0563 000002cd: JUMP 000002ce: JUMPDEST 000002cf: STOP 000002d0: JUMPDEST 000002d1: PUSH1 0x03 000002d3: PUSH1 0x00 000002d5: SWAP1 000002d6: SLOAD 000002d7: SWAP1 000002d8: PUSH2 0x0100 000002db: EXP 000002dc: SWAP1 000002dd: DIV 000002de: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002f3: AND 000002f4: DUP2 000002f5: JUMP 000002f6: JUMPDEST 000002f7: PUSH2 0x02fe 000002fa: PUSH2 0x070c 000002fd: JUMP 000002fe: JUMPDEST 000002ff: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000314: AND 00000315: PUSH2 0x031c 00000318: PUSH2 0x053a 0000031b: JUMP 0000031c: JUMPDEST 0000031d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000332: AND 00000333: EQ 00000334: PUSH2 0x0372 00000337: JUMPI 00000338: PUSH1 0x40 0000033a: MLOAD 0000033b: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000035c: DUP2 0000035d: MSTORE 0000035e: PUSH1 0x04 00000360: ADD 00000361: PUSH2 0x0369 00000364: SWAP1 00000365: PUSH2 0x0ab6 00000368: JUMP 00000369: JUMPDEST 0000036a: PUSH1 0x40 0000036c: MLOAD 0000036d: DUP1 0000036e: SWAP2 0000036f: SUB 00000370: SWAP1 00000371: REVERT 00000372: JUMPDEST 00000373: PUSH1 0x00 00000375: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000038a: AND 0000038b: PUSH1 0x00 0000038d: DUP1 0000038e: SLOAD 0000038f: SWAP1 00000390: PUSH2 0x0100 00000393: EXP 00000394: SWAP1 00000395: DIV 00000396: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003ab: AND 000003ac: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003c1: AND 000003c2: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 000003e3: PUSH1 0x40 000003e5: MLOAD 000003e6: PUSH1 0x40 000003e8: MLOAD 000003e9: DUP1 000003ea: SWAP2 000003eb: SUB 000003ec: SWAP1 000003ed: LOG3 000003ee: PUSH1 0x00 000003f0: DUP1 000003f1: PUSH1 0x00 000003f3: PUSH2 0x0100 000003f6: EXP 000003f7: DUP2 000003f8: SLOAD 000003f9: DUP2 000003fa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000040f: MUL 00000410: NOT 00000411: AND 00000412: SWAP1 00000413: DUP4 00000414: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000429: AND 0000042a: MUL 0000042b: OR 0000042c: SWAP1 0000042d: SSTORE 0000042e: POP 0000042f: JUMP 00000430: JUMPDEST 00000431: PUSH1 0x04 00000433: DUP2 00000434: DUP2 00000435: SLOAD 00000436: DUP2 00000437: LT 00000438: PUSH2 0x043d 0000043b: JUMPI 0000043c: INVALID 0000043d: JUMPDEST 0000043e: SWAP1 0000043f: PUSH1 0x00 00000441: MSTORE 00000442: PUSH1 0x20 00000444: PUSH1 0x00 00000446: KECCAK256 00000447: ADD 00000448: PUSH1 0x00 0000044a: SWAP2 0000044b: POP 0000044c: SLOAD 0000044d: SWAP1 0000044e: PUSH2 0x0100 00000451: EXP 00000452: SWAP1 00000453: DIV 00000454: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000469: AND 0000046a: DUP2 0000046b: JUMP 0000046c: JUMPDEST 0000046d: PUSH2 0x0474 00000470: PUSH2 0x070c 00000473: JUMP 00000474: JUMPDEST 00000475: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000048a: AND 0000048b: PUSH2 0x0492 0000048e: PUSH2 0x053a 00000491: JUMP 00000492: JUMPDEST 00000493: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004a8: AND 000004a9: EQ 000004aa: PUSH2 0x04e8 000004ad: JUMPI 000004ae: PUSH1 0x40 000004b0: MLOAD 000004b1: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000004d2: DUP2 000004d3: MSTORE 000004d4: PUSH1 0x04 000004d6: ADD 000004d7: PUSH2 0x04df 000004da: SWAP1 000004db: PUSH2 0x0ab6 000004de: JUMP 000004df: JUMPDEST 000004e0: PUSH1 0x40 000004e2: MLOAD 000004e3: DUP1 000004e4: SWAP2 000004e5: SUB 000004e6: SWAP1 000004e7: REVERT 000004e8: JUMPDEST 000004e9: DUP1 000004ea: PUSH1 0x04 000004ec: SWAP1 000004ed: DUP1 000004ee: MLOAD 000004ef: SWAP1 000004f0: PUSH1 0x20 000004f2: ADD 000004f3: SWAP1 000004f4: PUSH2 0x04fe 000004f7: SWAP3 000004f8: SWAP2 000004f9: SWAP1 000004fa: PUSH2 0x0714 000004fd: JUMP 000004fe: JUMPDEST 000004ff: POP 00000500: PUSH32 0xd185b5a7934c79098a4109d219bda6291f588e82a24d9102918c3d40cd3f2a7a 00000521: DUP2 00000522: MLOAD 00000523: PUSH1 0x40 00000525: MLOAD 00000526: PUSH2 0x052f 00000529: SWAP2 0000052a: SWAP1 0000052b: PUSH2 0x0ad6 0000052e: JUMP 0000052f: JUMPDEST 00000530: PUSH1 0x40 00000532: MLOAD 00000533: DUP1 00000534: SWAP2 00000535: SUB 00000536: SWAP1 00000537: LOG1 00000538: POP 00000539: JUMP 0000053a: JUMPDEST 0000053b: PUSH1 0x00 0000053d: DUP1 0000053e: PUSH1 0x00 00000540: SWAP1 00000541: SLOAD 00000542: SWAP1 00000543: PUSH2 0x0100 00000546: EXP 00000547: SWAP1 00000548: DIV 00000549: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000055e: AND 0000055f: SWAP1 00000560: POP 00000561: SWAP1 00000562: JUMP 00000563: JUMPDEST 00000564: PUSH2 0x056b 00000567: PUSH2 0x070c 0000056a: JUMP 0000056b: JUMPDEST 0000056c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000581: AND 00000582: PUSH2 0x0589 00000585: PUSH2 0x053a 00000588: JUMP 00000589: JUMPDEST 0000058a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000059f: AND 000005a0: EQ 000005a1: PUSH2 0x05df 000005a4: JUMPI 000005a5: PUSH1 0x40 000005a7: MLOAD 000005a8: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000005c9: DUP2 000005ca: MSTORE 000005cb: PUSH1 0x04 000005cd: ADD 000005ce: PUSH2 0x05d6 000005d1: SWAP1 000005d2: PUSH2 0x0ab6 000005d5: JUMP 000005d6: JUMPDEST 000005d7: PUSH1 0x40 000005d9: MLOAD 000005da: DUP1 000005db: SWAP2 000005dc: SUB 000005dd: SWAP1 000005de: REVERT 000005df: JUMPDEST 000005e0: PUSH1 0x00 000005e2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005f7: AND 000005f8: DUP2 000005f9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000060e: AND 0000060f: EQ 00000610: ISZERO 00000611: PUSH2 0x064f 00000614: JUMPI 00000615: PUSH1 0x40 00000617: MLOAD 00000618: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000639: DUP2 0000063a: MSTORE 0000063b: PUSH1 0x04 0000063d: ADD 0000063e: PUSH2 0x0646 00000641: SWAP1 00000642: PUSH2 0x0a96 00000645: JUMP 00000646: JUMPDEST 00000647: PUSH1 0x40 00000649: MLOAD 0000064a: DUP1 0000064b: SWAP2 0000064c: SUB 0000064d: SWAP1 0000064e: REVERT 0000064f: JUMPDEST 00000650: DUP1 00000651: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000666: AND 00000667: PUSH1 0x00 00000669: DUP1 0000066a: SLOAD 0000066b: SWAP1 0000066c: PUSH2 0x0100 0000066f: EXP 00000670: SWAP1 00000671: DIV 00000672: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000687: AND 00000688: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000069d: AND 0000069e: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 000006bf: PUSH1 0x40 000006c1: MLOAD 000006c2: PUSH1 0x40 000006c4: MLOAD 000006c5: DUP1 000006c6: SWAP2 000006c7: SUB 000006c8: SWAP1 000006c9: LOG3 000006ca: DUP1 000006cb: PUSH1 0x00 000006cd: DUP1 000006ce: PUSH2 0x0100 000006d1: EXP 000006d2: DUP2 000006d3: SLOAD 000006d4: DUP2 000006d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000006ea: MUL 000006eb: NOT 000006ec: AND 000006ed: SWAP1 000006ee: DUP4 000006ef: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000704: AND 00000705: MUL 00000706: OR 00000707: SWAP1 00000708: SSTORE 00000709: POP 0000070a: POP 0000070b: JUMP 0000070c: JUMPDEST 0000070d: PUSH1 0x00 0000070f: CALLER 00000710: SWAP1 00000711: POP 00000712: SWAP1 00000713: JUMP 00000714: JUMPDEST 00000715: DUP3 00000716: DUP1 00000717: SLOAD 00000718: DUP3 00000719: DUP3 0000071a: SSTORE 0000071b: SWAP1 0000071c: PUSH1 0x00 0000071e: MSTORE 0000071f: PUSH1 0x20 00000721: PUSH1 0x00 00000723: KECCAK256 00000724: SWAP1 00000725: DUP2 00000726: ADD 00000727: SWAP3 00000728: DUP3 00000729: ISZERO 0000072a: PUSH2 0x078d 0000072d: JUMPI 0000072e: SWAP2 0000072f: PUSH1 0x20 00000731: MUL 00000732: DUP3 00000733: ADD 00000734: JUMPDEST 00000735: DUP3 00000736: DUP2 00000737: GT 00000738: ISZERO 00000739: PUSH2 0x078c 0000073c: JUMPI 0000073d: DUP3 0000073e: MLOAD 0000073f: DUP3 00000740: PUSH1 0x00 00000742: PUSH2 0x0100 00000745: EXP 00000746: DUP2 00000747: SLOAD 00000748: DUP2 00000749: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000075e: MUL 0000075f: NOT 00000760: AND 00000761: SWAP1 00000762: DUP4 00000763: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000778: AND 00000779: MUL 0000077a: OR 0000077b: SWAP1 0000077c: SSTORE 0000077d: POP 0000077e: SWAP2 0000077f: PUSH1 0x20 00000781: ADD 00000782: SWAP2 00000783: SWAP1 00000784: PUSH1 0x01 00000786: ADD 00000787: SWAP1 00000788: PUSH2 0x0734 0000078b: JUMP 0000078c: JUMPDEST 0000078d: JUMPDEST 0000078e: POP 0000078f: SWAP1 00000790: POP 00000791: PUSH2 0x079a 00000794: SWAP2 00000795: SWAP1 00000796: PUSH2 0x079e 00000799: JUMP 0000079a: JUMPDEST 0000079b: POP 0000079c: SWAP1 0000079d: JUMP 0000079e: JUMPDEST 0000079f: JUMPDEST 000007a0: DUP1 000007a1: DUP3 000007a2: GT 000007a3: ISZERO 000007a4: PUSH2 0x07d5 000007a7: JUMPI 000007a8: PUSH1 0x00 000007aa: DUP2 000007ab: DUP2 000007ac: PUSH2 0x0100 000007af: EXP 000007b0: DUP2 000007b1: SLOAD 000007b2: SWAP1 000007b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000007c8: MUL 000007c9: NOT 000007ca: AND 000007cb: SWAP1 000007cc: SSTORE 000007cd: POP 000007ce: PUSH1 0x01 000007d0: ADD 000007d1: PUSH2 0x079f 000007d4: JUMP 000007d5: JUMPDEST 000007d6: POP 000007d7: SWAP1 000007d8: JUMP 000007d9: JUMPDEST 000007da: PUSH1 0x00 000007dc: DUP2 000007dd: CALLDATALOAD 000007de: SWAP1 000007df: POP 000007e0: PUSH2 0x07e8 000007e3: DUP2 000007e4: PUSH2 0x0bad 000007e7: JUMP 000007e8: JUMPDEST 000007e9: SWAP3 000007ea: SWAP2 000007eb: POP 000007ec: POP 000007ed: JUMP 000007ee: JUMPDEST 000007ef: PUSH1 0x00 000007f1: DUP3 000007f2: PUSH1 0x1f 000007f4: DUP4 000007f5: ADD 000007f6: SLT 000007f7: PUSH2 0x07ff 000007fa: JUMPI 000007fb: PUSH1 0x00 000007fd: DUP1 000007fe: REVERT 000007ff: JUMPDEST 00000800: DUP2 00000801: CALLDATALOAD 00000802: PUSH2 0x0812 00000805: PUSH2 0x080d 00000808: DUP3 00000809: PUSH2 0x0b1e 0000080c: JUMP 0000080d: JUMPDEST 0000080e: PUSH2 0x0af1 00000811: JUMP 00000812: JUMPDEST 00000813: SWAP2 00000814: POP 00000815: DUP2 00000816: DUP2 00000817: DUP4 00000818: MSTORE 00000819: PUSH1 0x20 0000081b: DUP5 0000081c: ADD 0000081d: SWAP4 0000081e: POP 0000081f: PUSH1 0x20 00000821: DUP2 00000822: ADD 00000823: SWAP1 00000824: POP 00000825: DUP4 00000826: DUP6 00000827: PUSH1 0x20 00000829: DUP5 0000082a: MUL 0000082b: DUP3 0000082c: ADD 0000082d: GT 0000082e: ISZERO 0000082f: PUSH2 0x0837 00000832: JUMPI 00000833: PUSH1 0x00 00000835: DUP1 00000836: REVERT 00000837: JUMPDEST 00000838: PUSH1 0x00 0000083a: JUMPDEST 0000083b: DUP4 0000083c: DUP2 0000083d: LT 0000083e: ISZERO 0000083f: PUSH2 0x0867 00000842: JUMPI 00000843: DUP2 00000844: PUSH2 0x084d 00000847: DUP9 00000848: DUP3 00000849: PUSH2 0x07d9 0000084c: JUMP 0000084d: JUMPDEST 0000084e: DUP5 0000084f: MSTORE 00000850: PUSH1 0x20 00000852: DUP5 00000853: ADD 00000854: SWAP4 00000855: POP 00000856: PUSH1 0x20 00000858: DUP4 00000859: ADD 0000085a: SWAP3 0000085b: POP 0000085c: POP 0000085d: PUSH1 0x01 0000085f: DUP2 00000860: ADD 00000861: SWAP1 00000862: POP 00000863: PUSH2 0x083a 00000866: JUMP 00000867: JUMPDEST 00000868: POP 00000869: POP 0000086a: POP 0000086b: POP 0000086c: SWAP3 0000086d: SWAP2 0000086e: POP 0000086f: POP 00000870: JUMP 00000871: JUMPDEST 00000872: PUSH1 0x00 00000874: DUP2 00000875: CALLDATALOAD 00000876: SWAP1 00000877: POP 00000878: PUSH2 0x0880 0000087b: DUP2 0000087c: PUSH2 0x0bc4 0000087f: JUMP 00000880: JUMPDEST 00000881: SWAP3 00000882: SWAP2 00000883: POP 00000884: POP 00000885: JUMP 00000886: JUMPDEST 00000887: PUSH1 0x00 00000889: PUSH1 0x20 0000088b: DUP3 0000088c: DUP5 0000088d: SUB 0000088e: SLT 0000088f: ISZERO 00000890: PUSH2 0x0898 00000893: JUMPI 00000894: PUSH1 0x00 00000896: DUP1 00000897: REVERT 00000898: JUMPDEST 00000899: PUSH1 0x00 0000089b: PUSH2 0x08a6 0000089e: DUP5 0000089f: DUP3 000008a0: DUP6 000008a1: ADD 000008a2: PUSH2 0x07d9 000008a5: JUMP 000008a6: JUMPDEST 000008a7: SWAP2 000008a8: POP 000008a9: POP 000008aa: SWAP3 000008ab: SWAP2 000008ac: POP 000008ad: POP 000008ae: JUMP 000008af: JUMPDEST 000008b0: PUSH1 0x00 000008b2: PUSH1 0x20 000008b4: DUP3 000008b5: DUP5 000008b6: SUB 000008b7: SLT 000008b8: ISZERO 000008b9: PUSH2 0x08c1 000008bc: JUMPI 000008bd: PUSH1 0x00 000008bf: DUP1 000008c0: REVERT 000008c1: JUMPDEST 000008c2: PUSH1 0x00 000008c4: DUP3 000008c5: ADD 000008c6: CALLDATALOAD 000008c7: PUSH8 0xffffffffffffffff 000008d0: DUP2 000008d1: GT 000008d2: ISZERO 000008d3: PUSH2 0x08db 000008d6: JUMPI 000008d7: PUSH1 0x00 000008d9: DUP1 000008da: REVERT 000008db: JUMPDEST 000008dc: PUSH2 0x08e7 000008df: DUP5 000008e0: DUP3 000008e1: DUP6 000008e2: ADD 000008e3: PUSH2 0x07ee 000008e6: JUMP 000008e7: JUMPDEST 000008e8: SWAP2 000008e9: POP 000008ea: POP 000008eb: SWAP3 000008ec: SWAP2 000008ed: POP 000008ee: POP 000008ef: JUMP 000008f0: JUMPDEST 000008f1: PUSH1 0x00 000008f3: PUSH1 0x20 000008f5: DUP3 000008f6: DUP5 000008f7: SUB 000008f8: SLT 000008f9: ISZERO 000008fa: PUSH2 0x0902 000008fd: JUMPI 000008fe: PUSH1 0x00 00000900: DUP1 00000901: REVERT 00000902: JUMPDEST 00000903: PUSH1 0x00 00000905: PUSH2 0x0910 00000908: DUP5 00000909: DUP3 0000090a: DUP6 0000090b: ADD 0000090c: PUSH2 0x0871 0000090f: JUMP 00000910: JUMPDEST 00000911: SWAP2 00000912: POP 00000913: POP 00000914: SWAP3 00000915: SWAP2 00000916: POP 00000917: POP 00000918: JUMP 00000919: JUMPDEST 0000091a: PUSH2 0x0922 0000091d: DUP2 0000091e: PUSH2 0x0b62 00000921: JUMP 00000922: JUMPDEST 00000923: DUP3 00000924: MSTORE 00000925: POP 00000926: POP 00000927: JUMP 00000928: JUMPDEST 00000929: PUSH1 0x00 0000092b: PUSH2 0x0934 0000092e: DUP4 0000092f: DUP6 00000930: PUSH2 0x0b46 00000933: JUMP 00000934: JUMPDEST 00000935: SWAP4 00000936: POP 00000937: PUSH2 0x0941 0000093a: DUP4 0000093b: DUP6 0000093c: DUP5 0000093d: PUSH2 0x0b9e 00000940: JUMP 00000941: JUMPDEST 00000942: DUP3 00000943: DUP5 00000944: ADD 00000945: SWAP1 00000946: POP 00000947: SWAP4 00000948: SWAP3 00000949: POP 0000094a: POP 0000094b: POP 0000094c: JUMP 0000094d: JUMPDEST 0000094e: PUSH1 0x00 00000950: PUSH2 0x095a 00000953: PUSH1 0x17 00000955: DUP4 00000956: PUSH2 0x0b51 00000959: JUMP 0000095a: JUMPDEST 0000095b: SWAP2 0000095c: POP 0000095d: PUSH32 0x696e76616c69642020696d706c656d656e746174696f6e000000000000000000 0000097e: PUSH1 0x00 00000980: DUP4 00000981: ADD 00000982: MSTORE 00000983: PUSH1 0x20 00000985: DUP3 00000986: ADD 00000987: SWAP1 00000988: POP 00000989: SWAP2 0000098a: SWAP1 0000098b: POP 0000098c: JUMP 0000098d: JUMPDEST 0000098e: PUSH1 0x00 00000990: PUSH2 0x099a 00000993: PUSH1 0x26 00000995: DUP4 00000996: PUSH2 0x0b51 00000999: JUMP 0000099a: JUMPDEST 0000099b: SWAP2 0000099c: POP 0000099d: PUSH32 0x4f776e61626c653a206e6577206f776e657220697320746865207a65726f2061 000009be: PUSH1 0x00 000009c0: DUP4 000009c1: ADD 000009c2: MSTORE 000009c3: PUSH32 0x6464726573730000000000000000000000000000000000000000000000000000 000009e4: PUSH1 0x20 000009e6: DUP4 000009e7: ADD 000009e8: MSTORE 000009e9: PUSH1 0x40 000009eb: DUP3 000009ec: ADD 000009ed: SWAP1 000009ee: POP 000009ef: SWAP2 000009f0: SWAP1 000009f1: POP 000009f2: JUMP 000009f3: JUMPDEST 000009f4: PUSH1 0x00 000009f6: PUSH2 0x0a00 000009f9: PUSH1 0x20 000009fb: DUP4 000009fc: PUSH2 0x0b51 000009ff: JUMP 00000a00: JUMPDEST 00000a01: SWAP2 00000a02: POP 00000a03: PUSH32 0x4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572 00000a24: PUSH1 0x00 00000a26: DUP4 00000a27: ADD 00000a28: MSTORE 00000a29: PUSH1 0x20 00000a2b: DUP3 00000a2c: ADD 00000a2d: SWAP1 00000a2e: POP 00000a2f: SWAP2 00000a30: SWAP1 00000a31: POP 00000a32: JUMP 00000a33: JUMPDEST 00000a34: PUSH2 0x0a3c 00000a37: DUP2 00000a38: PUSH2 0x0b94 00000a3b: JUMP 00000a3c: JUMPDEST 00000a3d: DUP3 00000a3e: MSTORE 00000a3f: POP 00000a40: POP 00000a41: JUMP 00000a42: JUMPDEST 00000a43: PUSH1 0x00 00000a45: PUSH2 0x0a4f 00000a48: DUP3 00000a49: DUP5 00000a4a: DUP7 00000a4b: PUSH2 0x0928 00000a4e: JUMP 00000a4f: JUMPDEST 00000a50: SWAP2 00000a51: POP 00000a52: DUP2 00000a53: SWAP1 00000a54: POP 00000a55: SWAP4 00000a56: SWAP3 00000a57: POP 00000a58: POP 00000a59: POP 00000a5a: JUMP 00000a5b: JUMPDEST 00000a5c: PUSH1 0x00 00000a5e: PUSH1 0x20 00000a60: DUP3 00000a61: ADD 00000a62: SWAP1 00000a63: POP 00000a64: PUSH2 0x0a70 00000a67: PUSH1 0x00 00000a69: DUP4 00000a6a: ADD 00000a6b: DUP5 00000a6c: PUSH2 0x0919 00000a6f: JUMP 00000a70: JUMPDEST 00000a71: SWAP3 00000a72: SWAP2 00000a73: POP 00000a74: POP 00000a75: JUMP 00000a76: JUMPDEST 00000a77: PUSH1 0x00 00000a79: PUSH1 0x20 00000a7b: DUP3 00000a7c: ADD 00000a7d: SWAP1 00000a7e: POP 00000a7f: DUP2 00000a80: DUP2 00000a81: SUB 00000a82: PUSH1 0x00 00000a84: DUP4 00000a85: ADD 00000a86: MSTORE 00000a87: PUSH2 0x0a8f 00000a8a: DUP2 00000a8b: PUSH2 0x094d 00000a8e: JUMP 00000a8f: JUMPDEST 00000a90: SWAP1 00000a91: POP 00000a92: SWAP2 00000a93: SWAP1 00000a94: POP 00000a95: JUMP 00000a96: JUMPDEST 00000a97: PUSH1 0x00 00000a99: PUSH1 0x20 00000a9b: DUP3 00000a9c: ADD 00000a9d: SWAP1 00000a9e: POP 00000a9f: DUP2 00000aa0: DUP2 00000aa1: SUB 00000aa2: PUSH1 0x00 00000aa4: DUP4 00000aa5: ADD 00000aa6: MSTORE 00000aa7: PUSH2 0x0aaf 00000aaa: DUP2 00000aab: PUSH2 0x098d 00000aae: JUMP 00000aaf: JUMPDEST 00000ab0: SWAP1 00000ab1: POP 00000ab2: SWAP2 00000ab3: SWAP1 00000ab4: POP 00000ab5: JUMP 00000ab6: JUMPDEST 00000ab7: PUSH1 0x00 00000ab9: PUSH1 0x20 00000abb: DUP3 00000abc: ADD 00000abd: SWAP1 00000abe: POP 00000abf: DUP2 00000ac0: DUP2 00000ac1: SUB 00000ac2: PUSH1 0x00 00000ac4: DUP4 00000ac5: ADD 00000ac6: MSTORE 00000ac7: PUSH2 0x0acf 00000aca: DUP2 00000acb: PUSH2 0x09f3 00000ace: JUMP 00000acf: JUMPDEST 00000ad0: SWAP1 00000ad1: POP 00000ad2: SWAP2 00000ad3: SWAP1 00000ad4: POP 00000ad5: JUMP 00000ad6: JUMPDEST 00000ad7: PUSH1 0x00 00000ad9: PUSH1 0x20 00000adb: DUP3 00000adc: ADD 00000add: SWAP1 00000ade: POP 00000adf: PUSH2 0x0aeb 00000ae2: PUSH1 0x00 00000ae4: DUP4 00000ae5: ADD 00000ae6: DUP5 00000ae7: PUSH2 0x0a33 00000aea: JUMP 00000aeb: JUMPDEST 00000aec: SWAP3 00000aed: SWAP2 00000aee: POP 00000aef: POP 00000af0: JUMP 00000af1: JUMPDEST 00000af2: PUSH1 0x00 00000af4: PUSH1 0x40 00000af6: MLOAD 00000af7: SWAP1 00000af8: POP 00000af9: DUP2 00000afa: DUP2 00000afb: ADD 00000afc: DUP2 00000afd: DUP2 00000afe: LT 00000aff: PUSH8 0xffffffffffffffff 00000b08: DUP3 00000b09: GT 00000b0a: OR 00000b0b: ISZERO 00000b0c: PUSH2 0x0b14 00000b0f: JUMPI 00000b10: PUSH1 0x00 00000b12: DUP1 00000b13: REVERT 00000b14: JUMPDEST 00000b15: DUP1 00000b16: PUSH1 0x40 00000b18: MSTORE 00000b19: POP 00000b1a: SWAP2 00000b1b: SWAP1 00000b1c: POP 00000b1d: JUMP 00000b1e: JUMPDEST 00000b1f: PUSH1 0x00 00000b21: PUSH8 0xffffffffffffffff 00000b2a: DUP3 00000b2b: GT 00000b2c: ISZERO 00000b2d: PUSH2 0x0b35 00000b30: JUMPI 00000b31: PUSH1 0x00 00000b33: DUP1 00000b34: REVERT 00000b35: JUMPDEST 00000b36: PUSH1 0x20 00000b38: DUP3 00000b39: MUL 00000b3a: SWAP1 00000b3b: POP 00000b3c: PUSH1 0x20 00000b3e: DUP2 00000b3f: ADD 00000b40: SWAP1 00000b41: POP 00000b42: SWAP2 00000b43: SWAP1 00000b44: POP 00000b45: JUMP 00000b46: JUMPDEST 00000b47: PUSH1 0x00 00000b49: DUP2 00000b4a: SWAP1 00000b4b: POP 00000b4c: SWAP3 00000b4d: SWAP2 00000b4e: POP 00000b4f: POP 00000b50: JUMP 00000b51: JUMPDEST 00000b52: PUSH1 0x00 00000b54: DUP3 00000b55: DUP3 00000b56: MSTORE 00000b57: PUSH1 0x20 00000b59: DUP3 00000b5a: ADD 00000b5b: SWAP1 00000b5c: POP 00000b5d: SWAP3 00000b5e: SWAP2 00000b5f: POP 00000b60: POP 00000b61: JUMP 00000b62: JUMPDEST 00000b63: PUSH1 0x00 00000b65: PUSH2 0x0b6d 00000b68: DUP3 00000b69: PUSH2 0x0b74 00000b6c: JUMP 00000b6d: JUMPDEST 00000b6e: SWAP1 00000b6f: POP 00000b70: SWAP2 00000b71: SWAP1 00000b72: POP 00000b73: JUMP 00000b74: JUMPDEST 00000b75: PUSH1 0x00 00000b77: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b8c: DUP3 00000b8d: AND 00000b8e: SWAP1 00000b8f: POP 00000b90: SWAP2 00000b91: SWAP1 00000b92: POP 00000b93: JUMP 00000b94: JUMPDEST 00000b95: PUSH1 0x00 00000b97: DUP2 00000b98: SWAP1 00000b99: POP 00000b9a: SWAP2 00000b9b: SWAP1 00000b9c: POP 00000b9d: JUMP 00000b9e: JUMPDEST 00000b9f: DUP3 00000ba0: DUP2 00000ba1: DUP4 00000ba2: CALLDATACOPY 00000ba3: PUSH1 0x00 00000ba5: DUP4 00000ba6: DUP4 00000ba7: ADD 00000ba8: MSTORE 00000ba9: POP 00000baa: POP 00000bab: POP 00000bac: JUMP 00000bad: JUMPDEST 00000bae: PUSH2 0x0bb6 00000bb1: DUP2 00000bb2: PUSH2 0x0b62 00000bb5: JUMP 00000bb6: JUMPDEST 00000bb7: DUP2 00000bb8: EQ 00000bb9: PUSH2 0x0bc1 00000bbc: JUMPI 00000bbd: PUSH1 0x00 00000bbf: DUP1 00000bc0: REVERT 00000bc1: JUMPDEST 00000bc2: POP 00000bc3: JUMP 00000bc4: JUMPDEST 00000bc5: PUSH2 0x0bcd 00000bc8: DUP2 00000bc9: PUSH2 0x0b94 00000bcc: JUMP 00000bcd: JUMPDEST 00000bce: DUP2 00000bcf: EQ 00000bd0: PUSH2 0x0bd8 00000bd3: JUMPI 00000bd4: PUSH1 0x00 00000bd6: DUP1 00000bd7: REVERT 00000bd8: JUMPDEST 00000bd9: POP 00000bda: JUMP 00000bdb: INVALID 00000bdc: LOG2 00000bdd: PUSH5 0x6970667358 00000be3: UNKNOWN(0x22) 00000be4: SLT 00000be5: KECCAK256 00000be6: STOP 00000be7: UNKNOWN(0xEA) 00000be8: OR 00000be9: SWAP13 00000bea: UNKNOWN(0xDC) 00000beb: CODECOPY 00000bec: UNKNOWN(0xBF) 00000bed: EQ 00000bee: BLOBBASEFEE 00000bef: BYTE 00000bf0: DUP15 00000bf1: UNKNOWN(0xFC) 00000bf2: UNKNOWN(0xBC) 00000bf3: DUP1 00000bf4: UNKNOWN(0xC5) 00000bf5: UNKNOWN(0x24) 00000bf6: SWAP9 00000bf7: UNKNOWN(0xCC) 00000bf8: SWAP7 00000bf9: UNKNOWN(0xA5) 00000bfa: UNKNOWN(0xB0) 00000bfb: CODECOPY 00000bfc: ORIGIN 00000bfd: SHR 00000bfe: PUSH6 0x84e2a93af729 00000c05: TIMESTAMP 00000c06: PUSH5 0x736f6c6343 00000c0c: STOP 00000c0d: MOD 00000c0e: UNKNOWN(0x0C) 00000c0f: STOP 00000c10: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | upgradeability | detector | Untrusted DELEGATECALL target reachable | 55 | no | no |
viewtrace_id: 0x051ffa586e6ae1973616a99da95ef1fd3f00fea98c3c962ccc81b32ea549e41b
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "unknown",
"attempts": 72,
"trace_id": "0x051ffa586e6ae1973616a99da95ef1fd3f00fea98c3c962ccc81b32ea549e41b",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x5aa6e675",
"selector": "0x5aa6e675",
"calldata_variants": [
"0x5aa6e675",
"0x5aa6e6750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x715018a6",
"selector": "0x715018a6",
"calldata_variants": [
"0x715018a6",
"0x715018a60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x845affc8",
"selector": "0x845affc8",
"calldata_variants": [
"0x845affc8",
"0x845affc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8a7f7fd6",
"selector": "0x8a7f7fd6",
"calldata_variants": [
"0x8a7f7fd6",
"0x8a7f7fd60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 387,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 3068,
"type": "tx_origin_used"
}
],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x5aa6e675",
"selector": "0x5aa6e675",
"calldata_variants": [
"0x5aa6e675",
"0x5aa6e6750000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x715018a6",
"selector": "0x715018a6",
"calldata_variants": [
"0x715018a6",
"0x715018a60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x845affc8",
"selector": "0x845affc8",
"calldata_variants": [
"0x845affc8",
"0x845affc80000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8a7f7fd6",
"selector": "0x8a7f7fd6",
"calldata_variants": [
"0x8a7f7fd6",
"0x8a7f7fd60000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 3068,
"type": "tx_origin_used"
}
]
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 1
}
|