Analysis Run

c73bdf6c-5147-4fd5-ad47-f180be523585

complete

Chain ID

1

Address

0x3ef1c8133d80665ec873ac41e152dda3251a7606

Block Number

—

Created

Mon, Dec 29, 2025 5:06 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Present

Best current signal

Signed execution appears replayable (no nonce/used-hash storage)

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
30531	report.consolidate	complete	1 / 1	3 months ago
104045	artifact.fetch	complete	1 / 3	1 week ago
104046	tool.cast_disasm	complete	1 / 3	1 week ago
104047	analysis.bundle	complete	1 / 3	1 week ago
104048	capability.graph	complete	1 / 3	1 week ago
104049	detector.run	complete	1 / 3	1 week ago
104050	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

Job Status

complete

Attempts

1 / 1

Findings

3

No findings?

no

Summary

Found replayable signature execution, a permissive slot0 initialization path, and missing ECDSA malleability checks.

View stderr

[codex:342374] OpenAI Codex v0.77.0 (research preview)
[codex:342374] --------
[codex:342374] workdir: /tmp/codex-multi-izhz5eih
[codex:342374] model: gpt-5.2-codex
[codex:342374] provider: openai
[codex:342374] approval: never
[codex:342374] sandbox: read-only
[codex:342374] reasoning effort: xhigh
[codex:342374] reasoning summaries: auto
[codex:342374] session id: 019b6b0c-98f1-7811-bfef-6683ca8eede2
[codex:342374] --------
[codex:342374] user
[codex:342374] You are a security auditor. You are given EVM runtime bytecode (and possibly a disassembly) for a contract with NO verified source.
[codex:342374] This is best-effort. Do not hallucinate: only flag issues when there's a concrete, explainable angle from bytecode/disasm patterns.
[codex:342374] 
[codex:342374] You MUST read the full `BYTECODE_BUNDLE.txt` before concluding.
[codex:342374] 
[codex:342374] Output MUST be valid JSON matching the provided schema.
[codex:342374] - If you cannot identify a concrete issue from bytecode/disasm alone: set no_findings=true and findings=[].
[codex:342374] - Otherwise: include findings with severity/category/title/evidence and point locations to BYTECODE_BUNDLE.txt line ranges when possible.
[codex:342374] 
[codex:342374] Output constraints (IMPORTANT):
[codex:342374] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:342374] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:342374] mcp startup: no servers
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Reading BYTECODE_BUNDLE.txt**
[codex:342374] exec
[codex:342374] /bin/bash -lc ls in /tmp/codex-multi-izhz5eih succeeded in 6ms:
[codex:342374] BYTECODE_BUNDLE.txt
[codex:342374] codex-output-schema.json
[codex:342374] exec
[codex:342374] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-izhz5eih succeeded in 5ms:
[codex:342374] Runtime bytecode bundle for best-effort auditing.
[codex:342374] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:342374] 
[codex:342374] FILE: runtime_bytecode.hex
[codex:342374] 0x6080604052600436106100a4576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063049e1d4d146100a657806310bfce71146100e35780633018205f1461010c5780633e104a95146101375780634ee7f87d1461016257806362c529e41461019f57806392eefe9b146101c85780639ce110d7146101f1578063ee8bd82d1461021c578063f77c479114610259575b005b3480156100b257600080fd5b506100cd60048036036100c89190810190610e11565b610284565b6040516100da9190610ed2565b60405180910390f35b3480156100ef57600080fd5b5061010a60048036036101059190810190610d94565b61036b565b005b34801561011857600080fd5b506101216103ab565b60405161012e9190610e8e565b60405180910390f35b34801561014357600080fd5b5061014c6103d4565b6040516101599190610e8e565b60405180910390f35b34801561016e57600080fd5b5061018960048036036101849190810190610d2d565b6103fe565b6040516101969190610eed565b60405180910390f35b3480156101ab57600080fd5b506101c660048036036101c19190810190610e11565b610563565b005b3480156101d457600080fd5b506101ef60048036036101ea9190810190610d04565b610718565b005b3480156101fd57600080fd5b506102066108b5565b6040516102139190610e8e565b60405180910390f35b34801561022857600080fd5b50610243600480360361023e9190810190610dd5565b6108db565b6040516102509190610e8e565b60405180910390f35b34801561026557600080fd5b5061026e610942565b60405161027b9190610e8e565b60405180910390f35b6000806060600080610294610967565b60008088600001519650886020015195508860400151945088608001519350886060015192506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff1614151561031557600080fd5b6103208787876103fe565b915061032c82846108db565b90508373ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff1614975050505050505050919050565b60008090505b81518110156103a75761039a828281518110151561038b57fe5b90602001906020020151610563565b8080600101915050610371565b5050565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b600080848484604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166c0100000000000000000000000002815260140183805190602001908083835b60208310151561047a5780518252602082019150602081019050602083039250610455565b6001836020036101000a0380198251168184511680821785525050505050509050018281526020019350505050604051809103902090506040805190810160405280601c81526020017f19457468657265756d205369676e6564204d6573736167653a0a333200000000815250816040518083805190602001908083835b60208310151561051d57805182526020820191506020810190506020830392506104f8565b6001836020036101000a03801982511681845116808217855250505050505090500182600019166000191681526020019250505060405180910390209150509392505050565b60006060600080846000015193508460200151925084604001519150846080015190507f74d34c6fe876d2d910521ea7c31bdea6530879732d5e8fa3781ce25171fa176084826040516105b7929190610ea9565b60405180910390a16105c885610284565b156106d7578373ffffffffffffffffffffffffffffffffffffffff16828460405180828051906020019080838360005b838110156106135780820151818401526020810190506105f8565b50505050905090810190601f1680156106405780820380516001836020036101000a031916815260200191505b5091505060006040518083038185875af19250505015610698577f9ae6eab77ab97680a0708bbb21af686ae24276636c6aa70f8a02f4cccd49499b848260405161068b929190610ea9565b60405180910390a16106d2565b7f422d7d1308c28fc21ce33958ef24b1078048fc1a9d39bdc51931eb2e9939fd0384826040516106c9929190610ea9565b60405180910390a15b610711565b7f1d7ce720a2f369d4eb35904f7bb3f97b6fdcfc76cf000cbd281d405ec68c19568482604051610708929190610ea9565b60405180910390a15b5050505050565b7f4f7b0265dc15e282f56ae0820603286a6547460256b0fe068e6ed578cb3d8bb6816040516107479190610e8e565b60405180910390a1600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161480156107f95750600073ffffffffffffffffffffffffffffffffffffffff166000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16145b1561087a57806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055507f5c4387c894a24bbdaab0ebb3e90d2d0f0d1900a6b4878e87c1fc3bfe75c1f0df8160405161086d9190610e8e565b60405180910390a16108b2565b7f6e7c18ac33fbdcd4f970e95dbb26c2f291e243f724c43b33c701f00f75826513816040516108a99190610e8e565b60405180910390a15b50565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60006001838360000151846020015185604001516040516000815260200160405260405161090c9493929190610f08565b60206040516020810390808403906000865af1158015610930573d6000803e3d6000fd5b50505060206040510351905092915050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b606060405190810160405280600060ff16815260200160008019168152602001600080191681525090565b600061099e823561103d565b905092915050565b600082601f83011215156109b957600080fd5b81356109cc6109c782610f7a565b610f4d565b9150818183526020840193506020810190508360005b83811015610a1257813586016109f88882610b9c565b8452602084019350602083019250506001810190506109e2565b5050505092915050565b6000610a28823561105d565b905092915050565b600082601f8301121515610a4357600080fd5b8135610a56610a5182610fa2565b610f4d565b91508082526020830160208301858383011115610a7257600080fd5b610a7d83828461107e565b50505092915050565b600082601f8301121515610a9957600080fd5b8135610aac610aa782610fce565b610f4d565b91508082526020830160208301858383011115610ac857600080fd5b610ad383828461107e565b50505092915050565b600060608284031215610aee57600080fd5b610af86060610f4d565b90506000610b0884828501610cf0565b6000830152506020610b1c84828501610a1c565b6020830152506040610b3084828501610a1c565b60408301525092915050565b600060608284031215610b4e57600080fd5b610b586060610f4d565b90506000610b6884828501610cf0565b6000830152506020610b7c84828501610a1c565b6020830152506040610b9084828501610a1c565b60408301525092915050565b600060e08284031215610bae57600080fd5b610bb860a0610f4d565b90506000610bc884828501610992565b600083015250602082013567ffffffffffffffff811115610be857600080fd5b610bf484828501610a30565b6020830152506040610c0884828501610cdc565b6040830152506060610c1c84828501610adc565b60608301525060c0610c3084828501610992565b60808301525092915050565b600060e08284031215610c4e57600080fd5b610c5860a0610f4d565b90506000610c6884828501610992565b600083015250602082013567ffffffffffffffff811115610c8857600080fd5b610c9484828501610a30565b6020830152506040610ca884828501610cdc565b6040830152506060610cbc84828501610adc565b60608301525060c0610cd084828501610992565b60808301525092915050565b6000610ce88235611067565b905092915050565b6000610cfc8235611071565b905092915050565b600060208284031215610d1657600080fd5b6000610d2484828501610992565b91505092915050565b600080600060608486031215610d4257600080fd5b6000610d5086828701610992565b935050602084013567ffffffffffffffff811115610d6d57600080fd5b610d7986828701610a86565b9250506040610d8a86828701610cdc565b9150509250925092565b600060208284031215610da657600080fd5b600082013567ffffffffffffffff811115610dc057600080fd5b610dcc848285016109a6565b91505092915050565b60008060808385031215610de857600080fd5b6000610df685828601610a1c565b9250506020610e0785828601610b3c565b9150509250929050565b600060208284031215610e2357600080fd5b600082013567ffffffffffffffff811115610e3d57600080fd5b610e4984828501610c3c565b91505092915050565b610e5b81610ffa565b82525050565b610e6a8161101a565b82525050565b610e7981611026565b82525050565b610e8881611030565b82525050565b6000602082019050610ea36000830184610e52565b92915050565b6000604082019050610ebe6000830185610e52565b610ecb6020830184610e52565b9392505050565b6000602082019050610ee76000830184610e61565b92915050565b6000602082019050610f026000830184610e70565b92915050565b6000608082019050610f1d6000830187610e70565b610f2a6020830186610e7f565b610f376040830185610e70565b610f446060830184610e70565b95945050505050565b6000604051905081810181811067ffffffffffffffff82111715610f7057600080fd5b8060405250919050565b600067ffffffffffffffff821115610f9157600080fd5b602082029050602081019050919050565b600067ffffffffffffffff821115610fb957600080fd5b601f19601f8301169050602081019050919050565b600067ffffffffffffffff821115610fe557600080fd5b601f19601f8301169050602081019050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60008115159050919050565b6000819050919050565b600060ff82169050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b6000819050919050565b600060ff82169050919050565b828183376000838301525050505600a265627a7a723058202fcc1c69fded4506ef93642b65dedd7105332c053862afcdc0ffd9683aeed9d46c6578706572696d656e74616cf50037
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing bytecode for vulnerabilities**
[codex:342374] 
[codex:342374] I'm carefully examining the bytecode's function selectors, storage slots, and code snippets to understand contract behavior—especially ownership patterns and signature verification—to identify any potential security issues like unprotected initialization or misuse of critical functions.
[codex:342374] exec
[codex:342374] /bin/bash -lc 'command -v evm || command -v hevm || command -v cast || command -v solc' in /tmp/codex-multi-izhz5eih succeeded in 5ms:
[codex:342374] /home/noahkuhn/.foundry/bin/cast
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Checking cast command options**
[codex:342374] exec
[codex:342374] /bin/bash -lc 'cast --help | head -n 40' in /tmp/codex-multi-izhz5eih succeeded in 25ms:
[codex:342374] A Swiss Army knife for interacting with Ethereum applications from the command line
[codex:342374] 
[codex:342374] Usage: cast [OPTIONS] <COMMAND>
[codex:342374] 
[codex:342374] Commands:
[codex:342374]   4byte                  Get the function signatures for the given selector from
[codex:342374]                          <https://openchain.xyz> [aliases: 4, 4b]
[codex:342374]   4byte-calldata         Decode ABI-encoded calldata using <https://openchain.xyz> [aliases: 4c,
[codex:342374]                          4bc]
[codex:342374]   4byte-event            Get the event signature for a given topic 0 from <https://openchain.xyz>
[codex:342374]                          [aliases: 4e, 4be, topic0-event, t0e]
[codex:342374]   abi-encode             ABI encode the given function argument, excluding the selector [aliases:
[codex:342374]                          ae]
[codex:342374]   abi-encode-event       ABI encode an event and its arguments to generate topics and data [aliases:
[codex:342374]                          aee]
[codex:342374]   access-list            Create an access list for a transaction [aliases: ac, acl]
[codex:342374]   address-zero           Prints the zero address [aliases: --address-zero, az]
[codex:342374]   admin                  Fetch the EIP-1967 admin account [aliases: adm]
[codex:342374]   age                    Get the timestamp of a block [aliases: a]
[codex:342374]   artifact               Generate an artifact file, that can be used to deploy a contract locally
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Searching for disassemble method**
[codex:342374] exec
[codex:342374] /bin/bash -lc 'cast --help | rg -n "dis"' in /tmp/codex-multi-izhz5eih succeeded in 10ms:
[codex:342374] 53:  disassemble            Disassembles a hex-encoded bytecode into a human-readable representation
[codex:342374] 155:          - never:  Force disable color output
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Preparing to run disassembly**
[codex:342374] exec
[codex:342374] /bin/bash -lc 'cast disassemble $(cat runtime_bytecode.hex)' in /tmp/codex-multi-izhz5eih succeeded in 13ms:
[codex:342374] cat: runtime_bytecode.hex: No such file or directory
[codex:342374] 
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Preparing to extract bytecode string**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] # extract 0x... after FILE runtime_bytecode.hex
[codex:342374] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text)
[codex:342374] print(m.group(1) if m else 'not found')
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 26ms:
[codex:342374] 0x6080604052600436106100a4576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063049e1d4d146100a657806310bfce71146100e35780633018205f1461010c5780633e104a95146101375780634ee7f87d1461016257806362c529e41461019f57806392eefe9b146101c85780639ce110d7146101f1578063ee8bd82d1461021c578063f77c479114610259575b005b3480156100b257600080fd5b506100cd60048036036100c89190810190610e11565b610284565b6040516100da9190610ed2565b60405180910390f35b3480156100ef57600080fd5b5061010a60048036036101059190810190610d94565b61036b565b005b34801561011857600080fd5b506101216103ab565b60405161012e9190610e8e565b60405180910390f35b34801561014357600080fd5b5061014c6103d4565b6040516101599190610e8e565b60405180910390f35b34801561016e57600080fd5b5061018960048036036101849190810190610d2d565b6103fe565b6040516101969190610eed565b60405180910390f35b3480156101ab57600080fd5b506101c660048036036101c19190810190610e11565b610563565b005b3480156101d457600080fd5b506101ef60048036036101ea9190810190610d04565b610718565b005b3480156101fd57600080fd5b506102066108b5565b6040516102139190610e8e565b60405180910390f35b34801561022857600080fd5b50610243600480360361023e9190810190610dd5565b6108db565b6040516102509190610e8e565b60405180910390f35b34801561026557600080fd5b5061026e610942565b60405161027b9190610e8e565b60405180910390f35b6000806060600080610294610967565b60008088600001519650886020015195508860400151945088608001519350886060015192506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff1614151561031557600080fd5b6103208787876103fe565b915061032c82846108db565b90508373ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff1614975050505050505050919050565b60008090505b81518110156103a75761039a828281518110151561038b57fe5b90602001906020020151610563565b8080600101915050610371565b5050565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b600080848484604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166c0100000000000000000000000002815260140183805190602001908083835b60208310151561047a5780518252602082019150602081019050602083039250610455565b6001836020036101000a0380198251168184511680821785525050505050509050018281526020019350505050604051809103902090506040805190810160405280601c81526020017f19457468657265756d205369676e6564204d6573736167653a0a333200000000815250816040518083805190602001908083835b60208310151561051d57805182526020820191506020810190506020830392506104f8565b6001836020036101000a03801982511681845116808217855250505050505090500182600019166000191681526020019250505060405180910390209150509392505050565b60006060600080846000015193508460200151925084604001519150846080015190507f74d34c6fe876d2d910521ea7c31bdea6530879732d5e8fa3781ce25171fa176084826040516105b7929190610ea9565b60405180910390a16105c885610284565b156106d7578373ffffffffffffffffffffffffffffffffffffffff16828460405180828051906020019080838360005b838110156106135780820151818401526020810190506105f8565b50505050905090810190601f1680156106405780820380516001836020036101000a031916815260200191505b5091505060006040518083038185875af19250505015610698577f9ae6eab77ab97680a0708bbb21af686ae24276636c6aa70f8a02f4cccd49499b848260405161068b929190610ea9565b60405180910390a16106d2565b7f422d7d1308c28fc21ce33958ef24b1078048fc1a9d39bdc51931eb2e9939fd0384826040516106c9929190610ea9565b60405180910390a15b610711565b7f1d7ce720a2f369d4eb35904f7bb3f97b6fdcfc76cf000cbd281d405ec68c19568482604051610708929190610ea9565b60405180910390a15b5050505050565b7f4f7b0265dc15e282f56ae0820603286a6547460256b0fe068e6ed578cb3d8bb6816040516107479190610e8e565b60405180910390a1600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161480156107f95750600073ffffffffffffffffffffffffffffffffffffffff166000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16145b1561087a57806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055507f5c4387c894a24bbdaab0ebb3e90d2d0f0d1900a6b4878e87c1fc3bfe75c1f0df8160405161086d9190610e8e565b60405180910390a16108b2565b7f6e7c18ac33fbdcd4f970e95dbb26c2f291e243f724c43b33c701f00f75826513816040516108a99190610e8e565b60405180910390a15b50565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60006001838360000151846020015185604001516040516000815260200160405260405161090c9493929190610f08565b60206040516020810390808403906000865af1158015610930573d6000803e3d6000fd5b50505060206040510351905092915050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b606060405190810160405280600060ff16815260200160008019168152602001600080191681525090565b600061099e823561103d565b905092915050565b600082601f83011215156109b957600080fd5b81356109cc6109c782610f7a565b610f4d565b9150818183526020840193506020810190508360005b83811015610a1257813586016109f88882610b9c565b8452602084019350602083019250506001810190506109e2565b5050505092915050565b6000610a28823561105d565b905092915050565b600082601f8301121515610a4357600080fd5b8135610a56610a5182610fa2565b610f4d565b91508082526020830160208301858383011115610a7257600080fd5b610a7d83828461107e565b50505092915050565b600082601f8301121515610a9957600080fd5b8135610aac610aa782610fce565b610f4d565b91508082526020830160208301858383011115610ac857600080fd5b610ad383828461107e565b50505092915050565b600060608284031215610aee57600080fd5b610af86060610f4d565b90506000610b0884828501610cf0565b6000830152506020610b1c84828501610a1c565b6020830152506040610b3084828501610a1c565b60408301525092915050565b600060608284031215610b4e57600080fd5b610b586060610f4d565b90506000610b6884828501610cf0565b6000830152506020610b7c84828501610a1c565b6020830152506040610b9084828501610a1c565b60408301525092915050565b600060e08284031215610bae57600080fd5b610bb860a0610f4d565b90506000610bc884828501610992565b600083015250602082013567ffffffffffffffff811115610be857600080fd5b610bf484828501610a30565b6020830152506040610c0884828501610cdc565b6040830152506060610c1c84828501610adc565b60608301525060c0610c3084828501610992565b60808301525092915050565b600060e08284031215610c4e57600080fd5b610c5860a0610f4d565b90506000610c6884828501610992565b600083015250602082013567ffffffffffffffff811115610c8857600080fd5b610c9484828501610a30565b6020830152506040610ca884828501610cdc565b6040830152506060610cbc84828501610adc565b60608301525060c0610cd084828501610992565b60808301525092915050565b6000610ce88235611067565b905092915050565b6000610cfc8235611071565b905092915050565b600060208284031215610d1657600080fd5b6000610d2484828501610992565b91505092915050565b600080600060608486031215610d4257600080fd5b6000610d5086828701610992565b935050602084013567ffffffffffffffff811115610d6d57600080fd5b610d7986828701610a86565b9250506040610d8a86828701610cdc565b9150509250925092565b600060208284031215610da657600080fd5b600082013567ffffffffffffffff811115610dc057600080fd5b610dcc848285016109a6565b91505092915050565b60008060808385031215610de857600080fd5b6000610df685828601610a1c565b9250506020610e0785828601610b3c565b9150509250929050565b600060208284031215610e2357600080fd5b600082013567ffffffffffffffff811115610e3d57600080fd5b610e4984828501610c3c565b91505092915050565b610e5b81610ffa565b82525050565b610e6a8161101a565b82525050565b610e7981611026565b82525050565b610e8881611030565b82525050565b6000602082019050610ea36000830184610e52565b92915050565b6000604082019050610ebe6000830185610e52565b610ecb6020830184610e52565b9392505050565b6000602082019050610ee76000830184610e61565b92915050565b6000602082019050610f026000830184610e70565b92915050565b6000608082019050610f1d6000830187610e70565b610f2a6020830186610e7f565b610f376040830185610e70565b610f446060830184610e70565b95945050505050565b6000604051905081810181811067ffffffffffffffff82111715610f7057600080fd5b8060405250919050565b600067ffffffffffffffff821115610f9157600080fd5b602082029050602081019050919050565b600067ffffffffffffffff821115610fb957600080fd5b601f19601f8301169050602081019050919050565b600067ffffffffffffffff821115610fe557600080fd5b601f19601f8301169050602081019050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60008115159050919050565b6000819050919050565b600060ff82169050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b6000819050919050565b600060ff82169050919050565b828183376000838301525050505600a265627a7a723058202fcc1c69fded4506ef93642b65dedd7105332c053862afcdc0ffd9683aeed9d46c6578706572696d656e74616cf50037
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Preparing to disassemble bytecode**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess, textwrap, sys
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] m=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text)
[codex:342374] bytecode=m.group(1)
[codex:342374] # call cast disassemble
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] print(proc.stdout)
[codex:342374] print(proc.stderr,file=sys.stderr)
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 44ms:
[codex:342374] 00000000: PUSH1 0x80
[codex:342374] 00000002: PUSH1 0x40
[codex:342374] 00000004: MSTORE
[codex:342374] 00000005: PUSH1 0x04
[codex:342374] 00000007: CALLDATASIZE
[codex:342374] 00000008: LT
[codex:342374] 00000009: PUSH2 0x00a4
[codex:342374] 0000000c: JUMPI
[codex:342374] 0000000d: PUSH1 0x00
[codex:342374] 0000000f: CALLDATALOAD
[codex:342374] 00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
[codex:342374] 0000002e: SWAP1
[codex:342374] 0000002f: DIV
[codex:342374] 00000030: PUSH4 0xffffffff
[codex:342374] 00000035: AND
[codex:342374] 00000036: DUP1
[codex:342374] 00000037: PUSH4 0x049e1d4d
[codex:342374] 0000003c: EQ
[codex:342374] 0000003d: PUSH2 0x00a6
[codex:342374] 00000040: JUMPI
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Examining disassembly near 0x0718**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess, sys
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=proc.stdout.splitlines()
[codex:342374] # find index of 0x0718
[codex:342374] for i,l in enumerate(lines):
[codex:342374]     if l.startswith('00000718'):
[codex:342374]         start=max(0,i-10)
[codex:342374]         end=i+80
[codex:342374]         for j in range(start,end):
[codex:342374]             print(lines[j])
[codex:342374]         break
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 38ms:
[codex:342374] 0000070e: SUB
[codex:342374] 0000070f: SWAP1
[codex:342374] 00000710: LOG1
[codex:342374] 00000711: JUMPDEST
[codex:342374] 00000712: POP
[codex:342374] 00000713: POP
[codex:342374] 00000714: POP
[codex:342374] 00000715: POP
[codex:342374] 00000716: POP
[codex:342374] 00000717: JUMP
[codex:342374] 00000718: JUMPDEST
[codex:342374] 00000719: PUSH32 0x4f7b0265dc15e282f56ae0820603286a6547460256b0fe068e6ed578cb3d8bb6
[codex:342374] 0000073a: DUP2
[codex:342374] 0000073b: PUSH1 0x40
[codex:342374] 0000073d: MLOAD
[codex:342374] 0000073e: PUSH2 0x0747
[codex:342374] 00000741: SWAP2
[codex:342374] 00000742: SWAP1
[codex:342374] 00000743: PUSH2 0x0e8e
[codex:342374] 00000746: JUMP
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=proc.stdout.splitlines()
[codex:342374] # show continuation after 0x083c
[codex:342374] for i,l in enumerate(lines):
[codex:342374]     if l.startswith('0000083c'):
[codex:342374]         for j in range(i, i+60):
[codex:342374]             print(lines[j])
[codex:342374]         break
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 40ms:
[codex:342374] 0000083c: SWAP1
[codex:342374] 0000083d: SSTORE
[codex:342374] 0000083e: POP
[codex:342374] 0000083f: PUSH32 0x5c4387c894a24bbdaab0ebb3e90d2d0f0d1900a6b4878e87c1fc3bfe75c1f0df
[codex:342374] 00000860: DUP2
[codex:342374] 00000861: PUSH1 0x40
[codex:342374] 00000863: MLOAD
[codex:342374] 00000864: PUSH2 0x086d
[codex:342374] 00000867: SWAP2
[codex:342374] 00000868: SWAP1
[codex:342374] 00000869: PUSH2 0x0e8e
[codex:342374] 0000086c: JUMP
[codex:342374] 0000086d: JUMPDEST
[codex:342374] 0000086e: PUSH1 0x40
[codex:342374] 00000870: MLOAD
[codex:342374] 00000871: DUP1
[codex:342374] 00000872: SWAP2
[codex:342374] 00000873: SUB
[codex:342374] 00000874: SWAP1
[codex:342374] 00000875: LOG1
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing storage slots and ownership logic**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=proc.stdout.splitlines()
[codex:342374] for i,l in enumerate(lines):
[codex:342374]     if l.startswith('000008db'):
[codex:342374]         for j in range(i, i+80):
[codex:342374]             print(lines[j])
[codex:342374]         break
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 45ms:
[codex:342374] 000008db: JUMPDEST
[codex:342374] 000008dc: PUSH1 0x00
[codex:342374] 000008de: PUSH1 0x01
[codex:342374] 000008e0: DUP4
[codex:342374] 000008e1: DUP4
[codex:342374] 000008e2: PUSH1 0x00
[codex:342374] 000008e4: ADD
[codex:342374] 000008e5: MLOAD
[codex:342374] 000008e6: DUP5
[codex:342374] 000008e7: PUSH1 0x20
[codex:342374] 000008e9: ADD
[codex:342374] 000008ea: MLOAD
[codex:342374] 000008eb: DUP6
[codex:342374] 000008ec: PUSH1 0x40
[codex:342374] 000008ee: ADD
[codex:342374] 000008ef: MLOAD
[codex:342374] 000008f0: PUSH1 0x40
[codex:342374] 000008f2: MLOAD
[codex:342374] 000008f3: PUSH1 0x00
[codex:342374] 000008f5: DUP2
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing signature verification and call logic**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=[l for l in proc.stdout.splitlines() if 'SSTORE' in l]
[codex:342374] print('\\n'.join(lines))
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 37ms:
[codex:342374] 0000083d: SSTORE
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing signature verification logic**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text().lower()
[codex:342374] const='7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0'
[codex:342374] print(const in text)
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 29ms:
[codex:342374] False
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Investigating use of specific constants in code**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] import re
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=proc.stdout.splitlines()
[codex:342374] for l in lines:
[codex:342374]     if 'PUSH1 0x1b' in l or 'PUSH1 0x1c' in l or 'PUSH1 0x00' in l:
[codex:342374]         pass
[codex:342374] # show lines with PUSH1 0x1b or 0x1c
[codex:342374] for l in lines:
[codex:342374]     if 'PUSH1 0x1b' in l or 'PUSH1 0x1c' in l:
[codex:342374]         print(l)
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 38ms:
[codex:342374] 000004bd: PUSH1 0x1c
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing signature malleability and replay risks**
[codex:342374] exec
[codex:342374] /bin/bash -lc "python - <<'PY'
[codex:342374] import re, subprocess
[codex:342374] from pathlib import Path
[codex:342374] text=Path('BYTECODE_BUNDLE.txt').read_text()
[codex:342374] bytecode=re.search(r'FILE: runtime_bytecode.hex\\n(0x[0-9a-fA-F]+)', text).group(1)
[codex:342374] proc=subprocess.run(['cast','disassemble', bytecode], capture_output=True, text=True)
[codex:342374] lines=proc.stdout.splitlines()
[codex:342374] # find ADDRESS opcode occurrences
[codex:342374] for i,l in enumerate(lines):
[codex:342374]     if 'ADDRESS' in l:
[codex:342374]         print(i, l)
[codex:342374] PY" in /tmp/codex-multi-izhz5eih succeeded in 41ms:
[codex:342374] 
[codex:342374] 
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing signature replay and initialization risks**
[codex:342374] thinking
[codex:342374] **Mapping function arguments and replay implications**
[codex:342374] 
[codex:342374] I'll clarify how the execute function uses three key arguments to compute the hash and verify signatures, confirming the absence of state changes allows replay, and plan to reference exact bytecode lines for precise evidence.
[codex:342374] exec
[codex:342374] /bin/bash -lc 'nl -ba BYTECODE_BUNDLE.txt | head -n 40' in /tmp/codex-multi-izhz5eih succeeded in 6ms:
[codex:342374]      1	Runtime bytecode bundle for best-effort auditing.
[codex:342374]      2	Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:342374]      3	
[codex:342374]      4	FILE: runtime_bytecode.hex
[codex:342374]      5	0x6080604052600436106100a4576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063049e1d4d146100a657806310bfce71146100e35780633018205f1461010c5780633e104a95146101375780634ee7f87d1461016257806362c529e41461019f57806392eefe9b146101c85780639ce110d7146101f1578063ee8bd82d1461021c578063f77c479114610259575b005b3480156100b257600080fd5b506100cd60048036036100c89190810190610e11565b610284565b6040516100da9190610ed2565b60405180910390f35b3480156100ef57600080fd5b5061010a60048036036101059190810190610d94565b61036b565b005b34801561011857600080fd5b506101216103ab565b60405161012e9190610e8e565b60405180910390f35b34801561014357600080fd5b5061014c6103d4565b6040516101599190610e8e565b60405180910390f35b34801561016e57600080fd5b5061018960048036036101849190810190610d2d565b6103fe565b6040516101969190610eed565b60405180910390f35b3480156101ab57600080fd5b506101c660048036036101c19190810190610e11565b610563565b005b3480156101d457600080fd5b506101ef60048036036101ea9190810190610d04565b610718565b005b3480156101fd57600080fd5b506102066108b5565b6040516102139190610e8e565b60405180910390f35b34801561022857600080fd5b50610243600480360361023e9190810190610dd5565b6108db565b6040516102509190610e8e565b60405180910390f35b34801561026557600080fd5b5061026e610942565b60405161027b9190610e8e565b60405180910390f35b6000806060600080610294610967565b60008088600001519650886020015195508860400151945088608001519350886060015192506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff1614151561031557600080fd5b6103208787876103fe565b915061032c82846108db565b90508373ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff1614975050505050505050919050565b60008090505b81518110156103a75761039a828281518110151561038b57fe5b90602001906020020151610563565b8080600101915050610371565b5050565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b6000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b600080848484604051808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166c0100000000000000000000000002815260140183805190602001908083835b60208310151561047a5780518252602082019150602081019050602083039250610455565b6001836020036101000a0380198251168184511680821785525050505050509050018281526020019350505050604051809103902090506040805190810160405280601c81526020017f19457468657265756d205369676e6564204d6573736167653a0a333200000000815250816040518083805190602001908083835b60208310151561051d57805182526020820191506020810190506020830392506104f8565b6001836020036101000a03801982511681845116808217855250505050505090500182600019166000191681526020019250505060405180910390209150509392505050565b60006060600080846000015193508460200151925084604001519150846080015190507f74d34c6fe876d2d910521ea7c31bdea6530879732d5e8fa3781ce25171fa176084826040516105b7929190610ea9565b60405180910390a16105c885610284565b156106d7578373ffffffffffffffffffffffffffffffffffffffff16828460405180828051906020019080838360005b838110156106135780820151818401526020810190506105f8565b50505050905090810190601f1680156106405780820380516001836020036101000a031916815260200191505b5091505060006040518083038185875af19250505015610698577f9ae6eab77ab97680a0708bbb21af686ae24276636c6aa70f8a02f4cccd49499b848260405161068b929190610ea9565b60405180910390a16106d2565b7f422d7d1308c28fc21ce33958ef24b1078048fc1a9d39bdc51931eb2e9939fd0384826040516106c9929190610ea9565b60405180910390a15b610711565b7f1d7ce720a2f369d4eb35904f7bb3f97b6fdcfc76cf000cbd281d405ec68c19568482604051610708929190610ea9565b60405180910390a15b5050505050565b7f4f7b0265dc15e282f56ae0820603286a6547460256b0fe068e6ed578cb3d8bb6816040516107479190610e8e565b60405180910390a1600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161480156107f95750600073ffffffffffffffffffffffffffffffffffffffff166000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16145b1561087a57806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055507f5c4387c894a24bbdaab0ebb3e90d2d0f0d1900a6b4878e87c1fc3bfe75c1f0df8160405161086d9190610e8e565b60405180910390a16108b2565b7f6e7c18ac33fbdcd4f970e95dbb26c2f291e243f724c43b33c701f00f75826513816040516108a99190610e8e565b60405180910390a15b50565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60006001838360000151846020015185604001516040516000815260200160405260405161090c9493929190610f08565b60206040516020810390808403906000865af1158015610930573d6000803e3d6000fd5b50505060206040510351905092915050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b606060405190810160405280600060ff16815260200160008019168152602001600080191681525090565b600061099e823561103d565b905092915050565b600082601f83011215156109b957600080fd5b81356109cc6109c782610f7a565b610f4d565b9150818183526020840193506020810190508360005b83811015610a1257813586016109f88882610b9c565b8452602084019350602083019250506001810190506109e2565b5050505092915050565b6000610a28823561105d565b905092915050565b600082601f8301121515610a4357600080fd5b8135610a56610a5182610fa2565b610f4d565b91508082526020830160208301858383011115610a7257600080fd5b610a7d83828461107e565b50505092915050565b600082601f8301121515610a9957600080fd5b8135610aac610aa782610fce565b610f4d565b91508082526020830160208301858383011115610ac857600080fd5b610ad383828461107e565b50505092915050565b600060608284031215610aee57600080fd5b610af86060610f4d565b90506000610b0884828501610cf0565b6000830152506020610b1c84828501610a1c565b6020830152506040610b3084828501610a1c565b60408301525092915050565b600060608284031215610b4e57600080fd5b610b586060610f4d565b90506000610b6884828501610cf0565b6000830152506020610b7c84828501610a1c565b6020830152506040610b9084828501610a1c565b60408301525092915050565b600060e08284031215610bae57600080fd5b610bb860a0610f4d565b90506000610bc884828501610992565b600083015250602082013567ffffffffffffffff811115610be857600080fd5b610bf484828501610a30565b6020830152506040610c0884828501610cdc565b6040830152506060610c1c84828501610adc565b60608301525060c0610c3084828501610992565b60808301525092915050565b600060e08284031215610c4e57600080fd5b610c5860a0610f4d565b90506000610c6884828501610992565b600083015250602082013567ffffffffffffffff811115610c8857600080fd5b610c9484828501610a30565b6020830152506040610ca884828501610cdc565b6040830152506060610cbc84828501610adc565b60608301525060c0610cd084828501610992565b60808301525092915050565b6000610ce88235611067565b905092915050565b6000610cfc8235611071565b905092915050565b600060208284031215610d1657600080fd5b6000610d2484828501610992565b91505092915050565b600080600060608486031215610d4257600080fd5b6000610d5086828701610992565b935050602084013567ffffffffffffffff811115610d6d57600080fd5b610d7986828701610a86565b9250506040610d8a86828701610cdc565b9150509250925092565b600060208284031215610da657600080fd5b600082013567ffffffffffffffff811115610dc057600080fd5b610dcc848285016109a6565b91505092915050565b60008060808385031215610de857600080fd5b6000610df685828601610a1c565b9250506020610e0785828601610b3c565b9150509250929050565b600060208284031215610e2357600080fd5b600082013567ffffffffffffffff811115610e3d57600080fd5b610e4984828501610c3c565b91505092915050565b610e5b81610ffa565b82525050565b610e6a8161101a565b82525050565b610e7981611026565b82525050565b610e8881611030565b82525050565b6000602082019050610ea36000830184610e52565b92915050565b6000604082019050610ebe6000830185610e52565b610ecb6020830184610e52565b9392505050565b6000602082019050610ee76000830184610e61565b92915050565b6000602082019050610f026000830184610e70565b92915050565b6000608082019050610f1d6000830187610e70565b610f2a6020830186610e7f565b610f376040830185610e70565b610f446060830184610e70565b95945050505050565b6000604051905081810181811067ffffffffffffffff82111715610f7057600080fd5b8060405250919050565b600067ffffffffffffffff821115610f9157600080fd5b602082029050602081019050919050565b600067ffffffffffffffff821115610fb957600080fd5b601f19601f8301169050602081019050919050565b600067ffffffffffffffff821115610fe557600080fd5b601f19601f8301169050602081019050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60008115159050919050565b6000819050919050565b600060ff82169050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b6000819050919050565b600060ff82169050919050565b828183376000838301525050505600a265627a7a723058202fcc1c69fded4506ef93642b65dedd7105332c053862afcdc0ffd9683aeed9d46c6578706572696d656e74616cf50037
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Analyzing bytecode line referencing**
[codex:342374] exec
[codex:342374] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-izhz5eih succeeded in 6ms:
[codex:342374] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:342374] 
[codex:342374] thinking
[codex:342374] **Summarizing security findings**
[codex:342374] codex
[codex:342374] {"no_findings":false,"summary":"Found replayable signature execution, a permissive slot0 initialization path, and missing ECDSA malleability checks.","findings":[{"severity":"high","category":"auth","title":"Signed execution appears replayable (no nonce/used-hash storage)","exploit_scenario":"If a signer authorizes a call, any relayer can submit the same calldata again to repeat the CALL and drain funds or repeat side effects, because no state is updated to mark the signature as used.","recommendation":"Add a nonce or used-hash mapping in storage, include it in the signed payload, and update it before performing the external CALL; revert on reuse.","evidence":"Execution path at 0x0563 performs an external CALL (`5af1` at 0x0651) after signature verification; the only SSTORE in the entire runtime is at 0x083d (owner update), so no nonce/used-hash is recorded.","locations":["BYTECODE_BUNDLE.txt:5"]},{"severity":"medium","category":"access_control","title":"Slot0 can be set by anyone if it is zero (initializer-style bypass)","exploit_scenario":"If slot0 is left as the zero address at deployment, any caller can invoke the setter to write their own address to slot0 and become the authorized signer/role guarded by that slot.","recommendation":"Require the caller to be the admin even on initialization, or ensure slot0 is set during deployment and remove the `slot0 == 0` bypass.","evidence":"Function at 0x0718 checks `CALLER == slot1` OR `slot0 == 0`, then performs `SSTORE` at 0x083d to update slot0, allowing any caller when slot0 is zero.","locations":["BYTECODE_BUNDLE.txt:5"]},{"severity":"low","category":"auth","title":"ECDSA malleability not checked (no v/s validation)","exploit_scenario":"An attacker can produce an alternative (malleable) signature for the same message, which can undermine off-chain signature uniqueness tracking or interact poorly with replay protection if added externally.","recommendation":"Validate `v` is 27/28 and `s` is in the lower half-order before calling `ecrecover`.","evidence":"Signature recovery uses a direct precompile call (address 0x01) in the 0x08db function without any preceding range checks; the half-order constant is absent from bytecode.","locations":["BYTECODE_BUNDLE.txt:5"]}]}
[codex:342374] tokens used
[codex:342374] 132,911
[codex:342374] {"no_findings":false,"summary":"Found replayable signature execution, a permissive slot0 initialization path, and missing ECDSA malleability checks.","findings":[{"severity":"high","category":"auth","title":"Signed execution appears replayable (no nonce/used-hash storage)","exploit_scenario":"If a signer authorizes a call, any relayer can submit the same calldata again to repeat the CALL and drain funds or repeat side effects, because no state is updated to mark the signature as used.","recommendation":"Add a nonce or used-hash mapping in storage, include it in the signed payload, and update it before performing the external CALL; revert on reuse.","evidence":"Execution path at 0x0563 performs an external CALL (`5af1` at 0x0651) after signature verification; the only SSTORE in the entire runtime is at 0x083d (owner update), so no nonce/used-hash is recorded.","locations":["BYTECODE_BUNDLE.txt:5"]},{"severity":"medium","category":"access_control","title":"Slot0 can be set by anyone if it is zero (initializer-style bypass)","exploit_scenario":"If slot0 is left as the zero address at deployment, any caller can invoke the setter to write their own address to slot0 and become the authorized signer/role guarded by that slot.","recommendation":"Require the caller to be the admin even on initialization, or ensure slot0 is set during deployment and remove the `slot0 == 0` bypass.","evidence":"Function at 0x0718 checks `CALLER == slot1` OR `slot0 == 0`, then performs `SSTORE` at 0x083d to update slot0, allowing any caller when slot0 is zero.","locations":["BYTECODE_BUNDLE.txt:5"]},{"severity":"low","category":"auth","title":"ECDSA malleability not checked (no v/s validation)","exploit_scenario":"An attacker can produce an alternative (malleable) signature for the same message, which can undermine off-chain signature uniqueness tracking or interact poorly with replay protection if added externally.","recommendation":"Validate `v` is 27/28 and `s` is in the lower half-order before calling `ecrecover`.","evidence":"Signature recovery uses a direct precompile call (address 0x01) in the 0x08db function without any preceding range checks; the half-order constant is absent from bytecode.","locations":["BYTECODE_BUNDLE.txt:5"]}]}

Metadata

{
    "codex": {
        "ran_at": "2025-12-29T17:06:25.952038+00:00",
        "returncode": 0
    },
    "summary": "Found replayable signature execution, a permissive slot0 initialization path, and missing ECDSA malleability checks.",
    "raw_final": {
        "summary": "Found replayable signature execution, a permissive slot0 initialization path, and missing ECDSA malleability checks.",
        "findings": [
            {
                "title": "Signed execution appears replayable (no nonce/used-hash storage)",
                "category": "auth",
                "evidence": "Execution path at 0x0563 performs an external CALL (`5af1` at 0x0651) after signature verification; the only SSTORE in the entire runtime is at 0x083d (owner update), so no nonce/used-hash is recorded.",
                "severity": "high",
                "locations": [
                    "BYTECODE_BUNDLE.txt:5"
                ],
                "recommendation": "Add a nonce or used-hash mapping in storage, include it in the signed payload, and update it before performing the external CALL; revert on reuse.",
                "exploit_scenario": "If a signer authorizes a call, any relayer can submit the same calldata again to repeat the CALL and drain funds or repeat side effects, because no state is updated to mark the signature as used."
            },
            {
                "title": "Slot0 can be set by anyone if it is zero (initializer-style bypass)",
                "category": "access_control",
                "evidence": "Function at 0x0718 checks `CALLER == slot1` OR `slot0 == 0`, then performs `SSTORE` at 0x083d to update slot0, allowing any caller when slot0 is zero.",
                "severity": "medium",
                "locations": [
                    "BYTECODE_BUNDLE.txt:5"
                ],
                "recommendation": "Require the caller to be the admin even on initialization, or ensure slot0 is set during deployment and remove the `slot0 == 0` bypass.",
                "exploit_scenario": "If slot0 is left as the zero address at deployment, any caller can invoke the setter to write their own address to slot0 and become the authorized signer/role guarded by that slot."
            },
            {
                "title": "ECDSA malleability not checked (no v/s validation)",
                "category": "auth",
                "evidence": "Signature recovery uses a direct precompile call (address 0x01) in the 0x08db function without any preceding range checks; the half-order constant is absent from bytecode.",
                "severity": "low",
                "locations": [
                    "BYTECODE_BUNDLE.txt:5"
                ],
                "recommendation": "Validate `v` is 27/28 and `s` is in the lower half-order before calling `ecrecover`.",
                "exploit_scenario": "An attacker can produce an alternative (malleable) signature for the same message, which can undermine off-chain signature uniqueness tracking or interact poorly with replay protection if added externally."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

2

EXT*/BALANCE

0

Total opcodes

2584

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x00a4
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0x049e1d4d
0000003c: EQ
0000003d: PUSH2 0x00a6
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0x10bfce71
00000047: EQ
00000048: PUSH2 0x00e3
0000004b: JUMPI
0000004c: DUP1
0000004d: PUSH4 0x3018205f
00000052: EQ
00000053: PUSH2 0x010c
00000056: JUMPI
00000057: DUP1
00000058: PUSH4 0x3e104a95
0000005d: EQ
0000005e: PUSH2 0x0137
00000061: JUMPI
00000062: DUP1
00000063: PUSH4 0x4ee7f87d
00000068: EQ
00000069: PUSH2 0x0162
0000006c: JUMPI
0000006d: DUP1
0000006e: PUSH4 0x62c529e4
00000073: EQ
00000074: PUSH2 0x019f
00000077: JUMPI
00000078: DUP1
00000079: PUSH4 0x92eefe9b
0000007e: EQ
0000007f: PUSH2 0x01c8
00000082: JUMPI
00000083: DUP1
00000084: PUSH4 0x9ce110d7
00000089: EQ
0000008a: PUSH2 0x01f1
0000008d: JUMPI
0000008e: DUP1
0000008f: PUSH4 0xee8bd82d
00000094: EQ
00000095: PUSH2 0x021c
00000098: JUMPI
00000099: DUP1
0000009a: PUSH4 0xf77c4791
0000009f: EQ
000000a0: PUSH2 0x0259
000000a3: JUMPI
000000a4: JUMPDEST
000000a5: STOP
000000a6: JUMPDEST
000000a7: CALLVALUE
000000a8: DUP1
000000a9: ISZERO
000000aa: PUSH2 0x00b2
000000ad: JUMPI
000000ae: PUSH1 0x00
000000b0: DUP1
000000b1: REVERT
000000b2: JUMPDEST
000000b3: POP
000000b4: PUSH2 0x00cd
000000b7: PUSH1 0x04
000000b9: DUP1
000000ba: CALLDATASIZE
000000bb: SUB
000000bc: PUSH2 0x00c8
000000bf: SWAP2
000000c0: SWAP1
000000c1: DUP2
000000c2: ADD
000000c3: SWAP1
000000c4: PUSH2 0x0e11
000000c7: JUMP
000000c8: JUMPDEST
000000c9: PUSH2 0x0284
000000cc: JUMP
000000cd: JUMPDEST
000000ce: PUSH1 0x40
000000d0: MLOAD
000000d1: PUSH2 0x00da
000000d4: SWAP2
000000d5: SWAP1
000000d6: PUSH2 0x0ed2
000000d9: JUMP
000000da: JUMPDEST
000000db: PUSH1 0x40
000000dd: MLOAD
000000de: DUP1
000000df: SWAP2
000000e0: SUB
000000e1: SWAP1
000000e2: RETURN
000000e3: JUMPDEST
000000e4: CALLVALUE
000000e5: DUP1
000000e6: ISZERO
000000e7: PUSH2 0x00ef
000000ea: JUMPI
000000eb: PUSH1 0x00
000000ed: DUP1
000000ee: REVERT
000000ef: JUMPDEST
000000f0: POP
000000f1: PUSH2 0x010a
000000f4: PUSH1 0x04
000000f6: DUP1
000000f7: CALLDATASIZE
000000f8: SUB
000000f9: PUSH2 0x0105
000000fc: SWAP2
000000fd: SWAP1
000000fe: DUP2
000000ff: ADD
00000100: SWAP1
00000101: PUSH2 0x0d94
00000104: JUMP
00000105: JUMPDEST
00000106: PUSH2 0x036b
00000109: JUMP
0000010a: JUMPDEST
0000010b: STOP
0000010c: JUMPDEST
0000010d: CALLVALUE
0000010e: DUP1
0000010f: ISZERO
00000110: PUSH2 0x0118
00000113: JUMPI
00000114: PUSH1 0x00
00000116: DUP1
00000117: REVERT
00000118: JUMPDEST
00000119: POP
0000011a: PUSH2 0x0121
0000011d: PUSH2 0x03ab
00000120: JUMP
00000121: JUMPDEST
00000122: PUSH1 0x40
00000124: MLOAD
00000125: PUSH2 0x012e
00000128: SWAP2
00000129: SWAP1
0000012a: PUSH2 0x0e8e
0000012d: JUMP
0000012e: JUMPDEST
0000012f: PUSH1 0x40
00000131: MLOAD
00000132: DUP1
00000133: SWAP2
00000134: SUB
00000135: SWAP1
00000136: RETURN
00000137: JUMPDEST
00000138: CALLVALUE
00000139: DUP1
0000013a: ISZERO
0000013b: PUSH2 0x0143
0000013e: JUMPI
0000013f: PUSH1 0x00
00000141: DUP1
00000142: REVERT
00000143: JUMPDEST
00000144: POP
00000145: PUSH2 0x014c
00000148: PUSH2 0x03d4
0000014b: JUMP
0000014c: JUMPDEST
0000014d: PUSH1 0x40
0000014f: MLOAD
00000150: PUSH2 0x0159
00000153: SWAP2
00000154: SWAP1
00000155: PUSH2 0x0e8e
00000158: JUMP
00000159: JUMPDEST
0000015a: PUSH1 0x40
0000015c: MLOAD
0000015d: DUP1
0000015e: SWAP2
0000015f: SUB
00000160: SWAP1
00000161: RETURN
00000162: JUMPDEST
00000163: CALLVALUE
00000164: DUP1
00000165: ISZERO
00000166: PUSH2 0x016e
00000169: JUMPI
0000016a: PUSH1 0x00
0000016c: DUP1
0000016d: REVERT
0000016e: JUMPDEST
0000016f: POP
00000170: PUSH2 0x0189
00000173: PUSH1 0x04
00000175: DUP1
00000176: CALLDATASIZE
00000177: SUB
00000178: PUSH2 0x0184
0000017b: SWAP2
0000017c: SWAP1
0000017d: DUP2
0000017e: ADD
0000017f: SWAP1
00000180: PUSH2 0x0d2d
00000183: JUMP
00000184: JUMPDEST
00000185: PUSH2 0x03fe
00000188: JUMP
00000189: JUMPDEST
0000018a: PUSH1 0x40
0000018c: MLOAD
0000018d: PUSH2 0x0196
00000190: SWAP2
00000191: SWAP1
00000192: PUSH2 0x0eed
00000195: JUMP
00000196: JUMPDEST
00000197: PUSH1 0x40
00000199: MLOAD
0000019a: DUP1
0000019b: SWAP2
0000019c: SUB
0000019d: SWAP1
0000019e: RETURN
0000019f: JUMPDEST
000001a0: CALLVALUE
000001a1: DUP1
000001a2: ISZERO
000001a3: PUSH2 0x01ab
000001a6: JUMPI
000001a7: PUSH1 0x00
000001a9: DUP1
000001aa: REVERT
000001ab: JUMPDEST
000001ac: POP
000001ad: PUSH2 0x01c6
000001b0: PUSH1 0x04
000001b2: DUP1
000001b3: CALLDATASIZE
000001b4: SUB
000001b5: PUSH2 0x01c1
000001b8: SWAP2
000001b9: SWAP1
000001ba: DUP2
000001bb: ADD
000001bc: SWAP1
000001bd: PUSH2 0x0e11
000001c0: JUMP
000001c1: JUMPDEST
000001c2: PUSH2 0x0563
000001c5: JUMP
000001c6: JUMPDEST
000001c7: STOP
000001c8: JUMPDEST
000001c9: CALLVALUE
000001ca: DUP1
000001cb: ISZERO
000001cc: PUSH2 0x01d4
000001cf: JUMPI
000001d0: PUSH1 0x00
000001d2: DUP1
000001d3: REVERT
000001d4: JUMPDEST
000001d5: POP
000001d6: PUSH2 0x01ef
000001d9: PUSH1 0x04
000001db: DUP1
000001dc: CALLDATASIZE
000001dd: SUB
000001de: PUSH2 0x01ea
000001e1: SWAP2
000001e2: SWAP1
000001e3: DUP2
000001e4: ADD
000001e5: SWAP1
000001e6: PUSH2 0x0d04
000001e9: JUMP
000001ea: JUMPDEST
000001eb: PUSH2 0x0718
000001ee: JUMP
000001ef: JUMPDEST
000001f0: STOP
000001f1: JUMPDEST
000001f2: CALLVALUE
000001f3: DUP1
000001f4: ISZERO
000001f5: PUSH2 0x01fd
000001f8: JUMPI
000001f9: PUSH1 0x00
000001fb: DUP1
000001fc: REVERT
000001fd: JUMPDEST
000001fe: POP
000001ff: PUSH2 0x0206
00000202: PUSH2 0x08b5
00000205: JUMP
00000206: JUMPDEST
00000207: PUSH1 0x40
00000209: MLOAD
0000020a: PUSH2 0x0213
0000020d: SWAP2
0000020e: SWAP1
0000020f: PUSH2 0x0e8e
00000212: JUMP
00000213: JUMPDEST
00000214: PUSH1 0x40
00000216: MLOAD
00000217: DUP1
00000218: SWAP2
00000219: SUB
0000021a: SWAP1
0000021b: RETURN
0000021c: JUMPDEST
0000021d: CALLVALUE
0000021e: DUP1
0000021f: ISZERO
00000220: PUSH2 0x0228
00000223: JUMPI
00000224: PUSH1 0x00
00000226: DUP1
00000227: REVERT
00000228: JUMPDEST
00000229: POP
0000022a: PUSH2 0x0243
0000022d: PUSH1 0x04
0000022f: DUP1
00000230: CALLDATASIZE
00000231: SUB
00000232: PUSH2 0x023e
00000235: SWAP2
00000236: SWAP1
00000237: DUP2
00000238: ADD
00000239: SWAP1
0000023a: PUSH2 0x0dd5
0000023d: JUMP
0000023e: JUMPDEST
0000023f: PUSH2 0x08db
00000242: JUMP
00000243: JUMPDEST
00000244: PUSH1 0x40
00000246: MLOAD
00000247: PUSH2 0x0250
0000024a: SWAP2
0000024b: SWAP1
0000024c: PUSH2 0x0e8e
0000024f: JUMP
00000250: JUMPDEST
00000251: PUSH1 0x40
00000253: MLOAD
00000254: DUP1
00000255: SWAP2
00000256: SUB
00000257: SWAP1
00000258: RETURN
00000259: JUMPDEST
0000025a: CALLVALUE
0000025b: DUP1
0000025c: ISZERO
0000025d: PUSH2 0x0265
00000260: JUMPI
00000261: PUSH1 0x00
00000263: DUP1
00000264: REVERT
00000265: JUMPDEST
00000266: POP
00000267: PUSH2 0x026e
0000026a: PUSH2 0x0942
0000026d: JUMP
0000026e: JUMPDEST
0000026f: PUSH1 0x40
00000271: MLOAD
00000272: PUSH2 0x027b
00000275: SWAP2
00000276: SWAP1
00000277: PUSH2 0x0e8e
0000027a: JUMP
0000027b: JUMPDEST
0000027c: PUSH1 0x40
0000027e: MLOAD
0000027f: DUP1
00000280: SWAP2
00000281: SUB
00000282: SWAP1
00000283: RETURN
00000284: JUMPDEST
00000285: PUSH1 0x00
00000287: DUP1
00000288: PUSH1 0x60
0000028a: PUSH1 0x00
0000028c: DUP1
0000028d: PUSH2 0x0294
00000290: PUSH2 0x0967
00000293: JUMP
00000294: JUMPDEST
00000295: PUSH1 0x00
00000297: DUP1
00000298: DUP9
00000299: PUSH1 0x00
0000029b: ADD
0000029c: MLOAD
0000029d: SWAP7
0000029e: POP
0000029f: DUP9
000002a0: PUSH1 0x20
000002a2: ADD
000002a3: MLOAD
000002a4: SWAP6
000002a5: POP
000002a6: DUP9
000002a7: PUSH1 0x40
000002a9: ADD
000002aa: MLOAD
000002ab: SWAP5
000002ac: POP
000002ad: DUP9
000002ae: PUSH1 0x80
000002b0: ADD
000002b1: MLOAD
000002b2: SWAP4
000002b3: POP
000002b4: DUP9
000002b5: PUSH1 0x60
000002b7: ADD
000002b8: MLOAD
000002b9: SWAP3
000002ba: POP
000002bb: PUSH1 0x00
000002bd: DUP1
000002be: SWAP1
000002bf: SLOAD
000002c0: SWAP1
000002c1: PUSH2 0x0100
000002c4: EXP
000002c5: SWAP1
000002c6: DIV
000002c7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002dc: AND
000002dd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002f2: AND
000002f3: DUP5
000002f4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000309: AND
0000030a: EQ
0000030b: ISZERO
0000030c: ISZERO
0000030d: PUSH2 0x0315
00000310: JUMPI
00000311: PUSH1 0x00
00000313: DUP1
00000314: REVERT
00000315: JUMPDEST
00000316: PUSH2 0x0320
00000319: DUP8
0000031a: DUP8
0000031b: DUP8
0000031c: PUSH2 0x03fe
0000031f: JUMP
00000320: JUMPDEST
00000321: SWAP2
00000322: POP
00000323: PUSH2 0x032c
00000326: DUP3
00000327: DUP5
00000328: PUSH2 0x08db
0000032b: JUMP
0000032c: JUMPDEST
0000032d: SWAP1
0000032e: POP
0000032f: DUP4
00000330: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000345: AND
00000346: DUP2
00000347: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000035c: AND
0000035d: EQ
0000035e: SWAP8
0000035f: POP
00000360: POP
00000361: POP
00000362: POP
00000363: POP
00000364: POP
00000365: POP
00000366: POP
00000367: SWAP2
00000368: SWAP1
00000369: POP
0000036a: JUMP
0000036b: JUMPDEST
0000036c: PUSH1 0x00
0000036e: DUP1
0000036f: SWAP1
00000370: POP
00000371: JUMPDEST
00000372: DUP2
00000373: MLOAD
00000374: DUP2
00000375: LT
00000376: ISZERO
00000377: PUSH2 0x03a7
0000037a: JUMPI
0000037b: PUSH2 0x039a
0000037e: DUP3
0000037f: DUP3
00000380: DUP2
00000381: MLOAD
00000382: DUP2
00000383: LT
00000384: ISZERO
00000385: ISZERO
00000386: PUSH2 0x038b
00000389: JUMPI
0000038a: INVALID
0000038b: JUMPDEST
0000038c: SWAP1
0000038d: PUSH1 0x20
0000038f: ADD
00000390: SWAP1
00000391: PUSH1 0x20
00000393: MUL
00000394: ADD
00000395: MLOAD
00000396: PUSH2 0x0563
00000399: JUMP
0000039a: JUMPDEST
0000039b: DUP1
0000039c: DUP1
0000039d: PUSH1 0x01
0000039f: ADD
000003a0: SWAP2
000003a1: POP
000003a2: POP
000003a3: PUSH2 0x0371
000003a6: JUMP
000003a7: JUMPDEST
000003a8: POP
000003a9: POP
000003aa: JUMP
000003ab: JUMPDEST
000003ac: PUSH1 0x00
000003ae: DUP1
000003af: PUSH1 0x00
000003b1: SWAP1
000003b2: SLOAD
000003b3: SWAP1
000003b4: PUSH2 0x0100
000003b7: EXP
000003b8: SWAP1
000003b9: DIV
000003ba: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003cf: AND
000003d0: SWAP1
000003d1: POP
000003d2: SWAP1
000003d3: JUMP
000003d4: JUMPDEST
000003d5: PUSH1 0x00
000003d7: PUSH1 0x01
000003d9: PUSH1 0x00
000003db: SWAP1
000003dc: SLOAD
000003dd: SWAP1
000003de: PUSH2 0x0100
000003e1: EXP
000003e2: SWAP1
000003e3: DIV
000003e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000003f9: AND
000003fa: SWAP1
000003fb: POP
000003fc: SWAP1
000003fd: JUMP
000003fe: JUMPDEST
000003ff: PUSH1 0x00
00000401: DUP1
00000402: DUP5
00000403: DUP5
00000404: DUP5
00000405: PUSH1 0x40
00000407: MLOAD
00000408: DUP1
00000409: DUP5
0000040a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000041f: AND
00000420: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000435: AND
00000436: PUSH13 0x01000000000000000000000000
00000444: MUL
00000445: DUP2
00000446: MSTORE
00000447: PUSH1 0x14
00000449: ADD
0000044a: DUP4
0000044b: DUP1
0000044c: MLOAD
0000044d: SWAP1
0000044e: PUSH1 0x20
00000450: ADD
00000451: SWAP1
00000452: DUP1
00000453: DUP4
00000454: DUP4
00000455: JUMPDEST
00000456: PUSH1 0x20
00000458: DUP4
00000459: LT
0000045a: ISZERO
0000045b: ISZERO
0000045c: PUSH2 0x047a
0000045f: JUMPI
00000460: DUP1
00000461: MLOAD
00000462: DUP3
00000463: MSTORE
00000464: PUSH1 0x20
00000466: DUP3
00000467: ADD
00000468: SWAP2
00000469: POP
0000046a: PUSH1 0x20
0000046c: DUP2
0000046d: ADD
0000046e: SWAP1
0000046f: POP
00000470: PUSH1 0x20
00000472: DUP4
00000473: SUB
00000474: SWAP3
00000475: POP
00000476: PUSH2 0x0455
00000479: JUMP
0000047a: JUMPDEST
0000047b: PUSH1 0x01
0000047d: DUP4
0000047e: PUSH1 0x20
00000480: SUB
00000481: PUSH2 0x0100
00000484: EXP
00000485: SUB
00000486: DUP1
00000487: NOT
00000488: DUP3
00000489: MLOAD
0000048a: AND
0000048b: DUP2
0000048c: DUP5
0000048d: MLOAD
0000048e: AND
0000048f: DUP1
00000490: DUP3
00000491: OR
00000492: DUP6
00000493: MSTORE
00000494: POP
00000495: POP
00000496: POP
00000497: POP
00000498: POP
00000499: POP
0000049a: SWAP1
0000049b: POP
0000049c: ADD
0000049d: DUP3
0000049e: DUP2
0000049f: MSTORE
000004a0: PUSH1 0x20
000004a2: ADD
000004a3: SWAP4
000004a4: POP
000004a5: POP
000004a6: POP
000004a7: POP
000004a8: PUSH1 0x40
000004aa: MLOAD
000004ab: DUP1
000004ac: SWAP2
000004ad: SUB
000004ae: SWAP1
000004af: KECCAK256
000004b0: SWAP1
000004b1: POP
000004b2: PUSH1 0x40
000004b4: DUP1
000004b5: MLOAD
000004b6: SWAP1
000004b7: DUP2
000004b8: ADD
000004b9: PUSH1 0x40
000004bb: MSTORE
000004bc: DUP1
000004bd: PUSH1 0x1c
000004bf: DUP2
000004c0: MSTORE
000004c1: PUSH1 0x20
000004c3: ADD
000004c4: PUSH32 0x19457468657265756d205369676e6564204d6573736167653a0a333200000000
000004e5: DUP2
000004e6: MSTORE
000004e7: POP
000004e8: DUP2
000004e9: PUSH1 0x40
000004eb: MLOAD
000004ec: DUP1
000004ed: DUP4
000004ee: DUP1
000004ef: MLOAD
000004f0: SWAP1
000004f1: PUSH1 0x20
000004f3: ADD
000004f4: SWAP1
000004f5: DUP1
000004f6: DUP4
000004f7: DUP4
000004f8: JUMPDEST
000004f9: PUSH1 0x20
000004fb: DUP4
000004fc: LT
000004fd: ISZERO
000004fe: ISZERO
000004ff: PUSH2 0x051d
00000502: JUMPI
00000503: DUP1
00000504: MLOAD
00000505: DUP3
00000506: MSTORE
00000507: PUSH1 0x20
00000509: DUP3
0000050a: ADD
0000050b: SWAP2
0000050c: POP
0000050d: PUSH1 0x20
0000050f: DUP2
00000510: ADD
00000511: SWAP1
00000512: POP
00000513: PUSH1 0x20
00000515: DUP4
00000516: SUB
00000517: SWAP3
00000518: POP
00000519: PUSH2 0x04f8
0000051c: JUMP
0000051d: JUMPDEST
0000051e: PUSH1 0x01
00000520: DUP4
00000521: PUSH1 0x20
00000523: SUB
00000524: PUSH2 0x0100
00000527: EXP
00000528: SUB
00000529: DUP1
0000052a: NOT
0000052b: DUP3
0000052c: MLOAD
0000052d: AND
0000052e: DUP2
0000052f: DUP5
00000530: MLOAD
00000531: AND
00000532: DUP1
00000533: DUP3
00000534: OR
00000535: DUP6
00000536: MSTORE
00000537: POP
00000538: POP
00000539: POP
0000053a: POP
0000053b: POP
0000053c: POP
0000053d: SWAP1
0000053e: POP
0000053f: ADD
00000540: DUP3
00000541: PUSH1 0x00
00000543: NOT
00000544: AND
00000545: PUSH1 0x00
00000547: NOT
00000548: AND
00000549: DUP2
0000054a: MSTORE
0000054b: PUSH1 0x20
0000054d: ADD
0000054e: SWAP3
0000054f: POP
00000550: POP
00000551: POP
00000552: PUSH1 0x40
00000554: MLOAD
00000555: DUP1
00000556: SWAP2
00000557: SUB
00000558: SWAP1
00000559: KECCAK256
0000055a: SWAP2
0000055b: POP
0000055c: POP
0000055d: SWAP4
0000055e: SWAP3
0000055f: POP
00000560: POP
00000561: POP
00000562: JUMP
00000563: JUMPDEST
00000564: PUSH1 0x00
00000566: PUSH1 0x60
00000568: PUSH1 0x00
0000056a: DUP1
0000056b: DUP5
0000056c: PUSH1 0x00
0000056e: ADD
0000056f: MLOAD
00000570: SWAP4
00000571: POP
00000572: DUP5
00000573: PUSH1 0x20
00000575: ADD
00000576: MLOAD
00000577: SWAP3
00000578: POP
00000579: DUP5
0000057a: PUSH1 0x40
0000057c: ADD
0000057d: MLOAD
0000057e: SWAP2
0000057f: POP
00000580: DUP5
00000581: PUSH1 0x80
00000583: ADD
00000584: MLOAD
00000585: SWAP1
00000586: POP
00000587: PUSH32 0x74d34c6fe876d2d910521ea7c31bdea6530879732d5e8fa3781ce25171fa1760
000005a8: DUP5
000005a9: DUP3
000005aa: PUSH1 0x40
000005ac: MLOAD
000005ad: PUSH2 0x05b7
000005b0: SWAP3
000005b1: SWAP2
000005b2: SWAP1
000005b3: PUSH2 0x0ea9
000005b6: JUMP
000005b7: JUMPDEST
000005b8: PUSH1 0x40
000005ba: MLOAD
000005bb: DUP1
000005bc: SWAP2
000005bd: SUB
000005be: SWAP1
000005bf: LOG1
000005c0: PUSH2 0x05c8
000005c3: DUP6
000005c4: PUSH2 0x0284
000005c7: JUMP
000005c8: JUMPDEST
000005c9: ISZERO
000005ca: PUSH2 0x06d7
000005cd: JUMPI
000005ce: DUP4
000005cf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005e4: AND
000005e5: DUP3
000005e6: DUP5
000005e7: PUSH1 0x40
000005e9: MLOAD
000005ea: DUP1
000005eb: DUP3
000005ec: DUP1
000005ed: MLOAD
000005ee: SWAP1
000005ef: PUSH1 0x20
000005f1: ADD
000005f2: SWAP1
000005f3: DUP1
000005f4: DUP4
000005f5: DUP4
000005f6: PUSH1 0x00
000005f8: JUMPDEST
000005f9: DUP4
000005fa: DUP2
000005fb: LT
000005fc: ISZERO
000005fd: PUSH2 0x0613
00000600: JUMPI
00000601: DUP1
00000602: DUP3
00000603: ADD
00000604: MLOAD
00000605: DUP2
00000606: DUP5
00000607: ADD
00000608: MSTORE
00000609: PUSH1 0x20
0000060b: DUP2
0000060c: ADD
0000060d: SWAP1
0000060e: POP
0000060f: PUSH2 0x05f8
00000612: JUMP
00000613: JUMPDEST
00000614: POP
00000615: POP
00000616: POP
00000617: POP
00000618: SWAP1
00000619: POP
0000061a: SWAP1
0000061b: DUP2
0000061c: ADD
0000061d: SWAP1
0000061e: PUSH1 0x1f
00000620: AND
00000621: DUP1
00000622: ISZERO
00000623: PUSH2 0x0640
00000626: JUMPI
00000627: DUP1
00000628: DUP3
00000629: SUB
0000062a: DUP1
0000062b: MLOAD
0000062c: PUSH1 0x01
0000062e: DUP4
0000062f: PUSH1 0x20
00000631: SUB
00000632: PUSH2 0x0100
00000635: EXP
00000636: SUB
00000637: NOT
00000638: AND
00000639: DUP2
0000063a: MSTORE
0000063b: PUSH1 0x20
0000063d: ADD
0000063e: SWAP2
0000063f: POP
00000640: JUMPDEST
00000641: POP
00000642: SWAP2
00000643: POP
00000644: POP
00000645: PUSH1 0x00
00000647: PUSH1 0x40
00000649: MLOAD
0000064a: DUP1
0000064b: DUP4
0000064c: SUB
0000064d: DUP2
0000064e: DUP6
0000064f: DUP8
00000650: GAS
00000651: CALL
00000652: SWAP3
00000653: POP
00000654: POP
00000655: POP
00000656: ISZERO
00000657: PUSH2 0x0698
0000065a: JUMPI
0000065b: PUSH32 0x9ae6eab77ab97680a0708bbb21af686ae24276636c6aa70f8a02f4cccd49499b
0000067c: DUP5
0000067d: DUP3
0000067e: PUSH1 0x40
00000680: MLOAD
00000681: PUSH2 0x068b
00000684: SWAP3
00000685: SWAP2
00000686: SWAP1
00000687: PUSH2 0x0ea9
0000068a: JUMP
0000068b: JUMPDEST
0000068c: PUSH1 0x40
0000068e: MLOAD
0000068f: DUP1
00000690: SWAP2
00000691: SUB
00000692: SWAP1
00000693: LOG1
00000694: PUSH2 0x06d2
00000697: JUMP
00000698: JUMPDEST
00000699: PUSH32 0x422d7d1308c28fc21ce33958ef24b1078048fc1a9d39bdc51931eb2e9939fd03
000006ba: DUP5
000006bb: DUP3
000006bc: PUSH1 0x40
000006be: MLOAD
000006bf: PUSH2 0x06c9
000006c2: SWAP3
000006c3: SWAP2
000006c4: SWAP1
000006c5: PUSH2 0x0ea9
000006c8: JUMP
000006c9: JUMPDEST
000006ca: PUSH1 0x40
000006cc: MLOAD
000006cd: DUP1
000006ce: SWAP2
000006cf: SUB
000006d0: SWAP1
000006d1: LOG1
000006d2: JUMPDEST
000006d3: PUSH2 0x0711
000006d6: JUMP
000006d7: JUMPDEST
000006d8: PUSH32 0x1d7ce720a2f369d4eb35904f7bb3f97b6fdcfc76cf000cbd281d405ec68c1956
000006f9: DUP5
000006fa: DUP3
000006fb: PUSH1 0x40
000006fd: MLOAD
000006fe: PUSH2 0x0708
00000701: SWAP3
00000702: SWAP2
00000703: SWAP1
00000704: PUSH2 0x0ea9
00000707: JUMP
00000708: JUMPDEST
00000709: PUSH1 0x40
0000070b: MLOAD
0000070c: DUP1
0000070d: SWAP2
0000070e: SUB
0000070f: SWAP1
00000710: LOG1
00000711: JUMPDEST
00000712: POP
00000713: POP
00000714: POP
00000715: POP
00000716: POP
00000717: JUMP
00000718: JUMPDEST
00000719: PUSH32 0x4f7b0265dc15e282f56ae0820603286a6547460256b0fe068e6ed578cb3d8bb6
0000073a: DUP2
0000073b: PUSH1 0x40
0000073d: MLOAD
0000073e: PUSH2 0x0747
00000741: SWAP2
00000742: SWAP1
00000743: PUSH2 0x0e8e
00000746: JUMP
00000747: JUMPDEST
00000748: PUSH1 0x40
0000074a: MLOAD
0000074b: DUP1
0000074c: SWAP2
0000074d: SUB
0000074e: SWAP1
0000074f: LOG1
00000750: PUSH1 0x01
00000752: PUSH1 0x00
00000754: SWAP1
00000755: SLOAD
00000756: SWAP1
00000757: PUSH2 0x0100
0000075a: EXP
0000075b: SWAP1
0000075c: DIV
0000075d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000772: AND
00000773: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000788: AND
00000789: CALLER
0000078a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000079f: AND
000007a0: EQ
000007a1: DUP1
000007a2: ISZERO
000007a3: PUSH2 0x07f9
000007a6: JUMPI
000007a7: POP
000007a8: PUSH1 0x00
000007aa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007bf: AND
000007c0: PUSH1 0x00
000007c2: DUP1
000007c3: SWAP1
000007c4: SLOAD
000007c5: SWAP1
000007c6: PUSH2 0x0100
000007c9: EXP
000007ca: SWAP1
000007cb: DIV
000007cc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007e1: AND
000007e2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000007f7: AND
000007f8: EQ
000007f9: JUMPDEST
000007fa: ISZERO
000007fb: PUSH2 0x087a
000007fe: JUMPI
000007ff: DUP1
00000800: PUSH1 0x00
00000802: DUP1
00000803: PUSH2 0x0100
00000806: EXP
00000807: DUP2
00000808: SLOAD
00000809: DUP2
0000080a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000081f: MUL
00000820: NOT
00000821: AND
00000822: SWAP1
00000823: DUP4
00000824: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000839: AND
0000083a: MUL
0000083b: OR
0000083c: SWAP1
0000083d: SSTORE
0000083e: POP
0000083f: PUSH32 0x5c4387c894a24bbdaab0ebb3e90d2d0f0d1900a6b4878e87c1fc3bfe75c1f0df
00000860: DUP2
00000861: PUSH1 0x40
00000863: MLOAD
00000864: PUSH2 0x086d
00000867: SWAP2
00000868: SWAP1
00000869: PUSH2 0x0e8e
0000086c: JUMP
0000086d: JUMPDEST
0000086e: PUSH1 0x40
00000870: MLOAD
00000871: DUP1
00000872: SWAP2
00000873: SUB
00000874: SWAP1
00000875: LOG1
00000876: PUSH2 0x08b2
00000879: JUMP
0000087a: JUMPDEST
0000087b: PUSH32 0x6e7c18ac33fbdcd4f970e95dbb26c2f291e243f724c43b33c701f00f75826513
0000089c: DUP2
0000089d: PUSH1 0x40
0000089f: MLOAD
000008a0: PUSH2 0x08a9
000008a3: SWAP2
000008a4: SWAP1
000008a5: PUSH2 0x0e8e
000008a8: JUMP
000008a9: JUMPDEST
000008aa: PUSH1 0x40
000008ac: MLOAD
000008ad: DUP1
000008ae: SWAP2
000008af: SUB
000008b0: SWAP1
000008b1: LOG1
000008b2: JUMPDEST
000008b3: POP
000008b4: JUMP
000008b5: JUMPDEST
000008b6: PUSH1 0x01
000008b8: PUSH1 0x00
000008ba: SWAP1
000008bb: SLOAD
000008bc: SWAP1
000008bd: PUSH2 0x0100
000008c0: EXP
000008c1: SWAP1
000008c2: DIV
000008c3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000008d8: AND
000008d9: DUP2
000008da: JUMP
000008db: JUMPDEST
000008dc: PUSH1 0x00
000008de: PUSH1 0x01
000008e0: DUP4
000008e1: DUP4
000008e2: PUSH1 0x00
000008e4: ADD
000008e5: MLOAD
000008e6: DUP5
000008e7: PUSH1 0x20
000008e9: ADD
000008ea: MLOAD
000008eb: DUP6
000008ec: PUSH1 0x40
000008ee: ADD
000008ef: MLOAD
000008f0: PUSH1 0x40
000008f2: MLOAD
000008f3: PUSH1 0x00
000008f5: DUP2
000008f6: MSTORE
000008f7: PUSH1 0x20
000008f9: ADD
000008fa: PUSH1 0x40
000008fc: MSTORE
000008fd: PUSH1 0x40
000008ff: MLOAD
00000900: PUSH2 0x090c
00000903: SWAP5
00000904: SWAP4
00000905: SWAP3
00000906: SWAP2
00000907: SWAP1
00000908: PUSH2 0x0f08
0000090b: JUMP
0000090c: JUMPDEST
0000090d: PUSH1 0x20
0000090f: PUSH1 0x40
00000911: MLOAD
00000912: PUSH1 0x20
00000914: DUP2
00000915: SUB
00000916: SWAP1
00000917: DUP1
00000918: DUP5
00000919: SUB
0000091a: SWAP1
0000091b: PUSH1 0x00
0000091d: DUP7
0000091e: GAS
0000091f: CALL
00000920: ISZERO
00000921: DUP1
00000922: ISZERO
00000923: PUSH2 0x0930
00000926: JUMPI
00000927: RETURNDATASIZE
00000928: PUSH1 0x00
0000092a: DUP1
0000092b: RETURNDATACOPY
0000092c: RETURNDATASIZE
0000092d: PUSH1 0x00
0000092f: REVERT
00000930: JUMPDEST
00000931: POP
00000932: POP
00000933: POP
00000934: PUSH1 0x20
00000936: PUSH1 0x40
00000938: MLOAD
00000939: SUB
0000093a: MLOAD
0000093b: SWAP1
0000093c: POP
0000093d: SWAP3
0000093e: SWAP2
0000093f: POP
00000940: POP
00000941: JUMP
00000942: JUMPDEST
00000943: PUSH1 0x00
00000945: DUP1
00000946: SWAP1
00000947: SLOAD
00000948: SWAP1
00000949: PUSH2 0x0100
0000094c: EXP
0000094d: SWAP1
0000094e: DIV
0000094f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000964: AND
00000965: DUP2
00000966: JUMP
00000967: JUMPDEST
00000968: PUSH1 0x60
0000096a: PUSH1 0x40
0000096c: MLOAD
0000096d: SWAP1
0000096e: DUP2
0000096f: ADD
00000970: PUSH1 0x40
00000972: MSTORE
00000973: DUP1
00000974: PUSH1 0x00
00000976: PUSH1 0xff
00000978: AND
00000979: DUP2
0000097a: MSTORE
0000097b: PUSH1 0x20
0000097d: ADD
0000097e: PUSH1 0x00
00000980: DUP1
00000981: NOT
00000982: AND
00000983: DUP2
00000984: MSTORE
00000985: PUSH1 0x20
00000987: ADD
00000988: PUSH1 0x00
0000098a: DUP1
0000098b: NOT
0000098c: AND
0000098d: DUP2
0000098e: MSTORE
0000098f: POP
00000990: SWAP1
00000991: JUMP
00000992: JUMPDEST
00000993: PUSH1 0x00
00000995: PUSH2 0x099e
00000998: DUP3
00000999: CALLDATALOAD
0000099a: PUSH2 0x103d
0000099d: JUMP
0000099e: JUMPDEST
0000099f: SWAP1
000009a0: POP
000009a1: SWAP3
000009a2: SWAP2
000009a3: POP
000009a4: POP
000009a5: JUMP
000009a6: JUMPDEST
000009a7: PUSH1 0x00
000009a9: DUP3
000009aa: PUSH1 0x1f
000009ac: DUP4
000009ad: ADD
000009ae: SLT
000009af: ISZERO
000009b0: ISZERO
000009b1: PUSH2 0x09b9
000009b4: JUMPI
000009b5: PUSH1 0x00
000009b7: DUP1
000009b8: REVERT
000009b9: JUMPDEST
000009ba: DUP2
000009bb: CALLDATALOAD
000009bc: PUSH2 0x09cc
000009bf: PUSH2 0x09c7
000009c2: DUP3
000009c3: PUSH2 0x0f7a
000009c6: JUMP
000009c7: JUMPDEST
000009c8: PUSH2 0x0f4d
000009cb: JUMP
000009cc: JUMPDEST
000009cd: SWAP2
000009ce: POP
000009cf: DUP2
000009d0: DUP2
000009d1: DUP4
000009d2: MSTORE
000009d3: PUSH1 0x20
000009d5: DUP5
000009d6: ADD
000009d7: SWAP4
000009d8: POP
000009d9: PUSH1 0x20
000009db: DUP2
000009dc: ADD
000009dd: SWAP1
000009de: POP
000009df: DUP4
000009e0: PUSH1 0x00
000009e2: JUMPDEST
000009e3: DUP4
000009e4: DUP2
000009e5: LT
000009e6: ISZERO
000009e7: PUSH2 0x0a12
000009ea: JUMPI
000009eb: DUP2
000009ec: CALLDATALOAD
000009ed: DUP7
000009ee: ADD
000009ef: PUSH2 0x09f8
000009f2: DUP9
000009f3: DUP3
000009f4: PUSH2 0x0b9c
000009f7: JUMP
000009f8: JUMPDEST
000009f9: DUP5
000009fa: MSTORE
000009fb: PUSH1 0x20
000009fd: DUP5
000009fe: ADD
000009ff: SWAP4
00000a00: POP
00000a01: PUSH1 0x20
00000a03: DUP4
00000a04: ADD
00000a05: SWAP3
00000a06: POP
00000a07: POP
00000a08: PUSH1 0x01
00000a0a: DUP2
00000a0b: ADD
00000a0c: SWAP1
00000a0d: POP
00000a0e: PUSH2 0x09e2
00000a11: JUMP
00000a12: JUMPDEST
00000a13: POP
00000a14: POP
00000a15: POP
00000a16: POP
00000a17: SWAP3
00000a18: SWAP2
00000a19: POP
00000a1a: POP
00000a1b: JUMP
00000a1c: JUMPDEST
00000a1d: PUSH1 0x00
00000a1f: PUSH2 0x0a28
00000a22: DUP3
00000a23: CALLDATALOAD
00000a24: PUSH2 0x105d
00000a27: JUMP
00000a28: JUMPDEST
00000a29: SWAP1
00000a2a: POP
00000a2b: SWAP3
00000a2c: SWAP2
00000a2d: POP
00000a2e: POP
00000a2f: JUMP
00000a30: JUMPDEST
00000a31: PUSH1 0x00
00000a33: DUP3
00000a34: PUSH1 0x1f
00000a36: DUP4
00000a37: ADD
00000a38: SLT
00000a39: ISZERO
00000a3a: ISZERO
00000a3b: PUSH2 0x0a43
00000a3e: JUMPI
00000a3f: PUSH1 0x00
00000a41: DUP1
00000a42: REVERT
00000a43: JUMPDEST
00000a44: DUP2
00000a45: CALLDATALOAD
00000a46: PUSH2 0x0a56
00000a49: PUSH2 0x0a51
00000a4c: DUP3
00000a4d: PUSH2 0x0fa2
00000a50: JUMP
00000a51: JUMPDEST
00000a52: PUSH2 0x0f4d
00000a55: JUMP
00000a56: JUMPDEST
00000a57: SWAP2
00000a58: POP
00000a59: DUP1
00000a5a: DUP3
00000a5b: MSTORE
00000a5c: PUSH1 0x20
00000a5e: DUP4
00000a5f: ADD
00000a60: PUSH1 0x20
00000a62: DUP4
00000a63: ADD
00000a64: DUP6
00000a65: DUP4
00000a66: DUP4
00000a67: ADD
00000a68: GT
00000a69: ISZERO
00000a6a: PUSH2 0x0a72
00000a6d: JUMPI
00000a6e: PUSH1 0x00
00000a70: DUP1
00000a71: REVERT
00000a72: JUMPDEST
00000a73: PUSH2 0x0a7d
00000a76: DUP4
00000a77: DUP3
00000a78: DUP5
00000a79: PUSH2 0x107e
00000a7c: JUMP
00000a7d: JUMPDEST
00000a7e: POP
00000a7f: POP
00000a80: POP
00000a81: SWAP3
00000a82: SWAP2
00000a83: POP
00000a84: POP
00000a85: JUMP
00000a86: JUMPDEST
00000a87: PUSH1 0x00
00000a89: DUP3
00000a8a: PUSH1 0x1f
00000a8c: DUP4
00000a8d: ADD
00000a8e: SLT
00000a8f: ISZERO
00000a90: ISZERO
00000a91: PUSH2 0x0a99
00000a94: JUMPI
00000a95: PUSH1 0x00
00000a97: DUP1
00000a98: REVERT
00000a99: JUMPDEST
00000a9a: DUP2
00000a9b: CALLDATALOAD
00000a9c: PUSH2 0x0aac
00000a9f: PUSH2 0x0aa7
00000aa2: DUP3
00000aa3: PUSH2 0x0fce
00000aa6: JUMP
00000aa7: JUMPDEST
00000aa8: PUSH2 0x0f4d
00000aab: JUMP
00000aac: JUMPDEST
00000aad: SWAP2
00000aae: POP
00000aaf: DUP1
00000ab0: DUP3
00000ab1: MSTORE
00000ab2: PUSH1 0x20
00000ab4: DUP4
00000ab5: ADD
00000ab6: PUSH1 0x20
00000ab8: DUP4
00000ab9: ADD
00000aba: DUP6
00000abb: DUP4
00000abc: DUP4
00000abd: ADD
00000abe: GT
00000abf: ISZERO
00000ac0: PUSH2 0x0ac8
00000ac3: JUMPI
00000ac4: PUSH1 0x00
00000ac6: DUP1
00000ac7: REVERT
00000ac8: JUMPDEST
00000ac9: PUSH2 0x0ad3
00000acc: DUP4
00000acd: DUP3
00000ace: DUP5
00000acf: PUSH2 0x107e
00000ad2: JUMP
00000ad3: JUMPDEST
00000ad4: POP
00000ad5: POP
00000ad6: POP
00000ad7: SWAP3
00000ad8: SWAP2
00000ad9: POP
00000ada: POP
00000adb: JUMP
00000adc: JUMPDEST
00000add: PUSH1 0x00
00000adf: PUSH1 0x60
00000ae1: DUP3
00000ae2: DUP5
00000ae3: SUB
00000ae4: SLT
00000ae5: ISZERO
00000ae6: PUSH2 0x0aee
00000ae9: JUMPI
00000aea: PUSH1 0x00
00000aec: DUP1
00000aed: REVERT
00000aee: JUMPDEST
00000aef: PUSH2 0x0af8
00000af2: PUSH1 0x60
00000af4: PUSH2 0x0f4d
00000af7: JUMP
00000af8: JUMPDEST
00000af9: SWAP1
00000afa: POP
00000afb: PUSH1 0x00
00000afd: PUSH2 0x0b08
00000b00: DUP5
00000b01: DUP3
00000b02: DUP6
00000b03: ADD
00000b04: PUSH2 0x0cf0
00000b07: JUMP
00000b08: JUMPDEST
00000b09: PUSH1 0x00
00000b0b: DUP4
00000b0c: ADD
00000b0d: MSTORE
00000b0e: POP
00000b0f: PUSH1 0x20
00000b11: PUSH2 0x0b1c
00000b14: DUP5
00000b15: DUP3
00000b16: DUP6
00000b17: ADD
00000b18: PUSH2 0x0a1c
00000b1b: JUMP
00000b1c: JUMPDEST
00000b1d: PUSH1 0x20
00000b1f: DUP4
00000b20: ADD
00000b21: MSTORE
00000b22: POP
00000b23: PUSH1 0x40
00000b25: PUSH2 0x0b30
00000b28: DUP5
00000b29: DUP3
00000b2a: DUP6
00000b2b: ADD
00000b2c: PUSH2 0x0a1c
00000b2f: JUMP
00000b30: JUMPDEST
00000b31: PUSH1 0x40
00000b33: DUP4
00000b34: ADD
00000b35: MSTORE
00000b36: POP
00000b37: SWAP3
00000b38: SWAP2
00000b39: POP
00000b3a: POP
00000b3b: JUMP
00000b3c: JUMPDEST
00000b3d: PUSH1 0x00
00000b3f: PUSH1 0x60
00000b41: DUP3
00000b42: DUP5
00000b43: SUB
00000b44: SLT
00000b45: ISZERO
00000b46: PUSH2 0x0b4e
00000b49: JUMPI
00000b4a: PUSH1 0x00
00000b4c: DUP1
00000b4d: REVERT
00000b4e: JUMPDEST
00000b4f: PUSH2 0x0b58
00000b52: PUSH1 0x60
00000b54: PUSH2 0x0f4d
00000b57: JUMP
00000b58: JUMPDEST
00000b59: SWAP1
00000b5a: POP
00000b5b: PUSH1 0x00
00000b5d: PUSH2 0x0b68
00000b60: DUP5
00000b61: DUP3
00000b62: DUP6
00000b63: ADD
00000b64: PUSH2 0x0cf0
00000b67: JUMP
00000b68: JUMPDEST
00000b69: PUSH1 0x00
00000b6b: DUP4
00000b6c: ADD
00000b6d: MSTORE
00000b6e: POP
00000b6f: PUSH1 0x20
00000b71: PUSH2 0x0b7c
00000b74: DUP5
00000b75: DUP3
00000b76: DUP6
00000b77: ADD
00000b78: PUSH2 0x0a1c
00000b7b: JUMP
00000b7c: JUMPDEST
00000b7d: PUSH1 0x20
00000b7f: DUP4
00000b80: ADD
00000b81: MSTORE
00000b82: POP
00000b83: PUSH1 0x40
00000b85: PUSH2 0x0b90
00000b88: DUP5
00000b89: DUP3
00000b8a: DUP6
00000b8b: ADD
00000b8c: PUSH2 0x0a1c
00000b8f: JUMP
00000b90: JUMPDEST
00000b91: PUSH1 0x40
00000b93: DUP4
00000b94: ADD
00000b95: MSTORE
00000b96: POP
00000b97: SWAP3
00000b98: SWAP2
00000b99: POP
00000b9a: POP
00000b9b: JUMP
00000b9c: JUMPDEST
00000b9d: PUSH1 0x00
00000b9f: PUSH1 0xe0
00000ba1: DUP3
00000ba2: DUP5
00000ba3: SUB
00000ba4: SLT
00000ba5: ISZERO
00000ba6: PUSH2 0x0bae
00000ba9: JUMPI
00000baa: PUSH1 0x00
00000bac: DUP1
00000bad: REVERT
00000bae: JUMPDEST
00000baf: PUSH2 0x0bb8
00000bb2: PUSH1 0xa0
00000bb4: PUSH2 0x0f4d
00000bb7: JUMP
00000bb8: JUMPDEST
00000bb9: SWAP1
00000bba: POP
00000bbb: PUSH1 0x00
00000bbd: PUSH2 0x0bc8
00000bc0: DUP5
00000bc1: DUP3
00000bc2: DUP6
00000bc3: ADD
00000bc4: PUSH2 0x0992
00000bc7: JUMP
00000bc8: JUMPDEST
00000bc9: PUSH1 0x00
00000bcb: DUP4
00000bcc: ADD
00000bcd: MSTORE
00000bce: POP
00000bcf: PUSH1 0x20
00000bd1: DUP3
00000bd2: ADD
00000bd3: CALLDATALOAD
00000bd4: PUSH8 0xffffffffffffffff
00000bdd: DUP2
00000bde: GT
00000bdf: ISZERO
00000be0: PUSH2 0x0be8
00000be3: JUMPI
00000be4: PUSH1 0x00
00000be6: DUP1
00000be7: REVERT
00000be8: JUMPDEST
00000be9: PUSH2 0x0bf4
00000bec: DUP5
00000bed: DUP3
00000bee: DUP6
00000bef: ADD
00000bf0: PUSH2 0x0a30
00000bf3: JUMP
00000bf4: JUMPDEST
00000bf5: PUSH1 0x20
00000bf7: DUP4
00000bf8: ADD
00000bf9: MSTORE
00000bfa: POP
00000bfb: PUSH1 0x40
00000bfd: PUSH2 0x0c08
00000c00: DUP5
00000c01: DUP3
00000c02: DUP6
00000c03: ADD
00000c04: PUSH2 0x0cdc
00000c07: JUMP
00000c08: JUMPDEST
00000c09: PUSH1 0x40
00000c0b: DUP4
00000c0c: ADD
00000c0d: MSTORE
00000c0e: POP
00000c0f: PUSH1 0x60
00000c11: PUSH2 0x0c1c
00000c14: DUP5
00000c15: DUP3
00000c16: DUP6
00000c17: ADD
00000c18: PUSH2 0x0adc
00000c1b: JUMP
00000c1c: JUMPDEST
00000c1d: PUSH1 0x60
00000c1f: DUP4
00000c20: ADD
00000c21: MSTORE
00000c22: POP
00000c23: PUSH1 0xc0
00000c25: PUSH2 0x0c30
00000c28: DUP5
00000c29: DUP3
00000c2a: DUP6
00000c2b: ADD
00000c2c: PUSH2 0x0992
00000c2f: JUMP
00000c30: JUMPDEST
00000c31: PUSH1 0x80
00000c33: DUP4
00000c34: ADD
00000c35: MSTORE
00000c36: POP
00000c37: SWAP3
00000c38: SWAP2
00000c39: POP
00000c3a: POP
00000c3b: JUMP
00000c3c: JUMPDEST
00000c3d: PUSH1 0x00
00000c3f: PUSH1 0xe0
00000c41: DUP3
00000c42: DUP5
00000c43: SUB
00000c44: SLT
00000c45: ISZERO
00000c46: PUSH2 0x0c4e
00000c49: JUMPI
00000c4a: PUSH1 0x00
00000c4c: DUP1
00000c4d: REVERT
00000c4e: JUMPDEST
00000c4f: PUSH2 0x0c58
00000c52: PUSH1 0xa0
00000c54: PUSH2 0x0f4d
00000c57: JUMP
00000c58: JUMPDEST
00000c59: SWAP1
00000c5a: POP
00000c5b: PUSH1 0x00
00000c5d: PUSH2 0x0c68
00000c60: DUP5
00000c61: DUP3
00000c62: DUP6
00000c63: ADD
00000c64: PUSH2 0x0992
00000c67: JUMP
00000c68: JUMPDEST
00000c69: PUSH1 0x00
00000c6b: DUP4
00000c6c: ADD
00000c6d: MSTORE
00000c6e: POP
00000c6f: PUSH1 0x20
00000c71: DUP3
00000c72: ADD
00000c73: CALLDATALOAD
00000c74: PUSH8 0xffffffffffffffff
00000c7d: DUP2
00000c7e: GT
00000c7f: ISZERO
00000c80: PUSH2 0x0c88
00000c83: JUMPI
00000c84: PUSH1 0x00
00000c86: DUP1
00000c87: REVERT
00000c88: JUMPDEST
00000c89: PUSH2 0x0c94
00000c8c: DUP5
00000c8d: DUP3
00000c8e: DUP6
00000c8f: ADD
00000c90: PUSH2 0x0a30
00000c93: JUMP
00000c94: JUMPDEST
00000c95: PUSH1 0x20
00000c97: DUP4
00000c98: ADD
00000c99: MSTORE
00000c9a: POP
00000c9b: PUSH1 0x40
00000c9d: PUSH2 0x0ca8
00000ca0: DUP5
00000ca1: DUP3
00000ca2: DUP6
00000ca3: ADD
00000ca4: PUSH2 0x0cdc
00000ca7: JUMP
00000ca8: JUMPDEST
00000ca9: PUSH1 0x40
00000cab: DUP4
00000cac: ADD
00000cad: MSTORE
00000cae: POP
00000caf: PUSH1 0x60
00000cb1: PUSH2 0x0cbc
00000cb4: DUP5
00000cb5: DUP3
00000cb6: DUP6
00000cb7: ADD
00000cb8: PUSH2 0x0adc
00000cbb: JUMP
00000cbc: JUMPDEST
00000cbd: PUSH1 0x60
00000cbf: DUP4
00000cc0: ADD
00000cc1: MSTORE
00000cc2: POP
00000cc3: PUSH1 0xc0
00000cc5: PUSH2 0x0cd0
00000cc8: DUP5
00000cc9: DUP3
00000cca: DUP6
00000ccb: ADD
00000ccc: PUSH2 0x0992
00000ccf: JUMP
00000cd0: JUMPDEST
00000cd1: PUSH1 0x80
00000cd3: DUP4
00000cd4: ADD
00000cd5: MSTORE
00000cd6: POP
00000cd7: SWAP3
00000cd8: SWAP2
00000cd9: POP
00000cda: POP
00000cdb: JUMP
00000cdc: JUMPDEST
00000cdd: PUSH1 0x00
00000cdf: PUSH2 0x0ce8
00000ce2: DUP3
00000ce3: CALLDATALOAD
00000ce4: PUSH2 0x1067
00000ce7: JUMP
00000ce8: JUMPDEST
00000ce9: SWAP1
00000cea: POP
00000ceb: SWAP3
00000cec: SWAP2
00000ced: POP
00000cee: POP
00000cef: JUMP
00000cf0: JUMPDEST
00000cf1: PUSH1 0x00
00000cf3: PUSH2 0x0cfc
00000cf6: DUP3
00000cf7: CALLDATALOAD
00000cf8: PUSH2 0x1071
00000cfb: JUMP
00000cfc: JUMPDEST
00000cfd: SWAP1
00000cfe: POP
00000cff: SWAP3
00000d00: SWAP2
00000d01: POP
00000d02: POP
00000d03: JUMP
00000d04: JUMPDEST
00000d05: PUSH1 0x00
00000d07: PUSH1 0x20
00000d09: DUP3
00000d0a: DUP5
00000d0b: SUB
00000d0c: SLT
00000d0d: ISZERO
00000d0e: PUSH2 0x0d16
00000d11: JUMPI
00000d12: PUSH1 0x00
00000d14: DUP1
00000d15: REVERT
00000d16: JUMPDEST
00000d17: PUSH1 0x00
00000d19: PUSH2 0x0d24
00000d1c: DUP5
00000d1d: DUP3
00000d1e: DUP6
00000d1f: ADD
00000d20: PUSH2 0x0992
00000d23: JUMP
00000d24: JUMPDEST
00000d25: SWAP2
00000d26: POP
00000d27: POP
00000d28: SWAP3
00000d29: SWAP2
00000d2a: POP
00000d2b: POP
00000d2c: JUMP
00000d2d: JUMPDEST
00000d2e: PUSH1 0x00
00000d30: DUP1
00000d31: PUSH1 0x00
00000d33: PUSH1 0x60
00000d35: DUP5
00000d36: DUP7
00000d37: SUB
00000d38: SLT
00000d39: ISZERO
00000d3a: PUSH2 0x0d42
00000d3d: JUMPI
00000d3e: PUSH1 0x00
00000d40: DUP1
00000d41: REVERT
00000d42: JUMPDEST
00000d43: PUSH1 0x00
00000d45: PUSH2 0x0d50
00000d48: DUP7
00000d49: DUP3
00000d4a: DUP8
00000d4b: ADD
00000d4c: PUSH2 0x0992
00000d4f: JUMP
00000d50: JUMPDEST
00000d51: SWAP4
00000d52: POP
00000d53: POP
00000d54: PUSH1 0x20
00000d56: DUP5
00000d57: ADD
00000d58: CALLDATALOAD
00000d59: PUSH8 0xffffffffffffffff
00000d62: DUP2
00000d63: GT
00000d64: ISZERO
00000d65: PUSH2 0x0d6d
00000d68: JUMPI
00000d69: PUSH1 0x00
00000d6b: DUP1
00000d6c: REVERT
00000d6d: JUMPDEST
00000d6e: PUSH2 0x0d79
00000d71: DUP7
00000d72: DUP3
00000d73: DUP8
00000d74: ADD
00000d75: PUSH2 0x0a86
00000d78: JUMP
00000d79: JUMPDEST
00000d7a: SWAP3
00000d7b: POP
00000d7c: POP
00000d7d: PUSH1 0x40
00000d7f: PUSH2 0x0d8a
00000d82: DUP7
00000d83: DUP3
00000d84: DUP8
00000d85: ADD
00000d86: PUSH2 0x0cdc
00000d89: JUMP
00000d8a: JUMPDEST
00000d8b: SWAP2
00000d8c: POP
00000d8d: POP
00000d8e: SWAP3
00000d8f: POP
00000d90: SWAP3
00000d91: POP
00000d92: SWAP3
00000d93: JUMP
00000d94: JUMPDEST
00000d95: PUSH1 0x00
00000d97: PUSH1 0x20
00000d99: DUP3
00000d9a: DUP5
00000d9b: SUB
00000d9c: SLT
00000d9d: ISZERO
00000d9e: PUSH2 0x0da6
00000da1: JUMPI
00000da2: PUSH1 0x00
00000da4: DUP1
00000da5: REVERT
00000da6: JUMPDEST
00000da7: PUSH1 0x00
00000da9: DUP3
00000daa: ADD
00000dab: CALLDATALOAD
00000dac: PUSH8 0xffffffffffffffff
00000db5: DUP2
00000db6: GT
00000db7: ISZERO
00000db8: PUSH2 0x0dc0
00000dbb: JUMPI
00000dbc: PUSH1 0x00
00000dbe: DUP1
00000dbf: REVERT
00000dc0: JUMPDEST
00000dc1: PUSH2 0x0dcc
00000dc4: DUP5
00000dc5: DUP3
00000dc6: DUP6
00000dc7: ADD
00000dc8: PUSH2 0x09a6
00000dcb: JUMP
00000dcc: JUMPDEST
00000dcd: SWAP2
00000dce: POP
00000dcf: POP
00000dd0: SWAP3
00000dd1: SWAP2
00000dd2: POP
00000dd3: POP
00000dd4: JUMP
00000dd5: JUMPDEST
00000dd6: PUSH1 0x00
00000dd8: DUP1
00000dd9: PUSH1 0x80
00000ddb: DUP4
00000ddc: DUP6
00000ddd: SUB
00000dde: SLT
00000ddf: ISZERO
00000de0: PUSH2 0x0de8
00000de3: JUMPI
00000de4: PUSH1 0x00
00000de6: DUP1
00000de7: REVERT
00000de8: JUMPDEST
00000de9: PUSH1 0x00
00000deb: PUSH2 0x0df6
00000dee: DUP6
00000def: DUP3
00000df0: DUP7
00000df1: ADD
00000df2: PUSH2 0x0a1c
00000df5: JUMP
00000df6: JUMPDEST
00000df7: SWAP3
00000df8: POP
00000df9: POP
00000dfa: PUSH1 0x20
00000dfc: PUSH2 0x0e07
00000dff: DUP6
00000e00: DUP3
00000e01: DUP7
00000e02: ADD
00000e03: PUSH2 0x0b3c
00000e06: JUMP
00000e07: JUMPDEST
00000e08: SWAP2
00000e09: POP
00000e0a: POP
00000e0b: SWAP3
00000e0c: POP
00000e0d: SWAP3
00000e0e: SWAP1
00000e0f: POP
00000e10: JUMP
00000e11: JUMPDEST
00000e12: PUSH1 0x00
00000e14: PUSH1 0x20
00000e16: DUP3
00000e17: DUP5
00000e18: SUB
00000e19: SLT
00000e1a: ISZERO
00000e1b: PUSH2 0x0e23
00000e1e: JUMPI
00000e1f: PUSH1 0x00
00000e21: DUP1
00000e22: REVERT
00000e23: JUMPDEST
00000e24: PUSH1 0x00
00000e26: DUP3
00000e27: ADD
00000e28: CALLDATALOAD
00000e29: PUSH8 0xffffffffffffffff
00000e32: DUP2
00000e33: GT
00000e34: ISZERO
00000e35: PUSH2 0x0e3d
00000e38: JUMPI
00000e39: PUSH1 0x00
00000e3b: DUP1
00000e3c: REVERT
00000e3d: JUMPDEST
00000e3e: PUSH2 0x0e49
00000e41: DUP5
00000e42: DUP3
00000e43: DUP6
00000e44: ADD
00000e45: PUSH2 0x0c3c
00000e48: JUMP
00000e49: JUMPDEST
00000e4a: SWAP2
00000e4b: POP
00000e4c: POP
00000e4d: SWAP3
00000e4e: SWAP2
00000e4f: POP
00000e50: POP
00000e51: JUMP
00000e52: JUMPDEST
00000e53: PUSH2 0x0e5b
00000e56: DUP2
00000e57: PUSH2 0x0ffa
00000e5a: JUMP
00000e5b: JUMPDEST
00000e5c: DUP3
00000e5d: MSTORE
00000e5e: POP
00000e5f: POP
00000e60: JUMP
00000e61: JUMPDEST
00000e62: PUSH2 0x0e6a
00000e65: DUP2
00000e66: PUSH2 0x101a
00000e69: JUMP
00000e6a: JUMPDEST
00000e6b: DUP3
00000e6c: MSTORE
00000e6d: POP
00000e6e: POP
00000e6f: JUMP
00000e70: JUMPDEST
00000e71: PUSH2 0x0e79
00000e74: DUP2
00000e75: PUSH2 0x1026
00000e78: JUMP
00000e79: JUMPDEST
00000e7a: DUP3
00000e7b: MSTORE
00000e7c: POP
00000e7d: POP
00000e7e: JUMP
00000e7f: JUMPDEST
00000e80: PUSH2 0x0e88
00000e83: DUP2
00000e84: PUSH2 0x1030
00000e87: JUMP
00000e88: JUMPDEST
00000e89: DUP3
00000e8a: MSTORE
00000e8b: POP
00000e8c: POP
00000e8d: JUMP
00000e8e: JUMPDEST
00000e8f: PUSH1 0x00
00000e91: PUSH1 0x20
00000e93: DUP3
00000e94: ADD
00000e95: SWAP1
00000e96: POP
00000e97: PUSH2 0x0ea3
00000e9a: PUSH1 0x00
00000e9c: DUP4
00000e9d: ADD
00000e9e: DUP5
00000e9f: PUSH2 0x0e52
00000ea2: JUMP
00000ea3: JUMPDEST
00000ea4: SWAP3
00000ea5: SWAP2
00000ea6: POP
00000ea7: POP
00000ea8: JUMP
00000ea9: JUMPDEST
00000eaa: PUSH1 0x00
00000eac: PUSH1 0x40
00000eae: DUP3
00000eaf: ADD
00000eb0: SWAP1
00000eb1: POP
00000eb2: PUSH2 0x0ebe
00000eb5: PUSH1 0x00
00000eb7: DUP4
00000eb8: ADD
00000eb9: DUP6
00000eba: PUSH2 0x0e52
00000ebd: JUMP
00000ebe: JUMPDEST
00000ebf: PUSH2 0x0ecb
00000ec2: PUSH1 0x20
00000ec4: DUP4
00000ec5: ADD
00000ec6: DUP5
00000ec7: PUSH2 0x0e52
00000eca: JUMP
00000ecb: JUMPDEST
00000ecc: SWAP4
00000ecd: SWAP3
00000ece: POP
00000ecf: POP
00000ed0: POP
00000ed1: JUMP
00000ed2: JUMPDEST
00000ed3: PUSH1 0x00
00000ed5: PUSH1 0x20
00000ed7: DUP3
00000ed8: ADD
00000ed9: SWAP1
00000eda: POP
00000edb: PUSH2 0x0ee7
00000ede: PUSH1 0x00
00000ee0: DUP4
00000ee1: ADD
00000ee2: DUP5
00000ee3: PUSH2 0x0e61
00000ee6: JUMP
00000ee7: JUMPDEST
00000ee8: SWAP3
00000ee9: SWAP2
00000eea: POP
00000eeb: POP
00000eec: JUMP
00000eed: JUMPDEST
00000eee: PUSH1 0x00
00000ef0: PUSH1 0x20
00000ef2: DUP3
00000ef3: ADD
00000ef4: SWAP1
00000ef5: POP
00000ef6: PUSH2 0x0f02
00000ef9: PUSH1 0x00
00000efb: DUP4
00000efc: ADD
00000efd: DUP5
00000efe: PUSH2 0x0e70
00000f01: JUMP
00000f02: JUMPDEST
00000f03: SWAP3
00000f04: SWAP2
00000f05: POP
00000f06: POP
00000f07: JUMP
00000f08: JUMPDEST
00000f09: PUSH1 0x00
00000f0b: PUSH1 0x80
00000f0d: DUP3
00000f0e: ADD
00000f0f: SWAP1
00000f10: POP
00000f11: PUSH2 0x0f1d
00000f14: PUSH1 0x00
00000f16: DUP4
00000f17: ADD
00000f18: DUP8
00000f19: PUSH2 0x0e70
00000f1c: JUMP
00000f1d: JUMPDEST
00000f1e: PUSH2 0x0f2a
00000f21: PUSH1 0x20
00000f23: DUP4
00000f24: ADD
00000f25: DUP7
00000f26: PUSH2 0x0e7f
00000f29: JUMP
00000f2a: JUMPDEST
00000f2b: PUSH2 0x0f37
00000f2e: PUSH1 0x40
00000f30: DUP4
00000f31: ADD
00000f32: DUP6
00000f33: PUSH2 0x0e70
00000f36: JUMP
00000f37: JUMPDEST
00000f38: PUSH2 0x0f44
00000f3b: PUSH1 0x60
00000f3d: DUP4
00000f3e: ADD
00000f3f: DUP5
00000f40: PUSH2 0x0e70
00000f43: JUMP
00000f44: JUMPDEST
00000f45: SWAP6
00000f46: SWAP5
00000f47: POP
00000f48: POP
00000f49: POP
00000f4a: POP
00000f4b: POP
00000f4c: JUMP
00000f4d: JUMPDEST
00000f4e: PUSH1 0x00
00000f50: PUSH1 0x40
00000f52: MLOAD
00000f53: SWAP1
00000f54: POP
00000f55: DUP2
00000f56: DUP2
00000f57: ADD
00000f58: DUP2
00000f59: DUP2
00000f5a: LT
00000f5b: PUSH8 0xffffffffffffffff
00000f64: DUP3
00000f65: GT
00000f66: OR
00000f67: ISZERO
00000f68: PUSH2 0x0f70
00000f6b: JUMPI
00000f6c: PUSH1 0x00
00000f6e: DUP1
00000f6f: REVERT
00000f70: JUMPDEST
00000f71: DUP1
00000f72: PUSH1 0x40
00000f74: MSTORE
00000f75: POP
00000f76: SWAP2
00000f77: SWAP1
00000f78: POP
00000f79: JUMP
00000f7a: JUMPDEST
00000f7b: PUSH1 0x00
00000f7d: PUSH8 0xffffffffffffffff
00000f86: DUP3
00000f87: GT
00000f88: ISZERO
00000f89: PUSH2 0x0f91
00000f8c: JUMPI
00000f8d: PUSH1 0x00
00000f8f: DUP1
00000f90: REVERT
00000f91: JUMPDEST
00000f92: PUSH1 0x20
00000f94: DUP3
00000f95: MUL
00000f96: SWAP1
00000f97: POP
00000f98: PUSH1 0x20
00000f9a: DUP2
00000f9b: ADD
00000f9c: SWAP1
00000f9d: POP
00000f9e: SWAP2
00000f9f: SWAP1
00000fa0: POP
00000fa1: JUMP
00000fa2: JUMPDEST
00000fa3: PUSH1 0x00
00000fa5: PUSH8 0xffffffffffffffff
00000fae: DUP3
00000faf: GT
00000fb0: ISZERO
00000fb1: PUSH2 0x0fb9
00000fb4: JUMPI
00000fb5: PUSH1 0x00
00000fb7: DUP1
00000fb8: REVERT
00000fb9: JUMPDEST
00000fba: PUSH1 0x1f
00000fbc: NOT
00000fbd: PUSH1 0x1f
00000fbf: DUP4
00000fc0: ADD
00000fc1: AND
00000fc2: SWAP1
00000fc3: POP
00000fc4: PUSH1 0x20
00000fc6: DUP2
00000fc7: ADD
00000fc8: SWAP1
00000fc9: POP
00000fca: SWAP2
00000fcb: SWAP1
00000fcc: POP
00000fcd: JUMP
00000fce: JUMPDEST
00000fcf: PUSH1 0x00
00000fd1: PUSH8 0xffffffffffffffff
00000fda: DUP3
00000fdb: GT
00000fdc: ISZERO
00000fdd: PUSH2 0x0fe5
00000fe0: JUMPI
00000fe1: PUSH1 0x00
00000fe3: DUP1
00000fe4: REVERT
00000fe5: JUMPDEST
00000fe6: PUSH1 0x1f
00000fe8: NOT
00000fe9: PUSH1 0x1f
00000feb: DUP4
00000fec: ADD
00000fed: AND
00000fee: SWAP1
00000fef: POP
00000ff0: PUSH1 0x20
00000ff2: DUP2
00000ff3: ADD
00000ff4: SWAP1
00000ff5: POP
00000ff6: SWAP2
00000ff7: SWAP1
00000ff8: POP
00000ff9: JUMP
00000ffa: JUMPDEST
00000ffb: PUSH1 0x00
00000ffd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00001012: DUP3
00001013: AND
00001014: SWAP1
00001015: POP
00001016: SWAP2
00001017: SWAP1
00001018: POP
00001019: JUMP
0000101a: JUMPDEST
0000101b: PUSH1 0x00
0000101d: DUP2
0000101e: ISZERO
0000101f: ISZERO
00001020: SWAP1
00001021: POP
00001022: SWAP2
00001023: SWAP1
00001024: POP
00001025: JUMP
00001026: JUMPDEST
00001027: PUSH1 0x00
00001029: DUP2
0000102a: SWAP1
0000102b: POP
0000102c: SWAP2
0000102d: SWAP1
0000102e: POP
0000102f: JUMP
00001030: JUMPDEST
00001031: PUSH1 0x00
00001033: PUSH1 0xff
00001035: DUP3
00001036: AND
00001037: SWAP1
00001038: POP
00001039: SWAP2
0000103a: SWAP1
0000103b: POP
0000103c: JUMP
0000103d: JUMPDEST
0000103e: PUSH1 0x00
00001040: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00001055: DUP3
00001056: AND
00001057: SWAP1
00001058: POP
00001059: SWAP2
0000105a: SWAP1
0000105b: POP
0000105c: JUMP
0000105d: JUMPDEST
0000105e: PUSH1 0x00
00001060: DUP2
00001061: SWAP1
00001062: POP
00001063: SWAP2
00001064: SWAP1
00001065: POP
00001066: JUMP
00001067: JUMPDEST
00001068: PUSH1 0x00
0000106a: DUP2
0000106b: SWAP1
0000106c: POP
0000106d: SWAP2
0000106e: SWAP1
0000106f: POP
00001070: JUMP
00001071: JUMPDEST
00001072: PUSH1 0x00
00001074: PUSH1 0xff
00001076: DUP3
00001077: AND
00001078: SWAP1
00001079: POP
0000107a: SWAP2
0000107b: SWAP1
0000107c: POP
0000107d: JUMP
0000107e: JUMPDEST
0000107f: DUP3
00001080: DUP2
00001081: DUP4
00001082: CALLDATACOPY
00001083: PUSH1 0x00
00001085: DUP4
00001086: DUP4
00001087: ADD
00001088: MSTORE
00001089: POP
0000108a: POP
0000108b: POP
0000108c: JUMP
0000108d: STOP
0000108e: LOG2
0000108f: PUSH6 0x627a7a723058
00001096: KECCAK256
00001097: UNKNOWN(0x2F)
00001098: UNKNOWN(0xCC)
00001099: SHR
0000109a: PUSH10 0xfded4506ef93642b65de
000010a5: UNKNOWN(0xDD)
000010a6: PUSH18 0x05332c053862afcdc0ffd9683aeed9d46c65
000010b9: PUSH25

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	codex	Signed execution appears replayable (no nonce/used-hash storage)	85	no	—	view evidence_json { "evidence": "Execution path at 0x0563 performs an external CALL (`5af1` at 0x0651) after signature verification; the only SSTORE in the entire runtime is at 0x083d (owner update), so no nonce/used-hash is recorded.", "locations": [ "BYTECODE_BUNDLE.txt:5" ], "recommendation": "Add a nonce or used-hash mapping in storage, include it in the signed payload, and update it before performing the external CALL; revert on reuse.", "exploit_scenario": "If a signer authorizes a call, any relayer can submit the same calldata again to repeat the CALL and drain funds or repeat side effects, because no state is updated to mark the signature as used." }
medium	access_control	codex	Slot0 can be set by anyone if it is zero (initializer-style bypass)	75	no	—	view evidence_json { "evidence": "Function at 0x0718 checks `CALLER == slot1` OR `slot0 == 0`, then performs `SSTORE` at 0x083d to update slot0, allowing any caller when slot0 is zero.", "locations": [ "BYTECODE_BUNDLE.txt:5" ], "recommendation": "Require the caller to be the admin even on initialization, or ensure slot0 is set during deployment and remove the `slot0 == 0` bypass.", "exploit_scenario": "If slot0 is left as the zero address at deployment, any caller can invoke the setter to write their own address to slot0 and become the authorized signer/role guarded by that slot." }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0x241c59cffa57ba06a0fe8294eb3c7380ae6d148713b07713832f79bc1cb24204 call_targets: 0x3ef1c8133d80665ec873ac41e152dda3251a7606 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x241c59cffa57ba06a0fe8294eb3c7380ae6d148713b07713832f79bc1cb24204", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x3ef1c8133d80665ec873ac41e152dda3251a7606" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x049e1d4d", "selector": "0x049e1d4d", "calldata_variants": [ "0x049e1d4d", "0x049e1d4d0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x10bfce71", "selector": "0x10bfce71", "calldata_variants": [ "0x10bfce71", "0x10bfce710000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x3018205f", "selector": "0x3018205f", "calldata_variants": [ "0x3018205f", "0x3018205f0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x3e104a95", "selector": "0x3e104a95", "calldata_variants": [ "0x3e104a95", "0x3e104a950000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x4ee7f87d", "selector": "0x4ee7f87d", "calldata_variants": [ "0x4ee7f87d", "0x4ee7f87d0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x62c529e4", "selector": "0x62c529e4", "calldata_variants": [ "0x62c529e4", "0x62c529e40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x92eefe9b", "selector": "0x92eefe9b", "calldata_variants": [ "0x92eefe9b", "0x92eefe9b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 1617, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 2335, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 2, "guards_detected": [ { "pc": 1929, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ], "untrusted_call_count": 2 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0x241c59cffa57ba06a0fe8294eb3c7380ae6d148713b07713832f79bc1cb24204 call_targets: 0x3ef1c8133d80665ec873ac41e152dda3251a7606 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x241c59cffa57ba06a0fe8294eb3c7380ae6d148713b07713832f79bc1cb24204", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x3ef1c8133d80665ec873ac41e152dda3251a7606" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x049e1d4d", "selector": "0x049e1d4d", "calldata_variants": [ "0x049e1d4d", "0x049e1d4d0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x10bfce71", "selector": "0x10bfce71", "calldata_variants": [ "0x10bfce71", "0x10bfce710000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x3018205f", "selector": "0x3018205f", "calldata_variants": [ "0x3018205f", "0x3018205f0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x3e104a95", "selector": "0x3e104a95", "calldata_variants": [ "0x3e104a95", "0x3e104a950000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x4ee7f87d", "selector": "0x4ee7f87d", "calldata_variants": [ "0x4ee7f87d", "0x4ee7f87d0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x62c529e4", "selector": "0x62c529e4", "calldata_variants": [ "0x62c529e4", "0x62c529e40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x92eefe9b", "selector": "0x92eefe9b", "calldata_variants": [ "0x92eefe9b", "0x92eefe9b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 1617, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 2335, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 2, "guards_detected": [ { "pc": 1929, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ] }
low	auth	codex	ECDSA malleability not checked (no v/s validation)	65	no	—	view evidence_json { "evidence": "Signature recovery uses a direct precompile call (address 0x01) in the 0x08db function without any preceding range checks; the half-order constant is absent from bytecode.", "locations": [ "BYTECODE_BUNDLE.txt:5" ], "recommendation": "Validate `v` is 27/28 and `s` is in the lower half-order before calling `ecrecover`.", "exploit_scenario": "An attacker can produce an alternative (malleable) signature for the same message, which can undermine off-chain signature uniqueness tracking or interact poorly with replay protection if added externally." }