c9e2ed6f-0694-4735-963b-c9651c1e9ab6
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31419 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77140 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 77141 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 77142 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 77143 | capability.graph | complete | 1 / 3 | 1 week ago |
| 77144 | detector.run | complete | 1 / 3 | 1 week ago |
| 77145 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:643825] OpenAI Codex v0.77.0 (research preview)
[codex:643825] --------
[codex:643825] workdir: /tmp/codex-multi-yqasrrp9
[codex:643825] model: gpt-5.2-codex
[codex:643825] provider: openai
[codex:643825] approval: never
[codex:643825] sandbox: read-only
[codex:643825] reasoning effort: xhigh
[codex:643825] reasoning summaries: auto
[codex:643825] session id: 019b817e-0654-7e02-862d-74b41aadf578
[codex:643825] --------
[codex:643825] user
[codex:643825] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:643825]
[codex:643825] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:643825]
[codex:643825] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:643825] - Gas inefficiency, code quality, naming, or best practices
[codex:643825] - Theoretical vulnerabilities without a clear extraction path
[codex:643825] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:643825] - Front-running unless it enables theft beyond MEV
[codex:643825] - DoS, griefing, or issues that don't result in attacker profit
[codex:643825] - Missing events, view function issues, or informational findings
[codex:643825]
[codex:643825] HIGH-VALUE PATTERNS TO HUNT:
[codex:643825] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:643825] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:643825] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:643825] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:643825] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:643825] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:643825] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:643825] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:643825] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:643825]
[codex:643825] For each finding, you MUST provide:
[codex:643825] 1. Exact file and line numbers of vulnerable code
[codex:643825] 2. Step-by-step exploit transaction sequence
[codex:643825] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:643825]
[codex:643825] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:643825]
[codex:643825] Output MUST be valid JSON matching the provided schema.
[codex:643825] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:643825] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:643825] mcp startup: no servers
[codex:643825]
[codex:643825] thinking
[codex:643825] **Preparing to read AUDIT_BUNDLE.txt**
[codex:643825] exec
[codex:643825] /bin/bash -lc ls in /tmp/codex-multi-yqasrrp9 succeeded in 5ms:
[codex:643825] AUDIT_BUNDLE.txt
[codex:643825] codex-output-schema.json
[codex:643825] contracts
[codex:643825] exec
[codex:643825] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-yqasrrp9 succeeded in 5ms:
[codex:643825] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:643825]
[codex:643825] ================================================================================
[codex:643825] FILE: contracts/contracts/starvault.sol
[codex:643825] ================================================================================
[codex:643825] /*
[codex:643825] ./((((.
[codex:643825] ((&&&&&&&&&&&((
[codex:643825] (&&&&@@@@&&&&&&&&&(
[codex:643825] (&&&@@@@@@@@@&&&&&&&&&(
[codex:643825] #(&&@@@@@@@@@@@&&&&&&&&&&(
[codex:643825] (#&&@@@@@@@@@@@@&&&&&&&&&&&( /(((#%%&&%#((,
[codex:643825] /((#%%%%#(((/ *(&&@@@@@@@@@@@&&&&&&&&&&&&&&( ((%&&&&&@@@@@@&&&&&&((
[codex:643825] (#&&&&@@@@@@@@&&&&#(#(&&&@@@@@@@@@@&&&&&&&&&&&&&&&%&&&&&&@@@@@@@@@@@&&&&&&%(
[codex:643825] (&&&&&@@@@@@@@@@@@@&&&&&&&&@@@@@@&&&&&&&&&&&&&&&&&&&&&&@@@@@@@@@@@@@&&&&&&&&&(
[codex:643825] (&&&&&@@@@@@@@@@@@@@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@@@@@@@@@@@&&&&&&&&&&#(
[codex:643825] (&&&&&&&&@@@@@@@@@@@&&&%#(%%(#&&&&&&&&&&&&&&&&&&&&&&&&&@@@@@&&&&&&&&&&&&&&#(
[codex:643825] (&&&&&&&&&&&&&&&&&&&%#(%%%(%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&(.
[codex:643825] (&&&&&&&&&&&&&&&&%(%&&(%%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&((
[codex:643825] (&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&(
[codex:643825]
[codex:643825] thinking
[codex:643825] **Analyzing vesting overclaim vulnerability**
[codex:643825] exec
[codex:643825] /bin/bash -lc 'nl -ba contracts/contracts/starvault.sol' in /tmp/codex-multi-yqasrrp9 succeeded in 8ms:
[codex:643825] 1 /*
[codex:643825] 2 ./((((.
[codex:643825] 3 ((&&&&&&&&&&&((
[codex:643825] 4 (&&&&@@@@&&&&&&&&&(
[codex:643825] 5 (&&&@@@@@@@@@&&&&&&&&&(
[codex:643825] 6 #(&&@@@@@@@@@@@&&&&&&&&&&(
[codex:643825] 7 (#&&@@@@@@@@@@@@&&&&&&&&&&&( /(((#%%&&%#((,
[codex:643825] 8 /((#%%%%#(((/ *(&&@@@@@@@@@@@&&&&&&&&&&&&&&( ((%&&&&&@@@@@@&&&&&&((
[codex:643825] 9 (#&&&&@@@@@@@@&&&&#(#(&&&@@@@@@@@@@&&&&&&&&&&&&&&&%&&&&&&@@@@@@@@@@@&&&&&&%(
[codex:643825] 10 (&&&&&@@@@@@@@@@@@@&&&&&&&&@@@@@@&&&&&&&&&&&&&&&&&&&&&&@@@@@@@@@@@@@&&&&&&&&&(
[codex:643825] 11 (&&&&&@@@@@@@@@@@@@@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@@@@@@@@@@@&&&&&&&&&&#(
[codex:643825] 12 (&&&&&&&&@@@@@@@@@@@&&&%#(%%(#&&&&&&&&&&&&&&&&&&&&&&&&&@@@@@&&&&&&&&&&&&&&#(
[codex:643825] 13 (&&&&&&&&&&&&&&&&&&&%#(%%%(%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&(.
[codex:643825] 14 (&&&&&&&&&&&&&&&&%(%&&(%%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&((
[codex:643825] 15 (&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&(
[codex:643825] 16 ((&&&&&&&&&&&&&&&&&%#((%&&&&&&&&&&&&&&#((#%%%&&&%(&&&&&&&&((
[codex:643825] 17 (#&&&&&&&&%(&&&%%%%%%%%&&&&&(&(#&&&&%%%%%%%%&&&(&&&&&&&&&&((
[codex:643825] 18 ((&&&&&&&&&&&&(&&&%%%%%%%%&&&&&&&&&&&&&&%%%%%%&&&((&&&&&&&&&&&&(*
[codex:643825] 19 ,#&&&&&&&&&&&&&&((&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&(((((&&&&&&&&&&&&&&(
[codex:643825] 20 (&&&&&&&&&&&&&&&&&((((((&&&&&&&&&&&&&&&&&&&&&&&&#((%&&&&&&&&&&&&&&&&&(
[codex:643825]
[codex:643825] thinking
[codex:643825] **Summarizing exploitability of vesting calculation**
[codex:643825] codex
[codex:643825] {"no_findings":false,"summary":"A listed payee can over-claim after the vesting period and drain the entire vault balance due to an uncapped vesting formula.","findings":[{"severity":"high","category":"math","title":"Uncapped vesting math lets a payee drain all funds after vesting completes","exploit_scenario":"1) Attacker is one of the constructor-defined payees. 2) Wait until `block.timestamp` is sufficiently larger than `startTimestamp` (e.g., for N payees with no prior claims, after ~N * _vestSeconds so that `_maxPayable * _secondsElapsed / _vestSeconds >= totalReceived`). 3) Call `claim(attacker)` from an EOA. 4) Because `maxClaimable` grows linearly without an upper bound, `payment` can reach the entire remaining balance, and `claim` transfers it to the attacker, leaving other payees with nothing. Profit: up to the entire contract balance (order of magnitude: remaining ETH in the vault / totalReceived).","recommendation":"Cap vesting at 100% by using `uint vested = _secondsElapsed > _vestSeconds ? _vestSeconds : _secondsElapsed;` and compute `claimable = _maxPayable * vested / _vestSeconds - payeeLedger[payee]`, or clamp `payment` to `_maxPayable - payeeLedger[payee]`.","evidence":"`maxClaimable` uses `_maxPayable * _secondsElapsed / _vestSeconds` without an upper bound, so vesting grows beyond 100% as time passes, and `claim` transfers the full `payment`.","locations":["contracts/contracts/starvault.sol:153","contracts/contracts/starvault.sol:176","contracts/contracts/starvault.sol:177","contracts/contracts/starvault.sol:178"]}]}
[codex:643825] tokens used
[codex:643825] 12,669
[codex:643825] {"no_findings":false,"summary":"A listed payee can over-claim after the vesting period and drain the entire vault balance due to an uncapped vesting formula.","findings":[{"severity":"high","category":"math","title":"Uncapped vesting math lets a payee drain all funds after vesting completes","exploit_scenario":"1) Attacker is one of the constructor-defined payees. 2) Wait until `block.timestamp` is sufficiently larger than `startTimestamp` (e.g., for N payees with no prior claims, after ~N * _vestSeconds so that `_maxPayable * _secondsElapsed / _vestSeconds >= totalReceived`). 3) Call `claim(attacker)` from an EOA. 4) Because `maxClaimable` grows linearly without an upper bound, `payment` can reach the entire remaining balance, and `claim` transfers it to the attacker, leaving other payees with nothing. Profit: up to the entire contract balance (order of magnitude: remaining ETH in the vault / totalReceived).","recommendation":"Cap vesting at 100% by using `uint vested = _secondsElapsed > _vestSeconds ? _vestSeconds : _secondsElapsed;` and compute `claimable = _maxPayable * vested / _vestSeconds - payeeLedger[payee]`, or clamp `payment` to `_maxPayable - payeeLedger[payee]`.","evidence":"`maxClaimable` uses `_maxPayable * _secondsElapsed / _vestSeconds` without an upper bound, so vesting grows beyond 100% as time passes, and `claim` transfers the full `payment`.","locations":["contracts/contracts/starvault.sol:153","contracts/contracts/starvault.sol:176","contracts/contracts/starvault.sol:177","contracts/contracts/starvault.sol:178"]}]}
{
"codex": {
"ran_at": "2026-01-03T01:35:42.772133+00:00",
"returncode": 0
},
"summary": "A listed payee can over-claim after the vesting period and drain the entire vault balance due to an uncapped vesting formula.",
"raw_final": {
"summary": "A listed payee can over-claim after the vesting period and drain the entire vault balance due to an uncapped vesting formula.",
"findings": [
{
"title": "Uncapped vesting math lets a payee drain all funds after vesting completes",
"category": "math",
"evidence": "`maxClaimable` uses `_maxPayable * _secondsElapsed / _vestSeconds` without an upper bound, so vesting grows beyond 100% as time passes, and `claim` transfers the full `payment`.",
"severity": "high",
"locations": [
"contracts/contracts/starvault.sol:153",
"contracts/contracts/starvault.sol:176",
"contracts/contracts/starvault.sol:177",
"contracts/contracts/starvault.sol:178"
],
"recommendation": "Cap vesting at 100% by using `uint vested = _secondsElapsed > _vestSeconds ? _vestSeconds : _secondsElapsed;` and compute `claimable = _maxPayable * vested / _vestSeconds - payeeLedger[payee]`, or clamp `payment` to `_maxPayable - payeeLedger[payee]`.",
"exploit_scenario": "1) Attacker is one of the constructor-defined payees. 2) Wait until `block.timestamp` is sufficiently larger than `startTimestamp` (e.g., for N payees with no prior claims, after ~N * _vestSeconds so that `_maxPayable * _secondsElapsed / _vestSeconds >= totalReceived`). 3) Call `claim(attacker)` from an EOA. 4) Because `maxClaimable` grows linearly without an upper bound, `payment` can reach the entire remaining balance, and `claim` transfers it to the attacker, leaving other payees with nothing. Profit: up to the entire contract balance (order of magnitude: remaining ETH in the vault / totalReceived)."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x00b0 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x8da5cb5b 00000019: GT 0000001a: PUSH2 0x0074 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xa3c2c462 00000024: GT 00000025: PUSH2 0x004e 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xa3c2c462 0000002f: EQ 00000030: PUSH2 0x0236 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xe6fd48bc 0000003a: EQ 0000003b: PUSH2 0x024c 0000003e: JUMPI 0000003f: DUP1 00000040: PUSH4 0xf2fde38b 00000045: EQ 00000046: PUSH2 0x0262 00000049: JUMPI 0000004a: PUSH1 0x00 0000004c: DUP1 0000004d: REVERT 0000004e: JUMPDEST 0000004f: DUP1 00000050: PUSH4 0x8da5cb5b 00000055: EQ 00000056: PUSH2 0x01b9 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x928692f1 00000060: EQ 00000061: PUSH2 0x01e1 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0xa39f7449 0000006b: EQ 0000006c: PUSH2 0x0221 0000006f: JUMPI 00000070: PUSH1 0x00 00000072: DUP1 00000073: REVERT 00000074: JUMPDEST 00000075: DUP1 00000076: PUSH4 0x1e83409a 0000007b: EQ 0000007c: PUSH2 0x0102 0000007f: JUMPI 00000080: DUP1 00000081: PUSH4 0x20437985 00000086: EQ 00000087: PUSH2 0x0124 0000008a: JUMPI 0000008b: DUP1 0000008c: PUSH4 0x25f3df5b 00000091: EQ 00000092: PUSH2 0x0164 00000095: JUMPI 00000096: DUP1 00000097: PUSH4 0x715018a6 0000009c: EQ 0000009d: PUSH2 0x0184 000000a0: JUMPI 000000a1: DUP1 000000a2: PUSH4 0x77329f35 000000a7: EQ 000000a8: PUSH2 0x0199 000000ab: JUMPI 000000ac: PUSH1 0x00 000000ae: DUP1 000000af: REVERT 000000b0: JUMPDEST 000000b1: CALLDATASIZE 000000b2: PUSH2 0x00fd 000000b5: JUMPI 000000b6: CALLVALUE 000000b7: PUSH1 0x03 000000b9: SLOAD 000000ba: PUSH2 0x00c3 000000bd: SWAP2 000000be: SWAP1 000000bf: PUSH2 0x0d2d 000000c2: JUMP 000000c3: JUMPDEST 000000c4: PUSH1 0x03 000000c6: SSTORE 000000c7: PUSH1 0x40 000000c9: MLOAD 000000ca: CALLVALUE 000000cb: DUP2 000000cc: MSTORE 000000cd: CALLER 000000ce: SWAP1 000000cf: PUSH32 0x2da466a7b24304f47e87fa2e1e5a81b9831ce54fec19055ce277ca2f39ba42c4 000000f0: SWAP1 000000f1: PUSH1 0x20 000000f3: ADD 000000f4: PUSH1 0x40 000000f6: MLOAD 000000f7: DUP1 000000f8: SWAP2 000000f9: SUB 000000fa: SWAP1 000000fb: LOG2 000000fc: STOP 000000fd: JUMPDEST 000000fe: PUSH1 0x00 00000100: DUP1 00000101: REVERT 00000102: JUMPDEST 00000103: CALLVALUE 00000104: DUP1 00000105: ISZERO 00000106: PUSH2 0x010e 00000109: JUMPI 0000010a: PUSH1 0x00 0000010c: DUP1 0000010d: REVERT 0000010e: JUMPDEST 0000010f: POP 00000110: PUSH2 0x0122 00000113: PUSH2 0x011d 00000116: CALLDATASIZE 00000117: PUSH1 0x04 00000119: PUSH2 0x0d5a 0000011c: JUMP 0000011d: JUMPDEST 0000011e: PUSH2 0x0282 00000121: JUMP 00000122: JUMPDEST 00000123: STOP 00000124: JUMPDEST 00000125: CALLVALUE 00000126: DUP1 00000127: ISZERO 00000128: PUSH2 0x0130 0000012b: JUMPI 0000012c: PUSH1 0x00 0000012e: DUP1 0000012f: REVERT 00000130: JUMPDEST 00000131: POP 00000132: PUSH2 0x0151 00000135: PUSH2 0x013f 00000138: CALLDATASIZE 00000139: PUSH1 0x04 0000013b: PUSH2 0x0d5a 0000013e: JUMP 0000013f: JUMPDEST 00000140: PUSH1 0x02 00000142: PUSH1 0x20 00000144: MSTORE 00000145: PUSH1 0x00 00000147: SWAP1 00000148: DUP2 00000149: MSTORE 0000014a: PUSH1 0x40 0000014c: SWAP1 0000014d: KECCAK256 0000014e: SLOAD 0000014f: DUP2 00000150: JUMP 00000151: JUMPDEST 00000152: PUSH1 0x40 00000154: MLOAD 00000155: SWAP1 00000156: DUP2 00000157: MSTORE 00000158: PUSH1 0x20 0000015a: ADD 0000015b: JUMPDEST 0000015c: PUSH1 0x40 0000015e: MLOAD 0000015f: DUP1 00000160: SWAP2 00000161: SUB 00000162: SWAP1 00000163: RETURN 00000164: JUMPDEST 00000165: CALLVALUE 00000166: DUP1 00000167: ISZERO 00000168: PUSH2 0x0170 0000016b: JUMPI 0000016c: PUSH1 0x00 0000016e: DUP1 0000016f: REVERT 00000170: JUMPDEST 00000171: POP 00000172: PUSH2 0x0151 00000175: PUSH2 0x017f 00000178: CALLDATASIZE 00000179: PUSH1 0x04 0000017b: PUSH2 0x0d5a 0000017e: JUMP 0000017f: JUMPDEST 00000180: PUSH2 0x0507 00000183: JUMP 00000184: JUMPDEST 00000185: CALLVALUE 00000186: DUP1 00000187: ISZERO 00000188: PUSH2 0x0190 0000018b: JUMPI 0000018c: PUSH1 0x00 0000018e: DUP1 0000018f: REVERT 00000190: JUMPDEST 00000191: POP 00000192: PUSH2 0x0122 00000195: PUSH2 0x0769 00000198: JUMP 00000199: JUMPDEST 0000019a: CALLVALUE 0000019b: DUP1 0000019c: ISZERO 0000019d: PUSH2 0x01a5 000001a0: JUMPI 000001a1: PUSH1 0x00 000001a3: DUP1 000001a4: REVERT 000001a5: JUMPDEST 000001a6: POP 000001a7: PUSH2 0x0122 000001aa: PUSH2 0x01b4 000001ad: CALLDATASIZE 000001ae: PUSH1 0x04 000001b0: PUSH2 0x0d5a 000001b3: JUMP 000001b4: JUMPDEST 000001b5: PUSH2 0x07cf 000001b8: JUMP 000001b9: JUMPDEST 000001ba: CALLVALUE 000001bb: DUP1 000001bc: ISZERO 000001bd: PUSH2 0x01c5 000001c0: JUMPI 000001c1: PUSH1 0x00 000001c3: DUP1 000001c4: REVERT 000001c5: JUMPDEST 000001c6: POP 000001c7: PUSH1 0x00 000001c9: SLOAD 000001ca: PUSH1 0x40 000001cc: MLOAD 000001cd: PUSH1 0x01 000001cf: PUSH1 0x01 000001d1: PUSH1 0xa0 000001d3: SHL 000001d4: SUB 000001d5: SWAP1 000001d6: SWAP2 000001d7: AND 000001d8: DUP2 000001d9: MSTORE 000001da: PUSH1 0x20 000001dc: ADD 000001dd: PUSH2 0x015b 000001e0: JUMP 000001e1: JUMPDEST 000001e2: CALLVALUE 000001e3: DUP1 000001e4: ISZERO 000001e5: PUSH2 0x01ed 000001e8: JUMPI 000001e9: PUSH1 0x00 000001eb: DUP1 000001ec: REVERT 000001ed: JUMPDEST 000001ee: POP 000001ef: PUSH2 0x0211 000001f2: PUSH2 0x01fc 000001f5: CALLDATASIZE 000001f6: PUSH1 0x04 000001f8: PUSH2 0x0d5a 000001fb: JUMP 000001fc: JUMPDEST 000001fd: PUSH1 0x04 000001ff: PUSH1 0x20 00000201: MSTORE 00000202: PUSH1 0x00 00000204: SWAP1 00000205: DUP2 00000206: MSTORE 00000207: PUSH1 0x40 00000209: SWAP1 0000020a: KECCAK256 0000020b: SLOAD 0000020c: PUSH1 0xff 0000020e: AND 0000020f: DUP2 00000210: JUMP 00000211: JUMPDEST 00000212: PUSH1 0x40 00000214: MLOAD 00000215: SWAP1 00000216: ISZERO 00000217: ISZERO 00000218: DUP2 00000219: MSTORE 0000021a: PUSH1 0x20 0000021c: ADD 0000021d: PUSH2 0x015b 00000220: JUMP 00000221: JUMPDEST 00000222: CALLVALUE 00000223: DUP1 00000224: ISZERO 00000225: PUSH2 0x022d 00000228: JUMPI 00000229: PUSH1 0x00 0000022b: DUP1 0000022c: REVERT 0000022d: JUMPDEST 0000022e: POP 0000022f: PUSH2 0x0122 00000232: PUSH2 0x0a21 00000235: JUMP 00000236: JUMPDEST 00000237: CALLVALUE 00000238: DUP1 00000239: ISZERO 0000023a: PUSH2 0x0242 0000023d: JUMPI 0000023e: PUSH1 0x00 00000240: DUP1 00000241: REVERT 00000242: JUMPDEST 00000243: POP 00000244: PUSH2 0x0151 00000247: PUSH1 0x03 00000249: SLOAD 0000024a: DUP2 0000024b: JUMP 0000024c: JUMPDEST 0000024d: CALLVALUE 0000024e: DUP1 0000024f: ISZERO 00000250: PUSH2 0x0258 00000253: JUMPI 00000254: PUSH1 0x00 00000256: DUP1 00000257: REVERT 00000258: JUMPDEST 00000259: POP 0000025a: PUSH2 0x0151 0000025d: PUSH1 0x09 0000025f: SLOAD 00000260: DUP2 00000261: JUMP 00000262: JUMPDEST 00000263: CALLVALUE 00000264: DUP1 00000265: ISZERO 00000266: PUSH2 0x026e 00000269: JUMPI 0000026a: PUSH1 0x00 0000026c: DUP1 0000026d: REVERT 0000026e: JUMPDEST 0000026f: POP 00000270: PUSH2 0x0122 00000273: PUSH2 0x027d 00000276: CALLDATASIZE 00000277: PUSH1 0x04 00000279: PUSH2 0x0d5a 0000027c: JUMP 0000027d: JUMPDEST 0000027e: PUSH2 0x0ad1 00000281: JUMP 00000282: JUMPDEST 00000283: CALLER 00000284: PUSH1 0x00 00000286: SWAP1 00000287: DUP2 00000288: MSTORE 00000289: PUSH1 0x04 0000028b: PUSH1 0x20 0000028d: MSTORE 0000028e: PUSH1 0x40 00000290: SWAP1 00000291: KECCAK256 00000292: SLOAD 00000293: DUP2 00000294: SWAP1 00000295: PUSH1 0xff 00000297: AND 00000298: PUSH2 0x02d8 0000029b: JUMPI 0000029c: PUSH1 0x40 0000029e: MLOAD 0000029f: PUSH3 0x461bcd 000002a3: PUSH1 0xe5 000002a5: SHL 000002a6: DUP2 000002a7: MSTORE 000002a8: PUSH1 0x20 000002aa: PUSH1 0x04 000002ac: DUP3 000002ad: ADD 000002ae: MSTORE 000002af: PUSH1 0x0d 000002b1: PUSH1 0x24 000002b3: DUP3 000002b4: ADD 000002b5: MSTORE 000002b6: PUSH13 0x496e76616c6964207061796565 000002c4: PUSH1 0x98 000002c6: SHL 000002c7: PUSH1 0x44 000002c9: DUP3 000002ca: ADD 000002cb: MSTORE 000002cc: PUSH1 0x64 000002ce: ADD 000002cf: JUMPDEST 000002d0: PUSH1 0x40 000002d2: MLOAD 000002d3: DUP1 000002d4: SWAP2 000002d5: SUB 000002d6: SWAP1 000002d7: REVERT 000002d8: JUMPDEST 000002d9: PUSH1 0x00 000002db: PUSH1 0x09 000002dd: SLOAD 000002de: GT 000002df: PUSH2 0x0323 000002e2: JUMPI 000002e3: PUSH1 0x40 000002e5: MLOAD 000002e6: PUSH3 0x461bcd 000002ea: PUSH1 0xe5 000002ec: SHL 000002ed: DUP2 000002ee: MSTORE 000002ef: PUSH1 0x20 000002f1: PUSH1 0x04 000002f3: DUP3 000002f4: ADD 000002f5: MSTORE 000002f6: PUSH1 0x16 000002f8: PUSH1 0x24 000002fa: DUP3 000002fb: ADD 000002fc: MSTORE 000002fd: PUSH22 0x15995cdd081d1a5b595cdd185b5c081b9bdd081cd95d 00000314: PUSH1 0x52 00000316: SHL 00000317: PUSH1 0x44 00000319: DUP3 0000031a: ADD 0000031b: MSTORE 0000031c: PUSH1 0x64 0000031e: ADD 0000031f: PUSH2 0x02cf 00000322: JUMP 00000323: JUMPDEST 00000324: PUSH1 0x00 00000326: SELFBALANCE 00000327: GT 00000328: PUSH2 0x036b 0000032b: JUMPI 0000032c: PUSH1 0x40 0000032e: MLOAD 0000032f: PUSH3 0x461bcd 00000333: PUSH1 0xe5 00000335: SHL 00000336: DUP2 00000337: MSTORE 00000338: PUSH1 0x20 0000033a: PUSH1 0x04 0000033c: DUP3 0000033d: ADD 0000033e: MSTORE 0000033f: PUSH1 0x15 00000341: PUSH1 0x24 00000343: DUP3 00000344: ADD 00000345: MSTORE 00000346: PUSH21 0x0436f6e74726163742062616c616e6365206973203 0000035c: PUSH1 0x5c 0000035e: SHL 0000035f: PUSH1 0x44 00000361: DUP3 00000362: ADD 00000363: MSTORE 00000364: PUSH1 0x64 00000366: ADD 00000367: PUSH2 0x02cf 0000036a: JUMP 0000036b: JUMPDEST 0000036c: CALLER 0000036d: PUSH1 0x01 0000036f: PUSH1 0x01 00000371: PUSH1 0xa0 00000373: SHL 00000374: SUB 00000375: DUP3 00000376: AND 00000377: EQ 00000378: PUSH2 0x03bc 0000037b: JUMPI 0000037c: PUSH1 0x40 0000037e: MLOAD 0000037f: PUSH3 0x461bcd 00000383: PUSH1 0xe5 00000385: SHL 00000386: DUP2 00000387: MSTORE 00000388: PUSH1 0x20 0000038a: PUSH1 0x04 0000038c: DUP3 0000038d: ADD 0000038e: MSTORE 0000038f: PUSH1 0x16 00000391: PUSH1 0x24 00000393: DUP3 00000394: ADD 00000395: MSTORE 00000396: PUSH22 0x21b630b4b69036bab9ba103132903337b91039b2b633 000003ad: PUSH1 0x51 000003af: SHL 000003b0: PUSH1 0x44 000003b2: DUP3 000003b3: ADD 000003b4: MSTORE 000003b5: PUSH1 0x64 000003b7: ADD 000003b8: PUSH2 0x02cf 000003bb: JUMP 000003bc: JUMPDEST 000003bd: CALLER 000003be: ORIGIN 000003bf: EQ 000003c0: PUSH2 0x040b 000003c3: JUMPI 000003c4: PUSH1 0x40 000003c6: MLOAD 000003c7: PUSH3 0x461bcd 000003cb: PUSH1 0xe5 000003cd: SHL 000003ce: DUP2 000003cf: MSTORE 000003d0: PUSH1 0x20 000003d2: PUSH1 0x04 000003d4: DUP3 000003d5: ADD 000003d6: MSTORE 000003d7: PUSH1 0x19 000003d9: PUSH1 0x24 000003db: DUP3 000003dc: ADD 000003dd: MSTORE 000003de: PUSH32 0x43616c6c65722063616e6e6f7420626520636f6e747261637400000000000000 000003ff: PUSH1 0x44 00000401: DUP3 00000402: ADD 00000403: MSTORE 00000404: PUSH1 0x64 00000406: ADD 00000407: PUSH2 0x02cf 0000040a: JUMP 0000040b: JUMPDEST 0000040c: PUSH1 0x02 0000040e: PUSH1 0x01 00000410: SLOAD 00000411: EQ 00000412: ISZERO 00000413: PUSH2 0x045e 00000416: JUMPI 00000417: PUSH1 0x40 00000419: MLOAD 0000041a: PUSH3 0x461bcd 0000041e: PUSH1 0xe5 00000420: SHL 00000421: DUP2 00000422: MSTORE 00000423: PUSH1 0x20 00000425: PUSH1 0x04 00000427: DUP3 00000428: ADD 00000429: MSTORE 0000042a: PUSH1 0x1f 0000042c: PUSH1 0x24 0000042e: DUP3 0000042f: ADD 00000430: MSTORE 00000431: PUSH32 0x5265656e7472616e637947756172643a207265656e7472616e742063616c6c00 00000452: PUSH1 0x44 00000454: DUP3 00000455: ADD 00000456: MSTORE 00000457: PUSH1 0x64 00000459: ADD 0000045a: PUSH2 0x02cf 0000045d: JUMP 0000045e: JUMPDEST 0000045f: PUSH1 0x02 00000461: PUSH1 0x01 00000463: SSTORE 00000464: PUSH1 0x00 00000466: PUSH2 0x046e 00000469: DUP4 0000046a: PUSH2 0x0507 0000046d: JUMP 0000046e: JUMPDEST 0000046f: PUSH1 0x01 00000471: PUSH1 0x01 00000473: PUSH1 0xa0 00000475: SHL 00000476: SUB 00000477: DUP5 00000478: AND 00000479: PUSH1 0x00 0000047b: SWAP1 0000047c: DUP2 0000047d: MSTORE 0000047e: PUSH1 0x02 00000480: PUSH1 0x20 00000482: MSTORE 00000483: PUSH1 0x40 00000485: SWAP1 00000486: KECCAK256 00000487: SLOAD 00000488: SWAP1 00000489: SWAP2 0000048a: POP 0000048b: PUSH2 0x0495 0000048e: SWAP1 0000048f: DUP3 00000490: SWAP1 00000491: PUSH2 0x0d2d 00000494: JUMP 00000495: JUMPDEST 00000496: PUSH1 0x01 00000498: PUSH1 0x01 0000049a: PUSH1 0xa0 0000049c: SHL 0000049d: SUB 0000049e: DUP5 0000049f: AND 000004a0: PUSH1 0x00 000004a2: DUP2 000004a3: DUP2 000004a4: MSTORE 000004a5: PUSH1 0x02 000004a7: PUSH1 0x20 000004a9: MSTORE 000004aa: PUSH1 0x40 000004ac: SWAP1 000004ad: KECCAK256 000004ae: SWAP2 000004af: SWAP1 000004b0: SWAP2 000004b1: SSTORE 000004b2: PUSH2 0x04bb 000004b5: SWAP1 000004b6: DUP3 000004b7: PUSH2 0x0b9c 000004ba: JUMP 000004bb: JUMPDEST 000004bc: DUP3 000004bd: PUSH1 0x01 000004bf: PUSH1 0x01 000004c1: PUSH1 0xa0 000004c3: SHL 000004c4: SUB 000004c5: AND 000004c6: PUSH32 0x7084f5476618d8e60b11ef0d7d3f06914655adb8793e28ff7f018d4c76d505d5 000004e7: DUP3 000004e8: PUSH1 0x40 000004ea: MLOAD 000004eb: PUSH2 0x04f6 000004ee: SWAP2 000004ef: DUP2 000004f0: MSTORE 000004f1: PUSH1 0x20 000004f3: ADD 000004f4: SWAP1 000004f5: JUMP 000004f6: JUMPDEST 000004f7: PUSH1 0x40 000004f9: MLOAD 000004fa: DUP1 000004fb: SWAP2 000004fc: SUB 000004fd: SWAP1 000004fe: LOG2 000004ff: POP 00000500: POP 00000501: PUSH1 0x01 00000503: DUP1 00000504: SSTORE 00000505: POP 00000506: JUMP 00000507: JUMPDEST 00000508: CALLER 00000509: PUSH1 0x00 0000050b: SWAP1 0000050c: DUP2 0000050d: MSTORE 0000050e: PUSH1 0x04 00000510: PUSH1 0x20 00000512: MSTORE 00000513: PUSH1 0x40 00000515: DUP2 00000516: KECCAK256 00000517: SLOAD 00000518: DUP3 00000519: SWAP1 0000051a: PUSH1 0xff 0000051c: AND 0000051d: PUSH2 0x0558 00000520: JUMPI 00000521: PUSH1 0x40 00000523: MLOAD 00000524: PUSH3 0x461bcd 00000528: PUSH1 0xe5 0000052a: SHL 0000052b: DUP2 0000052c: MSTORE 0000052d: PUSH1 0x20 0000052f: PUSH1 0x04 00000531: DUP3 00000532: ADD 00000533: MSTORE 00000534: PUSH1 0x0d 00000536: PUSH1 0x24 00000538: DUP3 00000539: ADD 0000053a: MSTORE 0000053b: PUSH13 0x496e76616c6964207061796565 00000549: PUSH1 0x98 0000054b: SHL 0000054c: PUSH1 0x44 0000054e: DUP3 0000054f: ADD 00000550: MSTORE 00000551: PUSH1 0x64 00000553: ADD 00000554: PUSH2 0x02cf 00000557: JUMP 00000558: JUMPDEST 00000559: PUSH1 0x00 0000055b: PUSH1 0x09 0000055d: SLOAD 0000055e: GT 0000055f: PUSH2 0x05a3 00000562: JUMPI 00000563: PUSH1 0x40 00000565: MLOAD 00000566: PUSH3 0x461bcd 0000056a: PUSH1 0xe5 0000056c: SHL 0000056d: DUP2 0000056e: MSTORE 0000056f: PUSH1 0x20 00000571: PUSH1 0x04 00000573: DUP3 00000574: ADD 00000575: MSTORE 00000576: PUSH1 0x16 00000578: PUSH1 0x24 0000057a: DUP3 0000057b: ADD 0000057c: MSTORE 0000057d: PUSH22 0x15995cdd081d1a5b595cdd185b5c081b9bdd081cd95d 00000594: PUSH1 0x52 00000596: SHL 00000597: PUSH1 0x44 00000599: DUP3 0000059a: ADD 0000059b: MSTORE 0000059c: PUSH1 0x64 0000059e: ADD 0000059f: PUSH2 0x02cf 000005a2: JUMP 000005a3: JUMPDEST 000005a4: PUSH1 0x00 000005a6: SELFBALANCE 000005a7: GT 000005a8: PUSH2 0x05eb 000005ab: JUMPI 000005ac: PUSH1 0x40 000005ae: MLOAD 000005af: PUSH3 0x461bcd 000005b3: PUSH1 0xe5 000005b5: SHL 000005b6: DUP2 000005b7: MSTORE 000005b8: PUSH1 0x20 000005ba: PUSH1 0x04 000005bc: DUP3 000005bd: ADD 000005be: MSTORE 000005bf: PUSH1 0x15 000005c1: PUSH1 0x24 000005c3: DUP3 000005c4: ADD 000005c5: MSTORE 000005c6: PUSH21 0x0436f6e74726163742062616c616e6365206973203 000005dc: PUSH1 0x5c 000005de: SHL 000005df: PUSH1 0x44 000005e1: DUP3 000005e2: ADD 000005e3: MSTORE 000005e4: PUSH1 0x64 000005e6: ADD 000005e7: PUSH2 0x02cf 000005ea: JUMP 000005eb: JUMPDEST 000005ec: CALLER 000005ed: PUSH1 0x01 000005ef: PUSH1 0x01 000005f1: PUSH1 0xa0 000005f3: SHL 000005f4: SUB 000005f5: DUP3 000005f6: AND 000005f7: EQ 000005f8: PUSH2 0x063c 000005fb: JUMPI 000005fc: PUSH1 0x40 000005fe: MLOAD 000005ff: PUSH3 0x461bcd 00000603: PUSH1 0xe5 00000605: SHL 00000606: DUP2 00000607: MSTORE 00000608: PUSH1 0x20 0000060a: PUSH1 0x04 0000060c: DUP3 0000060d: ADD 0000060e: MSTORE 0000060f: PUSH1 0x16 00000611: PUSH1 0x24 00000613: DUP3 00000614: ADD 00000615: MSTORE 00000616: PUSH22 0x21b630b4b69036bab9ba103132903337b91039b2b633 0000062d: PUSH1 0x51 0000062f: SHL 00000630: PUSH1 0x44 00000632: DUP3 00000633: ADD 00000634: MSTORE 00000635: PUSH1 0x64 00000637: ADD 00000638: PUSH2 0x02cf 0000063b: JUMP 0000063c: JUMPDEST 0000063d: CALLER 0000063e: ORIGIN 0000063f: EQ 00000640: PUSH2 0x068b 00000643: JUMPI 00000644: PUSH1 0x40 00000646: MLOAD 00000647: PUSH3 0x461bcd 0000064b: PUSH1 0xe5 0000064d: SHL 0000064e: DUP2 0000064f: MSTORE 00000650: PUSH1 0x20 00000652: PUSH1 0x04 00000654: DUP3 00000655: ADD 00000656: MSTORE 00000657: PUSH1 0x19 00000659: PUSH1 0x24 0000065b: DUP3 0000065c: ADD 0000065d: MSTORE 0000065e: PUSH32 0x43616c6c65722063616e6e6f7420626520636f6e747261637400000000000000 0000067f: PUSH1 0x44 00000681: DUP3 00000682: ADD 00000683: MSTORE 00000684: PUSH1 0x64 00000686: ADD 00000687: PUSH2 0x02cf 0000068a: JUMP 0000068b: JUMPDEST 0000068c: CALLER 0000068d: PUSH1 0x01 0000068f: PUSH1 0x01 00000691: PUSH1 0xa0 00000693: SHL 00000694: SUB 00000695: DUP5 00000696: AND 00000697: EQ 00000698: PUSH2 0x06dc 0000069b: JUMPI 0000069c: PUSH1 0x40 0000069e: MLOAD 0000069f: PUSH3 0x461bcd 000006a3: PUSH1 0xe5 000006a5: SHL 000006a6: DUP2 000006a7: MSTORE 000006a8: PUSH1 0x20 000006aa: PUSH1 0x04 000006ac: DUP3 000006ad: ADD 000006ae: MSTORE 000006af: PUSH1 0x16 000006b1: PUSH1 0x24 000006b3: DUP3 000006b4: ADD 000006b5: MSTORE 000006b6: PUSH22 0x21b630b4b69036bab9ba103132903337b91039b2b633 000006cd: PUSH1 0x51 000006cf: SHL 000006d0: PUSH1 0x44 000006d2: DUP3 000006d3: ADD 000006d4: MSTORE 000006d5: PUSH1 0x64 000006d7: ADD 000006d8: PUSH2 0x02cf 000006db: JUMP 000006dc: JUMPDEST 000006dd: PUSH1 0x05 000006df: SLOAD 000006e0: PUSH1 0x09 000006e2: SLOAD 000006e3: PUSH2 0x06ec 000006e6: SWAP2 000006e7: SWAP1 000006e8: PUSH2 0x0d2d 000006eb: JUMP 000006ec: JUMPDEST 000006ed: TIMESTAMP 000006ee: LT 000006ef: ISZERO 000006f0: PUSH2 0x06fc 000006f3: JUMPI 000006f4: PUSH1 0x00 000006f6: SWAP2 000006f7: POP 000006f8: PUSH2 0x0763 000006fb: JUMP 000006fc: JUMPDEST 000006fd: PUSH1 0x00 000006ff: PUSH1 0x08 00000701: SLOAD 00000702: PUSH1 0x03 00000704: SLOAD 00000705: PUSH2 0x070e 00000708: SWAP2 00000709: SWAP1 0000070a: PUSH2 0x0d7e 0000070d: JUMP 0000070e: JUMPDEST 0000070f: SWAP1 00000710: POP 00000711: PUSH1 0x00 00000713: PUSH1 0x09 00000715: SLOAD 00000716: TIMESTAMP 00000717: PUSH2 0x0720 0000071a: SWAP2 0000071b: SWAP1 0000071c: PUSH2 0x0da0 0000071f: JUMP 00000720: JUMPDEST 00000721: PUSH1 0x01 00000723: PUSH1 0x01 00000725: PUSH1 0xa0 00000727: SHL 00000728: SUB 00000729: DUP7 0000072a: AND 0000072b: PUSH1 0x00 0000072d: SWAP1 0000072e: DUP2 0000072f: MSTORE 00000730: PUSH1 0x02 00000732: PUSH1 0x20 00000734: MSTORE 00000735: PUSH1 0x40 00000737: SWAP1 00000738: KECCAK256 00000739: SLOAD 0000073a: PUSH1 0x06 0000073c: SLOAD 0000073d: SWAP2 0000073e: SWAP3 0000073f: POP 00000740: SWAP1 00000741: PUSH2 0x074a 00000744: DUP4 00000745: DUP6 00000746: PUSH2 0x0db7 00000749: JUMP 0000074a: JUMPDEST 0000074b: PUSH2 0x0754 0000074e: SWAP2 0000074f: SWAP1 00000750: PUSH2 0x0d7e 00000753: JUMP 00000754: JUMPDEST 00000755: PUSH2 0x075e 00000758: SWAP2 00000759: SWAP1 0000075a: PUSH2 0x0da0 0000075d: JUMP 0000075e: JUMPDEST 0000075f: SWAP4 00000760: POP 00000761: POP 00000762: POP 00000763: JUMPDEST 00000764: POP 00000765: SWAP2 00000766: SWAP1 00000767: POP 00000768: JUMP 00000769: JUMPDEST 0000076a: PUSH1 0x00 0000076c: SLOAD 0000076d: PUSH1 0x01 0000076f: PUSH1 0x01 00000771: PUSH1 0xa0 00000773: SHL 00000774: SUB 00000775: AND 00000776: CALLER 00000777: EQ 00000778: PUSH2 0x07c3 0000077b: JUMPI 0000077c: PUSH1 0x40 0000077e: MLOAD 0000077f: PUSH3 0x461bcd 00000783: PUSH1 0xe5 00000785: SHL 00000786: DUP2 00000787: MSTORE 00000788: PUSH1 0x20 0000078a: PUSH1 0x04 0000078c: DUP3 0000078d: ADD 0000078e: DUP2 0000078f: SWAP1 00000790: MSTORE 00000791: PUSH1 0x24 00000793: DUP3 00000794: ADD 00000795: MSTORE 00000796: PUSH32 0x4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572 000007b7: PUSH1 0x44 000007b9: DUP3 000007ba: ADD 000007bb: MSTORE 000007bc: PUSH1 0x64 000007be: ADD 000007bf: PUSH2 0x02cf 000007c2: JUMP 000007c3: JUMPDEST 000007c4: PUSH2 0x07cd 000007c7: PUSH1 0x00 000007c9: PUSH2 0x0cba 000007cc: JUMP 000007cd: JUMPDEST 000007ce: JUMP 000007cf: JUMPDEST 000007d0: CALLER 000007d1: PUSH1 0x00 000007d3: SWAP1 000007d4: DUP2 000007d5: MSTORE 000007d6: PUSH1 0x04 000007d8: PUSH1 0x20 000007da: MSTORE 000007db: PUSH1 0x40 000007dd: SWAP1 000007de: KECCAK256 000007df: SLOAD 000007e0: DUP2 000007e1: SWAP1 000007e2: PUSH1 0xff 000007e4: AND 000007e5: PUSH2 0x0820 000007e8: JUMPI 000007e9: PUSH1 0x40 000007eb: MLOAD 000007ec: PUSH3 0x461bcd 000007f0: PUSH1 0xe5 000007f2: SHL 000007f3: DUP2 000007f4: MSTORE 000007f5: PUSH1 0x20 000007f7: PUSH1 0x04 000007f9: DUP3 000007fa: ADD 000007fb: MSTORE 000007fc: PUSH1 0x0d 000007fe: PUSH1 0x24 00000800: DUP3 00000801: ADD 00000802: MSTORE 00000803: PUSH13 0x496e76616c6964207061796565 00000811: PUSH1 0x98 00000813: SHL 00000814: PUSH1 0x44 00000816: DUP3 00000817: ADD 00000818: MSTORE 00000819: PUSH1 0x64 0000081b: ADD 0000081c: PUSH2 0x02cf 0000081f: JUMP 00000820: JUMPDEST 00000821: PUSH1 0x00 00000823: PUSH1 0x09 00000825: SLOAD 00000826: GT 00000827: PUSH2 0x086b 0000082a: JUMPI 0000082b: PUSH1 0x40 0000082d: MLOAD 0000082e: PUSH3 0x461bcd 00000832: PUSH1 0xe5 00000834: SHL 00000835: DUP2 00000836: MSTORE 00000837: PUSH1 0x20 00000839: PUSH1 0x04 0000083b: DUP3 0000083c: ADD 0000083d: MSTORE 0000083e: PUSH1 0x16 00000840: PUSH1 0x24 00000842: DUP3 00000843: ADD 00000844: MSTORE 00000845: PUSH22 0x15995cdd081d1a5b595cdd185b5c081b9bdd081cd95d 0000085c: PUSH1 0x52 0000085e: SHL 0000085f: PUSH1 0x44 00000861: DUP3 00000862: ADD 00000863: MSTORE 00000864: PUSH1 0x64 00000866: ADD 00000867: PUSH2 0x02cf 0000086a: JUMP 0000086b: JUMPDEST 0000086c: PUSH1 0x00 0000086e: SELFBALANCE 0000086f: GT 00000870: PUSH2 0x08b3 00000873: JUMPI 00000874: PUSH1 0x40 00000876: MLOAD 00000877: PUSH3 0x461bcd 0000087b: PUSH1 0xe5 0000087d: SHL 0000087e: DUP2 0000087f: MSTORE 00000880: PUSH1 0x20 00000882: PUSH1 0x04 00000884: DUP3 00000885: ADD 00000886: MSTORE 00000887: PUSH1 0x15 00000889: PUSH1 0x24 0000088b: DUP3 0000088c: ADD 0000088d: MSTORE 0000088e: PUSH21 0x0436f6e74726163742062616c616e6365206973203 000008a4: PUSH1 0x5c 000008a6: SHL 000008a7: PUSH1 0x44 000008a9: DUP3 000008aa: ADD 000008ab: MSTORE 000008ac: PUSH1 0x64 000008ae: ADD 000008af: PUSH2 0x02cf 000008b2: JUMP 000008b3: JUMPDEST 000008b4: CALLER 000008b5: PUSH1 0x01 000008b7: PUSH1 0x01 000008b9: PUSH1 0xa0 000008bb: SHL 000008bc: SUB 000008bd: DUP3 000008be: AND 000008bf: EQ 000008c0: PUSH2 0x0904 000008c3: JUMPI 000008c4: PUSH1 0x40 000008c6: MLOAD 000008c7: PUSH3 0x461bcd 000008cb: PUSH1 0xe5 000008cd: SHL 000008ce: DUP2 000008cf: MSTORE 000008d0: PUSH1 0x20 000008d2: PUSH1 0x04 000008d4: DUP3 000008d5: ADD 000008d6: MSTORE 000008d7: PUSH1 0x16 000008d9: PUSH1 0x24 000008db: DUP3 000008dc: ADD 000008dd: MSTORE 000008de: PUSH22 0x21b630b4b69036bab9ba103132903337b91039b2b633 000008f5: PUSH1 0x51 000008f7: SHL 000008f8: PUSH1 0x44 000008fa: DUP3 000008fb: ADD 000008fc: MSTORE 000008fd: PUSH1 0x64 000008ff: ADD 00000900: PUSH2 0x02cf 00000903: JUMP 00000904: JUMPDEST 00000905: CALLER 00000906: ORIGIN 00000907: EQ 00000908: PUSH2 0x0953 0000090b: JUMPI 0000090c: PUSH1 0x40 0000090e: MLOAD 0000090f: PUSH3 0x461bcd 00000913: PUSH1 0xe5 00000915: SHL 00000916: DUP2 00000917: MSTORE 00000918: PUSH1 0x20 0000091a: PUSH1 0x04 0000091c: DUP3 0000091d: ADD 0000091e: MSTORE 0000091f: PUSH1 0x19 00000921: PUSH1 0x24 00000923: DUP3 00000924: ADD 00000925: MSTORE 00000926: PUSH32 0x43616c6c65722063616e6e6f7420626520636f6e747261637400000000000000 00000947: PUSH1 0x44 00000949: DUP3 0000094a: ADD 0000094b: MSTORE 0000094c: PUSH1 0x64 0000094e: ADD 0000094f: PUSH2 0x02cf 00000952: JUMP 00000953: JUMPDEST 00000954: PUSH1 0x02 00000956: PUSH1 0x01 00000958: SLOAD 00000959: EQ 0000095a: ISZERO 0000095b: PUSH2 0x09a6 0000095e: JUMPI 0000095f: PUSH1 0x40 00000961: MLOAD 00000962: PUSH3 0x461bcd 00000966: PUSH1 0xe5 00000968: SHL 00000969: DUP2 0000096a: MSTORE 0000096b: PUSH1 0x20 0000096d: PUSH1 0x04 0000096f: DUP3 00000970: ADD 00000971: MSTORE 00000972: PUSH1 0x1f 00000974: PUSH1 0x24 00000976: DUP3 00000977: ADD 00000978: MSTORE 00000979: PUSH32 0x5265656e7472616e637947756172643a207265656e7472616e742063616c6c00 0000099a: PUSH1 0x44 0000099c: DUP3 0000099d: ADD 0000099e: MSTORE 0000099f: PUSH1 0x64 000009a1: ADD 000009a2: PUSH2 0x02cf 000009a5: JUMP 000009a6: JUMPDEST 000009a7: PUSH1 0x02 000009a9: PUSH1 0x01 000009ab: SSTORE 000009ac: PUSH1 0x07 000009ae: SLOAD 000009af: PUSH1 0x06 000009b1: SLOAD 000009b2: PUSH1 0x09 000009b4: SLOAD 000009b5: PUSH2 0x09be 000009b8: SWAP2 000009b9: SWAP1 000009ba: PUSH2 0x0d2d 000009bd: JUMP 000009be: JUMPDEST 000009bf: PUSH2 0x09c8 000009c2: SWAP2 000009c3: SWAP1 000009c4: PUSH2 0x0d2d 000009c7: JUMP 000009c8: JUMPDEST 000009c9: TIMESTAMP 000009ca: GT 000009cb: PUSH2 0x0a16 000009ce: JUMPI 000009cf: PUSH1 0x40 000009d1: MLOAD 000009d2: PUSH3 0x461bcd 000009d6: PUSH1 0xe5 000009d8: SHL 000009d9: DUP2 000009da: MSTORE 000009db: PUSH1 0x20 000009dd: PUSH1 0x04 000009df: DUP3 000009e0: ADD 000009e1: MSTORE 000009e2: PUSH1 0x1b 000009e4: PUSH1 0x24 000009e6: DUP3 000009e7: ADD 000009e8: MSTORE 000009e9: PUSH32 0x497420697320746f6f206561726c7920746f20636c61696d416c6c0000000000 00000a0a: PUSH1 0x44 00000a0c: DUP3 00000a0d: ADD 00000a0e: MSTORE 00000a0f: PUSH1 0x64 00000a11: ADD 00000a12: PUSH2 0x02cf 00000a15: JUMP 00000a16: JUMPDEST 00000a17: SELFBALANCE 00000a18: PUSH2 0x04bb 00000a1b: DUP4 00000a1c: DUP3 00000a1d: PUSH2 0x0b9c 00000a20: JUMP 00000a21: JUMPDEST 00000a22: PUSH1 0x00 00000a24: SLOAD 00000a25: PUSH1 0x01 00000a27: PUSH1 0x01 00000a29: PUSH1 0xa0 00000a2b: SHL 00000a2c: SUB 00000a2d: AND 00000a2e: CALLER 00000a2f: EQ 00000a30: PUSH2 0x0a7b 00000a33: JUMPI 00000a34: PUSH1 0x40 00000a36: MLOAD 00000a37: PUSH3 0x461bcd 00000a3b: PUSH1 0xe5 00000a3d: SHL 00000a3e: DUP2 00000a3f: MSTORE 00000a40: PUSH1 0x20 00000a42: PUSH1 0x04 00000a44: DUP3 00000a45: ADD 00000a46: DUP2 00000a47: SWAP1 00000a48: MSTORE 00000a49: PUSH1 0x24 00000a4b: DUP3 00000a4c: ADD 00000a4d: MSTORE 00000a4e: PUSH32 0x4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572 00000a6f: PUSH1 0x44 00000a71: DUP3 00000a72: ADD 00000a73: MSTORE 00000a74: PUSH1 0x64 00000a76: ADD 00000a77: PUSH2 0x02cf 00000a7a: JUMP 00000a7b: JUMPDEST 00000a7c: PUSH1 0x09 00000a7e: SLOAD 00000a7f: ISZERO 00000a80: PUSH2 0x0acb 00000a83: JUMPI 00000a84: PUSH1 0x40 00000a86: MLOAD 00000a87: PUSH3 0x461bcd 00000a8b: PUSH1 0xe5 00000a8d: SHL 00000a8e: DUP2 00000a8f: MSTORE 00000a90: PUSH1 0x20 00000a92: PUSH1 0x04 00000a94: DUP3 00000a95: ADD 00000a96: MSTORE 00000a97: PUSH1 0x15 00000a99: PUSH1 0x24 00000a9b: DUP3 00000a9c: ADD 00000a9d: MSTORE 00000a9e: PUSH32 0x54696d657220616c726561647920737461727465640000000000000000000000 00000abf: PUSH1 0x44 00000ac1: DUP3 00000ac2: ADD 00000ac3: MSTORE 00000ac4: PUSH1 0x64 00000ac6: ADD 00000ac7: PUSH2 0x02cf 00000aca: JUMP 00000acb: JUMPDEST 00000acc: TIMESTAMP 00000acd: PUSH1 0x09 00000acf: SSTORE 00000ad0: JUMP 00000ad1: JUMPDEST 00000ad2: PUSH1 0x00 00000ad4: SLOAD 00000ad5: PUSH1 0x01 00000ad7: PUSH1 0x01 00000ad9: PUSH1 0xa0 00000adb: SHL 00000adc: SUB 00000add: AND 00000ade: CALLER 00000adf: EQ 00000ae0: PUSH2 0x0b2b 00000ae3: JUMPI 00000ae4: PUSH1 0x40 00000ae6: MLOAD 00000ae7: PUSH3 0x461bcd 00000aeb: PUSH1 0xe5 00000aed: SHL 00000aee: DUP2 00000aef: MSTORE 00000af0: PUSH1 0x20 00000af2: PUSH1 0x04 00000af4: DUP3 00000af5: ADD 00000af6: DUP2 00000af7: SWAP1 00000af8: MSTORE 00000af9: PUSH1 0x24 00000afb: DUP3 00000afc: ADD 00000afd: MSTORE 00000afe: PUSH32 0x4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572 00000b1f: PUSH1 0x44 00000b21: DUP3 00000b22: ADD 00000b23: MSTORE 00000b24: PUSH1 0x64 00000b26: ADD 00000b27: PUSH2 0x02cf 00000b2a: JUMP 00000b2b: JUMPDEST 00000b2c: PUSH1 0x01 00000b2e: PUSH1 0x01 00000b30: PUSH1 0xa0 00000b32: SHL 00000b33: SUB 00000b34: DUP2 00000b35: AND 00000b36: PUSH2 0x0b90 00000b39: JUMPI 00000b3a: PUSH1 0x40 00000b3c: MLOAD 00000b3d: PUSH3 0x461bcd 00000b41: PUSH1 0xe5 00000b43: SHL 00000b44: DUP2 00000b45: MSTORE 00000b46: PUSH1 0x20 00000b48: PUSH1 0x04 00000b4a: DUP3 00000b4b: ADD 00000b4c: MSTORE 00000b4d: PUSH1 0x26 00000b4f: PUSH1 0x24 00000b51: DUP3 00000b52: ADD 00000b53: MSTORE 00000b54: PUSH32 0x4f776e61626c653a206e6577206f776e657220697320746865207a65726f2061 00000b75: PUSH1 0x44 00000b77: DUP3 00000b78: ADD 00000b79: MSTORE 00000b7a: PUSH6 0x646472657373 00000b81: PUSH1 0xd0 00000b83: SHL 00000b84: PUSH1 0x64 00000b86: DUP3 00000b87: ADD 00000b88: MSTORE 00000b89: PUSH1 0x84 00000b8b: ADD 00000b8c: PUSH2 0x02cf 00000b8f: JUMP 00000b90: JUMPDEST 00000b91: PUSH2 0x0b99 00000b94: DUP2 00000b95: PUSH2 0x0cba 00000b98: JUMP 00000b99: JUMPDEST 00000b9a: POP 00000b9b: JUMP 00000b9c: JUMPDEST 00000b9d: DUP1 00000b9e: SELFBALANCE 00000b9f: LT 00000ba0: ISZERO 00000ba1: PUSH2 0x0bec 00000ba4: JUMPI 00000ba5: PUSH1 0x40 00000ba7: MLOAD 00000ba8: PUSH3 0x461bcd 00000bac: PUSH1 0xe5 00000bae: SHL 00000baf: DUP2 00000bb0: MSTORE 00000bb1: PUSH1 0x20 00000bb3: PUSH1 0x04 00000bb5: DUP3 00000bb6: ADD 00000bb7: MSTORE 00000bb8: PUSH1 0x1d 00000bba: PUSH1 0x24 00000bbc: DUP3 00000bbd: ADD 00000bbe: MSTORE 00000bbf: PUSH32 0x416464726573733a20696e73756666696369656e742062616c616e6365000000 00000be0: PUSH1 0x44 00000be2: DUP3 00000be3: ADD 00000be4: MSTORE 00000be5: PUSH1 0x64 00000be7: ADD 00000be8: PUSH2 0x02cf 00000beb: JUMP 00000bec: JUMPDEST 00000bed: PUSH1 0x00 00000bef: DUP3 00000bf0: PUSH1 0x01 00000bf2: PUSH1 0x01 00000bf4: PUSH1 0xa0 00000bf6: SHL 00000bf7: SUB 00000bf8: AND 00000bf9: DUP3 00000bfa: PUSH1 0x40 00000bfc: MLOAD 00000bfd: PUSH1 0x00 00000bff: PUSH1 0x40 00000c01: MLOAD 00000c02: DUP1 00000c03: DUP4 00000c04: SUB 00000c05: DUP2 00000c06: DUP6 00000c07: DUP8 00000c08: GAS 00000c09: CALL 00000c0a: SWAP3 00000c0b: POP 00000c0c: POP 00000c0d: POP 00000c0e: RETURNDATASIZE 00000c0f: DUP1 00000c10: PUSH1 0x00 00000c12: DUP2 00000c13: EQ 00000c14: PUSH2 0x0c39 00000c17: JUMPI 00000c18: PUSH1 0x40 00000c1a: MLOAD 00000c1b: SWAP2 00000c1c: POP 00000c1d: PUSH1 0x1f 00000c1f: NOT 00000c20: PUSH1 0x3f 00000c22: RETURNDATASIZE 00000c23: ADD 00000c24: AND 00000c25: DUP3 00000c26: ADD 00000c27: PUSH1 0x40 00000c29: MSTORE 00000c2a: RETURNDATASIZE 00000c2b: DUP3 00000c2c: MSTORE 00000c2d: RETURNDATASIZE 00000c2e: PUSH1 0x00 00000c30: PUSH1 0x20 00000c32: DUP5 00000c33: ADD 00000c34: RETURNDATACOPY 00000c35: PUSH2 0x0c3e 00000c38: JUMP 00000c39: JUMPDEST 00000c3a: PUSH1 0x60 00000c3c: SWAP2 00000c3d: POP 00000c3e: JUMPDEST 00000c3f: POP 00000c40: POP 00000c41: SWAP1 00000c42: POP 00000c43: DUP1 00000c44: PUSH2 0x0cb5 00000c47: JUMPI 00000c48: PUSH1 0x40 00000c4a: MLOAD 00000c4b: PUSH3 0x461bcd 00000c4f: PUSH1 0xe5 00000c51: SHL 00000c52: DUP2 00000c53: MSTORE 00000c54: PUSH1 0x20 00000c56: PUSH1 0x04 00000c58: DUP3 00000c59: ADD 00000c5a: MSTORE 00000c5b: PUSH1 0x3a 00000c5d: PUSH1 0x24 00000c5f: DUP3 00000c60: ADD 00000c61: MSTORE 00000c62: PUSH32 0x416464726573733a20756e61626c6520746f2073656e642076616c75652c2072 00000c83: PUSH1 0x44 00000c85: DUP3 00000c86: ADD 00000c87: MSTORE 00000c88: PUSH32 0x6563697069656e74206d61792068617665207265766572746564000000000000 00000ca9: PUSH1 0x64 00000cab: DUP3 00000cac: ADD 00000cad: MSTORE 00000cae: PUSH1 0x84 00000cb0: ADD 00000cb1: PUSH2 0x02cf 00000cb4: JUMP 00000cb5: JUMPDEST 00000cb6: POP 00000cb7: POP 00000cb8: POP 00000cb9: JUMP 00000cba: JUMPDEST 00000cbb: PUSH1 0x00 00000cbd: DUP1 00000cbe: SLOAD 00000cbf: PUSH1 0x01 00000cc1: PUSH1 0x01 00000cc3: PUSH1 0xa0 00000cc5: SHL 00000cc6: SUB 00000cc7: DUP4 00000cc8: DUP2 00000cc9: AND 00000cca: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000cdf: NOT 00000ce0: DUP4 00000ce1: AND 00000ce2: DUP2 00000ce3: OR 00000ce4: DUP5 00000ce5: SSTORE 00000ce6: PUSH1 0x40 00000ce8: MLOAD 00000ce9: SWAP2 00000cea: SWAP1 00000ceb: SWAP3 00000cec: AND 00000ced: SWAP3 00000cee: DUP4 00000cef: SWAP2 00000cf0: PUSH32 0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0 00000d11: SWAP2 00000d12: SWAP1 00000d13: LOG3 00000d14: POP 00000d15: POP 00000d16: JUMP 00000d17: JUMPDEST 00000d18: PUSH4 0x4e487b71 00000d1d: PUSH1 0xe0 00000d1f: SHL 00000d20: PUSH1 0x00 00000d22: MSTORE 00000d23: PUSH1 0x11 00000d25: PUSH1 0x04 00000d27: MSTORE 00000d28: PUSH1 0x24 00000d2a: PUSH1 0x00 00000d2c: REVERT 00000d2d: JUMPDEST 00000d2e: PUSH1 0x00 00000d30: DUP3 00000d31: NOT 00000d32: DUP3 00000d33: GT 00000d34: ISZERO 00000d35: PUSH2 0x0d40 00000d38: JUMPI 00000d39: PUSH2 0x0d40 00000d3c: PUSH2 0x0d17 00000d3f: JUMP 00000d40: JUMPDEST 00000d41: POP 00000d42: ADD 00000d43: SWAP1 00000d44: JUMP 00000d45: JUMPDEST 00000d46: PUSH1 0x01 00000d48: PUSH1 0x01 00000d4a: PUSH1 0xa0 00000d4c: SHL 00000d4d: SUB 00000d4e: DUP2 00000d4f: AND 00000d50: DUP2 00000d51: EQ 00000d52: PUSH2 0x0b99 00000d55: JUMPI 00000d56: PUSH1 0x00 00000d58: DUP1 00000d59: REVERT 00000d5a: JUMPDEST 00000d5b: PUSH1 0x00 00000d5d: PUSH1 0x20 00000d5f: DUP3 00000d60: DUP5 00000d61: SUB 00000d62: SLT 00000d63: ISZERO 00000d64: PUSH2 0x0d6c 00000d67: JUMPI 00000d68: PUSH1 0x00 00000d6a: DUP1 00000d6b: REVERT 00000d6c: JUMPDEST 00000d6d: DUP2 00000d6e: CALLDATALOAD 00000d6f: PUSH2 0x0d77 00000d72: DUP2 00000d73: PUSH2 0x0d45 00000d76: JUMP 00000d77: JUMPDEST 00000d78: SWAP4 00000d79: SWAP3 00000d7a: POP 00000d7b: POP 00000d7c: POP 00000d7d: JUMP 00000d7e: JUMPDEST 00000d7f: PUSH1 0x00 00000d81: DUP3 00000d82: PUSH2 0x0d9b 00000d85: JUMPI 00000d86: PUSH4 0x4e487b71 00000d8b: PUSH1 0xe0 00000d8d: SHL 00000d8e: PUSH1 0x00 00000d90: MSTORE 00000d91: PUSH1 0x12 00000d93: PUSH1 0x04 00000d95: MSTORE 00000d96: PUSH1 0x24 00000d98: PUSH1 0x00 00000d9a: REVERT 00000d9b: JUMPDEST 00000d9c: POP 00000d9d: DIV 00000d9e: SWAP1 00000d9f: JUMP 00000da0: JUMPDEST 00000da1: PUSH1 0x00 00000da3: DUP3 00000da4: DUP3 00000da5: LT 00000da6: ISZERO 00000da7: PUSH2 0x0db2 00000daa: JUMPI 00000dab: PUSH2 0x0db2 00000dae: PUSH2 0x0d17 00000db1: JUMP 00000db2: JUMPDEST 00000db3: POP 00000db4: SUB 00000db5: SWAP1 00000db6: JUMP 00000db7: JUMPDEST 00000db8: PUSH1 0x00 00000dba: DUP2 00000dbb: PUSH1 0x00 00000dbd: NOT 00000dbe: DIV 00000dbf: DUP4 00000dc0: GT 00000dc1: DUP3 00000dc2: ISZERO 00000dc3: ISZERO 00000dc4: AND 00000dc5: ISZERO 00000dc6: PUSH2 0x0dd1 00000dc9: JUMPI 00000dca: PUSH2 0x0dd1 00000dcd: PUSH2 0x0d17 00000dd0: JUMP 00000dd1: JUMPDEST 00000dd2: POP 00000dd3: MUL 00000dd4: SWAP1 00000dd5: JUMP 00000dd6: INVALID 00000dd7: LOG2 00000dd8: PUSH5 0x6970667358 00000dde: UNKNOWN(0x22) 00000ddf: SLT 00000de0: KECCAK256 00000de1: UNKNOWN(0xAC) 00000de2: UNKNOWN(0xB2) 00000de3: BALANCE 00000de4: TLOAD 00000de5: UNKNOWN(0x2C) 00000de6: UNKNOWN(0xD9) 00000de7: STATICCALL 00000de8: MSIZE 00000de9: SWAP10 00000dea: UNKNOWN(0xE4) 00000deb: GASLIMIT 00000dec: UNKNOWN(0xD5) 00000ded: SWAP9 00000dee: JUMPDEST 00000def: GASPRICE 00000df0: PUSH30
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | math | codex | Uncapped vesting math lets a payee drain all funds after vesting completes | 85 | no | — |
viewevidence_json{
"evidence": "`maxClaimable` uses `_maxPayable * _secondsElapsed / _vestSeconds` without an upper bound, so vesting grows beyond 100% as time passes, and `claim` transfers the full `payment`.",
"locations": [
"contracts/contracts/starvault.sol:153",
"contracts/contracts/starvault.sol:176",
"contracts/contracts/starvault.sol:177",
"contracts/contracts/starvault.sol:178"
],
"recommendation": "Cap vesting at 100% by using `uint vested = _secondsElapsed > _vestSeconds ? _vestSeconds : _secondsElapsed;` and compute `claimable = _maxPayable * vested / _vestSeconds - payeeLedger[payee]`, or clamp `payment` to `_maxPayable - payeeLedger[payee]`.",
"exploit_scenario": "1) Attacker is one of the constructor-defined payees. 2) Wait until `block.timestamp` is sufficiently larger than `startTimestamp` (e.g., for N payees with no prior claims, after ~N * _vestSeconds so that `_maxPayable * _secondsElapsed / _vestSeconds >= totalReceived`). 3) Call `claim(attacker)` from an EOA. 4) Because `maxClaimable` grows linearly without an upper bound, `payment` can reach the entire remaining balance, and `claim` transfers it to the attacker, leaving other payees with nothing. Profit: up to the entire contract balance (order of magnitude: remaining ETH in the vault / totalReceived)."
}
|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xa3c2c462",
"selector": "0xa3c2c462",
"calldata_variants": [
"0xa3c2c462",
"0xa3c2c4620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe6fd48bc",
"selector": "0xe6fd48bc",
"calldata_variants": [
"0xe6fd48bc",
"0xe6fd48bc0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x928692f1",
"selector": "0x928692f1",
"calldata_variants": [
"0x928692f1",
"0x928692f10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa39f7449",
"selector": "0xa39f7449",
"calldata_variants": [
"0xa39f7449",
"0xa39f74490000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1e83409a",
"selector": "0x1e83409a",
"calldata_variants": [
"0x1e83409a",
"0x1e83409a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x20437985",
"selector": "0x20437985",
"calldata_variants": [
"0x20437985",
"0x204379850000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 959,
"type": "tx_origin_used"
},
{
"pc": 1599,
"type": "tx_origin_used"
},
{
"pc": 2311,
"type": "tx_origin_used"
},
{
"pc": 958,
"type": "tx_origin_used"
},
{
"pc": 1598,
"type": "tx_origin_used"
},
{
"pc": 2310,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x8bb7e26879aa27119fc1c4620b8aeed7158902110d1431bada8dfbed7f140727
call_targets:
0x02874867a6d48713d9cf275b7324b790e9c1f7ee
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x8bb7e26879aa27119fc1c4620b8aeed7158902110d1431bada8dfbed7f140727",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x02874867a6d48713d9cf275b7324b790e9c1f7ee"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xa3c2c462",
"selector": "0xa3c2c462",
"calldata_variants": [
"0xa3c2c462",
"0xa3c2c4620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe6fd48bc",
"selector": "0xe6fd48bc",
"calldata_variants": [
"0xe6fd48bc",
"0xe6fd48bc0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x928692f1",
"selector": "0x928692f1",
"calldata_variants": [
"0x928692f1",
"0x928692f10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa39f7449",
"selector": "0xa39f7449",
"calldata_variants": [
"0xa39f7449",
"0xa39f74490000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1e83409a",
"selector": "0x1e83409a",
"calldata_variants": [
"0x1e83409a",
"0x1e83409a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x20437985",
"selector": "0x20437985",
"calldata_variants": [
"0x20437985",
"0x204379850000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 3081,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [
{
"pc": 959,
"type": "tx_origin_used"
},
{
"pc": 1599,
"type": "tx_origin_used"
},
{
"pc": 2311,
"type": "tx_origin_used"
},
{
"pc": 958,
"type": "tx_origin_used"
},
{
"pc": 1598,
"type": "tx_origin_used"
},
{
"pc": 2310,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 1
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x8bb7e26879aa27119fc1c4620b8aeed7158902110d1431bada8dfbed7f140727
call_targets:
0x02874867a6d48713d9cf275b7324b790e9c1f7ee
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x8bb7e26879aa27119fc1c4620b8aeed7158902110d1431bada8dfbed7f140727",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x02874867a6d48713d9cf275b7324b790e9c1f7ee"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0xa3c2c462",
"selector": "0xa3c2c462",
"calldata_variants": [
"0xa3c2c462",
"0xa3c2c4620000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe6fd48bc",
"selector": "0xe6fd48bc",
"calldata_variants": [
"0xe6fd48bc",
"0xe6fd48bc0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xf2fde38b",
"selector": "0xf2fde38b",
"calldata_variants": [
"0xf2fde38b",
"0xf2fde38b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x928692f1",
"selector": "0x928692f1",
"calldata_variants": [
"0x928692f1",
"0x928692f10000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa39f7449",
"selector": "0xa39f7449",
"calldata_variants": [
"0xa39f7449",
"0xa39f74490000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1e83409a",
"selector": "0x1e83409a",
"calldata_variants": [
"0x1e83409a",
"0x1e83409a0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x20437985",
"selector": "0x20437985",
"calldata_variants": [
"0x20437985",
"0x204379850000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 3081,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": [
{
"pc": 959,
"type": "tx_origin_used"
},
{
"pc": 1599,
"type": "tx_origin_used"
},
{
"pc": 2311,
"type": "tx_origin_used"
},
{
"pc": 958,
"type": "tx_origin_used"
},
{
"pc": 1598,
"type": "tx_origin_used"
},
{
"pc": 2310,
"type": "tx_origin_used"
}
]
}
|