cb735c6e-3195-4e92-b44b-e34ec97fa506
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31554 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77951 | artifact.fetch | complete | 1 / 3 | 1 week ago |
| 77952 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 77953 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 77954 | capability.graph | complete | 1 / 3 | 1 week ago |
| 77955 | detector.run | complete | 1 / 3 | 1 week ago |
| 77956 | validation.fork | complete | 1 / 3 | 1 week ago |
| 113568 | tool.slither | failed | 2 / 2 | 1 week ago |
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 1056, in run
solc_path, solc_meta = _prepare_solc(chosen_version, workspace)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 190, in _prepare_solc
raise RuntimeError(f"solc version {default_version} is too old for supported toolchain")
RuntimeError: solc version 0.1.6 is too old for supported toolchain
[codex:663] OpenAI Codex v0.77.0 (research preview)
[codex:663] --------
[codex:663] workdir: /tmp/codex-multi-d208nf5f
[codex:663] model: gpt-5.2-codex
[codex:663] provider: openai
[codex:663] approval: never
[codex:663] sandbox: read-only
[codex:663] reasoning effort: xhigh
[codex:663] reasoning summaries: auto
[codex:663] session id: 019b8734-bea8-78d2-86ff-f0a758acf844
[codex:663] --------
[codex:663] user
[codex:663] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:663]
[codex:663] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:663]
[codex:663] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:663] - Gas inefficiency, code quality, naming, or best practices
[codex:663] - Theoretical vulnerabilities without a clear extraction path
[codex:663] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:663] - Front-running unless it enables theft beyond MEV
[codex:663] - DoS, griefing, or issues that don't result in attacker profit
[codex:663] - Missing events, view function issues, or informational findings
[codex:663]
[codex:663] HIGH-VALUE PATTERNS TO HUNT:
[codex:663] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:663] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:663] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:663] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:663] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:663] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:663] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:663] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:663] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:663]
[codex:663] For each finding, you MUST provide:
[codex:663] 1. Exact file and line numbers of vulnerable code
[codex:663] 2. Step-by-step exploit transaction sequence
[codex:663] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:663]
[codex:663] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:663]
[codex:663] Output MUST be valid JSON matching the provided schema.
[codex:663] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:663] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:663] mcp startup: no servers
[codex:663]
[codex:663] thinking
[codex:663] **Opening audit instructions**
[codex:663] exec
[codex:663] /bin/bash -lc ls in /tmp/codex-multi-d208nf5f succeeded in 5ms:
[codex:663] AUDIT_BUNDLE.txt
[codex:663] codex-output-schema.json
[codex:663] contracts
[codex:663] exec
[codex:663] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-d208nf5f succeeded in 5ms:
[codex:663] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:663]
[codex:663] ================================================================================
[codex:663] FILE: contracts/Contract.sol
[codex:663] ================================================================================
[codex:663] contract MyToken {
[codex:663] /* Public variables of the token */
[codex:663] string public name;
[codex:663] string public symbol;
[codex:663] uint8 public decimals;
[codex:663] /* This creates an array with all balances */
[codex:663] mapping (address => uint256) public balanceOf;
[codex:663] /* This generates a public event on the blockchain that will notify clients */
[codex:663] event Transfer(address indexed from, address indexed to, uint256 value);
[codex:663] /* Initializes contract with initial supply tokens to the creator of the contract */
[codex:663] function MyToken(uint256 _supply, string _name, string _symbol, uint8 _decimals) {
[codex:663] /* if supply not given then generate 1 million of the smallest unit of the token */
[codex:663] if (_supply == 0) _supply = 1000000;
[codex:663] /* Unless you add other functions these variables will never change */
[codex:663] balanceOf[msg.sender] = _supply;
[codex:663]
[codex:663] thinking
[codex:663] **Analyzing constructor vulnerability in token contract**
[codex:663] exec
[codex:663] /bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-multi-d208nf5f succeeded in 5ms:
[codex:663] 1 contract MyToken {
[codex:663] 2 /* Public variables of the token */
[codex:663] 3 string public name;
[codex:663] 4 string public symbol;
[codex:663] 5 uint8 public decimals;
[codex:663] 6 /* This creates an array with all balances */
[codex:663] 7 mapping (address => uint256) public balanceOf;
[codex:663] 8 /* This generates a public event on the blockchain that will notify clients */
[codex:663] 9 event Transfer(address indexed from, address indexed to, uint256 value);
[codex:663] 10 /* Initializes contract with initial supply tokens to the creator of the contract */
[codex:663] 11 function MyToken(uint256 _supply, string _name, string _symbol, uint8 _decimals) {
[codex:663] 12 /* if supply not given then generate 1 million of the smallest unit of the token */
[codex:663] 13 if (_supply == 0) _supply = 1000000;
[codex:663] 14 /* Unless you add other functions these variables will never change */
[codex:663] 15 balanceOf[msg.sender] = _supply;
[codex:663] 16 name = _name;
[codex:663] 17 symbol = _symbol;
[codex:663] 18 /* If you want a divisible token then add the amount of decimals the base unit has */
[codex:663] 19 decimals = _decimals;
[codex:663] 20 }
[codex:663]
[codex:663] thinking
[codex:663] **Analyzing constructor vulnerability and exploit potential**
[codex:663]
[codex:663] I'm working through a detailed analysis of a missing constructor keyword vulnerability in a Solidity contract lacking a pragma version, focusing on how it enables arbitrary minting if compiled with Solidity 0.4.22 or later. I'm preparing a JSON report with a high-severity finding describing the exploit scenario, impact bounded by external liquidity, line references, and mitigation advice, following the provided schema carefully.
[codex:663] codex
[codex:663] {"no_findings":false,"summary":"Found 1 concrete profit path: a publicly callable constructor-like function lets anyone mint arbitrary tokens (if compiled/deployed with Solidity >=0.4.22).","findings":[{"severity":"high","category":"access_control","title":"Publicly callable constructor-like function enables arbitrary minting","exploit_scenario":"1) Attacker calls `MyToken(_supply, _name, _symbol, _decimals)` after deployment (possible when compiled with Solidity >=0.4.22 where this is not a constructor).\n2) The function sets `balanceOf[msg.sender] = _supply`, minting an arbitrary amount to the attacker.\n3) Attacker sells/transfers minted tokens into any available liquidity (DEX pools/OTC) to extract ETH or other tokens.","recommendation":"Use the `constructor` keyword and add a pragma to lock the compiler version. If legacy syntax must be supported, make the initializer `internal` or add access control so it cannot be called post-deployment.","evidence":"`function MyToken(...)` is a public function and assigns `balanceOf[msg.sender] = _supply` with no access control, allowing arbitrary minting post-deployment when not treated as a constructor.","locations":["contracts/Contract.sol:11"]}]}
[codex:663] tokens used
[codex:663] 13,720
[codex:663] {"no_findings":false,"summary":"Found 1 concrete profit path: a publicly callable constructor-like function lets anyone mint arbitrary tokens (if compiled/deployed with Solidity >=0.4.22).","findings":[{"severity":"high","category":"access_control","title":"Publicly callable constructor-like function enables arbitrary minting","exploit_scenario":"1) Attacker calls `MyToken(_supply, _name, _symbol, _decimals)` after deployment (possible when compiled with Solidity >=0.4.22 where this is not a constructor).\n2) The function sets `balanceOf[msg.sender] = _supply`, minting an arbitrary amount to the attacker.\n3) Attacker sells/transfers minted tokens into any available liquidity (DEX pools/OTC) to extract ETH or other tokens.","recommendation":"Use the `constructor` keyword and add a pragma to lock the compiler version. If legacy syntax must be supported, make the initializer `internal` or add access control so it cannot be called post-deployment.","evidence":"`function MyToken(...)` is a public function and assigns `balanceOf[msg.sender] = _supply` with no access control, allowing arbitrary minting post-deployment when not treated as a constructor.","locations":["contracts/Contract.sol:11"]}]}
{
"codex": {
"ran_at": "2026-01-04T04:13:04.384692+00:00",
"returncode": 0
},
"summary": "Found 1 concrete profit path: a publicly callable constructor-like function lets anyone mint arbitrary tokens (if compiled/deployed with Solidity >=0.4.22).",
"raw_final": {
"summary": "Found 1 concrete profit path: a publicly callable constructor-like function lets anyone mint arbitrary tokens (if compiled/deployed with Solidity >=0.4.22).",
"findings": [
{
"title": "Publicly callable constructor-like function enables arbitrary minting",
"category": "access_control",
"evidence": "`function MyToken(...)` is a public function and assigns `balanceOf[msg.sender] = _supply` with no access control, allowing arbitrary minting post-deployment when not treated as a constructor.",
"severity": "high",
"locations": [
"contracts/Contract.sol:11"
],
"recommendation": "Use the `constructor` keyword and add a pragma to lock the compiler version. If legacy syntax must be supported, make the initializer `internal` or add access control so it cannot be called post-deployment.",
"exploit_scenario": "1) Attacker calls `MyToken(_supply, _name, _symbol, _decimals)` after deployment (possible when compiled with Solidity >=0.4.22 where this is not a constructor).\n2) The function sets `balanceOf[msg.sender] = _supply`, minting an arbitrary amount to the attacker.\n3) Attacker sells/transfers minted tokens into any available liquidity (DEX pools/OTC) to extract ETH or other tokens."
}
],
"no_findings": false
},
"no_findings": false,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0xe0 00000007: PUSH1 0x02 00000009: EXP 0000000a: PUSH1 0x00 0000000c: CALLDATALOAD 0000000d: DIV 0000000e: PUSH4 0x06fdde03 00000013: DUP2 00000014: EQ 00000015: PUSH2 0x0047 00000018: JUMPI 00000019: DUP1 0000001a: PUSH4 0x313ce567 0000001f: EQ 00000020: PUSH2 0x00a4 00000023: JUMPI 00000024: DUP1 00000025: PUSH4 0x70a08231 0000002a: EQ 0000002b: PUSH2 0x00b0 0000002e: JUMPI 0000002f: DUP1 00000030: PUSH4 0x95d89b41 00000035: EQ 00000036: PUSH2 0x00c8 00000039: JUMPI 0000003a: DUP1 0000003b: PUSH4 0xa9059cbb 00000040: EQ 00000041: PUSH2 0x0123 00000044: JUMPI 00000045: JUMPDEST 00000046: STOP 00000047: JUMPDEST 00000048: PUSH2 0x0152 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: SLOAD 0000004f: PUSH1 0x20 00000051: PUSH1 0x02 00000053: PUSH1 0x01 00000055: DUP4 00000056: AND 00000057: ISZERO 00000058: PUSH2 0x0100 0000005b: MUL 0000005c: PUSH1 0x00 0000005e: NOT 0000005f: ADD 00000060: SWAP1 00000061: SWAP3 00000062: AND 00000063: SWAP2 00000064: SWAP1 00000065: SWAP2 00000066: DIV 00000067: PUSH1 0x1f 00000069: DUP2 0000006a: ADD 0000006b: DUP3 0000006c: SWAP1 0000006d: DIV 0000006e: SWAP1 0000006f: SWAP2 00000070: MUL 00000071: PUSH1 0x80 00000073: SWAP1 00000074: DUP2 00000075: ADD 00000076: PUSH1 0x40 00000078: MSTORE 00000079: PUSH1 0x60 0000007b: DUP3 0000007c: DUP2 0000007d: MSTORE 0000007e: SWAP3 0000007f: SWAP2 00000080: SWAP1 00000081: DUP3 00000082: DUP3 00000083: DUP1 00000084: ISZERO 00000085: PUSH2 0x01f5 00000088: JUMPI 00000089: DUP1 0000008a: PUSH1 0x1f 0000008c: LT 0000008d: PUSH2 0x01ca 00000090: JUMPI 00000091: PUSH2 0x0100 00000094: DUP1 00000095: DUP4 00000096: SLOAD 00000097: DIV 00000098: MUL 00000099: DUP4 0000009a: MSTORE 0000009b: SWAP2 0000009c: PUSH1 0x20 0000009e: ADD 0000009f: SWAP2 000000a0: PUSH2 0x01f5 000000a3: JUMP 000000a4: JUMPDEST 000000a5: PUSH2 0x01c0 000000a8: PUSH1 0x02 000000aa: SLOAD 000000ab: PUSH1 0xff 000000ad: AND 000000ae: DUP2 000000af: JUMP 000000b0: JUMPDEST 000000b1: PUSH2 0x01c0 000000b4: PUSH1 0x04 000000b6: CALLDATALOAD 000000b7: PUSH1 0x03 000000b9: PUSH1 0x20 000000bb: MSTORE 000000bc: PUSH1 0x00 000000be: SWAP1 000000bf: DUP2 000000c0: MSTORE 000000c1: PUSH1 0x40 000000c3: SWAP1 000000c4: KECCAK256 000000c5: SLOAD 000000c6: DUP2 000000c7: JUMP 000000c8: JUMPDEST 000000c9: PUSH2 0x0152 000000cc: PUSH1 0x01 000000ce: DUP1 000000cf: SLOAD 000000d0: PUSH1 0x20 000000d2: PUSH1 0x1f 000000d4: PUSH1 0x02 000000d6: PUSH1 0x00 000000d8: NOT 000000d9: PUSH2 0x0100 000000dc: DUP6 000000dd: DUP8 000000de: AND 000000df: ISZERO 000000e0: MUL 000000e1: ADD 000000e2: SWAP1 000000e3: SWAP4 000000e4: AND 000000e5: SWAP3 000000e6: SWAP1 000000e7: SWAP3 000000e8: DIV 000000e9: SWAP2 000000ea: DUP3 000000eb: ADD 000000ec: DUP2 000000ed: SWAP1 000000ee: DIV 000000ef: MUL 000000f0: PUSH1 0x80 000000f2: SWAP1 000000f3: DUP2 000000f4: ADD 000000f5: PUSH1 0x40 000000f7: MSTORE 000000f8: PUSH1 0x60 000000fa: DUP3 000000fb: DUP2 000000fc: MSTORE 000000fd: SWAP3 000000fe: SWAP2 000000ff: SWAP1 00000100: DUP3 00000101: DUP3 00000102: DUP1 00000103: ISZERO 00000104: PUSH2 0x01f5 00000107: JUMPI 00000108: DUP1 00000109: PUSH1 0x1f 0000010b: LT 0000010c: PUSH2 0x01ca 0000010f: JUMPI 00000110: PUSH2 0x0100 00000113: DUP1 00000114: DUP4 00000115: SLOAD 00000116: DIV 00000117: MUL 00000118: DUP4 00000119: MSTORE 0000011a: SWAP2 0000011b: PUSH1 0x20 0000011d: ADD 0000011e: SWAP2 0000011f: PUSH2 0x01f5 00000122: JUMP 00000123: JUMPDEST 00000124: PUSH2 0x0045 00000127: PUSH1 0x04 00000129: CALLDATALOAD 0000012a: PUSH1 0x24 0000012c: CALLDATALOAD 0000012d: PUSH1 0x01 0000012f: PUSH1 0xa0 00000131: PUSH1 0x02 00000133: EXP 00000134: SUB 00000135: CALLER 00000136: AND 00000137: PUSH1 0x00 00000139: SWAP1 0000013a: DUP2 0000013b: MSTORE 0000013c: PUSH1 0x03 0000013e: PUSH1 0x20 00000140: MSTORE 00000141: PUSH1 0x40 00000143: SWAP1 00000144: KECCAK256 00000145: SLOAD 00000146: DUP2 00000147: SWAP1 00000148: LT 00000149: ISZERO 0000014a: PUSH2 0x01fd 0000014d: JUMPI 0000014e: PUSH2 0x0002 00000151: JUMP 00000152: JUMPDEST 00000153: PUSH1 0x40 00000155: MLOAD 00000156: DUP1 00000157: DUP1 00000158: PUSH1 0x20 0000015a: ADD 0000015b: DUP3 0000015c: DUP2 0000015d: SUB 0000015e: DUP3 0000015f: MSTORE 00000160: DUP4 00000161: DUP2 00000162: DUP2 00000163: MLOAD 00000164: DUP2 00000165: MSTORE 00000166: PUSH1 0x20 00000168: ADD 00000169: SWAP2 0000016a: POP 0000016b: DUP1 0000016c: MLOAD 0000016d: SWAP1 0000016e: PUSH1 0x20 00000170: ADD 00000171: SWAP1 00000172: DUP1 00000173: DUP4 00000174: DUP4 00000175: DUP3 00000176: SWAP1 00000177: PUSH1 0x00 00000179: PUSH1 0x04 0000017b: PUSH1 0x20 0000017d: DUP5 0000017e: PUSH1 0x1f 00000180: ADD 00000181: DIV 00000182: PUSH1 0x03 00000184: MUL 00000185: PUSH1 0x0f 00000187: ADD 00000188: CALL 00000189: POP 0000018a: SWAP1 0000018b: POP 0000018c: SWAP1 0000018d: DUP2 0000018e: ADD 0000018f: SWAP1 00000190: PUSH1 0x1f 00000192: AND 00000193: DUP1 00000194: ISZERO 00000195: PUSH2 0x01b2 00000198: JUMPI 00000199: DUP1 0000019a: DUP3 0000019b: SUB 0000019c: DUP1 0000019d: MLOAD 0000019e: PUSH1 0x01 000001a0: DUP4 000001a1: PUSH1 0x20 000001a3: SUB 000001a4: PUSH2 0x0100 000001a7: EXP 000001a8: SUB 000001a9: NOT 000001aa: AND 000001ab: DUP2 000001ac: MSTORE 000001ad: PUSH1 0x20 000001af: ADD 000001b0: SWAP2 000001b1: POP 000001b2: JUMPDEST 000001b3: POP 000001b4: SWAP3 000001b5: POP 000001b6: POP 000001b7: POP 000001b8: PUSH1 0x40 000001ba: MLOAD 000001bb: DUP1 000001bc: SWAP2 000001bd: SUB 000001be: SWAP1 000001bf: RETURN 000001c0: JUMPDEST 000001c1: PUSH1 0x60 000001c3: SWAP1 000001c4: DUP2 000001c5: MSTORE 000001c6: PUSH1 0x20 000001c8: SWAP1 000001c9: RETURN 000001ca: JUMPDEST 000001cb: DUP3 000001cc: ADD 000001cd: SWAP2 000001ce: SWAP1 000001cf: PUSH1 0x00 000001d1: MSTORE 000001d2: PUSH1 0x20 000001d4: PUSH1 0x00 000001d6: KECCAK256 000001d7: SWAP1 000001d8: JUMPDEST 000001d9: DUP2 000001da: SLOAD 000001db: DUP2 000001dc: MSTORE 000001dd: SWAP1 000001de: PUSH1 0x01 000001e0: ADD 000001e1: SWAP1 000001e2: PUSH1 0x20 000001e4: ADD 000001e5: DUP1 000001e6: DUP4 000001e7: GT 000001e8: PUSH2 0x01d8 000001eb: JUMPI 000001ec: DUP3 000001ed: SWAP1 000001ee: SUB 000001ef: PUSH1 0x1f 000001f1: AND 000001f2: DUP3 000001f3: ADD 000001f4: SWAP2 000001f5: JUMPDEST 000001f6: POP 000001f7: POP 000001f8: POP 000001f9: POP 000001fa: POP 000001fb: DUP2 000001fc: JUMP 000001fd: JUMPDEST 000001fe: PUSH1 0x01 00000200: PUSH1 0xa0 00000202: PUSH1 0x02 00000204: EXP 00000205: SUB 00000206: DUP3 00000207: AND 00000208: PUSH1 0x00 0000020a: SWAP1 0000020b: DUP2 0000020c: MSTORE 0000020d: PUSH1 0x40 0000020f: SWAP1 00000210: KECCAK256 00000211: SLOAD 00000212: DUP1 00000213: DUP3 00000214: ADD 00000215: LT 00000216: ISZERO 00000217: PUSH2 0x021f 0000021a: JUMPI 0000021b: PUSH2 0x0002 0000021e: JUMP 0000021f: JUMPDEST 00000220: DUP1 00000221: PUSH1 0x03 00000223: PUSH1 0x00 00000225: POP 00000226: PUSH1 0x00 00000228: CALLER 00000229: PUSH1 0x01 0000022b: PUSH1 0xa0 0000022d: PUSH1 0x02 0000022f: EXP 00000230: SUB 00000231: AND 00000232: DUP2 00000233: MSTORE 00000234: PUSH1 0x20 00000236: ADD 00000237: SWAP1 00000238: DUP2 00000239: MSTORE 0000023a: PUSH1 0x20 0000023c: ADD 0000023d: PUSH1 0x00 0000023f: KECCAK256 00000240: PUSH1 0x00 00000242: DUP3 00000243: DUP3 00000244: DUP3 00000245: POP 00000246: SLOAD 00000247: SUB 00000248: SWAP3 00000249: POP 0000024a: POP 0000024b: DUP2 0000024c: SWAP1 0000024d: SSTORE 0000024e: POP 0000024f: DUP1 00000250: PUSH1 0x03 00000252: PUSH1 0x00 00000254: POP 00000255: PUSH1 0x00 00000257: DUP5 00000258: PUSH1 0x01 0000025a: PUSH1 0xa0 0000025c: PUSH1 0x02 0000025e: EXP 0000025f: SUB 00000260: AND 00000261: DUP2 00000262: MSTORE 00000263: PUSH1 0x20 00000265: ADD 00000266: SWAP1 00000267: DUP2 00000268: MSTORE 00000269: PUSH1 0x20 0000026b: ADD 0000026c: PUSH1 0x00 0000026e: KECCAK256 0000026f: PUSH1 0x00 00000271: DUP3 00000272: DUP3 00000273: DUP3 00000274: POP 00000275: SLOAD 00000276: ADD 00000277: SWAP3 00000278: POP 00000279: POP 0000027a: DUP2 0000027b: SWAP1 0000027c: SSTORE 0000027d: POP 0000027e: DUP2 0000027f: PUSH1 0x01 00000281: PUSH1 0xa0 00000283: PUSH1 0x02 00000285: EXP 00000286: SUB 00000287: AND 00000288: CALLER 00000289: PUSH1 0x01 0000028b: PUSH1 0xa0 0000028d: PUSH1 0x02 0000028f: EXP 00000290: SUB 00000291: AND 00000292: PUSH32 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef 000002b3: DUP4 000002b4: PUSH1 0x40 000002b6: MLOAD 000002b7: DUP1 000002b8: DUP3 000002b9: DUP2 000002ba: MSTORE 000002bb: PUSH1 0x20 000002bd: ADD 000002be: SWAP2 000002bf: POP 000002c0: POP 000002c1: PUSH1 0x40 000002c3: MLOAD 000002c4: DUP1 000002c5: SWAP2 000002c6: SUB 000002c7: SWAP1 000002c8: LOG3 000002c9: POP 000002ca: POP 000002cb: JUMP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | access_control | codex | Publicly callable constructor-like function enables arbitrary minting | 85 | no | — |
viewevidence_json{
"evidence": "`function MyToken(...)` is a public function and assigns `balanceOf[msg.sender] = _supply` with no access control, allowing arbitrary minting post-deployment when not treated as a constructor.",
"locations": [
"contracts/Contract.sol:11"
],
"recommendation": "Use the `constructor` keyword and add a pragma to lock the compiler version. If legacy syntax must be supported, make the initializer `internal` or add access control so it cannot be called post-deployment.",
"exploit_scenario": "1) Attacker calls `MyToken(_supply, _name, _symbol, _decimals)` after deployment (possible when compiled with Solidity >=0.4.22 where this is not a constructor).\n2) The function sets `balanceOf[msg.sender] = _supply`, minting an arbitrary amount to the attacker.\n3) Attacker sells/transfers minted tokens into any available liquidity (DEX pools/OTC) to extract ETH or other tokens."
}
|
| high | other | detector | Untrusted CALL target/value reachable | 60 | yes | yes |
viewtrace_id: 0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce
call_targets:
0x0000000000000000000000000000000000000004, 0xb6307611c06c57257ee2ad83beed39cc6650163e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 1,
"guards_detected": [],
"untrusted_call_count": 1
}
|
| high | other | detector | ETH value transfer possible | 55 | yes | yes |
viewtrace_id: 0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce
call_targets:
0x0000000000000000000000000000000000000004, 0xb6307611c06c57257ee2ad83beed39cc6650163e
target_varies:
yes
classification:
target_varies
validation_json{
"sink": "CALL",
"errors": 0,
"status": "confirmed",
"attempts": 1,
"trace_id": "0x95ec84e6cea7eb4fbc202596fc7b06af58aa852a0cfdc8ea1586495d7781a1ce",
"confirmed": true,
"trace_mode": "callTracer",
"call_targets": [
"0x0000000000000000000000000000000000000004",
"0xb6307611c06c57257ee2ad83beed39cc6650163e"
],
"matched_probe": null,
"target_varies": true,
"classification": "target_varies"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x06fdde03",
"selector": "0x06fdde03",
"calldata_variants": [
"0x06fdde03",
"0x06fdde030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x313ce567",
"selector": "0x313ce567",
"calldata_variants": [
"0x313ce567",
"0x313ce5670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x70a08231",
"selector": "0x70a08231",
"calldata_variants": [
"0x70a08231",
"0x70a082310000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x95d89b41",
"selector": "0x95d89b41",
"calldata_variants": [
"0x95d89b41",
"0x95d89b410000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa9059cbb",
"selector": "0xa9059cbb",
"calldata_variants": [
"0xa9059cbb",
"0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 392,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 1,
"guards_detected": []
}
|