d074161c-25c5-4c20-85d5-413ab097a430
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31428 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77194 | artifact.fetch | failed | 1 / 3 | 1 week ago |
| 77195 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 77196 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 77197 | capability.graph | complete | 1 / 3 | 1 week ago |
| 77198 | detector.run | complete | 1 / 3 | 1 week ago |
| 77199 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:592809] OpenAI Codex v0.77.0 (research preview)
[codex:592809] --------
[codex:592809] workdir: /tmp/codex-multi-5g4jcxq3
[codex:592809] model: gpt-5.2-codex
[codex:592809] provider: openai
[codex:592809] approval: never
[codex:592809] sandbox: read-only
[codex:592809] reasoning effort: xhigh
[codex:592809] reasoning summaries: auto
[codex:592809] session id: 019b81a3-6bfe-7452-a0d3-b3580b84f636
[codex:592809] --------
[codex:592809] user
[codex:592809] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:592809]
[codex:592809] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:592809]
[codex:592809] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:592809] - Gas inefficiency, code quality, naming, or best practices
[codex:592809] - Theoretical vulnerabilities without a clear extraction path
[codex:592809] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:592809] - Front-running unless it enables theft beyond MEV
[codex:592809] - DoS, griefing, or issues that don't result in attacker profit
[codex:592809] - Missing events, view function issues, or informational findings
[codex:592809]
[codex:592809] HIGH-VALUE PATTERNS TO HUNT:
[codex:592809] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:592809] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:592809] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:592809] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:592809] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:592809] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:592809] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:592809] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:592809] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:592809]
[codex:592809] For each finding, you MUST provide:
[codex:592809] 1. Exact file and line numbers of vulnerable code
[codex:592809] 2. Step-by-step exploit transaction sequence
[codex:592809] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:592809]
[codex:592809] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:592809]
[codex:592809] Output MUST be valid JSON matching the provided schema.
[codex:592809] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:592809] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:592809] mcp startup: no servers
[codex:592809]
[codex:592809] thinking
[codex:592809] **Reading audit bundle file**
[codex:592809] exec
[codex:592809] /bin/bash -lc ls in /tmp/codex-multi-5g4jcxq3 succeeded in 5ms:
[codex:592809] AUDIT_BUNDLE.txt
[codex:592809] codex-output-schema.json
[codex:592809] contracts
[codex:592809] exec
[codex:592809] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-5g4jcxq3 succeeded in 5ms:
[codex:592809] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:592809]
[codex:592809] ================================================================================
[codex:592809] FILE: contracts/contracts/libraries/Proxy__L1LiquidityPool.sol
[codex:592809] ================================================================================
[codex:592809] // SPDX-License-Identifier: MIT
[codex:592809] pragma solidity 0.7.6;
[codex:592809]
[codex:592809] /**
[codex:592809] * @title Lib_ResolvedDelegateProxy
[codex:592809] */
[codex:592809] contract Proxy__L1LiquidityPoolArguments {
[codex:592809]
[codex:592809] /*************
[codex:592809] * Variables *
[codex:592809] *************/
[codex:592809]
[codex:592809] mapping(string => address) public addressManager;
[codex:592809]
[codex:592809] /***************
[codex:592809]
[codex:592809] thinking
[codex:592809] **Analyzing proxy ownership and delegatecall logic**
[codex:592809] exec
[codex:592809] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-5g4jcxq3 succeeded in 5ms:
[codex:592809] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:592809]
[codex:592809] thinking
[codex:592809] **Providing concise findings summary**
[codex:592809] codex
[codex:592809] {"no_findings":true,"summary":"Reviewed `AUDIT_BUNDLE.txt`; the only contract is a basic delegatecall proxy with owner-gated target updates. No concrete, exploitable profit path is present in the provided sources.","findings":[]}
[codex:592809] tokens used
[codex:592809] 7,536
[codex:592809] {"no_findings":true,"summary":"Reviewed `AUDIT_BUNDLE.txt`; the only contract is a basic delegatecall proxy with owner-gated target updates. No concrete, exploitable profit path is present in the provided sources.","findings":[]}
{
"codex": {
"ran_at": "2026-01-03T02:15:55.234827+00:00",
"returncode": 0
},
"summary": "Reviewed `AUDIT_BUNDLE.txt`; the only contract is a basic delegatecall proxy with owner-gated target updates. No concrete, exploitable profit path is present in the provided sources.",
"raw_final": {
"summary": "Reviewed `AUDIT_BUNDLE.txt`; the only contract is a basic delegatecall proxy with owner-gated target updates. No concrete, exploitable profit path is present in the provided sources.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0038 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x12762d5e 00000019: EQ 0000001a: PUSH2 0x0043 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x2fa8ad53 00000024: EQ 00000025: PUSH2 0x0135 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0x47fc822f 0000002f: EQ 00000030: PUSH2 0x014c 00000033: JUMPI 00000034: PUSH2 0x0039 00000037: JUMP 00000038: JUMPDEST 00000039: JUMPDEST 0000003a: PUSH2 0x0041 0000003d: PUSH2 0x019d 00000040: JUMP 00000041: JUMPDEST 00000042: STOP 00000043: JUMPDEST 00000044: CALLVALUE 00000045: DUP1 00000046: ISZERO 00000047: PUSH2 0x004f 0000004a: JUMPI 0000004b: PUSH1 0x00 0000004d: DUP1 0000004e: REVERT 0000004f: JUMPDEST 00000050: POP 00000051: PUSH2 0x0109 00000054: PUSH1 0x04 00000056: DUP1 00000057: CALLDATASIZE 00000058: SUB 00000059: PUSH1 0x20 0000005b: DUP2 0000005c: LT 0000005d: ISZERO 0000005e: PUSH2 0x0066 00000061: JUMPI 00000062: PUSH1 0x00 00000064: DUP1 00000065: REVERT 00000066: JUMPDEST 00000067: DUP2 00000068: ADD 00000069: SWAP1 0000006a: DUP1 0000006b: DUP1 0000006c: CALLDATALOAD 0000006d: SWAP1 0000006e: PUSH1 0x20 00000070: ADD 00000071: SWAP1 00000072: PUSH5 0x0100000000 00000078: DUP2 00000079: GT 0000007a: ISZERO 0000007b: PUSH2 0x0083 0000007e: JUMPI 0000007f: PUSH1 0x00 00000081: DUP1 00000082: REVERT 00000083: JUMPDEST 00000084: DUP3 00000085: ADD 00000086: DUP4 00000087: PUSH1 0x20 00000089: DUP3 0000008a: ADD 0000008b: GT 0000008c: ISZERO 0000008d: PUSH2 0x0095 00000090: JUMPI 00000091: PUSH1 0x00 00000093: DUP1 00000094: REVERT 00000095: JUMPDEST 00000096: DUP1 00000097: CALLDATALOAD 00000098: SWAP1 00000099: PUSH1 0x20 0000009b: ADD 0000009c: SWAP2 0000009d: DUP5 0000009e: PUSH1 0x01 000000a0: DUP4 000000a1: MUL 000000a2: DUP5 000000a3: ADD 000000a4: GT 000000a5: PUSH5 0x0100000000 000000ab: DUP4 000000ac: GT 000000ad: OR 000000ae: ISZERO 000000af: PUSH2 0x00b7 000000b2: JUMPI 000000b3: PUSH1 0x00 000000b5: DUP1 000000b6: REVERT 000000b7: JUMPDEST 000000b8: SWAP2 000000b9: SWAP1 000000ba: DUP1 000000bb: DUP1 000000bc: PUSH1 0x1f 000000be: ADD 000000bf: PUSH1 0x20 000000c1: DUP1 000000c2: SWAP2 000000c3: DIV 000000c4: MUL 000000c5: PUSH1 0x20 000000c7: ADD 000000c8: PUSH1 0x40 000000ca: MLOAD 000000cb: SWAP1 000000cc: DUP2 000000cd: ADD 000000ce: PUSH1 0x40 000000d0: MSTORE 000000d1: DUP1 000000d2: SWAP4 000000d3: SWAP3 000000d4: SWAP2 000000d5: SWAP1 000000d6: DUP2 000000d7: DUP2 000000d8: MSTORE 000000d9: PUSH1 0x20 000000db: ADD 000000dc: DUP4 000000dd: DUP4 000000de: DUP1 000000df: DUP3 000000e0: DUP5 000000e1: CALLDATACOPY 000000e2: PUSH1 0x00 000000e4: DUP2 000000e5: DUP5 000000e6: ADD 000000e7: MSTORE 000000e8: PUSH1 0x1f 000000ea: NOT 000000eb: PUSH1 0x1f 000000ed: DUP3 000000ee: ADD 000000ef: AND 000000f0: SWAP1 000000f1: POP 000000f2: DUP1 000000f3: DUP4 000000f4: ADD 000000f5: SWAP3 000000f6: POP 000000f7: POP 000000f8: POP 000000f9: POP 000000fa: POP 000000fb: POP 000000fc: POP 000000fd: SWAP2 000000fe: SWAP3 000000ff: SWAP2 00000100: SWAP3 00000101: SWAP1 00000102: POP 00000103: POP 00000104: POP 00000105: PUSH2 0x0373 00000108: JUMP 00000109: JUMPDEST 0000010a: PUSH1 0x40 0000010c: MLOAD 0000010d: DUP1 0000010e: DUP3 0000010f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000124: AND 00000125: DUP2 00000126: MSTORE 00000127: PUSH1 0x20 00000129: ADD 0000012a: SWAP2 0000012b: POP 0000012c: POP 0000012d: PUSH1 0x40 0000012f: MLOAD 00000130: DUP1 00000131: SWAP2 00000132: SUB 00000133: SWAP1 00000134: RETURN 00000135: JUMPDEST 00000136: CALLVALUE 00000137: DUP1 00000138: ISZERO 00000139: PUSH2 0x0141 0000013c: JUMPI 0000013d: PUSH1 0x00 0000013f: DUP1 00000140: REVERT 00000141: JUMPDEST 00000142: POP 00000143: PUSH2 0x014a 00000146: PUSH2 0x03bc 00000149: JUMP 0000014a: JUMPDEST 0000014b: STOP 0000014c: JUMPDEST 0000014d: CALLVALUE 0000014e: DUP1 0000014f: ISZERO 00000150: PUSH2 0x0158 00000153: JUMPI 00000154: PUSH1 0x00 00000156: DUP1 00000157: REVERT 00000158: JUMPDEST 00000159: POP 0000015a: PUSH2 0x019b 0000015d: PUSH1 0x04 0000015f: DUP1 00000160: CALLDATASIZE 00000161: SUB 00000162: PUSH1 0x20 00000164: DUP2 00000165: LT 00000166: ISZERO 00000167: PUSH2 0x016f 0000016a: JUMPI 0000016b: PUSH1 0x00 0000016d: DUP1 0000016e: REVERT 0000016f: JUMPDEST 00000170: DUP2 00000171: ADD 00000172: SWAP1 00000173: DUP1 00000174: DUP1 00000175: CALLDATALOAD 00000176: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000018b: AND 0000018c: SWAP1 0000018d: PUSH1 0x20 0000018f: ADD 00000190: SWAP1 00000191: SWAP3 00000192: SWAP2 00000193: SWAP1 00000194: POP 00000195: POP 00000196: POP 00000197: PUSH2 0x04db 0000019a: JUMP 0000019b: JUMPDEST 0000019c: STOP 0000019d: JUMPDEST 0000019e: PUSH1 0x00 000001a0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001b5: AND 000001b6: PUSH1 0x00 000001b8: PUSH1 0x40 000001ba: MLOAD 000001bb: DUP1 000001bc: DUP1 000001bd: PUSH32 0x70726f78794f776e657200000000000000000000000000000000000000000000 000001de: DUP2 000001df: MSTORE 000001e0: POP 000001e1: PUSH1 0x0a 000001e3: ADD 000001e4: SWAP1 000001e5: POP 000001e6: SWAP1 000001e7: DUP2 000001e8: MSTORE 000001e9: PUSH1 0x20 000001eb: ADD 000001ec: PUSH1 0x40 000001ee: MLOAD 000001ef: DUP1 000001f0: SWAP2 000001f1: SUB 000001f2: SWAP1 000001f3: KECCAK256 000001f4: PUSH1 0x00 000001f6: SWAP1 000001f7: SLOAD 000001f8: SWAP1 000001f9: PUSH2 0x0100 000001fc: EXP 000001fd: SWAP1 000001fe: DIV 000001ff: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000214: AND 00000215: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000022a: AND 0000022b: EQ 0000022c: ISZERO 0000022d: PUSH2 0x0281 00000230: JUMPI 00000231: PUSH1 0x40 00000233: MLOAD 00000234: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 00000255: DUP2 00000256: MSTORE 00000257: PUSH1 0x04 00000259: ADD 0000025a: DUP1 0000025b: DUP1 0000025c: PUSH1 0x20 0000025e: ADD 0000025f: DUP3 00000260: DUP2 00000261: SUB 00000262: DUP3 00000263: MSTORE 00000264: PUSH1 0x23 00000266: DUP2 00000267: MSTORE 00000268: PUSH1 0x20 0000026a: ADD 0000026b: DUP1 0000026c: PUSH2 0x05fc 0000026f: PUSH1 0x23 00000271: SWAP2 00000272: CODECOPY 00000273: PUSH1 0x40 00000275: ADD 00000276: SWAP2 00000277: POP 00000278: POP 00000279: PUSH1 0x40 0000027b: MLOAD 0000027c: DUP1 0000027d: SWAP2 0000027e: SUB 0000027f: SWAP1 00000280: REVERT 00000281: JUMPDEST 00000282: PUSH1 0x00 00000284: DUP1 00000285: PUSH1 0x00 00000287: PUSH1 0x40 00000289: MLOAD 0000028a: DUP1 0000028b: DUP1 0000028c: PUSH32 0x70726f7879546172676574000000000000000000000000000000000000000000 000002ad: DUP2 000002ae: MSTORE 000002af: POP 000002b0: PUSH1 0x0b 000002b2: ADD 000002b3: SWAP1 000002b4: POP 000002b5: SWAP1 000002b6: DUP2 000002b7: MSTORE 000002b8: PUSH1 0x20 000002ba: ADD 000002bb: PUSH1 0x40 000002bd: MLOAD 000002be: DUP1 000002bf: SWAP2 000002c0: SUB 000002c1: SWAP1 000002c2: KECCAK256 000002c3: PUSH1 0x00 000002c5: SWAP1 000002c6: SLOAD 000002c7: SWAP1 000002c8: PUSH2 0x0100 000002cb: EXP 000002cc: SWAP1 000002cd: DIV 000002ce: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002e3: AND 000002e4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002f9: AND 000002fa: PUSH1 0x00 000002fc: CALLDATASIZE 000002fd: PUSH1 0x40 000002ff: MLOAD 00000300: DUP1 00000301: DUP4 00000302: DUP4 00000303: DUP1 00000304: DUP3 00000305: DUP5 00000306: CALLDATACOPY 00000307: DUP1 00000308: DUP4 00000309: ADD 0000030a: SWAP3 0000030b: POP 0000030c: POP 0000030d: POP 0000030e: SWAP3 0000030f: POP 00000310: POP 00000311: POP 00000312: PUSH1 0x00 00000314: PUSH1 0x40 00000316: MLOAD 00000317: DUP1 00000318: DUP4 00000319: SUB 0000031a: DUP2 0000031b: DUP6 0000031c: GAS 0000031d: DELEGATECALL 0000031e: SWAP2 0000031f: POP 00000320: POP 00000321: RETURNDATASIZE 00000322: DUP1 00000323: PUSH1 0x00 00000325: DUP2 00000326: EQ 00000327: PUSH2 0x034c 0000032a: JUMPI 0000032b: PUSH1 0x40 0000032d: MLOAD 0000032e: SWAP2 0000032f: POP 00000330: PUSH1 0x1f 00000332: NOT 00000333: PUSH1 0x3f 00000335: RETURNDATASIZE 00000336: ADD 00000337: AND 00000338: DUP3 00000339: ADD 0000033a: PUSH1 0x40 0000033c: MSTORE 0000033d: RETURNDATASIZE 0000033e: DUP3 0000033f: MSTORE 00000340: RETURNDATASIZE 00000341: PUSH1 0x00 00000343: PUSH1 0x20 00000345: DUP5 00000346: ADD 00000347: RETURNDATACOPY 00000348: PUSH2 0x0351 0000034b: JUMP 0000034c: JUMPDEST 0000034d: PUSH1 0x60 0000034f: SWAP2 00000350: POP 00000351: JUMPDEST 00000352: POP 00000353: SWAP2 00000354: POP 00000355: SWAP2 00000356: POP 00000357: PUSH1 0x01 00000359: ISZERO 0000035a: ISZERO 0000035b: DUP3 0000035c: ISZERO 0000035d: ISZERO 0000035e: EQ 0000035f: ISZERO 00000360: PUSH2 0x036b 00000363: JUMPI 00000364: DUP1 00000365: MLOAD 00000366: PUSH1 0x20 00000368: DUP3 00000369: ADD 0000036a: RETURN 0000036b: JUMPDEST 0000036c: DUP1 0000036d: MLOAD 0000036e: PUSH1 0x20 00000370: DUP3 00000371: ADD 00000372: REVERT 00000373: JUMPDEST 00000374: PUSH1 0x00 00000376: DUP2 00000377: DUP1 00000378: MLOAD 00000379: PUSH1 0x20 0000037b: DUP2 0000037c: ADD 0000037d: DUP3 0000037e: ADD 0000037f: DUP1 00000380: MLOAD 00000381: DUP5 00000382: DUP3 00000383: MSTORE 00000384: PUSH1 0x20 00000386: DUP4 00000387: ADD 00000388: PUSH1 0x20 0000038a: DUP6 0000038b: ADD 0000038c: KECCAK256 0000038d: DUP2 0000038e: DUP4 0000038f: MSTORE 00000390: DUP1 00000391: SWAP6 00000392: POP 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: POP 00000398: PUSH1 0x00 0000039a: SWAP2 0000039b: POP 0000039c: SLOAD 0000039d: SWAP1 0000039e: PUSH2 0x0100 000003a1: EXP 000003a2: SWAP1 000003a3: DIV 000003a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003b9: AND 000003ba: DUP2 000003bb: JUMP 000003bc: JUMPDEST 000003bd: PUSH1 0x00 000003bf: PUSH1 0x40 000003c1: MLOAD 000003c2: DUP1 000003c3: DUP1 000003c4: PUSH32 0x70726f78794f776e657200000000000000000000000000000000000000000000 000003e5: DUP2 000003e6: MSTORE 000003e7: POP 000003e8: PUSH1 0x0a 000003ea: ADD 000003eb: SWAP1 000003ec: POP 000003ed: SWAP1 000003ee: DUP2 000003ef: MSTORE 000003f0: PUSH1 0x20 000003f2: ADD 000003f3: PUSH1 0x40 000003f5: MLOAD 000003f6: DUP1 000003f7: SWAP2 000003f8: SUB 000003f9: SWAP1 000003fa: KECCAK256 000003fb: PUSH1 0x00 000003fd: SWAP1 000003fe: SLOAD 000003ff: SWAP1 00000400: PUSH2 0x0100 00000403: EXP 00000404: SWAP1 00000405: DIV 00000406: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000041b: AND 0000041c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000431: AND 00000432: CALLER 00000433: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000448: AND 00000449: EQ 0000044a: ISZERO 0000044b: PUSH2 0x04d0 0000044e: JUMPI 0000044f: CALLER 00000450: PUSH1 0x00 00000452: PUSH1 0x40 00000454: MLOAD 00000455: DUP1 00000456: DUP1 00000457: PUSH32 0x70726f78794f776e657200000000000000000000000000000000000000000000 00000478: DUP2 00000479: MSTORE 0000047a: POP 0000047b: PUSH1 0x0a 0000047d: ADD 0000047e: SWAP1 0000047f: POP 00000480: SWAP1 00000481: DUP2 00000482: MSTORE 00000483: PUSH1 0x20 00000485: ADD 00000486: PUSH1 0x40 00000488: MLOAD 00000489: DUP1 0000048a: SWAP2 0000048b: SUB 0000048c: SWAP1 0000048d: KECCAK256 0000048e: PUSH1 0x00 00000490: PUSH2 0x0100 00000493: EXP 00000494: DUP2 00000495: SLOAD 00000496: DUP2 00000497: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004ac: MUL 000004ad: NOT 000004ae: AND 000004af: SWAP1 000004b0: DUP4 000004b1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004c6: AND 000004c7: MUL 000004c8: OR 000004c9: SWAP1 000004ca: SSTORE 000004cb: POP 000004cc: PUSH2 0x04d9 000004cf: JUMP 000004d0: JUMPDEST 000004d1: PUSH2 0x04d8 000004d4: PUSH2 0x019d 000004d7: JUMP 000004d8: JUMPDEST 000004d9: JUMPDEST 000004da: JUMP 000004db: JUMPDEST 000004dc: PUSH1 0x00 000004de: PUSH1 0x40 000004e0: MLOAD 000004e1: DUP1 000004e2: DUP1 000004e3: PUSH32 0x70726f78794f776e657200000000000000000000000000000000000000000000 00000504: DUP2 00000505: MSTORE 00000506: POP 00000507: PUSH1 0x0a 00000509: ADD 0000050a: SWAP1 0000050b: POP 0000050c: SWAP1 0000050d: DUP2 0000050e: MSTORE 0000050f: PUSH1 0x20 00000511: ADD 00000512: PUSH1 0x40 00000514: MLOAD 00000515: DUP1 00000516: SWAP2 00000517: SUB 00000518: SWAP1 00000519: KECCAK256 0000051a: PUSH1 0x00 0000051c: SWAP1 0000051d: SLOAD 0000051e: SWAP1 0000051f: PUSH2 0x0100 00000522: EXP 00000523: SWAP1 00000524: DIV 00000525: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000053a: AND 0000053b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000550: AND 00000551: CALLER 00000552: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000567: AND 00000568: EQ 00000569: ISZERO 0000056a: PUSH2 0x05ef 0000056d: JUMPI 0000056e: DUP1 0000056f: PUSH1 0x00 00000571: PUSH1 0x40 00000573: MLOAD 00000574: DUP1 00000575: DUP1 00000576: PUSH32 0x70726f7879546172676574000000000000000000000000000000000000000000 00000597: DUP2 00000598: MSTORE 00000599: POP 0000059a: PUSH1 0x0b 0000059c: ADD 0000059d: SWAP1 0000059e: POP 0000059f: SWAP1 000005a0: DUP2 000005a1: MSTORE 000005a2: PUSH1 0x20 000005a4: ADD 000005a5: PUSH1 0x40 000005a7: MLOAD 000005a8: DUP1 000005a9: SWAP2 000005aa: SUB 000005ab: SWAP1 000005ac: KECCAK256 000005ad: PUSH1 0x00 000005af: PUSH2 0x0100 000005b2: EXP 000005b3: DUP2 000005b4: SLOAD 000005b5: DUP2 000005b6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005cb: MUL 000005cc: NOT 000005cd: AND 000005ce: SWAP1 000005cf: DUP4 000005d0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005e5: AND 000005e6: MUL 000005e7: OR 000005e8: SWAP1 000005e9: SSTORE 000005ea: POP 000005eb: PUSH2 0x05f8 000005ee: JUMP 000005ef: JUMPDEST 000005f0: PUSH2 0x05f7 000005f3: PUSH2 0x019d 000005f6: JUMP 000005f7: JUMPDEST 000005f8: JUMPDEST 000005f9: POP 000005fa: JUMP 000005fb: INVALID 000005fc: SLOAD 000005fd: PUSH2 0x7267 00000600: PUSH6 0x742061646472 00000607: PUSH6 0x7373206d7573 0000060e: PUSH21 0x20626520696e697469616c697a65642ea264697066 00000624: PUSH20 0x58221220be774cbee0ef0f4fe176f3844270d731 00000639: PUSH24 0xb96a2b249c202a018d14d346568c8f64736f6c6343000706 00000652: STOP 00000653: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | upgradeability | detector | Untrusted DELEGATECALL target reachable | 55 | no | no |
viewtrace_id: 0xe6fc4fe184a3927a9c65cd45197bad29a478f48dc1a1da1b4422ea9f5179fe7c
call_targets:
0xd24484926f1d130778b9ebd7ec594548b2d53cb1
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 13,
"trace_id": "0xe6fc4fe184a3927a9c65cd45197bad29a478f48dc1a1da1b4422ea9f5179fe7c",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xd24484926f1d130778b9ebd7ec594548b2d53cb1"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x12762d5e",
"selector": "0x12762d5e",
"calldata_variants": [
"0x12762d5e",
"0x12762d5e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2fa8ad53",
"selector": "0x2fa8ad53",
"calldata_variants": [
"0x2fa8ad53",
"0x2fa8ad530000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x47fc822f",
"selector": "0x47fc822f",
"calldata_variants": [
"0x47fc822f",
"0x47fc822f0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 797,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [
{
"pc": 1074,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 1361,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 1
}
|