d2024be7-c0db-45ab-9f8b-6e2709b3d74a
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31095 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 76384 | artifact.fetch | complete | 1 / 3 | 2 weeks ago |
| 76385 | tool.cast_disasm | complete | 1 / 3 | 2 weeks ago |
| 76386 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 76387 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 76388 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 76389 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
[codex:22] OpenAI Codex v0.77.0 (research preview)
[codex:22] --------
[codex:22] workdir: /tmp/codex-multi-0dp1byop
[codex:22] model: gpt-5.2-codex
[codex:22] provider: openai
[codex:22] approval: never
[codex:22] sandbox: read-only
[codex:22] reasoning effort: xhigh
[codex:22] reasoning summaries: auto
[codex:22] session id: 019b7a99-471e-7982-9209-4acca66190cd
[codex:22] --------
[codex:22] user
[codex:22] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:22]
[codex:22] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:22]
[codex:22] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:22] - Gas inefficiency, code quality, or best practices
[codex:22] - Theoretical vulnerabilities without a clear extraction path
[codex:22] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:22] - Issues requiring social engineering or off-chain coordination
[codex:22]
[codex:22] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:22] - CALL/DELEGATECALL with controllable destination or calldata
[codex:22] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:22] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:22] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:22] - External calls before state updates (reentrancy)
[codex:22] - SELFDESTRUCT with controllable beneficiary
[codex:22] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:22]
[codex:22] For each finding, you MUST explain:
[codex:22] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:22] 2. The concrete sequence of transactions to extract value
[codex:22] 3. Why you believe this is exploitable (not just suspicious)
[codex:22]
[codex:22] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:22] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:22]
[codex:22] Output MUST be valid JSON matching the provided schema.
[codex:22] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:22] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:22] mcp startup: no servers
[codex:22]
[codex:22] thinking
[codex:22] **Preparing to read BYTECODE_BUNDLE.txt**
[codex:22] exec
[codex:22] /bin/bash -lc ls in /tmp/codex-multi-0dp1byop succeeded in 6ms:
[codex:22] BYTECODE_BUNDLE.txt
[codex:22] codex-output-schema.json
[codex:22] exec
[codex:22] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-0dp1byop succeeded in 5ms:
[codex:22] Runtime bytecode bundle for best-effort auditing.
[codex:22] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:22]
[codex:22] FILE: runtime_bytecode.hex
[codex:22] 0x606060405236156100b95760e060020a6000350463173825d9811461010b5780632f54bf6e1461015b5780634123cb6b146101835780635c52c2f51461018c5780637065cb48146101b2578063746c9171146101db578063797af627146101e4578063b20d30a9146101f7578063b61d27f614610220578063b75c7dc614610241578063ba51a6df14610270578063c2cf732614610299578063cbf0b0c0146102d7578063f00d4b5d14610300578063f1736d861461032e575b61033860003411156101095760408051600160a060020a033316815234602082015281517fe1fffcc4923d04b559f4d29a8bfc6cda04eb5b0d3c460751c2402c5c5cc9109c929181900390910190a15b565b6103386004356000600036604051808383808284375050509081018190039020905061063d815b600160a060020a03331660009081526101026020526040812054818082811415610bb357610d0b565b61033a6004355b600160a060020a03811660009081526101026020526040812054115b919050565b61033a60015481565b610338600036604051808383808284375050509081018190039020905061078e81610132565b61033860043560003660405180838380828437505050908101819003902090506105b581610132565b61033a60005481565b61033a6004355b6000816109f181610132565b610338600435600036604051808383808284375050509081018190039020905061078281610132565b61033a6004803590602480359160443591820191013560006107ad33610162565b610338600435600160a060020a0333166000908152610102602052604081205490808281141561034c576103cb565b61033860043560003660405180838380828437505050908101819003902090506106fc81610132565b61033a600435602435600082815261010360209081526040808320600160a060020a0385168452610102909252822054828181141561075557610779565b610338600435600036604051808383808284375050509081018190039020905061079c81610132565b6103386004356024356000600036604051808383808284375050509081018190039020905061045681610132565b61033a6101055481565b005b60408051918252519081900360200190f35b50506000828152610103602052604081206001810154600284900a9290831611156103cb5780546001828101805492909101835590839003905560408051600160a060020a03331681526020810186905281517fc7fb647e59b18047309aa15aad418e5d7ca96d173ad704f1031a2c3d7591734b929181900390910190a15b50505050565b600160a060020a03831660028361010081101561000257508301819055600160a060020a03851660008181526101026020908152604080832083905584835291829020869055815192835282019290925281517fb532073b38c83145e3e5135377a08bf9aab55bc0fd7c1179cd4fb995d2a5159c929181900390910190a1505b505050565b156103cb5761046483610162565b1561046f5750610451565b600160a060020a0384166000908152610102602052604081205492508214156104985750610451565b6103d15b6101045460005b81811015610e5857610104805461010891600091849081101561000257600080516020610f1383398151915201548252506020918252604081208054600160a060020a0319168155600181018290556002810180548382559083528383209193610edd92601f92909201048101906109d9565b60018054810190819055600160a060020a038316906002906101008110156100025790900160005081905550600160005054610102600050600084600160a060020a03168152602001908152602001600020600050819055507f994a936646fe87ffe4f1e469d3d6aa417d6b855598397f323de5b449f765f0c3826040518082600160a060020a0316815260200191505060405180910390a15b505b50565b156105b0576105c382610162565b156105ce57506105b2565b6105d661049c565b60015460fa90106105eb576105e9610600565b505b60015460fa901061051657506105b2565b6106ba5b600060015b6001548110156109ed575b600154811080156106305750600281610100811015610002570154600014155b15610d1357600101610610565b1561045157600160a060020a03831660009081526101026020526040812054925082141561066b57506105b0565b600160016000505403600060005054111561068657506105b0565b600060028361010081101561000257508301819055600160a060020a038416815261010260205260408120556105fc61049c565b5060408051600160a060020a038516815290517f58619076adf5bb0943d100ef88d52d7c3fd691b19d3a9071b555b651fbf418da9181900360200190a1505050565b156105b05760015482111561071157506105b2565b600082905561071e61049c565b6040805183815290517facbdb084c721332ac59f9b8e392196c9eb0e4932862da8eb9beaf0dad4f550da9181900360200190a15050565b506001820154600282900a908116600014156107745760009350610779565b600193505b50505092915050565b156105b0575061010555565b156105b25760006101065550565b156105b05781600160a060020a0316ff5b156109c9576107c1846000610ded33610162565b1561087d577f92ca3a80853e6663fa31fa10b99225f18d4902939b4c53a9caae9043f6efd00433858786866040518086600160a060020a0316815260200185815260200184600160a060020a031681526020018060200182810382528484828181526020019250808284378201915050965050505050505060405180910390a184600160a060020a03168484846040518083838082843750505090810191506000908083038185876185025a03f150600093506109c992505050565b600036436040518084848082843750505090910190815260405190819003602001902091506108ad9050816101eb565b1580156108d0575060008181526101086020526040812054600160a060020a0316145b156109c95760008181526101086020908152604082208054600160a060020a03191688178155600181018790556002018054858255818452928290209092601f019190910481019084908682156109d1579182015b828111156109d1578235826000505591602001919060010190610925565b50507f1733cbb53659d713b79580f79f3f9ff215f78a7c7aa45890f3b89fc5cddfbf328133868887876040518087815260200186600160a060020a0316815260200185815260200184600160a060020a03168152602001806020018281038252848482818152602001925080828437820191505097505050505050505060405180910390a15b949350505050565b506109439291505b808211156109ed57600081556001016109d9565b5090565b15610ba05760008381526101086020526040812054600160a060020a031614610ba05760408051600091909120805460018201546002929092018054600160a060020a0392909216939091819083908015610a7157820191906000526020600020905b815481529060010190602001808311610a5457829003601f168201915b505091505060006040518083038185876185025a03f150505060008481526101086020908152604080519281902080546001820154600160a060020a033381811688529587018b905293860181905292166060850181905260a06080860181815260029390930180549187018290527fe7c957c06e9a662c1a6c77366179f5b702b97651dc28eee7d5bf1dff6e40bb4a975094958a959293909160c083019084908015610b4357820191906000526020600020905b815481529060010190602001808311610b2657829003601f168201915b5050965050505050505060405180910390a160008381526101086020908152604082208054600160a060020a031916815560018101839055600281018054848255908452828420919392610ba692601f92909201048101906109d9565b50919050565b505050600191505061017e565b60008581526101036020526040812080549093501415610c3b576000805483556001838101919091556101048054918201808255828015829011610c0a57818360005260206000209182019101610c0a91906109d9565b50505060028301819055610104805487929081101561000257600091909152600080516020610f1383398151915201555b506001810154600283900a90811660001415610d0b5760408051600160a060020a03331681526020810187905281517fe1c52dc63b719ade82e8bea94cc41a0d5d28e4aaf536adb5e9cccc9ff8c1aeda929181900390910190a1815460019011610cf8576000858152610103602052604090206002015461010480549091908110156100025760406000908120600080516020610f138339815191529290920181905580825560018281018290556002909201559450610d0b9050565b8154600019018255600182018054821790555b505050919050565b5b60018054118015610d3657506001546002906101008110156100025701546000145b15610d4a5760018054600019019055610d14565b60015481108015610d6d5750600154600290610100811015610002570154600014155b8015610d8757506002816101008110156100025701546000145b15610de857600154600290610100811015610002578101549082610100811015610002578101919091558190610102906000908361010081101561000257810154825260209290925260408120929092556001546101008110156100025701555b610605565b1561017e5761010754610e035b62015180420490565b1115610e1c57600061010655610e17610dfa565b610107555b6101065480830110801590610e3a5750610106546101055490830111155b15610e505750610106805482019055600161017e565b50600061017e565b6105b06101045460005b81811015610ee85761010480548290811015610002576000918252600080516020610f13833981519152015414610ed557610104805461010391600091849081101561000257600080516020610f1383398151915201548252506020919091526040812081815560018101829055600201555b600101610e62565b5050506001016104a3565b610104805460008083559190915261045190600080516020610f13833981519152908101906109d956004c0be60200faa20559308cb7b5a1bb3255c16cb1cab91f525b5ae7a03d02fabe
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing bytecode for exploit patterns**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re,sys
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read()
[codex:22] # extract hex after 0x
[codex:22] m=re.search(r'0x([0-9a-fA-F]+)', hexdata)
[codex:22] if not m:
[codex:22] print('no hex')
[codex:22] sys.exit()
[codex:22] hexstr=m.group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # map opcodes
[codex:22] # find positions of SELFDESTRUCT (0xff)
[codex:22] ops=[0xff,0xf1,0xf2,0xf4,0xfa]
[codex:22] for op in ops:
[codex:22] positions=[i for i,b in enumerate(code) if b==op]
[codex:22] print(hex(op), len(positions), positions[:20])
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 23ms:
[codex:22] 0xff 4 [224, 1400, 1964, 2813]
[codex:22] 0xf1 7 [176, 497, 952, 1402, 2007, 2159, 2695]
[codex:22] 0xf2 1 [2390]
[codex:22] 0xf4 2 [232, 1772]
[codex:22] 0xfa 7 [1499, 1520, 2000, 2002, 3605, 3864, 3889]
[codex:22]
[codex:22] thinking
[codex:22] **Preparing to disassemble code around target positions**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read()
[codex:22] m=re.search(r'0x([0-9a-fA-F]+)', hexdata)
[codex:22] hexstr=m.group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # opcode names
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] # disassemble
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]
[codex:22] name=opnames.get(op, f'OP{op:02x}')
[codex:22] pc_next=pc+1
[codex:22] arg=None
[codex:22] if 0x60 <= op <= 0x7f:
[codex:22] n=op-0x5f
[codex:22] arg=code[pc_next:pc_next+n]
[codex:22] pc_next+=n
[codex:22] elif 0x80 <= op <= 0x8f:
[codex:22] # DUP
[codex:22] pass
[codex:22] elif 0x90 <= op <= 0x9f:
[codex:22] pass
[codex:22] ins.append((pc, op, name, arg))
[codex:22] pc=pc_next
[codex:22]
[codex:22] # make mapping pc->index
[codex:22] pc_to_idx={pc:i for i,(pc,_,_,_) in enumerate(ins)}
[codex:22]
[codex:22] # show context around selfdestruct
[codex:22] self_pcs=[pc for pc,op,_,_ in ins if op==0xff]
[codex:22] print('SELFDESTRUCT pcs', self_pcs)
[codex:22] for spc in self_pcs:
[codex:22] idx=pc_to_idx[spc]
[codex:22] start=max(0, idx-10); end=min(len(ins), idx+5)
[codex:22] print('\\ncontext around', spc)
[codex:22] for pc,op,name,arg in ins[start:end]:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 29ms:
[codex:22] SELFDESTRUCT pcs [1964]
[codex:22]
[codex:22] context around 1964
[codex:22] 079d: ISZERO
[codex:22] 079e: OP61 0x05b0
[codex:22] 07a1: JUMPI
[codex:22] 07a2: OP81
[codex:22] 07a3: OP60 0x01
[codex:22] 07a5: OP60 0xa0
[codex:22] 07a7: OP60 0x02
[codex:22] 07a9: EXP
[codex:22] 07aa: SUB
[codex:22] 07ab: AND
[codex:22] 07ac: SELFDESTRUCT
[codex:22] 07ad: JUMPDEST
[codex:22] 07ae: ISZERO
[codex:22] 07af: OP61 0x09c9
[codex:22] 07b2: JUMPI
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing SELFDESTRUCT occurrences**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] m=re.search(r'0x([0-9a-fA-F]+)', hexdata);
[codex:22] code=bytes.fromhex(m.group(1))
[codex:22] # disassemble function as before
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] # print range
[codex:22] start=0x730; end=0x7d5
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 27ms:
[codex:22] 0749: OP91
[codex:22] 074a: OP81
[codex:22] 074b: OP90
[codex:22] 074c: SUB
[codex:22] 074d: OP60 0x20
[codex:22] 074f: ADD
[codex:22] 0750: OP90
[codex:22] 0751: OPa1
[codex:22] 0752: POP
[codex:22] 0753: POP
[codex:22] 0754: JUMP
[codex:22] 0755: JUMPDEST
[codex:22] 0756: POP
[codex:22] 0757: OP60 0x01
[codex:22] 0759: OP82
[codex:22] 075a: ADD
[codex:22] 075b: SLOAD
[codex:22] 075c: OP60 0x02
[codex:22] 075e: OP82
[codex:22] 075f: OP90
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing selfdestruct jump destinations**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # disassemble with pc list
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] # print first ~150 instructions
[codex:22] for pc,op,name,arg in ins[:120]:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 26ms:
[codex:22] 0000: OP60 0x60
[codex:22] 0002: OP60 0x40
[codex:22] 0004: MSTORE
[codex:22] 0005: CALLDATASIZE
[codex:22] 0006: ISZERO
[codex:22] 0007: OP61 0x00b9
[codex:22] 000a: JUMPI
[codex:22] 000b: OP60 0xe0
[codex:22] 000d: OP60 0x02
[codex:22] 000f: EXP
[codex:22] 0010: OP60 0x00
[codex:22] 0012: CALLDATALOAD
[codex:22] 0013: DIV
[codex:22] 0014: OP63 0x173825d9
[codex:22] 0019: OP81
[codex:22] 001a: EQ
[codex:22] 001b: OP61 0x010b
[codex:22] 001e: JUMPI
[codex:22] 001f: OP80
[codex:22] 0020: OP63 0x2f54bf6e
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing function selectors and jump destinations**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # find occurrences of PUSH2 0x079c
[codex:22] needle=bytes([0x61,0x07,0x9c])
[codex:22] positions=[i for i in range(len(code)-2) if code[i:i+3]==needle]
[codex:22] print('PUSH2 0x079c positions', positions)
[codex:22] # show few bytes around each
[codex:22] for pos in positions:
[codex:22] print(pos, code[pos-5:pos+5].hex())
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 23ms:
[codex:22] PUSH2 0x079c positions [760]
[codex:22] 760 039020905061079c8161
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing disassembly near address 0x2f8**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # disassemble with mapping
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x2c0; end=0x340
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 27ms:
[codex:22] 02c0: MSTORE
[codex:22] 02c1: OP61 0x0102
[codex:22] 02c4: OP90
[codex:22] 02c5: OP92
[codex:22] 02c6: MSTORE
[codex:22] 02c7: OP82
[codex:22] 02c8: SHA3
[codex:22] 02c9: SLOAD
[codex:22] 02ca: OP82
[codex:22] 02cb: OP81
[codex:22] 02cc: OP81
[codex:22] 02cd: EQ
[codex:22] 02ce: ISZERO
[codex:22] 02cf: OP61 0x0755
[codex:22] 02d2: JUMPI
[codex:22] 02d3: OP61 0x0779
[codex:22] 02d6: JUMP
[codex:22] 02d7: JUMPDEST
[codex:22] 02d8: OP61 0x0338
[codex:22] 02db: OP60 0x04
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing function dispatch and internal call**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] # disassemble
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0100; end=0x0170
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 28ms:
[codex:22] 0100: OP91
[codex:22] 0101: OP81
[codex:22] 0102: OP90
[codex:22] 0103: SUB
[codex:22] 0104: OP90
[codex:22] 0105: OP91
[codex:22] 0106: ADD
[codex:22] 0107: OP90
[codex:22] 0108: OPa1
[codex:22] 0109: JUMPDEST
[codex:22] 010a: JUMP
[codex:22] 010b: JUMPDEST
[codex:22] 010c: OP61 0x0338
[codex:22] 010f: OP60 0x04
[codex:22] 0111: CALLDATALOAD
[codex:22] 0112: OP60 0x00
[codex:22] 0114: OP60 0x00
[codex:22] 0116: CALLDATASIZE
[codex:22] 0117: OP60 0x40
[codex:22] 0119: MLOAD
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing opcode sequence for permission check**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] for i in range(1,17):
[codex:22] opnames[0x7f+i]=f'PUSH{i}'
[codex:22] opnames[0x7f+i] # ensure
[codex:22] for i in range(1,17):
[codex:22] opnames[0x7f+16+i]=f'DUP{i}' # 0x80 = DUP1
[codex:22] for i in range(1,17):
[codex:22] opnames[0x8f+i]=f'SWAP{i}' # 0x90 = SWAP1
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0132; end=0x0160
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 27ms:
[codex:22] 0132: JUMPDEST
[codex:22] 0133: OP60 0x01
[codex:22] 0135: OP60 0xa0
[codex:22] 0137: OP60 0x02
[codex:22] 0139: EXP
[codex:22] 013a: SUB
[codex:22] 013b: CALLER
[codex:22] 013c: AND
[codex:22] 013d: OP60 0x00
[codex:22] 013f: SWAP1
[codex:22] 0140: PUSH2
[codex:22] 0141: MSTORE
[codex:22] 0142: OP61 0x0102
[codex:22] 0145: OP60 0x20
[codex:22] 0147: MSTORE
[codex:22] 0148: OP60 0x40
[codex:22] 014a: PUSH2
[codex:22] 014b: SHA3
[codex:22] 014c: SLOAD
[codex:22] 014d: PUSH2
[codex:22]
[codex:22] thinking
[codex:22] **Correcting disassembler opcode mappings**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] for i in range(1,33):
[codex:22] opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17):
[codex:22] opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17):
[codex:22] opnames[0x8f+i]=f'SWAP{i}'
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0132; end=0x0160
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 31ms:
[codex:22] 0132: JUMPDEST
[codex:22] 0133: PUSH1 0x01
[codex:22] 0135: PUSH1 0xa0
[codex:22] 0137: PUSH1 0x02
[codex:22] 0139: EXP
[codex:22] 013a: SUB
[codex:22] 013b: CALLER
[codex:22] 013c: AND
[codex:22] 013d: PUSH1 0x00
[codex:22] 013f: SWAP1
[codex:22] 0140: DUP2
[codex:22] 0141: MSTORE
[codex:22] 0142: PUSH2 0x0102
[codex:22] 0145: PUSH1 0x20
[codex:22] 0147: MSTORE
[codex:22] 0148: PUSH1 0x40
[codex:22] 014a: DUP2
[codex:22] 014b: SHA3
[codex:22] 014c: SLOAD
[codex:22] 014d: DUP2
[codex:22]
[codex:22] thinking
[codex:22] **Tracing stack across function calls**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] }
[codex:22] for i in range(1,33):
[codex:22] opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17):
[codex:22] opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17):
[codex:22] opnames[0x8f+i]=f'SWAP{i}'
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x02d7; end=0x0310
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 26ms:
[codex:22] 02d7: JUMPDEST
[codex:22] 02d8: PUSH2 0x0338
[codex:22] 02db: PUSH1 0x04
[codex:22] 02dd: CALLDATALOAD
[codex:22] 02de: PUSH1 0x00
[codex:22] 02e0: CALLDATASIZE
[codex:22] 02e1: PUSH1 0x40
[codex:22] 02e3: MLOAD
[codex:22] 02e4: DUP1
[codex:22] 02e5: DUP4
[codex:22] 02e6: DUP4
[codex:22] 02e7: DUP1
[codex:22] 02e8: DUP3
[codex:22] 02e9: DUP5
[codex:22] 02ea: CALLDATACOPY
[codex:22] 02eb: POP
[codex:22] 02ec: POP
[codex:22] 02ed: POP
[codex:22] 02ee: SWAP1
[codex:22] 02ef: DUP2
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing stack behavior at JUMP destination**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] # fill known ops
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] # disassemble into list of (pc, op, name, arg)
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] # simple symbolic stack sim for segment
[codex:22] start=0x02d7; end=0x02ff
[codex:22] stack=[]
[codex:22]
[codex:22] sym_id=0
[codex:22]
[codex:22] def sym(label):
[codex:22] global sym_id
[codex:22] sym_id+=1
[codex:22] return f\"{label}{sym_id}\"
[codex:22]
[codex:22] for pc,op,name,arg in ins:
[codex:22] if pc<start: continue
[codex:22] if pc> end: break
[codex:22] # print state
[codex:22] print(f\"{pc:04x} {name} {('0x'+arg.hex()) if arg is not None else ''} stack={stack}\")
[codex:22] if name.startswith('PUSH'):
[codex:22] stack.append(f\"{name}:{int.from_bytes(arg,'big')}\")
[codex:22] elif name=='CALLDATALOAD':
[codex:22] stack.pop(); stack.append(sym('calldata'))
[codex:22] elif name=='CALLDATASIZE':
[codex:22] stack.append('calldatasize')
[codex:22] elif name=='MLOAD':
[codex:22] stack.pop(); stack.append(sym('mload'))
[codex:22] elif name=='CALLDATACOPY':
[codex:22] # pops 3 args
[codex:22] stack.pop(); stack.pop(); stack.pop()
[codex:22] elif name=='ADD' or name=='SUB' or name=='SHA3':
[codex:22] a=stack.pop(); b=stack.pop(); stack.append(sym(name.lower()))
[codex:22] elif name=='POP':
[codex:22] stack.pop()
[codex:22] elif name.startswith('DUP'):
[codex:22] n=int(name[3:])
[codex:22] stack.append(stack[-n])
[codex:22] elif name.startswith('SWAP'):
[codex:22] n=int(name[4:])
[codex:22] stack[-1], stack[-1-n] = stack[-1-n], stack[-1]
[codex:22] elif name=='JUMP':
[codex:22] break
[codex:22] # ignoring other ops in this segment
[codex:22]
[codex:22] print('final stack', stack)
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 26ms:
[codex:22] 02d7 JUMPDEST stack=[]
[codex:22] 02d8 PUSH2 0x0338 stack=[]
[codex:22] 02db PUSH1 0x04 stack=['PUSH2:824']
[codex:22] 02dd CALLDATALOAD stack=['PUSH2:824', 'PUSH1:4']
[codex:22] 02de PUSH1 0x00 stack=['PUSH2:824', 'calldata1']
[codex:22] 02e0 CALLDATASIZE stack=['PUSH2:824', 'calldata1', 'PUSH1:0']
[codex:22] 02e1 PUSH1 0x40 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize']
[codex:22] 02e3 MLOAD stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'PUSH1:64']
[codex:22] 02e4 DUP1 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2']
[codex:22] 02e5 DUP4 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2']
[codex:22] 02e6 DUP4 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0']
[codex:22] 02e7 DUP1 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize']
[codex:22] 02e8 DUP3 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize']
[codex:22] 02e9 DUP5 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize', 'PUSH1:0']
[codex:22] 02ea CALLDATACOPY stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize', 'PUSH1:0', 'mload2']
[codex:22] 02eb POP stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize']
[codex:22] 02ec POP stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0']
[codex:22] 02ed POP stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2']
[codex:22] 02ee SWAP1 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'calldatasize', 'mload2']
[codex:22] 02ef DUP2 stack=['PUSH2:824', 'calldata1', 'PUSH1:0', 'mload2', 'calldatasize']
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing EVM jump and stack state**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] # parse opcodes
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] # disassemble into list
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] # simulate from 0x0132 to 0x015a
[codex:22] start=0x0132; end=0x015a
[codex:22]
[codex:22] stack=['S0(0x0338)','S1(calldata_off)','S2(sha3)','S3(0x079c)','S4(sha3)']
[codex:22]
[codex:22] def pop():
[codex:22] return stack.pop()
[codex:22]
[codex:22] def push(x):
[codex:22] stack.append(x)
[codex:22]
[codex:22] sym_id=0
[codex:22]
[codex:22] def sym(label):
[codex:22] global sym_id
[codex:22] sym_id+=1
[codex:22] return f\"{label}{sym_id}\"
[codex:22]
[codex:22] for pc,op,name,arg in ins:
[codex:22] if pc<start: continue
[codex:22] if pc> end: break
[codex:22] print(f\"{pc:04x} {name} {('0x'+arg.hex()) if arg is not None else ''} stack={stack}\")
[codex:22] if name.startswith('PUSH'):
[codex:22] push(f\"{name}:{int.from_bytes(arg,'big')}\")
[codex:22] elif name=='CALLER':
[codex:22] push('CALLER')
[codex:22] elif name=='EXP' or name=='SUB' or name=='AND' or name=='EQ' or name=='SHA3':
[codex:22] b=pop(); a=pop(); push(sym(name.lower()))
[codex:22] elif name=='MSTORE':
[codex:22] pop(); pop()
[codex:22] elif name=='SLOAD':
[codex:22] pop(); push(sym('sload'))
[codex:22] elif name=='ISZERO':
[codex:22] pop(); push(sym('iszero'))
[codex:22] elif name=='JUMPI':
[codex:22] pop(); pop()
[codex:22] elif name=='JUMP':
[codex:22] pop(); break
[codex:22] elif name=='DUP1':
[codex:22] push(stack[-1])
[codex:22] elif name=='DUP2':
[codex:22] push(stack[-2])
[codex:22] elif name=='DUP3':
[codex:22] push(stack[-3])
[codex:22] elif name=='DUP4':
[codex:22] push(stack[-4])
[codex:22] elif name.startswith('SWAP'):
[codex:22] n=int(name[4:])
[codex:22] stack[-1], stack[-1-n]=stack[-1-n], stack[-1]
[codex:22] else:
[codex:22] # ignore unknown
[codex:22] pass
[codex:22]
[codex:22] print('final stack', stack)
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 29ms:
[codex:22] 0132 JUMPDEST stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)']
[codex:22] 0133 PUSH1 0x01 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)']
[codex:22] 0135 PUSH1 0xa0 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:1']
[codex:22] 0137 PUSH1 0x02 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:1', 'PUSH1:160']
[codex:22] 0139 EXP stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:1', 'PUSH1:160', 'PUSH1:2']
[codex:22] 013a SUB stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:1', 'exp1']
[codex:22] 013b CALLER stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'sub2']
[codex:22] 013c AND stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'sub2', 'CALLER']
[codex:22] 013d PUSH1 0x00 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'and3']
[codex:22] 013f SWAP1 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'and3', 'PUSH1:0']
[codex:22] 0140 DUP2 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'and3']
[codex:22] 0141 MSTORE stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'and3', 'PUSH1:0']
[codex:22] 0142 PUSH2 0x0102 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0']
[codex:22] 0145 PUSH1 0x20 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'PUSH2:258']
[codex:22] 0147 MSTORE stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'PUSH2:258', 'PUSH1:32']
[codex:22] 0148 PUSH1 0x40 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0']
[codex:22] 014a DUP2 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'PUSH1:64']
[codex:22] 014b SHA3 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'PUSH1:64', 'PUSH1:0']
[codex:22] 014c SLOAD stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'sha34']
[codex:22] 014d DUP2 stack=['S0(0x0338)', 'S1(calldata_off)', 'S2(sha3)', 'S3(0x079c)', 'S4(sha3)', 'PUSH1:0', 'sload5']
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing EVM bytecode logic and stack effects**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0b80; end=0x0be5
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 28ms:
[codex:22] 0b80: DUP1
[codex:22] 0b81: SLOAD
[codex:22] 0b82: DUP5
[codex:22] 0b83: DUP3
[codex:22] 0b84: SSTORE
[codex:22] 0b85: SWAP1
[codex:22] 0b86: DUP5
[codex:22] 0b87: MSTORE
[codex:22] 0b88: DUP3
[codex:22] 0b89: DUP5
[codex:22] 0b8a: SHA3
[codex:22] 0b8b: SWAP2
[codex:22] 0b8c: SWAP4
[codex:22] 0b8d: SWAP3
[codex:22] 0b8e: PUSH2 0x0ba6
[codex:22] 0b91: SWAP3
[codex:22] 0b92: PUSH1 0x1f
[codex:22] 0b94: SWAP3
[codex:22] 0b95: SWAP1
[codex:22] 0b96: SWAP3
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing conditional jump and selfdestruct flow**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0cf0; end=0x0d60
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 30ms:
[codex:22] 0cf0: SWAP5
[codex:22] 0cf1: POP
[codex:22] 0cf2: PUSH2 0x0d0b
[codex:22] 0cf5: SWAP1
[codex:22] 0cf6: POP
[codex:22] 0cf7: JUMP
[codex:22] 0cf8: JUMPDEST
[codex:22] 0cf9: DUP2
[codex:22] 0cfa: SLOAD
[codex:22] 0cfb: PUSH1 0x00
[codex:22] 0cfd: NOT
[codex:22] 0cfe: ADD
[codex:22] 0cff: DUP3
[codex:22] 0d00: SSTORE
[codex:22] 0d01: PUSH1 0x01
[codex:22] 0d03: DUP3
[codex:22] 0d04: ADD
[codex:22] 0d05: DUP1
[codex:22] 0d06: SLOAD
[codex:22] 0d07: DUP3
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing dynamic jump and selfdestruct logic**
[codex:22]
[codex:22] I’m tracing how the code uses stack operations and dynamic jumps for returning after a guard check, focusing on a suspicious selfdestruct block that expects a beneficiary and a flag on the stack. I’m planning to simulate the stack state moving through key instruction points to understand how inputs influence the selfdestruct call and whether exploit paths exist.
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] # define opcode metadata
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] # disassemble into dict by pc
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22] ins_by_pc={pc:(op,name,arg) for pc,op,name,arg in ins}
[codex:22]
[codex:22] # symbolic execution
[codex:22] class SymExec:
[codex:22] def __init__(self):
[codex:22] self.stack=[]
[codex:22] self.sym_id=0
[codex:22] def sym(self,label):
[codex:22] self.sym_id+=1
[codex:22] return f\"{label}{self.sym_id}\"
[codex:22] def push(self,x):
[codex:22] self.stack.append(x)
[codex:22] def pop(self):
[codex:22] return self.stack.pop()
[codex:22] def dup(self,n):
[codex:22] self.stack.append(self.stack[-n])
[codex:22] def swap(self,n):
[codex:22] self.stack[-1], self.stack[-1-n] = self.stack[-1-n], self.stack[-1]
[codex:22]
[codex:22] exec=SymExec()
[codex:22]
[codex:22] # run from 0x02d7 to JUMP at 0x02ff
[codex:22] pc=0x02d7
[codex:22] end_pc=0x02ff
[codex:22] while True:
[codex:22] op,name,arg=ins_by_pc[pc]
[codex:22] # print trace
[codex:22] print(f\"{pc:04x} {name} {('0x'+arg.hex()) if arg is not None else ''} stack={exec.stack}\")
[codex:22] if name.startswith('PUSH'):
[codex:22] exec.push(f\"{name}:{int.from_bytes(arg,'big')}\")
[codex:22] elif name=='CALLDATALOAD':
[codex:22] exec.pop(); exec.push(exec.sym('calldataload'))
[codex:22] elif name=='CALLDATASIZE':
[codex:22] exec.push('calldatasize')
[codex:22] elif name=='MLOAD':
[codex:22] exec.pop(); exec.push(exec.sym('mload'))
[codex:22] elif name=='CALLDATACOPY':
[codex:22] exec.pop(); exec.pop(); exec.pop()
[codex:22] elif name in ('ADD','SUB','SHA3','EXP','AND','OR','DIV','MUL','EQ'):
[codex:22] a=exec.pop(); b=exec.pop(); exec.push(exec.sym(name.lower()))
[codex:22] elif name=='POP':
[codex:22] exec.pop()
[codex:22] elif name.startswith('DUP'):
[codex:22] exec.dup(int(name[3:]))
[codex:22] elif name.startswith('SWAP'):
[codex:22] exec.swap(int(name[4:]))
[codex:22] elif name=='JUMP':
[codex:22] exec.pop(); break
[codex:22] else:
[codex:22] pass
[codex:22] if pc==end_pc: break
[codex:22] # advance to next instruction
[codex:22] # find next pc in ins list
[codex:22] # (simpler: iterate through ins list?)
[codex:22] # We'll use list index mapping
[codex:22] idx=next(i for i,(pc2,_,_,_) in enumerate(ins) if pc2==pc)
[codex:22] pc=ins[idx+1][0]
[codex:22]
[codex:22] print('\\nStack before entering 0x0132:', exec.stack)
[codex:22]
[codex:22] # Now simulate 0x0132 to JUMP at 0x015a (to 0x0d0b)
[codex:22] pc=0x0132
[codex:22] while True:
[codex:22] op,name,arg=ins_by_pc[pc]
[codex:22] print(f\"{pc:04x} {name} {('0x'+arg.hex()) if arg is not None else ''} stack={exec.stack}\")
[codex:22] if name.startswith('PUSH'):
[codex:22] exec.push(f\"{name}:{int.from_bytes(arg,'big')}\")
[codex:22] elif name=='CALLER':
[codex:22] exec.push('CALLER')
[codex:22] elif name in ('EXP','SUB','AND','EQ','SHA3'):
[codex:22] a=exec.pop(); b=exec.pop(); exec.push(exec.sym(name.lower()))
[codex:22] elif name=='MSTORE':
[codex:22] exec.pop(); exec.pop()
[codex:22] elif name=='SLOAD':
[codex:22] exec.pop(); exec.push(exec.sym('sload'))
[codex:22] elif name=='ISZERO':
[codex:22] exec.pop(); exec.push(exec.sym('iszero'))
[codex:22] elif name=='JUMPI':
[codex:22] # for our path assume no jump (condition false), so pop dest+cond
[codex:22] exec.pop(); exec.pop()
[codex:22] elif name.startswith('DUP'):
[codex:22] exec.dup(int(name[3:]))
[codex:22] elif name.startswith('SWAP'):
[codex:22] exec.swap(int(name[4:]))
[codex:22] elif name=='JUMP':
[codex:22] dest=exec.pop();
[codex:22] print('JUMP to', dest)
[codex:22] break
[codex:22] else:
[codex:22] pass
[codex:22] # advance
[codex:22] idx=next(i for i,(pc2,_,_,_) in enumerate(ins) if pc2==pc)
[codex:22] pc=ins[idx+1][0]
[codex:22]
[codex:22] print('\\nStack before entering 0x0d0b:', exec.stack)
[codex:22]
[codex:22] # simulate 0x0d0b block
[codex:22] pc=0x0d0b
[codex:22] while True:
[codex:22] op,name,arg=ins_by_pc[pc]
[codex:22] print(f\"{pc:04x} {name} {('0x'+arg.hex()) if arg is not None else ''} stack={exec.stack}\")
[codex:22] if name=='POP':
[codex:22] exec.pop()
[codex:22] elif name.startswith('SWAP'):
[codex:22] exec.swap(int(name[4:]))
[codex:22] elif name=='JUMP':
[codex:22] dest=exec.pop(); print('Final jump dest', dest); break
[codex:22] else:
[codex:22] pass
[codex:22] idx=next(i for i,(pc2,_,_,_) in enumerate(ins) if pc2==pc)
[codex:22] pc=ins[idx+1][0]
[codex:22]
[codex:22] print('Final stack after 0x0d0b jump prep:', exec.stack)
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 32ms:
[codex:22] 02d7 JUMPDEST stack=[]
[codex:22] 02d8 PUSH2 0x0338 stack=[]
[codex:22] 02db PUSH1 0x04 stack=['PUSH2:824']
[codex:22] 02dd CALLDATALOAD stack=['PUSH2:824', 'PUSH1:4']
[codex:22] 02de PUSH1 0x00 stack=['PUSH2:824', 'calldataload1']
[codex:22] 02e0 CALLDATASIZE stack=['PUSH2:824', 'calldataload1', 'PUSH1:0']
[codex:22] 02e1 PUSH1 0x40 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize']
[codex:22] 02e3 MLOAD stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'PUSH1:64']
[codex:22] 02e4 DUP1 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2']
[codex:22] 02e5 DUP4 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2']
[codex:22] 02e6 DUP4 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0']
[codex:22] 02e7 DUP1 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize']
[codex:22] 02e8 DUP3 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize']
[codex:22] 02e9 DUP5 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize', 'PUSH1:0']
[codex:22] 02ea CALLDATACOPY stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize', 'calldatasize', 'PUSH1:0', 'mload2']
[codex:22] 02eb POP stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0', 'calldatasize']
[codex:22] 02ec POP stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2', 'PUSH1:0']
[codex:22] 02ed POP stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2', 'mload2']
[codex:22] 02ee SWAP1 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'calldatasize', 'mload2']
[codex:22] 02ef DUP2 stack=['PUSH2:824', 'calldataload1', 'PUSH1:0', 'mload2', 'calldatasize']
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing jump and stack behavior at key address**
[codex:22]
[codex:22] I'm tracing the jump destination at 0x079c and the stack state there, seeing that the selfdestruct call is likely guarded by a zero flag, preventing its execution in the default path. I want to explore alternative branches, especially the one at 0x0bb3 when mapping[caller] isn't zero, to see if they might enable selfdestruct or other behaviors. I'm also trying to identify which functions reach 0x079c and whether the flag can be controlled by inputs. This involves investigating function selectors and suspicious storage manipulations, plus hunting nearby CALL or DELEGATECALL instructions for possible exploit vectors. Let's keep tracking these paths!
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] call_pcs=[pc for pc,op,name,arg in ins if op in (0xf1,0xf2,0xf4)]
[codex:22] print('CALL/DELEGATECALL/CALLCODE pcs', call_pcs)
[codex:22]
[codex:22] # function to show context
[codex:22] pc_to_idx={pc:i for i,(pc,_,_,_) in enumerate(ins)}
[codex:22] for pc in call_pcs:
[codex:22] idx=pc_to_idx[pc]; start=max(0, idx-10); end=min(len(ins), idx+5)
[codex:22] print('\\nContext around', hex(pc))
[codex:22] for pc2,op,name,arg in ins[start:end]:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc2:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc2:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 30ms:
[codex:22] CALL/DELEGATECALL/CALLCODE pcs [2159, 2695]
[codex:22]
[codex:22] Context around 0x86f
[codex:22] 0863: SWAP1
[codex:22] 0864: DUP1
[codex:22] 0865: DUP4
[codex:22] 0866: SUB
[codex:22] 0867: DUP2
[codex:22] 0868: DUP6
[codex:22] 0869: DUP8
[codex:22] 086a: PUSH2 0x8502
[codex:22] 086d: GAS
[codex:22] 086e: SUB
[codex:22] 086f: CALL
[codex:22] 0870: POP
[codex:22] 0871: PUSH1 0x00
[codex:22] 0873: SWAP4
[codex:22] 0874: POP
[codex:22]
[codex:22] Context around 0xa87
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing CALL and CALLCODE opcodes**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0830; end=0x0895
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 26ms:
[codex:22] 0830: POP
[codex:22] 0831: POP
[codex:22] 0832: SWAP7
[codex:22] 0833: POP
[codex:22] 0834: POP
[codex:22] 0835: POP
[codex:22] 0836: POP
[codex:22] 0837: POP
[codex:22] 0838: POP
[codex:22] 0839: POP
[codex:22] 083a: PUSH1 0x40
[codex:22] 083c: MLOAD
[codex:22] 083d: DUP1
[codex:22] 083e: SWAP2
[codex:22] 083f: SUB
[codex:22] 0840: SWAP1
[codex:22] 0841: OPa1
[codex:22] 0842: DUP5
[codex:22] 0843: PUSH1 0x01
[codex:22] 0845: PUSH1 0xa0
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing low-level CALL and function mapping**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22] needle=bytes([0x61,0x07,0xad])
[codex:22] positions=[i for i in range(len(code)-2) if code[i:i+3]==needle]
[codex:22] print('PUSH2 0x07ad positions', positions)
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 24ms:
[codex:22] PUSH2 0x07ad positions [569]
[codex:22]
[codex:22] thinking
[codex:22] **Inspecting jump destinations**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x220; end=0x270
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 27ms:
[codex:22] 0220: JUMPDEST
[codex:22] 0221: PUSH2 0x033a
[codex:22] 0224: PUSH1 0x04
[codex:22] 0226: DUP1
[codex:22] 0227: CALLDATALOAD
[codex:22] 0228: SWAP1
[codex:22] 0229: PUSH1 0x24
[codex:22] 022b: DUP1
[codex:22] 022c: CALLDATALOAD
[codex:22] 022d: SWAP2
[codex:22] 022e: PUSH1 0x44
[codex:22] 0230: CALLDATALOAD
[codex:22] 0231: SWAP2
[codex:22] 0232: DUP3
[codex:22] 0233: ADD
[codex:22] 0234: SWAP2
[codex:22] 0235: ADD
[codex:22] 0236: CALLDATALOAD
[codex:22] 0237: PUSH1 0x00
[codex:22] 0239: PUSH2 0x07ad
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing function call and jump destinations**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x015b; end=0x01a5
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 29ms:
[codex:22] 015b: JUMPDEST
[codex:22] 015c: PUSH2 0x033a
[codex:22] 015f: PUSH1 0x04
[codex:22] 0161: CALLDATALOAD
[codex:22] 0162: JUMPDEST
[codex:22] 0163: PUSH1 0x01
[codex:22] 0165: PUSH1 0xa0
[codex:22] 0167: PUSH1 0x02
[codex:22] 0169: EXP
[codex:22] 016a: SUB
[codex:22] 016b: DUP2
[codex:22] 016c: AND
[codex:22] 016d: PUSH1 0x00
[codex:22] 016f: SWAP1
[codex:22] 0170: DUP2
[codex:22] 0171: MSTORE
[codex:22] 0172: PUSH2 0x0102
[codex:22] 0175: PUSH1 0x20
[codex:22] 0177: MSTORE
[codex:22] 0178: PUSH1 0x40
[codex:22]
[codex:22] thinking
[codex:22] **Tracing access control via storage mapping**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] # disassemble
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] # find push2 0x0102
[codex:22] pc_to_idx={pc:i for i,(pc,_,_,_) in enumerate(ins)}
[codex:22] positions=[pc for pc,op,name,arg in ins if name=='PUSH2' and arg==bytes.fromhex('0102')]
[codex:22] print('PUSH2 0x0102 pcs', positions)
[codex:22] for pc in positions:
[codex:22] idx=pc_to_idx[pc]
[codex:22] start=max(0, idx-6); end=min(len(ins), idx+8)
[codex:22] print('\\nContext around', hex(pc))
[codex:22] for pc2,op,name,arg in ins[start:end]:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc2:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc2:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 29ms:
[codex:22] PUSH2 0x0102 pcs [322, 370, 599, 705, 1022, 1151, 1353, 1618, 1704, 3508]
[codex:22]
[codex:22] Context around 0x142
[codex:22] 013b: CALLER
[codex:22] 013c: AND
[codex:22] 013d: PUSH1 0x00
[codex:22] 013f: SWAP1
[codex:22] 0140: DUP2
[codex:22] 0141: MSTORE
[codex:22] 0142: PUSH2 0x0102
[codex:22] 0145: PUSH1 0x20
[codex:22] 0147: MSTORE
[codex:22] 0148: PUSH1 0x40
[codex:22] 014a: DUP2
[codex:22] 014b: SHA3
[codex:22] 014c: SLOAD
[codex:22] 014d: DUP2
[codex:22]
[codex:22] Context around 0x172
[codex:22] 016b: DUP2
[codex:22]
[codex:22] thinking
[codex:22] **Investigating storage operation contexts**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0640; end=0x06c5
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 30ms:
[codex:22] 0642: JUMPI
[codex:22] 0643: PUSH1 0x01
[codex:22] 0645: PUSH1 0xa0
[codex:22] 0647: PUSH1 0x02
[codex:22] 0649: EXP
[codex:22] 064a: SUB
[codex:22] 064b: DUP4
[codex:22] 064c: AND
[codex:22] 064d: PUSH1 0x00
[codex:22] 064f: SWAP1
[codex:22] 0650: DUP2
[codex:22] 0651: MSTORE
[codex:22] 0652: PUSH2 0x0102
[codex:22] 0655: PUSH1 0x20
[codex:22] 0657: MSTORE
[codex:22] 0658: PUSH1 0x40
[codex:22] 065a: DUP2
[codex:22] 065b: SHA3
[codex:22] 065c: SLOAD
[codex:22] 065d: SWAP3
[codex:22]
[codex:22] thinking
[codex:22] **Reviewing preceding function code**
[codex:22] exec
[codex:22] /bin/bash -lc "python - <<'PY'
[codex:22] import re
[codex:22] hexdata=open('BYTECODE_BUNDLE.txt').read();
[codex:22] hexstr=re.search(r'0x([0-9a-fA-F]+)', hexdata).group(1)
[codex:22] code=bytes.fromhex(hexstr)
[codex:22]
[codex:22] opnames={}
[codex:22] for i in range(1,33): opnames[0x5f+i]=f'PUSH{i}'
[codex:22] for i in range(1,17): opnames[0x7f+i]=f'DUP{i}'
[codex:22] for i in range(1,17): opnames[0x8f+i]=f'SWAP{i}'
[codex:22] opnames.update({
[codex:22] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:22] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:22] 0x20:'SHA3',
[codex:22] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:22] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:22] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',
[codex:22] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:22] })
[codex:22]
[codex:22] ins=[]
[codex:22] pc=0
[codex:22] while pc < len(code):
[codex:22] op=code[pc]; name=opnames.get(op, f'OP{op:02x}'); pc_next=pc+1; arg=None
[codex:22] if 0x60<=op<=0x7f:
[codex:22] n=op-0x5f; arg=code[pc_next:pc_next+n]; pc_next+=n
[codex:22] ins.append((pc,op,name,arg)); pc=pc_next
[codex:22]
[codex:22] start=0x0580; end=0x0660
[codex:22] for pc,op,name,arg in ins:
[codex:22] if start<=pc<=end:
[codex:22] if arg is not None:
[codex:22] print(f\"{pc:04x}: {name} 0x{arg.hex()}\")
[codex:22] else:
[codex:22] print(f\"{pc:04x}: {name}\")
[codex:22] PY" in /tmp/codex-multi-0dp1byop succeeded in 30ms:
[codex:22] 0591: DUP3
[codex:22] 0592: PUSH1 0x40
[codex:22] 0594: MLOAD
[codex:22] 0595: DUP1
[codex:22] 0596: DUP3
[codex:22] 0597: PUSH1 0x01
[codex:22] 0599: PUSH1 0xa0
[codex:22] 059b: PUSH1 0x02
[codex:22] 059d: EXP
[codex:22] 059e: SUB
[codex:22] 059f: AND
[codex:22] 05a0: DUP2
[codex:22] 05a1: MSTORE
[codex:22] 05a2: PUSH1 0x20
[codex:22] 05a4: ADD
[codex:22] 05a5: SWAP2
[codex:22] 05a6: POP
[codex:22] 05a7: POP
[codex:22] 05a8: PUSH1 0x40
[codex:22] 05aa: MLOAD
[codex:22]
[codex:22] thinking
[codex:22] **Analyzing bytecode for exploit paths**
[codex:22]
[codex:22] I’m reviewing complex bytecode with access checks, calls, and potential selfdestruct paths, trying to find any unprotected actions or exploit opportunities. After piecing together function flows, call parameters, and external calls, I don’t find a concrete path for profit or unauthorized value extraction, so I’ll report no findings with a concise summary in JSON format.
[codex:22] codex
[codex:22] {"no_findings":true,"summary":"Reviewed full runtime bytecode bundle; observed guarded SELFDESTRUCT and external CALLs but no concrete, unprotected value-extraction path from bytecode alone.","findings":[]}
[codex:22] tokens used
[codex:22] 92,518
[codex:22] {"no_findings":true,"summary":"Reviewed full runtime bytecode bundle; observed guarded SELFDESTRUCT and external CALLs but no concrete, unprotected value-extraction path from bytecode alone.","findings":[]}
{
"codex": {
"ran_at": "2026-01-01T17:37:56.141506+00:00",
"returncode": 0
},
"summary": "Reviewed full runtime bytecode bundle; observed guarded SELFDESTRUCT and external CALLs but no concrete, unprotected value-extraction path from bytecode alone.",
"raw_final": {
"summary": "Reviewed full runtime bytecode bundle; observed guarded SELFDESTRUCT and external CALLs but no concrete, unprotected value-extraction path from bytecode alone.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00b9 0000000a: JUMPI 0000000b: PUSH1 0xe0 0000000d: PUSH1 0x02 0000000f: EXP 00000010: PUSH1 0x00 00000012: CALLDATALOAD 00000013: DIV 00000014: PUSH4 0x173825d9 00000019: DUP2 0000001a: EQ 0000001b: PUSH2 0x010b 0000001e: JUMPI 0000001f: DUP1 00000020: PUSH4 0x2f54bf6e 00000025: EQ 00000026: PUSH2 0x015b 00000029: JUMPI 0000002a: DUP1 0000002b: PUSH4 0x4123cb6b 00000030: EQ 00000031: PUSH2 0x0183 00000034: JUMPI 00000035: DUP1 00000036: PUSH4 0x5c52c2f5 0000003b: EQ 0000003c: PUSH2 0x018c 0000003f: JUMPI 00000040: DUP1 00000041: PUSH4 0x7065cb48 00000046: EQ 00000047: PUSH2 0x01b2 0000004a: JUMPI 0000004b: DUP1 0000004c: PUSH4 0x746c9171 00000051: EQ 00000052: PUSH2 0x01db 00000055: JUMPI 00000056: DUP1 00000057: PUSH4 0x797af627 0000005c: EQ 0000005d: PUSH2 0x01e4 00000060: JUMPI 00000061: DUP1 00000062: PUSH4 0xb20d30a9 00000067: EQ 00000068: PUSH2 0x01f7 0000006b: JUMPI 0000006c: DUP1 0000006d: PUSH4 0xb61d27f6 00000072: EQ 00000073: PUSH2 0x0220 00000076: JUMPI 00000077: DUP1 00000078: PUSH4 0xb75c7dc6 0000007d: EQ 0000007e: PUSH2 0x0241 00000081: JUMPI 00000082: DUP1 00000083: PUSH4 0xba51a6df 00000088: EQ 00000089: PUSH2 0x0270 0000008c: JUMPI 0000008d: DUP1 0000008e: PUSH4 0xc2cf7326 00000093: EQ 00000094: PUSH2 0x0299 00000097: JUMPI 00000098: DUP1 00000099: PUSH4 0xcbf0b0c0 0000009e: EQ 0000009f: PUSH2 0x02d7 000000a2: JUMPI 000000a3: DUP1 000000a4: PUSH4 0xf00d4b5d 000000a9: EQ 000000aa: PUSH2 0x0300 000000ad: JUMPI 000000ae: DUP1 000000af: PUSH4 0xf1736d86 000000b4: EQ 000000b5: PUSH2 0x032e 000000b8: JUMPI 000000b9: JUMPDEST 000000ba: PUSH2 0x0338 000000bd: PUSH1 0x00 000000bf: CALLVALUE 000000c0: GT 000000c1: ISZERO 000000c2: PUSH2 0x0109 000000c5: JUMPI 000000c6: PUSH1 0x40 000000c8: DUP1 000000c9: MLOAD 000000ca: PUSH1 0x01 000000cc: PUSH1 0xa0 000000ce: PUSH1 0x02 000000d0: EXP 000000d1: SUB 000000d2: CALLER 000000d3: AND 000000d4: DUP2 000000d5: MSTORE 000000d6: CALLVALUE 000000d7: PUSH1 0x20 000000d9: DUP3 000000da: ADD 000000db: MSTORE 000000dc: DUP2 000000dd: MLOAD 000000de: PUSH32 0xe1fffcc4923d04b559f4d29a8bfc6cda04eb5b0d3c460751c2402c5c5cc9109c 000000ff: SWAP3 00000100: SWAP2 00000101: DUP2 00000102: SWAP1 00000103: SUB 00000104: SWAP1 00000105: SWAP2 00000106: ADD 00000107: SWAP1 00000108: LOG1 00000109: JUMPDEST 0000010a: JUMP 0000010b: JUMPDEST 0000010c: PUSH2 0x0338 0000010f: PUSH1 0x04 00000111: CALLDATALOAD 00000112: PUSH1 0x00 00000114: PUSH1 0x00 00000116: CALLDATASIZE 00000117: PUSH1 0x40 00000119: MLOAD 0000011a: DUP1 0000011b: DUP4 0000011c: DUP4 0000011d: DUP1 0000011e: DUP3 0000011f: DUP5 00000120: CALLDATACOPY 00000121: POP 00000122: POP 00000123: POP 00000124: SWAP1 00000125: DUP2 00000126: ADD 00000127: DUP2 00000128: SWAP1 00000129: SUB 0000012a: SWAP1 0000012b: KECCAK256 0000012c: SWAP1 0000012d: POP 0000012e: PUSH2 0x063d 00000131: DUP2 00000132: JUMPDEST 00000133: PUSH1 0x01 00000135: PUSH1 0xa0 00000137: PUSH1 0x02 00000139: EXP 0000013a: SUB 0000013b: CALLER 0000013c: AND 0000013d: PUSH1 0x00 0000013f: SWAP1 00000140: DUP2 00000141: MSTORE 00000142: PUSH2 0x0102 00000145: PUSH1 0x20 00000147: MSTORE 00000148: PUSH1 0x40 0000014a: DUP2 0000014b: KECCAK256 0000014c: SLOAD 0000014d: DUP2 0000014e: DUP1 0000014f: DUP3 00000150: DUP2 00000151: EQ 00000152: ISZERO 00000153: PUSH2 0x0bb3 00000156: JUMPI 00000157: PUSH2 0x0d0b 0000015a: JUMP 0000015b: JUMPDEST 0000015c: PUSH2 0x033a 0000015f: PUSH1 0x04 00000161: CALLDATALOAD 00000162: JUMPDEST 00000163: PUSH1 0x01 00000165: PUSH1 0xa0 00000167: PUSH1 0x02 00000169: EXP 0000016a: SUB 0000016b: DUP2 0000016c: AND 0000016d: PUSH1 0x00 0000016f: SWAP1 00000170: DUP2 00000171: MSTORE 00000172: PUSH2 0x0102 00000175: PUSH1 0x20 00000177: MSTORE 00000178: PUSH1 0x40 0000017a: DUP2 0000017b: KECCAK256 0000017c: SLOAD 0000017d: GT 0000017e: JUMPDEST 0000017f: SWAP2 00000180: SWAP1 00000181: POP 00000182: JUMP 00000183: JUMPDEST 00000184: PUSH2 0x033a 00000187: PUSH1 0x01 00000189: SLOAD 0000018a: DUP2 0000018b: JUMP 0000018c: JUMPDEST 0000018d: PUSH2 0x0338 00000190: PUSH1 0x00 00000192: CALLDATASIZE 00000193: PUSH1 0x40 00000195: MLOAD 00000196: DUP1 00000197: DUP4 00000198: DUP4 00000199: DUP1 0000019a: DUP3 0000019b: DUP5 0000019c: CALLDATACOPY 0000019d: POP 0000019e: POP 0000019f: POP 000001a0: SWAP1 000001a1: DUP2 000001a2: ADD 000001a3: DUP2 000001a4: SWAP1 000001a5: SUB 000001a6: SWAP1 000001a7: KECCAK256 000001a8: SWAP1 000001a9: POP 000001aa: PUSH2 0x078e 000001ad: DUP2 000001ae: PUSH2 0x0132 000001b1: JUMP 000001b2: JUMPDEST 000001b3: PUSH2 0x0338 000001b6: PUSH1 0x04 000001b8: CALLDATALOAD 000001b9: PUSH1 0x00 000001bb: CALLDATASIZE 000001bc: PUSH1 0x40 000001be: MLOAD 000001bf: DUP1 000001c0: DUP4 000001c1: DUP4 000001c2: DUP1 000001c3: DUP3 000001c4: DUP5 000001c5: CALLDATACOPY 000001c6: POP 000001c7: POP 000001c8: POP 000001c9: SWAP1 000001ca: DUP2 000001cb: ADD 000001cc: DUP2 000001cd: SWAP1 000001ce: SUB 000001cf: SWAP1 000001d0: KECCAK256 000001d1: SWAP1 000001d2: POP 000001d3: PUSH2 0x05b5 000001d6: DUP2 000001d7: PUSH2 0x0132 000001da: JUMP 000001db: JUMPDEST 000001dc: PUSH2 0x033a 000001df: PUSH1 0x00 000001e1: SLOAD 000001e2: DUP2 000001e3: JUMP 000001e4: JUMPDEST 000001e5: PUSH2 0x033a 000001e8: PUSH1 0x04 000001ea: CALLDATALOAD 000001eb: JUMPDEST 000001ec: PUSH1 0x00 000001ee: DUP2 000001ef: PUSH2 0x09f1 000001f2: DUP2 000001f3: PUSH2 0x0132 000001f6: JUMP 000001f7: JUMPDEST 000001f8: PUSH2 0x0338 000001fb: PUSH1 0x04 000001fd: CALLDATALOAD 000001fe: PUSH1 0x00 00000200: CALLDATASIZE 00000201: PUSH1 0x40 00000203: MLOAD 00000204: DUP1 00000205: DUP4 00000206: DUP4 00000207: DUP1 00000208: DUP3 00000209: DUP5 0000020a: CALLDATACOPY 0000020b: POP 0000020c: POP 0000020d: POP 0000020e: SWAP1 0000020f: DUP2 00000210: ADD 00000211: DUP2 00000212: SWAP1 00000213: SUB 00000214: SWAP1 00000215: KECCAK256 00000216: SWAP1 00000217: POP 00000218: PUSH2 0x0782 0000021b: DUP2 0000021c: PUSH2 0x0132 0000021f: JUMP 00000220: JUMPDEST 00000221: PUSH2 0x033a 00000224: PUSH1 0x04 00000226: DUP1 00000227: CALLDATALOAD 00000228: SWAP1 00000229: PUSH1 0x24 0000022b: DUP1 0000022c: CALLDATALOAD 0000022d: SWAP2 0000022e: PUSH1 0x44 00000230: CALLDATALOAD 00000231: SWAP2 00000232: DUP3 00000233: ADD 00000234: SWAP2 00000235: ADD 00000236: CALLDATALOAD 00000237: PUSH1 0x00 00000239: PUSH2 0x07ad 0000023c: CALLER 0000023d: PUSH2 0x0162 00000240: JUMP 00000241: JUMPDEST 00000242: PUSH2 0x0338 00000245: PUSH1 0x04 00000247: CALLDATALOAD 00000248: PUSH1 0x01 0000024a: PUSH1 0xa0 0000024c: PUSH1 0x02 0000024e: EXP 0000024f: SUB 00000250: CALLER 00000251: AND 00000252: PUSH1 0x00 00000254: SWAP1 00000255: DUP2 00000256: MSTORE 00000257: PUSH2 0x0102 0000025a: PUSH1 0x20 0000025c: MSTORE 0000025d: PUSH1 0x40 0000025f: DUP2 00000260: KECCAK256 00000261: SLOAD 00000262: SWAP1 00000263: DUP1 00000264: DUP3 00000265: DUP2 00000266: EQ 00000267: ISZERO 00000268: PUSH2 0x034c 0000026b: JUMPI 0000026c: PUSH2 0x03cb 0000026f: JUMP 00000270: JUMPDEST 00000271: PUSH2 0x0338 00000274: PUSH1 0x04 00000276: CALLDATALOAD 00000277: PUSH1 0x00 00000279: CALLDATASIZE 0000027a: PUSH1 0x40 0000027c: MLOAD 0000027d: DUP1 0000027e: DUP4 0000027f: DUP4 00000280: DUP1 00000281: DUP3 00000282: DUP5 00000283: CALLDATACOPY 00000284: POP 00000285: POP 00000286: POP 00000287: SWAP1 00000288: DUP2 00000289: ADD 0000028a: DUP2 0000028b: SWAP1 0000028c: SUB 0000028d: SWAP1 0000028e: KECCAK256 0000028f: SWAP1 00000290: POP 00000291: PUSH2 0x06fc 00000294: DUP2 00000295: PUSH2 0x0132 00000298: JUMP 00000299: JUMPDEST 0000029a: PUSH2 0x033a 0000029d: PUSH1 0x04 0000029f: CALLDATALOAD 000002a0: PUSH1 0x24 000002a2: CALLDATALOAD 000002a3: PUSH1 0x00 000002a5: DUP3 000002a6: DUP2 000002a7: MSTORE 000002a8: PUSH2 0x0103 000002ab: PUSH1 0x20 000002ad: SWAP1 000002ae: DUP2 000002af: MSTORE 000002b0: PUSH1 0x40 000002b2: DUP1 000002b3: DUP4 000002b4: KECCAK256 000002b5: PUSH1 0x01 000002b7: PUSH1 0xa0 000002b9: PUSH1 0x02 000002bb: EXP 000002bc: SUB 000002bd: DUP6 000002be: AND 000002bf: DUP5 000002c0: MSTORE 000002c1: PUSH2 0x0102 000002c4: SWAP1 000002c5: SWAP3 000002c6: MSTORE 000002c7: DUP3 000002c8: KECCAK256 000002c9: SLOAD 000002ca: DUP3 000002cb: DUP2 000002cc: DUP2 000002cd: EQ 000002ce: ISZERO 000002cf: PUSH2 0x0755 000002d2: JUMPI 000002d3: PUSH2 0x0779 000002d6: JUMP 000002d7: JUMPDEST 000002d8: PUSH2 0x0338 000002db: PUSH1 0x04 000002dd: CALLDATALOAD 000002de: PUSH1 0x00 000002e0: CALLDATASIZE 000002e1: PUSH1 0x40 000002e3: MLOAD 000002e4: DUP1 000002e5: DUP4 000002e6: DUP4 000002e7: DUP1 000002e8: DUP3 000002e9: DUP5 000002ea: CALLDATACOPY 000002eb: POP 000002ec: POP 000002ed: POP 000002ee: SWAP1 000002ef: DUP2 000002f0: ADD 000002f1: DUP2 000002f2: SWAP1 000002f3: SUB 000002f4: SWAP1 000002f5: KECCAK256 000002f6: SWAP1 000002f7: POP 000002f8: PUSH2 0x079c 000002fb: DUP2 000002fc: PUSH2 0x0132 000002ff: JUMP 00000300: JUMPDEST 00000301: PUSH2 0x0338 00000304: PUSH1 0x04 00000306: CALLDATALOAD 00000307: PUSH1 0x24 00000309: CALLDATALOAD 0000030a: PUSH1 0x00 0000030c: PUSH1 0x00 0000030e: CALLDATASIZE 0000030f: PUSH1 0x40 00000311: MLOAD 00000312: DUP1 00000313: DUP4 00000314: DUP4 00000315: DUP1 00000316: DUP3 00000317: DUP5 00000318: CALLDATACOPY 00000319: POP 0000031a: POP 0000031b: POP 0000031c: SWAP1 0000031d: DUP2 0000031e: ADD 0000031f: DUP2 00000320: SWAP1 00000321: SUB 00000322: SWAP1 00000323: KECCAK256 00000324: SWAP1 00000325: POP 00000326: PUSH2 0x0456 00000329: DUP2 0000032a: PUSH2 0x0132 0000032d: JUMP 0000032e: JUMPDEST 0000032f: PUSH2 0x033a 00000332: PUSH2 0x0105 00000335: SLOAD 00000336: DUP2 00000337: JUMP 00000338: JUMPDEST 00000339: STOP 0000033a: JUMPDEST 0000033b: PUSH1 0x40 0000033d: DUP1 0000033e: MLOAD 0000033f: SWAP2 00000340: DUP3 00000341: MSTORE 00000342: MLOAD 00000343: SWAP1 00000344: DUP2 00000345: SWAP1 00000346: SUB 00000347: PUSH1 0x20 00000349: ADD 0000034a: SWAP1 0000034b: RETURN 0000034c: JUMPDEST 0000034d: POP 0000034e: POP 0000034f: PUSH1 0x00 00000351: DUP3 00000352: DUP2 00000353: MSTORE 00000354: PUSH2 0x0103 00000357: PUSH1 0x20 00000359: MSTORE 0000035a: PUSH1 0x40 0000035c: DUP2 0000035d: KECCAK256 0000035e: PUSH1 0x01 00000360: DUP2 00000361: ADD 00000362: SLOAD 00000363: PUSH1 0x02 00000365: DUP5 00000366: SWAP1 00000367: EXP 00000368: SWAP3 00000369: SWAP1 0000036a: DUP4 0000036b: AND 0000036c: GT 0000036d: ISZERO 0000036e: PUSH2 0x03cb 00000371: JUMPI 00000372: DUP1 00000373: SLOAD 00000374: PUSH1 0x01 00000376: DUP3 00000377: DUP2 00000378: ADD 00000379: DUP1 0000037a: SLOAD 0000037b: SWAP3 0000037c: SWAP1 0000037d: SWAP2 0000037e: ADD 0000037f: DUP4 00000380: SSTORE 00000381: SWAP1 00000382: DUP4 00000383: SWAP1 00000384: SUB 00000385: SWAP1 00000386: SSTORE 00000387: PUSH1 0x40 00000389: DUP1 0000038a: MLOAD 0000038b: PUSH1 0x01 0000038d: PUSH1 0xa0 0000038f: PUSH1 0x02 00000391: EXP 00000392: SUB 00000393: CALLER 00000394: AND 00000395: DUP2 00000396: MSTORE 00000397: PUSH1 0x20 00000399: DUP2 0000039a: ADD 0000039b: DUP7 0000039c: SWAP1 0000039d: MSTORE 0000039e: DUP2 0000039f: MLOAD 000003a0: PUSH32 0xc7fb647e59b18047309aa15aad418e5d7ca96d173ad704f1031a2c3d7591734b 000003c1: SWAP3 000003c2: SWAP2 000003c3: DUP2 000003c4: SWAP1 000003c5: SUB 000003c6: SWAP1 000003c7: SWAP2 000003c8: ADD 000003c9: SWAP1 000003ca: LOG1 000003cb: JUMPDEST 000003cc: POP 000003cd: POP 000003ce: POP 000003cf: POP 000003d0: JUMP 000003d1: JUMPDEST 000003d2: PUSH1 0x01 000003d4: PUSH1 0xa0 000003d6: PUSH1 0x02 000003d8: EXP 000003d9: SUB 000003da: DUP4 000003db: AND 000003dc: PUSH1 0x02 000003de: DUP4 000003df: PUSH2 0x0100 000003e2: DUP2 000003e3: LT 000003e4: ISZERO 000003e5: PUSH2 0x0002 000003e8: JUMPI 000003e9: POP 000003ea: DUP4 000003eb: ADD 000003ec: DUP2 000003ed: SWAP1 000003ee: SSTORE 000003ef: PUSH1 0x01 000003f1: PUSH1 0xa0 000003f3: PUSH1 0x02 000003f5: EXP 000003f6: SUB 000003f7: DUP6 000003f8: AND 000003f9: PUSH1 0x00 000003fb: DUP2 000003fc: DUP2 000003fd: MSTORE 000003fe: PUSH2 0x0102 00000401: PUSH1 0x20 00000403: SWAP1 00000404: DUP2 00000405: MSTORE 00000406: PUSH1 0x40 00000408: DUP1 00000409: DUP4 0000040a: KECCAK256 0000040b: DUP4 0000040c: SWAP1 0000040d: SSTORE 0000040e: DUP5 0000040f: DUP4 00000410: MSTORE 00000411: SWAP2 00000412: DUP3 00000413: SWAP1 00000414: KECCAK256 00000415: DUP7 00000416: SWAP1 00000417: SSTORE 00000418: DUP2 00000419: MLOAD 0000041a: SWAP3 0000041b: DUP4 0000041c: MSTORE 0000041d: DUP3 0000041e: ADD 0000041f: SWAP3 00000420: SWAP1 00000421: SWAP3 00000422: MSTORE 00000423: DUP2 00000424: MLOAD 00000425: PUSH32 0xb532073b38c83145e3e5135377a08bf9aab55bc0fd7c1179cd4fb995d2a5159c 00000446: SWAP3 00000447: SWAP2 00000448: DUP2 00000449: SWAP1 0000044a: SUB 0000044b: SWAP1 0000044c: SWAP2 0000044d: ADD 0000044e: SWAP1 0000044f: LOG1 00000450: POP 00000451: JUMPDEST 00000452: POP 00000453: POP 00000454: POP 00000455: JUMP 00000456: JUMPDEST 00000457: ISZERO 00000458: PUSH2 0x03cb 0000045b: JUMPI 0000045c: PUSH2 0x0464 0000045f: DUP4 00000460: PUSH2 0x0162 00000463: JUMP 00000464: JUMPDEST 00000465: ISZERO 00000466: PUSH2 0x046f 00000469: JUMPI 0000046a: POP 0000046b: PUSH2 0x0451 0000046e: JUMP 0000046f: JUMPDEST 00000470: PUSH1 0x01 00000472: PUSH1 0xa0 00000474: PUSH1 0x02 00000476: EXP 00000477: SUB 00000478: DUP5 00000479: AND 0000047a: PUSH1 0x00 0000047c: SWAP1 0000047d: DUP2 0000047e: MSTORE 0000047f: PUSH2 0x0102 00000482: PUSH1 0x20 00000484: MSTORE 00000485: PUSH1 0x40 00000487: DUP2 00000488: KECCAK256 00000489: SLOAD 0000048a: SWAP3 0000048b: POP 0000048c: DUP3 0000048d: EQ 0000048e: ISZERO 0000048f: PUSH2 0x0498 00000492: JUMPI 00000493: POP 00000494: PUSH2 0x0451 00000497: JUMP 00000498: JUMPDEST 00000499: PUSH2 0x03d1 0000049c: JUMPDEST 0000049d: PUSH2 0x0104 000004a0: SLOAD 000004a1: PUSH1 0x00 000004a3: JUMPDEST 000004a4: DUP2 000004a5: DUP2 000004a6: LT 000004a7: ISZERO 000004a8: PUSH2 0x0e58 000004ab: JUMPI 000004ac: PUSH2 0x0104 000004af: DUP1 000004b0: SLOAD 000004b1: PUSH2 0x0108 000004b4: SWAP2 000004b5: PUSH1 0x00 000004b7: SWAP2 000004b8: DUP5 000004b9: SWAP1 000004ba: DUP2 000004bb: LT 000004bc: ISZERO 000004bd: PUSH2 0x0002 000004c0: JUMPI 000004c1: PUSH1 0x00 000004c3: DUP1 000004c4: MLOAD 000004c5: PUSH1 0x20 000004c7: PUSH2 0x0f13 000004ca: DUP4 000004cb: CODECOPY 000004cc: DUP2 000004cd: MLOAD 000004ce: SWAP2 000004cf: MSTORE 000004d0: ADD 000004d1: SLOAD 000004d2: DUP3 000004d3: MSTORE 000004d4: POP 000004d5: PUSH1 0x20 000004d7: SWAP2 000004d8: DUP3 000004d9: MSTORE 000004da: PUSH1 0x40 000004dc: DUP2 000004dd: KECCAK256 000004de: DUP1 000004df: SLOAD 000004e0: PUSH1 0x01 000004e2: PUSH1 0xa0 000004e4: PUSH1 0x02 000004e6: EXP 000004e7: SUB 000004e8: NOT 000004e9: AND 000004ea: DUP2 000004eb: SSTORE 000004ec: PUSH1 0x01 000004ee: DUP2 000004ef: ADD 000004f0: DUP3 000004f1: SWAP1 000004f2: SSTORE 000004f3: PUSH1 0x02 000004f5: DUP2 000004f6: ADD 000004f7: DUP1 000004f8: SLOAD 000004f9: DUP4 000004fa: DUP3 000004fb: SSTORE 000004fc: SWAP1 000004fd: DUP4 000004fe: MSTORE 000004ff: DUP4 00000500: DUP4 00000501: KECCAK256 00000502: SWAP2 00000503: SWAP4 00000504: PUSH2 0x0edd 00000507: SWAP3 00000508: PUSH1 0x1f 0000050a: SWAP3 0000050b: SWAP1 0000050c: SWAP3 0000050d: ADD 0000050e: DIV 0000050f: DUP2 00000510: ADD 00000511: SWAP1 00000512: PUSH2 0x09d9 00000515: JUMP 00000516: JUMPDEST 00000517: PUSH1 0x01 00000519: DUP1 0000051a: SLOAD 0000051b: DUP2 0000051c: ADD 0000051d: SWAP1 0000051e: DUP2 0000051f: SWAP1 00000520: SSTORE 00000521: PUSH1 0x01 00000523: PUSH1 0xa0 00000525: PUSH1 0x02 00000527: EXP 00000528: SUB 00000529: DUP4 0000052a: AND 0000052b: SWAP1 0000052c: PUSH1 0x02 0000052e: SWAP1 0000052f: PUSH2 0x0100 00000532: DUP2 00000533: LT 00000534: ISZERO 00000535: PUSH2 0x0002 00000538: JUMPI 00000539: SWAP1 0000053a: SWAP1 0000053b: ADD 0000053c: PUSH1 0x00 0000053e: POP 0000053f: DUP2 00000540: SWAP1 00000541: SSTORE 00000542: POP 00000543: PUSH1 0x01 00000545: PUSH1 0x00 00000547: POP 00000548: SLOAD 00000549: PUSH2 0x0102 0000054c: PUSH1 0x00 0000054e: POP 0000054f: PUSH1 0x00 00000551: DUP5 00000552: PUSH1 0x01 00000554: PUSH1 0xa0 00000556: PUSH1 0x02 00000558: EXP 00000559: SUB 0000055a: AND 0000055b: DUP2 0000055c: MSTORE 0000055d: PUSH1 0x20 0000055f: ADD 00000560: SWAP1 00000561: DUP2 00000562: MSTORE 00000563: PUSH1 0x20 00000565: ADD 00000566: PUSH1 0x00 00000568: KECCAK256 00000569: PUSH1 0x00 0000056b: POP 0000056c: DUP2 0000056d: SWAP1 0000056e: SSTORE 0000056f: POP 00000570: PUSH32 0x994a936646fe87ffe4f1e469d3d6aa417d6b855598397f323de5b449f765f0c3 00000591: DUP3 00000592: PUSH1 0x40 00000594: MLOAD 00000595: DUP1 00000596: DUP3 00000597: PUSH1 0x01 00000599: PUSH1 0xa0 0000059b: PUSH1 0x02 0000059d: EXP 0000059e: SUB 0000059f: AND 000005a0: DUP2 000005a1: MSTORE 000005a2: PUSH1 0x20 000005a4: ADD 000005a5: SWAP2 000005a6: POP 000005a7: POP 000005a8: PUSH1 0x40 000005aa: MLOAD 000005ab: DUP1 000005ac: SWAP2 000005ad: SUB 000005ae: SWAP1 000005af: LOG1 000005b0: JUMPDEST 000005b1: POP 000005b2: JUMPDEST 000005b3: POP 000005b4: JUMP 000005b5: JUMPDEST 000005b6: ISZERO 000005b7: PUSH2 0x05b0 000005ba: JUMPI 000005bb: PUSH2 0x05c3 000005be: DUP3 000005bf: PUSH2 0x0162 000005c2: JUMP 000005c3: JUMPDEST 000005c4: ISZERO 000005c5: PUSH2 0x05ce 000005c8: JUMPI 000005c9: POP 000005ca: PUSH2 0x05b2 000005cd: JUMP 000005ce: JUMPDEST 000005cf: PUSH2 0x05d6 000005d2: PUSH2 0x049c 000005d5: JUMP 000005d6: JUMPDEST 000005d7: PUSH1 0x01 000005d9: SLOAD 000005da: PUSH1 0xfa 000005dc: SWAP1 000005dd: LT 000005de: PUSH2 0x05eb 000005e1: JUMPI 000005e2: PUSH2 0x05e9 000005e5: PUSH2 0x0600 000005e8: JUMP 000005e9: JUMPDEST 000005ea: POP 000005eb: JUMPDEST 000005ec: PUSH1 0x01 000005ee: SLOAD 000005ef: PUSH1 0xfa 000005f1: SWAP1 000005f2: LT 000005f3: PUSH2 0x0516 000005f6: JUMPI 000005f7: POP 000005f8: PUSH2 0x05b2 000005fb: JUMP 000005fc: JUMPDEST 000005fd: PUSH2 0x06ba 00000600: JUMPDEST 00000601: PUSH1 0x00 00000603: PUSH1 0x01 00000605: JUMPDEST 00000606: PUSH1 0x01 00000608: SLOAD 00000609: DUP2 0000060a: LT 0000060b: ISZERO 0000060c: PUSH2 0x09ed 0000060f: JUMPI 00000610: JUMPDEST 00000611: PUSH1 0x01 00000613: SLOAD 00000614: DUP2 00000615: LT 00000616: DUP1 00000617: ISZERO 00000618: PUSH2 0x0630 0000061b: JUMPI 0000061c: POP 0000061d: PUSH1 0x02 0000061f: DUP2 00000620: PUSH2 0x0100 00000623: DUP2 00000624: LT 00000625: ISZERO 00000626: PUSH2 0x0002 00000629: JUMPI 0000062a: ADD 0000062b: SLOAD 0000062c: PUSH1 0x00 0000062e: EQ 0000062f: ISZERO 00000630: JUMPDEST 00000631: ISZERO 00000632: PUSH2 0x0d13 00000635: JUMPI 00000636: PUSH1 0x01 00000638: ADD 00000639: PUSH2 0x0610 0000063c: JUMP 0000063d: JUMPDEST 0000063e: ISZERO 0000063f: PUSH2 0x0451 00000642: JUMPI 00000643: PUSH1 0x01 00000645: PUSH1 0xa0 00000647: PUSH1 0x02 00000649: EXP 0000064a: SUB 0000064b: DUP4 0000064c: AND 0000064d: PUSH1 0x00 0000064f: SWAP1 00000650: DUP2 00000651: MSTORE 00000652: PUSH2 0x0102 00000655: PUSH1 0x20 00000657: MSTORE 00000658: PUSH1 0x40 0000065a: DUP2 0000065b: KECCAK256 0000065c: SLOAD 0000065d: SWAP3 0000065e: POP 0000065f: DUP3 00000660: EQ 00000661: ISZERO 00000662: PUSH2 0x066b 00000665: JUMPI 00000666: POP 00000667: PUSH2 0x05b0 0000066a: JUMP 0000066b: JUMPDEST 0000066c: PUSH1 0x01 0000066e: PUSH1 0x01 00000670: PUSH1 0x00 00000672: POP 00000673: SLOAD 00000674: SUB 00000675: PUSH1 0x00 00000677: PUSH1 0x00 00000679: POP 0000067a: SLOAD 0000067b: GT 0000067c: ISZERO 0000067d: PUSH2 0x0686 00000680: JUMPI 00000681: POP 00000682: PUSH2 0x05b0 00000685: JUMP 00000686: JUMPDEST 00000687: PUSH1 0x00 00000689: PUSH1 0x02 0000068b: DUP4 0000068c: PUSH2 0x0100 0000068f: DUP2 00000690: LT 00000691: ISZERO 00000692: PUSH2 0x0002 00000695: JUMPI 00000696: POP 00000697: DUP4 00000698: ADD 00000699: DUP2 0000069a: SWAP1 0000069b: SSTORE 0000069c: PUSH1 0x01 0000069e: PUSH1 0xa0 000006a0: PUSH1 0x02 000006a2: EXP 000006a3: SUB 000006a4: DUP5 000006a5: AND 000006a6: DUP2 000006a7: MSTORE 000006a8: PUSH2 0x0102 000006ab: PUSH1 0x20 000006ad: MSTORE 000006ae: PUSH1 0x40 000006b0: DUP2 000006b1: KECCAK256 000006b2: SSTORE 000006b3: PUSH2 0x05fc 000006b6: PUSH2 0x049c 000006b9: JUMP 000006ba: JUMPDEST 000006bb: POP 000006bc: PUSH1 0x40 000006be: DUP1 000006bf: MLOAD 000006c0: PUSH1 0x01 000006c2: PUSH1 0xa0 000006c4: PUSH1 0x02 000006c6: EXP 000006c7: SUB 000006c8: DUP6 000006c9: AND 000006ca: DUP2 000006cb: MSTORE 000006cc: SWAP1 000006cd: MLOAD 000006ce: PUSH32 0x58619076adf5bb0943d100ef88d52d7c3fd691b19d3a9071b555b651fbf418da 000006ef: SWAP2 000006f0: DUP2 000006f1: SWAP1 000006f2: SUB 000006f3: PUSH1 0x20 000006f5: ADD 000006f6: SWAP1 000006f7: LOG1 000006f8: POP 000006f9: POP 000006fa: POP 000006fb: JUMP 000006fc: JUMPDEST 000006fd: ISZERO 000006fe: PUSH2 0x05b0 00000701: JUMPI 00000702: PUSH1 0x01 00000704: SLOAD 00000705: DUP3 00000706: GT 00000707: ISZERO 00000708: PUSH2 0x0711 0000070b: JUMPI 0000070c: POP 0000070d: PUSH2 0x05b2 00000710: JUMP 00000711: JUMPDEST 00000712: PUSH1 0x00 00000714: DUP3 00000715: SWAP1 00000716: SSTORE 00000717: PUSH2 0x071e 0000071a: PUSH2 0x049c 0000071d: JUMP 0000071e: JUMPDEST 0000071f: PUSH1 0x40 00000721: DUP1 00000722: MLOAD 00000723: DUP4 00000724: DUP2 00000725: MSTORE 00000726: SWAP1 00000727: MLOAD 00000728: PUSH32 0xacbdb084c721332ac59f9b8e392196c9eb0e4932862da8eb9beaf0dad4f550da 00000749: SWAP2 0000074a: DUP2 0000074b: SWAP1 0000074c: SUB 0000074d: PUSH1 0x20 0000074f: ADD 00000750: SWAP1 00000751: LOG1 00000752: POP 00000753: POP 00000754: JUMP 00000755: JUMPDEST 00000756: POP 00000757: PUSH1 0x01 00000759: DUP3 0000075a: ADD 0000075b: SLOAD 0000075c: PUSH1 0x02 0000075e: DUP3 0000075f: SWAP1 00000760: EXP 00000761: SWAP1 00000762: DUP2 00000763: AND 00000764: PUSH1 0x00 00000766: EQ 00000767: ISZERO 00000768: PUSH2 0x0774 0000076b: JUMPI 0000076c: PUSH1 0x00 0000076e: SWAP4 0000076f: POP 00000770: PUSH2 0x0779 00000773: JUMP 00000774: JUMPDEST 00000775: PUSH1 0x01 00000777: SWAP4 00000778: POP 00000779: JUMPDEST 0000077a: POP 0000077b: POP 0000077c: POP 0000077d: SWAP3 0000077e: SWAP2 0000077f: POP 00000780: POP 00000781: JUMP 00000782: JUMPDEST 00000783: ISZERO 00000784: PUSH2 0x05b0 00000787: JUMPI 00000788: POP 00000789: PUSH2 0x0105 0000078c: SSTORE 0000078d: JUMP 0000078e: JUMPDEST 0000078f: ISZERO 00000790: PUSH2 0x05b2 00000793: JUMPI 00000794: PUSH1 0x00 00000796: PUSH2 0x0106 00000799: SSTORE 0000079a: POP 0000079b: JUMP 0000079c: JUMPDEST 0000079d: ISZERO 0000079e: PUSH2 0x05b0 000007a1: JUMPI 000007a2: DUP2 000007a3: PUSH1 0x01 000007a5: PUSH1 0xa0 000007a7: PUSH1 0x02 000007a9: EXP 000007aa: SUB 000007ab: AND 000007ac: SELFDESTRUCT 000007ad: JUMPDEST 000007ae: ISZERO 000007af: PUSH2 0x09c9 000007b2: JUMPI 000007b3: PUSH2 0x07c1 000007b6: DUP5 000007b7: PUSH1 0x00 000007b9: PUSH2 0x0ded 000007bc: CALLER 000007bd: PUSH2 0x0162 000007c0: JUMP 000007c1: JUMPDEST 000007c2: ISZERO 000007c3: PUSH2 0x087d 000007c6: JUMPI 000007c7: PUSH32 0x92ca3a80853e6663fa31fa10b99225f18d4902939b4c53a9caae9043f6efd004 000007e8: CALLER 000007e9: DUP6 000007ea: DUP8 000007eb: DUP7 000007ec: DUP7 000007ed: PUSH1 0x40 000007ef: MLOAD 000007f0: DUP1 000007f1: DUP7 000007f2: PUSH1 0x01 000007f4: PUSH1 0xa0 000007f6: PUSH1 0x02 000007f8: EXP 000007f9: SUB 000007fa: AND 000007fb: DUP2 000007fc: MSTORE 000007fd: PUSH1 0x20 000007ff: ADD 00000800: DUP6 00000801: DUP2 00000802: MSTORE 00000803: PUSH1 0x20 00000805: ADD 00000806: DUP5 00000807: PUSH1 0x01 00000809: PUSH1 0xa0 0000080b: PUSH1 0x02 0000080d: EXP 0000080e: SUB 0000080f: AND 00000810: DUP2 00000811: MSTORE 00000812: PUSH1 0x20 00000814: ADD 00000815: DUP1 00000816: PUSH1 0x20 00000818: ADD 00000819: DUP3 0000081a: DUP2 0000081b: SUB 0000081c: DUP3 0000081d: MSTORE 0000081e: DUP5 0000081f: DUP5 00000820: DUP3 00000821: DUP2 00000822: DUP2 00000823: MSTORE 00000824: PUSH1 0x20 00000826: ADD 00000827: SWAP3 00000828: POP 00000829: DUP1 0000082a: DUP3 0000082b: DUP5 0000082c: CALLDATACOPY 0000082d: DUP3 0000082e: ADD 0000082f: SWAP2 00000830: POP 00000831: POP 00000832: SWAP7 00000833: POP 00000834: POP 00000835: POP 00000836: POP 00000837: POP 00000838: POP 00000839: POP 0000083a: PUSH1 0x40 0000083c: MLOAD 0000083d: DUP1 0000083e: SWAP2 0000083f: SUB 00000840: SWAP1 00000841: LOG1 00000842: DUP5 00000843: PUSH1 0x01 00000845: PUSH1 0xa0 00000847: PUSH1 0x02 00000849: EXP 0000084a: SUB 0000084b: AND 0000084c: DUP5 0000084d: DUP5 0000084e: DUP5 0000084f: PUSH1 0x40 00000851: MLOAD 00000852: DUP1 00000853: DUP4 00000854: DUP4 00000855: DUP1 00000856: DUP3 00000857: DUP5 00000858: CALLDATACOPY 00000859: POP 0000085a: POP 0000085b: POP 0000085c: SWAP1 0000085d: DUP2 0000085e: ADD 0000085f: SWAP2 00000860: POP 00000861: PUSH1 0x00 00000863: SWAP1 00000864: DUP1 00000865: DUP4 00000866: SUB 00000867: DUP2 00000868: DUP6 00000869: DUP8 0000086a: PUSH2 0x8502 0000086d: GAS 0000086e: SUB 0000086f: CALL 00000870: POP 00000871: PUSH1 0x00 00000873: SWAP4 00000874: POP 00000875: PUSH2 0x09c9 00000878: SWAP3 00000879: POP 0000087a: POP 0000087b: POP 0000087c: JUMP 0000087d: JUMPDEST 0000087e: PUSH1 0x00 00000880: CALLDATASIZE 00000881: NUMBER 00000882: PUSH1 0x40 00000884: MLOAD 00000885: DUP1 00000886: DUP5 00000887: DUP5 00000888: DUP1 00000889: DUP3 0000088a: DUP5 0000088b: CALLDATACOPY 0000088c: POP 0000088d: POP 0000088e: POP 0000088f: SWAP1 00000890: SWAP2 00000891: ADD 00000892: SWAP1 00000893: DUP2 00000894: MSTORE 00000895: PUSH1 0x40 00000897: MLOAD 00000898: SWAP1 00000899: DUP2 0000089a: SWAP1 0000089b: SUB 0000089c: PUSH1 0x20 0000089e: ADD 0000089f: SWAP1 000008a0: KECCAK256 000008a1: SWAP2 000008a2: POP 000008a3: PUSH2 0x08ad 000008a6: SWAP1 000008a7: POP 000008a8: DUP2 000008a9: PUSH2 0x01eb 000008ac: JUMP 000008ad: JUMPDEST 000008ae: ISZERO 000008af: DUP1 000008b0: ISZERO 000008b1: PUSH2 0x08d0 000008b4: JUMPI 000008b5: POP 000008b6: PUSH1 0x00 000008b8: DUP2 000008b9: DUP2 000008ba: MSTORE 000008bb: PUSH2 0x0108 000008be: PUSH1 0x20 000008c0: MSTORE 000008c1: PUSH1 0x40 000008c3: DUP2 000008c4: KECCAK256 000008c5: SLOAD 000008c6: PUSH1 0x01 000008c8: PUSH1 0xa0 000008ca: PUSH1 0x02 000008cc: EXP 000008cd: SUB 000008ce: AND 000008cf: EQ 000008d0: JUMPDEST 000008d1: ISZERO 000008d2: PUSH2 0x09c9 000008d5: JUMPI 000008d6: PUSH1 0x00 000008d8: DUP2 000008d9: DUP2 000008da: MSTORE 000008db: PUSH2 0x0108 000008de: PUSH1 0x20 000008e0: SWAP1 000008e1: DUP2 000008e2: MSTORE 000008e3: PUSH1 0x40 000008e5: DUP3 000008e6: KECCAK256 000008e7: DUP1 000008e8: SLOAD 000008e9: PUSH1 0x01 000008eb: PUSH1 0xa0 000008ed: PUSH1 0x02 000008ef: EXP 000008f0: SUB 000008f1: NOT 000008f2: AND 000008f3: DUP9 000008f4: OR 000008f5: DUP2 000008f6: SSTORE 000008f7: PUSH1 0x01 000008f9: DUP2 000008fa: ADD 000008fb: DUP8 000008fc: SWAP1 000008fd: SSTORE 000008fe: PUSH1 0x02 00000900: ADD 00000901: DUP1 00000902: SLOAD 00000903: DUP6 00000904: DUP3 00000905: SSTORE 00000906: DUP2 00000907: DUP5 00000908: MSTORE 00000909: SWAP3 0000090a: DUP3 0000090b: SWAP1 0000090c: KECCAK256 0000090d: SWAP1 0000090e: SWAP3 0000090f: PUSH1 0x1f 00000911: ADD 00000912: SWAP2 00000913: SWAP1 00000914: SWAP2 00000915: DIV 00000916: DUP2 00000917: ADD 00000918: SWAP1 00000919: DUP5 0000091a: SWAP1 0000091b: DUP7 0000091c: DUP3 0000091d: ISZERO 0000091e: PUSH2 0x09d1 00000921: JUMPI 00000922: SWAP2 00000923: DUP3 00000924: ADD 00000925: JUMPDEST 00000926: DUP3 00000927: DUP2 00000928: GT 00000929: ISZERO 0000092a: PUSH2 0x09d1 0000092d: JUMPI 0000092e: DUP3 0000092f: CALLDATALOAD 00000930: DUP3 00000931: PUSH1 0x00 00000933: POP 00000934: SSTORE 00000935: SWAP2 00000936: PUSH1 0x20 00000938: ADD 00000939: SWAP2 0000093a: SWAP1 0000093b: PUSH1 0x01 0000093d: ADD 0000093e: SWAP1 0000093f: PUSH2 0x0925 00000942: JUMP 00000943: JUMPDEST 00000944: POP 00000945: POP 00000946: PUSH32 0x1733cbb53659d713b79580f79f3f9ff215f78a7c7aa45890f3b89fc5cddfbf32 00000967: DUP2 00000968: CALLER 00000969: DUP7 0000096a: DUP9 0000096b: DUP8 0000096c: DUP8 0000096d: PUSH1 0x40 0000096f: MLOAD 00000970: DUP1 00000971: DUP8 00000972: DUP2 00000973: MSTORE 00000974: PUSH1 0x20 00000976: ADD 00000977: DUP7 00000978: PUSH1 0x01 0000097a: PUSH1 0xa0 0000097c: PUSH1 0x02 0000097e: EXP 0000097f: SUB 00000980: AND 00000981: DUP2 00000982: MSTORE 00000983: PUSH1 0x20 00000985: ADD 00000986: DUP6 00000987: DUP2 00000988: MSTORE 00000989: PUSH1 0x20 0000098b: ADD 0000098c: DUP5 0000098d: PUSH1 0x01 0000098f: PUSH1 0xa0 00000991: PUSH1 0x02 00000993: EXP 00000994: SUB 00000995: AND 00000996: DUP2 00000997: MSTORE 00000998: PUSH1 0x20 0000099a: ADD 0000099b: DUP1 0000099c: PUSH1 0x20 0000099e: ADD 0000099f: DUP3 000009a0: DUP2 000009a1: SUB 000009a2: DUP3 000009a3: MSTORE 000009a4: DUP5 000009a5: DUP5 000009a6: DUP3 000009a7: DUP2 000009a8: DUP2 000009a9: MSTORE 000009aa: PUSH1 0x20 000009ac: ADD 000009ad: SWAP3 000009ae: POP 000009af: DUP1 000009b0: DUP3 000009b1: DUP5 000009b2: CALLDATACOPY 000009b3: DUP3 000009b4: ADD 000009b5: SWAP2 000009b6: POP 000009b7: POP 000009b8: SWAP8 000009b9: POP 000009ba: POP 000009bb: POP 000009bc: POP 000009bd: POP 000009be: POP 000009bf: POP 000009c0: POP 000009c1: PUSH1 0x40 000009c3: MLOAD 000009c4: DUP1 000009c5: SWAP2 000009c6: SUB 000009c7: SWAP1 000009c8: LOG1 000009c9: JUMPDEST 000009ca: SWAP5 000009cb: SWAP4 000009cc: POP 000009cd: POP 000009ce: POP 000009cf: POP 000009d0: JUMP 000009d1: JUMPDEST 000009d2: POP 000009d3: PUSH2 0x0943 000009d6: SWAP3 000009d7: SWAP2 000009d8: POP 000009d9: JUMPDEST 000009da: DUP1 000009db: DUP3 000009dc: GT 000009dd: ISZERO 000009de: PUSH2 0x09ed 000009e1: JUMPI 000009e2: PUSH1 0x00 000009e4: DUP2 000009e5: SSTORE 000009e6: PUSH1 0x01 000009e8: ADD 000009e9: PUSH2 0x09d9 000009ec: JUMP 000009ed: JUMPDEST 000009ee: POP 000009ef: SWAP1 000009f0: JUMP 000009f1: JUMPDEST 000009f2: ISZERO 000009f3: PUSH2 0x0ba0 000009f6: JUMPI 000009f7: PUSH1 0x00 000009f9: DUP4 000009fa: DUP2 000009fb: MSTORE 000009fc: PUSH2 0x0108 000009ff: PUSH1 0x20 00000a01: MSTORE 00000a02: PUSH1 0x40 00000a04: DUP2 00000a05: KECCAK256 00000a06: SLOAD 00000a07: PUSH1 0x01 00000a09: PUSH1 0xa0 00000a0b: PUSH1 0x02 00000a0d: EXP 00000a0e: SUB 00000a0f: AND 00000a10: EQ 00000a11: PUSH2 0x0ba0 00000a14: JUMPI 00000a15: PUSH1 0x40 00000a17: DUP1 00000a18: MLOAD 00000a19: PUSH1 0x00 00000a1b: SWAP2 00000a1c: SWAP1 00000a1d: SWAP2 00000a1e: KECCAK256 00000a1f: DUP1 00000a20: SLOAD 00000a21: PUSH1 0x01 00000a23: DUP3 00000a24: ADD 00000a25: SLOAD 00000a26: PUSH1 0x02 00000a28: SWAP3 00000a29: SWAP1 00000a2a: SWAP3 00000a2b: ADD 00000a2c: DUP1 00000a2d: SLOAD 00000a2e: PUSH1 0x01 00000a30: PUSH1 0xa0 00000a32: PUSH1 0x02 00000a34: EXP 00000a35: SUB 00000a36: SWAP3 00000a37: SWAP1 00000a38: SWAP3 00000a39: AND 00000a3a: SWAP4 00000a3b: SWAP1 00000a3c: SWAP2 00000a3d: DUP2 00000a3e: SWAP1 00000a3f: DUP4 00000a40: SWAP1 00000a41: DUP1 00000a42: ISZERO 00000a43: PUSH2 0x0a71 00000a46: JUMPI 00000a47: DUP3 00000a48: ADD 00000a49: SWAP2 00000a4a: SWAP1 00000a4b: PUSH1 0x00 00000a4d: MSTORE 00000a4e: PUSH1 0x20 00000a50: PUSH1 0x00 00000a52: KECCAK256 00000a53: SWAP1 00000a54: JUMPDEST 00000a55: DUP2 00000a56: SLOAD 00000a57: DUP2 00000a58: MSTORE 00000a59: SWAP1 00000a5a: PUSH1 0x01 00000a5c: ADD 00000a5d: SWAP1 00000a5e: PUSH1 0x20 00000a60: ADD 00000a61: DUP1 00000a62: DUP4 00000a63: GT 00000a64: PUSH2 0x0a54 00000a67: JUMPI 00000a68: DUP3 00000a69: SWAP1 00000a6a: SUB 00000a6b: PUSH1 0x1f 00000a6d: AND 00000a6e: DUP3 00000a6f: ADD 00000a70: SWAP2 00000a71: JUMPDEST 00000a72: POP 00000a73: POP 00000a74: SWAP2 00000a75: POP 00000a76: POP 00000a77: PUSH1 0x00 00000a79: PUSH1 0x40 00000a7b: MLOAD 00000a7c: DUP1 00000a7d: DUP4 00000a7e: SUB 00000a7f: DUP2 00000a80: DUP6 00000a81: DUP8 00000a82: PUSH2 0x8502 00000a85: GAS 00000a86: SUB 00000a87: CALL 00000a88: POP 00000a89: POP 00000a8a: POP 00000a8b: PUSH1 0x00 00000a8d: DUP5 00000a8e: DUP2 00000a8f: MSTORE 00000a90: PUSH2 0x0108 00000a93: PUSH1 0x20 00000a95: SWAP1 00000a96: DUP2 00000a97: MSTORE 00000a98: PUSH1 0x40 00000a9a: DUP1 00000a9b: MLOAD 00000a9c: SWAP3 00000a9d: DUP2 00000a9e: SWAP1 00000a9f: KECCAK256 00000aa0: DUP1 00000aa1: SLOAD 00000aa2: PUSH1 0x01 00000aa4: DUP3 00000aa5: ADD 00000aa6: SLOAD 00000aa7: PUSH1 0x01 00000aa9: PUSH1 0xa0 00000aab: PUSH1 0x02 00000aad: EXP 00000aae: SUB 00000aaf: CALLER 00000ab0: DUP2 00000ab1: DUP2 00000ab2: AND 00000ab3: DUP9 00000ab4: MSTORE 00000ab5: SWAP6 00000ab6: DUP8 00000ab7: ADD 00000ab8: DUP12 00000ab9: SWAP1 00000aba: MSTORE 00000abb: SWAP4 00000abc: DUP7 00000abd: ADD 00000abe: DUP2 00000abf: SWAP1 00000ac0: MSTORE 00000ac1: SWAP3 00000ac2: AND 00000ac3: PUSH1 0x60 00000ac5: DUP6 00000ac6: ADD 00000ac7: DUP2 00000ac8: SWAP1 00000ac9: MSTORE 00000aca: PUSH1 0xa0 00000acc: PUSH1 0x80 00000ace: DUP7 00000acf: ADD 00000ad0: DUP2 00000ad1: DUP2 00000ad2: MSTORE 00000ad3: PUSH1 0x02 00000ad5: SWAP4 00000ad6: SWAP1 00000ad7: SWAP4 00000ad8: ADD 00000ad9: DUP1 00000ada: SLOAD 00000adb: SWAP2 00000adc: DUP8 00000add: ADD 00000ade: DUP3 00000adf: SWAP1 00000ae0: MSTORE 00000ae1: PUSH32 0xe7c957c06e9a662c1a6c77366179f5b702b97651dc28eee7d5bf1dff6e40bb4a 00000b02: SWAP8 00000b03: POP 00000b04: SWAP5 00000b05: SWAP6 00000b06: DUP11 00000b07: SWAP6 00000b08: SWAP3 00000b09: SWAP4 00000b0a: SWAP1 00000b0b: SWAP2 00000b0c: PUSH1 0xc0 00000b0e: DUP4 00000b0f: ADD 00000b10: SWAP1 00000b11: DUP5 00000b12: SWAP1 00000b13: DUP1 00000b14: ISZERO 00000b15: PUSH2 0x0b43 00000b18: JUMPI 00000b19: DUP3 00000b1a: ADD 00000b1b: SWAP2 00000b1c: SWAP1 00000b1d: PUSH1 0x00 00000b1f: MSTORE 00000b20: PUSH1 0x20 00000b22: PUSH1 0x00 00000b24: KECCAK256 00000b25: SWAP1 00000b26: JUMPDEST 00000b27: DUP2 00000b28: SLOAD 00000b29: DUP2 00000b2a: MSTORE 00000b2b: SWAP1 00000b2c: PUSH1 0x01 00000b2e: ADD 00000b2f: SWAP1 00000b30: PUSH1 0x20 00000b32: ADD 00000b33: DUP1 00000b34: DUP4 00000b35: GT 00000b36: PUSH2 0x0b26 00000b39: JUMPI 00000b3a: DUP3 00000b3b: SWAP1 00000b3c: SUB 00000b3d: PUSH1 0x1f 00000b3f: AND 00000b40: DUP3 00000b41: ADD 00000b42: SWAP2 00000b43: JUMPDEST 00000b44: POP 00000b45: POP 00000b46: SWAP7 00000b47: POP 00000b48: POP 00000b49: POP 00000b4a: POP 00000b4b: POP 00000b4c: POP 00000b4d: POP 00000b4e: PUSH1 0x40 00000b50: MLOAD 00000b51: DUP1 00000b52: SWAP2 00000b53: SUB 00000b54: SWAP1 00000b55: LOG1 00000b56: PUSH1 0x00 00000b58: DUP4 00000b59: DUP2 00000b5a: MSTORE 00000b5b: PUSH2 0x0108 00000b5e: PUSH1 0x20 00000b60: SWAP1 00000b61: DUP2 00000b62: MSTORE 00000b63: PUSH1 0x40 00000b65: DUP3 00000b66: KECCAK256 00000b67: DUP1 00000b68: SLOAD 00000b69: PUSH1 0x01 00000b6b: PUSH1 0xa0 00000b6d: PUSH1 0x02 00000b6f: EXP 00000b70: SUB 00000b71: NOT 00000b72: AND 00000b73: DUP2 00000b74: SSTORE 00000b75: PUSH1 0x01 00000b77: DUP2 00000b78: ADD 00000b79: DUP4 00000b7a: SWAP1 00000b7b: SSTORE 00000b7c: PUSH1 0x02 00000b7e: DUP2 00000b7f: ADD 00000b80: DUP1 00000b81: SLOAD 00000b82: DUP5 00000b83: DUP3 00000b84: SSTORE 00000b85: SWAP1 00000b86: DUP5 00000b87: MSTORE 00000b88: DUP3 00000b89: DUP5 00000b8a: KECCAK256 00000b8b: SWAP2 00000b8c: SWAP4 00000b8d: SWAP3 00000b8e: PUSH2 0x0ba6 00000b91: SWAP3 00000b92: PUSH1 0x1f 00000b94: SWAP3 00000b95: SWAP1 00000b96: SWAP3 00000b97: ADD 00000b98: DIV 00000b99: DUP2 00000b9a: ADD 00000b9b: SWAP1 00000b9c: PUSH2 0x09d9 00000b9f: JUMP 00000ba0: JUMPDEST 00000ba1: POP 00000ba2: SWAP2 00000ba3: SWAP1 00000ba4: POP 00000ba5: JUMP 00000ba6: JUMPDEST 00000ba7: POP 00000ba8: POP 00000ba9: POP 00000baa: PUSH1 0x01 00000bac: SWAP2 00000bad: POP 00000bae: POP 00000baf: PUSH2 0x017e 00000bb2: JUMP 00000bb3: JUMPDEST 00000bb4: PUSH1 0x00 00000bb6: DUP6 00000bb7: DUP2 00000bb8: MSTORE 00000bb9: PUSH2 0x0103 00000bbc: PUSH1 0x20 00000bbe: MSTORE 00000bbf: PUSH1 0x40 00000bc1: DUP2 00000bc2: KECCAK256 00000bc3: DUP1 00000bc4: SLOAD 00000bc5: SWAP1 00000bc6: SWAP4 00000bc7: POP 00000bc8: EQ 00000bc9: ISZERO 00000bca: PUSH2 0x0c3b 00000bcd: JUMPI 00000bce: PUSH1 0x00 00000bd0: DUP1 00000bd1: SLOAD 00000bd2: DUP4 00000bd3: SSTORE 00000bd4: PUSH1 0x01 00000bd6: DUP4 00000bd7: DUP2 00000bd8: ADD 00000bd9: SWAP2 00000bda: SWAP1 00000bdb: SWAP2 00000bdc: SSTORE 00000bdd: PUSH2 0x0104 00000be0: DUP1 00000be1: SLOAD 00000be2: SWAP2 00000be3: DUP3 00000be4: ADD 00000be5: DUP1 00000be6: DUP3 00000be7: SSTORE 00000be8: DUP3 00000be9: DUP1 00000bea: ISZERO 00000beb: DUP3 00000bec: SWAP1 00000bed: GT 00000bee: PUSH2 0x0c0a 00000bf1: JUMPI 00000bf2: DUP2 00000bf3: DUP4 00000bf4: PUSH1 0x00 00000bf6: MSTORE 00000bf7: PUSH1 0x20 00000bf9: PUSH1 0x00 00000bfb: KECCAK256 00000bfc: SWAP2 00000bfd: DUP3 00000bfe: ADD 00000bff: SWAP2 00000c00: ADD 00000c01: PUSH2 0x0c0a 00000c04: SWAP2 00000c05: SWAP1 00000c06: PUSH2 0x09d9 00000c09: JUMP 00000c0a: JUMPDEST 00000c0b: POP 00000c0c: POP 00000c0d: POP 00000c0e: PUSH1 0x02 00000c10: DUP4 00000c11: ADD 00000c12: DUP2 00000c13: SWAP1 00000c14: SSTORE 00000c15: PUSH2 0x0104 00000c18: DUP1 00000c19: SLOAD 00000c1a: DUP8 00000c1b: SWAP3 00000c1c: SWAP1 00000c1d: DUP2 00000c1e: LT 00000c1f: ISZERO 00000c20: PUSH2 0x0002 00000c23: JUMPI 00000c24: PUSH1 0x00 00000c26: SWAP2 00000c27: SWAP1 00000c28: SWAP2 00000c29: MSTORE 00000c2a: PUSH1 0x00 00000c2c: DUP1 00000c2d: MLOAD 00000c2e: PUSH1 0x20 00000c30: PUSH2 0x0f13 00000c33: DUP4 00000c34: CODECOPY 00000c35: DUP2 00000c36: MLOAD 00000c37: SWAP2 00000c38: MSTORE 00000c39: ADD 00000c3a: SSTORE 00000c3b: JUMPDEST 00000c3c: POP 00000c3d: PUSH1 0x01 00000c3f: DUP2 00000c40: ADD 00000c41: SLOAD 00000c42: PUSH1 0x02 00000c44: DUP4 00000c45: SWAP1 00000c46: EXP 00000c47: SWAP1 00000c48: DUP2 00000c49: AND 00000c4a: PUSH1 0x00 00000c4c: EQ 00000c4d: ISZERO 00000c4e: PUSH2 0x0d0b 00000c51: JUMPI 00000c52: PUSH1 0x40 00000c54: DUP1 00000c55: MLOAD 00000c56: PUSH1 0x01 00000c58: PUSH1 0xa0 00000c5a: PUSH1 0x02 00000c5c: EXP 00000c5d: SUB 00000c5e: CALLER 00000c5f: AND 00000c60: DUP2 00000c61: MSTORE 00000c62: PUSH1 0x20 00000c64: DUP2 00000c65: ADD 00000c66: DUP8 00000c67: SWAP1 00000c68: MSTORE 00000c69: DUP2 00000c6a: MLOAD 00000c6b: PUSH32 0xe1c52dc63b719ade82e8bea94cc41a0d5d28e4aaf536adb5e9cccc9ff8c1aeda 00000c8c: SWAP3 00000c8d: SWAP2 00000c8e: DUP2 00000c8f: SWAP1 00000c90: SUB 00000c91: SWAP1 00000c92: SWAP2 00000c93: ADD 00000c94: SWAP1 00000c95: LOG1 00000c96: DUP2 00000c97: SLOAD 00000c98: PUSH1 0x01 00000c9a: SWAP1 00000c9b: GT 00000c9c: PUSH2 0x0cf8 00000c9f: JUMPI 00000ca0: PUSH1 0x00 00000ca2: DUP6 00000ca3: DUP2 00000ca4: MSTORE 00000ca5: PUSH2 0x0103 00000ca8: PUSH1 0x20 00000caa: MSTORE 00000cab: PUSH1 0x40 00000cad: SWAP1 00000cae: KECCAK256 00000caf: PUSH1 0x02 00000cb1: ADD 00000cb2: SLOAD 00000cb3: PUSH2 0x0104 00000cb6: DUP1 00000cb7: SLOAD 00000cb8: SWAP1 00000cb9: SWAP2 00000cba: SWAP1 00000cbb: DUP2 00000cbc: LT 00000cbd: ISZERO 00000cbe: PUSH2 0x0002 00000cc1: JUMPI 00000cc2: PUSH1 0x40 00000cc4: PUSH1 0x00 00000cc6: SWAP1 00000cc7: DUP2 00000cc8: KECCAK256 00000cc9: PUSH1 0x00 00000ccb: DUP1 00000ccc: MLOAD 00000ccd: PUSH1 0x20 00000ccf: PUSH2 0x0f13 00000cd2: DUP4 00000cd3: CODECOPY 00000cd4: DUP2 00000cd5: MLOAD 00000cd6: SWAP2 00000cd7: MSTORE 00000cd8: SWAP3 00000cd9: SWAP1 00000cda: SWAP3 00000cdb: ADD 00000cdc: DUP2 00000cdd: SWAP1 00000cde: SSTORE 00000cdf: DUP1 00000ce0: DUP3 00000ce1: SSTORE 00000ce2: PUSH1 0x01 00000ce4: DUP3 00000ce5: DUP2 00000ce6: ADD 00000ce7: DUP3 00000ce8: SWAP1 00000ce9: SSTORE 00000cea: PUSH1 0x02 00000cec: SWAP1 00000ced: SWAP3 00000cee: ADD 00000cef: SSTORE 00000cf0: SWAP5 00000cf1: POP 00000cf2: PUSH2 0x0d0b 00000cf5: SWAP1 00000cf6: POP 00000cf7: JUMP 00000cf8: JUMPDEST 00000cf9: DUP2 00000cfa: SLOAD 00000cfb: PUSH1 0x00 00000cfd: NOT 00000cfe: ADD 00000cff: DUP3 00000d00: SSTORE 00000d01: PUSH1 0x01 00000d03: DUP3 00000d04: ADD 00000d05: DUP1 00000d06: SLOAD 00000d07: DUP3 00000d08: OR 00000d09: SWAP1 00000d0a: SSTORE 00000d0b: JUMPDEST 00000d0c: POP 00000d0d: POP 00000d0e: POP 00000d0f: SWAP2 00000d10: SWAP1 00000d11: POP 00000d12: JUMP 00000d13: JUMPDEST 00000d14: JUMPDEST 00000d15: PUSH1 0x01 00000d17: DUP1 00000d18: SLOAD 00000d19: GT 00000d1a: DUP1 00000d1b: ISZERO 00000d1c: PUSH2 0x0d36 00000d1f: JUMPI 00000d20: POP 00000d21: PUSH1 0x01 00000d23: SLOAD 00000d24: PUSH1 0x02 00000d26: SWAP1 00000d27: PUSH2 0x0100 00000d2a: DUP2 00000d2b: LT 00000d2c: ISZERO 00000d2d: PUSH2 0x0002 00000d30: JUMPI 00000d31: ADD 00000d32: SLOAD 00000d33: PUSH1 0x00 00000d35: EQ 00000d36: JUMPDEST 00000d37: ISZERO 00000d38: PUSH2 0x0d4a 00000d3b: JUMPI 00000d3c: PUSH1 0x01 00000d3e: DUP1 00000d3f: SLOAD 00000d40: PUSH1 0x00 00000d42: NOT 00000d43: ADD 00000d44: SWAP1 00000d45: SSTORE 00000d46: PUSH2 0x0d14 00000d49: JUMP 00000d4a: JUMPDEST 00000d4b: PUSH1 0x01 00000d4d: SLOAD 00000d4e: DUP2 00000d4f: LT 00000d50: DUP1 00000d51: ISZERO 00000d52: PUSH2 0x0d6d 00000d55: JUMPI 00000d56: POP 00000d57: PUSH1 0x01 00000d59: SLOAD 00000d5a: PUSH1 0x02 00000d5c: SWAP1 00000d5d: PUSH2 0x0100 00000d60: DUP2 00000d61: LT 00000d62: ISZERO 00000d63: PUSH2 0x0002 00000d66: JUMPI 00000d67: ADD 00000d68: SLOAD 00000d69: PUSH1 0x00 00000d6b: EQ 00000d6c: ISZERO 00000d6d: JUMPDEST 00000d6e: DUP1 00000d6f: ISZERO 00000d70: PUSH2 0x0d87 00000d73: JUMPI 00000d74: POP 00000d75: PUSH1 0x02 00000d77: DUP2 00000d78: PUSH2 0x0100 00000d7b: DUP2 00000d7c: LT 00000d7d: ISZERO 00000d7e: PUSH2 0x0002 00000d81: JUMPI 00000d82: ADD 00000d83: SLOAD 00000d84: PUSH1 0x00 00000d86: EQ 00000d87: JUMPDEST 00000d88: ISZERO 00000d89: PUSH2 0x0de8 00000d8c: JUMPI 00000d8d: PUSH1 0x01 00000d8f: SLOAD 00000d90: PUSH1 0x02 00000d92: SWAP1 00000d93: PUSH2 0x0100 00000d96: DUP2 00000d97: LT 00000d98: ISZERO 00000d99: PUSH2 0x0002 00000d9c: JUMPI 00000d9d: DUP2 00000d9e: ADD 00000d9f: SLOAD 00000da0: SWAP1 00000da1: DUP3 00000da2: PUSH2 0x0100 00000da5: DUP2 00000da6: LT 00000da7: ISZERO 00000da8: PUSH2 0x0002 00000dab: JUMPI 00000dac: DUP2 00000dad: ADD 00000dae: SWAP2 00000daf: SWAP1 00000db0: SWAP2 00000db1: SSTORE 00000db2: DUP2 00000db3: SWAP1 00000db4: PUSH2 0x0102 00000db7: SWAP1 00000db8: PUSH1 0x00 00000dba: SWAP1 00000dbb: DUP4 00000dbc: PUSH2 0x0100 00000dbf: DUP2 00000dc0: LT 00000dc1: ISZERO 00000dc2: PUSH2 0x0002 00000dc5: JUMPI 00000dc6: DUP2 00000dc7: ADD 00000dc8: SLOAD 00000dc9: DUP3 00000dca: MSTORE 00000dcb: PUSH1 0x20 00000dcd: SWAP3 00000dce: SWAP1 00000dcf: SWAP3 00000dd0: MSTORE 00000dd1: PUSH1 0x40 00000dd3: DUP2 00000dd4: KECCAK256 00000dd5: SWAP3 00000dd6: SWAP1 00000dd7: SWAP3 00000dd8: SSTORE 00000dd9: PUSH1 0x01 00000ddb: SLOAD 00000ddc: PUSH2 0x0100 00000ddf: DUP2 00000de0: LT 00000de1: ISZERO 00000de2: PUSH2 0x0002 00000de5: JUMPI 00000de6: ADD 00000de7: SSTORE 00000de8: JUMPDEST 00000de9: PUSH2 0x0605 00000dec: JUMP 00000ded: JUMPDEST 00000dee: ISZERO 00000def: PUSH2 0x017e 00000df2: JUMPI 00000df3: PUSH2 0x0107 00000df6: SLOAD 00000df7: PUSH2 0x0e03 00000dfa: JUMPDEST 00000dfb: PUSH3 0x015180 00000dff: TIMESTAMP 00000e00: DIV 00000e01: SWAP1 00000e02: JUMP 00000e03: JUMPDEST 00000e04: GT 00000e05: ISZERO 00000e06: PUSH2 0x0e1c 00000e09: JUMPI 00000e0a: PUSH1 0x00 00000e0c: PUSH2 0x0106 00000e0f: SSTORE 00000e10: PUSH2 0x0e17 00000e13: PUSH2 0x0dfa 00000e16: JUMP 00000e17: JUMPDEST 00000e18: PUSH2 0x0107 00000e1b: SSTORE 00000e1c: JUMPDEST 00000e1d: PUSH2 0x0106 00000e20: SLOAD 00000e21: DUP1 00000e22: DUP4 00000e23: ADD 00000e24: LT 00000e25: DUP1 00000e26: ISZERO 00000e27: SWAP1 00000e28: PUSH2 0x0e3a 00000e2b: JUMPI 00000e2c: POP 00000e2d: PUSH2 0x0106 00000e30: SLOAD 00000e31: PUSH2 0x0105 00000e34: SLOAD 00000e35: SWAP1 00000e36: DUP4 00000e37: ADD 00000e38: GT 00000e39: ISZERO 00000e3a: JUMPDEST 00000e3b: ISZERO 00000e3c: PUSH2 0x0e50 00000e3f: JUMPI 00000e40: POP 00000e41: PUSH2 0x0106 00000e44: DUP1 00000e45: SLOAD 00000e46: DUP3 00000e47: ADD 00000e48: SWAP1 00000e49: SSTORE 00000e4a: PUSH1 0x01 00000e4c: PUSH2 0x017e 00000e4f: JUMP 00000e50: JUMPDEST 00000e51: POP 00000e52: PUSH1 0x00 00000e54: PUSH2 0x017e 00000e57: JUMP 00000e58: JUMPDEST 00000e59: PUSH2 0x05b0 00000e5c: PUSH2 0x0104 00000e5f: SLOAD 00000e60: PUSH1 0x00 00000e62: JUMPDEST 00000e63: DUP2 00000e64: DUP2 00000e65: LT 00000e66: ISZERO 00000e67: PUSH2 0x0ee8 00000e6a: JUMPI 00000e6b: PUSH2 0x0104 00000e6e: DUP1 00000e6f: SLOAD 00000e70: DUP3 00000e71: SWAP1 00000e72: DUP2 00000e73: LT 00000e74: ISZERO 00000e75: PUSH2 0x0002 00000e78: JUMPI 00000e79: PUSH1 0x00 00000e7b: SWAP2 00000e7c: DUP3 00000e7d: MSTORE 00000e7e: PUSH1 0x00 00000e80: DUP1 00000e81: MLOAD 00000e82: PUSH1 0x20 00000e84: PUSH2 0x0f13 00000e87: DUP4 00000e88: CODECOPY 00000e89: DUP2 00000e8a: MLOAD 00000e8b: SWAP2 00000e8c: MSTORE 00000e8d: ADD 00000e8e: SLOAD 00000e8f: EQ 00000e90: PUSH2 0x0ed5 00000e93: JUMPI 00000e94: PUSH2 0x0104 00000e97: DUP1 00000e98: SLOAD 00000e99: PUSH2 0x0103 00000e9c: SWAP2 00000e9d: PUSH1 0x00 00000e9f: SWAP2 00000ea0: DUP5 00000ea1: SWAP1 00000ea2: DUP2 00000ea3: LT 00000ea4: ISZERO 00000ea5: PUSH2 0x0002 00000ea8: JUMPI 00000ea9: PUSH1 0x00 00000eab: DUP1 00000eac: MLOAD 00000ead: PUSH1 0x20 00000eaf: PUSH2 0x0f13 00000eb2: DUP4 00000eb3: CODECOPY 00000eb4: DUP2 00000eb5: MLOAD 00000eb6: SWAP2 00000eb7: MSTORE 00000eb8: ADD 00000eb9: SLOAD 00000eba: DUP3 00000ebb: MSTORE 00000ebc: POP 00000ebd: PUSH1 0x20 00000ebf: SWAP2 00000ec0: SWAP1 00000ec1: SWAP2 00000ec2: MSTORE 00000ec3: PUSH1 0x40 00000ec5: DUP2 00000ec6: KECCAK256 00000ec7: DUP2 00000ec8: DUP2 00000ec9: SSTORE 00000eca: PUSH1 0x01 00000ecc: DUP2 00000ecd: ADD 00000ece: DUP3 00000ecf: SWAP1 00000ed0: SSTORE 00000ed1: PUSH1 0x02 00000ed3: ADD 00000ed4: SSTORE 00000ed5: JUMPDEST 00000ed6: PUSH1 0x01 00000ed8: ADD 00000ed9: PUSH2 0x0e62 00000edc: JUMP 00000edd: JUMPDEST 00000ede: POP 00000edf: POP 00000ee0: POP 00000ee1: PUSH1 0x01 00000ee3: ADD 00000ee4: PUSH2 0x04a3 00000ee7: JUMP 00000ee8: JUMPDEST 00000ee9: PUSH2 0x0104 00000eec: DUP1 00000eed: SLOAD 00000eee: PUSH1 0x00 00000ef0: DUP1 00000ef1: DUP4 00000ef2: SSTORE 00000ef3: SWAP2 00000ef4: SWAP1 00000ef5: SWAP2 00000ef6: MSTORE 00000ef7: PUSH2 0x0451 00000efa: SWAP1 00000efb: PUSH1 0x00 00000efd: DUP1 00000efe: MLOAD 00000eff: PUSH1 0x20 00000f01: PUSH2 0x0f13 00000f04: DUP4 00000f05: CODECOPY 00000f06: DUP2 00000f07: MLOAD 00000f08: SWAP2 00000f09: MSTORE 00000f0a: SWAP1 00000f0b: DUP2 00000f0c: ADD 00000f0d: SWAP1 00000f0e: PUSH2 0x09d9 00000f11: JUMP 00000f12: STOP 00000f13: UNKNOWN(0x4C) 00000f14: SIGNEXTEND 00000f15: UNKNOWN(0xE6) 00000f16: MUL 00000f17: STOP 00000f18: STATICCALL 00000f19: LOG2 00000f1a: SDIV 00000f1b: MSIZE 00000f1c: ADDRESS 00000f1d: DUP13 00000f1e: UNKNOWN(0xB7) 00000f1f: UNKNOWN(0xB5) 00000f20: LOG1 00000f21: UNKNOWN(0xBB) 00000f22: ORIGIN 00000f23: SSTORE 00000f24: UNKNOWN(0xC1) 00000f25: PUSH13 0xb1cab91f525b5ae7a03d02fabe
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | cast | SELFDESTRUCT present | 85 | no | — |
viewevidence_json{
"notes": "selfdestruct can remove contract code and send funds; review reachability",
"selfdestruct_count": 1
}
|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x173825d9",
"selector": "0x173825d9",
"calldata_variants": [
"0x173825d9",
"0x173825d90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2f54bf6e",
"selector": "0x2f54bf6e",
"calldata_variants": [
"0x2f54bf6e",
"0x2f54bf6e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4123cb6b",
"selector": "0x4123cb6b",
"calldata_variants": [
"0x4123cb6b",
"0x4123cb6b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c52c2f5",
"selector": "0x5c52c2f5",
"calldata_variants": [
"0x5c52c2f5",
"0x5c52c2f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7065cb48",
"selector": "0x7065cb48",
"calldata_variants": [
"0x7065cb48",
"0x7065cb480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x746c9171",
"selector": "0x746c9171",
"calldata_variants": [
"0x746c9171",
"0x746c91710000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x797af627",
"selector": "0x797af627",
"calldata_variants": [
"0x797af627",
"0x797af6270000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb20d30a9",
"selector": "0xb20d30a9",
"calldata_variants": [
"0xb20d30a9",
"0xb20d30a90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 3874,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0xd89040f0535f2533a0ebc83b4a7e1ef48dbd0fc1c714f08f0a7c1757c109453a
call_targets:
0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xd89040f0535f2533a0ebc83b4a7e1ef48dbd0fc1c714f08f0a7c1757c109453a",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x173825d9",
"selector": "0x173825d9",
"calldata_variants": [
"0x173825d9",
"0x173825d90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2f54bf6e",
"selector": "0x2f54bf6e",
"calldata_variants": [
"0x2f54bf6e",
"0x2f54bf6e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4123cb6b",
"selector": "0x4123cb6b",
"calldata_variants": [
"0x4123cb6b",
"0x4123cb6b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c52c2f5",
"selector": "0x5c52c2f5",
"calldata_variants": [
"0x5c52c2f5",
"0x5c52c2f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7065cb48",
"selector": "0x7065cb48",
"calldata_variants": [
"0x7065cb48",
"0x7065cb480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x746c9171",
"selector": "0x746c9171",
"calldata_variants": [
"0x746c9171",
"0x746c91710000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x797af627",
"selector": "0x797af627",
"calldata_variants": [
"0x797af627",
"0x797af6270000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb20d30a9",
"selector": "0xb20d30a9",
"calldata_variants": [
"0xb20d30a9",
"0xb20d30a90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2159,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2695,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [
{
"pc": 3874,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 2
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0xd89040f0535f2533a0ebc83b4a7e1ef48dbd0fc1c714f08f0a7c1757c109453a
call_targets:
0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xd89040f0535f2533a0ebc83b4a7e1ef48dbd0fc1c714f08f0a7c1757c109453a",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x173825d9",
"selector": "0x173825d9",
"calldata_variants": [
"0x173825d9",
"0x173825d90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2f54bf6e",
"selector": "0x2f54bf6e",
"calldata_variants": [
"0x2f54bf6e",
"0x2f54bf6e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4123cb6b",
"selector": "0x4123cb6b",
"calldata_variants": [
"0x4123cb6b",
"0x4123cb6b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c52c2f5",
"selector": "0x5c52c2f5",
"calldata_variants": [
"0x5c52c2f5",
"0x5c52c2f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7065cb48",
"selector": "0x7065cb48",
"calldata_variants": [
"0x7065cb48",
"0x7065cb480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x746c9171",
"selector": "0x746c9171",
"calldata_variants": [
"0x746c9171",
"0x746c91710000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x797af627",
"selector": "0x797af627",
"calldata_variants": [
"0x797af627",
"0x797af6270000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb20d30a9",
"selector": "0xb20d30a9",
"calldata_variants": [
"0xb20d30a9",
"0xb20d30a90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 2159,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 2695,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": [
{
"pc": 3874,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | SELFDESTRUCT reachable | 45 | no | no |
viewtrace_id: 0x7fac92fa0953471d62b2a4f0bec2080700f601cdabf30b8f3e756173e76d225e
validation_json{
"sink": "SELFDESTRUCT",
"errors": 0,
"status": "unknown",
"attempts": 30,
"trace_id": "0x7fac92fa0953471d62b2a4f0bec2080700f601cdabf30b8f3e756173e76d225e",
"confirmed": false,
"trace_mode": "structLogs",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x173825d9",
"selector": "0x173825d9",
"calldata_variants": [
"0x173825d9",
"0x173825d90000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x2f54bf6e",
"selector": "0x2f54bf6e",
"calldata_variants": [
"0x2f54bf6e",
"0x2f54bf6e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x4123cb6b",
"selector": "0x4123cb6b",
"calldata_variants": [
"0x4123cb6b",
"0x4123cb6b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x5c52c2f5",
"selector": "0x5c52c2f5",
"calldata_variants": [
"0x5c52c2f5",
"0x5c52c2f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7065cb48",
"selector": "0x7065cb48",
"calldata_variants": [
"0x7065cb48",
"0x7065cb480000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x746c9171",
"selector": "0x746c9171",
"calldata_variants": [
"0x746c9171",
"0x746c91710000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x797af627",
"selector": "0x797af627",
"calldata_variants": [
"0x797af627",
"0x797af6270000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb20d30a9",
"selector": "0xb20d30a9",
"calldata_variants": [
"0xb20d30a9",
"0xb20d30a90000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 3874,
"type": "tx_origin_used"
}
],
"selfdestruct_count": 1
}
|