d7906361-51a8-4dd2-88a4-c21bd8b57582
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31548 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77915 | artifact.fetch | complete | 1 / 3 | 2 weeks ago |
| 77916 | tool.cast_disasm | complete | 1 / 3 | 2 weeks ago |
| 77917 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 77918 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 77919 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 77920 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
[codex:238] OpenAI Codex v0.77.0 (research preview)
[codex:238] --------
[codex:238] workdir: /tmp/codex-multi-44opxodo
[codex:238] model: gpt-5.2-codex
[codex:238] provider: openai
[codex:238] approval: never
[codex:238] sandbox: read-only
[codex:238] reasoning effort: xhigh
[codex:238] reasoning summaries: auto
[codex:238] session id: 019b8720-9825-7260-a4bf-0e42ab581ac3
[codex:238] --------
[codex:238] user
[codex:238] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:238]
[codex:238] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:238]
[codex:238] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:238] - Gas inefficiency, code quality, or best practices
[codex:238] - Theoretical vulnerabilities without a clear extraction path
[codex:238] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:238] - Issues requiring social engineering or off-chain coordination
[codex:238]
[codex:238] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:238] - CALL/DELEGATECALL with controllable destination or calldata
[codex:238] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:238] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:238] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:238] - External calls before state updates (reentrancy)
[codex:238] - SELFDESTRUCT with controllable beneficiary
[codex:238] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:238]
[codex:238] For each finding, you MUST explain:
[codex:238] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:238] 2. The concrete sequence of transactions to extract value
[codex:238] 3. Why you believe this is exploitable (not just suspicious)
[codex:238]
[codex:238] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:238] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:238]
[codex:238] Output MUST be valid JSON matching the provided schema.
[codex:238] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:238] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:238] mcp startup: no servers
[codex:238]
[codex:238] thinking
[codex:238] **Checking for instructions in BYTECODE_BUNDLE.txt**
[codex:238] exec
[codex:238] /bin/bash -lc ls in /tmp/codex-multi-44opxodo succeeded in 6ms:
[codex:238] BYTECODE_BUNDLE.txt
[codex:238] codex-output-schema.json
[codex:238] exec
[codex:238] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-44opxodo succeeded in 6ms:
[codex:238] Runtime bytecode bundle for best-effort auditing.
[codex:238] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:238]
[codex:238] FILE: runtime_bytecode.hex
[codex:238] 0x606060405236156100a0576000357c01000000000000000000000000000000000000000000000000000000009004806313af4035146100f957806335c1d3491461010c578063483ba09e146101e657806354ba7daa146101f95780638da5cb5b146102905780639003adfe146102c7578063a480ca79146102e8578063a60f3588146102fb578063b4b31bec1461031c578063c80c28a214610353576100a0565b6100f75b6100f46000368080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050506020604051908101604052806000815260200150610442565b5b565b005b61010a600480359060200150610c1f565b005b61011d600480359060200150610374565b60405180858152602001806020018473ffffffffffffffffffffffffffffffffffffffff16815260200180602001838103835286818154815260200191508054801561018e57820191906000526020600020905b81548152906001019060200180831161017157829003601f168201915b505083810382528481815481526020019150805480156101d357820191906000526020600020905b8154815290600101906020018083116101b657829003601f168201915b5050965050505050505060405180910390f35b6101f7600480359060200150610b99565b005b61028e6004803590602001906004018035906020019191908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505090803590602001906004018035906020019191908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509050610442565b005b61029b6004506103f6565b604051808273ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b6102d26004506103ed565b6040518082815260200191505060405180910390f35b6102f9600480359060200150610ae8565b005b6103066004506103e4565b6040518082815260200191505060405180910390f35b61032760045061041c565b604051808273ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b61035e600450610ad6565b6040518082815260200191505060405180910390f35b60006000508181548110156100025790600052602060002090600402016000915090508060000160009054906101000a900460ff169080600101600050908060020160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff169080600301600050905084565b60016000505481565b60026000505481565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60006000670de0b6b3a764000034101561048e573373ffffffffffffffffffffffffffffffffffffffff16600034604051809050600060405180830381858888f1935050505050610ad0565b60108451118061049f575060238351115b156104dc573373ffffffffffffffffffffffffffffffffffffffff16600034604051809050600060405180830381858888f1935050505050610ad0565b670de0b6b3a764000034111561052a573373ffffffffffffffffffffffffffffffffffffffff166000670de0b6b3a76400003403604051809050600060405180830381858888f19350505050505b6000600050549150600160006000508181540191508181548183558181151161065357600402816004028360005260206000209182019101610652919061056c565b8082111561064e5760006000820160006101000a81549060ff021916905560018201600050805460008255601f0160209004906000526020600020908101906105d391906105b5565b808211156105cf57600081815060009055506001016105b5565b5090565b506002820160006101000a81549073ffffffffffffffffffffffffffffffffffffffff021916905560038201600050805460008255601f0160209004906000526020600020908101906106449190610626565b808211156106405760008181506000905550600101610626565b5090565b505060010161056c565b5090565b5b50505050836000600050838154811015610002579060005260206000209060040201600050600101600050908051906020019082805482825590600052602060002090601f016020900481019282156106c9579182015b828111156106c85782518260005055916020019190600101906106aa565b5b5090506106f491906106d6565b808211156106f057600081815060009055506001016106d6565b5090565b50506000835111156107de576001600060005083815481101561000257906000526020600020906004020160005060000160006101000a81548160ff02191690830217905550826000600050838154811015610002579060005260206000209060040201600050600301600050908051906020019082805482825590600052602060002090601f016020900481019282156107ac579182015b828111156107ab57825182600050559160200191906001019061078d565b5b5090506107d791906107b9565b808211156107d357600081815060009055506001016107b9565b5090565b5050610865565b6000600060005083815481101561000257906000526020600020906004020160005060000160006101000a81548160ff0219169083021790555033600060005083815481101561000257906000526020600020906004020160005060020160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908302179055505b817f66d0ee9ee580464eb06bb7adef164c593ad3173da5b9937511307bb4646d392e60405180905060405180910390a26000821415156108be5767016345785d8a000060026000828282505401925050819055506108d9565b670de0b6b3a764000060026000828282505401925050819055505b600082141580156108ed5750600060038306145b15610acf5767257853b1dd8e0000905060006000600050600160005054815481101561000257906000526020600020906004020160005060000160009054906101000a900460ff1614156109bb576000600050600160005054815481101561000257906000526020600020906004020160005060020160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16600082604051809050600060405180830381858888f1935050505050610abb565b600460009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166302dc2e1d8260006000506001600050548154811015610002579060005260206000209060040201600050600301600050604051837c010000000000000000000000000000000000000000000000000000000002815260040180806020018281038252838181548152602001915080548015610a9557820191906000526020600020905b815481529060010190602001808311610a7857829003601f168201915b50509250505060206040518083038185886185025a03f115610002575050505060405151505b600160016000828282505401925050819055505b5b50505050565b60006000600050549050610ae5565b90565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161415610b955760006002600050541415610b5157610b96565b8073ffffffffffffffffffffffffffffffffffffffff166000600260005054604051809050600060405180830381858888f193505050505060006002600050819055505b5b50565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161415610c1b5780600460006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908302179055505b5b50565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161415610ca15780600360006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908302179055505b5b5056
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing contract bytecode and storage layout**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] print(int('016345785d8a0000',16))
[codex:238] print(int('0257853b1dd8e0000',16))
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 20ms:
[codex:238] 100000000000000000
[codex:238] 2700000000000000000
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing contract bytecode and functions**
[codex:238]
[codex:238] I'm examining the contract's bytecode to map function selectors to code offsets and understand the storage layout, aiming to identify deposit thresholds and potential payout or withdrawal mechanisms. Since the function dispatch table and opcodes look complex, I'll consider writing a Python script to disassemble the bytecode manually to better grasp function boundaries and control flow, which might reveal exploitable paths or owner controls.
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] from binascii import unhexlify
[codex:238] code = open('BYTECODE_BUNDLE.txt').read()
[codex:238] # extract hex after 0x
[codex:238] import re
[codex:238] m = re.search(r'0x[0-9a-fA-F]+', code)
[codex:238] hexcode = m.group(0)[2:]
[codex:238]
[codex:238] ops = {
[codex:238] 0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',
[codex:238] 0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',
[codex:238] 0x20:'SHA3',
[codex:238] 0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',
[codex:238] 0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',
[codex:238] 0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',
[codex:238] 0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'
[codex:238] }
[codex:238]
[codex:238] b = bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i < len(b):
[codex:238] op = b[i]
[codex:238] name = ops.get(op, None)
[codex:238] if 0x60 <= op <= 0x7f:
[codex:238] n = op-0x5f
[codex:238] data = b[i+1:i+1+n]
[codex:238] out.append((i, f'PUSH{n}', data.hex()))
[codex:238] i += 1+n
[codex:238] continue
[codex:238] elif 0x80 <= op <= 0x8f:
[codex:238] out.append((i, f'DUP{op-0x7f}', ''))
[codex:238] elif 0x90 <= op <= 0x9f:
[codex:238] out.append((i, f'SWAP{op-0x8f}', ''))
[codex:238] elif 0xa0 <= op <= 0xa4:
[codex:238] out.append((i, f'LOG{op-0x9f}', ''))
[codex:238] else:
[codex:238] out.append((i, name or f'OP{op:02x}', ''))
[codex:238] i+=1
[codex:238]
[codex:238] # print around CALL/DELEGATECALL/SELFDESTRUCT etc
[codex:238] for idx,(off,op,imm) in enumerate(out):
[codex:238] if op in ('CALL','DELEGATECALL','SELFDESTRUCT'):
[codex:238] # show context 10 ops before and after
[codex:238] start = max(0, idx-8)
[codex:238] end = min(len(out), idx+9)
[codex:238] print('--- context around', op, 'at', hex(off))
[codex:238] for o in out[start:end]:
[codex:238] off2,op2,imm2 = o
[codex:238] if imm2:
[codex:238] print(hex(off2), op2, imm2)
[codex:238] else:
[codex:238] print(hex(off2), op2)
[codex:238] print()
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 28ms:
[codex:238] --- context around CALL at 0x483
[codex:238] 0x47b MLOAD
[codex:238] 0x47c DUP1
[codex:238] 0x47d DUP4
[codex:238] 0x47e SUB
[codex:238] 0x47f DUP2
[codex:238] 0x480 DUP6
[codex:238] 0x481 DUP9
[codex:238] 0x482 DUP9
[codex:238] 0x483 CALL
[codex:238] 0x484 SWAP4
[codex:238] 0x485 POP
[codex:238] 0x486 POP
[codex:238] 0x487 POP
[codex:238] 0x488 POP
[codex:238] 0x489 POP
[codex:238] 0x48a PUSH2 0ad0
[codex:238] 0x48d JUMP
[codex:238]
[codex:238] --- context around CALL at 0x4d1
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing function boundaries via disassembly**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] from binascii import unhexlify
[codex:238] import re
[codex:238] code = open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:238] ops = {0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b = bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i < len(b):
[codex:238] op = b[i]
[codex:238] if 0x60 <= op <= 0x7f:
[codex:238] n = op-0x5f
[codex:238] data = b[i+1:i+1+n]
[codex:238] out.append((i, f'PUSH{n}', data.hex()))
[codex:238] i += 1+n
[codex:238] continue
[codex:238] elif 0x80 <= op <= 0x8f:
[codex:238] out.append((i, f'DUP{op-0x7f}', ''))
[codex:238] elif 0x90 <= op <= 0x9f:
[codex:238] out.append((i, f'SWAP{op-0x8f}', ''))
[codex:238] elif 0xa0 <= op <= 0xa4:
[codex:238] out.append((i, f'LOG{op-0x9f}', ''))
[codex:238] else:
[codex:238] out.append((i, ops.get(op,f'OP{op:02x}'), ''))
[codex:238] i += 1
[codex:238]
[codex:238] # function entry offsets
[codex:238] entries = [0xf9,0x10c,0x1e6,0x1f9,0x290,0x2c7,0x2e8,0x2fb,0x31c,0x353,0x442]
[codex:238]
[codex:238] for ent in entries:
[codex:238] print('=== Entry', hex(ent))
[codex:238] # find index
[codex:238] idx = next(i for i,(off,_,__) in enumerate(out) if off==ent)
[codex:238] for off,op,imm in out[idx:idx+40]:
[codex:238] if imm:
[codex:238] print(hex(off), op, imm)
[codex:238] else:
[codex:238] print(hex(off), op)
[codex:238] print()
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 33ms:
[codex:238] === Entry 0xf9
[codex:238] 0xf9 JUMPDEST
[codex:238] 0xfa PUSH2 010a
[codex:238] 0xfd PUSH1 04
[codex:238] 0xff DUP1
[codex:238] 0x100 CALLDATALOAD
[codex:238] 0x101 SWAP1
[codex:238] 0x102 PUSH1 20
[codex:238] 0x104 ADD
[codex:238] 0x105 POP
[codex:238] 0x106 PUSH2 0c1f
[codex:238] 0x109 JUMP
[codex:238] 0x10a JUMPDEST
[codex:238] 0x10b STOP
[codex:238] 0x10c JUMPDEST
[codex:238] 0x10d PUSH2 011d
[codex:238] 0x110 PUSH1 04
[codex:238] 0x112 DUP1
[codex:238] 0x113 CALLDATALOAD
[codex:238] 0x114 SWAP1
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing contract entry points**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] from binascii import unhexlify
[codex:238] import re
[codex:238] code = open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:238]
[codex:238] # simple disasm
[codex:238] ops = {0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b = bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i < len(b):
[codex:238] op = b[i]
[codex:238] if 0x60 <= op <= 0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] # print from 0x80 to 0x120
[codex:238] for off,op,imm in out:
[codex:238] if 0x80 <= off <= 0x120:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 27ms:
[codex:238] 0x81 EQ
[codex:238] 0x82 PUSH2 02fb
[codex:238] 0x85 JUMPI
[codex:238] 0x86 DUP1
[codex:238] 0x87 PUSH4 b4b31bec
[codex:238] 0x8c EQ
[codex:238] 0x8d PUSH2 031c
[codex:238] 0x90 JUMPI
[codex:238] 0x91 DUP1
[codex:238] 0x92 PUSH4 c80c28a2
[codex:238] 0x97 EQ
[codex:238] 0x98 PUSH2 0353
[codex:238] 0x9b JUMPI
[codex:238] 0x9c PUSH2 00a0
[codex:238] 0x9f JUMP
[codex:238] 0xa0 JUMPDEST
[codex:238] 0xa1 PUSH2 00f7
[codex:238] 0xa4 JUMPDEST
[codex:238] 0xa5 PUSH2 00f4
[codex:238] 0xa8 PUSH1 00
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing fallback behavior and calldata handling**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] from binascii import unhexlify
[codex:238] import re
[codex:238] code = open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode = re.search(r'0x[0-9a-fA-F]+', code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] # show around 0x0b80-0x0ca8 etc
[codex:238] for off,op,imm in out:
[codex:238] if 0xb60 <= off <= 0xca8:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 26ms:
[codex:238] 0xb68 AND
[codex:238] 0xb69 PUSH1 00
[codex:238] 0xb6b PUSH1 02
[codex:238] 0xb6d PUSH1 00
[codex:238] 0xb6f POP
[codex:238] 0xb70 SLOAD
[codex:238] 0xb71 PUSH1 40
[codex:238] 0xb73 MLOAD
[codex:238] 0xb74 DUP1
[codex:238] 0xb75 SWAP1
[codex:238] 0xb76 POP
[codex:238] 0xb77 PUSH1 00
[codex:238] 0xb79 PUSH1 40
[codex:238] 0xb7b MLOAD
[codex:238] 0xb7c DUP1
[codex:238] 0xb7d DUP4
[codex:238] 0xb7e SUB
[codex:238] 0xb7f DUP2
[codex:238] 0xb80 DUP6
[codex:238] 0xb81 DUP9
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing owner-only storage functions**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0x3d0 <= off <= 0x430:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 27ms:
[codex:238] 0x3d7 AND
[codex:238] 0x3d8 SWAP1
[codex:238] 0x3d9 DUP1
[codex:238] 0x3da PUSH1 03
[codex:238] 0x3dc ADD
[codex:238] 0x3dd PUSH1 00
[codex:238] 0x3df POP
[codex:238] 0x3e0 SWAP1
[codex:238] 0x3e1 POP
[codex:238] 0x3e2 DUP5
[codex:238] 0x3e3 JUMP
[codex:238] 0x3e4 JUMPDEST
[codex:238] 0x3e5 PUSH1 01
[codex:238] 0x3e7 PUSH1 00
[codex:238] 0x3e9 POP
[codex:238] 0x3ea SLOAD
[codex:238] 0x3eb DUP2
[codex:238] 0x3ec JUMP
[codex:238] 0x3ed JUMPDEST
[codex:238] 0x3ee PUSH1 02
[codex:238]
[codex:238] thinking
[codex:238] **Continuing process**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0x41c <= off <= 0x460:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 28ms:
[codex:238] 0x41c JUMPDEST
[codex:238] 0x41d PUSH1 04
[codex:238] 0x41f PUSH1 00
[codex:238] 0x421 SWAP1
[codex:238] 0x422 SLOAD
[codex:238] 0x423 SWAP1
[codex:238] 0x424 PUSH2 0100
[codex:238] 0x427 EXP
[codex:238] 0x428 SWAP1
[codex:238] 0x429 DIV
[codex:238] 0x42a PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238] 0x43f AND
[codex:238] 0x440 DUP2
[codex:238] 0x441 JUMP
[codex:238] 0x442 JUMPDEST
[codex:238] 0x443 PUSH1 00
[codex:238] 0x445 PUSH1 00
[codex:238] 0x447 PUSH8 0de0b6b3a7640000
[codex:238] 0x450 CALLVALUE
[codex:238] 0x451 LT
[codex:238]
[codex:238] thinking
[codex:238] **Mapping storage slots and selectors**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0x0ab0 <= off <= 0x0b30:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 24ms:
[codex:238] 0xab1 JUMPI
[codex:238] 0xab2 POP
[codex:238] 0xab3 POP
[codex:238] 0xab4 POP
[codex:238] 0xab5 POP
[codex:238] 0xab6 PUSH1 40
[codex:238] 0xab8 MLOAD
[codex:238] 0xab9 MLOAD
[codex:238] 0xaba POP
[codex:238] 0xabb JUMPDEST
[codex:238] 0xabc PUSH1 01
[codex:238] 0xabe PUSH1 01
[codex:238] 0xac0 PUSH1 00
[codex:238] 0xac2 DUP3
[codex:238] 0xac3 DUP3
[codex:238] 0xac4 DUP3
[codex:238] 0xac5 POP
[codex:238] 0xac6 SLOAD
[codex:238] 0xac7 ADD
[codex:238] 0xac8 SWAP3
[codex:238]
[codex:238] thinking
[codex:238] **Checking code around 0xae8**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0xae8 <= off <= 0xb10:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 26ms:
[codex:238] 0xae8 JUMPDEST
[codex:238] 0xae9 PUSH1 03
[codex:238] 0xaeb PUSH1 00
[codex:238] 0xaed SWAP1
[codex:238] 0xaee SLOAD
[codex:238] 0xaef SWAP1
[codex:238] 0xaf0 PUSH2 0100
[codex:238] 0xaf3 EXP
[codex:238] 0xaf4 SWAP1
[codex:238] 0xaf5 DIV
[codex:238] 0xaf6 PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238] 0xb0b AND
[codex:238] 0xb0c PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238]
[codex:238] thinking
[codex:238] **Continuing extension**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0xb0c <= off <= 0xb70:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 24ms:
[codex:238] 0xb0c PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238] 0xb21 AND
[codex:238] 0xb22 CALLER
[codex:238] 0xb23 PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238] 0xb38 AND
[codex:238] 0xb39 EQ
[codex:238] 0xb3a ISZERO
[codex:238] 0xb3b PUSH2 0b95
[codex:238] 0xb3e JUMPI
[codex:238] 0xb3f PUSH1 00
[codex:238] 0xb41 PUSH1 02
[codex:238] 0xb43 PUSH1 00
[codex:238] 0xb45 POP
[codex:238] 0xb46 SLOAD
[codex:238] 0xb47 EQ
[codex:238] 0xb48 ISZERO
[codex:238] 0xb49 PUSH2 0b51
[codex:238] 0xb4c JUMPI
[codex:238] 0xb4d PUSH2 0b96
[codex:238] 0xb50 JUMP
[codex:238]
[codex:238] thinking
[codex:238] **Continuing with exploration**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] for off,op,imm in out:
[codex:238] if 0xb70 <= off <= 0xbb0:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 24ms:
[codex:238] 0xb70 SLOAD
[codex:238] 0xb71 PUSH1 40
[codex:238] 0xb73 MLOAD
[codex:238] 0xb74 DUP1
[codex:238] 0xb75 SWAP1
[codex:238] 0xb76 POP
[codex:238] 0xb77 PUSH1 00
[codex:238] 0xb79 PUSH1 40
[codex:238] 0xb7b MLOAD
[codex:238] 0xb7c DUP1
[codex:238] 0xb7d DUP4
[codex:238] 0xb7e SUB
[codex:238] 0xb7f DUP2
[codex:238] 0xb80 DUP6
[codex:238] 0xb81 DUP9
[codex:238] 0xb82 DUP9
[codex:238] 0xb83 CALL
[codex:238] 0xb84 SWAP4
[codex:238] 0xb85 POP
[codex:238] 0xb86 POP
[codex:238]
[codex:238] thinking
[codex:238] **Dissecting owner-only withdraw logic and deposit risks**
[codex:238]
[codex:238] I’m analyzing a function that seems to let the owner withdraw funds to a provided address, checking a slot’s value before proceeding, and ensuring only the owner can call it. The address arg is unvalidated but owner-limited, so likely safe. Now I’m shifting focus to the deposit function and loops that might payout in ways ripe for reentrancy exploits, trying to see if the contract’s pyramid payout logic could be abused. Next, I want to disassemble the deposit function fully to grasp its flow and mutation of storage.
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238]
[codex:238] i=0
[codex:238] out=[]
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] start=0x442
[codex:238] end=0x0ad0
[codex:238] for off,op,imm in out:
[codex:238] if start <= off <= end:
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 29ms:
[codex:238] 0x442 JUMPDEST
[codex:238] 0x443 PUSH1 00
[codex:238] 0x445 PUSH1 00
[codex:238] 0x447 PUSH8 0de0b6b3a7640000
[codex:238] 0x450 CALLVALUE
[codex:238] 0x451 LT
[codex:238] 0x452 ISZERO
[codex:238] 0x453 PUSH2 048e
[codex:238] 0x456 JUMPI
[codex:238] 0x457 CALLER
[codex:238] 0x458 PUSH20 ffffffffffffffffffffffffffffffffffffffff
[codex:238] 0x46d AND
[codex:238] 0x46e PUSH1 00
[codex:238] 0x470 CALLVALUE
[codex:238] 0x471 PUSH1 40
[codex:238] 0x473 MLOAD
[codex:238] 0x474 DUP1
[codex:238] 0x475 SWAP1
[codex:238] 0x476 POP
[codex:238] 0x477 PUSH1 00
[codex:238]
[codex:238]
[codex:238]
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing reentrancy vulnerability**
[codex:238] thinking
[codex:238] **Assessing reentrancy exploit feasibility**
[codex:238]
[codex:238] This is quite detailed! I’m looking closely at whether the payout call before state updates allows a reentrant deposit to trigger multiple payouts for the same participant index. From what I see, the payout index increments only after sending ETH, so reentrant calls could reuse the same index and get paid repeatedly within one transaction. Still, some conditions must be met for repeated payouts, and the exact payout triggers involve modulo checks and counters. I’m exploring how realistically an attacker could exploit this to drain contract funds by recursively reentering during their payout callback.
[codex:238] thinking
[codex:238] **Examining payout conditions and reentrancy impact**
[codex:238]
[codex:238] I’m untangling how the payout modulo checks relate to deposit counts and payout index to see if reentrancy can trigger multiple payouts before state updates. The payout seems triggered every third deposit, so a reentrant deposit could disrupt that pattern by altering participant count mid-execution. I’m trying to pinpoint which variable the contract uses in modulo and how that affects repeated payout possibility during reentrancy, since that’s key to understanding if draining funds is actually possible.
[codex:238] thinking
[codex:238] **Confirming payout index usage and state updates**
[codex:238]
[codex:238] I'm verifying that the payout index stored in slot1 is indeed used to select the payout recipient before incrementing after the external call, which supports the possibility of reentrancy paying the same participant multiple times. I’m also reviewing writes to slot1 during the deposit function to ensure no state update happens before the payout call that would block reentrancy abuse. This should clarify whether a concrete exploit path exists.
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238]
[codex:238] # disassemble with offsets
[codex:238] b=bytes.fromhex(hexcode)
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] out=[]
[codex:238] i=0
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] # find sequences of PUSH1 01; PUSH1 00; POP; SLOAD
[codex:238] for idx in range(len(out)-3):
[codex:238] if out[idx][1]=='PUSH1' and out[idx][2]=='01' and out[idx+1][1]=='PUSH1' and out[idx+1][2]=='00' and out[idx+2][1]=='POP' and out[idx+3][1]=='SLOAD':
[codex:238] off = out[idx][0]
[codex:238] print('sequence at', hex(off))
[codex:238] # print 6 ops before and after
[codex:238] start=max(0, idx-4)
[codex:238] end=min(len(out), idx+8)
[codex:238] for o in out[start:end]:
[codex:238] off2,op,imm=o
[codex:238] if imm:
[codex:238] print(hex(off2),op,imm)
[codex:238] else:
[codex:238] print(hex(off2),op)
[codex:238] print()
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 25ms:
[codex:238] sequence at 0x3e5
[codex:238] 0x3e1 POP
[codex:238] 0x3e2 DUP5
[codex:238] 0x3e3 JUMP
[codex:238] 0x3e4 JUMPDEST
[codex:238] 0x3e5 PUSH1 01
[codex:238] 0x3e7 PUSH1 00
[codex:238] 0x3e9 POP
[codex:238] 0x3ea SLOAD
[codex:238] 0x3eb DUP2
[codex:238] 0x3ec JUMP
[codex:238] 0x3ed JUMPDEST
[codex:238] 0x3ee PUSH1 02
[codex:238]
[codex:238] sequence at 0x905
[codex:238] 0x8fe PUSH1 00
[codex:238] 0x900 PUSH1 00
[codex:238] 0x902 PUSH1 00
[codex:238] 0x904 POP
[codex:238] 0x905 PUSH1 01
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing slot1 usage and increments**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238]
[codex:238] b=bytes.fromhex(hexcode)
[codex:238] ops={0x00:'STOP',0x01:'ADD',0x02:'MUL',0x03:'SUB',0x04:'DIV',0x05:'SDIV',0x06:'MOD',0x07:'SMOD',0x08:'ADDMOD',0x09:'MULMOD',0x0a:'EXP',0x0b:'SIGNEXTEND',0x10:'LT',0x11:'GT',0x12:'SLT',0x13:'SGT',0x14:'EQ',0x15:'ISZERO',0x16:'AND',0x17:'OR',0x18:'XOR',0x19:'NOT',0x1a:'BYTE',0x1b:'SHL',0x1c:'SHR',0x1d:'SAR',0x20:'SHA3',0x30:'ADDRESS',0x31:'BALANCE',0x32:'ORIGIN',0x33:'CALLER',0x34:'CALLVALUE',0x35:'CALLDATALOAD',0x36:'CALLDATASIZE',0x37:'CALLDATACOPY',0x38:'CODESIZE',0x39:'CODECOPY',0x3a:'GASPRICE',0x3b:'EXTCODESIZE',0x3c:'EXTCODECOPY',0x3d:'RETURNDATASIZE',0x3e:'RETURNDATACOPY',0x3f:'EXTCODEHASH',0x40:'BLOCKHASH',0x41:'COINBASE',0x42:'TIMESTAMP',0x43:'NUMBER',0x44:'DIFFICULTY',0x45:'GASLIMIT',0x46:'CHAINID',0x47:'SELFBALANCE',0x48:'BASEFEE',0x50:'POP',0x51:'MLOAD',0x52:'MSTORE',0x53:'MSTORE8',0x54:'SLOAD',0x55:'SSTORE',0x56:'JUMP',0x57:'JUMPI',0x58:'PC',0x59:'MSIZE',0x5a:'GAS',0x5b:'JUMPDEST',0x5c:'TLOAD',0x5d:'TSTORE',0x5e:'MCOPY',0xf0:'CREATE',0xf1:'CALL',0xf2:'CALLCODE',0xf3:'RETURN',0xf4:'DELEGATECALL',0xf5:'CREATE2',0xfa:'STATICCALL',0xfd:'REVERT',0xfe:'INVALID',0xff:'SELFDESTRUCT'}
[codex:238]
[codex:238] out=[]
[codex:238] i=0
[codex:238] while i<len(b):
[codex:238] op=b[i]
[codex:238] if 0x60<=op<=0x7f:
[codex:238] n=op-0x5f
[codex:238] data=b[i+1:i+1+n]
[codex:238] out.append((i,f'PUSH{n}',data.hex()))
[codex:238] i+=1+n
[codex:238] continue
[codex:238] elif 0x80<=op<=0x8f:
[codex:238] out.append((i,f'DUP{op-0x7f}',''))
[codex:238] elif 0x90<=op<=0x9f:
[codex:238] out.append((i,f'SWAP{op-0x8f}',''))
[codex:238] elif 0xa0<=op<=0xa4:
[codex:238] out.append((i,f'LOG{op-0x9f}',''))
[codex:238] else:
[codex:238] out.append((i,ops.get(op,f'OP{op:02x}'),''))
[codex:238] i+=1
[codex:238]
[codex:238] # find PUSH1 01 ... POP ... SSTORE pattern
[codex:238] for idx in range(len(out)-4):
[codex:238] if out[idx][1]=='PUSH1' and out[idx][2]=='01' and out[idx+1][1]=='PUSH1' and out[idx+1][2]=='00' and out[idx+2][1]=='POP' and out[idx+3][1]=='SSTORE':
[codex:238] print('pattern at', hex(out[idx][0]))
[codex:238] for o in out[idx-3:idx+6]:
[codex:238] off,op,imm=o
[codex:238] if imm:
[codex:238] print(hex(off),op,imm)
[codex:238] else:
[codex:238] print(hex(off),op)
[codex:238] print()
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 26ms:
[codex:238]
[codex:238]
[codex:238] thinking
[codex:238] **Checking for selfdestruct instructions**
[codex:238] exec
[codex:238] /bin/bash -lc "python - <<'PY'
[codex:238] import re
[codex:238] code=open('BYTECODE_BUNDLE.txt').read()
[codex:238] hexcode=re.search(r'0x[0-9a-fA-F]+',code).group(0)[2:]
[codex:238] print('SELFDESTRUCT' in hexcode)
[codex:238] PY" in /tmp/codex-multi-44opxodo succeeded in 25ms:
[codex:238] False
[codex:238]
[codex:238] thinking
[codex:238] **Analyzing bytecode for exploitable paths**
[codex:238] codex
[codex:238] {"no_findings":true,"summary":"Reviewed the full runtime bytecode bundle. External calls either refund the caller or pay addresses drawn from storage under normal game/payout logic, and owner-only setters/withdrawals gate privileged state changes. No unprotected CALL/DELEGATECALL, SELFDESTRUCT, or controllable-value transfer path that yields a concrete, repeatable profit opportunity was identified from bytecode alone.","findings":[]}
[codex:238] tokens used
[codex:238] 100,871
[codex:238] {"no_findings":true,"summary":"Reviewed the full runtime bytecode bundle. External calls either refund the caller or pay addresses drawn from storage under normal game/payout logic, and owner-only setters/withdrawals gate privileged state changes. No unprotected CALL/DELEGATECALL, SELFDESTRUCT, or controllable-value transfer path that yields a concrete, repeatable profit opportunity was identified from bytecode alone.","findings":[]}
{
"codex": {
"ran_at": "2026-01-04T04:00:05.123295+00:00",
"returncode": 0
},
"summary": "Reviewed the full runtime bytecode bundle. External calls either refund the caller or pay addresses drawn from storage under normal game/payout logic, and owner-only setters/withdrawals gate privileged state changes. No unprotected CALL/DELEGATECALL, SELFDESTRUCT, or controllable-value transfer path that yields a concrete, repeatable profit opportunity was identified from bytecode alone.",
"raw_final": {
"summary": "Reviewed the full runtime bytecode bundle. External calls either refund the caller or pay addresses drawn from storage under normal game/payout logic, and owner-only setters/withdrawals gate privileged state changes. No unprotected CALL/DELEGATECALL, SELFDESTRUCT, or controllable-value transfer path that yields a concrete, repeatable profit opportunity was identified from bytecode alone.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: ISZERO 00000007: PUSH2 0x00a0 0000000a: JUMPI 0000000b: PUSH1 0x00 0000000d: CALLDATALOAD 0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 0000002c: SWAP1 0000002d: DIV 0000002e: DUP1 0000002f: PUSH4 0x13af4035 00000034: EQ 00000035: PUSH2 0x00f9 00000038: JUMPI 00000039: DUP1 0000003a: PUSH4 0x35c1d349 0000003f: EQ 00000040: PUSH2 0x010c 00000043: JUMPI 00000044: DUP1 00000045: PUSH4 0x483ba09e 0000004a: EQ 0000004b: PUSH2 0x01e6 0000004e: JUMPI 0000004f: DUP1 00000050: PUSH4 0x54ba7daa 00000055: EQ 00000056: PUSH2 0x01f9 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x8da5cb5b 00000060: EQ 00000061: PUSH2 0x0290 00000064: JUMPI 00000065: DUP1 00000066: PUSH4 0x9003adfe 0000006b: EQ 0000006c: PUSH2 0x02c7 0000006f: JUMPI 00000070: DUP1 00000071: PUSH4 0xa480ca79 00000076: EQ 00000077: PUSH2 0x02e8 0000007a: JUMPI 0000007b: DUP1 0000007c: PUSH4 0xa60f3588 00000081: EQ 00000082: PUSH2 0x02fb 00000085: JUMPI 00000086: DUP1 00000087: PUSH4 0xb4b31bec 0000008c: EQ 0000008d: PUSH2 0x031c 00000090: JUMPI 00000091: DUP1 00000092: PUSH4 0xc80c28a2 00000097: EQ 00000098: PUSH2 0x0353 0000009b: JUMPI 0000009c: PUSH2 0x00a0 0000009f: JUMP 000000a0: JUMPDEST 000000a1: PUSH2 0x00f7 000000a4: JUMPDEST 000000a5: PUSH2 0x00f4 000000a8: PUSH1 0x00 000000aa: CALLDATASIZE 000000ab: DUP1 000000ac: DUP1 000000ad: PUSH1 0x1f 000000af: ADD 000000b0: PUSH1 0x20 000000b2: DUP1 000000b3: SWAP2 000000b4: DIV 000000b5: MUL 000000b6: PUSH1 0x20 000000b8: ADD 000000b9: PUSH1 0x40 000000bb: MLOAD 000000bc: SWAP1 000000bd: DUP2 000000be: ADD 000000bf: PUSH1 0x40 000000c1: MSTORE 000000c2: DUP1 000000c3: SWAP4 000000c4: SWAP3 000000c5: SWAP2 000000c6: SWAP1 000000c7: DUP2 000000c8: DUP2 000000c9: MSTORE 000000ca: PUSH1 0x20 000000cc: ADD 000000cd: DUP4 000000ce: DUP4 000000cf: DUP1 000000d0: DUP3 000000d1: DUP5 000000d2: CALLDATACOPY 000000d3: DUP3 000000d4: ADD 000000d5: SWAP2 000000d6: POP 000000d7: POP 000000d8: POP 000000d9: POP 000000da: POP 000000db: POP 000000dc: PUSH1 0x20 000000de: PUSH1 0x40 000000e0: MLOAD 000000e1: SWAP1 000000e2: DUP2 000000e3: ADD 000000e4: PUSH1 0x40 000000e6: MSTORE 000000e7: DUP1 000000e8: PUSH1 0x00 000000ea: DUP2 000000eb: MSTORE 000000ec: PUSH1 0x20 000000ee: ADD 000000ef: POP 000000f0: PUSH2 0x0442 000000f3: JUMP 000000f4: JUMPDEST 000000f5: JUMPDEST 000000f6: JUMP 000000f7: JUMPDEST 000000f8: STOP 000000f9: JUMPDEST 000000fa: PUSH2 0x010a 000000fd: PUSH1 0x04 000000ff: DUP1 00000100: CALLDATALOAD 00000101: SWAP1 00000102: PUSH1 0x20 00000104: ADD 00000105: POP 00000106: PUSH2 0x0c1f 00000109: JUMP 0000010a: JUMPDEST 0000010b: STOP 0000010c: JUMPDEST 0000010d: PUSH2 0x011d 00000110: PUSH1 0x04 00000112: DUP1 00000113: CALLDATALOAD 00000114: SWAP1 00000115: PUSH1 0x20 00000117: ADD 00000118: POP 00000119: PUSH2 0x0374 0000011c: JUMP 0000011d: JUMPDEST 0000011e: PUSH1 0x40 00000120: MLOAD 00000121: DUP1 00000122: DUP6 00000123: DUP2 00000124: MSTORE 00000125: PUSH1 0x20 00000127: ADD 00000128: DUP1 00000129: PUSH1 0x20 0000012b: ADD 0000012c: DUP5 0000012d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000142: AND 00000143: DUP2 00000144: MSTORE 00000145: PUSH1 0x20 00000147: ADD 00000148: DUP1 00000149: PUSH1 0x20 0000014b: ADD 0000014c: DUP4 0000014d: DUP2 0000014e: SUB 0000014f: DUP4 00000150: MSTORE 00000151: DUP7 00000152: DUP2 00000153: DUP2 00000154: SLOAD 00000155: DUP2 00000156: MSTORE 00000157: PUSH1 0x20 00000159: ADD 0000015a: SWAP2 0000015b: POP 0000015c: DUP1 0000015d: SLOAD 0000015e: DUP1 0000015f: ISZERO 00000160: PUSH2 0x018e 00000163: JUMPI 00000164: DUP3 00000165: ADD 00000166: SWAP2 00000167: SWAP1 00000168: PUSH1 0x00 0000016a: MSTORE 0000016b: PUSH1 0x20 0000016d: PUSH1 0x00 0000016f: KECCAK256 00000170: SWAP1 00000171: JUMPDEST 00000172: DUP2 00000173: SLOAD 00000174: DUP2 00000175: MSTORE 00000176: SWAP1 00000177: PUSH1 0x01 00000179: ADD 0000017a: SWAP1 0000017b: PUSH1 0x20 0000017d: ADD 0000017e: DUP1 0000017f: DUP4 00000180: GT 00000181: PUSH2 0x0171 00000184: JUMPI 00000185: DUP3 00000186: SWAP1 00000187: SUB 00000188: PUSH1 0x1f 0000018a: AND 0000018b: DUP3 0000018c: ADD 0000018d: SWAP2 0000018e: JUMPDEST 0000018f: POP 00000190: POP 00000191: DUP4 00000192: DUP2 00000193: SUB 00000194: DUP3 00000195: MSTORE 00000196: DUP5 00000197: DUP2 00000198: DUP2 00000199: SLOAD 0000019a: DUP2 0000019b: MSTORE 0000019c: PUSH1 0x20 0000019e: ADD 0000019f: SWAP2 000001a0: POP 000001a1: DUP1 000001a2: SLOAD 000001a3: DUP1 000001a4: ISZERO 000001a5: PUSH2 0x01d3 000001a8: JUMPI 000001a9: DUP3 000001aa: ADD 000001ab: SWAP2 000001ac: SWAP1 000001ad: PUSH1 0x00 000001af: MSTORE 000001b0: PUSH1 0x20 000001b2: PUSH1 0x00 000001b4: KECCAK256 000001b5: SWAP1 000001b6: JUMPDEST 000001b7: DUP2 000001b8: SLOAD 000001b9: DUP2 000001ba: MSTORE 000001bb: SWAP1 000001bc: PUSH1 0x01 000001be: ADD 000001bf: SWAP1 000001c0: PUSH1 0x20 000001c2: ADD 000001c3: DUP1 000001c4: DUP4 000001c5: GT 000001c6: PUSH2 0x01b6 000001c9: JUMPI 000001ca: DUP3 000001cb: SWAP1 000001cc: SUB 000001cd: PUSH1 0x1f 000001cf: AND 000001d0: DUP3 000001d1: ADD 000001d2: SWAP2 000001d3: JUMPDEST 000001d4: POP 000001d5: POP 000001d6: SWAP7 000001d7: POP 000001d8: POP 000001d9: POP 000001da: POP 000001db: POP 000001dc: POP 000001dd: POP 000001de: PUSH1 0x40 000001e0: MLOAD 000001e1: DUP1 000001e2: SWAP2 000001e3: SUB 000001e4: SWAP1 000001e5: RETURN 000001e6: JUMPDEST 000001e7: PUSH2 0x01f7 000001ea: PUSH1 0x04 000001ec: DUP1 000001ed: CALLDATALOAD 000001ee: SWAP1 000001ef: PUSH1 0x20 000001f1: ADD 000001f2: POP 000001f3: PUSH2 0x0b99 000001f6: JUMP 000001f7: JUMPDEST 000001f8: STOP 000001f9: JUMPDEST 000001fa: PUSH2 0x028e 000001fd: PUSH1 0x04 000001ff: DUP1 00000200: CALLDATALOAD 00000201: SWAP1 00000202: PUSH1 0x20 00000204: ADD 00000205: SWAP1 00000206: PUSH1 0x04 00000208: ADD 00000209: DUP1 0000020a: CALLDATALOAD 0000020b: SWAP1 0000020c: PUSH1 0x20 0000020e: ADD 0000020f: SWAP2 00000210: SWAP2 00000211: SWAP1 00000212: DUP1 00000213: DUP1 00000214: PUSH1 0x1f 00000216: ADD 00000217: PUSH1 0x20 00000219: DUP1 0000021a: SWAP2 0000021b: DIV 0000021c: MUL 0000021d: PUSH1 0x20 0000021f: ADD 00000220: PUSH1 0x40 00000222: MLOAD 00000223: SWAP1 00000224: DUP2 00000225: ADD 00000226: PUSH1 0x40 00000228: MSTORE 00000229: DUP1 0000022a: SWAP4 0000022b: SWAP3 0000022c: SWAP2 0000022d: SWAP1 0000022e: DUP2 0000022f: DUP2 00000230: MSTORE 00000231: PUSH1 0x20 00000233: ADD 00000234: DUP4 00000235: DUP4 00000236: DUP1 00000237: DUP3 00000238: DUP5 00000239: CALLDATACOPY 0000023a: DUP3 0000023b: ADD 0000023c: SWAP2 0000023d: POP 0000023e: POP 0000023f: POP 00000240: POP 00000241: POP 00000242: POP 00000243: SWAP1 00000244: DUP1 00000245: CALLDATALOAD 00000246: SWAP1 00000247: PUSH1 0x20 00000249: ADD 0000024a: SWAP1 0000024b: PUSH1 0x04 0000024d: ADD 0000024e: DUP1 0000024f: CALLDATALOAD 00000250: SWAP1 00000251: PUSH1 0x20 00000253: ADD 00000254: SWAP2 00000255: SWAP2 00000256: SWAP1 00000257: DUP1 00000258: DUP1 00000259: PUSH1 0x1f 0000025b: ADD 0000025c: PUSH1 0x20 0000025e: DUP1 0000025f: SWAP2 00000260: DIV 00000261: MUL 00000262: PUSH1 0x20 00000264: ADD 00000265: PUSH1 0x40 00000267: MLOAD 00000268: SWAP1 00000269: DUP2 0000026a: ADD 0000026b: PUSH1 0x40 0000026d: MSTORE 0000026e: DUP1 0000026f: SWAP4 00000270: SWAP3 00000271: SWAP2 00000272: SWAP1 00000273: DUP2 00000274: DUP2 00000275: MSTORE 00000276: PUSH1 0x20 00000278: ADD 00000279: DUP4 0000027a: DUP4 0000027b: DUP1 0000027c: DUP3 0000027d: DUP5 0000027e: CALLDATACOPY 0000027f: DUP3 00000280: ADD 00000281: SWAP2 00000282: POP 00000283: POP 00000284: POP 00000285: POP 00000286: POP 00000287: POP 00000288: SWAP1 00000289: POP 0000028a: PUSH2 0x0442 0000028d: JUMP 0000028e: JUMPDEST 0000028f: STOP 00000290: JUMPDEST 00000291: PUSH2 0x029b 00000294: PUSH1 0x04 00000296: POP 00000297: PUSH2 0x03f6 0000029a: JUMP 0000029b: JUMPDEST 0000029c: PUSH1 0x40 0000029e: MLOAD 0000029f: DUP1 000002a0: DUP3 000002a1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000002b6: AND 000002b7: DUP2 000002b8: MSTORE 000002b9: PUSH1 0x20 000002bb: ADD 000002bc: SWAP2 000002bd: POP 000002be: POP 000002bf: PUSH1 0x40 000002c1: MLOAD 000002c2: DUP1 000002c3: SWAP2 000002c4: SUB 000002c5: SWAP1 000002c6: RETURN 000002c7: JUMPDEST 000002c8: PUSH2 0x02d2 000002cb: PUSH1 0x04 000002cd: POP 000002ce: PUSH2 0x03ed 000002d1: JUMP 000002d2: JUMPDEST 000002d3: PUSH1 0x40 000002d5: MLOAD 000002d6: DUP1 000002d7: DUP3 000002d8: DUP2 000002d9: MSTORE 000002da: PUSH1 0x20 000002dc: ADD 000002dd: SWAP2 000002de: POP 000002df: POP 000002e0: PUSH1 0x40 000002e2: MLOAD 000002e3: DUP1 000002e4: SWAP2 000002e5: SUB 000002e6: SWAP1 000002e7: RETURN 000002e8: JUMPDEST 000002e9: PUSH2 0x02f9 000002ec: PUSH1 0x04 000002ee: DUP1 000002ef: CALLDATALOAD 000002f0: SWAP1 000002f1: PUSH1 0x20 000002f3: ADD 000002f4: POP 000002f5: PUSH2 0x0ae8 000002f8: JUMP 000002f9: JUMPDEST 000002fa: STOP 000002fb: JUMPDEST 000002fc: PUSH2 0x0306 000002ff: PUSH1 0x04 00000301: POP 00000302: PUSH2 0x03e4 00000305: JUMP 00000306: JUMPDEST 00000307: PUSH1 0x40 00000309: MLOAD 0000030a: DUP1 0000030b: DUP3 0000030c: DUP2 0000030d: MSTORE 0000030e: PUSH1 0x20 00000310: ADD 00000311: SWAP2 00000312: POP 00000313: POP 00000314: PUSH1 0x40 00000316: MLOAD 00000317: DUP1 00000318: SWAP2 00000319: SUB 0000031a: SWAP1 0000031b: RETURN 0000031c: JUMPDEST 0000031d: PUSH2 0x0327 00000320: PUSH1 0x04 00000322: POP 00000323: PUSH2 0x041c 00000326: JUMP 00000327: JUMPDEST 00000328: PUSH1 0x40 0000032a: MLOAD 0000032b: DUP1 0000032c: DUP3 0000032d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000342: AND 00000343: DUP2 00000344: MSTORE 00000345: PUSH1 0x20 00000347: ADD 00000348: SWAP2 00000349: POP 0000034a: POP 0000034b: PUSH1 0x40 0000034d: MLOAD 0000034e: DUP1 0000034f: SWAP2 00000350: SUB 00000351: SWAP1 00000352: RETURN 00000353: JUMPDEST 00000354: PUSH2 0x035e 00000357: PUSH1 0x04 00000359: POP 0000035a: PUSH2 0x0ad6 0000035d: JUMP 0000035e: JUMPDEST 0000035f: PUSH1 0x40 00000361: MLOAD 00000362: DUP1 00000363: DUP3 00000364: DUP2 00000365: MSTORE 00000366: PUSH1 0x20 00000368: ADD 00000369: SWAP2 0000036a: POP 0000036b: POP 0000036c: PUSH1 0x40 0000036e: MLOAD 0000036f: DUP1 00000370: SWAP2 00000371: SUB 00000372: SWAP1 00000373: RETURN 00000374: JUMPDEST 00000375: PUSH1 0x00 00000377: PUSH1 0x00 00000379: POP 0000037a: DUP2 0000037b: DUP2 0000037c: SLOAD 0000037d: DUP2 0000037e: LT 0000037f: ISZERO 00000380: PUSH2 0x0002 00000383: JUMPI 00000384: SWAP1 00000385: PUSH1 0x00 00000387: MSTORE 00000388: PUSH1 0x20 0000038a: PUSH1 0x00 0000038c: KECCAK256 0000038d: SWAP1 0000038e: PUSH1 0x04 00000390: MUL 00000391: ADD 00000392: PUSH1 0x00 00000394: SWAP2 00000395: POP 00000396: SWAP1 00000397: POP 00000398: DUP1 00000399: PUSH1 0x00 0000039b: ADD 0000039c: PUSH1 0x00 0000039e: SWAP1 0000039f: SLOAD 000003a0: SWAP1 000003a1: PUSH2 0x0100 000003a4: EXP 000003a5: SWAP1 000003a6: DIV 000003a7: PUSH1 0xff 000003a9: AND 000003aa: SWAP1 000003ab: DUP1 000003ac: PUSH1 0x01 000003ae: ADD 000003af: PUSH1 0x00 000003b1: POP 000003b2: SWAP1 000003b3: DUP1 000003b4: PUSH1 0x02 000003b6: ADD 000003b7: PUSH1 0x00 000003b9: SWAP1 000003ba: SLOAD 000003bb: SWAP1 000003bc: PUSH2 0x0100 000003bf: EXP 000003c0: SWAP1 000003c1: DIV 000003c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000003d7: AND 000003d8: SWAP1 000003d9: DUP1 000003da: PUSH1 0x03 000003dc: ADD 000003dd: PUSH1 0x00 000003df: POP 000003e0: SWAP1 000003e1: POP 000003e2: DUP5 000003e3: JUMP 000003e4: JUMPDEST 000003e5: PUSH1 0x01 000003e7: PUSH1 0x00 000003e9: POP 000003ea: SLOAD 000003eb: DUP2 000003ec: JUMP 000003ed: JUMPDEST 000003ee: PUSH1 0x02 000003f0: PUSH1 0x00 000003f2: POP 000003f3: SLOAD 000003f4: DUP2 000003f5: JUMP 000003f6: JUMPDEST 000003f7: PUSH1 0x03 000003f9: PUSH1 0x00 000003fb: SWAP1 000003fc: SLOAD 000003fd: SWAP1 000003fe: PUSH2 0x0100 00000401: EXP 00000402: SWAP1 00000403: DIV 00000404: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000419: AND 0000041a: DUP2 0000041b: JUMP 0000041c: JUMPDEST 0000041d: PUSH1 0x04 0000041f: PUSH1 0x00 00000421: SWAP1 00000422: SLOAD 00000423: SWAP1 00000424: PUSH2 0x0100 00000427: EXP 00000428: SWAP1 00000429: DIV 0000042a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000043f: AND 00000440: DUP2 00000441: JUMP 00000442: JUMPDEST 00000443: PUSH1 0x00 00000445: PUSH1 0x00 00000447: PUSH8 0x0de0b6b3a7640000 00000450: CALLVALUE 00000451: LT 00000452: ISZERO 00000453: PUSH2 0x048e 00000456: JUMPI 00000457: CALLER 00000458: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000046d: AND 0000046e: PUSH1 0x00 00000470: CALLVALUE 00000471: PUSH1 0x40 00000473: MLOAD 00000474: DUP1 00000475: SWAP1 00000476: POP 00000477: PUSH1 0x00 00000479: PUSH1 0x40 0000047b: MLOAD 0000047c: DUP1 0000047d: DUP4 0000047e: SUB 0000047f: DUP2 00000480: DUP6 00000481: DUP9 00000482: DUP9 00000483: CALL 00000484: SWAP4 00000485: POP 00000486: POP 00000487: POP 00000488: POP 00000489: POP 0000048a: PUSH2 0x0ad0 0000048d: JUMP 0000048e: JUMPDEST 0000048f: PUSH1 0x10 00000491: DUP5 00000492: MLOAD 00000493: GT 00000494: DUP1 00000495: PUSH2 0x049f 00000498: JUMPI 00000499: POP 0000049a: PUSH1 0x23 0000049c: DUP4 0000049d: MLOAD 0000049e: GT 0000049f: JUMPDEST 000004a0: ISZERO 000004a1: PUSH2 0x04dc 000004a4: JUMPI 000004a5: CALLER 000004a6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004bb: AND 000004bc: PUSH1 0x00 000004be: CALLVALUE 000004bf: PUSH1 0x40 000004c1: MLOAD 000004c2: DUP1 000004c3: SWAP1 000004c4: POP 000004c5: PUSH1 0x00 000004c7: PUSH1 0x40 000004c9: MLOAD 000004ca: DUP1 000004cb: DUP4 000004cc: SUB 000004cd: DUP2 000004ce: DUP6 000004cf: DUP9 000004d0: DUP9 000004d1: CALL 000004d2: SWAP4 000004d3: POP 000004d4: POP 000004d5: POP 000004d6: POP 000004d7: POP 000004d8: PUSH2 0x0ad0 000004db: JUMP 000004dc: JUMPDEST 000004dd: PUSH8 0x0de0b6b3a7640000 000004e6: CALLVALUE 000004e7: GT 000004e8: ISZERO 000004e9: PUSH2 0x052a 000004ec: JUMPI 000004ed: CALLER 000004ee: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000503: AND 00000504: PUSH1 0x00 00000506: PUSH8 0x0de0b6b3a7640000 0000050f: CALLVALUE 00000510: SUB 00000511: PUSH1 0x40 00000513: MLOAD 00000514: DUP1 00000515: SWAP1 00000516: POP 00000517: PUSH1 0x00 00000519: PUSH1 0x40 0000051b: MLOAD 0000051c: DUP1 0000051d: DUP4 0000051e: SUB 0000051f: DUP2 00000520: DUP6 00000521: DUP9 00000522: DUP9 00000523: CALL 00000524: SWAP4 00000525: POP 00000526: POP 00000527: POP 00000528: POP 00000529: POP 0000052a: JUMPDEST 0000052b: PUSH1 0x00 0000052d: PUSH1 0x00 0000052f: POP 00000530: SLOAD 00000531: SWAP2 00000532: POP 00000533: PUSH1 0x01 00000535: PUSH1 0x00 00000537: PUSH1 0x00 00000539: POP 0000053a: DUP2 0000053b: DUP2 0000053c: SLOAD 0000053d: ADD 0000053e: SWAP2 0000053f: POP 00000540: DUP2 00000541: DUP2 00000542: SLOAD 00000543: DUP2 00000544: DUP4 00000545: SSTORE 00000546: DUP2 00000547: DUP2 00000548: ISZERO 00000549: GT 0000054a: PUSH2 0x0653 0000054d: JUMPI 0000054e: PUSH1 0x04 00000550: MUL 00000551: DUP2 00000552: PUSH1 0x04 00000554: MUL 00000555: DUP4 00000556: PUSH1 0x00 00000558: MSTORE 00000559: PUSH1 0x20 0000055b: PUSH1 0x00 0000055d: KECCAK256 0000055e: SWAP2 0000055f: DUP3 00000560: ADD 00000561: SWAP2 00000562: ADD 00000563: PUSH2 0x0652 00000566: SWAP2 00000567: SWAP1 00000568: PUSH2 0x056c 0000056b: JUMP 0000056c: JUMPDEST 0000056d: DUP1 0000056e: DUP3 0000056f: GT 00000570: ISZERO 00000571: PUSH2 0x064e 00000574: JUMPI 00000575: PUSH1 0x00 00000577: PUSH1 0x00 00000579: DUP3 0000057a: ADD 0000057b: PUSH1 0x00 0000057d: PUSH2 0x0100 00000580: EXP 00000581: DUP2 00000582: SLOAD 00000583: SWAP1 00000584: PUSH1 0xff 00000586: MUL 00000587: NOT 00000588: AND 00000589: SWAP1 0000058a: SSTORE 0000058b: PUSH1 0x01 0000058d: DUP3 0000058e: ADD 0000058f: PUSH1 0x00 00000591: POP 00000592: DUP1 00000593: SLOAD 00000594: PUSH1 0x00 00000596: DUP3 00000597: SSTORE 00000598: PUSH1 0x1f 0000059a: ADD 0000059b: PUSH1 0x20 0000059d: SWAP1 0000059e: DIV 0000059f: SWAP1 000005a0: PUSH1 0x00 000005a2: MSTORE 000005a3: PUSH1 0x20 000005a5: PUSH1 0x00 000005a7: KECCAK256 000005a8: SWAP1 000005a9: DUP2 000005aa: ADD 000005ab: SWAP1 000005ac: PUSH2 0x05d3 000005af: SWAP2 000005b0: SWAP1 000005b1: PUSH2 0x05b5 000005b4: JUMP 000005b5: JUMPDEST 000005b6: DUP1 000005b7: DUP3 000005b8: GT 000005b9: ISZERO 000005ba: PUSH2 0x05cf 000005bd: JUMPI 000005be: PUSH1 0x00 000005c0: DUP2 000005c1: DUP2 000005c2: POP 000005c3: PUSH1 0x00 000005c5: SWAP1 000005c6: SSTORE 000005c7: POP 000005c8: PUSH1 0x01 000005ca: ADD 000005cb: PUSH2 0x05b5 000005ce: JUMP 000005cf: JUMPDEST 000005d0: POP 000005d1: SWAP1 000005d2: JUMP 000005d3: JUMPDEST 000005d4: POP 000005d5: PUSH1 0x02 000005d7: DUP3 000005d8: ADD 000005d9: PUSH1 0x00 000005db: PUSH2 0x0100 000005de: EXP 000005df: DUP2 000005e0: SLOAD 000005e1: SWAP1 000005e2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000005f7: MUL 000005f8: NOT 000005f9: AND 000005fa: SWAP1 000005fb: SSTORE 000005fc: PUSH1 0x03 000005fe: DUP3 000005ff: ADD 00000600: PUSH1 0x00 00000602: POP 00000603: DUP1 00000604: SLOAD 00000605: PUSH1 0x00 00000607: DUP3 00000608: SSTORE 00000609: PUSH1 0x1f 0000060b: ADD 0000060c: PUSH1 0x20 0000060e: SWAP1 0000060f: DIV 00000610: SWAP1 00000611: PUSH1 0x00 00000613: MSTORE 00000614: PUSH1 0x20 00000616: PUSH1 0x00 00000618: KECCAK256 00000619: SWAP1 0000061a: DUP2 0000061b: ADD 0000061c: SWAP1 0000061d: PUSH2 0x0644 00000620: SWAP2 00000621: SWAP1 00000622: PUSH2 0x0626 00000625: JUMP 00000626: JUMPDEST 00000627: DUP1 00000628: DUP3 00000629: GT 0000062a: ISZERO 0000062b: PUSH2 0x0640 0000062e: JUMPI 0000062f: PUSH1 0x00 00000631: DUP2 00000632: DUP2 00000633: POP 00000634: PUSH1 0x00 00000636: SWAP1 00000637: SSTORE 00000638: POP 00000639: PUSH1 0x01 0000063b: ADD 0000063c: PUSH2 0x0626 0000063f: JUMP 00000640: JUMPDEST 00000641: POP 00000642: SWAP1 00000643: JUMP 00000644: JUMPDEST 00000645: POP 00000646: POP 00000647: PUSH1 0x01 00000649: ADD 0000064a: PUSH2 0x056c 0000064d: JUMP 0000064e: JUMPDEST 0000064f: POP 00000650: SWAP1 00000651: JUMP 00000652: JUMPDEST 00000653: JUMPDEST 00000654: POP 00000655: POP 00000656: POP 00000657: POP 00000658: DUP4 00000659: PUSH1 0x00 0000065b: PUSH1 0x00 0000065d: POP 0000065e: DUP4 0000065f: DUP2 00000660: SLOAD 00000661: DUP2 00000662: LT 00000663: ISZERO 00000664: PUSH2 0x0002 00000667: JUMPI 00000668: SWAP1 00000669: PUSH1 0x00 0000066b: MSTORE 0000066c: PUSH1 0x20 0000066e: PUSH1 0x00 00000670: KECCAK256 00000671: SWAP1 00000672: PUSH1 0x04 00000674: MUL 00000675: ADD 00000676: PUSH1 0x00 00000678: POP 00000679: PUSH1 0x01 0000067b: ADD 0000067c: PUSH1 0x00 0000067e: POP 0000067f: SWAP1 00000680: DUP1 00000681: MLOAD 00000682: SWAP1 00000683: PUSH1 0x20 00000685: ADD 00000686: SWAP1 00000687: DUP3 00000688: DUP1 00000689: SLOAD 0000068a: DUP3 0000068b: DUP3 0000068c: SSTORE 0000068d: SWAP1 0000068e: PUSH1 0x00 00000690: MSTORE 00000691: PUSH1 0x20 00000693: PUSH1 0x00 00000695: KECCAK256 00000696: SWAP1 00000697: PUSH1 0x1f 00000699: ADD 0000069a: PUSH1 0x20 0000069c: SWAP1 0000069d: DIV 0000069e: DUP2 0000069f: ADD 000006a0: SWAP3 000006a1: DUP3 000006a2: ISZERO 000006a3: PUSH2 0x06c9 000006a6: JUMPI 000006a7: SWAP2 000006a8: DUP3 000006a9: ADD 000006aa: JUMPDEST 000006ab: DUP3 000006ac: DUP2 000006ad: GT 000006ae: ISZERO 000006af: PUSH2 0x06c8 000006b2: JUMPI 000006b3: DUP3 000006b4: MLOAD 000006b5: DUP3 000006b6: PUSH1 0x00 000006b8: POP 000006b9: SSTORE 000006ba: SWAP2 000006bb: PUSH1 0x20 000006bd: ADD 000006be: SWAP2 000006bf: SWAP1 000006c0: PUSH1 0x01 000006c2: ADD 000006c3: SWAP1 000006c4: PUSH2 0x06aa 000006c7: JUMP 000006c8: JUMPDEST 000006c9: JUMPDEST 000006ca: POP 000006cb: SWAP1 000006cc: POP 000006cd: PUSH2 0x06f4 000006d0: SWAP2 000006d1: SWAP1 000006d2: PUSH2 0x06d6 000006d5: JUMP 000006d6: JUMPDEST 000006d7: DUP1 000006d8: DUP3 000006d9: GT 000006da: ISZERO 000006db: PUSH2 0x06f0 000006de: JUMPI 000006df: PUSH1 0x00 000006e1: DUP2 000006e2: DUP2 000006e3: POP 000006e4: PUSH1 0x00 000006e6: SWAP1 000006e7: SSTORE 000006e8: POP 000006e9: PUSH1 0x01 000006eb: ADD 000006ec: PUSH2 0x06d6 000006ef: JUMP 000006f0: JUMPDEST 000006f1: POP 000006f2: SWAP1 000006f3: JUMP 000006f4: JUMPDEST 000006f5: POP 000006f6: POP 000006f7: PUSH1 0x00 000006f9: DUP4 000006fa: MLOAD 000006fb: GT 000006fc: ISZERO 000006fd: PUSH2 0x07de 00000700: JUMPI 00000701: PUSH1 0x01 00000703: PUSH1 0x00 00000705: PUSH1 0x00 00000707: POP 00000708: DUP4 00000709: DUP2 0000070a: SLOAD 0000070b: DUP2 0000070c: LT 0000070d: ISZERO 0000070e: PUSH2 0x0002 00000711: JUMPI 00000712: SWAP1 00000713: PUSH1 0x00 00000715: MSTORE 00000716: PUSH1 0x20 00000718: PUSH1 0x00 0000071a: KECCAK256 0000071b: SWAP1 0000071c: PUSH1 0x04 0000071e: MUL 0000071f: ADD 00000720: PUSH1 0x00 00000722: POP 00000723: PUSH1 0x00 00000725: ADD 00000726: PUSH1 0x00 00000728: PUSH2 0x0100 0000072b: EXP 0000072c: DUP2 0000072d: SLOAD 0000072e: DUP2 0000072f: PUSH1 0xff 00000731: MUL 00000732: NOT 00000733: AND 00000734: SWAP1 00000735: DUP4 00000736: MUL 00000737: OR 00000738: SWAP1 00000739: SSTORE 0000073a: POP 0000073b: DUP3 0000073c: PUSH1 0x00 0000073e: PUSH1 0x00 00000740: POP 00000741: DUP4 00000742: DUP2 00000743: SLOAD 00000744: DUP2 00000745: LT 00000746: ISZERO 00000747: PUSH2 0x0002 0000074a: JUMPI 0000074b: SWAP1 0000074c: PUSH1 0x00 0000074e: MSTORE 0000074f: PUSH1 0x20 00000751: PUSH1 0x00 00000753: KECCAK256 00000754: SWAP1 00000755: PUSH1 0x04 00000757: MUL 00000758: ADD 00000759: PUSH1 0x00 0000075b: POP 0000075c: PUSH1 0x03 0000075e: ADD 0000075f: PUSH1 0x00 00000761: POP 00000762: SWAP1 00000763: DUP1 00000764: MLOAD 00000765: SWAP1 00000766: PUSH1 0x20 00000768: ADD 00000769: SWAP1 0000076a: DUP3 0000076b: DUP1 0000076c: SLOAD 0000076d: DUP3 0000076e: DUP3 0000076f: SSTORE 00000770: SWAP1 00000771: PUSH1 0x00 00000773: MSTORE 00000774: PUSH1 0x20 00000776: PUSH1 0x00 00000778: KECCAK256 00000779: SWAP1 0000077a: PUSH1 0x1f 0000077c: ADD 0000077d: PUSH1 0x20 0000077f: SWAP1 00000780: DIV 00000781: DUP2 00000782: ADD 00000783: SWAP3 00000784: DUP3 00000785: ISZERO 00000786: PUSH2 0x07ac 00000789: JUMPI 0000078a: SWAP2 0000078b: DUP3 0000078c: ADD 0000078d: JUMPDEST 0000078e: DUP3 0000078f: DUP2 00000790: GT 00000791: ISZERO 00000792: PUSH2 0x07ab 00000795: JUMPI 00000796: DUP3 00000797: MLOAD 00000798: DUP3 00000799: PUSH1 0x00 0000079b: POP 0000079c: SSTORE 0000079d: SWAP2 0000079e: PUSH1 0x20 000007a0: ADD 000007a1: SWAP2 000007a2: SWAP1 000007a3: PUSH1 0x01 000007a5: ADD 000007a6: SWAP1 000007a7: PUSH2 0x078d 000007aa: JUMP 000007ab: JUMPDEST 000007ac: JUMPDEST 000007ad: POP 000007ae: SWAP1 000007af: POP 000007b0: PUSH2 0x07d7 000007b3: SWAP2 000007b4: SWAP1 000007b5: PUSH2 0x07b9 000007b8: JUMP 000007b9: JUMPDEST 000007ba: DUP1 000007bb: DUP3 000007bc: GT 000007bd: ISZERO 000007be: PUSH2 0x07d3 000007c1: JUMPI 000007c2: PUSH1 0x00 000007c4: DUP2 000007c5: DUP2 000007c6: POP 000007c7: PUSH1 0x00 000007c9: SWAP1 000007ca: SSTORE 000007cb: POP 000007cc: PUSH1 0x01 000007ce: ADD 000007cf: PUSH2 0x07b9 000007d2: JUMP 000007d3: JUMPDEST 000007d4: POP 000007d5: SWAP1 000007d6: JUMP 000007d7: JUMPDEST 000007d8: POP 000007d9: POP 000007da: PUSH2 0x0865 000007dd: JUMP 000007de: JUMPDEST 000007df: PUSH1 0x00 000007e1: PUSH1 0x00 000007e3: PUSH1 0x00 000007e5: POP 000007e6: DUP4 000007e7: DUP2 000007e8: SLOAD 000007e9: DUP2 000007ea: LT 000007eb: ISZERO 000007ec: PUSH2 0x0002 000007ef: JUMPI 000007f0: SWAP1 000007f1: PUSH1 0x00 000007f3: MSTORE 000007f4: PUSH1 0x20 000007f6: PUSH1 0x00 000007f8: KECCAK256 000007f9: SWAP1 000007fa: PUSH1 0x04 000007fc: MUL 000007fd: ADD 000007fe: PUSH1 0x00 00000800: POP 00000801: PUSH1 0x00 00000803: ADD 00000804: PUSH1 0x00 00000806: PUSH2 0x0100 00000809: EXP 0000080a: DUP2 0000080b: SLOAD 0000080c: DUP2 0000080d: PUSH1 0xff 0000080f: MUL 00000810: NOT 00000811: AND 00000812: SWAP1 00000813: DUP4 00000814: MUL 00000815: OR 00000816: SWAP1 00000817: SSTORE 00000818: POP 00000819: CALLER 0000081a: PUSH1 0x00 0000081c: PUSH1 0x00 0000081e: POP 0000081f: DUP4 00000820: DUP2 00000821: SLOAD 00000822: DUP2 00000823: LT 00000824: ISZERO 00000825: PUSH2 0x0002 00000828: JUMPI 00000829: SWAP1 0000082a: PUSH1 0x00 0000082c: MSTORE 0000082d: PUSH1 0x20 0000082f: PUSH1 0x00 00000831: KECCAK256 00000832: SWAP1 00000833: PUSH1 0x04 00000835: MUL 00000836: ADD 00000837: PUSH1 0x00 00000839: POP 0000083a: PUSH1 0x02 0000083c: ADD 0000083d: PUSH1 0x00 0000083f: PUSH2 0x0100 00000842: EXP 00000843: DUP2 00000844: SLOAD 00000845: DUP2 00000846: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000085b: MUL 0000085c: NOT 0000085d: AND 0000085e: SWAP1 0000085f: DUP4 00000860: MUL 00000861: OR 00000862: SWAP1 00000863: SSTORE 00000864: POP 00000865: JUMPDEST 00000866: DUP2 00000867: PUSH32 0x66d0ee9ee580464eb06bb7adef164c593ad3173da5b9937511307bb4646d392e 00000888: PUSH1 0x40 0000088a: MLOAD 0000088b: DUP1 0000088c: SWAP1 0000088d: POP 0000088e: PUSH1 0x40 00000890: MLOAD 00000891: DUP1 00000892: SWAP2 00000893: SUB 00000894: SWAP1 00000895: LOG2 00000896: PUSH1 0x00 00000898: DUP3 00000899: EQ 0000089a: ISZERO 0000089b: ISZERO 0000089c: PUSH2 0x08be 0000089f: JUMPI 000008a0: PUSH8 0x016345785d8a0000 000008a9: PUSH1 0x02 000008ab: PUSH1 0x00 000008ad: DUP3 000008ae: DUP3 000008af: DUP3 000008b0: POP 000008b1: SLOAD 000008b2: ADD 000008b3: SWAP3 000008b4: POP 000008b5: POP 000008b6: DUP2 000008b7: SWAP1 000008b8: SSTORE 000008b9: POP 000008ba: PUSH2 0x08d9 000008bd: JUMP 000008be: JUMPDEST 000008bf: PUSH8 0x0de0b6b3a7640000 000008c8: PUSH1 0x02 000008ca: PUSH1 0x00 000008cc: DUP3 000008cd: DUP3 000008ce: DUP3 000008cf: POP 000008d0: SLOAD 000008d1: ADD 000008d2: SWAP3 000008d3: POP 000008d4: POP 000008d5: DUP2 000008d6: SWAP1 000008d7: SSTORE 000008d8: POP 000008d9: JUMPDEST 000008da: PUSH1 0x00 000008dc: DUP3 000008dd: EQ 000008de: ISZERO 000008df: DUP1 000008e0: ISZERO 000008e1: PUSH2 0x08ed 000008e4: JUMPI 000008e5: POP 000008e6: PUSH1 0x00 000008e8: PUSH1 0x03 000008ea: DUP4 000008eb: MOD 000008ec: EQ 000008ed: JUMPDEST 000008ee: ISZERO 000008ef: PUSH2 0x0acf 000008f2: JUMPI 000008f3: PUSH8 0x257853b1dd8e0000 000008fc: SWAP1 000008fd: POP 000008fe: PUSH1 0x00 00000900: PUSH1 0x00 00000902: PUSH1 0x00 00000904: POP 00000905: PUSH1 0x01 00000907: PUSH1 0x00 00000909: POP 0000090a: SLOAD 0000090b: DUP2 0000090c: SLOAD 0000090d: DUP2 0000090e: LT 0000090f: ISZERO 00000910: PUSH2 0x0002 00000913: JUMPI 00000914: SWAP1 00000915: PUSH1 0x00 00000917: MSTORE 00000918: PUSH1 0x20 0000091a: PUSH1 0x00 0000091c: KECCAK256 0000091d: SWAP1 0000091e: PUSH1 0x04 00000920: MUL 00000921: ADD 00000922: PUSH1 0x00 00000924: POP 00000925: PUSH1 0x00 00000927: ADD 00000928: PUSH1 0x00 0000092a: SWAP1 0000092b: SLOAD 0000092c: SWAP1 0000092d: PUSH2 0x0100 00000930: EXP 00000931: SWAP1 00000932: DIV 00000933: PUSH1 0xff 00000935: AND 00000936: EQ 00000937: ISZERO 00000938: PUSH2 0x09bb 0000093b: JUMPI 0000093c: PUSH1 0x00 0000093e: PUSH1 0x00 00000940: POP 00000941: PUSH1 0x01 00000943: PUSH1 0x00 00000945: POP 00000946: SLOAD 00000947: DUP2 00000948: SLOAD 00000949: DUP2 0000094a: LT 0000094b: ISZERO 0000094c: PUSH2 0x0002 0000094f: JUMPI 00000950: SWAP1 00000951: PUSH1 0x00 00000953: MSTORE 00000954: PUSH1 0x20 00000956: PUSH1 0x00 00000958: KECCAK256 00000959: SWAP1 0000095a: PUSH1 0x04 0000095c: MUL 0000095d: ADD 0000095e: PUSH1 0x00 00000960: POP 00000961: PUSH1 0x02 00000963: ADD 00000964: PUSH1 0x00 00000966: SWAP1 00000967: SLOAD 00000968: SWAP1 00000969: PUSH2 0x0100 0000096c: EXP 0000096d: SWAP1 0000096e: DIV 0000096f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000984: AND 00000985: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000099a: AND 0000099b: PUSH1 0x00 0000099d: DUP3 0000099e: PUSH1 0x40 000009a0: MLOAD 000009a1: DUP1 000009a2: SWAP1 000009a3: POP 000009a4: PUSH1 0x00 000009a6: PUSH1 0x40 000009a8: MLOAD 000009a9: DUP1 000009aa: DUP4 000009ab: SUB 000009ac: DUP2 000009ad: DUP6 000009ae: DUP9 000009af: DUP9 000009b0: CALL 000009b1: SWAP4 000009b2: POP 000009b3: POP 000009b4: POP 000009b5: POP 000009b6: POP 000009b7: PUSH2 0x0abb 000009ba: JUMP 000009bb: JUMPDEST 000009bc: PUSH1 0x04 000009be: PUSH1 0x00 000009c0: SWAP1 000009c1: SLOAD 000009c2: SWAP1 000009c3: PUSH2 0x0100 000009c6: EXP 000009c7: SWAP1 000009c8: DIV 000009c9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009de: AND 000009df: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000009f4: AND 000009f5: PUSH4 0x02dc2e1d 000009fa: DUP3 000009fb: PUSH1 0x00 000009fd: PUSH1 0x00 000009ff: POP 00000a00: PUSH1 0x01 00000a02: PUSH1 0x00 00000a04: POP 00000a05: SLOAD 00000a06: DUP2 00000a07: SLOAD 00000a08: DUP2 00000a09: LT 00000a0a: ISZERO 00000a0b: PUSH2 0x0002 00000a0e: JUMPI 00000a0f: SWAP1 00000a10: PUSH1 0x00 00000a12: MSTORE 00000a13: PUSH1 0x20 00000a15: PUSH1 0x00 00000a17: KECCAK256 00000a18: SWAP1 00000a19: PUSH1 0x04 00000a1b: MUL 00000a1c: ADD 00000a1d: PUSH1 0x00 00000a1f: POP 00000a20: PUSH1 0x03 00000a22: ADD 00000a23: PUSH1 0x00 00000a25: POP 00000a26: PUSH1 0x40 00000a28: MLOAD 00000a29: DUP4 00000a2a: PUSH29 0x0100000000000000000000000000000000000000000000000000000000 00000a48: MUL 00000a49: DUP2 00000a4a: MSTORE 00000a4b: PUSH1 0x04 00000a4d: ADD 00000a4e: DUP1 00000a4f: DUP1 00000a50: PUSH1 0x20 00000a52: ADD 00000a53: DUP3 00000a54: DUP2 00000a55: SUB 00000a56: DUP3 00000a57: MSTORE 00000a58: DUP4 00000a59: DUP2 00000a5a: DUP2 00000a5b: SLOAD 00000a5c: DUP2 00000a5d: MSTORE 00000a5e: PUSH1 0x20 00000a60: ADD 00000a61: SWAP2 00000a62: POP 00000a63: DUP1 00000a64: SLOAD 00000a65: DUP1 00000a66: ISZERO 00000a67: PUSH2 0x0a95 00000a6a: JUMPI 00000a6b: DUP3 00000a6c: ADD 00000a6d: SWAP2 00000a6e: SWAP1 00000a6f: PUSH1 0x00 00000a71: MSTORE 00000a72: PUSH1 0x20 00000a74: PUSH1 0x00 00000a76: KECCAK256 00000a77: SWAP1 00000a78: JUMPDEST 00000a79: DUP2 00000a7a: SLOAD 00000a7b: DUP2 00000a7c: MSTORE 00000a7d: SWAP1 00000a7e: PUSH1 0x01 00000a80: ADD 00000a81: SWAP1 00000a82: PUSH1 0x20 00000a84: ADD 00000a85: DUP1 00000a86: DUP4 00000a87: GT 00000a88: PUSH2 0x0a78 00000a8b: JUMPI 00000a8c: DUP3 00000a8d: SWAP1 00000a8e: SUB 00000a8f: PUSH1 0x1f 00000a91: AND 00000a92: DUP3 00000a93: ADD 00000a94: SWAP2 00000a95: JUMPDEST 00000a96: POP 00000a97: POP 00000a98: SWAP3 00000a99: POP 00000a9a: POP 00000a9b: POP 00000a9c: PUSH1 0x20 00000a9e: PUSH1 0x40 00000aa0: MLOAD 00000aa1: DUP1 00000aa2: DUP4 00000aa3: SUB 00000aa4: DUP2 00000aa5: DUP6 00000aa6: DUP9 00000aa7: PUSH2 0x8502 00000aaa: GAS 00000aab: SUB 00000aac: CALL 00000aad: ISZERO 00000aae: PUSH2 0x0002 00000ab1: JUMPI 00000ab2: POP 00000ab3: POP 00000ab4: POP 00000ab5: POP 00000ab6: PUSH1 0x40 00000ab8: MLOAD 00000ab9: MLOAD 00000aba: POP 00000abb: JUMPDEST 00000abc: PUSH1 0x01 00000abe: PUSH1 0x01 00000ac0: PUSH1 0x00 00000ac2: DUP3 00000ac3: DUP3 00000ac4: DUP3 00000ac5: POP 00000ac6: SLOAD 00000ac7: ADD 00000ac8: SWAP3 00000ac9: POP 00000aca: POP 00000acb: DUP2 00000acc: SWAP1 00000acd: SSTORE 00000ace: POP 00000acf: JUMPDEST 00000ad0: JUMPDEST 00000ad1: POP 00000ad2: POP 00000ad3: POP 00000ad4: POP 00000ad5: JUMP 00000ad6: JUMPDEST 00000ad7: PUSH1 0x00 00000ad9: PUSH1 0x00 00000adb: PUSH1 0x00 00000add: POP 00000ade: SLOAD 00000adf: SWAP1 00000ae0: POP 00000ae1: PUSH2 0x0ae5 00000ae4: JUMP 00000ae5: JUMPDEST 00000ae6: SWAP1 00000ae7: JUMP 00000ae8: JUMPDEST 00000ae9: PUSH1 0x03 00000aeb: PUSH1 0x00 00000aed: SWAP1 00000aee: SLOAD 00000aef: SWAP1 00000af0: PUSH2 0x0100 00000af3: EXP 00000af4: SWAP1 00000af5: DIV 00000af6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b0b: AND 00000b0c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b21: AND 00000b22: CALLER 00000b23: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b38: AND 00000b39: EQ 00000b3a: ISZERO 00000b3b: PUSH2 0x0b95 00000b3e: JUMPI 00000b3f: PUSH1 0x00 00000b41: PUSH1 0x02 00000b43: PUSH1 0x00 00000b45: POP 00000b46: SLOAD 00000b47: EQ 00000b48: ISZERO 00000b49: PUSH2 0x0b51 00000b4c: JUMPI 00000b4d: PUSH2 0x0b96 00000b50: JUMP 00000b51: JUMPDEST 00000b52: DUP1 00000b53: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000b68: AND 00000b69: PUSH1 0x00 00000b6b: PUSH1 0x02 00000b6d: PUSH1 0x00 00000b6f: POP 00000b70: SLOAD 00000b71: PUSH1 0x40 00000b73: MLOAD 00000b74: DUP1 00000b75: SWAP1 00000b76: POP 00000b77: PUSH1 0x00 00000b79: PUSH1 0x40 00000b7b: MLOAD 00000b7c: DUP1 00000b7d: DUP4 00000b7e: SUB 00000b7f: DUP2 00000b80: DUP6 00000b81: DUP9 00000b82: DUP9 00000b83: CALL 00000b84: SWAP4 00000b85: POP 00000b86: POP 00000b87: POP 00000b88: POP 00000b89: POP 00000b8a: PUSH1 0x00 00000b8c: PUSH1 0x02 00000b8e: PUSH1 0x00 00000b90: POP 00000b91: DUP2 00000b92: SWAP1 00000b93: SSTORE 00000b94: POP 00000b95: JUMPDEST 00000b96: JUMPDEST 00000b97: POP 00000b98: JUMP 00000b99: JUMPDEST 00000b9a: PUSH1 0x03 00000b9c: PUSH1 0x00 00000b9e: SWAP1 00000b9f: SLOAD 00000ba0: SWAP1 00000ba1: PUSH2 0x0100 00000ba4: EXP 00000ba5: SWAP1 00000ba6: DIV 00000ba7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bbc: AND 00000bbd: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000bd2: AND 00000bd3: CALLER 00000bd4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000be9: AND 00000bea: EQ 00000beb: ISZERO 00000bec: PUSH2 0x0c1b 00000bef: JUMPI 00000bf0: DUP1 00000bf1: PUSH1 0x04 00000bf3: PUSH1 0x00 00000bf5: PUSH2 0x0100 00000bf8: EXP 00000bf9: DUP2 00000bfa: SLOAD 00000bfb: DUP2 00000bfc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c11: MUL 00000c12: NOT 00000c13: AND 00000c14: SWAP1 00000c15: DUP4 00000c16: MUL 00000c17: OR 00000c18: SWAP1 00000c19: SSTORE 00000c1a: POP 00000c1b: JUMPDEST 00000c1c: JUMPDEST 00000c1d: POP 00000c1e: JUMP 00000c1f: JUMPDEST 00000c20: PUSH1 0x03 00000c22: PUSH1 0x00 00000c24: SWAP1 00000c25: SLOAD 00000c26: SWAP1 00000c27: PUSH2 0x0100 00000c2a: EXP 00000c2b: SWAP1 00000c2c: DIV 00000c2d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c42: AND 00000c43: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c58: AND 00000c59: CALLER 00000c5a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c6f: AND 00000c70: EQ 00000c71: ISZERO 00000c72: PUSH2 0x0ca1 00000c75: JUMPI 00000c76: DUP1 00000c77: PUSH1 0x03 00000c79: PUSH1 0x00 00000c7b: PUSH2 0x0100 00000c7e: EXP 00000c7f: DUP2 00000c80: SLOAD 00000c81: DUP2 00000c82: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000c97: MUL 00000c98: NOT 00000c99: AND 00000c9a: SWAP1 00000c9b: DUP4 00000c9c: MUL 00000c9d: OR 00000c9e: SWAP1 00000c9f: SSTORE 00000ca0: POP 00000ca1: JUMPDEST 00000ca2: JUMPDEST 00000ca3: POP 00000ca4: JUMP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x1c73fb763e34eede09fe33bd252953043659994cb1002cb642d516f0ea9fd4c9
call_targets:
0x7011f3edc7fa43c81440f9f43a6458174113b162
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1c73fb763e34eede09fe33bd252953043659994cb1002cb642d516f0ea9fd4c9",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x7011f3edc7fa43c81440f9f43a6458174113b162"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x13af4035",
"selector": "0x13af4035",
"calldata_variants": [
"0x13af4035",
"0x13af40350000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x35c1d349",
"selector": "0x35c1d349",
"calldata_variants": [
"0x35c1d349",
"0x35c1d3490000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x483ba09e",
"selector": "0x483ba09e",
"calldata_variants": [
"0x483ba09e",
"0x483ba09e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54ba7daa",
"selector": "0x54ba7daa",
"calldata_variants": [
"0x54ba7daa",
"0x54ba7daa0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9003adfe",
"selector": "0x9003adfe",
"calldata_variants": [
"0x9003adfe",
"0x9003adfe0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa480ca79",
"selector": "0xa480ca79",
"calldata_variants": [
"0xa480ca79",
"0xa480ca790000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa60f3588",
"selector": "0xa60f3588",
"calldata_variants": [
"0xa60f3588",
"0xa60f35880000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1155,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1233,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1315,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 6,
"guards_detected": [
{
"pc": 2850,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3027,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3161,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
],
"untrusted_call_count": 6
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x1c73fb763e34eede09fe33bd252953043659994cb1002cb642d516f0ea9fd4c9
call_targets:
0x7011f3edc7fa43c81440f9f43a6458174113b162
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x1c73fb763e34eede09fe33bd252953043659994cb1002cb642d516f0ea9fd4c9",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x7011f3edc7fa43c81440f9f43a6458174113b162"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x13af4035",
"selector": "0x13af4035",
"calldata_variants": [
"0x13af4035",
"0x13af40350000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x35c1d349",
"selector": "0x35c1d349",
"calldata_variants": [
"0x35c1d349",
"0x35c1d3490000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x483ba09e",
"selector": "0x483ba09e",
"calldata_variants": [
"0x483ba09e",
"0x483ba09e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x54ba7daa",
"selector": "0x54ba7daa",
"calldata_variants": [
"0x54ba7daa",
"0x54ba7daa0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9003adfe",
"selector": "0x9003adfe",
"calldata_variants": [
"0x9003adfe",
"0x9003adfe0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa480ca79",
"selector": "0xa480ca79",
"calldata_variants": [
"0xa480ca79",
"0xa480ca790000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xa60f3588",
"selector": "0xa60f3588",
"calldata_variants": [
"0xa60f3588",
"0xa60f35880000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 1155,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1233,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1315,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 6,
"guards_detected": [
{
"pc": 2850,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3027,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
},
{
"pc": 3161,
"type": "msg_sender_eq_const",
"value": "0xffffffffffffffffffffffffffffffffffffffff"
}
]
}
|