de20837f-8caf-4855-9121-dda83ee680eb
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31081 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 76300 | artifact.fetch | complete | 1 / 3 | 2 weeks ago |
| 76301 | tool.cast_disasm | complete | 1 / 3 | 2 weeks ago |
| 76302 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 76303 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 76304 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 76305 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
[codex:729666] OpenAI Codex v0.77.0 (research preview)
[codex:729666] --------
[codex:729666] workdir: /tmp/codex-multi-_22_ww99
[codex:729666] model: gpt-5.2-codex
[codex:729666] provider: openai
[codex:729666] approval: never
[codex:729666] sandbox: read-only
[codex:729666] reasoning effort: xhigh
[codex:729666] reasoning summaries: auto
[codex:729666] session id: 019b7a6e-b1fb-7a81-acb9-419483b22f02
[codex:729666] --------
[codex:729666] user
[codex:729666] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:729666]
[codex:729666] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:729666]
[codex:729666] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:729666] - Gas inefficiency, code quality, or best practices
[codex:729666] - Theoretical vulnerabilities without a clear extraction path
[codex:729666] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:729666] - Issues requiring social engineering or off-chain coordination
[codex:729666]
[codex:729666] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:729666] - CALL/DELEGATECALL with controllable destination or calldata
[codex:729666] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:729666] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:729666] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:729666] - External calls before state updates (reentrancy)
[codex:729666] - SELFDESTRUCT with controllable beneficiary
[codex:729666] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:729666]
[codex:729666] For each finding, you MUST explain:
[codex:729666] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:729666] 2. The concrete sequence of transactions to extract value
[codex:729666] 3. Why you believe this is exploitable (not just suspicious)
[codex:729666]
[codex:729666] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:729666] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:729666]
[codex:729666] Output MUST be valid JSON matching the provided schema.
[codex:729666] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:729666] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:729666] mcp startup: no servers
[codex:729666]
[codex:729666] thinking
[codex:729666] **Planning initial file inspection**
[codex:729666] exec
[codex:729666] /bin/bash -lc ls in /tmp/codex-multi-_22_ww99 succeeded in 6ms:
[codex:729666] BYTECODE_BUNDLE.txt
[codex:729666] codex-output-schema.json
[codex:729666] exec
[codex:729666] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-_22_ww99 succeeded in 5ms:
[codex:729666] Runtime bytecode bundle for best-effort auditing.
[codex:729666] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:729666]
[codex:729666] FILE: runtime_bytecode.hex
[codex:729666] 0x60806040526004361061002d5760003560e01c806375e6850214610036578063cbbf72801461007e57610034565b3661003457005b005b34801561004257600080fd5b506100346004803603604081101561005957600080fd5b5073ffffffffffffffffffffffffffffffffffffffff813581169160200135166100be565b34801561008a57600080fd5b50610034600480360360208110156100a157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1661028b565b3373267be1c1d684f78cb4f6a176c4911b741e4ffdc01461014057604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f54782073656e646572206973206e6f74206f776e657200000000000000000000604482015290519081900360640190fd5b604080517f70a082310000000000000000000000000000000000000000000000000000000081523060048201529051839160009173ffffffffffffffffffffffffffffffffffffffff8416916370a08231916024808301926020929190829003018186803b1580156101b157600080fd5b505afa1580156101c5573d6000803e3d6000fd5b505050506040513d60208110156101db57600080fd5b5051604080517fa9059cbb00000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff86811660048301526024820184905291519293509084169163a9059cbb916044808201926020929091908290030181600087803b15801561025957600080fd5b505af115801561026d573d6000803e3d6000fd5b505050506040513d602081101561028357600080fd5b505050505050565b3373267be1c1d684f78cb4f6a176c4911b741e4ffdc01461030d57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f54782073656e646572206973206e6f74206f776e657200000000000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8216904780156108fc02916000818181858888f1935050505015801561034f573d6000803e3d6000fd5b505056fea164736f6c634300060c000a
[codex:729666]
[codex:729666] thinking
[codex:729666] **Preparing to decode contract bytecode**
[codex:729666]
[codex:729666] I'm planning to analyze the bytecode by identifying function selectors and disassembling the code to understand contract behavior, especially ownership checks and token transfer logic; since online tools aren't available, I’ll try crafting a quick Python script to decode opcodes locally.
[codex:729666] exec
[codex:729666] /bin/bash -lc "python - <<'PY'
[codex:729666] import binascii, textwrap
[codex:729666] from pathlib import Path
[codex:729666] code = Path('BYTECODE_BUNDLE.txt').read_text().split('FILE: runtime_bytecode.hex')[1].strip()
[codex:729666] # parse hex after 0x
[codex:729666] hexstr=code.split('\\n',1)[1].strip()
[codex:729666] if hexstr.startswith('0x'): hexstr=hexstr[2:]
[codex:729666] bytecode=bytes.fromhex(hexstr)
[codex:729666] # opcode table
[codex:729666] opcodes = {}
[codex:729666] # basic opcodes list
[codex:729666] for i,name in [(0x00,'STOP'),(0x01,'ADD'),(0x02,'MUL'),(0x03,'SUB'),(0x04,'DIV'),(0x05,'SDIV'),(0x06,'MOD'),(0x07,'SMOD'),(0x08,'ADDMOD'),(0x09,'MULMOD'),(0x0a,'EXP'),(0x0b,'SIGNEXTEND'),
[codex:729666] (0x10,'LT'),(0x11,'GT'),(0x12,'SLT'),(0x13,'SGT'),(0x14,'EQ'),(0x15,'ISZERO'),(0x16,'AND'),(0x17,'OR'),(0x18,'XOR'),(0x19,'NOT'),(0x1a,'BYTE'),(0x1b,'SHL'),(0x1c,'SHR'),(0x1d,'SAR'),
[codex:729666] (0x20,'SHA3'),
[codex:729666] (0x30,'ADDRESS'),(0x31,'BALANCE'),(0x32,'ORIGIN'),(0x33,'CALLER'),(0x34,'CALLVALUE'),(0x35,'CALLDATALOAD'),(0x36,'CALLDATASIZE'),(0x37,'CALLDATACOPY'),(0x38,'CODESIZE'),(0x39,'CODECOPY'),(0x3a,'GASPRICE'),(0x3b,'EXTCODESIZE'),(0x3c,'EXTCODECOPY'),(0x3d,'RETURNDATASIZE'),(0x3e,'RETURNDATACOPY'),(0x3f,'EXTCODEHASH'),
[codex:729666] (0x40,'BLOCKHASH'),(0x41,'COINBASE'),(0x42,'TIMESTAMP'),(0x43,'NUMBER'),(0x44,'DIFFICULTY'),(0x45,'GASLIMIT'),(0x46,'CHAINID'),(0x47,'SELFBALANCE'),(0x48,'BASEFEE'),
[codex:729666] (0x50,'POP'),(0x51,'MLOAD'),(0x52,'MSTORE'),(0x53,'MSTORE8'),(0x54,'SLOAD'),(0x55,'SSTORE'),(0x56,'JUMP'),(0x57,'JUMPI'),(0x58,'PC'),(0x59,'MSIZE'),(0x5a,'GAS'),(0x5b,'JUMPDEST'),
[codex:729666] (0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
[codex:729666] opcodes[i]=name
[codex:729666] for i in range(0x60,0x80):
[codex:729666] opcodes[i]=f'PUSH{i-0x5f}'
[codex:729666] for i in range(0x80,0x90):
[codex:729666] opcodes[i]=f'DUP{i-0x7f}'
[codex:729666] for i in range(0x90,0xa0):
[codex:729666] opcodes[i]=f'SWAP{i-0x8f}'
[codex:729666] for i in range(0xa0,0xa5):
[codex:729666] opcodes[i]=f'LOG{i-0xa0}'
[codex:729666]
[codex:729666] i=0
[codex:729666] out=[]
[codex:729666] while i<len(bytecode):
[codex:729666] op=bytecode[i]
[codex:729666] name=opcodes.get(op,f'OP{op:02x}')
[codex:729666] if name.startswith('PUSH'):
[codex:729666] n=int(name[4:])
[codex:729666] data=bytecode[i+1:i+1+n]
[codex:729666] out.append((i,name,'0x'+data.hex()))
[codex:729666] i+=1+n
[codex:729666] else:
[codex:729666] out.append((i,name,''))
[codex:729666] i+=1
[codex:729666]
[codex:729666] for o in out:
[codex:729666] off,name,data=o
[codex:729666] if data:
[codex:729666] print(f'{off:04x}: {name} {data}')
[codex:729666] else:
[codex:729666] print(f'{off:04x}: {name}')
[codex:729666] PY" in /tmp/codex-multi-_22_ww99 exited 1 in 39ms:
[codex:729666] Traceback (most recent call last):
[codex:729666] File "<stdin>", line 5, in <module>
[codex:729666] IndexError: list index out of range
[codex:729666]
[codex:729666] thinking
[codex:729666] **Parsing runtime_bytecode.hex file**
[codex:729666] exec
[codex:729666] /bin/bash -lc "python - <<'PY'
[codex:729666] from pathlib import Path
[codex:729666] text=Path('BYTECODE_BUNDLE.txt').read_text().splitlines()
[codex:729666] hexstr=None
[codex:729666] for line in text:
[codex:729666] line=line.strip()
[codex:729666] if line.startswith('0x'):
[codex:729666] hexstr=line[2:]
[codex:729666] break
[codex:729666] print('hexlen',len(hexstr) if hexstr else None)
[codex:729666] print('first',hexstr[:20])
[codex:729666] PY" in /tmp/codex-multi-_22_ww99 succeeded in 30ms:
[codex:729666] hexlen 1728
[codex:729666] first 60806040526004361061
[codex:729666]
[codex:729666] thinking
[codex:729666] **Disassembling with hexstr**
[codex:729666] exec
[codex:729666] /bin/bash -lc "python - <<'PY'
[codex:729666] import binascii
[codex:729666] from pathlib import Path
[codex:729666] text=Path('BYTECODE_BUNDLE.txt').read_text().splitlines()
[codex:729666] hexstr=None
[codex:729666] for line in text:
[codex:729666] line=line.strip()
[codex:729666] if line.startswith('0x'):
[codex:729666] hexstr=line[2:]
[codex:729666] break
[codex:729666] bytecode=bytes.fromhex(hexstr)
[codex:729666] # opcode table
[codex:729666] opcodes = {}
[codex:729666] for i,name in [(0x00,'STOP'),(0x01,'ADD'),(0x02,'MUL'),(0x03,'SUB'),(0x04,'DIV'),(0x05,'SDIV'),(0x06,'MOD'),(0x07,'SMOD'),(0x08,'ADDMOD'),(0x09,'MULMOD'),(0x0a,'EXP'),(0x0b,'SIGNEXTEND'),
[codex:729666] (0x10,'LT'),(0x11,'GT'),(0x12,'SLT'),(0x13,'SGT'),(0x14,'EQ'),(0x15,'ISZERO'),(0x16,'AND'),(0x17,'OR'),(0x18,'XOR'),(0x19,'NOT'),(0x1a,'BYTE'),(0x1b,'SHL'),(0x1c,'SHR'),(0x1d,'SAR'),
[codex:729666] (0x20,'SHA3'),
[codex:729666] (0x30,'ADDRESS'),(0x31,'BALANCE'),(0x32,'ORIGIN'),(0x33,'CALLER'),(0x34,'CALLVALUE'),(0x35,'CALLDATALOAD'),(0x36,'CALLDATASIZE'),(0x37,'CALLDATACOPY'),(0x38,'CODESIZE'),(0x39,'CODECOPY'),(0x3a,'GASPRICE'),(0x3b,'EXTCODESIZE'),(0x3c,'EXTCODECOPY'),(0x3d,'RETURNDATASIZE'),(0x3e,'RETURNDATACOPY'),(0x3f,'EXTCODEHASH'),
[codex:729666] (0x40,'BLOCKHASH'),(0x41,'COINBASE'),(0x42,'TIMESTAMP'),(0x43,'NUMBER'),(0x44,'DIFFICULTY'),(0x45,'GASLIMIT'),(0x46,'CHAINID'),(0x47,'SELFBALANCE'),(0x48,'BASEFEE'),
[codex:729666] (0x50,'POP'),(0x51,'MLOAD'),(0x52,'MSTORE'),(0x53,'MSTORE8'),(0x54,'SLOAD'),(0x55,'SSTORE'),(0x56,'JUMP'),(0x57,'JUMPI'),(0x58,'PC'),(0x59,'MSIZE'),(0x5a,'GAS'),(0x5b,'JUMPDEST'),
[codex:729666] (0xf0,'CREATE'),(0xf1,'CALL'),(0xf2,'CALLCODE'),(0xf3,'RETURN'),(0xf4,'DELEGATECALL'),(0xf5,'CREATE2'),(0xfa,'STATICCALL'),(0xfd,'REVERT'),(0xfe,'INVALID'),(0xff,'SELFDESTRUCT')]:
[codex:729666] opcodes[i]=name
[codex:729666] for i in range(0x60,0x80):
[codex:729666] opcodes[i]=f'PUSH{i-0x5f}'
[codex:729666] for i in range(0x80,0x90):
[codex:729666] opcodes[i]=f'DUP{i-0x7f}'
[codex:729666] for i in range(0x90,0xa0):
[codex:729666] opcodes[i]=f'SWAP{i-0x8f}'
[codex:729666] for i in range(0xa0,0xa5):
[codex:729666] opcodes[i]=f'LOG{i-0xa0}'
[codex:729666]
[codex:729666] i=0
[codex:729666] out=[]
[codex:729666] while i<len(bytecode):
[codex:729666] op=bytecode[i]
[codex:729666] name=opcodes.get(op,f'OP{op:02x}')
[codex:729666] if name.startswith('PUSH'):
[codex:729666] n=int(name[4:])
[codex:729666] data=bytecode[i+1:i+1+n]
[codex:729666] out.append((i,name,'0x'+data.hex()))
[codex:729666] i+=1+n
[codex:729666] else:
[codex:729666] out.append((i,name,''))
[codex:729666] i+=1
[codex:729666]
[codex:729666] for off,name,data in out:
[codex:729666] if data:
[codex:729666] print(f'{off:04x}: {name} {data}')
[codex:729666] else:
[codex:729666] print(f'{off:04x}: {name}')
[codex:729666] PY" in /tmp/codex-multi-_22_ww99 succeeded in 27ms:
[codex:729666] 0000: PUSH1 0x80
[codex:729666] 0002: PUSH1 0x40
[codex:729666] 0004: MSTORE
[codex:729666] 0005: PUSH1 0x04
[codex:729666] 0007: CALLDATASIZE
[codex:729666] 0008: LT
[codex:729666] 0009: PUSH2 0x002d
[codex:729666] 000c: JUMPI
[codex:729666] 000d: PUSH1 0x00
[codex:729666] 000f: CALLDATALOAD
[codex:729666] 0010: PUSH1 0xe0
[codex:729666] 0012: SHR
[codex:729666] 0013: DUP1
[codex:729666] 0014: PUSH4 0x75e68502
[codex:729666] 0019: EQ
[codex:729666] 001a: PUSH2 0x0036
[codex:729666] 001d: JUMPI
[codex:729666] 001e: DUP1
[codex:729666] 001f: PUSH4 0xcbbf7280
[codex:729666] 0024: EQ
[codex:729666]
[codex:729666]
[codex:729666] thinking
[codex:729666] **Analyzing bytecode for vulnerabilities**
[codex:729666]
[codex:729666] I've closely examined two owner-restricted functions that sweep tokens and ETH respectively, verifying parameter decoding, owner checks, external calls, and gas handling. Everything looks secure with no exploitable paths since only the hardcoded owner can invoke these sweeps, no delegatecalls or selfdestruct exist, and token call success is moderately verified. I’ll report no findings per instructions.
[codex:729666] thinking
[codex:729666] **Preparing final JSON response**
[codex:729666] codex
[codex:729666] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the runtime bytecode. The only reachable external actions are two owner-gated sweep functions (ERC20 balanceOf/transfer and ETH transfer) guarded by a hardcoded CALLER check, with no delegatecall/selfdestruct or bypassable access control visible.","findings":[]}
[codex:729666] tokens used
[codex:729666] 23,490
[codex:729666] {"no_findings":true,"summary":"No concrete, exploitable profit path identified from the runtime bytecode. The only reachable external actions are two owner-gated sweep functions (ERC20 balanceOf/transfer and ETH transfer) guarded by a hardcoded CALLER check, with no delegatecall/selfdestruct or bypassable access control visible.","findings":[]}
{
"codex": {
"ran_at": "2026-01-01T16:42:46.307180+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable profit path identified from the runtime bytecode. The only reachable external actions are two owner-gated sweep functions (ERC20 balanceOf/transfer and ETH transfer) guarded by a hardcoded CALLER check, with no delegatecall/selfdestruct or bypassable access control visible.",
"raw_final": {
"summary": "No concrete, exploitable profit path identified from the runtime bytecode. The only reachable external actions are two owner-gated sweep functions (ERC20 balanceOf/transfer and ETH transfer) guarded by a hardcoded CALLER check, with no delegatecall/selfdestruct or bypassable access control visible.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x002d 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x75e68502 00000019: EQ 0000001a: PUSH2 0x0036 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0xcbbf7280 00000024: EQ 00000025: PUSH2 0x007e 00000028: JUMPI 00000029: PUSH2 0x0034 0000002c: JUMP 0000002d: JUMPDEST 0000002e: CALLDATASIZE 0000002f: PUSH2 0x0034 00000032: JUMPI 00000033: STOP 00000034: JUMPDEST 00000035: STOP 00000036: JUMPDEST 00000037: CALLVALUE 00000038: DUP1 00000039: ISZERO 0000003a: PUSH2 0x0042 0000003d: JUMPI 0000003e: PUSH1 0x00 00000040: DUP1 00000041: REVERT 00000042: JUMPDEST 00000043: POP 00000044: PUSH2 0x0034 00000047: PUSH1 0x04 00000049: DUP1 0000004a: CALLDATASIZE 0000004b: SUB 0000004c: PUSH1 0x40 0000004e: DUP2 0000004f: LT 00000050: ISZERO 00000051: PUSH2 0x0059 00000054: JUMPI 00000055: PUSH1 0x00 00000057: DUP1 00000058: REVERT 00000059: JUMPDEST 0000005a: POP 0000005b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000070: DUP2 00000071: CALLDATALOAD 00000072: DUP2 00000073: AND 00000074: SWAP2 00000075: PUSH1 0x20 00000077: ADD 00000078: CALLDATALOAD 00000079: AND 0000007a: PUSH2 0x00be 0000007d: JUMP 0000007e: JUMPDEST 0000007f: CALLVALUE 00000080: DUP1 00000081: ISZERO 00000082: PUSH2 0x008a 00000085: JUMPI 00000086: PUSH1 0x00 00000088: DUP1 00000089: REVERT 0000008a: JUMPDEST 0000008b: POP 0000008c: PUSH2 0x0034 0000008f: PUSH1 0x04 00000091: DUP1 00000092: CALLDATASIZE 00000093: SUB 00000094: PUSH1 0x20 00000096: DUP2 00000097: LT 00000098: ISZERO 00000099: PUSH2 0x00a1 0000009c: JUMPI 0000009d: PUSH1 0x00 0000009f: DUP1 000000a0: REVERT 000000a1: JUMPDEST 000000a2: POP 000000a3: CALLDATALOAD 000000a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000b9: AND 000000ba: PUSH2 0x028b 000000bd: JUMP 000000be: JUMPDEST 000000bf: CALLER 000000c0: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0 000000d5: EQ 000000d6: PUSH2 0x0140 000000d9: JUMPI 000000da: PUSH1 0x40 000000dc: DUP1 000000dd: MLOAD 000000de: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000000ff: DUP2 00000100: MSTORE 00000101: PUSH1 0x20 00000103: PUSH1 0x04 00000105: DUP3 00000106: ADD 00000107: MSTORE 00000108: PUSH1 0x16 0000010a: PUSH1 0x24 0000010c: DUP3 0000010d: ADD 0000010e: MSTORE 0000010f: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000 00000130: PUSH1 0x44 00000132: DUP3 00000133: ADD 00000134: MSTORE 00000135: SWAP1 00000136: MLOAD 00000137: SWAP1 00000138: DUP2 00000139: SWAP1 0000013a: SUB 0000013b: PUSH1 0x64 0000013d: ADD 0000013e: SWAP1 0000013f: REVERT 00000140: JUMPDEST 00000141: PUSH1 0x40 00000143: DUP1 00000144: MLOAD 00000145: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000 00000166: DUP2 00000167: MSTORE 00000168: ADDRESS 00000169: PUSH1 0x04 0000016b: DUP3 0000016c: ADD 0000016d: MSTORE 0000016e: SWAP1 0000016f: MLOAD 00000170: DUP4 00000171: SWAP2 00000172: PUSH1 0x00 00000174: SWAP2 00000175: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000018a: DUP5 0000018b: AND 0000018c: SWAP2 0000018d: PUSH4 0x70a08231 00000192: SWAP2 00000193: PUSH1 0x24 00000195: DUP1 00000196: DUP4 00000197: ADD 00000198: SWAP3 00000199: PUSH1 0x20 0000019b: SWAP3 0000019c: SWAP2 0000019d: SWAP1 0000019e: DUP3 0000019f: SWAP1 000001a0: SUB 000001a1: ADD 000001a2: DUP2 000001a3: DUP7 000001a4: DUP1 000001a5: EXTCODESIZE 000001a6: ISZERO 000001a7: DUP1 000001a8: ISZERO 000001a9: PUSH2 0x01b1 000001ac: JUMPI 000001ad: PUSH1 0x00 000001af: DUP1 000001b0: REVERT 000001b1: JUMPDEST 000001b2: POP 000001b3: GAS 000001b4: STATICCALL 000001b5: ISZERO 000001b6: DUP1 000001b7: ISZERO 000001b8: PUSH2 0x01c5 000001bb: JUMPI 000001bc: RETURNDATASIZE 000001bd: PUSH1 0x00 000001bf: DUP1 000001c0: RETURNDATACOPY 000001c1: RETURNDATASIZE 000001c2: PUSH1 0x00 000001c4: REVERT 000001c5: JUMPDEST 000001c6: POP 000001c7: POP 000001c8: POP 000001c9: POP 000001ca: PUSH1 0x40 000001cc: MLOAD 000001cd: RETURNDATASIZE 000001ce: PUSH1 0x20 000001d0: DUP2 000001d1: LT 000001d2: ISZERO 000001d3: PUSH2 0x01db 000001d6: JUMPI 000001d7: PUSH1 0x00 000001d9: DUP1 000001da: REVERT 000001db: JUMPDEST 000001dc: POP 000001dd: MLOAD 000001de: PUSH1 0x40 000001e0: DUP1 000001e1: MLOAD 000001e2: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 00000203: DUP2 00000204: MSTORE 00000205: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 0000021a: DUP7 0000021b: DUP2 0000021c: AND 0000021d: PUSH1 0x04 0000021f: DUP4 00000220: ADD 00000221: MSTORE 00000222: PUSH1 0x24 00000224: DUP3 00000225: ADD 00000226: DUP5 00000227: SWAP1 00000228: MSTORE 00000229: SWAP2 0000022a: MLOAD 0000022b: SWAP3 0000022c: SWAP4 0000022d: POP 0000022e: SWAP1 0000022f: DUP5 00000230: AND 00000231: SWAP2 00000232: PUSH4 0xa9059cbb 00000237: SWAP2 00000238: PUSH1 0x44 0000023a: DUP1 0000023b: DUP3 0000023c: ADD 0000023d: SWAP3 0000023e: PUSH1 0x20 00000240: SWAP3 00000241: SWAP1 00000242: SWAP2 00000243: SWAP1 00000244: DUP3 00000245: SWAP1 00000246: SUB 00000247: ADD 00000248: DUP2 00000249: PUSH1 0x00 0000024b: DUP8 0000024c: DUP1 0000024d: EXTCODESIZE 0000024e: ISZERO 0000024f: DUP1 00000250: ISZERO 00000251: PUSH2 0x0259 00000254: JUMPI 00000255: PUSH1 0x00 00000257: DUP1 00000258: REVERT 00000259: JUMPDEST 0000025a: POP 0000025b: GAS 0000025c: CALL 0000025d: ISZERO 0000025e: DUP1 0000025f: ISZERO 00000260: PUSH2 0x026d 00000263: JUMPI 00000264: RETURNDATASIZE 00000265: PUSH1 0x00 00000267: DUP1 00000268: RETURNDATACOPY 00000269: RETURNDATASIZE 0000026a: PUSH1 0x00 0000026c: REVERT 0000026d: JUMPDEST 0000026e: POP 0000026f: POP 00000270: POP 00000271: POP 00000272: PUSH1 0x40 00000274: MLOAD 00000275: RETURNDATASIZE 00000276: PUSH1 0x20 00000278: DUP2 00000279: LT 0000027a: ISZERO 0000027b: PUSH2 0x0283 0000027e: JUMPI 0000027f: PUSH1 0x00 00000281: DUP1 00000282: REVERT 00000283: JUMPDEST 00000284: POP 00000285: POP 00000286: POP 00000287: POP 00000288: POP 00000289: POP 0000028a: JUMP 0000028b: JUMPDEST 0000028c: CALLER 0000028d: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0 000002a2: EQ 000002a3: PUSH2 0x030d 000002a6: JUMPI 000002a7: PUSH1 0x40 000002a9: DUP1 000002aa: MLOAD 000002ab: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 000002cc: DUP2 000002cd: MSTORE 000002ce: PUSH1 0x20 000002d0: PUSH1 0x04 000002d2: DUP3 000002d3: ADD 000002d4: MSTORE 000002d5: PUSH1 0x16 000002d7: PUSH1 0x24 000002d9: DUP3 000002da: ADD 000002db: MSTORE 000002dc: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000 000002fd: PUSH1 0x44 000002ff: DUP3 00000300: ADD 00000301: MSTORE 00000302: SWAP1 00000303: MLOAD 00000304: SWAP1 00000305: DUP2 00000306: SWAP1 00000307: SUB 00000308: PUSH1 0x64 0000030a: ADD 0000030b: SWAP1 0000030c: REVERT 0000030d: JUMPDEST 0000030e: PUSH1 0x40 00000310: MLOAD 00000311: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000326: DUP3 00000327: AND 00000328: SWAP1 00000329: SELFBALANCE 0000032a: DUP1 0000032b: ISZERO 0000032c: PUSH2 0x08fc 0000032f: MUL 00000330: SWAP2 00000331: PUSH1 0x00 00000333: DUP2 00000334: DUP2 00000335: DUP2 00000336: DUP6 00000337: DUP9 00000338: DUP9 00000339: CALL 0000033a: SWAP4 0000033b: POP 0000033c: POP 0000033d: POP 0000033e: POP 0000033f: ISZERO 00000340: DUP1 00000341: ISZERO 00000342: PUSH2 0x034f 00000345: JUMPI 00000346: RETURNDATASIZE 00000347: PUSH1 0x00 00000349: DUP1 0000034a: RETURNDATACOPY 0000034b: RETURNDATASIZE 0000034c: PUSH1 0x00 0000034e: REVERT 0000034f: JUMPDEST 00000350: POP 00000351: POP 00000352: JUMP 00000353: INVALID 00000354: LOG1 00000355: PUSH5 0x736f6c6343 0000035b: STOP 0000035c: MOD 0000035d: UNKNOWN(0x0C) 0000035e: STOP 0000035f: EXP
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x3ce97fd5c0ad552b015e08a131f365fbc54b01d68b74391ea9136ef299abe1cb
call_targets:
0xebec795c9c8bbd61ffc14a6662944748f299cacf
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x3ce97fd5c0ad552b015e08a131f365fbc54b01d68b74391ea9136ef299abe1cb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xebec795c9c8bbd61ffc14a6662944748f299cacf"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x75e68502",
"selector": "0x75e68502",
"calldata_variants": [
"0x75e68502",
"0x75e685020000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcbbf7280",
"selector": "0xcbbf7280",
"calldata_variants": [
"0xcbbf7280",
"0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 825,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [
{
"pc": 213,
"type": "msg_sender_eq_const",
"value": 2.1970430717470183e+47
},
{
"pc": 674,
"type": "msg_sender_eq_const",
"value": 2.1970430717470183e+47
},
{
"pc": 191,
"type": "msg_sender_eq_const",
"value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
},
{
"pc": 652,
"type": "msg_sender_eq_const",
"value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
}
],
"untrusted_call_count": 2
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x3ce97fd5c0ad552b015e08a131f365fbc54b01d68b74391ea9136ef299abe1cb
call_targets:
0xebec795c9c8bbd61ffc14a6662944748f299cacf
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x3ce97fd5c0ad552b015e08a131f365fbc54b01d68b74391ea9136ef299abe1cb",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0xebec795c9c8bbd61ffc14a6662944748f299cacf"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x75e68502",
"selector": "0x75e68502",
"calldata_variants": [
"0x75e68502",
"0x75e685020000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xcbbf7280",
"selector": "0xcbbf7280",
"calldata_variants": [
"0xcbbf7280",
"0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 604,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 825,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": [
{
"pc": 213,
"type": "msg_sender_eq_const",
"value": 2.1970430717470183e+47
},
{
"pc": 674,
"type": "msg_sender_eq_const",
"value": 2.1970430717470183e+47
},
{
"pc": 191,
"type": "msg_sender_eq_const",
"value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
},
{
"pc": 652,
"type": "msg_sender_eq_const",
"value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
}
]
}
|