e9e0cb91-2158-43b3-9308-57eb20f7dfad
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 30447 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 110480 | artifact.fetch | failed | 1 / 3 | 1 week ago |
| 110481 | tool.cast_disasm | complete | 1 / 3 | 1 week ago |
| 110482 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 110483 | capability.graph | complete | 1 / 3 | 1 week ago |
| 110484 | detector.run | complete | 1 / 3 | 1 week ago |
| 110485 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
[codex:589119] OpenAI Codex v0.77.0 (research preview)
[codex:589119] --------
[codex:589119] workdir: /tmp/codex-multi-e3f_gyd2
[codex:589119] model: gpt-5.2-codex
[codex:589119] provider: openai
[codex:589119] approval: never
[codex:589119] sandbox: read-only
[codex:589119] reasoning effort: xhigh
[codex:589119] reasoning summaries: auto
[codex:589119] session id: 019b68c7-a3dd-7c71-9029-5f3d09d8de02
[codex:589119] --------
[codex:589119] user
[codex:589119] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:589119] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:589119] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:589119]
[codex:589119] Scope rules:
[codex:589119] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:589119] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:589119]
[codex:589119] Output MUST be valid JSON matching the provided schema.
[codex:589119] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:589119] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:589119]
[codex:589119] Output constraints (IMPORTANT):
[codex:589119] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:589119] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:589119] mcp startup: no servers
[codex:589119]
[codex:589119] thinking
[codex:589119] **Preparing to read AUDIT_BUNDLE.txt**
[codex:589119] exec
[codex:589119] /bin/bash -lc ls in /tmp/codex-multi-e3f_gyd2 succeeded in 5ms:
[codex:589119] AUDIT_BUNDLE.txt
[codex:589119] codex-output-schema.json
[codex:589119] contracts
[codex:589119] exec
[codex:589119] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-e3f_gyd2 succeeded in 6ms:
[codex:589119] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:589119]
[codex:589119] ================================================================================
[codex:589119] FILE: contracts/Contract.sol
[codex:589119] ================================================================================
[codex:589119] // SPDX-License-Identifier: MIT
[codex:589119]
[codex:589119] pragma solidity =0.7.6;
[codex:589119]
[codex:589119]
[codex:589119]
[codex:589119]
[codex:589119]
[codex:589119] interface IERC20 {
[codex:589119] function totalSupply() external view returns (uint256 supply);
[codex:589119]
[codex:589119] function balanceOf(address _owner) external view returns (uint256 balance);
[codex:589119]
[codex:589119] function transfer(address _to, uint256 _value) external returns (bool success);
[codex:589119]
[codex:589119]
[codex:589119] thinking
[codex:589119] **Reviewing FeeReceiver contract risks and design**
[codex:589119]
[codex:589119] I've audited the FeeReceiver contract focusing on admin-only functions, reentrancy concerns, token approvals, and constructor logic. The main issue I see is the unlimited approval given to the external botRefill contract, which poses a trust and centralization risk if that contract is compromised. There’s also an unchecked return on the approve call in the constructor, which could cause silent failure though likely not exploitable with standard tokens like DAI/WETH. Reentrancy risks seem minimal since only the admin address (a constant) can trigger sensitive functions, but the design assumes the admin key or contract can't be malicious or compromised. Overall, no exploitable vulnerabilities stand out, but the admin’s fixed address and unlimited approvals create operational risks worth noting.
[codex:589119] exec
[codex:589119] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-e3f_gyd2 succeeded in 5ms:
[codex:589119] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:589119]
[codex:589119] thinking
[codex:589119] **Summarizing security analysis**
[codex:589119] codex
[codex:589119] {"no_findings":true,"summary":"No exploitable vulnerabilities found in first-party code. Residual trust assumptions: the hardcoded ADMIN_ADDR can move all assets, and the constructor grants unlimited DAI/WETH allowance to the external botRefill contract.","findings":[]}
[codex:589119] tokens used
[codex:589119] 11,286
[codex:589119] {"no_findings":true,"summary":"No exploitable vulnerabilities found in first-party code. Residual trust assumptions: the hardcoded ADMIN_ADDR can move all assets, and the constructor grants unlimited DAI/WETH allowance to the external botRefill contract.","findings":[]}
{
"codex": {
"ran_at": "2025-12-29T06:25:48.667397+00:00",
"returncode": 0
},
"summary": "No exploitable vulnerabilities found in first-party code. Residual trust assumptions: the hardcoded ADMIN_ADDR can move all assets, and the constructor grants unlimited DAI/WETH allowance to the external botRefill contract.",
"raw_final": {
"summary": "No exploitable vulnerabilities found in first-party code. Residual trust assumptions: the hardcoded ADMIN_ADDR can move all assets, and the constructor grants unlimited DAI/WETH allowance to the external botRefill contract.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x0069 0000000c: JUMPI 0000000d: PUSH1 0x00 0000000f: CALLDATALOAD 00000010: PUSH1 0xe0 00000012: SHR 00000013: DUP1 00000014: PUSH4 0x82dfc5f7 00000019: GT 0000001a: PUSH2 0x0043 0000001d: JUMPI 0000001e: DUP1 0000001f: PUSH4 0x82dfc5f7 00000024: EQ 00000025: PUSH2 0x0131 00000028: JUMPI 00000029: DUP1 0000002a: PUSH4 0xb11569f5 0000002f: EQ 00000030: PUSH2 0x0162 00000033: JUMPI 00000034: DUP1 00000035: PUSH4 0xd95393eb 0000003a: EQ 0000003b: PUSH2 0x0177 0000003e: JUMPI 0000003f: PUSH2 0x0070 00000042: JUMP 00000043: JUMPDEST 00000044: DUP1 00000045: PUSH4 0x01e33667 0000004a: EQ 0000004b: PUSH2 0x0072 0000004e: JUMPI 0000004f: DUP1 00000050: PUSH4 0x1b9a91a4 00000055: EQ 00000056: PUSH2 0x00b5 00000059: JUMPI 0000005a: DUP1 0000005b: PUSH4 0x560706da 00000060: EQ 00000061: PUSH2 0x00ee 00000064: JUMPI 00000065: PUSH2 0x0070 00000068: JUMP 00000069: JUMPDEST 0000006a: CALLDATASIZE 0000006b: PUSH2 0x0070 0000006e: JUMPI 0000006f: STOP 00000070: JUMPDEST 00000071: STOP 00000072: JUMPDEST 00000073: CALLVALUE 00000074: DUP1 00000075: ISZERO 00000076: PUSH2 0x007e 00000079: JUMPI 0000007a: PUSH1 0x00 0000007c: DUP1 0000007d: REVERT 0000007e: JUMPDEST 0000007f: POP 00000080: PUSH2 0x0070 00000083: PUSH1 0x04 00000085: DUP1 00000086: CALLDATASIZE 00000087: SUB 00000088: PUSH1 0x60 0000008a: DUP2 0000008b: LT 0000008c: ISZERO 0000008d: PUSH2 0x0095 00000090: JUMPI 00000091: PUSH1 0x00 00000093: DUP1 00000094: REVERT 00000095: JUMPDEST 00000096: POP 00000097: PUSH1 0x01 00000099: PUSH1 0x01 0000009b: PUSH1 0xa0 0000009d: SHL 0000009e: SUB 0000009f: DUP2 000000a0: CALLDATALOAD 000000a1: DUP2 000000a2: AND 000000a3: SWAP2 000000a4: PUSH1 0x20 000000a6: DUP2 000000a7: ADD 000000a8: CALLDATALOAD 000000a9: SWAP1 000000aa: SWAP2 000000ab: AND 000000ac: SWAP1 000000ad: PUSH1 0x40 000000af: ADD 000000b0: CALLDATALOAD 000000b1: PUSH2 0x018c 000000b4: JUMP 000000b5: JUMPDEST 000000b6: CALLVALUE 000000b7: DUP1 000000b8: ISZERO 000000b9: PUSH2 0x00c1 000000bc: JUMPI 000000bd: PUSH1 0x00 000000bf: DUP1 000000c0: REVERT 000000c1: JUMPDEST 000000c2: POP 000000c3: PUSH2 0x0070 000000c6: PUSH1 0x04 000000c8: DUP1 000000c9: CALLDATASIZE 000000ca: SUB 000000cb: PUSH1 0x40 000000cd: DUP2 000000ce: LT 000000cf: ISZERO 000000d0: PUSH2 0x00d8 000000d3: JUMPI 000000d4: PUSH1 0x00 000000d6: DUP1 000000d7: REVERT 000000d8: JUMPDEST 000000d9: POP 000000da: PUSH1 0x01 000000dc: PUSH1 0x01 000000de: PUSH1 0xa0 000000e0: SHL 000000e1: SUB 000000e2: DUP2 000000e3: CALLDATALOAD 000000e4: AND 000000e5: SWAP1 000000e6: PUSH1 0x20 000000e8: ADD 000000e9: CALLDATALOAD 000000ea: PUSH2 0x028d 000000ed: JUMP 000000ee: JUMPDEST 000000ef: CALLVALUE 000000f0: DUP1 000000f1: ISZERO 000000f2: PUSH2 0x00fa 000000f5: JUMPI 000000f6: PUSH1 0x00 000000f8: DUP1 000000f9: REVERT 000000fa: JUMPDEST 000000fb: POP 000000fc: PUSH2 0x0070 000000ff: PUSH1 0x04 00000101: DUP1 00000102: CALLDATASIZE 00000103: SUB 00000104: PUSH1 0x60 00000106: DUP2 00000107: LT 00000108: ISZERO 00000109: PUSH2 0x0111 0000010c: JUMPI 0000010d: PUSH1 0x00 0000010f: DUP1 00000110: REVERT 00000111: JUMPDEST 00000112: POP 00000113: PUSH1 0x01 00000115: PUSH1 0x01 00000117: PUSH1 0xa0 00000119: SHL 0000011a: SUB 0000011b: DUP2 0000011c: CALLDATALOAD 0000011d: DUP2 0000011e: AND 0000011f: SWAP2 00000120: PUSH1 0x20 00000122: DUP2 00000123: ADD 00000124: CALLDATALOAD 00000125: SWAP1 00000126: SWAP2 00000127: AND 00000128: SWAP1 00000129: PUSH1 0x40 0000012b: ADD 0000012c: CALLDATALOAD 0000012d: PUSH2 0x0390 00000130: JUMP 00000131: JUMPDEST 00000132: CALLVALUE 00000133: DUP1 00000134: ISZERO 00000135: PUSH2 0x013d 00000138: JUMPI 00000139: PUSH1 0x00 0000013b: DUP1 0000013c: REVERT 0000013d: JUMPDEST 0000013e: POP 0000013f: PUSH2 0x0146 00000142: PUSH2 0x03f9 00000145: JUMP 00000146: JUMPDEST 00000147: PUSH1 0x40 00000149: DUP1 0000014a: MLOAD 0000014b: PUSH1 0x01 0000014d: PUSH1 0x01 0000014f: PUSH1 0xa0 00000151: SHL 00000152: SUB 00000153: SWAP1 00000154: SWAP3 00000155: AND 00000156: DUP3 00000157: MSTORE 00000158: MLOAD 00000159: SWAP1 0000015a: DUP2 0000015b: SWAP1 0000015c: SUB 0000015d: PUSH1 0x20 0000015f: ADD 00000160: SWAP1 00000161: RETURN 00000162: JUMPDEST 00000163: CALLVALUE 00000164: DUP1 00000165: ISZERO 00000166: PUSH2 0x016e 00000169: JUMPI 0000016a: PUSH1 0x00 0000016c: DUP1 0000016d: REVERT 0000016e: JUMPDEST 0000016f: POP 00000170: PUSH2 0x0146 00000173: PUSH2 0x0411 00000176: JUMP 00000177: JUMPDEST 00000178: CALLVALUE 00000179: DUP1 0000017a: ISZERO 0000017b: PUSH2 0x0183 0000017e: JUMPI 0000017f: PUSH1 0x00 00000181: DUP1 00000182: REVERT 00000183: JUMPDEST 00000184: POP 00000185: PUSH2 0x0146 00000188: PUSH2 0x0429 0000018b: JUMP 0000018c: JUMPDEST 0000018d: CALLER 0000018e: PUSH20 0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06 000001a3: EQ 000001a4: PUSH2 0x01e1 000001a7: JUMPI 000001a8: PUSH1 0x40 000001aa: DUP1 000001ab: MLOAD 000001ac: PUSH3 0x461bcd 000001b0: PUSH1 0xe5 000001b2: SHL 000001b3: DUP2 000001b4: MSTORE 000001b5: PUSH1 0x20 000001b7: PUSH1 0x04 000001b9: DUP3 000001ba: ADD 000001bb: MSTORE 000001bc: PUSH1 0x0a 000001be: PUSH1 0x24 000001c0: DUP3 000001c1: ADD 000001c2: MSTORE 000001c3: PUSH10 0x27b7363c9020b236b4b7 000001ce: PUSH1 0xb1 000001d0: SHL 000001d1: PUSH1 0x44 000001d3: DUP3 000001d4: ADD 000001d5: MSTORE 000001d6: SWAP1 000001d7: MLOAD 000001d8: SWAP1 000001d9: DUP2 000001da: SWAP1 000001db: SUB 000001dc: PUSH1 0x64 000001de: ADD 000001df: SWAP1 000001e0: REVERT 000001e1: JUMPDEST 000001e2: DUP1 000001e3: PUSH2 0x0274 000001e6: JUMPI 000001e7: PUSH1 0x40 000001e9: DUP1 000001ea: MLOAD 000001eb: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000 0000020c: DUP2 0000020d: MSTORE 0000020e: ADDRESS 0000020f: PUSH1 0x04 00000211: DUP3 00000212: ADD 00000213: MSTORE 00000214: SWAP1 00000215: MLOAD 00000216: PUSH1 0x01 00000218: PUSH1 0x01 0000021a: PUSH1 0xa0 0000021c: SHL 0000021d: SUB 0000021e: DUP6 0000021f: AND 00000220: SWAP2 00000221: PUSH4 0x70a08231 00000226: SWAP2 00000227: PUSH1 0x24 00000229: DUP1 0000022a: DUP4 0000022b: ADD 0000022c: SWAP3 0000022d: PUSH1 0x20 0000022f: SWAP3 00000230: SWAP2 00000231: SWAP1 00000232: DUP3 00000233: SWAP1 00000234: SUB 00000235: ADD 00000236: DUP2 00000237: DUP7 00000238: DUP1 00000239: EXTCODESIZE 0000023a: ISZERO 0000023b: DUP1 0000023c: ISZERO 0000023d: PUSH2 0x0245 00000240: JUMPI 00000241: PUSH1 0x00 00000243: DUP1 00000244: REVERT 00000245: JUMPDEST 00000246: POP 00000247: GAS 00000248: STATICCALL 00000249: ISZERO 0000024a: DUP1 0000024b: ISZERO 0000024c: PUSH2 0x0259 0000024f: JUMPI 00000250: RETURNDATASIZE 00000251: PUSH1 0x00 00000253: DUP1 00000254: RETURNDATACOPY 00000255: RETURNDATASIZE 00000256: PUSH1 0x00 00000258: REVERT 00000259: JUMPDEST 0000025a: POP 0000025b: POP 0000025c: POP 0000025d: POP 0000025e: PUSH1 0x40 00000260: MLOAD 00000261: RETURNDATASIZE 00000262: PUSH1 0x20 00000264: DUP2 00000265: LT 00000266: ISZERO 00000267: PUSH2 0x026f 0000026a: JUMPI 0000026b: PUSH1 0x00 0000026d: DUP1 0000026e: REVERT 0000026f: JUMPDEST 00000270: POP 00000271: MLOAD 00000272: SWAP1 00000273: POP 00000274: JUMPDEST 00000275: PUSH2 0x0288 00000278: PUSH1 0x01 0000027a: PUSH1 0x01 0000027c: PUSH1 0xa0 0000027e: SHL 0000027f: SUB 00000280: DUP5 00000281: AND 00000282: DUP4 00000283: DUP4 00000284: PUSH2 0x0441 00000287: JUMP 00000288: JUMPDEST 00000289: POP 0000028a: POP 0000028b: POP 0000028c: JUMP 0000028d: JUMPDEST 0000028e: CALLER 0000028f: PUSH20 0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06 000002a4: EQ 000002a5: PUSH2 0x02e2 000002a8: JUMPI 000002a9: PUSH1 0x40 000002ab: DUP1 000002ac: MLOAD 000002ad: PUSH3 0x461bcd 000002b1: PUSH1 0xe5 000002b3: SHL 000002b4: DUP2 000002b5: MSTORE 000002b6: PUSH1 0x20 000002b8: PUSH1 0x04 000002ba: DUP3 000002bb: ADD 000002bc: MSTORE 000002bd: PUSH1 0x0a 000002bf: PUSH1 0x24 000002c1: DUP3 000002c2: ADD 000002c3: MSTORE 000002c4: PUSH10 0x27b7363c9020b236b4b7 000002cf: PUSH1 0xb1 000002d1: SHL 000002d2: PUSH1 0x44 000002d4: DUP3 000002d5: ADD 000002d6: MSTORE 000002d7: SWAP1 000002d8: MLOAD 000002d9: SWAP1 000002da: DUP2 000002db: SWAP1 000002dc: SUB 000002dd: PUSH1 0x64 000002df: ADD 000002e0: SWAP1 000002e1: REVERT 000002e2: JUMPDEST 000002e3: DUP1 000002e4: PUSH2 0x02ea 000002e7: JUMPI 000002e8: POP 000002e9: SELFBALANCE 000002ea: JUMPDEST 000002eb: PUSH1 0x40 000002ed: MLOAD 000002ee: PUSH1 0x00 000002f0: SWAP1 000002f1: PUSH1 0x01 000002f3: PUSH1 0x01 000002f5: PUSH1 0xa0 000002f7: SHL 000002f8: SUB 000002f9: DUP5 000002fa: AND 000002fb: SWAP1 000002fc: DUP4 000002fd: SWAP1 000002fe: DUP4 000002ff: DUP2 00000300: DUP2 00000301: DUP2 00000302: DUP6 00000303: DUP8 00000304: GAS 00000305: CALL 00000306: SWAP3 00000307: POP 00000308: POP 00000309: POP 0000030a: RETURNDATASIZE 0000030b: DUP1 0000030c: PUSH1 0x00 0000030e: DUP2 0000030f: EQ 00000310: PUSH2 0x0335 00000313: JUMPI 00000314: PUSH1 0x40 00000316: MLOAD 00000317: SWAP2 00000318: POP 00000319: PUSH1 0x1f 0000031b: NOT 0000031c: PUSH1 0x3f 0000031e: RETURNDATASIZE 0000031f: ADD 00000320: AND 00000321: DUP3 00000322: ADD 00000323: PUSH1 0x40 00000325: MSTORE 00000326: RETURNDATASIZE 00000327: DUP3 00000328: MSTORE 00000329: RETURNDATASIZE 0000032a: PUSH1 0x00 0000032c: PUSH1 0x20 0000032e: DUP5 0000032f: ADD 00000330: RETURNDATACOPY 00000331: PUSH2 0x033a 00000334: JUMP 00000335: JUMPDEST 00000336: PUSH1 0x60 00000338: SWAP2 00000339: POP 0000033a: JUMPDEST 0000033b: POP 0000033c: POP 0000033d: SWAP1 0000033e: POP 0000033f: DUP1 00000340: PUSH2 0x0288 00000343: JUMPI 00000344: PUSH1 0x40 00000346: DUP1 00000347: MLOAD 00000348: PUSH3 0x461bcd 0000034c: PUSH1 0xe5 0000034e: SHL 0000034f: DUP2 00000350: MSTORE 00000351: PUSH1 0x20 00000353: PUSH1 0x04 00000355: DUP3 00000356: ADD 00000357: MSTORE 00000358: PUSH1 0x0f 0000035a: PUSH1 0x24 0000035c: DUP3 0000035d: ADD 0000035e: MSTORE 0000035f: PUSH32 0x4574682073656e64206661696c65640000000000000000000000000000000000 00000380: PUSH1 0x44 00000382: DUP3 00000383: ADD 00000384: MSTORE 00000385: SWAP1 00000386: MLOAD 00000387: SWAP1 00000388: DUP2 00000389: SWAP1 0000038a: SUB 0000038b: PUSH1 0x64 0000038d: ADD 0000038e: SWAP1 0000038f: REVERT 00000390: JUMPDEST 00000391: CALLER 00000392: PUSH20 0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06 000003a7: EQ 000003a8: PUSH2 0x03e5 000003ab: JUMPI 000003ac: PUSH1 0x40 000003ae: DUP1 000003af: MLOAD 000003b0: PUSH3 0x461bcd 000003b4: PUSH1 0xe5 000003b6: SHL 000003b7: DUP2 000003b8: MSTORE 000003b9: PUSH1 0x20 000003bb: PUSH1 0x04 000003bd: DUP3 000003be: ADD 000003bf: MSTORE 000003c0: PUSH1 0x0a 000003c2: PUSH1 0x24 000003c4: DUP3 000003c5: ADD 000003c6: MSTORE 000003c7: PUSH10 0x27b7363c9020b236b4b7 000003d2: PUSH1 0xb1 000003d4: SHL 000003d5: PUSH1 0x44 000003d7: DUP3 000003d8: ADD 000003d9: MSTORE 000003da: SWAP1 000003db: MLOAD 000003dc: SWAP1 000003dd: DUP2 000003de: SWAP1 000003df: SUB 000003e0: PUSH1 0x64 000003e2: ADD 000003e3: SWAP1 000003e4: REVERT 000003e5: JUMPDEST 000003e6: PUSH2 0x0288 000003e9: PUSH1 0x01 000003eb: PUSH1 0x01 000003ed: PUSH1 0xa0 000003ef: SHL 000003f0: SUB 000003f1: DUP5 000003f2: AND 000003f3: DUP4 000003f4: DUP4 000003f5: PUSH2 0x04ac 000003f8: JUMP 000003f9: JUMPDEST 000003fa: PUSH20 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2 0000040f: DUP2 00000410: JUMP 00000411: JUMPDEST 00000412: PUSH20 0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06 00000427: DUP2 00000428: JUMP 00000429: JUMPDEST 0000042a: PUSH20 0x6b175474e89094c44da98b954eedeac495271d0f 0000043f: DUP2 00000440: JUMP 00000441: JUMPDEST 00000442: PUSH1 0x40 00000444: DUP1 00000445: MLOAD 00000446: PUSH1 0x01 00000448: PUSH1 0x01 0000044a: PUSH1 0xa0 0000044c: SHL 0000044d: SUB 0000044e: DUP5 0000044f: AND 00000450: PUSH1 0x24 00000452: DUP3 00000453: ADD 00000454: MSTORE 00000455: PUSH1 0x44 00000457: DUP1 00000458: DUP3 00000459: ADD 0000045a: DUP5 0000045b: SWAP1 0000045c: MSTORE 0000045d: DUP3 0000045e: MLOAD 0000045f: DUP1 00000460: DUP4 00000461: SUB 00000462: SWAP1 00000463: SWAP2 00000464: ADD 00000465: DUP2 00000466: MSTORE 00000467: PUSH1 0x64 00000469: SWAP1 0000046a: SWAP2 0000046b: ADD 0000046c: SWAP1 0000046d: SWAP2 0000046e: MSTORE 0000046f: PUSH1 0x20 00000471: DUP2 00000472: ADD 00000473: DUP1 00000474: MLOAD 00000475: PUSH1 0x01 00000477: PUSH1 0x01 00000479: PUSH1 0xe0 0000047b: SHL 0000047c: SUB 0000047d: AND 0000047e: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000 0000049f: OR 000004a0: SWAP1 000004a1: MSTORE 000004a2: PUSH2 0x0288 000004a5: SWAP1 000004a6: DUP5 000004a7: SWAP1 000004a8: PUSH2 0x054f 000004ab: JUMP 000004ac: JUMPDEST 000004ad: PUSH1 0x40 000004af: DUP1 000004b0: MLOAD 000004b1: PUSH1 0x01 000004b3: PUSH1 0x01 000004b5: PUSH1 0xa0 000004b7: SHL 000004b8: SUB 000004b9: DUP5 000004ba: AND 000004bb: PUSH1 0x24 000004bd: DUP3 000004be: ADD 000004bf: MSTORE 000004c0: PUSH1 0x00 000004c2: PUSH1 0x44 000004c4: DUP1 000004c5: DUP4 000004c6: ADD 000004c7: SWAP2 000004c8: SWAP1 000004c9: SWAP2 000004ca: MSTORE 000004cb: DUP3 000004cc: MLOAD 000004cd: DUP1 000004ce: DUP4 000004cf: SUB 000004d0: SWAP1 000004d1: SWAP2 000004d2: ADD 000004d3: DUP2 000004d4: MSTORE 000004d5: PUSH1 0x64 000004d7: SWAP1 000004d8: SWAP2 000004d9: ADD 000004da: SWAP1 000004db: SWAP2 000004dc: MSTORE 000004dd: PUSH1 0x20 000004df: DUP2 000004e0: ADD 000004e1: DUP1 000004e2: MLOAD 000004e3: PUSH1 0x01 000004e5: PUSH1 0x01 000004e7: PUSH1 0xe0 000004e9: SHL 000004ea: SUB 000004eb: AND 000004ec: PUSH4 0x095ea7b3 000004f1: PUSH1 0xe0 000004f3: SHL 000004f4: OR 000004f5: SWAP1 000004f6: MSTORE 000004f7: PUSH2 0x0501 000004fa: SWAP1 000004fb: DUP5 000004fc: SWAP1 000004fd: PUSH2 0x054f 00000500: JUMP 00000501: JUMPDEST 00000502: PUSH1 0x40 00000504: DUP1 00000505: MLOAD 00000506: PUSH1 0x01 00000508: PUSH1 0x01 0000050a: PUSH1 0xa0 0000050c: SHL 0000050d: SUB 0000050e: DUP5 0000050f: AND 00000510: PUSH1 0x24 00000512: DUP3 00000513: ADD 00000514: MSTORE 00000515: PUSH1 0x44 00000517: DUP1 00000518: DUP3 00000519: ADD 0000051a: DUP5 0000051b: SWAP1 0000051c: MSTORE 0000051d: DUP3 0000051e: MLOAD 0000051f: DUP1 00000520: DUP4 00000521: SUB 00000522: SWAP1 00000523: SWAP2 00000524: ADD 00000525: DUP2 00000526: MSTORE 00000527: PUSH1 0x64 00000529: SWAP1 0000052a: SWAP2 0000052b: ADD 0000052c: SWAP1 0000052d: SWAP2 0000052e: MSTORE 0000052f: PUSH1 0x20 00000531: DUP2 00000532: ADD 00000533: DUP1 00000534: MLOAD 00000535: PUSH1 0x01 00000537: PUSH1 0x01 00000539: PUSH1 0xe0 0000053b: SHL 0000053c: SUB 0000053d: AND 0000053e: PUSH4 0x095ea7b3 00000543: PUSH1 0xe0 00000545: SHL 00000546: OR 00000547: SWAP1 00000548: MSTORE 00000549: PUSH2 0x0288 0000054c: SWAP1 0000054d: DUP5 0000054e: SWAP1 0000054f: JUMPDEST 00000550: PUSH1 0x00 00000552: PUSH2 0x05a4 00000555: DUP3 00000556: PUSH1 0x40 00000558: MLOAD 00000559: DUP1 0000055a: PUSH1 0x40 0000055c: ADD 0000055d: PUSH1 0x40 0000055f: MSTORE 00000560: DUP1 00000561: PUSH1 0x20 00000563: DUP2 00000564: MSTORE 00000565: PUSH1 0x20 00000567: ADD 00000568: PUSH32 0x5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564 00000589: DUP2 0000058a: MSTORE 0000058b: POP 0000058c: DUP6 0000058d: PUSH1 0x01 0000058f: PUSH1 0x01 00000591: PUSH1 0xa0 00000593: SHL 00000594: SUB 00000595: AND 00000596: PUSH2 0x0600 00000599: SWAP1 0000059a: SWAP3 0000059b: SWAP2 0000059c: SWAP1 0000059d: PUSH4 0xffffffff 000005a2: AND 000005a3: JUMP 000005a4: JUMPDEST 000005a5: DUP1 000005a6: MLOAD 000005a7: SWAP1 000005a8: SWAP2 000005a9: POP 000005aa: ISZERO 000005ab: PUSH2 0x0288 000005ae: JUMPI 000005af: DUP1 000005b0: DUP1 000005b1: PUSH1 0x20 000005b3: ADD 000005b4: SWAP1 000005b5: MLOAD 000005b6: PUSH1 0x20 000005b8: DUP2 000005b9: LT 000005ba: ISZERO 000005bb: PUSH2 0x05c3 000005be: JUMPI 000005bf: PUSH1 0x00 000005c1: DUP1 000005c2: REVERT 000005c3: JUMPDEST 000005c4: POP 000005c5: MLOAD 000005c6: PUSH2 0x0288 000005c9: JUMPI 000005ca: PUSH1 0x40 000005cc: MLOAD 000005cd: PUSH3 0x461bcd 000005d1: PUSH1 0xe5 000005d3: SHL 000005d4: DUP2 000005d5: MSTORE 000005d6: PUSH1 0x04 000005d8: ADD 000005d9: DUP1 000005da: DUP1 000005db: PUSH1 0x20 000005dd: ADD 000005de: DUP3 000005df: DUP2 000005e0: SUB 000005e1: DUP3 000005e2: MSTORE 000005e3: PUSH1 0x2a 000005e5: DUP2 000005e6: MSTORE 000005e7: PUSH1 0x20 000005e9: ADD 000005ea: DUP1 000005eb: PUSH2 0x07fb 000005ee: PUSH1 0x2a 000005f0: SWAP2 000005f1: CODECOPY 000005f2: PUSH1 0x40 000005f4: ADD 000005f5: SWAP2 000005f6: POP 000005f7: POP 000005f8: PUSH1 0x40 000005fa: MLOAD 000005fb: DUP1 000005fc: SWAP2 000005fd: SUB 000005fe: SWAP1 000005ff: REVERT 00000600: JUMPDEST 00000601: PUSH1 0x60 00000603: PUSH2 0x060f 00000606: DUP5 00000607: DUP5 00000608: PUSH1 0x00 0000060a: DUP6 0000060b: PUSH2 0x0617 0000060e: JUMP 0000060f: JUMPDEST 00000610: SWAP5 00000611: SWAP4 00000612: POP 00000613: POP 00000614: POP 00000615: POP 00000616: JUMP 00000617: JUMPDEST 00000618: PUSH1 0x60 0000061a: PUSH2 0x0622 0000061d: DUP6 0000061e: PUSH2 0x07c1 00000621: JUMP 00000622: JUMPDEST 00000623: PUSH2 0x0673 00000626: JUMPI 00000627: PUSH1 0x40 00000629: DUP1 0000062a: MLOAD 0000062b: PUSH3 0x461bcd 0000062f: PUSH1 0xe5 00000631: SHL 00000632: DUP2 00000633: MSTORE 00000634: PUSH1 0x20 00000636: PUSH1 0x04 00000638: DUP3 00000639: ADD 0000063a: MSTORE 0000063b: PUSH1 0x1d 0000063d: PUSH1 0x24 0000063f: DUP3 00000640: ADD 00000641: MSTORE 00000642: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000 00000663: PUSH1 0x44 00000665: DUP3 00000666: ADD 00000667: MSTORE 00000668: SWAP1 00000669: MLOAD 0000066a: SWAP1 0000066b: DUP2 0000066c: SWAP1 0000066d: SUB 0000066e: PUSH1 0x64 00000670: ADD 00000671: SWAP1 00000672: REVERT 00000673: JUMPDEST 00000674: PUSH1 0x00 00000676: DUP1 00000677: DUP7 00000678: PUSH1 0x01 0000067a: PUSH1 0x01 0000067c: PUSH1 0xa0 0000067e: SHL 0000067f: SUB 00000680: AND 00000681: DUP6 00000682: DUP8 00000683: PUSH1 0x40 00000685: MLOAD 00000686: DUP1 00000687: DUP3 00000688: DUP1 00000689: MLOAD 0000068a: SWAP1 0000068b: PUSH1 0x20 0000068d: ADD 0000068e: SWAP1 0000068f: DUP1 00000690: DUP4 00000691: DUP4 00000692: JUMPDEST 00000693: PUSH1 0x20 00000695: DUP4 00000696: LT 00000697: PUSH2 0x06b1 0000069a: JUMPI 0000069b: DUP1 0000069c: MLOAD 0000069d: DUP3 0000069e: MSTORE 0000069f: PUSH1 0x1f 000006a1: NOT 000006a2: SWAP1 000006a3: SWAP3 000006a4: ADD 000006a5: SWAP2 000006a6: PUSH1 0x20 000006a8: SWAP2 000006a9: DUP3 000006aa: ADD 000006ab: SWAP2 000006ac: ADD 000006ad: PUSH2 0x0692 000006b0: JUMP 000006b1: JUMPDEST 000006b2: PUSH1 0x01 000006b4: DUP4 000006b5: PUSH1 0x20 000006b7: SUB 000006b8: PUSH2 0x0100 000006bb: EXP 000006bc: SUB 000006bd: DUP1 000006be: NOT 000006bf: DUP3 000006c0: MLOAD 000006c1: AND 000006c2: DUP2 000006c3: DUP5 000006c4: MLOAD 000006c5: AND 000006c6: DUP1 000006c7: DUP3 000006c8: OR 000006c9: DUP6 000006ca: MSTORE 000006cb: POP 000006cc: POP 000006cd: POP 000006ce: POP 000006cf: POP 000006d0: POP 000006d1: SWAP1 000006d2: POP 000006d3: ADD 000006d4: SWAP2 000006d5: POP 000006d6: POP 000006d7: PUSH1 0x00 000006d9: PUSH1 0x40 000006db: MLOAD 000006dc: DUP1 000006dd: DUP4 000006de: SUB 000006df: DUP2 000006e0: DUP6 000006e1: DUP8 000006e2: GAS 000006e3: CALL 000006e4: SWAP3 000006e5: POP 000006e6: POP 000006e7: POP 000006e8: RETURNDATASIZE 000006e9: DUP1 000006ea: PUSH1 0x00 000006ec: DUP2 000006ed: EQ 000006ee: PUSH2 0x0713 000006f1: JUMPI 000006f2: PUSH1 0x40 000006f4: MLOAD 000006f5: SWAP2 000006f6: POP 000006f7: PUSH1 0x1f 000006f9: NOT 000006fa: PUSH1 0x3f 000006fc: RETURNDATASIZE 000006fd: ADD 000006fe: AND 000006ff: DUP3 00000700: ADD 00000701: PUSH1 0x40 00000703: MSTORE 00000704: RETURNDATASIZE 00000705: DUP3 00000706: MSTORE 00000707: RETURNDATASIZE 00000708: PUSH1 0x00 0000070a: PUSH1 0x20 0000070c: DUP5 0000070d: ADD 0000070e: RETURNDATACOPY 0000070f: PUSH2 0x0718 00000712: JUMP 00000713: JUMPDEST 00000714: PUSH1 0x60 00000716: SWAP2 00000717: POP 00000718: JUMPDEST 00000719: POP 0000071a: SWAP2 0000071b: POP 0000071c: SWAP2 0000071d: POP 0000071e: DUP2 0000071f: ISZERO 00000720: PUSH2 0x072c 00000723: JUMPI 00000724: SWAP2 00000725: POP 00000726: PUSH2 0x060f 00000729: SWAP1 0000072a: POP 0000072b: JUMP 0000072c: JUMPDEST 0000072d: DUP1 0000072e: MLOAD 0000072f: ISZERO 00000730: PUSH2 0x073c 00000733: JUMPI 00000734: DUP1 00000735: MLOAD 00000736: DUP1 00000737: DUP3 00000738: PUSH1 0x20 0000073a: ADD 0000073b: REVERT 0000073c: JUMPDEST 0000073d: DUP4 0000073e: PUSH1 0x40 00000740: MLOAD 00000741: PUSH3 0x461bcd 00000745: PUSH1 0xe5 00000747: SHL 00000748: DUP2 00000749: MSTORE 0000074a: PUSH1 0x04 0000074c: ADD 0000074d: DUP1 0000074e: DUP1 0000074f: PUSH1 0x20 00000751: ADD 00000752: DUP3 00000753: DUP2 00000754: SUB 00000755: DUP3 00000756: MSTORE 00000757: DUP4 00000758: DUP2 00000759: DUP2 0000075a: MLOAD 0000075b: DUP2 0000075c: MSTORE 0000075d: PUSH1 0x20 0000075f: ADD 00000760: SWAP2 00000761: POP 00000762: DUP1 00000763: MLOAD 00000764: SWAP1 00000765: PUSH1 0x20 00000767: ADD 00000768: SWAP1 00000769: DUP1 0000076a: DUP4 0000076b: DUP4 0000076c: PUSH1 0x00 0000076e: JUMPDEST 0000076f: DUP4 00000770: DUP2 00000771: LT 00000772: ISZERO 00000773: PUSH2 0x0786 00000776: JUMPI 00000777: DUP2 00000778: DUP2 00000779: ADD 0000077a: MLOAD 0000077b: DUP4 0000077c: DUP3 0000077d: ADD 0000077e: MSTORE 0000077f: PUSH1 0x20 00000781: ADD 00000782: PUSH2 0x076e 00000785: JUMP 00000786: JUMPDEST 00000787: POP 00000788: POP 00000789: POP 0000078a: POP 0000078b: SWAP1 0000078c: POP 0000078d: SWAP1 0000078e: DUP2 0000078f: ADD 00000790: SWAP1 00000791: PUSH1 0x1f 00000793: AND 00000794: DUP1 00000795: ISZERO 00000796: PUSH2 0x07b3 00000799: JUMPI 0000079a: DUP1 0000079b: DUP3 0000079c: SUB 0000079d: DUP1 0000079e: MLOAD 0000079f: PUSH1 0x01 000007a1: DUP4 000007a2: PUSH1 0x20 000007a4: SUB 000007a5: PUSH2 0x0100 000007a8: EXP 000007a9: SUB 000007aa: NOT 000007ab: AND 000007ac: DUP2 000007ad: MSTORE 000007ae: PUSH1 0x20 000007b0: ADD 000007b1: SWAP2 000007b2: POP 000007b3: JUMPDEST 000007b4: POP 000007b5: SWAP3 000007b6: POP 000007b7: POP 000007b8: POP 000007b9: PUSH1 0x40 000007bb: MLOAD 000007bc: DUP1 000007bd: SWAP2 000007be: SUB 000007bf: SWAP1 000007c0: REVERT 000007c1: JUMPDEST 000007c2: PUSH1 0x00 000007c4: DUP2 000007c5: EXTCODEHASH 000007c6: PUSH32 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 000007e7: DUP2 000007e8: DUP2 000007e9: EQ 000007ea: DUP1 000007eb: ISZERO 000007ec: SWAP1 000007ed: PUSH2 0x060f 000007f0: JUMPI 000007f1: POP 000007f2: POP 000007f3: ISZERO 000007f4: ISZERO 000007f5: SWAP3 000007f6: SWAP2 000007f7: POP 000007f8: POP 000007f9: JUMP 000007fa: INVALID 000007fb: MSTORE8 000007fc: PUSH2 0x6665 000007ff: GASLIMIT 00000800: MSTORE 00000801: NUMBER 00000802: ORIGIN 00000803: ADDRESS 00000804: GASPRICE 00000805: KECCAK256 00000806: GASLIMIT 00000807: MSTORE 00000808: NUMBER 00000809: ORIGIN 0000080a: ADDRESS 0000080b: KECCAK256 0000080c: PUSH16 0x7065726174696f6e20646964206e6f74 0000081d: KECCAK256 0000081e: PUSH20 0x756363656564a264697066735822122035667c31 00000833: UNKNOWN(0xAE) 00000834: UNKNOWN(0xFB) 00000835: KECCAK256 00000836: UNKNOWN(0x2F) 00000837: EXTCODEHASH 00000838: PUSH3 0xff1ea1 0000083c: UNKNOWN(0xE1) 0000083d: UNKNOWN(0xE2) 0000083e: CLZ 0000083f: PUSH19 0x1f2faae051d2e4a45c93d542c124fd64736f6c 00000853: PUSH4 0x43000706 00000858: STOP 00000859: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | auth | detector | Authorization based on tx.origin | 70 | no | — |
viewvalidation_json{
"reason": "missing sink mapping",
"status": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x82dfc5f7",
"selector": "0x82dfc5f7",
"calldata_variants": [
"0x82dfc5f7",
"0x82dfc5f70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb11569f5",
"selector": "0xb11569f5",
"calldata_variants": [
"0xb11569f5",
"0xb11569f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd95393eb",
"selector": "0xd95393eb",
"calldata_variants": [
"0xd95393eb",
"0xd95393eb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x01e33667",
"selector": "0x01e33667",
"calldata_variants": [
"0x01e33667",
"0x01e336670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1b9a91a4",
"selector": "0x1b9a91a4",
"calldata_variants": [
"0x1b9a91a4",
"0x1b9a91a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x560706da",
"selector": "0x560706da",
"calldata_variants": [
"0x560706da",
"0x560706da0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"guards_detected": [
{
"pc": 419,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 676,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 935,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 397,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 654,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 913,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 2050,
"type": "tx_origin_used"
},
{
"pc": 2057,
"type": "tx_origin_used"
}
]
}
|
| medium | other | detector | Untrusted CALL target/value reachable | 45 | no | no |
viewtrace_id: 0x4dbfefb5d446ad530b811a84aa5a97ed61167b1114b8f65eb38c3c4f018403b9
call_targets:
0x6467e807db1e71b9ef04e0e3afb962e4b0900b2b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x4dbfefb5d446ad530b811a84aa5a97ed61167b1114b8f65eb38c3c4f018403b9",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x6467e807db1e71b9ef04e0e3afb962e4b0900b2b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x82dfc5f7",
"selector": "0x82dfc5f7",
"calldata_variants": [
"0x82dfc5f7",
"0x82dfc5f70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb11569f5",
"selector": "0xb11569f5",
"calldata_variants": [
"0xb11569f5",
"0xb11569f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd95393eb",
"selector": "0xd95393eb",
"calldata_variants": [
"0xd95393eb",
"0xd95393eb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x01e33667",
"selector": "0x01e33667",
"calldata_variants": [
"0x01e33667",
"0x01e336670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1b9a91a4",
"selector": "0x1b9a91a4",
"calldata_variants": [
"0x1b9a91a4",
"0x1b9a91a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x560706da",
"selector": "0x560706da",
"calldata_variants": [
"0x560706da",
"0x560706da0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 773,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1763,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 2,
"guards_detected": [
{
"pc": 419,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 676,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 935,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 397,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 654,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 913,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 2050,
"type": "tx_origin_used"
},
{
"pc": 2057,
"type": "tx_origin_used"
}
],
"untrusted_call_count": 2
}
|
| medium | other | detector | ETH value transfer possible | 40 | no | no |
viewtrace_id: 0x4dbfefb5d446ad530b811a84aa5a97ed61167b1114b8f65eb38c3c4f018403b9
call_targets:
0x6467e807db1e71b9ef04e0e3afb962e4b0900b2b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x4dbfefb5d446ad530b811a84aa5a97ed61167b1114b8f65eb38c3c4f018403b9",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x6467e807db1e71b9ef04e0e3afb962e4b0900b2b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x82dfc5f7",
"selector": "0x82dfc5f7",
"calldata_variants": [
"0x82dfc5f7",
"0x82dfc5f70000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xb11569f5",
"selector": "0xb11569f5",
"calldata_variants": [
"0xb11569f5",
"0xb11569f50000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xd95393eb",
"selector": "0xd95393eb",
"calldata_variants": [
"0xd95393eb",
"0xd95393eb0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x01e33667",
"selector": "0x01e33667",
"calldata_variants": [
"0x01e33667",
"0x01e336670000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x1b9a91a4",
"selector": "0x1b9a91a4",
"calldata_variants": [
"0x1b9a91a4",
"0x1b9a91a40000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x560706da",
"selector": "0x560706da",
"calldata_variants": [
"0x560706da",
"0x560706da0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 773,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 1763,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 2,
"guards_detected": [
{
"pc": 419,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 676,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 935,
"type": "msg_sender_eq_const",
"value": 9.55154120436083e+47
},
{
"pc": 397,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 654,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 913,
"type": "msg_sender_eq_const",
"value": "0xa74e9791d7d66c6a14b2c571bda0f2a1f6d64e06"
},
{
"pc": 2050,
"type": "tx_origin_used"
},
{
"pc": 2057,
"type": "tx_origin_used"
}
]
}
|