TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

f517204f-a968-4a9f-8960-e187c975c3b2

complete
Chain ID
1
Address
0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c
Block Number
Created
Mon, Jan 5, 2026 6:33 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Present
Best current signal
Unprotected initializer allows ownership takeover if the contract is uninitialized
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31715 report.consolidate complete 1 / 1 3 months ago
95713 artifact.fetch complete 1 / 3 1 week ago
95714 tool.cast_disasm complete 1 / 3 1 week ago
95715 analysis.bundle complete 1 / 3 1 week ago
95716 capability.graph complete 1 / 3 1 week ago
95717 detector.run complete 1 / 3 1 week ago
95718 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes
Implementation:
0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
1
No findings?
no
Summary
Public initializer can set owner/secondary when uninitialized, enabling ETH/ERC20 withdrawals by an attacker.
View stderr 
[codex:1409703] OpenAI Codex v0.77.0 (research preview)
[codex:1409703] --------
[codex:1409703] workdir: /tmp/codex-multi-ptdmrz8c
[codex:1409703] model: gpt-5.2-codex
[codex:1409703] provider: openai
[codex:1409703] approval: never
[codex:1409703] sandbox: read-only
[codex:1409703] reasoning effort: xhigh
[codex:1409703] reasoning summaries: auto
[codex:1409703] session id: 019b8cd6-f9e3-7b52-b0d4-6747e2243c15
[codex:1409703] --------
[codex:1409703] user
[codex:1409703] You are a profit-focused exploit hunter analyzing EVM bytecode. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:1409703] 
[codex:1409703] Read `BYTECODE_BUNDLE.txt` completely before concluding.
[codex:1409703] 
[codex:1409703] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:1409703] - Gas inefficiency, code quality, or best practices
[codex:1409703] - Theoretical vulnerabilities without a clear extraction path
[codex:1409703] - Generic footguns (unchecked return values, etc.) unless they enable theft
[codex:1409703] - Issues requiring social engineering or off-chain coordination
[codex:1409703] 
[codex:1409703] PATTERNS WORTH INVESTIGATING in bytecode:
[codex:1409703] - CALL/DELEGATECALL with controllable destination or calldata
[codex:1409703] - Value transfers (CALL with non-zero value) without prior CALLER/ORIGIN checks
[codex:1409703] - SSTORE to low slots (0-10) that might be owner/admin storage
[codex:1409703] - ecrecover (signature validation) - look for missing nonce/replay protection
[codex:1409703] - External calls before state updates (reentrancy)
[codex:1409703] - SELFDESTRUCT with controllable beneficiary
[codex:1409703] - Proxy patterns (DELEGATECALL to storage slot) with unprotected upgrade paths
[codex:1409703] 
[codex:1409703] For each finding, you MUST explain:
[codex:1409703] 1. The specific bytecode pattern/offsets that indicate the vulnerability
[codex:1409703] 2. The concrete sequence of transactions to extract value
[codex:1409703] 3. Why you believe this is exploitable (not just suspicious)
[codex:1409703] 
[codex:1409703] If you cannot identify a concrete profit path from bytecode alone: set no_findings=true.
[codex:1409703] Do NOT hallucinate. Bytecode-only analysis is limited - be honest about uncertainty.
[codex:1409703] 
[codex:1409703] Output MUST be valid JSON matching the provided schema.
[codex:1409703] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:1409703] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:1409703] mcp startup: no servers
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Preparing to audit bytecode**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc ls in /tmp/codex-multi-ptdmrz8c succeeded in 6ms:
[codex:1409703] BYTECODE_BUNDLE.txt
[codex:1409703] codex-output-schema.json
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Reading file**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cat BYTECODE_BUNDLE.txt' in /tmp/codex-multi-ptdmrz8c succeeded in 5ms:
[codex:1409703] Runtime bytecode bundle for best-effort auditing.
[codex:1409703] Note: without verified source, conclusions are low-confidence unless a concrete pattern is visible.
[codex:1409703] 
[codex:1409703] FILE: runtime_bytecode.hex
[codex:1409703] 0x6080604052600436106100945760003560e01c80638040fcb1116100595780638040fcb1146101425780638da5cb5b14610162578063c45a01551461019e578063f09a4016146101be578063fdcc0822146101de57600080fd5b8062f714ce146100a0578063434f94df146100c25780635fc3ea0b146100e257806368638cdf146101025780637c7a518d1461012257600080fd5b3661009b57005b600080fd5b3480156100ac57600080fd5b506100c06100bb3660046108d5565b6101fe565b005b3480156100ce57600080fd5b506100c06100dd366004610905565b61025d565b3480156100ee57600080fd5b506100c06100fd366004610905565b6102c7565b34801561010e57600080fd5b506100c061011d366004610905565b610306565b34801561012e57600080fd5b506100c061013d3660046108d5565b61039b565b34801561014e57600080fd5b506100c061015d366004610993565b6103ea565b34801561016e57600080fd5b50600054610182906001600160a01b031681565b6040516001600160a01b03909116815260200160405180910390f35b3480156101aa57600080fd5b50600154610182906001600160a01b031681565b3480156101ca57600080fd5b506100c06101d93660046109e8565b61047b565b3480156101ea57600080fd5b506100c06101f9366004610a16565b6105b3565b6000546001600160a01b031633148061022157506001546001600160a01b031633145b6102465760405162461bcd60e51b815260040161023d90610a58565b60405180910390fd5b6102596001600160a01b03821683610643565b5050565b6000546001600160a01b0316156102ac5760405162461bcd60e51b8152602060048201526013602482015272105b1c9958591e481a5b9a5d1a585b1a5e9959606a1b604482015260640161023d565b826102c16001600160a01b03821683856106da565b50505050565b6000546001600160a01b03163314806102ea57506001546001600160a01b031633145b6102ac5760405162461bcd60e51b815260040161023d90610a58565b6000546001600160a01b031633146103305760405162461bcd60e51b815260040161023d90610a58565b60405163a9059cbb60e01b81526001600160a01b0382811660048301526024820184905284919082169063a9059cbb90604401600060405180830381600087803b15801561037d57600080fd5b505af1158015610391573d6000803e3d6000fd5b5050505050505050565b6000546001600160a01b0316156102465760405162461bcd60e51b8152602060048201526013602482015272105b1c9958591e481a5b9a5d1a585b1a5e9959606a1b604482015260640161023d565b6000546001600160a01b031633146104145760405162461bcd60e51b815260040161023d90610a58565b8260005b82811015610474573684848381811061043357610433610a8f565b90506040020190506104638160200160208101906104519190610aa5565b6001600160a01b0385169083356106da565b5061046d81610ac2565b9050610418565b5050505050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a008054600160401b810460ff16159067ffffffffffffffff166000811580156104c15750825b905060008267ffffffffffffffff1660011480156104de5750303b155b9050811580156104ec575080155b1561050a5760405163f92ee8a960e01b815260040160405180910390fd5b845467ffffffffffffffff19166001178555831561053457845460ff60401b1916600160401b1785555b600080546001600160a01b03808a166001600160a01b031992831617909255600180549289169290911691909117905583156105aa57845460ff60401b19168555604051600181527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b50505050505050565b6000546001600160a01b031633146105dd5760405162461bcd60e51b815260040161023d90610a58565b60005b8181101561063e57368383838181106105fb576105fb610a8f565b905060400201905061062d816000013582602001602081019061061e9190610aa5565b6001600160a01b031690610643565b5061063781610ac2565b90506105e0565b505050565b804710156106665760405163cd78605960e01b815230600482015260240161023d565b6000826001600160a01b03168260405160006040518083038185875af1925050503d80600081146106b3576040519150601f19603f3d011682016040523d82523d6000602084013e6106b8565b606091505b505090508061063e57604051630a12f52160e11b815260040160405180910390fd5b604080516001600160a01b03848116602483015260448083018590528351808403909101815260649092019092526020810180516001600160e01b031663a9059cbb60e01b17905261063e9185919060009061073890841683610786565b9050805160001415801561075d57508080602001905181019061075b9190610ae9565b155b1561063e57604051635274afe760e01b81526001600160a01b038416600482015260240161023d565b60606107948383600061079b565b9392505050565b6060814710156107c05760405163cd78605960e01b815230600482015260240161023d565b600080856001600160a01b031684866040516107dc9190610b0b565b60006040518083038185875af1925050503d8060008114610819576040519150601f19603f3d011682016040523d82523d6000602084013e61081e565b606091505b509150915061082e868383610838565b9695505050505050565b60608261084d5761084882610894565b610794565b815115801561086457506001600160a01b0384163b155b1561088d57604051639996b31560e01b81526001600160a01b038516600482015260240161023d565b5080610794565b8051156108a45780518082602001fd5b604051630a12f52160e11b815260040160405180910390fd5b50565b6001600160a01b03811681146108bd57600080fd5b600080604083850312156108e857600080fd5b8235915060208301356108fa816108c0565b809150509250929050565b60008060006060848603121561091a57600080fd5b8335610925816108c0565b925060208401359150604084013561093c816108c0565b809150509250925092565b60008083601f84011261095957600080fd5b50813567ffffffffffffffff81111561097157600080fd5b6020830191508360208260061b850101111561098c57600080fd5b9250929050565b6000806000604084860312156109a857600080fd5b83356109b3816108c0565b9250602084013567ffffffffffffffff8111156109cf57600080fd5b6109db86828701610947565b9497909650939450505050565b600080604083850312156109fb57600080fd5b8235610a06816108c0565b915060208301356108fa816108c0565b60008060208385031215610a2957600080fd5b823567ffffffffffffffff811115610a4057600080fd5b610a4c85828601610947565b90969095509350505050565b60208082526017908201527f4f6e6c79206f776e65722063616e207769746864726177000000000000000000604082015260600190565b634e487b7160e01b600052603260045260246000fd5b600060208284031215610ab757600080fd5b8135610794816108c0565b600060018201610ae257634e487b7160e01b600052601160045260246000fd5b5060010190565b600060208284031215610afb57600080fd5b8151801515811461079457600080fd5b6000825160005b81811015610b2c5760208186018101518583015201610b12565b50600092019182525091905056fea26469706673582212201f30ee02e8690367ce84c0020f2a4225f0fe60e58552d8d808d6cdfe36a9c5d664736f6c63430008140033
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Analyzing contract bytecode for vulnerabilities**
[codex:1409703] 
[codex:1409703] I’m focusing on decoding the contract’s runtime bytecode by mapping function selectors to offsets and checking for patterns like onlyOwner and critical opcodes like CALL or DELEGATECALL. I want to detect any exploitable paths, so I’m parsing function usage, storage slots, and possible state mutations, considering offline tools like `evm disasm` to assist. Let’s see if the bytecode reveals any actual vulnerabilities or just standard functionality.
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'which evm || which hevm || which cast || which forge || which solc' in /tmp/codex-multi-ptdmrz8c succeeded in 8ms:
[codex:1409703] /home/noahkuhn/.foundry/bin/cast
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Exploring cast disassemble command**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast --help | head -n 40' in /tmp/codex-multi-ptdmrz8c succeeded in 23ms:
[codex:1409703] A Swiss Army knife for interacting with Ethereum applications from the command line
[codex:1409703] 
[codex:1409703] Usage: cast [OPTIONS] <COMMAND>
[codex:1409703] 
[codex:1409703] Commands:
[codex:1409703]   4byte                  Get the function signatures for the given selector from
[codex:1409703]                          <https://openchain.xyz> [aliases: 4, 4b]
[codex:1409703]   4byte-calldata         Decode ABI-encoded calldata using <https://openchain.xyz> [aliases: 4c,
[codex:1409703]                          4bc]
[codex:1409703]   4byte-event            Get the event signature for a given topic 0 from <https://openchain.xyz>
[codex:1409703]                          [aliases: 4e, 4be, topic0-event, t0e]
[codex:1409703]   abi-encode             ABI encode the given function argument, excluding the selector [aliases:
[codex:1409703]                          ae]
[codex:1409703]   abi-encode-event       ABI encode an event and its arguments to generate topics and data [aliases:
[codex:1409703]                          aee]
[codex:1409703]   access-list            Create an access list for a transaction [aliases: ac, acl]
[codex:1409703]   address-zero           Prints the zero address [aliases: --address-zero, az]
[codex:1409703]   admin                  Fetch the EIP-1967 admin account [aliases: adm]
[codex:1409703]   age                    Get the timestamp of a block [aliases: a]
[codex:1409703]   artifact               Generate an artifact file, that can be used to deploy a contract locally
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Checking disassemble options**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast --help | rg -n "dis"' in /tmp/codex-multi-ptdmrz8c succeeded in 10ms:
[codex:1409703] 53:  disassemble            Disassembles a hex-encoded bytecode into a human-readable representation
[codex:1409703] 155:          - never:  Force disable color output
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Investigating cast disassemble command**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast disassemble --help' in /tmp/codex-multi-ptdmrz8c succeeded in 9ms:
[codex:1409703] Disassembles a hex-encoded bytecode into a human-readable representation
[codex:1409703] 
[codex:1409703] Usage: cast disassemble [OPTIONS] [BYTECODE]
[codex:1409703] 
[codex:1409703] Arguments:
[codex:1409703]   [BYTECODE]
[codex:1409703]           The hex-encoded bytecode
[codex:1409703] 
[codex:1409703] Options:
[codex:1409703]   -h, --help
[codex:1409703]           Print help (see a summary with '-h')
[codex:1409703] 
[codex:1409703]   -j, --threads <THREADS>
[codex:1409703]           Number of threads to use. Specifying 0 defaults to the number of logical cores
[codex:1409703]           
[codex:1409703]           [aliases: --jobs]
[codex:1409703] 
[codex:1409703] Display options:
[codex:1409703]       --color <COLOR>
[codex:1409703]           The color of the log messages
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Planning bytecode disassembly**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast disassemble $(sed -n '"'s/"'^0x//p'"' BYTECODE_BUNDLE.txt | head -n 1)" in /tmp/codex-multi-ptdmrz8c succeeded in 16ms:
[codex:1409703] 00000000: PUSH1 0x80
[codex:1409703] 00000002: PUSH1 0x40
[codex:1409703] 00000004: MSTORE
[codex:1409703] 00000005: PUSH1 0x04
[codex:1409703] 00000007: CALLDATASIZE
[codex:1409703] 00000008: LT
[codex:1409703] 00000009: PUSH2 0x0094
[codex:1409703] 0000000c: JUMPI
[codex:1409703] 0000000d: PUSH1 0x00
[codex:1409703] 0000000f: CALLDATALOAD
[codex:1409703] 00000010: PUSH1 0xe0
[codex:1409703] 00000012: SHR
[codex:1409703] 00000013: DUP1
[codex:1409703] 00000014: PUSH4 0x8040fcb1
[codex:1409703] 00000019: GT
[codex:1409703] 0000001a: PUSH2 0x0059
[codex:1409703] 0000001d: JUMPI
[codex:1409703] 0000001e: DUP1
[codex:1409703] 0000001f: PUSH4 0x8040fcb1
[codex:1409703] 00000024: EQ
[codex:1409703] 
[codex:1409703] 
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Analyzing function selectors and parameters**
[codex:1409703] thinking
[codex:1409703] **Mapping token transfer and initializer functions**
[codex:1409703] 
[codex:1409703] The user’s contract has multiple functions to transfer ETH or tokens guarded by owner or secondary roles, with an initializer function that sets owner addresses and flags. Some functions allow transfers only if owner is unset, possibly to recover funds pre-initialization. I’m piecing together which selectors correspond to withdraw, transfer, or initialize, focusing on access controls and potential unprotected initializers. This could hint at exploitation if the contract was never initialized properly.
[codex:1409703] thinking
[codex:1409703] **Analyzing initializer function logic and gating**
[codex:1409703] 
[codex:1409703] I’m unpacking the initializer at 0x047b, interpreting its storage flags and gating logic that matches OpenZeppelin’s initializer pattern. It sets owner and operator addresses if not already initialized, allowing a one-time call by anyone to set these. This likely means the initializer is public but protected by an initialization status check, which could let someone claim ownership if the contract isn’t initialized yet.
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast keccak "Initialized(uint8)"' in /tmp/codex-multi-ptdmrz8c succeeded in 11ms:
[codex:1409703] 0x7f26b83ff96e1f2b6a682f133852f6798a09c465da95921460cefb3847402498
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Analyzing event topic discrepancies**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cast keccak "Initialized(uint64)"' in /tmp/codex-multi-ptdmrz8c succeeded in 10ms:
[codex:1409703] 0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Analyzing unprotected initializer vulnerability**
[codex:1409703] exec
[codex:1409703] /bin/bash -lc 'cat codex-output-schema.json' in /tmp/codex-multi-ptdmrz8c succeeded in 5ms:
[codex:1409703] {"type": "object", "additionalProperties": false, "required": ["no_findings", "summary", "findings"], "properties": {"no_findings": {"type": "boolean"}, "summary": {"type": "string"}, "findings": {"type": "array", "items": {"type": "object", "additionalProperties": false, "required": ["severity", "category", "title", "evidence", "locations", "exploit_scenario", "recommendation"], "properties": {"severity": {"type": "string", "enum": ["info", "low", "medium", "high", "critical"]}, "category": {"type": "string", "enum": ["access_control", "reentrancy", "math", "oracle", "upgradeability", "auth", "other"]}, "title": {"type": "string"}, "exploit_scenario": {"type": "string"}, "recommendation": {"type": "string"}, "evidence": {"type": "string"}, "locations": {"type": "array", "items": {"type": "string"}}}}}}}
[codex:1409703] 
[codex:1409703] thinking
[codex:1409703] **Composing final JSON report**
[codex:1409703] codex
[codex:1409703] {"no_findings":false,"summary":"Public initializer can set owner/secondary when uninitialized, enabling ETH/ERC20 withdrawals by an attacker.","findings":[{"severity":"critical","category":"auth","title":"Unprotected initializer allows ownership takeover if the contract is uninitialized","exploit_scenario":"If the Initializable slot indicates `_initialized == 0` (e.g., freshly deployed proxy or implementation left uninitialized), any address can call selector `0xf09a4016` with attacker-controlled addresses to set slot0/slot1. The attacker then calls `0x62f714ce` to withdraw ETH (or `0x5fc3ea0b`/`0x68638cdf` to transfer ERC20s) to their own address. While slot0==0, the owner==0-gated paths (`0x7c7a518d`/`0x434f94df`) also allow direct ETH/token withdrawal without setting ownership.","recommendation":"Initialize in the deployment flow (or proxy constructor) and/or add access control to the initializer; consider calling `_disableInitializers()` on the implementation to prevent takeovers.","evidence":"At 0x047b the function loads the Initializable storage slot `0xf0c57e...` and checks `_initialized/_initializing` plus `ADDRESS EXTCODESIZE` (initializer guard) but never checks CALLER. It then writes calldata-provided addresses into slot0 and slot1 (SSTORE at ~0x0553 and ~0x0564) and emits `Initialized(uint64)` (topic `0xc7f505...`). Withdraw paths at 0x01fe (ETH via 0x0643 CALL with value) and 0x02c7 (ERC20 transfer via 0x06da) authorize only slot0/slot1, so a caller who initializes themselves can drain funds.","locations":["BYTECODE_BUNDLE.txt:0x047b","BYTECODE_BUNDLE.txt:0x04db","BYTECODE_BUNDLE.txt:0x0535","BYTECODE_BUNDLE.txt:0x0554","BYTECODE_BUNDLE.txt:0x01fe","BYTECODE_BUNDLE.txt:0x02c7","BYTECODE_BUNDLE.txt:0x0643","BYTECODE_BUNDLE.txt:0x06da"]}]}
[codex:1409703] tokens used
[codex:1409703] 46,036
[codex:1409703] {"no_findings":false,"summary":"Public initializer can set owner/secondary when uninitialized, enabling ETH/ERC20 withdrawals by an attacker.","findings":[{"severity":"critical","category":"auth","title":"Unprotected initializer allows ownership takeover if the contract is uninitialized","exploit_scenario":"If the Initializable slot indicates `_initialized == 0` (e.g., freshly deployed proxy or implementation left uninitialized), any address can call selector `0xf09a4016` with attacker-controlled addresses to set slot0/slot1. The attacker then calls `0x62f714ce` to withdraw ETH (or `0x5fc3ea0b`/`0x68638cdf` to transfer ERC20s) to their own address. While slot0==0, the owner==0-gated paths (`0x7c7a518d`/`0x434f94df`) also allow direct ETH/token withdrawal without setting ownership.","recommendation":"Initialize in the deployment flow (or proxy constructor) and/or add access control to the initializer; consider calling `_disableInitializers()` on the implementation to prevent takeovers.","evidence":"At 0x047b the function loads the Initializable storage slot `0xf0c57e...` and checks `_initialized/_initializing` plus `ADDRESS EXTCODESIZE` (initializer guard) but never checks CALLER. It then writes calldata-provided addresses into slot0 and slot1 (SSTORE at ~0x0553 and ~0x0564) and emits `Initialized(uint64)` (topic `0xc7f505...`). Withdraw paths at 0x01fe (ETH via 0x0643 CALL with value) and 0x02c7 (ERC20 transfer via 0x06da) authorize only slot0/slot1, so a caller who initializes themselves can drain funds.","locations":["BYTECODE_BUNDLE.txt:0x047b","BYTECODE_BUNDLE.txt:0x04db","BYTECODE_BUNDLE.txt:0x0535","BYTECODE_BUNDLE.txt:0x0554","BYTECODE_BUNDLE.txt:0x01fe","BYTECODE_BUNDLE.txt:0x02c7","BYTECODE_BUNDLE.txt:0x0643","BYTECODE_BUNDLE.txt:0x06da"]}]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-05T06:33:34.573359+00:00",
        "returncode": 0
    },
    "summary": "Public initializer can set owner/secondary when uninitialized, enabling ETH/ERC20 withdrawals by an attacker.",
    "raw_final": {
        "summary": "Public initializer can set owner/secondary when uninitialized, enabling ETH/ERC20 withdrawals by an attacker.",
        "findings": [
            {
                "title": "Unprotected initializer allows ownership takeover if the contract is uninitialized",
                "category": "auth",
                "evidence": "At 0x047b the function loads the Initializable storage slot `0xf0c57e...` and checks `_initialized/_initializing` plus `ADDRESS EXTCODESIZE` (initializer guard) but never checks CALLER. It then writes calldata-provided addresses into slot0 and slot1 (SSTORE at ~0x0553 and ~0x0564) and emits `Initialized(uint64)` (topic `0xc7f505...`). Withdraw paths at 0x01fe (ETH via 0x0643 CALL with value) and 0x02c7 (ERC20 transfer via 0x06da) authorize only slot0/slot1, so a caller who initializes themselves can drain funds.",
                "severity": "critical",
                "locations": [
                    "BYTECODE_BUNDLE.txt:0x047b",
                    "BYTECODE_BUNDLE.txt:0x04db",
                    "BYTECODE_BUNDLE.txt:0x0535",
                    "BYTECODE_BUNDLE.txt:0x0554",
                    "BYTECODE_BUNDLE.txt:0x01fe",
                    "BYTECODE_BUNDLE.txt:0x02c7",
                    "BYTECODE_BUNDLE.txt:0x0643",
                    "BYTECODE_BUNDLE.txt:0x06da"
                ],
                "recommendation": "Initialize in the deployment flow (or proxy constructor) and/or add access control to the initializer; consider calling `_disableInitializers()` on the implementation to prevent takeovers.",
                "exploit_scenario": "If the Initializable slot indicates `_initialized == 0` (e.g., freshly deployed proxy or implementation left uninitialized), any address can call selector `0xf09a4016` with attacker-controlled addresses to set slot0/slot1. The attacker then calls `0x62f714ce` to withdraw ETH (or `0x5fc3ea0b`/`0x68638cdf` to transfer ERC20s) to their own address. While slot0==0, the owner==0-gated paths (`0x7c7a518d`/`0x434f94df`) also allow direct ETH/token withdrawal without setting ownership."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
3
EXT*/BALANCE
3
Total opcodes
1932
Flags
create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0094
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x8040fcb1
00000019: GT
0000001a: PUSH2 0x0059
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x8040fcb1
00000024: EQ
00000025: PUSH2 0x0142
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x8da5cb5b
0000002f: EQ
00000030: PUSH2 0x0162
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xc45a0155
0000003a: EQ
0000003b: PUSH2 0x019e
0000003e: JUMPI
0000003f: DUP1
00000040: PUSH4 0xf09a4016
00000045: EQ
00000046: PUSH2 0x01be
00000049: JUMPI
0000004a: DUP1
0000004b: PUSH4 0xfdcc0822
00000050: EQ
00000051: PUSH2 0x01de
00000054: JUMPI
00000055: PUSH1 0x00
00000057: DUP1
00000058: REVERT
00000059: JUMPDEST
0000005a: DUP1
0000005b: PUSH3 0xf714ce
0000005f: EQ
00000060: PUSH2 0x00a0
00000063: JUMPI
00000064: DUP1
00000065: PUSH4 0x434f94df
0000006a: EQ
0000006b: PUSH2 0x00c2
0000006e: JUMPI
0000006f: DUP1
00000070: PUSH4 0x5fc3ea0b
00000075: EQ
00000076: PUSH2 0x00e2
00000079: JUMPI
0000007a: DUP1
0000007b: PUSH4 0x68638cdf
00000080: EQ
00000081: PUSH2 0x0102
00000084: JUMPI
00000085: DUP1
00000086: PUSH4 0x7c7a518d
0000008b: EQ
0000008c: PUSH2 0x0122
0000008f: JUMPI
00000090: PUSH1 0x00
00000092: DUP1
00000093: REVERT
00000094: JUMPDEST
00000095: CALLDATASIZE
00000096: PUSH2 0x009b
00000099: JUMPI
0000009a: STOP
0000009b: JUMPDEST
0000009c: PUSH1 0x00
0000009e: DUP1
0000009f: REVERT
000000a0: JUMPDEST
000000a1: CALLVALUE
000000a2: DUP1
000000a3: ISZERO
000000a4: PUSH2 0x00ac
000000a7: JUMPI
000000a8: PUSH1 0x00
000000aa: DUP1
000000ab: REVERT
000000ac: JUMPDEST
000000ad: POP
000000ae: PUSH2 0x00c0
000000b1: PUSH2 0x00bb
000000b4: CALLDATASIZE
000000b5: PUSH1 0x04
000000b7: PUSH2 0x08d5
000000ba: JUMP
000000bb: JUMPDEST
000000bc: PUSH2 0x01fe
000000bf: JUMP
000000c0: JUMPDEST
000000c1: STOP
000000c2: JUMPDEST
000000c3: CALLVALUE
000000c4: DUP1
000000c5: ISZERO
000000c6: PUSH2 0x00ce
000000c9: JUMPI
000000ca: PUSH1 0x00
000000cc: DUP1
000000cd: REVERT
000000ce: JUMPDEST
000000cf: POP
000000d0: PUSH2 0x00c0
000000d3: PUSH2 0x00dd
000000d6: CALLDATASIZE
000000d7: PUSH1 0x04
000000d9: PUSH2 0x0905
000000dc: JUMP
000000dd: JUMPDEST
000000de: PUSH2 0x025d
000000e1: JUMP
000000e2: JUMPDEST
000000e3: CALLVALUE
000000e4: DUP1
000000e5: ISZERO
000000e6: PUSH2 0x00ee
000000e9: JUMPI
000000ea: PUSH1 0x00
000000ec: DUP1
000000ed: REVERT
000000ee: JUMPDEST
000000ef: POP
000000f0: PUSH2 0x00c0
000000f3: PUSH2 0x00fd
000000f6: CALLDATASIZE
000000f7: PUSH1 0x04
000000f9: PUSH2 0x0905
000000fc: JUMP
000000fd: JUMPDEST
000000fe: PUSH2 0x02c7
00000101: JUMP
00000102: JUMPDEST
00000103: CALLVALUE
00000104: DUP1
00000105: ISZERO
00000106: PUSH2 0x010e
00000109: JUMPI
0000010a: PUSH1 0x00
0000010c: DUP1
0000010d: REVERT
0000010e: JUMPDEST
0000010f: POP
00000110: PUSH2 0x00c0
00000113: PUSH2 0x011d
00000116: CALLDATASIZE
00000117: PUSH1 0x04
00000119: PUSH2 0x0905
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH2 0x0306
00000121: JUMP
00000122: JUMPDEST
00000123: CALLVALUE
00000124: DUP1
00000125: ISZERO
00000126: PUSH2 0x012e
00000129: JUMPI
0000012a: PUSH1 0x00
0000012c: DUP1
0000012d: REVERT
0000012e: JUMPDEST
0000012f: POP
00000130: PUSH2 0x00c0
00000133: PUSH2 0x013d
00000136: CALLDATASIZE
00000137: PUSH1 0x04
00000139: PUSH2 0x08d5
0000013c: JUMP
0000013d: JUMPDEST
0000013e: PUSH2 0x039b
00000141: JUMP
00000142: JUMPDEST
00000143: CALLVALUE
00000144: DUP1
00000145: ISZERO
00000146: PUSH2 0x014e
00000149: JUMPI
0000014a: PUSH1 0x00
0000014c: DUP1
0000014d: REVERT
0000014e: JUMPDEST
0000014f: POP
00000150: PUSH2 0x00c0
00000153: PUSH2 0x015d
00000156: CALLDATASIZE
00000157: PUSH1 0x04
00000159: PUSH2 0x0993
0000015c: JUMP
0000015d: JUMPDEST
0000015e: PUSH2 0x03ea
00000161: JUMP
00000162: JUMPDEST
00000163: CALLVALUE
00000164: DUP1
00000165: ISZERO
00000166: PUSH2 0x016e
00000169: JUMPI
0000016a: PUSH1 0x00
0000016c: DUP1
0000016d: REVERT
0000016e: JUMPDEST
0000016f: POP
00000170: PUSH1 0x00
00000172: SLOAD
00000173: PUSH2 0x0182
00000176: SWAP1
00000177: PUSH1 0x01
00000179: PUSH1 0x01
0000017b: PUSH1 0xa0
0000017d: SHL
0000017e: SUB
0000017f: AND
00000180: DUP2
00000181: JUMP
00000182: JUMPDEST
00000183: PUSH1 0x40
00000185: MLOAD
00000186: PUSH1 0x01
00000188: PUSH1 0x01
0000018a: PUSH1 0xa0
0000018c: SHL
0000018d: SUB
0000018e: SWAP1
0000018f: SWAP2
00000190: AND
00000191: DUP2
00000192: MSTORE
00000193: PUSH1 0x20
00000195: ADD
00000196: PUSH1 0x40
00000198: MLOAD
00000199: DUP1
0000019a: SWAP2
0000019b: SUB
0000019c: SWAP1
0000019d: RETURN
0000019e: JUMPDEST
0000019f: CALLVALUE
000001a0: DUP1
000001a1: ISZERO
000001a2: PUSH2 0x01aa
000001a5: JUMPI
000001a6: PUSH1 0x00
000001a8: DUP1
000001a9: REVERT
000001aa: JUMPDEST
000001ab: POP
000001ac: PUSH1 0x01
000001ae: SLOAD
000001af: PUSH2 0x0182
000001b2: SWAP1
000001b3: PUSH1 0x01
000001b5: PUSH1 0x01
000001b7: PUSH1 0xa0
000001b9: SHL
000001ba: SUB
000001bb: AND
000001bc: DUP2
000001bd: JUMP
000001be: JUMPDEST
000001bf: CALLVALUE
000001c0: DUP1
000001c1: ISZERO
000001c2: PUSH2 0x01ca
000001c5: JUMPI
000001c6: PUSH1 0x00
000001c8: DUP1
000001c9: REVERT
000001ca: JUMPDEST
000001cb: POP
000001cc: PUSH2 0x00c0
000001cf: PUSH2 0x01d9
000001d2: CALLDATASIZE
000001d3: PUSH1 0x04
000001d5: PUSH2 0x09e8
000001d8: JUMP
000001d9: JUMPDEST
000001da: PUSH2 0x047b
000001dd: JUMP
000001de: JUMPDEST
000001df: CALLVALUE
000001e0: DUP1
000001e1: ISZERO
000001e2: PUSH2 0x01ea
000001e5: JUMPI
000001e6: PUSH1 0x00
000001e8: DUP1
000001e9: REVERT
000001ea: JUMPDEST
000001eb: POP
000001ec: PUSH2 0x00c0
000001ef: PUSH2 0x01f9
000001f2: CALLDATASIZE
000001f3: PUSH1 0x04
000001f5: PUSH2 0x0a16
000001f8: JUMP
000001f9: JUMPDEST
000001fa: PUSH2 0x05b3
000001fd: JUMP
000001fe: JUMPDEST
000001ff: PUSH1 0x00
00000201: SLOAD
00000202: PUSH1 0x01
00000204: PUSH1 0x01
00000206: PUSH1 0xa0
00000208: SHL
00000209: SUB
0000020a: AND
0000020b: CALLER
0000020c: EQ
0000020d: DUP1
0000020e: PUSH2 0x0221
00000211: JUMPI
00000212: POP
00000213: PUSH1 0x01
00000215: SLOAD
00000216: PUSH1 0x01
00000218: PUSH1 0x01
0000021a: PUSH1 0xa0
0000021c: SHL
0000021d: SUB
0000021e: AND
0000021f: CALLER
00000220: EQ
00000221: JUMPDEST
00000222: PUSH2 0x0246
00000225: JUMPI
00000226: PUSH1 0x40
00000228: MLOAD
00000229: PUSH3 0x461bcd
0000022d: PUSH1 0xe5
0000022f: SHL
00000230: DUP2
00000231: MSTORE
00000232: PUSH1 0x04
00000234: ADD
00000235: PUSH2 0x023d
00000238: SWAP1
00000239: PUSH2 0x0a58
0000023c: JUMP
0000023d: JUMPDEST
0000023e: PUSH1 0x40
00000240: MLOAD
00000241: DUP1
00000242: SWAP2
00000243: SUB
00000244: SWAP1
00000245: REVERT
00000246: JUMPDEST
00000247: PUSH2 0x0259
0000024a: PUSH1 0x01
0000024c: PUSH1 0x01
0000024e: PUSH1 0xa0
00000250: SHL
00000251: SUB
00000252: DUP3
00000253: AND
00000254: DUP4
00000255: PUSH2 0x0643
00000258: JUMP
00000259: JUMPDEST
0000025a: POP
0000025b: POP
0000025c: JUMP
0000025d: JUMPDEST
0000025e: PUSH1 0x00
00000260: SLOAD
00000261: PUSH1 0x01
00000263: PUSH1 0x01
00000265: PUSH1 0xa0
00000267: SHL
00000268: SUB
00000269: AND
0000026a: ISZERO
0000026b: PUSH2 0x02ac
0000026e: JUMPI
0000026f: PUSH1 0x40
00000271: MLOAD
00000272: PUSH3 0x461bcd
00000276: PUSH1 0xe5
00000278: SHL
00000279: DUP2
0000027a: MSTORE
0000027b: PUSH1 0x20
0000027d: PUSH1 0x04
0000027f: DUP3
00000280: ADD
00000281: MSTORE
00000282: PUSH1 0x13
00000284: PUSH1 0x24
00000286: DUP3
00000287: ADD
00000288: MSTORE
00000289: PUSH19 0x105b1c9958591e481a5b9a5d1a585b1a5e9959
0000029d: PUSH1 0x6a
0000029f: SHL
000002a0: PUSH1 0x44
000002a2: DUP3
000002a3: ADD
000002a4: MSTORE
000002a5: PUSH1 0x64
000002a7: ADD
000002a8: PUSH2 0x023d
000002ab: JUMP
000002ac: JUMPDEST
000002ad: DUP3
000002ae: PUSH2 0x02c1
000002b1: PUSH1 0x01
000002b3: PUSH1 0x01
000002b5: PUSH1 0xa0
000002b7: SHL
000002b8: SUB
000002b9: DUP3
000002ba: AND
000002bb: DUP4
000002bc: DUP6
000002bd: PUSH2 0x06da
000002c0: JUMP
000002c1: JUMPDEST
000002c2: POP
000002c3: POP
000002c4: POP
000002c5: POP
000002c6: JUMP
000002c7: JUMPDEST
000002c8: PUSH1 0x00
000002ca: SLOAD
000002cb: PUSH1 0x01
000002cd: PUSH1 0x01
000002cf: PUSH1 0xa0
000002d1: SHL
000002d2: SUB
000002d3: AND
000002d4: CALLER
000002d5: EQ
000002d6: DUP1
000002d7: PUSH2 0x02ea
000002da: JUMPI
000002db: POP
000002dc: PUSH1 0x01
000002de: SLOAD
000002df: PUSH1 0x01
000002e1: PUSH1 0x01
000002e3: PUSH1 0xa0
000002e5: SHL
000002e6: SUB
000002e7: AND
000002e8: CALLER
000002e9: EQ
000002ea: JUMPDEST
000002eb: PUSH2 0x02ac
000002ee: JUMPI
000002ef: PUSH1 0x40
000002f1: MLOAD
000002f2: PUSH3 0x461bcd
000002f6: PUSH1 0xe5
000002f8: SHL
000002f9: DUP2
000002fa: MSTORE
000002fb: PUSH1 0x04
000002fd: ADD
000002fe: PUSH2 0x023d
00000301: SWAP1
00000302: PUSH2 0x0a58
00000305: JUMP
00000306: JUMPDEST
00000307: PUSH1 0x00
00000309: SLOAD
0000030a: PUSH1 0x01
0000030c: PUSH1 0x01
0000030e: PUSH1 0xa0
00000310: SHL
00000311: SUB
00000312: AND
00000313: CALLER
00000314: EQ
00000315: PUSH2 0x0330
00000318: JUMPI
00000319: PUSH1 0x40
0000031b: MLOAD
0000031c: PUSH3 0x461bcd
00000320: PUSH1 0xe5
00000322: SHL
00000323: DUP2
00000324: MSTORE
00000325: PUSH1 0x04
00000327: ADD
00000328: PUSH2 0x023d
0000032b: SWAP1
0000032c: PUSH2 0x0a58
0000032f: JUMP
00000330: JUMPDEST
00000331: PUSH1 0x40
00000333: MLOAD
00000334: PUSH4 0xa9059cbb
00000339: PUSH1 0xe0
0000033b: SHL
0000033c: DUP2
0000033d: MSTORE
0000033e: PUSH1 0x01
00000340: PUSH1 0x01
00000342: PUSH1 0xa0
00000344: SHL
00000345: SUB
00000346: DUP3
00000347: DUP2
00000348: AND
00000349: PUSH1 0x04
0000034b: DUP4
0000034c: ADD
0000034d: MSTORE
0000034e: PUSH1 0x24
00000350: DUP3
00000351: ADD
00000352: DUP5
00000353: SWAP1
00000354: MSTORE
00000355: DUP5
00000356: SWAP2
00000357: SWAP1
00000358: DUP3
00000359: AND
0000035a: SWAP1
0000035b: PUSH4 0xa9059cbb
00000360: SWAP1
00000361: PUSH1 0x44
00000363: ADD
00000364: PUSH1 0x00
00000366: PUSH1 0x40
00000368: MLOAD
00000369: DUP1
0000036a: DUP4
0000036b: SUB
0000036c: DUP2
0000036d: PUSH1 0x00
0000036f: DUP8
00000370: DUP1
00000371: EXTCODESIZE
00000372: ISZERO
00000373: DUP1
00000374: ISZERO
00000375: PUSH2 0x037d
00000378: JUMPI
00000379: PUSH1 0x00
0000037b: DUP1
0000037c: REVERT
0000037d: JUMPDEST
0000037e: POP
0000037f: GAS
00000380: CALL
00000381: ISZERO
00000382: DUP1
00000383: ISZERO
00000384: PUSH2 0x0391
00000387: JUMPI
00000388: RETURNDATASIZE
00000389: PUSH1 0x00
0000038b: DUP1
0000038c: RETURNDATACOPY
0000038d: RETURNDATASIZE
0000038e: PUSH1 0x00
00000390: REVERT
00000391: JUMPDEST
00000392: POP
00000393: POP
00000394: POP
00000395: POP
00000396: POP
00000397: POP
00000398: POP
00000399: POP
0000039a: JUMP
0000039b: JUMPDEST
0000039c: PUSH1 0x00
0000039e: SLOAD
0000039f: PUSH1 0x01
000003a1: PUSH1 0x01
000003a3: PUSH1 0xa0
000003a5: SHL
000003a6: SUB
000003a7: AND
000003a8: ISZERO
000003a9: PUSH2 0x0246
000003ac: JUMPI
000003ad: PUSH1 0x40
000003af: MLOAD
000003b0: PUSH3 0x461bcd
000003b4: PUSH1 0xe5
000003b6: SHL
000003b7: DUP2
000003b8: MSTORE
000003b9: PUSH1 0x20
000003bb: PUSH1 0x04
000003bd: DUP3
000003be: ADD
000003bf: MSTORE
000003c0: PUSH1 0x13
000003c2: PUSH1 0x24
000003c4: DUP3
000003c5: ADD
000003c6: MSTORE
000003c7: PUSH19 0x105b1c9958591e481a5b9a5d1a585b1a5e9959
000003db: PUSH1 0x6a
000003dd: SHL
000003de: PUSH1 0x44
000003e0: DUP3
000003e1: ADD
000003e2: MSTORE
000003e3: PUSH1 0x64
000003e5: ADD
000003e6: PUSH2 0x023d
000003e9: JUMP
000003ea: JUMPDEST
000003eb: PUSH1 0x00
000003ed: SLOAD
000003ee: PUSH1 0x01
000003f0: PUSH1 0x01
000003f2: PUSH1 0xa0
000003f4: SHL
000003f5: SUB
000003f6: AND
000003f7: CALLER
000003f8: EQ
000003f9: PUSH2 0x0414
000003fc: JUMPI
000003fd: PUSH1 0x40
000003ff: MLOAD
00000400: PUSH3 0x461bcd
00000404: PUSH1 0xe5
00000406: SHL
00000407: DUP2
00000408: MSTORE
00000409: PUSH1 0x04
0000040b: ADD
0000040c: PUSH2 0x023d
0000040f: SWAP1
00000410: PUSH2 0x0a58
00000413: JUMP
00000414: JUMPDEST
00000415: DUP3
00000416: PUSH1 0x00
00000418: JUMPDEST
00000419: DUP3
0000041a: DUP2
0000041b: LT
0000041c: ISZERO
0000041d: PUSH2 0x0474
00000420: JUMPI
00000421: CALLDATASIZE
00000422: DUP5
00000423: DUP5
00000424: DUP4
00000425: DUP2
00000426: DUP2
00000427: LT
00000428: PUSH2 0x0433
0000042b: JUMPI
0000042c: PUSH2 0x0433
0000042f: PUSH2 0x0a8f
00000432: JUMP
00000433: JUMPDEST
00000434: SWAP1
00000435: POP
00000436: PUSH1 0x40
00000438: MUL
00000439: ADD
0000043a: SWAP1
0000043b: POP
0000043c: PUSH2 0x0463
0000043f: DUP2
00000440: PUSH1 0x20
00000442: ADD
00000443: PUSH1 0x20
00000445: DUP2
00000446: ADD
00000447: SWAP1
00000448: PUSH2 0x0451
0000044b: SWAP2
0000044c: SWAP1
0000044d: PUSH2 0x0aa5
00000450: JUMP
00000451: JUMPDEST
00000452: PUSH1 0x01
00000454: PUSH1 0x01
00000456: PUSH1 0xa0
00000458: SHL
00000459: SUB
0000045a: DUP6
0000045b: AND
0000045c: SWAP1
0000045d: DUP4
0000045e: CALLDATALOAD
0000045f: PUSH2 0x06da
00000462: JUMP
00000463: JUMPDEST
00000464: POP
00000465: PUSH2 0x046d
00000468: DUP2
00000469: PUSH2 0x0ac2
0000046c: JUMP
0000046d: JUMPDEST
0000046e: SWAP1
0000046f: POP
00000470: PUSH2 0x0418
00000473: JUMP
00000474: JUMPDEST
00000475: POP
00000476: POP
00000477: POP
00000478: POP
00000479: POP
0000047a: JUMP
0000047b: JUMPDEST
0000047c: PUSH32 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00
0000049d: DUP1
0000049e: SLOAD
0000049f: PUSH1 0x01
000004a1: PUSH1 0x40
000004a3: SHL
000004a4: DUP2
000004a5: DIV
000004a6: PUSH1 0xff
000004a8: AND
000004a9: ISZERO
000004aa: SWAP1
000004ab: PUSH8 0xffffffffffffffff
000004b4: AND
000004b5: PUSH1 0x00
000004b7: DUP2
000004b8: ISZERO
000004b9: DUP1
000004ba: ISZERO
000004bb: PUSH2 0x04c1
000004be: JUMPI
000004bf: POP
000004c0: DUP3
000004c1: JUMPDEST
000004c2: SWAP1
000004c3: POP
000004c4: PUSH1 0x00
000004c6: DUP3
000004c7: PUSH8 0xffffffffffffffff
000004d0: AND
000004d1: PUSH1 0x01
000004d3: EQ
000004d4: DUP1
000004d5: ISZERO
000004d6: PUSH2 0x04de
000004d9: JUMPI
000004da: POP
000004db: ADDRESS
000004dc: EXTCODESIZE
000004dd: ISZERO
000004de: JUMPDEST
000004df: SWAP1
000004e0: POP
000004e1: DUP2
000004e2: ISZERO
000004e3: DUP1
000004e4: ISZERO
000004e5: PUSH2 0x04ec
000004e8: JUMPI
000004e9: POP
000004ea: DUP1
000004eb: ISZERO
000004ec: JUMPDEST
000004ed: ISZERO
000004ee: PUSH2 0x050a
000004f1: JUMPI
000004f2: PUSH1 0x40
000004f4: MLOAD
000004f5: PUSH4 0xf92ee8a9
000004fa: PUSH1 0xe0
000004fc: SHL
000004fd: DUP2
000004fe: MSTORE
000004ff: PUSH1 0x04
00000501: ADD
00000502: PUSH1 0x40
00000504: MLOAD
00000505: DUP1
00000506: SWAP2
00000507: SUB
00000508: SWAP1
00000509: REVERT
0000050a: JUMPDEST
0000050b: DUP5
0000050c: SLOAD
0000050d: PUSH8 0xffffffffffffffff
00000516: NOT
00000517: AND
00000518: PUSH1 0x01
0000051a: OR
0000051b: DUP6
0000051c: SSTORE
0000051d: DUP4
0000051e: ISZERO
0000051f: PUSH2 0x0534
00000522: JUMPI
00000523: DUP5
00000524: SLOAD
00000525: PUSH1 0xff
00000527: PUSH1 0x40
00000529: SHL
0000052a: NOT
0000052b: AND
0000052c: PUSH1 0x01
0000052e: PUSH1 0x40
00000530: SHL
00000531: OR
00000532: DUP6
00000533: SSTORE
00000534: JUMPDEST
00000535: PUSH1 0x00
00000537: DUP1
00000538: SLOAD
00000539: PUSH1 0x01
0000053b: PUSH1 0x01
0000053d: PUSH1 0xa0
0000053f: SHL
00000540: SUB
00000541: DUP1
00000542: DUP11
00000543: AND
00000544: PUSH1 0x01
00000546: PUSH1 0x01
00000548: PUSH1 0xa0
0000054a: SHL
0000054b: SUB
0000054c: NOT
0000054d: SWAP3
0000054e: DUP4
0000054f: AND
00000550: OR
00000551: SWAP1
00000552: SWAP3
00000553: SSTORE
00000554: PUSH1 0x01
00000556: DUP1
00000557: SLOAD
00000558: SWAP3
00000559: DUP10
0000055a: AND
0000055b: SWAP3
0000055c: SWAP1
0000055d: SWAP2
0000055e: AND
0000055f: SWAP2
00000560: SWAP1
00000561: SWAP2
00000562: OR
00000563: SWAP1
00000564: SSTORE
00000565: DUP4
00000566: ISZERO
00000567: PUSH2 0x05aa
0000056a: JUMPI
0000056b: DUP5
0000056c: SLOAD
0000056d: PUSH1 0xff
0000056f: PUSH1 0x40
00000571: SHL
00000572: NOT
00000573: AND
00000574: DUP6
00000575: SSTORE
00000576: PUSH1 0x40
00000578: MLOAD
00000579: PUSH1 0x01
0000057b: DUP2
0000057c: MSTORE
0000057d: PUSH32 0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2
0000059e: SWAP1
0000059f: PUSH1 0x20
000005a1: ADD
000005a2: PUSH1 0x40
000005a4: MLOAD
000005a5: DUP1
000005a6: SWAP2
000005a7: SUB
000005a8: SWAP1
000005a9: LOG1
000005aa: JUMPDEST
000005ab: POP
000005ac: POP
000005ad: POP
000005ae: POP
000005af: POP
000005b0: POP
000005b1: POP
000005b2: JUMP
000005b3: JUMPDEST
000005b4: PUSH1 0x00
000005b6: SLOAD
000005b7: PUSH1 0x01
000005b9: PUSH1 0x01
000005bb: PUSH1 0xa0
000005bd: SHL
000005be: SUB
000005bf: AND
000005c0: CALLER
000005c1: EQ
000005c2: PUSH2 0x05dd
000005c5: JUMPI
000005c6: PUSH1 0x40
000005c8: MLOAD
000005c9: PUSH3 0x461bcd
000005cd: PUSH1 0xe5
000005cf: SHL
000005d0: DUP2
000005d1: MSTORE
000005d2: PUSH1 0x04
000005d4: ADD
000005d5: PUSH2 0x023d
000005d8: SWAP1
000005d9: PUSH2 0x0a58
000005dc: JUMP
000005dd: JUMPDEST
000005de: PUSH1 0x00
000005e0: JUMPDEST
000005e1: DUP2
000005e2: DUP2
000005e3: LT
000005e4: ISZERO
000005e5: PUSH2 0x063e
000005e8: JUMPI
000005e9: CALLDATASIZE
000005ea: DUP4
000005eb: DUP4
000005ec: DUP4
000005ed: DUP2
000005ee: DUP2
000005ef: LT
000005f0: PUSH2 0x05fb
000005f3: JUMPI
000005f4: PUSH2 0x05fb
000005f7: PUSH2 0x0a8f
000005fa: JUMP
000005fb: JUMPDEST
000005fc: SWAP1
000005fd: POP
000005fe: PUSH1 0x40
00000600: MUL
00000601: ADD
00000602: SWAP1
00000603: POP
00000604: PUSH2 0x062d
00000607: DUP2
00000608: PUSH1 0x00
0000060a: ADD
0000060b: CALLDATALOAD
0000060c: DUP3
0000060d: PUSH1 0x20
0000060f: ADD
00000610: PUSH1 0x20
00000612: DUP2
00000613: ADD
00000614: SWAP1
00000615: PUSH2 0x061e
00000618: SWAP2
00000619: SWAP1
0000061a: PUSH2 0x0aa5
0000061d: JUMP
0000061e: JUMPDEST
0000061f: PUSH1 0x01
00000621: PUSH1 0x01
00000623: PUSH1 0xa0
00000625: SHL
00000626: SUB
00000627: AND
00000628: SWAP1
00000629: PUSH2 0x0643
0000062c: JUMP
0000062d: JUMPDEST
0000062e: POP
0000062f: PUSH2 0x0637
00000632: DUP2
00000633: PUSH2 0x0ac2
00000636: JUMP
00000637: JUMPDEST
00000638: SWAP1
00000639: POP
0000063a: PUSH2 0x05e0
0000063d: JUMP
0000063e: JUMPDEST
0000063f: POP
00000640: POP
00000641: POP
00000642: JUMP
00000643: JUMPDEST
00000644: DUP1
00000645: SELFBALANCE
00000646: LT
00000647: ISZERO
00000648: PUSH2 0x0666
0000064b: JUMPI
0000064c: PUSH1 0x40
0000064e: MLOAD
0000064f: PUSH4 0xcd786059
00000654: PUSH1 0xe0
00000656: SHL
00000657: DUP2
00000658: MSTORE
00000659: ADDRESS
0000065a: PUSH1 0x04
0000065c: DUP3
0000065d: ADD
0000065e: MSTORE
0000065f: PUSH1 0x24
00000661: ADD
00000662: PUSH2 0x023d
00000665: JUMP
00000666: JUMPDEST
00000667: PUSH1 0x00
00000669: DUP3
0000066a: PUSH1 0x01
0000066c: PUSH1 0x01
0000066e: PUSH1 0xa0
00000670: SHL
00000671: SUB
00000672: AND
00000673: DUP3
00000674: PUSH1 0x40
00000676: MLOAD
00000677: PUSH1 0x00
00000679: PUSH1 0x40
0000067b: MLOAD
0000067c: DUP1
0000067d: DUP4
0000067e: SUB
0000067f: DUP2
00000680: DUP6
00000681: DUP8
00000682: GAS
00000683: CALL
00000684: SWAP3
00000685: POP
00000686: POP
00000687: POP
00000688: RETURNDATASIZE
00000689: DUP1
0000068a: PUSH1 0x00
0000068c: DUP2
0000068d: EQ
0000068e: PUSH2 0x06b3
00000691: JUMPI
00000692: PUSH1 0x40
00000694: MLOAD
00000695: SWAP2
00000696: POP
00000697: PUSH1 0x1f
00000699: NOT
0000069a: PUSH1 0x3f
0000069c: RETURNDATASIZE
0000069d: ADD
0000069e: AND
0000069f: DUP3
000006a0: ADD
000006a1: PUSH1 0x40
000006a3: MSTORE
000006a4: RETURNDATASIZE
000006a5: DUP3
000006a6: MSTORE
000006a7: RETURNDATASIZE
000006a8: PUSH1 0x00
000006aa: PUSH1 0x20
000006ac: DUP5
000006ad: ADD
000006ae: RETURNDATACOPY
000006af: PUSH2 0x06b8
000006b2: JUMP
000006b3: JUMPDEST
000006b4: PUSH1 0x60
000006b6: SWAP2
000006b7: POP
000006b8: JUMPDEST
000006b9: POP
000006ba: POP
000006bb: SWAP1
000006bc: POP
000006bd: DUP1
000006be: PUSH2 0x063e
000006c1: JUMPI
000006c2: PUSH1 0x40
000006c4: MLOAD
000006c5: PUSH4 0x0a12f521
000006ca: PUSH1 0xe1
000006cc: SHL
000006cd: DUP2
000006ce: MSTORE
000006cf: PUSH1 0x04
000006d1: ADD
000006d2: PUSH1 0x40
000006d4: MLOAD
000006d5: DUP1
000006d6: SWAP2
000006d7: SUB
000006d8: SWAP1
000006d9: REVERT
000006da: JUMPDEST
000006db: PUSH1 0x40
000006dd: DUP1
000006de: MLOAD
000006df: PUSH1 0x01
000006e1: PUSH1 0x01
000006e3: PUSH1 0xa0
000006e5: SHL
000006e6: SUB
000006e7: DUP5
000006e8: DUP2
000006e9: AND
000006ea: PUSH1 0x24
000006ec: DUP4
000006ed: ADD
000006ee: MSTORE
000006ef: PUSH1 0x44
000006f1: DUP1
000006f2: DUP4
000006f3: ADD
000006f4: DUP6
000006f5: SWAP1
000006f6: MSTORE
000006f7: DUP4
000006f8: MLOAD
000006f9: DUP1
000006fa: DUP5
000006fb: SUB
000006fc: SWAP1
000006fd: SWAP2
000006fe: ADD
000006ff: DUP2
00000700: MSTORE
00000701: PUSH1 0x64
00000703: SWAP1
00000704: SWAP3
00000705: ADD
00000706: SWAP1
00000707: SWAP3
00000708: MSTORE
00000709: PUSH1 0x20
0000070b: DUP2
0000070c: ADD
0000070d: DUP1
0000070e: MLOAD
0000070f: PUSH1 0x01
00000711: PUSH1 0x01
00000713: PUSH1 0xe0
00000715: SHL
00000716: SUB
00000717: AND
00000718: PUSH4 0xa9059cbb
0000071d: PUSH1 0xe0
0000071f: SHL
00000720: OR
00000721: SWAP1
00000722: MSTORE
00000723: PUSH2 0x063e
00000726: SWAP2
00000727: DUP6
00000728: SWAP2
00000729: SWAP1
0000072a: PUSH1 0x00
0000072c: SWAP1
0000072d: PUSH2 0x0738
00000730: SWAP1
00000731: DUP5
00000732: AND
00000733: DUP4
00000734: PUSH2 0x0786
00000737: JUMP
00000738: JUMPDEST
00000739: SWAP1
0000073a: POP
0000073b: DUP1
0000073c: MLOAD
0000073d: PUSH1 0x00
0000073f: EQ
00000740: ISZERO
00000741: DUP1
00000742: ISZERO
00000743: PUSH2 0x075d
00000746: JUMPI
00000747: POP
00000748: DUP1
00000749: DUP1
0000074a: PUSH1 0x20
0000074c: ADD
0000074d: SWAP1
0000074e: MLOAD
0000074f: DUP2
00000750: ADD
00000751: SWAP1
00000752: PUSH2 0x075b
00000755: SWAP2
00000756: SWAP1
00000757: PUSH2 0x0ae9
0000075a: JUMP
0000075b: JUMPDEST
0000075c: ISZERO
0000075d: JUMPDEST
0000075e: ISZERO
0000075f: PUSH2 0x063e
00000762: JUMPI
00000763: PUSH1 0x40
00000765: MLOAD
00000766: PUSH4 0x5274afe7
0000076b: PUSH1 0xe0
0000076d: SHL
0000076e: DUP2
0000076f: MSTORE
00000770: PUSH1 0x01
00000772: PUSH1 0x01
00000774: PUSH1 0xa0
00000776: SHL
00000777: SUB
00000778: DUP5
00000779: AND
0000077a: PUSH1 0x04
0000077c: DUP3
0000077d: ADD
0000077e: MSTORE
0000077f: PUSH1 0x24
00000781: ADD
00000782: PUSH2 0x023d
00000785: JUMP
00000786: JUMPDEST
00000787: PUSH1 0x60
00000789: PUSH2 0x0794
0000078c: DUP4
0000078d: DUP4
0000078e: PUSH1 0x00
00000790: PUSH2 0x079b
00000793: JUMP
00000794: JUMPDEST
00000795: SWAP4
00000796: SWAP3
00000797: POP
00000798: POP
00000799: POP
0000079a: JUMP
0000079b: JUMPDEST
0000079c: PUSH1 0x60
0000079e: DUP2
0000079f: SELFBALANCE
000007a0: LT
000007a1: ISZERO
000007a2: PUSH2 0x07c0
000007a5: JUMPI
000007a6: PUSH1 0x40
000007a8: MLOAD
000007a9: PUSH4 0xcd786059
000007ae: PUSH1 0xe0
000007b0: SHL
000007b1: DUP2
000007b2: MSTORE
000007b3: ADDRESS
000007b4: PUSH1 0x04
000007b6: DUP3
000007b7: ADD
000007b8: MSTORE
000007b9: PUSH1 0x24
000007bb: ADD
000007bc: PUSH2 0x023d
000007bf: JUMP
000007c0: JUMPDEST
000007c1: PUSH1 0x00
000007c3: DUP1
000007c4: DUP6
000007c5: PUSH1 0x01
000007c7: PUSH1 0x01
000007c9: PUSH1 0xa0
000007cb: SHL
000007cc: SUB
000007cd: AND
000007ce: DUP5
000007cf: DUP7
000007d0: PUSH1 0x40
000007d2: MLOAD
000007d3: PUSH2 0x07dc
000007d6: SWAP2
000007d7: SWAP1
000007d8: PUSH2 0x0b0b
000007db: JUMP
000007dc: JUMPDEST
000007dd: PUSH1 0x00
000007df: PUSH1 0x40
000007e1: MLOAD
000007e2: DUP1
000007e3: DUP4
000007e4: SUB
000007e5: DUP2
000007e6: DUP6
000007e7: DUP8
000007e8: GAS
000007e9: CALL
000007ea: SWAP3
000007eb: POP
000007ec: POP
000007ed: POP
000007ee: RETURNDATASIZE
000007ef: DUP1
000007f0: PUSH1 0x00
000007f2: DUP2
000007f3: EQ
000007f4: PUSH2 0x0819
000007f7: JUMPI
000007f8: PUSH1 0x40
000007fa: MLOAD
000007fb: SWAP2
000007fc: POP
000007fd: PUSH1 0x1f
000007ff: NOT
00000800: PUSH1 0x3f
00000802: RETURNDATASIZE
00000803: ADD
00000804: AND
00000805: DUP3
00000806: ADD
00000807: PUSH1 0x40
00000809: MSTORE
0000080a: RETURNDATASIZE
0000080b: DUP3
0000080c: MSTORE
0000080d: RETURNDATASIZE
0000080e: PUSH1 0x00
00000810: PUSH1 0x20
00000812: DUP5
00000813: ADD
00000814: RETURNDATACOPY
00000815: PUSH2 0x081e
00000818: JUMP
00000819: JUMPDEST
0000081a: PUSH1 0x60
0000081c: SWAP2
0000081d: POP
0000081e: JUMPDEST
0000081f: POP
00000820: SWAP2
00000821: POP
00000822: SWAP2
00000823: POP
00000824: PUSH2 0x082e
00000827: DUP7
00000828: DUP4
00000829: DUP4
0000082a: PUSH2 0x0838
0000082d: JUMP
0000082e: JUMPDEST
0000082f: SWAP7
00000830: SWAP6
00000831: POP
00000832: POP
00000833: POP
00000834: POP
00000835: POP
00000836: POP
00000837: JUMP
00000838: JUMPDEST
00000839: PUSH1 0x60
0000083b: DUP3
0000083c: PUSH2 0x084d
0000083f: JUMPI
00000840: PUSH2 0x0848
00000843: DUP3
00000844: PUSH2 0x0894
00000847: JUMP
00000848: JUMPDEST
00000849: PUSH2 0x0794
0000084c: JUMP
0000084d: JUMPDEST
0000084e: DUP2
0000084f: MLOAD
00000850: ISZERO
00000851: DUP1
00000852: ISZERO
00000853: PUSH2 0x0864
00000856: JUMPI
00000857: POP
00000858: PUSH1 0x01
0000085a: PUSH1 0x01
0000085c: PUSH1 0xa0
0000085e: SHL
0000085f: SUB
00000860: DUP5
00000861: AND
00000862: EXTCODESIZE
00000863: ISZERO
00000864: JUMPDEST
00000865: ISZERO
00000866: PUSH2 0x088d
00000869: JUMPI
0000086a: PUSH1 0x40
0000086c: MLOAD
0000086d: PUSH4 0x9996b315
00000872: PUSH1 0xe0
00000874: SHL
00000875: DUP2
00000876: MSTORE
00000877: PUSH1 0x01
00000879: PUSH1 0x01
0000087b: PUSH1 0xa0
0000087d: SHL
0000087e: SUB
0000087f: DUP6
00000880: AND
00000881: PUSH1 0x04
00000883: DUP3
00000884: ADD
00000885: MSTORE
00000886: PUSH1 0x24
00000888: ADD
00000889: PUSH2 0x023d
0000088c: JUMP
0000088d: JUMPDEST
0000088e: POP
0000088f: DUP1
00000890: PUSH2 0x0794
00000893: JUMP
00000894: JUMPDEST
00000895: DUP1
00000896: MLOAD
00000897: ISZERO
00000898: PUSH2 0x08a4
0000089b: JUMPI
0000089c: DUP1
0000089d: MLOAD
0000089e: DUP1
0000089f: DUP3
000008a0: PUSH1 0x20
000008a2: ADD
000008a3: REVERT
000008a4: JUMPDEST
000008a5: PUSH1 0x40
000008a7: MLOAD
000008a8: PUSH4 0x0a12f521
000008ad: PUSH1 0xe1
000008af: SHL
000008b0: DUP2
000008b1: MSTORE
000008b2: PUSH1 0x04
000008b4: ADD
000008b5: PUSH1 0x40
000008b7: MLOAD
000008b8: DUP1
000008b9: SWAP2
000008ba: SUB
000008bb: SWAP1
000008bc: REVERT
000008bd: JUMPDEST
000008be: POP
000008bf: JUMP
000008c0: JUMPDEST
000008c1: PUSH1 0x01
000008c3: PUSH1 0x01
000008c5: PUSH1 0xa0
000008c7: SHL
000008c8: SUB
000008c9: DUP2
000008ca: AND
000008cb: DUP2
000008cc: EQ
000008cd: PUSH2 0x08bd
000008d0: JUMPI
000008d1: PUSH1 0x00
000008d3: DUP1
000008d4: REVERT
000008d5: JUMPDEST
000008d6: PUSH1 0x00
000008d8: DUP1
000008d9: PUSH1 0x40
000008db: DUP4
000008dc: DUP6
000008dd: SUB
000008de: SLT
000008df: ISZERO
000008e0: PUSH2 0x08e8
000008e3: JUMPI
000008e4: PUSH1 0x00
000008e6: DUP1
000008e7: REVERT
000008e8: JUMPDEST
000008e9: DUP3
000008ea: CALLDATALOAD
000008eb: SWAP2
000008ec: POP
000008ed: PUSH1 0x20
000008ef: DUP4
000008f0: ADD
000008f1: CALLDATALOAD
000008f2: PUSH2 0x08fa
000008f5: DUP2
000008f6: PUSH2 0x08c0
000008f9: JUMP
000008fa: JUMPDEST
000008fb: DUP1
000008fc: SWAP2
000008fd: POP
000008fe: POP
000008ff: SWAP3
00000900: POP
00000901: SWAP3
00000902: SWAP1
00000903: POP
00000904: JUMP
00000905: JUMPDEST
00000906: PUSH1 0x00
00000908: DUP1
00000909: PUSH1 0x00
0000090b: PUSH1 0x60
0000090d: DUP5
0000090e: DUP7
0000090f: SUB
00000910: SLT
00000911: ISZERO
00000912: PUSH2 0x091a
00000915: JUMPI
00000916: PUSH1 0x00
00000918: DUP1
00000919: REVERT
0000091a: JUMPDEST
0000091b: DUP4
0000091c: CALLDATALOAD
0000091d: PUSH2 0x0925
00000920: DUP2
00000921: PUSH2 0x08c0
00000924: JUMP
00000925: JUMPDEST
00000926: SWAP3
00000927: POP
00000928: PUSH1 0x20
0000092a: DUP5
0000092b: ADD
0000092c: CALLDATALOAD
0000092d: SWAP2
0000092e: POP
0000092f: PUSH1 0x40
00000931: DUP5
00000932: ADD
00000933: CALLDATALOAD
00000934: PUSH2 0x093c
00000937: DUP2
00000938: PUSH2 0x08c0
0000093b: JUMP
0000093c: JUMPDEST
0000093d: DUP1
0000093e: SWAP2
0000093f: POP
00000940: POP
00000941: SWAP3
00000942: POP
00000943: SWAP3
00000944: POP
00000945: SWAP3
00000946: JUMP
00000947: JUMPDEST
00000948: PUSH1 0x00
0000094a: DUP1
0000094b: DUP4
0000094c: PUSH1 0x1f
0000094e: DUP5
0000094f: ADD
00000950: SLT
00000951: PUSH2 0x0959
00000954: JUMPI
00000955: PUSH1 0x00
00000957: DUP1
00000958: REVERT
00000959: JUMPDEST
0000095a: POP
0000095b: DUP2
0000095c: CALLDATALOAD
0000095d: PUSH8 0xffffffffffffffff
00000966: DUP2
00000967: GT
00000968: ISZERO
00000969: PUSH2 0x0971
0000096c: JUMPI
0000096d: PUSH1 0x00
0000096f: DUP1
00000970: REVERT
00000971: JUMPDEST
00000972: PUSH1 0x20
00000974: DUP4
00000975: ADD
00000976: SWAP2
00000977: POP
00000978: DUP4
00000979: PUSH1 0x20
0000097b: DUP3
0000097c: PUSH1 0x06
0000097e: SHL
0000097f: DUP6
00000980: ADD
00000981: ADD
00000982: GT
00000983: ISZERO
00000984: PUSH2 0x098c
00000987: JUMPI
00000988: PUSH1 0x00
0000098a: DUP1
0000098b: REVERT
0000098c: JUMPDEST
0000098d: SWAP3
0000098e: POP
0000098f: SWAP3
00000990: SWAP1
00000991: POP
00000992: JUMP
00000993: JUMPDEST
00000994: PUSH1 0x00
00000996: DUP1
00000997: PUSH1 0x00
00000999: PUSH1 0x40
0000099b: DUP5
0000099c: DUP7
0000099d: SUB
0000099e: SLT
0000099f: ISZERO
000009a0: PUSH2 0x09a8
000009a3: JUMPI
000009a4: PUSH1 0x00
000009a6: DUP1
000009a7: REVERT
000009a8: JUMPDEST
000009a9: DUP4
000009aa: CALLDATALOAD
000009ab: PUSH2 0x09b3
000009ae: DUP2
000009af: PUSH2 0x08c0
000009b2: JUMP
000009b3: JUMPDEST
000009b4: SWAP3
000009b5: POP
000009b6: PUSH1 0x20
000009b8: DUP5
000009b9: ADD
000009ba: CALLDATALOAD
000009bb: PUSH8 0xffffffffffffffff
000009c4: DUP2
000009c5: GT
000009c6: ISZERO
000009c7: PUSH2 0x09cf
000009ca: JUMPI
000009cb: PUSH1 0x00
000009cd: DUP1
000009ce: REVERT
000009cf: JUMPDEST
000009d0: PUSH2 0x09db
000009d3: DUP7
000009d4: DUP3
000009d5: DUP8
000009d6: ADD
000009d7: PUSH2 0x0947
000009da: JUMP
000009db: JUMPDEST
000009dc: SWAP5
000009dd: SWAP8
000009de: SWAP1
000009df: SWAP7
000009e0: POP
000009e1: SWAP4
000009e2: SWAP5
000009e3: POP
000009e4: POP
000009e5: POP
000009e6: POP
000009e7: JUMP
000009e8: JUMPDEST
000009e9: PUSH1 0x00
000009eb: DUP1
000009ec: PUSH1 0x40
000009ee: DUP4
000009ef: DUP6
000009f0: SUB
000009f1: SLT
000009f2: ISZERO
000009f3: PUSH2 0x09fb
000009f6: JUMPI
000009f7: PUSH1 0x00
000009f9: DUP1
000009fa: REVERT
000009fb: JUMPDEST
000009fc: DUP3
000009fd: CALLDATALOAD
000009fe: PUSH2 0x0a06
00000a01: DUP2
00000a02: PUSH2 0x08c0
00000a05: JUMP
00000a06: JUMPDEST
00000a07: SWAP2
00000a08: POP
00000a09: PUSH1 0x20
00000a0b: DUP4
00000a0c: ADD
00000a0d: CALLDATALOAD
00000a0e: PUSH2 0x08fa
00000a11: DUP2
00000a12: PUSH2 0x08c0
00000a15: JUMP
00000a16: JUMPDEST
00000a17: PUSH1 0x00
00000a19: DUP1
00000a1a: PUSH1 0x20
00000a1c: DUP4
00000a1d: DUP6
00000a1e: SUB
00000a1f: SLT
00000a20: ISZERO
00000a21: PUSH2 0x0a29
00000a24: JUMPI
00000a25: PUSH1 0x00
00000a27: DUP1
00000a28: REVERT
00000a29: JUMPDEST
00000a2a: DUP3
00000a2b: CALLDATALOAD
00000a2c: PUSH8 0xffffffffffffffff
00000a35: DUP2
00000a36: GT
00000a37: ISZERO
00000a38: PUSH2 0x0a40
00000a3b: JUMPI
00000a3c: PUSH1 0x00
00000a3e: DUP1
00000a3f: REVERT
00000a40: JUMPDEST
00000a41: PUSH2 0x0a4c
00000a44: DUP6
00000a45: DUP3
00000a46: DUP7
00000a47: ADD
00000a48: PUSH2 0x0947
00000a4b: JUMP
00000a4c: JUMPDEST
00000a4d: SWAP1
00000a4e: SWAP7
00000a4f: SWAP1
00000a50: SWAP6
00000a51: POP
00000a52: SWAP4
00000a53: POP
00000a54: POP
00000a55: POP
00000a56: POP
00000a57: JUMP
00000a58: JUMPDEST
00000a59: PUSH1 0x20
00000a5b: DUP1
00000a5c: DUP3
00000a5d: MSTORE
00000a5e: PUSH1 0x17
00000a60: SWAP1
00000a61: DUP3
00000a62: ADD
00000a63: MSTORE
00000a64: PUSH32 0x4f6e6c79206f776e65722063616e207769746864726177000000000000000000
00000a85: PUSH1 0x40
00000a87: DUP3
00000a88: ADD
00000a89: MSTORE
00000a8a: PUSH1 0x60
00000a8c: ADD
00000a8d: SWAP1
00000a8e: JUMP
00000a8f: JUMPDEST
00000a90: PUSH4 0x4e487b71
00000a95: PUSH1 0xe0
00000a97: SHL
00000a98: PUSH1 0x00
00000a9a: MSTORE
00000a9b: PUSH1 0x32
00000a9d: PUSH1 0x04
00000a9f: MSTORE
00000aa0: PUSH1 0x24
00000aa2: PUSH1 0x00
00000aa4: REVERT
00000aa5: JUMPDEST
00000aa6: PUSH1 0x00
00000aa8: PUSH1 0x20
00000aaa: DUP3
00000aab: DUP5
00000aac: SUB
00000aad: SLT
00000aae: ISZERO
00000aaf: PUSH2 0x0ab7
00000ab2: JUMPI
00000ab3: PUSH1 0x00
00000ab5: DUP1
00000ab6: REVERT
00000ab7: JUMPDEST
00000ab8: DUP2
00000ab9: CALLDATALOAD
00000aba: PUSH2 0x0794
00000abd: DUP2
00000abe: PUSH2 0x08c0
00000ac1: JUMP
00000ac2: JUMPDEST
00000ac3: PUSH1 0x00
00000ac5: PUSH1 0x01
00000ac7: DUP3
00000ac8: ADD
00000ac9: PUSH2 0x0ae2
00000acc: JUMPI
00000acd: PUSH4 0x4e487b71
00000ad2: PUSH1 0xe0
00000ad4: SHL
00000ad5: PUSH1 0x00
00000ad7: MSTORE
00000ad8: PUSH1 0x11
00000ada: PUSH1 0x04
00000adc: MSTORE
00000add: PUSH1 0x24
00000adf: PUSH1 0x00
00000ae1: REVERT
00000ae2: JUMPDEST
00000ae3: POP
00000ae4: PUSH1 0x01
00000ae6: ADD
00000ae7: SWAP1
00000ae8: JUMP
00000ae9: JUMPDEST
00000aea: PUSH1 0x00
00000aec: PUSH1 0x20
00000aee: DUP3
00000aef: DUP5
00000af0: SUB
00000af1: SLT
00000af2: ISZERO
00000af3: PUSH2 0x0afb
00000af6: JUMPI
00000af7: PUSH1 0x00
00000af9: DUP1
00000afa: REVERT
00000afb: JUMPDEST
00000afc: DUP2
00000afd: MLOAD
00000afe: DUP1
00000aff: ISZERO
00000b00: ISZERO
00000b01: DUP2
00000b02: EQ
00000b03: PUSH2 0x0794
00000b06: JUMPI
00000b07: PUSH1 0x00
00000b09: DUP1
00000b0a: REVERT
00000b0b: JUMPDEST
00000b0c: PUSH1 0x00
00000b0e: DUP3
00000b0f: MLOAD
00000b10: PUSH1 0x00
00000b12: JUMPDEST
00000b13: DUP2
00000b14: DUP2
00000b15: LT
00000b16: ISZERO
00000b17: PUSH2 0x0b2c
00000b1a: JUMPI
00000b1b: PUSH1 0x20
00000b1d: DUP2
00000b1e: DUP7
00000b1f: ADD
00000b20: DUP2
00000b21: ADD
00000b22: MLOAD
00000b23: DUP6
00000b24: DUP4
00000b25: ADD
00000b26: MSTORE
00000b27: ADD
00000b28: PUSH2 0x0b12
00000b2b: JUMP
00000b2c: JUMPDEST
00000b2d: POP
00000b2e: PUSH1 0x00
00000b30: SWAP3
00000b31: ADD
00000b32: SWAP2
00000b33: DUP3
00000b34: MSTORE
00000b35: POP
00000b36: SWAP2
00000b37: SWAP1
00000b38: POP
00000b39: JUMP
00000b3a: INVALID
00000b3b: LOG2
00000b3c: PUSH5 0x6970667358
00000b42: UNKNOWN(0x22)
00000b43: SLT
00000b44: KECCAK256
00000b45: UNKNOWN(0x1F)
00000b46: ADDRESS
00000b47: UNKNOWN(0xEE)
00000b48: MUL
00000b49: UNKNOWN(0xE8)
00000b4a: PUSH10 0x0367ce84c0020f2a4225
00000b55: CREATE
00000b56: INVALID
00000b57: PUSH1 0xe5
00000b59: DUP6
00000b5a: MSTORE
00000b5b: UNKNOWN(0xD8)
00000b5c: UNKNOWN(0xD8)
00000b5d: ADDMOD
00000b5e: UNKNOWN(0xD6)
00000b5f: UNKNOWN(0xCD)
00000b60: INVALID
00000b61: CALLDATASIZE
00000b62: UNKNOWN(0xA9)
00000b63: UNKNOWN(0xC5)
00000b64: UNKNOWN(0xD6)
00000b65: PUSH5 0x736f6c6343
00000b6b: STOP
00000b6c: ADDMOD
00000b6d: EQ
00000b6e: STOP
00000b6f: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical auth codex Unprotected initializer allows ownership takeover if the contract is uninitialized 90 no
view
evidence_json 
{
    "evidence": "At 0x047b the function loads the Initializable storage slot `0xf0c57e...` and checks `_initialized/_initializing` plus `ADDRESS EXTCODESIZE` (initializer guard) but never checks CALLER. It then writes calldata-provided addresses into slot0 and slot1 (SSTORE at ~0x0553 and ~0x0564) and emits `Initialized(uint64)` (topic `0xc7f505...`). Withdraw paths at 0x01fe (ETH via 0x0643 CALL with value) and 0x02c7 (ERC20 transfer via 0x06da) authorize only slot0/slot1, so a caller who initializes themselves can drain funds.",
    "locations": [
        "BYTECODE_BUNDLE.txt:0x047b",
        "BYTECODE_BUNDLE.txt:0x04db",
        "BYTECODE_BUNDLE.txt:0x0535",
        "BYTECODE_BUNDLE.txt:0x0554",
        "BYTECODE_BUNDLE.txt:0x01fe",
        "BYTECODE_BUNDLE.txt:0x02c7",
        "BYTECODE_BUNDLE.txt:0x0643",
        "BYTECODE_BUNDLE.txt:0x06da"
    ],
    "recommendation": "Initialize in the deployment flow (or proxy constructor) and/or add access control to the initializer; consider calling `_disableInitializers()` on the implementation to prevent takeovers.",
    "exploit_scenario": "If the Initializable slot indicates `_initialized == 0` (e.g., freshly deployed proxy or implementation left uninitialized), any address can call selector `0xf09a4016` with attacker-controlled addresses to set slot0/slot1. The attacker then calls `0x62f714ce` to withdraw ETH (or `0x5fc3ea0b`/`0x68638cdf` to transfer ERC20s) to their own address. While slot0==0, the owner==0-gated paths (`0x7c7a518d`/`0x434f94df`) also allow direct ETH/token withdrawal without setting ownership."
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x2cc5c4e6cf72312315ce8aa24d3a43aa3ffba1ec28732c048196b0b387d81167
call_targets: 0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x2cc5c4e6cf72312315ce8aa24d3a43aa3ffba1ec28732c048196b0b387d81167",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8040fcb1",
            "selector": "0x8040fcb1",
            "calldata_variants": [
                "0x8040fcb1",
                "0x8040fcb10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc45a0155",
            "selector": "0xc45a0155",
            "calldata_variants": [
                "0xc45a0155",
                "0xc45a01550000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf09a4016",
            "selector": "0xf09a4016",
            "calldata_variants": [
                "0xf09a4016",
                "0xf09a40160000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfdcc0822",
            "selector": "0xfdcc0822",
            "calldata_variants": [
                "0xfdcc0822",
                "0xfdcc08220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x434f94df",
            "selector": "0x434f94df",
            "calldata_variants": [
                "0x434f94df",
                "0x434f94df0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5fc3ea0b",
            "selector": "0x5fc3ea0b",
            "calldata_variants": [
                "0x5fc3ea0b",
                "0x5fc3ea0b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x68638cdf",
            "selector": "0x68638cdf",
            "calldata_variants": [
                "0x68638cdf",
                "0x68638cdf0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 896,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1667,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 2025,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x2cc5c4e6cf72312315ce8aa24d3a43aa3ffba1ec28732c048196b0b387d81167
call_targets: 0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x2cc5c4e6cf72312315ce8aa24d3a43aa3ffba1ec28732c048196b0b387d81167",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8040fcb1",
            "selector": "0x8040fcb1",
            "calldata_variants": [
                "0x8040fcb1",
                "0x8040fcb10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc45a0155",
            "selector": "0xc45a0155",
            "calldata_variants": [
                "0xc45a0155",
                "0xc45a01550000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf09a4016",
            "selector": "0xf09a4016",
            "calldata_variants": [
                "0xf09a4016",
                "0xf09a40160000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfdcc0822",
            "selector": "0xfdcc0822",
            "calldata_variants": [
                "0xfdcc0822",
                "0xfdcc08220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x434f94df",
            "selector": "0x434f94df",
            "calldata_variants": [
                "0x434f94df",
                "0x434f94df0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5fc3ea0b",
            "selector": "0x5fc3ea0b",
            "calldata_variants": [
                "0x5fc3ea0b",
                "0x5fc3ea0b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x68638cdf",
            "selector": "0x68638cdf",
            "calldata_variants": [
                "0x68638cdf",
                "0x68638cdf0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 896,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 1667,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 2025,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0xfd1a59135e5755f1308cd41369d50f66811d65938a9cca3cc1d7cd048ff1d3c3
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 18,
    "trace_id": "0xfd1a59135e5755f1308cd41369d50f66811d65938a9cca3cc1d7cd048ff1d3c3",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x8040fcb1",
            "selector": "0x8040fcb1",
            "calldata_variants": [
                "0x8040fcb1",
                "0x8040fcb10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8da5cb5b",
            "selector": "0x8da5cb5b",
            "calldata_variants": [
                "0x8da5cb5b",
                "0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc45a0155",
            "selector": "0xc45a0155",
            "calldata_variants": [
                "0xc45a0155",
                "0xc45a01550000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf09a4016",
            "selector": "0xf09a4016",
            "calldata_variants": [
                "0xf09a4016",
                "0xf09a40160000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfdcc0822",
            "selector": "0xfdcc0822",
            "calldata_variants": [
                "0xfdcc0822",
                "0xfdcc08220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x434f94df",
            "selector": "0x434f94df",
            "calldata_variants": [
                "0x434f94df",
                "0x434f94df0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5fc3ea0b",
            "selector": "0x5fc3ea0b",
            "calldata_variants": [
                "0x5fc3ea0b",
                "0x5fc3ea0b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x68638cdf",
            "selector": "0x68638cdf",
            "calldata_variants": [
                "0x68638cdf",
                "0x68638cdf0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 1,
    "create2_count": 0
}
low other cast Contract creation opcode present 60 no
view
evidence_json 
{
    "notes": "runtime can deploy contracts dynamically via CREATE/CREATE2",
    "create_count": 1,
    "create2_count": 0
}