fc5fafa4-8219-4180-92c7-254b4224ebbc
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 31453 | report.consolidate | complete | 1 / 1 | 3 months ago |
| 77344 | artifact.fetch | failed | 1 / 3 | 2 weeks ago |
| 77345 | tool.cast_disasm | complete | 1 / 3 | 2 weeks ago |
| 77346 | analysis.bundle | complete | 1 / 3 | 2 weeks ago |
| 77347 | capability.graph | complete | 1 / 3 | 2 weeks ago |
| 77348 | detector.run | complete | 1 / 3 | 2 weeks ago |
| 77349 | validation.fork | complete | 1 / 3 | 2 weeks ago |
No slither job recorded yet.
[codex:292519] OpenAI Codex v0.77.0 (research preview)
[codex:292519] --------
[codex:292519] workdir: /tmp/codex-multi-64rgfz9r
[codex:292519] model: gpt-5.2-codex
[codex:292519] provider: openai
[codex:292519] approval: never
[codex:292519] sandbox: read-only
[codex:292519] reasoning effort: xhigh
[codex:292519] reasoning summaries: auto
[codex:292519] session id: 019b85aa-9b40-70b0-9dbc-a39f8b9fa4f0
[codex:292519] --------
[codex:292519] user
[codex:292519] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:292519]
[codex:292519] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:292519]
[codex:292519] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:292519] - Gas inefficiency, code quality, naming, or best practices
[codex:292519] - Theoretical vulnerabilities without a clear extraction path
[codex:292519] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:292519] - Front-running unless it enables theft beyond MEV
[codex:292519] - DoS, griefing, or issues that don't result in attacker profit
[codex:292519] - Missing events, view function issues, or informational findings
[codex:292519]
[codex:292519] HIGH-VALUE PATTERNS TO HUNT:
[codex:292519] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:292519] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:292519] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:292519] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:292519] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:292519] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:292519] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:292519] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:292519] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:292519]
[codex:292519] For each finding, you MUST provide:
[codex:292519] 1. Exact file and line numbers of vulnerable code
[codex:292519] 2. Step-by-step exploit transaction sequence
[codex:292519] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:292519]
[codex:292519] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:292519]
[codex:292519] Output MUST be valid JSON matching the provided schema.
[codex:292519] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:292519] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:292519] mcp startup: no servers
[codex:292519]
[codex:292519] thinking
[codex:292519] **Planning audit review**
[codex:292519] exec
[codex:292519] /bin/bash -lc ls in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] AUDIT_BUNDLE.txt
[codex:292519] codex-output-schema.json
[codex:292519] contracts
[codex:292519] exec
[codex:292519] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-64rgfz9r succeeded in 5ms:
[codex:292519] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:292519]
[codex:292519] ================================================================================
[codex:292519] FILE: contracts/Contract.sol
[codex:292519] ================================================================================
[codex:292519] /*
[codex:292519] The MIT License (MIT)
[codex:292519]
[codex:292519] Copyright 2017 - 2018, Alchemy Limited, LLC and Smart Contract Solutions.
[codex:292519]
[codex:292519] Permission is hereby granted, free of charge, to any person obtaining
[codex:292519] a copy of this software and associated documentation files (the
[codex:292519] "Software"), to deal in the Software without restriction, including
[codex:292519] without limitation the rights to use, copy, modify, merge, publish,
[codex:292519] distribute, sublicense, and/or sell copies of the Software, and to
[codex:292519] permit persons to whom the Software is furnished to do so, subject to
[codex:292519] the following conditions:
[codex:292519]
[codex:292519] The above copyright notice and this permission notice shall be included
[codex:292519] in all copies or substantial portions of the Software.
[codex:292519]
[codex:292519] thinking
[codex:292519] **Investigating potential exploits and access controls**
[codex:292519] exec
[codex:292519] /bin/bash -lc 'rg -n "contract Auctions|function buy|withdraw|redeem|claim|refund|transfer" AUDIT_BUNDLE.txt' in /tmp/codex-multi-64rgfz9r succeeded in 16ms:
[codex:292519] 165: /// @return Reserve token redeemed
[codex:292519] 305: function transfer(address _to, uint256 _value) public returns (bool);
[codex:292519] 306: function transferFrom(address _from, address _to, uint256 _value) public returns (bool);
[codex:292519] 329: /// @notice Allows the current owner to transfer control of the contract to a newOwner.
[codex:292519] 347: /// @notice Allows the current owner to transfer control of the contract to a newOwner.
[codex:292519] 461: function transfer(address _to, uint256 _value) public returns (bool) {
[codex:292519] 480: /// @param _value Amount of tokens to transfer
[codex:292519] 482: function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
[codex:292519] 519: if (!transfer(a, amount)) revert();
[codex:292519] 569: bool public transferAllowed;
[codex:292519] 576: /// @notice Transferable modifier to allow transfer only after initial auction ended.
[codex:292519] 577: modifier transferable() {
[codex:292519] 578: require(transferAllowed);
[codex:292519] 583: require(!transferAllowed && Auctions(minter).isInitialAuctionEnded());
[codex:292519] 584: transferAllowed = true;
[codex:292519] 589: /// @param _to address The address which you want to transfer to
[codex:292519] 590: /// @param _value uint256 the amout of tokens to be transfered
[codex:292519] 591: function transfer(address _to, uint256 _value) public transferable returns (bool) {
[codex:292519] 592: return super.transfer(_to, _value);
[codex:292519] 597: /// @param _from address The address from which you want to transfer
[codex:292519]
[codex:292519] thinking
[codex:292519] **Analyzing auction-related functions for vulnerabilities**
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '900,1150p'" in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 900 redeemable = redemptionReturn(which, _amount);
[codex:292519] 901 require(redeemable >= _minReturn);
[codex:292519] 902
[codex:292519] 903 uint256 reserveBalance = balanceOf(which);
[codex:292519] 904 require(reserveBalance >= redeemable);
[codex:292519] 905
[codex:292519] 906 uint256 tokenSupply = smartToken.totalSupply();
[codex:292519] 907 require(_amount < tokenSupply);
[codex:292519] 908
[codex:292519] 909 smartToken.destroy(msg.sender, _amount);
[codex:292519] 910 if (which == WhichToken.Eth) {
[codex:292519] 911 msg.sender.transfer(redeemable);
[codex:292519] 912 } else {
[codex:292519] 913 require(reserveToken.transfer(msg.sender, redeemable));
[codex:292519] 914 }
[codex:292519] 915 }
[codex:292519] 916
[codex:292519] 917 function redemptionReturn(WhichToken which, uint smartTokensSent) internal view returns (uint256) {
[codex:292519] 918 uint smartTokenSupply = smartToken.totalSupply();
[codex:292519] 919 uint reserveTokenBalance = balanceOf(which);
[codex:292519]
[codex:292519] thinking
[codex:292519] **Analyzing auction fallback and refund logic**
[codex:292519] exec
[codex:292519] /bin/bash -lc 'rg -n "function init|set|update|mintable|dailyMintable|prepareAuction" AUDIT_BUNDLE.txt' in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 195: function initPricer() public {
[codex:292519] 389: function initMintable(address _autonomousConverter, address _minter, uint _initialSupply,
[codex:292519] 408: /// @notice set address of token porter
[codex:292519] 410: function setTokenPorter(address _tokenPorter) public onlyOwner returns (bool) {
[codex:292519] 447: function initToken(address _autonomousConverter, address _minter,
[codex:292519] 556: function initSmartToken(address _autonomousConverter, address _minter, uint _initialSupply) public onlyOwner {
[codex:292519] 571: function initMETToken(address _autonomousConverter, address _minter,
[codex:292519] 614: function setRoot(bytes32 data) public {
[codex:292519] 633: /// _importData[3] is _burnedAtTick, _importData[4] is _genesisTime, _importData[5] is _dailyMintable
[codex:292519] 791: function init(address _reserveToken, address _smartToken, address _auctions)
[codex:292519] 938: function initProceeds(address _autonomousConverter, address _auctions) public onlyOwner {
[codex:292519] 986: uint public mintable = INITIAL_SUPPLY;
[codex:292519] 1001: mintable = INITIAL_SUPPLY - 2000000 * METDECMULT;
[codex:292519] 1051: assert(tokens <= mintable);
[codex:292519] 1052: mintable = mintable.sub(tokens);
[codex:292519] 1127: uint _dailyMintable,
[codex:292519] 1146: _dailyMintable = dailyMintable();
[codex:292519] 1176: mintable = 0; //
[codex:292519] 1214: function initAuctions(uint _startTime, uint _minimumPrice, uint _startingPrice, uint _timeScale)
[codex:292519] 1372: /// @notice Daily mintable MET in current auction
[codex:292519]
[codex:292519] thinking
[codex:292519] **Checking initialization security**
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '1140,1320p'" in /tmp/codex-multi-64rgfz9r succeeded in 7ms:
[codex:292519] 1140 } else {
[codex:292519] 1141 nextAuctionGMT = (currAuction * DAY_IN_SECONDS) / timeScale + dailyAuctionStartTime;
[codex:292519] 1142 }
[codex:292519] 1143 genesisGMT = genesisTime;
[codex:292519] 1144
[codex:292519] 1145 currentAuctionPrice = currentPrice();
[codex:292519] 1146 _dailyMintable = dailyMintable();
[codex:292519] 1147 minting = currentMintable();
[codex:292519] 1148 _lastPurchasePrice = lastPurchasePrice;
[codex:292519] 1149 }
[codex:292519] 1150
[codex:292519] 1151 /// @notice Skip Initialization and minting if we're not the OG Metronome
[codex:292519] 1152 /// @param _token MET token contract address
[codex:292519] 1153 /// @param _proceeds Address of Proceeds contract
[codex:292519] 1154 /// @param _genesisTime The block.timestamp when first auction started on OG chain
[codex:292519] 1155 /// @param _minimumPrice Nobody can buy tokens for less than this price
[codex:292519] 1156 /// @param _startingPrice Start price of MET when first auction starts
[codex:292519] 1157 /// @param _timeScale time scale factor for auction. will be always 1 in live environment
[codex:292519] 1158 /// @param _chain chain where this contract is being deployed
[codex:292519] 1159 /// @param _initialAuctionEndTime Initial Auction end time in ETH chain.
[codex:292519]
[codex:292519] thinking
[codex:292519] **Continuing function review**
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '1320,1550p'" in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 1320 return (initialAuctionEndTime != 0 &&
[codex:292519] 1321 (now >= initialAuctionEndTime || token.totalSupply() >= INITIAL_SUPPLY));
[codex:292519] 1322 }
[codex:292519] 1323
[codex:292519] 1324 /// @notice Global MET supply
[codex:292519] 1325 function globalMetSupply() public view returns (uint) {
[codex:292519] 1326
[codex:292519] 1327 uint currAuc = currentAuction();
[codex:292519] 1328 if (currAuc > AUCTION_WHEN_PERCENTAGE_LOGIC_STARTS) {
[codex:292519] 1329 return globalSupplyAfterPercentageLogic;
[codex:292519] 1330 } else {
[codex:292519] 1331 return INITIAL_SUPPLY.add(INITIAL_GLOBAL_DAILY_SUPPLY.mul(currAuc));
[codex:292519] 1332 }
[codex:292519] 1333 }
[codex:292519] 1334
[codex:292519] 1335 /// @notice Global MET daily supply. Daily supply is greater of 1) 2880 2)2% of then outstanding supply per year.
[codex:292519] 1336 /// @dev 2% logic will kicks in at 14792th auction.
[codex:292519] 1337 function globalDailySupply() public view returns (uint) {
[codex:292519] 1338 uint dailySupply = INITIAL_GLOBAL_DAILY_SUPPLY;
[codex:292519] 1339 uint thisAuction = currentAuction();
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '1550,1710p'" in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 1550 prevPrice = priceAt(lastPurchasePrice, numTicksTillAuctionStart(_tick)) * 2;
[codex:292519] 1551 }
[codex:292519] 1552 }
[codex:292519] 1553 numTicks = numTicksSinceAuctionStart(_tick);
[codex:292519] 1554 } else {
[codex:292519] 1555 //Auction is running
[codex:292519] 1556 prevPrice = lastPurchasePrice;
[codex:292519] 1557 numTicks = _tick - lastPurchaseTick;
[codex:292519] 1558 }
[codex:292519] 1559
[codex:292519] 1560 require(numTicks >= 0);
[codex:292519] 1561
[codex:292519] 1562 if (isInitialAuctionEnded()) {
[codex:292519] 1563 weiPerToken = priceAt(prevPrice, numTicks);
[codex:292519] 1564 } else {
[codex:292519] 1565 weiPerToken = priceAtInitialAuction(prevPrice, numTicks);
[codex:292519] 1566 }
[codex:292519] 1567 }
[codex:292519] 1568
[codex:292519] 1569 /// @notice Calculate number of ticks elapsed between auction start time and given tick.
[codex:292519]
[codex:292519] thinking
[codex:292519] **Investigating potential reentrancy in AutonomousConverter**
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '700,930p'" in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 700 return true;
[codex:292519] 701 }
[codex:292519] 702
[codex:292519] 703 /// @notice get subcription details
[codex:292519] 704 /// @param _owner
[codex:292519] 705 /// @param _recipient
[codex:292519] 706 /// @return startTime, payPerWeek, lastWithdrawTime
[codex:292519] 707 function getSubscription(address _owner, address _recipient) public constant
[codex:292519] 708 returns (uint startTime, uint payPerWeek, uint lastWithdrawTime)
[codex:292519] 709 {
[codex:292519] 710 Sub storage sub = subs[_owner][_recipient];
[codex:292519] 711 return (
[codex:292519] 712 sub.startTime,
[codex:292519] 713 sub.payPerWeek,
[codex:292519] 714 sub.lastWithdrawTime
[codex:292519] 715 );
[codex:292519] 716 }
[codex:292519] 717
[codex:292519] 718 /// @notice caller can withdraw the token from subscribers.
[codex:292519] 719 /// @param _owner subcriber
[codex:292519]
[codex:292519] thinking
[codex:292519] **Analyzing token balance handling in conversions**
[codex:292519] exec
[codex:292519] /bin/bash -lc "nl -ba AUDIT_BUNDLE.txt | sed -n '520,700p'" in /tmp/codex-multi-64rgfz9r succeeded in 6ms:
[codex:292519] 520 }
[codex:292519] 521
[codex:292519] 522 return true;
[codex:292519] 523 }
[codex:292519] 524
[codex:292519] 525 /// @notice Increase allowance of spender
[codex:292519] 526 /// @param _spender Spender of the tokens
[codex:292519] 527 /// @param _value Amount of tokens that can be spent by spender
[codex:292519] 528 /// @return true/false
[codex:292519] 529 function approveMore(address _spender, uint256 _value) public returns (bool) {
[codex:292519] 530 uint previous = _allowance[msg.sender][_spender];
[codex:292519] 531 uint newAllowance = previous.add(_value);
[codex:292519] 532 _allowance[msg.sender][_spender] = newAllowance;
[codex:292519] 533 emit Approval(msg.sender, _spender, newAllowance);
[codex:292519] 534 return true;
[codex:292519] 535 }
[codex:292519] 536
[codex:292519] 537 /// @notice Decrease allowance of spender
[codex:292519] 538 /// @param _spender Spender of the tokens
[codex:292519] 539 /// @param _value Amount of tokens that can be spent by spender
[codex:292519]
[codex:292519]
[codex:292519]
[codex:292519]
[codex:292519] thinking
[codex:292519] **Examining potential token vulnerabilities**
[codex:292519] thinking
[codex:292519] **Evaluating arithmetic and access control robustness**
[codex:292519]
[codex:292519] I’m carefully checking if SafeMath protects against overflows in all critical calculations, especially around token imports, exports, conversions, and subscriptions. I’m also reviewing access controls on minting, burning, and state changes to see if any public functions might enable unauthorized profit, but so far, nothing concrete emerges. There might be edge cases where arithmetic could revert due to large values, but these likely cause transaction failures rather than profit.
[codex:292519] thinking
[codex:292519] **Analyzing conversion mechanics and subscription edge cases**
[codex:292519]
[codex:292519] I’m tracing the conversion logic between ETH and MET to see if reserve balance handling or rounding might enable profit, but it looks like the system leans conservative, preventing gain from circular conversions. I’m also checking subscription-related functions that bypass transfer restrictions, which might allow token moves before transfers are officially enabled, though this alone doesn’t appear exploitable for direct profit.
[codex:292519] thinking
[codex:292519] **Reviewing token export and auction purchase logic**
[codex:292519]
[codex:292519] I’m verifying if token export or burning can be exploited, but calls are correctly restricted to the token contract, preventing unauthorized burns. The auction’s daily purchase limit logic looks sound on refund and accumulation handling. ClaimReceivables and other functions do not present profit risks. Overall, I find no concrete exploitable issues leading to profit extraction here.
[codex:292519] codex
[codex:292519] {"no_findings":true,"summary":"No concrete, exploitable profit path to extract ETH/tokens/NFTs found in the provided sources.","findings":[]}
[codex:292519] tokens used
[codex:292519] 54,637
[codex:292519] {"no_findings":true,"summary":"No concrete, exploitable profit path to extract ETH/tokens/NFTs found in the provided sources.","findings":[]}
{
"codex": {
"ran_at": "2026-01-03T21:06:35.932456+00:00",
"returncode": 0
},
"summary": "No concrete, exploitable profit path to extract ETH/tokens/NFTs found in the provided sources.",
"raw_final": {
"summary": "No concrete, exploitable profit path to extract ETH/tokens/NFTs found in the provided sources.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"schema_version": 1
}
00000000: PUSH1 0x60 00000002: PUSH1 0x40 00000004: MSTORE 00000005: PUSH1 0x04 00000007: CALLDATASIZE 00000008: LT 00000009: PUSH2 0x007f 0000000c: JUMPI 0000000d: PUSH4 0xffffffff 00000012: PUSH1 0xe0 00000014: PUSH1 0x02 00000016: EXP 00000017: PUSH1 0x00 00000019: CALLDATALOAD 0000001a: DIV 0000001b: AND 0000001c: PUSH4 0x2af4c31e 00000021: DUP2 00000022: EQ 00000023: PUSH2 0x0084 00000026: JUMPI 00000027: DUP1 00000028: PUSH4 0x378252f2 0000002d: EQ 0000002e: PUSH2 0x00b7 00000031: JUMPI 00000032: DUP1 00000033: PUSH4 0x50b48c5e 00000038: EQ 00000039: PUSH2 0x00cc 0000003c: JUMPI 0000003d: DUP1 0000003e: PUSH4 0x7679a816 00000043: EQ 00000044: PUSH2 0x00fb 00000047: JUMPI 00000048: DUP1 00000049: PUSH4 0x79ba5097 0000004e: EQ 0000004f: PUSH2 0x0103 00000052: JUMPI 00000053: DUP1 00000054: PUSH4 0x85aa6103 00000059: EQ 0000005a: PUSH2 0x0116 0000005d: JUMPI 0000005e: DUP1 0000005f: PUSH4 0x8da5cb5b 00000064: EQ 00000065: PUSH2 0x0129 00000068: JUMPI 00000069: DUP1 0000006a: PUSH4 0xae71d5da 0000006f: EQ 00000070: PUSH2 0x013c 00000073: JUMPI 00000074: DUP1 00000075: PUSH4 0xd4ee1d90 0000007a: EQ 0000007b: PUSH2 0x0161 0000007e: JUMPI 0000007f: JUMPDEST 00000080: PUSH1 0x00 00000082: DUP1 00000083: REVERT 00000084: JUMPDEST 00000085: CALLVALUE 00000086: ISZERO 00000087: PUSH2 0x008f 0000008a: JUMPI 0000008b: PUSH1 0x00 0000008d: DUP1 0000008e: REVERT 0000008f: JUMPDEST 00000090: PUSH2 0x00a3 00000093: PUSH1 0x01 00000095: PUSH1 0xa0 00000097: PUSH1 0x02 00000099: EXP 0000009a: SUB 0000009b: PUSH1 0x04 0000009d: CALLDATALOAD 0000009e: AND 0000009f: PUSH2 0x0174 000000a2: JUMP 000000a3: JUMPDEST 000000a4: PUSH1 0x40 000000a6: MLOAD 000000a7: SWAP1 000000a8: ISZERO 000000a9: ISZERO 000000aa: DUP2 000000ab: MSTORE 000000ac: PUSH1 0x20 000000ae: ADD 000000af: PUSH1 0x40 000000b1: MLOAD 000000b2: DUP1 000000b3: SWAP2 000000b4: SUB 000000b5: SWAP1 000000b6: RETURN 000000b7: JUMPDEST 000000b8: CALLVALUE 000000b9: ISZERO 000000ba: PUSH2 0x00c2 000000bd: JUMPI 000000be: PUSH1 0x00 000000c0: DUP1 000000c1: REVERT 000000c2: JUMPDEST 000000c3: PUSH2 0x00ca 000000c6: PUSH2 0x01db 000000c9: JUMP 000000ca: JUMPDEST 000000cb: STOP 000000cc: JUMPDEST 000000cd: CALLVALUE 000000ce: ISZERO 000000cf: PUSH2 0x00d7 000000d2: JUMPI 000000d3: PUSH1 0x00 000000d5: DUP1 000000d6: REVERT 000000d7: JUMPDEST 000000d8: PUSH2 0x00df 000000db: PUSH2 0x03d9 000000de: JUMP 000000df: JUMPDEST 000000e0: PUSH1 0x40 000000e2: MLOAD 000000e3: PUSH1 0x01 000000e5: PUSH1 0xa0 000000e7: PUSH1 0x02 000000e9: EXP 000000ea: SUB 000000eb: SWAP1 000000ec: SWAP2 000000ed: AND 000000ee: DUP2 000000ef: MSTORE 000000f0: PUSH1 0x20 000000f2: ADD 000000f3: PUSH1 0x40 000000f5: MLOAD 000000f6: DUP1 000000f7: SWAP2 000000f8: SUB 000000f9: SWAP1 000000fa: RETURN 000000fb: JUMPDEST 000000fc: PUSH2 0x00ca 000000ff: PUSH2 0x03e8 00000102: JUMP 00000103: JUMPDEST 00000104: CALLVALUE 00000105: ISZERO 00000106: PUSH2 0x010e 00000109: JUMPI 0000010a: PUSH1 0x00 0000010c: DUP1 0000010d: REVERT 0000010e: JUMPDEST 0000010f: PUSH2 0x00a3 00000112: PUSH2 0x0442 00000115: JUMP 00000116: JUMPDEST 00000117: CALLVALUE 00000118: ISZERO 00000119: PUSH2 0x0121 0000011c: JUMPI 0000011d: PUSH1 0x00 0000011f: DUP1 00000120: REVERT 00000121: JUMPDEST 00000122: PUSH2 0x00df 00000125: PUSH2 0x04d3 00000128: JUMP 00000129: JUMPDEST 0000012a: CALLVALUE 0000012b: ISZERO 0000012c: PUSH2 0x0134 0000012f: JUMPI 00000130: PUSH1 0x00 00000132: DUP1 00000133: REVERT 00000134: JUMPDEST 00000135: PUSH2 0x00df 00000138: PUSH2 0x04e2 0000013b: JUMP 0000013c: JUMPDEST 0000013d: CALLVALUE 0000013e: ISZERO 0000013f: PUSH2 0x0147 00000142: JUMPI 00000143: PUSH1 0x00 00000145: DUP1 00000146: REVERT 00000147: JUMPDEST 00000148: PUSH2 0x00ca 0000014b: PUSH1 0x01 0000014d: PUSH1 0xa0 0000014f: PUSH1 0x02 00000151: EXP 00000152: SUB 00000153: PUSH1 0x04 00000155: CALLDATALOAD 00000156: DUP2 00000157: AND 00000158: SWAP1 00000159: PUSH1 0x24 0000015b: CALLDATALOAD 0000015c: AND 0000015d: PUSH2 0x04f1 00000160: JUMP 00000161: JUMPDEST 00000162: CALLVALUE 00000163: ISZERO 00000164: PUSH2 0x016c 00000167: JUMPI 00000168: PUSH1 0x00 0000016a: DUP1 0000016b: REVERT 0000016c: JUMPDEST 0000016d: PUSH2 0x00df 00000170: PUSH2 0x059f 00000173: JUMP 00000174: JUMPDEST 00000175: PUSH1 0x00 00000177: DUP1 00000178: SLOAD 00000179: CALLER 0000017a: PUSH1 0x01 0000017c: PUSH1 0xa0 0000017e: PUSH1 0x02 00000180: EXP 00000181: SUB 00000182: SWAP1 00000183: DUP2 00000184: AND 00000185: SWAP2 00000186: AND 00000187: EQ 00000188: PUSH2 0x0190 0000018b: JUMPI 0000018c: PUSH1 0x00 0000018e: DUP1 0000018f: REVERT 00000190: JUMPDEST 00000191: PUSH1 0x00 00000193: SLOAD 00000194: PUSH1 0x01 00000196: PUSH1 0xa0 00000198: PUSH1 0x02 0000019a: EXP 0000019b: SUB 0000019c: DUP4 0000019d: DUP2 0000019e: AND 0000019f: SWAP2 000001a0: AND 000001a1: EQ 000001a2: ISZERO 000001a3: PUSH2 0x01ab 000001a6: JUMPI 000001a7: PUSH1 0x00 000001a9: DUP1 000001aa: REVERT 000001ab: JUMPDEST 000001ac: POP 000001ad: PUSH1 0x01 000001af: DUP1 000001b0: SLOAD 000001b1: PUSH1 0x01 000001b3: PUSH1 0xa0 000001b5: PUSH1 0x02 000001b7: EXP 000001b8: SUB 000001b9: DUP4 000001ba: AND 000001bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000001d0: NOT 000001d1: SWAP1 000001d2: SWAP2 000001d3: AND 000001d4: OR 000001d5: DUP2 000001d6: SSTORE 000001d7: SWAP2 000001d8: SWAP1 000001d9: POP 000001da: JUMP 000001db: JUMPDEST 000001dc: PUSH1 0x03 000001de: SLOAD 000001df: PUSH1 0x00 000001e1: SWAP1 000001e2: DUP2 000001e3: SWAP1 000001e4: DUP2 000001e5: SWAP1 000001e6: PUSH1 0x01 000001e8: PUSH1 0xa0 000001ea: PUSH1 0x02 000001ec: EXP 000001ed: SUB 000001ee: AND 000001ef: PUSH4 0x21288400 000001f4: PUSH1 0x40 000001f6: MLOAD 000001f7: DUP2 000001f8: PUSH4 0xffffffff 000001fd: AND 000001fe: PUSH1 0xe0 00000200: PUSH1 0x02 00000202: EXP 00000203: MUL 00000204: DUP2 00000205: MSTORE 00000206: PUSH1 0x04 00000208: ADD 00000209: PUSH1 0x20 0000020b: PUSH1 0x40 0000020d: MLOAD 0000020e: DUP1 0000020f: DUP4 00000210: SUB 00000211: DUP2 00000212: PUSH1 0x00 00000214: DUP8 00000215: DUP1 00000216: EXTCODESIZE 00000217: ISZERO 00000218: ISZERO 00000219: PUSH2 0x0221 0000021c: JUMPI 0000021d: PUSH1 0x00 0000021f: DUP1 00000220: REVERT 00000221: JUMPDEST 00000222: GAS 00000223: CALL 00000224: ISZERO 00000225: ISZERO 00000226: PUSH2 0x022e 00000229: JUMPI 0000022a: PUSH1 0x00 0000022c: DUP1 0000022d: REVERT 0000022e: JUMPDEST 0000022f: POP 00000230: POP 00000231: POP 00000232: PUSH1 0x40 00000234: MLOAD 00000235: DUP1 00000236: MLOAD 00000237: PUSH1 0x03 00000239: SLOAD 0000023a: SWAP1 0000023b: SWAP5 0000023c: POP 0000023d: PUSH1 0x01 0000023f: PUSH1 0xa0 00000241: PUSH1 0x02 00000243: EXP 00000244: SUB 00000245: AND 00000246: SWAP1 00000247: POP 00000248: PUSH4 0x496a698d 0000024d: PUSH1 0x40 0000024f: MLOAD 00000250: DUP2 00000251: PUSH4 0xffffffff 00000256: AND 00000257: PUSH1 0xe0 00000259: PUSH1 0x02 0000025b: EXP 0000025c: MUL 0000025d: DUP2 0000025e: MSTORE 0000025f: PUSH1 0x04 00000261: ADD 00000262: PUSH1 0x20 00000264: PUSH1 0x40 00000266: MLOAD 00000267: DUP1 00000268: DUP4 00000269: SUB 0000026a: DUP2 0000026b: PUSH1 0x00 0000026d: DUP8 0000026e: DUP1 0000026f: EXTCODESIZE 00000270: ISZERO 00000271: ISZERO 00000272: PUSH2 0x027a 00000275: JUMPI 00000276: PUSH1 0x00 00000278: DUP1 00000279: REVERT 0000027a: JUMPDEST 0000027b: GAS 0000027c: CALL 0000027d: ISZERO 0000027e: ISZERO 0000027f: PUSH2 0x0287 00000282: JUMPI 00000283: PUSH1 0x00 00000285: DUP1 00000286: REVERT 00000287: JUMPDEST 00000288: POP 00000289: POP 0000028a: POP 0000028b: PUSH1 0x40 0000028d: MLOAD 0000028e: DUP1 0000028f: MLOAD 00000290: SWAP3 00000291: POP 00000292: PUSH2 0x02c0 00000295: SWAP1 00000296: POP 00000297: PUSH2 0x2710 0000029a: PUSH2 0x02b4 0000029d: PUSH1 0x01 0000029f: PUSH1 0xa0 000002a1: PUSH1 0x02 000002a3: EXP 000002a4: SUB 000002a5: ADDRESS 000002a6: AND 000002a7: BALANCE 000002a8: PUSH1 0x19 000002aa: PUSH4 0xffffffff 000002af: PUSH2 0x05ae 000002b2: AND 000002b3: JUMP 000002b4: JUMPDEST 000002b5: SWAP1 000002b6: PUSH4 0xffffffff 000002bb: PUSH2 0x05e4 000002be: AND 000002bf: JUMP 000002c0: JUMPDEST 000002c1: SWAP1 000002c2: POP 000002c3: PUSH1 0x00 000002c5: DUP2 000002c6: GT 000002c7: DUP1 000002c8: ISZERO 000002c9: PUSH2 0x032f 000002cc: JUMPI 000002cd: POP 000002ce: PUSH1 0x03 000002d0: SLOAD 000002d1: PUSH1 0x01 000002d3: PUSH1 0xa0 000002d5: PUSH1 0x02 000002d7: EXP 000002d8: SUB 000002d9: AND 000002da: PUSH4 0xfde9cded 000002df: DUP5 000002e0: PUSH1 0x40 000002e2: MLOAD 000002e3: PUSH1 0xe0 000002e5: PUSH1 0x02 000002e7: EXP 000002e8: PUSH4 0xffffffff 000002ed: DUP5 000002ee: AND 000002ef: MUL 000002f0: DUP2 000002f1: MSTORE 000002f2: PUSH1 0x04 000002f4: DUP2 000002f5: ADD 000002f6: SWAP2 000002f7: SWAP1 000002f8: SWAP2 000002f9: MSTORE 000002fa: PUSH1 0x24 000002fc: ADD 000002fd: PUSH1 0x20 000002ff: PUSH1 0x40 00000301: MLOAD 00000302: DUP1 00000303: DUP4 00000304: SUB 00000305: DUP2 00000306: PUSH1 0x00 00000308: DUP8 00000309: DUP1 0000030a: EXTCODESIZE 0000030b: ISZERO 0000030c: ISZERO 0000030d: PUSH2 0x0315 00000310: JUMPI 00000311: PUSH1 0x00 00000313: DUP1 00000314: REVERT 00000315: JUMPDEST 00000316: GAS 00000317: CALL 00000318: ISZERO 00000319: ISZERO 0000031a: PUSH2 0x0322 0000031d: JUMPI 0000031e: PUSH1 0x00 00000320: DUP1 00000321: REVERT 00000322: JUMPDEST 00000323: POP 00000324: POP 00000325: POP 00000326: PUSH1 0x40 00000328: MLOAD 00000329: DUP1 0000032a: MLOAD 0000032b: SWAP1 0000032c: POP 0000032d: DUP3 0000032e: GT 0000032f: JUMPDEST 00000330: DUP1 00000331: ISZERO 00000332: PUSH2 0x033c 00000335: JUMPI 00000336: POP 00000337: DUP2 00000338: PUSH1 0x04 0000033a: SLOAD 0000033b: LT 0000033c: JUMPDEST 0000033d: ISZERO 0000033e: PUSH2 0x03d4 00000341: JUMPI 00000342: PUSH1 0x04 00000344: DUP3 00000345: SWAP1 00000346: SSTORE 00000347: PUSH1 0x02 00000349: SLOAD 0000034a: PUSH1 0x01 0000034c: PUSH1 0xa0 0000034e: PUSH1 0x02 00000350: EXP 00000351: SUB 00000352: AND 00000353: PUSH4 0x7679a816 00000358: DUP3 00000359: PUSH1 0x40 0000035b: MLOAD 0000035c: DUP3 0000035d: PUSH4 0xffffffff 00000362: AND 00000363: PUSH1 0xe0 00000365: PUSH1 0x02 00000367: EXP 00000368: MUL 00000369: DUP2 0000036a: MSTORE 0000036b: PUSH1 0x04 0000036d: ADD 0000036e: PUSH1 0x00 00000370: PUSH1 0x40 00000372: MLOAD 00000373: DUP1 00000374: DUP4 00000375: SUB 00000376: DUP2 00000377: DUP6 00000378: DUP9 00000379: DUP1 0000037a: EXTCODESIZE 0000037b: ISZERO 0000037c: ISZERO 0000037d: PUSH2 0x0385 00000380: JUMPI 00000381: PUSH1 0x00 00000383: DUP1 00000384: REVERT 00000385: JUMPDEST 00000386: GAS 00000387: CALL 00000388: ISZERO 00000389: ISZERO 0000038a: PUSH2 0x0392 0000038d: JUMPI 0000038e: PUSH1 0x00 00000390: DUP1 00000391: REVERT 00000392: JUMPDEST 00000393: POP 00000394: POP 00000395: POP 00000396: POP 00000397: CALLER 00000398: PUSH1 0x01 0000039a: PUSH1 0xa0 0000039c: PUSH1 0x02 0000039e: EXP 0000039f: SUB 000003a0: AND 000003a1: PUSH32 0xce45c14a6c726f7154c3b98d500c578e3d8e91aeb29d5f9d12edb07b88f85482 000003c2: DUP3 000003c3: PUSH1 0x40 000003c5: MLOAD 000003c6: SWAP1 000003c7: DUP2 000003c8: MSTORE 000003c9: PUSH1 0x20 000003cb: ADD 000003cc: PUSH1 0x40 000003ce: MLOAD 000003cf: DUP1 000003d0: SWAP2 000003d1: SUB 000003d2: SWAP1 000003d3: LOG2 000003d4: JUMPDEST 000003d5: POP 000003d6: POP 000003d7: POP 000003d8: JUMP 000003d9: JUMPDEST 000003da: PUSH1 0x02 000003dc: SLOAD 000003dd: PUSH1 0x01 000003df: PUSH1 0xa0 000003e1: PUSH1 0x02 000003e3: EXP 000003e4: SUB 000003e5: AND 000003e6: DUP2 000003e7: JUMP 000003e8: JUMPDEST 000003e9: PUSH1 0x03 000003eb: SLOAD 000003ec: CALLER 000003ed: PUSH1 0x01 000003ef: PUSH1 0xa0 000003f1: PUSH1 0x02 000003f3: EXP 000003f4: SUB 000003f5: SWAP1 000003f6: DUP2 000003f7: AND 000003f8: SWAP2 000003f9: AND 000003fa: EQ 000003fb: PUSH2 0x0403 000003fe: JUMPI 000003ff: PUSH1 0x00 00000401: DUP1 00000402: REVERT 00000403: JUMPDEST 00000404: CALLER 00000405: PUSH1 0x01 00000407: PUSH1 0xa0 00000409: PUSH1 0x02 0000040b: EXP 0000040c: SUB 0000040d: AND 0000040e: PUSH32 0x6149d6fbfad1c173e29b8de83d7df1b09c0eaba8c3040a4c287f6f1333e60e27 0000042f: CALLVALUE 00000430: PUSH1 0x40 00000432: MLOAD 00000433: SWAP1 00000434: DUP2 00000435: MSTORE 00000436: PUSH1 0x20 00000438: ADD 00000439: PUSH1 0x40 0000043b: MLOAD 0000043c: DUP1 0000043d: SWAP2 0000043e: SUB 0000043f: SWAP1 00000440: LOG2 00000441: JUMP 00000442: JUMPDEST 00000443: PUSH1 0x01 00000445: SLOAD 00000446: PUSH1 0x00 00000448: SWAP1 00000449: CALLER 0000044a: PUSH1 0x01 0000044c: PUSH1 0xa0 0000044e: PUSH1 0x02 00000450: EXP 00000451: SUB 00000452: SWAP1 00000453: DUP2 00000454: AND 00000455: SWAP2 00000456: AND 00000457: EQ 00000458: PUSH2 0x0460 0000045b: JUMPI 0000045c: PUSH1 0x00 0000045e: DUP1 0000045f: REVERT 00000460: JUMPDEST 00000461: PUSH1 0x01 00000463: SLOAD 00000464: PUSH1 0x00 00000466: SLOAD 00000467: PUSH1 0x01 00000469: PUSH1 0xa0 0000046b: PUSH1 0x02 0000046d: EXP 0000046e: SUB 0000046f: SWAP2 00000470: DUP3 00000471: AND 00000472: SWAP2 00000473: AND 00000474: PUSH32 0x0384899bd253d83b23daa4d29aaa2efe0563d1132b43101e9ad667235aeb951b 00000495: PUSH1 0x40 00000497: MLOAD 00000498: PUSH1 0x40 0000049a: MLOAD 0000049b: DUP1 0000049c: SWAP2 0000049d: SUB 0000049e: SWAP1 0000049f: LOG3 000004a0: POP 000004a1: PUSH1 0x01 000004a3: DUP1 000004a4: SLOAD 000004a5: PUSH1 0x00 000004a7: DUP1 000004a8: SLOAD 000004a9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000004be: NOT 000004bf: AND 000004c0: PUSH1 0x01 000004c2: PUSH1 0xa0 000004c4: PUSH1 0x02 000004c6: EXP 000004c7: SUB 000004c8: SWAP1 000004c9: SWAP3 000004ca: AND 000004cb: SWAP2 000004cc: SWAP1 000004cd: SWAP2 000004ce: OR 000004cf: SWAP1 000004d0: SSTORE 000004d1: SWAP1 000004d2: JUMP 000004d3: JUMPDEST 000004d4: PUSH1 0x03 000004d6: SLOAD 000004d7: PUSH1 0x01 000004d9: PUSH1 0xa0 000004db: PUSH1 0x02 000004dd: EXP 000004de: SUB 000004df: AND 000004e0: DUP2 000004e1: JUMP 000004e2: JUMPDEST 000004e3: PUSH1 0x00 000004e5: SLOAD 000004e6: PUSH1 0x01 000004e8: PUSH1 0xa0 000004ea: PUSH1 0x02 000004ec: EXP 000004ed: SUB 000004ee: AND 000004ef: DUP2 000004f0: JUMP 000004f1: JUMPDEST 000004f2: PUSH1 0x00 000004f4: SLOAD 000004f5: CALLER 000004f6: PUSH1 0x01 000004f8: PUSH1 0xa0 000004fa: PUSH1 0x02 000004fc: EXP 000004fd: SUB 000004fe: SWAP1 000004ff: DUP2 00000500: AND 00000501: SWAP2 00000502: AND 00000503: EQ 00000504: PUSH2 0x050c 00000507: JUMPI 00000508: PUSH1 0x00 0000050a: DUP1 0000050b: REVERT 0000050c: JUMPDEST 0000050d: PUSH1 0x03 0000050f: SLOAD 00000510: PUSH1 0x01 00000512: PUSH1 0xa0 00000514: PUSH1 0x02 00000516: EXP 00000517: SUB 00000518: AND 00000519: ISZERO 0000051a: DUP1 0000051b: ISZERO 0000051c: PUSH2 0x052d 0000051f: JUMPI 00000520: POP 00000521: PUSH1 0x01 00000523: PUSH1 0xa0 00000525: PUSH1 0x02 00000527: EXP 00000528: SUB 00000529: DUP2 0000052a: AND 0000052b: ISZERO 0000052c: ISZERO 0000052d: JUMPDEST 0000052e: ISZERO 0000052f: ISZERO 00000530: PUSH2 0x0538 00000533: JUMPI 00000534: PUSH1 0x00 00000536: DUP1 00000537: REVERT 00000538: JUMPDEST 00000539: PUSH1 0x02 0000053b: SLOAD 0000053c: PUSH1 0x01 0000053e: PUSH1 0xa0 00000540: PUSH1 0x02 00000542: EXP 00000543: SUB 00000544: AND 00000545: ISZERO 00000546: DUP1 00000547: ISZERO 00000548: PUSH2 0x0559 0000054b: JUMPI 0000054c: POP 0000054d: PUSH1 0x01 0000054f: PUSH1 0xa0 00000551: PUSH1 0x02 00000553: EXP 00000554: SUB 00000555: DUP3 00000556: AND 00000557: ISZERO 00000558: ISZERO 00000559: JUMPDEST 0000055a: ISZERO 0000055b: ISZERO 0000055c: PUSH2 0x0564 0000055f: JUMPI 00000560: PUSH1 0x00 00000562: DUP1 00000563: REVERT 00000564: JUMPDEST 00000565: PUSH1 0x02 00000567: DUP1 00000568: SLOAD 00000569: PUSH1 0x01 0000056b: PUSH1 0xa0 0000056d: PUSH1 0x02 0000056f: EXP 00000570: SUB 00000571: SWAP4 00000572: DUP5 00000573: AND 00000574: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000589: NOT 0000058a: SWAP2 0000058b: DUP3 0000058c: AND 0000058d: OR 0000058e: SWAP1 0000058f: SWAP2 00000590: SSTORE 00000591: PUSH1 0x03 00000593: DUP1 00000594: SLOAD 00000595: SWAP3 00000596: SWAP1 00000597: SWAP4 00000598: AND 00000599: SWAP2 0000059a: AND 0000059b: OR 0000059c: SWAP1 0000059d: SSTORE 0000059e: JUMP 0000059f: JUMPDEST 000005a0: PUSH1 0x01 000005a2: SLOAD 000005a3: PUSH1 0x01 000005a5: PUSH1 0xa0 000005a7: PUSH1 0x02 000005a9: EXP 000005aa: SUB 000005ab: AND 000005ac: DUP2 000005ad: JUMP 000005ae: JUMPDEST 000005af: PUSH1 0x00 000005b1: DUP1 000005b2: DUP4 000005b3: ISZERO 000005b4: ISZERO 000005b5: PUSH2 0x05c1 000005b8: JUMPI 000005b9: PUSH1 0x00 000005bb: SWAP2 000005bc: POP 000005bd: PUSH2 0x05dd 000005c0: JUMP 000005c1: JUMPDEST 000005c2: POP 000005c3: DUP3 000005c4: DUP3 000005c5: MUL 000005c6: DUP3 000005c7: DUP5 000005c8: DUP3 000005c9: DUP2 000005ca: ISZERO 000005cb: ISZERO 000005cc: PUSH2 0x05d1 000005cf: JUMPI 000005d0: INVALID 000005d1: JUMPDEST 000005d2: DIV 000005d3: EQ 000005d4: PUSH2 0x05d9 000005d7: JUMPI 000005d8: INVALID 000005d9: JUMPDEST 000005da: DUP1 000005db: SWAP2 000005dc: POP 000005dd: JUMPDEST 000005de: POP 000005df: SWAP3 000005e0: SWAP2 000005e1: POP 000005e2: POP 000005e3: JUMP 000005e4: JUMPDEST 000005e5: PUSH1 0x00 000005e7: DUP1 000005e8: DUP3 000005e9: DUP5 000005ea: DUP2 000005eb: ISZERO 000005ec: ISZERO 000005ed: PUSH2 0x05f2 000005f0: JUMPI 000005f1: INVALID 000005f2: JUMPDEST 000005f3: DIV 000005f4: SWAP5 000005f5: SWAP4 000005f6: POP 000005f7: POP 000005f8: POP 000005f9: POP 000005fa: JUMP 000005fb: STOP 000005fc: LOG1 000005fd: PUSH6 0x627a7a723058 00000604: KECCAK256 00000605: NOT 00000606: UNKNOWN(0x4B) 00000607: AND 00000608: UNKNOWN(0x2E) 00000609: PUSH5 0xb5864c3c50 0000060f: SDIV 00000610: DUP10 00000611: PUSH20 0x3e2cb551ae7812de66af00f2cbeac55f9c5ee300 00000626: UNKNOWN(0x29)
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| high | other | detector | Untrusted CALL target/value reachable | 60 | no | no |
viewtrace_id: 0x104d4af740db2f5da03cd0ceda863dcb3d1ac0dd31764daa5b1cc8e400153c0e
call_targets:
0x68c4b7d05fae45bcb6192bb93e246c77e98360e1
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x104d4af740db2f5da03cd0ceda863dcb3d1ac0dd31764daa5b1cc8e400153c0e",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x68c4b7d05fae45bcb6192bb93e246c77e98360e1"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2af4c31e",
"selector": "0x2af4c31e",
"calldata_variants": [
"0x2af4c31e",
"0x2af4c31e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x378252f2",
"selector": "0x378252f2",
"calldata_variants": [
"0x378252f2",
"0x378252f20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x50b48c5e",
"selector": "0x50b48c5e",
"calldata_variants": [
"0x50b48c5e",
"0x50b48c5e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7679a816",
"selector": "0x7679a816",
"calldata_variants": [
"0x7679a816",
"0x7679a8160000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x79ba5097",
"selector": "0x79ba5097",
"calldata_variants": [
"0x79ba5097",
"0x79ba50970000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x85aa6103",
"selector": "0x85aa6103",
"calldata_variants": [
"0x85aa6103",
"0x85aa61030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae71d5da",
"selector": "0xae71d5da",
"calldata_variants": [
"0xae71d5da",
"0xae71d5da0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 547,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 636,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 791,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"call_count": 4,
"guards_detected": [],
"untrusted_call_count": 4
}
|
| high | other | detector | ETH value transfer possible | 55 | no | no |
viewtrace_id: 0x104d4af740db2f5da03cd0ceda863dcb3d1ac0dd31764daa5b1cc8e400153c0e
call_targets:
0x68c4b7d05fae45bcb6192bb93e246c77e98360e1
target_varies:
no
classification:
constant_target
validation_json{
"sink": "CALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0x104d4af740db2f5da03cd0ceda863dcb3d1ac0dd31764daa5b1cc8e400153c0e",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x68c4b7d05fae45bcb6192bb93e246c77e98360e1"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x2af4c31e",
"selector": "0x2af4c31e",
"calldata_variants": [
"0x2af4c31e",
"0x2af4c31e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x378252f2",
"selector": "0x378252f2",
"calldata_variants": [
"0x378252f2",
"0x378252f20000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x50b48c5e",
"selector": "0x50b48c5e",
"calldata_variants": [
"0x50b48c5e",
"0x50b48c5e0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x7679a816",
"selector": "0x7679a816",
"calldata_variants": [
"0x7679a816",
"0x7679a8160000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x79ba5097",
"selector": "0x79ba5097",
"calldata_variants": [
"0x79ba5097",
"0x79ba50970000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x85aa6103",
"selector": "0x85aa6103",
"calldata_variants": [
"0x85aa6103",
"0x85aa61030000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x8da5cb5b",
"selector": "0x8da5cb5b",
"calldata_variants": [
"0x8da5cb5b",
"0x8da5cb5b0000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xae71d5da",
"selector": "0xae71d5da",
"calldata_variants": [
"0xae71d5da",
"0xae71d5da0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 547,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 636,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
},
{
"pc": 791,
"opcode": "CALL",
"returndata_checked": null,
"value_expression_category": "computed",
"target_expression_category": "computed"
}
],
"eth_value_calls": 4,
"guards_detected": []
}
|
| info | other | cast | Heavy EXTCODE*/BALANCE usage | 55 | no | — |
viewevidence_json{
"notes": "frequent external code or balance checks; may indicate introspection or validation logic",
"ext_balance_count": 5
}
|