TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

fff902d1-8613-4bc8-97f6-6dba982c6555

complete
Chain ID
1
Address
0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03
Block Number
Created
Mon, Dec 29, 2025 4:27 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Present
Best current signal
ETH value transfer possible
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
30412 report.consolidate complete 1 / 1 3 months ago
93871 artifact.fetch complete 1 / 3 1 week ago
93872 tool.cast_disasm complete 1 / 3 1 week ago
93873 analysis.bundle complete 1 / 3 1 week ago
93874 capability.graph complete 1 / 3 1 week ago
93875 detector.run complete 1 / 3 1 week ago
93876 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
1
No findings?
no
Summary
1 low-severity issue found: ERC20 transfer return value is unchecked, which can desync accounting if a non-standard token returns false without reverting.
View stderr 
[codex:1031308] OpenAI Codex v0.77.0 (research preview)
[codex:1031308] --------
[codex:1031308] workdir: /tmp/codex-multi-_w2ma75m
[codex:1031308] model: gpt-5.2-codex
[codex:1031308] provider: openai
[codex:1031308] approval: never
[codex:1031308] sandbox: read-only
[codex:1031308] reasoning effort: xhigh
[codex:1031308] reasoning summaries: auto
[codex:1031308] session id: 019b685b-2664-7632-8a47-29302463aef2
[codex:1031308] --------
[codex:1031308] user
[codex:1031308] You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
[codex:1031308] Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
[codex:1031308] accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
[codex:1031308] 
[codex:1031308] Scope rules:
[codex:1031308] - You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party `contracts/**/*.sol` files.
[codex:1031308] - Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
[codex:1031308] 
[codex:1031308] Output MUST be valid JSON matching the provided schema.
[codex:1031308] - If you find nothing meaningful: set no_findings=true and findings=[].
[codex:1031308] - Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
[codex:1031308] 
[codex:1031308] Output constraints (IMPORTANT):
[codex:1031308] - severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
[codex:1031308] - category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
[codex:1031308] mcp startup: no servers
[codex:1031308] 
[codex:1031308] thinking
[codex:1031308] **Preparing to read AUDIT_BUNDLE.txt**
[codex:1031308] exec
[codex:1031308] /bin/bash -lc ls in /tmp/codex-multi-_w2ma75m succeeded in 6ms:
[codex:1031308] AUDIT_BUNDLE.txt
[codex:1031308] codex-output-schema.json
[codex:1031308] contracts
[codex:1031308] 
[codex:1031308] thinking
[codex:1031308] **Reading AUDIT_BUNDLE.txt**
[codex:1031308] exec
[codex:1031308] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-_w2ma75m succeeded in 5ms:
[codex:1031308] This file concatenates the full contents of first-party Solidity sources for auditing.
[codex:1031308] 
[codex:1031308] ================================================================================
[codex:1031308] FILE: contracts/Contract.sol
[codex:1031308] ================================================================================
[codex:1031308] # @version 0.3.10
[codex:1031308] """
[codex:1031308] @title VestSplitter
[codex:1031308] @author Curve Finance
[codex:1031308] @license MIT
[codex:1031308] @notice Split VestingEscrow for a distribution of users, and accepts donations and top-ups.
[codex:1031308]         Made originally to compensate victims of Vyper hack, but can be used for other purposes.
[codex:1031308] """
[codex:1031308] 
[codex:1031308] from vyper.interfaces import ERC20
[codex:1031308] 
[codex:1031308] 
[codex:1031308] interface VestingEscrow:
[codex:1031308]     def claim(): nonpayable
[codex:1031308]     def balanceOf(user: address) -> uint256: view
[codex:1031308] 
[codex:1031308] thinking
[codex:1031308] **Reviewing Vyper contract security**
[codex:1031308] 
[codex:1031308] I’m auditing the Vyper contract for vulnerabilities, focusing on access control, reentrancy protections, unchecked token transfer returns, division by zero risks, and possible issues with deflationary tokens impacting accounting. I’m weighing which risks stem from malicious actors versus misconfiguration and considering how admin privileges influence attack feasibility. Next, I'll pinpoint code line numbers to generate structured JSON findings.
[codex:1031308] exec
[codex:1031308] /bin/bash -lc 'nl -ba contracts/Contract.sol' in /tmp/codex-multi-_w2ma75m succeeded in 6ms:
[codex:1031308]      1	# @version 0.3.10
[codex:1031308]      2	"""
[codex:1031308]      3	@title VestSplitter
[codex:1031308]      4	@author Curve Finance
[codex:1031308]      5	@license MIT
[codex:1031308]      6	@notice Split VestingEscrow for a distribution of users, and accepts donations and top-ups.
[codex:1031308]      7	        Made originally to compensate victims of Vyper hack, but can be used for other purposes.
[codex:1031308]      8	"""
[codex:1031308]      9	
[codex:1031308]     10	from vyper.interfaces import ERC20
[codex:1031308]     11	
[codex:1031308]     12	
[codex:1031308]     13	interface VestingEscrow:
[codex:1031308]     14	    def claim(): nonpayable
[codex:1031308]     15	    def balanceOf(user: address) -> uint256: view
[codex:1031308]     16	
[codex:1031308]     17	
[codex:1031308]     18	event Claim:
[codex:1031308]     19	    recipient: indexed(address)
[codex:1031308]     20	    claimed: uint256
[codex:1031308] 
[codex:1031308] thinking
[codex:1031308] **Generating JSON report for vulnerabilities**
[codex:1031308] 
[codex:1031308] I'm putting together a JSON output summarizing a low-severity vulnerability about unchecked ERC20 transfer return values causing potential accounting mismatches. I'll carefully follow the required schema fields like severity, category, exploit scenario, recommendation, evidence, and file location, while also preparing a concise summary with no findings false since we have one low finding to report.
[codex:1031308] codex
[codex:1031308] {"no_findings":false,"summary":"1 low-severity issue found: ERC20 transfer return value is unchecked, which can desync accounting if a non-standard token returns false without reverting.","findings":[{"severity":"low","category":"other","title":"Unchecked ERC20 transfer return can mark claims as paid without transferring tokens","exploit_scenario":"If the configured TOKEN is a non-standard ERC20 that returns false (instead of reverting) on transfer failure, `claim` will still update `claimed` and emit a `Claim` event. The user is then treated as fully paid and cannot re-claim, even though no tokens were actually transferred.","recommendation":"Check the return value of `TOKEN.transfer` and revert on failure (e.g., `assert TOKEN.transfer(user, to_send)`), or use a safe transfer wrapper that enforces success.","evidence":"`TOKEN.transfer(user, to_send)` is called without checking the return value after updating accounting state.","locations":["contracts/Contract.sol:83"]}]}
[codex:1031308] tokens used
[codex:1031308] 9,870
[codex:1031308] {"no_findings":false,"summary":"1 low-severity issue found: ERC20 transfer return value is unchecked, which can desync accounting if a non-standard token returns false without reverting.","findings":[{"severity":"low","category":"other","title":"Unchecked ERC20 transfer return can mark claims as paid without transferring tokens","exploit_scenario":"If the configured TOKEN is a non-standard ERC20 that returns false (instead of reverting) on transfer failure, `claim` will still update `claimed` and emit a `Claim` event. The user is then treated as fully paid and cannot re-claim, even though no tokens were actually transferred.","recommendation":"Check the return value of `TOKEN.transfer` and revert on failure (e.g., `assert TOKEN.transfer(user, to_send)`), or use a safe transfer wrapper that enforces success.","evidence":"`TOKEN.transfer(user, to_send)` is called without checking the return value after updating accounting state.","locations":["contracts/Contract.sol:83"]}]}
Metadata 
{
    "codex": {
        "ran_at": "2025-12-29T04:27:09.501853+00:00",
        "returncode": 0
    },
    "summary": "1 low-severity issue found: ERC20 transfer return value is unchecked, which can desync accounting if a non-standard token returns false without reverting.",
    "raw_final": {
        "summary": "1 low-severity issue found: ERC20 transfer return value is unchecked, which can desync accounting if a non-standard token returns false without reverting.",
        "findings": [
            {
                "title": "Unchecked ERC20 transfer return can mark claims as paid without transferring tokens",
                "category": "other",
                "evidence": "`TOKEN.transfer(user, to_send)` is called without checking the return value after updating accounting state.",
                "severity": "low",
                "locations": [
                    "contracts/Contract.sol:83"
                ],
                "recommendation": "Check the return value of `TOKEN.transfer` and revert on failure (e.g., `assert TOKEN.transfer(user, to_send)`), or use a safe transfer wrapper that enforces success.",
                "exploit_scenario": "If the configured TOKEN is a non-standard ERC20 that returns false (instead of reverting) on transfer failure, `claim` will still update `claimed` and emit a `Claim` event. The user is then treated as fully paid and cannot re-claim, even though no tokens were actually transferred."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
6
EXT*/BALANCE
2
Total opcodes
1462
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH0
00000001: CALLDATALOAD
00000002: PUSH1 0xe0
00000004: SHR
00000005: PUSH1 0x02
00000007: PUSH1 0x13
00000009: DUP3
0000000a: MOD
0000000b: PUSH1 0x01
0000000d: SHL
0000000e: PUSH2 0x094b
00000011: ADD
00000012: PUSH1 0x1e
00000014: CODECOPY
00000015: PUSH0
00000016: MLOAD
00000017: JUMP
00000018: JUMPDEST
00000019: PUSH4 0x82bfefc8
0000001e: DUP2
0000001f: XOR
00000020: PUSH2 0x0036
00000023: JUMPI
00000024: CALLVALUE
00000025: PUSH2 0x0947
00000028: JUMPI
00000029: PUSH1 0x20
0000002b: PUSH2 0x0971
0000002e: PUSH1 0x40
00000030: CODECOPY
00000031: PUSH1 0x20
00000033: PUSH1 0x40
00000035: RETURN
00000036: JUMPDEST
00000037: PUSH4 0x92fd2daf
0000003c: DUP2
0000003d: XOR
0000003e: PUSH2 0x0943
00000041: JUMPI
00000042: PUSH1 0x44
00000044: CALLDATASIZE
00000045: LT
00000046: CALLVALUE
00000047: OR
00000048: PUSH2 0x0947
0000004b: JUMPI
0000004c: PUSH1 0x04
0000004e: CALLDATALOAD
0000004f: DUP1
00000050: PUSH1 0xa0
00000052: SHR
00000053: PUSH2 0x0947
00000056: JUMPI
00000057: PUSH1 0x40
00000059: MSTORE
0000005a: PUSH1 0x24
0000005c: CALLDATALOAD
0000005d: DUP1
0000005e: PUSH1 0x01
00000060: SHR
00000061: PUSH2 0x0947
00000064: JUMPI
00000065: PUSH1 0x60
00000067: MSTORE
00000068: JUMPDEST
00000069: PUSH0
0000006a: SLOAD
0000006b: PUSH1 0x02
0000006d: EQ
0000006e: PUSH2 0x0947
00000071: JUMPI
00000072: PUSH1 0x02
00000074: PUSH0
00000075: SSTORE
00000076: PUSH1 0x01
00000078: SLOAD
00000079: PUSH1 0x80
0000007b: MSTORE
0000007c: PUSH1 0x60
0000007e: MLOAD
0000007f: PUSH2 0x0088
00000082: JUMPI
00000083: PUSH0
00000084: PUSH2 0x009d
00000087: JUMP
00000088: JUMPDEST
00000089: PUSH1 0x80
0000008b: MLOAD
0000008c: ISZERO
0000008d: PUSH2 0x009b
00000090: JUMPI
00000091: ADDRESS
00000092: PUSH1 0x80
00000094: MLOAD
00000095: EQ
00000096: ISZERO
00000097: PUSH2 0x009d
0000009a: JUMP
0000009b: JUMPDEST
0000009c: PUSH0
0000009d: JUMPDEST
0000009e: ISZERO
0000009f: PUSH2 0x00cd
000000a2: JUMPI
000000a3: PUSH1 0x80
000000a5: MLOAD
000000a6: PUSH4 0x4e71d92d
000000ab: PUSH1 0xa0
000000ad: MSTORE
000000ae: DUP1
000000af: EXTCODESIZE
000000b0: ISZERO
000000b1: PUSH2 0x0947
000000b4: JUMPI
000000b5: PUSH0
000000b6: PUSH1 0xa0
000000b8: PUSH1 0x04
000000ba: PUSH1 0xbc
000000bc: PUSH0
000000bd: DUP6
000000be: GAS
000000bf: CALL
000000c0: PUSH2 0x00cb
000000c3: JUMPI
000000c4: RETURNDATASIZE
000000c5: PUSH0
000000c6: PUSH0
000000c7: RETURNDATACOPY
000000c8: RETURNDATASIZE
000000c9: PUSH0
000000ca: REVERT
000000cb: JUMPDEST
000000cc: POP
000000cd: JUMPDEST
000000ce: PUSH1 0x06
000000d0: SLOAD
000000d1: PUSH1 0x20
000000d3: PUSH2 0x0971
000000d6: PUSH0
000000d7: CODECOPY
000000d8: PUSH0
000000d9: MLOAD
000000da: PUSH4 0x70a08231
000000df: PUSH1 0xc0
000000e1: MSTORE
000000e2: ADDRESS
000000e3: PUSH1 0xe0
000000e5: MSTORE
000000e6: PUSH1 0x20
000000e8: PUSH1 0xc0
000000ea: PUSH1 0x24
000000ec: PUSH1 0xdc
000000ee: DUP5
000000ef: GAS
000000f0: STATICCALL
000000f1: PUSH2 0x00fc
000000f4: JUMPI
000000f5: RETURNDATASIZE
000000f6: PUSH0
000000f7: PUSH0
000000f8: RETURNDATACOPY
000000f9: RETURNDATASIZE
000000fa: PUSH0
000000fb: REVERT
000000fc: JUMPDEST
000000fd: PUSH1 0x20
000000ff: RETURNDATASIZE
00000100: LT
00000101: PUSH2 0x0947
00000104: JUMPI
00000105: PUSH1 0xc0
00000107: SWAP1
00000108: POP
00000109: MLOAD
0000010a: PUSH1 0x05
0000010c: SLOAD
0000010d: DUP1
0000010e: DUP3
0000010f: SUB
00000110: DUP3
00000111: DUP2
00000112: GT
00000113: PUSH2 0x0947
00000116: JUMPI
00000117: SWAP1
00000118: POP
00000119: SWAP1
0000011a: POP
0000011b: DUP1
0000011c: DUP3
0000011d: ADD
0000011e: DUP3
0000011f: DUP2
00000120: LT
00000121: PUSH2 0x0947
00000124: JUMPI
00000125: SWAP1
00000126: POP
00000127: SWAP1
00000128: POP
00000129: PUSH1 0xa0
0000012b: MSTORE
0000012c: PUSH1 0xa0
0000012e: MLOAD
0000012f: PUSH1 0x06
00000131: SSTORE
00000132: PUSH1 0xa0
00000134: MLOAD
00000135: PUSH1 0x02
00000137: PUSH1 0x40
00000139: MLOAD
0000013a: PUSH1 0x20
0000013c: MSTORE
0000013d: PUSH0
0000013e: MSTORE
0000013f: PUSH1 0x40
00000141: PUSH0
00000142: KECCAK256
00000143: SLOAD
00000144: DUP1
00000145: DUP3
00000146: MUL
00000147: DUP2
00000148: ISZERO
00000149: DUP4
0000014a: DUP4
0000014b: DUP4
0000014c: DIV
0000014d: EQ
0000014e: OR
0000014f: ISZERO
00000150: PUSH2 0x0947
00000153: JUMPI
00000154: SWAP1
00000155: POP
00000156: SWAP1
00000157: POP
00000158: PUSH1 0x03
0000015a: SLOAD
0000015b: DUP1
0000015c: ISZERO
0000015d: PUSH2 0x0947
00000160: JUMPI
00000161: DUP1
00000162: DUP3
00000163: DIV
00000164: SWAP1
00000165: POP
00000166: SWAP1
00000167: POP
00000168: PUSH1 0xc0
0000016a: MSTORE
0000016b: PUSH1 0xc0
0000016d: MLOAD
0000016e: PUSH1 0x07
00000170: PUSH1 0x40
00000172: MLOAD
00000173: PUSH1 0x20
00000175: MSTORE
00000176: PUSH0
00000177: MSTORE
00000178: PUSH1 0x40
0000017a: PUSH0
0000017b: KECCAK256
0000017c: SLOAD
0000017d: DUP1
0000017e: DUP3
0000017f: SUB
00000180: DUP3
00000181: DUP2
00000182: GT
00000183: PUSH2 0x0947
00000186: JUMPI
00000187: SWAP1
00000188: POP
00000189: SWAP1
0000018a: POP
0000018b: PUSH1 0xe0
0000018d: MSTORE
0000018e: PUSH1 0xc0
00000190: MLOAD
00000191: PUSH1 0x07
00000193: PUSH1 0x40
00000195: MLOAD
00000196: PUSH1 0x20
00000198: MSTORE
00000199: PUSH0
0000019a: MSTORE
0000019b: PUSH1 0x40
0000019d: PUSH0
0000019e: KECCAK256
0000019f: SSTORE
000001a0: PUSH1 0x20
000001a2: PUSH2 0x0971
000001a5: PUSH0
000001a6: CODECOPY
000001a7: PUSH0
000001a8: MLOAD
000001a9: PUSH4 0xa9059cbb
000001ae: PUSH2 0x0100
000001b1: MSTORE
000001b2: PUSH1 0x40
000001b4: MLOAD
000001b5: PUSH2 0x0120
000001b8: MSTORE
000001b9: PUSH1 0xe0
000001bb: MLOAD
000001bc: PUSH2 0x0140
000001bf: MSTORE
000001c0: PUSH1 0x20
000001c2: PUSH2 0x0100
000001c5: PUSH1 0x44
000001c7: PUSH2 0x011c
000001ca: PUSH0
000001cb: DUP6
000001cc: GAS
000001cd: CALL
000001ce: PUSH2 0x01d9
000001d1: JUMPI
000001d2: RETURNDATASIZE
000001d3: PUSH0
000001d4: PUSH0
000001d5: RETURNDATACOPY
000001d6: RETURNDATASIZE
000001d7: PUSH0
000001d8: REVERT
000001d9: JUMPDEST
000001da: PUSH1 0x20
000001dc: RETURNDATASIZE
000001dd: LT
000001de: PUSH2 0x0947
000001e1: JUMPI
000001e2: PUSH2 0x0100
000001e5: MLOAD
000001e6: DUP1
000001e7: PUSH1 0x01
000001e9: SHR
000001ea: PUSH2 0x0947
000001ed: JUMPI
000001ee: PUSH2 0x0160
000001f1: MSTORE
000001f2: PUSH2 0x0160
000001f5: POP
000001f6: POP
000001f7: PUSH1 0x20
000001f9: PUSH2 0x0971
000001fc: PUSH0
000001fd: CODECOPY
000001fe: PUSH0
000001ff: MLOAD
00000200: PUSH4 0x70a08231
00000205: PUSH2 0x0100
00000208: MSTORE
00000209: ADDRESS
0000020a: PUSH2 0x0120
0000020d: MSTORE
0000020e: PUSH1 0x20
00000210: PUSH2 0x0100
00000213: PUSH1 0x24
00000215: PUSH2 0x011c
00000218: DUP5
00000219: GAS
0000021a: STATICCALL
0000021b: PUSH2 0x0226
0000021e: JUMPI
0000021f: RETURNDATASIZE
00000220: PUSH0
00000221: PUSH0
00000222: RETURNDATACOPY
00000223: RETURNDATASIZE
00000224: PUSH0
00000225: REVERT
00000226: JUMPDEST
00000227: PUSH1 0x20
00000229: RETURNDATASIZE
0000022a: LT
0000022b: PUSH2 0x0947
0000022e: JUMPI
0000022f: PUSH2 0x0100
00000232: SWAP1
00000233: POP
00000234: MLOAD
00000235: PUSH1 0x05
00000237: SSTORE
00000238: PUSH1 0x40
0000023a: MLOAD
0000023b: PUSH32 0x47cee97cb7acd717b3c0aa1435d004cd5b3c8c57d70dbceb4e4458bbd60e39d4
0000025c: PUSH1 0xe0
0000025e: MLOAD
0000025f: PUSH2 0x0100
00000262: MSTORE
00000263: PUSH1 0x20
00000265: PUSH2 0x0100
00000268: LOG2
00000269: PUSH1 0x03
0000026b: PUSH0
0000026c: SSTORE
0000026d: STOP
0000026e: PUSH2 0x0943
00000271: JUMP
00000272: JUMPDEST
00000273: PUSH4 0x458efde3
00000278: DUP2
00000279: XOR
0000027a: PUSH2 0x0943
0000027d: JUMPI
0000027e: CALLVALUE
0000027f: PUSH2 0x0947
00000282: JUMPI
00000283: PUSH1 0x01
00000285: SLOAD
00000286: PUSH1 0x40
00000288: MSTORE
00000289: PUSH1 0x20
0000028b: PUSH1 0x40
0000028d: RETURN
0000028e: PUSH2 0x0943
00000291: JUMP
00000292: JUMPDEST
00000293: PUSH4 0x2a0acc6a
00000298: DUP2
00000299: XOR
0000029a: PUSH2 0x02b0
0000029d: JUMPI
0000029e: CALLVALUE
0000029f: PUSH2 0x0947
000002a2: JUMPI
000002a3: PUSH1 0x20
000002a5: PUSH2 0x0991
000002a8: PUSH1 0x40
000002aa: CODECOPY
000002ab: PUSH1 0x20
000002ad: PUSH1 0x40
000002af: RETURN
000002b0: JUMPDEST
000002b1: PUSH4 0x59c0095a
000002b6: DUP2
000002b7: XOR
000002b8: PUSH2 0x0943
000002bb: JUMPI
000002bc: PUSH1 0x84
000002be: CALLDATASIZE
000002bf: LT
000002c0: CALLVALUE
000002c1: OR
000002c2: PUSH2 0x0947
000002c5: JUMPI
000002c6: PUSH1 0x04
000002c8: CALLDATALOAD
000002c9: PUSH1 0x04
000002cb: ADD
000002cc: PUSH1 0xc8
000002ce: DUP2
000002cf: CALLDATALOAD
000002d0: GT
000002d1: PUSH2 0x0947
000002d4: JUMPI
000002d5: DUP1
000002d6: CALLDATALOAD
000002d7: PUSH0
000002d8: DUP2
000002d9: PUSH1 0xc8
000002db: DUP2
000002dc: GT
000002dd: PUSH2 0x0947
000002e0: JUMPI
000002e1: DUP1
000002e2: ISZERO
000002e3: PUSH2 0x030d
000002e6: JUMPI
000002e7: SWAP1
000002e8: JUMPDEST
000002e9: DUP1
000002ea: PUSH1 0x05
000002ec: SHL
000002ed: PUSH1 0x20
000002ef: DUP6
000002f0: ADD
000002f1: ADD
000002f2: CALLDATALOAD
000002f3: DUP1
000002f4: PUSH1 0xa0
000002f6: SHR
000002f7: PUSH2 0x0947
000002fa: JUMPI
000002fb: DUP2
000002fc: PUSH1 0x05
000002fe: SHL
000002ff: PUSH1 0x60
00000301: ADD
00000302: MSTORE
00000303: PUSH1 0x01
00000305: ADD
00000306: DUP2
00000307: DUP2
00000308: XOR
00000309: PUSH2 0x02e8
0000030c: JUMPI
0000030d: JUMPDEST
0000030e: POP
0000030f: POP
00000310: DUP1
00000311: PUSH1 0x40
00000313: MSTORE
00000314: POP
00000315: POP
00000316: PUSH1 0x24
00000318: CALLDATALOAD
00000319: PUSH1 0x04
0000031b: ADD
0000031c: PUSH1 0xc8
0000031e: DUP2
0000031f: CALLDATALOAD
00000320: GT
00000321: PUSH2 0x0947
00000324: JUMPI
00000325: DUP1
00000326: CALLDATALOAD
00000327: PUSH1 0x20
00000329: DUP2
0000032a: PUSH1 0x05
0000032c: SHL
0000032d: ADD
0000032e: DUP1
0000032f: DUP4
00000330: PUSH2 0x1960
00000333: CALLDATACOPY
00000334: POP
00000335: POP
00000336: POP
00000337: PUSH1 0x20
00000339: PUSH2 0x0991
0000033c: PUSH0
0000033d: CODECOPY
0000033e: PUSH0
0000033f: MLOAD
00000340: CALLER
00000341: XOR
00000342: ISZERO
00000343: PUSH2 0x03ab
00000346: JUMPI
00000347: PUSH1 0x06
00000349: PUSH2 0x3280
0000034c: MSTORE
0000034d: PUSH32 0x4163636573730000000000000000000000000000000000000000000000000000
0000036e: PUSH2 0x32a0
00000371: MSTORE
00000372: PUSH2 0x3280
00000375: POP
00000376: PUSH2 0x3280
00000379: MLOAD
0000037a: DUP1
0000037b: PUSH2 0x32a0
0000037e: ADD
0000037f: PUSH1 0x1f
00000381: DUP3
00000382: PUSH0
00000383: SUB
00000384: AND
00000385: CALLDATASIZE
00000386: DUP3
00000387: CALLDATACOPY
00000388: POP
00000389: POP
0000038a: PUSH4 0x08c379a0
0000038f: PUSH2 0x3240
00000392: MSTORE
00000393: PUSH1 0x20
00000395: PUSH2 0x3260
00000398: MSTORE
00000399: PUSH1 0x1f
0000039b: NOT
0000039c: PUSH1 0x1f
0000039e: PUSH2 0x3280
000003a1: MLOAD
000003a2: ADD
000003a3: AND
000003a4: PUSH1 0x44
000003a6: ADD
000003a7: PUSH2 0x325c
000003aa: REVERT
000003ab: JUMPDEST
000003ac: PUSH1 0x04
000003ae: SLOAD
000003af: ISZERO
000003b0: PUSH2 0x043d
000003b3: JUMPI
000003b4: PUSH1 0x21
000003b6: PUSH2 0x3280
000003b9: MSTORE
000003ba: PUSH32 0x446973747269627574696f6e2069732066696e616c697a656420616c72656164
000003db: PUSH2 0x32a0
000003de: MSTORE
000003df: PUSH32 0x7900000000000000000000000000000000000000000000000000000000000000
00000400: PUSH2 0x32c0
00000403: MSTORE
00000404: PUSH2 0x3280
00000407: POP
00000408: PUSH2 0x3280
0000040b: MLOAD
0000040c: DUP1
0000040d: PUSH2 0x32a0
00000410: ADD
00000411: PUSH1 0x1f
00000413: DUP3
00000414: PUSH0
00000415: SUB
00000416: AND
00000417: CALLDATASIZE
00000418: DUP3
00000419: CALLDATACOPY
0000041a: POP
0000041b: POP
0000041c: PUSH4 0x08c379a0
00000421: PUSH2 0x3240
00000424: MSTORE
00000425: PUSH1 0x20
00000427: PUSH2 0x3260
0000042a: MSTORE
0000042b: PUSH1 0x1f
0000042d: NOT
0000042e: PUSH1 0x1f
00000430: PUSH2 0x3280
00000433: MLOAD
00000434: ADD
00000435: AND
00000436: PUSH1 0x44
00000438: ADD
00000439: PUSH2 0x325c
0000043c: REVERT
0000043d: JUMPDEST
0000043e: PUSH0
0000043f: PUSH1 0xc8
00000441: SWAP1
00000442: JUMPDEST
00000443: DUP1
00000444: PUSH2 0x3280
00000447: MSTORE
00000448: PUSH1 0x40
0000044a: MLOAD
0000044b: PUSH2 0x3280
0000044e: MLOAD
0000044f: LT
00000450: PUSH2 0x0458
00000453: JUMPI
00000454: PUSH2 0x04e9
00000457: JUMP
00000458: JUMPDEST
00000459: PUSH2 0x3280
0000045c: MLOAD
0000045d: PUSH1 0x40
0000045f: MLOAD
00000460: DUP2
00000461: LT
00000462: ISZERO
00000463: PUSH2 0x0947
00000466: JUMPI
00000467: PUSH1 0x05
00000469: SHL
0000046a: PUSH1 0x60
0000046c: ADD
0000046d: MLOAD
0000046e: PUSH2 0x32a0
00000471: MSTORE
00000472: PUSH1 0x02
00000474: PUSH2 0x32a0
00000477: MLOAD
00000478: PUSH1 0x20
0000047a: MSTORE
0000047b: PUSH0
0000047c: MSTORE
0000047d: PUSH1 0x40
0000047f: PUSH0
00000480: KECCAK256
00000481: SLOAD
00000482: PUSH2 0x32c0
00000485: MSTORE
00000486: PUSH2 0x3280
00000489: MLOAD
0000048a: PUSH2 0x1960
0000048d: MLOAD
0000048e: DUP2
0000048f: LT
00000490: ISZERO
00000491: PUSH2 0x0947
00000494: JUMPI
00000495: PUSH1 0x05
00000497: SHL
00000498: PUSH2 0x1980
0000049b: ADD
0000049c: MLOAD
0000049d: PUSH2 0x32e0
000004a0: MSTORE
000004a1: PUSH2 0x32e0
000004a4: MLOAD
000004a5: PUSH1 0x02
000004a7: PUSH2 0x32a0
000004aa: MLOAD
000004ab: PUSH1 0x20
000004ad: MSTORE
000004ae: PUSH0
000004af: MSTORE
000004b0: PUSH1 0x40
000004b2: PUSH0
000004b3: KECCAK256
000004b4: SSTORE
000004b5: PUSH1 0x03
000004b7: SLOAD
000004b8: PUSH2 0x32e0
000004bb: MLOAD
000004bc: DUP1
000004bd: DUP3
000004be: ADD
000004bf: DUP3
000004c0: DUP2
000004c1: LT
000004c2: PUSH2 0x0947
000004c5: JUMPI
000004c6: SWAP1
000004c7: POP
000004c8: SWAP1
000004c9: POP
000004ca: PUSH2 0x32c0
000004cd: MLOAD
000004ce: DUP1
000004cf: DUP3
000004d0: SUB
000004d1: DUP3
000004d2: DUP2
000004d3: GT
000004d4: PUSH2 0x0947
000004d7: JUMPI
000004d8: SWAP1
000004d9: POP
000004da: SWAP1
000004db: POP
000004dc: PUSH1 0x03
000004de: SSTORE
000004df: PUSH1 0x01
000004e1: ADD
000004e2: DUP2
000004e3: DUP2
000004e4: XOR
000004e5: PUSH2 0x0442
000004e8: JUMPI
000004e9: JUMPDEST
000004ea: POP
000004eb: POP
000004ec: STOP
000004ed: PUSH2 0x0943
000004f0: JUMP
000004f1: JUMPDEST
000004f2: PUSH4 0x1d026de4
000004f7: DUP2
000004f8: XOR
000004f9: PUSH2 0x0943
000004fc: JUMPI
000004fd: PUSH1 0x24
000004ff: CALLDATASIZE
00000500: LT
00000501: CALLVALUE
00000502: OR
00000503: PUSH2 0x0947
00000506: JUMPI
00000507: PUSH1 0x04
00000509: CALLDATALOAD
0000050a: DUP1
0000050b: PUSH1 0xa0
0000050d: SHR
0000050e: PUSH2 0x0947
00000511: JUMPI
00000512: PUSH1 0x40
00000514: MSTORE
00000515: PUSH1 0x02
00000517: PUSH1 0x40
00000519: MLOAD
0000051a: PUSH1 0x20
0000051c: MSTORE
0000051d: PUSH0
0000051e: MSTORE
0000051f: PUSH1 0x40
00000521: PUSH0
00000522: KECCAK256
00000523: SLOAD
00000524: PUSH1 0x60
00000526: MSTORE
00000527: PUSH1 0x20
00000529: PUSH1 0x60
0000052b: RETURN
0000052c: PUSH2 0x0943
0000052f: JUMP
00000530: JUMPDEST
00000531: PUSH4 0xe987fc11
00000536: DUP2
00000537: XOR
00000538: PUSH2 0x054c
0000053b: JUMPI
0000053c: CALLVALUE
0000053d: PUSH2 0x0947
00000540: JUMPI
00000541: PUSH1 0x03
00000543: SLOAD
00000544: PUSH1 0x40
00000546: MSTORE
00000547: PUSH1 0x20
00000549: PUSH1 0x40
0000054b: RETURN
0000054c: JUMPDEST
0000054d: PUSH4 0x4e71d92d
00000552: DUP2
00000553: XOR
00000554: PUSH2 0x0943
00000557: JUMPI
00000558: CALLVALUE
00000559: PUSH2 0x0947
0000055c: JUMPI
0000055d: CALLER
0000055e: PUSH1 0x40
00000560: MSTORE
00000561: PUSH1 0x01
00000563: PUSH1 0x60
00000565: MSTORE
00000566: PUSH2 0x0068
00000569: JUMP
0000056a: PUSH2 0x0943
0000056d: JUMP
0000056e: JUMPDEST
0000056f: PUSH4 0xb3f05b97
00000574: DUP2
00000575: XOR
00000576: PUSH2 0x058a
00000579: JUMPI
0000057a: CALLVALUE
0000057b: PUSH2 0x0947
0000057e: JUMPI
0000057f: PUSH1 0x04
00000581: SLOAD
00000582: PUSH1 0x40
00000584: MSTORE
00000585: PUSH1 0x20
00000587: PUSH1 0x40
00000589: RETURN
0000058a: JUMPDEST
0000058b: PUSH4 0xabf484ff
00000590: DUP2
00000591: XOR
00000592: PUSH2 0x0943
00000595: JUMPI
00000596: PUSH1 0x24
00000598: CALLDATASIZE
00000599: LT
0000059a: CALLVALUE
0000059b: OR
0000059c: PUSH2 0x0947
0000059f: JUMPI
000005a0: PUSH1 0x04
000005a2: CALLDATALOAD
000005a3: DUP1
000005a4: PUSH1 0xa0
000005a6: SHR
000005a7: PUSH2 0x0947
000005aa: JUMPI
000005ab: PUSH1 0x40
000005ad: MSTORE
000005ae: PUSH1 0x20
000005b0: PUSH2 0x0991
000005b3: PUSH0
000005b4: CODECOPY
000005b5: PUSH0
000005b6: MLOAD
000005b7: CALLER
000005b8: XOR
000005b9: ISZERO
000005ba: PUSH2 0x0619
000005bd: JUMPI
000005be: PUSH1 0x06
000005c0: PUSH1 0x60
000005c2: MSTORE
000005c3: PUSH32 0x4163636573730000000000000000000000000000000000000000000000000000
000005e4: PUSH1 0x80
000005e6: MSTORE
000005e7: PUSH1 0x60
000005e9: POP
000005ea: PUSH1 0x60
000005ec: MLOAD
000005ed: DUP1
000005ee: PUSH1 0x80
000005f0: ADD
000005f1: PUSH1 0x1f
000005f3: DUP3
000005f4: PUSH0
000005f5: SUB
000005f6: AND
000005f7: CALLDATASIZE
000005f8: DUP3
000005f9: CALLDATACOPY
000005fa: POP
000005fb: POP
000005fc: PUSH4 0x08c379a0
00000601: PUSH1 0x20
00000603: MSTORE
00000604: PUSH1 0x20
00000606: PUSH1 0x40
00000608: MSTORE
00000609: PUSH1 0x1f
0000060b: NOT
0000060c: PUSH1 0x1f
0000060e: PUSH1 0x60
00000610: MLOAD
00000611: ADD
00000612: AND
00000613: PUSH1 0x44
00000615: ADD
00000616: PUSH1 0x3c
00000618: REVERT
00000619: JUMPDEST
0000061a: PUSH1 0x01
0000061c: SLOAD
0000061d: ISZERO
0000061e: PUSH2 0x067d
00000621: JUMPI
00000622: PUSH1 0x10
00000624: PUSH1 0x60
00000626: MSTORE
00000627: PUSH32 0x5665737420616c72656164792073657400000000000000000000000000000000
00000648: PUSH1 0x80
0000064a: MSTORE
0000064b: PUSH1 0x60
0000064d: POP
0000064e: PUSH1 0x60
00000650: MLOAD
00000651: DUP1
00000652: PUSH1 0x80
00000654: ADD
00000655: PUSH1 0x1f
00000657: DUP3
00000658: PUSH0
00000659: SUB
0000065a: AND
0000065b: CALLDATASIZE
0000065c: DUP3
0000065d: CALLDATACOPY
0000065e: POP
0000065f: POP
00000660: PUSH4 0x08c379a0
00000665: PUSH1 0x20
00000667: MSTORE
00000668: PUSH1 0x20
0000066a: PUSH1 0x40
0000066c: MSTORE
0000066d: PUSH1 0x1f
0000066f: NOT
00000670: PUSH1 0x1f
00000672: PUSH1 0x60
00000674: MLOAD
00000675: ADD
00000676: AND
00000677: PUSH1 0x44
00000679: ADD
0000067a: PUSH1 0x3c
0000067c: REVERT
0000067d: JUMPDEST
0000067e: PUSH1 0x40
00000680: MLOAD
00000681: PUSH1 0x01
00000683: SSTORE
00000684: STOP
00000685: PUSH2 0x0943
00000688: JUMP
00000689: JUMPDEST
0000068a: PUSH4 0x0727adb3
0000068f: DUP2
00000690: XOR
00000691: PUSH2 0x0943
00000694: JUMPI
00000695: CALLVALUE
00000696: PUSH2 0x0947
00000699: JUMPI
0000069a: PUSH1 0x05
0000069c: SLOAD
0000069d: PUSH1 0x40
0000069f: MSTORE
000006a0: PUSH1 0x20
000006a2: PUSH1 0x40
000006a4: RETURN
000006a5: PUSH2 0x0943
000006a8: JUMP
000006a9: JUMPDEST
000006aa: PUSH4 0x906eba13
000006af: DUP2
000006b0: XOR
000006b1: PUSH2 0x06c5
000006b4: JUMPI
000006b5: CALLVALUE
000006b6: PUSH2 0x0947
000006b9: JUMPI
000006ba: PUSH1 0x06
000006bc: SLOAD
000006bd: PUSH1 0x40
000006bf: MSTORE
000006c0: PUSH1 0x20
000006c2: PUSH1 0x40
000006c4: RETURN
000006c5: JUMPDEST
000006c6: PUSH4 0x772865e2
000006cb: DUP2
000006cc: XOR
000006cd: PUSH2 0x0943
000006d0: JUMPI
000006d1: PUSH1 0x44
000006d3: CALLDATASIZE
000006d4: LT
000006d5: CALLVALUE
000006d6: OR
000006d7: PUSH2 0x0947
000006da: JUMPI
000006db: PUSH1 0x24
000006dd: CALLDATALOAD
000006de: DUP1
000006df: PUSH1 0x01
000006e1: SHR
000006e2: PUSH2 0x0947
000006e5: JUMPI
000006e6: PUSH1 0x60
000006e8: MSTORE
000006e9: JUMPDEST
000006ea: PUSH1 0x04
000006ec: CALLDATALOAD
000006ed: DUP1
000006ee: PUSH1 0xa0
000006f0: SHR
000006f1: PUSH2 0x0947
000006f4: JUMPI
000006f5: PUSH1 0x40
000006f7: MSTORE
000006f8: PUSH1 0x06
000006fa: SLOAD
000006fb: PUSH1 0x80
000006fd: MSTORE
000006fe: PUSH1 0x01
00000700: SLOAD
00000701: PUSH1 0xa0
00000703: MSTORE
00000704: PUSH1 0x60
00000706: MLOAD
00000707: PUSH2 0x0710
0000070a: JUMPI
0000070b: PUSH0
0000070c: PUSH2 0x0725
0000070f: JUMP
00000710: JUMPDEST
00000711: PUSH1 0xa0
00000713: MLOAD
00000714: ISZERO
00000715: PUSH2 0x0723
00000718: JUMPI
00000719: ADDRESS
0000071a: PUSH1 0xa0
0000071c: MLOAD
0000071d: EQ
0000071e: ISZERO
0000071f: PUSH2 0x0725
00000722: JUMP
00000723: JUMPDEST
00000724: PUSH0
00000725: JUMPDEST
00000726: ISZERO
00000727: PUSH2 0x0772
0000072a: JUMPI
0000072b: PUSH1 0x80
0000072d: MLOAD
0000072e: PUSH1 0xa0
00000730: MLOAD
00000731: PUSH4 0x70a08231
00000736: PUSH1 0xc0
00000738: MSTORE
00000739: ADDRESS
0000073a: PUSH1 0xe0
0000073c: MSTORE
0000073d: PUSH1 0x20
0000073f: PUSH1 0xc0
00000741: PUSH1 0x24
00000743: PUSH1 0xdc
00000745: DUP5
00000746: GAS
00000747: STATICCALL
00000748: PUSH2 0x0753
0000074b: JUMPI
0000074c: RETURNDATASIZE
0000074d: PUSH0
0000074e: PUSH0
0000074f: RETURNDATACOPY
00000750: RETURNDATASIZE
00000751: PUSH0
00000752: REVERT
00000753: JUMPDEST
00000754: PUSH1 0x20
00000756: RETURNDATASIZE
00000757: LT
00000758: PUSH2 0x0947
0000075b: JUMPI
0000075c: PUSH1 0xc0
0000075e: SWAP1
0000075f: POP
00000760: MLOAD
00000761: DUP1
00000762: DUP3
00000763: ADD
00000764: DUP3
00000765: DUP2
00000766: LT
00000767: PUSH2 0x0947
0000076a: JUMPI
0000076b: SWAP1
0000076c: POP
0000076d: SWAP1
0000076e: POP
0000076f: PUSH1 0x80
00000771: MSTORE
00000772: JUMPDEST
00000773: PUSH1 0x80
00000775: MLOAD
00000776: PUSH1 0x20
00000778: PUSH2 0x0971
0000077b: PUSH0
0000077c: CODECOPY
0000077d: PUSH0
0000077e: MLOAD
0000077f: PUSH4 0x70a08231
00000784: PUSH1 0xc0
00000786: MSTORE
00000787: ADDRESS
00000788: PUSH1 0xe0
0000078a: MSTORE
0000078b: PUSH1 0x20
0000078d: PUSH1 0xc0
0000078f: PUSH1 0x24
00000791: PUSH1 0xdc
00000793: DUP5
00000794: GAS
00000795: STATICCALL
00000796: PUSH2 0x07a1
00000799: JUMPI
0000079a: RETURNDATASIZE
0000079b: PUSH0
0000079c: PUSH0
0000079d: RETURNDATACOPY
0000079e: RETURNDATASIZE
0000079f: PUSH0
000007a0: REVERT
000007a1: JUMPDEST
000007a2: PUSH1 0x20
000007a4: RETURNDATASIZE
000007a5: LT
000007a6: PUSH2 0x0947
000007a9: JUMPI
000007aa: PUSH1 0xc0
000007ac: SWAP1
000007ad: POP
000007ae: MLOAD
000007af: DUP1
000007b0: DUP3
000007b1: ADD
000007b2: DUP3
000007b3: DUP2
000007b4: LT
000007b5: PUSH2 0x0947
000007b8: JUMPI
000007b9: SWAP1
000007ba: POP
000007bb: SWAP1
000007bc: POP
000007bd: PUSH1 0x05
000007bf: SLOAD
000007c0: DUP1
000007c1: DUP3
000007c2: SUB
000007c3: DUP3
000007c4: DUP2
000007c5: GT
000007c6: PUSH2 0x0947
000007c9: JUMPI
000007ca: SWAP1
000007cb: POP
000007cc: SWAP1
000007cd: POP
000007ce: PUSH1 0x80
000007d0: MSTORE
000007d1: PUSH1 0x80
000007d3: MLOAD
000007d4: PUSH1 0x02
000007d6: PUSH1 0x40
000007d8: MLOAD
000007d9: PUSH1 0x20
000007db: MSTORE
000007dc: PUSH0
000007dd: MSTORE
000007de: PUSH1 0x40
000007e0: PUSH0
000007e1: KECCAK256
000007e2: SLOAD
000007e3: DUP1
000007e4: DUP3
000007e5: MUL
000007e6: DUP2
000007e7: ISZERO
000007e8: DUP4
000007e9: DUP4
000007ea: DUP4
000007eb: DIV
000007ec: EQ
000007ed: OR
000007ee: ISZERO
000007ef: PUSH2 0x0947
000007f2: JUMPI
000007f3: SWAP1
000007f4: POP
000007f5: SWAP1
000007f6: POP
000007f7: PUSH1 0x03
000007f9: SLOAD
000007fa: DUP1
000007fb: ISZERO
000007fc: PUSH2 0x0947
000007ff: JUMPI
00000800: DUP1
00000801: DUP3
00000802: DIV
00000803: SWAP1
00000804: POP
00000805: SWAP1
00000806: POP
00000807: PUSH1 0xc0
00000809: MSTORE
0000080a: PUSH1 0xc0
0000080c: MLOAD
0000080d: PUSH1 0x07
0000080f: PUSH1 0x40
00000811: MLOAD
00000812: PUSH1 0x20
00000814: MSTORE
00000815: PUSH0
00000816: MSTORE
00000817: PUSH1 0x40
00000819: PUSH0
0000081a: KECCAK256
0000081b: SLOAD
0000081c: DUP1
0000081d: DUP3
0000081e: SUB
0000081f: DUP3
00000820: DUP2
00000821: GT
00000822: PUSH2 0x0947
00000825: JUMPI
00000826: SWAP1
00000827: POP
00000828: SWAP1
00000829: POP
0000082a: PUSH1 0xe0
0000082c: MSTORE
0000082d: PUSH1 0x20
0000082f: PUSH1 0xe0
00000831: RETURN
00000832: PUSH2 0x0943
00000835: JUMP
00000836: JUMPDEST
00000837: PUSH4 0xc884ef83
0000083c: DUP2
0000083d: XOR
0000083e: PUSH2 0x0871
00000841: JUMPI
00000842: PUSH1 0x24
00000844: CALLDATASIZE
00000845: LT
00000846: CALLVALUE
00000847: OR
00000848: PUSH2 0x0947
0000084b: JUMPI
0000084c: PUSH1 0x04
0000084e: CALLDATALOAD
0000084f: DUP1
00000850: PUSH1 0xa0
00000852: SHR
00000853: PUSH2 0x0947
00000856: JUMPI
00000857: PUSH1 0x40
00000859: MSTORE
0000085a: PUSH1 0x07
0000085c: PUSH1 0x40
0000085e: MLOAD
0000085f: PUSH1 0x20
00000861: MSTORE
00000862: PUSH0
00000863: MSTORE
00000864: PUSH1 0x40
00000866: PUSH0
00000867: KECCAK256
00000868: SLOAD
00000869: PUSH1 0x60
0000086b: MSTORE
0000086c: PUSH1 0x20
0000086e: PUSH1 0x60
00000870: RETURN
00000871: JUMPDEST
00000872: PUSH4 0x70a08231
00000877: DUP2
00000878: XOR
00000879: PUSH2 0x0943
0000087c: JUMPI
0000087d: PUSH1 0x24
0000087f: CALLDATASIZE
00000880: LT
00000881: CALLVALUE
00000882: OR
00000883: PUSH2 0x0947
00000886: JUMPI
00000887: PUSH1 0x01
00000889: PUSH1 0x60
0000088b: MSTORE
0000088c: PUSH2 0x06e9
0000088f: JUMP
00000890: PUSH2 0x0943
00000893: JUMP
00000894: JUMPDEST
00000895: PUSH4 0x2b083797
0000089a: DUP2
0000089b: XOR
0000089c: PUSH2 0x0916
0000089f: JUMPI
000008a0: CALLVALUE
000008a1: PUSH2 0x0947
000008a4: JUMPI
000008a5: PUSH1 0x20
000008a7: PUSH2 0x0991
000008aa: PUSH0
000008ab: CODECOPY
000008ac: PUSH0
000008ad: MLOAD
000008ae: CALLER
000008af: XOR
000008b0: ISZERO
000008b1: PUSH2 0x090f
000008b4: JUMPI
000008b5: PUSH1 0x06
000008b7: PUSH1 0x40
000008b9: MSTORE
000008ba: PUSH32 0x4163636573730000000000000000000000000000000000000000000000000000
000008db: PUSH1 0x60
000008dd: MSTORE
000008de: PUSH1 0x40
000008e0: POP
000008e1: PUSH1 0x40
000008e3: MLOAD
000008e4: DUP1
000008e5: PUSH1 0x60
000008e7: ADD
000008e8: PUSH1 0x1f
000008ea: DUP3
000008eb: PUSH0
000008ec: SUB
000008ed: AND
000008ee: CALLDATASIZE
000008ef: DUP3
000008f0: CALLDATACOPY
000008f1: POP
000008f2: POP
000008f3: PUSH4 0x08c379a0
000008f8: PUSH0
000008f9: MSTORE
000008fa: PUSH1 0x20
000008fc: PUSH1 0x20
000008fe: MSTORE
000008ff: PUSH1 0x1f
00000901: NOT
00000902: PUSH1 0x1f
00000904: PUSH1 0x40
00000906: MLOAD
00000907: ADD
00000908: AND
00000909: PUSH1 0x44
0000090b: ADD
0000090c: PUSH1 0x1c
0000090e: REVERT
0000090f: JUMPDEST
00000910: PUSH1 0x01
00000912: PUSH1 0x04
00000914: SSTORE
00000915: STOP
00000916: JUMPDEST
00000917: PUSH4 0x1e83409a
0000091c: DUP2
0000091d: XOR
0000091e: PUSH2 0x0943
00000921: JUMPI
00000922: PUSH1 0x24
00000924: CALLDATASIZE
00000925: LT
00000926: CALLVALUE
00000927: OR
00000928: PUSH2 0x0947
0000092b: JUMPI
0000092c: PUSH1 0x04
0000092e: CALLDATALOAD
0000092f: DUP1
00000930: PUSH1 0xa0
00000932: SHR
00000933: PUSH2 0x0947
00000936: JUMPI
00000937: PUSH1 0x40
00000939: MSTORE
0000093a: PUSH1 0x01
0000093c: PUSH1 0x60
0000093e: MSTORE
0000093f: PUSH2 0x0068
00000942: JUMP
00000943: JUMPDEST
00000944: PUSH0
00000945: PUSH0
00000946: REVERT
00000947: JUMPDEST
00000948: PUSH0
00000949: DUP1
0000094a: REVERT
0000094b: MULMOD
0000094c: NUMBER
0000094d: MULMOD
0000094e: NUMBER
0000094f: MOD
00000950: UNKNOWN(0xA9)
00000951: SDIV
00000952: PUSH15 0x068909430292094309430943083602
00000962: PUSH19 0x053009430943094304f1001808940000000000
00000976: STOP
00000977: STOP
00000978: STOP
00000979: STOP
0000097a: STOP
0000097b: STOP
0000097c: STOP
0000097d: UNKNOWN(0xC0)
0000097e: UNKNOWN(0x2A)
0000097f: UNKNOWN(0xAA)
00000980: CODECOPY
00000981: UNKNOWN(0xB2)
00000982: UNKNOWN(0x23)
00000983: INVALID
00000984: DUP14
00000985: EXP
00000986: UNKNOWN(0x0E)
00000987: TLOAD
00000988: UNKNOWN(0x4F)
00000989: UNKNOWN(0x27)
0000098a: UNKNOWN(0xEA)
0000098b: UNKNOWN(0xD9)
0000098c: ADDMOD
0000098d: EXTCODECOPY
0000098e: PUSH22 0x6cc2000000000000000000000000a90f91b989ad379f
000009a5: PUSH8 0x62d73e453521f760
000009ae: UNKNOWN(0xD2)
000009af: CALLDATALOAD
000009b0: DUP1

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x94a12a283c6452c059099c010f286d5a48fa07f22cda4063a2d0c502b077d4ee
call_targets: 0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x94a12a283c6452c059099c010f286d5a48fa07f22cda4063a2d0c502b077d4ee",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 461,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant",
            "target_expression_category": "constant"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x94a12a283c6452c059099c010f286d5a48fa07f22cda4063a2d0c502b077d4ee
call_targets: 0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x94a12a283c6452c059099c010f286d5a48fa07f22cda4063a2d0c502b077d4ee",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 191,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "constant_zero",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 1
}
low other codex Unchecked ERC20 transfer return can mark claims as paid without transferring tokens 65 no
view
evidence_json 
{
    "evidence": "`TOKEN.transfer(user, to_send)` is called without checking the return value after updating accounting state.",
    "locations": [
        "contracts/Contract.sol:83"
    ],
    "recommendation": "Check the return value of `TOKEN.transfer` and revert on failure (e.g., `assert TOKEN.transfer(user, to_send)`), or use a safe transfer wrapper that enforces success.",
    "exploit_scenario": "If the configured TOKEN is a non-standard ERC20 that returns false (instead of reverting) on transfer failure, `claim` will still update `claimed` and emit a `Claim` event. The user is then treated as fully paid and cannot re-claim, even though no tokens were actually transferred."
}