bug test case: eth:0x000000000090d2b159528c290616CF919B24e1d9
shazow opened this issue · comments
Andrey Petrov commented
Failing to capture selector: '0xfd9f1e10': 'cancel((address,address,(uint8,address,uint256,uint256,uint256)[],(uint8,address,uint256,uint256,uint256,address)[],uint8,uint256,uint256,bytes32,uint256,bytes32,uint256)[])',
Andrey Petrov commented
Trying to figure this one out... There's a SUB instruction I'm not sure what it does, breaking our heuristic.
93 0x00b9 DUP1
94 0x00ba PUSH4 0xf47b7740
95 0x00bf EQ
96 0x00c0 PUSH2 0x00ee
97 0x00c3 JUMPI
98 0x00c4 DUP1
99 0x00c5 PUSH4 0xfb0f3ee1
100 0x00ca EQ
101 0x00cb PUSH2 0x00e5
102 0x00ce JUMPI <--- Normal jump table until here
103 0x00cf PUSH4 0xfd9f1e10 <--- Selector in quesiton
104 0x00d4 SUB <--- Weird SUB, not sure what it does?
105 0x00d5 PUSH2 0x000e
106 0x00d8 JUMPI
107 0x00d9 PUSH2 0x00e0
108 0x00dc PUSH2 0x1040
109 0x00df JUMP
Andrey Petrov commented
Ah I guess it's doing SUB(0xfd9f1e10, 0xfd9f1e10) -> 0
rather than EQ to invert the outcome.