Bytecode Becomes Contract Address In Exploit Output

Description

Okay, really weird bug here. Runnnig mythril over the address 0xD99b6e04d6911f032d2e9139Bd3309D2641Dc706 causes the final exploit found to be an address not of its own (i.e., “0xD99b…”). Instead, it is part of the bytecode with a 0x thrown in front of it.

...
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: 0x6012c8cf97bead5deae237070f9587f8e7a266d
Function name: giveBirth(uint256)
PC address: 6528
Estimated Gas Usage: 1932 - 2687
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
Initial State:

Account: [ATTACKER], balance: 0x0, nonce:0, storage:{}
Account: [SOMEGUY], balance: 0x0, nonce:0, storage:{}

Transaction Sequence:

Caller: [SOMEGUY], function: unknown, txdata: 0x3030303000303030303030303030303030303030303030303030303030903030, value: 0x0

How to Reproduce

myth -v4 analyze -1 --execution-timeout 3600 -a 0xD99b6e04d6911f032d2e9139Bd3309D2641Dc706

Expected behavior

All exploits should have the address of the contract, not a subsection of the bytecode.

Other examples

The contract 0x1c764a70797DeB7100037581e679684Cc5C9CA42 produces the same problem. However, in this contract the output that is incorrectly put at the end as an exploit from a bug that grabs the bytecode IS a contract (e.g., 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819), which can be easily confusing to people looking at output. I am fairly certain it is not a dependency of this contract, because it would be too coincidental that the bytecode also matched a contract address of a dependency.