TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-23cc-706e-b3ee-8c4235e4d61d

complete
Chain ID
1
Address
0x9ecc4144d883251394897b511dae5dea79d72fa1
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
1
Validated
1
Source
Bytecode only
Review Backing
Not yet
Best current signal
External CALL present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
525 artifact.fetch complete 1 / 3 3 months ago
526 tool.cast_disasm complete 1 / 3 3 months ago
78471 analysis.bundle complete 1 / 3 1 week ago
78472 capability.graph complete 1 / 3 1 week ago
78473 detector.run complete 1 / 3 1 week ago
78474 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
20
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: CALLDATASIZE
00000001: PUSH1 0x00
00000003: DUP1
00000004: CALLDATACOPY
00000005: PUSH1 0x20
00000007: PUSH1 0x00
00000009: CALLDATASIZE
0000000a: PUSH1 0x00
0000000c: CALLVALUE
0000000d: PUSH20 0x273930d21e01ee25e4c219b63259d214872220a2
00000022: PUSH2 0x235a
00000025: GAS
00000026: SUB
00000027: CALLCODE
00000028: ISZERO
00000029: PUSH1 0x01
0000002b: JUMPI
0000002c: PUSH1 0x20
0000002e: PUSH1 0x00
00000030: RETURN
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
low other detector External CALL present 40 yes yes
view
trace_id: 0x8e0165b75bcb5d02f7d22f94c0e9cc7ccff5d448f413a6f68a586009e46653c2
call_targets: 0x273930d21e01ee25e4c219b63259d214872220a2, 0x9ecc4144d883251394897b511dae5dea79d72fa1
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x8e0165b75bcb5d02f7d22f94c0e9cc7ccff5d448f413a6f68a586009e46653c2",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x273930d21e01ee25e4c219b63259d214872220a2",
        "0x9ecc4144d883251394897b511dae5dea79d72fa1"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "call_count": 1
}