TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-280a-7152-a63c-188c49fa8b92

complete
Chain ID
1
Address
0x07144ddfb235f97d52bd1c7dee8446b5a27aeb54
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
1187 artifact.fetch complete 1 / 3 3 months ago
1188 tool.cast_disasm complete 1 / 3 3 months ago
44515 analysis.bundle complete 1 / 3 2 weeks ago
44516 capability.graph complete 1 / 3 2 weeks ago
44517 detector.run complete 1 / 3 2 weeks ago
44518 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
0
Total opcodes
225
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x35bc88b1
0000002e: EQ
0000002f: PUSH2 0x0044
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0xebb17bc0
00000039: EQ
0000003a: PUSH2 0x0065
0000003d: JUMPI
0000003e: PUSH2 0x0042
00000041: JUMP
00000042: JUMPDEST
00000043: STOP
00000044: JUMPDEST
00000045: PUSH2 0x0063
00000048: PUSH1 0x04
0000004a: DUP1
0000004b: DUP1
0000004c: CALLDATALOAD
0000004d: SWAP1
0000004e: PUSH1 0x20
00000050: ADD
00000051: SWAP1
00000052: SWAP2
00000053: SWAP1
00000054: DUP1
00000055: CALLDATALOAD
00000056: SWAP1
00000057: PUSH1 0x20
00000059: ADD
0000005a: SWAP1
0000005b: SWAP2
0000005c: SWAP1
0000005d: POP
0000005e: POP
0000005f: PUSH2 0x017a
00000062: JUMP
00000063: JUMPDEST
00000064: STOP
00000065: JUMPDEST
00000066: PUSH2 0x008d
00000069: PUSH1 0x04
0000006b: DUP1
0000006c: DUP1
0000006d: CALLDATALOAD
0000006e: SWAP1
0000006f: PUSH1 0x20
00000071: ADD
00000072: SWAP1
00000073: SWAP2
00000074: SWAP1
00000075: DUP1
00000076: CALLDATALOAD
00000077: SWAP1
00000078: PUSH1 0x20
0000007a: ADD
0000007b: SWAP1
0000007c: SWAP2
0000007d: SWAP1
0000007e: DUP1
0000007f: CALLDATALOAD
00000080: SWAP1
00000081: PUSH1 0x20
00000083: ADD
00000084: SWAP1
00000085: SWAP2
00000086: SWAP1
00000087: POP
00000088: POP
00000089: PUSH2 0x008f
0000008c: JUMP
0000008d: JUMPDEST
0000008e: STOP
0000008f: JUMPDEST
00000090: PUSH1 0x01
00000092: PUSH1 0x00
00000094: SWAP1
00000095: SLOAD
00000096: SWAP1
00000097: PUSH2 0x0100
0000009a: EXP
0000009b: SWAP1
0000009c: DIV
0000009d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b2: AND
000000b3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000c8: AND
000000c9: CALLER
000000ca: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000df: AND
000000e0: EQ
000000e1: ISZERO
000000e2: PUSH2 0x016a
000000e5: JUMPI
000000e6: PUSH1 0x00
000000e8: PUSH1 0x00
000000ea: SWAP1
000000eb: SLOAD
000000ec: SWAP1
000000ed: PUSH2 0x0100
000000f0: EXP
000000f1: SWAP1
000000f2: DIV
000000f3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000108: AND
00000109: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000011e: AND
0000011f: PUSH4 0xcbedbf5a
00000124: DUP3
00000125: PUSH1 0x40
00000127: MLOAD
00000128: DUP3
00000129: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000147: MUL
00000148: DUP2
00000149: MSTORE
0000014a: PUSH1 0x04
0000014c: ADD
0000014d: DUP1
0000014e: SWAP1
0000014f: POP
00000150: PUSH1 0x00
00000152: PUSH1 0x40
00000154: MLOAD
00000155: DUP1
00000156: DUP4
00000157: SUB
00000158: DUP2
00000159: DUP6
0000015a: DUP9
0000015b: PUSH2 0x8502
0000015e: GAS
0000015f: SUB
00000160: CALL
00000161: ISZERO
00000162: PUSH2 0x0002
00000165: JUMPI
00000166: POP
00000167: POP
00000168: POP
00000169: POP
0000016a: JUMPDEST
0000016b: GAS
0000016c: PUSH1 0x03
0000016e: PUSH1 0x00
00000170: POP
00000171: DUP2
00000172: SWAP1
00000173: SSTORE
00000174: POP
00000175: JUMPDEST
00000176: POP
00000177: POP
00000178: POP
00000179: JUMP
0000017a: JUMPDEST
0000017b: PUSH1 0x01
0000017d: PUSH1 0x00
0000017f: SWAP1
00000180: SLOAD
00000181: SWAP1
00000182: PUSH2 0x0100
00000185: EXP
00000186: SWAP1
00000187: DIV
00000188: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000019d: AND
0000019e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001b3: AND
000001b4: CALLER
000001b5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001ca: AND
000001cb: EQ
000001cc: ISZERO
000001cd: PUSH2 0x0204
000001d0: JUMPI
000001d1: DUP2
000001d2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001e7: AND
000001e8: PUSH1 0x00
000001ea: DUP3
000001eb: PUSH1 0x40
000001ed: MLOAD
000001ee: DUP1
000001ef: SWAP1
000001f0: POP
000001f1: PUSH1 0x00
000001f3: PUSH1 0x40
000001f5: MLOAD
000001f6: DUP1
000001f7: DUP4
000001f8: SUB
000001f9: DUP2
000001fa: DUP6
000001fb: DUP9
000001fc: DUP9
000001fd: CALL
000001fe: SWAP4
000001ff: POP
00000200: POP
00000201: POP
00000202: POP
00000203: POP
00000204: JUMPDEST
00000205: GAS
00000206: PUSH1 0x03
00000208: PUSH1 0x00
0000020a: POP
0000020b: DUP2
0000020c: SWAP1
0000020d: SSTORE
0000020e: POP
0000020f: JUMPDEST
00000210: POP
00000211: POP
00000212: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x3a73bfd85d497466ab41911ba1789c5eafab1773102972dece92211d3e255c56
call_targets: 0x07144ddfb235f97d52bd1c7dee8446b5a27aeb54
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x3a73bfd85d497466ab41911ba1789c5eafab1773102972dece92211d3e255c56",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x07144ddfb235f97d52bd1c7dee8446b5a27aeb54"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x35bc88b1",
            "selector": "0x35bc88b1",
            "calldata_variants": [
                "0x35bc88b1",
                "0x35bc88b10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xebb17bc0",
            "selector": "0xebb17bc0",
            "calldata_variants": [
                "0xebb17bc0",
                "0xebb17bc00000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 352,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 509,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 201,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 436,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 2
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x3a73bfd85d497466ab41911ba1789c5eafab1773102972dece92211d3e255c56
call_targets: 0x07144ddfb235f97d52bd1c7dee8446b5a27aeb54
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x3a73bfd85d497466ab41911ba1789c5eafab1773102972dece92211d3e255c56",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x07144ddfb235f97d52bd1c7dee8446b5a27aeb54"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x35bc88b1",
            "selector": "0x35bc88b1",
            "calldata_variants": [
                "0x35bc88b1",
                "0x35bc88b10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xebb17bc0",
            "selector": "0xebb17bc0",
            "calldata_variants": [
                "0xebb17bc0",
                "0xebb17bc00000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 352,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 509,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": [
        {
            "pc": 201,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 436,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}