TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-2904-70f4-b149-b754b928837d

complete
Chain ID
1
Address
0x6df3b08cf8bc6338027e1401050b5cd2020580be
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
1
Validated
1
Source
Bytecode only
Review Backing
Not yet
Best current signal
External CALL present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
1351 artifact.fetch complete 1 / 3 3 months ago
1352 tool.cast_disasm complete 1 / 3 3 months ago
44880 analysis.bundle complete 1 / 3 1 week ago
44881 capability.graph complete 1 / 3 1 week ago
44882 detector.run complete 1 / 3 1 week ago
44883 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
20
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: CALLDATASIZE
00000001: PUSH1 0x00
00000003: DUP1
00000004: CALLDATACOPY
00000005: PUSH1 0x20
00000007: PUSH1 0x00
00000009: CALLDATASIZE
0000000a: PUSH1 0x00
0000000c: CALLVALUE
0000000d: PUSH20 0x273930d21e01ee25e4c219b63259d214872220a2
00000022: PUSH2 0x235a
00000025: GAS
00000026: SUB
00000027: CALLCODE
00000028: ISZERO
00000029: PUSH1 0x01
0000002b: JUMPI
0000002c: PUSH1 0x20
0000002e: PUSH1 0x00
00000030: RETURN
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
low other detector External CALL present 40 yes yes
view
trace_id: 0x2ccce137eea410598fb77e7dbc712f015ad08bb5d0b04feeedfbf9251bd3dd42
call_targets: 0x273930d21e01ee25e4c219b63259d214872220a2, 0x6df3b08cf8bc6338027e1401050b5cd2020580be
target_varies: yes
classification: target_varies
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "confirmed",
    "attempts": 1,
    "trace_id": "0x2ccce137eea410598fb77e7dbc712f015ad08bb5d0b04feeedfbf9251bd3dd42",
    "confirmed": true,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x273930d21e01ee25e4c219b63259d214872220a2",
        "0x6df3b08cf8bc6338027e1401050b5cd2020580be"
    ],
    "matched_probe": null,
    "target_varies": true,
    "classification": "target_varies"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "call_count": 1
}