TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-2d1f-70e4-8895-01de6aba2ec7

complete
Chain ID
1
Address
0xf94e074f00a4121b672254bf77d72fe992c89097
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
2043 artifact.fetch complete 1 / 3 3 months ago
2044 tool.cast_disasm complete 1 / 3 3 months ago
45392 analysis.bundle complete 1 / 3 2 weeks ago
45393 capability.graph complete 1 / 3 2 weeks ago
45394 detector.run complete 1 / 3 2 weeks ago
45395 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
199
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0048
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0x41c0e1b5
00000034: EQ
00000035: PUSH2 0x00e3
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0xe5225381
0000003f: EQ
00000040: PUSH2 0x00f0
00000043: JUMPI
00000044: PUSH2 0x0048
00000047: JUMP
00000048: JUMPDEST
00000049: PUSH2 0x00e1
0000004c: JUMPDEST
0000004d: PUSH1 0x00
0000004f: CALLVALUE
00000050: GT
00000051: ISZERO
00000052: PUSH2 0x00de
00000055: JUMPI
00000056: PUSH1 0x40
00000058: PUSH1 0x40
0000005a: MLOAD
0000005b: SWAP1
0000005c: DUP2
0000005d: ADD
0000005e: PUSH1 0x40
00000060: MSTORE
00000061: DUP1
00000062: PUSH1 0x05
00000064: DUP2
00000065: MSTORE
00000066: PUSH1 0x20
00000068: ADD
00000069: PUSH32 0x59554e4249000000000000000000000000000000000000000000000000000000
0000008a: DUP2
0000008b: MSTORE
0000008c: PUSH1 0x20
0000008e: ADD
0000008f: POP
00000090: CALLER
00000091: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000a6: AND
000000a7: PUSH32 0x68051bc50b1ef1654bf1e6204b5f8fa9badcd038e00fa5b43f21f898fc2728ca
000000c8: CALLVALUE
000000c9: PUSH1 0x40
000000cb: MLOAD
000000cc: DUP1
000000cd: DUP3
000000ce: DUP2
000000cf: MSTORE
000000d0: PUSH1 0x20
000000d2: ADD
000000d3: SWAP2
000000d4: POP
000000d5: POP
000000d6: PUSH1 0x40
000000d8: MLOAD
000000d9: DUP1
000000da: SWAP2
000000db: SUB
000000dc: SWAP1
000000dd: LOG3
000000de: JUMPDEST
000000df: JUMPDEST
000000e0: JUMP
000000e1: JUMPDEST
000000e2: STOP
000000e3: JUMPDEST
000000e4: PUSH2 0x00ee
000000e7: PUSH1 0x04
000000e9: POP
000000ea: PUSH2 0x00fd
000000ed: JUMP
000000ee: JUMPDEST
000000ef: STOP
000000f0: JUMPDEST
000000f1: PUSH2 0x00fb
000000f4: PUSH1 0x04
000000f6: POP
000000f7: PUSH2 0x0191
000000fa: JUMP
000000fb: JUMPDEST
000000fc: STOP
000000fd: JUMPDEST
000000fe: PUSH1 0x00
00000100: PUSH1 0x00
00000102: SWAP1
00000103: SLOAD
00000104: SWAP1
00000105: PUSH2 0x0100
00000108: EXP
00000109: SWAP1
0000010a: DIV
0000010b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000120: AND
00000121: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000136: AND
00000137: CALLER
00000138: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000014d: AND
0000014e: EQ
0000014f: ISZERO
00000150: PUSH2 0x018e
00000153: JUMPI
00000154: PUSH1 0x00
00000156: PUSH1 0x00
00000158: SWAP1
00000159: SLOAD
0000015a: SWAP1
0000015b: PUSH2 0x0100
0000015e: EXP
0000015f: SWAP1
00000160: DIV
00000161: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000176: AND
00000177: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018c: AND
0000018d: SELFDESTRUCT
0000018e: JUMPDEST
0000018f: JUMPDEST
00000190: JUMP
00000191: JUMPDEST
00000192: PUSH1 0x00
00000194: PUSH1 0x00
00000196: SWAP1
00000197: SLOAD
00000198: SWAP1
00000199: PUSH2 0x0100
0000019c: EXP
0000019d: SWAP1
0000019e: DIV
0000019f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001b4: AND
000001b5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001ca: AND
000001cb: CALLER
000001cc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001e1: AND
000001e2: EQ
000001e3: ISZERO
000001e4: PUSH2 0x0254
000001e7: JUMPI
000001e8: PUSH1 0x00
000001ea: PUSH1 0x00
000001ec: SWAP1
000001ed: SLOAD
000001ee: SWAP1
000001ef: PUSH2 0x0100
000001f2: EXP
000001f3: SWAP1
000001f4: DIV
000001f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000020a: AND
0000020b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000220: AND
00000221: PUSH1 0x00
00000223: ADDRESS
00000224: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000239: AND
0000023a: BALANCE
0000023b: PUSH1 0x40
0000023d: MLOAD
0000023e: DUP1
0000023f: SWAP1
00000240: POP
00000241: PUSH1 0x00
00000243: PUSH1 0x40
00000245: MLOAD
00000246: DUP1
00000247: DUP4
00000248: SUB
00000249: DUP2
0000024a: DUP6
0000024b: DUP9
0000024c: DUP9
0000024d: CALL
0000024e: SWAP4
0000024f: POP
00000250: POP
00000251: POP
00000252: POP
00000253: POP
00000254: JUMPDEST
00000255: JUMPDEST
00000256: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x7b839df7eb24198b4105df40ad1cd7ffd09f2890567751fc137102d9e8b2dfcb
call_targets: 0xf94e074f00a4121b672254bf77d72fe992c89097
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x7b839df7eb24198b4105df40ad1cd7ffd09f2890567751fc137102d9e8b2dfcb",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xf94e074f00a4121b672254bf77d72fe992c89097"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 589,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 311,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 459,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x7b839df7eb24198b4105df40ad1cd7ffd09f2890567751fc137102d9e8b2dfcb
call_targets: 0xf94e074f00a4121b672254bf77d72fe992c89097
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x7b839df7eb24198b4105df40ad1cd7ffd09f2890567751fc137102d9e8b2dfcb",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xf94e074f00a4121b672254bf77d72fe992c89097"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 589,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 311,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 459,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0xd35a77a2e6c74609421914104679f5b1ca8ffd1eb0c48536b29859fae6eaf33a
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 4,
    "trace_id": "0xd35a77a2e6c74609421914104679f5b1ca8ffd1eb0c48536b29859fae6eaf33a",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe5225381",
            "selector": "0xe5225381",
            "calldata_variants": [
                "0xe5225381",
                "0xe52253810000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 311,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 459,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "selfdestruct_count": 1
}