TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-2dc0-700b-8c58-d038aeb8df7d

complete
Chain ID
1
Address
0xc39e5a86d8f2fc13b4b9f3fa7c56fe4cf4c48cea
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
2149 artifact.fetch complete 1 / 3 3 months ago
2150 tool.cast_disasm complete 1 / 3 3 months ago
45204 analysis.bundle complete 1 / 3 2 weeks ago
45205 capability.graph complete 1 / 3 2 weeks ago
45206 detector.run complete 1 / 3 2 weeks ago
45207 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
400
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0069
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0x232a3060
00000034: EQ
00000035: PUSH2 0x00e2
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0x9d735286
0000003f: EQ
00000040: PUSH2 0x00fa
00000043: JUMPI
00000044: DUP1
00000045: PUSH4 0xa6f9dae1
0000004a: EQ
0000004b: PUSH2 0x0109
0000004e: JUMPI
0000004f: DUP1
00000050: PUSH4 0xd59933d5
00000055: EQ
00000056: PUSH2 0x0121
00000059: JUMPI
0000005a: DUP1
0000005b: PUSH4 0xfa89401a
00000060: EQ
00000061: PUSH2 0x0130
00000064: JUMPI
00000065: PUSH2 0x0069
00000068: JUMP
00000069: JUMPDEST
0000006a: PUSH2 0x00e0
0000006d: JUMPDEST
0000006e: NUMBER
0000006f: PUSH32 0x5d6ac9b7defd8fbb29ef2ab0f08c3744192b3777466dd98d1fd7daed5064b6db
00000090: CALLER
00000091: CALLVALUE
00000092: TIMESTAMP
00000093: PUSH1 0x40
00000095: MLOAD
00000096: DUP1
00000097: DUP5
00000098: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ad: AND
000000ae: DUP2
000000af: MSTORE
000000b0: PUSH1 0x20
000000b2: ADD
000000b3: DUP4
000000b4: DUP2
000000b5: MSTORE
000000b6: PUSH1 0x20
000000b8: ADD
000000b9: DUP3
000000ba: DUP2
000000bb: MSTORE
000000bc: PUSH1 0x20
000000be: ADD
000000bf: SWAP4
000000c0: POP
000000c1: POP
000000c2: POP
000000c3: POP
000000c4: PUSH1 0x40
000000c6: MLOAD
000000c7: DUP1
000000c8: SWAP2
000000c9: SUB
000000ca: SWAP1
000000cb: LOG2
000000cc: TIMESTAMP
000000cd: PUSH1 0x02
000000cf: PUSH1 0x00
000000d1: POP
000000d2: DUP2
000000d3: SWAP1
000000d4: SSTORE
000000d5: POP
000000d6: PUSH2 0x00dd
000000d9: PUSH2 0x026d
000000dc: JUMP
000000dd: JUMPDEST
000000de: JUMPDEST
000000df: JUMP
000000e0: JUMPDEST
000000e1: STOP
000000e2: JUMPDEST
000000e3: PUSH2 0x00f8
000000e6: PUSH1 0x04
000000e8: DUP1
000000e9: DUP1
000000ea: CALLDATALOAD
000000eb: SWAP1
000000ec: PUSH1 0x20
000000ee: ADD
000000ef: SWAP1
000000f0: SWAP2
000000f1: SWAP1
000000f2: POP
000000f3: POP
000000f4: PUSH2 0x0148
000000f7: JUMP
000000f8: JUMPDEST
000000f9: STOP
000000fa: JUMPDEST
000000fb: PUSH2 0x0107
000000fe: PUSH1 0x04
00000100: DUP1
00000101: POP
00000102: POP
00000103: PUSH2 0x026d
00000106: JUMP
00000107: JUMPDEST
00000108: STOP
00000109: JUMPDEST
0000010a: PUSH2 0x011f
0000010d: PUSH1 0x04
0000010f: DUP1
00000110: DUP1
00000111: CALLDATALOAD
00000112: SWAP1
00000113: PUSH1 0x20
00000115: ADD
00000116: SWAP1
00000117: SWAP2
00000118: SWAP1
00000119: POP
0000011a: POP
0000011b: PUSH2 0x01e7
0000011e: JUMP
0000011f: JUMPDEST
00000120: STOP
00000121: JUMPDEST
00000122: PUSH2 0x012e
00000125: PUSH1 0x04
00000127: DUP1
00000128: POP
00000129: POP
0000012a: PUSH2 0x034f
0000012d: JUMP
0000012e: JUMPDEST
0000012f: STOP
00000130: JUMPDEST
00000131: PUSH2 0x0146
00000134: PUSH1 0x04
00000136: DUP1
00000137: DUP1
00000138: CALLDATALOAD
00000139: SWAP1
0000013a: PUSH1 0x20
0000013c: ADD
0000013d: SWAP1
0000013e: SWAP2
0000013f: SWAP1
00000140: POP
00000141: POP
00000142: PUSH2 0x02dc
00000145: JUMP
00000146: JUMPDEST
00000147: STOP
00000148: JUMPDEST
00000149: PUSH1 0x00
0000014b: PUSH1 0x00
0000014d: SWAP1
0000014e: SLOAD
0000014f: SWAP1
00000150: PUSH2 0x0100
00000153: EXP
00000154: SWAP1
00000155: DIV
00000156: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016b: AND
0000016c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000181: AND
00000182: CALLER
00000183: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000198: AND
00000199: EQ
0000019a: ISZERO
0000019b: PUSH2 0x01e3
0000019e: JUMPI
0000019f: DUP1
000001a0: PUSH1 0x01
000001a2: PUSH1 0x00
000001a4: PUSH2 0x0100
000001a7: EXP
000001a8: DUP2
000001a9: SLOAD
000001aa: DUP2
000001ab: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001c0: MUL
000001c1: NOT
000001c2: AND
000001c3: SWAP1
000001c4: DUP4
000001c5: MUL
000001c6: OR
000001c7: SWAP1
000001c8: SSTORE
000001c9: POP
000001ca: PUSH1 0x01
000001cc: PUSH1 0x03
000001ce: PUSH1 0x00
000001d0: PUSH2 0x0100
000001d3: EXP
000001d4: DUP2
000001d5: SLOAD
000001d6: DUP2
000001d7: PUSH1 0xff
000001d9: MUL
000001da: NOT
000001db: AND
000001dc: SWAP1
000001dd: DUP4
000001de: MUL
000001df: OR
000001e0: SWAP1
000001e1: SSTORE
000001e2: POP
000001e3: JUMPDEST
000001e4: JUMPDEST
000001e5: POP
000001e6: JUMP
000001e7: JUMPDEST
000001e8: PUSH1 0x00
000001ea: PUSH1 0x00
000001ec: SWAP1
000001ed: SLOAD
000001ee: SWAP1
000001ef: PUSH2 0x0100
000001f2: EXP
000001f3: SWAP1
000001f4: DIV
000001f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000020a: AND
0000020b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000220: AND
00000221: CALLER
00000222: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000237: AND
00000238: EQ
00000239: ISZERO
0000023a: PUSH2 0x0269
0000023d: JUMPI
0000023e: DUP1
0000023f: PUSH1 0x00
00000241: PUSH1 0x00
00000243: PUSH2 0x0100
00000246: EXP
00000247: DUP2
00000248: SLOAD
00000249: DUP2
0000024a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000025f: MUL
00000260: NOT
00000261: AND
00000262: SWAP1
00000263: DUP4
00000264: MUL
00000265: OR
00000266: SWAP1
00000267: SSTORE
00000268: POP
00000269: JUMPDEST
0000026a: JUMPDEST
0000026b: POP
0000026c: JUMP
0000026d: JUMPDEST
0000026e: PUSH1 0x01
00000270: PUSH1 0x00
00000272: SWAP1
00000273: SLOAD
00000274: SWAP1
00000275: PUSH2 0x0100
00000278: EXP
00000279: SWAP1
0000027a: DIV
0000027b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000290: AND
00000291: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002a6: AND
000002a7: PUSH1 0x00
000002a9: ADDRESS
000002aa: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002bf: AND
000002c0: BALANCE
000002c1: PUSH1 0x40
000002c3: MLOAD
000002c4: DUP1
000002c5: SWAP1
000002c6: POP
000002c7: PUSH1 0x00
000002c9: PUSH1 0x40
000002cb: MLOAD
000002cc: DUP1
000002cd: DUP4
000002ce: SUB
000002cf: DUP2
000002d0: DUP6
000002d1: DUP9
000002d2: DUP9
000002d3: CALL
000002d4: SWAP4
000002d5: POP
000002d6: POP
000002d7: POP
000002d8: POP
000002d9: POP
000002da: JUMPDEST
000002db: JUMP
000002dc: JUMPDEST
000002dd: PUSH1 0x00
000002df: PUSH1 0x00
000002e1: SWAP1
000002e2: SLOAD
000002e3: SWAP1
000002e4: PUSH2 0x0100
000002e7: EXP
000002e8: SWAP1
000002e9: DIV
000002ea: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002ff: AND
00000300: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000315: AND
00000316: CALLER
00000317: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000032c: AND
0000032d: EQ
0000032e: ISZERO
0000032f: PUSH2 0x034b
00000332: JUMPI
00000333: DUP1
00000334: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000349: AND
0000034a: SELFDESTRUCT
0000034b: JUMPDEST
0000034c: JUMPDEST
0000034d: POP
0000034e: JUMP
0000034f: JUMPDEST
00000350: NUMBER
00000351: PUSH32 0x5d6ac9b7defd8fbb29ef2ab0f08c3744192b3777466dd98d1fd7daed5064b6db
00000372: CALLER
00000373: CALLVALUE
00000374: TIMESTAMP
00000375: PUSH1 0x40
00000377: MLOAD
00000378: DUP1
00000379: DUP5
0000037a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000038f: AND
00000390: DUP2
00000391: MSTORE
00000392: PUSH1 0x20
00000394: ADD
00000395: DUP4
00000396: DUP2
00000397: MSTORE
00000398: PUSH1 0x20
0000039a: ADD
0000039b: DUP3
0000039c: DUP2
0000039d: MSTORE
0000039e: PUSH1 0x20
000003a0: ADD
000003a1: SWAP4
000003a2: POP
000003a3: POP
000003a4: POP
000003a5: POP
000003a6: PUSH1 0x40
000003a8: MLOAD
000003a9: DUP1
000003aa: SWAP2
000003ab: SUB
000003ac: SWAP1
000003ad: LOG2
000003ae: TIMESTAMP
000003af: PUSH1 0x02
000003b1: PUSH1 0x00
000003b3: POP
000003b4: DUP2
000003b5: SWAP1
000003b6: SSTORE
000003b7: POP
000003b8: PUSH2 0x03bf
000003bb: PUSH2 0x026d
000003be: JUMP
000003bf: JUMPDEST
000003c0: JUMPDEST
000003c1: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x13d68892ba5dd47d969b55760ccacb5f66b6625f5732bb7bd57c271eda478f79
call_targets: 0xc39e5a86d8f2fc13b4b9f3fa7c56fe4cf4c48cea
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x13d68892ba5dd47d969b55760ccacb5f66b6625f5732bb7bd57c271eda478f79",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xc39e5a86d8f2fc13b4b9f3fa7c56fe4cf4c48cea"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x232a3060",
            "selector": "0x232a3060",
            "calldata_variants": [
                "0x232a3060",
                "0x232a30600000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9d735286",
            "selector": "0x9d735286",
            "calldata_variants": [
                "0x9d735286",
                "0x9d7352860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6f9dae1",
            "selector": "0xa6f9dae1",
            "calldata_variants": [
                "0xa6f9dae1",
                "0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd59933d5",
            "selector": "0xd59933d5",
            "calldata_variants": [
                "0xd59933d5",
                "0xd59933d50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfa89401a",
            "selector": "0xfa89401a",
            "calldata_variants": [
                "0xfa89401a",
                "0xfa89401a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 723,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 386,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 545,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 790,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x13d68892ba5dd47d969b55760ccacb5f66b6625f5732bb7bd57c271eda478f79
call_targets: 0xc39e5a86d8f2fc13b4b9f3fa7c56fe4cf4c48cea
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x13d68892ba5dd47d969b55760ccacb5f66b6625f5732bb7bd57c271eda478f79",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xc39e5a86d8f2fc13b4b9f3fa7c56fe4cf4c48cea"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x232a3060",
            "selector": "0x232a3060",
            "calldata_variants": [
                "0x232a3060",
                "0x232a30600000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9d735286",
            "selector": "0x9d735286",
            "calldata_variants": [
                "0x9d735286",
                "0x9d7352860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6f9dae1",
            "selector": "0xa6f9dae1",
            "calldata_variants": [
                "0xa6f9dae1",
                "0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd59933d5",
            "selector": "0xd59933d5",
            "calldata_variants": [
                "0xd59933d5",
                "0xd59933d50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfa89401a",
            "selector": "0xfa89401a",
            "calldata_variants": [
                "0xfa89401a",
                "0xfa89401a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 723,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 386,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 545,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 790,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0x3c1fdf0ca932c9c385fe22cd70b0515c683d0591687a1a2179a82743f6d733fb
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 10,
    "trace_id": "0x3c1fdf0ca932c9c385fe22cd70b0515c683d0591687a1a2179a82743f6d733fb",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x232a3060",
            "selector": "0x232a3060",
            "calldata_variants": [
                "0x232a3060",
                "0x232a30600000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9d735286",
            "selector": "0x9d735286",
            "calldata_variants": [
                "0x9d735286",
                "0x9d7352860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa6f9dae1",
            "selector": "0xa6f9dae1",
            "calldata_variants": [
                "0xa6f9dae1",
                "0xa6f9dae10000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd59933d5",
            "selector": "0xd59933d5",
            "calldata_variants": [
                "0xd59933d5",
                "0xd59933d50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfa89401a",
            "selector": "0xfa89401a",
            "calldata_variants": [
                "0xfa89401a",
                "0xfa89401a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 386,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 545,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 790,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "selfdestruct_count": 1
}