Analysis Run

019b3836-2fb9-7313-aa39-1fe37249b816

complete

Chain ID

1

Address

0xbe18f9a2c8dcb83512f1de885d8b121ed112c319

Block Number

—

Created

Fri, Dec 19, 2025 8:03 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Authorization based on tx.origin

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
2485	artifact.fetch	complete	1 / 3	3 months ago
2486	tool.cast_disasm	complete	1 / 3	3 months ago
96842	analysis.bundle	complete	1 / 3	1 week ago
96843	capability.graph	complete	1 / 3	1 week ago
96844	detector.run	complete	1 / 3	1 week ago
96845	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

1

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

1

Total opcodes

350

Flags

selfdestruct_present

View cast disassembly output

00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x41c0e1b5
0000002e: EQ
0000002f: PUSH2 0x005a
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0xf2a75fe4
00000039: EQ
0000003a: PUSH2 0x0069
0000003d: JUMPI
0000003e: DUP1
0000003f: PUSH4 0xf2c298be
00000044: EQ
00000045: PUSH2 0x0078
00000048: JUMPI
00000049: DUP1
0000004a: PUSH4 0xf67187ac
0000004f: EQ
00000050: PUSH2 0x009b
00000053: JUMPI
00000054: PUSH2 0x0058
00000057: JUMP
00000058: JUMPDEST
00000059: STOP
0000005a: JUMPDEST
0000005b: PUSH2 0x0067
0000005e: PUSH1 0x04
00000060: DUP1
00000061: POP
00000062: POP
00000063: PUSH2 0x0196
00000066: JUMP
00000067: JUMPDEST
00000068: STOP
00000069: JUMPDEST
0000006a: PUSH2 0x0076
0000006d: PUSH1 0x04
0000006f: DUP1
00000070: POP
00000071: POP
00000072: PUSH2 0x022f
00000075: JUMP
00000076: JUMPDEST
00000077: STOP
00000078: JUMPDEST
00000079: PUSH2 0x0099
0000007c: PUSH1 0x04
0000007e: DUP1
0000007f: DUP1
00000080: CALLDATALOAD
00000081: SWAP1
00000082: PUSH1 0x20
00000084: ADD
00000085: SWAP1
00000086: DUP3
00000087: ADD
00000088: DUP1
00000089: CALLDATALOAD
0000008a: SWAP1
0000008b: PUSH1 0x20
0000008d: ADD
0000008e: SWAP2
0000008f: SWAP1
00000090: SWAP2
00000091: SWAP3
00000092: SWAP1
00000093: POP
00000094: POP
00000095: PUSH2 0x00e8
00000098: JUMP
00000099: JUMPDEST
0000009a: STOP
0000009b: JUMPDEST
0000009c: PUSH2 0x00bc
0000009f: PUSH1 0x04
000000a1: DUP1
000000a2: DUP1
000000a3: CALLDATALOAD
000000a4: SWAP1
000000a5: PUSH1 0x20
000000a7: ADD
000000a8: SWAP1
000000a9: DUP3
000000aa: ADD
000000ab: DUP1
000000ac: CALLDATALOAD
000000ad: SWAP1
000000ae: PUSH1 0x20
000000b0: ADD
000000b1: SWAP2
000000b2: SWAP1
000000b3: SWAP2
000000b4: SWAP3
000000b5: SWAP1
000000b6: POP
000000b7: POP
000000b8: PUSH2 0x013e
000000bb: JUMP
000000bc: JUMPDEST
000000bd: PUSH1 0x40
000000bf: MLOAD
000000c0: DUP1
000000c1: DUP3
000000c2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d7: AND
000000d8: DUP2
000000d9: MSTORE
000000da: PUSH1 0x20
000000dc: ADD
000000dd: SWAP2
000000de: POP
000000df: POP
000000e0: PUSH1 0x40
000000e2: MLOAD
000000e3: DUP1
000000e4: SWAP2
000000e5: SUB
000000e6: SWAP1
000000e7: RETURN
000000e8: JUMPDEST
000000e9: ORIGIN
000000ea: PUSH1 0x00
000000ec: PUSH1 0x00
000000ee: POP
000000ef: DUP4
000000f0: DUP4
000000f1: PUSH1 0x40
000000f3: MLOAD
000000f4: DUP1
000000f5: DUP4
000000f6: DUP4
000000f7: DUP1
000000f8: DUP3
000000f9: DUP5
000000fa: CALLDATACOPY
000000fb: DUP3
000000fc: ADD
000000fd: SWAP2
000000fe: POP
000000ff: POP
00000100: SWAP3
00000101: POP
00000102: POP
00000103: POP
00000104: SWAP1
00000105: DUP2
00000106: MSTORE
00000107: PUSH1 0x20
00000109: ADD
0000010a: PUSH1 0x40
0000010c: MLOAD
0000010d: DUP1
0000010e: SWAP2
0000010f: SUB
00000110: SWAP1
00000111: KECCAK256
00000112: PUSH1 0x00
00000114: PUSH2 0x0100
00000117: EXP
00000118: DUP2
00000119: SLOAD
0000011a: DUP2
0000011b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000130: MUL
00000131: NOT
00000132: AND
00000133: SWAP1
00000134: DUP4
00000135: MUL
00000136: OR
00000137: SWAP1
00000138: SSTORE
00000139: POP
0000013a: JUMPDEST
0000013b: POP
0000013c: POP
0000013d: JUMP
0000013e: JUMPDEST
0000013f: PUSH1 0x00
00000141: PUSH1 0x00
00000143: PUSH1 0x00
00000145: POP
00000146: DUP4
00000147: DUP4
00000148: PUSH1 0x40
0000014a: MLOAD
0000014b: DUP1
0000014c: DUP4
0000014d: DUP4
0000014e: DUP1
0000014f: DUP3
00000150: DUP5
00000151: CALLDATACOPY
00000152: DUP3
00000153: ADD
00000154: SWAP2
00000155: POP
00000156: POP
00000157: SWAP3
00000158: POP
00000159: POP
0000015a: POP
0000015b: SWAP1
0000015c: DUP2
0000015d: MSTORE
0000015e: PUSH1 0x20
00000160: ADD
00000161: PUSH1 0x40
00000163: MLOAD
00000164: DUP1
00000165: SWAP2
00000166: SUB
00000167: SWAP1
00000168: KECCAK256
00000169: PUSH1 0x00
0000016b: SWAP1
0000016c: SLOAD
0000016d: SWAP1
0000016e: PUSH2 0x0100
00000171: EXP
00000172: SWAP1
00000173: DIV
00000174: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000189: AND
0000018a: SWAP1
0000018b: POP
0000018c: PUSH2 0x0190
0000018f: JUMP
00000190: JUMPDEST
00000191: SWAP3
00000192: SWAP2
00000193: POP
00000194: POP
00000195: JUMP
00000196: JUMPDEST
00000197: PUSH1 0x01
00000199: PUSH1 0x00
0000019b: SWAP1
0000019c: SLOAD
0000019d: SWAP1
0000019e: PUSH2 0x0100
000001a1: EXP
000001a2: SWAP1
000001a3: DIV
000001a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001b9: AND
000001ba: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001cf: AND
000001d0: ORIGIN
000001d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001e6: AND
000001e7: EQ
000001e8: ISZERO
000001e9: ISZERO
000001ea: PUSH2 0x01f2
000001ed: JUMPI
000001ee: PUSH2 0x022d
000001f1: JUMP
000001f2: JUMPDEST
000001f3: PUSH1 0x01
000001f5: PUSH1 0x00
000001f7: SWAP1
000001f8: SLOAD
000001f9: SWAP1
000001fa: PUSH2 0x0100
000001fd: EXP
000001fe: SWAP1
000001ff: DIV
00000200: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000215: AND
00000216: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000022b: AND
0000022c: SELFDESTRUCT
0000022d: JUMPDEST
0000022e: JUMP
0000022f: JUMPDEST
00000230: PUSH1 0x01
00000232: PUSH1 0x00
00000234: SWAP1
00000235: SLOAD
00000236: SWAP1
00000237: PUSH2 0x0100
0000023a: EXP
0000023b: SWAP1
0000023c: DIV
0000023d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000252: AND
00000253: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000268: AND
00000269: ORIGIN
0000026a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000027f: AND
00000280: EQ
00000281: ISZERO
00000282: ISZERO
00000283: PUSH2 0x028b
00000286: JUMPI
00000287: PUSH2 0x02f8
0000028a: JUMP
0000028b: JUMPDEST
0000028c: PUSH1 0x01
0000028e: PUSH1 0x00
00000290: SWAP1
00000291: SLOAD
00000292: SWAP1
00000293: PUSH2 0x0100
00000296: EXP
00000297: SWAP1
00000298: DIV
00000299: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002ae: AND
000002af: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002c4: AND
000002c5: PUSH1 0x00
000002c7: ADDRESS
000002c8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002dd: AND
000002de: BALANCE
000002df: PUSH1 0x40
000002e1: MLOAD
000002e2: DUP1
000002e3: SWAP1
000002e4: POP
000002e5: PUSH1 0x00
000002e7: PUSH1 0x40
000002e9: MLOAD
000002ea: DUP1
000002eb: DUP4
000002ec: SUB
000002ed: DUP2
000002ee: DUP6
000002ef: DUP9
000002f0: DUP9
000002f1: CALL
000002f2: SWAP4
000002f3: POP
000002f4: POP
000002f5: POP
000002f6: POP
000002f7: POP
000002f8: JUMPDEST
000002f9: JUMP

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x41c0e1b5", "selector": "0x41c0e1b5", "calldata_variants": [ "0x41c0e1b5", "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2a75fe4", "selector": "0xf2a75fe4", "calldata_variants": [ "0xf2a75fe4", "0xf2a75fe40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2c298be", "selector": "0xf2c298be", "calldata_variants": [ "0xf2c298be", "0xf2c298be0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf67187ac", "selector": "0xf67187ac", "calldata_variants": [ "0xf67187ac", "0xf67187ac0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 233, "type": "tx_origin_used" }, { "pc": 464, "type": "tx_origin_used" }, { "pc": 617, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0x39c1725156b362b9635e0777a8ca3c8c82aa7287572d5b9e1c00cf83bdf780c5 call_targets: 0xbe18f9a2c8dcb83512f1de885d8b121ed112c319 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x39c1725156b362b9635e0777a8ca3c8c82aa7287572d5b9e1c00cf83bdf780c5", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xbe18f9a2c8dcb83512f1de885d8b121ed112c319" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x41c0e1b5", "selector": "0x41c0e1b5", "calldata_variants": [ "0x41c0e1b5", "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2a75fe4", "selector": "0xf2a75fe4", "calldata_variants": [ "0xf2a75fe4", "0xf2a75fe40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2c298be", "selector": "0xf2c298be", "calldata_variants": [ "0xf2c298be", "0xf2c298be0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf67187ac", "selector": "0xf67187ac", "calldata_variants": [ "0xf67187ac", "0xf67187ac0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 753, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [ { "pc": 233, "type": "tx_origin_used" }, { "pc": 464, "type": "tx_origin_used" }, { "pc": 617, "type": "tx_origin_used" } ], "untrusted_call_count": 1 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0x39c1725156b362b9635e0777a8ca3c8c82aa7287572d5b9e1c00cf83bdf780c5 call_targets: 0xbe18f9a2c8dcb83512f1de885d8b121ed112c319 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x39c1725156b362b9635e0777a8ca3c8c82aa7287572d5b9e1c00cf83bdf780c5", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xbe18f9a2c8dcb83512f1de885d8b121ed112c319" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x41c0e1b5", "selector": "0x41c0e1b5", "calldata_variants": [ "0x41c0e1b5", "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2a75fe4", "selector": "0xf2a75fe4", "calldata_variants": [ "0xf2a75fe4", "0xf2a75fe40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2c298be", "selector": "0xf2c298be", "calldata_variants": [ "0xf2c298be", "0xf2c298be0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf67187ac", "selector": "0xf67187ac", "calldata_variants": [ "0xf67187ac", "0xf67187ac0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 753, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [ { "pc": 233, "type": "tx_origin_used" }, { "pc": 464, "type": "tx_origin_used" }, { "pc": 617, "type": "tx_origin_used" } ] }
medium	other	detector	SELFDESTRUCT reachable	45	no	no	view trace_id: 0x7491bf6e6f436cae5795596f6f9ab8cd6ae14829a921e952d02a3bb5fbae3100 validation_json { "sink": "SELFDESTRUCT", "errors": 0, "status": "unknown", "attempts": 8, "trace_id": "0x7491bf6e6f436cae5795596f6f9ab8cd6ae14829a921e952d02a3bb5fbae3100", "confirmed": false, "trace_mode": "structLogs", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x41c0e1b5", "selector": "0x41c0e1b5", "calldata_variants": [ "0x41c0e1b5", "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2a75fe4", "selector": "0xf2a75fe4", "calldata_variants": [ "0xf2a75fe4", "0xf2a75fe40000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf2c298be", "selector": "0xf2c298be", "calldata_variants": [ "0xf2c298be", "0xf2c298be0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf67187ac", "selector": "0xf67187ac", "calldata_variants": [ "0xf67187ac", "0xf67187ac0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 233, "type": "tx_origin_used" }, { "pc": 464, "type": "tx_origin_used" }, { "pc": 617, "type": "tx_origin_used" } ], "selfdestruct_count": 1 }