TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-3026-735e-9c36-fcce77190326

complete
Chain ID
1
Address
0xcb2a524d0285882238a5bc52ee01070f87ed928c
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
2563 artifact.fetch complete 1 / 3 4 months ago
2564 tool.cast_disasm complete 1 / 3 4 months ago
79979 analysis.bundle complete 1 / 3 2 weeks ago
79980 capability.graph complete 1 / 3 2 weeks ago
79981 detector.run complete 1 / 3 2 weeks ago
79982 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
129
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x00
00000007: CALLDATALOAD
00000008: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000026: SWAP1
00000027: DIV
00000028: DUP1
00000029: PUSH4 0x0d7bb5b6
0000002e: EQ
0000002f: PUSH2 0x0039
00000032: JUMPI
00000033: PUSH2 0x0037
00000036: JUMP
00000037: JUMPDEST
00000038: STOP
00000039: JUMPDEST
0000003a: PUSH2 0x0061
0000003d: PUSH1 0x04
0000003f: DUP1
00000040: DUP1
00000041: CALLDATALOAD
00000042: SWAP1
00000043: PUSH1 0x20
00000045: ADD
00000046: SWAP1
00000047: SWAP2
00000048: SWAP1
00000049: DUP1
0000004a: CALLDATALOAD
0000004b: SWAP1
0000004c: PUSH1 0x20
0000004e: ADD
0000004f: SWAP1
00000050: SWAP2
00000051: SWAP1
00000052: DUP1
00000053: CALLDATALOAD
00000054: SWAP1
00000055: PUSH1 0x20
00000057: ADD
00000058: SWAP1
00000059: SWAP2
0000005a: SWAP1
0000005b: POP
0000005c: POP
0000005d: PUSH2 0x0077
00000060: JUMP
00000061: JUMPDEST
00000062: PUSH1 0x40
00000064: MLOAD
00000065: DUP1
00000066: DUP3
00000067: DUP2
00000068: MSTORE
00000069: PUSH1 0x20
0000006b: ADD
0000006c: SWAP2
0000006d: POP
0000006e: POP
0000006f: PUSH1 0x40
00000071: MLOAD
00000072: DUP1
00000073: SWAP2
00000074: SUB
00000075: SWAP1
00000076: RETURN
00000077: JUMPDEST
00000078: PUSH1 0x00
0000007a: PUSH1 0x00
0000007c: PUSH1 0x00
0000007e: SWAP1
0000007f: SLOAD
00000080: SWAP1
00000081: PUSH2 0x0100
00000084: EXP
00000085: SWAP1
00000086: DIV
00000087: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000009c: AND
0000009d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b2: AND
000000b3: CALLER
000000b4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000c9: AND
000000ca: EQ
000000cb: ISZERO
000000cc: PUSH2 0x0108
000000cf: JUMPI
000000d0: DUP4
000000d1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e6: AND
000000e7: DUP4
000000e8: DUP4
000000e9: SWAP1
000000ea: PUSH1 0x40
000000ec: MLOAD
000000ed: DUP1
000000ee: SWAP1
000000ef: POP
000000f0: PUSH1 0x00
000000f2: PUSH1 0x40
000000f4: MLOAD
000000f5: DUP1
000000f6: DUP4
000000f7: SUB
000000f8: DUP2
000000f9: DUP6
000000fa: DUP9
000000fb: DUP9
000000fc: CALL
000000fd: SWAP4
000000fe: POP
000000ff: POP
00000100: POP
00000101: POP
00000102: SWAP1
00000103: POP
00000104: PUSH2 0x0109
00000107: JUMP
00000108: JUMPDEST
00000109: JUMPDEST
0000010a: SWAP4
0000010b: SWAP3
0000010c: POP
0000010d: POP
0000010e: POP
0000010f: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0xbedcf15e7a764baac9977744fcd3294dd4acc62959329e93f8b15429922493df
call_targets: 0xcb2a524d0285882238a5bc52ee01070f87ed928c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xbedcf15e7a764baac9977744fcd3294dd4acc62959329e93f8b15429922493df",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xcb2a524d0285882238a5bc52ee01070f87ed928c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0d7bb5b6",
            "selector": "0x0d7bb5b6",
            "calldata_variants": [
                "0x0d7bb5b6",
                "0x0d7bb5b60000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 252,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 179,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0xbedcf15e7a764baac9977744fcd3294dd4acc62959329e93f8b15429922493df
call_targets: 0xcb2a524d0285882238a5bc52ee01070f87ed928c
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xbedcf15e7a764baac9977744fcd3294dd4acc62959329e93f8b15429922493df",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xcb2a524d0285882238a5bc52ee01070f87ed928c"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x0d7bb5b6",
            "selector": "0x0d7bb5b6",
            "calldata_variants": [
                "0x0d7bb5b6",
                "0x0d7bb5b60000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 252,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 179,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}