TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-32e7-73eb-92f3-d6d063973b3b

complete
Chain ID
1
Address
0x3612182c032f3b059340c3b808d67c32b58003b1
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Authorization based on tx.origin
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
3025 artifact.fetch complete 1 / 3 4 months ago
3026 tool.cast_disasm complete 1 / 3 4 months ago
79727 analysis.bundle complete 1 / 3 2 weeks ago
79728 capability.graph complete 1 / 3 2 weeks ago
79729 detector.run complete 1 / 3 2 weeks ago
79730 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
1
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
213
Flags
selfdestruct_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0048
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: DUP1
0000002f: PUSH4 0x41c0e1b5
00000034: EQ
00000035: PUSH2 0x00d2
00000038: JUMPI
00000039: DUP1
0000003a: PUSH4 0xf3fef3a3
0000003f: EQ
00000040: PUSH2 0x00e1
00000043: JUMPI
00000044: PUSH2 0x0048
00000047: JUMP
00000048: JUMPDEST
00000049: PUSH2 0x00d0
0000004c: JUMPDEST
0000004d: PUSH1 0x00
0000004f: CALLVALUE
00000050: EQ
00000051: ISZERO
00000052: PUSH2 0x005a
00000055: JUMPI
00000056: PUSH2 0x0002
00000059: JUMP
0000005a: JUMPDEST
0000005b: PUSH32 0x1a94a36e8382af1ec4739c994a1fab6da8e0805e69156343f30ad0c242750473
0000007c: ORIGIN
0000007d: CALLER
0000007e: CALLVALUE
0000007f: PUSH1 0x40
00000081: MLOAD
00000082: DUP1
00000083: DUP5
00000084: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000099: AND
0000009a: DUP2
0000009b: MSTORE
0000009c: PUSH1 0x20
0000009e: ADD
0000009f: DUP4
000000a0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b5: AND
000000b6: DUP2
000000b7: MSTORE
000000b8: PUSH1 0x20
000000ba: ADD
000000bb: DUP3
000000bc: DUP2
000000bd: MSTORE
000000be: PUSH1 0x20
000000c0: ADD
000000c1: SWAP4
000000c2: POP
000000c3: POP
000000c4: POP
000000c5: POP
000000c6: PUSH1 0x40
000000c8: MLOAD
000000c9: DUP1
000000ca: SWAP2
000000cb: SUB
000000cc: SWAP1
000000cd: LOG1
000000ce: JUMPDEST
000000cf: JUMP
000000d0: JUMPDEST
000000d1: STOP
000000d2: JUMPDEST
000000d3: PUSH2 0x00df
000000d6: PUSH1 0x04
000000d8: DUP1
000000d9: POP
000000da: POP
000000db: PUSH2 0x01a0
000000de: JUMP
000000df: JUMPDEST
000000e0: STOP
000000e1: JUMPDEST
000000e2: PUSH2 0x0100
000000e5: PUSH1 0x04
000000e7: DUP1
000000e8: DUP1
000000e9: CALLDATALOAD
000000ea: SWAP1
000000eb: PUSH1 0x20
000000ed: ADD
000000ee: SWAP1
000000ef: SWAP2
000000f0: SWAP1
000000f1: DUP1
000000f2: CALLDATALOAD
000000f3: SWAP1
000000f4: PUSH1 0x20
000000f6: ADD
000000f7: SWAP1
000000f8: SWAP2
000000f9: SWAP1
000000fa: POP
000000fb: POP
000000fc: PUSH2 0x0102
000000ff: JUMP
00000100: JUMPDEST
00000101: STOP
00000102: JUMPDEST
00000103: PUSH1 0x00
00000105: PUSH1 0x00
00000107: SWAP1
00000108: SLOAD
00000109: SWAP1
0000010a: PUSH2 0x0100
0000010d: EXP
0000010e: SWAP1
0000010f: DIV
00000110: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000125: AND
00000126: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000013b: AND
0000013c: CALLER
0000013d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000152: AND
00000153: EQ
00000154: ISZERO
00000155: ISZERO
00000156: PUSH2 0x015e
00000159: JUMPI
0000015a: PUSH2 0x0002
0000015d: JUMP
0000015e: JUMPDEST
0000015f: DUP2
00000160: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000175: AND
00000176: PUSH1 0x00
00000178: PUSH8 0x0de0b6b3a7640000
00000181: DUP4
00000182: MUL
00000183: PUSH1 0x40
00000185: MLOAD
00000186: DUP1
00000187: SWAP1
00000188: POP
00000189: PUSH1 0x00
0000018b: PUSH1 0x40
0000018d: MLOAD
0000018e: DUP1
0000018f: DUP4
00000190: SUB
00000191: DUP2
00000192: DUP6
00000193: DUP9
00000194: DUP9
00000195: CALL
00000196: SWAP4
00000197: POP
00000198: POP
00000199: POP
0000019a: POP
0000019b: POP
0000019c: JUMPDEST
0000019d: POP
0000019e: POP
0000019f: JUMP
000001a0: JUMPDEST
000001a1: PUSH1 0x00
000001a3: PUSH1 0x00
000001a5: SWAP1
000001a6: SLOAD
000001a7: SWAP1
000001a8: PUSH2 0x0100
000001ab: EXP
000001ac: SWAP1
000001ad: DIV
000001ae: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001c3: AND
000001c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d9: AND
000001da: CALLER
000001db: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001f0: AND
000001f1: EQ
000001f2: ISZERO
000001f3: ISZERO
000001f4: PUSH2 0x01fc
000001f7: JUMPI
000001f8: PUSH2 0x0002
000001fb: JUMP
000001fc: JUMPDEST
000001fd: PUSH1 0x00
000001ff: PUSH1 0x00
00000201: SWAP1
00000202: SLOAD
00000203: SWAP1
00000204: PUSH2 0x0100
00000207: EXP
00000208: SWAP1
00000209: DIV
0000020a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000021f: AND
00000220: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000235: AND
00000236: SELFDESTRUCT
00000237: JUMPDEST
00000238: JUMP
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 124,
            "type": "tx_origin_used"
        },
        {
            "pc": 316,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 474,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x588113b601c990a216bf31ff1f1cb58a4cb8a831a420be1618e23795ab66da7d
call_targets: 0x3612182c032f3b059340c3b808d67c32b58003b1
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x588113b601c990a216bf31ff1f1cb58a4cb8a831a420be1618e23795ab66da7d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3612182c032f3b059340c3b808d67c32b58003b1"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 405,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 124,
            "type": "tx_origin_used"
        },
        {
            "pc": 316,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 474,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x588113b601c990a216bf31ff1f1cb58a4cb8a831a420be1618e23795ab66da7d
call_targets: 0x3612182c032f3b059340c3b808d67c32b58003b1
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x588113b601c990a216bf31ff1f1cb58a4cb8a831a420be1618e23795ab66da7d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3612182c032f3b059340c3b808d67c32b58003b1"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 405,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 124,
            "type": "tx_origin_used"
        },
        {
            "pc": 316,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 474,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ]
}
medium other detector SELFDESTRUCT reachable 45 no no
view
trace_id: 0x5a69f605984d5bd0b76d558f066e6203489791c01ffc2c09c1d7ab1f72a37416
validation_json 
{
    "sink": "SELFDESTRUCT",
    "errors": 0,
    "status": "unknown",
    "attempts": 4,
    "trace_id": "0x5a69f605984d5bd0b76d558f066e6203489791c01ffc2c09c1d7ab1f72a37416",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x41c0e1b5",
            "selector": "0x41c0e1b5",
            "calldata_variants": [
                "0x41c0e1b5",
                "0x41c0e1b50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 124,
            "type": "tx_origin_used"
        },
        {
            "pc": 316,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 474,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "selfdestruct_count": 1
}