TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-3912-7100-8d9c-1978c8dc38fa

complete
Chain ID
1
Address
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
ETH value transfer possible
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
4023 artifact.fetch complete 1 / 3 4 months ago
4024 tool.cast_disasm complete 1 / 3 4 months ago
80327 analysis.bundle complete 1 / 3 2 weeks ago
80328 capability.graph complete 1 / 3 2 weeks ago
80329 detector.run complete 1 / 3 2 weeks ago
80330 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
0
Total opcodes
426
Flags
No heuristic flags raised.
View cast disassembly output
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0040
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0xa0bc572b
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x004b
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0xad7a672f
00000025: EQ
00000026: PUSH2 0x00be
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0xb69ef8a8
00000030: EQ
00000031: PUSH2 0x00c7
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0xe97dcb62
0000003b: EQ
0000003c: PUSH2 0x00d0
0000003f: JUMPI
00000040: JUMPDEST
00000041: PUSH2 0x010c
00000044: PUSH2 0x010e
00000047: PUSH2 0x00d4
0000004a: JUMP
0000004b: JUMPDEST
0000004c: PUSH2 0x0110
0000004f: PUSH1 0x04
00000051: CALLDATALOAD
00000052: PUSH1 0x00
00000054: DUP1
00000055: SLOAD
00000056: DUP3
00000057: SWAP1
00000058: DUP2
00000059: LT
0000005a: ISZERO
0000005b: PUSH2 0x0002
0000005e: JUMPI
0000005f: POP
00000060: DUP1
00000061: MSTORE
00000062: PUSH1 0x02
00000064: MUL
00000065: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
00000086: DUP2
00000087: ADD
00000088: SLOAD
00000089: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e564
000000aa: SWAP2
000000ab: SWAP1
000000ac: SWAP2
000000ad: ADD
000000ae: SLOAD
000000af: PUSH1 0x01
000000b1: PUSH1 0xa0
000000b3: PUSH1 0x02
000000b5: EXP
000000b6: SUB
000000b7: SWAP2
000000b8: SWAP1
000000b9: SWAP2
000000ba: AND
000000bb: SWAP1
000000bc: DUP3
000000bd: JUMP
000000be: JUMPDEST
000000bf: PUSH2 0x0136
000000c2: PUSH1 0x02
000000c4: SLOAD
000000c5: DUP2
000000c6: JUMP
000000c7: JUMPDEST
000000c8: PUSH2 0x0136
000000cb: PUSH1 0x01
000000cd: SLOAD
000000ce: DUP2
000000cf: JUMP
000000d0: JUMPDEST
000000d1: PUSH2 0x010c
000000d4: JUMPDEST
000000d5: PUSH1 0x00
000000d7: DUP1
000000d8: DUP1
000000d9: PUSH8 0x0de0b6b3a7640000
000000e2: CALLVALUE
000000e3: EQ
000000e4: PUSH2 0x0156
000000e7: JUMPI
000000e8: PUSH1 0x40
000000ea: MLOAD
000000eb: PUSH1 0x01
000000ed: PUSH1 0xa0
000000ef: PUSH1 0x02
000000f1: EXP
000000f2: SUB
000000f3: CALLER
000000f4: AND
000000f5: SWAP1
000000f6: DUP3
000000f7: SWAP1
000000f8: CALLVALUE
000000f9: SWAP1
000000fa: DUP3
000000fb: DUP2
000000fc: DUP2
000000fd: DUP2
000000fe: DUP6
000000ff: DUP9
00000100: DUP4
00000101: CALL
00000102: SWAP4
00000103: POP
00000104: POP
00000105: POP
00000106: POP
00000107: POP
00000108: PUSH2 0x0151
0000010b: JUMP
0000010c: JUMPDEST
0000010d: STOP
0000010e: JUMPDEST
0000010f: JUMP
00000110: JUMPDEST
00000111: PUSH1 0x40
00000113: MLOAD
00000114: DUP1
00000115: DUP4
00000116: PUSH1 0x01
00000118: PUSH1 0xa0
0000011a: PUSH1 0x02
0000011c: EXP
0000011d: SUB
0000011e: AND
0000011f: DUP2
00000120: MSTORE
00000121: PUSH1 0x20
00000123: ADD
00000124: DUP3
00000125: DUP2
00000126: MSTORE
00000127: PUSH1 0x20
00000129: ADD
0000012a: SWAP3
0000012b: POP
0000012c: POP
0000012d: POP
0000012e: PUSH1 0x40
00000130: MLOAD
00000131: DUP1
00000132: SWAP2
00000133: SUB
00000134: SWAP1
00000135: RETURN
00000136: JUMPDEST
00000137: PUSH1 0x40
00000139: DUP1
0000013a: MLOAD
0000013b: SWAP2
0000013c: DUP3
0000013d: MSTORE
0000013e: MLOAD
0000013f: SWAP1
00000140: DUP2
00000141: SWAP1
00000142: SUB
00000143: PUSH1 0x20
00000145: ADD
00000146: SWAP1
00000147: RETURN
00000148: JUMPDEST
00000149: PUSH1 0x02
0000014b: DUP1
0000014c: SLOAD
0000014d: CALLVALUE
0000014e: ADD
0000014f: SWAP1
00000150: SSTORE
00000151: JUMPDEST
00000152: POP
00000153: POP
00000154: POP
00000155: JUMP
00000156: JUMPDEST
00000157: POP
00000158: POP
00000159: PUSH1 0x00
0000015b: DUP1
0000015c: SLOAD
0000015d: PUSH1 0x01
0000015f: DUP2
00000160: ADD
00000161: DUP1
00000162: DUP4
00000163: SSTORE
00000164: DUP3
00000165: DUP2
00000166: DUP4
00000167: DUP1
00000168: ISZERO
00000169: DUP3
0000016a: SWAP1
0000016b: GT
0000016c: PUSH2 0x01bd
0000016f: JUMPI
00000170: PUSH1 0x02
00000172: MUL
00000173: DUP2
00000174: PUSH1 0x02
00000176: MUL
00000177: DUP4
00000178: PUSH1 0x00
0000017a: MSTORE
0000017b: PUSH1 0x20
0000017d: PUSH1 0x00
0000017f: KECCAK256
00000180: SWAP2
00000181: DUP3
00000182: ADD
00000183: SWAP2
00000184: ADD
00000185: PUSH2 0x01bd
00000188: SWAP2
00000189: SWAP1
0000018a: JUMPDEST
0000018b: DUP1
0000018c: DUP3
0000018d: GT
0000018e: ISZERO
0000018f: PUSH2 0x030b
00000192: JUMPI
00000193: DUP1
00000194: SLOAD
00000195: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001aa: NOT
000001ab: AND
000001ac: DUP2
000001ad: SSTORE
000001ae: PUSH1 0x00
000001b0: PUSH1 0x01
000001b2: SWAP2
000001b3: SWAP1
000001b4: SWAP2
000001b5: ADD
000001b6: SWAP1
000001b7: DUP2
000001b8: SSTORE
000001b9: PUSH2 0x018a
000001bc: JUMP
000001bd: JUMPDEST
000001be: POP
000001bf: POP
000001c0: POP
000001c1: POP
000001c2: CALLER
000001c3: PUSH1 0x00
000001c5: PUSH1 0x00
000001c7: POP
000001c8: DUP3
000001c9: DUP2
000001ca: SLOAD
000001cb: DUP2
000001cc: LT
000001cd: ISZERO
000001ce: PUSH2 0x0002
000001d1: JUMPI
000001d2: DUP2
000001d3: DUP1
000001d4: MSTORE
000001d5: PUSH1 0x02
000001d7: MUL
000001d8: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
000001f9: ADD
000001fa: DUP1
000001fb: SLOAD
000001fc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000211: NOT
00000212: AND
00000213: SWAP1
00000214: SWAP3
00000215: OR
00000216: SWAP1
00000217: SWAP2
00000218: SSTORE
00000219: DUP1
0000021a: SLOAD
0000021b: CALLVALUE
0000021c: SWAP2
0000021d: SWAP1
0000021e: DUP4
0000021f: SWAP1
00000220: DUP2
00000221: LT
00000222: ISZERO
00000223: PUSH2 0x0002
00000226: JUMPI
00000227: PUSH1 0x02
00000229: MUL
0000022a: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e564
0000024b: ADD
0000024c: DUP3
0000024d: SWAP1
0000024e: SSTORE
0000024f: POP
00000250: PUSH1 0x01
00000252: DUP1
00000253: SLOAD
00000254: SWAP1
00000255: SWAP2
00000256: ADD
00000257: SWAP1
00000258: SSTORE
00000259: JUMPDEST
0000025a: DUP1
0000025b: DUP3
0000025c: LT
0000025d: ISZERO
0000025e: PUSH2 0x0148
00000261: JUMPI
00000262: PUSH1 0x02
00000264: SLOAD
00000265: PUSH1 0x00
00000267: DUP1
00000268: SLOAD
00000269: DUP5
0000026a: SWAP1
0000026b: DUP2
0000026c: LT
0000026d: ISZERO
0000026e: PUSH2 0x0002
00000271: JUMPI
00000272: DUP2
00000273: DUP1
00000274: MSTORE
00000275: DUP2
00000276: SLOAD
00000277: PUSH1 0x02
00000279: SWAP2
0000027a: SWAP1
0000027b: SWAP2
0000027c: MUL
0000027d: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e564
0000029e: ADD
0000029f: SLOAD
000002a0: CALLVALUE
000002a1: MUL
000002a2: SWAP3
000002a3: SWAP1
000002a4: SWAP3
000002a5: DIV
000002a6: SWAP5
000002a7: POP
000002a8: SWAP1
000002a9: DUP4
000002aa: SWAP1
000002ab: DUP2
000002ac: LT
000002ad: ISZERO
000002ae: PUSH2 0x0002
000002b1: JUMPI
000002b2: PUSH1 0x40
000002b4: MLOAD
000002b5: PUSH1 0x02
000002b7: SWAP2
000002b8: SWAP1
000002b9: SWAP2
000002ba: MUL
000002bb: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
000002dc: ADD
000002dd: SLOAD
000002de: PUSH1 0x01
000002e0: PUSH1 0xa0
000002e2: PUSH1 0x02
000002e4: EXP
000002e5: SUB
000002e6: AND
000002e7: SWAP2
000002e8: SWAP1
000002e9: DUP6
000002ea: SWAP1
000002eb: DUP3
000002ec: DUP2
000002ed: DUP2
000002ee: DUP2
000002ef: DUP6
000002f0: DUP9
000002f1: DUP4
000002f2: CALL
000002f3: POP
000002f4: POP
000002f5: PUSH1 0x01
000002f7: DUP1
000002f8: SLOAD
000002f9: SWAP2
000002fa: SWAP1
000002fb: SWAP2
000002fc: SUB
000002fd: DUP2
000002fe: SSTORE
000002ff: SWAP4
00000300: SWAP1
00000301: SWAP4
00000302: ADD
00000303: SWAP3
00000304: POP
00000305: PUSH2 0x0259
00000308: SWAP1
00000309: POP
0000030a: JUMP
0000030b: JUMPDEST
0000030c: POP
0000030d: SWAP1
0000030e: JUMP
View stderr
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x358997fe44c99ef5cce57989248fd3bed1725c7a39ddfd93c03bb2eaf429ab08
call_targets: 0x3325439082ff8ba7371dfdaa1af297bbfcac21b2
target_varies: no
classification: constant_target
validation_json
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x358997fe44c99ef5cce57989248fd3bed1725c7a39ddfd93c03bb2eaf429ab08",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3325439082ff8ba7371dfdaa1af297bbfcac21b2"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xa0bc572b",
            "selector": "0xa0bc572b",
            "calldata_variants": [
                "0xa0bc572b",
                "0xa0bc572b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xad7a672f",
            "selector": "0xad7a672f",
            "calldata_variants": [
                "0xad7a672f",
                "0xad7a672f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb69ef8a8",
            "selector": "0xb69ef8a8",
            "calldata_variants": [
                "0xb69ef8a8",
                "0xb69ef8a80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe97dcb62",
            "selector": "0xe97dcb62",
            "calldata_variants": [
                "0xe97dcb62",
                "0xe97dcb620000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json
{
    "examples": [
        {
            "pc": 257,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 754,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x358997fe44c99ef5cce57989248fd3bed1725c7a39ddfd93c03bb2eaf429ab08
call_targets: 0x3325439082ff8ba7371dfdaa1af297bbfcac21b2
target_varies: no
classification: constant_target
validation_json
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x358997fe44c99ef5cce57989248fd3bed1725c7a39ddfd93c03bb2eaf429ab08",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3325439082ff8ba7371dfdaa1af297bbfcac21b2"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xa0bc572b",
            "selector": "0xa0bc572b",
            "calldata_variants": [
                "0xa0bc572b",
                "0xa0bc572b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xad7a672f",
            "selector": "0xad7a672f",
            "calldata_variants": [
                "0xad7a672f",
                "0xad7a672f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb69ef8a8",
            "selector": "0xb69ef8a8",
            "calldata_variants": [
                "0xb69ef8a8",
                "0xb69ef8a80000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe97dcb62",
            "selector": "0xe97dcb62",
            "calldata_variants": [
                "0xe97dcb62",
                "0xe97dcb620000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json
{
    "examples": [
        {
            "pc": 257,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 754,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}