TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-3979-7074-9ab4-6f5965cc881b

complete
Chain ID
1
Address
0xf7070fc72e2b92c6309785a39338d7c919a3cf4a
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
4089 artifact.fetch complete 1 / 3 3 months ago
4090 tool.cast_disasm complete 1 / 3 3 months ago
105453 analysis.bundle complete 1 / 3 1 week ago
105454 capability.graph complete 1 / 3 1 week ago
105455 detector.run complete 1 / 3 1 week ago
105456 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
496
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0061
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x063bde24
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x008d
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x29652e86
00000025: EQ
00000026: PUSH2 0x009c
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x2df05a3e
00000030: EQ
00000031: PUSH2 0x00fd
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x41cc0aa5
0000003b: EQ
0000003c: PUSH2 0x0106
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x992c15fc
00000046: EQ
00000047: PUSH2 0x010e
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xcff4d6cd
00000051: EQ
00000052: PUSH2 0x011d
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xdece296f
0000005c: EQ
0000005d: PUSH2 0x0126
00000060: JUMPI
00000061: JUMPDEST
00000062: PUSH2 0x012e
00000065: PUSH1 0x00
00000067: PUSH8 0x0de0b6b3a7640000
00000070: CALLVALUE
00000071: LT
00000072: DUP1
00000073: PUSH2 0x0083
00000076: JUMPI
00000077: POP
00000078: PUSH8 0x8ac7230489e80000
00000081: CALLVALUE
00000082: GT
00000083: JUMPDEST
00000084: ISZERO
00000085: PUSH2 0x0130
00000088: JUMPI
00000089: PUSH2 0x0002
0000008c: JUMP
0000008d: JUMPDEST
0000008e: PUSH2 0x02f3
00000091: PUSH8 0x8ac7230489e80000
0000009a: DUP2
0000009b: JUMP
0000009c: JUMPDEST
0000009d: PUSH2 0x02fd
000000a0: PUSH1 0x04
000000a2: CALLDATALOAD
000000a3: PUSH1 0x00
000000a5: DUP1
000000a6: SLOAD
000000a7: DUP3
000000a8: SWAP1
000000a9: DUP2
000000aa: LT
000000ab: ISZERO
000000ac: PUSH2 0x0002
000000af: JUMPI
000000b0: POP
000000b1: DUP1
000000b2: MSTORE
000000b3: PUSH1 0x02
000000b5: MUL
000000b6: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
000000d7: DUP2
000000d8: ADD
000000d9: SLOAD
000000da: PUSH1 0x00
000000dc: DUP1
000000dd: MLOAD
000000de: PUSH1 0x20
000000e0: PUSH2 0x030a
000000e3: DUP4
000000e4: CODECOPY
000000e5: DUP2
000000e6: MLOAD
000000e7: SWAP2
000000e8: MSTORE
000000e9: SWAP2
000000ea: SWAP1
000000eb: SWAP2
000000ec: ADD
000000ed: SLOAD
000000ee: PUSH1 0x01
000000f0: PUSH1 0xa0
000000f2: PUSH1 0x02
000000f4: EXP
000000f5: SUB
000000f6: SWAP2
000000f7: SWAP1
000000f8: SWAP2
000000f9: AND
000000fa: SWAP1
000000fb: DUP3
000000fc: JUMP
000000fd: JUMPDEST
000000fe: PUSH2 0x02f3
00000101: PUSH1 0x01
00000103: SLOAD
00000104: DUP2
00000105: JUMP
00000106: JUMPDEST
00000107: PUSH2 0x02f3
0000010a: PUSH1 0x6e
0000010c: DUP2
0000010d: JUMP
0000010e: JUMPDEST
0000010f: PUSH2 0x02f3
00000112: PUSH8 0x0de0b6b3a7640000
0000011b: DUP2
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH2 0x02f3
00000121: PUSH1 0x02
00000123: SLOAD
00000124: DUP2
00000125: JUMP
00000126: JUMPDEST
00000127: PUSH2 0x02f3
0000012a: PUSH1 0x64
0000012c: DUP2
0000012d: JUMP
0000012e: JUMPDEST
0000012f: STOP
00000130: JUMPDEST
00000131: DUP1
00000132: SLOAD
00000133: PUSH1 0x01
00000135: DUP2
00000136: ADD
00000137: DUP1
00000138: DUP4
00000139: SSTORE
0000013a: SWAP1
0000013b: SWAP2
0000013c: DUP2
0000013d: DUP4
0000013e: DUP1
0000013f: ISZERO
00000140: DUP3
00000141: SWAP1
00000142: GT
00000143: PUSH2 0x018f
00000146: JUMPI
00000147: PUSH1 0x02
00000149: MUL
0000014a: DUP2
0000014b: PUSH1 0x02
0000014d: MUL
0000014e: DUP4
0000014f: PUSH1 0x00
00000151: MSTORE
00000152: PUSH1 0x20
00000154: PUSH1 0x00
00000156: KECCAK256
00000157: SWAP2
00000158: DUP3
00000159: ADD
0000015a: SWAP2
0000015b: ADD
0000015c: PUSH2 0x018f
0000015f: SWAP2
00000160: SWAP1
00000161: JUMPDEST
00000162: DUP1
00000163: DUP3
00000164: GT
00000165: ISZERO
00000166: PUSH2 0x02ec
00000169: JUMPI
0000016a: DUP1
0000016b: SLOAD
0000016c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000181: NOT
00000182: AND
00000183: DUP2
00000184: SSTORE
00000185: PUSH1 0x01
00000187: ADD
00000188: DUP5
00000189: DUP2
0000018a: SSTORE
0000018b: PUSH2 0x0161
0000018e: JUMP
0000018f: JUMPDEST
00000190: POP
00000191: POP
00000192: POP
00000193: POP
00000194: CALLER
00000195: PUSH1 0x00
00000197: PUSH1 0x00
00000199: POP
0000019a: DUP3
0000019b: DUP2
0000019c: SLOAD
0000019d: DUP2
0000019e: LT
0000019f: ISZERO
000001a0: PUSH2 0x0002
000001a3: JUMPI
000001a4: SWAP1
000001a5: PUSH1 0x00
000001a7: MSTORE
000001a8: PUSH1 0x20
000001aa: PUSH1 0x00
000001ac: KECCAK256
000001ad: SWAP1
000001ae: PUSH1 0x02
000001b0: MUL
000001b1: ADD
000001b2: PUSH1 0x00
000001b4: POP
000001b5: PUSH1 0x00
000001b7: ADD
000001b8: PUSH1 0x00
000001ba: PUSH2 0x0100
000001bd: EXP
000001be: DUP2
000001bf: SLOAD
000001c0: DUP2
000001c1: PUSH1 0x01
000001c3: PUSH1 0xa0
000001c5: PUSH1 0x02
000001c7: EXP
000001c8: SUB
000001c9: MUL
000001ca: NOT
000001cb: AND
000001cc: SWAP1
000001cd: DUP4
000001ce: MUL
000001cf: OR
000001d0: SWAP1
000001d1: SSTORE
000001d2: POP
000001d3: PUSH1 0x64
000001d5: PUSH1 0x6e
000001d7: CALLVALUE
000001d8: MUL
000001d9: DIV
000001da: PUSH1 0x00
000001dc: PUSH1 0x00
000001de: POP
000001df: DUP3
000001e0: DUP2
000001e1: SLOAD
000001e2: DUP2
000001e3: LT
000001e4: ISZERO
000001e5: PUSH2 0x0002
000001e8: JUMPI
000001e9: SWAP1
000001ea: PUSH1 0x00
000001ec: MSTORE
000001ed: PUSH1 0x20
000001ef: PUSH1 0x00
000001f1: KECCAK256
000001f2: SWAP1
000001f3: PUSH1 0x02
000001f5: MUL
000001f6: ADD
000001f7: PUSH1 0x00
000001f9: POP
000001fa: PUSH1 0x01
000001fc: ADD
000001fd: PUSH1 0x00
000001ff: POP
00000200: DUP2
00000201: SWAP1
00000202: SSTORE
00000203: POP
00000204: JUMPDEST
00000205: PUSH1 0x01
00000207: SLOAD
00000208: PUSH1 0x00
0000020a: DUP1
0000020b: SLOAD
0000020c: ADDRESS
0000020d: PUSH1 0x01
0000020f: PUSH1 0xa0
00000211: PUSH1 0x02
00000213: EXP
00000214: SUB
00000215: AND
00000216: BALANCE
00000217: SWAP3
00000218: SWAP1
00000219: DUP2
0000021a: LT
0000021b: ISZERO
0000021c: PUSH2 0x0002
0000021f: JUMPI
00000220: SWAP1
00000221: DUP1
00000222: MSTORE
00000223: PUSH1 0x02
00000225: MUL
00000226: PUSH1 0x00
00000228: DUP1
00000229: MLOAD
0000022a: PUSH1 0x20
0000022c: PUSH2 0x030a
0000022f: DUP4
00000230: CODECOPY
00000231: DUP2
00000232: MLOAD
00000233: SWAP2
00000234: MSTORE
00000235: ADD
00000236: SLOAD
00000237: LT
00000238: ISZERO
00000239: PUSH2 0x02f0
0000023c: JUMPI
0000023d: PUSH1 0x01
0000023f: SLOAD
00000240: PUSH1 0x00
00000242: DUP1
00000243: SLOAD
00000244: SWAP1
00000245: SWAP2
00000246: SWAP1
00000247: DUP2
00000248: LT
00000249: ISZERO
0000024a: PUSH2 0x0002
0000024d: JUMPI
0000024e: PUSH1 0x02
00000250: DUP1
00000251: SLOAD
00000252: SWAP2
00000253: DUP2
00000254: MUL
00000255: PUSH1 0x00
00000257: DUP1
00000258: MLOAD
00000259: PUSH1 0x20
0000025b: PUSH2 0x030a
0000025e: DUP4
0000025f: CODECOPY
00000260: DUP2
00000261: MLOAD
00000262: SWAP2
00000263: MSTORE
00000264: ADD
00000265: SLOAD
00000266: SWAP1
00000267: SWAP2
00000268: ADD
00000269: SWAP1
0000026a: SSTORE
0000026b: PUSH1 0x01
0000026d: SLOAD
0000026e: DUP2
0000026f: SLOAD
00000270: DUP2
00000271: LT
00000272: ISZERO
00000273: PUSH2 0x0002
00000276: JUMPI
00000277: PUSH1 0x02
00000279: MUL
0000027a: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
0000029b: ADD
0000029c: SWAP1
0000029d: PUSH1 0x01
0000029f: SLOAD
000002a0: DUP2
000002a1: SLOAD
000002a2: SWAP3
000002a3: SLOAD
000002a4: PUSH1 0x01
000002a6: PUSH1 0xa0
000002a8: PUSH1 0x02
000002aa: EXP
000002ab: SUB
000002ac: AND
000002ad: SWAP3
000002ae: DUP3
000002af: SWAP2
000002b0: SWAP1
000002b1: DUP2
000002b2: LT
000002b3: ISZERO
000002b4: PUSH2 0x0002
000002b7: JUMPI
000002b8: PUSH1 0x40
000002ba: MLOAD
000002bb: PUSH1 0x02
000002bd: SWAP2
000002be: SWAP1
000002bf: SWAP2
000002c0: MUL
000002c1: PUSH1 0x00
000002c3: DUP1
000002c4: MLOAD
000002c5: PUSH1 0x20
000002c7: PUSH2 0x030a
000002ca: DUP4
000002cb: CODECOPY
000002cc: DUP2
000002cd: MLOAD
000002ce: SWAP2
000002cf: MSTORE
000002d0: ADD
000002d1: SLOAD
000002d2: SWAP2
000002d3: DUP2
000002d4: DUP2
000002d5: DUP2
000002d6: DUP6
000002d7: DUP9
000002d8: DUP4
000002d9: CALL
000002da: POP
000002db: POP
000002dc: PUSH1 0x01
000002de: DUP1
000002df: SLOAD
000002e0: DUP2
000002e1: ADD
000002e2: SWAP1
000002e3: SSTORE
000002e4: POP
000002e5: PUSH2 0x0204
000002e8: SWAP2
000002e9: POP
000002ea: POP
000002eb: JUMP
000002ec: JUMPDEST
000002ed: POP
000002ee: SWAP1
000002ef: JUMP
000002f0: JUMPDEST
000002f1: POP
000002f2: JUMP
000002f3: JUMPDEST
000002f4: PUSH1 0x60
000002f6: SWAP1
000002f7: DUP2
000002f8: MSTORE
000002f9: PUSH1 0x20
000002fb: SWAP1
000002fc: RETURN
000002fd: JUMPDEST
000002fe: PUSH1 0x60
00000300: SWAP2
00000301: DUP3
00000302: MSTORE
00000303: PUSH1 0x80
00000305: MSTORE
00000306: PUSH1 0x40
00000308: SWAP1
00000309: RETURN
0000030a: UNKNOWN(0x29)
0000030b: UNKNOWN(0x0D)
0000030c: UNKNOWN(0xEC)
0000030d: UNKNOWN(0xD9)
0000030e: SLOAD
0000030f: DUP12
00000310: PUSH3 0xa8d603
00000314: GASLIMIT
00000315: UNKNOWN(0xA9)
00000316: DUP9
00000317: CODESIZE
00000318: PUSH16 0xc84ba6bc95484008f6362f93160ef3e5
00000329: PUSH5
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x5a7900cdbb22e6b82671875411e37df288debb9a6e0d15359641a930d1557fe1
call_targets: 0xf7070fc72e2b92c6309785a39338d7c919a3cf4a
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x5a7900cdbb22e6b82671875411e37df288debb9a6e0d15359641a930d1557fe1",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xf7070fc72e2b92c6309785a39338d7c919a3cf4a"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x063bde24",
            "selector": "0x063bde24",
            "calldata_variants": [
                "0x063bde24",
                "0x063bde240000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x29652e86",
            "selector": "0x29652e86",
            "calldata_variants": [
                "0x29652e86",
                "0x29652e860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2df05a3e",
            "selector": "0x2df05a3e",
            "calldata_variants": [
                "0x2df05a3e",
                "0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41cc0aa5",
            "selector": "0x41cc0aa5",
            "calldata_variants": [
                "0x41cc0aa5",
                "0x41cc0aa50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x992c15fc",
            "selector": "0x992c15fc",
            "calldata_variants": [
                "0x992c15fc",
                "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcff4d6cd",
            "selector": "0xcff4d6cd",
            "calldata_variants": [
                "0xcff4d6cd",
                "0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xdece296f",
            "selector": "0xdece296f",
            "calldata_variants": [
                "0xdece296f",
                "0xdece296f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 729,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x5a7900cdbb22e6b82671875411e37df288debb9a6e0d15359641a930d1557fe1
call_targets: 0xf7070fc72e2b92c6309785a39338d7c919a3cf4a
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x5a7900cdbb22e6b82671875411e37df288debb9a6e0d15359641a930d1557fe1",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xf7070fc72e2b92c6309785a39338d7c919a3cf4a"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x063bde24",
            "selector": "0x063bde24",
            "calldata_variants": [
                "0x063bde24",
                "0x063bde240000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x29652e86",
            "selector": "0x29652e86",
            "calldata_variants": [
                "0x29652e86",
                "0x29652e860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2df05a3e",
            "selector": "0x2df05a3e",
            "calldata_variants": [
                "0x2df05a3e",
                "0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41cc0aa5",
            "selector": "0x41cc0aa5",
            "calldata_variants": [
                "0x41cc0aa5",
                "0x41cc0aa50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x992c15fc",
            "selector": "0x992c15fc",
            "calldata_variants": [
                "0x992c15fc",
                "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcff4d6cd",
            "selector": "0xcff4d6cd",
            "calldata_variants": [
                "0xcff4d6cd",
                "0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xdece296f",
            "selector": "0xdece296f",
            "calldata_variants": [
                "0xdece296f",
                "0xdece296f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 729,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}