Analysis Run

019b3836-39b0-718e-b419-81b3113c811f

complete

Chain ID

1

Address

0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b

Block Number

—

Created

Fri, Dec 19, 2025 8:03 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted CALL target/value reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
4127	artifact.fetch	complete	1 / 3	3 months ago
4128	tool.cast_disasm	complete	1 / 3	3 months ago
105389	analysis.bundle	complete	1 / 3	1 week ago
105390	capability.graph	complete	1 / 3	1 week ago
105391	detector.run	complete	1 / 3	1 week ago
105392	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

1

Total opcodes

483

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0061
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x06900c41
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x007b
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x29652e86
00000025: EQ
00000026: PUSH2 0x007d
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x2df05a3e
00000030: EQ
00000031: PUSH2 0x00de
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x41cc0aa5
0000003b: EQ
0000003c: PUSH2 0x00e7
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x992c15fc
00000046: EQ
00000047: PUSH2 0x00ef
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xcff4d6cd
00000051: EQ
00000052: PUSH2 0x00fe
00000055: JUMPI
00000056: DUP1
00000057: PUSH4 0xdece296f
0000005c: EQ
0000005d: PUSH2 0x0107
00000060: JUMPI
00000061: JUMPDEST
00000062: PUSH2 0x007b
00000065: PUSH1 0x00
00000067: PUSH8 0x8ac7230489e80000
00000070: CALLVALUE
00000071: LT
00000072: ISZERO
00000073: PUSH2 0x010f
00000076: JUMPI
00000077: PUSH2 0x0002
0000007a: JUMP
0000007b: JUMPDEST
0000007c: STOP
0000007d: JUMPDEST
0000007e: PUSH2 0x02d2
00000081: PUSH1 0x04
00000083: CALLDATALOAD
00000084: PUSH1 0x00
00000086: DUP1
00000087: SLOAD
00000088: DUP3
00000089: SWAP1
0000008a: DUP2
0000008b: LT
0000008c: ISZERO
0000008d: PUSH2 0x0002
00000090: JUMPI
00000091: POP
00000092: DUP1
00000093: MSTORE
00000094: PUSH1 0x02
00000096: MUL
00000097: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
000000b8: DUP2
000000b9: ADD
000000ba: SLOAD
000000bb: PUSH1 0x00
000000bd: DUP1
000000be: MLOAD
000000bf: PUSH1 0x20
000000c1: PUSH2 0x02e9
000000c4: DUP4
000000c5: CODECOPY
000000c6: DUP2
000000c7: MLOAD
000000c8: SWAP2
000000c9: MSTORE
000000ca: SWAP2
000000cb: SWAP1
000000cc: SWAP2
000000cd: ADD
000000ce: SLOAD
000000cf: PUSH1 0x01
000000d1: PUSH1 0xa0
000000d3: PUSH1 0x02
000000d5: EXP
000000d6: SUB
000000d7: SWAP2
000000d8: SWAP1
000000d9: SWAP2
000000da: AND
000000db: SWAP1
000000dc: DUP3
000000dd: JUMP
000000de: JUMPDEST
000000df: PUSH2 0x02df
000000e2: PUSH1 0x01
000000e4: SLOAD
000000e5: DUP2
000000e6: JUMP
000000e7: JUMPDEST
000000e8: PUSH2 0x02df
000000eb: PUSH1 0x7d
000000ed: DUP2
000000ee: JUMP
000000ef: JUMPDEST
000000f0: PUSH2 0x02df
000000f3: PUSH8 0x8ac7230489e80000
000000fc: DUP2
000000fd: JUMP
000000fe: JUMPDEST
000000ff: PUSH2 0x02df
00000102: PUSH1 0x02
00000104: SLOAD
00000105: DUP2
00000106: JUMP
00000107: JUMPDEST
00000108: PUSH2 0x02df
0000010b: PUSH1 0x64
0000010d: DUP2
0000010e: JUMP
0000010f: JUMPDEST
00000110: DUP1
00000111: SLOAD
00000112: PUSH1 0x01
00000114: DUP2
00000115: ADD
00000116: DUP1
00000117: DUP4
00000118: SSTORE
00000119: SWAP1
0000011a: SWAP2
0000011b: DUP2
0000011c: DUP4
0000011d: DUP1
0000011e: ISZERO
0000011f: DUP3
00000120: SWAP1
00000121: GT
00000122: PUSH2 0x016e
00000125: JUMPI
00000126: PUSH1 0x02
00000128: MUL
00000129: DUP2
0000012a: PUSH1 0x02
0000012c: MUL
0000012d: DUP4
0000012e: PUSH1 0x00
00000130: MSTORE
00000131: PUSH1 0x20
00000133: PUSH1 0x00
00000135: KECCAK256
00000136: SWAP2
00000137: DUP3
00000138: ADD
00000139: SWAP2
0000013a: ADD
0000013b: PUSH2 0x016e
0000013e: SWAP2
0000013f: SWAP1
00000140: JUMPDEST
00000141: DUP1
00000142: DUP3
00000143: GT
00000144: ISZERO
00000145: PUSH2 0x02cb
00000148: JUMPI
00000149: DUP1
0000014a: SLOAD
0000014b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000160: NOT
00000161: AND
00000162: DUP2
00000163: SSTORE
00000164: PUSH1 0x01
00000166: ADD
00000167: DUP5
00000168: DUP2
00000169: SSTORE
0000016a: PUSH2 0x0140
0000016d: JUMP
0000016e: JUMPDEST
0000016f: POP
00000170: POP
00000171: POP
00000172: POP
00000173: CALLER
00000174: PUSH1 0x00
00000176: PUSH1 0x00
00000178: POP
00000179: DUP3
0000017a: DUP2
0000017b: SLOAD
0000017c: DUP2
0000017d: LT
0000017e: ISZERO
0000017f: PUSH2 0x0002
00000182: JUMPI
00000183: SWAP1
00000184: PUSH1 0x00
00000186: MSTORE
00000187: PUSH1 0x20
00000189: PUSH1 0x00
0000018b: KECCAK256
0000018c: SWAP1
0000018d: PUSH1 0x02
0000018f: MUL
00000190: ADD
00000191: PUSH1 0x00
00000193: POP
00000194: PUSH1 0x00
00000196: ADD
00000197: PUSH1 0x00
00000199: PUSH2 0x0100
0000019c: EXP
0000019d: DUP2
0000019e: SLOAD
0000019f: DUP2
000001a0: PUSH1 0x01
000001a2: PUSH1 0xa0
000001a4: PUSH1 0x02
000001a6: EXP
000001a7: SUB
000001a8: MUL
000001a9: NOT
000001aa: AND
000001ab: SWAP1
000001ac: DUP4
000001ad: MUL
000001ae: OR
000001af: SWAP1
000001b0: SSTORE
000001b1: POP
000001b2: PUSH1 0x64
000001b4: PUSH1 0x7d
000001b6: CALLVALUE
000001b7: MUL
000001b8: DIV
000001b9: PUSH1 0x00
000001bb: PUSH1 0x00
000001bd: POP
000001be: DUP3
000001bf: DUP2
000001c0: SLOAD
000001c1: DUP2
000001c2: LT
000001c3: ISZERO
000001c4: PUSH2 0x0002
000001c7: JUMPI
000001c8: SWAP1
000001c9: PUSH1 0x00
000001cb: MSTORE
000001cc: PUSH1 0x20
000001ce: PUSH1 0x00
000001d0: KECCAK256
000001d1: SWAP1
000001d2: PUSH1 0x02
000001d4: MUL
000001d5: ADD
000001d6: PUSH1 0x00
000001d8: POP
000001d9: PUSH1 0x01
000001db: ADD
000001dc: PUSH1 0x00
000001de: POP
000001df: DUP2
000001e0: SWAP1
000001e1: SSTORE
000001e2: POP
000001e3: JUMPDEST
000001e4: PUSH1 0x01
000001e6: SLOAD
000001e7: PUSH1 0x00
000001e9: DUP1
000001ea: SLOAD
000001eb: ADDRESS
000001ec: PUSH1 0x01
000001ee: PUSH1 0xa0
000001f0: PUSH1 0x02
000001f2: EXP
000001f3: SUB
000001f4: AND
000001f5: BALANCE
000001f6: SWAP3
000001f7: SWAP1
000001f8: DUP2
000001f9: LT
000001fa: ISZERO
000001fb: PUSH2 0x0002
000001fe: JUMPI
000001ff: SWAP1
00000200: DUP1
00000201: MSTORE
00000202: PUSH1 0x02
00000204: MUL
00000205: PUSH1 0x00
00000207: DUP1
00000208: MLOAD
00000209: PUSH1 0x20
0000020b: PUSH2 0x02e9
0000020e: DUP4
0000020f: CODECOPY
00000210: DUP2
00000211: MLOAD
00000212: SWAP2
00000213: MSTORE
00000214: ADD
00000215: SLOAD
00000216: LT
00000217: ISZERO
00000218: PUSH2 0x02cf
0000021b: JUMPI
0000021c: PUSH1 0x01
0000021e: SLOAD
0000021f: PUSH1 0x00
00000221: DUP1
00000222: SLOAD
00000223: SWAP1
00000224: SWAP2
00000225: SWAP1
00000226: DUP2
00000227: LT
00000228: ISZERO
00000229: PUSH2 0x0002
0000022c: JUMPI
0000022d: PUSH1 0x02
0000022f: DUP1
00000230: SLOAD
00000231: SWAP2
00000232: DUP2
00000233: MUL
00000234: PUSH1 0x00
00000236: DUP1
00000237: MLOAD
00000238: PUSH1 0x20
0000023a: PUSH2 0x02e9
0000023d: DUP4
0000023e: CODECOPY
0000023f: DUP2
00000240: MLOAD
00000241: SWAP2
00000242: MSTORE
00000243: ADD
00000244: SLOAD
00000245: SWAP1
00000246: SWAP2
00000247: ADD
00000248: SWAP1
00000249: SSTORE
0000024a: PUSH1 0x01
0000024c: SLOAD
0000024d: DUP2
0000024e: SLOAD
0000024f: DUP2
00000250: LT
00000251: ISZERO
00000252: PUSH2 0x0002
00000255: JUMPI
00000256: PUSH1 0x02
00000258: MUL
00000259: PUSH32 0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563
0000027a: ADD
0000027b: SWAP1
0000027c: PUSH1 0x01
0000027e: SLOAD
0000027f: DUP2
00000280: SLOAD
00000281: SWAP3
00000282: SLOAD
00000283: PUSH1 0x01
00000285: PUSH1 0xa0
00000287: PUSH1 0x02
00000289: EXP
0000028a: SUB
0000028b: AND
0000028c: SWAP3
0000028d: DUP3
0000028e: SWAP2
0000028f: SWAP1
00000290: DUP2
00000291: LT
00000292: ISZERO
00000293: PUSH2 0x0002
00000296: JUMPI
00000297: PUSH1 0x40
00000299: MLOAD
0000029a: PUSH1 0x02
0000029c: SWAP2
0000029d: SWAP1
0000029e: SWAP2
0000029f: MUL
000002a0: PUSH1 0x00
000002a2: DUP1
000002a3: MLOAD
000002a4: PUSH1 0x20
000002a6: PUSH2 0x02e9
000002a9: DUP4
000002aa: CODECOPY
000002ab: DUP2
000002ac: MLOAD
000002ad: SWAP2
000002ae: MSTORE
000002af: ADD
000002b0: SLOAD
000002b1: SWAP2
000002b2: DUP2
000002b3: DUP2
000002b4: DUP2
000002b5: DUP6
000002b6: DUP9
000002b7: DUP4
000002b8: CALL
000002b9: POP
000002ba: POP
000002bb: PUSH1 0x01
000002bd: DUP1
000002be: SLOAD
000002bf: DUP2
000002c0: ADD
000002c1: SWAP1
000002c2: SSTORE
000002c3: POP
000002c4: PUSH2 0x01e3
000002c7: SWAP2
000002c8: POP
000002c9: POP
000002ca: JUMP
000002cb: JUMPDEST
000002cc: POP
000002cd: SWAP1
000002ce: JUMP
000002cf: JUMPDEST
000002d0: POP
000002d1: JUMP
000002d2: JUMPDEST
000002d3: PUSH1 0x60
000002d5: SWAP2
000002d6: DUP3
000002d7: MSTORE
000002d8: PUSH1 0x80
000002da: MSTORE
000002db: PUSH1 0x40
000002dd: SWAP1
000002de: RETURN
000002df: JUMPDEST
000002e0: PUSH1 0x60
000002e2: SWAP1
000002e3: DUP2
000002e4: MSTORE
000002e5: PUSH1 0x20
000002e7: SWAP1
000002e8: RETURN
000002e9: UNKNOWN(0x29)
000002ea: UNKNOWN(0x0D)
000002eb: UNKNOWN(0xEC)
000002ec: UNKNOWN(0xD9)
000002ed: SLOAD
000002ee: DUP12
000002ef: PUSH3 0xa8d603
000002f3: GASLIMIT
000002f4: UNKNOWN(0xA9)
000002f5: DUP9
000002f6: CODESIZE
000002f7: PUSH16 0xc84ba6bc95484008f6362f93160ef3e5
00000308: PUSH5

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	other	detector	Untrusted CALL target/value reachable	60	no	no	view trace_id: 0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068 call_targets: 0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x06900c41", "selector": "0x06900c41", "calldata_variants": [ "0x06900c41", "0x06900c410000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x29652e86", "selector": "0x29652e86", "calldata_variants": [ "0x29652e86", "0x29652e860000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x2df05a3e", "selector": "0x2df05a3e", "calldata_variants": [ "0x2df05a3e", "0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x41cc0aa5", "selector": "0x41cc0aa5", "calldata_variants": [ "0x41cc0aa5", "0x41cc0aa50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x992c15fc", "selector": "0x992c15fc", "calldata_variants": [ "0x992c15fc", "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xcff4d6cd", "selector": "0xcff4d6cd", "calldata_variants": [ "0xcff4d6cd", "0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xdece296f", "selector": "0xdece296f", "calldata_variants": [ "0xdece296f", "0xdece296f0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 696, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [], "untrusted_call_count": 1 }
high	other	detector	ETH value transfer possible	55	no	no	view trace_id: 0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068 call_targets: 0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x06900c41", "selector": "0x06900c41", "calldata_variants": [ "0x06900c41", "0x06900c410000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x29652e86", "selector": "0x29652e86", "calldata_variants": [ "0x29652e86", "0x29652e860000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x2df05a3e", "selector": "0x2df05a3e", "calldata_variants": [ "0x2df05a3e", "0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x41cc0aa5", "selector": "0x41cc0aa5", "calldata_variants": [ "0x41cc0aa5", "0x41cc0aa50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x992c15fc", "selector": "0x992c15fc", "calldata_variants": [ "0x992c15fc", "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xcff4d6cd", "selector": "0xcff4d6cd", "calldata_variants": [ "0xcff4d6cd", "0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xdece296f", "selector": "0xdece296f", "calldata_variants": [ "0xdece296f", "0xdece296f0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 696, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

other

detector

Untrusted CALL target/value reachable

60

no

view

trace_id: 0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068

call_targets: 0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x2cb4676073ed392f3baba4189e7f9237f760be7707288577e4c815a0ed35b068",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x36b5766f8f0b674a2b3dcb7df5fd7a5cb68c073b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x06900c41",
            "selector": "0x06900c41",
            "calldata_variants": [
                "0x06900c41",
                "0x06900c410000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x29652e86",
            "selector": "0x29652e86",
            "calldata_variants": [
                "0x29652e86",
                "0x29652e860000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2df05a3e",
            "selector": "0x2df05a3e",
            "calldata_variants": [
                "0x2df05a3e",
                "0x2df05a3e0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x41cc0aa5",
            "selector": "0x41cc0aa5",
            "calldata_variants": [
                "0x41cc0aa5",
                "0x41cc0aa50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x992c15fc",
            "selector": "0x992c15fc",
            "calldata_variants": [
                "0x992c15fc",
                "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcff4d6cd",
            "selector": "0xcff4d6cd",
            "calldata_variants": [
                "0xcff4d6cd",
                "0xcff4d6cd0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xdece296f",
            "selector": "0xdece296f",
            "calldata_variants": [
                "0xdece296f",
                "0xdece296f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 696,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}