TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3836-3ce1-7357-84d2-1d64740fffdd

complete
Chain ID
1
Address
0x3d5894b6801221bf296a2ac2d6ccf5ea09ce399a
Block Number
Created
Fri, Dec 19, 2025 8:03 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
4633 artifact.fetch complete 1 / 3 4 months ago
4634 tool.cast_disasm complete 1 / 3 4 months ago
48144 analysis.bundle complete 1 / 3 2 weeks ago
48145 capability.graph complete 1 / 3 2 weeks ago
48146 detector.run complete 1 / 3 2 weeks ago
48147 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
4
EXT*/BALANCE
1
Total opcodes
550
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0035
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x774ca7f2
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x004f
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x992c15fc
00000025: EQ
00000026: PUSH2 0x0058
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0xc1e77c4a
00000030: EQ
00000031: PUSH2 0x0067
00000034: JUMPI
00000035: JUMPDEST
00000036: PUSH2 0x00c9
00000039: PUSH1 0x00
0000003b: PUSH8 0x016345785d8a0000
00000044: CALLVALUE
00000045: LT
00000046: ISZERO
00000047: PUSH2 0x00cb
0000004a: JUMPI
0000004b: PUSH2 0x0002
0000004e: JUMP
0000004f: JUMPDEST
00000050: PUSH2 0x0296
00000053: PUSH1 0x03
00000055: SLOAD
00000056: DUP2
00000057: JUMP
00000058: JUMPDEST
00000059: PUSH2 0x0296
0000005c: PUSH8 0x016345785d8a0000
00000065: DUP2
00000066: JUMP
00000067: JUMPDEST
00000068: PUSH2 0x02a8
0000006b: PUSH1 0x04
0000006d: CALLDATALOAD
0000006e: PUSH1 0x02
00000070: DUP1
00000071: SLOAD
00000072: DUP3
00000073: SWAP1
00000074: DUP2
00000075: LT
00000076: ISZERO
00000077: PUSH2 0x0002
0000007a: JUMPI
0000007b: POP
0000007c: PUSH1 0x00
0000007e: DUP2
0000007f: SWAP1
00000080: MSTORE
00000081: MUL
00000082: PUSH1 0x00
00000084: DUP1
00000085: MLOAD
00000086: PUSH1 0x20
00000088: PUSH2 0x0354
0000008b: DUP4
0000008c: CODECOPY
0000008d: DUP2
0000008e: MLOAD
0000008f: SWAP2
00000090: MSTORE
00000091: DUP2
00000092: ADD
00000093: SLOAD
00000094: PUSH32 0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5acf
000000b5: SWAP2
000000b6: SWAP1
000000b7: SWAP2
000000b8: ADD
000000b9: SLOAD
000000ba: PUSH1 0x01
000000bc: PUSH1 0xa0
000000be: PUSH1 0x02
000000c0: EXP
000000c1: SUB
000000c2: SWAP2
000000c3: SWAP1
000000c4: SWAP2
000000c5: AND
000000c6: SWAP1
000000c7: DUP3
000000c8: JUMP
000000c9: JUMPDEST
000000ca: STOP
000000cb: JUMPDEST
000000cc: PUSH2 0x013f
000000cf: CALLVALUE
000000d0: CALLER
000000d1: JUMPDEST
000000d2: PUSH1 0x02
000000d4: DUP1
000000d5: SLOAD
000000d6: PUSH1 0x01
000000d8: DUP2
000000d9: ADD
000000da: DUP1
000000db: DUP4
000000dc: SSTORE
000000dd: SWAP1
000000de: SWAP2
000000df: DUP2
000000e0: DUP4
000000e1: DUP1
000000e2: ISZERO
000000e3: DUP3
000000e4: SWAP1
000000e5: GT
000000e6: PUSH2 0x02ce
000000e9: JUMPI
000000ea: PUSH1 0x00
000000ec: DUP4
000000ed: SWAP1
000000ee: MSTORE
000000ef: PUSH2 0x02ce
000000f2: SWAP1
000000f3: DUP4
000000f4: MUL
000000f5: PUSH1 0x00
000000f7: DUP1
000000f8: MLOAD
000000f9: PUSH1 0x20
000000fb: PUSH2 0x0354
000000fe: DUP4
000000ff: CODECOPY
00000100: DUP2
00000101: MLOAD
00000102: SWAP2
00000103: MSTORE
00000104: SWAP1
00000105: DUP2
00000106: ADD
00000107: SWAP1
00000108: DUP4
00000109: DUP6
0000010a: MUL
0000010b: ADD
0000010c: JUMPDEST
0000010d: DUP1
0000010e: DUP3
0000010f: GT
00000110: ISZERO
00000111: PUSH2 0x0350
00000114: JUMPI
00000115: DUP1
00000116: SLOAD
00000117: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000012c: NOT
0000012d: AND
0000012e: DUP2
0000012f: SSTORE
00000130: PUSH1 0x00
00000132: PUSH1 0x01
00000134: SWAP2
00000135: SWAP1
00000136: SWAP2
00000137: ADD
00000138: SWAP1
00000139: DUP2
0000013a: SSTORE
0000013b: PUSH2 0x010c
0000013e: JUMP
0000013f: JUMPDEST
00000140: PUSH1 0x00
00000142: DUP1
00000143: SLOAD
00000144: PUSH1 0x32
00000146: CALLVALUE
00000147: DIV
00000148: ADD
00000149: SWAP1
0000014a: DUP2
0000014b: SWAP1
0000014c: SSTORE
0000014d: PUSH8 0x016345785d8a0000
00000156: SWAP1
00000157: GT
00000158: ISZERO
00000159: PUSH2 0x018d
0000015c: JUMPI
0000015d: PUSH1 0x01
0000015f: SLOAD
00000160: PUSH2 0x017b
00000163: SWAP1
00000164: PUSH8 0x016345785d8a0000
0000016d: SWAP1
0000016e: PUSH1 0x01
00000170: PUSH1 0xa0
00000172: PUSH1 0x02
00000174: EXP
00000175: SUB
00000176: AND
00000177: PUSH2 0x00d1
0000017a: JUMP
0000017b: JUMPDEST
0000017c: PUSH1 0x00
0000017e: DUP1
0000017f: SLOAD
00000180: PUSH8 0x016345785d89ffff
00000189: NOT
0000018a: ADD
0000018b: SWAP1
0000018c: SSTORE
0000018d: JUMPDEST
0000018e: PUSH1 0x03
00000190: SLOAD
00000191: PUSH1 0x02
00000193: DUP1
00000194: SLOAD
00000195: ADDRESS
00000196: PUSH1 0x01
00000198: PUSH1 0xa0
0000019a: PUSH1 0x02
0000019c: EXP
0000019d: SUB
0000019e: AND
0000019f: BALANCE
000001a0: SWAP3
000001a1: SWAP1
000001a2: DUP2
000001a3: LT
000001a4: ISZERO
000001a5: PUSH2 0x0002
000001a8: JUMPI
000001a9: PUSH1 0x00
000001ab: DUP3
000001ac: SWAP1
000001ad: MSTORE
000001ae: DUP2
000001af: MUL
000001b0: PUSH32 0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5acf
000001d1: ADD
000001d2: SLOAD
000001d3: MUL
000001d4: LT
000001d5: ISZERO
000001d6: PUSH2 0x0293
000001d9: JUMPI
000001da: PUSH1 0x40
000001dc: DUP1
000001dd: MLOAD
000001de: TIMESTAMP
000001df: DUP2
000001e0: MSTORE
000001e1: SWAP1
000001e2: MLOAD
000001e3: SWAP1
000001e4: DUP2
000001e5: SWAP1
000001e6: SUB
000001e7: PUSH1 0x20
000001e9: ADD
000001ea: SWAP1
000001eb: KECCAK256
000001ec: GAS
000001ed: PUSH1 0x40
000001ef: DUP1
000001f0: MLOAD
000001f1: SWAP2
000001f2: DUP3
000001f3: MSTORE
000001f4: MLOAD
000001f5: SWAP1
000001f6: DUP2
000001f7: SWAP1
000001f8: SUB
000001f9: PUSH1 0x20
000001fb: ADD
000001fc: SWAP1
000001fd: KECCAK256
000001fe: ADD
000001ff: SWAP1
00000200: POP
00000201: PUSH1 0x02
00000203: DUP2
00000204: MOD
00000205: PUSH1 0x00
00000207: EQ
00000208: ISZERO
00000209: PUSH2 0x0289
0000020c: JUMPI
0000020d: PUSH1 0x03
0000020f: SLOAD
00000210: PUSH1 0x02
00000212: DUP1
00000213: SLOAD
00000214: SWAP1
00000215: SWAP2
00000216: SWAP1
00000217: DUP2
00000218: LT
00000219: ISZERO
0000021a: PUSH2 0x0002
0000021d: JUMPI
0000021e: PUSH1 0x00
00000220: DUP3
00000221: DUP2
00000222: MSTORE
00000223: SWAP2
00000224: MUL
00000225: PUSH1 0x00
00000227: DUP1
00000228: MLOAD
00000229: PUSH1 0x20
0000022b: PUSH2 0x0354
0000022e: DUP4
0000022f: CODECOPY
00000230: DUP2
00000231: MLOAD
00000232: SWAP2
00000233: MSTORE
00000234: ADD
00000235: SWAP1
00000236: POP
00000237: PUSH1 0x03
00000239: SLOAD
0000023a: SWAP1
0000023b: SLOAD
0000023c: PUSH1 0x02
0000023e: DUP1
0000023f: SLOAD
00000240: PUSH1 0x01
00000242: PUSH1 0xa0
00000244: PUSH1 0x02
00000246: EXP
00000247: SUB
00000248: SWAP3
00000249: SWAP1
0000024a: SWAP3
0000024b: AND
0000024c: SWAP3
0000024d: PUSH1 0x00
0000024f: SWAP3
00000250: DUP2
00000251: LT
00000252: ISZERO
00000253: PUSH2 0x0002
00000256: JUMPI
00000257: DUP2
00000258: DUP4
00000259: MSTORE
0000025a: MUL
0000025b: PUSH1 0x00
0000025d: DUP1
0000025e: MLOAD
0000025f: PUSH1 0x20
00000261: PUSH2 0x0354
00000264: DUP4
00000265: CODECOPY
00000266: DUP2
00000267: MLOAD
00000268: SWAP2
00000269: MSTORE
0000026a: ADD
0000026b: DUP2
0000026c: POP
0000026d: PUSH1 0x01
0000026f: ADD
00000270: SLOAD
00000271: PUSH1 0x40
00000273: MLOAD
00000274: PUSH1 0x02
00000276: SWAP2
00000277: SWAP1
00000278: SWAP2
00000279: MUL
0000027a: SWAP1
0000027b: PUSH1 0x00
0000027d: DUP2
0000027e: DUP2
0000027f: DUP2
00000280: DUP6
00000281: DUP9
00000282: DUP9
00000283: CALL
00000284: POP
00000285: POP
00000286: POP
00000287: POP
00000288: POP
00000289: JUMPDEST
0000028a: PUSH1 0x03
0000028c: DUP1
0000028d: SLOAD
0000028e: PUSH1 0x01
00000290: ADD
00000291: SWAP1
00000292: SSTORE
00000293: JUMPDEST
00000294: POP
00000295: JUMP
00000296: JUMPDEST
00000297: PUSH1 0x40
00000299: DUP1
0000029a: MLOAD
0000029b: SWAP2
0000029c: DUP3
0000029d: MSTORE
0000029e: MLOAD
0000029f: SWAP1
000002a0: DUP2
000002a1: SWAP1
000002a2: SUB
000002a3: PUSH1 0x20
000002a5: ADD
000002a6: SWAP1
000002a7: RETURN
000002a8: JUMPDEST
000002a9: PUSH1 0x40
000002ab: MLOAD
000002ac: DUP1
000002ad: DUP4
000002ae: PUSH1 0x01
000002b0: PUSH1 0xa0
000002b2: PUSH1 0x02
000002b4: EXP
000002b5: SUB
000002b6: AND
000002b7: DUP2
000002b8: MSTORE
000002b9: PUSH1 0x20
000002bb: ADD
000002bc: DUP3
000002bd: DUP2
000002be: MSTORE
000002bf: PUSH1 0x20
000002c1: ADD
000002c2: SWAP3
000002c3: POP
000002c4: POP
000002c5: POP
000002c6: PUSH1 0x40
000002c8: MLOAD
000002c9: DUP1
000002ca: SWAP2
000002cb: SUB
000002cc: SWAP1
000002cd: RETURN
000002ce: JUMPDEST
000002cf: POP
000002d0: POP
000002d1: POP
000002d2: POP
000002d3: DUP2
000002d4: PUSH1 0x02
000002d6: PUSH1 0x00
000002d8: POP
000002d9: DUP3
000002da: DUP2
000002db: SLOAD
000002dc: DUP2
000002dd: LT
000002de: ISZERO
000002df: PUSH2 0x0002
000002e2: JUMPI
000002e3: PUSH1 0x00
000002e5: DUP3
000002e6: SWAP1
000002e7: MSTORE
000002e8: DUP2
000002e9: MUL
000002ea: PUSH1 0x00
000002ec: DUP1
000002ed: MLOAD
000002ee: PUSH1 0x20
000002f0: PUSH2 0x0354
000002f3: DUP4
000002f4: CODECOPY
000002f5: DUP2
000002f6: MLOAD
000002f7: SWAP2
000002f8: MSTORE
000002f9: ADD
000002fa: DUP1
000002fb: SLOAD
000002fc: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000311: NOT
00000312: AND
00000313: SWAP3
00000314: SWAP1
00000315: SWAP3
00000316: OR
00000317: SWAP1
00000318: SWAP2
00000319: SSTORE
0000031a: DUP1
0000031b: SLOAD
0000031c: DUP5
0000031d: SWAP2
0000031e: SWAP1
0000031f: DUP4
00000320: SWAP1
00000321: DUP2
00000322: LT
00000323: ISZERO
00000324: PUSH2 0x0002
00000327: JUMPI
00000328: MUL
00000329: PUSH32 0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5acf
0000034a: ADD
0000034b: SSTORE
0000034c: POP
0000034d: POP
0000034e: POP
0000034f: JUMP
00000350: JUMPDEST
00000351: POP
00000352: SWAP1
00000353: JUMP
00000354: BLOCKHASH
00000355: JUMPI
00000356: DUP8
00000357: STATICCALL
00000358: SLT
00000359: UNKNOWN(0xA8)
0000035a: UNKNOWN(0x23)
0000035b: UNKNOWN(0xE0)
0000035c: CALLCODE
0000035d: UNKNOWN(0xB7)
0000035e: PUSH4 0x1cc41b3b
00000363: UNKNOWN(0xA8)
00000364: DUP3
00000365: DUP12
00000366: CALLER
00000367: UNKNOWN(0x21)
00000368: UNKNOWN(0xCA)
00000369: DUP2
0000036a: GT
0000036b: GT
0000036c: STATICCALL
0000036d: PUSH22
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xbef0d52dd0d20cd271e4007bf4d5dd73dbb84da69bbb26b60fd276dcd7c7617d
call_targets: 0x3d5894b6801221bf296a2ac2d6ccf5ea09ce399a
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xbef0d52dd0d20cd271e4007bf4d5dd73dbb84da69bbb26b60fd276dcd7c7617d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3d5894b6801221bf296a2ac2d6ccf5ea09ce399a"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x774ca7f2",
            "selector": "0x774ca7f2",
            "calldata_variants": [
                "0x774ca7f2",
                "0x774ca7f20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x992c15fc",
            "selector": "0x992c15fc",
            "calldata_variants": [
                "0x992c15fc",
                "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc1e77c4a",
            "selector": "0xc1e77c4a",
            "calldata_variants": [
                "0xc1e77c4a",
                "0xc1e77c4a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 643,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 860,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xbef0d52dd0d20cd271e4007bf4d5dd73dbb84da69bbb26b60fd276dcd7c7617d
call_targets: 0x3d5894b6801221bf296a2ac2d6ccf5ea09ce399a
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xbef0d52dd0d20cd271e4007bf4d5dd73dbb84da69bbb26b60fd276dcd7c7617d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3d5894b6801221bf296a2ac2d6ccf5ea09ce399a"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x774ca7f2",
            "selector": "0x774ca7f2",
            "calldata_variants": [
                "0x774ca7f2",
                "0x774ca7f20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x992c15fc",
            "selector": "0x992c15fc",
            "calldata_variants": [
                "0x992c15fc",
                "0x992c15fc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc1e77c4a",
            "selector": "0xc1e77c4a",
            "calldata_variants": [
                "0xc1e77c4a",
                "0xc1e77c4a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 643,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 860,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}